Répondre à : Clés usb infectées, fichiers et dossiers transformés en raccourcis 2016-09-08T13:28:24+00:00
Photo du profil de Marine14Marine14
Participant
Post count: 33

Voilà le rapport :
~ Rapport de ZHPDiag v2014.1.2.5 – Nicolas Coolman (02/01/2014)
~ Lancé par Maarine (05/01/2014 18:32:10)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.19088
GCIE: Google Chrome v31.0.1650.63 (Defaut)
OBIE: Safari v5.33.21.1

—\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Premium, 32-bit Service Pack 1 (Build 6001)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK

—\ Logiciels de protection du système
avast! Free Antivirus v9.0.2011
Norton Internet Security v16.0.0.125

—\ Logiciels d’optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 10 Plugin
Adobe Reader X – Français

—\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3068 MB (46% free)
System Restore: Activé (Enable)
System drive C: has 42 GB (18%) free of 222 GB

—\ Mode de connexion au système
~ Computer Name: 16MAI2009
~ User Name: Maarine
~ All Users Names: Maarine, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UsersMaarineAppDataRoamingZHP
~ %AppData% : C:UsersMaarineAppDataRoaming
~ %Desktop% : C:UsersMaarineDesktop
~ %Favorites% : C:UsersMaarineFavorites
~ %LocalAppData% : C:UsersMaarineAppDataLocal
~ %StartMenu% : C:UsersMaarineAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 42 Go of 222 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 11 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)
G: Floppy drive, Flash card reader, USB Key (Free 2 Go of 4 Go)
H: Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)

—\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.4F554999D7D5F05DAAEBBA7B5BA1089D] – (.Microsoft Corporation – Explorateur Windows.) (.29/10/2008 – 07:29:41.) — C:WindowsExplorer.exe [2927104]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] – (.Microsoft Corporation – Application de démarrage de Windows.) (.21/01/2008 – 03:23:42.) — C:WindowsSystem32Wininit.exe [96768]
[MD5.DE4685DE5130039FA63DA66C0F72F787] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.28/05/2011 – 07:08:58.) — C:WindowsSystem32wininet.dll [916480]
[MD5.C2610B6BDBEFC053BBDAB4F1B965CB24] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.21/01/2008 – 03:24:49.) — C:WindowsSystem32Winlogon.exe [314880]
[MD5.48EB99503533C27AC6135648E5474457] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.21/04/2011 – 14:16:42.) — C:Windowssystem32DriversAFD.sys [273408]
[MD5.9C0E70031905ADBF94EDB9EA14AF943B] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.21/01/2009 – 06:37:49.) — C:Windowssystem32Driversatapi.sys [21560]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.21/01/2008 – 03:23:51.) — C:Windowssystem32DriversCdfs.sys [70144]
[MD5.1EC25CEA0DE6AC4718BF89F9E1778B57] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/01/2008 – 03:23:02.) — C:Windowssystem32DriversCdrom.sys [67072]
[MD5.A3E9FA213F443AC77C7746119D13FEEC] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.14/04/2011 – 15:24:14.) — C:Windowssystem32DriversDfsC.sys [75264]
[MD5.C87B1EE051C0464491C1A7B03FA0BC99] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/01/2008 – 03:23:22.) — C:Windowssystem32DriversHDAudBus.sys [53760]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] – (.Microsoft Corporation – Pilote de port i8042.) (.21/01/2008 – 03:23:20.) — C:Windowssystem32Driversi8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] – (.Microsoft Corporation – IP Network Address Translator.) (.21/01/2008 – 03:24:25.) — C:Windowssystem32DriversIpNat.sys [100864]
[MD5.5734A0F2BE7E495F7D3ED6EFD4B9F5A1] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.29/04/2011 – 13:49:35.) — C:Windowssystem32DriversMRxSmb.sys [105984]
[MD5.7C5FEE5B1C5728507CD96FB4A13E7A02] – (.Microsoft Corporation – MBT Transport driver.) (.21/01/2008 – 03:24:59.) — C:Windowssystem32DriversnetBT.sys [184320]
[MD5.B4EFFE29EB4F15538FD8A9681108492D] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.21/01/2008 – 03:23:51.) — C:Windowssystem32Driversntfs.sys [1081912]
[MD5.0FA9B5055484649D63C303FE404E5F4D] – (.Microsoft Corporation – Pilote de port parallèle.) (.02/11/2006 – 09:51:30.) — C:Windowssystem32DriversParport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/01/2008 – 03:24:55.) — C:Windowssystem32DriversRasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.21/01/2008 – 03:23:01.) — C:Windowssystem32Driversrdpdr.sys [248832]
[MD5.031E6BCD53C9B2B9ACE111EAFEC347B6] – (.Microsoft Corporation – SMB Transport driver.) (.21/01/2008 – 03:25:00.) — C:Windowssystem32Driverssmb.sys [66560]
[MD5.D09276B1FAB033CE1D40DCBDF303D10F] – (.Microsoft Corporation – TDI Translation Driver.) (.21/01/2008 – 03:24:53.) — C:Windowssystem32Driverstdx.sys [71680]
[MD5.D8B4A53DD2769F226B3EB374374987C9] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/01/2008 – 03:23:21.) — C:Windowssystem32Driversvolsnap.sys [227896]
~ Generic Processes: Scanned in 00mn 01s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/16556
~ Mes musiques (My Musics) : 177/1621
~ Mes Videos (My Videos) : 1/14
~ Mes Favoris (My Favorites) : 1/120
~ Mes Documents (My Documents) : 1/5262
~ Mon Bureau (My Desktop) : 1/35
~ Menu demarrer (Programs) : 1/52
~ Hidden Files: Scanned in 00mn 07s

