Dans ce forum, vous trouverez tout ce qui concerne le logiciel d'analyse des rapports ZHPDiag, NCDiag.
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par Destrio5
#17409
Code : Tout sélectionner
[MD5.803C2A31221A025D95070FA4B5236E6A] - (...) -- C:\Program Files\groover180820151229\Suacraiv.exe [169472] [PID.1996]      [MD5.A23ED37E81513A76446694018D3FBCDA] - (...) -- C:\Program Files\groover180820151229\GuboaaVeulk.exe [171840] [PID.1384]      [MD5.784514E06E2200BC1D7D73D04C379D0F] - (...) -- C:\Program Files\groover180820151229\Elivit.exe [427520] [PID.2428]      [MD5.65EA0DCC56296147F54C2250772D7C17] - (...) -- C:\Program Files\groover180820151229\Voakawakpu.exe [2043712] [PID.3404]      [MD5.DCC3C554432A3D11650F23607A6CC022] - (...) -- C:\Program Files\groover180820151229\Peajtis.exe [279552] [PID.3376]      [MD5.EEB7BAC898171620B62BC99D545710C4] - (...) -- C:\Program Files\groover180820151229\csrcc.exe [1442816] [PID.3776]      O2 - BHO: groover180820151229 Helper - {1280BB9C-D436-48FB-aD8C-7AFDDA2465C5} . (...) -- C:\Program Files\groover180820151229\Joral.dll      O4 - HKLM\..\Run: [groover180820151229] . (...) -- C:\Program Files\groover180820151229\Elivit.exe      O23 - Service: KoscuMehevi (KoscuMehevi) . (...) - C:\Program Files\groover180820151229\GuboaaVeulk.exe      [MD5.B9C0FD1F2472F40B282613E2D1EA7CCD] [APT] [Caoprub] (...) -- C:\Program Files\groover180820151229\Jefsyzu.bat    [75]      O42 - Logiciel: groover180820151229 2.0.0.473 - (.groover.) [HKLM] -- {1280BB9C-D436-48FB-aD8C-7AFDDA2465C5}_is1      HKLM\SOFTWARE\groover180820151229      O43 - CFD: 2015/08/23 17:29:01 - [] D -- C:\Program Files\groover180820151229    SR - Demand [2015/08/18 12:34:06] [  279552]  158B113B-3D7D-42BB-8E38-C8BA91070C13 (158B113B-3D7D-42BB-8E38-C8BA91070C13) . (...) - C:\Program Files\groover180820151229\Peajtis.exe      SR - Demand [2015/08/18 12:34:30] [ 1442816]  csrcc (csrcc) . (...) - C:\Program Files\groover180820151229\csrcc.exe        SR - Auto   [2015/08/18 12:33:34] [  169472]  groover180820151229 Updater (groover180820151229 Updater) . (...) - C:\Program Files\groover180820151229\Suacraiv.exe      SR - Auto   [2015/08/18 11:31:20] [  171840]  KoscuMehevi (KoscuMehevi) . (...) - C:\Program Files\groover180820151229\GuboaaVeulk.exe      SR - Demand [2015/08/18 11:31:18] [ 2043712]  Voakawakpu (Voakawakpu) . (...) - C:\Program Files\groover180820151229\Voakawakpu.exe      
--> PUP.Optional.Groover.A, C:\Program Files\groover180820151229
Code : Tout sélectionner
P2 - EXT FILE: (...) -- C:\Users\SevenTest\AppData\Roaming\Mozilla\Firefox\Profiles\5jnkqma2.default-1440316437045\extensions\{951c0ecf-f051-4204-9d10-bffa60c85dc8}.xpi      
--> PUP.Optional.RecordPage
Avatar du membre
par Destrio5
#17840
Code : Tout sélectionner
[MD5.22307CFDB53EB60377DA089CE7B19280] - (.Copyright ©  2015 - .) -- C:\Program Files\NixSrv\NixSrv.exe [379904] [PID.1696]      [MD5.9FFDBDCD2E7F2FA6B15777A5B72EE960] - (.Copyright ©  2015 - .) -- C:\Program Files\NixSrv\packages\b95f3ef7-d1ee-4f6c-abf8-f8082cd08549\NixHost.exe [855040] [PID.2564]      O23 - Service: NixSrv Service (NixSrv) . (.Copyright ©  2015 - .) - C:\Program Files\NixSrv\NixSrv.exe   O43 - CFD: 2015/08/30 15:41:23 - [] D -- C:\Program Files\NixSrv      SR - Auto   [2015/08/27 10:48:16] [  379904]  NixSrv Service (NixSrv) . (.Copyright ©  2015.) - C:\Program Files\NixSrv\NixSrv.exe        
--> PUP.Optional.Amonetize
Code : Tout sélectionner
P2 - EXT FILE: (...) -- C:\Users\SevenTest\AppData\Roaming\Mozilla\Firefox\Profiles\c2nqafv2.default\searchplugins\smod.xml  O42 - Logiciel: Search Module 2.3.14.1694 - (...) [HKLM] -- Search Module_is1          
--> HKLM\SOFTWARE\SearchModule => PUP.Optional.SearchModule
Code : Tout sélectionner
O69 - SBI: SearchScopes [HKCU] OldSearch - (Search) - http://www-searching.com/      
