cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.5.1.49 - Nicolas Coolman (01/05/2014)
~ Lancé par francois (02/05/2014 17:49:51)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.17041
MFIE: Mozilla Firefox 28.0 (Defaut)
GCIE: Google Chrome v34.0.1847.131
OBIE: Safari v5.34.55.3

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v7.0.1474.0
McAfee Security Scan Plus v3.8.141.11
Spybot - Search & Destroy v1.6.2
Spyware Terminator 2012 v3.0.0.54
Sophos Anti-Rootkit 1.5.4 v1.5.4
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v4.13

---\\ Logiciels de partage PeerToPeer
µTorrent v3.1.3 =>P2P.µTorrent

---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader 9.5.4 - Français
Java 7 Update 55

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6143 MB (67% free)
System Restore: Désactivé (Disabled)
System drive C: has 514 GB (62%) free of 820 GB

---\\ Mode de connexion au système
~ Computer Name: FRANCOIS-PC
~ User Name: francois
~ All Users Names: HomeGroupUser$, francois, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\francois\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\francois\AppData\Roaming\
~ %Desktop% : C:\Users\francois\Desktop\
~ %Favorites% : C:\Users\francois\Favorites\
~ %LocalAppData% : C:\Users\francois\AppData\Local\
~ %StartMenu% : C:\Users\francois\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 514 Go of 820 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 14 Go)
E: CD-ROM drive (Free 0 Go of 8 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: CD-ROM drive (Not Inserted)
K: Hard drive, Flash drive, Thumb drive (Free 5 Go of 98 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/03/2014 - 07:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/111
~ Mes musiques (My Musics) : 1/332
~ Mes Videos (My Videos) : 1/55
~ Mes Favoris (My Favorites) : 1/291
~ Mes Documents (My Documents) : 1/1759
~ Mon Bureau (My Desktop) : 2/1889
~ Menu demarrer (Programs) : 1/93
~ Hidden Files: Scanned in 00mn 03s



---\\ Processus lancés
[MD5.30426544CDDC55B8B71DEB556722ECE3] - (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [210216] [PID.2340]
[MD5.536EFCE2544EBFD209EDED39CAA3901A] - (.CyberLink Corp. - HP DVDSmart Resident Program.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [128296] [PID.2352]
[MD5.AB329CA377E47901DDD0502507B474D8] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2777296] [PID.3812]
[MD5.25168861540EA6F3BAB5BF3059EC4BC6] - (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [3684488] [PID.4056]
[MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480] [PID.3352]
[MD5.4BB64C52326B2043B36FBBED40C925B2] - (.ACD Systems - acdID InTouch2.) -- C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe [1414984] [PID.3848]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2132]
[MD5.C1DB9BDF885C2F1ADC15264FBEA2788F] - (.Pas de propriétaire - HOSTS Anti-PUPs/Adwares.) -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961] [PID.3112]
[MD5.1C10F303117EC9139C3B8618A45EB33A] - (.D-Link Corp. - D-Link WLAN Application.) -- C:\Program Files (x86)\D-Link\DWA-131\wirelesscm.exe [582976] [PID.3980]
[MD5.8FC1CB51C7460DC994CA71CDD90F7F43] - (...) -- C:\Program Files (x86)\La Chaîne Météo\La Chaîne Météo.exe [142336] [PID.4176]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\RunDll32.exe [0] [PID.2136]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.6392]
[MD5.CBA0013EBDE3F0B08B043F61857E9809] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.3468]
[MD5.C54C8B8DAE3CC59CBAFF15FAC00084D7] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe [1864368] [PID.6744]
[MD5.C6FD6C175276637C5D6F6EA293137F5E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7867904] [PID.6408]
[MD5.8FA553E9AE69808D99C164733A0F9590] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808] [PID.1300]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1864]
[MD5.7D2633295EB6FF2B938185874884059D] - (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208] [PID.2516]
[MD5.E1095A89EB4BFCA2AB2F4E1F2BA56612] - (.Logitech Inc. - Logitech LVPrS64H Module..) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe [125464] [PID.2532]
[MD5.205E1B699FD3F2F9B036EEA2EC30C620] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [76888] [PID.2656]
[MD5.D827A50CEC8A16180EEC4F1951B7A842] - (.TeamViewer GmbH - TeamViewer Service.) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [172328] [PID.2812]
[MD5.A72345F9209C45232FCC380EB85DCEFC] - (.Pas de propriétaire - ToolManager.) -- C:\Program Files (x86)\ToolManager\ToolManager.exe [43024] [PID.2856]
[MD5.EFC34FE5F152999EA081192D9047D1C9] - (.TeamViewer GmbH - TeamViewer.) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe [5150504] [PID.2908]
[MD5.C71EE856C4F5B52E2D094F494CEE4936] - (.Pas de propriétaire - WlanSvc Application.) -- C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe [167936] [PID.1348]
[MD5.794D4B48DFB6E999537C7C3947863463] - (.Safer Networking Ltd. - Spybot-S&D Security Center integration.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368] [PID.2312]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\francois\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [boadgeojelhgndaghljhdicfkmllpafd] Google Cast v.14.402.0.5, (Activé)
G2 - GCE: Preference [User Data\Default] [cmgefjleafcfcabcmkommgcmkbcojbik] Nouvel Onglet v.2.1 (Activé) =>Adware.SearchYa
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)

