clemsmac
Nombre d'articles : 0

~ Rapport de ZHPDiag v2013.12.1.4 – Nicolas Coolman (01/12/2013)
~ Lancé par Clémence (01/12/2013 17:15:31)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16428
MFIE: Mozilla Firefox 23.0.1
GCIE: Google Chrome v31.0.1650.57 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 2BT4J
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
avast! Free Antivirus v8.0.1497.0
Malwarebytes Anti-Malware version 1.75.0.1300
Spybot – Search & Destroy v1.6.2
Windows Defender W7

—\ Logiciels d’optimisation du système
CCleaner v3.00 =>Piriform Ltd

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X

—\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3004 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 103 GB (72%) free of 141 GB

—\ Mode de connexion au système
~ Computer Name: CLÉMENCE-PC
~ User Name: Clémence
~ All Users Names: HomeGroupUser$, Clémence, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UsersClémenceAppDataRoamingZHP
~ %AppData% : C:UsersClémenceAppDataRoaming
~ %Desktop% : C:UsersClémenceDesktop
~ %Favorites% : C:UsersClémenceFavorites
~ %LocalAppData% : C:UsersClémenceAppDataLocal
~ %StartMenu% : C:UsersClémenceAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 103 Go of 141 Go)
D: Hard drive, Flash drive, Thumb drive (Free 114 Go of 141 Go)
E: CD-ROM drive (Free 0 Go of 0 Go)

—\ Etat du Centre de Sécurité Windows
~ Security Center: 46 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 06:30:54.) — C:WindowsExplorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:14:45.) — C:WindowsSystem32Wininit.exe [96256]
[MD5.B5EB5BD3066959611E1F7A80FD6CC172] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.20/11/2013 – 16:32:17.) — C:WindowsSystem32wininet.dll [1818112]
[MD5.6D13E1406F50C66E2A95D97F22C47560] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 13:17:54.) — C:WindowsSystem32Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 13:21:24.) — C:WindowsSystem32sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.14/09/2013 – 01:48:58.) — C:Windowssystem32DriversAFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:26:15.) — C:Windowssystem32Driversatapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:11:15.) — C:Windowssystem32DriversCdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 09:38:10.) — C:Windowssystem32DriversCdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 09:42:32.) — C:Windowssystem32DriversDfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 10:59:29.) — C:Windowssystem32DriversHDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:11:24.) — C:Windowssystem32Driversi8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 00:54:29.) — C:Windowssystem32DriversIpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:17:22.) — C:Windowssystem32DriversMRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 09:39:44.) — C:Windowssystem32DriversnetBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 14:45:29.) — C:Windowssystem32Driversntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 00:45:35.) — C:Windowssystem32DriversParport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/07/2009 – 00:54:34.) — C:Windowssystem32DriversRasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 00:53:41.) — C:Windowssystem32Driverssmb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 09:39:17.) — C:Windowssystem32Driverstdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 13:30:16.) — C:Windowssystem32Driversvolsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
Mes images (My Pictures) : 2/2 (Modified)
Mes musiques (My Musics) : 8/8 (Modified)
~ Mes Favoris (My Favorites) : 1/24
~ Mes Documents (My Documents) : 2/43
~ Mon Bureau (My Desktop) : 2/8
~ Menu demarrer (Programs) : 1/67
~ Hidden Files: Scanned in 00mn 00s

