Répondre à : Virus Bagle 2016-09-08T13:11:26+00:00
smeggy
Participant
Nombre d'articles : 9

Pc toujours pareil
~ Rapport de ZHPDiag v2013.10.27.68 – Nicolas Coolman (27/10/2013)
~ Lancé par Christian (27/10/2013 10:23:44)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC):

—\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721 (Defaut)
MFIE: Mozilla Firefox 23.0.1
GCIE: Google Chrome v30.0.1599.101

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client FR-FR Language Pack v2.1.1116.0
Windows Defender W7

—\ Logiciels d’optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI

—\ Informations sur le système
~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (67% free)
System Restore: Désactivé (Disabled)
System drive C: has 541 GB (58%) free of 920 GB

—\ Mode de connexion au système
~ Computer Name: CHRISTIAN-PC
~ User Name: Christian
~ All Users Names: HomeGroupUser$, Christian, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UsersChristianAppDataRoamingZHP
~ %AppData% : C:UsersChristianAppDataRoaming
~ %Desktop% : C:UsersChristianDesktop
~ %Favorites% : C:UsersChristianFavorites
~ %LocalAppData% : C:UsersChristianAppDataLocal
~ %StartMenu% : C:UsersChristianAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 541 Go of 920 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 12 Go)
E: CD-ROM drive (Not Inserted)

—\ Etat du Centre de Sécurité Windows
~ Security Center: 48 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.22/09/2013 – 23:55:10.) — C:WindowsSystem32wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:30.) — C:WindowsSystem32Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.14/09/2013 – 02:10:19.) — C:Windowssystem32DriversAFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/1242
~ Mes musiques (My Musics) : 5/547
~ Mes Videos (My Videos) : 2/1082
~ Mes Favoris (My Favorites) : 1/308
~ Mes Documents (My Documents) : 3/3687
~ Mon Bureau (My Desktop) : 2/49
~ Menu demarrer (Programs) : 1/76
~ Hidden Files: Scanned in 00mn 12s

—\ Processus lancés
[MD5.B80293D462EC959097A940D70C857BC3] – (.Orange – Executable Orange Inside.) — C:UsersChristianAppDataRoamingOrangeOrangeInsideoneOrangeInside.exe [1530008] [PID.1876]
[MD5.D6D36A01E927480C19333C5A7FB8DE49] – (…) — C:Program Files (x86)OrangeOrange InstallerOrangeInstaller.exe [525248] [PID.1884]
[MD5.5478A1AA166146E113FB8A517749887F] – (.Orange-France – Le Cloud d’Orange – Transfert de fichiers.) — C:UsersChristianAppDataLocalLe Cloud Orangeomclient.exe [1168160] [PID.1164]
[MD5.9ABF368A2DA03C6852C353D837D374AB] – (.eMPIA Technology, Inc. – BDA Monitor Application.) — C:Program Files (x86)USB_video_deviceDriverDriver32emmon.exe [81408] [PID.1540]
[MD5.F0EA603E7B91046CA48EA4B3593A007D] – (.Micro Application – Pas de description.) — C:Program Files (x86)Micro ApplicationLauncherMA.exe [485376] [PID.2068]
[MD5.554A50B5310E702029D3A675459108FF] – (.Hewlett-Packard – hpsysdrv.) — C:Program Files (x86)Hewlett-PackardHP Odometerhpsysdrv.exe [62768] [PID.2420]
[MD5.5516C26A6AF8EB4E2CAB48EC98A74398] – (.Hewlett-Packard – hpwuSchd Application.) — C:Program Files (x86)hpHP Software Updatehpwuschd2.exe [54576] [PID.2528]
[MD5.255E405D801CF01247390F38F92D8042] – (…) — C:Program Files (x86)UnlockerUnlockerAssistant.exe [17408] [PID.2596]
[MD5.03C217B77BCA3F50A8B8A300C2E5BC4A] – (.IVT Corporation – Bluetooth Application.) — C:Program Files (x86)IVT CorporationBlueSoleilBtTray.exe [319574] [PID.2604]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamgui.exe [532040] [PID.2764]
[MD5.A9A5CDFDA52257DB4488F457C3F4022A] – (.American Power Conversion Corporation – PowerChute system tray power icon.) — C:Program Files (x86)APCAPC PowerChute Personal Editionapcsystray.exe [417855] [PID.4076]
[MD5.084D14D1283EC4D78A1D0B8C3D0187DD] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8137728] [PID.456]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1356]
[MD5.DC45AB27932447B598848B10650313C5] – (.American Power Conversion Corporation – Battery backup management service.) — C:Program Files (x86)APCAPC PowerChute Personal Editionmainserv.exe [176193] [PID.1380]
[MD5.7EF47644B74EBE721CC32211D3C35E76] – (.Apple Inc. – MobileDeviceService.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [55144] [PID.1424]
[MD5.18D87D378D3C7DFBB045C9753A3632E8] – (.IVT Corporation – Bluetooth Application.) — C:Program Files (x86)IVT CorporationBlueSoleilBlueSoleilCS.exe [1765484] [PID.1936]
[MD5.CF7B0E597C1F34E528285495721DEEE9] – (.Google Inc. – Google Crash Handler.) — C:Program Files (x86)GoogleUpdate1.3.21.165GoogleCrashHandler.exe [237960] [PID.1976]
[MD5.1786949693843A089918AE2CC105D7D6] – (.Google Inc. – Processus relatif à l’hôte.) — C:Program Files (x86)GoogleChrome Remote Desktop30.0.1599.56remoting_host.exe [50128] [PID.1580]
[MD5.2DFB151FD34DF104DAC0ADF070EDA83C] – (.Hewlett-Packard Company – HP Quick Synchronization Service.) — C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe [92216] [PID.2404]
[MD5.2238B91AC1A12CC6CC4C4FED41258B2A] – (.Hewlett-Packard Company – LightScribe Service.) — c:Program Files (x86)Common FilesLightScribeLSSrvc.exe [73728] [PID.2484]
[MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe [418376] [PID.2568]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe [701512] [PID.2664]
[MD5.20372BE109FEE1C37E2D5216680DB9EB] – (.pdfforge GmbH – PDF Architect Helper Service.) — C:Program Files (x86)PDF ArchitectHelperService.exe [1320496] [PID.2912]
[MD5.B90A279073A815A4AA2C45A09EE004FA] – (.pdfforge GmbH – PDF Architect Conversion Service.) — C:Program Files (x86)PDF ArchitectConversionService.exe [799280] [PID.2952]
[MD5.AE6C778717DE2F6B0C0B5335036D3363] – (.Sony Corporation – Device Information Provider.) — C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe [430136] [PID.3012]
~ Processes Running: Scanned in 00mn 00s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersChristianAppDataLocalGoogleChromeUser DataDefaultPreferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:UsersChristianAppDataRoamingMozillaFirefoxProfilesv3d57zdy.defaultprefs.js
M2 – MFEP: prefs.js [Christian – v3d57zdy.default{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}] [] Forecastfox v2.2.2 (..)
~ Firefox Browser: 30 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1

