Répondre à : Clés usb infectées, fichiers et dossiers transformés en raccourcis 2016-09-08T13:28:24+00:00
Marine14
Participant
Nombre d'articles : 34

—\ HKCU & HKLM Software Keys
[HKCUSoftwareBizzybolt] =>PUP.Bizzybolt
[HKCUSoftwareDuuqu] =>PUP.Duuqu
[HKCUSoftwareFissaSearch] =>PUP.OfferBox
[HKCUSoftwareIminentToolbar] =>Adware.IMBooster
[HKCUSoftwareIminent] =>Adware.IMBooster
[HKCUSoftwareInstalledBrowserExtensions] =>Adware.VidSaver
[HKCUSoftwareMachines]
[HKCUSoftwareOfferBox] =>PUP.OfferBox
[HKCUSoftwareSaveSenseLive] =>PUP.SaveSense
[HKCUSoftwareShopperReports3] =>Adware.ShopperReports
[HKCUSoftwareShoppingReport2] =>Adware.ShoppingReport
[HKCUSoftwareSmartbarBackup] =>Hijacker.SmartBar
[HKCUSoftwareSmartbarLog] =>Hijacker.SmartBar
[HKCUSoftwareV9]
[HKCUSoftwareYahooPartnerToolbar]
[HKCUSoftwarecacaoweb] =>PUP.CacaoWeb
[HKCUSoftwareclickpotatolitesa] =>Adware.ClickPotato
[HKCUSoftwarefacemoods.com] =>Adware.Facemoods
[HKCUSoftwarefcn]
[HKCUSoftwarefreezefrogsa] =>Adware.FreezeFrog
[HKCUSoftwarehblitesa] =>Adware.HotBar
[HKCUSoftwarehotbarsa]
[HKLMSoftwareClickPotatoLite] =>Adware.ClickPotato
[HKLMSoftwareConduit] =>Toolbar.Conduit
[HKLMSoftwareDealPlyLive] =>PUP.DealPly
[HKLMSoftwareDuuqu] =>PUP.Duuqu
[HKLMSoftwareFREEzeFrog] =>Adware.FreezeFrog
[HKLMSoftwareFissaSearch] =>PUP.OfferBox
[HKLMSoftwareHBLite] =>Adware.HotBar
[HKLMSoftwareIminentToolbar] =>Adware.IMBooster
[HKLMSoftwareIminent] =>Adware.IMBooster
[HKLMSoftwareNature]
[HKLMSoftwareOfferBox] =>PUP.OfferBox
[HKLMSoftwareSaveSenseLive] =>PUP.SaveSense
[HKLMSoftwareShopperReports3] =>Adware.ShopperReports
[HKLMSoftwareUmbrella]
[HKLMSoftwareVBMZ] =>PUP.Duuqu
[HKLMSoftwarefacemoods.com] =>Adware.Facemoods
[HKLMSoftwarejeuxob.fr]
[HKLMSoftwaresupWPM] =>PUP.WpManager
~ Key Software: 451 Legitimates Filtered in 00mn 01s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 05/01/2014 – 16:44:26 – [0,985] —-D C:Program FilesBizzybolt =>PUP.Bizzybolt
O43 – CFD: 19/12/2010 – 18:28:13 – [1,722] —-D C:Program FilesClickPotatoLite =>Adware.ClickPotato
O43 – CFD: 01/07/2011 – 21:39:27 – [0,497] —-D C:Program FilesConduit
O43 – CFD: 05/01/2014 – 17:06:29 – [7,259] —-D C:Program FilesDeeal_fr 0.2
O43 – CFD: 05/01/2014 – 17:07:34 – [0] —-D C:Program FilesDuuqu =>PUP.Duuqu
O43 – CFD: 25/03/2011 – 20:58:29 – [50,849] —-D C:Program FilesFluendo =>Adware.SPointer
O43 – CFD: 11/07/2011 – 21:48:18 – [0,819] —-D C:Program FilesFREEzeFrog =>Adware.FreezeFrog
O43 – CFD: 03/06/2011 – 20:44:35 – [0,744] —-D C:Program FilesHBLite =>Adware.HotBar
O43 – CFD: 28/12/2009 – 21:27:55 – [4,814] —-D C:Program FilesHotbar
O43 – CFD: 05/01/2014 – 16:43:16 – [5,788] —-D C:Program FilesIminent =>Adware.IMBooster
O43 – CFD: 05/01/2014 – 16:43:53 – [2,389] —-D C:Program FilesIminentToolbar =>Adware.IMBooster
O43 – CFD: 05/01/2014 – 17:06:35 – [28,670] —-D C:Program FilesiSafe =>Trojan.Staser
O43 – CFD: 01/07/2011 – 21:39:35 – [2,442] —-D C:Program Filesjeuxob.fr
O43 – CFD: 28/09/2010 – 21:26:54 – [0] —-D C:Program FilesKrysMirror
O43 – CFD: 13/11/2010 – 17:25:04 – [54,486] —-D C:Program FilesLimeWire
O43 – CFD: 23/09/2011 – 18:07:01 – [3,102] —-D C:Program FilesOfferBox =>PUP.OfferBox
O43 – CFD: 29/08/2010 – 23:27:52 – [48,520] —-D C:Program FilesPlants vs Zombies
O43 – CFD: 27/06/2011 – 17:59:36 – [61,340] —-D C:Program FilesPokerStars.FR
O43 – CFD: 07/06/2011 – 21:17:20 – [0,417] —-D C:Program FilesPriceGong =>Adware.PriceGong
O43 – CFD: 05/01/2014 – 17:02:35 – [1,079] —-D C:Program FilesPricePeep =>Adware.PricePeep
O43 – CFD: 05/01/2014 – 16:57:00 – [1,262] —-D C:Program FilesSaveSense =>PUP.SaveSense
O43 – CFD: 05/01/2014 – 16:59:34 – [3,431] —-D C:Program FilesSaveSenseLive =>PUP.SaveSense
O43 – CFD: 19/12/2010 – 18:27:49 – [2,857] —-D C:Program FilesShopperReports3 =>Adware.ShopperReports
O43 – CFD: 26/04/2011 – 23:37:36 – [1,175] —-D C:Program FilesShoppingReport2 =>Adware.ShoppingReport