Code : Tout sélectionner
O4 - GS\Desktop [Administrateur]: BrowserAir.lnk . (.Goobzo - BrowserAir.) C:\Users\SevenTest\AppData\Local\BrowserAir\Application\BrowserAir.exe  =>O4 - GS\Quicklaunch [Administrateur]: BrowserAir.lnk . (.Goobzo - BrowserAir.) C:\Users\SevenTest\AppData\Local\BrowserAir\Application\BrowserAir.exe  =>O4 - GS\TaskBar [Administrateur]: BrowserAir.lnk . (.Goobzo - BrowserAir.) C:\Users\SevenTest\AppData\Local\BrowserAir\Application\BrowserAir.exe  =>O4 - GS\Desktop [Invité]: BrowserAir.lnk . (.Goobzo - BrowserAir.) C:\Users\SevenTest\AppData\Local\BrowserAir\Application\BrowserAir.exe  =>O4 - GS\Quicklaunch [Invité]: BrowserAir.lnk . (.Goobzo - BrowserAir.) C:\Users\SevenTest\AppData\Local\BrowserAir\Application\BrowserAir.exe  =>O4 - GS\TaskBar [Invité]: BrowserAir.lnk . (.Goobzo - BrowserAir.) C:\Users\SevenTest\AppData\Local\BrowserAir\Application\BrowserAir.exe  =>O4 - GS\Desktop [SevenTest]: BrowserAir.lnk . (.Goobzo - BrowserAir.) C:\Users\SevenTest\AppData\Local\BrowserAir\Application\BrowserAir.exe  =>O4 - GS\Quicklaunch [SevenTest]: BrowserAir.lnk . (.Goobzo - BrowserAir.) C:\Users\SevenTest\AppData\Local\BrowserAir\Application\BrowserAir.exe  =>O4 - GS\TaskBar [SevenTest]: BrowserAir.lnk . (.Goobzo - BrowserAir.) C:\Users\SevenTest\AppData\Local\BrowserAir\Application\BrowserAir.exe  =>[MD5.992E366855E616653AC8A5827DFDC3BA] [APT] [BAUpd] (.Goobzo.) -- C:\Users\SevenTest\AppData\Local\BrowserAir\Application\Updater.exe   [781088]  =>PUP.Optional.GoobzoO39 - APT: BAUpd - (.Goobzo.) -- C:\Windows\System32\Tasks\BAUpd   [3628]  =>PUP.Optional.GoobzoO42 - Logiciel: BrowserAir - (.BrowserAir.) [HKCU] -- BrowserAirHKLM\SOFTWARE\BrowserAirHKCU\SOFTWARE\BrowserAirO43 - CFD: 2015/08/30 13:21:33 - [] D -- C:\Users\SevenTest\AppData\Local\BrowserAirO43 - CFD: 2015/08/30 13:21:28 - [] D -- C:\Users\SevenTest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAirO61 - LFC: 2015/08/30 13:20:17 A . (.Goobzo.) -- C:\Users\SevenTest\AppData\Local\BrowserAir\Application\37.2.2007.0\Installer\setup.exe   [3523072]  =>PUP.Optional.GoobzoO68 - StartMenuInternet: <BrowserAir.L7LT45ODAFADYXHU4Y2DTF7S4Y> <BrowserAir>[HKLM\..\Shell\open\Command] (.Goobzo - BrowserAir.) -- C:\Users\SevenTest\AppData\Local\BrowserAir\Application\BrowserAir.exe http://www.mystartsearch.com/  =>PUP.Optional.BrowserAir*O68 - StartMenuInternet: <BrowserAir.L7LT45ODAFADYXHU4Y2DTF7S4Y> <BrowserAir>[HKLM\..\InstallInfo\ShowIconsCommand] (.Goobzo - BrowserAir.) -- C:\Users\SevenTest\AppData\Local\BrowserAir\Application\BrowserAir.exe  =>PUP.Optional.GoobzoO68 - StartMenuInternet: <BrowserAir.L7LT45ODAFADYXHU4Y2DTF7S4Y> <BrowserAir>[HKLM\..\InstallInfo\ReinstallCommand] (.Goobzo - BrowserAir.) -- C:\Users\SevenTest\AppData\Local\BrowserAir\Application\BrowserAir.exe  =>PUP.Optional.GoobzoO68 - StartMenuInternet: <BrowserAir.L7LT45ODAFADYXHU4Y2DTF7S4Y> <BrowserAir>[HKLM\..\InstallInfo\HideIconsCommand] (.Goobzo - BrowserAir.) -- C:\Users\SevenTest\AppData\Local\BrowserAir\Application\BrowserAir.exe  =>PUP.Optional.GoobzoO87 - FAEL: "{0DF716BC-D61E-4E28-949C-4166CB71BDFB}" [In-None-P17-TRUE] .(.Goobzo - BrowserAir.) -- C:\Users\SevenTest\AppData\Local\BrowserAir\Application\BrowserAir.exe  =>PUP.Optional.Goobzo
Avatar du membre
par Destrio5
#18487
Code : Tout sélectionner
