Répondre à : besoin d’aide 2016-09-08T13:04:40+00:00
cedric
Participant
Nombre d'articles : 9

rererebonjour voila donc le troisieme rapport de zhpdiag ! j’ai donc suivi toute la procedure !!! merci
~ Lancé par Bretagne (26/08/2013 16:59:18)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version : Version à jour.
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found

—\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
MFIE: Mozilla Firefox 23.0
GCIE: Google Chrome v23.0.1271.97

—\ Informations sur les produits Windows
~ Langage: Français
Windows XP Home Edition Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

—\ Logiciels de protection du système
Avira Free Antivirus v13.0.0.3885
Malwarebytes Anti-Malware version 1.75.0.1300

—\ Logiciels d’optimisation du système
CCleaner v4.00 =>Piriform Ltd

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI

—\ Informations sur le système
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1013 MB (38% free)
System Restore: Activé (Enable)
System drive C: has 26 GB (38%) free of 70 GB

—\ Mode de connexion au système
~ Computer Name: MJKB
~ User Name: Bretagne
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Bretagne, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppData% : C:Documents and SettingsBretagneApplication Data
~ %Desktop% : C:Documents and SettingsBretagneBureau
~ %Favorites% : C:Documents and SettingsBretagneFavoris
~ %LocalAppData% : C:Documents and SettingsBretagneLocal SettingsApplication Data
~ %StartMenu% : C:Documents and SettingsBretagneMenu Démarrer
~ %Windir% : C:WINDOWS
~ %System% : C:WINDOWSsystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 26 Go of 70 Go)
D: Hard drive, Flash drive, Thumb drive (Free 30 Go of 70 Go)
E: Floppy drive, Flash card reader, USB Key (Free 1 Go of 8 Go)
F: Floppy drive, Flash card reader, USB Key (Free 15 Go of 15 Go)

—\ Etat du Centre de Sécurité Windows
~ Security Center: 30 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] – (.Microsoft Corporation – Explorateur Windows.) (.14/04/2008 – 13:00:00.) — C:WINDOWSExplorer.exe [1037824]
[MD5.E1948293F7CBC38987270432935D8D05] – (.Microsoft Corporation – Internet Extensions for Win32.) (.26/07/2013 – 03:47:15.) — C:WINDOWSsystem32wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] – (.Microsoft Corporation – Application d’ouverture de session Windows NT.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.17/08/2011 – 14:49:54.) — C:WINDOWSsystem32DriversAFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] – (.Microsoft Corporation – IDE/ATAPI Port Driver.) (.13/04/2008 – 10:40:32.) — C:WINDOWSsystem32Driversatapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversCdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversCdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] – (.Microsoft Corporation – Pilote de cryptographie FIPS.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversFips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] – (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversHDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] – (.Microsoft Corporation – Pilote de port i8042.) (.13/04/2008 – 18:00:54.) — C:WINDOWSsystem32Driversi8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] – (.Microsoft Corporation – IMAPI Kernel Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversImapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] – (.Microsoft Corporation – IP Network Address Translator.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversIpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] – (.Microsoft Corporation – IPSec Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversIPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.15/07/2011 – 14:29:31.) — C:WINDOWSsystem32DriversMRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] – (.Microsoft Corporation – MBT Transport driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversnetBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] – (.Microsoft Corporation – NT File System Driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversParport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32DriversRasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.13/04/2008 – 10:32:52.) — C:WINDOWSsystem32Driversrdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] – (.Microsoft Corporation – Pilote de filtre audio Livre rouge.) (.13/04/2008 – 17:57:36.) — C:WINDOWSsystem32Driversredbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.14/04/2008 – 13:00:00.) — C:WINDOWSsystem32Driversvolsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 03s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/123
~ Mes musiques (My Musics) : 1/10
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/13
~ Mes Documents (My Documents) : 1/200
~ Mon Bureau (My Desktop) : 0/1812
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 03s