O43 – CFD: 07/06/2011 – 21:30:22 – [0,866] —-D C:Program FilesSocialPlus
O43 – CFD: 05/01/2014 – 16:42:54 – [2,771] —-D C:Program FilesCommon FilesUmbrella
O43 – CFD: 28/12/2009 – 21:27:59 – [0] —-D C:ProgramData2ACA5CC3-0F83-453D-A079-1076FE1A8B65
O43 – CFD: 29/04/2011 – 12:18:19 – [3,985] —-D C:ProgramDataClickPotatoLiteSA =>Adware.ClickPotato
O43 – CFD: 24/08/2011 – 15:42:40 – [1,219] —-D C:ProgramDataFREEzeFrogSA =>Adware.FreezeFrog
O43 – CFD: 04/06/2011 – 16:35:37 – [1,344] —-D C:ProgramDataHBLiteSA =>Adware.HotBar
O43 – CFD: 29/12/2009 – 12:11:52 – [7,504] —-D C:ProgramDataHotbarSA
O43 – CFD: 28/12/2009 – 19:26:51 – [0] —-D C:ProgramDataPipe Organ
O43 – CFD: 28/12/2009 – 19:33:02 – [0] —-D C:ProgramDataPrintsService
O43 – CFD: 05/01/2014 – 16:59:33 – [0,038] —-D C:ProgramDataSaveSenseLive =>PUP.SaveSense
O43 – CFD: 05/01/2014 – 17:04:35 – [0,477] —-D C:ProgramDataWPM =>PUP.WpManager
O43 – CFD: 05/01/2014 – 16:12:48 – [0,463] —-D C:UsersMaarineAppDataRoamingcacaoweb =>PUP.CacaoWeb
O43 – CFD: 19/12/2010 – 18:28:13 – [0] —-D C:UsersMaarineAppDataRoamingClickPotatoLite =>Adware.ClickPotato
O43 – CFD: 25/03/2011 – 21:00:56 – [0,024] —-D C:UsersMaarineAppDataRoamingFissaSearch =>PUP.OfferBox
O43 – CFD: 11/07/2011 – 21:48:18 – [0] —-D C:UsersMaarineAppDataRoamingFREEzeFrog =>Adware.FreezeFrog
O43 – CFD: 03/06/2011 – 20:44:35 – [0] —-D C:UsersMaarineAppDataRoamingHBLite =>Adware.HotBar
O43 – CFD: 28/12/2009 – 21:27:59 – [0,075] —-D C:UsersMaarineAppDataRoamingHotbar
O43 – CFD: 05/01/2014 – 16:43:49 – [0,259] —-D C:UsersMaarineAppDataRoamingIminentToolbar =>Adware.IMBooster
O43 – CFD: 05/01/2014 – 18:08:15 – [16,494] —-D C:UsersMaarineAppDataRoamingiSafe =>Trojan.Staser
O43 – CFD: 13/11/2010 – 17:23:21 – [23,546] —-D C:UsersMaarineAppDataRoamingLimeWire
O43 – CFD: 07/06/2011 – 21:13:26 – [0,270] —-D C:UsersMaarineAppDataRoamingOfferBox =>PUP.OfferBox
O43 – CFD: 05/01/2014 – 16:57:16 – [0,190] —-D C:UsersMaarineAppDataRoamingSaveSense =>PUP.SaveSense
O43 – CFD: 19/12/2010 – 18:27:49 – [0] —-D C:UsersMaarineAppDataRoamingShopperReports3 =>Adware.ShopperReports
O43 – CFD: 28/12/2009 – 21:27:57 – [0] —-D C:UsersMaarineAppDataRoamingWeatherDPA
O43 – CFD: 05/01/2014 – 17:05:05 – [0] —-D C:UsersMaarineAppDataRoamingwp_update =>PUP.WpManager
O43 – CFD: 05/01/2014 – 17:07:23 – [0] —-D C:UsersMaarineAppDataLocalDeeal_fr 0.2
O43 – CFD: 05/01/2014 – 16:53:23 – [0] —-D C:UsersMaarineAppDataLocalDuuqu =>PUP.Duuqu
O43 – CFD: 05/01/2014 – 16:42:58 – [1,196] —-D C:UsersMaarineAppDataLocalLollipop =>Adware.Lollipop
O43 – CFD: 27/06/2011 – 18:08:56 – [0,606] —-D C:UsersMaarineAppDataLocalPokerStars.FR
O43 – CFD: 05/01/2014 – 16:59:34 – [0] —-D C:UsersMaarineAppDataLocalSaveSenseLive =>PUP.SaveSense
O43 – CFD: 29/08/2010 – 23:27:36 – [0,003] —-D C:UsersMaarineAppDataRoamingMicrosoftWindowsStart MenuProgramsPlants vs Zombies
O43 – CFD: 05/01/2014 – 16:57:01 – [0,001] —-D C:UsersMaarineAppDataRoamingMicrosoftWindowsStart MenuProgramsSaveSense =>PUP.SaveSense
~ Program Folder: 297 Legitimates Filtered in 00mn 08s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.4D025C57F5AA6D30B261BCEC8A530910] – 05/01/2014 – 17:32:46


. (…) — C:UsbFix [Scan 2] 16MAI2009.txt [16860]
O44 – LFC:[MD5.72DC2E12CBEBE9F0135A6C94F21F4F33] – 05/01/2014 – 18:24:27 —A- . (…) — C:UsbFix [Clean 1] 16MAI2009.txt [18597]
~ Files: 22 Legitimates Filtered in 00mn 02s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.F8A6018193BE629B8EA4C5D7B2452B70] – 16/09/2004 – 12:26:40 —A- . (…) — C:WindowsSystem32DriversADFUUD.SYS [12634]
O58 – SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] – 01/01/2014 – 01:27:04 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [49944]
O58 – SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] – 01/01/2014 – 01:27:04 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [180248]
