cjoint

Publicité

Cliquez pour partager vos propres fichiers

Publicité

Format du document : text/plain

Prévisualisation



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Google Chrome - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. - Google Chrome Installer.) -- C:\Program Files\Google\Chrome\Application\58.0.3029.96\Installer\chrmstp.exe
~ Active Setup: 10 Legitimates Filtered in 00mn 00s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (aswbidsdriver) . (.AVAST Software s.r.o. - IDS Application Activity Monitor Driver..) - C:\Windows\system32\drivers\aswbidsdriverx.sys
O41 - Driver: (aswKbd) . (.AVAST Software - Avast Keyboard Filter Driver.) - C:\Windows\system32\drivers\aswKbd.sys
O41 - Driver: (aswRdr) . (.AVAST Software - Avast WFP Redirect Driver.) - C:\Windows\system32\drivers\aswRdr2.sys
O41 - Driver: (aswSnx) . (.AVAST Software - Avast Virtualization Driver.) - C:\Windows\system32\drivers\aswSnx.sys
O41 - Driver: (aswSP) . (.AVAST Software - Avast self protection module.) - C:\Windows\system32\drivers\aswSP.sys
~ Drivers: 56 Legitimates Filtered in 00mn 01s



---\\ Logiciels installés (O42)
O42 - Logiciel: Ares Mod - (.Onekit.) [HKLM] -- Ares Mod
O42 - Logiciel: Ditto - (.Scott Brogden.) [HKLM] -- Ditto_is1
O42 - Logiciel: Free Editor - (.Blue Labs, LLC.) [HKLM] -- {1BF14E04-85DE-480C-9A04-EB36744C66B4}_is1
O42 - Logiciel: Modifier PDF V2.4 - (.http://www.ModifierPDF.net.) [HKLM] -- Modifier PDF_is1
O42 - Logiciel: SafeZone Stable 3.55.2393.590 - (.Avast Software.) [HKLM] -- SafeZone 3.55.2393.590
O42 - Logiciel: ScanMaster-ELM 1.4.0.0 DEMO - (.WGSoft.de.) [HKLM] -- ScanMaster-ELM DEMO_is1
O42 - Logiciel: SpyHunter - (.Enigma Software Group USA, LLC.) [HKLM] -- {220FB035-4744-483A-9A0B-41DF77061583} =>Crapware.SpyHunter
O42 - Logiciel: Total Recorder 7.1 - (...) [HKLM] -- TotalRecorder
O42 - Logiciel: WebPlayerV2 - (.Kreapixel.) [HKLM] -- {7D41BC10-F03E-41EB-8E2D-B7006948332F} =>Adware.SocialSkinz
O42 - Logiciel: Webplayer - (.Kreapixel.) [HKLM] -- {F750DB0E-D452-3108-63C9-FE16BC686741} =>Adware.SocialSkinz
~ Logic: 172 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ares Mod]
[HKCU\Software\CarPort]
[HKCU\Software\Cosi Productions]
[HKCU\Software\Ditto]
[HKCU\Software\JG]
[HKCU\Software\KowMedia]
[HKCU\Software\ProtectedStorage]
[HKCU\Software\Rocket Browser]
[HKCU\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\VNT]
[HKLM\Software\ASK]
[HKLM\Software\DRWNewFree]
[HKLM\Software\JBS]
[HKLM\Software\OfficialVideoConverter]
[HKLM\Software\Partner]
[HKLM\Software\WafCX]
[HKLM\Software\ds]
[HKLM\Software\jumpshot.com]
~ Key Software: 299 Legitimates Filtered in 00mn 02s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/05/2013 - 19:09:55 - [0,001] ----D C:\Program Files\AGV Supertool
O43 - CFD: 11/05/2013 - 16:20:42 - [57,780] ----D C:\Program Files\CarPort
O43 - CFD: 29/01/2012 - 00:47:12 - [3,703] ----D C:\Program Files\DealBulldog Toolbar Toolbar =>Adware.SocialSkinz
O43 - CFD: 11/01/2016 - 19:28:54 - [36,541] ---AD C:\Program Files\Ditto
O43 - CFD: 23/04/2012 - 13:17:38 - [0,150] ----D C:\Program Files\Full Uninstall
O43 - CFD: 27/02/2016 - 21:35:51 - [123,710] ----D C:\Program Files\KowMedia
