Répondre à : dossiers en racourcis sur clé usb 2016-09-08T13:27:15+00:00
Telma
Nombre d'articles : 0

Suite :

—\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] – (.Microsoft Corporation – Explorateur Windows.) (.11/04/2009 – 07:27:36.) — C:WindowsExplorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] – (.Microsoft Corporation – Application de démarrage de Windows.) (.21/01/2008 – 03:23:42.) — C:WindowsSystem32Wininit.exe [96768]
[MD5.4CC9DF09C3D915BA0A101A11DB684F26] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.14/11/2013 – 23:42:41.) — C:WindowsSystem32wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.11/04/2009 – 07:28:13.) — C:WindowsSystem32Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.21/04/2011 – 14:58:27.) — C:Windowssystem32DriversAFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.11/04/2009 – 07:32:26.) — C:Windowssystem32Driversatapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.21/01/2008 – 03:23:51.) — C:Windowssystem32DriversCdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.11/04/2009 – 05:39:17.) — C:Windowssystem32DriversCdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.14/04/2011 – 15:59:03.) — C:Windowssystem32DriversDfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.11/04/2009 – 05:42:42.) — C:Windowssystem32DriversHDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] – (.Microsoft Corporation – Pilote de port i8042.) (.21/01/2008 – 03:23:20.) — C:Windowssystem32Driversi8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] – (.Microsoft Corporation – IP Network Address Translator.) (.21/01/2008 – 03:24:25.) — C:Windowssystem32DriversIpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.29/04/2011 – 14:24:40.) — C:Windowssystem32DriversMRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] – (.Microsoft Corporation – MBT Transport driver.) (.11/04/2009 – 05:45:37.) — C:Windowssystem32DriversnetBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.03/03/2013 – 20:07:52.) — C:Windowssystem32Driversntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] – (.Microsoft Corporation – Pilote de port parallèle.) (.02/11/2006 – 09:51:30.) — C:Windowssystem32DriversParport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/01/2008 – 03:24:55.) — C:Windowssystem32DriversRasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.21/01/2008 – 03:23:01.) — C:Windowssystem32Driversrdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] – (.Microsoft Corporation – SMB Transport driver.) (.11/04/2009 – 05:45:22.) — C:Windowssystem32Driverssmb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] – (.Microsoft Corporation – TDI Translation Driver.) (.11/04/2009 – 05:45:56.) — C:Windowssystem32Driverstdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/08/2012 – 12:47:42.) — C:Windowssystem32Driversvolsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 02s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/1055
~ Mes musiques (My Musics) : 123/2452
~ Mes Videos (My Videos) : 1/38
~ Mes Favoris (My Favorites) : 49/120
~ Mes Documents (My Documents) : 4/9523
~ Mon Bureau (My Desktop) : 1/1382
~ Menu demarrer (Programs) : 1/38
~ Hidden Files: Scanned in 00mn 06s

—\ Processus lancés
[MD5.DD231039B13EC2ABDE315D76E658EF0E] – (.Avira Operations GmbH & Co. KG – Antivirus System Tray Tool (Desktop).) — C:Program FilesAviraAntiVir Desktopavgnt.exe [684600] [PID.3752]
[MD5.4B555106290BD117334E9A08761C035A] – (…) — ystem32rundll32.exe [0] [PID.2304]
[MD5.870DF389D7676EDBB635141336A867C6] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8302080] [PID.2976]
[MD5.FE79366FECD444A16CCA9979134DBEA8] – (.Avira Operations GmbH & Co. KG – Antivirus Host Framework Service.) — C:Program FilesAviraAntiVir Desktopsched.exe [440376] [PID.1900]
[MD5.FDE9C7030FB1E9E2715E113EE6A10F90] – (.Avira Operations GmbH & Co. KG – Antivirus Host Framework Service.) — C:Program FilesAviraAntiVir Desktopavguard.exe [440376] [PID.524]
[MD5.6F1E9AB820B3DD8BD38C0190A206205D] – (.Avira Operations GmbH & Co. KG – AntiVir shadow copy service.) — C:Program FilesAviraAntiVir Desktopavshadow.exe [431672] [PID.1700]
[MD5.C7FBDD1ED42F82BFA35167A5C9803EA3] – (.Microsoft Corporation – PresentationFontCache.exe.) — C:WindowsMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [43904] [PID.4436]
[MD5.F401929EE0CC92BFE7F15161CA535383] – (.Apple Inc. – MobileDeviceService.) — C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe [55184] [PID.1892]
[MD5.A19B0BB5A7EB6DF2DD4A0711D36955EE] – (.Hewlett-Packard – HP Health Check Service.) — c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe [94208] [PID.4092]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] – (.Microsoft Corporation – Service de gestion des licences Microsoft.) — C:Windowssystem32SLsvc.exe [3408896] [PID.1788]
[MD5.A1545B731579895D8CC44FC0481C1192] – (.Microsoft Corporation – Service de la passerelle de la couche Appli.) — C:WindowsSystem32alg.exe [59392] [PID.2128]
[MD5.5DAF7081A4BB112FA3F1915819330A3E] – (…) — C:Program FilesZHPDiagpv.exe [61440] [PID.0]
~ Processes Running: Scanned in 00mn 01s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersMarie-EstelleAppDataLocalGoogleChromeUser DataDefaultPreferences
G1 – GCS: Preference [User DataDefault] http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
G2 – GCE: Preference [User DataDefault] [ndibdjnfmopecpmkdieinmbadjfpblof] AVG Secure Search v.15.5.0.2 (Désactivé) =>Toolbar.AVGSearch
G2 – GCE: Preference [User DataDefault] [pflphaooapbgpeakohlggbpidpppgdff] MySearchDial Nouvel onglet v.9.4.4 (Désactivé) =>Adware.MyWebSearch
~ Google Browser: 15 Legitimates Filtered in 00mn 02s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:UsersMarie-EstelleAppDataRoamingMozillaFirefoxProfiles3dhaobu0.defaultprefs.js
C:UsersMarie-EstelleAppDataRoamingMozillaFirefoxProfiles3dhaobu0.defaultuser.js
M3 – MFPP: Plugins – [Marie-Estelle] — C:UsersMarie-EstelleAppDataRoamingMozillaFirefoxProfiles3dhaobu0.defaultsearchpluginsavg-secure-search.xml
M3 – MFPP: Plugins – [Marie-Estelle] — C:UsersMarie-EstelleAppDataRoamingMozillaFirefoxProfiles3dhaobu0.defaultsearchpluginsfissa.xml =>PUP.OfferBox
M3 – MFPP: Plugins – [Marie-Estelle] — C:UsersMarie-EstelleAppDataRoamingMozillaFirefoxProfiles3dhaobu0.defaultsearchpluginsMysearchdial.xml =>Adware.MyWebSearch
M3 – MFPP: Plugins – [Marie-Estelle] — C:Program FilesMozilla FireFoxsearchpluginsavg-secure-search.xml
M2 – MFEP: prefs.js [Marie-Estelle – 3dhaobu0.default@FissaPlugin] [] Fissa v1.0 (..) =>PUP.OfferBox
M2 – MFEP: prefs.js [Marie-Estelle – 3dhaobu0.defaultzigboom.designs@gmail.com] [] BlackFox V2-Blue v2.1.6 (..)
M2 – MFEP: prefs.js [Marie-Estelle – 3dhaobu0.default{19803860-b306-423c-bbb5-f60a7d82cde5}] [] WiseConvert 1.5 v10.23.0.822 (..) =>Toolbar.Conduit
M2 – MFEP: prefs.js [Marie-Estelle – 3dhaobu0.default{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v3.1.0.20130818030116 (..)
M2 – MFEP: prefs.js [Marie-Estelle – 3dhaobu0.default{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}] [] MySearchDial NewTab v3.1.0.20130818030116 (..) =>Adware.MyWebSearch
P2 – FPN: [HKLM] [@viewpoint.com/VMP] – (.Pas de propriétaire – MetaStream 3 Plugin r4.) — C:Program FilesViewpointViewpoint Experience TechnologynpViewpoint.dll =>Adware.MetaStream
~ Firefox Browser: 46 Legitimates Filtered in 00mn 02s