O58 – SDL:[MD5.23B62471681A124889978F6295B3F4C6] – 21/01/2008 – 03:23:22 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [342584]
O58 – SDL:[MD5.004B2EA6CC2598EC5F0552E43CE29CEF] – 04/09/2008 – 18:47:00 —A- . (.ENE TECHNOLOGY INC. – ENE CIR Driver for eHome.) — C:WindowsSystem32Driversenecir.sys [54784]
O58 – SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] – 02/11/2006 – 10:50:07 —A- . (.Integrated Technology Express, Inc. – ITE IT8211 ATA/ATAPI SCSI miniport.) — C:WindowsSystem32Driversiteatapi.sys [35944]
O58 – SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] – 02/11/2006 – 10:50:09 —A- . (.Integrated Technology Express, Inc. – ITE IT8212 ATA RAID SCSI miniport.) — C:WindowsSystem32Driversiteraid.sys [35944]
O58 – SDL:[MD5.84C78B53838BDEC2B0853ADC782CD5DE] – 26/10/2008 – 21:50:56 —A- . (.IDT, Inc. – IDT PC Audio.) — C:WindowsSystem32Driversstwrt.sys [391168]
O58 – SDL:[MD5.9224BB254F591DE4CA8D572A5F0D635C] – 21/01/2008 – 03:23:20 —A- . (.ULi Electronics Inc. – ULi SATA Controller Driver.) — C:WindowsSystem32Driversuliahci.sys [238648]
O58 – SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] – 02/11/2006 – 10:50:35 —A- . (.Promise Technology, Inc. – Promise Ultra/Sata Series Driver for Win2003.) — C:WindowsSystem32Driversulsata.sys [98408]
O58 – SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] – 21/01/2008 – 03:23:23 —A- . (.Promise Technology, Inc. – Promise SATAII150 Series Windows Drivers.) — C:WindowsSystem32Driversulsata2.sys [115816]
O58 – SDL:[MD5.83CAFCB53201BBAC04D822F32438E244] – 10/05/2011 – 07:06:08 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl.sys [42496]
O58 – SDL:[MD5.8AAD333C876590293F72B315E162BCC7] – 02/11/2006 – 08:09:42 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
O58 – SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] – 02/11/2006 – 08:09:45 —A- . (…) — C:WindowsSystem32country.sys [27097]
O58 – SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] – 02/11/2006 – 08:09:41 —A- . (…) — C:WindowsSystem32HIMEM.SYS [4768]
O58 – SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] – 02/11/2006 – 08:09:44 —A- . (…) — C:WindowsSystem32KEY01.SYS [42809]
O58 – SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] – 02/11/2006 – 08:09:44 —A- . (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
O58 – SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] – 02/11/2006 – 08:09:29 —A- . (…) — C:WindowsSystem32NTDOS.SYS [27866]
O58 – SDL:[MD5.CF9ED169FF86D935E47999E82359E898] – 02/11/2006 – 08:09:35 —A- . (…) — C:WindowsSystem32NTDOS404.SYS [29146]
O58 – SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] – 02/11/2006 – 08:09:38 —A- . (…) — C:WindowsSystem32NTDOS411.SYS [29370]
O58 – SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] – 02/11/2006 – 08:09:40 —A- . (…) — C:WindowsSystem32NTDOS412.SYS [29274]
O58 – SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] – 02/11/2006 – 08:09:31 —A- . (…) — C:WindowsSystem32NTDOS804.SYS [29146]
O58 – SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] – 02/11/2006 – 08:09:20 —A- . (…) — C:WindowsSystem32NTIO.SYS [33952]
O58 – SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] – 02/11/2006 – 08:09:23 —A- . (…) — C:WindowsSystem32NTIO404.SYS [34672]
O58 – SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] – 02/11/2006 – 08:09:24 —A- . (…) — C:WindowsSystem32NTIO411.SYS [35776]
O58 – SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] – 02/11/2006 – 08:09:26 —A- . (…) — C:WindowsSystem32NTIO412.SYS [35536]
O58 – SDL:[MD5.D86B6435729231C171432B4E77801BDB] – 02/11/2006 – 08:09:22 —A- . (…) — C:WindowsSystem32NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 09s

—\ Recherche heuristique Magic.control (HSMI) (O59)
O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UsersMaarineAppDataLocalbranujqf_nav.dat
O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UsersMaarineAppDataLocalbranujqf_navps.dat