—\ Processus lancés au démarrage du système
[MD5.99387251353598C939592FAF40DF8AA9] – (.Avira Operations GmbH & Co. KG – Avira Scheduler.) — C:Program FilesAviraAntiVir Desktopsched.exe [84024] [PID.1588]
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] – (.Google Inc. – Programme d’installation de Google.) — C:Program FilesGoogleUpdateGoogleUpdate.exe [135664] [PID.1856]
[MD5.D8E53BEFD52A3CC726F7738EA676AF06] – (.Realtek Semiconductor Corp. – Realtek HD Audio Control Panel.) — C:WINDOWSRTHDCPL.exe [19520544] [PID.2012]
[MD5.7CE609C249FE99BC57E255593D432462] – (.Intel Corporation – igfxTray Module.) — C:WINDOWSsystem32igfxtray.exe [141336] [PID.2028]
[MD5.A6E71671F25E7B8A453B475E86ECD740] – (.Intel Corporation – hkcmd Module.) — C:WINDOWSsystem32hkcmd.exe [173592] [PID.2036]
[MD5.D87943DAD4EF197C80E8901F6F6163F1] – (.Intel Corporation – persistence Module.) — C:WINDOWSsystem32igfxpers.exe [141336] [PID.2044]
[MD5.09A3504A57450A1BFD4A9F3DB2FAEEAE] – (.ELAN Microelectronics Corp. – ETD Control Center.) — C:Program FilesElantechETDCtrl.exe [1891720] [PID.128]
[MD5.0B9D78D1F4140A8350797E5407612C53] – (.Pas de propriétaire – BatteryManager MFC.) — C:Program FilesSamsungSamsung Battery ManagerBatteryManager.exe [3155456] [PID.136]
[MD5.8EAA6052BA14FCE32069E7E66B895717] – (.Samsung Electronics Co., Ltd. – EasySpeedUpManager.) — C:Program FilesSAMSUNGEasySpeedUpManagerEasySpeedUpManager.exe [374784] [PID.124]
[MD5.477256F141D6EB932542F900D13B5E6B] – (.Intel Corporation – igfxsrvc Module.) — C:WINDOWSsystem32igfxsrvc.exe [250392] [PID.224]
[MD5.167F9E5AF87B57763DAAA27D3144C2A0] – (.SEC – Samsung Recovery Solution 4.) — C:Program FilesSamsungSamsung Recovery Solution 4WCScheduler.exe [2201192] [PID.248]
[MD5.4631FF0EE2964CCDC646AF807CB778F5] – (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program FilesAviraAntiVir Desktopavgnt.exe [345144] [PID.444]
[MD5.B508C9139D26AF2A91BF728279BF858C] – (.ELAN Microelectronics Corp. – ETD Control Center Helper.) — C:Program FilesElantechETDCtrlHelper.exe [1599880] [PID.628]
[MD5.CE42DFE915F78246364D464902E47360] – (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe [152392] [PID.920]
[MD5.10760383AA50CCFC7DB9B5AB0D326AAF] – (.SAMSUNG Electronics – SSCKbdHk.) — C:Program FilesSamsungSamsung Support CenterSSCKbdHk.exe [1749504] [PID.1072]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] – (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [39408] [PID.1140]
[MD5.F44431CFD96428206039D3556311BF1B] – (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe [19876968] [PID.1156]
[MD5.DFC5DCAB25683ECC60073E085B84FE58] – (.Samsung Electronics Co., Ltd. – Easy Display Manager.) — C:Program FilesSamsungEasy Display Managerdmhkcore.exe [847360] [PID.1168]
[MD5.FF786A74F62361A71AECDB8F8AC95D6F] – (.Somoto – FilesFrog.com Update Checker.) — C:Documents and SettingsBretagneLocal SettingsApplication DataFilesFrog Update Checkerupdate_checker.exe [201808] [PID.788] =>Adware.MegaSearch
[MD5.978294640062C57482BF2B65A342C266] – (.Microsoft Corporation – SQL Server Service Manager.) — C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe [69632] [PID.1412]
[MD5.83166BFFA8C4BBAC4413F47C865CC8EE] – (.Microsoft Corporation – Outil de notification de cadeaux MSN.) — C:Documents and SettingsBretagneApplication DataMicrosoftOutil de notification de cadeaux MSNmsnotif.exe [183096] [PID.1424]
[MD5.8491FDA93507F2F27FFBA11372764086] – (.Avira Operations GmbH & Co. KG – Avira On-Access Service.) — C:Program FilesAviraAntiVir Desktopavguard.exe [108088] [PID.2112]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] – (.Apple Inc. – MobileDeviceService.) — C:Program FilesFichiers communsAppleMobile Device SupportAppleMobileDeviceService.exe [57008] [PID.2124]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] – (.Apple Inc. – Bonjour Service.) — C:Program FilesBonjourmDNSResponder.exe [390504] [PID.2156]
[MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe [418376] [PID.2384]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe [701512] [PID.2500]
[MD5.7CE50C9E49ECEED8B6418446358126D9] – (.Microsoft Corporation – Machine Debug Manager.) — C:Program FilesFichiers communsMicrosoft SharedVS7Debugmdm.exe [270336] [PID.2556]
[MD5.C06719A652E32D5B65CC25C45D44A0D3] – (.Microsoft Corporation – SQL Server Windows NT.) — C:Program FilesMicrosoft SQL ServerMSSQLBinnsqlservr.exe [7442493] [PID.2588]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe [532040] [PID.2616]
[MD5.7CB15A15DBB2E1DF973A0A799C76DCC8] – (.SRS Labs, Inc. – Service to handle post-installation details.) — C:Program FilesSRS LabsSRS WOW XT and TSXTSRS_PostInstaller.exe [66792] [PID.2764]
[MD5.68C105908A54D734D2B154DB546F562E] – (.Avira Operations GmbH & Co. KG – Avira Shadow Copy Service.) — C:Program FilesAviraAntiVir Desktopavshadow.exe [76856] [PID.3888]
[MD5.622CB6E588ABA809DF29EAC8AB1D46D4] – (.Intel Corporation – igfxext Module.) — C:WINDOWSsystem32igfxext.exe [172056] [PID.2480]
[MD5.D8B8B5A8FE57CF4F307A540D9A153C23] – (.Apple Inc. – iPodService Module (32-bit).) — C:Program FilesiPodbiniPodService.exe [553288] [PID.2708]
[MD5.2E0B0A051FFAA86E358465BB0880D453] – (.Microsoft Corporation – Windows Update.) — C:WINDOWSsystem32wuauclt.exe [53784] [PID.1776]
[MD5.0DAD93BB0FECF5016AE3C06CBB0A873B] – (.Microsoft Corporation – COM Surrogate.) — C:WINDOWSsystem32dllhost.exe [5120] [PID.3752]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] – (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe [638816] [PID.1928]
[MD5.11821BB2822BFDF2C8654A157A829C2F] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [7836672] [PID.5960]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] – (.Microsoft Corporation – Application Layer Gateway Service.) — C:WINDOWSSystem32alg.exe [44544] [PID.1808]
[MD5.8648D670AE0D95C95E7BBB5B80661796] – (.Microsoft Corporation – MS DTC console program.) — C:WINDOWSsystem32msdtc.exe [6144] [PID.1728]
~ Processes Running: Scanned in 00mn 10s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultPreferences
G2 – GCE: Preference [User DataDefault] [hlddcjcfgdjclmkhhddocoendieiooag] Lyrics Plus v.1.125 (Activé) =>Adware.AddLyrics
G2 – GCE: Preference [User DataDefault] [ihkeoookbpemkdccdccdmacnidhooohk] Supreme Savings v.1.23.51 (Activé) =>PUP.RewardsArcade
G2 – GCE: Preference [User DataDefault] [mmiopbgcekanlhpjkonogoljpfmhpkhf] LyricsPal v.1.114 (Activé) =>Adware.AddLyrics
G2 – GCE: Preference [User DataDefault] [nohfdhapjjlndfgjnmdlcabloeembdkj] Delta Toolbar v.1.0 (Activé) =>Toolbar.DeltaSearch
G2 – GCE: Preference [User DataDefault] [pxpohikckhbcljgombipcdoinkaedlfa] Smart Display v.1.5 (Activé) =>Spyware.SmartDisplay
~ Google Browser: 10 Legitimates Filtered in 00mn 10s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultprefs.js
C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultuser.js
M3 – MFPP: Plugins – [Bretagne] — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultsearchpluginswiseconvert-15-customized-web-search.xml =>Toolbar.Conduit
M0 – MFSP: prefs.js [Bretagne – o0k85q7f.default] r_pref(“browser.startup.homepage”, );
M2 – MFEP: prefs.js [Bretagne – o0k85q7f.defaultcrossriderapp19962@crossrider.com] [] Supreme Savings v (..) =>PUP.RewardsArcade
M2 – MFEP: prefs.js [Bretagne – o0k85q7f.default{97A78363-B868-4B48-AC91-A783A31215AF}] [] AppsHat v2.0.1 (..)
~ Firefox Browser: 15 Legitimates Filtered in 00mn 02s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:WINDOWSsystem32Userinit.exe,
F2 – REG:system.ini: Shell=C:WINDOWSexplorer.exe
F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20

—\ Browser Helper Objects de navigateur (O2)
O2 – BHO: MinibarBHO – {AA74D58F-ACD0-450D-A85E-6C04B171C044} . (.KangoExtensions – Minibar.) — C:Program FilesMinibarMinibar.dll
O2 – BHO: Lyrics-Pal – {dc29db0f-529e-415e-9754-c4d493333108} . (.Lyrics-Pal – Pas de description.) — C:Program FilesLyricsPal130.dll =>Adware.AddLyrics
O2 – BHO: Lyrics Plus – {2aeec9be-127f-480f-9f4e-51080d8480af} . (…) — C:Program FilesLyricsPlus130.dll (.not file.) =>Adware.AddLyrics
~ BHO: 12 Legitimates Filtered in 00mn 00s