—\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
R0 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
R1 – HKLMSOFTWAREMicrosoftInternet ExplorerAboutURLs,Tabs = http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
R4 – HKCUSOFTWAREMicrosoftInternet ExplorerPhishingFilter,Enabled = 1
~ IE Browser: 12 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32Userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20

—\ Internet Explorer Toolbars (O3)
O3 – ToolbarWebBrowser: (no name) – [HKCU]{A057A204-BACC-4D26-9E83-2DB586E27190} Clé orpheline
O3 – ToolbarWebBrowser: (no name) – [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 – ToolbarWebBrowser: (no name) – [HKCU]{472734EA-242A-422B-ADF8-83D1E48CC825} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: Aide et Support d’HP.lnk . (.Hewlett-Packard – HPHS Launcher.) — C:WindowsHelpOEMscriptsHPHS_Launcher.exe
O4 – GSDesktop [Public]: HP Total Care Advisor.lnk . (.Hewlett-Packard – HP Advisor.) — C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe
O4 – GSDesktop [Public]: Octave.lnk . (…) — C:Program FilesOctave3.0.5_gcc-4.3.0binoctave-3.0.5.exe
O4 – GSProgram [Public]: cellule_3D.lnk . (…) — C:Program Filesplanetes3Dplanet3D.exe
O4 – GSProgram [Public]: HP Total Care Advisor.lnk . (.Hewlett-Packard – HP Advisor.) — C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe
O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O4 – GSProgram [Public]: Pour les enfants.lnk . (.EasyBits Software AS – For Kids.) — C:Program FilesEasyBits For KidsPromoezKidsReady.exe =>.EasyBits Software AS
O4 – GSProgram [Public]: QuickPlay Manager.lnk . (.CyberLink Corp. – HP QuickPlay Manage Program.) — C:Program FilesHPQuickPlayQPManager.exe
O4 – GSProgram [Public]: QuickPlay.lnk . (.CyberLink Corp. – HP QuickPlay.) — C:Program FilesHPQuickPlayQP.exe
O4 – GSProgram [Public]: Starzik Download Manager.lnk . (…) — C:Program FilesStarzik Download ManagerStarzik Download Manager.exe
O4 – GSQuickLaunch [Marie-Estelle]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSQuickLaunch [Marie-Estelle]: Mozilla Firefox (2).lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O4 – GSQuickLaunch [Marie-Estelle]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O4 – GSProgram [Marie-Estelle]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSSystemTools [Marie-Estelle]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSDesktop [Marie-Estelle]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O4 – GSDesktop [Marie-Estelle]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O4 – GSDesktop [Marie-Estelle]: planete3D.lnk . (…) — C:Program Filesplanetes3Dplanet3D.exe
~ Global Startup: 73 Legitimates Filtered in 00mn 04s