—\ Processus lancés
[MD5.A46796CCF032D35720347262998D1F90] – (.Samsung Electronics Co., Ltd. – Easy Display Manager.) — C:Program FilesSamsungEasy Display Managerdmhkcore.exe [835072] [PID.408]
[MD5.E3735DC796E5183D63F35921B058934C] – (.Samsung Electronics Co., Ltd. – EasySpeedUpManager.) — C:Program FilesSAMSUNGEasySpeedUpManagerEasySpeedUpManager.exe [716800] [PID.660]
[MD5.8A0B0E4102C2CCA25DA3134FE12FCC3E] – (.SAMSUNG Electronics – SSCKbdHk.) — C:Program FilesSamsungSamsung Support CenterSSCKbdHk.exe [91136] [PID.796]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] – (…) — ystem32rundll32.exe [0] [PID.3564]
[MD5.33D6DAED2D70F27F17072A54CE094050] – (.Intel Corporation – igfxext Module.) — C:windowssystem32igfxext.exe [173080] [PID.3892]
[MD5.E4A94D17436B4E9F53CD64D08E53D964] – (.Synaptics Incorporated – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe [1713448] [PID.2332]
[MD5.AEC3B5364C525B52608068D9262EAE48] – (.Intel Corporation – igfxsrvc Module.) — C:windowssystem32igfxsrvc.exe [252952] [PID.2720]
[MD5.C3478B1A659740643D232DD257F71BB3] – (.Intel Corporation – igfxTray Module.) — C:WindowsSystem32igfxtray.exe [141848] [PID.1256]
[MD5.3BB7267A09D7BD95E8017FBB30A2397A] – (.Intel Corporation – hkcmd Module.) — C:WindowsSystem32hkcmd.exe [174104] [PID.3144]
[MD5.ADBCCAFEBD3973F07AF52630DE78911D] – (.Intel Corporation – persistence Module.) — C:WindowsSystem32igfxpers.exe [151064] [PID.3488]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe [4858968] [PID.3636]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] – (.Hewlett-Packard – hpwuSchd Application.) — C:Program FilesHPHP Software Updatehpwuschd2.exe [49208] [PID.3732]
[MD5.2A4F72E6C43FAEE62A341F2FC24A442C] – (.Synaptics Incorporated – Synaptics Pointing Device Helper.) — C:Program FilesSynapticsSynTPSynTPHelper.exe [103720] [PID.272]
[MD5.1DE65EBD6DF1ADC1D74CD9218FC68693] – (.Spotify Ltd – SpotifyWebHelper.) — C:UsersClémenceAppDataRoamingSpotifyDataSpotifyWebHelper.exe [1168896] [PID.3936]
[MD5.395BCC9122E705F6586217E32CD01CC9] – (.Hewlett-Packard Co. – ScanToPCActivationApp.) — C:Program FilesHPHP Photosmart 5520 seriesBinScanToPCActivationApp.exe [1837672] [PID.3324]
[MD5.F4CC196E5633297C2122E5D7D92CE0EE] – (.Hewlett-Packard Co. – HPNetworkCommunicatorCom.) — C:Program FilesHPHP Photosmart 5520 seriesBinHPNetworkCommunicatorCom.exe [790120] [PID.3152]
[MD5.F7E1CCBAD109329203AACB1E87BE614C] – (.Dropbox, Inc. – Dropbox.) — C:UsersClémenceAppDataRoamingDropboxbinDropbox.exe [27776968] [PID.1268]
[MD5.636D97B3BAF854511FF3F4093E895FED] – (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe [863184] [PID.5828]
[MD5.C155A13687144076286989EF078112C2] – (.Nicolas Coolman – ZHPDiag Setup.) — C:Program FilesZHPDiagZHPhep.exe [1917440] [PID.4600]
[MD5.3E02FD57FDAF184A15CCAD9D9BD9C626] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8263680] [PID.3868]
~ Processes Running: Scanned in 00mn 00s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersClémenceAppDataLocalGoogleChromeUser DataDefaultPreferences
~ Google Browser: 10 Legitimates Filtered in 00mn 00s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:UsersClémenceAppDataRoamingMozillaFirefoxProfilesc5xy1crd.defaultprefs.js
C:UsersClémenceAppDataRoamingMozillaFirefoxProfilesc5xy1crd.defaultuser.js
M3 – MFPP: Plugins – [Clémence] — C:UsersClémenceAppDataRoamingMozillaFirefoxProfilesc5xy1crd.defaultsearchpluginsappbario8-customized-web-search.xml =>PUP.AppBario
M2 – MFEP: prefs.js [Clémence – c5xy1crd.default217e8200-a3b3-43df-b951-8ec01d483d7f@b98c6809-1f3f-41a1-bb1c-692cf84781e9.com] [] Services x86 v (..) =>PUP.CrossRider
M2 – MFEP: prefs.js [Clémence – c5xy1crd.defaultcrossriderapp5060@crossrider.com] [] Savings Sidekick v (..) =>Adware.GamePlayLabs
M2 – MFEP: prefs.js [Clémence – c5xy1crd.default{884ee231-eab0-4e0c-8f3b-342433278e34}] [] QuickShare Widget v (..) =>PUP.QuickShare
~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
R0 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
R1 – HKLMSOFTWAREMicrosoftInternet ExplorerAboutURLs,Tabs = http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
~ IE Browser: 10 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 06s
~ Nombre de lignes (Lines number): 15514