O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UsersMaarineAppDataLocalcxfbpmc_navps.dat
O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UsersMaarineAppDataLocalpactcfq_nav.dat
O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UsersMaarineAppDataLocalbranujqf.dat
O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UsersMaarineAppDataLocalbranujqf.exe
O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UsersMaarineAppDataLocalcxfbpmc.dat
O59 – HSMI:Heuristic Search MagicControl Infection – (.tamponneuse – prelado.) — C:UsersMaarineAppDataLocalcxfbpmc.exe
O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UsersMaarineAppDataLocalpactcfq.bat
~ Files: Scanned in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 02/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalGoogleQuick Search Boxcache.backup [2174976]
O61 – LFC: 02/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalGoogleQuick Search Boxranking.backup [1255424]
O61 – LFC: 02/01/2014 – 18:34:01 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeeaseas.dat.new [31744] =>Trojan.Staser
O61 – LFC: 02/01/2014 – 18:34:06 —A- . (…) — C:UsersMaarineAppDataRoamingwklnhst.dat [11336]
O61 – LFC: 02/01/2014 – 18:34:09 —A- . (…) — C:UsersMaarineDownloadsBusiness Project (1).odt [34706]
O61 – LFC: 02/01/2014 – 18:34:09 —A- . (…) — C:UsersMaarineDownloadsBusiness Project.odt [34706]
O61 – LFC: 02/01/2014 – 18:34:09 —A- . (…) — C:UsersMaarineDownloadsInterviews.odt [12422]
O61 – LFC: 05/01/2014 – 18:33:35 —A- . (…) — C:UsersMaarineAppDataLocalGDIPFONTCACHEV1.DAT [82424]
O61 – LFC: 05/01/2014 – 18:33:35 —A- . (…) — C:UsersMaarineAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [264871]
O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalGoogleChromeUser DataLocal State [61367]
O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalGoogleQuick Search Boxapp_launcher_apps.data [113664]
O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalGoogleQuick Search Boxapp_launcher_links.data [174080]
O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalGoogleQuick Search Boxcache.db [2174976]
O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalGoogleQuick Search Boxranking.db [1255424]
O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalGoogleToolbar Cache7.5.4601.54frtranslate_element.js.content [2385]
O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalGoogleToolbar Cache7.5.4601.54frtranslate_languages.json.content [2033]
O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalGoogleToolbarbroker_metrics.xml [2955]
O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalLollipopLollipop.exe [893960] =>Adware.Lollipop
O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalLollipoplogo.ico [17542] =>Adware.Lollipop
O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalLollipoplollipop.bat [340] =>Adware.Lollipop
O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalLollipoplollipop.lpd [3820] =>Adware.Lollipop
O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalLollipoplollipop_cfg.lpd [336406] =>Adware.Lollipop
O61 – LFC: 05/01/2014 – 18:33:54 —A- . (…) — C:UsersMaarineAppDataLocalLollipoplollipop_ps.lpd [1549] =>Adware.Lollipop
O61 – LFC: 05/01/2014 – 18:33:55 —A- . (…) — C:UsersMaarineAppDataLocalmoovida Aircid.txt [16] =>Adware.SPointer
O61 – LFC: 05/01/2014 – 18:33:55 —A- . (…) — C:UsersMaarineAppDataLocalmoovida Aircountry.sxe [233479] =>Adware.SPointer
O61 – LFC: 05/01/2014 – 18:33:55 —A- . (…) — C:UsersMaarineAppDataLocalmoovida Airhistory.db [16384] =>Adware.SPointer
O61 – LFC: 05/01/2014 – 18:33:55 —A- . (…) — C:UsersMaarineAppDataLocalmoovida Airupdate.sxe [1226] =>Adware.SPointer
O61 – LFC: 05/01/2014 – 18:33:55 —A- . (…) — C:UsersMaarineAppDataLocalmoovida Airupdate.xml [426] =>Adware.SPointer