—\ Processus lancés
[MD5.AFEBF9E0B223FF04709F747C172D3540] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe [3764024] [PID.2656]
[MD5.7F0D8AD2737CA7B060E2A5605911C627] – (.Elex do Brasil Participações Ltda – YACTray.) — C:Program FilesiSafeiSafeTray.exe [599208] [PID.5996] =>Trojan.Staser
[MD5.4B555106290BD117334E9A08761C035A] – (…) — ystem32rundll32.exe [0] [PID.11520]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] – (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe [863184] [PID.1244]
[MD5.486BDC196F8914845302745A15310D62] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8321024] [PID.8532]
[MD5.D74884939D53612FD84AC82C59CCFE27] – (.AVAST Software – avast! Service.) — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [50344] [PID.1896]
[MD5.2CDEAF8465CB05935EDA05759D3ADE64] – (.Elex do Brasil Participações Ltda – iSafeSvc.) — C:Program FilesiSafeiSafeSvc.exe [491688] [PID.4952] =>Trojan.Staser
[MD5.14F2561F6B77D7524F7D3C589DDA7BF0] – (.Elex do Brasil Participações Ltda – iSafeSvc2.) — C:Program FilesiSafeiSafeSvc2.exe [777384] [PID.5256] =>Trojan.Staser
[MD5.834A990F60FDEA9152202C4D6DC84A31] – (…) — C:Program FilesBizzyboltupdateBizzybolt.exe [66848] [PID.3480] =>PUP.Bizzybolt
[MD5.A19B0BB5A7EB6DF2DD4A0711D36955EE] – (.Hewlett-Packard – HP Health Check Service.) — c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe [94208] [PID.2388]
[MD5.0BA91E1358AD25236863039BB2609A2E] – (.Microsoft Corporation – Service de gestion des licences Microsoft.) — C:Windowssystem32SLsvc.exe [2623488] [PID.9056]
[MD5.5DAF7081A4BB112FA3F1915819330A3E] – (…) — C:Program FilesZHPDiagpv.exe [61440] [PID.0]
~ Processes Running: Scanned in 00mn 01s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersMaarineAppDataLocalGoogleChromeUser DataDefaultPreferences
G1 – GCS: Preference [User DataDefault] http://www.nationzoom.com” onclick=”window.open(this.href);return false; =>Hijacker.NationZoom
G2 – GCE: Preference [User DataDefault] [alelhddbbhepgpmgidjdcjakblofbmce] Superbe capture d’u00C3u00A9cran : capturer et annoter v.3.5.10, (Activé)
G2 – GCE: Preference [User DataDefault] [bjeikeheijdjdfjbmknpefojickbkmom] Offerbox v.2.1.3600.135 (Désactivé) =>PUP.OfferBox
G2 – GCE: Preference [User DataDefault] [dgbjdgnkkchgleommaaapafcigjjbnmg] Bizzybolt v.1.0.0 (Activé) =>PUP.Bizzybolt
G2 – GCE: Preference [User DataDefault] [dhdppnagkklahjmblgdojadgbiffhejd] Deeal_fr 0.2 v.1.25.52, (Activé)
G2 – GCE: Preference [User DataDefault] [dpicnlijpdlebkhpegfenfjpglinfdhm] OfferBox v.5.1.2514.23 (Désactivé) =>PUP.OfferBox
G2 – GCE: Preference [User DataDefault] [eidogommnbbcgnhfjkcgjnlonijjhmjl] SocialPlus! v.2.5.4 (Désactivé)
G2 – GCE: Preference [User DataDefault] [enggflalpipaefdpfehdcbmklnbhndfn] VDM – viedemerde.fr RSS Viewer v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [faminaibgiklngmfpfbhmokfmnglamcm] PanicButton v.0.14.2.2 (Activé)
G2 – GCE: Preference [User DataDefault] [gebbadcnkcgcfgpbmcdleckpejgopimf] cacaoweb v.1.18 (Activé) =>PUP.CacaoWeb
G2 – GCE: Preference [User DataDefault] [gjoijgcajekmbkdmpijbkdilkddokojp] Super Mario 2 v.0.3.0.0 (Désactivé)
G2 – GCE: Preference [User DataDefault] [gliedaffibdnbhbiaolgkdhhfbjgmhgi] Dots v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [ieacoaafajmkiffjfagoekhjjbdhbojp] Super Mario v.0.6.2.0 (Désactivé)
G2 – GCE: Preference [User DataDefault] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.1.1.7.9, (Activé) =>PUP.Elex
G2 – GCE: Preference [User DataDefault] [ihflimipbcaljfnojhhknppphnnciiif] Facemoods v.1.2.1 (Désactivé) =>Adware.Facemoods
G2 – GCE: Preference [User DataDefault] [iknffkmlbmmhbnfhfnpopiembeecpokj] Facemoi v.2.3.0 (Désactivé) =>PUP.Facemoi
G2 – GCE: Preference [User DataDefault] [kbjlipmgfoamgjaogmbihaffnpkpjajp] Bubble Dock v.1.0.0.130 (Désactivé) =>PUP.BubbleDock
G2 – GCE: Preference [User DataDefault] [khcceooakamlehbimaepcldnnlnkcmfk] SaveSense v.3.5.0.0 (Activé) =>PUP.SaveSense
G2 – GCE: Preference [User DataDefault] [kngejcchcedjdemdaeneneeahmjnpaec] Interest Recognizer for Moovida v.3.4.1545.153 (Désactivé) =>Adware.SPointer
G2 – GCE: Preference [User DataDefault] [leahdjjpjmnamomgpojikeapflgbmjab] cacaoweb v.1.16 (Activé) =>PUP.CacaoWeb
G2 – GCE: Preference [User DataDefault] [licjnkifamhpbaefhdpacpmihicfbomb] PricePeep v.2.2.0.7 (Activé) =>Adware.PricePeep
G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Googleu00C2 Wallet v.0.0.6.0 (Activé)
~ Google Browser: 33 Legitimates Filtered in 00mn 03s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 – FPN: [HKLM] [@t-immersion.com/DFusionHomeWebPlugIn] – (.Total Immersion – D’Fusion @Home Web Plug-In (2.30.11563.0).) — C:Program FilesTotal ImmersionDFusionHomeWebPlugInNPDFusionWebFirefox.dll
~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.nationzoom.com” onclick=”window.open(this.href);return false; =>Hijacker.NationZoom
R0 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.nationzoom.com” onclick=”window.open(this.href);return false; =>Hijacker.NationZoom
R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://feed.snapdo.com” onclick=”window.open(this.href);return false; =>Hijacker.SmartBar
R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.nationzoom.com” onclick=”window.open(this.href);return false; =>Hijacker.NationZoom
R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.nationzoom.com” onclick=”window.open(this.href);return false; =>Hijacker.NationZoom
R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = http://feed.snapdo.com” onclick=”window.open(this.href);return false; =>Hijacker.SmartBar
R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://www.nationzoom.com” onclick=”window.open(this.href);return false; =>Hijacker.NationZoom
R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.nationzoom.com” onclick=”window.open(this.href);return false; =>Hijacker.NationZoom
R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.nationzoom.com” onclick=”window.open(this.href);return false; =>Hijacker.NationZoom
R1 – HKCUSOFTWAREMicrosoftInternet ExplorerSearch,Default_Search_URL = http://feed.snapdo.com” onclick=”window.open(this.href);return false; =>Hijacker.SmartBar
R1 – HKCUSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant = http://feed.snapdo.com” onclick=”window.open(this.href);return false; =>Hijacker.SmartBar
R1 – HKLMSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant = http://fr.gdark.com” onclick=”window.open(this.href);return false;
~ IE Browser: 20 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32Userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20