---\\ Liste des dossiers d'extension Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 03s
~ Nombre de lignes (Lines number): 18165



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\QuickLaunch [francois]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 3 Legitimates Filtered in 00mn 04s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKLM\..\Run: [SmartMenu] . (.Pas de propriétaire - SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [SpywareTerminatorShield] . (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] . (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
O4 - HKLM\..\Run: [Logitech Download Assistant] . (.Logitech, Inc. - Logitech Download Assistant.) -- C:\Windows\System32\LogiLDA.dll
O4 - HKLM\..\Run: [EvtMgr6] . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Arovax AntiSpyware] . (.Arovax - Arovax AntiSpyware.) -- C:\Program Files (x86)\Arovax AntiSpyware\arovaxantispyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKLM\..\Wow6432Node\Run: [ACSW17EN] . (.ACD Systems - acdID InTouch2.) -- C:\Program Files (x86)\ACD Systems\ACDSee\17.0\acdIDInTouch2.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [HOSTS Anti-Adware_PUPs] . (.Pas de propriétaire - HOSTS Anti-PUPs/Adwares.) -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
O4 - HKUS\S-1-5-21-965097798-4093898242-3069599211-1000\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-965097798-4093898242-3069599211-1000\..\Run: [Arovax AntiSpyware] . (.Arovax - Arovax AntiSpyware.) -- C:\Program Files (x86)\Arovax AntiSpyware\arovaxantispyware.exe
O4 - HKUS\S-1-5-21-965097798-4093898242-3069599211-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
~ Application: Scanned in 00mn 00s