—\ Applications lancées au démarrage du sytème (O4)
O4 – HKLM..Run: [SynTPEnh] . (.Synaptics Incorporated – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 – HKLM..Run: [QPService] . (.CyberLink Corp. – HP QuickPlay Resident Program.) — C:Program FilesHPQuickPlayQPService.exe
O4 – HKLM..Run: [Windows Defender] . (.Microsoft Corporation – Windows Defender User Interface.) — C:Program FilesWindows DefenderMSASCui.exe
O4 – HKLM..Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. – Quick Launch Buttons.) — C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe
O4 – HKLM..Run: [OnScreenDisplay] . (. Hewlett-Packard Development Company, L.P. – HP QuickTouch On Screen Display.) — C:Program FilesHewlett-PackardHP QuickTouchHPKBDAPP.exe
O4 – HKLM..Run: [hpWirelessAssistant] . (.Hewlett-Packard Development Company, L.P. – HPWAMain Module.) — C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
O4 – HKLM..Run: [AppleSyncNotifier] . (.Apple Inc. – AppleSyncNotifier.) — C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
O4 – HKLM..Run: [HP Health Check Scheduler] . (.Hewlett-Packard – HP Health Check Scheduler.) — c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
O4 – HKLM..Run: [HP Software Update] . (.Hewlett-Packard – hpwuSchd Application.) — C:Program FilesHpHP Software UpdateHPWuSchd2.exe =>.Hewlett-Packard Co
O4 – HKLM..Run: [RIMBBLaunchAgent.exe] . (.Research In Motion Limited – Launch Agent Service.) — C:Program FilesCommon FilesResearch In MotionUSB DriversRIMBBLaunchAgent.exe
O4 – HKLM..Run: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program FilesSamsungKiesKiesTrayAgent.exe =>.Samsung Electronics Co
O4 – HKLM..Run: [avgnt] . (.Avira Operations GmbH & Co. KG – Antivirus System Tray Tool (Desktop).) — C:Program FilesAviraAntiVir Desktopavgnt.exe
O4 – HKLM..Run: [BCSSync] . (.Microsoft Corporation – Microsoft Office 2010 component.) — C:Program FilesMicrosoft OfficeOffice14BCSSync.exe =>.Microsoft Corporation
O4 – HKLM..Run: [SysTrayApp] . (.IDT, Inc. – IDT PC Audio.) — C:Program FilesIDTWDMsttray.exe
O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKCU..Run: [LightScribe Control Panel] . (.Hewlett-Packard Company – Pas de description.) — C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe
O4 – HKCU..Run: [ehTray.exe] . (.Microsoft Corporation – Media Center Tray Applet.) — C:WindowsehomeehTray.exe
O4 – HKCU..Run: [OfferBox] C:Program FilesOfferBoxOfferBox.exe (.not file.) =>PUP.OfferBox
O4 – HKCU..Run: [KiesPreload] . (.Samsung – Kies.) — C:Program FilesSamsungKiesKies.exe
O4 – HKCU..Run: [KiesAirMessage] . (.Samsung Electronics – Pas de description.) — C:Program FilesSamsungKiesKiesAirMessage.exe
O4 – HKCU..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
O4 – HKCU..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..Run: [WindowsWelcomeCenter] Clé orpheline
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [WindowsWelcomeCenter] Clé orpheline
O4 – HKUSS-1-5-21-1917961054-784476770-3265431197-1000..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-1917961054-784476770-3265431197-1000..Run: [LightScribe Control Panel] . (.Hewlett-Packard Company – Pas de description.) — C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe
O4 – HKUSS-1-5-21-1917961054-784476770-3265431197-1000..Run: [ehTray.exe] . (.Microsoft Corporation – Media Center Tray Applet.) — C:WindowsehomeehTray.exe
O4 – HKUSS-1-5-21-1917961054-784476770-3265431197-1000..Run: [OfferBox] C:Program FilesOfferBoxOfferBox.exe (.not file.) =>PUP.OfferBox
O4 – HKUSS-1-5-21-1917961054-784476770-3265431197-1000..Run: [KiesPreload] . (.Samsung – Kies.) — C:Program FilesSamsungKiesKies.exe
O4 – HKUSS-1-5-21-1917961054-784476770-3265431197-1000..Run: [KiesAirMessage] . (.Samsung Electronics – Pas de description.) — C:Program FilesSamsungKiesKiesAirMessage.exe
O4 – HKUSS-1-5-21-1917961054-784476770-3265431197-1000..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-1917961054-784476770-3265431197-1000..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: @C:Program FilesWindows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation – Windows Live Writer Blog This Extension.) — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 – Extra button: &Envoyer à OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft Office OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~3Office12ONBttnIE.dll
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) — C:Program FilesMicrosoft OfficeOffice12REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{212736AF-65FB-4B36-80D0-E3E27259B6CB}: DhcpNameServer = 192.168.42.129
O17 – HKLMSystemCCSServicesTcpip..{3434B8B3-FC47-4D27-9E78-6631641D3D74}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{212736AF-65FB-4B36-80D0-E3E27259B6CB}: DhcpNameServer = 192.168.42.129
O17 – HKLMSystemCS1ServicesTcpip..{3434B8B3-FC47-4D27-9E78-6631641D3D74}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCS3ServicesTcpip..{212736AF-65FB-4B36-80D0-E3E27259B6CB}: DhcpNameServer = 192.168.42.129
O17 – HKLMSystemCS3ServicesTcpip..{3434B8B3-FC47-4D27-9E78-6631641D3D74}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation – Windows Live Album Download Protocol Handle.) — C:Program FilesWindows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation – Bibliothèque de l’interface utilisateur du.) — C:WindowsSystem32browseui.dll
~ STS/SSO: Scanned in 00mn 00s

—\ Tâches planifiées en automatique (O39)
O39 – APT:Automatic Planified Task – C:WindowsTasksAVG-Secure-Search-Update_JUNE2013_HP_rmv.job [350]
O39 – APT:Automatic Planified Task – C:WindowsTasksAVG-Secure-Search-Update_JUNE2013_TB_rmv.job [350]
[MD5.00000000000000000000000000000000] [APT] [AVG-Secure-Search-Update_JUNE2013_HP_rmv] (…) — C:WindowsTEMP{42442D61-6FB2-4A99-80CC-3EC4D9DAA021}.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [AVG-Secure-Search-Update_JUNE2013_TB_rmv] (…) — C:WindowsTEMP{26E15C44-6DA3-4EC0-8164-B7DB49238A7F}.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{035CB9B0-6A3E-4FE4-ACA5-FD5D6152ED3F}] (…) — E:.Autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{04D6F92F-F963-48C0-9F4B-4511D0CE659E}] (…) — C:Program FilesAIM6uninst.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4B671E64-3D31-445D-9676-FDA18A328F2A}] (…) — C:Program FilesQuickTimeQTSystemQuickTime.cpl” -c QuickTime (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{7AF94D5F-8C16-4F20-A002-9E0F874B8576}] (…) — E:.Autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{85943581-0889-40CE-AB2D-C77F3FA636B7}] (…) — C:UsersMarie-EstelleDownloads601_b021_multilanguage.exe (.not file.) [0]
~ Scheduled Task: 28 Legitimates Filtered in 00mn 08s

—\ Logiciels installés (O42)
O42 – Logiciel: OfferBox – (.Secure Digital Services.) [HKLM] — {2C8574B5-6935-4FCE-860E-F4E8602378FF} =>Adware.SPointer
~ Logic: 51 Legitimates Filtered in 00mn 01s

