~ Rapport de ZHPDiag v2014.2.17.15 - Nicolas Coolman (17/02/2014) ~ Lancé par francis (21/02/2014 19:36:36) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.16518 GCIE: Google Chrome ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_COA_NSLP channel Windows ID Activation : OK ~ Windows Partial Key : 7BFMX Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Malwarebytes Anti-Malware version 1.75.0.1300 Ad-Aware Antivirus v11.1.5354.0 Windows Defender W7 ---\\ Logiciels d'optimisation du système CCleaner v4.09 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 12 Plugin Adobe Reader XI Java 7 Update 45 ---\\ Informations sur le système ~ Processor: x86 Family 15 Model 107 Stepping 2, AuthenticAMD ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1918 MB (52% free) System Restore: Activé (Enable) System drive C: has 66 GB (44%) free of 149 GB ---\\ Mode de connexion au système ~ Computer Name: FRANCIS-PC ~ User Name: francis ~ All Users Names: Marie, HomeGroupUser$, francis, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\francis\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\francis\AppData\Roaming\ ~ %Desktop% : C:\Users\francis\Desktop\ ~ %Favorites% : C:\Users\francis\Favorites\ ~ %LocalAppData% : C:\Users\francis\AppData\Local\ ~ %StartMenu% : C:\Users\francis\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques A: Floppy drive, Flash card reader, USB Key (Not Inserted) C: Hard drive, Flash drive, Thumb drive (Free 66 Go of 149 Go) D: CD-ROM drive (Not Inserted) F: Floppy drive, Flash card reader, USB Key (Not Inserted) G: Floppy drive, Flash card reader, USB Key (Not Inserted) H: Floppy drive, Flash card reader, USB Key (Not Inserted) I: Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 46 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.9C89246184979A070B0C6CCF61C68136] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.06/02/2014 - 09:41:35.) -- C:\Windows\System32\wininet.dll [1820160] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.26/11/2013 - 10:10:47.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 27/5586 ~ Mes musiques (My Musics) : 1/800 ~ Mes Videos (My Videos) : 1/26 ~ Mes Favoris (My Favorites) : 1/119 ~ Mes Documents (My Documents) : 4/460 ~ Mon Bureau (My Desktop) : 0/1842 ~ Menu demarrer (Programs) : 1/26 ~ Hidden Files: Scanned in 00mn 14s ---\\ Processus lancés [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2208] [MD5.33E1F4D1BA2C558BAB72959EB3706C32] - (...) -- C:\Users\Marie\AppData\Local\PirritSuggestor\PirritDesktop.exe [190808] [PID.3784] =>PUP.PirritSuggestor [MD5.F7D68D8E70EA376713A39395664793CA] - (.Pinnacle Systems GmbH - Pinnacle USB Tip - for Multi Media eXtensio.) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752] [PID.1412] [MD5.10249432808C2895599F8A144F0BB751] - (.KARPOLAN - Keyboard Leds.) -- C:\Users\francis\Documents\Downloads\Keyboard LEDs\KeyboardLeds.exe [983040] [PID.3132] [MD5.4263F6C131E513CEA1AE82B5B81A4E1A] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [808152] [PID.3396] [MD5.E936FA1DF62070DCE5F08A7E68F68094] - (.Eyeo GmbH - Adblock Plus Engine.) -- C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe [4227336] [PID.3072] [MD5.AB44884BC129FC04D75A4649E0710203] - (.Nicolas Coolman - ZHPDiag.) -- C:\Users\francis\Desktop\ZHPDiag\ZHPDiag.exe [8338432] [PID.2204] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\francis\AppData\Local\Google\Chrome\User Data\Default\Preferences ~ Google Browser: 7 Legitimates Filtered in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKLM] [@pandasecurity.com/activescan] - (...) -- C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (.not