—\ Browser Helper Objects de navigateur (O2)
O2 – BHO: SaveSense – {0f21b1e5-5afc-43c9-9c66-515046e92ec2} . (.SaveSense – SaveSense for IE.) — C:Program FilesSaveSenseSaveSenseIE.dll =>PUP.SaveSense
O2 – BHO: CrossriderApp0043960 – {11111111-1111-1111-1111-110411391160} . (.Corporate Inc – Deeal_fr 0.2 BHO.) — C:Program FilesDeeal_fr 0.2Deeal_fr 0.2-bho.dll =>PUP.CrossRider
O2 – BHO: Bizzybolt – {13070af0-bc6c-4185-8baa-40a4cf05b323} . (.Bizzybolt – Bizzybolt.) — C:Program FilesBizzyboltBizzyboltbho.dll =>PUP.Bizzybolt
O2 – BHO: PriceGong – {1631550F-191D-4826-B069-D9439253D926} . (.PriceGong – PriceGong Comparative Shopping Tool.) — C:Program FilesPriceGong2.5.0PriceGongIE.dll =>Adware.PriceGong
O2 – BHO: ShoppingReport2 – {258C9770-1713-4021-8D7E-1F184A2BD754} . (.SmartShopper Networks – Pas de description.) — C:Program FilesShoppingReport2Bin2.7.34ShoppingReport.dll =>Adware.ShoppingReport
O2 – BHO: AOL Toolbar BHO – {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} . (.AOL LLC – AOL IE Toolbar Dynamic Link Library.) — C:Program FilesAOLAOL Toolbar 5.0aoltb.dll
O2 – BHO: (no name) – {84FF7BD6-B47F-46F8-9130-01B2696B36CB} Clé orpheline
O2 – BHO: Interest recogniser for Moovida (powered by Spointer) – {E2A7BD67-0EAF-497f-B05B-748D7BF3C421} . (.Moovida – Interest Recognizer for Moovida.) — C:Program FilesFluendoMoovidaspointerextensionsmoovida_air_ie.dll =>Adware.SPointer
O2 – BHO: jeuxob.fr Toolbar – {f78e6501-b9de-48b9-b86c-6da8542ccc4e} . (.Conduit Ltd. – Conduit Toolbar.) — C:Program Filesjeuxob.frtbjeux.dll =>Toolbar.Conduit
O2 – BHO: OfferBox – {FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C} . (.Secure Digital Services Limited – OfferBox.) — C:Program FilesOfferBoxOfferBoxBHO.dll =>Adware.SPointer
O2 – BHO: PricePeep – {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} . (.PricePeep – PricePeep.) — C:Program FilesPricePeeppricepeep.dll =>Adware.PricePeep
~ BHO: 46 Legitimates Filtered in 00mn 01s

