Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Lancé par rhak (02/02/2014 20:15:39)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16750
MFIE: Mozilla Firefox 26.0 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : Q667T
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.2.286
Windows Defender W8
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
Qtrax Player v01.001.0001 =>P2P.Qtrax
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
---\\ Informations sur le système
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3658 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 500 GB (54%) free of 914 GB
---\\ Mode de connexion au système
~ Computer Name: AVIATEURS
~ User Name: rhak
~ All Users Names: rhak, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\rhak\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\rhak\AppData\Roaming\
~ %Desktop% : C:\Users\rhak\Desktop\
~ %Favorites% : C:\Users\rhak\Favorites\
~ %LocalAppData% : C:\Users\rhak\AppData\Local\
~ %StartMenu% : C:\Users\rhak\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 500 Go of 914 Go)
D: CD-ROM drive (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01/06/2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.E7099336BF7531B6FCC920DCB5101259] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/10/2013 - 07:19:22.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.04/09/2013 - 04:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01/06/2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 01s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/64
~ Mes musiques (My Musics) : 9/183
~ Mes Favoris (My Favorites) : 1/13
~ Mes Documents (My Documents) : 1/403
~ Mon Bureau (My Desktop) : 1/5184
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 12s
---\\ Processus lancés
[MD5.8F44A93C559B1079B175E871C4F2F820] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [1179760] [PID.2160]
[MD5.61E22A327D20737529E5DDAD904BDD7B] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\SysWOW64\DllHost.exe [8704] [PID.3028]
[MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.3432]
[MD5.ABC13EE82ECC14C63709465BA9BCA0AD] - (.APN LLC. - Virtual New Tab Loader.) -- C:\Users\rhak\AppData\Local\VNT\vntldr.exe [202192] [PID.3500] =>Toolbar.Ask
[MD5.82F5E8957DC64AD9C3E16C200E0A77EB] - (.IObit - Pas de description.) -- C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe [1551680] [PID.3568]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.3860]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.3000]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\rhak\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [aaaaabcbmongicmdegkmmfgdickgnnob] Movies Toolbar v.29.1, (Désactivé) =>PUP.MoviesToolbar
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pcoohmdcpejoeggdnihdfhohjgdbllgm] Avira SearchFree Toolbar plus Web Protection v.30.1, (Désactivé) =>Toolbar.Avira
~ Google Browser: 18 Legitimates Filtered in 00mn 04s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\rhak\AppData\Roaming\Mozilla\Firefox\Profiles\px7c1xs0.default\prefs.js
M3 - MFPP: Plugins - [rhak] -- C:\Users\rhak\AppData\Roaming\Mozilla\Firefox\Profiles\px7c1xs0.default\searchplugins\recherche-alot.xml =>Adware.Comet
M3 - MFPP: Plugins - [rhak] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\nationzoom.xml =>Hijacker.NationZoom
M2 - MFEP: prefs.js [rhak - px7c1xs0.default\116] [] LyricsWoofer v1.116 (..) =>Adware.AddLyrics
M2 - MFEP: prefs.js [rhak - px7c1xs0.default\133] [] LyricsWoofer v1.133 (..) =>Adware.AddLyrics
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Avira SearchFree Toolbar - [HKLM]{41564952-412D-5637-4300-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport_x64.dll =>Toolbar.Ask
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Acheter en ligne.lnk . (...) -- C:\Program Files (x86)\Accessory Store\StartUrl.exe (.not file.)
O4 - GS\Desktop [Public]: Help and Support.lnk - Clé orpheline
O4 - GS\Desktop [Public]: Help.lnk . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\Desktop [Public]: Start Menu 8.lnk . (.IObit - Pas de description.) -- C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
O4 - GS\Desktop [Public]: VideoPlayer.lnk . (.Tuguu SL - VAFPlayer.) -- C:\Program Files (x86)\VideoPlayer\VAFPlayer.exe =>PUP.VAFPlayer
O4 - GS\Program [Public]: Desktop.lnk - Clé orpheline
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\Program [Public]: Packard bell User's Manual.lnk . (...) -- C:\OEM\Preload\AutoRun\GUI\Packard Bell User's Manual\00\User_Manual.pdf
O4 - GS\QuickLaunch [rhak]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\rhak\AppData\Local\Google\Chrome\Application\chrome.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\QuickLaunch [rhak]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\TaskBar [rhak]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\rhak\AppData\Local\Google\Chrome\Application\chrome.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\TaskBar [rhak]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\TaskBar [rhak]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\TaskBar [rhak]: Packard Bell Device Fast-lane.lnk . (...) -- C:\Program Files (x86)\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneUI.exe (.not file.)