—\ HKCU & HKLM Software Keys
[HKCUSoftwareBabylon] =>PUP.Babylon
[HKCUSoftwareConduit] =>Toolbar.Conduit
[HKCUSoftwareFissaSearch] =>PUP.OfferBox
[HKCUSoftwareIGearSettings]
[HKCUSoftwareInstallCore] =>Adware.InstallCore
[HKCUSoftwareOfferBox] =>PUP.OfferBox
[HKCUSoftwareSoftonic] =>Toolbar.Conduit
[HKCUSoftwareVittalia] =>PUP.Vittalia
[HKCUSoftwareWideStream] =>Adware.SPointer
[HKCUSoftwareYahooPartnerToolbar]
[HKCUSoftwaremysearchdial.com] =>Adware.MyWebSearch
[HKLMSoftwareMetaStream] =>Adware.MetaStream
~ Key Software: 332 Legitimates Filtered in 00mn 01s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 29/08/2010 – 23:15:42 – [0] —-D C:Program FilesCrazyLoader =>Adware.SPointer
O43 – CFD: 12/12/2013 – 21:15:15 – [0,015] —-D C:Program FilesMyPC Backup =>PUP.MyPCBackup
O43 – CFD: 18/11/2010 – 21:33:05 – [1,658] —-D C:Program Filesplanetes3D
O43 – CFD: 24/02/2010 – 10:33:36 – [1,760] —-D C:Program FilesSpyware Doctor
O43 – CFD: 21/02/2013 – 21:26:24 – [0] —-D C:Program FilesWidestream6 =>Adware.SPointer
O43 – CFD: 05/04/2011 – 10:38:07 – [0] –H-D C:ProgramDatacJb31001dNaIa31001
O43 – CFD: 06/06/2012 – 19:13:46 – [0,024] —-D C:UsersMarie-EstelleAppDataRoamingFissaSearch =>PUP.OfferBox
O43 – CFD: 17/06/2010 – 19:37:16 – [0,353] —-D C:UsersMarie-EstelleAppDataRoamingOfferBox =>PUP.OfferBox
O43 – CFD: 04/04/2012 – 14:46:35 – [14,360] —-D C:UsersMarie-EstelleAppDataRoamingOpenCandy =>Adware.OpenCandy
O43 – CFD: 06/06/2010 – 18:26:17 – [0,001] –H-D C:UsersMarie-EstelleAppDataRoamingwidestream =>Adware.SPointer
O43 – CFD: 17/05/2011 – 16:40:50 – [0,525] –H-D C:UsersMarie-EstelleAppDataLocalwidestream6 Air =>Adware.SPointer
O43 – CFD: 04/07/2011 – 04:38:31 – [0,003] —-D C:UsersMarie-EstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsCrazyLoader =>Adware.SPointer
~ 4 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 233 Legitimates Filtered in 00mn 58s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] – 23/12/2013 – 23:00:18 —A- . (…) — C:WindowsSystem32DOErrors.log [52]
O44 – LFC:[MD5.6361D50FE0AD8ECC249D6A7CB37B514B] – 29/12/2013 – 20:20:07


. (…) — C:UsbFix [Scan 1] PC-MARIE-ESTELL.txt [12880]
O44 – LFC:[MD5.5F8BDF657FD65DE8803D7C494611679C] – 29/12/2013 – 20:43:49


. (…) — C:UsbFix [Scan 2] PC-MARIE-ESTELL.txt [13094]
O44 – LFC:[MD5.36A47F2E5C9049A2464D134386FFBF23] – 29/12/2013 – 21:15:53 —A- . (…) — C:UsbFix [Clean 1] PC-MARIE-ESTELL.txt [17272]
~ Files: 13 Legitimates Filtered in 01mn 31s