O43 - CFD: 11/11/2014 - 08:51:58 - [0] ----D C:\Program Files\Les Logiciels Alchimie
O43 - CFD: 20/10/2016 - 22:47:09 - [0,071] ----D C:\Program Files\Multi horse racing web browser
O43 - CFD: 09/07/2014 - 14:25:55 - [0] ----D C:\Program Files\NetCrawl
O43 - CFD: 11/05/2013 - 19:10:37 - [0,000] ----D C:\Program Files\OBD-DIAG
O43 - CFD: 06/04/2011 - 17:08:18 - [79,365] ----D C:\Program Files\OfficialVideoConverter
O43 - CFD: 19/01/2014 - 08:24:35 - [0] ----D C:\Program Files\predm
O43 - CFD: 19/01/2013 - 19:35:09 - [18,296] ----D C:\Program Files\studioturf
O43 - CFD: 25/02/2014 - 20:00:29 - [0,001] ----D C:\Program Files\Uninstaller
O43 - CFD: 06/10/2014 - 12:32:43 - [0] ----D C:\Program Files\VNT
O43 - CFD: 18/01/2014 - 19:55:34 - [0,632] ---AD C:\Program Files\Webplayer
O43 - CFD: 05/05/2012 - 11:22:45 - [11,019] ----D C:\Program Files\WGSoft
O43 - CFD: 16/07/2016 - 10:29:57 - [3,485] ----D C:\Program Files\WindowsPowerShell
O43 - CFD: 03/12/2015 - 22:09:58 - [0,917] ----D C:\Program Files\Common Files\AV
O43 - CFD: 13/05/2017 - 16:33:46 - [0] ----D C:\ProgramData\APN
O43 - CFD: 16/07/2016 - 10:29:57 - [0] ----D C:\ProgramData\Comms
O43 - CFD: 21/03/2016 - 23:41:38 - [0,002] ----D C:\ProgramData\downloads
O43 - CFD: 12/11/2014 - 10:24:06 - [0,132] ----D C:\ProgramData\e49be7d88b3a5f71
O43 - CFD: 17/11/2014 - 11:02:50 - [2,008] ----D C:\ProgramData\InstallMate
O43 - CFD: 25/02/2014 - 19:57:53 - [0,003] ----D C:\ProgramData\surf annd Keep
O43 - CFD: 17/11/2014 - 11:01:46 - [0] ----D C:\ProgramData\Updater =>PUP.CrossRider
O43 - CFD: 30/09/2016 - 20:42:39 - [0,007] ----D C:\ProgramData\USOPrivate
O43 - CFD: 22/05/2016 - 15:49:18 - [0,595] ----D C:\Users\joel\AppData\Roaming\Ditto
O43 - CFD: 19/10/2016 - 21:17:22 - [0] ----D C:\Users\joel\AppData\Roaming\HMYGSetting
O43 - CFD: 11/05/2013 - 16:24:13 - [0,000] ----D C:\Users\joel\AppData\Roaming\MPP-Engineering
O43 - CFD: 02/11/2011 - 08:58:42 - [0,001] ----D C:\Users\joel\AppData\Roaming\Pronostats
O43 - CFD: 18/01/2014 - 19:55:51 - [0,000] ----D C:\Users\joel\AppData\Roaming\Webplayer
O43 - CFD: 13/11/2014 - 05:28:14 - [0,000] ----D C:\Users\joel\AppData\Roaming\wp_update
O43 - CFD: 17/05/2016 - 12:47:59 - [0] ----D C:\Users\joel\AppData\Local\ActiveSync
O43 - CFD: 13/01/2013 - 11:52:43 - [0,085] ----D C:\Users\joel\AppData\Local\Ares Mod
O43 - CFD: 28/09/2016 - 22:34:19 - [0] ----D C:\Users\joel\AppData\Local\CEF
O43 - CFD: 17/05/2016 - 13:08:43 - [20,211] ----D C:\Users\joel\AppData\Local\Comms
O43 - CFD: 06/10/2016 - 19:08:23 - [1,205] ----D C:\Users\joel\AppData\Local\ConnectedDevicesPlatform
O43 - CFD: 28/08/2015 - 22:03:37 - [0] -SH-D C:\Users\joel\AppData\Local\EmieBrowserModeList
O43 - CFD: 28/08/2015 - 22:03:36 - [0] -SH-D C:\Users\joel\AppData\Local\EmieSiteList
O43 - CFD: 28/08/2015 - 22:03:37 - [0] -SH-D C:\Users\joel\AppData\Local\EmieUserList
O43 - CFD: 25/02/2014 - 20:20:03 - [0] ----D C:\Users\joel\AppData\Local\genienext
O43 - CFD: 01/06/2015 - 09:08:53 - [0,000] ----D C:\Users\joel\AppData\Local\GWX
O43 - CFD: 23/10/2016 - 20:19:34 - [0,005] ----D C:\Users\joel\AppData\Local\HP_Development_Company,_L
O43 - CFD: 27/02/2016 - 21:36:26 - [15,463] ----D C:\Users\joel\AppData\Local\KowMedia