file.) ~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve ~ IE Browser: 14 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:9880 =>Hijacker.Proxy R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 0 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} . (.Adblock Plus - Adblock Plus Module.) -- C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll ~ BHO: 2 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\QuickLaunch [Marie]: Google Chrome.lnk . (...) -- C:\Program Files\Google\Chrome\Application\chrome.exe (.not file.) O4 - GS\QuickLaunch [Marie]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar [Marie]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [Marie]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [Marie]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SendTo [Marie]: Evernote.lnk . (...) -- C:\Program Files\Evernote\Evernote\Evernote.exe (.not file.) O4 - GS\QuickLaunch [francis]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [francis]: Pinnacle Studio 12.lnk . (.Pinnacle Systems - Studio program file.) -- C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe O4 - GS\TaskBar [francis]: iexplore - Raccourci.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.google.fr =>Hijacker.Browsers O4 - GS\Program [francis]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.google.fr =>Hijacker.Browsers O4 - GS\SystemTools [francis]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Global Startup: 71 Legitimates Filtered in 00mn 02s ---\\ Applications lancées au démarrage du sytème (O4) O4 - HKLM\..\Run: [USBToolTip] . (.Pinnacle Systems GmbH - Pinnacle USB Tip - for Multi Media eXtensio.) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe O4 - HKCU\..\Run: [KeyboardLeds.exe] . (.KARPOLAN - Keyboard Leds.) -- C:\Users\francis\Documents\Downloads\Keyboard LEDs\KeyboardLeds.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-508806008-1698195023-2188099076-1001\..\Run: [KeyboardLeds.exe] . (.KARPOLAN - Keyboard Leds.) -- C:\Users\francis\Documents\Downloads\Keyboard LEDs\KeyboardLeds.exe ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] http.alipay.com O15 - Trusted Zone: [HKCU\...\Domains] http.alisoft.com O15 - Trusted Zone: [HKCU\...\Domains] http.taobao.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} ((no name)) - http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} ((no name)) - http://support.asus.com/select/asusTek_sys_ctrl3.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} ((no name)) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} ((no name)) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{E3A55E48-9D9C-4E11-80E9-21640F3BE9B8}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{E3A55E48-9D9C-4E11-80E9-21640F3BE9B8}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{E3A55E48-9D9C-4E11-80E9-21640F3BE9B8}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) . (...) - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe O23 - Service: PirritDesktop (PirritDesktop) . (...) - C:\Users\Marie\AppData\Local\PirritSuggestor\PirritService.exe =>PUP.PirritSuggestor ~ Services: 5 Legitimates Filtered in 00mn 05s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{19949B90-BDA3-44C4-B427-988933C44DD1}] (...) -- C:\Users\francis\Desktop\MPSetup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{1A2AB241-1270-4108-97EF-9047AEA3B8A9}] (...) -- C:\Users\francis\Documents\mw9791fra.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{33B7896D-231C-457D-A219-1EE0328D14DB}] (...) -- c:\users\francis\appdata\local\lollipop\swbglpuf.bat (.not file.) [0] =>Adware.Lollipop [MD5.00000000000000000000000000000000] [APT] [{38C5F037-3D5E-4581-979F-B490A5952ED6}] (...) -- C:\Users\francis\Documents\T‚l‚chargements\AdobeAIRInstaller.