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: Google Toolbar – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Applications démarrées par registre & par dossier (O4)
O4 – HKLM..Run: [RTHDCPL] . (.Realtek Semiconductor Corp. – Realtek HD Audio Control Panel.) — C:WINDOWSRTHDCPL.exe
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:WINDOWSsystem32igfxtray.exe
O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:WINDOWSsystem32hkcmd.exe
O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:WINDOWSsystem32igfxpers.exe
O4 – HKLM..Run: [ETDWare] . (.ELAN Microelectronics Corp. – ETD Control Center.) — C:Program FilesElantechETDCtrl.exe
O4 – HKLM..Run: [BatteryManager] . (.Pas de propriétaire – BatteryManager MFC.) — C:Program FilesSamsungSamsung Battery ManagerBatteryManager.exe
O4 – HKLM..Run: [EasySpeedUpManager] . (.Samsung Electronics Co., Ltd. – EasySpeedUpManager.) — C:Program FilesSAMSUNGEasySpeedUpManagerEasySpeedUpManager.exe
O4 – HKLM..Run: [EasySpeedUpManager2] . (.Samsung Electronics – Easy SpeedUp Manager II.) — C:Program FilesSAMSUNGEasySpeedUpManagerEasySpeedUpManager2.exe
O4 – HKLM..Run: [SUPBackground] . (…) — C:Program FilesSamsungSamsung Update PlusSUPBackground.exe
O4 – HKLM..Run: [DMHotKey] . (.SAMSUNG Electronics – Loader of Easy Display Manager – Display Co.) — C:Program FilesSamsungEasy Display ManagerDMLoader.exe
O4 – HKLM..Run: [SamsungWInClon] Clé orpheline
O4 – HKLM..Run: [UCam_Menu] . (.CyberLink Corp. – MUI StartMenu Application.) — C:Program FilesCyberLinkYouCamMUITransferMUIStartMenu.exe
O4 – HKLM..Run: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program FilesFichiers communsAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Run: [avgnt] . (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program FilesAviraAntiVir Desktopavgnt.exe
O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe
O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesQuickTimeqttask.exe
O4 – HKLM..Run: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe
O4 – HKLM..RunOnce: [awfr7zip53668] Clé orpheline
O4 – HKCU..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
O4 – HKCU..Run: [BatteryLifeExtender] . (.Samsung Electronics. Co. Ltd. – Battery Life Extender.) — C:Program FilesSamsungBatteryLifeExtenderBatteryLifeExtender.exe
O4 – HKCU..Run: [SSCKbdHk] . (.SAMSUNG Electronics – SSCKbdHk.) — C:Program FilesSamsungSamsung Support CenterSSCKbdHk.exe
O4 – HKCU..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 – HKCU..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe
O4 – HKCU..Run: [SDP] . (.Somoto – FilesFrog.com Update Checker.) — C:Documents and SettingsBretagneLocal SettingsApplication DataFilesFrog Update Checkerupdate_checker.exe =>Adware.MegaSearch
O4 – HKUSS-1-5-18..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
O4 – HKUSS-1-5-19..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
O4 – HKUSS-1-5-20..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
O4 – HKUSS-1-5-18..RunOnce: [FlashPlayerUpdate] C:WINDOWSsystem32MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe (.not file.)
O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [BatteryLifeExtender] . (.Samsung Electronics. Co. Ltd. – Battery Life Extender.) — C:Program FilesSamsungBatteryLifeExtenderBatteryLifeExtender.exe
O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [SSCKbdHk] . (.SAMSUNG Electronics – SSCKbdHk.) — C:Program FilesSamsungSamsung Support CenterSSCKbdHk.exe
O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe
O4 – HKUSS-1-5-21-532639649-2019491048-2505128532-1005..Run: [SDP] . (.Somoto – FilesFrog.com Update Checker.) — C:Documents and SettingsBretagneLocal SettingsApplication DataFilesFrog Update Checkerupdate_checker.exe =>Adware.MegaSearch
~ Application: Scanned in 00mn 02s

—\ Autres liens utilisateurs (O4)
O4 – GSPrograms: Adobe Reader XI.lnk . (…) — C:WINDOWSInstaller{AC76BA86-7AD7-1036-7B44-AB0000000001}SC_Reader.ico
O4 – GSPrograms: Apple Software Update.lnk . (…) — C:WINDOWSInstaller{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}AppleSoftwareUpdateIco.exe
O4 – GSPrograms: Lanceur de tâches Microsoft Works.lnk . (.Microsoft® Corporation – Microsoft® Works.) — C:Program FilesMicrosoft WorksMSWorks.exe
O4 – GSPrograms: Microsoft Access.lnk . (…) — C:WINDOWSInstaller{9028040C-6000-11D3-8CFE-0050048383C9}accicons.exe
O4 – GSPrograms: Microsoft Excel.lnk . (…) — C:WINDOWSInstaller{9012040C-6000-11D3-8CFE-0050048383C9}xlicons.exe
O4 – GSPrograms: Microsoft FrontPage.lnk . (…) — C:WINDOWSInstaller{9028040C-6000-11D3-8CFE-0050048383C9}misc.exe
O4 – GSPrograms: Microsoft Outlook.lnk . (…) — C:WINDOWSInstaller{9012040C-6000-11D3-8CFE-0050048383C9}outicon.exe
O4 – GSPrograms: Microsoft PowerPoint.lnk . (…) — C:WINDOWSInstaller{9012040C-6000-11D3-8CFE-0050048383C9}pptico.exe
O4 – GSPrograms: Microsoft Word.lnk . (…) — C:WINDOWSInstaller{9012040C-6000-11D3-8CFE-0050048383C9}wordicon.exe
O4 – GSPrograms: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O4 – GSPrograms: Windows Movie Maker.lnk . (.Microsoft Corporation – Windows Movie Maker.) — C:Program FilesMovie Makermoviemk.exe
O4 – GSPrograms: Assistance à distance.lnk . (.Microsoft Corporation – Assistance à distance Microsoft.) — C:WINDOWSsystem32rcimlby.exe
O4 – GSPrograms: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSPrograms: Lecteur Windows Media.lnk . (.Microsoft Corporation – Lecteur Windows Media.) — C:Program FilesWindows Media Playerwmplayer.exe
O4 – GSPrograms: Outlook Express.lnk . (.Microsoft Corporation – Outlook Express.) — C:Program FilesOutlook Expressmsimn.exe
~ Global Startup: Scanned in 00mn 02s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: &Ajout Direct dans Windows Live Writer – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation – Windows Live Writer Blog This Extension.) — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 – Extra button: Visit AppsHat.com – {AAA38851-3CFF-475F-B5E0-720D3645E4A5} . (…) — C:Program FilesMinibariconsicon16.ico
O9 – Extra button: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} — Clé orpheline
O9 – Extra button: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Piratage de l’Option ‘Rétablir les paramètres Web’ (O14)
O14 – IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
~ IE Paramètres WEB: Scanned in 00mn 00s

—\ Objets ActiveX (Downloaded Program Files)(O16)
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab” onclick=”window.open(this.href);return false;
~ Objets ActiveX: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{541B8E00-9C0A-4023-884F-588C17673CE9}: DhcpNameServer = 192.168.1.254
O17 – HKLMSystemCS1ServicesTcpip..{541B8E00-9C0A-4023-884F-588C17673CE9}: DhcpNameServer = 192.168.1.254
O17 – HKLMSystemCS3ServicesTcpip..{541B8E00-9C0A-4023-884F-588C17673CE9}: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s