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: avast! Online Security – [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software – IE Webrep plugin.) — C:Program FilesAlwil SoftwareAvast5aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O4 – GSProgram [Public]: Objectif Tarot.lnk . (…) — C:Program FilesObjectif TarotObjectif Tarot.exe
O4 – GSQuickLaunch [Clémence]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [Clémence]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSTaskBar [Clémence]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O4 – GSTaskBar [Clémence]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O4 – GSTaskBar [Clémence]: MSASCui – Raccourci.lnk . (.Microsoft Corporation – Windows Defender User Interface.) — C:Program FilesWindows DefenderMSASCui.exe
O4 – GSTaskBar [Clémence]: Spybot – Search & Destroy.lnk . (.Safer Networking Limited – Spybot – Search & Destroy.) — C:Program FilesSpybot – Search & DestroySpybotSD.exe
O4 – GSProgram [Clémence]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSProgram [Clémence]: Webplayer.lnk . (…) — C:UsersClémenceAppDataRoamingMicrosoftInstaller{9937E55B-6331-4804-93EF-77E992F204BD}_3F7CDAE07E1639C4AEA7A8.exe
O4 – GSSystemTools [Clémence]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Global Startup: 75 Legitimates Filtered in 00mn 02s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Clémence]: Alertes de surveillance de l’encre – HP Photosmart 5520 series (réseau).lnk . (.Hewlett-Packard Co. – Print Driver Status Business Logic.) — C:Program FilesHPHP Photosmart 5520 seriesbinHPStatusBL.dll =>.Hewlett-Packard Co
O4 – GSStartup [Clémence]: Dropbox.lnk . (.Dropbox, Inc. – Dropbox.) — C:UsersClémenceAppDataRoamingDropboxbinDropbox.exe =>.Dropbox
O4 – HKLM..Run: [SynTPEnh] . (.Synaptics Incorporated – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:windowssystem32igfxtray.exe
O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:windowssystem32hkcmd.exe
O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:windowssystem32igfxpers.exe
O4 – HKLM..Run: [avast5] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5avastUI.exe
O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Run: [HP Software Update] . (.Hewlett-Packard – hpwuSchd Application.) — C:Program FilesHpHP Software UpdateHPWuSchd2.exe =>.Hewlett-Packard Co
O4 – HKLM..Run: [20131121] . (.AVAST Software – avast! Emergency Update.) — C:Program FilesAlwil SoftwareAvast5setupemupdate16b61da7-caa9-40d5-b31d-3c7ae8329c74.exe
O4 – HKLM..Run: [mobilegeni daemon] C:Program FilesMobogenieDaemonProcess.exe (.not file.)
O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKCU..Run: [Spotify Web Helper] . (.Spotify Ltd – SpotifyWebHelper.) — C:UsersClémenceAppDataRoamingSpotifyDataSpotifyWebHelper.exe
O4 – HKCU..Run: [HP Photosmart 5520 series (NET)] . (.Hewlett-Packard Co. – ScanToPCActivationApp.) — C:Program FilesHPHP Photosmart 5520 seriesBinScanToPCActivationApp.exe =>.Hewlett-Packard Co
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-1871111397-3539990770-1974983793-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-1871111397-3539990770-1974983793-1000..Run: [Spotify Web Helper] . (.Spotify Ltd – SpotifyWebHelper.) — C:UsersClémenceAppDataRoamingSpotifyDataSpotifyWebHelper.exe
O4 – HKUSS-1-5-21-1871111397-3539990770-1974983793-1000..Run: [HP Photosmart 5520 series (NET)] . (.Hewlett-Packard Co. – ScanToPCActivationApp.) — C:Program FilesHPHP Photosmart 5520 seriesBinScanToPCActivationApp.exe =>.Hewlett-Packard Co
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: @C:Program FilesWindows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation – Windows Live Writer Blog This Extension.) — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 – Extra button: Skype Click to Call – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (…) — C:Program FilesSkypeToolbarsInternet Explorericon.ico
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Objets ActiveX (Downloaded Program Files)(O16)
O16 – DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} ((no name)) – http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx” onclick=”window.open(this.href);return false;
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab” onclick=”window.open(this.href);return false;
~ Objets ActiveX: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{39B6544F-B867-4806-AC4A-515E65E0F1AF}: DhcpNameServer = 192.168.1.254
O17 – HKLMSystemCS1ServicesTcpip..{39B6544F-B867-4806-AC4A-515E65E0F1AF}: DhcpNameServer = 192.168.1.254
O17 – HKLMSystemCS2ServicesTcpip..{39B6544F-B867-4806-AC4A-515E65E0F1AF}: DhcpNameServer = 192.168.1.254
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation – Windows Live Album Download Protocol Handle.) — C:Program FilesWindows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
O18 – Filter: application/x-msdownload – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

—\ Tâches planifiées en automatique (O39)
O39 – APT:Automatic Planified Task – C:WindowsTasksDigitalSite.job [304] =>Hijacker.DSite
[MD5.00000000000000000000000000000000] [APT] [DigitalSite] (…) — C:UsersClémenceAppDataRoamingDIGITA~1UPDATE~1UPDATE~1.exe (.not file.) [0] =>Hijacker.DSite
[MD5.00000000000000000000000000000000] [APT] [Updater27096.exe] (…) — C:UsersClémenceAppDataLocalUpdater27096Updater27096.exe (.not file.) [0] =>PUP.CrossRider
[MD5.00000000000000000000000000000000] [APT] [{B55400C3-0066-4F29-8687-C649805824AF}] (…) — C:UsersClémenceDownloadssweetimsetup.exe (.not file.) [0] =>PUP.SweetIM
[MD5.00000000000000000000000000000000] [APT] [{D161E5BD-8FA6-4B90-950A-7610B97FD0D3}] (…) — D:Espace de cl‚mencetarot.exe (.not file.) [0]
~ Scheduled Task: 23 Legitimates Filtered in 00mn 05s