O4 - GS\TaskBar [rhak]: Packard Bell Power Button.lnk . (...) -- C:\Program Files (x86)\Packard Bell\Packard Bell Power Management\ePowerButton.exe (.not file.)
O4 - GS\Program [rhak]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom
O4 - GS\Program [rhak]: Réseau.lnk - Clé orpheline
O4 - GS\Desktop [rhak]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\rhak\AppData\Local\Google\Chrome\Application\chrome.exe http://www.nationzoom.com =>Hijacker.NationZoom
~ Global Startup: 45 Legitimates Filtered in 00mn 05s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\rhak\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\rhak\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
O4 - HKLM\..\Wow6432Node\Run: [LManager] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [ApnTBMon] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask
O4 - HKLM\..\Wow6432Node\Run: [VNT] . (.APN LLC. - Virtual New Tab Loader.) -- C:\Program Files (x86)\VNT\vntldr.exe =>Toolbar.Ask
O4 - HKUS\S-1-5-21-2783746680-1812325964-1141313655-1001\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.exe
O4 - HKUS\S-1-5-21-2783746680-1812325964-1141313655-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\rhak\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2783746680-1812325964-1141313655-1001\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\rhak\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc
~ Application: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{190B4768-F622-4F5A-9D88-CEE233DAD275}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{950D620C-1142-4D7D-BB59-746D221C1318}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{190B4768-F622-4F5A-9D88-CEE233DAD275}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{950D620C-1142-4D7D-BB59-746D221C1318}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
O23 - Service: Wpm Service (Wpm) . (.Cherished Technololgy LIMITED - WPM Service.) - C:\ProgramData\WPM\wprotectmanager.exe =>PUP.WpManager
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) . (.Intel® Corporation - Intel® PROSet/Wireless Zero Configure Servi.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: 18 Legitimates Filtered in 00mn 07s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{24ADF543-52B6-4D18-B3E9-A3BC980620F7}] (...) -- C:\PROGRA~3\TARMAI~1\{889DF~1\Setup.exe (.not file.) [0] =>PUP.Tarma
~ Scheduled Task: 13 Legitimates Filtered in 00mn 08s
---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (qkevreml) . (. - .) - C:\Windows\system32\drivers\qkevreml.sys (.not file.)
~ Drivers: 40 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: Lollipop - (.Lollipop Network, S.L..) [HKCU][64Bits] -- lollipop_01291227 =>Adware.Lollipop
O42 - Logiciel: Movies Toolbar for Firefox (Dist. by Bandoo Media, Inc.) - (.APN LLC.) [HKLM][64Bits] -- ilividmoviestoolbarhaFF =>PUP.MoviesToolbar
~ Logic: 27 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AskPartnerNetwork]
[HKCU\Software\VNT]
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\Wow6432Node\AskPartnerNetwork]
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager
~ Key Software: 237 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 02/02/2014 - 17:04:28 - [12,262] ----D C:\Program Files (x86)\AskPartnerNetwork
O43 - CFD: 02/02/2014 - 17:04:30 - [0,333] ----D C:\Program Files (x86)\VNT
O43 - CFD: 02/02/2014 - 17:03:44 - [0] ----D C:\ProgramData\APN
O43 - CFD: 02/02/2014 - 17:04:28 - [2,254] ----D C:\ProgramData\AskPartnerNetwork
O43 - CFD: 02/02/2014 - 18:22:09 - [0,009] ----D C:\ProgramData\Datamngr =>PUP.Datamngr
O43 - CFD: 07/01/2014 - 09:41:37 - [0,477] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 24/01/2013 - 02:10:49 - [0,764] ----D C:\Users\rhak\AppData\Roaming\lm
O43 - CFD: 24/01/2013 - 22:41:21 - [0] ----D C:\Users\rhak\AppData\Local\Updater21810 =>PUP.CrossRider
O43 - CFD: 02/02/2014 - 17:04:35 - [0,281] ----D C:\Users\rhak\AppData\Local\VNT
~ 197 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 346 Legitimates Filtered in 01mn 23s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.67FC5B9D0957C4FBB37376DE49A2B170] - 02/02/2014 - 09:05:06 ---A- . (...) -- C:\Windows\diagerr.xml [1890]
O44 - LFC:[MD5.EB1C94CC9DC0FCFC670332D63881421F] - 02/02/2014 - 09:05:13 ---A- . (...) -- C:\Windows\diagwrn.xml [2544]
