Répondre à : grops problème 2016-09-08T13:14:51+00:00
familicomputer
Post count: 0

bonjour!
voila le rapport

~ Rapport de ZHPDiag v2013.11.9.20 – Nicolas Coolman (09/11/2013)
~ Lancé par Rébecca (10/11/2013 12:29:44)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v30.0.1599.101 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_COA_SLP channel
Windows ID Activation : OK
~ Windows Partial Key : JX9VK
Windows License : OK
Windows Automatic Updates : OK

—\ Logiciels de protection du système
avast! Free Antivirus v9.0.2006

—\ Logiciels d’optimisation du système
CCleaner v3.07 =>Piriform Ltd

—\ Logiciels de partage PeerToPeer
eMule
Pando Media Booster v2.6.0.1

—\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader X

—\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3035 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 11 GB (7%) free of 144 GB

—\ Mode de connexion au système
~ Computer Name: PC-DE-CHAUFOUR
~ User Name: Rébecca
~ All Users Names: Rébecca, Evelyne, Chaufour, Bryan, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UsersRébeccaAppDataRoamingZHP
~ %AppData% : C:UsersRébeccaAppDataRoaming
~ %Desktop% : C:UsersRébeccaDesktop
~ %Favorites% : C:UsersRébeccaFavorites
~ %LocalAppData% : C:UsersRébeccaAppDataLocal
~ %StartMenu% : C:UsersRébeccaAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 11 Go of 144 Go)
D: Hard drive, Flash drive, Thumb drive (Free 106 Go of 144 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)
K: Floppy drive, Flash card reader, USB Key (Free 2 Go of 2 Go)

—\ Etat du Centre de Sécurité Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] – (.Microsoft Corporation – Explorateur Windows.) (.11/04/2009 – 14:18:30.) — C:WindowsExplorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] – (.Microsoft Corporation – Application de démarrage de Windows.) (.21/01/2008 – 03:23:42.) — C:WindowsSystem32Wininit.exe [96768]
[MD5.C8ADAA6948993D839D14524847EA5B75] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.22/09/2013 – 11:13:22.) — C:WindowsSystem32wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.11/04/2009 – 14:18:46.) — C:WindowsSystem32Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.21/04/2011 – 14:58:27.) — C:Windowssystem32DriversAFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.11/04/2009 – 14:18:00.) — C:Windowssystem32Driversatapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.21/01/2008 – 03:23:51.) — C:Windowssystem32DriversCdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.11/04/2009 – 14:18:00.) — C:Windowssystem32DriversCdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.14/04/2011 – 15:59:03.) — C:Windowssystem32DriversDfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.11/04/2009 – 14:18:02.) — C:Windowssystem32DriversHDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] – (.Microsoft Corporation – Pilote de port i8042.) (.21/01/2008 – 03:23:20.) — C:Windowssystem32Driversi8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] – (.Microsoft Corporation – IP Network Address Translator.) (.21/01/2008 – 03:24:25.) — C:Windowssystem32DriversIpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.29/04/2011 – 14:24:40.) — C:Windowssystem32DriversMRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] – (.Microsoft Corporation – MBT Transport driver.) (.11/04/2009 – 14:18:50.) — C:Windowssystem32DriversnetBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.03/03/2013 – 20:07:52.) — C:Windowssystem32Driversntfs.sys [1082232]
[MD5.8A79FDF04A73428597E2CAF9D0D67850] – (.Microsoft Corporation – Pilote de port parallèle.) (.21/01/2008 – 03:23:01.) — C:Windowssystem32DriversParport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/01/2008 – 03:24:55.) — C:Windowssystem32DriversRasl2tp.sys [76288]
[MD5.943B18305EAE3935598A9B4A3D560B4C] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.11/04/2009 – 14:18:00.) — C:Windowssystem32Driversrdpdr.sys [248320]
[MD5.7B75299A4D201D6A6533603D6914AB04] – (.Microsoft Corporation – SMB Transport driver.) (.11/04/2009 – 14:18:50.) — C:Windowssystem32Driverssmb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] – (.Microsoft Corporation – TDI Translation Driver.) (.11/04/2009 – 14:18:47.) — C:Windowssystem32Driverstdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/08/2012 – 12:47:42.) — C:Windowssystem32Driversvolsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/4044
~ Mes musiques (My Musics) : 131/1838
~ Mes Videos (My Videos) : 5/148
~ Mes Favoris (My Favorites) : 1/113
~ Mes Documents (My Documents) : 5/296
~ Mon Bureau (My Desktop) : 12/1130
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 06s