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{54ABE3FB-C084-46C8-B243-D59FE228C461}] (...) -- C:\Users\francis\Downloads\clear_flash.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{56B2DCDF-2516-4F36-8892-E54ABBC9061D}] (...) -- C:\Users\francis\AppData\Local\Temp\Temp1_pen_tablet_driver_5.0_vista-32-bits.zip\Driver 5.0\SETUP.exe (.not file.) [0] [MD5.5E4D5AD7D6B97325158F9B208ED6B98B] [APT] [{5CDD915A-FF35-4F0D-AA8C-4FC888ED70DE}] (...) -- C:\Program Files\Prolific Technology INC\PL-2303 USB-to-Serial\PLUninst.exe [143360] [MD5.00000000000000000000000000000000] [APT] [{A07068EA-4FA1-4176-9E22-5F354B1B8CD2}] (...) -- C:\Users\francis\AppData\Local\Temp\Temp1_Driver 5.02.zip\Driver 5.02 20100630_0513\SETUP.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{ABECC834-1968-495C-9BCD-C14F9803B452}] (...) -- C:\Users\francis\Downloads\vpsupd.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{AF110C21-35B4-4D01-A4B2-E45D3E68D56C}] (...) -- C:\Users\francis\Downloads\3GP_Converter034\3GP_Converter034\Setup.exe (.not file.) [0] [MD5.CDC707BBA6C0A33F4317ECC69D5D24E8] [APT] [{C0404651-A245-434A-BC3B-0E3B0B5195B3}] (.UC-Logic Technology Corp..) -- C:\Windows\SetupX32.exe [360448] [MD5.00000000000000000000000000000000] [APT] [{C2B9B6C0-DAD5-49D8-AE4F-E3DA0CDBE823}] (...) -- D:\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{D18D6F1F-2F9C-4F71-AC79-4F7D6E6E66A2}] (...) -- D:\CK_Installer.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{DA3E3671-1925-4330-8D53-08D9A3BEEBA2}] (...) -- D:\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{F60D9039-CC78-4139-A510-16040C6F5EB8}] (...) -- D:\Vista\SetupWizard.exe (.not file.) [0] ~ Scheduled Task: 25 Legitimates Filtered in 00mn 07s ---\\ HKCU & HKLM Software Keys [HKCU\Software\49034InstEnd] [HKCU\Software\Beamrise] =>Hijacker.Beamrise [HKCU\Software\Filseclab] [HKCU\Software\WSVCUPlugin] [HKLM\Software\Email Notifier] [HKLM\Software\Filseclab] [HKLM\Software\mamverifier] [HKLM\Software\mdr] [HKLM\Software\qt] ~ Key Software: 289 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 22/10/2010 - 09:31:07 - [1,077] ----D C:\Program Files\DeskTask O43 - CFD: 29/04/2013 - 16:49:48 - [0,062] ----D C:\Program Files\mixiedj O43 - CFD: 29/12/2013 - 15:58:42 - [0,060] ----D C:\ProgramData\6cc9b640346d3460 O43 - CFD: 29/12/2010 - 04:50:45 - [0] ----D C:\ProgramData\lPkOe01804 O43 - CFD: 13/11/2010 - 10:26:38 - [0] ----D C:\ProgramData\n7-89-o9-3r-4t-r9 O43 - CFD: 30/12/2013 - 18:07:57 - [1,225] ----D C:\ProgramData\Updater =>PUP.CrossRider O43 - CFD: 10/11/2013 - 08:41:50 - [27,641] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} O43 - CFD: 03/02/2010 - 11:36:37 - [0,910] ----D C:\Users\francis\AppData\Roaming\igraal ~ Program Folder: 222 Legitimates Filtered in 00mn 32s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.C78A393B06201685E018B1F09FADFC40] - 19/02/2014 - 20:24:50 ---A- . (...) -- C:\PhysicalMBR.bin [512] O44 - LFC:[MD5.8266E09D72BA27157575A11E31C8C8E2] - 20/02/2014 - 21:31:10 ---A- . (...) -- C:\Windows\errord.log [108] ~ Files: 41 Legitimates Filtered in 00mn 05s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.BC6DEC509CF5F7823F1F86A136A7564F] - 18/02/2014 - 15:22:18 ---A- - C:\Windows\Prefetch\UNINST.EXE-C580115D.pf O45 - LFCP:[MD5.8C324706E161992E8D9AF062577A8E6E] - 18/02/2014 - 18:22:27 ---A- - C:\Windows\Prefetch\INSTALLER_R16-WINDOWS.EXE-14BFC0A9.pf O45 - LFCP:[MD5.EAD7C351DA7F7D386E373FF1C3BD53FA] - 18/02/2014 - 18:29:08 ---A- - C:\Windows\Prefetch\ADAWARESERVICE.EXE-9615907F.pf O45 - LFCP:[MD5.B015CF1971A3DFA5F9DDF1428D0650BC] - 18/02/2014 - 