~ Rapport de ZHPDiag v2014.2.12.10 - Nicolas Coolman (12/02/2014) ~ Lancé par Un rayon de soleil (13/02/2014 11:55:16) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.16518 MFIE: Mozilla Firefox 27.0 (Defaut) GCIE: Google Chrome v32.0.1700.107 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ---\\ Logiciels de protection du système Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Security Client v4.4.0304.0 Windows Defender W7 ---\\ Logiciels d'optimisation du système CCleaner v4.10 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 12 Plugin Adobe Reader X Java 7 Update 25 ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3946 MB (53% free) System Restore: Activé (Enable) System drive C: has 103 GB (57%) free of 179 GB ---\\ Mode de connexion au système ~ Computer Name: UNRAYONDESOLEIL ~ User Name: Un rayon de soleil ~ All Users Names: Un rayon de soleil, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Un rayon de soleil\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Un rayon de soleil\AppData\Roaming\ ~ %Desktop% : C:\Users\Un rayon de soleil\Desktop\ ~ %Favorites% : C:\Users\Un rayon de soleil\Favorites\ ~ %LocalAppData% : C:\Users\Un rayon de soleil\AppData\Local\ ~ %StartMenu% : C:\Users\Un rayon de soleil\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (Free 103 Go of 179 Go) D: Hard drive, Flash drive, Thumb drive (Free 106 Go of 267 Go) E: CD-ROM drive (Not Inserted) F: Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 49 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.263B6E451526A90FF8B1CEC759F22956] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/02/2014 - 10:24:52.) -- C:\Windows\System32\wininet.dll [2334208] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/4485 ~ Mes musiques (My Musics) : 73/153 ~ Mes Videos (My Videos) : 1/66 ~ Mes Favoris (My Favorites) : 1/36 ~ Mes Documents (My Documents) : 2/216 ~ Mon Bureau (My Desktop) : 1/16 ~ Menu demarrer (Programs) : 1/61 ~ Hidden Files: Scanned in 00mn 04s ---\\ Processus lancés [MD5.BB4CEE22CFE1C259F5C4279349EB879C] - (.Orange - Assistance Livebox.) -- C:\Program Files (x86)\Orange\Assistance Livebox\AssistanceLivebox.exe [149824] [PID.2096] [MD5.9EDFB86FAA07BFED3C3D00211FAB6D82] - (.Orange - Assistance Livebox.) -- C:\Program Files (x86)\Orange\Assistance Livebox\dist\ST2.exe [13446464] [PID.2524] [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2348] [MD5.AAF6B888C091C323A617E5AC64E0C98E] - (...) -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [775872] [PID.4004] =>PUP.Mobogenie [MD5.3FC2166F96B27F42AD5B1A28DC5AC6C7] - (.Samsung Electronics Co., Ltd. - Easy Display Manager.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [3241840] [PID.3672] [MD5.3E6577072F4D00FEBE1D800315B5DA98] - (...) -- C:\Users\Un rayon de soleil\AppData\Local\fst_fr_62\upfst_fr_62.exe [3153904] [PID.3460] =>PUA.FSTfr9 [MD5.54FA8528EDA1B6B34615F4EA3FCB35E6] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.2500] [MD5.28FD28A29C637C9AFEFE0A26E27C6DFE] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432] [PID.436] [MD5.167F9E5AF87B57763DAAA27D3144C2A0] - (.SEC - Samsung Recovery Solution 4.) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe [2201192] [PID.3804] [MD5.4A59A9F53628FD76EAA3EDFE9903BBFD] - (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [366536] [PID.4364] [MD5.58920E6A409046BA06548D9D139CE0F0] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608] [PID.4212] [MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ysWOW64\rundll32.exe [0] [PID.4696] [MD5.EA9DFB81DD12D32FFA1F2A6BB12C0677] - (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [98616] [PID.4556] [MD5.E6DEED311D830678E1A0B4889F3C2F0E] - (.UASSOFT.COM - DRIVER AUTORUN.) -- C:\Program Files (x86)\Mouse Driver\StartAutorun.exe [212992] [PID.4860] [MD5.1568FF282E268082C67CF0C3EBCC9179] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320] [PID.4444] [MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.4812] [MD5.4D8532968BA0FFB5FE5E4085FC7F1EAD] - (.UASSOFT.COM - USB Keyboard And PS/2 Keyboard Driver.) -- C:\Program Files (x86)\Mouse Driver\KMConfig.exe [401408] [PID.4520] [MD5.5AFC1F763562C453C64B70886B460CDD] - (.Samsung Electronics Co., Ltd. - EasySpeedUpManager.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [719360] [PID.5020] [MD5.C407F87EDD7F08D7C8B900A4C6C6C719] - (.Crawler.com - Online Vault Tray.) -- C:\Program Files (x86)\OnlineVault\OVTray.exe [371808] [PID.4424] [MD5.0AE20CEF66BEA4008EED46F4021B0D13] - (.UASSOFT.COM - Keyboard And Mouse Processing.) -- C:\Program Files (x86)\Mouse Driver\KMProcess.exe [328704] [PID.4348] [MD5.085BE68B52CE5A5FA4621507AD518CF3] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.4500] [MD5.F4762082DDCFD241BE8BA5DD35133F4A] - (.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe [264136] [PID.840] [MD5.8C35F5380E57EA4DC2E75532FF47E475] - (...) -- C:\Program Files (x86)\fst_fr_33\fst_fr_33.exe [11671024] [PID.4632] =>PUA.FSTfr9 [MD5.B56FE8443C8C25DFE16B64F99A831C06] - (.SAMSUNG Electronics - SSCKbdHk.) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [1752680] [PID.6592] [MD5.E287233EF87AA90FC9D4DD31575DF3DF] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.5424] [MD5.4BDF29F145793074F9E370EFD10D54F4] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.6516] [MD5.00FCB1A620DAE030FBF2FD39C2F334CB] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe [1863048] [PID.6896] [MD5.516175BCB724F8501E7F8754C90ABB14] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8336384] [PID.908] ~ Processes Running: Scanned in 00mn 02s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Un rayon de soleil\AppData\Local\Google\Chrome\User Data\Default\Preferences ~ Google Browser: 0 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com =>PUP.Awesomehp R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com =>PUP.Awesomehp ~ IE Browser: 25 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) O1 - Hosts: 54.204.28.26 nikdaiaidiiiogaidkkekcmokcgcdeac ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 23 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: IETabPage Class [64Bits] - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} . (.Thinknice Co. Limited - SupTab setup package.) -- C:\Program Files (x86)\SupTab\SupTab.dll =>PUP.SupTab O2 - BHO: Highlightly [64Bits] - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} . (.Highlightly - Highlightly Client BHO x86.) -- C:\Program Files (x86)\Highlightly\IE\HighlightlyClientIE.dll O2 - BHO: melondrea [64Bits] - {844daaf4-d158-49f0-a3c4-d6a343a0b8c0} . (.melondrea - melondrea.) -- C:\Program Files (x86)\melondrea\melondreabho.dll O2 - BHO: Discount Dragon BHO [64Bits] - {EA34C851-D481-49F5-A356-3A8B0A8F3B7E} . (.Pas de propriétaire - FrameworkBHO.) -- C:\Program Files (x86)\Discount Dragon\FrameworkBHO.dll =>PUP.DiscountDragon O2 - BHO: (no name) [64Bits] - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} Clé orpheline ~ BHO: 11 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL x64).) -- C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} Clé orpheline O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O4 - GS\Program [Public]: Encore plus de jeux.lnk - Clé orpheline O4 - GS\Program [Public]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [Un rayon de soleil]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [Un rayon de soleil]: IncrediMail 2.0.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O4 - GS\QuickLaunch [Un rayon de soleil]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [Un rayon de soleil]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\TaskBar [Un rayon de soleil]: IncrediMail.lnk . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O4 - GS\TaskBar [Un rayon de soleil]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Program [Un rayon de soleil]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [Un rayon de soleil]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop [Un rayon de soleil]: 01 CREDIT AGRICOLE -.lnk . (...) -- C:\Users\Un rayon de soleil\Documents\101 CREDIT AGRICOLE O4 - GS\Desktop [Un rayon de soleil]: Assistance Livebox.lnk . (.Orange - Assistance Livebox.) -- C:\Program Files (x86)\Orange\Assistance Livebox\AssistanceLivebox.exe O4 - GS\Desktop [Un rayon de soleil]: Diaporamas.lnk . (...) -- C:\Users\Un rayon de soleil\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms O4 - GS\Desktop [Un rayon de soleil]: FreeCell.lnk - Clé orpheline O4 - GS\Desktop [Un rayon de soleil]: INFORAD MANAGER 3.9.lnk . (.Inforad Ltd. - INFORAD Manager 3.9 Daemon.) -- C:\Users\Un rayon de soleil\AppData\Local\IFM39\ifdmon.exe O4 - GS\Desktop [Un rayon de soleil]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [Un rayon de soleil]: Mes documents.lnk . (...) -- C:\Users\Un rayon de soleil\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms O4 - GS\Desktop [Un rayon de soleil]: Mes images.lnk . (...) -- C:\Users\Un rayon de soleil\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms O4 - GS\Desktop [Un rayon de soleil]: WORD.lnk . (...) -- C:\windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe ~ Global Startup: 73 Legitimates Filtered in 00mn 02s ---\\ Applications lancées au démarrage du sytème (O4) O4 - GS\Startup [Un rayon de soleil]: PricePeepUpdater.lnk . (...) -- C:\Program Files (x86)\PricePeep\PricePeepUpdater.exe (.not file.) =>Adware.PricePeep O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe O4 - HKCU\..\Run: [Epson Stylus SX420W(Réseau)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe =>.Epson Seiko Corporation O4 - HKCU\..\Run: [EPSON SX420W Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe =>.Epson Seiko Corporation O4 - HKCU\..\Run: [Epson Stylus SX420W(Réseau) (Copie 2)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe =>.Epson Seiko Corporation O4 - HKCU\..\Run: [Epson Stylus SX420W(Réseau) (Copie 3)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe =>.Epson Seiko Corporation O4 - HKCU\..\Run: [Orange Installer] C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe (.not file.) O4 - HKCU\..\Run: [IncrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKCU\..\Run: [EPSON SX420W Series (Copie 1)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe =>.Epson Seiko Corporation O4 - HKCU\..\Run: [BackgroundContainer] C:\Users\Un rayon de soleil\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (.not file.) =>PUP.Babylon O4 - HKCU\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\Un rayon de soleil\AppData\Roaming\newnext.me\nengine.dll =>PUP.NextLive O4 - HKLM\..