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: AOL Toolbar – [HKLM]{DE9C389F-3316-41A7-809B-AA305ED9D922} . (.AOL LLC – AOL IE Toolbar Dynamic Link Library.) — C:Program FilesAOLAOL Toolbar 5.0aoltb.dll
O3 – Toolbar: Hotbar – [HKLM]{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} . (.Pinball Corporation. – Hotbar.) — C:Program FilesHotbarbin11.0.78.0HostIE.dll
O3 – Toolbar: facemoods Toolbar – [HKLM]{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} . (…) — C:Program Filesfacemoods.comfacemoods1.4.17.3facemoodsTlbr.dll =>Adware.Facemoods
O3 – Toolbar: jeuxob.fr Toolbar – [HKLM]{f78e6501-b9de-48b9-b86c-6da8542ccc4e} . (.Conduit Ltd. – Conduit Toolbar.) — C:Program Filesjeuxob.frtbjeux.dll =>Toolbar.Conduit
O3 – Toolbar: Google Toolbar – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
O3 – Toolbar: avast! Online Security – [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software – IE Webrep plugin.) — C:Program FilesAlwil SoftwareAvast5aswWebRepIE.dll
O3 – ToolbarWebBrowser: (no name) – [HKCU]{DE9C389F-3316-41A7-809B-AA305ED9D922} Clé orpheline
O3 – ToolbarWebBrowser: (no name) – [HKCU]{F2CF5485-4E02-4F68-819C-B92DE9277049} Clé orpheline
O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 – ToolbarWebBrowser: (no name) – [HKCU]{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} Clé orpheline
O3 – ToolbarWebBrowser: (no name) – [HKCU]{F78E6501-B9DE-48B9-B86C-6DA8542CCC4E} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: Aide et Support d’HP.lnk . (.Hewlett-Packard – HPHS Launcher.) — C:WindowsHelpOEMscriptsHPHS_Launcher.exe
O4 – GSDesktop [Public]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe http://www.nationzoom.com” onclick=”window.open(this.href);return false; =>Hijacker.NationZoom
O4 – GSDesktop [Public]: Guitar Pro 6.lnk . (…) — C:Program FilesGuitar Pro 6GuitarPro.exe
O4 – GSDesktop [Public]: HP MediaSmart.lnk . (…) — C:WindowsInstaller{A7AC8E69-01FF-494E-9A2C-423B82CEA604}_E26E59D8354615EA55556B.exe
O4 – GSDesktop [Public]: HP Total Care Advisor.lnk . (.Hewlett-Packard – HP Advisor.) — C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe
O4 – GSDesktop [Public]: Jeux et musique gratuits.lnk . (…) — C:Program FilesRealRealPlayerfreeoffers.rnx
O4 – GSDesktop [Public]: Moovida.lnk . (.Fluendo Embedded – Moovida.) — C:Program FilesFluendoMoovidaMoovida.exe =>Adware.SPointer
O4 – GSDesktop [Public]: More Great Games.lnk – Clé orpheline
O4 – GSDesktop [Public]: My HP Games.lnk . (…) — C:Program FilesHP Gamesonplayonplay.exe
O4 – GSDesktop [Public]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation – OpenOffice 4.0.1.) — C:Program FilesOpenOffice 4programsoffice.exe
O4 – GSDesktop [Public]: Phylogène.lnk . (.INRP – Pas de description.) — C:PhylogeneProgrammesPhylo.exe
O4 – GSDesktop [Public]: Play Plants vs Zombies.lnk . (…) — C:Program FilesPlants vs ZombiesLaunchGame.bfg
O4 – GSDesktop [Public]: PokerStars.fr.lnk . (.PokerStars – PokerStars Update.) — C:Program FilesPokerStars.FRPokerStarsUpdate.exe
O4 – GSDesktop [Public]: Pour les enfants.lnk . (.EasyBits Software AS – For Kids.) — C:Program FilesEasyBits For KidsPromoezKidsReady.exe =>.EasyBits Software AS
O4 – GSDesktop [Public]: Safari.lnk . (…) — C:WindowsInstaller{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}SafariIco.exe
O4 – GSDesktop [Public]: YAC.lnk . (.Elex do Brasil Participações Ltda – iStart.) — C:Program FilesiSafeiStart.exe =>Trojan.Staser
O4 – GSProgram [Public]: HP Total Care Advisor.lnk . (.Hewlett-Packard – HP Advisor.) — C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe
O4 – GSProgram [Public]: Moovida.lnk . (.Fluendo Embedded – Moovida.) — C:Program FilesFluendoMoovidaMoovida.exe =>Adware.SPointer
O4 – GSProgram [Public]: More Great Games.lnk – Clé orpheline
O4 – GSProgram [Public]: Navigateur OfferBox.lnk . (…) — C:Program FilesOfferBoxOfferBoxLauncher.exe (.not file.) =>PUP.OfferBox
O4 – GSProgram [Public]: Pour les enfants.lnk . (.EasyBits Software AS – For Kids.) — C:Program FilesEasyBits For KidsPromoezKidsReady.exe =>.EasyBits Software AS
O4 – GSProgram [Public]: Safari.lnk . (…) — C:WindowsInstaller{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}SafariIco.exe
O4 – GSQuickLaunch [Maarine]: Apple Safari.lnk . (…) — C:WindowsInstaller{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}SafariIco.exe
O4 – GSQuickLaunch [Maarine]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe http://www.nationzoom.com” onclick=”window.open(this.href);return false; =>Hijacker.NationZoom
O4 – GSQuickLaunch [Maarine]: Guitar Pro 6.lnk . (…) — C:Program FilesGuitar Pro 6GuitarPro.exe
O4 – GSQuickLaunch [Maarine]: HP MediaSmart Webcam.lnk . (.CyberLink Corp. – HP MediaSmart Webcam.) — C:Program FilesHewlett-PackardMediaWebcamHPMediaSmartWebcam.exe
O4 – GSQuickLaunch [Maarine]: HP MediaSmart.lnk . (…) — C:WindowsInstaller{A7AC8E69-01FF-494E-9A2C-423B82CEA604}_3D6C77F60D97007F65EA64.exe
O4 – GSQuickLaunch [Maarine]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe http://www.nationzoom.com” onclick=”window.open(this.href);return false; =>Hijacker.NationZoom
O4 – GSQuickLaunch [Maarine]: PhotoScape.lnk . (…) — C:Program FilesPhotoScapePhotoScape.exe
O4 – GSQuickLaunch [Maarine]: PokerStars.fr.lnk . (.PokerStars – PokerStars Update.) — C:Program FilesPokerStars.FRPokerStarsUpdate.exe
O4 – GSProgram [Maarine]: Create Amazing Presentations.lnk – Clé orpheline
O4 – GSProgram [Maarine]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe http://www.nationzoom.com” onclick=”window.open(this.href);return false; =>Hijacker.NationZoom
O4 – GSProgram [Maarine]: Lollipop.lnk . (…) — C:UsersMaarineAppDataLocalLollipopLollipop.exe =>Adware.Lollipop
O4 – GSSystemTools [Maarine]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe http://www.nationzoom.com” onclick=”window.open(this.href);return false; =>Hijacker.NationZoom
O4 – GSDesktop [Maarine]: Create Amazing Presentations.lnk – Clé orpheline
O4 – GSDesktop [Maarine]: Hôtel Mogul.lnk . (…) — C:Program FilesJeux.frHotel MogulHM.exe
O4 – GSDesktop [Maarine]: Jane’s Zoo.lnk . (.Oberon Media Inc. – Game Launcher.) — C:Program FilesJeux.frJane’s ZooLaunch.exe
O4 – GSDesktop [Maarine]: Jeux.fr.lnk – Clé orpheline
O4 – GSDesktop [Maarine]: MPS.lnk . (.Microsoft Corporation – Interpréteur de commandes Windows.) — C:Windowssystem32cmd.exe =>.Microsoft Corporation
O4 – GSDesktop [Maarine]: Objectif Examen.lnk . (.Macrovision Corporation – InstallShield.) — C:UsersMaarineAppDataRoamingMicrosoftInstaller{39853B6B-FA3D-4040-805D-957CE51C4D0D}Moto.exe1_39853B6BFA3D4040805D957CE51C4D0D.exe
O4 – GSDesktop [Maarine]: Optimizer Pro.lnk . (.PC Utilities Pro – Optimizer Pro.) — C:Program FilesOptimizer ProOptimizerPro.exe =>PUP.OptimizerPro
O4 – GSDesktop [Maarine]: PhotoScape.lnk . (…) — C:Program FilesPhotoScapePhotoScape.exe
O4 – GSDesktop [Maarine]: StopPub.lnk . (…) — C:Program FilesJCA2000StopPubStopPub.exe
~ Global Startup: 116 Legitimates Filtered in 00mn 01s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Maarine]: Dropbox.lnk . (.Dropbox, Inc. – Dropbox.) — C:UsersMaarineAppDataRoamingDropboxbinDropbox.exe =>.Dropbox
O4 – GSStartup [Maarine]: lollipop.lnk . (…) — C:UsersMaarineAppDataLocalLollipopLollipop.exe =>Adware.Lollipop
O4 – GSStartup [Maarine]: PricePeepUpdater.lnk . (…) — C:Program FilesPricePeepPricePeepUpdater.exe =>Adware.PricePeep
O4 – HKLM..Run: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
O4 – HKLM..Run: [SynTPEnh] . (.Synaptics, Inc. – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 – HKLM..Run: [SysTrayApp] . (.IDT, Inc. – IDT PC Audio.) — C:Program FilesIDTWDMsttray.exe
O4 – HKLM..Run: [DVDAgent] . (.CyberLink Corp. – HP DVDSmart Resident Program.) — C:Program FilesHewlett-PackardMediaDVDDVDAgent.exe
O4 – HKLM..Run: [TSMAgent] . (.CyberLink Corp. – CyberLink PowerCinema Resident Program.) — C:Program FilesHewlett-PackardTouchSmartMediaTSMAgent.exe
O4 – HKLM..Run: [CLMLServer for HP TouchSmart] . (.CyberLink – CyberLink MediaLibray Service.) — C:Program FilesHewlett-PackardTouchSmartMediaKernelCLMLCLMLSvc.exe
O4 – HKLM..Run: [UCam_Menu] . (.CyberLink Corp. – MUI StartMenu Application.) — C:Program FilesHewlett-PackardMediaWebcamMUITransferMUIStartMenu.exe
O4 – HKLM..Run: [SmartMenu] . (.Hewlett-Packard – HP MediaSmart SmartMenu.) — C:Program FilesHewlett-PackardHP MediaSmartSmartMenu.exe
O4 – HKLM..Run: [UpdateLBPShortCut] . (.CyberLink Corp. – StartMen Application.) — C:Program FilesCyberLinkLabelPrintMUITransferMUIStartMenu.exe
O4 – HKLM..Run: [UpdatePSTShortCut] . (.CyberLink Corp. – MUI StartMenu Application.) — C:Program FilesCyberLinkDVD SuiteMUITransferMUIStartMenu.exe
O4 – HKLM..Run: [Windows Defender] . (.Microsoft Corporation – Windows Defender User Interface.) — C:Program FilesWindows DefenderMSASCui.exe
O4 – HKLM..Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. – Quick Launch Buttons.) — C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe
O4 – HKLM..Run: [UpdateP2GoShortCut] . (.CyberLink Corp. – MUI StartMenu Application.) — C:Program FilesCyberLinkPower2GoMUITransferMUIStartMenu.exe
O4 – HKLM..Run: [UpdatePDIRShortCut] . (.CyberLink Corp. – StartMen Application.) — C:Program FilesCyberLinkPowerDirectorMUITransferMUIStartMenu.exe
O4 – HKLM..Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. – Java(TM) Platform SE binary.) — C:Program FilesJavajre6binjusched.exe =>.Oracle Corporation
O4 – HKLM..Run: [HP Health Check Scheduler] . (.Hewlett-Packard – HP Health Check Scheduler.) — c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
O4 – HKLM..Run: [HP Software Update] . (.Hewlett-Packard – hpwuSchd Application.) — C:Program FilesHpHP Software UpdateHPWuSchd2.exe =>.Hewlett-Packard Co
O4 – HKLM..Run: [WirelessAssistant] . (.Hewlett-Packard – HP Wireless Assistant main program.) — C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
O4 – HKLM..Run: [Google Quick Search Box] . (.Google Inc. – Quick Search Box.) — C:Program FilesGoogleQuick Search BoxGoogleQuickSearchBox.exe
O4 – HKLM..Run: [AppleSyncNotifier] . (.Apple Inc. – AppleSyncNotifier.) — C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
O4 – HKLM..Run: [TkBellExe] . (.RealNetworks, Inc. – RealNetworks Scheduler.) — C:Program FilesCommon FilesRealUpdate_OBrealsched.exe =>.RealNetworks, Inc
O4 – HKLM..Run: [Nikon Transfer Monitor] . (.Nikon Corporation – Nikon Transfer Monitor.) — C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
O4 – HKLM..Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program FilesAdobeReader 10.0ReaderReader_sl.exe
O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesQuickTimeQTTask.exe
O4 – HKLM..Run: [facemoods] C:Program Filesfacemoods.comfacemoods1.4.17.3facemoodssrv.exe (.not file.) =>Adware.Facemoods
O4 – HKLM..Run: [Facemoi] . (.Pas de propriétaire – gm4ie MFC Application.) — c:Facemoifacemoi.exe =>PUP.Facemoi
O4 – HKLM..Run: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe
O4 – HKLM..Run: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe
O4 – HKLM..RunOnce: [Del6273439] . (.Microsoft Corporation – Interpréteur de commandes Windows.) — C:WindowsSystem32cmd.exe =>.Microsoft Corporation
O4 – HKCU..Run: [LightScribe Control Panel] . (.Hewlett-Packard Company – Pas de description.) — C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe
O4 – HKCU..Run: [HPAdvisor] . (.Hewlett-Packard – HP Advisor.) — C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe
O4 – HKCU..Run: [msnmsgr] . (.Microsoft Corporation – Windows Live Messenger.) — C:Program FilesWindows LiveMessengermsnmsgr.exe
O4 – HKCU..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
O4 – HKCU..Run: [xgqbc] c:usersmaarineappdatalocalxgqbc.exe (.not file.)
O4 – HKCU..Run: [GM4IE] . (.Pas de propriétaire – gm4ie MFC Application.) — C:Facemoifacemoi.exe =>PUP.Facemoi
O4 – HKCU..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
O4 – HKCU..Run: [cacaoweb] . (…) — C:UsersMaarineAppDataRoamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
O4 – HKCU..Run: [Bubble Dock] . (.Nosibay – Bubble Dock.) — C:UsersMaarineAppDataRoamingNosibayBubble DockLBubble Dock.exe =>PUP.BubbleDock
O4 – HKCU..Run: [Optimizer Pro] . (…) — C:Program FilesOptimizer ProOptProLauncher.exe =>PUP.OptimizerPro
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..Run: [WindowsWelcomeCenter] Clé orpheline
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [WindowsWelcomeCenter] Clé orpheline
O4 – HKUSS-1-5-21-2704428714-541136749-3450515838-1000..Run: [LightScribe Control Panel] . (.Hewlett-Packard Company – Pas de description.) — C:Program FilesCommon FilesLightScribeLightScribeControlPanel.exe
O4 – HKUSS-1-5-21-2704428714-541136749-3450515838-1000..Run: [HPAdvisor] . (.Hewlett-Packard – HP Advisor.) — C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe
O4 – HKUSS-1-5-21-2704428714-541136749-3450515838-1000..Run: [msnmsgr] . (.Microsoft Corporation – Windows Live Messenger.) — C:Program FilesWindows LiveMessengermsnmsgr.exe
O4 – HKUSS-1-5-21-2704428714-541136749-3450515838-1000..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
O4 – HKUSS-1-5-21-2704428714-541136749-3450515838-1000..Run: [xgqbc] c:usersmaarineappdatalocalxgqbc.exe (.not file.)
O4 – HKUSS-1-5-21-2704428714-541136749-3450515838-1000..Run: [GM4IE] . (.Pas de propriétaire – gm4ie MFC Application.) — C:Facemoifacemoi.exe =>PUP.Facemoi
O4 – HKUSS-1-5-21-2704428714-541136749-3450515838-1000..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-2704428714-541136749-3450515838-1000..Run: [cacaoweb] . (…) — C:UsersMaarineAppDataRoamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
O4 – HKUSS-1-5-21-2704428714-541136749-3450515838-1000..Run: [Bubble Dock] . (.Nosibay – Bubble Dock.) — C:UsersMaarineAppDataRoamingNosibayBubble DockLBubble Dock.exe =>PUP.BubbleDock
O4 – HKUSS-1-5-21-2704428714-541136749-3450515838-1000..Run: [Optimizer Pro] . (…) — C:Program FilesOptimizer ProOptProLauncher.exe =>PUP.OptimizerPro
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: &Envoyer à OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft Office OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~3Office12ONBttnIE.dll
O9 – Extra button: PokerStars.fr – {90EAE591-7E7E-434a-8E28-ECFD00071806} — C:Program FilesPokerStars.FRmain.ico (.not file.)
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) — C:Program FilesMicrosoft OfficeOffice12REFBARH.ICO
O9 – Extra button: ClickPotato – {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} . (.Pinball Corporation – ClickPotato.) — C:Program FilesClickPotatoLitebin10.0.668.0ClickPotatoLiteSABHO.dll =>Adware.ClickPotato
O9 – Extra button: ShopperReports – Compare product prices – {DB38E21A-0133-419d-92AD-ECDFD5244D6D} . (.SmartShopper Networks – Pas de description.) — C:Program FilesShoppingReport2Bin2.7.34ShoppingReport.dll =>Adware.ShopperReports
O9 – Extra button: ShopperReports – Compare travel rates – {EB620C54-E229-4942-87CE-E717109FC8C6} . (.SmartShopper Networks – Pas de description.) — C:Program FilesShoppingReport2Bin2.7.34ShoppingReport.dll =>Adware.ShopperReports
~ IE Extra Buttons: Scanned in 00mn 01s