—\ Internet Explorer Toolbars (O3)
O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: Advanced Driver Updater.lnk . (…) — C:Program Files (x86)Advanced Driver Updateradu.exe (.not file.) =>PUP.AdvancedDriverUpdater
O4 – GSDesktop [Public]: BlueSoleil Space.lnk . (…) — C:Program Files (x86)IVT CorporationBlueSoleilBlueSoleil.exe
O4 – GSDesktop [Public]: InPixio Photo Clip.lnk . (…) — C:Program Files (x86)InPixio Photo ClipInPixio Photo Clip.exe
O4 – GSDesktop [Public]: OpenOffice 4.0.0.lnk . (.Apache Software Foundation – OpenOffice 4.0.0.) — C:Program Files (x86)OpenOffice 4programsoffice.exe
O4 – GSDesktop [Public]: PMB Launcher.lnk . (.Sony Corporation – PMB Launcher.) — C:Program Files (x86)SonyPMBPMBLauncher.exe
O4 – GSDesktop [Public]: Prism.lnk . (.NCH Software – Prism – Convertisseur de fichiers vidéo.) — C:Program Files (x86)NCH SoftwarePrismprism.exe
O4 – GSDesktop [Public]: Speccy.lnk . (.Piriform Ltd – Speccy.) — C:Program FilesSpeccySpeccy64.exe
O4 – GSDesktop [Public]: SUPER ©.lnk . (.eRightSoft – SUPER © – Simplified Universal Player Encod.) — C:Program Files (x86)eRightSoftSUPERSUPER.exe
O4 – GSProgram [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. – IncrediMail Application.) — C:Program Files (x86)IncrediMailBinIncMail.exe
O4 – GSProgram [Public]: Magic Desktop.lnk . (.EasyBits Software AS – EasyBits Security Shield.) — C:Program Files (x86)EasyBits For KidsezSecShield.exe =>.EasyBits Software AS
O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O4 – GSProgram [Public]: Switch, Convertisseur de fichiers audio.lnk . (.NCH Software – Switch, Convertisseur de fichiers audio.) — C:Program Files (x86)NCH Swift SoundSwitchswitch.exe
O4 – GSQuickLaunch [Christian]: Free Ringtone Maker.lnk . (…) — C:Program Files (x86)Free Ringtone MakerFreeRingtoneMaker.exe =>Adware.SPointer
O4 – GSQuickLaunch [Christian]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [Christian]: IncrediMail 2.0.lnk . (.IncrediMail, Ltd. – IncrediMail Application.) — C:Program Files (x86)IncrediMailBinIncMail.exe
O4 – GSQuickLaunch [Christian]: Jouer à HP Games.lnk . (.WildTangent, Inc. – GameConsole.) — C:Program Files (x86)HP GamesHP Game ConsoleGameConsole-wt.exe
O4 – GSQuickLaunch [Christian]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSQuickLaunch [Christian]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O4 – GSQuickLaunch [Christian]: RealArcade.lnk . (.RealNetworks – RealArcade.) — C:Program Files (x86)RealRealArcadeRNArcade.exe
O4 – GSTaskBar [Christian]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSTaskBar [Christian]: HPAdvisor.lnk . (.Hewlett-Packard – HP Advisor.) — C:Program Files (x86)Hewlett-PackardHP AdvisorHPAdvisor.exe
O4 – GSTaskBar [Christian]: IncrediMail.lnk . (.IncrediMail, Ltd. – IncrediMail Application.) — C:Program Files (x86)IncrediMailBinIncMail.exe
O4 – GSTaskBar [Christian]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O4 – GSProgram [Christian]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSSystemTools [Christian]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSSendTo [Christian]: Bluetooth.lnk – Clé orpheline
O4 – GSSendTo [Christian]: Unlocker.lnk . (…) — C:Program FilesUnlockerUnlocker.exe
O4 – GSDesktop [Christian]: amazingadventures.lnk . (.RealNetworks – Wrapper Application.) — C:My GamesAmazing Adventures Around the World(TM)amazingadventures2_r1a.exe
O4 – GSDesktop [Christian]: aquasphere.lnk . (.RealNetworks – Wrapper Application.) — C:My GamesAquaSphereaquasphere_r1a.exe
O4 – GSDesktop [Christian]: Assistance Livebox.lnk . (.Orange – Assistance Livebox.) — C:Program Files (x86)OrangeAssistance LiveboxAssistanceLivebox.exe
O4 – GSDesktop [Christian]: CamApp.lnk . (.UVC – CamApp, Video capture tool.) — C:Program Files (x86)UVC Like DriverCamApp.exe
O4 – GSDesktop [Christian]: Compte chèques postal.lnk . (…) — C:Program Files (x86)BankPerfectBankPerfectCompte chèques postal.bp (.not file.)
O4 – GSDesktop [Christian]: DivX Converter.lnk . (.DivX, Inc. – DivX Converter.) — C:Program Files (x86)DivXDivX ConverterDivXConverterLauncher.exe
O4 – GSDesktop [Christian]: EnigmaAgency_TheCaseofShadowsCE.lnk . (…) — C:UsersChristianDocumentsJeux TéléchargésEnigma Agency – Le Chaos des Ombres Edition CollectorEnigmaAgency_TheCaseofShadowsCE.exe
O4 – GSDesktop [Christian]: IJ Scan Utility.lnk . (.CANON INC. – Canon IJ Scan Utility.) — C:Program Files (x86)CanonIJ Scan UtilitySCANUTILITY.exe
O4 – GSDesktop [Christian]: Mallette magique.lnk . (…) — C:UsersChristianDocumentsMallette magique
O4 – GSDesktop [Christian]: Mystery Case Files.lnk . (.Macromedia, Inc. – Macromedia Projector.) — C:Program FilesZylom GamesMystery Case Filesmysterycasefiles.exe
O4 – GSDesktop [Christian]: mysterypithenewyorkfortune.lnk . (.RealNetworks – Wrapper Application.) — C:My GamesMystery P.I.(TM) – The New York Fortune – FRmysterypithenewyorkfortune_r1a.exe
O4 – GSDesktop [Christian]: mysteryville2.lnk . (…) — C:UsersChristianDocumentsJeux Téléchargésmysteryville2.exe
O4 – GSDesktop [Christian]: Orange mes contenus.lnk . (.F-Secure – Orange mes contenus.) — C:Program FilesOrangeOrange mes contenusOrangeSC.exe
O4 – GSDesktop [Christian]: Ricochet-LostWorld.lnk . (…) — C:Program Files (x86)BoontyGamesRicochet-LostWorldRicochet.exe
O4 – GSDesktop [Christian]: Sauvegarde bp.lnk . (…) — C:UsersChristianDocumentsSauvegarde bp.bp
O4 – GSDesktop [Christian]: Sauvegarde épargne.lnk . (…) — C:UsersChristianDocumentsSauvegarde épargne.bp
O4 – GSDesktop [Christian]: The Heritage.lnk . (…) — C:Program Files (x86)The HeritageHeritage.exe
O4 – GSDesktop [Christian]: Transferts vers le Cloud d’Orange.lnk . (…) — C:UsersChristianDocumentsTransferts vers le Cloud d’Orange
O4 – GSDesktop [Christian]: XtrCtrlEx.lnk . (.Guillemot Corporation S.A. – Hercules Xtra Controller Main Application.) — C:Program Files (x86)HerculesDualPix ExchangeXtrCtrlEx.exe
~ Global Startup: 127 Legitimates Filtered in 00mn 03s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Public]: APC UPS Status.lnk . (.American Power Conversion Corporation – Startup notification module.) — C:Program Files (x86)APCAPC PowerChute Personal EditionDisplay.exe
O4 – GSStartup [Public]: emMon.lnk . (.eMPIA Technology, Inc. – BDA Monitor Application.) — C:Program Files (x86)USB_video_deviceDriverDriver32emmon.exe
O4 – GSStartup [Christian]: Lanceur.lnk . (.Micro Application – Pas de description.) — C:Program Files (x86)Micro ApplicationLauncherMA.exe
O4 – HKLM..Run: [PC-Doctor for Windows localizer] . (.PC-Doctor, Inc. – Hardware Diagnostic Tools Localizer.) — C:Program FilesPC-Doctor for Windowslocalizer.exe
O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKCU..Run: [Orange Installer] . (…) — C:Program Files (x86)OrangeOrange InstallerOrangeInstaller.exe
O4 – HKCU..Run: [Le Cloud d’Orange – Transfert de fichiers Client] . (.Orange-France – Le Cloud d’Orange – Transfert de fichiers.) — C:UsersChristianAppDataLocalLe Cloud Orangeomclient.exe
O4 – HKCU..Run: [OrangeInside] . (.Orange – Executable Orange Inside.) — C:UsersChristianAppDataRoamingOrangeOrangeInsideoneOrangeInside.exe
O4 – HKLM..Wow6432NodeRun: [hpsysdrv] . (.Hewlett-Packard – hpsysdrv.) — c:program files (x86)hewlett-packardHP odometerhpsysdrv.exe =>.Hewlett-Packard Co
O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
O4 – HKLM..Wow6432NodeRun: [HP Software Update] . (.Hewlett-Packard – hpwuSchd Application.) — c:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe =>.Hewlett-Packard Co
O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Wow6432NodeRun: [UnlockerAssistant] . (…) — C:Program Files (x86)UnlockerUnlockerAssistant.exe
O4 – HKLM..Wow6432NodeRun: [HP Remote Solution] . (.Hewlett-Packard – HP Remote Solution.) — C:Program Files (x86)Hewlett-PackardHP Remote SolutionHP_Remote_Solution.exe
O4 – HKLM..Wow6432NodeRun: [BtTray] . (.IVT Corporation – Bluetooth Application.) — C:Program Files (x86)IVT CorporationBlueSoleilBtTray.exe
O4 – HKLM..Wow6432NodeRun: [CanonQuickMenu] . (.CANON INC. – Canon Quick Menu.) — C:Program Files (x86)CanonQuick MenuCNQMMAIN.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
O4 – HKUSS-1-5-21-1355434068-3653106500-54649249-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-1355434068-3653106500-54649249-1000..Run: [Orange Installer] . (…) — C:Program Files (x86)OrangeOrange InstallerOrangeInstaller.exe
O4 – HKUSS-1-5-21-1355434068-3653106500-54649249-1000..Run: [Le Cloud d’Orange – Transfert de fichiers Client] . (.Orange-France – Le Cloud d’Orange – Transfert de fichiers.) — C:UsersChristianAppDataLocalLe Cloud Orangeomclient.exe
O4 – HKUSS-1-5-21-1355434068-3653106500-54649249-1000..Run: [OrangeInside] . (.Orange – Executable Orange Inside.) — C:UsersChristianAppDataRoamingOrangeOrangeInsideoneOrangeInside.exe
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: À propos de Digital Connections [64Bits] – {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} — Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{ADDD806B-037D-47D0-BCE6-5258DAF3F973}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCCSServicesTcpip..{DF9A3147-FFB0-4742-9C97-0716EA467503}: DhcpNameServer = 192.168.42.129
O17 – HKLMSystemCS1ServicesTcpip..{ADDD806B-037D-47D0-BCE6-5258DAF3F973}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{DF9A3147-FFB0-4742-9C97-0716EA467503}: DhcpNameServer = 192.168.42.129
O17 – HKLMSystemCS2ServicesTcpip..{ADDD806B-037D-47D0-BCE6-5258DAF3F973}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{DF9A3147-FFB0-4742-9C97-0716EA467503}: DhcpNameServer = 192.168.42.129
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
O18 – Filter: application/x-msdownload [64Bits] – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – AppInit_DLLs: . (…) – C:Program Files (x86)SEARCH~1SEARCH~1x64IEBHO.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: Dedicarz Service (Dedicarz Service) . (.Pas de propriétaire – DedicarzService.) – C:Program Files (x86)OrangeAssistance LiveboxdedicarzDedicarzService.exe
O23 – Service: Skype Updater (SkypeUpdate) . (.Skype Technologies – Skype Updater Service.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
~ Services: 22 Legitimates Filtered in 00mn 06s

