Publicité
Publicité
Format du document : text/plain
Prévisualisation
~ Rapport de ZHPDiag v2013.9.1.2 - Nicolas Coolman (01/09/2013)
~ Lanc� par Yohan (02/09/2013 21:05:20)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version : Version � jour.
~ Liste blanche : Activ�e par le programme
~ El�vation des Privil�ges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.19453
---\\ Informations sur les produits Windows
~ Langage: Fran�ais
Windows Vista Home Premium Edition, 64-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du syst�me
AVG 2013 v13.0.3222
McAfee Security Scan Plus v3.0.318.3
Spybot - Search & Destroy v1.6.2
---\\ Logiciels d'optimisation du syst�me
CCleaner v3.23 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5 - Fran�ais
---\\ Informations sur le syst�me
~ Processor: Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094 MB (40% free)
System Restore: Activ� (Enable)
System drive C: has 517 GB (56%) free of 917 GB
---\\ Mode de connexion au syst�me
~ Computer Name: PC-DE-YOHAN
~ User Name: Yohan
~ All Users Names: Yohan, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\Yohan\AppData\Roaming\
~ %Desktop% : C:\Users\Yohan\Desktop\
~ %Favorites% : C:\Users\Yohan\Favorites\
~ %LocalAppData% : C:\Users\Yohan\AppData\Local\
~ %StartMenu% : C:\Users\Yohan\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enum�ration des unit�s disques
C:\ Hard drive, Flash drive, Thumb drive (Free 517 Go of 917 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 14 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de S�curit� Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.6B08E54A451B3F95E4109DBA7E594270] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 08:10:17.) -- C:\Windows\Explorer.exe [3079168]
[MD5.117EA87DF785CA1B9D821F6F213DCE07] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.21/01/2008 - 03:50:23.) -- C:\Windows\System32\Wininit.exe [123904]
[MD5.05ACA4E454DDD55C60F6033FE6CB7550] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.24/07/2013 - 19:33:25.) -- C:\Windows\System32\wininet.dll [1147392]
[MD5.6D0773A3A65D28B663F334C90441D01A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 08:11:08.) -- C:\Windows\System32\Winlogon.exe [405504]
[MD5.C4F6CE6087760AD70960C9EB130E7943] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.03/01/2012 - 15:25:21.) -- C:\Windows\system32\Drivers\AFD.sys [404992]
[MD5.1898FAE8E07D97F2F6C2D5326C633FAC] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 03:46:50.) -- C:\Windows\system32\Drivers\atapi.sys [22584]
[MD5.B4D787DB8D30793A4D4DF9FEED18F136] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:50:39.) -- C:\Windows\system32\Drivers\Cdfs.sys [90624]
[MD5.C025AA69BE3D0D25C7A2E746EF6F94FC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 06:34:39.) -- C:\Windows\system32\Drivers\Cdrom.sys [79872]
[MD5.8B722BA35205C71E7951CDC4CDBADE19] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 16:14:19.) -- C:\Windows\system32\Drivers\DfsC.sys [97792]
[MD5.F942C5820205F2FB453243EDFEC82A3D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 06:39:41.) -- C:\Windows\system32\Drivers\HDAudBus.sys [948736]
[MD5.CBB597659A2713CE0C9CC20C88C7591F] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:46:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [64000]
[MD5.B7E6212F581EA5F6AB0C3A6CEEEB89BE] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:48:45.) -- C:\Windows\system32\Drivers\IpNat.sys [115712]
[MD5.1485811B320FF8C7EDAD1CAEBB1C6C2B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:39:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [135680]
[MD5.FC2C792EBDDC8E28DF939D6A92C83D61] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 06:42:33.) -- C:\Windows\system32\Drivers\netBT.sys [248320]
