infection yac 2014-05-05T19:07:51+00:00
  • Auteur
    Messages
  • EEDLO
    Participant
    Post count: 6

    :bravo1:

    tout va bien; au cas où je sais où m’adresser.

    :merci2:

  • lilidurhone
    Post count: 0

    :super:

    Plus de souci?

  • EEDLO
    Participant
    Post count: 6

    :hello:

    https://antimalware.top/www/?a=d&i=Arv2pcVvVG” onclick=”window.open(this.href);return false;

  • lilidurhone
    Post count: 0

    ;)

    c’est une toolbar de Microsoft ;)

    • Copie les lignes ci dessous :
      Script ZHPFix
      O53 - SMSR:HKLM...startupregMy Web Search Bar Search Scope Monitor [Key] . (...) -- C:Program Files (x86)MYWEBS~1bar1.binm3SrchMn.exe (.not file.) =>Adware.MyWebSearch
      O53 - SMSR:HKLM...startupregMyWebSearch Email Plugin [Key] . (...) -- C:Program Files (x86)MYWEBS~1bar1.binmwsoemon.exe (.not file.) =>Adware.MyWebSearch
      O53 - SMSR:HKLM...startupregBoxore Client [Key] . (...) -- C:Program Files (x86)BoxoreBoxoreClientboxore.exe (.not file.) =>Adware.Boxore
      O44 - LFC:[MD5.CD81F6DF96AC72F4C76ED554041BC9D7] - 23/04/2014 - 11:19:45 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:WindowsSystem32DriversiSafeKrnlBoot.sys [43520] =>Trojan.Staser
      [MD5.00000000000000000000000000000000] [APT] [{1AFEAA7C-E5DF-4567-884A-17E6F57929B2}] (...) -- C:UsersdilunaDownloadsRegCleaner.exe (.not file.) [0]
      [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
      [HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] EnableLUA: Modified
      [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyGames: Modified
      O61 - LFC: 04/05/2014 - 10:21:34 ---A- . (.Elex do Brasil Participações Ltda.) -- C:UsersdilunaDownloadsyet_another_cleaner_dnf.exe [11822248]
      O90 - PUC: "537E56336A8449149988EC95CAA55E30" . (.Bing Bar.) -- C:WindowsInstaller{3365E735-48A6-4194-9988-CE59AC5AE503}icon_installer_ico =>Toolbar.Bing
      O90 - PUC: "8B501B6E56F182443979D1DFA8309BD4" . (.SupraSavings.) -- c:WindowsInstaller{E6B105B8-1F65-4428-9397-1DFD8A03B94D}icon64.ico =>PUP.SupraSavings
      [MD5.5D3A30ADD585A102F1B60C0BA313ECEE] [WIS][06/05/2014] (.Microsoft Corporation - Bing Bar.) -- C:WindowsInstallerd65bc.msi [741376] =>Toolbar.Bing
      [HKCRCLSID{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing
      [HKCRCLSID{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing
      HKLMSOFTWAREWow6432NodeMicrosoftTracingBingBar_RASAPI32 =>Toolbar.Bing
      [HKLMSoftwareMicrosoftShared ToolsMSConfigstartupregBoxore Client] =>Adware.Boxore^
      [HKLMSoftwareMicrosoftShared ToolsMSConfigstartupregMy Web Search Bar Search Scope Monitor] =>Adware.MyWebSearch^
      [HKLMSoftwareMicrosoftShared ToolsMSConfigstartupregMyWebSearch Email Plugin] =>Adware.MyWebSearch^
      [HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
      [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{8dcb7100-df86-4384-8842-8fa844297b3f} =>Toolbar.Bing^
      C:Program Files (x86)MicrosoftBingBar7.3.132.0BingApp.exe =>Toolbar.Bing^
      C:Program Files (x86)MicrosoftBingBar7.3.132.0BingBar.exe =>Toolbar.Bing^
      C:Program Files (x86)MicrosoftBingBar7.3.132.0BingSurrogate.exe =>Toolbar.Bing^
      C:Program Files (x86)MicrosoftBingBar7.3.132.0BBSvc.exe =>Toolbar.Bing^
      C:WindowsInstallerd65bc.msi =>Toolbar.Bing^
      [HKCRCLSID{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing^
      [HKCRCLSID{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing^
      sysrestore

    • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      1. Clique sur Importer
      2. Puis Clic sur “GO

    • Confirmes les nettoyages des données en cliquant sur “Oui
    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.
  • EEDLO
    Participant
    Post count: 6

    Non et je ne sais pas à quoi il sert!

  • lilidurhone
    Post count: 0

    :super:

    Ok ;)

    On finalise avec zhpfix ;)

    Avant de te le proposer te sers tu de Bing toolbar?

  • EEDLO
    Participant
    Post count: 6

    Pour la connexion des travaux sur le réseau rien à voir avec l’infection

    le lien rapport SFTGC :

    https://antimalware.top/www/?a=d&i=cysiyi2LeU” onclick=”window.open(this.href);return false;

    :merci2:

  • lilidurhone
    Post count: 0

    :hello:

    J’ai eu des problèmes de connexion!

    Suite à quoi?

    Passe SFTCG

    • Télécharge SFTGC (de Pierre13) sur ton Bureau et pas ailleurs !.
    • Lance SFTGC, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clique sur GO

      Note : A la fin un rapport va s’ouvrir

    • Une fois le scan terminé rends toi sur le bureau, le fichier SFTGC.txt à été créé.
    • Héberge le rapport SFTGC.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    Ensuite je te prépare le script ;)

  • EEDLO
    Participant
    Post count: 6

    Bonjour,

    J’ai eu des problèmes de connexion!

    YAC a disparu

    Le rapport ZHPDiag :

    ~ Rapport de ZHPDiag v2014.5.7.56 – Nicolas Coolman (07/05/2014)
    ~ Lancé par diluna (07/05/2014 10:20:34)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.16659
    GCIE: Google Chrome v34.0.1847.131 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : PV9HW
    Windows License : OK
    ~ Windows Remaining Initializations Number : 3
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft Security Client v4.5.0216.0
    Windows Defender W7

    —\ Logiciels d’optimisation du système
    CCleaner v3.22

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 13 Plugin
    Adobe Reader XI

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3948 MB (62% free)
    System Restore: Activé (Enable)
    System drive C: has 21 GB (18%) free of 116 GB

    —\ Mode de connexion au système
    ~ Computer Name: DILUNA-PC
    ~ User Name: diluna
    ~ All Users Names: HomeGroupUser$, diluna, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersdilunaAppDataRoamingZHP
    ~ %AppData% : C:UsersdilunaAppDataRoaming
    ~ %Desktop% : C:UsersdilunaDesktop
    ~ %Favorites% : C:UsersdilunaFavorites
    ~ %LocalAppData% : C:UsersdilunaAppDataLocal
    ~ %StartMenu% : C:UsersdilunaAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 21 Go of 116 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 216 Go of 335 Go)
    F: CD-ROM drive (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] EnableLUA: Modified
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyGames: Modified
    ~ Security Center: 46 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.DF79CE9B950C62677D232154E93A81C7] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.01/03/2014 – 04:10:28.) — C:WindowsSystem32wininet.dll [2334208]
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:30.) — C:WindowsSystem32Winlogon.exe [390656]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.24/01/2014 – 03:37:55.) — C:Windowssystem32Driversntfs.sys [1684928]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.1B6163C503398B23FF8B939C67747683] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.20/11/2010 – 12:06:41.) — C:Windowssystem32Driversrdpdr.sys [165888]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 3/13599
    ~ Mes musiques (My Musics) : 1/196
    ~ Mes Favoris (My Favorites) : 1/22
    ~ Mes Documents (My Documents) : 3/13223
    ~ Mon Bureau (My Desktop) : 2/173
    ~ Menu demarrer (Programs) : 1/46
    ~ Hidden Files: Scanned in 00mn 09s

    —\ Processus lancés
    [MD5.18E5C2F937F9DEB8C282DF66A3761925] – (.ASUS – ASLDR Service.) — C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe [84536] [PID.1428]
    [MD5.63F1212FFE13E62CA1E8D8EE19ABD9A7] – (.ASUS – GFNEXSrv.) — C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe [96896] [PID.1448]
    [MD5.B362181ED3771DC03B4141927C80F801] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65432] [PID.1892]
    [MD5.C811032EBB2C2E9FACFC364599E91BE3] – (.ASUS – HControl.) — C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe [174720] [PID.1908]
    [MD5.221564CC7BE37611FE15EACF443E1BF6] – (.Apple Inc. – YSLoader.exe.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [43336] [PID.1992]
    [MD5.1971D838A88F58D59543E9B3CDA5FFC4] – (.ASUS – SmartLogon Application.) — C:Program Files (x86)ASUSSmartLogonsensorsrv.exe [305720] [PID.1672]
    [MD5.97F60D16F052DA9CB619AB9A96CB2D4E] – (.Pas de propriétaire – Wireless Console 3.) — C:Program Files (x86)ASUSWireless Console 3wcourier.exe [1597440] [PID.2076]
    [MD5.BA2B4E07561CF877F61B0EEED654BC96] – (…) — C:Program Files (x86)ASUSControlDeckControlDeckStartUp.exe [53888] [PID.2096]
    [MD5.F4DCD4912B185C3AAEB92A7040832AD1] – (.Pas de propriétaire – ALU.) — C:Program Files (x86)ASUSASUS Live UpdateALU.exe [51768] [PID.2120]
    [MD5.FCE1FAAE8DE25340FB6B20F0099C230F] – (…) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752IEWLauncher.exe [142336] [PID.2596]
    [MD5.69643F616FA67B33428FDF870604B059] – (.Pas de propriétaire – Orange SMS.) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752SMSNotifier.exe [1121792] [PID.2648]
    [MD5.77D8E2219CA86043DBCFD9223F2CCF18] – (…) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752HSSModule.exe [285696] [PID.2668]
    [MD5.79C28DDF889C26FDD6162F796FD49BC4] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152392] [PID.2696]
    [MD5.A1C148801B4AF64847AEB9F3AD9594EF] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [262144] [PID.2480]
    [MD5.149126216A694E6BA84E92ECA77AAE3B] – (.ASUS – ATKOSD.) — C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe [2488888] [PID.3268]
    [MD5.4A7C441D99D86704D194E7678873B95D] – (.ASUS – WDC.) — C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe [174648] [PID.3324]
    [MD5.3ECCDD3FE310DD8F82D085447089ADB0] – (.ASUSTek Computer Inc. – ADSMTray.) — C:Program Files (x86)ASUSASUS Data Security ManagerADSMTray.exe [272952] [PID.4296]
    [MD5.C0BF554D2277F7A4C735D475ADE2E3B2] – (.ASUSTek Computer Inc. – ADSMSrv.) — C:Program Files (x86)ASUSASUS Data Security ManagerADSMSrv.exe [225280] [PID.4304]
    [MD5.5C396DDE6AAFFB64ABC0E0FD88F53553] – (.ASUS – AsScrPro.) — C:WindowsAsScrPro.exe [3054136] [PID.4332]
    [MD5.8CFCA7E2FD4B57C2BEF929C1C1A4C56E] – (.Pas de propriétaire – RichVideo Module.) — C:Program Files (x86)CyberlinkShared filesRichVideo.exe [271760] [PID.4340]
    [MD5.57B4D34232852BFE4453BE571DF90D21] – (.CyberLink – CyberLink MediaLibray Service.) — C:Program Files (x86)CyberlinkPower2GoCLMLSvc.exe [103720] [PID.4380]
    [MD5.41118D920B2B268C0ADC36421248CDCF] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2314240] [PID.5044]
    [MD5.64A5D30EF57D4214DC9B27798DE2B19E] – (.Microsoft Corporation – Microsoft Office Outlook.) — C:Program Files (x86)Microsoft OfficeOffice12OUTLOOK.exe [13018808] [PID.6132]
    [MD5.3A3BEA53F039CE2E997A918E26E30B1D] – (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet ExplorerIEXPLORE.exe [808152] [PID.5216]
    [MD5.09DCE8B39E88D8C4B7223B569C1BF06F] – (.Microsoft Corporation. – Bing Client Application Process.) — C:Program Files (x86)MicrosoftBingBar7.3.132.0BingApp.exe [267936] [PID.5560] =>Toolbar.Bing
    [MD5.7623FF497EA07A7F82F9146A9BD10ADE] – (.Microsoft Corporation. – Bing Client Runtime.) — C:Program Files (x86)MicrosoftBingBar7.3.132.0BingBar.exe [453280] [PID.1932] =>Toolbar.Bing
    [MD5.0885935600C6489D49B25526A8BEBFDF] – (.Microsoft Corporation. – Hôte d’extension natif du runtime du client.) — C:Program Files (x86)MicrosoftBingBar7.3.132.0BingSurrogate.exe [141984] [PID.5604] =>Toolbar.Bing
    [MD5.5F685973740F289BE3C809952DB8408B] – (.Microsoft Corporation. – BingBar Service.) — C:Program Files (x86)MicrosoftBingBar7.3.132.0BBSvc.exe [193696] [PID.2380] =>Toolbar.Bing
    [MD5.E6DA875D24C3774E045499F6BFA76F30] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [7873024] [PID.652]
    ~ Processes Running: Scanned in 00mn 00s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersdilunaAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
    G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)