—\ Processus lancés
[MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] – (.Microsoft Corporation – Windows Defender User Interface.) — C:Program FilesWindows DefenderMSASCui.exe [1008184] [PID.64080]
[MD5.ABBB8C380A24BC4E3D9EF916CAC3596D] – (.Realtek Semiconductor – HD Audio Control Panel.) — C:Program FilesRealtekAudioHDARtHDVCpl.exe [7547424] [PID.64092]
[MD5.C482C535CBFEFE722EC1EB7F11F680A3] – (.America Online, Inc. – AOL.) — C:Program FilesCommon Filesaol1265362316eeaolsoftware.exe [50736] [PID.64120]
[MD5.1029B84ECBE4B95ACB8491A3FE63D70F] – (.Intel Corporation – igfxTray Module.) — C:WindowsSystem32igfxtray.exe [136216] [PID.113124]
[MD5.3CD5BBDA19A1AB4EBA359E0A14FDF0F0] – (.Intel Corporation – hkcmd Module.) — C:WindowsSystem32hkcmd.exe [171032] [PID.64140]
[MD5.3142195521FEE436088EE8A5748DE1B1] – (.Intel Corporation – persistence Module.) — C:WindowsSystem32igfxpers.exe [170520] [PID.64160]
[MD5.95D0EA1BECAD6D781C3D09AEC1295E8F] – (.Hewlett-Packard – hpwuSchd Application.) — C:Program FilesHPHP Software Updatehpwuschd2.exe [49208] [PID.64172]
[MD5.4777ED40233E42F69F0DAE68013FE310] – (.France Telecom SA – Pas de description.) — C:Program FilesCardDetectorHUAWEICardDetector.exe [274432] [PID.64252]
[MD5.B77081F8221968C7DAB794B0BA55C43E] – (.Sun Microsystems, Inc. – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe [254896] [PID.64288]
[MD5.7C0704D4523BA671AFE6D028399942D3] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5avastui.exe [3567800] [PID.64308]
[MD5.5B3994A919BDEF4BFE192C05A5B3D2A1] – (.Pas de propriétaire – Pando Media Booster.) — C:Program FilesPando NetworksMedia BoosterPMB.exe [3082320] [PID.4348]
[MD5.ECF45E3FC8C63E44ED45D38A8672E7F1] – (.Hewlett-Packard Co. – HP Digital Imaging Monitor.) — C:Program FilesHPDigital Imagingbinhpqtra08.exe [275768] [PID.64412]
[MD5.2E0B0A051FFAA86E358465BB0880D453] – (.Microsoft Corporation – Windows Update.) — C:Windowssystem32wuauclt.exe [53784] [PID.6016]
[MD5.D0D99257DDDCDDBE998AF7CA14E85BD0] – (.Hewlett-Packard Co. – HP CUE Status Root.) — C:Program FilesHPDigital ImagingbinhpqSTE08.exe [168960] [PID.65184]
[MD5.9843F58DF3E2908D1FED4DF4B8747E51] – (.Hewlett-Packard Co. – HP CUE Alert Popup Window Objects.) — C:Program FilesHPDigital Imagingbinhpqbam08.exe [559104] [PID.65216]
[MD5.883008A9B5BFF94A153D99DBA54CB5C1] – (.Hewlett-Packard – GPCore COM object.) — C:Program FilesHPDigital Imagingbinhpqgpc01.exe [362496] [PID.65244]
[MD5.3E399A1328181C2A352472369DE2A93A] – (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe [844752] [PID.10368]
[MD5.0C3C47124215C5E566F92C3F2E31D86A] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8192512] [PID.8316]
[MD5.6080A176D09435FC8E6E800996656E18] – (.Microsoft Corporation – Console IME.) — C:Windowssystem32conime.exe [69120] [PID.8700]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] – (.Microsoft Corporation – Service de gestion des licences Microsoft.) — C:Windowssystem32SLsvc.exe [3408896] [PID.1344]
[MD5.4BE7EC02133544CDE7A580875E130208] – (.AVAST Software – avast! Service.) — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [50344] [PID.1708]
[MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program FilesCommon FilesAdobeARM1.0armsvc.exe [63960] [PID.1960]
[MD5.85180CF88C5EBAD73B452A43A004CA51] – (.AOL LLC – AOL Connectivity Service.) — C:Program FilesCommon FilesAOLACSAOLAcsd.exe [46640] [PID.1916]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] – (.Apple Inc. – MobileDeviceService.) — C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe [57008] [PID.776]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] – (.Apple Inc. – Bonjour Service.) — C:Program FilesBonjourmDNSResponder.exe [390504] [PID.836]
[MD5.4F4F94777D3DE647FD67E2145EAC1260] – (.France Telecom SA – Pas de description.) — C:Program FilesCommon FilesFrance TelecomShared ModulesFTRTSVCFTRTSVC.exe [69632] [PID.2084]
[MD5.506B0B498216371D64ABB69145B70E4C] – (…) — C:Program FilesTortor.exe [3233806] [PID.2368]
[MD5.CF7B0E597C1F34E528285495721DEEE9] – (.Google Inc. – Google Crash Handler.) — C:Program FilesGoogleUpdate1.3.21.165GoogleCrashHandler.exe [237960] [PID.3684]
[MD5.10E89F598469C60D8C87A8218089A87D] – (.Akamai Technologies, Inc. – Akamai NetSession Client.) — C:UsersBryanAppDataLocalAkamainetsession_win.exe [4489472] [PID.64396]
~ Processes Running: Scanned in 00mn 01s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersRébeccaAppDataLocalGoogleChromeUser DataDefaultPreferences
G1 – GCS: Preference [User DataDefault] http://www.searchgol.com” onclick=”window.open(this.href);return false; =>Hijacker.SearchGol
G0 – GCSP: Preference [User DataDefault] http://www.searchgol.com” onclick=”window.open(this.href);return false; =>Hijacker.SearchGol
~ Google Browser: 8 Legitimates Filtered in 00mn 13s