—\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 – SMSR:HKLM…startupregAppleSyncNotifier [Key] . (…) — C:Program FilesCommon FilesAppleMobile Device SupportbinAppleSyncNotifier.exe (.not file.)
O53 – SMSR:HKLM…startupregVeoh [Key] . (…) — C:Program FilesVeoh NetworksVeohVeohClient.exe (.not file.)
~ SMSR Keys: 8 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
~ MWPS: 15 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “AllowLegacyWebView”=1
O56 – MWPE:[HKLM…policiesExplorer] – “AllowUnhashedWebView”=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.6216FD7FD227DE454238A702B218CEC7] – 29/10/2012 – 12:09:26 —A- . (.Devguru Co., Ltd – Device Error Recovery SDK(x86).) — C:WindowsSystem32Driversdgderdrv.sys [20032]
O58 – SDL:[MD5.23B62471681A124889978F6295B3F4C6] – 21/01/2008 – 03:23:22 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [342584]
O58 – SDL:[MD5.4CD6B056C5FD9E97C06FE74C81479517] – 24/01/2008 – 14:23:12 —A- . (.ENE TECHNOLOGY INC. – ENE CIR Driver for eHome.) — C:WindowsSystem32Driversenecir.sys [52736]
O58 – SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] – 02/11/2006 – 10:50:07 —A- . (.Integrated Technology Express, Inc. – ITE IT8211 ATA/ATAPI SCSI miniport.) — C:WindowsSystem32Driversiteatapi.sys [35944]
O58 – SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] – 02/11/2006 – 10:50:09 —A- . (.Integrated Technology Express, Inc. – ITE IT8212 ATA RAID SCSI miniport.) — C:WindowsSystem32Driversiteraid.sys [35944]
O58 – SDL:[MD5.1FC8A7E5C3AED31F00940C6AB2FD9B49] – 31/07/2006 – 06:44:00 —A- . (.Omnivision Technologies, Inc. – Stream Class Mini Driver.) — C:WindowsSystem32Driversov550i.sys [580992]
O58 – SDL:[MD5.A36EE93698802CD899F98BFD553D8185] – 27/07/2013 – 08:41:54 —A- . (.Avira GmbH – AVIRA SnapShot Driver.) — C:WindowsSystem32Driversssmdrv.sys [28520]
O58 – SDL:[MD5.6CC6C4B9D7B906A151AA094CA087B9F0] – 20/09/2012 – 05:35:36 —A- . (.DEVGURU Co., LTD.(http://www.devguru.co.kr) – SAMSUNG USB Composite Device Driver (MSS Ver.3).) — C:WindowsSystem32Driversssudbus.sys [83168]
O58 – SDL:[MD5.359FEE084F1173FFFFD7F9CCBD43D47F] – 20/09/2012 – 05:35:36 —A- . (.DEVGURU Co., LTD.(http://www.devguru.co.kr) – SAMSUNG Android Modem Device Driver (MSS Ver.3).) — C:WindowsSystem32Driversssudmdm.sys [181344]
O58 – SDL:[MD5.E69A606872650B46DE54EC15DCC93529] – 21/07/2009 – 22:33:32 —A- . (.IDT, Inc. – IDT PC Audio.) — C:WindowsSystem32Driversstwrt.sys [409088]
O58 – SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] – 21/01/2008 – 03:23:20 —A- . (.ULi Electronics Inc. – ULi SATA Controller Driver.) — C:WindowsSystem32Driversuliahci.sys [238648]
O58 – SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] – 02/11/2006 – 10:50:35 —A- . (.Promise Technology, Inc. – Promise Ultra/Sata Series Driver for Win2003.) — C:WindowsSystem32Driversulsata.sys [98408]
O58 – SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] – 21/01/2008 – 03:23:23 —A- . (.Promise Technology, Inc. – Promise SATAII150 Series Windows Drivers.) — C:WindowsSystem32Driversulsata2.sys [115816]
O58 – SDL:[MD5.EAFE1E00739AFE6C51487A050E772E17] – 15/02/2012 – 10:01:50 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl.sys [43520]
O58 – SDL:[MD5.8AAD333C876590293F72B315E162BCC7] – 02/11/2006 – 08:09:42 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
O58 – SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] – 02/11/2006 – 08:09:45 —A- . (…) — C:WindowsSystem32country.sys [27097]
O58 – SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] – 02/11/2006 – 08:09:41 —A- . (…) — C:WindowsSystem32HIMEM.SYS [4768]
O58 – SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] – 02/11/2006 – 08:09:44 —A- . (…) — C:WindowsSystem32KEY01.SYS [42809]
O58 – SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] – 02/11/2006 – 08:09:44 —A- . (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
O58 – SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] – 02/11/2006 – 08:09:29 —A- . (…) — C:WindowsSystem32NTDOS.SYS [27866]
O58 – SDL:[MD5.CF9ED169FF86D935E47999E82359E898] – 02/11/2006 – 08:09:35 —A- . (…) — C:WindowsSystem32NTDOS404.SYS [29146]
O58 – SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] – 02/11/2006 – 08:09:38 —A- . (…) — C:WindowsSystem32NTDOS411.SYS [29370]
O58 – SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] – 02/11/2006 – 08:09:40 —A- . (…) — C:WindowsSystem32NTDOS412.SYS [29274]
O58 – SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] – 02/11/2006 – 08:09:31 —A- . (…) — C:WindowsSystem32NTDOS804.SYS [29146]
O58 – SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] – 02/11/2006 – 08:09:20 —A- . (…) — C:WindowsSystem32NTIO.SYS [33952]
O58 – SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] – 02/11/2006 – 08:09:23 —A- . (…) — C:WindowsSystem32NTIO404.SYS [34672]
O58 – SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] – 02/11/2006 – 08:09:24 —A- . (…) — C:WindowsSystem32NTIO411.SYS [35776]
O58 – SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] – 02/11/2006 – 08:09:26 —A- . (…) — C:WindowsSystem32NTIO412.SYS [35536]
O58 – SDL:[MD5.D86B6435729231C171432B4E77801BDB] – 02/11/2006 – 08:09:22 —A- . (…) — C:WindowsSystem32NTIO804.SYS [34672]
~ Drivers: 15 Legitimates Filtered in 00mn 02s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 29/12/2013 – 00:35:34 —A- . (…) — C:UsersMarie-EstelleDocumentsmonAlbumPhotoRomeRome.ldb [64]
O61 – LFC: 29/12/2013 – 00:35:34 —A- . (…) — C:UsersMarie-EstelleDocumentsmonAlbumPhotoRomeRome.mapalb [688128]
O61 – LFC: 30/12/2013 – 00:35:00 —A- . (…) — C:UsersMarie-EstelleAppDataRoamingZHPLog.txt [18561] =>.Nicolas Coolman
O61 – LFC: 30/12/2013 – 00:35:00 —A- . (…) — C:UsersMarie-EstelleAppDataRoamingZHPTestsZHPDiag.txt [3056] =>.Nicolas Coolman
~ 3 Fichiers temporaires (Temporary files)