—\ Tâches planifiées en automatique (O39)
O39 – APT:Automatic Planified Task – C:WindowsTasksAdvancedDriverUpdater_UPDATES.job [298]
[MD5.00000000000000000000000000000000] [APT] [AdvancedDriverUpdater_UPDATES] (…) — C:Program Files (x86)Advanced Driver Updateradu.exe (.not file.) [0] =>PUP.AdvancedDriverUpdater
[MD5.00000000000000000000000000000000] [APT] [{00D36D3D-D1D8-4D09-B5A9-5FE3497A45BF}] (…) — E:SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{00EE6F64-E44F-4CA3-86E9-D0ADB0F2F59E}] (…) — C:UsersChristianDownloadsDigital Connections.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{0516A05F-4AEA-4B9B-B422-D380CF02183C}] (…) — C:Program FilesDomaIQ UninstallerDomaIQUninstall.exe (.not file.) [0] =>Adware.DomaIQ
[MD5.00000000000000000000000000000000] [APT] [{0A59D7A7-772E-4E6C-9C9D-F2A05F0180FB}] (…) — C:UsersChristianDownloadsMystery Case Files-Huntsville-francais.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{14C690F7-E8F9-4888-921A-65BD1A1A1BFA}] (…) — C:UsersChristianDownloadsdap94.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{1BE56B9F-29C9-419B-B827-F5B729500606}] (…) — C:Program Files (x86)palmOneInstapp.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{21622CD9-85B4-457E-B26A-DAB075FF7EF9}] (…) — E:PCPEInstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{43C40039-48AF-4154-8DEB-990A591E4940}] (…) — C:UsersChristianDownloadsPCPEInstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4A53E3F8-132D-454F-9D01-DDF9FA5D02EB}] (…) — C:UsersChristianDownloadsstubby_en.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4E7DD52C-4AD7-4ED2-8532-9755B04F5ADC}] (…) — C:UsersChristianDownloadsdotnetfx.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5797E971-94AC-4042-AE41-D26BB19D7491}] (…) — E:PCPEInstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5BA6004C-099F-4CCD-A387-ACFAAE869B5C}] (…) — C:UsersChristianDownloadsdotnetfx.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5EFBC10E-0E76-4619-9E95-0507D0065D0C}] (…) — G:Programma installationzlsSetup_70_462_000_fr.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{60E7439A-90D2-43DC-B6B7-0564338F5674}] (…) — C:UsersChristianDownloadsPCPEInstaller (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{61B1ED3D-2A99-486B-9953-729E5BB8517A}] (…) — C:UsersChristianDownloadsPCPEInstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{626FE451-93E0-416F-8537-E7CAA0A41C9C}] (…) — E:DOTNETdotnetfx.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7654380F-63B6-4D4D-9588-FA228E755210}] (…) — C:UsersChristianDownloadspictureviz.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{780AFE9D-F765-48B9-AB18-B347CF10CF8B}] (…) — C:UsersChristianDownloadsProgramma installationRicochet-LostWorld_Telecharger%7B179511%7D.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7CAD1E71-B649-47B8-B3F1-8BFB9C888B39}] (…) — C:Program Files (x86)IncrediGamesDream Vacation Solitaire FREELaunch.exe (.not file.) [0]
[MD5.D6ABC3C44E97BEEEA534E33E93AE97B4] [APT] [{817FE841-B611-4250-9971-19FA98B561B3}] (…) — C:Program Files (x86)Night Before Christmas 3D Screensaverunins000.exe [673546]
[MD5.00000000000000000000000000000000] [APT] [{82EE2E95-521B-4609-B5CB-1E901F2B60AC}] (…) — C:UsersChristianDownloadsdotnetfx.exe (.not file.) [0]
[MD5.D6ABC3C44E97BEEEA534E33E93AE97B4] [APT] [{8DACB896-8B2A-4D41-BCBD-8E279AF6DD37}] (…) — C:Program Files (x86)Night Before Christmas 3D Screensaverunins000.exe [673546]
[MD5.79F559FB43105EA3969C14AD35239333] [APT] [{964FCB2B-F96F-493F-B3E9-652A47E834E2}] (…) — C:Program Files (x86)InstallShield Installation Information{F193FC0E-9E18-40FC-A974-509A1BDD240A}setup.exe [602208]
[MD5.00000000000000000000000000000000] [APT] [{9EC6252F-CC35-4C10-A721-AD723E117180}] (…) — C:UsersChristianDownloadsdotnetfx.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A3D37E0B-00ED-4029-8704-01F43570CDFE}] (…) — C:UsersChristianDownloadsProgramma installationDream_Vacation_Solitaire_FREE-setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B8C53036-D1B6-43C7-B5E8-17450131E324}] (…) — E:DOTNETdotnetfx.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BA979DF8-E5E5-46AC-B57D-E7AA11A849A7}] (…) — C:UsersChristianDownloadsSoftyVisII.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C57B2327-3603-4847-A207-8B8C3175C585}] (…) — E:setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C5822018-DE47-4FE9-9F57-7800044C8B6E}] (…) — C:UsersChristianDownloadsPCLEUSB.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CA8F5EEC-2269-4DC4-95CB-54016F0651F9}] (…) — C:UsersChristianDownloadsConversor.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{D87A1B59-EEFD-43DA-A769-A4694EF2AD72}] (…) — E:setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DC1C9C86-B839-4290-8E51-607C94FAFDFE}] (…) — C:UsersChristianDownloadsConversor.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DE5BC9DD-4B20-4BAC-98AC-CB4DF0896E19}] (…) — C:UsersChristianDownloadsNetFx64 (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E20265D3-E0BF-4FA4-9012-219DAF7EFA9F}] (…) — C:UsersChristianDownloadsPCPEInstaller (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EB03271B-6211-4AF3-9E07-06579FB69ABB}] (…) — E:DOTNETdotnetfx.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{EE9937F2-BC53-4F86-97C9-C3597E6B5101}] (…) — C:UsersChristianDownloadsPVMsetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F7613075-E912-4A32-A723-4762DDB14314}] (…) — E:setup.exe (.not file.) [0]
~ Scheduled Task: 63 Legitimates Filtered in 00mn 07s