—\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://startpage.com” onclick=”window.open(this.href);return false;
R3 – URLSearchHook: SearchHook Class – {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} . (.Pando Networks – Pando Web Plugin.) (No version) — (.not file.)
R3 – URLSearchHook: Microsoft Url Search Hook – {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks – Pando Web Plugin.) (No version) — (.not file.)
~ IE Browser: 8 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32Userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20

—\ Browser Helper Objects de navigateur (O2)
O2 – BHO: AOL Toolbar Launcher – {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} . (.AOL – Librairie de lien dynamique AOL Toolbar pou.) — C:Program FilesAOLAOL Toolbar 4.0aoltb.dll
~ BHO: 18 Legitimates Filtered in 00mn 00s

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: AOL Toolbar – [HKLM]{DE9C389F-3316-41A7-809B-AA305ED9D922} . (.AOL – Librairie de lien dynamique AOL Toolbar pou.) — C:Program FilesAOLAOL Toolbar 4.0aoltb.dll
O3 – Toolbar: avast! Online Security – [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software – IE Webrep plugin.) — C:Program FilesAlwil SoftwareAvast5aswWebRepIE.dll
O3 – ToolbarWebBrowser: (no name) – [HKCU]{DE9C389F-3316-41A7-809B-AA305ED9D922} Clé orpheline
O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: AOL 9.0 VR.lnk . (.AOL – AOL.) — D:AOL 9.0 VRaol.exe
O4 – GSDesktop [Public]: eMule.lnk . (.http://www.emule-project.net” onclick=”window.open(this.href);return false; – eMule.) — C:Program FileseMuleemule.exe
O4 – GSDesktop [Public]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation – OpenOffice 4.0.1.) — C:Program FilesOpenOffice 4programsoffice.exe
O4 – GSProgram [Public]: More Great Games.lnk – Clé orpheline
O4 – GSQuickLaunch [Rébecca]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [Rébecca]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSProgram [Rébecca]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSSystemTools [Rébecca]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSDesktop [Rébecca]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
O4 – GSDesktop [Rébecca]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
O4 – GSQuickLaunch [Evelyne]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe http://www.qvo6.com” onclick=”window.open(this.href);return false; =>Hijacker.Qvo6
O4 – GSQuickLaunch [Evelyne]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe http://www.qvo6.com” onclick=”window.open(this.href);return false; =>Hijacker.Qvo6
O4 – GSQuickLaunch [Evelyne]: Search.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe http://feed.snapdo.com” onclick=”window.open(this.href);return false; =>Hijacker.SmartBar
O4 – GSProgram [Evelyne]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe http://www.qvo6.com” onclick=”window.open(this.href);return false; =>Hijacker.Qvo6
O4 – GSProgram [Evelyne]: Search.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe http://feed.snapdo.com” onclick=”window.open(this.href);return false; =>Hijacker.SmartBar
O4 – GSSystemTools [Evelyne]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe http://www.qvo6.com” onclick=”window.open(this.href);return false; =>Hijacker.Qvo6
O4 – GSDesktop [Evelyne]: bs_simple_annee_incomplete_-_a_compter_aout_2012_-_11–1 – Raccourci.lnk . (…) — C:UsersRébeccaDocumentssalaire hadrien.xls (.not file.)
O4 – GSDesktop [Evelyne]: Documents – Raccourci.lnk . (…) — C:UsersRébeccaDocuments
O4 – GSDesktop [Evelyne]: Search.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe http://feed.snapdo.com” onclick=”window.open(this.href);return false; =>Hijacker.SmartBar
O4 – GSQuickLaunch [Chaufour]: AOL 9.0 VR.lnk . (.AOL – AOL.) — D:AOL 9.0 VRaol.exe
O4 – GSQuickLaunch [Chaufour]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [Chaufour]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSQuickLaunch [Chaufour]: Titan Poker.lnk . (…) — C:PokerTitan Pokercasino.exe (.not file.) =>Adware.Casino
O4 – GSProgram [Chaufour]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSProgram [Chaufour]: Titan Poker.lnk . (…) — C:PokerTitan Pokercasino.exe (.not file.) =>Adware.Casino
O4 – GSSystemTools [Chaufour]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSDesktop [Chaufour]: Everest Poker.fr.lnk . (…) — C:Program FilesEverest Poker.frCStart.exe (.not file.) =>PUP.Casino
O4 – GSQuickLaunch [Bryan]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [Bryan]: Internet Explorer (2).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSQuickLaunch [Bryan]: Internet Explorer (3).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSQuickLaunch [Bryan]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSQuickLaunch [Bryan]: S4League.lnk . (.(c) Neowiz Games – S4 League Game Launcher.) — C:Program FilesalaplayaS4Leaguepatcher_s4.exe
O4 – GSProgram [Bryan]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSSystemTools [Bryan]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSDesktop [Bryan]: Aquarium exotique Screensaver.lnk . (.Axialis Software – Screen Saver.) — C:WindowsSystem32Aquarium Exotique.scr
O4 – GSDesktop [Bryan]: Images – Raccourci.lnk . (…) — C:UsersRébeccaPictures
O4 – GSDesktop [Bryan]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Global Startup: 127 Legitimates Filtered in 00mn 02s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Public]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. – HP Digital Imaging Monitor.) — C:Program FilesHPDigital Imagingbinhpqtra08.exe =>.Hewlett-Packard Co