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: &Envoyer à OneNote - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: envoyer le texte sélectionné par sms - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: envoyer par sms - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: envoyer un mail - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: orange.fr - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: rechercher le texte sélectionné - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: traduire la page - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: traduire le texte sélectionné - (.not file.) - C:\Program Files (x86)\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
~ IE Menu Contextuel: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 [64Bits] - {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\Resources\Icons\HP.ico
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BA602BC-BD64-4F6D-B599-F4F8E21ABAF1}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{92CD4675-EBD4-42CF-8A38-EED3E130CCD5}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{5BA602BC-BD64-4F6D-B599-F4F8E21ABAF1}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{92CD4675-EBD4-42CF-8A38-EED3E130CCD5}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{5BA602BC-BD64-4F6D-B599-F4F8E21ABAF1}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{92CD4675-EBD4-42CF-8A38-EED3E130CCD5}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} . (.EldoS Corporation - CbFs Mount Notifier.) -- C:\Windows\system32\CbFsMntNtf3.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) [64Bits] - {5FF49FE8-B332-4CB9-B102-FB6951629E55} . (.EldoS Corporation - CbFs Mount Notifier.) -- C:\Windows\SysWOW64\CbFsMntNtf3.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Switch Off (Switch Off) . (...) - C:\Program Files (x86)\Switch Off\swoff.exe (.not file.)
O23 - Service: Tool Manager service (ToolManagerService) . (.Pas de propriétaire - ToolManager.) - C:\Program Files (x86)\ToolManager\ToolManager.exe
~ Services: 17 Legitimates Filtered in 00mn 05s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS.exe (.not file.) [0] =>Trojan.Keygen
[MD5.00000000000000000000000000000000] [APT] [Plus-HD-2.5-codedownloader] (...) -- C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-codedownloader.exe (.not file.) [0] =>Adware.PlusHD
[MD5.00000000000000000000000000000000] [APT] [Plus-HD-2.5-enabler] (...) -- C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-enabler.exe (.not file.) [0] =>Adware.PlusHD
[MD5.00000000000000000000000000000000] [APT] [Plus-HD-2.5-updater] (...) -- C:\Program Files (x86)\Plus-HD-2.5\Plus-HD-2.5-updater.exe (.not file.) [0] =>Adware.PlusHD
[MD5.00000000000000000000000000000000] [APT] [{029F327B-3779-49AD-9A05-BB487BFFC58D}] (...) -- C:\Users\francois\Desktop\SurveillanceSaver_Alpha_3_Win32_Src\SurveillanceSaver_Src\Installer\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{280D6F6E-C759-4888-A04C-DB358C87B174}] (...) -- E:\Onglet1\Far Cry\DirectX9\dxsetup.exe (.not file.) [0]
[MD5.E8E5FA2F4F77BFAC9C647BB1B5F62B64] [APT] [{4592C29B-F5B5-429D-AB1E-7EFC0B61DFAD}] (...) -- C:\JEUX\runaway\Video card setup.exe [45056]
[MD5.DC11353C9AA40A73CCF36C968E1D2104] [APT] [{6ADCC4AA-288D-4599-89A7-A751141DE406}] (.ALLPlayer.) -- C:\Program Files (x86)\OpenSubtitlesPlayer\OpenSubtitlesPlayer.exe [5199360]
[MD5.00000000000000000000000000000000] [APT] [{83395E20-021A-4D3D-9445-EC0A04F6DEDF}] (...) -- C:\JEUX\CODUTY\steam.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A4809511-6A1C-4DAB-8FCB-B2937E09EFF2}] (...) -- C:\Program Files (x86)\Switch Off\uninstall.exe (.not file.) [0]
[MD5.6BC44F764CF8E5AD20AE21FE430F4BE3] [APT] [{B462BD59-9BD3-4435-A2AA-A1051124B021}] (...) -- C:\Users\francois\Downloads\avgarkt-setup-1.1.0.42.exe [423736]
[MD5.DC11353C9AA40A73CCF36C968E1D2104] [APT] [{E83A8950-E601-4D0E-B37A-B7BB8B0391A3}] (.ALLPlayer.) -- C:\Program Files (x86)\OpenSubtitlesPlayer\OpenSubtitlesPlayer.exe [5199360]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [1002]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1068]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1072]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\PCDRScheduledMaintenance [552]