—\ Logiciels installés (O42)
O42 – Logiciel: Advanced Driver Updater – (.Systweak Inc.) [HKLM][64Bits] — Advanced Driver Updater_is1 =>PUP.AdvancedDriverUpdater
O42 – Logiciel: DAP Plug-in for 64 bit IE – (.SpeedBit.) [HKLM][64Bits] — {E06AF9BE-E1D6-4867-8DBF-74E4BA32BBB3}
O42 – Logiciel: DAZ|Studio 1.5.1.0 – (.DAZ Productions, Inc..) [HKLM][64Bits] — DAZ|Studio
O42 – Logiciel: Download Accelerator Plus (DAP) – (.Speedbit Ltd..) [HKLM][64Bits] — Download Accelerator Plus (DAP)
O42 – Logiciel: IncrediMail – (.IncrediMail.) [HKLM][64Bits] — {5E97F3BD-CDDC-4188-9D98-532E14FABB5D}
O42 – Logiciel: IncrediMail 2.0 – (.IncrediMail Ltd..) [HKLM][64Bits] — IncrediMail
O42 – Logiciel: Night Before Christmas 3D Screensaver – (…) [HKLM][64Bits] — Night Before Christmas 3D Screensaver_is1
O42 – Logiciel: The Heritage – (…) [HKCU][64Bits] — The Heritage
O42 – Logiciel: UVC Like Driver – (.UVC.) [HKLM][64Bits] — {134F03AE-253D-48E7-B11B-30E7E6F153BD}
O42 – Logiciel: VersaTimer 1.02 – (.Lux Aeterna Software.) [HKLM][64Bits] — VersaTimer_is1
O42 – Logiciel: conatiiNuettosaavve – (.continue to save.) [HKLM][64Bits] — {C1C6816E-CBB3-A748-85F9-A8B47B68985B} =>PUP.OfferWare
~ Logic: 238 Legitimates Filtered in 00mn 01s