O4 – GSStartup [Rébecca]: OpenOffice.org 3.1.lnk . (…) — C:Program FilesOpenOffice.org 3programquickstart.exe (.not file.)
O4 – GSStartup [Evelyne]: Lanceur.lnk . (.Micro Application – Pas de description.) — C:Program FilesMicro ApplicationLauncherMA.exe
O4 – GSStartup [Evelyne]: OpenOffice.org 3.2.lnk . (…) — C:Program FilesOpenOffice.org 3programquickstart.exe (.not file.)
O4 – GSStartup [Bryan]: OpenOffice.org 3.1.lnk . (…) — C:Program FilesOpenOffice.org 3programquickstart.exe (.not file.)
O4 – HKLM..Run: [Windows Defender] . (.Microsoft Corporation – Windows Defender User Interface.) — C:Program FilesWindows DefenderMSASCui.exe
O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – HD Audio Control Panel.) — C:Program FilesRealtekAudioHDARtHDVCpl.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [Skytel] . (.Realtek Semiconductor Corp. – Realtek Voice Manager.) — C:Program FilesRealtekAudioHDASkytel.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [HostManager] . (.America Online, Inc. – AOL.) — C:Program FilesCommon FilesAOL1265362316eeAOLSoftware.exe
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:Windowssystem32igfxpers.exe
O4 – HKLM..Run: [HP Software Update] . (.Hewlett-Packard – hpwuSchd Application.) — C:Program FilesHPHP Software UpdateHPWuSchd2.exe =>.Hewlett-Packard Co
O4 – HKLM..Run: [IMBooster] C:Program FilesIminentIMBoosterimbooster.exe (.not file.) =>Adware.IMBooster
O4 – HKLM..Run: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Run: [CardDetectorHUAWEI] . (.France Telecom SA – Pas de description.) — C:Program FilesCardDetectorHUAWEICardDetector.exe
O4 – HKLM..Run: [BEWINTERNET-FR-DMGP-V2SessionManager] . (.France Telecom SA – Pas de description.) — C:Program FilesOrangeIEWInternetSessionManagerSessionManager.exe
O4 – HKLM..Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesQuickTimeQTTask.exe
O4 – HKLM..Run: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe
O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (.not file.) =>Toolbar.Google
O4 – HKCU..Run: [msnmsgr] ~”C:Program FilesWindows LiveMessengermsnmsgr.exe (.not file.)
O4 – HKCU..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
O4 – HKCU..Run: [Pando Media Booster] . (.Pas de propriétaire – Pando Media Booster.) — C:Program FilesPando NetworksMedia BoosterPMB.exe
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..Run: [WindowsWelcomeCenter] Clé orpheline
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [WindowsWelcomeCenter] Clé orpheline
O4 – HKUSS-1-5-21-3385765646-2502414165-3692084876-1000..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-3385765646-2502414165-3692084876-1000..Run: [WindowsWelcomeCenter] Clé orpheline
O4 – HKUSS-1-5-21-3385765646-2502414165-3692084876-1000..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe (.not file.) =>Toolbar.Google
O4 – HKUSS-1-5-21-3385765646-2502414165-3692084876-1000..Run: [AOL Fast Start] . (.AOL – AOL.) — D:AOL 9.0 VRAOL.exe
O4 – HKUSS-1-5-21-3385765646-2502414165-3692084876-1000..Run: [SDP] C:Program FilesFilesFrog Update Checkerupdate_checker.exe (.not file.) =>Adware.MegaSearch
O4 – HKUSS-1-5-21-3385765646-2502414165-3692084876-1000..RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated – Adobe® Flash® Player Installer/Uninstaller.) — C:Windowssystem32MacromedFlashFlashUtil32_11_7_700_224_ActiveX.exe
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: @C:Program FilesWindows LiveCompanioncompanionlang.dll,-600 – {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation – Windows Live Messenger Companion core resources.) — C:Program FilesWindows LiveCompanioncompanionres.dll
O9 – Extra button: @C:Program FilesWindows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation – Windows Live Writer Blog This Extension.) — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 – Extra button: AOL Toolbar – {3369AF0D-62E9-4bda-8103-B4C75499B578} . (.AOL – AOL Toolbar.) — c:program filesaolaol toolbar 4.0resourcesfr-FRaoltbres.dll
O9 – Extra button: Afficher ou masquer l’HP Smart Web Printing – {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. – HP Smart Web Printing add-on for Internet Explorer.) — C:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Objets ActiveX (Downloaded Program Files)(O16)
O16 – DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} ((no name)) – http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20100728060044” onclick=”window.open(this.href);return false;
O16 – DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} ((no name)) – http://copainsdavant.linternaute.com/framework/lib/objimageuploader/html_include/5.1.1.0/ImageUploader5.cab” onclick=”window.open(this.href);return false;
O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) – http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab” onclick=”window.open(this.href);return false;
~ Objets ActiveX: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{96B6F06F-EF6A-46A9-88DC-90E3FD92A7CE}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{96B6F06F-EF6A-46A9-88DC-90E3FD92A7CE}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{96B6F06F-EF6A-46A9-88DC-90E3FD92A7CE}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS3ServicesTcpip..{96B6F06F-EF6A-46A9-88DC-90E3FD92A7CE}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation – Windows Live Album Download Protocol Handle.) — C:Program FilesWindows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
O18 – Filter: application/x-msdownload – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – AppInit_DLLs: . (…) – C:Program Filesbitguard271769~1.27{c16c1~1bitguard.dll (.not file.) =>PUP.BitGuard
~ AppInit DLL: Scanned in 00mn 00s