~ Scheduled Task: 39 Legitimates Filtered in 00mn 03s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (SAVRKBootTasks) . (. - .) - C:\Windows\system32\SAVRKBootTasks.sys (.not file.)
O41 - Driver: (UnHooker) . (. - .) - C:\Windows\System32\DRIVERS\UnHooker.sys (.not file.)
~ Drivers: 75 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: A New Beginning version 1.0 - (.Deadalic Entertainment.) [HKLM][64Bits] -- {A7A5B96D-0B42-47E8-8168-9B7C3C459454}_is1
O42 - Logiciel: AutoShut - (...) [HKLM][64Bits] -- AutoShut
O42 - Logiciel: BearPaw 1200CU Plus v1.2 - (.Nom de votre société.) [HKLM][64Bits] -- InstallShield_{243AA596-2B64-4DBF-B765-374B8328F504}
O42 - Logiciel: BearPaw 1200CU Plus v1.2 - (.Nom de votre société.) [HKLM][64Bits] -- {243AA596-2B64-4DBF-B765-374B8328F504}
O42 - Logiciel: Bluetooth Radar - (.Shai Raiten.) [HKLM][64Bits] -- {0CFC5EE9-1E99-4B01-8B0B-70BB4B502732}
O42 - Logiciel: Briz Video Joiner - (...) [HKLM][64Bits] -- Briz Video Joiner_is1
O42 - Logiciel: Iminent - (.Iminent.) [HKLM][64Bits] -- {28F68316-B8F1-4E05-BADF-42DBECB40F0E} =>Adware.IMBooster
O42 - Logiciel: Jivaro 1.8 - (.Aquafadas.) [HKLM][64Bits] -- {A30C16BF-E8B5-4DD9-8F9B-FA45237186DF}_is1
O42 - Logiciel: PI Free PC (Désintallation seule) - (...) [HKLM][64Bits] -- PiFreePC
O42 - Logiciel: Pix Resize - (...) [HKLM][64Bits] -- Pix Resize_is1
O42 - Logiciel: Power Video Joiner 5.0 - (.AML SOFT, Inc..) [HKLM][64Bits] -- {9404E8E5-B453-43A7-9A4A-6FFBB07D5CC8}_is1
O42 - Logiciel: Severe Streaming Notifier - (...) [HKLM][64Bits] -- Severe Streaming Notifier
O42 - Logiciel: ToolManager version 1.0 - (.Ventury Media.) [HKLM][64Bits] -- {56F9A55C-060C-484E-A6D2-D192677333E3}_is1
O42 - Logiciel: UltimateDefrag V1 FREE Public Domain Version - (.DiskTrix.) [HKLM][64Bits] -- UltimateDefrag V1 FREE Public Domain Version
O42 - Logiciel: WebPlayerV2 - (.Kreapixel.) [HKLM][64Bits] -- {7D41BC10-F03E-41EB-8E2D-B7006948332F} =>Adware.SocialSkinz
O42 - Logiciel: WinFile.v1.1 - (.brydon.net.) [HKLM][64Bits] -- {4C821167-6475-443F-BC4F-18C5CC572DC9}
~ Logic: 67 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\#title]
[HKCU\Software\31056InstEnd]
[HKCU\Software\Diamond Ridge]
[HKCU\Software\MustekSystem]
[HKCU\Software\Mustek]
[HKCU\Software\Thomas Wright Consulting]
[HKCU\Software\X-Wire Technology Inc.]
[HKCU\Software\brydon.net]
[HKLM\Software\SpeedBit]
[HKLM\Software\Wow6432Node\Browsersafeguard] =>PUP.BrowserSafeguard
[HKLM\Software\Wow6432Node\Thomas Wright Consulting]
[HKLM\Software\Wow6432Node\VBMZ] =>PUP.Duuqu
~ Key Software: 722 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/01/2014 - 20:05:34 - [] ----D C:\Program Files (x86)\AutoShut
O43 - CFD: 27/11/2010 - 22:58:26 - [] ----D C:\Program Files (x86)\BearPaw 1200CU Plus
O43 - CFD: 22/06/2011 - 01:48:32 - [] ----D C:\Program Files (x86)\BrizVideoJoin
O43 - CFD: 05/03/2012 - 09:06:48 - [] ----D C:\Program Files (x86)\FoxTabVideoConverter
O43 - CFD: 13/01/2012 - 13:26:20 - [] ----D C:\Program Files (x86)\Jivaro
O43 - CFD: 04/05/2012 - 16:26:56 - [] ----D C:\Program Files (x86)\LightningRadar
O43 - CFD: 30/03/2011 - 19:19:57 - [] ----D C:\Program Files (x86)\NT Email Notifier
O43 - CFD: 09/04/2010 - 10:28:26 - [] ----D C:\Program Files (x86)\PixResize
O43 - CFD: 07/05/2010 - 14:57:25 - [] ----D C:\Program Files (x86)\Severe Streaming
O43 - CFD: 06/07/2010 - 17:22:58 - [] ----D C:\Program Files (x86)\Shai Raiten
O43 - CFD: 22/06/2011 - 01:01:58 - [] ----D C:\Program Files (x86)\Thomas Wright Consulting
O43 - CFD: 15/04/2014 - 17:04:56 - [] ----D C:\Program Files (x86)\ToolManager
O43 - CFD: 21/07/2012 - 18:13:51 - [] ----D C:\Program Files (x86)\TorrentSearch
O43 - CFD: 19/08/2012 - 12:00:29 - [] ----D C:\Program Files (x86)\Common Files\SpeedBit
O43 - CFD: 01/03/2014 - 02:44:19 - [] ----D C:\ProgramData\InstallMate =>PUP.Tarma
O43 - CFD: 20/08/2012 - 23:40:05 - [0] ----D C:\ProgramData\SpeedBit
O43 - CFD: 10/02/2014 - 18:07:35 - [] ----D C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