—\ Logiciels installés (O42)
O42 – Logiciel: BzTarot 1.02 – (.V. Beuselinck.) [HKLM] — BzTarot_is1
O42 – Logiciel: Free Tarot – (…) [HKLM] — Free Tarot
~ Logic: 6 Legitimates Filtered in 00mn 00s

—\ HKCU & HKLM Software Keys
[HKCUSoftwareBearShare] =>PUP.BearShare
[HKCUSoftwareFree Tarot]
[HKCUSoftwareIncrediMail]
[HKCUSoftwareInstallCore] =>Adware.InstallCore
[HKCUSoftwareegrfdhtygighjuyhjk]
[HKCUSoftware로컬 응용 프로그램 마법사에서 생성된 응용 프로그램]
[HKLMSoftwareASK]
~ Key Software: 223 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 21/08/2012 – 15:12:19 – [2,006] —-D C:Program FilesBzTarot
O43 – CFD: 25/08/2012 – 15:47:02 – [8,374] —-D C:Program FilesFree Tarot
O43 – CFD: 21/08/2012 – 13:41:54 – [1,300] —-D C:Program FilesTAROTPRO992
O43 – CFD: 22/11/2013 – 23:01:07 – [0,046] —-D C:Program FilesUninstaller
O43 – CFD: 06/10/2013 – 09:22:05 – [0] —-D C:UsersClémenceAppDataLocalUpdater27096 =>PUP.CrossRider
O43 – CFD: 21/08/2012 – 15:11:36 – [0,002] —-D C:UsersClémenceAppDataRoamingMicrosoftWindowsStart MenuProgramsFree Tarot
~ 14 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 190 Legitimates Filtered in 00mn 47s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] – 20/11/2013 – 16:32:17 —A- . (…) — C:WindowsSystem32ieuinit.inf [16284]
~ Files: 67 Legitimates Filtered in 00mn 16s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.CB2385F1F6856C2BF96AA03FDD40FE28] – 01/12/2013 – 11:52:19 —A- – C:WindowsPrefetchSPOTIFY.EXE-5327B43E.pf
O45 – LFCP:[MD5.D69F124626CC22E10625B5BE7F68C8FB] – 24/11/2013 – 09:37:07 —A- – C:WindowsPrefetchBATTERYLIFEEXTENDER.EXE-60C3CEE1.pf
O45 – LFCP:[MD5.F421C444096A18ABCEC3570D06778D21] – 24/11/2013 – 11:54:19 —A- – C:WindowsPrefetchTOOLBOX.EXE-6A6A7EBB.pf
O45 – LFCP:[MD5.04E89F099548D098C819A1195E2901D9] – 28/11/2013 – 07:01:46 —A- – C:WindowsPrefetchHPDEVICEUPDATEHOST.EXE-D079929D.pf
O45 – LFCP:[MD5.B95C4929EB402123FD761D0FDE10B7B6] – 28/11/2013 – 18:14:28 —A- – C:WindowsPrefetchINSTANCEFINDERDLG.EXE-3C88962C.pf
O45 – LFCP:[MD5.CF0C14B384451D4CB3AE398CE5C52527] – 29/11/2013 – 14:58:11 —A- – C:WindowsPrefetchEXCELCNV.EXE-BAC5975C.pf
O45 – LFCP:[MD5.B68432DE33DCF773DC1F71217DF664EB] – 29/11/2013 – 14:58:12 —A- – C:WindowsPrefetchMOC.EXE-73728347.pf
O45 – LFCP:[MD5.6C3A9DCF51887C612A4F428799B8142A] – 30/11/2013 – 18:52:36 —A- – C:WindowsPrefetch16B61DA7-CAA9-40D5-B31D-3C7AE-B2B9CD99.pf
O45 – LFCP:[MD5.D4D3BD3C71617AF9E9C1D0A498A7DCDD] – 30/11/2013 – 19:09:06 —A- – C:WindowsPrefetchWKSSS.EXE-0B91F36E.pf
O45 – LFCP:[MD5.C6C78389E0F74E1C82D44459556A692C] – 30/11/2013 – 19:20:40 —A- – C:WindowsPrefetchPPCNVCOM.EXE-DA02D5C1.pf
O45 – LFCP:[MD5.1A893C974A50221C635A7CF2314578E0] – 30/11/2013 – 20:46:32 —A- – C:WindowsPrefetchWORDCONV.EXE-DA14787E.pf
O45 – LFCP:[MD5.EFC13D020ABEEB6D4AC5D385A7F72BA3] – 30/11/2013 – 20:46:39 —A- – C:WindowsPrefetchMOC.EXE-857C0B9E.pf
~ Prefetcher: 140 Legitimates Filtered in 00mn 01s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.FA72FA503F580C3C628DD8C7D7622E37] – 30/08/2013 – 08:48:12 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [49376]
O58 – SDL:[MD5.FAF091AA45A6A6CF3CF94FE065950956] – 27/06/2013 – 20:36:45 —A- . (…) — C:WindowsSystem32DriversaswSnx.sys.sum [175]
O58 – SDL:[MD5.3FFBEE694566CADB0A64D8A1ACD7DBCE] – 27/06/2013 – 20:36:45 —A- . (…) — C:WindowsSystem32DriversaswSP.sys.sum [175]
O58 – SDL:[MD5.A5F637D61719D37A5B4868C385E363C0] – 30/08/2013 – 08:48:13 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [177864]
O58 – SDL:[MD5.22EA82FFE8CA4965C1994F24C35DC202] – 27/06/2013 – 20:36:45 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys.sum [175]