[MD5.B910259786504772B91EA03C5DBAB307] - (.Copyright Reason Software Company Inc. - Reason Core Security Bundle Protection.) -- C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [163576] [PID.2032]      [MD5.D27C8CCB94AE9B02528E385C0B0504D3] - (.Copyright Reason Software Company Inc. - Reason Core Security Bundle Protection.) -- C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe [401144] [PID.284]      [MD5.D63B5640E635840BD41BFF337C70A208] - (.Reason Software Company Inc. - Reason Core Security UI.) -- C:\Program Files\Reason\Security\rsUI.exe [2052880] [PID.2984]      O23 - Service: Reason Core Security Bundle Protection (rscp) . (.Copyright Reason Software Company Inc. - Reason Core Security Bundle Protection.) - C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe      [MD5.D63B5640E635840BD41BFF337C70A208] [APT] [ReasonSecurityScheduledScan] (.Reason Software Company Inc..) -- C:\Program Files\Reason\Security\rsUI.exe   [2052880]      [MD5.D63B5640E635840BD41BFF337C70A208] [APT] [ReasonSecurityStart] (.Reason Software Company Inc..) -- C:\Program Files\Reason\Security\rsUI.exe   [2052880]      O39 - APT: ReasonSecurityScheduledScan - (.Reason Software Company Inc..) -- C:\Windows\System32\Tasks\ReasonSecurityScheduledScan   [3550]      O39 - APT: ReasonSecurityStart - (.Reason Software Company Inc..) -- C:\Windows\System32\Tasks\ReasonSecurityStart   [3432]      SR - Auto   [2015/09/07 02:56:40] [  163576]  Reason Core Security Bundle Protection (rscp) . (.Copyright Reason Software Company Inc..) - C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe      SS - Demand [2015/08/13 05:17:52] [   80144]  Reason Core Security Engine Service (rsEngineSvc) . (.Reason Software Company Inc..) - C:\Program Files\Reason\Security\rsEngineSvc.exe      
--> Légitime
Code : Tout sélectionner
O2 - BHO: Treasure Track - {30ee14ec-1867-4389-8543-fb83602eab61} . (...) -- C:\Program Files\Treasure Track\Extensions\30ee14ec-1867-4389-8543-fb83602eab61.dll      O23 - Service: Service Mgr TreasureTrack (Service Mgr TreasureTrack) . (...) - C:\ProgramData\59afa7b8-54e5-4124-8be7-716a905c1142\plugincontainer.exe   =>PUP.Optional.TreasureTrack* O23 - Service: Update Mgr TreasureTrack (Update Mgr TreasureTrack) . (...) - C:\Program Files\Common Files\59afa7b8-54e5-4124-8be7-716a905c1142\Updater.exe   =>PUP.Optional.TreasureTrack* O42 - Logiciel: Treasure Track - (.Treasure Track.) [HKLM] -- Treasure Track      HKLM\SOFTWARE\TreasureTrack      O43 - CFD: 2015/09/07 05:04:31 - [] D -- C:\Program Files\Treasure Track      O43 - CFD: 2015/09/07 05:05:32 - [] D -- C:\ProgramData\59afa7b8-54e5-4124-8be7-716a905c1142      O43 - CFD: 2015/09/07 05:04:29 - [] D -- C:\Program Files\Common Files\59afa7b8-54e5-4124-8be7-716a905c1142      SR - Auto   [2015/09/08 04:44:24] [ 1197288]  Service Mgr TreasureTrack (Service Mgr TreasureTrack) . (...) - C:\ProgramData\59afa7b8-54e5-4124-8be7-716a905c1142\plugincontainer.exe   =>PUP.Optional.TreasureTrack SR - Auto   [2015/09/08 04:48:40] [  711912]  Update Mgr TreasureTrack (Update Mgr TreasureTrack) . (...) - C:\Program Files\Common Files\59afa7b8-54e5-4124-8be7-716a905c1142\Updater.exe   =>PUP.Optional.TreasureTrack 
Avatar du membre
par Destrio5
#48992
O23 - Service: hwifisvc Service (hwifisvc) . (.Copyright (C) 2016 - .) - c:\program files\Hotspot\hwifisvc.dll {6430E18312CCAFCC048224E5C5022EA3}      
SR - Auto   [24/02/2017] [  150656]  hwifisvc Service (hwifisvc) . (.Copyright (C) 2016.) - c:\program files\Hotspot\hwifisvc.dll {6430E18312CCAFCC048224E5C5022EA3}      
O4 - GS\Desktop [Administrateur]: Free WiFi.lnk . (...) C:\Program Files\Hotspot\Hotspot.exe   {6430E18312CCAFCC048224E5C5022EA3}      
O4 - GS\Desktop [SevenTest]: Free WiFi.lnk . (...) C:\Program Files\Hotspot\Hotspot.exe   {6430E18312CCAFCC048224E5C5022EA3}      
HKLM\SOFTWARE\Hotspot    => HotSpot  
HKCU\SOFTWARE\Hotspot    => HotSpot  
O43 - CFD: 16/03/2017 - [] D -- C:\Program Files\Hotspot   =>.AnchorFree Inc. 
O43 - CFD: 16/03/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot   =>.AnchorFree Inc. 
--> VT installateur : https://www.virustotal.com/fr/file/f996 ... /analysis/
R1 HWifiNetPro; C:\Program Files\Hotspot\HWifiNetPro.sys [123200 2017-02-24] ()
Avatar du membre
par NicolasCoolman
#48997
Hello,