O43 - CFD: 15/08/2009 - 07:59:25 - [] --H-D C:\ProgramData\{ADCBF7A8-716E-4B21-AF03-E3F11C06C309}
O43 - CFD: 13/01/2012 - 13:26:22 - [0] ----D C:\Users\francois\AppData\Roaming\JivaroPref
O43 - CFD: 26/02/2011 - 20:14:03 - [] ----D C:\Users\francois\AppData\Roaming\M05
O43 - CFD: 16/09/2010 - 21:35:13 - [] ----D C:\Users\francois\AppData\Roaming\MSGView
O43 - CFD: 08/12/2013 - 20:49:32 - [] ----D C:\Users\francois\AppData\Roaming\webdirecttv
O43 - CFD: 26/02/2011 - 20:15:08 - [] ----D C:\Users\francois\AppData\Local\M05
O43 - CFD: 10/12/2013 - 18:50:40 - [] ----D C:\Users\francois\AppData\Local\webdirecttv
O43 - CFD: 20/10/2011 - 12:37:16 - [] ----D C:\Users\francois\AppData\Local\{FEB3A1E5-5C56-461A-A854-888B6545CC0E}
O43 - CFD: 25/06/2011 - 20:37:15 - [] ----D C:\Users\francois\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crypter et Protéger les Fichiers 2011
O43 - CFD: 26/11/2011 - 03:55:58 - [] ----D C:\Users\francois\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab Video Converter
O43 - CFD: 01/03/2014 - 02:59:59 - [0] ----D C:\Users\francois\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
~ Program Folder: 403 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.5200344FEB0AA691D6EEAB8B3DEB3212] - 01/05/2014 - 19:00:50 ---A- . (...) -- C:\Windows\ntbtlog.txt [84688]
O44 - LFC:[MD5.62803A13AC4F91C8A0CE9EE944C8A22E] - 02/05/2014 - 08:44:05 ---A- . (...) -- C:\rkill.log [361]
O44 - LFC:[MD5.4734A19701AF128DE67089087C114FEC] - 02/05/2014 - 09:31:35 ---A- . (...) -- C:\Ad-Report-SCAN[7].txt [9970]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 27/04/2014 - 20:21:08 ---A- . (...) -- C:\dfu.log [0]
O44 - LFC:[MD5.3EBB6F936CA7362CC561E05E073030D8] - 28/04/2014 - 18:48:03 ---A- . (...) -- C:\sc-cleaner.txt [1814]
~ Files: 11 Legitimates Filtered in 00mn 01s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Switch Off [Key] . (...) -- C:\Program Files (x86)\Switch Off\swoff.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\WinPatrol [Key] . (...) -- C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (.not file.)
~ SMSR Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:06/04/2011 - 16:28:55 ---A- . (...) -- C:\Windows\System32\Drivers\atksgt.sys [314016]
O58 - SDL:08/12/2009 - 09:54:30 ---A- . (.Windows (R) Win 7 DDK provider - BulkUsb Driver.) -- C:\Windows\System32\Drivers\br_mcu2usb.sys [23552]
O58 - SDL:29/05/2012 - 14:53:30 ---A- . (.Windows (R) Codename Longhorn DDK provider - hpvhd 64bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys [27456]
O58 - SDL:14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:06/02/2007 - 13:19:32 ---A- . (.Pas de propriétaire - USB Scanner Driver.) -- C:\Windows\System32\Drivers\gt680X.sys [22528]
O58 - SDL:10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:06/04/2011 - 16:28:54 ---A- . (...) -- C:\Windows\System32\Drivers\lirsgt.sys [43680]
O58 - SDL:07/10/2009 - 01:45:50 ---A- . (...) -- C:\Windows\System32\Drivers\LVPr2M64.sys [30232]
O58 - SDL:11/11/2010 - 20:12:02 ---A- . (.Pas de propriétaire - 1.00.) -- C:\Windows\System32\Drivers\ntiopnp.sys [19544]
O58 - SDL:13/10/2009 - 15:22:40 ---A- . (...) -- C:\Windows\System32\Drivers\nvflash.sys [13416]
O58 - SDL:03/11/2005 - 15:40:56 ---A- . (.Protection Technology - StarForce Protection VFS Driver.) -- C:\Windows\System32\Drivers\sfvfs02.sys [89600]
O58 - SDL:14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:11/01/2012 - 19:53:04 ---A- . (.Windows (R) Win 7 DDK provider - Spyware Terminator 2012 driver.) -- C:\Windows\System32\Drivers\stflt.sys [51496]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:21/02/2010 - 17:51:36 ---A- . (.Pas de propriétaire - DisplayLink TB Filter.) -- C:\Windows\System32\Drivers\WSR_TBF.sys [51712]
O58 - SDL:10/05/2010 - 11:03:46 ---A- . (.Pas de propriétaire - WSR_USF.) -- C:\Windows\System32\Drivers\WSR_USF.sys [48640]
O58 - SDL:10/01/2012 - 14:16:40 ---A- . (...) -- C:\Windows\SysWOW64\drivers\cpuidlep.sys [4484]
O58 - SDL:20/01/2010 - 18:39:18 ---A- . (...) -- C:\Windows\SysWOW64\drivers\UnHooker.sys [25400]