—\ Objets ActiveX (Downloaded Program Files)(O16)
O16 – DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} ((no name)) – http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab” onclick=”window.open(this.href);return false;
O16 – DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} ((no name)) – http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
O16 – DPF: {5D6F45B3-9043-443D-A792-115447494D24} ((no name)) – http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab” onclick=”window.open(this.href);return false;
O16 – DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} ((no name)) – http://download.divx.com/player/DivXBrowserPlugin.cab” onclick=”window.open(this.href);return false;
O16 – DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} ((no name)) – http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab” onclick=”window.open(this.href);return false;
O16 – DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) – http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab” onclick=”window.open(this.href);return false;
O16 – DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} ((no name)) – http://game10.zylom.com/activex/zylomgamesplayer.cab” onclick=”window.open(this.href);return false;
O16 – DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ((no name)) – http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab” onclick=”window.open(this.href);return false;
O16 – DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} ((no name)) – http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-fr.cab” onclick=”window.open(this.href);return false;
~ Objets ActiveX: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{79D624D1-A6E7-45CE-BA1D-90A0E60F5F03}: DhcpNameServer = 192.168.0.254
O17 – HKLMSystemCS1ServicesTcpip..{79D624D1-A6E7-45CE-BA1D-90A0E60F5F03}: DhcpNameServer = 192.168.0.254
O17 – HKLMSystemCS2ServicesTcpip..{79D624D1-A6E7-45CE-BA1D-90A0E60F5F03}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 – HKLMSystemCS3ServicesTcpip..{79D624D1-A6E7-45CE-BA1D-90A0E60F5F03}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlmailhtml – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation – Windows Live Mail.) — C:Program FilesWindows LiveMailmailcomm.dll =>.Microsoft Corporation
O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – AppInit_DLLs: . (…) – C:Program FilesOptimizer ProOptProCrash.dll =>PUP.OptimizerPro
~ AppInit DLL: Scanned in 00mn 00s