—\ HKCU & HKLM Software Keys
[HKCUSoftware3DSavers]
[HKCUSoftwareAllThatChords]
[HKCUSoftwareIncrediMail]
[HKCUSoftwareKextaxqt]
[HKCUSoftwareLux Aeterna]
[HKCUSoftwareSpeedBit]
[HKLMSoftwareSpeedBit]
[HKLMSoftwareWow6432NodeAPC]
[HKLMSoftwareWow6432NodeKextaxqt]
[HKLMSoftwareWow6432NodeM5632]
[HKLMSoftwareWow6432NodeSpeedBit]
[HKLMSoftwareWow6432NodeUVC]
[HKLMSoftwareWow6432NodeWeb]
~ Key Software: 403 Legitimates Filtered in 00mn 01s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 15/10/2013 – 18:57:02 – [5,930] —-D C:Program Files (x86)APC
O43 – CFD: 04/04/2012 – 07:24:18 – [13,520] —-D C:Program Files (x86)FoxTabVideoConverter
O43 – CFD: 17/05/2012 – 09:28:57 – [0,002] —-D C:Program Files (x86)Free 3D Christmas Screensaver
O43 – CFD: 24/04/2011 – 17:14:25 – [12,510] —-D C:Program Files (x86)Free Ringtone Maker
O43 – CFD: 10/06/2010 – 16:33:19 – [0] —-D C:Program Files (x86)IncrediGames
O43 – CFD: 10/06/2010 – 16:33:44 – [0] —-D C:Program Files (x86)Incredijeux
O43 – CFD: 07/03/2010 – 15:26:09 – [26,001] —-D C:Program Files (x86)IncrediMail
O43 – CFD: 03/09/2013 – 16:13:32 – [3,449] —-D C:Program Files (x86)InPixio Photo Clip
O43 – CFD: 26/07/2013 – 16:34:24 – [0,072] —-D C:Program Files (x86)Les Tudors
O43 – CFD: 03/10/2011 – 08:36:25 – [0] —-D C:Program Files (x86)LimeWire
O43 – CFD: 19/05/2012 – 08:56:41 – [0,645] —-D C:Program Files (x86)Night Before Christmas 3D Screensaver
O43 – CFD: 19/05/2012 – 08:56:41 – [94,742] —-D C:Program Files (x86)The Heritage
O43 – CFD: 09/07/2010 – 09:31:57 – [0,078] —-D C:Program Files (x86)USB_video_device
O43 – CFD: 09/07/2013 – 15:41:03 – [0,987] —-D C:Program Files (x86)UVC Like Driver
O43 – CFD: 14/08/2012 – 14:06:58 – [2,573] —-D C:Program Files (x86)Common FilesSpeedBit
O43 – CFD: 07/12/2010 – 11:08:14 – [31,661] —-D C:ProgramDataBC Soft Games
O43 – CFD: 07/03/2010 – 15:26:57 – [0] —-D C:ProgramDataIM
O43 – CFD: 07/03/2010 – 15:26:09 – [15,395] —-D C:ProgramDataIncrediMail
O43 – CFD: 27/02/2010 – 18:12:06 – [49,759] —-D C:ProgramDataSpeedBit
O43 – CFD: 30/01/2011 – 12:10:12 – [33,621] —-D C:ProgramData{23D58E70-3B83-4B83-A227-68770F84F5EC}
O43 – CFD: 10/01/2010 – 04:24:26 – [20,406] —-D C:ProgramData{44AFD825-9603-4521-9447-A6E1C5CA2F3D}
O43 – CFD: 10/10/2013 – 12:08:29 – [0,215] —-D C:UsersChristianAppDataRoamingDominiGames
O43 – CFD: 24/04/2011 – 17:14:32 – [0,003] —-D C:UsersChristianAppDataRoamingFree Ringtone Maker
O43 – CFD: 26/07/2010 – 17:09:46 – [0,038] —-D C:UsersChristianAppDataRoamingRealv1005
O43 – CFD: 07/03/2010 – 19:04:52 – [34,888] —-D C:UsersChristianAppDataLocalIM
O43 – CFD: 19/05/2012 – 08:56:42 – [0,002] —-D C:UsersChristianAppDataRoamingMicrosoftWindowsStart MenuProgramsThe Heritage
~ Program Folder: 376 Legitimates Filtered in 02mn 45s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 24/10/2013 – 14:44:51 —A- . (…) — C:Startvir.txt [0]
O44 – LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] – 24/10/2013 – 15:33:51 —A- . (…) — C:WindowsMBR.exe [208896]
O44 – LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] – 24/10/2013 – 15:33:51 —A- . (…) — C:WindowsPEV.exe [256000]
O44 – LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] – 24/10/2013 – 15:33:51 —A- . (…) — C:Windowsgrep.exe [80412]
O44 – LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] – 24/10/2013 – 15:33:51 —A- . (…) — C:Windowssed.exe [98816]
O44 – LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] – 24/10/2013 – 15:33:51 —A- . (…) — C:Windowszip.exe [68096]
O44 – LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] – 25/10/2013 – 09:36:15 —A- . (…) — C:Windowssystem.ini [215]
O44 – LFC:[MD5.49EE678AD3427E66FB336F9C52C7C83C] – 25/10/2013 – 09:52:36 —A- . (…) — C:ComboFix.txt [39097]
~ Files: 29 Legitimates Filtered in 00mn 05s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.010FDC47B4CF5DE58B258506E9E72AA2] – 25/10/2013 – 09:52:06 —A- – C:WindowsPrefetchCF14423.3XE-93D6DB77.pf
O45 – LFCP:[MD5.5B85111AF2A356DF6E71BAD9E8C6971D] – 25/10/2013 – 18:08:12 —A- – C:WindowsPrefetchBOONTYGAMES.0001-22CE5875.pf
O45 – LFCP:[MD5.ED94ED0AC091C3A5A8DD5541932F4B7F] – 26/10/2013 – 09:45:20 —A- – C:WindowsPrefetchFIND.EXE-9AADDA11.pf
O45 – LFCP:[MD5.A4C2061C96CC33CCEFCFCF07BC68F70C] – 26/10/2013 – 09:45:24 —A- – C:WindowsPrefetchSAFEBOOTKEYREPAIR.EXE-55B5EBA0.pf
O45 – LFCP:[MD5.0E9ADF081481C95C251F6FF8BA357F75] – 26/10/2013 – 16:14:19 —A- – C:WindowsPrefetchAPCSYSTRAY.EXE-DA7F5ED2.pf
O45 – LFCP:[MD5.671CADC05241A8F941AE7B94DC2EB1E3] – 26/10/2013 – 16:18:47 —A- – C:WindowsPrefetchBANKPERFECT.EXE-73B3300B.pf
O45 – LFCP:[MD5.8DA6062D8B34A3A500A0D75FE8351D48] – 26/10/2013 – 16:19:39 —A- – C:WindowsPrefetchTHESAINTABYSSOFDESPAIR.EXE-07276C38.pf
O45 – LFCP:[MD5.D28355E40B51206EB9E6139EF786F1BF] – 26/10/2013 – 18:07:07 —A- – C:WindowsPrefetchGAMEINSTALLER.EXE-DA49D578.pf
O45 – LFCP:[MD5.8316D651E14CB857C07701245D370457] – 26/10/2013 – 18:57:32 —A- – C:WindowsPrefetchBOONTY.EXE-8369BB13.pf
O45 – LFCP:[MD5.EDF8480314852AD301814CB042B407BE] – 26/10/2013 – 18:57:32 —A- – C:WindowsPrefetchBOONTYGAMES.0001-71D8E700.pf
O45 – LFCP:[MD5.DCDB89B03E7CDBBBEBDC668C19DD485A] – 26/10/2013 – 18:57:32 —A- – C:WindowsPrefetchRICOCHET.EXE-E0225582.pf
O45 – LFCP:[MD5.CD24B280E0840CC8D5FF809AEA7B742E] – 27/10/2013 – 09:20:56 —A- – C:WindowsPrefetchBSHELPCS.EXE-509DEB38.pf
O45 – LFCP:[MD5.F54A7103DCE236E27CF768F6C07D7E4D] – 27/10/2013 – 09:20:56 —A- – C:WindowsPrefetchWLCRDPSYSTEM.EXE-09F2FD97.pf
O45 – LFCP:[MD5.69B11FF8E551E21333219E10B5C1D145] – 27/10/2013 – 09:35:26 —A- – C:WindowsPrefetchHPSF_TASKS.EXE-9FFDF802.pf
O45 – LFCP:[MD5.15156B2223DFD823405DF6BDED0F5379] – 27/10/2013 – 09:45:07 —A- – C:WindowsPrefetchCTR.EXE-72D6C1DD.pf