~ Files: 26 Legitimates Filtered in 01mn 06s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{351568ea-352b-11e2-be69-806e6f6e6963}\AutoRun\command. (...) -- D:\setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 18 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.E986F9B462326BA1D703D376801809FE] - 05/09/2012 - 10:31:46 ---A- . (.ELAN Microelectronics Corp. - ETD Kernel Center.) -- C:\Windows\System32\Drivers\ETD.sys [319888]
O58 - SDL:[MD5.0B3F6C8F93C5C25977EA5A8B2E656357] - 04/06/2013 - 08:15:02 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [103448]
O58 - SDL:[MD5.EA8F41484CCC5BA6A1455C2AD3D1BE3C] - 04/06/2013 - 08:15:00 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [203672]
O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 06:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 12:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 18 Legitimates Filtered in 00mn 02s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.nationzoom.com =>Hijacker.NationZoom
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.4E41301AB03814EABE37FCF194B728A6] [SPRF][13/12/2013] (.Ask.com - Offercast - APN Install Manager.) -- C:\Users\rhak\AppData\Local\Temp\Offercast_AVIRAV7_.exe [1326512]
[MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][23/10/2013] (...) -- C:\Users\rhak\AppData\Local\Temp\Quarantine.exe [344355]
[MD5.E6ED90C29E3403FADAAE2CEDAA090E08] [SPRF][02/02/2014] (...) -- C:\Users\rhak\AppData\Local\Temp\uttE8F8.tmp.bat [100]
~ Files: 5 Legitimates Filtered in 00mn 02s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{37EDA7BA-0663-4D78-A9AD-1A12FD640A59}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "{D3EF6290-2D20-4F14-BADE-A82FF080048F}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 - FAEL: "TCP Query User{EBB76623-8147-4C82-85E7-F564C459C4C5}C:\users\rhak\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\rhak\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 - FAEL: "UDP Query User{4D2A45AF-A466-406C-B1A0-665ECD27C6A4}C:\users\rhak\appdata\roaming\cacaoweb\cacaoweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\rhak\appdata\roaming\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 - FAEL: "TCP Query User{6C7B68B5-6403-4F69-B69D-9E2F93F85F31}C:\users\rhak\desktop\cacaoweb.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\rhak\desktop\cacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 - FAEL: "UDP Query User{4B25CD59-EE13-47D0-BAC3-D5CBB5D24C0C}C:\users\rhak\desktop\cacaoweb.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\rhak\desktop\cacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 - FAEL: "{8734DCB3-370F-4528-9AC9-8B36F25055C9}" |In - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\dfrg\btc-miner.exe (.not file.)
O87 - FAEL: "{C34B9E56-5DC9-4683-9425-B261180C838F}" |Out - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\dfrg\btc-miner.exe (.not file.)
O87 - FAEL: "{2B3B6A02-8B59-4CA1-9D51-69DDE32622BA}" |In - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\dfrg\minerd.exe (.not file.)
O87 - FAEL: "{D3AEAB71-A436-47C5-809A-D265BD00898C}" |Out - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\dfrg\minerd.exe (.not file.)
O87 - FAEL: "{CB039CAC-DFDE-4A9B-A921-E7B058D0A281}" |In - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe (.not file.)
O87 - FAEL: "{36914055-0123-44AF-A620-B795F2870022}" |Out - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\Drivers\BleServicesCtrl.exe (.not file.)
O87 - FAEL: "{B9C09EFB-D844-4589-B1A3-76AB6E5393C7}" |In - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\Drivers\blds.exe (.not file.)
O87 - FAEL: "{D5426E47-4014-49A7-9CFC-19195B130E4F}" |Out - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\Drivers\blds.exe (.not file.)
O87 - FAEL: "{24FA96DB-63CE-4888-955A-DA44AA2EB560}" |In - None - P6 - TRUE | .(...) -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe (.not file.)
O87 - FAEL: "{0DA709FB-7250-445F-86E9-275F0CDEF060}" |In - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe (.not file.)
O87 - FAEL: "{FA941001-5FED-44D7-8013-55B2904B305A}" |Out - None - P17 - TRUE | .(...) -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe (.not file.)