O43 - CFD: 11/05/2013 - 16:24:06 - [0,014] ----D C:\Users\joel\AppData\Local\MPP-Engineering
O43 - CFD: 17/05/2016 - 12:50:31 - [0] ----D C:\Users\joel\AppData\Local\NetworkTiles
O43 - CFD: 17/11/2014 - 11:02:46 - [0] ----D C:\Users\joel\AppData\Local\ShieldPlus
O43 - CFD: 13/05/2017 - 16:34:30 - [0,145] ----D C:\Users\joel\AppData\Local\VNT
O43 - CFD: 02/12/2014 - 04:42:46 - [0,001] ----D C:\Users\joel\AppData\Local\?
O43 - CFD: 30/09/2016 - 19:43:54 - [0,001] ----D C:\Users\joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares Mod
O43 - CFD: 30/09/2016 - 19:43:54 - [0,002] ----D C:\Users\joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarPort
O43 - CFD: 30/09/2016 - 19:43:55 - [0,005] ----D C:\Users\joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
O43 - CFD: 12/11/2014 - 11:11:18 - [0] ----D C:\Users\joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SYNTHPRONOP
~ 2848 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 3595 Legitimates Filtered in 05mn 31s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.A3145666F5CD85ED23A47546AA47AA0D] - 14/05/2017 - 09:01:15 ---A- . (...) -- C:\Windows\System32\DOErrors.log [173]
O44 - LFC:[MD5.FF69267A88A54A223B4357C41930449C] - 11/05/2017 - 22:11:50 ---A- . (...) -- C:\Windows\System32\OEMDefaultAssociations.xml [15462]
O44 - LFC:[MD5.DFFAFA40198800BA2933977F67B956C2] - 11/05/2017 - 22:10:43 ---A- . (...) -- C:\Windows\System32\C_932.NLS [162850]
O44 - LFC:[MD5.5555C373D54247D83EE95A3C9D4CA0B5] - 11/05/2017 - 22:09:51 ---A- . (...) -- C:\Windows\System32\weretw.dll [185368]
O44 - LFC:[MD5.B515D961589629CDE0085812A3A8E7BC] - 11/05/2017 - 22:09:20 ---A- . (...) -- C:\Windows\System32\wc_storage.dll [228864]
O44 - LFC:[MD5.34AF32B9340FC77717E627BC2EDD8566] - 11/05/2017 - 22:09:19 ---A- . (...) -- C:\Windows\System32\CoreUIComponents.dll [2048496]
O44 - LFC:[MD5.EFFEEBE2EB69CD0A5C56EE32533AAF22] - 11/05/2017 - 22:08:37 ---A- . (...) -- C:\Windows\System32\EditionUpgradeHelper.dll [157696]
O44 - LFC:[MD5.156276A25DDD4B3B3B3A5242A2D4E403] - 11/05/2017 - 22:08:31 ---A- . (...) -- C:\Windows\System32\msinfo32.exe [336896]
O44 - LFC:[MD5.A037E9DDCDF4FD67F92D6D299B57D52A] - 11/05/2017 - 22:08:29 ---A- . (...) -- C:\Windows\System32\efsext.dll [31232]
O44 - LFC:[MD5.267B865E69E89A8A1359FF5A965D64D9] - 11/05/2017 - 22:06:50 ---A- . (...) -- C:\Windows\System32\ApnDatabase.xml [435095]
O44 - LFC:[MD5.0C0E8911765083183F7B261C8B481B14] - 11/05/2017 - 22:05:53 ---A- . (...) -- C:\Windows\System32\Windows.Perception.Stub.dll [265728]
O44 - LFC:[MD5.E00D5D9B2D50A7F8082D38798D9EA711] - 11/05/2017 - 22:05:48 ---A- . (.Windows (R) Win 7 DDK provider - DSC.) -- C:\Windows\System32\DscCoreConfProv.dll [141824]
O44 - LFC:[MD5.B567734B878BE0419AF0C3A0388BB20F] - 11/05/2017 - 22:05:16 ---A- . (...) -- C:\Windows\System32\chartv.dll [109056]
O44 - LFC:[MD5.1444550939495ED0F78AE162BB786DA5] - 09/05/2017 - 15:37:58 ---A- . (...) -- C:\Windows\System32\Drivers\mbae.sys [59904]
~ Files: 959 Legitimates Filtered in 01mn 20s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Security Packages . (...) -- C:\Windows\System32\livessp.dll