—\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation – Bibliothèque de l’interface utilisateur du.) — C:WindowsSystem32browseui.dll
~ STS/SSO: Scanned in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: Optimizer Pro Crash Monitor (ca82e1a5) . (…) – C:Program Filesoptimi~1OptProCrash.exe =>PUP.OptimizerPro
O23 – Service: iSafeService (iSafeService) . (.Elex do Brasil Participações Ltda – iSafeSvc.) – C:Program FilesiSafeiSafeSvc.exe =>Trojan.Staser
O23 – Service: SaveSenseLive Service (savesenselive) (savesenselive) . (.SaveSense – SaveSenseLive Update.) – C:Program FilesSaveSenseLiveUpdateSaveSenseLive.exe =>PUP.SaveSense
O23 – Service: SProtection (SProtection) . (.Iminent – Iminent Protection.) – C:Program FilesCommon FilesUmbrellaUmbrella.exe =>Adware.IMBooster
O23 – Service: Update Bizzybolt (Update Bizzybolt) . (…) – C:Program FilesBizzyboltupdateBizzybolt.exe =>PUP.Bizzybolt
O23 – Service: WinkHandler (WinkHandler) . (…) – C:Program FilesIminentWinkHandler.exe =>Adware.IMBooster
O23 – Service: Wpm Service (Wpm) . (.Cherished Technololgy LIMITED – WPM Service.) – C:ProgramDataWPMwprotectmanager.exe =>PUP.WpManager
O23 – Service: Power Control [2009/01/13 06:10:32] ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.CyberLink Corp. – Pas de description.) – C:Program FilesHewlett-PackardMediaDVD00.fcl
~ Services: 21 Legitimates Filtered in 00mn 09s