OK, il faut que j'ajuste cette détection d'adware "Hotspot" pour éviter le conflit avec "Hotspot Shield" qui est légitime.

A+
Avatar du membre
par Destrio5
#49072
Oui, pas facile niveau FP.

O4 - HKLM\..\RunOnce: [OMEWPRODUCT_C35QH] . (.0GAP - 0GAP@7E.) -- C:\Program Files\PubHotspot\JIH1OPH4615B0XT.exe      
O4 - HKCU\..\Run: [2ROEVM0XNR] . (.0GAP - 0GAP@7E.) -- C:\Program Files\PubHotspot\31AF5.exe      
O4 - HKUS\S-1-5-21-50051860-661384414-3684766944-1000\..\Run: [2ROEVM0XNR] . (.0GAP - 0GAP@7E.) -- C:\Program Files\PubHotspot\31AF5.exe      
O4 - GS\Desktop [Administrateur]: PubHotspot.lnk . (.Wizzlabs - Hostify.) C:\Program Files\PubHotspot\PublicHotspot.exe   =>Adware.PublicHotspot 
O42 - Logiciel: PubHotspot version 1.0 - (.Leading2Apps.) [HKLM] -- PubHotspot_is1      
O43 - CFD: 18/03/2017 - [] D -- C:\Program Files\PubHotspot      
--> Superfluous.Tuto4PC