O58 – SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] – 14/07/2009 – 02:20:28 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [453712]
O58 – SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] – 13/07/2009 – 23:54:14 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [26624]
O58 – SDL:[MD5.41CE6B172542A9A227E34A45881E1D2A] – 25/06/2010 – 07:00:32 —A- . (.Windows (R) 2003 DDK 3790 provider – Generic Port I/O for Win32.) — C:WindowsSystem32Driversrtport.sys [15656]
O58 – SDL:[MD5.306521935042FC0A6988D528643619B3] – 24/07/2006 – 15:05:00 —A- . (…) — C:WindowsSystem32DriversStarOpen.sys [5632]
O58 – SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] – 14/07/2009 – 02:19:04 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [21072]
O58 – SDL:[MD5.30B73EB97218A16CBC6DE535782A1B35] – 28/09/2009 – 10:22:00 —A- . (…) — C:WindowsSystem32Driversyk62x86.sys [315392]
O58 – SDL:[MD5.8AAD333C876590293F72B315E162BCC7] – 13/07/2009 – 22:40:41 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
O58 – SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] – 13/07/2009 – 22:40:44 —A- . (…) — C:WindowsSystem32country.sys [27097]
O58 – SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] – 13/07/2009 – 22:40:40 —A- . (…) — C:WindowsSystem32HIMEM.SYS [4768]
O58 – SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] – 13/07/2009 – 22:40:43 —A- . (…) — C:WindowsSystem32KEY01.SYS [42809]
O58 – SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] – 13/07/2009 – 22:40:43 —A- . (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
O58 – SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] – 13/07/2009 – 22:40:23 —A- . (…) — C:WindowsSystem32NTDOS.SYS [27866]
O58 – SDL:[MD5.CF9ED169FF86D935E47999E82359E898] – 13/07/2009 – 22:40:31 —A- . (…) — C:WindowsSystem32NTDOS404.SYS [29146]
O58 – SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] – 13/07/2009 – 22:40:35 —A- . (…) — C:WindowsSystem32NTDOS411.SYS [29370]
O58 – SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] – 13/07/2009 – 22:40:39 —A- . (…) — C:WindowsSystem32NTDOS412.SYS [29274]
O58 – SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] – 13/07/2009 – 22:40:27 —A- . (…) — C:WindowsSystem32NTDOS804.SYS [29146]
O58 – SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] – 13/07/2009 – 22:40:11 —A- . (…) — C:WindowsSystem32NTIO.SYS [33952]
O58 – SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] – 13/07/2009 – 22:40:15 —A- . (…) — C:WindowsSystem32NTIO404.SYS [34672]
O58 – SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] – 13/07/2009 – 22:40:17 —A- . (…) — C:WindowsSystem32NTIO411.SYS [35776]
O58 – SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] – 13/07/2009 – 22:40:19 —A- . (…) — C:WindowsSystem32NTIO412.SYS [35536]
O58 – SDL:[MD5.D86B6435729231C171432B4E77801BDB] – 13/07/2009 – 22:40:13 —A- . (…) — C:WindowsSystem32NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 05s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 01/12/2013 – 17:17:20 —A- . (…) — C:UsersClémenceAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [269467]
O61 – LFC: 01/12/2013 – 17:17:28 —A- . (…) — C:UsersClémenceAppDataLocalGoogleChromeUser DataLocal State [47334]
O61 – LFC: 01/12/2013 – 17:18:41 —A- . (…) — C:UsersClémenceAppDataRoamingDigitalSiteUpdateProcprod.dat [26] =>Hijacker.DSite
O61 – LFC: 01/12/2013 – 17:18:45 —A- . (…) — C:UsersClémenceAppDataRoamingZHPLog.txt [16709] =>.Nicolas Coolman
O61 – LFC: 01/12/2013 – 17:18:45 —A- . (…) — C:UsersClémenceAppDataRoamingZHPTestsZHPDiag.txt [2921] =>.Nicolas Coolman
O61 – LFC: 01/12/2013 – 17:18:45 —A- . (…) — C:UsersClémenceDocumentsSauvegarde clés registrecc_20131201_092527.reg [22424]