~ LSA: 9 Legitimates Filtered in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\Ahcache.sys . (.Microsoft Corporation - Application Compatibility Cache.) -- C:\Windows\System32\Drivers\Ahcache.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\iai2c.sys . (.Intel(R) Corporation - Intel(R) Serial IO I2C Driver.) -- C:\Windows\System32\Drivers\iai2c.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\iaioi2c.sys . (.Intel Corporation - Intel(R) Atom(TM) Processor I2C Controller Driver.) -- C:\Windows\System32\Drivers\iaioi2c.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\SpbCx.sys . (.Microsoft Corporation - SPB Class Extension.) -- C:\Windows\System32\Drivers\SpbCx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\uefi.sys . (.Microsoft Corporation - UEFI Driver for NT.) -- C:\Windows\System32\Drivers\uefi.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\Ahcache.sys . (.Microsoft Corporation - Application Compatibility Cache.) -- C:\Windows\System32\Drivers\Ahcache.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\SpbCx.sys . (.Microsoft Corporation - SPB Class Extension.) -- C:\Windows\System32\Drivers\SpbCx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\uefi.sys . (.Microsoft Corporation - UEFI Driver for NT.) -- C:\Windows\System32\Drivers\uefi.sys
~ CSB: 25 Legitimates Filtered in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\APLangApp [Key] . (...) -- C:\Program Files\AnyPC Client\APLangApp.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\BitTorrent Sync [Key] . (...) -- C:\Program Files\BitTorrent Sync\BTSync.exe (.not file.) =>P2P.BitTorrent
O53 - SMSR:HKLM\...\startupreg\Cobian Backup 11 interface [Key] . (.Luis Cobian, CobianSoft - Cobian backup 11 Gravity - Interface.) -- C:\Program Files\Cobian Backup 11\cbInterface.exe
O53 - SMSR:HKLM\...\startupreg\Ditto [Key] . (.Pas de propriétaire - Ditto.) -- C:\Program Files\Ditto\Ditto.exe
O53 - SMSR:HKLM\...\startupreg\Le pronostic parfait [Key] . (...) -- C:\Users\joel\Downloads\Le pronostic parfait.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Optimizer Pro [Key] . (...) -- C:\Program Files\Optimizer Pro\OptProLauncher.exe (.not file.) =>PUP.OptimizerPro
O53 - SMSR:HKLM\...\startupreg\Updater [Key] . (...) -- C:\ProgramData\Updater\Updater.exe (.not file.) =>PUP.CrossRider
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (...) -- C:\Users\joel\AppData\Roaming\uTorrent\uTorrent.exe (.not file.) =>P2P.µTorrent
~ SMSR Keys: 71 Legitimates Filtered in 00mn 01s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "DSCAutomationHostEnabled"=2
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.8E2E9CCD873ABF180F48BCAEEEBE347D] - 13/05/2017 - 06:05:26 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Windows\System32\Drivers\37C3307A.sys [114904]
O58 - SDL:[MD5.093CEE3B45F0954DCE6CB891F6A920F7] - 07/03/2013 - 09:49:20 ---A- . (...) -- C:\Windows\System32\epmntdrv.sys [14920]
~ Drivers: Scanned in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {2E00D31D-D171-423D-836D-1A4D7EA7F1A9} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - (Microsoft (Bing)) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {7CD80A8A-F568-4A31-8979-A134F8718531} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][17/08/2009] (...) -- C:\ProgramData\FullRemove.exe [131368]