    —\ Liste des dossiers d’extension Google Chrome
    ~ Google Lines Browser: 15 Legitimates Filtered in 00mn 01s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: Bing Bar – [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. – Bing Client Extensions.) — C:Program Files (x86)MicrosoftBingBar7.3.132.0amd64BingExt.dll =>Toolbar.Bing
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
    ~ Toolbar: Scanned in 00mn 01s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [ETDWare] . (.ELAN Microelectronic Corp. – ETD Control Center.) — C:Program FilesElantechETDCtrl.exe
    O4 – HKLM..Run: [MSC] . (.Microsoft Corporation – Microsoft Security Client User Interface.) — C:Program FilesMicrosoft Security Clientmsseces.exe
    O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UsersdilunaAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O4 – HKCU..Run: [Google+ Auto Backup] . (.Google Inc. – AutoBackup.) — C:UsersdilunaAppDataLocalProgramsGoogleGoogle+ Auto BackupGoogle+ Auto Backup.exe
    O4 – HKCU..Run: [FileHippo.com] . (.FileHippo.com – FileHippo.com Update Checker.) — C:Program Files (x86)FileHippo.comUpdateChecker.exe
    O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [Start_Icon225_IEWLauncher] . (…) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752IEWLauncher.exe
    O4 – HKLM..Wow6432NodeRun: [Start_Update] . (.Pas de propriétaire – Orange Updater.) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752UpdteApp.exe
    O4 – HKLM..Wow6432NodeRun: [Start_Statistics] . (…) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752OrangeStats.exe
    O4 – HKLM..Wow6432NodeRun: [Start_SMSNotifier] . (.Pas de propriétaire – Orange SMS.) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752SMSNotifier.exe
    O4 – HKLM..Wow6432NodeRun: [Start_HSSModule] . (…) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752HSSModule.exe
    O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
    O4 – HKLM..Wow6432NodeRun: [EfficientLadysOrganizerFree] Clé orpheline
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-192761103-4228053574-1910153200-1000..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UsersdilunaAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O4 – HKUSS-1-5-21-192761103-4228053574-1910153200-1000..Run: [Google+ Auto Backup] . (.Google Inc. – AutoBackup.) — C:UsersdilunaAppDataLocalProgramsGoogleGoogle+ Auto BackupGoogle+ Auto Backup.exe
    O4 – HKUSS-1-5-21-192761103-4228053574-1910153200-1000..Run: [FileHippo.com] . (.FileHippo.com – FileHippo.com Update Checker.) — C:Program Files (x86)FileHippo.comUpdateChecker.exe
    ~ Application: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{6BCE37EA-F379-4FF5-8BDB-3A3BCC38FD92}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{FAEBD4C0-65BB-4C28-BCD4-39BE15F84453}: DhcpNameServer = 172.20.2.39 172.20.2.10
    O17 – HKLMSystemCS1ServicesTcpip..{6BCE37EA-F379-4FF5-8BDB-3A3BCC38FD92}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{FAEBD4C0-65BB-4C28-BCD4-39BE15F84453}: DhcpNameServer = 172.20.2.39 172.20.2.10
    O17 – HKLMSystemCS2ServicesTcpip..{6BCE37EA-F379-4FF5-8BDB-3A3BCC38FD92}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{FAEBD4C0-65BB-4C28-BCD4-39BE15F84453}: DhcpNameServer = 172.20.2.39 172.20.2.10
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlmailhtml [64Bits] – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (…) —
    O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    [MD5.00000000000000000000000000000000] [APT] [{1AFEAA7C-E5DF-4567-884A-17E6F57929B2}] (…) — C:UsersdilunaDownloadsRegCleaner.exe (.not file.) [0]
    O39 – APT: – (..) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1064]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1068]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskUserS-1-5-21-192761103-4228053574-1910153200-1000Core [1030]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskUserS-1-5-21-192761103-4228053574-1910153200-1000UA [1082]
    ~ Scheduled Task: 23 Legitimates Filtered in 00mn 06s

    —\ Logiciels installés (O42)
    O42 – Logiciel: CloneMaster version 5.00 – (.Softbyte Labs, Inc..) [HKLM][64Bits] — {B22AB4D0-3639-49A2-9CC9-3C12CDB17FEA}_is1
    ~ Logic: 25 Legitimates Filtered in 00mn 01s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwarePOWERARC]
    [HKLMSoftwareWow6432NodeShortcut_Module]
    ~ Key Software: 268 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 18/08/2010 – 14:15:22 – [] —-D C:Program Files (x86)R_MANUAL
    O43 – CFD: 18/08/2010 – 14:21:01 – [] —-D C:Program Files (x86)R_MANUAL_SR
    O43 – CFD: 02/05/2014 – 19:05:44 – [] —-D C:ProgramDataf52f930a7e938e9
    O43 – CFD: 08/02/2014 – 12:00:19 – [] —-D C:UsersdilunaAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle+ Auto Backup
    ~ Program Folder: 173 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.219D9D2AC3A67712952461DADA60C0C3] – 04/05/2014 – 17:42:01 —A- . (…) — C:WindowsSystem32AutoRunFilter.ini [2700]
    O44 – LFC:[MD5.7E1039FCD8259813570AC6889C6E7294] – 04/05/2014 – 18:54:02 —A- . (…) — C:WindowsSystem32ServiceFilter.ini [1924]
    O44 – LFC:[MD5.B901E0E31CA49FF61A924E9AE5681B89] – 06/05/2014 – 11:20:43 —A- . (…) — C:Shortcut_Module_06_05_2014_12_20_43.txt [86598]
    O44 – LFC:[MD5.23A80210F7D41EFFCDC1C1A49E941BF1] – 06/05/2014 – 18:00:04 —A- . (…) — C:Shortcut_Module_06_05_2014_19_00_04.txt [19478]
    O44 – LFC:[MD5.CD81F6DF96AC72F4C76ED554041BC9D7] – 23/04/2014 – 11:19:45 —A- . (.Elex do Brasil Participações Ltda – iSafe Kernel Boot Driver.) — C:WindowsSystem32DriversiSafeKrnlBoot.sys [43520] =>Trojan.Staser
    ~ Files: 35 Legitimates Filtered in 00mn 02s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{9b5d732f-5c3d-11e3-a5bf-e0cb4e3447b2}AutoRuncommand. (…) — E:Setup.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregAppleSyncNotifier [Key] . (…) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe (.not file.)
    O53 – SMSR:HKLM…startupregBoxore Client [Key] . (…) — C:Program Files (x86)BoxoreBoxoreClientboxore.exe (.not file.) =>Adware.Boxore
    O53 – SMSR:HKLM…startupregHP Software Update [Key] . (…) — C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe (.not file.) =>.Hewlett-Packard Co
    O53 – SMSR:HKLM…startupregJobHisInit [Key] . (.Pas de propriétaire – JobHisInit MFC Application.) — C:Program Files (x86)RDSRMClientJobHisInit.exe
    O53 – SMSR:HKLM…startupregMy Web Search Bar Search Scope Monitor [Key] . (…) — C:Program Files (x86)MYWEBS~1bar1.binm3SrchMn.exe (.not file.) =>Adware.MyWebSearch
    O53 – SMSR:HKLM…startupregMyWebSearch Email Plugin [Key] . (…) — C:Program Files (x86)MYWEBS~1bar1.binmwsoemon.exe (.not file.) =>Adware.MyWebSearch
    O53 – SMSR:HKLM…startupregSmartAudio [Key] . (.Pas de propriétaire – SAIICpl MFC Application.) — C:Program FilesCONEXANTSAIISAIICpl.exe
    O53 – SMSR:HKLM…startupregwLite [Key] . (…) — C:Program Files (x86)webcamXP 5wLite.exe (.not file.)
    ~ SMSR Keys: 34 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableLUA”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:15/10/2009 – 10:23:19 —A- . (.ELAN Microelectronic Corp. – ETD Control Center.) — C:WindowsSystem32DriversETD.sys [117760]
    O58 – SDL:10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:23/04/2014 – 11:19:45 —A- . (.Elex do Brasil Participações Ltda – iSafe Kernel Boot Driver.) — C:WindowsSystem32DriversiSafeKrnlBoot.sys [43520] =>Trojan.Staser
    O58 – SDL:20/07/2009 – 10:29:39 —A- . (.Pas de propriétaire – Keyboard Filter Driver.) — C:WindowsSystem32Driverskbfiltr.sys [15416]
    O58 – SDL:18/06/2009 – 21:18:10 —A- . (.Windows (R) Win 7 DDK provider – ASUS CopyProtect driver.) — C:WindowsSystem32Driverslullaby.sys [15928]
    O58 – SDL:14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    O58 – SDL:13/12/2012 – 12:50:36 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl64.sys [54784]
    ~ Drivers: 65 Legitimates Filtered in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 01/05/2014 – 10:21:34 —A- . (…) — C:UsersdilunaDownloadsEfficientLadysOrganizerFree-Setup (1).exe [285782]
    O61 – LFC: 01/05/2014 – 10:21:34 —A- . (…) — C:UsersdilunaDownloadsEfficientLadysOrganizerFree-Setup.exe [14584568]
    O61 – LFC: 02/05/2014 – 10:21:34 —A- . (…) — C:UsersdilunaDownloadsPDFWriterSetup.exe [1311304]
    O61 – LFC: 04/05/2014 – 10:21:34 —A- . (…) — C:UsersdilunaDesktopadwcleaner-1.606-en.exe [581957]
    O61 – LFC: 04/05/2014 – 10:21:34 —A- . (.Elex do Brasil Participações Ltda.) — C:UsersdilunaDownloadsyet_another_cleaner_dnf.exe [11822248]
    O61 – LFC: 06/05/2014 – 10:21:34 —A- . (…) — C:UsersdilunaDownloadsFHSetup.exe [264757]
    O61 – LFC: 06/05/2014 – 10:21:34 —A- . (…) — C:UsersdilunaDownloadsadwcleaner.exe [1316991]
    O61 – LFC: 06/05/2014 – 10:21:34 —A- . (.Premium Installer.) — C:UsersdilunaDesktopShortcut module.exe [248096]
    O61 – LFC: 06/05/2014 – 10:21:34 —A- . (.Premium Installer.) — C:UsersdilunaDownloadsSetup.exe [248096]
    O61 – LFC: 30/04/2014 – 10:21:34 —A- . (…) — C:UsersdilunaDownloadsD1425563M_remote.exe [9653376]
    O61 – LFC: 30/04/2014 – 10:21:34 —A- . (…) — C:UsersdilunaDownloadsD1425572J_remote.exe [4002377]
    O61 – LFC: 30/04/2014 – 10:21:34 —A- . (…) — C:UsersdilunaDownloadsD1445559G_remote.exe [4505028]
    ~ 16 Fichiers temporaires (Temporary files)
    ~ 11 Fichiers cookies (Cookies files)
    ~ Files: 16 Legitimates Filtered in 00mn 02s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (…) — C:Program FilesGoogleChromeApplicationchrome.exe (.not file.)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — c:program filesinternet exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][10/09/2009] (…) — C:ProgramDataFullRemove.exe [131368]
    [MD5.96030AE285C32ECCD1C599F1C5DD2BEF] [SPRF][04/05/2014] (…) — C:UsersdilunaDesktopadwcleaner-1.606-en.exe [581957]
    [MD5.8581F1894CDAA37C958751FE2FD8BB52] [SPRF][06/05/2014] (.Premium Installer – Premium Installer.) — C:UsersdilunaDesktopShortcut module.exe [248096]
    ~ Files: 3 Legitimates Filtered in 00mn 00s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “537E56336A8449149988EC95CAA55E30” . (.Bing Bar.) — C:WindowsInstaller{3365E735-48A6-4194-9988-CE59AC5AE503}icon_installer_ico =>Toolbar.Bing
    O90 – PUC: “8B501B6E56F182443979D1DFA8309BD4” . (.SupraSavings.) — c:WindowsInstaller{E6B105B8-1F65-4428-9397-1DFD8A03B94D}icon64.ico =>PUP.SupraSavings
    ~ Update Products: 2 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.5D3A30ADD585A102F1B60C0BA313ECEE] [WIS][06/05/2014] (.Microsoft Corporation – Bing Bar.) — C:WindowsInstallerd65bc.msi [741376] =>Toolbar.Bing
    ~ WIS: 1 Legitimates Filtered in 00mn 01s