~ Prefetcher: 134 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 – SMSR:HKLM…startupregGBMLite8AgentLaCie [Key] . (…) — C:Program Files (x86)LaCieGenie Backup AssistantGBMAgent.exe (.not file.)
O53 – SMSR:HKLM…startupregMobileDocuments [Key] . (…) — C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe (.not file.)
~ SMSR Keys: 24 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.C0D50877BB7EC88A953A2A56CEF170FA] – 06/04/2010 – 17:33:10 —A- . (…) — C:WindowsSystem32DriversbtnetBus.sys [30088]
O58 – SDL:[MD5.3688D4B84E9F98F70A71D5B4B720940E] – 06/07/2009 – 15:33:50 —A- . (.Hauppauge Computer Works, Inc. – hcw95bda HID Remote Control driver.) — C:WindowsSystem32hcw95rc.sys [19456]
O58 – SDL:[MD5.D0D4F3CA1D3A4400E1F40F36A800CD12] – 13/05/2010 – 06:34:04 —A- . (.Devguru Co., Ltd – Device Error Recovery SDK(x86).) — C:WindowsSysWOW64driversdgderdrv.sys [18136]
O58 – SDL:[MD5.DDEE99DC54EFA20BD5A442CD733C4462] – 22/05/2013 – 12:34:26 —A- . (…) — C:WindowsSysWOW64FsUsbExDisk.Sys [37344]
~ Drivers: 19 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 01/01/2028 – 10:27:58 R-HA- . (…) — C:UsersChristianDocumentsJeux TéléchargésEnigma Agency – Le Chaos des Ombres Edition CollectorHURLUS.txt [20768]
O61 – LFC: 24/10/2013 – 10:27:45 —A- . (…) — C:UsersChristianAppDataLocalLe Cloud Orangesynclog.txt [505799]
O61 – LFC: 24/10/2013 – 10:27:45 —A- . (…) — C:UsersChristianAppDataLocalScreamer Radioscreamer.xml [5021]
O61 – LFC: 24/10/2013 – 10:27:58 —A- . (…) — C:UsersChristianDocumentsImpotsTaxe habitation 2013.pdf [55918]
O61 – LFC: 24/10/2013 – 10:27:58 —A- . (…) — C:UsersChristianDownloadselibagla.zip [103711]
O61 – LFC: 24/10/2013 – 10:27:58 -SHA- . (…) — C:UsersChristianDocumentsImpotsThumbs.db [81408]
O61 – LFC: 24/10/2013 – 10:27:59 —A- . (…) — C:UsersChristianDownloadsfs-fixbagle.zip [898727]
O61 – LFC: 25/10/2013 – 10:27:53 —A- . (…) — C:UsersChristianAppDataRoamingfr.orange.assistanceliveboxLocal StoreALB.db [6144] =>.Orange Corporation
O61 – LFC: 25/10/2013 – 10:27:57 —A- . (…) — C:UsersChristianAppDataRoamingZHPHOSTS.txt [27] =>.Nicolas Coolman
O61 – LFC: 25/10/2013 – 10:27:57 —A- . (…) — C:UsersChristianDocumentsCartes bancaires.ods [17602]
O61 – LFC: 26/10/2013 – 10:27:34 —A- . (…) — C:UsersChristianAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [260408]
O61 – LFC: 26/10/2013 – 10:27:50 —A- . (…) — C:UsersChristianAppDataRoamingAlawarEntertainmentHappyArtistThe Saint Abyss of Despairlog.sflog [7122]
O61 – LFC: 26/10/2013 – 10:27:50 —A- . (…) — C:UsersChristianAppDataRoamingAlawarEntertainmentHappyArtistThe Saint Abyss of Despairsavesab1f8f289d14b859ed179c056282e15.sav [436160]
O61 – LFC: 26/10/2013 – 10:27:50 —A- . (…) — C:UsersChristianAppDataRoamingAlawarEntertainmentHappyArtistThe Saint Abyss of Despairsavesoptions.xml [571]
O61 – LFC: 26/10/2013 – 10:27:50 —A- . (…) — C:UsersChristianAppDataRoamingAlawarEntertainmentHappyArtistThe Saint Abyss of Despairsavessaves.xml [816]
O61 – LFC: 26/10/2013 – 10:27:50 —A- . (…) — C:UsersChristianAppDataRoamingAlawarEntertainmentHappyArtistThe Saint Abyss of Despairsavessaves.xml.crc [9]
O61 – LFC: 26/10/2013 – 10:27:57 —A- . (…) — C:UsersChristianAppDataRoamingZHPZHPADSReport.txt [351] =>.Nicolas Coolman
O61 – LFC: 26/10/2013 – 10:27:57 —A- . (…) — C:UsersChristianAppDataRoamingZHPZHPDiag.txt [74972] =>.Nicolas Coolman
O61 – LFC: 26/10/2013 – 10:27:58 —A- . (…) — C:UsersChristianDocumentsSauvegarde bp.bp [192086]
O61 – LFC: 26/10/2013 – 10:27:58 —A- . (…) — C:UsersChristianDownloadsAdwCleaner[S0].txt [47022]
O61 – LFC: 26/10/2013 – 10:27:58 —A- . (…) — C:UsersChristianDownloadsadwcleaner.exe [1060070]
O61 – LFC: 26/10/2013 – 10:27:59 —A- . (…) — C:UsersChristianDownloadsSafeBootKeyRepair.exe [288654]
O61 – LFC: 26/10/2013 – 10:27:59 —A- . (…) — C:UsersChristianDownloadsmbam-log-2013-06-26 (09-58-17).txt [63868]
O61 – LFC: 26/10/2013 – 10:27:59 —A- . (…) — C:UsersChristianDownloadssafeboot_win7.reg [36536]
O61 – LFC: 27/10/2013 – 10:27:34 —A- . (…) — C:UsersChristianAppDataLocalGoogleChromeUser Datachrome_shutdown_ms.txt [4]
O61 – LFC: 27/10/2013 – 10:27:43 —A- . (…) — C:UsersChristianAppDataLocalGoogleChromeUser DataLocal State [72314]
O61 – LFC: 27/10/2013 – 10:27:45 —A- . (…) — C:UsersChristianAppDataLocalLe Cloud Orangeclient00.svclog [96399]
O61 – LFC: 27/10/2013 – 10:27:57 —A- . (…) — C:UsersChristianAppDataRoamingZHPLog.txt [41050] =>.Nicolas Coolman
O61 – LFC: 27/10/2013 – 10:27:57 —A- . (…) — C:UsersChristianAppDataRoamingZHPQuarantinefjdktmabw.job.VIR [316] =>.Nicolas Coolman
O61 – LFC: 27/10/2013 – 10:27:57 —A- . (…) — C:UsersChristianAppDataRoamingZHPTestsZHPDiag.txt [2962] =>.Nicolas Coolman
O61 – LFC: 27/10/2013 – 10:27:57 —A- . (…) — C:UsersChristianAppDataRoamingZHPZHPExportRegistry-27-10-2013-09-40-07.txt [4050] =>.Nicolas Coolman
O61 – LFC: 27/10/2013 – 10:27:57 —A- . (…) — C:UsersChristianAppDataRoamingZHPZHPFixQuarantine.txt [71417] =>.Nicolas Coolman
O61 – LFC: 27/10/2013 – 10:27:57 —A- . (…) — C:UsersChristianAppDataRoamingZHPZHPFix[R1].txt [47835] =>.Nicolas Coolman
O61 – LFC: 27/10/2013 – 10:27:58 —A- . (…) — C:UsersChristianDownloadsCTR (1).exe [938001]
~ 11 Fichiers temporaires (Temporary files)
~ Files: 261 Legitimates Filtered in 00mn 37s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {15F8D44C-1F6A-4afb-99E1-6DBF38826494} – (SpeedBit Search) – http://search.speedbit.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {62F1AC2A-F452-4F1F-A3A6-33248E1055BF} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} – (Orange) – http://r.orange.fr” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {CA8330BE-D06A-4B02-A42F-D21DC729449A} – (Search) – http://start.funmoods.com” onclick=”window.open(this.href);return false; =>PUP.Funmoods
~ Keys: Scanned in 00mn 00s