—\ Tâches planifiées en automatique (O39)
O39 – APT:Automatic Planified Task – C:WindowsTasksDeeal_fr 0.2-chromeinstaller.job [1930]
O39 – APT:Automatic Planified Task – C:WindowsTasksDeeal_fr 0.2-codedownloader.job [1196]
O39 – APT:Automatic Planified Task – C:WindowsTasksDeeal_fr 0.2-enabler.job [1096]
O39 – APT:Automatic Planified Task – C:WindowsTasksDeeal_fr 0.2-firefoxinstaller.job [2010]
O39 – APT:Automatic Planified Task – C:WindowsTasksDeeal_fr 0.2-updater.job [1294]
O39 – APT:Automatic Planified Task – C:WindowsTasksSaveSenseLiveUpdateTaskMachineCore.job [918] =>PUP.SaveSense
O39 – APT:Automatic Planified Task – C:WindowsTasksSaveSenseLiveUpdateTaskMachineUA.job [922] =>PUP.SaveSense
[MD5.04DBFB81492ACEA9B3BFF307399B17A1] [APT] [Deeal_fr 0.2-chromeinstaller] (.Corporate Inc.) — C:Program FilesDeeal_fr 0.2Deeal_fr 0.2-chromeinstaller.exe [783872]
[MD5.151F7CFD00FCDD316362E69584B1952F] [APT] [Deeal_fr 0.2-codedownloader] (.Corporate Inc.) — C:Program FilesDeeal_fr 0.2Deeal_fr 0.2-codedownloader.exe [522240]
[MD5.11A1014D4CDEE26CECD3E9274B52F879] [APT] [Deeal_fr 0.2-enabler] (.Corporate Inc.) — C:Program FilesDeeal_fr 0.2Deeal_fr 0.2-enabler.exe [343552]
[MD5.C3F03675C1EEAB1D26035320687EEE20] [APT] [Deeal_fr 0.2-firefoxinstaller] (.Corporate Inc.) — C:Program FilesDeeal_fr 0.2Deeal_fr 0.2-firefoxinstaller.exe [832512]
[MD5.0F0F5AB9ACFF7C50B6925C87D36C958A] [APT] [Deeal_fr 0.2-updater] (.Corporate Inc.) — C:Program FilesDeeal_fr 0.2Deeal_fr 0.2-updater.exe [352768]
[MD5.6F2939B1EC17A6631106CFD013A9CD77] [APT] [SaveSense] (…) — C:UsersMaarineAppDataRoamingSAVESE~1UPDATE~1UPDATE~1.exe [199176] =>PUP.SaveSense
[MD5.C495D8665A32539660625182D23D5C59] [APT] [SaveSenseLiveUpdateTaskMachineCore] (.SaveSense.) — C:Program FilesSaveSenseLiveUpdateSaveSenseLive.exe [146920] =>PUP.SaveSense
[MD5.C495D8665A32539660625182D23D5C59] [APT] [SaveSenseLiveUpdateTaskMachineUA] (.SaveSense.) — C:Program FilesSaveSenseLiveUpdateSaveSenseLive.exe [146920] =>PUP.SaveSense
[MD5.87948212C71A773AEF4C68029BFAE924] [APT] [wp_update] (…) — C:UsersMaarineAppDataRoaming~guzsbhy.exe [493272] =>PUP.WpManager
~ Scheduled Task: 35 Legitimates Filtered in 00mn 02s