O61 – LFC: 05/01/2014 – 18:33:59 —A- . (…) — C:UsersMaarineAppDataLocalVisualBeeExeuninst.exe [78338] =>Adware.VisualBeeToolbar
O61 – LFC: 05/01/2014 – 18:34:00 —A- . (…) — C:UsersMaarineAppDataRoamingcacaowebnpdfile.dat [186] =>PUP.CacaoWeb
O61 – LFC: 05/01/2014 – 18:34:00 —A- . (…) — C:UsersMaarineAppDataRoamingcacaowebstorage.db [25] =>PUP.CacaoWeb
O61 – LFC: 05/01/2014 – 18:34:01 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeico1ef249aacf75053c008316116ed9e4b6.ico [26582] =>Trojan.Staser
O61 – LFC: 05/01/2014 – 18:34:01 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeico238502e36dd394dd33b7ab8ef00b8531.ico [61755] =>Trojan.Staser
O61 – LFC: 05/01/2014 – 18:34:01 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeico2fe121bddc64a3d4caa37b5fe546f4e8.ico [1078] =>Trojan.Staser
O61 – LFC: 05/01/2014 – 18:34:01 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeico485b83ae2c7174f0b6badf4d48faadd2.ico [17542] =>Trojan.Staser
O61 – LFC: 05/01/2014 – 18:34:01 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeico654c43f8c6ea9e4508cc2c25717e25e5.ico [5430] =>Trojan.Staser
O61 – LFC: 05/01/2014 – 18:34:01 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeico66354d2ebb1402ee7d27c48dce181ce5.ico [85138] =>Trojan.Staser
O61 – LFC: 05/01/2014 – 18:34:02 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeicoa45a851d65153dde72e40b74b164f35f.ico [85138] =>Trojan.Staser
O61 – LFC: 05/01/2014 – 18:34:02 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeicoa67b6288bb3774a3d47fee867442e2bc.ico [22486] =>Trojan.Staser
O61 – LFC: 05/01/2014 – 18:34:02 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeicoab6b188a4cd9c5bf6b2d10cfaa97179a.ico [1150] =>Trojan.Staser
O61 – LFC: 05/01/2014 – 18:34:02 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeicob8c74f63707a0b9b7e470bb6423944a0.ico [1150] =>Trojan.Staser
O61 – LFC: 05/01/2014 – 18:34:02 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeicoc8091692fedf95c960b66f1deaaf8386.ico [97527] =>Trojan.Staser
O61 – LFC: 05/01/2014 – 18:34:02 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeicocbd00080ff37b24fde98c474072a0e0f.ico [55773] =>Trojan.Staser
O61 – LFC: 05/01/2014 – 18:34:02 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeicoe5b4615952e8e1d4f72975d1d346437c.ico [102175] =>Trojan.Staser
O61 – LFC: 05/01/2014 – 18:34:02 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeicof0afe09371049d9e8093d63a89044d47.ico [5430] =>Trojan.Staser
O61 – LFC: 05/01/2014 – 18:34:02 —A- . (…) — C:UsersMaarineAppDataRoamingiSafeicof63bce5be61fb98ce4302d3adfacfccd.ico [766] =>Trojan.Staser
O61 – LFC: 05/01/2014 – 18:34:02 —A- . (.Elex do Brasil Participações Ltda.) — C:UsersMaarineAppDataRoamingiSafeupdateisafe_update_v3.8.20.exe [6432424] =>Trojan.Staser
O61 – LFC: 05/01/2014 – 18:34:06 —A- . (…) — C:UsersMaarineAppDataRoamingZHPLog.txt [29109] =>.Nicolas Coolman
O61 – LFC: 05/01/2014 – 18:34:06 —A- . (…) — C:UsersMaarineAppDataRoamingZHPTestsZHPDiag.txt [2869] =>.Nicolas Coolman
O61 – LFC: 05/01/2014 – 18:34:06 —A- . (…) — C:UsersMaarineAppDataRoamingwp_updatecurrentVersion.txt [1] =>PUP.WpManager
O61 – LFC: 05/01/2014 – 18:34:06 —A- . (…) — C:UsersMaarineAppDataRoaming~guzsbhy.exe [493272]
O61 – LFC: 05/01/2014 – 18:34:09 —A- . (.*Rapiddown*.) — C:UsersMaarineDownloadsUsbFix.exe [176488]
~ 104 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 1148 Legitimates Filtered in 00mn 39s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Liste les services legacy du registre (LALS) (O64)
O64 – Services: CurCS – 27/12/2013 – C:Program FilesiSafeiSafeKrnl.sys (iSafeKrnl) .(.Elex do Brasil Participações Ltda – iSafe Kernel Driver.) – LEGACY_ISAFEKRNL =>Trojan.Staser
O64 – Services: CurCS – 27/12/2013 – C:Program FilesiSafeiSafeNetFilter.sys (iSafeNetFilter) .(.Elex do Brasil Participações Ltda – iSafeNetFilter SDK TDI Hook Driver (WPP).) – LEGACY_ISAFENETFILTER =>Trojan.Staser