O61 – LFC: 01/12/2013 – 17:18:45 —A- . (…) — C:UsersClémenceDownloadsZipExtractorSetup.exe [664928]
O61 – LFC: 01/12/2013 – 17:18:45 —A- . (…) — C:UsersClémencedaemonprocess.txt [0]
O61 – LFC: 28/11/2013 – 17:18:45 -SHA- . (…) — C:UsersClémenceDocumentsThumbs.db [6144]
O61 – LFC: 29/11/2013 – 17:18:45 —A- . (…) — C:UsersClémenceDownloadsL2 APAS SEM 49.xlsm [16810]
O61 – LFC: 30/11/2013 – 17:18:45 —A- . (…) — C:UsersClémenceAppDataRoamingwklnhst.dat [15312]
O61 – LFC: 30/11/2013 – 17:18:45 —A- . (…) — C:UsersClémenceDownloadsPpt0000002.pptm [47037]
~ 40 Fichiers temporaires (Temporary files)
~ 2 Fichiers cookies (Cookies files)
~ Files: 431 Legitimates Filtered in 01mn 38s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (…) — firefox.exe (.not file.)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (…) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: prefs.js [Clémence – c5xy1crd.default] user_pref(“extensions.crossrider.bic”, “142ae3411293368455911749cb9a8418”); =>PUP.CrossRider
O69 – SBI: prefs.js [Clémence – c5xy1crd.default] user_pref(“extensions.crossriderapp5060.5060.InstallationTime”, 1385902117); =>PUP.CrossRider
O69 – SBI: prefs.js [Clémence – c5xy1crd.default] user_pref(“extensions.crossriderapp5060.5060.cookie.InstallationTime.expiration”, “Fri Feb 01 2030 00:00:00 GMT+0100”); =>PUP.CrossRider
O69 – SBI: prefs.js [Clémence – c5xy1crd.default] user_pref(“extensions.crossriderapp5060.5060.cookie.InstallationTime.value”, “1385902117”); =>PUP.CrossRider
O69 – SBI: prefs.js [Clémence – c5xy1crd.default] user_pref(“extensions.crossriderapp5060.bic”, “142ae3411293368455911749cb9a8418”); =>PUP.CrossRider
O69 – SBI: prefs.js [Clémence – c5xy1crd.default] user_pref(“extensions.crossriderapp5060.firstrun”, false); =>PUP.CrossRider
O69 – SBI: prefs.js [Clémence – c5xy1crd.default] user_pref(“extensions.crossriderapp5060.installationdate”, 1385902117); =>PUP.CrossRider
O69 – SBI: prefs.js [Clémence – c5xy1crd.default] user_pref(“extensions.crossriderapp5060.lastcheck”, 23098369); =>PUP.CrossRider
O69 – SBI: prefs.js [Clémence – c5xy1crd.default] user_pref(“extensions.crossriderapp5060.lastcheckitem”, 23098370); =>PUP.CrossRider
O69 – SBI: prefs.js [Clémence – c5xy1crd.default] user_pref(“extensions.helperbar.DockingPositionDown”, false);
O69 – SBI: prefs.js [Clémence – c5xy1crd.default] user_pref(“extensions.helperbar.SmartbarDisabled”, false); =>Hijacker.SmartBar
O69 – SBI: prefs.js [Clémence – c5xy1crd.default] user_pref(“extensions.helperbar.SmartbarStateMinimaized”, false); =>Hijacker.SmartBar
O69 – SBI: prefs.js [Clémence – c5xy1crd.default] user_pref(“extensions.helperbar.Visibility”, false);
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} [DefaultScope] – (Mysearchdial) – http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
O69 – SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2002} – (Search Results) – http://dts.search-results.com” onclick=”window.open(this.href);return false; =>PUP.SearchResults
O69 – SBI: SearchScopes [HKCU] {B40296FA-344E-4E5E-B3A8-2EBA1B0A3FED} – (Search) – http://start.funmoods.com” onclick=”window.open(this.href);return false; =>PUP.Funmoods
O69 – SBI: SearchScopes [HKCU] {E580248E-C32C-4C48-99EA-50D6AEDC2CDD} – (01NET.com Main Customized Web Search) – http://search.conduit.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][17/08/2009] (…) — C:ProgramDataFullRemove.exe [131368]
[MD5.9F81FEA4D9046DBC6566CF9233388EE6] [SPRF][01/12/2013] (.Setup © – Setup.) — C:UsersClémenceAppDataLocalTemp21152uninstall.exe [306688]
[MD5.C59BDF3C0E8F946A6D9E8E3934485830] [SPRF][22/11/2013] (…) — C:UsersClémenceAppDataLocalTempQuarantine.exe [355225]