    —\ Recherche de clés de registre Tracing (O100)
    HKLMSOFTWAREWow6432NodeMicrosoftTracingBingBar_RASAPI32 =>Toolbar.Bing
    ~ BTK: 295 Legitimates Filtered in 00mn 00s

    —\ Recherche de clés de registre CLSID (O101)
    [HKCRCLSID{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing
    [HKCRCLSID{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing
    ~ BCK: 4374 Legitimates Filtered in 00mn 10s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 01/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SS – | Disabled 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SS – | Auto 16/07/2011 136176 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 16/07/2011 136176 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 04/01/2007 136120 | (gusvc) . (.Google.) – C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SS – | Demand 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SS – | Disabled 10/07/1658 0 | (wxpSvc) . (…) – C:Program Files (x86)webcamXP 5wService.exe
    SR – | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Demand 31/03/2008 225280 | (ADSMService) . (.ASUSTek Computer Inc..) – C:Program Files (x86)ASUSASUS Data Security ManagerADSMSrv.exe
    SR – | Auto 17/09/2009 359552 | (AFBAgent) . (.ASUSTeK Computer Inc..) – C:Windowssystem32FBAgent.exe
    SR – | Auto 18/11/2009 202752 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
    SR – | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
    SR – | Auto 10/11/2009 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
    SR – | Auto 11/03/2014 193696 | (BBSvc) . (.Microsoft Corporation..) – C:Program Files (x86)MicrosoftBingBar7.3.132.0BBSvc.exe =>Toolbar.Bing
    SR – | Auto 11/03/2014 247968 | (BBUpdate) . (.Microsoft Corporation..) – C:Program Files (x86)MicrosoftBingBar7.3.132.0SeaPort.exe =>Toolbar.Bing
    SR – | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 01/10/2009 262144 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 11/03/2014 23808 | (MsMpSvc) . (.Microsoft Corporation.) – C:Program FilesMicrosoft Security ClientMsMpEng.exe
    SR – | Auto 15/09/2009 44312 | (OberonGameConsoleService) . (…) – C:Program Files (x86)AsusGame ParkGameConsoleOberonGameConsoleService.exe
    SR – | Demand 15/04/2009 271760 | (RichVideo) . (…) – C:Program Files (x86)CyberlinkShared filesRichVideo.exe
    SR – | Auto 01/10/2009 2314240 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:Windowssystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 11s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Run by diluna at 07/05/2014 10:22:24
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by diluna at 07/05/2014 10:22:27
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13045 – (07/05/2014)
    Clés trouvées (Keys found) : 4
    Valeurs trouvées (Values found) : 1
    Dossiers trouvés (Folders found) : 0
    Fichiers trouvés (Files found) : 7

    [HKLMSoftwareMicrosoftShared ToolsMSConfigstartupregBoxore Client] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftShared ToolsMSConfigstartupregMy Web Search Bar Search Scope Monitor] =>Adware.MyWebSearch^
    [HKLMSoftwareMicrosoftShared ToolsMSConfigstartupregMyWebSearch Email Plugin] =>Adware.MyWebSearch^
    [HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
    [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{8dcb7100-df86-4384-8842-8fa844297b3f} =>Toolbar.Bing^
    C:Program Files (x86)MicrosoftBingBar7.3.132.0BingApp.exe =>Toolbar.Bing^
    C:Program Files (x86)MicrosoftBingBar7.3.132.0BingBar.exe =>Toolbar.Bing^
    C:Program Files (x86)MicrosoftBingBar7.3.132.0BingSurrogate.exe =>Toolbar.Bing^
    C:Program Files (x86)MicrosoftBingBar7.3.132.0BBSvc.exe =>Toolbar.Bing^
    C:WindowsInstallerd65bc.msi =>Toolbar.Bing^
    [HKCRCLSID{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing^
    [HKCRCLSID{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing^
    ~ Additionnel Scan: 351473 Items scanned in 00mn 34s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.byethost7.com/wordpress/trojan-staser/” onclick=”window.open(this.href);return false; =>Trojan.Staser
    http://nicolascoolman.byethost7.com/wordpress/adware-boxore/” onclick=”window.open(this.href);return false; =>Adware.Boxore
    http://nicolascoolman.byethost7.com/wordpress/adware-mywebsearch/” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    http://nicolascoolman.webs.com/apps/blog/show/42067481-pup-suprasavings” onclick=”window.open(this.href);return false; =>PUP.SupraSavings
    ~ MSI: 4 link(s) detected in 00mn 00s

    ~ 858 Legitimates filtered by white list
    End of the scan (486 lines in 02mn 28s)(0)

    Encore merci pour ton aide.

  • lilidurhone
    Post count: 0

    :super:

    YAC a du disparaître?

    Refais zhpdiag

  • EEDLO
    Participant
    Post count: 6

    Bonjour,

    le lien pour le rapport shortcut : https://antimalware.top/www/?a=d&i=f9g6N0qfmp” onclick=”window.open(this.href);return false;

    et le rapport adwcleaner :

    # AdwCleaner v3.207 – Rapport créé le 06/05/2014 à 10:09:35
    # Mis à jour le 05/05/2014 par Xplode
    # Système d’exploitation : Windows 7 Professional Service Pack 1 (64 bits)
    # Nom d’utilisateur : diluna – DILUNA-PC
    # Exécuté depuis : C:UsersdilunaDesktopadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    Service Supprimé : 70e6ca8c
    [#] Service Supprimé : be0fb33b

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:ProgramDataWPM
    Dossier Supprimé : C:ProgramDataMicrosoftWindowsStart MenuProgramsoptimizer pro v3.2
    Dossier Supprimé : C:Program Files (x86)iSafe
    Dossier Supprimé : C:Program Files (x86)Optimizer Pro
    Dossier Supprimé : C:Program Files (x86)Supporter
    Dossier Supprimé : C:Program Files (x86)Yontoo
    Dossier Supprimé : C:Program Files03
    Dossier Supprimé : C:UsersAdministrateurAppDataLocaltorch
    Dossier Supprimé : C:UsersdilunaAppDataLocalNativeMessaging
    Dossier Supprimé : C:UsersdilunaAppDataLocalPackageAware
    Dossier Supprimé : C:UsersdilunaAppDataLocaltorch
    Dossier Supprimé : C:UsersdilunaAppDataLocalWhiteListing
    Dossier Supprimé : C:UsersdilunaAppDataRoamingActiveris
    Dossier Supprimé : C:UsersdilunaAppDataRoamingeCyber
    Dossier Supprimé : C:UsersdilunaAppDataRoamingiSafe
    Dossier Supprimé : C:UsersdilunaAppDataRoamingOptimizer Pro
    Dossier Supprimé : C:UsersdilunaAppDataRoamingSupTab
    Dossier Supprimé : C:UsersdilunaDocumentsOptimizer Pro
    Dossier Supprimé : C:UsersHomeGroupUser$AppDataLocaltorch
    Dossier Supprimé : C:UsersInvitéAppDataLocaltorch
    Dossier Supprimé : C:UsersdilunaAppDataLocalSoftware
    Dossier Supprimé : C:Program Files (x86)Software
    Dossier Supprimé : C:UsersAdministrateurAppDataLocalGoogleChromeUser DataDefaultExtensionskndbficlbmclgandannjncfnlblkmmbn
    Dossier Supprimé : C:UsersdilunaAppDataLocalGoogleChromeUser DataDefaultExtensionskndbficlbmclgandannjncfnlblkmmbn
    Dossier Supprimé : C:UsersHomeGroupUser$AppDataLocalGoogleChromeUser DataDefaultExtensionskndbficlbmclgandannjncfnlblkmmbn
    Dossier Supprimé : C:UsersInvitéAppDataLocalGoogleChromeUser DataDefaultExtensionskndbficlbmclgandannjncfnlblkmmbn
    Dossier Supprimé : C:UsersdilunaAppDataLocalGoogleChromeUser DataDefaultExtensionsdffhljlmcohcioeilbnpmbchdcbhifdh
    Fichier Supprimé : C:UsersdilunaAppDataRoamingaps.uninstall.scan.results
    Fichier Supprimé : C:UsersdilunaDesktopContinue VuuPC Installation.lnk
    Fichier Supprimé : C:UsersdilunaDesktopOptimizer Pro.lnk
    Fichier Supprimé : C:UsersdilunaAppDataLocalGoogleChromeUser DataDefaultLocal Storagechrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage-journal
    Fichier Supprimé : C:UsersdilunaAppDataLocalGoogleChromeUser DataDefaultLocal Storagehxxp_apps.conduit.com_0.localstorage-journal
    Fichier Supprimé : C:UsersdilunaAppDataLocalGoogleChromeUser DataDefaultLocal Storagehxxp_search.conduit.com_0.localstorage-journal
    Fichier Supprimé : C:WindowsTasksAPSnotifierPP1.job
    Fichier Supprimé : C:WindowsSystem32TasksAPSnotifierPP1
    Fichier Supprimé : C:WindowsTasksAPSnotifierPP2.job
    Fichier Supprimé : C:WindowsSystem32TasksAPSnotifierPP2
    Fichier Supprimé : C:WindowsTasksAPSnotifierPP3.job
    Fichier Supprimé : C:WindowsSystem32TasksAPSnotifierPP3

    ***** [ Raccourcis ] *****

    Raccourci Désinfecté : C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle ChromeGoogle Chrome.lnk
    Raccourci Désinfecté : C:UsersdilunaAppDataRoamingMicrosoftWindowsStart MenuProgramsAccessoriesSystem ToolsInternet Explorer (No Add-ons).lnk