\Wow6432Node\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [KMCONFIG] . (.UASSOFT.COM - DRIVER AUTORUN.) -- C:\Program Files (x86)\Mouse Driver\StartAutorun.exe O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [SiteRanker] C:\Program Files (x86)\SiteRanker\SiteRankTray.exe (.not file.) O4 - HKLM\..\Wow6432Node\Run: [Online Vault] . (.Crawler.com - Online Vault Tray.) -- C:\Program Files (x86)\OnlineVault\OVTray.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [fst_fr_33] . (...) -- C:\Program Files (x86)\fst_fr_33\fst_fr_33.exe =>PUA.FSTfr9 O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] . (...) -- C:\Program Files (x86)\Mobogenie\DaemonProcess.exe =>PUP.Mobogenie O4 - HKLM\..\Wow6432Node\RunOnce: [Discount Dragon-repairJob] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe =>PUP.DiscountDragon O4 - HKLM\..\Wow6432Node\RunOnce: [upfst_fr_62.exe] . (...) -- C:\Users\Un rayon de soleil\AppData\Local\fst_fr_62\upfst_fr_62.exe =>PUA.FSTfr9 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-76830181-1066914796-2057996457-1001\..\Run: [Epson Stylus SX420W(Réseau)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe =>.Epson Seiko Corporation O4 - HKUS\S-1-5-21-76830181-1066914796-2057996457-1001\..\Run: [EPSON SX420W Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe =>.Epson Seiko Corporation O4 - HKUS\S-1-5-21-76830181-1066914796-2057996457-1001\..\Run: [Epson Stylus SX420W(Réseau) (Copie 2)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe =>.Epson Seiko Corporation O4 - HKUS\S-1-5-21-76830181-1066914796-2057996457-1001\..\Run: [Epson Stylus SX420W(Réseau) (Copie 3)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe =>.Epson Seiko Corporation O4 - HKUS\S-1-5-21-76830181-1066914796-2057996457-1001\..\Run: [Orange Installer] C:\Program Files (x86)\Orange\Orange Installer\OrangeInstaller.exe (.not file.) O4 - HKUS\S-1-5-21-76830181-1066914796-2057996457-1001\..\Run: [IncrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe O4 - HKUS\S-1-5-21-76830181-1066914796-2057996457-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A. O4 - HKUS\S-1-5-21-76830181-1066914796-2057996457-1001\..\Run: [EPSON SX420W Series (Copie 1)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe =>.Epson Seiko Corporation O4 - HKUS\S-1-5-21-76830181-1066914796-2057996457-1001\..\Run: [BackgroundContainer] C:\Users\Un rayon de soleil\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (.not file.) =>PUP.Babylon O4 - HKUS\S-1-5-21-76830181-1066914796-2057996457-1001\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\Un rayon de soleil\AppData\Roaming\newnext.me\nengine.dll =>PUP.NextLive ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.) O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.) ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{34FB1F75-F9D0-4A1C-A69C-399EA26D20B1}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{34FB1F75-F9D0-4A1C-A69C-399EA26D20B1}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{34FB1F75-F9D0-4A1C-A69C-399EA26D20B1}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Optimizer Pro Crash Monitor (70e6ca8c) . (...) - C:\Program Files (x86)\optimi~1\OptProCrashSvc.dll (.not file.) =>PUP.OptimizerPro O23 - Service: Dedicarz Service (Dedicarz Service) . (.Pas de propriétaire - DedicarzService.) - C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe O23 - Service: Highlightly Client Service (hlsvc) . (.Highlightly - Highlightly Client Service.) - C:\Program Files (x86)\Highlightly\Service\hlsvc.exe O23 - Service: IePlugin Service (IePluginService) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.Trojan.SProtector O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) . (.UASSOFT.COM - Keyboard And Mouse Communication Service.) - C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe O23 - Service: MgAssist Service (MgAssistService) . (...) - C:\Program Files (x86)\Mobogenie\MgAssist.exe =>PUP.Mobogenie O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe ~ Services: 20 Legitimates Filtered in 00mn 07s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\bench-S-1-5-21-76830181-1066914796-2057996457-1001.job [370] =>PUP.GiganticSavings O39 - APT:Automatic Planified Task - C:\Windows\Tasks\bench-sys.job [370] =>PUP.GiganticSavings [MD5.2064E97CF3396C4EC5A497CE49E4515F] [APT] [bench-S-1-5-21-76830181-1066914796-2057996457-1001] (...) -- C:\Program Files (x86)\Bench\Updater\updater.exe [254456] =>PUP.GiganticSavings [MD5.2064E97CF3396C4EC5A497CE49E4515F] [APT] [bench-sys] (...) -- C:\Program Files (x86)\Bench\Updater\updater.exe [254456] =>PUP.GiganticSavings [MD5.4A59A9F53628FD76EAA3EDFE9903BBFD] [APT] [{0E037811-5103-436D-A7F8-45FD8D6B576C}] (.IncrediMail, Ltd..) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [366536] [MD5.4A59A9F53628FD76EAA3EDFE9903BBFD] [APT] [{13D1F100-315A-4A10-85AE-465159E2069C}] (.IncrediMail, Ltd..) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [366536] [MD5.00000000000000000000000000000000] [APT] [{2802049A-BADB-448E-B8E2-B96F4CF69832}] (...) -- C:\Users\Un rayon de soleil\Downloads\Adobe_Photoshop_CS5_Extended-AkamaiDLM.