[MD5.86360A8A827007194FDC4B62D7E1DE59] [SPRF][30/03/2016] (...) -- C:\Users\joel\AppData\Roaming\pdfdrawcodec.dll [43]
[MD5.287ACEBE10FE008C96FBFE4C6D548BC3] [SPRF][12/06/2014] (...) -- C:\Users\joel\AppData\Roaming\wklnhst.dat [1368]
[MD5.C2EA7A5A768E795CE0F86F7CEAABA331] [SPRF][14/01/2012] (.Iminent - IMinent bootstrapper.) -- C:\Users\joel\Desktop\Bootstrapper_0-uvdhqmaP_.exe [1929192] =>Adware.IMBooster
~ Files: Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{7087822E-EB17-417E-89F7-DD81526412CE}D:\ares mod\aresmod.exe" | In - Private - P6 - TRUE | .(.Ares Development Group - Ares Mod for windows.) -- D:\ares mod\aresmod.exe
O87 - FAEL: "UDP Query User{5E477C5A-0D04-4CD2-8089-91DB7BFF8862}D:\ares mod\aresmod.exe" | In - Private - P17 - TRUE | .(.Ares Development Group - Ares Mod for windows.) -- D:\ares mod\aresmod.exe
O87 - FAEL: "TCP Query User{0F07BDA4-C0FE-46E1-B495-AA580960E29A}C:\program files\ditto\ditto.exe" | In - Private - P6 - TRUE | .(.Pas de propriétaire - Ditto.) -- C:\program files\ditto\ditto.exe
O87 - FAEL: "UDP Query User{557DCB1D-5277-4F77-A9C5-957C96923CFE}C:\program files\ditto\ditto.exe" | In - Private - P17 - TRUE | .(.Pas de propriétaire - Ditto.) -- C:\program files\ditto\ditto.exe
O87 - FAEL: "TCP Query User{F8178C13-45B5-4558-BBFC-065C2D4737DD}C:\program files\ditto\ditto.exe" | In - Public - P6 - TRUE | .(.Pas de propriétaire - Ditto.) -- C:\program files\ditto\ditto.exe
O87 - FAEL: "UDP Query User{E2DC4D6F-A8C1-4F34-9B61-313575923BCC}C:\program files\ditto\ditto.exe" | In - Public - P17 - TRUE | .(.Pas de propriétaire - Ditto.) -- C:\program files\ditto\ditto.exe
O87 - FAEL: "{B5330E44-477E-4984-A751-DDE8641B8DE1}" | In - None - P17 - TRUE | .(...) -- C:\Program Files\KowMedia\WahOO\WahOO.exe
O87 - FAEL: "{85097DA1-4D9C-4BCD-9DC8-D6799F2E4F95}" | In - None - P17 - TRUE | .(.Avast Software - Avast SafeZone Browser.) -- C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590_0\SZBrowser.exe
O87 - FAEL: "TCP Query User{625A2B19-F5B2-4951-9731-F2B5DCF73F92}C:\users\joel\appdata\local\temp\rar$ex01.047\chrome-bin\chrome.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\joel\appdata\local\temp\rar$ex01.047\chrome-bin\chrome.exe (.not file.)
O87 - FAEL: "UDP Query User{D40AD973-2F29-4E73-8BA6-78E68395CE6A}C:\users\joel\appdata\local\temp\rar$ex01.047\chrome-bin\chrome.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\joel\appdata\local\temp\rar$ex01.047\chrome-bin\chrome.exe (.not file.)
~ Firewall: 298 Legitimates Filtered in 00mn 03s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "4135AF478C58A2E409D79DCECC7B077A" . (.Smart Switch.) -- C:\WINDOWS\Installer\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}\ARPPRODUCTICON.exe
O90 - PUC: "C9D1B9B29EC49204A99527DFD1810C4C" . (.e-Carte Bleue Banque Populaire.) -- C:\WINDOWS\Installer\{2B9B1D9C-4CE9-4029-9A59-72FD1D18C0C4}\ARPPRODUCTICON.exe
O90 - PUC: "D254D4347365A600677A7A857BC07000" . (.Ask Toolbar.) -- C:\windows\Installer\{434D452D-5637-006A-76A7-A758B70C0700}\ToolbarIcon.exe =>Toolbar.Ask
~ Update Products: 111 Legitimates Filtered in 00mn 00s