—\ Pilotes lancés au démarrage du système (O41)
O41 – Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda – iSafeNetFilter SDK TDI Hook Driver (WPP).) – C:Program FilesiSafeiSafeNetFilter.sys =>Trojan.Staser
~ Drivers: 88 Legitimates Filtered in 00mn 02s

—\ Logiciels installés (O42)
O42 – Logiciel: Bizzybolt – (.Bizzybolt.) [HKLM] — Bizzybolt =>PUP.Bizzybolt
O42 – Logiciel: Deeal_fr 0.2 – (.Corporate Inc.) [HKLM] — Deeal_fr 0.2
O42 – Logiciel: Duuqu Update Helper – (.Duuqu Group.) [HKLM] — {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} =>PUP.Duuqu
O42 – Logiciel: FREEzeFrog – (…) [HKLM] — FREEzeFrogSA =>Adware.FreezeFrog
O42 – Logiciel: Favorit (kfcrp) – (…) [HKLM] — kfcrp =>Adware.Favorit
O42 – Logiciel: Fissa – (.Secure Digital Services.) [HKLM] — {4BD271AB-66E2-4D58-AF88-80FE3B0770C4} =>Adware.SPointer
O42 – Logiciel: Iminent – (.Iminent.) [HKLM] — IMBoosterARP =>Adware.IMBooster
O42 – Logiciel: Lollipop – (.Lollipop Network, S.L..) [HKCU] — lollipop =>Adware.Lollipop
O42 – Logiciel: PokerStars.fr – (.PokerStars.fr.) [HKLM] — PokerStars.fr
O42 – Logiciel: PriceGong 2.5.0 – (.PriceGong.) [HKLM] — PriceGong =>Adware.PriceGong
O42 – Logiciel: PricePeep – (.betwikx LLC.) [HKLM] — PricePeep =>Adware.PricePeep
O42 – Logiciel: SaveSense (remove only) – (.SaveSense.) [HKLM] — SaveSense =>PUP.SaveSense
O42 – Logiciel: SaveSense – (…) [HKCU] — SaveSense =>PUP.SaveSense
O42 – Logiciel: ShopperReports – (.ShopperReports.) [HKLM] — ShoppingReport2 =>Adware.ShopperReports
O42 – Logiciel: ShopperReports – (.SmartShopper.) [HKLM] — ShopperReportsSA =>Adware.ShopperReports
O42 – Logiciel: WPM17.8.0.3159 – (.Cherished Technololgy LIMITED.) [HKLM] — WPM =>PUP.WpManager
O42 – Logiciel: YAC – (.ELEX DO BRASIL PARTICIPAÇÕES LTDA.) [HKLM] — iSafe =>Trojan.Staser
O42 – Logiciel: jeuxob.fr Toolbar – (…) [HKLM] — jeuxob.fr Toolbar
~ Logic: 75 Legitimates Filtered in 00mn 01s