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{28D73577-1E92-4A62-8578-E92EA826B931}] (...) -- C:\Users\Un rayon de soleil\Downloads\Adobe_Photoshop_CS5_Extended-AkamaiDLM.exe (.not file.) [0] [MD5.4A59A9F53628FD76EAA3EDFE9903BBFD] [APT] [{2FD51AA5-4127-4BCB-A15E-4622F7666668}] (.IncrediMail, Ltd..) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [366536] [MD5.00000000000000000000000000000000] [APT] [{3A0FCDCD-CF29-4178-B0AE-A409390C9C59}] (...) -- C:\Users\Un rayon de soleil\Downloads\incredimail_incredimail_5.8.6_build_4332_francais_10318.exe (.not file.) [0] [MD5.3DB375C053E7E691C65A77CC33EBB14C] [APT] [{3D0BDC07-7098-4723-B7D4-3CDE8F8F721E}] (...) -- C:\Program Files (x86)\IncrediMail\Bin\ImSetup.exe [120776] [MD5.4A59A9F53628FD76EAA3EDFE9903BBFD] [APT] [{5B43D16E-E4D9-41C1-B870-4740B9798980}] (.IncrediMail, Ltd..) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [366536] [MD5.00000000000000000000000000000000] [APT] [{711744F0-E57F-42F9-9B7B-999C4CCBAE12}] (...) -- C:\Users\Un rayon de soleil\Downloads\Adobe_Photoshop_CS5_Extended-AkamaiDLM.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{79CFC91F-EA7F-4C81-9038-38EF6DFC018B}] (...) -- C:\Users\Un rayon de soleil\Downloads\Adobe_Photoshop_CS5_Extended-AkamaiDLM.exe (.not file.) [0] [MD5.4A59A9F53628FD76EAA3EDFE9903BBFD] [APT] [{88BBE511-1E7D-467D-A07B-312DB1DA05DC}] (.IncrediMail, Ltd..) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [366536] [MD5.4A59A9F53628FD76EAA3EDFE9903BBFD] [APT] [{91D5B60F-E3CE-4212-9489-D0FC10677CB1}] (.IncrediMail, Ltd..) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [366536] [MD5.4A59A9F53628FD76EAA3EDFE9903BBFD] [APT] [{9823211F-D8AF-4F90-9F5F-03EBBBBBE534}] (.IncrediMail, Ltd..) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [366536] [MD5.4A59A9F53628FD76EAA3EDFE9903BBFD] [APT] [{A019417E-7E2C-49DF-A2A9-BA3349479D9B}] (.IncrediMail, Ltd..) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [366536] [MD5.00000000000000000000000000000000] [APT] [{ACFAE395-B4B9-42E6-80E6-6BD96614420A}] (...) -- C:\Users\Un rayon de soleil\Downloads\im_dict_fr.exe (.not file.) [0] [MD5.4A59A9F53628FD76EAA3EDFE9903BBFD] [APT] [{BCC605DD-F39E-411B-909E-939ACAFF78A0}] (.IncrediMail, Ltd..) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [366536] [MD5.00000000000000000000000000000000] [APT] [{CD104CF3-1065-453E-9E0A-128656FEF734}] (...) -- C:\Users\Un rayon de soleil\Downloads\setup.exe (.not file.) [0] [MD5.4A59A9F53628FD76EAA3EDFE9903BBFD] [APT] [{D649A1A8-CB48-4CB0-BA75-43CF47A1D165}] (.IncrediMail, Ltd..) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [366536] [MD5.4A59A9F53628FD76EAA3EDFE9903BBFD] [APT] [{E2FE3459-FB7D-4768-9277-2D5643BC633A}] (.IncrediMail, Ltd..) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [366536] [MD5.4A59A9F53628FD76EAA3EDFE9903BBFD] [APT] [{F08AB43F-757E-436B-A6E6-40506E89825E}] (.IncrediMail, Ltd..) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [366536] [MD5.4A59A9F53628FD76EAA3EDFE9903BBFD] [APT] [{F632A0B6-130A-4B7C-862F-8BF6861D1F2F}] (.IncrediMail, Ltd..) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [366536] ~ Scheduled Task: 39 Legitimates Filtered in 00mn 07s ---\\ Pilotes lancés au démarrage du système (O41) O41 - Driver: (hlnfd) . (.Highlightly - Highlightly Driver x64.) - C:\Windows\System32\drivers\hlnfd.sys ~ Drivers: 66 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM][64Bits] -- {903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E} =>Adware.Boxore O42 - Logiciel: Discount Dragon - (.Smart Apps.) [HKLM][64Bits] -- 38900_Discount Dragon =>PUP.DiscountDragon O42 - Logiciel: Highlightly - (.Highlightly.) [HKLM][64Bits] -- Highlightly O42 - Logiciel: IePluginService12.27.0.3326 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- IePlugins =>Trojan.Trojan.SProtector O42 - Logiciel: IncrediMail - (.IncrediMail.) [HKLM][64Bits] -- {5E97F3BD-CDDC-4188-9D98-532E14FABB5D} O42 - Logiciel: IncrediMail 2.0 - (.IncrediMail Ltd..) [HKLM][64Bits] -- IncrediMail O42 - Logiciel: Mouse Driver - (.Driver Builder.) [HKLM][64Bits] -- InstallShield_{CC263BB0-5DB8-4024-87E7-8E5650070F0D} O42 - Logiciel: Mouse Driver - (.Driver Builder.) [HKLM][64Bits] -- {CC263BB0-5DB8-4024-87E7-8E5650070F0D} O42 - Logiciel: Online Vault - (.PCRx.com, LLC.) [HKLM][64Bits] -- {FE60B87C-63A2-4A45-AC06-FFEFD5DB7846}_is1 =>PUP.PCRx O42 - Logiciel: SupTab - (...) [HKLM][64Bits] -- SupTab =>PUP.SupTab O42 - Logiciel: WPM17.8.0.3325 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- WPM =>PUP.WpManager O42 - Logiciel: fst_fr_33 - (.FREESOFTTODAY.) [HKLM][64Bits] -- fst_fr_33_is1 =>PUA.FSTfr9 O42 - Logiciel: fst_fr_62 - (.FREESOFTTODAY.) [HKLM][64Bits] -- fst_fr_62_is1 =>PUA.FSTfr9 O42 - Logiciel: melondrea - (.melondrea.) [HKLM][64Bits] -- melondrea ~ Logic: 33 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\IncrediMail] [HKCU\Software\Tutorials] =>Spyware.AgenceExclusive [HKCU\Software\melondrea] [HKLM\Software\ASK] [HKLM\Software\Wow6432Node\Discount Dragon] =>PUP.DiscountDragon [HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager [HKLM\Software\Wow6432Node\melondrea] [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager ~ Key Software: 330 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 11/02/2014 - 14:46:32 - [1,038] ----D C:\Program Files (x86)\Discount Dragon =>PUP.DiscountDragon O43 - CFD: 02/02/2014 - 12:15:52 - [12,208] ----D C:\Program Files (x86)\fst_fr_33 =>PUA.FSTfr9 O43 - CFD: 04/02/2014 - 14:44:24 - [4,444] ----D C:\Program Files (x86)\fst_fr_62 =>PUA.FSTfr9 O43 - CFD: 10/02/2014 - 13:53:05 - [0,877] ----D C:\Program Files (x86)\Highlightly O43 - CFD: 14/07/2012 - 16:57:43 - [26,457] ----D C:\Program Files (x86)\IncrediMail O43 - CFD: 10/02/2014 - 13:52:56 - [0,467] ----D C:\Program Files (x86)\melondrea O43 - CFD: 06/09/2011 - 13:48:09 - [7,953] ----D C:\Program Files (x86)\Mouse Driver O43 - CFD: 01/02/2014 - 13:21:00 - [2,315] ----D C:\Program Files (x86)\SupTab =>PUP.SupTab O43 - CFD: 01/02/2014 - 13:21:00 - [0,484] ----D C:\ProgramData\IePluginService =>Trojan.Trojan.SProtector O43 - CFD: 27/01/2011 - 17:52:20 - [0] ----D C:\ProgramData\IM O43 - CFD: 27/01/2011 - 17:45:47 - [6,551] ----D C:\ProgramData\IncrediMail O43 - CFD: 01/02/2014 - 13:20:56 - [0,471] ----D C:\ProgramData\WPM =>PUP.WpManager O43 - CFD: 13/02/2014 - 11:33:54 - [1,228] ----D C:\Users\Un rayon de soleil\AppData\Roaming\newnext.me =>PUP.NextLive O43 - CFD: 11/02/2014 - 14:46:35 - [1,085] ----D C:\Users\Un rayon de soleil\AppData\Local\Discount Dragon =>PUP.DiscountDragon O43 - CFD: 02/02/2014 - 12:15:53 - [0] ----D C:\Users\Un rayon de soleil\AppData\Local\fst_fr_33 =>PUA.FSTfr9 O43 - CFD: 13/02/2014 - 11:36:04 - [15,810] ----D C:\Users\Un rayon de soleil\AppData\Local\fst_fr_62 =>PUA.FSTfr9 O43 - CFD: 06/02/2014 - 11:28:00 - [1,224] ----D C:\Users\Un rayon de soleil\AppData\Local\genienext O43 - CFD: 07/12/2012 - 12:25:24 - [0,488] ----D C:\Users\Un rayon de soleil\AppData\Local\IFM38 O43 - CFD: 07/06/2011 - 18:12:17 - [941,195] ----D C:\Users\Un rayon de soleil\AppData\Local\IM O43 - CFD: 09/01/2014 - 12:19:54 - [0,003] ----D C:\Users\Un rayon de soleil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup ~ 138 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 367 Legitimates Filtered in 01mn 20s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.D07138915E1B489BA08D2DBDFF441A60] - 04/02/2014 - 11:23:18 ---A- . (...) -- C:\shldr [285747] O44 - LFC:[MD5.025926B83A938B5215F3C1DCC882F21C] - 04/02/2014 - 11:23:18 ---A- . (...) -- C:\shldr.mbr [8192] O44 - LFC:[MD5.639B49CB4118510EB913085E107FFBEE] - 04/02/2014 - 12:00:11 ---A- . (...) -- C:\sh4_service.log [126] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 04/02/2014 - 12:03:39 ---A- . (...) -- C:\autoexec.bat [0] O44 - LFC:[MD5.4B5E59057D9ED29481FF1D6B8BF9BD4B] - 04/02/2014 - 12:59:13 ---A- . (...) -- C:\spyhunter.log [244] =>Crapware.SpyHunter O44 - LFC:[MD5.CB8572E790FCE09714143741C20E9934] - 06/02/2014 - 11:27:27 ---A- . (...) -- C:\Windows\System32\sasnative64.exe [16896] O44 - LFC:[MD5.2465EBC8CD6E412CDC1AB9FEF40BCAE6] - 12/02/2014 - 13:02:53 ---A- . (...) -- C:\Windows\win.ini [478] ~ Files: 55 Legitimates Filtered in 00mn 11s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.15E6BF45E45364A9726936E886F5829E] - 10/02/2014 - 13:59:52 ---A- - C:\Windows\Prefetch\BEAMRISE.EXE-B1E9CCD9.pf =>Hijacker.Beamrise O45 - LFCP:[MD5.7A8BC17A841AF02C47F858967CAF36B6] - 11/02/2014 - 08:41:07 ---A- - C:\Windows\Prefetch\REBATEINF.EXE-A6263A1F.pf O45 - LFCP:[MD5.C0EE4177C904FB59F87F2BB228F3C966] - 12/02/2014 - 12:57:14 ---A- - C:\Windows\Prefetch\INCMAIL.EXE-160A50B5.pf O45 - LFCP:[MD5.9FFB753795843B26A80B4A691C8BF679] - 12/02/2014 - 12:59:55 ---A- - C:\Windows\Prefetch\IMBPP.EXE-7DDC38F4.pf O45 - LFCP:[MD5.1F03F04109BE14169C82F00FFAF0D36B] - 13/02/2014 - 10:38:36 ---A- - C:\Windows\Prefetch\KMPROCESS.EXE-2E9EC5FA.pf O45 - LFCP:[MD5.DF958C475614AB1A57D1A01921803009] - 13/02/2014 - 10:43:36 ---A- - C:\Windows\Prefetch\OV.EXE-0E66AD64.pf O45 - LFCP:[MD5.106302238CD071CE599A476F7A74EAA8] - 13/02/2014 - 10:45:41 ---A- - C:\Windows\Prefetch\SPRINT.EXE-9F6F825D.pf O45 - LFCP:[MD5.F2506A0863004968BB2812AFE33F2729] - 13/02/2014 - 10:48:45 ---A- - C:\Windows\Prefetch\IMNOTFY.EXE-70CE0CC2.pf O45 - LFCP:[MD5.BAA1231C7AB30400ED7F375547CD6D12] - 13/02/2014 - 11:33:55 ---A- - C:\Windows\Prefetch\STARTAUTORUN.EXE-32FCEAAB.pf O45 - LFCP:[MD5.B077B16D039C014C140091EB4F0D17EF] - 13/02/2014 - 11:33:58 ---A- - C:\Windows\Prefetch\OVTRAY.EXE-5E41165C.pf O45 - LFCP:[MD5.C659434AEC8D8ED990536086C39E8C99] - 13/02/2014 - 11:33:59 ---A- - C:\Windows\Prefetch\UPDATEMOBOGENIE.EXE-4EB2A58F.pf =>PUP.Mobogenie O45 - LFCP:[MD5.BB896680ED0CDC197B0788D1A87DB606] - 13/02/2014 - 11:34:09 ---A- - C:\Windows\Prefetch\DAEMONPROCESS.EXE-C7CE3E16.pf O45 - LFCP:[MD5.89D77E03809952CC48FDC9E899C5B9EB] - 13/02/2014 - 11:34:11 ---A- - C:\Windows\Prefetch\IMLPP.EXE-87D7D106.pf O45 - LFCP:[MD5.D952CA61964842F58A932E6A75F81FD4] - 13/02/2014 - 11:34:17 ---A- - C:\Windows\Prefetch\IMAPP.EXE-FCDCA9BF.pf O45 - LFCP:[MD5.A2E867BD5E3A3665F8259FEED72FFEF5] - 13/02/2014 - 11:34:21 ---A- - C:\Windows\Prefetch\FST_FR_33.EXE-5DE8BA58.pf =>PUA.FSTfr9 O45 - LFCP:[MD5.EEA9ED336E2F0220E4A05AE4ED34BE28] - 13/02/2014 - 11:36:04 ---A- - C:\Windows\Prefetch\UPFST_FR_62.EXE-24E21F70.pf =>PUA.FSTfr9 ~ Prefetcher: 135 Legitimates Filtered in 00mn 01s ---\\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{7d970d72-a998-11e1-882e-002454e265e0}\AutoRun\command. (...) -- F:\SFR.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\Akamai NetSession Interface [Key] . (...) -- C:\Users\Un rayon de soleil\AppData\Local\Akamai\netsession_win.