    ***** [ Registre ] *****

    Valeur Supprimée : HKLMSOFTWAREMozillaFirefoxExtensions [webbooster@iminent.com]
    Clé Supprimée : HKLMSOFTWAREGoogleChromeExtensionsjeaihkehdlhkocphopopahkfjcfcphef
    Clé Supprimée : HKCUSoftwareGoogleChromeExtensionsdffhljlmcohcioeilbnpmbchdcbhifdh
    Clé Supprimée : HKLMSOFTWAREGoogleChromeExtensionsdffhljlmcohcioeilbnpmbchdcbhifdh
    Valeur Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionRun [Optimizer Pro]
    Clé Supprimée : HKLMSOFTWAREClassesAppIDWLXQuickTimeShellExt.DLL
    Clé Supprimée : HKLMSOFTWAREClassesspeedupmypc
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingActiverisAntiMalware_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingActiverisAntiMalware_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingBingBar_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingboxore_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingboxore_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingIminent_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingIminent_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingIminentSetup{2_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingIminentSetup{2_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingspeedupmypc_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingspeedupmypc_RASMANCS
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingwajam_install_rasapi32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingwajam_install_rasmancs
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingwajamupdater_rasapi32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingwajamupdater_rasmancs
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingWiseConvert_1_RASAPI32
    Clé Supprimée : HKLMSOFTWAREMicrosoftTracingWiseConvert_1_RASMANCS
    Clé Supprimée : HKCUSoftwareAppDataLow{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{22222222-2222-2222-2222-220522422246}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{DB507187-9746-458C-97DA-C458131EEDE7}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{66666666-6666-6666-6666-660566426646}
    Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{CF739809-1C6C-47C0-85B9-569DBB141420}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesCLSID{22222222-2222-2222-2222-220522422246}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{917CAAE9-DD47-4025-936E-1414F07DF5B8}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{DB507187-9746-458C-97DA-C458131EEDE7}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{66666666-6666-6666-6666-660566426646}
    Clé Supprimée : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Clé Supprimée : HKCUSoftwareAnyProtect
    Clé Supprimée : HKCUSoftwareFunWebProducts
    Clé Supprimée : HKCUSoftwareinstalledbrowserextensions
    Clé Supprimée : HKCUSoftwareOptimizer Pro
    Clé Supprimée : HKCUSoftwarepowerpack
    Clé Supprimée : HKCUSoftwareRegisteredApplicationsEx
    Clé Supprimée : HKCUSoftwareTutorials
    Clé Supprimée : HKCUSoftwareTutoTag
    Clé Supprimée : HKCUSoftwareV9
    Clé Supprimée : HKCUSoftwareYahooPartnerToolbar
    Clé Supprimée : HKCUSoftwareAppDataLow{1146AC44-2F03-4431-B4FD-889BC837521F}
    Clé Supprimée : HKCUSoftwareAppDataLowSoftwareSmartBar
    Clé Supprimée : HKLMSoftware{1146AC44-2F03-4431-B4FD-889BC837521F}
    Clé Supprimée : HKLMSoftware{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Clé Supprimée : HKLMSoftware{5F189DF5-2D05-472B-9091-84D9848AE48B}
    Clé Supprimée : HKLMSoftware{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Clé Supprimée : HKLMSoftwareFREE_SOFT_TODAY
    Clé Supprimée : HKLMSoftwareinstalledbrowserextensions
    Clé Supprimée : HKLMSoftwareiSafe
    Clé Supprimée : HKLMSoftwaresupTab
    Clé Supprimée : HKLMSoftwaresupWPM
    Clé Supprimée : HKLMSoftwareTutorials
    Clé Supprimée : HKLMSoftwareUniblue
    Clé Supprimée : HKLMSoftwareWpm
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstall{EF8FC2FA-BE02-444B-8355-08C75A6D7E3A}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallOptimizer Pro_is1
    Clé Supprimée : [x64] HKLMSOFTWAREinstalledbrowserextensions
    Clé Supprimée : [x64] HKLMSOFTWARELevelQualityWatcher
    Clé Supprimée : [x64] HKLMSOFTWAREsuprasavings
    Donnée Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows [AppInit_DLLs] – c:progra~2optimi~1optpro~2.dll
    Donnée Supprimée : [x64] HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows [AppInit_DLLs] – C:PROGRA~2OPTIMI~1OPTPRO~3.DLL
    Donnée Supprimée : [x64] HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWindows [AppInit_DLLs] – C:PROGRA~2SUPPOR~1SUPPOR~2.DLL
    Clé Supprimée : HKLMSoftwareClassesInstallerFeaturesAF2CF8FE20EBB4443855807CA5D6E7A3
    Clé Supprimée : HKLMSoftwareClassesInstallerProductsAF2CF8FE20EBB4443855807CA5D6E7A3

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v11.0.9600.16521

    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [Search Page]
    Paramètre Restauré : HKCUSoftwareMicrosoftInternet ExplorerMain [Default_Search_URL]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerMain [Default_Search_URL]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerMain [Search Page]
    Paramètre Restauré : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerMain [Default_Search_URL]
    Paramètre Restauré : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerMain [Default_Page_URL]
    Paramètre Restauré : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerMain [Start Page]
    Paramètre Restauré : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerMain [Search Page]

    -\ Google Chrome v34.0.1847.131

    [ Fichier : C:UsersdilunaAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    Supprimée [Search Provider] : hxxp://search.conduit.com/Results.aspx?q=” onclick=”window.open(this.href);return false;{searchTerms}&SearchSource=49&cui=UN42218978818430567&ctid=CT3242339
    Supprimée [Search Provider] : hxxp://www.softonic.fr/s/” onclick=”window.open(this.href);return false;{searchTerms}
    Supprimée [Search Provider] : hxxp://www.qone8.com/web/?type=dspp&ts=1399050321&from=adks&uid=ST9500325AS_5VE7ZK85XXXX5VE7ZK85&q=” onclick=”window.open(this.href);return false;{searchTerms}
    Supprimée [Search Provider] : hxxp://www.qone8.com/web/?type=dspp&ts=1399045897&from=adks&uid=ST9500325AS_5VE7ZK85XXXX5VE7ZK85&q=” onclick=”window.open(this.href);return false;{searchTerms}
    Supprimée [Startup_urls] : hxxp://search.conduit.com/?CUI=UN42218978818430567&ctid=CT3242339&SearchSource=48″ onclick=”window.open(this.href);return false;
    Supprimée [Startup_urls] : hxxp://start.qone8.com/?type=hp&ts=1399045811&from=adks&uid=ST9500325AS_5VE7ZK85XXXX5VE7ZK85″ onclick=”window.open(this.href);return false;
    Supprimée [Extension] : dffhljlmcohcioeilbnpmbchdcbhifdh
    Supprimée [Extension] : kndbficlbmclgandannjncfnlblkmmbn
    Supprimée [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma

    [ Fichier : C:UsersInvitéAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    Supprimée [Extension] : kndbficlbmclgandannjncfnlblkmmbn

    *************************

    AdwCleaner[R0].txt – [12722 octets] – [06/05/2014 10:04:48]
    AdwCleaner[S0].txt – [10972 octets] – [06/05/2014 10:09:35]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [11033 octets] ##########
    Merci beaucoup

  • lilidurhone
    Post count: 0

    :welcome:

    Je vais te prendre en charge ;)

    1)Désinstalle via panneau de configuration (si possible)

    -AnyProtect
    -Boxore Client
    -supporter
    -Yet Another Cleaner!
    -suprasaving
    -VOpackage(si tu n’y arrives pas n’insiste pas ;) )
    -WebInternetSecurity
    -suprasavings

    2)Tu as des adwares et un hijacker!

    Passe donc adwcleaner

    • Télécharge Adwcleaner (de Xplode) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista,sinon double-clique pour XP
      1. Choisis l’option Scanner
      2. Choisis l’option Nettoyer
    • Accepte l’avertissement en cliquant sur OK

    • Accepte les avertissements/informations en cliquant sur OK
    • Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC

    3)Passe shortcut module

    • Désactive ton antivirus sinon l’outil ne pourra pas travailler convenablement.
    • Télécharge Shortcut_Module sur ton bureau.

      Note : Enregistrer votre travail avant de continuer !

    • Lance Shortcut_Module,
    • Clic sur Nettoyer

      Note : Patiente le temps du scan

    • Laisse travailler l’outil même s’il te parait bloqué
    • Si l’outil détecte un proxy que tu ne connais pas clic sur : “Supprimer le proxy
    • Héberge le rapport C:Shortcut_Module_date_heure.txt sur https://antimalware.top/” onclick=”window.open(this.href);return false; puis donne le lien obtenu

    A te lire avec les deux rapports ;)

  • EEDLO
    Participant
    Post count: 6

    Bonsoir,

    Je ne parviens pas à me débarrasser de YAC
    J”ai nettoyé avec Malwarebytes adwcleaner ZHPDiag et il est toujours là

    Je joins le rapport ZHPDiag :

    ~ Rapport de ZHPDiag v2014.5.4.54 – Nicolas Coolman (04/05/2014)
    ~ Lancé par diluna (05/05/2014 20:11:54)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by program

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.16659
    GCIE: Google Chrome v34.0.1847.131 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : PV9HW
    Windows License : OK
    ~ Windows Remaining Initializations Number : 3
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft Security Client v4.5.0216.0
    Windows Defender W7

    —\ Logiciels d’optimisation du système
    CCleaner v3.22

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 13 Plugin
    Adobe Reader XI

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3948 MB (49% free)
    System Restore: Activé (Enable)
    System drive C: has 20 GB (17%) free of 116 GB

    —\ Mode de connexion au système
    ~ Computer Name: DILUNA-PC
    ~ User Name: diluna
    ~ All Users Names: HomeGroupUser$, diluna, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersdilunaAppDataRoamingZHP
    ~ %AppData% : C:UsersdilunaAppDataRoaming
    ~ %Desktop% : C:UsersdilunaDesktop
    ~ %Favorites% : C:UsersdilunaFavorites
    ~ %LocalAppData% : C:UsersdilunaAppDataLocal
    ~ %StartMenu% : C:UsersdilunaAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 20 Go of 116 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 216 Go of 335 Go)
    E: Floppy drive, Flash card reader, USB Key (Free 6 Go of 15 Go)
    F: CD-ROM drive (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyGames: Modified
    ~ Security Center: 46 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
    [MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
    [MD5.DF79CE9B950C62677D232154E93A81C7] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.01/03/2014 – 04:10:28.) — C:WindowsSystem32wininet.dll [2334208]
    [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:30.) — C:WindowsSystem32Winlogon.exe [390656]
    [MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
    [MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
    [MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
    [MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
    [MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
    [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
    [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
    [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
    [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
    [MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
    [MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
    [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.24/01/2014 – 03:37:55.) — C:Windowssystem32Driversntfs.sys [1684928]
    [MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
    [MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
    [MD5.1B6163C503398B23FF8B939C67747683] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.20/11/2010 – 12:06:41.) — C:Windowssystem32Driversrdpdr.sys [165888]
    [MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
    [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
    [MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 3/13599
    ~ Mes musiques (My Musics) : 1/196
    ~ Mes Favoris (My Favorites) : 1/22
    ~ Mes Documents (My Documents) : 3/13226
    ~ Mon Bureau (My Desktop) : 1/165
    ~ Menu demarrer (Programs) : 1/48
    ~ Hidden Files: Scanned in 00mn 06s