[MD5.5405413FFF79B8D9C747AA900F60F082] [SPRF][01/12/2013] (…) — C:UsersClémenceAppDataLocalTempSqlite3.dll [599419]
[MD5.52DCC34DD06D3760E36FE739D82BBF48] [SPRF][01/12/2013] (…) — C:UsersClémenceAppDataLocalTemp~glaryutilities-version.dat [492]
[MD5.84D862B6E03214A8996E9B899DEC628D] [SPRF][30/11/2013] (…) — C:UsersClémenceAppDataRoamingwklnhst.dat [15312]
~ Files: 6 Legitimates Filtered in 00mn 00s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “{6C6B6D01-AE5B-4DD2-9443-3A763F6DBE56}” |In – Private – P6 – TRUE | .(…) — D:Espace de clémenceFactures mobile et internetSweetImSetup.exe (.not file.) =>PUP.SweetIM
O87 – FAEL: “{73597D68-B2EA-4A84-B61A-9C6845824F75}” |In – Private – P17 – TRUE | .(…) — D:Espace de clémenceFactures mobile et internetSweetImSetup.exe (.not file.) =>PUP.SweetIM
O87 – FAEL: “{259ACAD7-4022-4761-A5BD-C96C12BED74C}” |In – Private – P6 – TRUE | .(…) — C:UsersClémenceAppDataLocalTempSweetIMReinstallSweetImSetup.exe (.not file.) =>PUP.SweetIM
O87 – FAEL: “{49FCC768-3B76-4873-ACDC-0ED760F7EDD4}” |In – Private – P17 – TRUE | .(…) — C:UsersClémenceAppDataLocalTempSweetIMReinstallSweetImSetup.exe (.not file.) =>PUP.SweetIM
O87 – FAEL: “{849AC58B-3E4A-4EC8-99E4-19554589C4FE}” |In – Private – P6 – TRUE | .(…) — C:Program FilesSweetIMCommunicatorSweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 – FAEL: “{48682321-B2F6-4E26-A547-D2FF7ED11307}” |In – Private – P17 – TRUE | .(…) — C:Program FilesSweetIMCommunicatorSweetPacksUpdateManager.exe (.not file.) =>PUP.SweetIM
O87 – FAEL: “{3587BBDD-831B-4A42-9926-B361BD948DDF}” |In – Private – P6 – TRUE | .(…) — C:Program FilesYourFileDownloaderDownloader.exe (.not file.) =>PUP.YourFileDownloader
O87 – FAEL: “{40CC0079-E8ED-4CDD-BDAE-14C6FA7F8471}” |In – Private – P17 – TRUE | .(…) — C:Program FilesYourFileDownloaderDownloader.exe (.not file.) =>PUP.YourFileDownloader
O87 – FAEL: “{C294DDB0-ADAC-4ABD-A613-8D4706834045}” |In – Private – P6 – TRUE | .(…) — C:Program FilesYourFileDownloaderYourFile.exe (.not file.) =>PUP.YourFileDownloader
O87 – FAEL: “{395CD604-275D-40B1-BFC1-4D15D6A4586B}” |In – Private – P17 – TRUE | .(…) — C:Program FilesYourFileDownloaderYourFile.exe (.not file.) =>PUP.YourFileDownloader
O87 – FAEL: “TCP Query User{084D59E3-1296-4316-9CC6-500CE1784104}C:program files1clickdownload1clickdownloader.exe” |In – Private – P6 – TRUE | .(…) — C:program files1clickdownload1clickdownloader.exe (.not file.) =>PUP.1ClickDownloader
O87 – FAEL: “UDP Query User{C927C118-6FB5-4BDD-8A19-F4FD28DA16A8}C:program files1clickdownload1clickdownloader.exe” |In – Private – P17 – TRUE | .(…) — C:program files1clickdownload1clickdownloader.exe (.not file.) =>PUP.1ClickDownloader
O87 – FAEL: “{126DEEC0-3068-4F3F-9BFF-057285F51073}” |In – None – P17 – TRUE | .(…) — C:Program FilesBearShare ApplicationsBearShareBearShare.exe (.not file.) =>PUP.BearShare
~ Firewall: 239 Legitimates Filtered in 00mn 01s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.FBD9CD10EACC6CAAC1C3A68F9D257A89] [WIS][02/03/2013] (.Skype Technologies S.A. – Skype.) — C:WindowsInstaller2e45f.msi [19714048]
~ WIS: 76 Legitimates Filtered in 00mn 10s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 10/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:windowssystem32MacromedFlashFlashPlayerUpdateService.exe
SS – | Auto 27/08/2011 136176 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 27/08/2011 136176 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 11/09/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
SS – | Auto 07/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) – C:Program FilesSkypeUpdaterUpdater.exe