---\\ MyComputer Name Space (O92)
O92 - MNS: - {088e3905-0323-4b02-9826-5d99428e115f}
O92 - MNS: - {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 - MNS: - {24ad3ad4-a569-4530-98e1-ab02f9417aa8}
O92 - MNS: - {374DE290-123F-4565-9164-39C4925E467B}
O92 - MNS: - {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 - MNS: - {3dfdf296-dbec-4fb4-81d1-6a3438bcf4de}
O92 - MNS: - {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 - MNS: - {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 - MNS: - {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
O92 - MNS: - {d3162b92-9365-467a-956b-92703aca08af}
O92 - MNS: - {f86fa3ab-70d2-4fc7-9c99-fcbf05467f3a}
~ MNS: 11 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 25/04/2012 3065120 | (a2AntiMalware) . (.Emsisoft GmbH.) - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
SR - | Auto 25/04/2017 83056 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 09/05/2017 271864 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 05/08/2016 67384 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SS - | Demand 0 | (aswbIDSAgent) . (...) - C:\Program Files\Alwil Software\Avast5\aswidsagent.exe
SR - | Auto 26/09/2016 197128 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 05/12/2012 67584 | (cbVSCService11) . (.CobianSoft, Luis Cobian.) - C:\Program Files\Cobian Backup 11\cbVSCService11.exe
SR - | Auto 05/12/2012 1131008 | (CobianBackup11) . (.Luis Cobian, CobianSoft.) - C:\Program Files\Cobian Backup 11\cbService.exe
SR - | Auto 09/09/2010 95568 | (dgdersvc) . (.Devguru Co., Ltd..) - C:\windows\system32\dgdersvc.exe
SR - | Auto 09/09/2010 217088 | (FsUsbExService) . (.Teruten.) - C:\windows\system32\FsUsbExService.exe
SS - | Auto 10/10/2015 144200 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 10/10/2015 144200 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 05/12/2009 182768 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 07/04/2017 33640 | (HPSupportSolutionsFrameworkService) . (.HP Inc..) - C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
SR - | Demand 09/09/2016 548152 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 15/10/2014 2117448 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 09/05/2017 3398608 | (MBAMService) . (.Malwarebytes.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
SR - | Auto 26/03/2013 196624 | (NitroReaderDriverReadSpool3) . (.Nitro PDF Software.) - C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
SS - | Demand 11/06/2012 724376 | (ServiceLayer) . (.Nokia.) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 05/04/2017 317400 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 16/01/2017 752224 | (ss_conn_service) . (.DEVGURU Co., LTD..) - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
SR - | Auto 09/08/2016 415232 | (WsAppService) . (.Wondershare.) - C:\Program Files\Wondershare\WAF\2.3.0.5\WsAppService.exe
SR - | Demand 16/07/2016 38792 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : v2.12805 - (26/07/2013)
Clés trouvées (Keys found) : 73
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 5