—\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:UsersChristianDocumentsWinrarRarLab.WinRAR.v5.00.Cracked-EAT.rar
C:UsersChristianDocumentsWinrarRarLab.WinRAR.v5.00.Cracked-EAT.rar
~ Files: Scanned in 00mn 56s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.EC7C9A61B6213C7FD86D949A1CEC73BF] [SPRF][24/09/2013] (…) — C:UsersChristianAppDataLocalLowlpm.dat [10498]
[MD5.8AE89101D7EC944A27FA7FE1DFD6188F] [SPRF][24/09/2011] (…) — C:UsersChristianAppDataRoamingwklnhst.dat [620]
[MD5.2267E4E850A6FFC01B7EED3EACFCC93F] [SPRF][27/10/2013] (.Pas de propriétaire – Contrôle et suppression restrictions.) — C:UsersChristianDesktopCTR.exe [938001]
[MD5.1F706E1F23E4E4A7FBE4F243D0A6D5C4] [SPRF][04/07/2011] (…) — C:Program Files (x86)AssistanceLivebox.exe [147880]
~ Files: 6 Legitimates Filtered in 00mn 00s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “TCP Query User{906C3559-9E77-4149-90B6-C2B4ECBFA1B5}C:program files (x86)limewirelimewire.exe” |In – Private – P6 – TRUE | .(…) — C:program files (x86)limewirelimewire.exe (.not file.)
O87 – FAEL: “UDP Query User{53CAA8BF-98B1-4503-8AB7-00AF46B2F6E2}C:program files (x86)limewirelimewire.exe” |In – Private – P17 – TRUE | .(…) — C:program files (x86)limewirelimewire.exe (.not file.)
O87 – FAEL: “TCP Query User{4CC312B8-B5A9-4BA9-8508-1544BF4D4E0E}C:program files (x86)dapdap.exe” | In – Private – P6 – TRUE | .(.Speedbit Ltd. – Download Accelerator Plus (DAP).) — C:program files (x86)dapdap.exe
O87 – FAEL: “UDP Query User{32241AB4-D707-40F6-9ACF-EBEB3038DBD5}C:program files (x86)dapdap.exe” | In – Private – P17 – TRUE | .(.Speedbit Ltd. – Download Accelerator Plus (DAP).) — C:program files (x86)dapdap.exe
O87 – FAEL: “{5FE8193C-BA75-4A7D-B4E6-48980A56E08E}” | In – Private – P6 – FALSE | .(.IncrediMail, Ltd. – IncrediMail Application.) — C:Program Files (x86)IncrediMailBinIncMail.exe
O87 – FAEL: “{C554E12B-DBD1-4638-B601-C103102BE8E2}” | In – Private – P17 – FALSE | .(.IncrediMail, Ltd. – IncrediMail Application.) — C:Program Files (x86)IncrediMailBinIncMail.exe
O87 – FAEL: “{80E72618-B78E-4FBE-AF4D-56F02A391B77}” | In – Private – P6 – FALSE | .(.IncrediMail, Ltd. – IncrediMail Tray Application.) — C:Program Files (x86)IncrediMailBinImApp.exe
O87 – FAEL: “{6B9180C8-8A95-4CD1-9060-5E705B03291C}” | In – Private – P17 – FALSE | .(.IncrediMail, Ltd. – IncrediMail Tray Application.) — C:Program Files (x86)IncrediMailBinImApp.exe
O87 – FAEL: “{8113B4D9-E49B-45AD-8E34-82FF2F819B70}” | In – Private – P6 – FALSE | .(.IncrediMail, Ltd. – IncrediMail Content Importer.) — C:Program Files (x86)IncrediMailBinImpCnt.exe
O87 – FAEL: “{95FB7AB8-1EF5-49E4-8D92-99A3B21AFBFF}” | In – Private – P17 – FALSE | .(.IncrediMail, Ltd. – IncrediMail Content Importer.) — C:Program Files (x86)IncrediMailBinImpCnt.exe
O87 – FAEL: “{5E131F23-5FDE-43EE-9397-91B2DC19E74D}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)Windows Searchqu ToolbarDatamngrToolBardtUser.exe (.not file.) =>PUP.Datamngr
O87 – FAEL: “{FA02CA1F-DD23-4BA5-8E71-BC7D7F67C68C}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)Windows Searchqu ToolbarDatamngrToolBardtUser.exe (.not file.) =>PUP.Datamngr
O87 – FAEL: “{8745684C-95A3-40CD-B077-0F924ED6A013}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 – FAEL: “{424DA903-288A-4D18-9E32-F974207ACECC}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)SweetIMCommunicatorSweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
~ Firewall: 280 Legitimates Filtered in 00mn 01s