SR – | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program FilesCommon FilesAdobeARM1.0armsvc.exe
SR – | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
SR – | Auto 14/07/2009 20992 | C:windowssystem32HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
SR – | Auto 13/08/2009 44312 | (OberonGameConsoleService) . (…) – C:Program FilesSamsung Casual GamesGameConsoleOberonGameConsoleService.exe
SR – | Auto 14/07/2009 20992 | C:windowssystem32HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
SR – | Auto 07/07/2009 247152 | (RichVideo) . (…) – C:Program FilesCyberLinkShared filesRichVideo.exe
SR – | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) – C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe
SR – | Auto 14/07/2009 20992 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 14/07/2009 20992 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe

~ Services: Scanned in 00mn 13s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;

~ MBR: 1 Legitimates Filtered in 00mn 02s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Clémence at 01/12/2013 17:19:48

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s

—\ Scan Additionnel (O88)
Database Version : 13007 – (01/12/2013)
Clés trouvées (Keys found) : 8
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 2

[HKLMSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{21111111-1111-1111-1111-110011501160}] =>PUP.SpecialSavings
[HKCUSoftwareInstallCore] =>Adware.InstallCore
[HKCUSoftwareClassesMF] =>PUP.MediaFinder
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{0CC09160-108C-4759-BAB1-5C12C216E005}] =>PUP.AppBario
[HKLMSoftwareClassesCLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLMSoftwareMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeDealply] =>PUP.DealPly
[HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExtPreApproved{11111111-1111-1111-1111-110011501160}] =>PUP.CrossRider
[HKLMSoftwareMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}] =>Adware.Bandoo^
C:UsersClémenceAppDataRoamingMozillaFirefoxProfilesc5xy1crd.defaultextensions217e8200-a3b3-43df-b951-8ec01d483d7f@b98c6809-1f3f-41a1-bb1c-692cf84781e9.com =>PUP.CrossRider^
C:UsersClémenceAppDataRoamingMozillaFirefoxProfilesc5xy1crd.defaultextensionscrossriderapp5060@crossrider.com =>Adware.GamePlayLabs^
C:UsersClémenceAppDataRoamingMozillaFirefoxProfilesc5xy1crd.defaultextensions{884ee231-eab0-4e0c-8f3b-342433278e34} =>PUP.QuickShare^
C:UsersClémenceAppDataLocalUpdater27096 =>PUP.CrossRider^
C:WindowsTasksDigitalSite.job =>Hijacker.DSite^
[HKCUSoftwareBearShare] =>PUP.BearShare^
~ Additionnel Scan: 248169 Items scanned in 00mn 33s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/31042964-pup-appbario” onclick=”window.open(this.href);return false; =>PUP.AppBario
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider” onclick=”window.open(this.href);return false; =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/26820943-adware-gameplaylabs” onclick=”window.open(this.href);return false; =>Adware.GamePlayLabs
~ http://nicolascoolman.webs.com/apps/blog/show/28577022-pup-quickshare” onclick=”window.open(this.href);return false; =>PUP.QuickShare
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/35170315-hijacker-dsite” onclick=”window.open(this.href);return false; =>Hijacker.DSite
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim” onclick=”window.open(this.href);return false; =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/26705717-pup-bearshare” onclick=”window.open(this.href);return false; =>PUP.BearShare
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore” onclick=”window.open(this.href);return false; =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar” onclick=”window.open(this.href);return false; =>Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blog/show/30319724-pup-searchresults” onclick=”window.open(this.href);return false; =>PUP.SearchResults
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods” onclick=”window.open(this.href);return false; =>PUP.Funmoods
~ http://nicolascoolman.webs.com/apps/blog/show/27752690-pup-yourfiledownloader” onclick=”window.open(this.href);return false; =>PUP.YourFileDownloader
~ http://nicolascoolman.webs.com/apps/blog/show/26607014-pup-1clickdownloader” onclick=”window.open(this.href);return false; =>PUP.1ClickDownloader
~ http://nicolascoolman.webs.com/apps/blog/show/26686441-pup-specialsavings” onclick=”window.open(this.href);return false; =>PUP.SpecialSavings
~ http://nicolascoolman.webs.com/apps/blog/show/28445531-pup-mediafinder” onclick=”window.open(this.href);return false; =>PUP.MediaFinder
~ http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox” onclick=”window.open(this.href);return false; =>Adware.BrowseFox
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply” onclick=”window.open(this.href);return false; =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo” onclick=”window.open(this.href);return false; =>Adware.Bandoo
~ MSI: 19 link(s) detected in 00mn 33s

~ 1666 Legitimates filtered by white list
End of the scan (568 lines in 04mn 50s)(0)