18:29:08 ---A- - C:\Windows\Prefetch\PIRRITSERVICE.EXE-C482008C.pf O45 - LFCP:[MD5.FC0194949CF8373521A878E2C673E9A5] - 19/02/2014 - 16:44:07 ---A- - C:\Windows\Prefetch\GHSUDOKU.EXE-83B42ECC.pf O45 - LFCP:[MD5.E128FA7FE68DCD579B41856653229CEC] - 19/02/2014 - 16:54:47 ---A- - C:\Windows\Prefetch\ADBLOCKPLUSIE-1.1.EXE-E4DDA935.pf O45 - LFCP:[MD5.1E5AEAA343893823CCA1059A36954AEC] - 19/02/2014 - 17:02:34 ---A- - C:\Windows\Prefetch\ADBLOCKPLUSIE-1.1.EXE-95F70585.pf O45 - LFCP:[MD5.43CD890F8BC0711C78AA49C51DA40CA8] - 19/02/2014 - 17:03:33 ---A- - C:\Windows\Prefetch\ADBLOCKPLUSIE-1.1.EXE-ADF7FB5E.pf O45 - LFCP:[MD5.9C7E6B36D2B678B1C2A95FED2148ABA4] - 20/02/2014 - 20:49:45 ---A- - C:\Windows\Prefetch\ADAWAREDESKTOP.EXE-34C966D4.pf O45 - LFCP:[MD5.4FD3651762008E0CB9A9BEC5DC1CDEA1] - 20/02/2014 - 20:49:47 ---A- - C:\Windows\Prefetch\ADAWARETRAY.EXE-C91E5822.pf O45 - LFCP:[MD5.5834651C7940FB50CA50AFEDE06C2C77] - 20/02/2014 - 21:39:55 ---A- - C:\Windows\Prefetch\PIRRITDESKTOP.EXE-6335D6E1.pf O45 - LFCP:[MD5.34EBA92E64D3E0F28428AD5EECD2CCFA] - 20/02/2014 - 21:40:06 ---A- - C:\Windows\Prefetch\KEYBOARDLEDS.EXE-37914911.pf O45 - LFCP:[MD5.CAB1406BAF91B05CB92B4AC999A248B7] - 20/02/2014 - 21:40:06 ---A- - C:\Windows\Prefetch\USBTIP.EXE-BF2C7046.pf O45 - LFCP:[MD5.493C4FF3036C41C6480050D0859217CE] - 21/02/2014 - 19:30:38 ---A- - C:\Windows\Prefetch\ADBLOCKPLUSENGINE.EXE-9BA24468.pf ~ Prefetcher: 146 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1 ~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.D48659BB24C48345D926ECB45C1EBDF5] - 13/08/2004 - 09:56:20 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [5810] O58 - SDL:[MD5.2AD78087FF299D1596F0336749F84B1F] - 01/08/2007 - 04:39:28 ---A- . (...) -- C:\Windows\System32\Drivers\ASUSHWIO.SYS [12536] O58 - SDL:[MD5.FAF091AA45A6A6CF3CF94FE065950956] - 28/06/2013 - 06:58:22 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175] O58 - SDL:[MD5.3FFBEE694566CADB0A64D8A1ACD7DBCE] - 28/06/2013 - 06:58:22 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175] O58 - SDL:[MD5.22EA82FFE8CA4965C1994F24C35DC202] - 28/06/2013 - 06:58:22 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys.sum [175] O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712] O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624] O58 - SDL:[MD5.339ADEFAD60353F960E3CA67CE468C24] - 23/06/2010 - 10:24:56 ---A- . (.Windows (R) Win 7 DDK provider - RawPacket NDIS Protocol Driver.) -- C:\Windows\System32\Drivers\htcnprot.sys [23040] O58 - SDL:[MD5.3B68015683C27CB00C7A6B60A37CBCFD] - 18/01/2007 - 12:20:54 ---A- . (.Windows (R) Codename Longhorn DDK provider - NDIS User mode I/O Driver.) -- C:\Windows\System32\Drivers\SCMNdisP.sys [21728] O58 - SDL:[MD5.3205EEDEB6E57D9063E703F84721E768] - 08/01/2009 - 18:36:20 ---A- . (.Silicon Laboratories - SiLib WDM Support Driver.) -- C:\Windows\System32\Drivers\SiLib.sys [18944] O58 - SDL:[MD5.BC9C2EF22EE0320C079E3FF9B4D29951] - 01/03/2007 - 11:11:16 ---A- . (.Silicon Laboratories - SiUSBXp.sys.) -- C:\Windows\System32\Drivers\SiUSBXp.sys [14848] O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 24/07/2006 - 16:05:00 ---A- . (...) -- C:\Windows\System32\Drivers\StarOpen.sys [5632] O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072] O58 - SDL:[MD5.F8F6C76F472E7C985B1D3B7F77A6DFE2] - 04/12/2010 - 02:27:11 RSH-- . (...) -- C:\Windows\System32\0DB4AE27B3.sys [88] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:[MD5.5EF7DD401771693245D46F4B0B69FE2B] - 17/03/2008 - 17:45:52 ---A- . (...) -- C:\Windows\System32\Ckldrv.sys [19584] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:[MD5.790A4CA68F44BE35967B3DF61F3E4675] - 07/04/2009 - 09:39:44 ---A- . (...) -- C:\Windows\System32\FsUsbExDisk.Sys [36608] O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:[MD5.EFEBE2245A64337F83A516E5B386648D] - 04/12/2010 - 02:27:11 -SHA- . (...) -- C:\Windows\System32\KGyGaAvL.sys [1682] O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] ~ Drivers: 16 Legitimates Filtered in 00mn 06s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 19/02/2014 - 19:38:21 ---A- . (...) -- C:\Users\francis\Documents\Downloads\adwcleaner.exe [1241834] O61 - LFC: 20/02/2014 - 19:38:13 ---A- . (...) -- C:\Users\francis\AppData\Local\GDIPFONTCACHEV1.DAT [142048] O61 - LFC: 20/02/2014 - 19:38:20 ---A- . (...) -- C:\Users\francis\AppData\Roaming\FlvtoConverter\UserSession.xml [14972] O61 - LFC: 20/02/2014 - 19:38:20 ---A- . (...) -- C:\Users\francis\AppData\Roaming\FlvtoConverter\preview\NERmMmtiZ2VaUjQ=.jpeg [4684] O61 - LFC: 20/02/2014 - 19:38:20 ---A- . (...) -- C:\Users\francis\AppData\Roaming\FlvtoConverter\preview\OUZMZ2xpTVh6Mmc=.jpeg [4808] O61 - LFC: 20/02/2014 - 19:38:20 ---A- . (...) -- C:\Users\francis\AppData\Roaming\FlvtoConverter\preview\QkFpd09uVVJQX0k=.jpeg [4104] O61 - LFC: 20/02/2014 - 19:38:20 ---A- . (...) -- C:\Users\francis\AppData\Roaming\FlvtoConverter\preview\QkNJeUJiRDBRd0E=.jpeg [4695] O61 - LFC: 20/02/2014 - 19:38:20 ---A- . (...) -- C:\Users\francis\AppData\Roaming\FlvtoConverter\preview\Rm9lQURtR0x3VnM=.jpeg [4790] O61 - LFC: 20/02/2014 - 19:38:20 ---A- . (...) -- C:\Users\francis\AppData\Roaming\FlvtoConverter\preview\U0VYaTZfdEtGZWc=.jpeg [4359] O61 - LFC: 20/02/2014 - 19:38:20 ---A- . (...) -- C:\Users\francis\AppData\Roaming\FlvtoConverter\preview\UUVpd0lhUmRsV2M=.jpeg [4852] O61 - LFC: 20/02/2014 - 19:38:20 ---A- . (...) -- C:\Users\francis\AppData\Roaming\FlvtoConverter\preview\UXMzT2N5YnRxaUk=.jpeg [1838] O61 - LFC: 20/02/2014 - 19:38:20 ---A- . (...) -- C:\Users\francis\AppData\Roaming\FlvtoConverter\preview\YVh5SUhsRlp2SG8=.jpeg [2190] O61 - LFC: 20/02/2014 - 19:38:20 ---A- . (...) -- C:\Users\francis\AppData\Roaming\FlvtoConverter\preview\Z0lDOTRnRVV1Yzg=.jpeg [3278] O61 - LFC: 20/02/2014 - 19:38:20 ---A- . (...) -- C:\Users\francis\AppData\Roaming\FlvtoConverter\preview\ak1YY2ZESUxackE=.jpeg [4355] O61 - LFC: 20/02/2014 - 19:38:20 ---A- . (...) -- C:\Users\francis\AppData\Roaming\FlvtoConverter\preview\eGhvZWk=.jpeg [1190] O61 - LFC: 20/02/2014 - 19:38:20 ---A- . (...) -- C:\Users\francis\AppData\Roaming\LavasoftStatistics\adaware.xml [815] O61 - LFC: 20/02/2014 - 19:38:20 ---A- . (...) -- C:\Users\francis\AppData\Roaming\LavasoftStatistics\adaware\E3431D5A-C27F-4D2D-99F5-FDEA3FFBA2F9.xml [815] O61 - LFC: 20/02/2014 - 19:38:21 ---A- . (...) -- C:\Users\francis\AppData\Roaming\MPC-HC\default.mpcpl [162] O61 - LFC: 21/02/2014 - 19:38:20 ---A- . (...) -- C:\Users\francis\AppData\Roaming\Microsoft\OIS\Toolbars.dat [723] O61 - LFC: 21/02/2014 - 19:38:21 ---A- . (...) -- C:\Users\francis\AppData\Roaming\ZHP\Log.txt [74207] =>.Nicolas Coolman O61 - LFC: 21/02/2014 - 19:38:21 ---A- . (...) -- C:\Users\francis\AppData\Roaming\ZHP\TestsZHPDiag.txt [2886] =>.Nicolas Coolman ~ 14 Fichiers temporaires (Temporary files) ~ Files: 84 Legitimates Filtered in 00mn 11s ---\\ Fichiers Alternate Data Stream (ADS) (O62) O62 - ADS:Alternate Data Stream File - C:\Windows\System32\SpoonUninstall.exe:Zone.Identifier ~ ADS: Scanned in 00mn 01s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman O63 - Logiciel: OTL - (.OldTimer.) ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) ~ Legacy: 88 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Not Key.) =>Hijacker.Beamrise O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {1FA98EB0-4F51-44D8-A99A-453CDB3F5F6D} [DefaultScope] - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKUS\S-1-5-19] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKUS\S-1-5-20] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "15DB63817074BE248AB138A12BACE9A6" . (.AdAwareInstaller.) -- C:\Windows\Installer\{1836BD51-4707-42EB-A81B-831AB2CA9E6A}\ARPPRODUCTICON.exe O90 - PUC: "24BED006A334FA04CB4180E20475B72F" . (.AntimalwareEngine.) -- C:\Windows\Installer\{600DEB42-433A-40AF-BC14-082E40577BF2}\ARPPRODUCTICON.exe O90 - PUC: "86737E7112F94334BA6EDC31011365C4" . (.AdAwareUpdater.) -- C:\Windows\Installer\{17E73768-9F21-4334-ABE6-CD131031564C}\ARPPRODUCTICON.exe ~ Update Products: 60 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.99B044D8CC2C9E7637AC585E6F7C33D7] [WIS][07/04/2010] (.Adobe - Blank Project Template.) -- C:\Windows\Installer\1e56763.msi [607744] [MD5.39988793C0BE26963F7C8228E7F04E23] [WIS][06/01/2014] (.Google - Google+ Auto Backup.) -- C:\Windows\Installer\8569161.msi [3088384] ~ WIS: 65 Legitimates Filtered in 00mn 12s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 18/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Disabled 08/05/2008 122880 | (Crypkey License) . (.CrypKey (Canada) Ltd..) - C:\Windows\System32\crypserv.exe SS - | Demand 11/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SS - | Disabled 18/09/2012 1082016 | (Orange update Core Service) . (.France Telecom SA.) - C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe SS - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SS - | Disabled 02/11/2006 174656 | (ProtexisLicensing) . (...) - C:\Windows\system32\PSIService.exe SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 23/01/2014 651232 | (LavasoftAdAwareService11) . (...) - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SR - | Auto 14/02/2014 52568 | (PirritDesktop) . (...) - C:\Users\Marie\AppData\Local\PirritSuggestor\PirritService.exe =>PUP.PirritSuggestor SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 14s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 1 Legitimates Filtered in 00mn 02s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by francis at 21/02/2014 19:39:02 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ---\\ Scan Additionnel (O88) Database Version : 13031 - (17/02/2014) Clés trouvées (Keys found) : 4 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 1 Fichiers trouvés (Files found) : 3 [HKLM\SYSTEM\CurrentControlSet\Services\PirritDesktop] =>PUP.PirritSuggestor^ [HKCU\Software\USyndication] =>Trojan.USyndication [HKCU\Software\usyndication.com] =>Trojan.USyndication [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158}] =>PUP.CrossRider C:\ProgramData\Updater =>PUP.CrossRider^ C:\Users\Marie\AppData\Local\PirritSuggestor\PirritDesktop.exe =>PUP.PirritSuggestor^ [HKCU\Software\Beamrise] =>Hijacker.Beamrise^ O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Not Key.) =>Hijacker.Beamrise^ ~ Additionnel Scan: 229415 Items scanned in 00mn 25s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/41590424-pup-pirritsuggestor =>PUP.PirritSuggestor ~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy =>Hijacker.Proxy ~ http://nicolascoolman.webs.com/apps/blog/show/33263878-hijacker-browser =>Hijacker.Browsers ~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop ~ http://nicolascoolman.webs.com/apps/blog/show/34065742-hijacker-beamrise =>Hijacker.Beamrise ~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider ~ http://nicolascoolman.webs.com/apps/blog/show/27328365-trojan-usyndication =>Trojan.USyndication ~ MSI: 7 link(s) detected in 00mn 25s ~ 1179 Legitimates filtered by white list End of the scan (544 lines in 02mn 52s)(0)