~ Drivers: 91 Legitimates Filtered in 00mn 03s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: Ad-Remover par C_XX - (.C_XX.) [HKLM] -- Ad-Remover
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 11/01/2012 - C:\Windows\System32\DRIVERS\stflt.sys (sp_rsdrv2) .(.Windows (R) Win 7 DDK provider - Spyware Terminator 2012 driver.) - LEGACY_SP_RSDRV2
~ Legacy: 92 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files (x86)\Safari\Safari.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [francois - 1bmpug6l.default] user_pref("extensions.crossrider.bic", "145bcc166995956b260d37eee17fcb2f"); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {73ccfd25-abe2-4bdf-ac5d-28a470a4d234} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://www.orange.fril
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2} - (Ask.com) - http://dts.search.ask.com
O69 - SBI: SearchScopes [HKCU] {A5811EAF-6180-472B-80B3-BBEA4BE7B258} - (Yahoo!) - http://fr.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {AC9AD0F8-5B31-4CBE-BE00-9E7A0DCD66D6} - (Yahoo! Search) - http://fr.search.yahoo.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.E152C2E083BB18DF3770DE4040E3F391] [SPRF][24/11/2013] (...) -- C:\Users\francois\AppData\Roaming\SetValue.bat [35]
[MD5.C9422D430F19B0DDAF1433F383A33164] [SPRF][24/12/2009] (...) -- C:\Users\francois\AppData\Roaming\wklnhst.dat [140]
[MD5.D6A5DF83938AD59E78F03CF2C0C69A7D] [SPRF][14/12/2012] (...) -- C:\Users\francois\Desktop\C-MD5.exe [30592]
[MD5.8CCFCCAFFC3262EC8091F49648CAC283] [SPRF][14/06/2011] (.ALLPlayer - www.OpenSubtitles.org.) -- C:\Users\francois\Desktop\OpenSubtitlesPlayer.exe [20251821]
[MD5.69984B053A3C546AB634635A4877C009] [SPRF][13/11/2008] (.mustek - Setup Launcher.) -- C:\Users\francois\Desktop\PackardBellDiamond1200PlusScanner.exe [76132699]
[MD5.7196AC3610A8940FBB9B5229A0AD3B9D] [SPRF][21/10/2012] (...) -- C:\Users\francois\Desktop\Paint.NET.3.5.10.Install.exe [810648]
[MD5.C7D040F4C3C0214B460AABDE52BE9189] [SPRF][22/05/2012] (...) -- C:\Users\francois\Desktop\rkill.exe [1012656]
[MD5.D64AE7D819823F261ACAD8AD9A95180C] [SPRF][10/12/2012] (...) -- C:\Users\francois\Desktop\RogueKiller.exe [756224]
[MD5.FDBE6123BB5B243D2B4647A5D0D14E10] [SPRF][16/03/2010] (...) -- C:\Users\francois\Desktop\TeamViewer_Setup.exe [2729912]
[MD5.3B8DF5EC974CA8B09CC4FE47916C0EDD] [SPRF][19/07/2011] (.Pas de propriétaire - Self-extracting installation program..) -- C:\Users\francois\Desktop\UltimateDefragFREEPublicDomainEditionSetup.exe [2277376]
[MD5.39A81D679519419C0E8E42ED705A54F8] [SPRF][13/05/2012] (.BitTorrent, Inc. - µTorrent.) -- C:\Users\francois\Desktop\uTorrent.exe [880496] =>P2P.BitTorrent
[MD5.47C30BC6C5161307EA9B8B12BA8B5AF9] [SPRF][22/05/2012] (.Atribune.org - VundoFix.exe.) -- C:\Users\francois\Desktop\VundoFix.exe [119808]
~ Files: 16 Legitimates Filtered in 00mn 02s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{0270DA9A-40FF-4592-BD72-D027D772F8B3}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{A4667A5B-130A-4C34-AF6B-C1177833E3C4}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 02s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "61386F821F8B50E4ABFD24BDCE4BF0E0" . (.Iminent.) -- C:\Windows\Installer\{28F68316-B8F1-4E05-BADF-42DBECB40F0E}\imbooster.ico =>Adware.IMBooster
~ Update Products: 1 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A91D34375B4647FF0F57E8076EC72B1B] [WIS][08/08/2012] (.Babylon Ltd - BabylonObjectInstaller.) -- C:\Windows\Installer\258d3666.msi [343040] =>PUP.Babylon
[MD5.22C9E7805145D0A0C4C62DDB591D2DAE] [WIS][27/06/2012] (.Babylon Ltd - BabylonObjectInstaller.) -- C:\Windows\Installer\89613d1.msi [353280] =>PUP.Babylon
~ WIS: 2 Legitimates Filtered in 00mn 03s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASAPI32 =>PUP.BrowserSafeguard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BrowserSafeguard_RASMANCS =>PUP.BrowserSafeguard
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\crazyloader_air_RASAPI32 =>Adware.SPointer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\crazyloader_air_RASMANCS =>Adware.SPointer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\crazyloader_file_RASAPI32 =>Adware.SPointer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\crazyloader_file_RASMANCS =>Adware.SPointer