—\ Titr_HJT34=Protocole additionnel (O18)
O18 – Handler: wlmailhtml – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation – Windows Live Mail.) — C:Program FilesWindows LiveMailmailcomm.dll
O18 – Filter: text/webviewhtml – {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation – DLL commune du shell Windows.) — C:WINDOWSsystem32SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: crypt32chain . (.Microsoft Corporation – Crypto API32.) — C:WINDOWSsystem32crypt32.dll
O20 – Winlogon Notify: cryptnet . (.Microsoft Corporation – Crypto Network Related API.) — C:WINDOWSsystem32cryptnet.dll
O20 – Winlogon Notify: cscdll . (.Microsoft Corporation – Agent réseau hors connexion.) — C:WINDOWSsystem32cscdll.dll
O20 – Winlogon Notify: dimsntfy . (.Microsoft Corporation – DIMS Notification Handler.) — C:WINDOWSsystem32dimsntfy.dll
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WINDOWSsystem32igfxdev.dll
O20 – Winlogon Notify: ScCertProp . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: Schedule . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: sclgntfy . (.Microsoft Corporation – DLL secondaire de notification de service d.) — C:WINDOWSsystem32sclgntfy.dll
O20 – Winlogon Notify: SensLogn . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32WlNotify.dll
O20 – Winlogon Notify: termsrv . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: wlballoon . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
~ Winlogon: Scanned in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: (MBAMService) . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) – C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
O23 – Service: SRS WOWXT/TSXT Service (SRS_WOWXT_Service) . (.SRS Labs, Inc. – Service to handle post-installation details.) – C:Program FilesSRS LabsSRS WOW XT and TSXTSRS_PostInstaller.exe
~ Services: 9 Legitimates Filtered in 00mn 15s

—\ Enumération Active Desktop & MHTML Editor (O24)
O24 – Desktop Component 0: (no name) – file:file:///C:/DOCUME~1/Bretagne/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

—\ Tâches planifiées en automatique (O39)
O39 – APT:Automatic Planified Task – C:WINDOWSTasksEPUpdater.job [278]
O39 – APT:Automatic Planified Task – C:WINDOWSTasksGoforFilesUpdate.job [282] =>P2P.GoforFiles
O39 – APT:Automatic Planified Task – C:WINDOWSTasksLyrics Plus Update.job [366] =>Adware.AddLyrics
O39 – APT:Automatic Planified Task – C:WINDOWSTasksLyrics-Pal Update.job [356] =>Adware.AddLyrics
~ Scheduled Task: 8 Legitimates Filtered in 00mn 00s

—\ Logiciels installés (O42)
O42 – Logiciel: Boxore Client – (.Boxore OU.) [HKLM] — {CA2B24FD-EE10-42B9-B049-AA80268E7E21} =>Adware.Boxore
O42 – Logiciel: Lyrics Plus – (.Plus Add-on Software.) [HKLM] — {b6f4d32a-8066-470a-b12e-14cf2675282d} =>Adware.AddLyrics
O42 – Logiciel: Lyrics-Pal – (.LyricsPal Soft. LTD.) [HKLM] — {42974caa-fd59-4421-ad43-cf5e6a6bbd56} =>Adware.AddLyrics
~ Logic: 91 Legitimates Filtered in 00mn 01s

—\ HKCU & HKLM Software Keys
[HKCUSoftwareBI]
[HKCUSoftwareBabSolution] =>Hijacker.BabSolution
[HKCUSoftwareBabylonToolbar] =>Toolbar.Babylon
[HKCUSoftwareDataMngr] =>PUP.Datamngr
[HKCUSoftwareDataMngr_Toolbar] =>PUP.Datamngr
[HKCUSoftwareSomoto] =>Adware.MegaSearch
[HKLMSoftware868fdbb768e448]
[HKLMSoftwareASKINSTALLER]
[HKLMSoftwareBabylonToolbar] =>Toolbar.Babylon
[HKLMSoftwareDataMngr] =>PUP.Datamngr
[HKLMSoftwareMinibar]
[HKLMSoftwareTarma Installer] =>Toolbar.Tarma
[HKLMSoftwareWLAN]
~ Key Software: 152 Legitimates Filtered in 00mn 01s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 29/01/2011 – 00:00:58 – [6,162] —-D C:Program FilesIEAK
O43 – CFD: 26/08/2013 – 14:29:15 – [0,384] —-D C:Program FilesMinibar
O43 – CFD: 23/04/2013 – 13:17:07 – [0,062] —-D C:Program Filesmixiedj
O43 – CFD: 07/11/2010 – 14:58:58 – [18,762] —-D C:Program FilesORKTools
O43 – CFD: 26/08/2013 – 16:14:51 – [0] —-D C:Documents and SettingsAll UsersApplication DataBabylon =>Toolbar.Babylon
O43 – CFD: 16/08/2013 – 18:46:52 – [0,169] —-D C:Documents and SettingsAll UsersApplication DataBoxUpdChk
O43 – CFD: 26/08/2013 – 16:15:13 – [8,070] —-D C:Documents and SettingsAll UsersApplication DataBrowserDefender =>Hijacker.Eazel
O43 – CFD: 26/08/2013 – 16:50:38 – [1,048] —-D C:Documents and SettingsAll UsersApplication DataTarma Installer =>Toolbar.Tarma
O43 – CFD: 22/06/2010 – 20:36:24 – [0,002] —-D C:Documents and SettingsAll UsersApplication DataWLAN
O43 – CFD: 10/06/2012 – 20:19:16 – [0,003] —-D C:Documents and SettingsAll UsersApplication DataXWare
O43 – CFD: 26/08/2013 – 16:14:50 – [0,003] —-D C:Documents and SettingsBretagneApplication DataBabylon =>Toolbar.Babylon
O43 – CFD: 26/08/2013 – 15:28:38 – [0,003] —-D C:Documents and SettingsBretagneApplication DataMinibar
O43 – CFD: 10/06/2012 – 20:19:16 – [0,003] —-D C:Documents and SettingsBretagneApplication DataXWare
O43 – CFD: 26/08/2013 – 14:29:23 – [0,946] —-D C:Documents and SettingsBretagneLocal SettingsApplication DataMinibar
O43 – CFD: 25/04/2013 – 00:52:31 – [0,201] —-D C:Documents and SettingsBretagneLocal SettingsApplication DataUpdater19962 =>PUP.CrossRider
O43 – CFD: 26/08/2013 – 16:54:22 – [0,061] —-D C:Documents and SettingsBretagneLocal SettingsApplication DataWebPlayer
~ Program Folder: 160 Legitimates Filtered in 00mn 23s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.48616C31735824FEF79366A9E79F7409] – 26/08/2013 – 14:37:49 —A- . (…) — C:WINDOWSwiadebug.log [159]
O44 – LFC:[MD5.C94B738AAEE16A295A8B5861766DCF38] – 26/08/2013 – 14:37:35 —A- . (…) — C:WINDOWSwiaservc.log [50]
O44 – LFC:[MD5.6B785669A9C20A7A90DF95F95D006809] – 23/08/2013 – 01:07:49 —A- . (…) — C:UsbFix [Scan 20] MJKB.txt [6153]
O44 – LFC:[MD5.020B8DCE0BA439C08CF0250E0CF63839] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSFaxSetup.log [17808]
O44 – LFC:[MD5.C8F109970F5CFA6A689DDB593BBFC02F] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWScomsetup.log [6245]
O44 – LFC:[MD5.AEA2986D266F531C85F37A09854499FD] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSiis6.log [1960]
O44 – LFC:[MD5.6730A7F08728B3431EC147701D47103F] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSimsins.log [4566]
O44 – LFC:[MD5.41934423ABF980D38AA9C0A34C95C819] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSmsgsocm.log [1356]
O44 – LFC:[MD5.BEC9D232793E30CF95F60E340CAFD9C8] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSntdtcsetup.log [4909]
O44 – LFC:[MD5.8D51B5CCDC25B32532785385F279EF65] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSocgen.log [19604]
O44 – LFC:[MD5.EAAF5A9230E3EF40665A1FE647BF1F91] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWSocmsn.log [1771]
O44 – LFC:[MD5.2A3F78C2D6C450B9EB590406A4818690] – 22/08/2013 – 18:42:44 —A- . (…) — C:WINDOWStsoc.log [10238]
O44 – LFC:[MD5.896C6B3C1F7A0BD4FC6170EADA330685] – 22/08/2013 – 18:39:56 —A- . (…) — C:WINDOWSimsins.BAK [1917]
O44 – LFC:[MD5.FA45C9F4570D3A2747E875C67B904E43] – 22/08/2013 – 17:48:13 —A- . (…) — C:UsbFix [Clean 19] MJKB.txt [10519]
O44 – LFC:[MD5.FEC7712BA55B3C0A6D6D5E4D02F6AF66] – 22/08/2013 – 17:36:49