    —\ Processus lancés
    [MD5.F4DCD4912B185C3AAEB92A7040832AD1] – (.Pas de propriétaire – ALU.) — C:Program Files (x86)ASUSASUS Live UpdateALU.exe [51768] [PID.2220]
    [MD5.1971D838A88F58D59543E9B3CDA5FFC4] – (.ASUS – SmartLogon Application.) — C:Program Files (x86)ASUSSmartLogonsensorsrv.exe [305720] [PID.2252]
    [MD5.BA2B4E07561CF877F61B0EEED654BC96] – (…) — C:Program Files (x86)ASUSControlDeckControlDeckStartUp.exe [53888] [PID.2268]
    [MD5.4DA9F0444F8B30E0C31F9480F0EDFC68] – (.Elex do Brasil Participações Ltda – YACTray.) — C:Program Files (x86)iSafeiSafeTray.exe [802984] [PID.2448] =>Trojan.Staser
    [MD5.97F60D16F052DA9CB619AB9A96CB2D4E] – (.Pas de propriétaire – Wireless Console 3.) — C:Program Files (x86)ASUSWireless Console 3wcourier.exe [1597440] [PID.2472]
    [MD5.FCE1FAAE8DE25340FB6B20F0099C230F] – (…) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752IEWLauncher.exe [142336] [PID.4348]
    [MD5.69643F616FA67B33428FDF870604B059] – (.Pas de propriétaire – Orange SMS.) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752SMSNotifier.exe [1121792] [PID.4532]
    [MD5.77D8E2219CA86043DBCFD9223F2CCF18] – (…) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752HSSModule.exe [285696] [PID.4620]
    [MD5.79C28DDF889C26FDD6162F796FD49BC4] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152392] [PID.4648]
    [MD5.3ECCDD3FE310DD8F82D085447089ADB0] – (.ASUSTek Computer Inc. – ADSMTray.) — C:Program Files (x86)ASUSASUS Data Security ManagerADSMTray.exe [272952] [PID.5100]
    [MD5.5C396DDE6AAFFB64ABC0E0FD88F53553] – (.ASUS – AsScrPro.) — C:WindowsAsScrPro.exe [3054136] [PID.4660]
    [MD5.57B4D34232852BFE4453BE571DF90D21] – (.CyberLink – CyberLink MediaLibray Service.) — C:Program Files (x86)CyberlinkPower2GoCLMLSvc.exe [103720] [PID.4400]
    [MD5.CC02FE4520CA886508069245D9A6962F] – (.Microsoft Corporation – Internet Low-Mic Utility Tool.) — C:Program Files (x86)Internet ExplorerIELowutil.exe [222720] [PID.6060]
    [MD5.3A3BEA53F039CE2E997A918E26E30B1D] – (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet ExplorerIEXPLORE.exe [808152] [PID.3800]
    [MD5.09DCE8B39E88D8C4B7223B569C1BF06F] – (.Microsoft Corporation. – Bing Client Application Process.) — C:Program Files (x86)MicrosoftBingBar7.3.132.0BingApp.exe [267936] [PID.5492] =>Toolbar.Bing
    [MD5.7623FF497EA07A7F82F9146A9BD10ADE] – (.Microsoft Corporation. – Bing Client Runtime.) — C:Program Files (x86)MicrosoftBingBar7.3.132.0BingBar.exe [453280] [PID.5752] =>Toolbar.Bing
    [MD5.0885935600C6489D49B25526A8BEBFDF] – (.Microsoft Corporation. – Hôte d’extension natif du runtime du client.) — C:Program Files (x86)MicrosoftBingBar7.3.132.0BingSurrogate.exe [141984] [PID.5212] =>Toolbar.Bing
    [MD5.C7DB4552FB13073DFA1A211DA6A6C389] – (.AnyProtect by CMI – AnyProtect.) — C:Program Files (x86)AnyProtectExAnyProtect.exe [21755392] [PID.8204] =>PUP.AnyProtect
    [MD5.700803AC9B451FB67DF35EF0E05382E7] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [7869952] [PID.7512]
    [MD5.13E960E384369F4E32BA29B27F451C99] – (.Elex do Brasil Participações Ltda – iSafeSvc.) — C:Program Files (x86)iSafeiSafeSvc.exe [118056] [PID.1012] =>Trojan.Staser
    [MD5.C1191E6A7320608C4D8581BB6F931D41] – (.Elex do Brasil Participações Ltda – iSafeSvc2.) — C:Program Files (x86)iSafeiSafeSvc2.exe [118056] [PID.404] =>Trojan.Staser
    [MD5.18E5C2F937F9DEB8C282DF66A3761925] – (.ASUS – ASLDR Service.) — C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe [84536] [PID.1516]
    [MD5.63F1212FFE13E62CA1E8D8EE19ABD9A7] – (.ASUS – GFNEXSrv.) — C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe [96896] [PID.1656]
    [MD5.51138BEEA3E2C21EC44D0932C71762A8] – (…) — ysWOW64rundll32.exe [0] [PID.1928]
    [MD5.B362181ED3771DC03B4141927C80F801] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65432] [PID.2064]
    [MD5.221564CC7BE37611FE15EACF443E1BF6] – (.Apple Inc. – YSLoader.exe.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [43336] [PID.2092]
    [MD5.9BD8480A51537BB18B421BF3BEECF2AD] – (.Caphyon – Scheduler 9.3 © Caphyon, 2011.) — C:Program Files (x86)CaphyonAdvanced Web RankingScheduler.exe [126208] [PID.2160]
    [MD5.C811032EBB2C2E9FACFC364599E91BE3] – (.ASUS – HControl.) — C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe [174720] [PID.2412]
    [MD5.A1C148801B4AF64847AEB9F3AD9594EF] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [262144] [PID.1800]
    [MD5.C93576AD52CD4A6B455ACA440CBB1C42] – (…) — C:UsersdilunaAppDataRoamingVOPackageVOsrv.exe [52736] [PID.2812] =>Adware.Downware
    [MD5.149126216A694E6BA84E92ECA77AAE3B] – (.ASUS – ATKOSD.) — C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe [2488888] [PID.3348]
    [MD5.4A7C441D99D86704D194E7678873B95D] – (.ASUS – WDC.) — C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe [174648] [PID.3736]
    [MD5.C0BF554D2277F7A4C735D475ADE2E3B2] – (.ASUSTek Computer Inc. – ADSMSrv.) — C:Program Files (x86)ASUSASUS Data Security ManagerADSMSrv.exe [225280] [PID.4796]
    [MD5.8CFCA7E2FD4B57C2BEF929C1C1A4C56E] – (.Pas de propriétaire – RichVideo Module.) — C:Program Files (x86)CyberlinkShared filesRichVideo.exe [271760] [PID.5092]
    [MD5.41118D920B2B268C0ADC36421248CDCF] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2314240] [PID.4576]
    ~ Processes Running: Scanned in 00mn 09s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersdilunaAppDataLocalGoogleChromeUser DataDefaultPreferences
    G2 – GCE: Preference [User DataDefault] [dffhljlmcohcioeilbnpmbchdcbhifdh] WiseConvert 1.5 v.10.29.0.520, (Désactivé) =>Toolbar.Conduit
    G2 – GCE: Preference [User DataDefault] [kndbficlbmclgandannjncfnlblkmmbn] SaveClicker v.2.1 (Activé) =>PUP.SaveClicker
    G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [pelmeidfhdlhlbjimpabfcbnnojbboma] Quick Start v.3.2.3, (Activé) =>PUP.QuickStart

    —\ Liste des dossiers d’extension Google Chrome
    ~ Google Lines Browser: 13 Legitimates Filtered in 00mn 06s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://start.qone8.com” onclick=”window.open(this.href);return false; =>Hijacker.Qone8
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://www.qone8.com” onclick=”window.open(this.href);return false; =>Hijacker.Qone8
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.qone8.com” onclick=”window.open(this.href);return false; =>Hijacker.Qone8
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://www.qone8.com” onclick=”window.open(this.href);return false; =>Hijacker.Qone8
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://start.qone8.com” onclick=”window.open(this.href);return false; =>Hijacker.Qone8
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.qone8.com” onclick=”window.open(this.href);return false; =>Hijacker.Qone8
    R1 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Search Page = http://www.qone8.com” onclick=”window.open(this.href);return false; =>Hijacker.Qone8
    R1 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.qone8.com” onclick=”window.open(this.href);return false; =>Hijacker.Qone8
    ~ IE Browser: 23 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 117

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: Bing Bar – [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. – Bing Client Extensions.) — C:Program Files (x86)MicrosoftBingBar7.3.132.0amd64BingExt.dll =>Toolbar.Bing
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSSystemTools [diluna]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe http://start.qone8.com” onclick=”window.open(this.href);return false; =>Hijacker.Qone8
    O4 – GSDesktop [diluna]: AnyProtect.lnk . (.AnyProtect by CMI – AnyProtect.) — C:Program Files (x86)AnyProtectExAnyProtect.exe =>PUP.AnyProtect
    O4 – GSDesktop [diluna]: Continue VuuPC Installation.lnk . (…) — C:UsersdilunaAppDataLocalTempICReinstall_nsnD1E8.tmp RR (.not file.) =>PUP.VuuPC
    O4 – GSDesktop [diluna]: Optimizer Pro.lnk . (.PC Utilities Software Limited – Optimizer Pro.) — C:Program Files (x86)Optimizer ProOptimizerPro.exe =>PUP.OptimizerPro
    ~ Global Startup: 5 Legitimates Filtered in 00mn 20s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [ETDWare] . (.ELAN Microelectronic Corp. – ETD Control Center.) — C:Program FilesElantechETDCtrl.exe
    O4 – HKLM..Run: [MSC] . (.Microsoft Corporation – Microsoft Security Client User Interface.) — C:Program FilesMicrosoft Security Clientmsseces.exe
    O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UsersdilunaAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O4 – HKCU..Run: [Google+ Auto Backup] . (.Google Inc. – AutoBackup.) — C:UsersdilunaAppDataLocalProgramsGoogleGoogle+ Auto BackupGoogle+ Auto Backup.exe
    O4 – HKCU..Run: [Optimizer Pro] . (.PC Utilities Software Limited – Optimizer Pro Launcher.) — C:Program Files (x86)Optimizer ProOptProLauncher.exe =>PUP.OptimizerPro
    O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [Start_Icon225_IEWLauncher] . (…) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752IEWLauncher.exe
    O4 – HKLM..Wow6432NodeRun: [Start_Update] . (.Pas de propriétaire – Orange Updater.) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752UpdteApp.exe
    O4 – HKLM..Wow6432NodeRun: [Start_Statistics] . (…) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752OrangeStats.exe
    O4 – HKLM..Wow6432NodeRun: [Start_SMSNotifier] . (.Pas de propriétaire – Orange SMS.) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752SMSNotifier.exe
    O4 – HKLM..Wow6432NodeRun: [Start_HSSModule] . (…) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752HSSModule.exe
    O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
    O4 – HKLM..Wow6432NodeRun: [EfficientLadysOrganizerFree] Clé orpheline
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-192761103-4228053574-1910153200-1000..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UsersdilunaAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O4 – HKUSS-1-5-21-192761103-4228053574-1910153200-1000..Run: [Google+ Auto Backup] . (.Google Inc. – AutoBackup.) — C:UsersdilunaAppDataLocalProgramsGoogleGoogle+ Auto BackupGoogle+ Auto Backup.exe
    O4 – HKUSS-1-5-21-192761103-4228053574-1910153200-1000..Run: [Optimizer Pro] . (.PC Utilities Software Limited – Optimizer Pro Launcher.) — C:Program Files (x86)Optimizer ProOptProLauncher.exe =>PUP.OptimizerPro
    ~ Application: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{6BCE37EA-F379-4FF5-8BDB-3A3BCC38FD92}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{FAEBD4C0-65BB-4C28-BCD4-39BE15F84453}: DhcpNameServer = 172.20.2.39 172.20.2.10
    O17 – HKLMSystemCS1ServicesTcpip..{6BCE37EA-F379-4FF5-8BDB-3A3BCC38FD92}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{FAEBD4C0-65BB-4C28-BCD4-39BE15F84453}: DhcpNameServer = 172.20.2.39 172.20.2.10
    O17 – HKLMSystemCS2ServicesTcpip..{6BCE37EA-F379-4FF5-8BDB-3A3BCC38FD92}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{FAEBD4C0-65BB-4C28-BCD4-39BE15F84453}: DhcpNameServer = 172.20.2.39 172.20.2.10
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlmailhtml [64Bits] – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (…) —
    O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – AppInit_DLLs: . (…) – C:Program Files (x86)OPTIMI~1OPTPRO~3.dll (.not file.)
    ~ AppInit DLL: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: Optimizer Pro Crash Monitor (70e6ca8c) . (…) – C:Program Files (x86)optimi~1OptProCrashSvc.dll =>PUP.OptimizerPro
    O23 – Service: Supporter (be0fb33b) . (…) – C:Program Files (x86)suppor~1SupporterSvc.dll (.not file.) =>PUP.SaveClicker
    O23 – Service: iSafeService (iSafeService) . (.Elex do Brasil Participações Ltda – iSafeSvc.) – C:Program Files (x86)iSafeiSafeSvc.exe =>Trojan.Staser
    O23 – Service: Service Component of VO (vosr) . (…) – C:UsersdilunaAppDataRoamingVOPackageVOsrv.exe =>Adware.Downware
    ~ Services: 14 Legitimates Filtered in 00mn 48s