—\ Enumère les codes produits des logiciels (PUC) (O90)
O90 – PUC: “DB3F79E5CDDC8814D98935E241AFBBD5” . (.IncrediMail.) — C:WindowsInstaller{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}ARPPRODUCTICON.exe
O90 – PUC: “F0BBACFFF1EE23245A36FD5976ED5BA2” . (.Chrome Remote Desktop Host.) — C:WindowsInstaller{FFCABB0F-EE1F-4232-A563-DF9567DEB52A}chromoting.ico
~ Update Products: 166 Legitimates Filtered in 00mn 00s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.37567A52FCB048AD2341BA1255A53D95] [WIS][26/05/2011] (.IncrediMail – IncrediMail.) — C:WindowsInstaller10f56b9.msi [2831360]
[MD5.648FBA78FBBBB8EA6E33020A2220D2A4] [WIS][27/02/2010] (.SpeedBit – DAP Plug-in for 64 bit IE.) — C:WindowsInstaller23e6da.msi [3657728]
~ WIS: 173 Legitimates Filtered in 00mn 32s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SS – | Demand 10/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
SS – | Demand 06/07/2012 32768 | (AllShare Framework DMS) . (.Samsung.) – C:Program FilesSamsungAllShare Framework DMS1.1.01AllShareFrameworkManagerDMS.exe
SR – | Auto 02/12/2009 202752 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
SR – | Auto 12/12/2005 176193 | (APC UPS Service) . (.American Power Conversion Corporation.) – C:Program Files (x86)APCAPC PowerChute Personal Editionmainserv.exe
SR – | Auto 26/02/2012 55144 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
SR – | Auto 26/10/2010 1765484 | (BlueSoleilCS) . (.IVT Corporation.) – C:Program Files (x86)IVT CorporationBlueSoleilBlueSoleilCS.exe
SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SS – | Demand 27/07/2012 69120 | (Boonty Games) . (.BOONTY.) – C:Program Files (x86)Common FilesBOONTY SharedServiceBoonty.exe
SR – | Demand 25/10/2010 192000 | (BsHelpCS) . (.IVT Corporation.) – C:Program Files (x86)IVT CorporationBlueSoleilBsHelpCS.exe
SR – | Auto 23/09/2013 50128 | (chromoting) . (.Google Inc..) – C:Program Files (x86)GoogleChrome Remote Desktop30.0.1599.56remoting_host.exe
SS – | Auto 10/06/2013 1966960 | (Dedicarz Service) . (…) – C:Program Files (x86)OrangeAssistance LiveboxdedicarzDedicarzService.exe
SR – | Auto 13/05/2010 119632 | (dgdersvc) . (.Devguru Co., Ltd..) – C:Windowssystem32dgdersvc.exe
SR – | Auto 20/07/2012 64384 | (DokanMounter) . (.F-Secure.) – C:Program FilesOrangemes contenus – mon disquemounter.exe
SR – | Auto 14/07/2009 27136 | C:WindowsSystem32ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) – C:WindowsSystem32svchost.exe
SS – | Demand 24/03/2010 246520 | (GameConsoleService) . (.WildTangent, Inc..) – C:Program Files (x86)HP GamesHP Game ConsoleGameConsoleService.exe
SS – | Auto 07/03/2010 135664 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 07/03/2010 135664 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SR – | Auto 15/11/2010 126520 | (HP Health Check Service) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardHP Health Checkhphc_service.exe
SR – | Auto 14/10/2010 92216 | (HPDrvMntSvc.exe) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardSharedHPDrvMntSvc.exe
SS – | Demand 14/10/2010 751672 | (hpqwmiex) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardSharedhpqwmiex.exe
SS – | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) – C:Program Files (x86)Common FilesInstallShieldDriver1050Intel 32IDriverT.exe
SS – | Demand 28/03/2012 140456 | (IJPLMSVC) . (…) – C:Program Files (x86)CanonIJPLMIJPLMSVC.exe
SS – | Demand 27/03/2012 934760 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SS – | Demand 10/07/1658 0 | (KiesAllShare) . (…) – C:Program Files (x86)SamsungKiesWiselinkProWiselinkPro.exe
SR – | Auto 20/08/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) – c:Program Files (x86)Common FilesLightScribeLSSrvc.exe
SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe
SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe
SS – | Demand 25/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
SS – | Auto 29/08/2013 1073160 | (Orange update Core Service) . (.Orange SA.) – C:Program Files (x86)OrangeOrangeUpdateServiceOUCore.exe
SR – | Auto 08/04/2013 1320496 | (PDF Architect Helper Service) . (.pdfforge GmbH.) – C:Program Files (x86)PDF ArchitectHelperService.exe
SR – | Auto 08/04/2013 799280 | (PDF Architect Service) . (.pdfforge GmbH.) – C:Program Files (x86)PDF ArchitectConversionService.exe
SR – | Auto 24/08/2011 430136 | (PMBDeviceInfoProvider) . (.Sony Corporation.) – C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe
SR – | Auto 24/04/2012 390632 | (RichVideo64) . (…) – C:Program FilesCyberLinkShared filesRichVideo64.exe
SR – | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) – C:Program Files (x86)MicrosoftSearch Enhancement PackSeaPortSeaPort.exe
SS – | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
SS – | Disabled 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 34s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Run by Christian at 27/10/2013 10:29:39
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Christian at 27/10/2013 10:29:41

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 12960 – (27/10/2013)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallAdvanced Driver Updater_is1] =>PUP.AdvancedDriverUpdater^
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{C1C6816E-CBB3-A748-85F9-A8B47B68985B}] =>PUP.OfferWare^
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Orange
~ Additionnel Scan: 418207 Items scanned in 00mn 18s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer” onclick=”window.open(this.href);return false; =>Adware.SPointer
~ http://nicolascoolman.webs.com/apps/blog/show/30393137-adware-domaiq” onclick=”window.open(this.href);return false; =>Adware.DomaIQ
~ http://nicolascoolman.webs.com/apps/blog/show/27332348-pup-offerware” onclick=”window.open(this.href);return false; =>PUP.Offerware
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods” onclick=”window.open(this.href);return false; =>PUP.Funmoods
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr” onclick=”window.open(this.href);return false; =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim” onclick=”window.open(this.href);return false; =>PUP.SweetIM
~ MSI: 6 link(s) detected in 00mn 18s

~ 2120 Legitimates filtered by white list
End of the scan (682 lines in 06mn 15s)(2)