—\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation – Bibliothèque de l’interface utilisateur du.) — C:WindowsSystem32browseui.dll
~ STS/SSO: Scanned in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: Tor Win32 Service (tor) . (…) – C:Program FilesTortor.exe
~ Services: 8 Legitimates Filtered in 00mn 05s

—\ Tâches planifiées en automatique (O39)
O39 – APT:Automatic Planified Task – C:WindowsTasksDMEPeriodicTask.job [304]
[MD5.00000000000000000000000000000000] [APT] [{208A3873-FE23-4176-8E18-4119AA0C2B68}] (…) — E:setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{71F025F2-2FE1-4D16-ABF5-985ABB27027A}] (…) — c:UsersRébeccaDownloadsphotofiltre.exe (.not file.) [0]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 03s

—\ Logiciels installés (O42)
O42 – Logiciel: Akamai NetSession Interface Service – (…) [HKLM] — Akamai
O42 – Logiciel: Culture Gé Avancé mon coach particulier – (…) [HKLM] — {8569BE3A-9F93-41A0-A59D-F58E9AFA553E}
O42 – Logiciel: Dans les secrets de l’art – (…) [HKLM] — {4549B8D8-E4FD-418E-B238-D898C06E8DEC}
O42 – Logiciel: Holly 2 – Le pays magique – (…) [HKLM] — {38374155-1720-4D43-AF0D-E11B0675B8A7}
O42 – Logiciel: Iminent – (.Iminent.) [HKLM] — {B5A7A63A-EE4A-4735-A8E5-D2E242611E55} =>Adware.IMBooster
O42 – Logiciel: SweetIM for Messenger 3.6 – (.SweetIM Technologies Ltd..) [HKLM] — {0D5BBB2B-F044-46C3-877B-6A6BE1E08D19} =>PUP.SweetIM
~ Logic: 89 Legitimates Filtered in 00mn 00s

—\ HKCU & HKLM Software Keys
[HKCUSoftwarePando Networks]
[HKLMSoftwarePando Networks]
~ Key Software: 145 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 25/09/2010 – 17:21:07 – [7,174] —-D C:Program FilesPando Networks
O43 – CFD: 23/05/2013 – 14:56:23 – [0,043] —-D C:Program FilesUninstaller
~ 540 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 720 Legitimates Filtered in 00mn 37s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.FD93DE34E4636DB9EB702385927E4354] – 04/11/2013 – 19:53:45


. (…) — C:UsbFix [Scan 3] PC-DE-CHAUFOUR.txt [16387]
O44 – LFC:[MD5.AE74ED07562F3918AA89006D60989E70] – 09/11/2013 – 19:51:05


. (…) — C:UsbFix [Clean 3] PC-DE-CHAUFOUR.txt [14890]
O44 – LFC:[MD5.A20DE33FAAB95A88086DBBFCBED39452] – 09/11/2013 – 20:10:17