    —\ Tâches planifiées en automatique (O39)
    [MD5.C7DB4552FB13073DFA1A211DA6A6C389] [APT] [APSnotifierPP1] (.AnyProtect by CMI.) — C:Program Files (x86)AnyProtectExAnyProtect.exe [21755392] =>PUP.AnyProtect
    [MD5.C7DB4552FB13073DFA1A211DA6A6C389] [APT] [APSnotifierPP2] (.AnyProtect by CMI.) — C:Program Files (x86)AnyProtectExAnyProtect.exe [21755392] =>PUP.AnyProtect
    [MD5.C7DB4552FB13073DFA1A211DA6A6C389] [APT] [APSnotifierPP3] (.AnyProtect by CMI.) — C:Program Files (x86)AnyProtectExAnyProtect.exe [21755392] =>PUP.AnyProtect
    [MD5.1FF033E93713C97593280B3B9537318D] [APT] [{1AFEAA7C-E5DF-4567-884A-17E6F57929B2}] (…) — C:UsersdilunaDownloadsRegCleaner.exe [553687]
    O39 – APT: – (..) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
    O39 – APT: APSnotifierPP1 – (.AnyProtect by CMI.) — C:WindowsTasksAPSnotifierPP1.job [380] =>PUP.AnyProtect
    O39 – APT: APSnotifierPP1 – (.AnyProtect by CMI.) — C:WindowsSystem32TasksAPSnotifierPP1 [380] =>PUP.AnyProtect
    O39 – APT: APSnotifierPP2 – (.AnyProtect by CMI.) — C:WindowsTasksAPSnotifierPP2.job [378] =>PUP.AnyProtect
    O39 – APT: APSnotifierPP2 – (.AnyProtect by CMI.) — C:WindowsSystem32TasksAPSnotifierPP2 [378] =>PUP.AnyProtect
    O39 – APT: APSnotifierPP3 – (.AnyProtect by CMI.) — C:WindowsTasksAPSnotifierPP3.job [378] =>PUP.AnyProtect
    O39 – APT: APSnotifierPP3 – (.AnyProtect by CMI.) — C:WindowsSystem32TasksAPSnotifierPP3 [378] =>PUP.AnyProtect
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1064]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1068]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskUserS-1-5-21-192761103-4228053574-1910153200-1000Core [1030]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskUserS-1-5-21-192761103-4228053574-1910153200-1000UA [1082]
    ~ Scheduled Task: 29 Legitimates Filtered in 00mn 20s

    —\ Pilotes lancés au démarrage du système (O41)
    O41 – Driver: (iSafeKrnlKit) . (.Elex do Brasil Participações Ltda – iSafe Kernel Kit Driver.) – C:Program Files (x86)iSafeiSafeKrnlKit.sys =>Trojan.Staser
    O41 – Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda – iSafeNetFilter SDK WFP Driver (WPP).) – C:Program Files (x86)iSafeiSafeNetFilter.sys =>Trojan.Staser
    ~ Drivers: 69 Legitimates Filtered in 00mn 00s

    —\ Logiciels installés (O42)
    O42 – Logiciel: AnyProtect – (.CMI Limited.) [HKLM][64Bits] — AnyProtect =>PUP.AnyProtect
    O42 – Logiciel: Boxore Client – (.Boxore OU.) [HKLM][64Bits] — {EF8FC2FA-BE02-444B-8355-08C75A6D7E3A} =>Adware.Boxore
    O42 – Logiciel: CloneMaster version 5.00 – (.Softbyte Labs, Inc..) [HKLM][64Bits] — {B22AB4D0-3639-49A2-9CC9-3C12CDB17FEA}_is1
    O42 – Logiciel: Supporter 1.80 – (.SaveClicker.) [HKLM][64Bits] — {5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b} =>PUP.SaveClicker
    O42 – Logiciel: SupraSavings – (.SupraSavings.) [HKLM][64Bits] — {E6B105B8-1F65-4428-9397-1DFD8A03B94D} =>PUP.SupraSavings
    O42 – Logiciel: VO Package – (…) [HKLM][64Bits] — VOPackage =>Adware.Downware
    O42 – Logiciel: WebInternetSecurity – (.WebInternetSecurity.) [HKCU][64Bits] — webinternetsecurity =>Spyware.Binternet
    O42 – Logiciel: Yet Another Cleaner! – (.ELEX DO BRASIL PARTICIPAÇÕES LTDA.) [HKLM][64Bits] — iSafe =>Trojan.Staser
    O42 – Logiciel: suprasavings – (.suprasavings.) [HKLM][64Bits] — suprasavings =>PUP.SupraSavings
    ~ Logic: 31 Legitimates Filtered in 00mn 02s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareAnyProtect] =>PUP.AnyProtect
    [HKCUSoftwareInstalledBrowserExtensions] =>Adware.VidSaver
    [HKCUSoftwarePOWERARC]
    [HKCUSoftwareTutoTag] =>AgenceExclusive
    [HKCUSoftwareTutorials] =>AgenceExclusive
    [HKCUSoftwareV9]
    [HKCUSoftwareYahooPartnerToolbar]
    [HKLMSoftwareInstalledBrowserExtensions] =>Adware.VidSaver
    [HKLMSoftwareLevelQualityWatcher] =>PUP.LevelQualityWatcher
    [HKLMSoftwareWow6432NodeInstalledBrowserExtensions] =>Adware.VidSaver
    [HKLMSoftwareWow6432NodeTutorials] =>AgenceExclusive
    [HKLMSoftwareWow6432NodeWpm] =>PUP.WpManager
    [HKLMSoftwareWow6432Nodefree_soft_today] =>Adware.FreeSoftToday
    [HKLMSoftwareWow6432NodesupTab] =>PUP.SupTab
    [HKLMSoftwareWow6432NodesupWPM] =>PUP.WpManager
    ~ Key Software: 311 Legitimates Filtered in 00mn 02s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 02/05/2014 – 18:51:24 – [] —-D C:Program Files (x86)AnyProtectEx =>PUP.AnyProtect
    O43 – CFD: 05/05/2014 – 10:51:58 – [] —-D C:Program Files (x86)iSafe =>Trojan.Staser
    O43 – CFD: 18/08/2010 – 14:15:22 – [] —-D C:Program Files (x86)R_MANUAL
    O43 – CFD: 18/08/2010 – 14:21:01 – [] —-D C:Program Files (x86)R_MANUAL_SR
    O43 – CFD: 04/05/2014 – 18:40:37 – [] —-D C:Program Files (x86)Supporter =>PUP.SaveClicker
    O43 – CFD: 12/09/2012 – 10:56:31 – [] —-D C:Program Files (x86)Yontoo =>Adware.Yontoo
    O43 – CFD: 02/05/2014 – 19:05:44 – [] —-D C:ProgramDataf52f930a7e938e9
    O43 – CFD: 04/05/2014 – 18:40:37 – [] —-D C:ProgramDataWPM =>PUP.WpManager
    O43 – CFD: 04/05/2014 – 15:53:22 – [] —-D C:UsersdilunaAppDataRoamingActiveris =>PUP.Activeris
    O43 – CFD: 04/05/2014 – 23:06:42 – [] —-D C:UsersdilunaAppDataRoamingiSafe =>Trojan.Staser
    O43 – CFD: 04/05/2014 – 18:38:25 – [0] —-D C:UsersdilunaAppDataRoamingSupTab =>PUP.SupTab
    O43 – CFD: 02/05/2014 – 18:03:33 – [] —-D C:UsersdilunaAppDataRoamingVOPackage =>Adware.Downware
    O43 – CFD: 02/05/2014 – 18:04:35 – [] —-D C:UsersdilunaAppDataLocalwebinternetsecurity =>Spyware.Binternet
    O43 – CFD: 29/11/2013 – 17:11:48 – [] —-D C:UsersdilunaAppDataLocalWhiteListing
    O43 – CFD: 02/05/2014 – 18:51:24 – [] —-D C:UsersdilunaAppDataRoamingMicrosoftWindowsStart MenuProgramsAnyProtect PC Backup =>PUP.AnyProtect
    O43 – CFD: 08/02/2014 – 12:00:19 – [] —-D C:UsersdilunaAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle+ Auto Backup
    O43 – CFD: 02/05/2014 – 18:03:32 – [] —-D C:UsersdilunaAppDataRoamingMicrosoftWindowsStart MenuProgramsVOPackage =>Adware.Downware
    ~ Program Folder: 197 Legitimates Filtered in 00mn 01s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.219D9D2AC3A67712952461DADA60C0C3] – 04/05/2014 – 17:42:01 —A- . (…) — C:WindowsSystem32AutoRunFilter.ini [2700]
    O44 – LFC:[MD5.7E1039FCD8259813570AC6889C6E7294] – 04/05/2014 – 18:54:02 —A- . (…) — C:WindowsSystem32ServiceFilter.ini [1924]
    O44 – LFC:[MD5.CD81F6DF96AC72F4C76ED554041BC9D7] – 23/04/2014 – 11:19:45 —A- . (.Elex do Brasil Participações Ltda – iSafe Kernel Boot Driver.) — C:WindowsSystem32DriversiSafeKrnlBoot.sys [43520] =>Trojan.Staser
    ~ Files: 34 Legitimates Filtered in 00mn 09s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{9b5d732f-5c3d-11e3-a5bf-e0cb4e3447b2}AutoRuncommand. (…) — E:Setup.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregAppleSyncNotifier [Key] . (…) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe (.not file.)
    O53 – SMSR:HKLM…startupregBoxore Client [Key] . (…) — C:Program Files (x86)BoxoreBoxoreClientboxore.exe (.not file.) =>Adware.Boxore
    O53 – SMSR:HKLM…startupregHP Software Update [Key] . (…) — C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe (.not file.) =>.Hewlett-Packard Co
    O53 – SMSR:HKLM…startupregJobHisInit [Key] . (.Pas de propriétaire – JobHisInit MFC Application.) — C:Program Files (x86)RDSRMClientJobHisInit.exe
    O53 – SMSR:HKLM…startupregMy Web Search Bar Search Scope Monitor [Key] . (…) — C:Program Files (x86)MYWEBS~1bar1.binm3SrchMn.exe (.not file.) =>Adware.MyWebSearch
    O53 – SMSR:HKLM…startupregMyWebSearch Email Plugin [Key] . (…) — C:Program Files (x86)MYWEBS~1bar1.binmwsoemon.exe (.not file.) =>Adware.MyWebSearch
    O53 – SMSR:HKLM…startupregSmartAudio [Key] . (.Pas de propriétaire – SAIICpl MFC Application.) — C:Program FilesCONEXANTSAIISAIICpl.exe
    O53 – SMSR:HKLM…startupregwLite [Key] . (…) — C:Program Files (x86)webcamXP 5wLite.exe (.not file.)
    ~ SMSR Keys: 34 Legitimates Filtered in 00mn 01s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
    O58 – SDL:15/10/2009 – 10:23:19 —A- . (.ELAN Microelectronic Corp. – ETD Control Center.) — C:WindowsSystem32DriversETD.sys [117760]
    O58 – SDL:10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
    O58 – SDL:23/04/2014 – 11:19:45 —A- . (.Elex do Brasil Participações Ltda – iSafe Kernel Boot Driver.) — C:WindowsSystem32DriversiSafeKrnlBoot.sys [43520] =>Trojan.Staser
    O58 – SDL:20/07/2009 – 10:29:39 —A- . (.Pas de propriétaire – Keyboard Filter Driver.) — C:WindowsSystem32Driverskbfiltr.sys [15416]
    O58 – SDL:18/06/2009 – 21:18:10 —A- . (.Windows (R) Win 7 DDK provider – ASUS CopyProtect driver.) — C:WindowsSystem32Driverslullaby.sys [15928]
    O58 – SDL:14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
    O58 – SDL:13/12/2012 – 12:50:36 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl64.sys [54784]
    ~ Drivers: 65 Legitimates Filtered in 00mn 01s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 01/05/2014 – 20:16:41 —A- . (…) — C:UsersdilunaDownloadsEfficientLadysOrganizerFree-Setup (1).exe [285782]
    O61 – LFC: 01/05/2014 – 20:16:45 —A- . (…) — C:UsersdilunaDownloadsEfficientLadysOrganizerFree-Setup.exe [14584568]
    O61 – LFC: 02/05/2014 – 20:14:47 —A- . (…) — C:UsersdilunaAppDataLocalwebinternetsecurityuninstall.webinternetsecurity.exe [288954] =>Spyware.Binternet
    O61 – LFC: 02/05/2014 – 20:15:00 —A- . (…) — C:UsersdilunaAppDataRoamingVOPackageUninstall.exe [129206] =>Adware.Downware
    O61 – LFC: 02/05/2014 – 20:15:03 —A- . (…) — C:UsersdilunaAppDataRoamingVOPackageVOPackage.exe [296161] =>Adware.Downware
    O61 – LFC: 02/05/2014 – 20:17:08 —A- . (…) — C:UsersdilunaDownloadsPDFWriterSetup.exe [1311304]
    O61 – LFC: 04/05/2014 – 20:14:57 —A- . (.Elex do Brasil Participações Ltda.) — C:UsersdilunaAppDataRoamingiSafeupdateisafe_update_v4.4.34.exe [8991912] =>Trojan.Staser
    O61 – LFC: 04/05/2014 – 20:15:03 —A- . (…) — C:UsersdilunaDesktopadwcleaner-1.606-en.exe [581957]
    O61 – LFC: 04/05/2014 – 20:17:16 —A- . (.Elex do Brasil Participações Ltda.) — C:UsersdilunaDownloadsyet_another_cleaner_dnf.exe [11822248]
    O61 – LFC: 30/04/2014 – 20:16:37 —A- . (…) — C:UsersdilunaDownloadsD1425563M_remote.exe [9653376]
    O61 – LFC: 30/04/2014 – 20:16:37 —A- . (…) — C:UsersdilunaDownloadsD1425572J_remote.exe [4002377]
    O61 – LFC: 30/04/2014 – 20:16:37 —A- . (…) — C:UsersdilunaDownloadsD1445559G_remote.exe [4505028]
    ~ 42 Fichiers temporaires (Temporary files)
    ~ 147 Fichiers cookies (Cookies files)
    ~ Files: 17 Legitimates Filtered in 02mn 52s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 23/04/2014 – C:Program Files (x86)iSafeiSafeKrnl.sys (iSafeKrnl) .(.Elex do Brasil Participações Ltda – iSafe Kernel Driver.) – LEGACY_ISAFEKRNL =>Trojan.Staser
    O64 – Services: CurCS – 23/04/2014 – C:Program Files (x86)iSafeiSafeKrnlKit.sys (iSafeKrnlKit) .(.Elex do Brasil Participações Ltda – iSafe Kernel Kit Driver.) – LEGACY_ISAFEKRNLKIT =>Trojan.Staser
    O64 – Services: CurCS – 23/04/2014 – C:Program Files (x86)iSafeiSafeNetFilter.sys (iSafeNetFilter) .(.Elex do Brasil Participações Ltda – iSafeNetFilter SDK WFP Driver (WPP).) – LEGACY_ISAFENETFILTER =>Trojan.Staser
    ~ Legacy: 91 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — c:program files (x86)googlechromeapplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — c:program filesinternet exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {CF739809-1C6C-47C0-85B9-569DBB141420} – (Ask Search) – http://dl.ask.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][10/09/2009] (…) — C:ProgramDataFullRemove.exe [131368]
    [MD5.96030AE285C32ECCD1C599F1C5DD2BEF] [SPRF][04/05/2014] (…) — C:UsersdilunaDesktopadwcleaner-1.606-en.exe [581957]
    ~ Files: 2 Legitimates Filtered in 00mn 00s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “537E56336A8449149988EC95CAA55E30” . (.Bing Bar.) — C:WindowsInstaller{3365E735-48A6-4194-9988-CE59AC5AE503}icon_installer_ico =>Toolbar.Bing
    O90 – PUC: “8B501B6E56F182443979D1DFA8309BD4” . (.SupraSavings.) — c:WindowsInstaller{E6B105B8-1F65-4428-9397-1DFD8A03B94D}icon64.ico =>PUP.SupraSavings
    O90 – PUC: “AF2CF8FE20EBB4443855807CA5D6E7A3” . (.Boxore Client.) — C:WindowsInstaller{EF8FC2FA-BE02-444B-8355-08C75A6D7E3A}boxore.ico =>Adware.Boxore
    ~ Update Products: 3 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.B67811645C5A3B8E4E4B1A1DB1EE271C] [WIS][21/09/2012] (.Boxore OU. – Software Update Helper.) — C:WindowsInstaller10a4cd.msi [45056] =>Adware.Boxore
    [MD5.5D3A30ADD585A102F1B60C0BA313ECEE] [WIS][11/03/2014] (.Microsoft Corporation – Bing Bar.) — C:WindowsInstallerd65bc.msi [741376] =>Toolbar.Bing
    ~ WIS: 2 Legitimates Filtered in 00mn 04s