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APT:Automatic Planified Task - C:\Windows\Tasks\iMeshNAG.job [288]] =>PUP.iMesh^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{220FB035-4744-483A-9A0B-41DF77061583}] =>Crapware.SpyHunter^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7D41BC10-F03E-41EB-8E2D-B7006948332F}] =>Adware.SocialSkinz^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F750DB0E-D452-3108-63C9-FE16BC686741}] =>Adware.SocialSkinz^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Optimizer Pro] =>PUP.OptimizerPro^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Updater] =>PUP.CrossRider^
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =>Adware.IMBooster
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}] =>Toolbar.Babylon
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =>PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =>PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Adware.Yontoo
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =>PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =>PUP.RewardsArcade
[HKLM\Software\Classes\f] =>PUP.Funmoods
[HKLM\Software\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =>Adware.IMBooster
[HKLM\Software\Classes\AppID\secman.DLL] =>Toolbar.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\DD88652BF1EEEB64B992F3561AF84F13] =>PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent
[HKCU\Software\Classes\MF] =>PUP.MediaFinder
[HKLM\Software\OfficialVideoConverter] =>PUP.OfficialVideoConverter
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4DD1AF59-5121-421F-B92D-EEBF3F20345A}] =>PUP.OfficialVideoConverter
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
C:\Program Files\DealBulldog Toolbar Toolbar =>Adware.SocialSkinz^
C:\ProgramData\Updater =>PUP.CrossRider^
C:\Users\joel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
C:\ProgramData\InstallMate =>Toolbar.Agent
C:\Users\joel\AppData\Local\Software =>Adware.Boxore
C:\Windows\Tasks\iMeshNAG.job =>PUP.iMesh^
[HKCU\Software\Smartbar] =>Hijacker.SmartBar^
C:\Users\joel\Desktop\Bootstrapper_0-uvdhqmaP_.exe =>Adware.IMBooster^
C:\windows\Installer\{434D452D-5637-006A-76A7-A758B70C0700}\ToolbarIcon.exe =>Toolbar.Ask^
~ Additionnel Scan: 446584 Items scanned in 00mn 49s



---\\ Malicius Software Information
~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz
~ http://nicolascoolman.webs.com/apps/blog/show/28441146-pup-imesh =>PUP.iMesh
~ http://nicolascoolman.webs.com/apps/blog/show/26609241-crapware-spyhunter =>Crapware.SpyHunter
~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro =>PUP.OptimizerPro
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/28000037-pup-rewardsarcade =>PUP.RewardsArcade
~ http://nicolascoolman.webs.com/apps/blog/show/27636417-pup-whitesmoke =>PUP.WhiteSmoke
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits =>PUP.ToparcadeHits
~ http://nicolascoolman.webs.com/apps/blog/show/26811836-adware-yontoo =>Adware.Yontoo
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods
~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox =>PUP.OfferBox
~ http://nicolascoolman.webs.com/apps/blog/show/28445531-pup-mediafinder =>PUP.MediaFinder
~ http://nicolascoolman.webs.com/apps/blog/show/29286660-pup-officialvideoconverter =>PUP.OfficialVideoConverter
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ MSI: 18 link(s) detected in 00mn 49s



~ 5681 Legitimates filtered by white list
End of the scan (732 lines in 12mn 11s)(0)

Publicité

Signaler le contenu de ce document

Publicité