. (…) — C:UsbFix [Clean 18] MJKB.txt [10482]
O44 – LFC:[MD5.7094CC9372186AA764DF2F02CA3316A0] – 22/08/2013 – 15:26:10


. (…) — C:UsbFix [Clean 17] MJKB.txt [10040]
O44 – LFC:[MD5.317F70AD2419404FCB42F2B620D76933] – 22/08/2013 – 15:14:53


. (…) — C:UsbFix [Listing 9 ] MJKB.txt [5454]
O44 – LFC:[MD5.D7CBB8F6B3DB205020B07011A4EF5CA1] – 22/08/2013 – 15:10:20


. (…) — C:UsbFix [Listing 8 ] MJKB.txt [5385]
O44 – LFC:[MD5.B2B12A94824D6081D880EA7F3D2676B3] – 22/08/2013 – 14:49:52


. (…) — C:UsbFix [Clean 16] MJKB.txt [9617]
O44 – LFC:[MD5.918E75016872D5E4764DF8C3A7726092] – 22/08/2013 – 14:45:07


. (…) — C:UsbFix [Listing 7 ] MJKB.txt [5249]
O44 – LFC:[MD5.91962B57267976F66AB91AD2DC2DB51A] – 22/08/2013 – 14:35:56


. (…) — C:UsbFix [Clean 15] MJKB.txt [11452]
O44 – LFC:[MD5.1546B05A7F32F4A5D0EBB7D65F466AED] – 22/08/2013 – 14:31:29


. (…) — C:UsbFix [Listing 6 ] MJKB.txt [5112]
O44 – LFC:[MD5.6362A6126DDB221BF6AB01BA6DB03FB8] – 22/08/2013 – 14:28:26


. (…) — C:UsbFix [Listing 5 ] MJKB.txt [6204]
O44 – LFC:[MD5.8B955AC9AA39B12CB1176E1823FE36C1] – 22/08/2013 – 14:25:38


. (…) — C:UsbFix [Scan 18] MJKB.txt [7506]
O44 – LFC:[MD5.05B81747D5D2D2FD4DA475D5279738C4] – 21/08/2013 – 17:41:55


. (…) — C:UsbFix [Clean 14] MJKB.txt [10659]
O44 – LFC:[MD5.FC845A71D08D75F6F1D3CA6CD484171C] – 21/08/2013 – 17:37:18


. (…) — C:UsbFix [Clean 13] MJKB.txt [10420]
O44 – LFC:[MD5.28067A01BB1E2C9AEB798DD0EA43AB91] – 21/08/2013 – 17:30:36


. (…) — C:UsbFix [Scan 17] MJKB.txt [5765]
O44 – LFC:[MD5.5024ABCBD0BD3802F1C702D0BBE26A93] – 21/08/2013 – 17:28:25


. (…) — C:UsbFix [Listing 4 ] MJKB.txt [5867]
O44 – LFC:[MD5.890ED705D6CAE038E1C0A35AB2171FAF] – 21/08/2013 – 17:23:10


. (…) — C:UsbFix [Clean 12] MJKB.txt [10217]
O44 – LFC:[MD5.8F4CE5BA5E7DB67F0BFC7326BA545384] – 21/08/2013 – 17:16:14


. (…) — C:UsbFix [Clean 11] MJKB.txt [12119]
O44 – LFC:[MD5.0E52476635813398FB98868E481751D4] – 21/08/2013 – 17:06:44


. (…) — C:UsbFix [Listing 3 ] MJKB.txt [5662]
O44 – LFC:[MD5.EEEB62033E4E9918CAA2C09B95F97209] – 21/08/2013 – 16:20:15


. (…) — C:UsbFix [Clean 10] MJKB.txt [9966]
O44 – LFC:[MD5.BA98F432C09CAC39E8F475E283CA59ED] – 21/08/2013 – 16:15:24


. (…) — C:UsbFix [Clean 9] MJKB.txt [10362]
O44 – LFC:[MD5.6B5F56095093F251CC961A91CED5E1E1] – 21/08/2013 – 11:40:12


. (…) — C:UsbFix [Clean 8] MJKB.txt [10360]
O44 – LFC:[MD5.C370CFA908485F8977C1C7615FC4AF86] – 21/08/2013 – 11:36:04


. (…) — C:UsbFix [Scan 15] MJKB.txt [6191]
O44 – LFC:[MD5.02F3EF2D61A0981337D12FCED09BDB99] – 21/08/2013 – 11:34:14


. (…) — C:UsbFix [Scan 14] MJKB.txt [6190]
O44 – LFC:[MD5.1BA528BC459BB3786A197FD3742E25E7] – 21/08/2013 – 00:57:21


. (…) — C:UsbFix [Clean 7] MJKB.txt [11847]
O44 – LFC:[MD5.CC69773D7C40497B4335281B614A6C1B] – 21/08/2013 – 00:52:56