    —\ Recherche de clés de registre Tracing (O100)
    HKLMSOFTWAREWow6432NodeMicrosoftTracingActiverisAntiMalware_RASAPI32 =>PUP.Activeris
    HKLMSOFTWAREWow6432NodeMicrosoftTracingActiverisAntiMalware_RASMANCS =>PUP.Activeris
    HKLMSOFTWAREWow6432NodeMicrosoftTracingBingBar_RASAPI32 =>Toolbar.Bing
    HKLMSOFTWAREWow6432NodeMicrosoftTracingBingBar_RASMANCS =>Toolbar.Bing
    HKLMSOFTWAREWow6432NodeMicrosoftTracingboxore_RASAPI32 =>Adware.Boxore
    HKLMSOFTWAREWow6432NodeMicrosoftTracingboxore_RASMANCS =>Adware.Boxore
    HKLMSOFTWAREWow6432NodeMicrosoftTracingIminentSetup{2_RASAPI32 =>Adware.IMBooster
    HKLMSOFTWAREWow6432NodeMicrosoftTracingIminentSetup{2_RASMANCS =>Adware.IMBooster
    HKLMSOFTWAREWow6432NodeMicrosoftTracingIminent_RASAPI32 =>Adware.IMBooster
    HKLMSOFTWAREWow6432NodeMicrosoftTracingIminent_RASMANCS =>Adware.IMBooster
    HKLMSOFTWAREWow6432NodeMicrosoftTracingspeedupmypc_RASAPI32 =>PUP.SpeedUpMyPC
    HKLMSOFTWAREWow6432NodeMicrosoftTracingspeedupmypc_RASMANCS =>PUP.SpeedUpMyPC
    HKLMSOFTWAREWow6432NodeMicrosoftTracingWajamUpdater_RASAPI32 =>PUP.Wajam
    HKLMSOFTWAREWow6432NodeMicrosoftTracingWajamUpdater_RASMANCS =>PUP.Wajam
    HKLMSOFTWAREWow6432NodeMicrosoftTracingwajam_install_RASAPI32 =>PUP.Wajam
    HKLMSOFTWAREWow6432NodeMicrosoftTracingwajam_install_RASMANCS =>PUP.Wajam
    HKLMSOFTWAREWow6432NodeMicrosoftTracingWiseConvert_1_RASAPI32 =>Toolbar.Conduit
    HKLMSOFTWAREWow6432NodeMicrosoftTracingWiseConvert_1_RASMANCS =>Toolbar.Conduit
    HKLMSOFTWAREWow6432NodeMicrosoftTracingYontooSetup-S-0AEC_RASAPI32 =>Adware.Yontoo
    HKLMSOFTWAREWow6432NodeMicrosoftTracingYontooSetup-S-0AEC_RASMANCS =>Adware.Yontoo
    ~ BTK: 314 Legitimates Filtered in 00mn 00s

    —\ Recherche de clés de registre CLSID (O101)
    [HKCRCLSID{11111111-1111-1111-1111-110511421146}] (MediaPlayerplus) =>PUP.CrossRider
    [HKCRCLSID{22222222-2222-2222-2222-220522422246}] (CrossriderApp0054246.Sandbox) =>PUP.CrossRider
    [HKCRCLSID{25455CD9-F215-B14F-B7BF-CCE88728D1C4}] (SaveClicker) =>PUP.SaveClicker
    [HKCRCLSID{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing
    [HKCRCLSID{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing
    ~ BCK: 4379 Legitimates Filtered in 00mn 12s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 01/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SS – | Auto 11/03/2014 193696 | (BBSvc) . (.Microsoft Corporation..) – C:Program Files (x86)MicrosoftBingBar7.3.132.0BBSvc.exe =>Toolbar.Bing
    SS – | Auto 10/07/1658 0 | (be0fb33b) . (…) – C:Program Files (x86)suppor~1SupporterSvc.dll =>PUP.SaveClicker
    SS – | Disabled 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SS – | Auto 16/07/2011 136176 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 16/07/2011 136176 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 04/01/2007 136120 | (gusvc) . (.Google.) – C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SS – | Demand 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SS – | Disabled 10/07/1658 0 | (wxpSvc) . (…) – C:Program Files (x86)webcamXP 5wService.exe
    SR – | Auto 02/05/2014 186496 | C:Program Files (x86)optimi~1OptProCrashSvc.dll (70e6ca8c) . (…) – C:Program Files (x86)Optimizer ProOptProCrashSvc.dll =>PUP.OptimizerPro
    SR – | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Demand 31/03/2008 225280 | (ADSMService) . (.ASUSTek Computer Inc..) – C:Program Files (x86)ASUSASUS Data Security ManagerADSMSrv.exe
    SR – | Auto 17/09/2009 359552 | (AFBAgent) . (.ASUSTeK Computer Inc..) – C:Windowssystem32FBAgent.exe
    SR – | Auto 18/11/2009 202752 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
    SR – | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
    SR – | Auto 10/11/2009 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
    SR – | Auto 20/12/2012 126208 | (AWRScheduler) . (.Caphyon.) – C:Program Files (x86)CaphyonAdvanced Web RankingScheduler.exe
    SR – | Auto 11/03/2014 247968 | (BBUpdate) . (.Microsoft Corporation..) – C:Program Files (x86)MicrosoftBingBar7.3.132.0SeaPort.exe =>Toolbar.Bing
    SR – | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 23/04/2014 118056 | (iSafeService) . (.Elex do Brasil Participações Ltda.) – C:Program Files (x86)iSafeiSafeSvc.exe =>Trojan.Staser
    SR – | Auto 01/10/2009 262144 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 11/03/2014 23808 | (MsMpSvc) . (.Microsoft Corporation.) – C:Program FilesMicrosoft Security ClientMsMpEng.exe
    SR – | Auto 15/09/2009 44312 | (OberonGameConsoleService) . (…) – C:Program Files (x86)AsusGame ParkGameConsoleOberonGameConsoleService.exe
    SR – | Demand 15/04/2009 271760 | (RichVideo) . (…) – C:Program Files (x86)CyberlinkShared filesRichVideo.exe
    SR – | Auto 01/10/2009 2314240 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SR – | Auto 26/04/2014 52736 | (vosr) . (…) – C:UsersdilunaAppDataRoamingVOPackageVOsrv.exe =>Adware.Downware
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 14/07/2009 27136 | C:Windowssystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 14s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Run by diluna at 05/05/2014 20:18:29
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by diluna at 05/05/2014 20:18:31
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13045 – (04/05/2014)
    Clés trouvées (Keys found) : 54
    Valeurs trouvées (Values found) : 2
    Dossiers trouvés (Folders found) : 19
    Fichiers trouvés (Files found) : 27