~ Files: 314 Legitimates Filtered in 02mn 58s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Apple Inc. – Safari.) — C:Program FilesSafariSafari.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“CT3242339.http___pricegong_conduitapps_com_v4.APP_WIN_FEATURES.enc”, “cmVzaXphYmxlPTAsc2F2ZWxvY2F0aW9uPTAsb3BlbnBvc2l0a[…] =>Adware.PriceGong
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“CT3242339.lastNewTabSettings”, “{“isEnabled”:false,”newTabUrl”:”http://search.conduit.com/?ctid=CT3242339&octid=CT[…]
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“browser.search.order.1”, “Mysearchdial”); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.Fissa.lastRunTime”, “Sat, 28 Aug 2010 18:09:57 GMT”); =>PUP.OfferBox
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.aflt”, “irmsd1202aw”); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.appId”, “{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}”); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.cd”, “2XzuyEtN2Y1L1QzutDtDtBtAyE0EtBtAtBtDtDtAyB0EyEyEtN0D0Tzu0CyBtCtBtN1L2XzutBtFtBtFtCyEtFtCt[…] =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.cntry”, “FR”); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.cr”, “627028764”); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.dfltLng”, “”); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.dfltSrch”, true); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.dnsErr”, true); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.dpkLst”, “3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497[…] =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.excTlbr”, false); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.hdrMd5”, “0A199B406364F49189CCE1F3B14CB697”); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.hmpg”, true); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.hmpgUrl”, “http://start.mysearchdial.com/?f=1&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutDtDtBtAyE0EtBtA[…] =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.id”, “00234E2320037E44”); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.instlDay”, “16051”); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.instlRef”, “”); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.lastB”, “http://start.mysearchdial.com/?f=1&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutDtDtBtAyE0EtBtAtB[…] =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.lastVrsnTs”, “1.8.21.020:58:49”); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.newTabUrl”, “http://start.mysearchdial.com/?f=2&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutDtDtBtAyE0EtB[…] =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.pnu_base”, “{“newVrsn”:”89″,”lastVrsn”:”89″,”vrsnLoad”:””,”showMsg”:”false”,”s[…] =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.prdct”, “mysearchdial”); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.prtnrId”, “mysearchdial”); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.sg”, “none”); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.srchPrvdr”, “Mysearchdial”); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.tlbrId”, “base”); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.tlbrSrchUrl”, “http://start.mysearchdial.com/?f=3&a=irmsd1202aw&cd=2XzuyEtN2Y1L1QzutDtDtBtAyE0E[…] =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.vrsn”, “1.8.21.0”); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial.vrsni”, “1.8.21.0”); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial_i.hmpg”, true); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial_i.newTab”, false); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial_i.smplGrp”, “none”); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“extensions.mysearchdial_i.vrsnTs”, “1.8.21.020:58:49”); =>Adware.MyWebSearch
O69 – SBI: prefs.js [Marie-Estelle – 3dhaobu0.default] user_pref(“plugin.state.npconduitfirefoxplugin”, 2);
O69 – SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} – (Search the web) – http://search.babylon.com” onclick=”window.open(this.href);return false; =>Adware.IMBooster
O69 – SBI: SearchScopes [HKCU] {114C8D1F-DE4F-4720-933A-00D3637B24BA} – (Google) – http://www.google.fr” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {b41306c6-96d0-442a-bcc4-b0f621e82ce9} – (Fissa) – http://www.fissa.com” onclick=”window.open(this.href);return false; =>PUP.OfferBox
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.EFB2EE170955A1DC38485D66EB480174] [SPRF][29/11/2009] (…) — C:ProgramDataezsid.dat [32]
[MD5.F3793DD012EDADFE655CF93DD818855B] [SPRF][12/06/2013] (…) — C:UsersMarie-EstelleAppDataLocald3d9caps.dat [7620]
[MD5.C5650C059185D351AEF801D90A93B0D7] [SPRF][27/04/2011] (…) — C:UsersMarie-EstelleAppDataRoamingwklnhst.dat [1166]
[MD5.1027DF7F909776789D9D1C2C30410166] [SPRF][28/01/2013] (…) — C:UsersMarie-EstelleDesktopOOo_3.3.0_Win_x86_install-wJRE_fr.exe [152474936]
[MD5.6F678556A6FCE04FC94F3435F6313705] [SPRF][25/12/2008] (…) — C:WindowsDownloaded Program Filesunagiuninst.exe [38428]
~ Files: 6 Legitimates Filtered in 00mn 05s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “TCP Query User{8D1EEC39-0DB9-4591-97A8-8B8481061181}C:program fileswinampwinamp.exe” |In – Public – P6 – TRUE | .(…) — C:program fileswinampwinamp.exe (.not file.)
O87 – FAEL: “UDP Query User{39F01690-A65D-4079-8BFD-DF83BBCDAC78}C:program fileswinampwinamp.exe” |In – Public – P17 – TRUE | .(…) — C:program fileswinampwinamp.exe (.not file.)
O87 – FAEL: “TCP Query User{A7D07372-ADC0-4D00-8CB8-0A91F8EC5267}C:program fileswinampwinamp.exe” |In – Private – P6 – TRUE | .(…) — C:program fileswinampwinamp.exe (.not file.)
O87 – FAEL: “UDP Query User{26BB64F8-EF4A-43A7-AD52-BAFC1227F783}C:program fileswinampwinamp.exe” |In – Private – P17 – TRUE | .(…) — C:program fileswinampwinamp.exe (.not file.)
~ Firewall: 208 Legitimates Filtered in 00mn 01s