O87 - FAEL: "{B192C58E-60B4-4939-98C7-98BAD7D99759}" |In - Public - P6 - TRUE | .(...) -- C:\ProgramData\eSafe\eGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
~ Firewall: 251 Legitimates Filtered in 00mn 02s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "25946514D214736534007A857BC0A000" . (.Avira SearchFree Toolbar.) -- C:\Windows\Installer\{41564952-412D-5637-4300-A758B70C0A00}\ToolbarIcon.exe =>Toolbar.Avira
~ Update Products: 86 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.BBF4134424D0556F36DC086028750937] [WIS][24/01/2013] (.SweetIM Technologies Ltd. - SweetPacks bundle uninstaller.) -- C:\Windows\Installer\29194.msi [2579456] =>PUP.SweetIM
[MD5.AC0D283E857F8CA4469DE3657175AFBA] [WIS][20/12/2013] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\3138ff.msi [813568] =>Toolbar.Avira
[MD5.0A23531B05648583E2675134C3F57419] [WIS][30/11/2013] (.The Software Group - Software Update Helper.) -- C:\Windows\Installer\92416.msi [45056] =>Adware.Boxore
[MD5.E32A1A1B9CC600CF062E0E429925841A] [WIS][16/08/2013] (.Boxore OU - Boxore Client Installer.) -- C:\Windows\Installer\9241e.msi [1974272] =>Adware.Boxore
~ WIS: 90 Legitimates Filtered in 00mn 14s
---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 13
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 10
Fichiers trouvés (Files found) : 7
[HKLM\Software\Google\Chrome\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob] =>PUP.MoviesToolbar^
[HKLM\Software\Google\Chrome\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm] =>Toolbar.Avira^
[HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^
[HKLM\SYSTEM\CurrentControlSet\Services\Wpm] =>PUP.WpManager^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop_01291227] =>Adware.Lollipop^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilividmoviestoolbarhaFF] =>PUP.MoviesToolbar^
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220222182210}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181110}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{41564952-412D-5637-4300-7A786E7484D7} =>Toolbar.Ask^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:ApnTBMon =>Toolbar.Ask^
C:\Users\rhak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob =>PUP.MoviesToolbar^
C:\Users\rhak\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm =>Toolbar.Avira^
C:\Users\rhak\AppData\Roaming\Mozilla\Firefox\Profiles\px7c1xs0.default\extensions\116 =>Adware.AddLyrics^
C:\Users\rhak\AppData\Roaming\Mozilla\Firefox\Profiles\px7c1xs0.default\extensions\133 =>Adware.AddLyrics^
C:\ProgramData\Datamngr =>PUP.Datamngr^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\rhak\AppData\Local\Updater21810 =>PUP.CrossRider^
C:\Program Files (x86)\AskPartnerNetwork =>Toolbar.Ask
C:\ProgramData\AskPartnerNetwork =>Toolbar.Ask
C:\Users\rhak\AppData\Local\Software =>Adware.Boxore
C:\Users\rhak\AppData\Local\VNT\vntldr.exe =>Toolbar.Ask^
[HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM^
[HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^
C:\Windows\Installer\29194.msi =>PUP.SweetIM^
C:\Windows\Installer\3138ff.msi =>Toolbar.Avira^
C:\Windows\Installer\92416.msi =>Adware.Boxore^
C:\Windows\Installer\9241e.msi =>Adware.Boxore^
~ Additionnel Scan: 228156 Items scanned in 00mn 49s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/33744863-pup-moviestoolbar =>PUP.MoviesToolbar
~ http://nicolascoolman.webs.com/apps/blog/show/26664342-adware-comet =>Adware.Comet
~ http://nicolascoolman.webs.com/apps/blog/show/38126906-hijacker-nationzoom =>Hijacker.NationZoom
~ http://nicolascoolman.webs.com/apps/blog/show/26601058-adware-addlyrics =>Adware.AddLyrics
~ http://nicolascoolman.webs.com/apps/blog/show/30392620-pup-vafplayer =>PUP.VAFPlayer
~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb =>PUP.CacaoWeb
~ http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity =>PUP.eSafeSecurity
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore
~ MSI: 15 link(s) detected in 00mn 49s
~ 1145 Legitimates filtered by white list
End of the scan (450 lines in 04mn 43s)(0)