    [HKLMSoftwareGoogleChromeExtensionsdffhljlmcohcioeilbnpmbchdcbhifdh] =>Toolbar.Conduit^
    [HKLMSoftwareGoogleChromeExtensionskndbficlbmclgandannjncfnlblkmmbn] =>PUP.SaveClicker^
    [HKLMSoftwareGoogleChromeExtensionspelmeidfhdlhlbjimpabfcbnnojbboma] =>PUP.QuickStart^
    [HKLMSYSTEMCurrentControlSetServices70e6ca8c] =>PUP.OptimizerPro^
    [HKLMSYSTEMCurrentControlSetServicesbe0fb33b] =>PUP.SaveClicker^
    [HKLMSYSTEMCurrentControlSetServicesiSafeService] =>Trojan.Staser^
    [HKLMSYSTEMCurrentControlSetServicesvosr] =>Adware.Downware^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallAnyProtect] =>PUP.AnyProtect^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{EF8FC2FA-BE02-444B-8355-08C75A6D7E3A}] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{5F189DF5-2D05-472B-9091-84D9848AE48B}{be0fb33b}] =>PUP.SaveClicker^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{E6B105B8-1F65-4428-9397-1DFD8A03B94D}] =>PUP.SupraSavings^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallVOPackage] =>Adware.Downware^
    [HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallwebinternetsecurity] =>Spyware.Binternet^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstalliSafe] =>Trojan.Staser^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallsuprasavings] =>PUP.SupraSavings^
    [HKLMSoftwareMicrosoftShared ToolsMSConfigstartupregBoxore Client] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftShared ToolsMSConfigstartupregMy Web Search Bar Search Scope Monitor] =>Adware.MyWebSearch^
    [HKLMSoftwareMicrosoftShared ToolsMSConfigstartupregMyWebSearch Email Plugin] =>Adware.MyWebSearch^
    [HKLMSoftwareMicrosoftInternet ExplorerSearchScopes{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =>PUP.V9Software
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{cf739809-1c6c-47c0-85b9-569dbb141420}] =>Toolbar.AskBarDis
    [HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASMANCS] =>Toolbar.Bing
    [HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionUninstall{EF8FC2FA-BE02-444B-8355-08C75A6D7E3A}] =>PUP.SweetIM
    [HKLMSoftwareClassesInstallerFeaturesAF2CF8FE20EBB4443855807CA5D6E7A3] =>Adware.Boxore
    [HKLMSoftwareClassesInstallerProductsAF2CF8FE20EBB4443855807CA5D6E7A3] =>Adware.Boxore
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ProductsAF2CF8FE20EBB4443855807CA5D6E7A3] =>Adware.Boxore
    [HKLMSoftwareWow6432NodeClassesInstallerFeaturesAF2CF8FE20EBB4443855807CA5D6E7A3] =>Adware.Boxore
    [HKLMSoftwareWow6432NodeClassesInstallerProductsAF2CF8FE20EBB4443855807CA5D6E7A3] =>Adware.Boxore
    [HKCUSoftwareFunWebProducts] =>Adware.MyWebSearch
    [HKCUSoftwareTutorials] =>Spyware.AgenceExclusive
    [HKLMSoftwareWow6432NodeTutorials] =>Spyware.AgenceExclusive
    [HKLMSoftwareWow6432NodeMicrosoftTracingIminent_RASAPI32] =>Adware.Bandoo
    [HKLMSoftwareWow6432NodeMicrosoftTracingIminent_RASMANCS] =>Adware.Bandoo
    [HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products64A6E60055D801F4BB8AC269354B72B8] =>Adware.Boxore
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
    [HKCUSoftwareInstalledBrowserExtensions] =>PUP.CrossRider
    [HKLMSoftwareWow6432NodeMicrosoftTracingboxore_RASAPI32] =>Adware.Boxore
    [HKLMSoftwareWow6432NodeMicrosoftTracingboxore_RASMANCS] =>Adware.Boxore
    [HKCUSoftwareInstalledBrowserExtensions] =>PUP.CrossRider
    [HKLMSoftwareInstalledBrowserExtensions] =>PUP.CrossRider
    [HKLMSoftwareWow6432NodeInstalledBrowserExtensions] =>PUP.CrossRider
    [HKCUSoftwareAppDataLow{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
    [HKLMSoftwareWow6432Node{1146AC44-2F03-4431-B4FD-889BC837521F}] =>PUP.OptimizerPro
    [HKLMSoftwareClassesSpeedUpMyPC] =>PUP.SpeedUpMyPC
    [HKLMSoftwareWow6432NodeMicrosoftTracingspeedupmypc_RASAPI32] =>PUP.SpeedUpMyPC
    [HKLMSoftwareWow6432NodeMicrosoftTracingspeedupmypc_RASMANCS] =>PUP.SpeedUpMyPC
    [HKLMSoftwareClassesCLSID{11111111-1111-1111-1111-110511421146}] =>PUP.CrossRider
    [HKLMSoftwareClassesCLSID{22222222-2222-2222-2222-220522422246}] =>PUP.CrossRider
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{11111111-1111-1111-1111-110511421146}] =>PUP.CrossRider
    [HKLMSoftwareWow6432NodeClassesCLSID{22222222-2222-2222-2222-220522422246}] =>PUP.CrossRider
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
    [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{8dcb7100-df86-4384-8842-8fa844297b3f} =>Toolbar.Bing^
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:Optimizer Pro =>PUP.OptimizerPro^
    C:UsersdilunaAppDataLocalGoogleChromeUser DataDefaultExtensionsdffhljlmcohcioeilbnpmbchdcbhifdh =>Toolbar.Conduit^
    C:UsersdilunaAppDataLocalGoogleChromeUser DataDefaultExtensionskndbficlbmclgandannjncfnlblkmmbn =>PUP.SaveClicker^
    C:UsersdilunaAppDataLocalGoogleChromeUser DataDefaultExtensionspelmeidfhdlhlbjimpabfcbnnojbboma =>PUP.QuickStart^
    C:Program Files (x86)AnyProtectEx =>PUP.AnyProtect^
    C:Program Files (x86)iSafe =>Trojan.Staser^
    C:Program Files (x86)Supporter =>PUP.SaveClicker^
    C:Program Files (x86)Yontoo =>Adware.Yontoo^
    C:ProgramDataWPM =>PUP.WpManager^
    C:UsersdilunaAppDataRoamingActiveris =>PUP.Activeris^
    C:UsersdilunaAppDataRoamingiSafe =>Trojan.Staser^
    C:UsersdilunaAppDataRoamingSupTab =>PUP.SupTab^
    C:UsersdilunaAppDataRoamingVOPackage =>Adware.Downware^
    C:UsersdilunaAppDataLocalwebinternetsecurity =>Spyware.Binternet^
    C:UsersdilunaAppDataRoamingMicrosoftWindowsStart MenuProgramsAnyProtect PC Backup =>PUP.AnyProtect^
    C:UsersdilunaAppDataRoamingMicrosoftWindowsStart MenuProgramsVOPackage =>Adware.Downware^
    C:Program Files (x86)Software =>Adware.Boxore
    C:Program Files (x86)Optimizer Pro =>PUP.OptimizerPro
    C:UsersdilunaAppDataRoamingOptimizer Pro =>PUP.OptimizerPro
    C:UsersdilunaAppDataLocalSoftware =>Adware.Boxore
    C:Program Files (x86)iSafeiSafeTray.exe =>Trojan.Staser^
    C:Program Files (x86)MicrosoftBingBar7.3.132.0BingApp.exe =>Toolbar.Bing^
    C:Program Files (x86)MicrosoftBingBar7.3.132.0BingBar.exe =>Toolbar.Bing^
    C:Program Files (x86)MicrosoftBingBar7.3.132.0BingSurrogate.exe =>Toolbar.Bing^
    C:Program Files (x86)AnyProtectExAnyProtect.exe =>PUP.AnyProtect^
    C:Program Files (x86)iSafeiSafeSvc.exe =>Trojan.Staser^
    C:Program Files (x86)iSafeiSafeSvc2.exe =>Trojan.Staser^
    C:UsersdilunaAppDataRoamingVOPackageVOsrv.exe =>Adware.Downware^
    C:WindowsTasksAPSnotifierPP1.job =>PUP.AnyProtect^
    C:WindowsSystem32TasksAPSnotifierPP1 =>PUP.AnyProtect^
    C:WindowsTasksAPSnotifierPP2.job =>PUP.AnyProtect^
    C:WindowsSystem32TasksAPSnotifierPP2 =>PUP.AnyProtect^
    C:WindowsTasksAPSnotifierPP3.job =>PUP.AnyProtect^
    C:WindowsSystem32TasksAPSnotifierPP3 =>PUP.AnyProtect^
    [HKCUSoftwareAnyProtect] =>PUP.AnyProtect^
    [HKLMSoftwareLevelQualityWatcher] =>PUP.LevelQualityWatcher^
    [HKLMSoftwareWow6432NodeWpm] =>PUP.WpManager^
    [HKLMSoftwareWow6432Nodefree_soft_today] =>Adware.FreeSoftToday^
    [HKLMSoftwareWow6432NodesupTab] =>PUP.SupTab^
    [HKLMSoftwareWow6432NodesupWPM] =>PUP.WpManager^
    C:WindowsInstaller10a4cd.msi =>Adware.Boxore^
    C:WindowsInstallerd65bc.msi =>Toolbar.Bing^
    [HKCRCLSID{11111111-1111-1111-1111-110511421146}] (MediaPlayerplus) =>PUP.CrossRider^
    [HKCRCLSID{22222222-2222-2222-2222-220522422246}] (CrossriderApp0054246.Sandbox) =>PUP.CrossRider^
    [HKCRCLSID{25455CD9-F215-B14F-B7BF-CCE88728D1C4}] (SaveClicker) =>PUP.SaveClicker^
    [HKCRCLSID{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing^
    [HKCRCLSID{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing^
    ~ Additionnel Scan: 356270 Items scanned in 01mn 04s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.webs.com/apps/blog/show/32771797-trojan-staser” onclick=”window.open(this.href);return false; =>Trojan.Staser
    http://nicolascoolman.webs.com/apps/blog/show/41695065-pup-anyprotect” onclick=”window.open(this.href);return false; =>PUP.AnyProtect
    http://nicolascoolman.webs.com/apps/blog/show/26690384-adware-downware” onclick=”window.open(this.href);return false; =>Adware.Downware
    http://nicolascoolman.byethost7.com/wordpress/toolbar-conduit/” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
    http://nicolascoolman.webs.com/apps/blog/show/41737185-pup-saveclicker” onclick=”window.open(this.href);return false; =>PUP.SaveClicker
    http://nicolascoolman.webs.com/apps/blog/show/41962558-pup-quickstart” onclick=”window.open(this.href);return false; =>PUP.QuickStart
    http://nicolascoolman.webs.com/apps/blog/show/33262880-hijacker-qone8” onclick=”window.open(this.href);return false; =>Hijacker.Qone8
    http://nicolascoolman.webs.com/apps/blog/show/33388048-pup-vuupc” onclick=”window.open(this.href);return false; =>PUP.VuuPC
    http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro” onclick=”window.open(this.href);return false; =>PUP.OptimizerPro
    http://nicolascoolman.byethost7.com/wordpress/adware-boxore/” onclick=”window.open(this.href);return false; =>Adware.Boxore
    http://nicolascoolman.webs.com/apps/blog/show/42067481-pup-suprasavings” onclick=”window.open(this.href);return false; =>PUP.SupraSavings
    http://nicolascoolman.byethost7.com/wordpress/spyware-binternet/” onclick=”window.open(this.href);return false; =>Spyware.Binternet
    http://nicolascoolman.byethost7.com/wordpress/adware-vidsaver/” onclick=”window.open(this.href);return false; =>Adware.VidSaver
    http://nicolascoolman.byethost7.com/wordpress/pup-agenceexclusive/” onclick=”window.open(this.href);return false; =>AgenceExclusive
    http://nicolascoolman.byethost7.com/wordpress/pup-wpmanager/” onclick=”window.open(this.href);return false; =>PUP.WpManager
    http://nicolascoolman.webs.com/apps/blog/show/33340107-adware-freesofttoday” onclick=”window.open(this.href);return false; =>Adware.FreeSoftToday
    http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab” onclick=”window.open(this.href);return false; =>PUP.SupTab
    http://nicolascoolman.byethost7.com/wordpress/adware-yontoo/” onclick=”window.open(this.href);return false; =>Adware.Yontoo
    http://nicolascoolman.webs.com/apps/blog/show/41903075-pup-activeris” onclick=”window.open(this.href);return false; =>PUP.Activeris
    http://nicolascoolman.byethost7.com/wordpress/adware-mywebsearch/” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
    http://nicolascoolman.byethost7.com/wordpress/adware-imbooster/” onclick=”window.open(this.href);return false; =>Adware.IMBooster
    http://nicolascoolman.byethost7.com/wordpress/pup-wajam/” onclick=”window.open(this.href);return false; =>PUP.Wajam
    http://nicolascoolman.byethost7.com/wordpress/pup-crossrider/” onclick=”window.open(this.href);return false; =>PUP.CrossRider
    http://nicolascoolman.webs.com/apps/blog/show/27672211-pup-v9software” onclick=”window.open(this.href);return false; =>PUP.V9Software
    http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim” onclick=”window.open(this.href);return false; =>PUP.SweetIM
    http://nicolascoolman.byethost7.com/wordpress/adware-bandoo/” onclick=”window.open(this.href);return false; =>Adware.Bandoo
    http://nicolascoolman.byethost7.com/wordpress/pup-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
    ~ MSI: 27 link(s) detected in 00mn 00s

    posting.php?mode=post&f=6#
    ~ 932 Legitimates filtered by white list
    End of the scan (727 lines in 07mn 44s)(0)
    Merci pour votre aide

Le sujet ‘infection yac’ est fermé à de nouvelles réponses.