. (…) — C:UsbFix [Scan 13] MJKB.txt [7677]
O44 – LFC:[MD5.343B04498E038140F760BC0DE2E59015] – 21/08/2013 – 00:46:10


. (…) — C:UsbFix [Scan 12] MJKB.txt [7677]
O44 – LFC:[MD5.4C46ACBDE5054557E3DEC64BB2920F64] – 21/08/2013 – 00:43:00


. (…) — C:UsbFix [Scan 11] MJKB.txt [7677]
O44 – LFC:[MD5.65DC6632ABF3FCF5881C983D9A2F45F7] – 20/08/2013 – 22:56:34


. (…) — C:UsbFix [Scan 10] MJKB.txt [7501]
O44 – LFC:[MD5.FE2340286837A393CA0A3AE9307B70D6] – 20/08/2013 – 22:54:44


. (…) — C:UsbFix [Scan 9] MJKB.txt [7501]
O44 – LFC:[MD5.39CCB3B1C026A6E89DB2E1BE44BC1DF5] – 20/08/2013 – 22:21:03


. (…) — C:UsbFix [Clean 6] MJKB.txt [9331]
O44 – LFC:[MD5.B27322B288857CC56F9E59FC15163F54] – 20/08/2013 – 22:16:45


. (…) — C:UsbFix [Clean 5] MJKB.txt [9266]
O44 – LFC:[MD5.CAD40AAE383155E0EE26BBA4044FB06E] – 20/08/2013 – 22:12:50


. (…) — C:UsbFix [Scan 8] MJKB.txt [5804]
O44 – LFC:[MD5.F90EBA89A6F93CEF51426C3732AA0846] – 20/08/2013 – 22:10:48


. (…) — C:UsbFix [Scan 7] MJKB.txt [5805]
O44 – LFC:[MD5.174F0FDF6D10BB199633C65FE2F2EA90] – 20/08/2013 – 21:59:17


. (…) — C:UsbFix [Scan 6] MJKB.txt [5805]
O44 – LFC:[MD5.44351144602772E6836104433DD2A28F] – 20/08/2013 – 21:52:08


. (…) — C:UsbFix [Scan 5] MJKB.txt [5805]
O44 – LFC:[MD5.972021C0BF529F1158BAB1737556FD35] – 20/08/2013 – 21:49:50


. (…) — C:UsbFix [Clean 4] MJKB.txt [11016]
O44 – LFC:[MD5.32FD1C1C13B32BDE770FACD2F952AC17] – 20/08/2013 – 21:45:21


. (…) — C:UsbFix [Scan 4] MJKB.txt [7581]
O44 – LFC:[MD5.4DF9E1B70B0395C0AA0E8354C5652999] – 20/08/2013 – 21:29:42


. (…) — C:UsbFix [Clean 3] MJKB.txt [8994]
O44 – LFC:[MD5.B328DFEB202BBC6417B60582004973AE] – 20/08/2013 – 21:26:47


. (…) — C:UsbFix [Scan 3] MJKB.txt [5964]
O44 – LFC:[MD5.1501D415C86D6A2C14858968DA32BCF8] – 20/08/2013 – 21:23:45


. (…) — C:UsbFix [Clean 2] MJKB.txt [8862]
O44 – LFC:[MD5.3E8BD0694B9A6ED7AE1077F6D28F2061] – 20/08/2013 – 21:18:37


. (…) — C:UsbFix [Clean 1] MJKB.txt [11124]
O44 – LFC:[MD5.201C7C6167E040DCA4F6239CA3FA037B] – 20/08/2013 – 21:09:27


. (…) — C:UsbFix [Scan 2] MJKB.txt [8070]
O44 – LFC:[MD5.C16A94CDA3E0B99DE1C880122B21B809] – 20/08/2013 – 21:03:04


. (…) — C:UsbFix [Listing 2 ] MJKB.txt [3886]
O44 – LFC:[MD5.AC3D4F8AAD4C824A4E4A463ED4CEC2B1] – 20/08/2013 – 21:02:08


. (…) — C:UsbFix [Listing 1 ] MJKB.txt [3817]
O44 – LFC:[MD5.A703F2D9070F9BEC6F54DB4EE80DC9A9] – 20/08/2013 – 21:00:27