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HBLiteSA_RASAPI32 =>Adware.HotBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\HBLiteSA_RASMANCS =>Adware.HotBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\questscan132_RASAPI32 =>Adware.QuestScan
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\questscan132_RASMANCS =>Adware.QuestScan
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\questscan133_RASAPI32 =>Adware.QuestScan
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\questscan133_RASMANCS =>Adware.QuestScan
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\questscan135_RASAPI32 =>Adware.QuestScan
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\questscan135_RASMANCS =>Adware.QuestScan
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\scanquery112_RASAPI32 =>Adware.ScanQuery
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\scanquery112_RASMANCS =>Adware.ScanQuery
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\scanquery113_RASAPI32 =>Adware.ScanQuery
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\scanquery113_RASMANCS =>Adware.ScanQuery
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\scanquery115_RASAPI32 =>Adware.ScanQuery
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\scanquery115_RASMANCS =>Adware.ScanQuery
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASAPI32 =>Adware.SearchSettings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASMANCS =>Adware.SearchSettings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateglindorus_RASAPI32 =>PUP.Glindorus
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateglindorus_RASMANCS =>PUP.Glindorus
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\vbmz_RASAPI32 =>PUP.Duuqu
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\vbmz_RASMANCS =>PUP.Duuqu
~ BTK: 636 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 30/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
SS - | Auto 16/04/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 16/04/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 03/03/2014 285795 | (HOSTS Anti-PUPs) . (...) - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe
SS - | Demand 13/05/2013 1129760 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SS - | Demand 17/09/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 13/06/2013 357144 | (LBTServ) . (.Logitech, Inc..) - C:\PROGRAM FILES\COMMON FILES\LOGISHRD\BLUETOOTH\LBTSERV.exe
SS - | Demand 16/01/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\PROGRAM FILES\MCAFEE SECURITY SCAN\3.8.141\MCCHSVC.exe
SS - | Demand 26/05/2010 6144 | (MEMSWEEP2) . (.Sophos Plc.) - C:\Windows\system32\212F.tmp
SS - | Demand 29/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 21/01/2014 699912 | (Orange update Core Service) . (.Orange SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
SS - | Demand 25/02/2014 568512 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Auto 10/07/1658 0 | (Switch Off) . (...) - C:\Program Files (x86)\Switch Off\swoff.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 08/02/2011 956192 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SR - | Auto 04/11/2013 92160 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 07/10/2009 191000 | (LVPrcS64) . (.Logitech Inc..) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
SR - | Auto 23/09/2009 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
SR - | Auto 24/03/2010 151144 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 10/01/2012 1148632 | (ST2012_Svc) . (.Crawler.com.) - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
SR - | Auto 11/02/2010 172328 | (TeamViewer5) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
SR - | Auto 03/12/2013 43024 | (ToolManagerService) . (...) - C:\Program Files (x86)\ToolManager\ToolManager.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 26/06/2008 167936 | (WlanWpsSvc) . (...) - C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 07s