. (…) — C:UsbFix [Clean 4] PC-DE-CHAUFOUR.txt [9683]
O44 – LFC:[MD5.45B102D50E9800A5B28150AF32A1DAC6] – 09/11/2013 – 20:54:21 —A- . (…) — C:UsbFix [Clean 5] PC-DE-CHAUFOUR.txt [11996]
~ Files: 57 Legitimates Filtered in 00mn 23s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.FCA9C4FC1BB131DFC21DCB77C1AC3824] – 10/11/2013 – 08:11:26 —A- – C:WindowsPrefetchHPQPHOTOCRM.EXE-3FC4DE4E.pf
O45 – LFCP:[MD5.9226C89D33DCF75F2EF62739E4D583FC] – 10/11/2013 – 08:18:19 —A- – C:WindowsPrefetchSHELLRESTART.EXE-8234B0D0.pf
O45 – LFCP:[MD5.E3C35134ACD2355ECCC80ADB5B29CD24] – 10/11/2013 – 08:18:20 —A- – C:WindowsPrefetchWAOL.EXE-6897E6A6.pf
O45 – LFCP:[MD5.41FC697C991A4F25E4B11F74AA7AC9EE] – 10/11/2013 – 08:18:22 —A- – C:WindowsPrefetchAOL.EXE-9A2184F3.pf
O45 – LFCP:[MD5.1FB4E186C25D0D1F6235F5E10E36F77D] – 10/11/2013 – 08:18:32 —A- – C:WindowsPrefetchSHELLMON.EXE-FEF06B49.pf
O45 – LFCP:[MD5.8AFA712F95C970544C9D2A73A3DDF9CF] – 10/11/2013 – 08:18:45 —A- – C:WindowsPrefetchAOLTPSD3.EXE-F1BCE065.pf
O45 – LFCP:[MD5.CB4BC40B8927AB36488C945E54CA20A3] – 10/11/2013 – 10:42:08 —A- – C:WindowsPrefetchPATCHER_S4.EXE-0D924D66.pf
O45 – LFCP:[MD5.B988681BD17374F0599772C892E99428] – 10/11/2013 – 10:42:18 —A- – C:WindowsPrefetchHGWC.EXE-04861EA2.pf
O45 – LFCP:[MD5.59E5C3F353D9BD5B3D6CD466B608CA71] – 10/11/2013 – 10:42:31 —A- – C:WindowsPrefetchXTRAP.XT-B4B251B1.pf
O45 – LFCP:[MD5.145057AFE9A9146F1CFA421F0A267943] – 10/11/2013 – 12:09:27 —A- – C:WindowsPrefetchINSTUP.EXE-52AC782A.pf
~ Prefetcher: 94 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] – 21/10/2013 – 06:31:42 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [49944]
O58 – SDL:[MD5.8AAD333C876590293F72B315E162BCC7] – 02/11/2006 – 08:09:42 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
~ Drivers: 16 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 09/11/2013 – 12:31:45 —A- . (…) — C:UsersRébeccaAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [260408]
O61 – LFC: 09/11/2013 – 12:31:45 —A- . (…) — C:UsersRébeccaAppDataLocalavgchromeavgp [99779]
O61 – LFC: 09/11/2013 – 12:32:12 —A- . (…) — C:UsersRébeccaDocumentsliste mangas.odt [18918]
O61 – LFC: 09/11/2013 – 12:33:14 —A- . (…) — C:UsersRébeccatelechargementadwcleaner.exe [1073262]
O61 – LFC: 10/11/2013 – 12:31:49 —A- . (…) — C:UsersRébeccaAppDataLocalGoogleChromeUser DataLocal State [45917]
O61 – LFC: 10/11/2013 – 12:31:51 —A- . (…) — C:UsersRébeccaAppDataLocalPMB Filescertcert8.db [65536] =>P2P.Pando
O61 – LFC: 10/11/2013 – 12:31:51 —A- . (…) — C:UsersRébeccaAppDataLocalPMB Filescertkey3.db [16384] =>P2P.Pando
O61 – LFC: 10/11/2013 – 12:31:51 —A- . (…) — C:UsersRébeccaAppDataLocalPMB Filescertsecmod.db [16384] =>P2P.Pando
O61 – LFC: 10/11/2013 – 12:31:51 —A- . (…) — C:UsersRébeccaAppDataLocalPMB Filespando.save [1125] =>P2P.Pando
O61 – LFC: 10/11/2013 – 12:32:11 —A- . (…) — C:UsersRébeccaAppDataRoamingZHPLog.txt [20787] =>.Nicolas Coolman
O61 – LFC: 10/11/2013 – 12:32:11 —A- . (…) — C:UsersRébeccaAppDataRoamingZHPTestsZHPDiag.txt [2900] =>.Nicolas Coolman
~ 3 Fichiers temporaires (Temporary files)
~ Files: 131 Legitimates Filtered in 01mn 32s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” /S
O67 – Shell Spawning: [HKU..openCommand] (.Not Key.)
O67 – Shell Spawning: [HKU..openCommand] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (…) — D:AOL9~1.0VRaol.exe http://www.qvo6.com” onclick=”window.open(this.href);return false; =>Hijacker.Qvo6
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {1615CDA5-C909-4415-BEFC-970AC3956881} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {4748B98B-7174-434f-9C7D-9EAFF2F37D8B} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {FB56CED7-3ECA-4609-8586-B91EFB70AB07} – (Yahoo) – http://fr.search.yahoo.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][03/11/2013] (…) — C:UsersRébeccaAppDataLocalTempQuarantine.exe [350259]
~ Files: 6 Legitimates Filtered in 00mn 00s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “{D97C371A-699C-49D3-9928-D4479D5D060B}” |In – Private – P6 – TRUE | .(…) — C:Program FilesIminentIMBoosterIMBooster.exe (.not file.) =>Adware.IMBooster
O87 – FAEL: “{14A84F40-472E-48DE-A052-5E7FD009794E}” |Out – Private – P6 – TRUE | .(…) — C:Program FilesIminentIMBoosterIMBooster.exe (.not file.) =>Adware.IMBooster
O87 – FAEL: “{23EDC2B4-D84A-42A3-AA2C-958AFD0D7762}” |In – Private – P6 – TRUE | .(…) — C:Program FilesIminentMMServerIminent.MMServer.exe (.not file.) =>Adware.IMBooster
O87 – FAEL: “{42BBF812-402C-4E7B-B32C-7342C555022E}” |Out – Private – P6 – TRUE | .(…) — C:Program FilesIminentMMServerIminent.MMServer.exe (.not file.) =>Adware.IMBooster
O87 – FAEL: “{A925AF45-8331-4D95-898E-8E97428B4FFA}” |In – Public – P6 – TRUE | .(…) — C:jeuxElsword_FRdatax2.exe (.not file.)
O87 – FAEL: “{4D717F40-99CD-4A61-84AA-91C134C5F2EF}” |In – Public – P17 – TRUE | .(…) — C:jeuxElsword_FRdatax2.exe (.not file.)
O87 – FAEL: “{2DE0D176-AF52-4AD3-B1ED-68F143F52C1F}” |In – Public – P6 – TRUE | .(…) — C:ProgramDataeSafeeGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
~ Firewall: 219 Legitimates Filtered in 00mn 01s