. (…) — C:UsbFix [Scan 1] MJKB.txt [7907]
O44 – LFC:[MD5.937777DBF9D14CA516322D64B030A497] – 16/08/2013 – 02:10:06 —A- . (…) — C:WINDOWSsystem32TZLog.log [23712]
~ Files: 76 Legitimates Filtered in 01mn 33s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.D251FF0A85573CC832AAAFDF52BA1366] – 20/08/2013 – 22:36:58 —A- – C:WINDOWSPrefetchSSFLWBOX.SCR-00C6F4BF.pf
O45 – LFCP:[MD5.8AA95728A7C2A5B34312AED525031601] – 23/08/2013 – 01:04:41 —A- – C:WINDOWSPrefetchGO.EXE-2DCC3FAB.pf
O45 – LFCP:[MD5.1ED4A59650EFF110647C8CC4C7A0C54E] – 23/08/2013 – 21:03:01 —A- – C:WINDOWSPrefetchBOXORE.EXE-2493A27E.pf =>Adware.Boxore
O45 – LFCP:[MD5.4432395CA35830AC23B2FE3495BA3E92] – 25/08/2013 – 19:06:17 —A- – C:WINDOWSPrefetchSUPREME SAVINGS-BG.EXE-36D71DB8.pf =>PUP.RewardsArcade
O45 – LFCP:[MD5.A508515EC45775307AB1C419DE477E5B] – 26/08/2013 – 11:37:16 —A- – C:WINDOWSPrefetchSUPREME SAVINGS.EXE-023257F5.pf =>PUP.RewardsArcade
O45 – LFCP:[MD5.9481E75CB06930331E001712BC2A7CB7] – 26/08/2013 – 11:39:00 —A- – C:WINDOWSPrefetchSOFTWARECRASHHANDLER.EXE-0425ECA6.pf
O45 – LFCP:[MD5.F8C7A66B2D2A298967C8343C1FE5033E] – 26/08/2013 – 12:35:04 —A- – C:WINDOWSPrefetchLRCSPLS.EXE-18B9133F.pf
O45 – LFCP:[MD5.D902AEA64786C42DA5FF58B0AEEBD694] – 26/08/2013 – 12:35:16 —A- – C:WINDOWSPrefetchBATTERYMANAGER.EXE-1658E718.pf
O45 – LFCP:[MD5.F6ED459CF7D49E7EC460B48DC8E61F4F] – 26/08/2013 – 12:35:21 —A- – C:WINDOWSPrefetchEASYSPEEDUPMANAGER2.EXE-363852B6.pf
O45 – LFCP:[MD5.DA74447FACF8DC07AA89DC76E60265EF] – 26/08/2013 – 12:35:22 —A- – C:WINDOWSPrefetchSUPBACKGROUND.EXE-32DA3BFE.pf
O45 – LFCP:[MD5.A4DAE50F7713862277A68714B7640B1C] – 26/08/2013 – 12:35:23 —A- – C:WINDOWSPrefetchLYRICSPLS.EXE-06E48AB4.pf =>Adware.AddLyrics
O45 – LFCP:[MD5.755520E716E07A05EE36D9DF7F30501D] – 26/08/2013 – 12:35:28 —A- – C:WINDOWSPrefetchDMLOADER.EXE-126D6CC1.pf
O45 – LFCP:[MD5.E12AC658050CBCECF735DE38821F5732] – 26/08/2013 – 12:35:38 —A- – C:WINDOWSPrefetchDMHKCORE.EXE-2FDBB09D.pf
O45 – LFCP:[MD5.23C4D043450BFB31FB6D9BD62765A5C3] – 26/08/2013 – 12:35:49 —A- – C:WINDOWSPrefetchBATTERYLIFEEXTENDER.EXE-24D86617.pf
O45 – LFCP:[MD5.0DF892C85FCBC5178B42F7B2969B054C] – 26/08/2013 – 12:36:05 —A- – C:WINDOWSPrefetchUPDATER19962.EXE-2D2C866D.pf
O45 – LFCP:[MD5.95DF40A29E3D7798E9A4B0275BC0EC24] – 26/08/2013 – 12:36:11 —A- – C:WINDOWSPrefetchSQLMANGR.EXE-19670CF9.pf
O45 – LFCP:[MD5.02C9DF6F06C7C155C53CF21A80436B61] – 26/08/2013 – 12:36:12 —A- – C:WINDOWSPrefetchMSNOTIF.EXE-2CBCBEF4.pf
O45 – LFCP:[MD5.1F6DA1A96B835664DED860928B433F30] – 26/08/2013 – 13:29:05 —A- – C:WINDOWSPrefetchLYRICSPAL_1060-8101_V122.EXE-0E2A197A.pf =>Adware.AddLyrics
O45 – LFCP:[MD5.E9F59BAF53E771AA59DDF22AD18F2D30] – 26/08/2013 – 13:29:14 —A- – C:WINDOWSPrefetchLYRICS.EXE-0DB3C90C.pf =>Adware.AddLyrics
O45 – LFCP:[MD5.93A6238700337CC8DFE67BE85355189B] – 26/08/2013 – 13:29:17 —A- – C:WINDOWSPrefetchAPPSHAT-DISTRIBUTION.EXE-0479C4BD.pf
O45 – LFCP:[MD5.EBD6711B2A2A98ACC22FAE63968C5007] – 26/08/2013 – 13:29:17 —A- – C:WINDOWSPrefetchNS11.TMP-22531237.pf
O45 – LFCP:[MD5.87A013BF720734215BB1DCDEBBBCC397] – 26/08/2013 – 13:29:22 —A- – C:WINDOWSPrefetchMINIBAR.EXE-0B9EBD16.pf
O45 – LFCP:[MD5.7B1828C62C6223B534972C1BE3D63776] – 26/08/2013 – 14:37:45 —A- – C:WINDOWSPrefetchSRS_POSTINSTALLER.EXE-07ACEA63.pf
~ Prefetcher: 129 Legitimates Filtered in 00mn 01s

—\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 – SEH:ShellExecuteHooks – URL Exec Hook – {AEB6717E-7E19-11d0-97EE-00C04FD91972} – shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

—\ Export de clé d’application autorisée (O47)
O47 – AAKE:Key Export SP – “C:Program FilesGoforFilesgoforfilesdl.exe” [Enabled] .(…) — C:Program FilesGoforFilesgoforfilesdl.exe (.not file.) =>P2P.GoforFiles
O47 – AAKE:Key Export SP – “C:Program FilesGoforFilesGoforFiles.exe” [Enabled] .(…) — C:Program FilesGoforFilesGoforFiles.exe (.not file.) =>P2P.GoforFiles
O47 – AAKE:Key Export SP – “C:UsbFixGo.exe” [Enabled] .(.Pas de propriétaire.) — C:UsbFixGo.exe
~ Keys Export: 14 Legitimates Filtered in 00mn 03s