---\\ Scan Additionnel (O88)
Database Version : 13045 - (01/05/2014)
Clés trouvées (Keys found) : 10
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 4

[HKLM\Software\Google\Chrome\Extensions\cmgefjleafcfcabcmkommgcmkbcojbik] =>Adware.SearchYa^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28F68316-B8F1-4E05-BADF-42DBECB40F0E}] =>Adware.IMBooster^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7D41BC10-F03E-41EB-8E2D-B7006948332F}] =>Adware.SocialSkinz^
[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\VBMZ] =>Toolbar.Conduit
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193] =>PUP.Babylon
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster
C:\Users\francois\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgefjleafcfcabcmkommgcmkbcojbik =>Adware.SearchYa^
C:\ProgramData\InstallMate =>PUP.Tarma^
C:\Users\francois\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
C:\Program Files (x86)\YouTube Downloader =>PUP.Dealio
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader =>PUP.Dealio
[HKLM\Software\Wow6432Node\Browsersafeguard] =>PUP.BrowserSafeguard^
C:\Users\francois\Desktop\uTorrent.exe =>P2P.BitTorrent^
C:\Windows\Installer\258d3666.msi =>PUP.Babylon^
C:\Windows\Installer\89613d1.msi =>PUP.Babylon^
~ Additionnel Scan: 483142 Items scanned in 01mn 39s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/27529784-adware-searchya =>Adware.SearchYa
http://nicolascoolman.webs.com/apps/blog/show/28138048-adware-plushd =>Adware.PlusHD
http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster
http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz
http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard =>PUP.BrowserSafeguard
http://nicolascoolman.webs.com/apps/blog/show/37752731-pup-duuqu =>PUP.Duuqu
http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
http://nicolascoolman.webs.com/apps/blog/show/26609241-crapware-spyhunter =>Crapware.SpyHunter
http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer =>Adware.SPointer
http://nicolascoolman.webs.com/apps/blog/show/26834113-adware-hotbar =>Adware.HotBar
http://nicolascoolman.webs.com/apps/blog/show/27450485-adware-questscan =>Adware.QuestScan
http://nicolascoolman.webs.com/apps/blog/show/30990124-adware-scanquery =>Adware.ScanQuery
http://nicolascoolman.webs.com/apps/blog/show/27529295-adware-searchsettings =>Adware.SearchSettings
http://nicolascoolman.webs.com/apps/blog/show/33429762-pup-glindorus =>PUP.Glindorus
http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly
http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
~ MSI: 19 link(s) detected in 00mn 00s



~ 1314 Legitimates filtered by white list
End of the scan (649 lines in 02mn 48s)(0)

Publicité


Signaler le contenu de ce document

Publicité