~ Legacy: 125 Legitimates Filtered in 00mn 02s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — c:program filesgooglechromeapplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — c:program filesgooglechromeapplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — c:program filesinternet exploreriexplore.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Apple Inc. – Safari.) — c:program filessafarisafari.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {10B4E706-0FB5-43BE-88B2-C3CC5CCFECC8} – (Surf Canyon) – http://search.surfcanyon.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {19A8A889-0D8E-43E5-9A15-56A283ADA300} – (Kelkoo) – http://fr.kelkoopartners.net” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {2B7B7EFC-C234-4532-822B-A8D74D7EF7EB} – (gdark) – http://fr.gdark.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {56256A51-B582-467e-B8D4-7786EDA79AE0} – (My Web Search) – http://www.mywebsearch.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
O69 – SBI: SearchScopes [HKCU] {5FF4A236-3AE1-4747-B3BE-C65A39970202} – (AOL Recherche) – http://slirsredirect.search.aol.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {61B32A86-DAE6-4B41-A4AB-A2AA48FB0565} – (Yahoo!) – http://fr.search.yahoo.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} – (jeuxob.fr Customized Web Search) – http://search.conduit.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {b41306c6-96d0-442a-bcc4-b0f621e82ce9} – (Fissa) – http://www.fissa.com” onclick=”window.open(this.href);return false; =>PUP.OfferBox
O69 – SBI: SearchScopes [HKCU] {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} – (SearchTheWeb) – http://search.iminent.com” onclick=”window.open(this.href);return false; =>Adware.IMBooster
O69 – SBI: SearchScopes [HKCU] {E08A9998-D98F-476f-8F5C-37C80FE0A4DA} – (Jeux.fr) – http://search.conduit.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.FD9C65AA2AAA145C270B36EBA082922E] [SPRF][22/12/2010] (…) — C:UsersMaarineAppDataLocalbranujqf.dat [3336]
[MD5.4975D75683E2CC0B9E3182BA0BCC8B1F] [SPRF][22/12/2010] (…) — C:UsersMaarineAppDataLocalbranujqf.exe [692224]
[MD5.6410933A25965F4397EAC0A0A62F0433] [SPRF][17/12/2010] (…) — C:UsersMaarineAppDataLocalbranujqf_nav.dat [292073]
[MD5.6FE4DC8A332368D0240C0C1E2FF225F5] [SPRF][22/12/2010] (…) — C:UsersMaarineAppDataLocalbranujqf_navps.dat [4203]
[MD5.EF0B589D5C44781E5C557217F31F81CD] [SPRF][05/05/2010] (…) — C:UsersMaarineAppDataLocalcxfbpmc.dat [3470]
[MD5.453D926BCAFE593F05FA4D41C7924B0E] [SPRF][05/05/2010] (.tamponneuse – prelado.) — C:UsersMaarineAppDataLocalcxfbpmc.exe [421888]
[MD5.973449A94542F44C6CA2584BD0FBE3ED] [SPRF][05/05/2010] (…) — C:UsersMaarineAppDataLocalcxfbpmc_navps.dat [2955]
[MD5.4D4C1057D408E9FA54F4D8F8283EA9BD] [SPRF][23/06/2013] (…) — C:UsersMaarineAppDataLocald3d9caps.dat [6836]
[MD5.FB1749DDECA2DB45CD208624CFBB692B] [SPRF][03/10/2010] (…) — C:UsersMaarineAppDataLocalgxjclco.bat [92]
[MD5.534D78034B774B6266F2189576F8C6E3] [SPRF][05/05/2010] (…) — C:UsersMaarineAppDataLocalkfcrp.bat [92]
[MD5.D9112FC87DEC112A601CFA1986E4919B] [SPRF][22/12/2010] (…) — C:UsersMaarineAppDataLocalknrfjmj.bat [93]
[MD5.632E01B45D4E0D3537CCE6003624F84F] [SPRF][25/11/2009] (…) — C:UsersMaarineAppDataLocalowgnww.exe [321536]
[MD5.A55AA635F61005159C9EF3FA3C518572] [SPRF][06/08/2010] (…) — C:UsersMaarineAppDataLocalpactcfq.bat [91]
[MD5.A36D577D2FEE645779B509C908263332] [SPRF][29/04/2010] (…) — C:UsersMaarineAppDataLocalpactcfq_nav.dat [332502]
[MD5.ABDEFA6CCA60455E9640E67EFA052E2D] [SPRF][08/09/2010] (…) — C:UsersMaarineAppDataLocalvmddsj.bat [92]
[MD5.2C7FCD1FF1E41FFAF03DD565E97C65F6] [SPRF][02/01/2014] (…) — C:UsersMaarineAppDataRoamingwklnhst.dat [11336]
[MD5.87948212C71A773AEF4C68029BFAE924] [SPRF][05/01/2014] (.Pas de propriétaire – wp_update scheduler.) — C:UsersMaarineAppDataRoaming~guzsbhy.exe [493272] =>PUP.WpManager