—\ Image File Execution Options (IFEO) (O50)
O50 – IFEO:Image File Execution Options – Your Image File Name Here without a path – ntsd -d
~ IFEO: Scanned in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.267FC636801EDC5AB28E14036349E3BE] – 18/11/2009 – 15:16:00 —A- . (.Creative – Creative WDM 3D Audio Driver.) — C:WINDOWSsystem32DriversAmbfilt.sys [1691480]
O58 – SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] – 14/04/2008 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ansi.sys [9037]
~ Drivers: 5 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 23/08/2013 – 00:50:46 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_149563041514.xml [10042]
O61 – LFC: 23/08/2013 – 08:31:50 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbar Cache7.5.4209.2358frtranslate_languages.json.content [1497]
O61 – LFC: 23/08/2013 – 21:02:23 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_162682205354.xml [12221]
O61 – LFC: 25/08/2013 – 20:02:48 -SHA- . (…) — C:Documents and SettingsBretagneApplication DataMicrosoftInternet ExplorerUserDataindex.dat [32768]
O61 – LFC: 26/08/2013 – 12:20:20 —A- . (…) — C:Documents and SettingsBretagneBureauMBAM-log-2013-08-26 (13-18-57).txt [20098]
O61 – LFC: 26/08/2013 – 12:20:20 —A- . (…) — C:Documents and SettingsBretagneRecentMBAM-log-2013-08-26 (13-18-57).lnk [619]
O61 – LFC: 26/08/2013 – 13:07:00 —A- . (…) — C:Documents and SettingsBretagneBureauadwcleaner.exe [994642]
O61 – LFC: 26/08/2013 – 13:27:53 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_3723752548.xml [9271]
O61 – LFC: 26/08/2013 – 13:29:07 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultpreferences [78261]
O61 – LFC: 26/08/2013 – 13:29:07 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication Dataavgchromeavgp [78261]
O61 – LFC: 26/08/2013 – 13:29:12 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMinibarUninstall.exe [44277]
O61 – LFC: 26/08/2013 – 13:29:21 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultextensions{97A78363-B868-4B48-AC91-A783A31215AF}chromecontentcontent.xul [3038]
O61 – LFC: 26/08/2013 – 13:29:21 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultextensions{97A78363-B868-4B48-AC91-A783A31215AF}chromecontentextension_info.json [376]
O61 – LFC: 26/08/2013 – 13:29:21 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultextensions{97A78363-B868-4B48-AC91-A783A31215AF}chromecontentinitial_config.json [440]
O61 – LFC: 26/08/2013 – 13:29:21 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultextensions{97A78363-B868-4B48-AC91-A783A31215AF}install.rdf [811]
O61 – LFC: 26/08/2013 – 13:29:21 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMinibarfirefoxchromecontentcontent.xul [3038]
O61 – LFC: 26/08/2013 – 13:29:21 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMinibarfirefoxchromecontentextension_info.json [376]
O61 – LFC: 26/08/2013 – 13:29:21 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMinibarfirefoxchromecontentinitial_config.json [440]
O61 – LFC: 26/08/2013 – 13:29:21 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMinibarfirefoxinstall.rdf [811]
O61 – LFC: 26/08/2013 – 13:29:23 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultextensions.sqlite [458752]
O61 – LFC: 26/08/2013 – 13:29:48 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataWebPlayerUninstall.exe [64142]
O61 – LFC: 26/08/2013 – 14:28:30 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataLocal State [24417]
O61 – LFC: 26/08/2013 – 14:29:25 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_16900701131.xml [4080]
O61 – LFC: 26/08/2013 – 14:29:25 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMicrosoftInternet Explorerframeiconcache.dat [7492]
O61 – LFC: 26/08/2013 – 14:36:18 -SHA- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataMicrosoftCredentialsS-1-5-21-532639649-2019491048-2505128532-1005Credentials [370]
O61 – LFC: 26/08/2013 – 15:12:50 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_7913243153.xml [8019]
O61 – LFC: 26/08/2013 – 15:12:55 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_7929303826.xml [8695]
O61 – LFC: 26/08/2013 – 15:14:54 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleChromeUser DataDefaultCookies [25600]
O61 – LFC: 26/08/2013 – 15:15:02 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultcookies.sqlite [1048576]
O61 – LFC: 26/08/2013 – 15:15:30 —A- . (…) — C:Documents and SettingsBretagneApplication DataBabylonlog_file.txt [3475] =>Toolbar.Babylon
O61 – LFC: 26/08/2013 – 15:48:25 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultprefs.js [7155]
O61 – LFC: 26/08/2013 – 15:48:53 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_15648585209.xml [6258]
O61 – LFC: 26/08/2013 – 15:50:59 —A- . (…) — C:Documents and SettingsBretagneApplication DataMozillaFirefoxProfileso0k85q7f.defaultuser.js [53]
O61 – LFC: 26/08/2013 – 15:51:28 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_16201793910.xml [6590]
O61 – LFC: 26/08/2013 – 15:52:27 -SHA- . (…) — C:Documents and SettingsBretagneApplication DataMicrosoftInternet ExplorerDesktop.htt [2794]
O61 – LFC: 26/08/2013 – 15:53:49 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_16703706965.xml [6363]
O61 – LFC: 26/08/2013 – 15:54:53 -SHA- . (…) — C:Documents and SettingsBretagnePrivacIEindex.dat [16187392]
O61 – LFC: 26/08/2013 – 15:55:10 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_16992118486.xml [7576]
O61 – LFC: 26/08/2013 – 15:55:15 —A- . (…) — C:Documents and SettingsBretagneApplication DataMinibar84aa9af4de1e6192dc4b9dbf179837fc [10]
O61 – LFC: 26/08/2013 – 15:55:15 —A- . (…) — C:Documents and SettingsBretagneApplication DataMinibaraf09d0924736ea4a9e63f535b85c2648 [8]
O61 – LFC: 26/08/2013 – 15:55:15 —A- . (…) — C:Documents and SettingsBretagneApplication DataMinibard4a168eac5857656408c740918891943 [32]
O61 – LFC: 26/08/2013 – 15:55:15 —A- . (…) — C:Documents and SettingsBretagneApplication DataMinibaredfa3fb066612f39394b7d4c7bb2c28f [32]
O61 – LFC: 26/08/2013 – 15:55:33 —A- . (…) — C:Documents and SettingsBretagneApplication DataMinibar9a2f9a664501565866aceb15179c1699 [886]
O61 – LFC: 26/08/2013 – 15:55:33 -SHA- . (…) — C:Documents and SettingsBretagneIETldCacheindex.dat [262144]
O61 – LFC: 26/08/2013 – 15:55:45 —A- . (…) — C:Documents and SettingsBretagneApplication DataMinibar80d702918c7c9962dac9fed5df6a5718 [2670]
O61 – LFC: 26/08/2013 – 15:55:50 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_17136839246.xml [10180]
O61 – LFC: 26/08/2013 – 15:55:54 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbarmetrics_17150870296.xml [8228]
O61 – LFC: 26/08/2013 – 15:56:01 —A- . (…) — C:Documents and SettingsBretagneLocal SettingsApplication DataGoogleToolbar DNS datadata [67725]
~ 53 Fichiers temporaires (Temporary files)
~ 224 Fichiers cookies (Cookies files)
~ Files: 615 Legitimates Filtered in 03mn 11s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – SosVirus.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1
~ ADS: Scanned in 00mn 00s

—\ Liste les services legacy du registre (LALS) (O64)
O64 – Services: CurCS – 27/10/2005 – Pas de propriétaire (DOSMEMIO) .(…) – LEGACY_DOSMEMIO
O64 – Services: CurCS – 06/08/2009 – C:Program FilesSRS LabsSRS WOW XT and TSXTSRS_PostInstaller.exe (SRS_WOWXT_Service) .(.SRS Labs, Inc. – Service to handle post-installation details.) – LEGACY_SRS_WOWXT_SERVICE
~ Legacy: 143 Legitimates Filtered in 00mn 04s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] ${searchCLSID} – (@ieframe.dll,-12512) – http://search.live.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} – (Babylon Search) – http://search.babylon.com” onclick=”window.open(this.href);return false; =>Toolbar.Babylon
O69 – SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} [DefaultScope] – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.269D66BE95976ABC08FC6A2864873B06] [SPRF][10/06/2012] (…) — C:Documents and SettingsBretagneApplication Datawklnhst.dat [140]
[MD5.F7AF924D0D951FF8F7B05AD2E4FF50D3] [SPRF][26/08/2013] (…) — C:Documents and SettingsBretagneBureauadwcleaner.exe [994642]
[MD5.4754539F6D178B84DE28DBCBE7CDA23A] [SPRF][12/04/2013] (…) — C:Documents and SettingsBretagneBureauavira_free_antivirus.exe [2092792]
[MD5.9941443D6A4C2DAE26582731B61444D4] [SPRF][12/04/2013] (.Piriform Ltd – CCleaner Installer.) — C:Documents and SettingsBretagneBureauccsetup400.exe [4316280] =>Piriform Ltd
[MD5.2DFB1094CD2578E7A760D04DDA2651A1] [SPRF][12/03/2011] (…) — C:Program FilesQlogigra20.exe [12733237]
~ Files: 10 Legitimates Filtered in 00mn 07s

—\ Enumère les codes produits des logiciels (PUC) (O90)
O90 – PUC: “DF42B2AC01EE9B240B94AA0862E8E712” . (.Boxore Client.) — C:WINDOWSInstaller{CA2B24FD-EE10-42B9-B049-AA80268E7E21}boxore.ico =>Adware.Boxore
~ Update Products: 58 Legitimates Filtered in 00mn 00s

—\ Export de clés de registre aléatoires (O91)
[HKLMSoftware868fdbb768e448] => Clé orpheline
~ Export Key Software: Scanned in 00mn 00s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.42E11F7095F9D26DE9C014B19B558142] [WIS][16/08/2013] (.Boxore OU – Boxore Client Installer.) — C:WindowsInstaller333bed3.msi [474624] =>Adware.Boxore
~ WIS: 58 Legitimates Filtered in 00mn 09s