—\ Enumère les codes produits des logiciels (PUC) (O90)
O90 – PUC: “A36A7A5BA4EE53748A5E2D2E2416E155” . (.Iminent.) — C:WindowsInstaller{B5A7A63A-EE4A-4735-A8E5-D2E242611E55}imbooster.ico =>Adware.IMBooster
O90 – PUC: “A6A9B7407E12FC548852A060E1FEB932” . (.SweetIM Toolbar for Internet Explorer 4.3.) — C:WindowsInstaller{047B9A6A-21E7-45CF-8825-0A061EEF9B23}ARPPRODUCTICON.exe =>PUP.SweetIM
O90 – PUC: “BA172DB42E6685D4FA8808EFB370074C” . (.Fissa.) — C:WindowsInstaller{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}ARPPRODUCTICON.exe =>PUP.OfferBox
~ Update Products: 100 Legitimates Filtered in 00mn 00s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.54EB55922213B6DD04896E6F781FDCF1] [WIS][03/06/2011] (.Iminent – Iminent.) — C:WindowsInstaller1465d47.msi [993280] =>Adware.IMBooster
[MD5.173D38427980E12E08829C35D8DD679E] [WIS][02/03/2011] (.Builds the Destinations MSI – Builds the Destinations MSI.) — C:WindowsInstaller1fa024c.msi [459264]
[MD5.248B3A1E05B4C347F5372C40DD8B7F73] [WIS][06/02/2012] (.SweetIM Technologies Ltd. – SweetIM for Messenger 3.6.) — C:WindowsInstaller2a6cd4f.msi [1947136] =>PUP.SweetIM
[MD5.D8B82ABBC1C82768978FBE17F58AFA66] [WIS][06/02/2012] (.SweetIM Technologies Ltd. – SweetIM Toolbar for Internet Explorer 4.0.) — C:WindowsInstaller2a6cd55.msi [1838592] =>PUP.SweetIM
[MD5.117E509FE6FF7257E1242EB56D4B7B5B] [WIS][04/11/2013] (.ReSoft Ltd. – Snap.Do.) — C:WindowsInstaller48c68.msi [1708032] =>Hijacker.SmartBar
~ WIS: 102 Legitimates Filtered in 00mn 04s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 27/07/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program FilesCommon FilesAdobeARM1.0armsvc.exe
SR – | Auto 21/01/2008 21504 | c:program filescommon filesakamainetsession_win_8fa3539.dll (Akamai) . (.Akamai Technologies, Inc..) – C:WindowsSystem32svchost.exe
SR – | Auto 23/10/2006 46640 | (AOL ACS) . (.AOL LLC.) – C:Program FilesCommon FilesAOLACSAOLAcsd.exe
SR – | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) – C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
SR – | Auto 21/10/2013 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
SR – | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SR – | Auto 03/12/2008 69632 | C:Program FilesCOMMON~1France TelecomShared ModulesFTRTSVCFTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) – C:Program FilesCommon FilesFrance TelecomShared ModulesFTRTSVCFTRTSVC.exe
SS – | Auto 06/02/2010 135664 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 06/02/2010 135664 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 03/09/2012 194032 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
SR – | Demand 21/01/2008 21504 | C:Program FilesHPDigital Imagingbinhpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
SR – | Auto 21/01/2008 21504 | C:Program FilesHPDigital Imagingbinhpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
SS – | Demand 20/02/2013 553288 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SR – | Auto 21/01/2008 21504 | C:Windowssystem32HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
SS – | Demand 24/02/2010 3432444 | (npggsvc) . (.INCA Internet Co., Ltd..) – C:Windowssystem32GameMon.des
SR – | Auto 21/01/2008 21504 | C:Windowssystem32HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
SR – | Auto 01/09/2013 3233806 | (tor) . (…) – C:Program FilesTortor.exe
SR – | Auto 21/01/2008 21504 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 21/01/2008 21504 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 06s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
~ MBR: 1 Legitimates Filtered in 00mn 02s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Rébecca at 10/11/2013 12:34:19