[MD5.6AABCAB9FF3FFB26EF173153B765483D] [SPRF][05/01/2014] (…) — C:UsersMaarineDesktopcacaoweb.exe [469504] =>PUP.CacaoWeb
~ Files: 23 Legitimates Filtered in 00mn 02s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “{8E9460AD-1D6D-4320-A93E-334CDECAB84C}” | In – Public – P6 – TRUE | .(.Lime Wire, LLC – LimeWire.) — C:Program FilesLimeWireLimeWire.exe
O87 – FAEL: “{24A4F675-7DB0-4140-9AA7-F1A259383767}” | In – Public – P17 – TRUE | .(.Lime Wire, LLC – LimeWire.) — C:Program FilesLimeWireLimeWire.exe
O87 – FAEL: “TCP Query User{E1BC53E6-161C-4AC6-AE04-3036D8E1A00B}C:program filesfluendomoovidamoovida.exe” | In – Public – P6 – TRUE | .(.Fluendo Embedded – Moovida.) — C:program filesfluendomoovidamoovida.exe =>Adware.SPointer
O87 – FAEL: “UDP Query User{C1FFE696-E10B-4220-BE68-411059A974C0}C:program filesfluendomoovidamoovida.exe” | In – Public – P17 – TRUE | .(.Fluendo Embedded – Moovida.) — C:program filesfluendomoovidamoovida.exe =>Adware.SPointer
O87 – FAEL: “TCP Query User{E205D862-02B6-4FD3-BA26-82D0BAB94424}C:usersmaarineappdataroamingcacaowebcacaoweb.exe” | In – Public – P6 – TRUE | .(…) — C:usersmaarineappdataroamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
O87 – FAEL: “UDP Query User{F6C2D4F4-83D9-431D-A2F9-640CC53C9DFC}C:usersmaarineappdataroamingcacaowebcacaoweb.exe” | In – Public – P17 – TRUE | .(…) — C:usersmaarineappdataroamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
~ Firewall: 202 Legitimates Filtered in 00mn 02s

—\ Enumère les codes produits des logiciels (PUC) (O90)
O90 – PUC: “112C48061A10E464790A9077E221B205” . (.Moovida.) — C:WindowsInstaller{6084C211-01A1-464E-97A0-09772E122B50}ARPPRODUCTICON.exe =>Adware.SPointer
O90 – PUC: “BA172DB42E6685D4FA8808EFB370074C” . (.Fissa.) — C:WindowsInstaller{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}ARPPRODUCTICON.exe =>PUP.OfferBox
~ Update Products: 147 Legitimates Filtered in 00mn 00s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.AA54E9B868A06651B9271D93BF6776F8] [WIS][25/03/2011] (.Secure Digital Services – Moovida.) — C:WindowsInstaller1945710.msi [2633728] =>Adware.SPointer
[MD5.B1954A21F896AA25E097683CDEB4DD8E] [WIS][25/03/2011] (.Secure Digital Services – Fissa.) — C:WindowsInstaller1945716.msi [1275392] =>Adware.SPointer
[MD5.A4B00F9538946C89EC22D38250B68952] [WIS][13/01/2009] (.ATI – Catalyst Control Center.) — C:WindowsInstaller2761a.msi [1043968]
[MD5.BF2728E25E93735A80C7065A83BD2188] [WIS][05/01/2014] (.Duuqu Group – Duuqu Update Helper.) — C:WindowsInstaller57414c.msi [22016] =>PUP.Duuqu
[MD5.439E0735178094C34136EFC343AC4A7F] [WIS][28/12/2009] (.Nikon – Blank Project Template.) — C:WindowsInstaller5a8cd9.msi [8215040]
~ WIS: 158 Legitimates Filtered in 00mn 28s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Auto 27/06/2008 77824 | (AESTFilters) . (.Andrea Electronics Corporation.) – C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_52c73ccbaestsrv.exe
SS – | Auto 25/05/2011 37664 | (Apple Mobile Device) . (.Apple Inc..) – C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
SS – | Auto 31/12/2008 724992 | (Ati External Event Utility) . (.ATI Technologies Inc..) – C:WindowsSystem32Ati2evxx.exe
SS – | Auto 06/04/2011 349472 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SS – | Auto 05/01/2014 143488 | C:Program Filesoptimi~1OptProCrash.exe (ca82e1a5) . (…) – C:Program FilesOptimizer ProOptProCrash.exe =>PUP.OptimizerPro
SS – | Demand 19/11/2008 222512 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) – C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe
SS – | Demand 17/07/2009 250616 | (GameConsoleService) . (.WildTangent, Inc..) – C:Program FilesHP GamesMy HP Game ConsoleGameConsoleService.exe
SS – | Auto 16/05/2009 133104 | (gupdate1c9d663f6690478) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 16/05/2009 133104 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 31/12/2013 194032 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