—\ Enumère les codes produits des logiciels (PUC) (O90)
O90 – PUC: “5B4758C25396ECF468E04F8E063287FF” . (.OfferBox.) — C:WindowsInstaller{2C8574B5-6935-4FCE-860E-F4E8602378FF}ARPPRODUCTICON.exe =>PUP.OfferBox
O90 – PUC: “EFE665B6D1CDF17439DD483862361F04” . (.OVT Scanner X86.) — C:WindowsInstaller{6B566EFE-DC1D-471F-93DD-84832663F140}ARPPRODUCTICON.exe
~ Update Products: 119 Legitimates Filtered in 00mn 00s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.899D66C970CC0581A87DD871DAEA812A] [WIS][06/03/2013] (.STARZIK INVEST – Starzik Download Manager.) — C:WindowsInstaller1533872.msi [48128]
[MD5.AA5F8DEF4C6C587D88EE5A7791B8D1D6] [WIS][06/06/2010] (.Secure Digital Services – OfferBox.) — C:WindowsInstaller4b06e9.msi [3062272] =>Adware.SPointer
~ WIS: 122 Legitimates Filtered in 00mn 15s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program FilesCommon FilesAdobeARM1.0armsvc.exe
SS – | Demand 12/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe
SS – | Auto 02/03/2009 81920 | (AESTFilters) . (.Andrea Electronics Corporation.) – C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_e2247046aestsrv.exe
SS – | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SS – | Demand 03/04/2008 193840 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) – C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe
SS – | Demand 21/12/2008 242424 | (GameConsoleService) . (.WildTangent, Inc..) – C:Program FilesHP GamesMy HP Game ConsoleGameConsoleService.exe
SS – | Auto 11/12/2009 133104 | (gupdate1ca7aad806c04f5) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 11/12/2009 133104 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Auto 31/10/2012 194032 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
SS – | Demand 25/01/2008 148832 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) – C:Program FilesHewlett-PackardSharedhpqwmiex.exe
SS – | Auto 13/05/2011 26168 | (hpsrv) . (.Hewlett-Packard Company.) – C:WindowsSystem32Hpservice.exe
SS – | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) – C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
SS – | Demand 07/06/2012 821648 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SS – | Auto 26/02/2008 73728 | (LightScribeService) . (.Hewlett-Packard Company.) – C:Program FilesCommon FilesLightScribeLSSrvc.exe
SS – | Demand 22/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
SS – | Auto 14/05/2008 292248 | (QPCapSvc) . (…) – C:Program FilesHPQuickPlayKernelTVQPCapSvc.exe
SS – | Auto 14/05/2008 116112 | (QPSched) . (…) – C:Program FilesHPQuickPlayKernelTVQPSched.exe
SS – | Auto 26/03/2008 341328 | (Recovery Service for Windows) . (…) – C:WindowsSMINSTBLService.exe
SS – | Auto 09/01/2007 272024 | (RichVideo) . (…) – C:Program FilesCyberLinkShared FilesRichVideo.exe
SS – | Auto 03/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) – C:Program FilesSkypeUpdaterUpdater.exe
SS – | Auto 21/07/2009 221266 | (STacSV) . (.IDT, Inc..) – C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_e2247046STacSV.exe