O23 - Service: APCFX Validator (APCFXValidator) . (.APCFXValidator - APCFXValidator.) - C:\ProgramData\APCFXValidator For SEVENTEST-PC\APCFXValidatorService.exe      
SS - Auto   [10/03/2017] [   32256]  APCFX Validator (APCFXValidator) . (.APCFXValidator.) - C:\ProgramData\APCFXValidator For SEVENTEST-PC\APCFXValidatorService.exe      
[MD5.4A87F1689B0BE637B9388DAC25B237F9] [APT] [Advanced PC-Fixer_Logon] (.Copyright © 2015.) -- C:\Program Files\Advanced PC-Fixer for SEVENTEST-PC\apfx.exe   [2607304] (.Activate.) {00AD1D80DCB77156A961B442E96FF9C9DD}      
O39 - APT: Advanced PC-Fixer_Logon - (.Copyright © 2015.) -- C:\Windows\System32\Tasks\Advanced PC-Fixer_Logon  [3078]  {00AD1D80DCB77156A961B442E96FF9C9DD}      
[MD5.4A87F1689B0BE637B9388DAC25B237F9] - (.Copyright © 2015 - Advanced PC-Fixer.) -- C:\Program Files\Advanced PC-Fixer for SEVENTEST-PC\apfx.exe [2607304] [PID.1280] {00AD1D80DCB77156A961B442E96FF9C9DD}      
O4 - GS\CommonDesktop [Public]: Advanced PC-Fixer.lnk . (.Copyright © 2015 - Advanced PC-Fixer.) C:\Program Files\Advanced PC-Fixer for SEVENTEST-PC\apfx.exe   {00AD1D80DCB77156A961B442E96FF9C9DD}      
O42 - Logiciel: Advanced PC-Fixer - (..) [HKLM] -- {B7D186B9-8CC6-4GHGF-BE07-1833E3355997}_is1 {00AD1D80DCB77156A961B442E96FF9C9DD}      
HKLM\SOFTWARE\Advanced PC-Fixer For SEVENTEST-PC      
HKLM\SOFTWARE\apcfx-pr      
HKLM\SOFTWARE\APCFXValidator For SEVENTEST-PC      
HKCU\SOFTWARE\Advanced PC-Fixer For SEVENTEST-PC      
O43 - CFD: 19/03/2017 - [] D -- C:\Program Files\Advanced PC-Fixer for SEVENTEST-PC {00AD1D80DCB77156A961B442E96FF9C9DD}      
O43 - CFD: 19/03/2017 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced PC-Fixer for SEVENTEST-PC      
O43 - CFD: 19/03/2017 - [] D -- C:\ProgramData\Advanced PC-Fixer for SEVENTEST-PC      
O43 - CFD: 19/03/2017 - [] D -- C:\ProgramData\APCFXValidator for SEVENTEST-PC      
O43 - CFD: 19/03/2017 - [] D -- C:\Users\SevenTest\AppData\Roaming\Advanced PC-Fixer For SEVENTEST-PC      
O61 - LFC: 2017/03/19 11:47:28 A . (..) -- C:\Users\SevenTest\AppData\Roaming\Advanced PC-Fixer For SEVENTEST-PC\exlist.bin   [258394]      
--> https://www.virustotal.com/fr/file/5e58 ... 489924635/
--> Installateur : https://www.virustotal.com/fr/file/7086 ... 489924637/
Avatar du membre
par Destrio5
#49467
O23 - Service: SurfShield Service (surfshieldsrv) . (...) - C:\Windows\System32\SurfShield.exe      
SS - Auto   [26/03/2017] [  516096]  SurfShield Service (surfshieldsrv) . (...) - C:\Windows\System32\SurfShield.exe      
O87 - FAEL: "{27300210-C28F-4D73-A187-0568DB6D82E9}" [In-None-P17-TRUE] .(...) -- C:\Windows\system32\SurfShield.exe      
--> https://www.virustotal.com/fr/file/d648 ... 490560873/
  • 1
  • 11
  • 12
  • 13
  • 14
  • 15

Bonjour, Je constate que tu as trois logiciels de[…]

Bonsoir et merci d'avance au temps que vous me con[…]

Bonjour, Quand je lance l’exécution […]

[did80] Désinfection PC

Voici le rapport ZHPcleaner : http://www.cjoint.co[…]