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\zzzHPSETUP [Key] . (...) -- E:\Setup.exe (.not file.) =>.Nicolas Coolman ~ SMSR Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:[MD5.8DECF397B091FF0AF81CC48C601C6B94] - 04/12/2013 - 20:46:36 ---A- . (.Highlightly - Highlightly Driver x64.) -- C:\Windows\System32\Drivers\hlnfd.sys [58256] O58 - SDL:[MD5.E0906852228EADED7432D7F3373FBB0C] - 16/04/2010 - 14:26:38 ---A- . (.Windows (R) Win 7 DDK provider - KMWDFilter Driver from UASSOFT.COM.) -- C:\Windows\System32\Drivers\KMWDFILTER.sys [22016] O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] O58 - SDL:[MD5.C9E9D59C0099A9FF51697E9306A44240] - 13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784] O58 - SDL:[MD5.64F88AF327AA74E03658AE32B48CCB8B] - 28/09/2009 - 10:22:00 ---A- . (...) -- C:\Windows\System32\Drivers\yk62x64.sys [395264] O58 - SDL:[MD5.4CA0DBA9E224473D664C25E411F5A3BD] - 23/10/2010 - 05:20:40 ---A- . (.Windows (R) 2003 DDK 3790 provider - Generic Port I/O for Win64.) -- C:\Windows\SysWOW64\drivers\rtport.sys [15144] ~ Drivers: 16 Legitimates Filtered in 00mn 23s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 10/02/2014 - 12:00:14 ---A- . (...) -- C:\Users\Un rayon de soleil\AppData\Local\Mozilla\updates\E7CF176E110C211B\active-update.xml [57] O61 - LFC: 10/02/2014 - 12:00:14 ---A- . (...) -- C:\Users\Un rayon de soleil\AppData\Local\Mozilla\updates\E7CF176E110C211B\updates.xml [1668] O61 - LFC: 11/02/2014 - 11:57:54 ---A- . (...) -- C:\Users\Un rayon de soleil\AppData\Local\BenchUpdater\products.xml [447] =>PUP.GiganticSavings O61 - LFC: 11/02/2014 - 11:57:54 ---A- . (...) -- C:\Users\Un rayon de soleil\AppData\Local\Discount Dragon\firefox\extension_info.json [2422] =>PUP.DiscountDragon O61 - LFC: 11/02/2014 - 11:57:55 ---A- . (...) -- C:\Users\Un rayon de soleil\AppData\Local\Discount Dragon\repair_data.json [4764] =>PUP.DiscountDragon O61 - LFC: 11/02/2014 - 11:57:56 ---A- . (...) -- C:\Users\Un rayon de soleil\AppData\Local\Discount Dragon\uninstall.exe [146310] =>PUP.DiscountDragon O61 - LFC: 11/02/2014 - 11:58:01 ---A- . (.FreeSoftToday.) -- C:\Users\Un rayon de soleil\AppData\Local\fst_fr_62\Download\majfst2.exe [6984072] =>PUA.FSTfr9 O61 - LFC: 11/02/2014 - 12:00:49 ---A- . (...) -- C:\Users\Un rayon de soleil\AppData\Roaming\ZHP\HOSTS.txt [871] =>.Nicolas Coolman O61 - LFC: 11/02/2014 - 12:00:52 ---A- . (...) -- C:\Users\Un rayon de soleil\Downloads\adwcleaner.exe [1166132] O61 - LFC: 11/02/2014 - 12:00:52 ---A- . (...) -- C:\Users\Un rayon de soleil\Links\Desktop.lnk [519] O61 - LFC: 11/02/2014 - 12:00:52 ---A- . (...) -- C:\Users\Un rayon de soleil\Links\Downloads.lnk [998] O61 - LFC: 11/02/2014 - 12:00:52 ---A- . (...) -- C:\Users\Un rayon de soleil\Links\RecentPlaces.lnk [383] O61 - LFC: 12/02/2014 - 12:00:50 ---A- . (...) -- C:\Users\Un rayon de soleil\Documents\101 CREDIT AGRICOLE\Crédit Agricole 2014.xlsx [48640] O61 - LFC: 13/02/2014 - 11:57:56 ---A- . (...) -- C:\Users\Un rayon de soleil\AppData\Local\fst_fr_33\fst_fr_33\1.10\cnf.cyl [131] =>PUA.FSTfr9 O61 - LFC: 13/02/2014 - 11:57:56 ---A- . (...) -- C:\Users\Un rayon de soleil\AppData\Local\fst_fr_33\fst_fr_33\1.10\eorezo.cyl [69] =>PUA.FSTfr9 O61 - LFC: 13/02/2014 - 11:58:01 ---A- . (...) -- C:\Users\Un rayon de soleil\AppData\Local\fst_fr_62\upfst_fr_62.cyp [992] =>PUA.FSTfr9 O61 - LFC: 13/02/2014 - 11:58:15 ---A- . (...) -- C:\Users\Un rayon de soleil\AppData\Local\IM\content.xml [41694] O61 - LFC: 13/02/2014 - 12:00:43 ---A- . (...) -- C:\Users\Un rayon de soleil\AppData\Roaming\fr.orange.assistancelivebox\Local Store\ALB.db [6144] =>.Orange Corporation O61 - LFC: 13/02/2014 - 12:00:44 ---A- . (...) -- C:\Users\Un rayon de soleil\AppData\Roaming\Microsoft\OIS\Toolbars.dat [723] O61 - LFC: 13/02/2014 - 12:00:45 ---A- . (...) -- C:\Users\Un rayon de soleil\AppData\Roaming\OnlineVault\settings.xml [979] O61 - LFC: 13/02/2014 - 12:00:45 ---A- . (...) -- C:\Users\Un rayon de soleil\AppData\Roaming\OnlineVault\settings_FCB.xml [194] O61 - LFC: 13/02/2014 - 12:00:45 ---A- . (...) -- C:\Users\Un rayon de soleil\AppData\Roaming\newnext.me\nengine.cookie [3072] =>PUP.NextLive O61 - LFC: 13/02/2014 - 12:00:49 ---A- . (...) -- C:\Users\Un rayon de soleil\AppData\Roaming\ZHP\Log.txt [20358] =>.Nicolas Coolman O61 - LFC: 13/02/2014 - 12:00:49 ---A- . (...) -- C:\Users\Un rayon de soleil\AppData\Roaming\ZHP\TestsZHPDiag.txt [3190] =>.Nicolas Coolman O61 - LFC: 13/02/2014 - 12:00:50 ---A- . (...) -- C:\Users\Un rayon de soleil\Documents\104 DIVERS\AdwCleaner[S1].txt [1915] O61 - LFC: 13/02/2014 - 12:00:50 ---A- . (...) -- C:\Users\Un rayon de soleil\Documents\104 DIVERS\mbam-log-2014-02-13 (11-08-17).txt [2208] ~ 27 Fichiers temporaires (Temporary files) ~ Files: 195 Legitimates Filtered in 03mn 05s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 04/12/2013 - C:\Windows\System32\drivers\hlnfd.sys (hlnfd) .