SR – | Auto 19/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopsched.exe
SR – | Auto 27/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopavguard.exe
SR – | Auto 24/05/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) – C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
SR – | Auto 21/01/2008 21504 | C:WindowsSystem32ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) – C:WindowsSystem32svchost.exe
SR – | Auto 09/10/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) – c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
SR – | Auto 21/01/2008 21504 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 21/01/2008 21504 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe

~ Services: Scanned in 00mn 17s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;

~ MBR: 1 Legitimates Filtered in 00mn 02s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Marie-Estelle at 30/12/2013 00:39:09

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s

—\ Scan Additionnel (O88)
Database Version : 13013 – (26/12/2013)
Clés trouvées (Keys found) : 81
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 18
Fichiers trouvés (Files found) : 6

[HKLMSoftwareGoogleChromeExtensionsndibdjnfmopecpmkdieinmbadjfpblof] =>Toolbar.AVGSearch^
[HKLMSoftwareGoogleChromeExtensionspflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch^
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{2C8574B5-6935-4FCE-860E-F4E8602378FF}] =>Adware.SPointer^
[HKLMSoftwareClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>PUP.Babylon
[HKLMSoftwareClassesTypeLib{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent
[HKLMSoftwareClassesCLSID{1B00725B-C455-4DE6-BFB6-AD540AD427CD}] =>Adware.MetaStream
[HKLMSoftwareMicrosoftActive SetupInstalled Components{1B00725B-C455-4DE6-BFB6-AD540AD427CD}] =>Adware.MetaStream
[HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCache{2C8574B5-6935-4FCE-860E-F4E8602378FF}] =>PUP.OfferBox
[HKLMSoftwareClassesTypeLib{4509D3CC-B642-4745-B030-645B79522C6D}] =>Toolbar.Conduit
[HKLMSoftwareClassesInterface{4897bba6-48d9-468c-8efa-846275d7701b}] =>Adware.SocialSkinz
[HKLMSoftwareClassesCLSID{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLMSoftwareClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{723328FF-22D0-497f-9EB5-1AC919582DE1}] =>Adware.SPointer
[HKLMSoftwareClassesCLSID{761f6a83-f007-49e4-8eac-cdb6808ef06f}] =>PUP.Eorezo
[HKLMSoftwareClassesCLSID{76c45b18-a29e-43ea-aaf8-af55c2e1ae17}] =>PUP.Eorezo
[HKLMSoftwareClassesCLSID{826D7151-8D99-434B-8540-082B8C2AE556}] =>PUP.Babylon
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}] =>PUP.Fbsearch
[HKLMSoftwareClassesCLSID{96ef404c-24c7-43d0-9096-4ccc8bb7ccac}] =>PUP.Eorezo
[HKLMSoftwareClassesCLSID{97720195-206a-42ae-8e65-260b9ba5589f}] =>PUP.Eorezo
[HKLMSoftwareClassesCLSID{97d69524-bb57-4185-9c7f-5f05593b771a}] =>PUP.Eorezo
[HKLMSoftwareClassesCLSID{986f7a5a-9676-47e1-8642-f41f8c3fcf82}] =>PUP.Eorezo
[HKLMSoftwareClassesTypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLMSoftwareClassesTypeLib{9dbb28c1-1925-11d3-a498-00104b6eb52e}] =>Adware.MetaStream
[HKLMSoftwareClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLMSoftwareClassesCLSID{b18788a4-92bd-440e-a4d1-380c36531119}] =>PUP.Eorezo
[HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{b41306c6-96d0-442a-bcc4-b0f621e82ce9}] =>PUP.OfferBox
[HKLMSoftwareClassesAppID{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
[HKLMSoftwareClassesCLSID{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}] =>Toolbar.Conduit
[HKCU{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}] =>Adware.DoubleD
[HKLMSoftwareClassesCLSID{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{F0626A63-410B-45E2-99A1-3F2475B2D695}] =>PUP.Fbsearch
[HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{F0626A63-410B-45E2-99A1-3F2475B2D695}] =>PUP.Fbsearch
[HKLMSoftwareClassesAppIDScriptHelper.EXE] =>Toolbar.AVGSearch
[HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheViewpointMediaPlayer] =>Adware.MetaStream
[HKLMSoftwareClassesaxmetastream.metastreamctl] =>Adware.MetaStream
[HKLMSoftwareClassesaxmetastream.metastreamctl.1] =>Adware.MetaStream
[HKLMSoftwareClassesAxMetaStream.MetaStreamCtlSecondary] =>Adware.MetaStream
[HKLMSoftwareClassesAxMetaStream.MetaStreamCtlSecondary.1] =>Adware.MetaStream
[HKLMSoftwareClassesURLSearchHook.ToolbarURLSearchHook] =>Toolbar.Agent
[HKLMSoftwareClassesurlsearchhook.toolbarurlsearchhook.1] =>Adware.Agent
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodes5B4758C25396ECF468E04F8E063287FF] =>PUP.OfferBox
[HKLMSoftwareClassesInstallerFeatures5B4758C25396ECF468E04F8E063287FF] =>PUP.OfferBox
[HKLMSoftwareClassesInstallerProducts5B4758C25396ECF468E04F8E063287FF] =>PUP.OfferBox
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products5B4758C25396ECF468E04F8E063287FF] =>PUP.OfferBox
[HKCUSoftwareFissaSearch] =>PUP.OfferBox
[HKLMSoftwareMetaStream] =>Adware.MetaStream
[HKCUSoftwareOfferBox] =>PUP.OfferBox
[HKCUSoftwareSoftonic] =>Toolbar.Conduit
[HKCUSoftwareSpointer] =>Adware.SPointer
[HKLMSoftwareViewpoint] =>Adware.MetaStream
[HKCUSoftwareWideStream] =>Adware.SPointer
[HKLMSoftwareClassesAppID{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>PUP.Babylon
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallViewpointMediaPlayer] =>Adware.MetaStream
[HKLMSoftwareMozillaPlugins@viewpoint.com/VMP] =>Adware.MetaStream
[HKCUSoftwareInstallCore] =>Adware.InstallCore
[HKLMSoftwareClassesAppIDsecman.DLL] =>PUP.Babylon
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components48A0552292E14244E8F3980FD3D01541] =>PUP.OfferBox
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components503398D5204CBDD48A5EE476D0CFCFEC] =>PUP.OfferBox
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components5BDF578D2C71DDC4997692F83B0A5C75] =>PUP.OfferBox
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components67909B00FA069BE4E80548738FE558FB] =>PUP.OfferBox
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components698B1BCDAEA97B945AE4001A96F1E755] =>PUP.OfferBox
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components7E6611210321F8640B41F98B10A8BD0A] =>PUP.OfferBox
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components88ADFBDCA3E069A47B07ECC2CED1E2B2] =>PUP.OfferBox
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components9ED6CAB2F119182EB7D8CE7156DC0915] =>PUP.OfferBox
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA3D6A80A87E22324A91C14AEBDF78525] =>PUP.OfferBox
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsB2F30BE10C5A9DD43A593262265CA298] =>PUP.OfferBox
[HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCache{79A765E1-C399-405B-85AF-466F52E918B0}] =>Adware.SimilarSites
[HKLMSoftwareClassesCLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =>Adware.BrowseFox
[HKLMSoftwareClassesprotector_dll.protectorbho] =>PUP.BProtector
[HKLMSoftwareClassesprotector_dll.protectorbho.1] =>PUP.BProtector
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components1322A677E76161CFC67C36E4B6D42B49] =>PUP.Offerbox^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components281E074C2C4344E4A8BB2BAE65BE729B] =>PUP.Offerbox^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components51C83A2C2B5C63748ACD3028A6DD53A5] =>PUP.Offerbox^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components8385B8BE0F211B245956C67BB4BAC17E] =>PUP.Offerbox^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components9CC2018422A9EAF40A57249F42102B13] =>PUP.Offerbox^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsAA606EFD77B9CB34BB2DA2F45B67425E] =>PUP.Offerbox^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsB767C33B25DCECA4FAD0D3B7D84B0A8E] =>PUP.Offerbox^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBA177F87B6B147649BD37D43B50863E5] =>PUP.Offerbox^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCEF27165872C9BEAACED23660032D2F2] =>PUP.Offerbox^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCFAEE3E72CC44004C998EBEE081CA40A] =>PUP.Offerbox^
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:OfferBox =>PUP.OfferBox^
[HKCUSoftwareMozillaFirefoxExtensions]:offerboxffx@offerbox.com =>PUP.OfferBox
C:UsersMarie-EstelleAppDataLocalGoogleChromeUser DataDefaultExtensionsndibdjnfmopecpmkdieinmbadjfpblof =>Toolbar.AVGSearch^
C:UsersMarie-EstelleAppDataLocalGoogleChromeUser DataDefaultExtensionspflphaooapbgpeakohlggbpidpppgdff =>Adware.MyWebSearch^
C:UsersMarie-EstelleAppDataRoamingMozillaFirefoxProfiles3dhaobu0.defaultextensions@FissaPlugin =>PUP.OfferBox^
C:UsersMarie-EstelleAppDataRoamingMozillaFirefoxProfiles3dhaobu0.defaultextensions{19803860-b306-423c-bbb5-f60a7d82cde5} =>Toolbar.Conduit^
C:UsersMarie-EstelleAppDataRoamingMozillaFirefoxProfiles3dhaobu0.defaultextensions{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} =>Adware.MyWebSearch^
C:Program FilesCrazyLoader =>Adware.SPointer^
C:Program FilesMyPC Backup =>PUP.MyPCBackup^
C:Program FilesWidestream6 =>Adware.SPointer^
C:UsersMarie-EstelleAppDataRoamingFissaSearch =>PUP.OfferBox^
C:UsersMarie-EstelleAppDataRoamingOfferBox =>PUP.OfferBox^
C:UsersMarie-EstelleAppDataRoamingOpenCandy =>Adware.OpenCandy^
C:UsersMarie-EstelleAppDataRoamingwidestream =>Adware.SPointer^
C:UsersMarie-EstelleAppDataLocalwidestream6 Air =>Adware.SPointer^
C:UsersMarie-EstelleAppDataRoamingMicrosoftWindowsStart MenuProgramsCrazyLoader =>Adware.SPointer^
C:Program FilesViewpoint =>Adware.MetaStream
C:ProgramDataViewpoint =>Adware.MetaStream
C:ProgramDataMicrosoftWindowsStart MenuProgramsOfferBox =>PUP.OfferBox
C:UsersMarie-EstelleAppDataRoamingMozillaFirefoxProfiles3dhaobu0.defaultSmartbar =>Hijacker.SmartBar
C:UsersMarie-EstelleAppDataRoamingMozillaFirefoxProfiles3dhaobu0.defaultSearchPluginsfissa.xml =>PUP.OfferBox
[HKCUSoftwareBabylon] =>PUP.Babylon^
[HKCUSoftwareConduit] =>Toolbar.Conduit^
[HKCUSoftwareVittalia] =>PUP.Vittalia^
[HKCUSoftwaremysearchdial.com] =>Adware.MyWebSearch^
C:WindowsInstaller4b06e9.msi =>Adware.SPointer^
~ Additionnel Scan: 431394 Items scanned in 00mn 36s