SS – | Demand 23/10/2008 223232 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) – C:Program FilesHewlett-PackardSharedhpqwmiex.exe
SS – | Auto 18/03/2008 19456 | (hpsrv) . (.Hewlett-Packard Corporation.) – C:WindowsSystem32Hpservice.exe
SS – | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) – C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
SS – | Demand 07/06/2011 820520 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SS – | Auto 09/06/2008 73728 | (LightScribeService) . (.Hewlett-Packard Company.) – C:Program FilesCommon FilesLightScribeLSSrvc.exe
SS – | Auto 10/07/1658 0 | (Nero BackItUp Scheduler 4.0) . (…) – C:Program FilesCommon FilesNeroNero BackItUp 4NBService.exe
SS – | Auto 17/12/2008 365952 | (Recovery Service for Windows) . (…) – C:Program FilesSMINSTBLService.exe
SS – | Auto 15/09/2008 241734 | (RichVideo) . (…) – C:Program FilesCyberLinkShared filesRichVideo.exe
SS – | Auto 05/01/2014 146920 | (savesenselive) . (.SaveSense.) – C:Program FilesSaveSenseLiveUpdateSaveSenseLive.exe =>PUP.SaveSense
SS – | Demand 05/01/2014 146920 | (savesenselivem) . (.SaveSense.) – C:Program FilesSaveSenseLiveUpdateSaveSenseLive.exe =>PUP.SaveSense
SS – | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) – C:Program FilesSkypeUpdaterUpdater.exe
SS – | Auto 16/12/2013 2905408 | (SProtection) . (.Iminent.) – C:Program FilesCommon FilesUmbrellaUmbrella.exe =>Adware.IMBooster
SS – | Auto 26/10/2008 237657 | (STacSV) . (.IDT, Inc..) – C:WindowsSystem32DriverStoreFileRepositorystwrt.inf_52c73ccbSTacSV.exe
SS – | Auto 16/12/2013 425792 | (WinkHandler) . (…) – C:Program FilesIminentWinkHandler.exe =>Adware.IMBooster
SS – | Auto 05/01/2014 499856 | (Wpm) . (.Cherished Technololgy LIMITED.) – C:ProgramDataWPMwprotectmanager.exe =>PUP.WpManager

SR – | Auto 01/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
SR – | Disabled 10/07/1658 0 | (avast! Firewall) . (…) – C:Program FilesAlwil SoftwareAvast5afwServ.exe
SR – | Auto 21/01/2008 21504 | C:WindowsSystem32ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) – C:WindowsSystem32svchost.exe
SR – | Auto 09/10/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) – c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
SR – | Auto 27/12/2013 491688 | (iSafeService) . (.Elex do Brasil Participações Ltda.) – C:Program FilesiSafeiSafeSvc.exe =>Trojan.Staser
SR – | Auto 20/11/2013 66848 | (Update Bizzybolt) . (…) – C:Program FilesBizzyboltupdateBizzybolt.exe =>PUP.Bizzybolt
SR – | Auto 21/01/2008 21504 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 21/01/2008 21504 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 28/11/2008 87536 | ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.CyberLink Corp..) – C:Program FilesHewlett-PackardMediaDVD00.fcl

~ Services: Scanned in 00mn 31s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
Run by Maarine at 05/01/2014 18:35:35

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys ataport.SYS PCIIDEX.SYS msahci.sys
C:Windowssystem32DRIVERShpdskflt.sys Hewlett-Packard Corporation Hewlett-Packard Corporation Mobile Data Protection System
1 ntkrnlpa!IofCallDriver[0x828D420F] >> DeviceHarddisk0DR0[0x86B49AC8]
5 hpdskflt[0x8BBAAF05] >> ntkrnlpa!IofCallDriver[0x828D420F] >> [0x86375F08]
kernel: MBR read successfully
user & kernel MBR OK

~ MBR: 15 Legitimates Filtered in 00mn 02s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Maarine at 05/01/2014 18:35:37

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s

—\ Alert Messages
WARNING : Adware.Navipromo/MagicControl found in registry or folder

—\ Scan Additionnel (O88)
Database Version : 13018 – (02/01/2014)
Clés trouvées (Keys found) : 540
Valeurs trouvées (Values found) : 6
Dossiers trouvés (Folders found) : 71
Fichiers trouvés (Files found) : 29