(.Highlightly - Highlightly Driver x64.) - LEGACY_HLNFD ~ Legacy: 93 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com =>PUP.Awesomehp ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {293B0BBA-56F8-4A2E-956A-56DE6FE68914} - (IncrediMail MediaBar Francais 2 Customized Web Search) - http://search.conduit.com O69 - SBI: SearchScopes [HKCU] {3FEE1C84-B8C9-43DB-BF64-A6AA28AF544F} - (Ask Search) - http://websearch.ask.com =>Toolbar.Ask O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (Orange) - http://r.orange.fr ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.CED3B441B97219DC535AA1CAAC888ACC] [SPRF][27/01/2011] (...) -- C:\ProgramData\ezsidmv.dat [56] [MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][16/01/2010] (...) -- C:\ProgramData\FullRemove.exe [131368] ~ Files: 2 Legitimates Filtered in 00mn 00s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{D4DBFF5E-6508-4828-9623-4156154A62E0}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{7AF110D1-6BEF-4F98-8225-FD24F9B8D175}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{316E5D6F-08A2-4A82-850C-85E7E9130C50}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{D54B08FD-959A-4255-98AD-4E10C83ED645}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{A1BFC32A-7C3A-4135-B3DD-54B930F42EDE}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{1D0B6BAC-8263-4F13-85F1-A50DFD6F5BCF}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe O87 - FAEL: "{4AA38F77-DB53-4AF5-A722-4E0349072BB3}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe O87 - FAEL: "{F4AF21B5-7DB5-4A6A-B82B-F1C046E91F87}" | In - Public - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O87 - FAEL: "{4D560331-9E11-4B6C-9B10-AAEEF7B00EE0}" | In - Public - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O87 - FAEL: "{F16B723C-F69A-48AA-94F4-C9363DDB93D6}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{FA9646ED-7BB9-4731-9D43-D81894931144}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Content Importer.) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe O87 - FAEL: "{50A3242B-0D71-45FE-BAF6-BCEE72FD8BD8}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe O87 - FAEL: "{4DAED0BC-AEE7-47FE-BF68-94D1D726DCB4}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe O87 - FAEL: "{6E79C6DD-4B8B-42CA-A274-800ECB2418B2}" | In - Private - P6 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe O87 - FAEL: "{2716CD13-D5B3-4FC4-A35A-532661946C81}" | In - Private - P17 - FALSE | .(.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe ~ Firewall: 243 Legitimates Filtered in 00mn 01s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "0BB362CC8BD54204787EE8650570F0D0" . (.Mouse Driver.) -- C:\windows\Installer\{CC263BB0-5DB8-4024-87E7-8E5650070F0D}\ARPPRODUCTICON.exe O90 - PUC: "8DFFC309FB5815A4A8D6B4BBAC43A6E6" . (.Boxore Client.) -- C:\windows\Installer\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}\boxore.ico =>Adware.Boxore O90 - PUC: "DB3F79E5CDDC8814D98935E241AFBBD5" . (.IncrediMail.) -- C:\windows\Installer\{5E97F3BD-CDDC-4188-9D98-532E14FABB5D}\ARPPRODUCTICON.exe ~ Update Products: 99 Legitimates Filtered in 00mn 00s ---\\ Enumère les données de la clé NameSpace (MNS) (O92) O92 - MNS: Photos iCloud - {F0D63F85-37EC-4097-B30D-61B4A8917118} ~ MNS: 1 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.39988793C0BE26963F7C8228E7F04E23] [WIS][06/01/2014] (.Google - Google+ Auto Backup.) -- C:\Windows\Installer\140af62e.msi [3088384] [MD5.645F492BE6C9FCB78F99AEDED7BB5DBF] [WIS][06/09/2011] (.Driver Builder - COMAT Mouse Driver.) -- C:\Windows\Installer\15bcbc.msi [3280896] [MD5.09AEAA9E7CB67E80D1DCFD6395026E7E] [WIS][14/07/2012] (.IncrediMail - IncrediMail.) -- C:\Windows\Installer\2e4a7.msi [2893312] ~ WIS: 102 Legitimates Filtered in 00mn 24s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Auto 10/07/1658 0 | (70e6ca8c) . (...) - C:\Program Files (x86)\optimi~1\OptProCrashSvc.dll =>PUP.OptimizerPro SS - | Demand 06/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Auto 27/08/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 27/08/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 02/09/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 10/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 29/08/2013 1073160 | (Orange update Core Service) . (.Orange SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 14/05/2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe SR - | Auto 17/04/2008 102712 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 07/07/2010 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 07/01/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 10/06/2013 1966960 | (Dedicarz Service) . (...) - C:\Program Files (x86)\Orange\Assistance Livebox\dedicarz\DedicarzService.exe SR - | Auto 19/12/2006 94208 | (EpsonBidirectionalService) . (.SEIKO EPSON CORPORATION.) - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe SR - | Auto 14/09/2009 166400 | (EPSON_EB_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.exe SR - | Auto 14/09/2009 128512 | (EPSON_PM_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.exe SR - | Auto 04/12/2013 273000 | (hlsvc) . (.Highlightly.) - C:\Program Files (x86)\Highlightly\Service\hlsvc.exe SR - | Auto 14/01/2014 508016 | (IePluginService) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.Trojan.SProtector SR - | Demand 20/01/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 19/04/2010 1823744 | (KMWDSERVICE) . (.UASSOFT.COM.) - C:\Program Files (x86)\Mouse Driver\KMWDSrv.exe SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe SR - | Auto 06/02/2014 63168 | (MgAssistService) . (...) - C:\Program Files (x86)\Mobogenie\MgAssist.exe =>PUP.Mobogenie SR - | Auto 23/10/2013 23808 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe SR - | Auto 07/07/2009 247152 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 26s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Run by Un rayon de soleil at 13/02/2014 12:01:50 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Un rayon de soleil at 13/02/2014 12:01:52 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 13031 - (12/02/2014) Clés trouvées (Keys found) : 27 Valeurs trouvées (Values found) : 4 Dossiers trouvés (Folders found) : 11 Fichiers trouvés (Files found) : 12 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}] =>PUP.SupTab^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}] =>PUP.DiscountDragon^ [HKLM\SYSTEM\CurrentControlSet\Services\70e6ca8c] =>PUP.OptimizerPro^ [HKLM\SYSTEM\CurrentControlSet\Services\IePluginService] =>Trojan.Trojan.SProtector^ [HKLM\SYSTEM\CurrentControlSet\Services\MgAssistService] =>PUP.Mobogenie^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{903CFFD8-85BF-4A51-8A6D-4BBBCA346A6E}] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\38900_Discount Dragon] =>PUP.DiscountDragon^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins] =>Trojan.Trojan.SProtector^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FE60B87C-63A2-4A45-AC06-FFEFD5DB7846}_is1] =>PUP.PCRx^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SupTab] =>PUP.SupTab^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM] =>PUP.WpManager^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\fst_fr_33_is1] =>PUA.FSTfr9^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\fst_fr_62_is1] =>PUA.FSTfr9^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}] =>Toolbar.InBox [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] =>Toolbar.InBox [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd [HKCU\Software\Tutorials] =>Spyware.AgenceExclusive [HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^ [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:BackgroundContainer =>PUP.Babylon^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:fst_fr_33 =>PUA.FSTfr9^ [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]:Discount Dragon-repairJob =>PUP.DiscountDragon^ C:\Program Files (x86)\Discount Dragon =>PUP.DiscountDragon^ C:\Program Files (x86)\fst_fr_33 =>PUA.FSTfr9^ C:\Program Files (x86)\fst_fr_62 =>PUA.FSTfr9^ C:\Program Files (x86)\SupTab =>PUP.SupTab^ C:\ProgramData\IePluginService =>Trojan.Trojan.SProtector^ C:\ProgramData\WPM =>PUP.WpManager^ C:\Users\Un rayon de soleil\AppData\Roaming\newnext.me =>PUP.NextLive^ C:\Users\Un rayon de soleil\AppData\Local\Discount Dragon =>PUP.DiscountDragon^ C:\Users\Un rayon de soleil\AppData\Local\fst_fr_33 =>PUA.FSTfr9^ C:\Users\Un rayon de soleil\AppData\Local\fst_fr_62 =>PUA.FSTfr9^ C:\Users\Un rayon de soleil\AppData\Local\Software =>Adware.Boxore C:\Program Files (x86)\Mobogenie\DaemonProcess.exe =>PUP.Mobogenie^ C:\Users\Un rayon de soleil\AppData\Local\fst_fr_62\upfst_fr_62.exe =>PUA.FSTfr9^ C:\Program Files (x86)\fst_fr_33\fst_fr_33.exe =>PUA.FSTfr9^ C:\Windows\Tasks\bench-S-1-5-21-76830181-1066914796-2057996457-1001.job =>PUP.GiganticSavings^ C:\Windows\Tasks\bench-sys.job =>PUP.GiganticSavings^ C:\Program Files (x86)\Bench\Updater\updater.exe =>PUP.GiganticSavings^ [HKLM\Software\Wow6432Node\Discount Dragon] =>PUP.DiscountDragon^ [HKLM\Software\Wow6432Node\Wpm] =>PUP.WpManager^ [HKLM\Software\Wow6432Node\supTab] =>PUP.SupTab^ [HKLM\Software\Wow6432Node\supWPM] =>PUP.WpManager^ C:\Users\Un rayon de soleil\AppData\Local\Temp\BoxoreInstaller.exe =>Adware.Boxore C:\Users\Un rayon de soleil\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon ~ Additionnel Scan: 346123 Items scanned in 00mn 20s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/41034005-pup-mobogenie =>PUP.Mobogenie ~ http://nicolascoolman.webs.com/apps/blog/show/34014358-pua-fstfr9 =>PUA.FSTfr9 ~ http://nicolascoolman.webs.com/apps/blog/show/41011964-pup-awesomehp =>PUP.Awesomehp ~ http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab =>PUP.SupTab ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/40528410-pup-nextlive =>PUP.NextLive ~ http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro =>PUP.OptimizerPro ~ http://nicolascoolman.webs.com/apps/blog/show/40789592-trojan-sprotector =>Trojan.SProtector ~ http://nicolascoolman.webs.com/apps/blog/show/37514218-pup-giganticsavings =>PUP.GiganticSavings ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore ~ http://nicolascoolman.webs.com/apps/blog/show/33007053-pup-pcrx =>PUP.PCRx ~ http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager ~ http://nicolascoolman.webs.com/apps/blog/show/26627641-spyware-agenceexclusive =>Spyware.AgenceExclusive ~ http://nicolascoolman.webs.com/apps/blog/show/26609241-crapware-spyhunter =>Crapware.SpyHunter ~ http://nicolascoolman.webs.com/apps/blog/show/34065742-hijacker-beamrise =>Hijacker.Beamrise ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad =>Adware.PredictAd ~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>PUP.Tarma ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ MSI: 19 link(s) detected in 00mn 21s ~ 1750 Legitimates filtered by white list End of the scan (745 lines in 06mn 58s)(0)