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s

—\ Scan Additionnel (O88)
Database Version : 12993 – (09/11/2013)
Clés trouvées (Keys found) : 25
Valeurs trouvées (Values found) : 12
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 4

[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{B5A7A63A-EE4A-4735-A8E5-D2E242611E55}] =>Adware.IMBooster^
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{0D5BBB2B-F044-46C3-877B-6A6BE1E08D19}] =>PUP.SweetIM^
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =>Adware.SPointer
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{58124A0B-DC32-4180-9BFF-E0E21AE34026}] =>Adware.IMBooster
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{977AE9CC-AF83-45E8-9E03-E2798216E2D5}] =>Adware.IMBooster
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster
[HKLMSoftwareClassesInstallerFeaturesA6A9B7407E12FC548852A060E1FEB932] =>PUP.SweetIM
[HKLMSoftwareClassesInstallerProductsA6A9B7407E12FC548852A060E1FEB932] =>PUP.SweetIM
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ProductsA6A9B7407E12FC548852A060E1FEB932] =>PUP.SweetIM
[HKLMSoftwareClassesInstallerFeaturesBA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
[HKLMSoftwareClassesInstallerProductsBA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ProductsBA172DB42E6685D4FA8808EFB370074C] =>PUP.OfferBox
[HKLMSoftwareClassesInstallerFeaturesB2BBB5D0440F3C6478B7A6B61E0ED891] =>PUP.SweetIM
[HKLMSoftwareClassesInstallerProductsB2BBB5D0440F3C6478B7A6B61E0ED891] =>PUP.SweetIM
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ProductsB2BBB5D0440F3C6478B7A6B61E0ED891] =>PUP.SweetIM
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{047B9A6A-21E7-45CF-8825-0A061EEF9B23}] =>PUP.SweetIM
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodesF1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKLMSoftwareClassesAOLTB.AOLToolBand.1] =>Toolbar.Agent
[HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExtPreApproved{11111111-1111-1111-1111-110111271165}] =>PUP.CrossRider
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsFF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]:IMBooster =>Adware.IMBooster^
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:swg =>Toolbar.Google^
C:WindowsInstaller1465d47.msi =>Adware.IMBooster^
C:WindowsInstaller2a6cd4f.msi =>PUP.SweetIM^
C:WindowsInstaller2a6cd55.msi =>PUP.SweetIM^
C:WindowsInstaller48c68.msi =>Hijacker.SmartBar^
~ Additionnel Scan: 320790 Items scanned in 00mn 28s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/33216982-hijacker-searchgol” onclick=”window.open(this.href);return false; =>Hijacker.SearchGol
~ http://nicolascoolman.webs.com/apps/blog/show/26631242-hijacker-qvo6” onclick=”window.open(this.href);return false; =>Hijacker.Qvo6
~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar” onclick=”window.open(this.href);return false; =>Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blog/show/28388393-adware-casino” onclick=”window.open(this.href);return false; =>Adware.Casino
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster” onclick=”window.open(this.href);return false; =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google” onclick=”window.open(this.href);return false; =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch” onclick=”window.open(this.href);return false; =>Adware.MegaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard” onclick=”window.open(this.href);return false; =>PUP.BitGuard
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim” onclick=”window.open(this.href);return false; =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity” onclick=”window.open(this.href);return false; =>PUP.eSafeSecurity
~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox” onclick=”window.open(this.href);return false; =>PUP.OfferBox
~ http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer” onclick=”window.open(this.href);return false; =>Adware.SPointer
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods” onclick=”window.open(this.href);return false; =>PUP.Funmoods
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo” onclick=”window.open(this.href);return false; =>Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider” onclick=”window.open(this.href);return false; =>PUP.CrossRider
~ MSI: 16 link(s) detected in 00mn 28s

~ 1869 Legitimates filtered by white list
End of the scan (614 lines in 05mn 04s)(0)