[MD5.2ACCAA3C3C55370A32F17B3595E1A217] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.03/03/2013 - 20:13:14.) -- C:\Windows\system32\Drivers\ntfs.sys [1513320]
[MD5.AECD57F94C887F58919F307C35498EA0] - (.Microsoft Corporation - Pilote de port parall�le.) (.02/11/2006 - 10:37:57.) -- C:\Windows\system32\Drivers\Parport.sys [96768]
[MD5.AC7BC4D42A7E558718DFDEC599BBFC2C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/04/2009 - 06:43:38.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.C045D1FB111C28DF0D1BE8D4BDA22C06] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:46:51.) -- C:\Windows\system32\Drivers\rdpdr.sys [314368]
[MD5.290B6F6A0EC4FCDFC90F5CB6D7020473] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 06:42:19.) -- C:\Windows\system32\Drivers\smb.sys [88064]
[MD5.458919C8C42E398DC4802178D5FFEE27] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 06:43:00.) -- C:\Windows\system32\Drivers\tdx.sys [94720]
[MD5.582F710097B46140F5A89A19A6573D4B] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.21/08/2012 - 12:50:57.) -- C:\Windows\system32\Drivers\volsnap.sys [267648]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/12137
~ Mes musiques (My Musics) : 1/4954
~ Mes Videos (My Videos) : 1/33
~ Mes Favoris (My Favorites) : 1/164
~ Mes Documents (My Documents) : 1/9541
~ Mon Bureau (My Desktop) : 1/217
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 13s
---\\ Processus lanc�s au d�marrage du syst�me
[MD5.731F68141C806BD2359FD878CD05C929] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [182808] [PID.3876]
[MD5.762A5BD25FF00D0376959A8611B327AC] - (.Nokia - Nokia Launch Application.) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1414144] [PID.2780]
[MD5.5DC79FA6E8A946B425DCBFC2447807F0] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor (CUE).) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [233472] [PID.3520]
[MD5.BD713579A87D698E1F2158CE10E48130] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [272248] [PID.3580]
[MD5.5227A03FAC3C50B1C89A692887D6E39B] - (.Immanens - Delivery Manager.) -- C:\Users\Yohan\AppData\Roaming\Delivery\DeliveryManager.exe [1073288] [PID.1472]
[MD5.9A4322EE420D6FACD4D4B1FF6CB856B1] - (.Hewlett-Packard Company - hpsysdrv.) -- C:\hp\support\hpsysdrv.exe [65536] [PID.3676]
[MD5.4575C69BC34B111C99A5DFBE8AF10EBB] - (.Hewlett-Packard - hpwuSchd.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd.exe [49152] [PID.3980]
[MD5.1568FF282E268082C67CF0C3EBCC9179] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320] [PID.2504]
[MD5.B77081F8221968C7DAB794B0BA55C43E] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896] [PID.3468]
[MD5.8FFDB89A0FB7C8ABC3A8825E38047341] - (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136] [PID.3400]
[MD5.288D8A54FE326AE26AD43F348E646147] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440] [PID.3324]
[MD5.E4C53CE8409DCFF708C790A0AC76398D] - (...) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe [264040] [PID.3936]
[MD5.DDB1C559E36063532ED1CBC101C17DA3] - (.Hewlett-Packard Company - KBD EXE.) -- C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [94208] [PID.4848]
[MD5.A6430C0A0E1AAE273AA8F1BD1F341A36] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [508336] [PID.6128]
[MD5.8E436BD0D9C2CB57306070DFEA3D4513] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392] [PID.4460]
[MD5.68825D489DE0DC71FF3A62D6452684BA] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7860224] [PID.3784]
[MD5.ABDD5AD016AFFD34AD40E944CE94BF59] - (.SEIKO EPSON CORPORATION - eEBAPI Core Process module.) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208] [PID.1748]
[MD5.B33CF4DE909A5B30F526D82053A63C8E] - (.ABBYY - ABBYY network license server.) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048] [PID.1468]
[MD5.4DB93F4DB7077801D2D82013506AC1D0] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312] [PID.2064]
[MD5.48939D9F350AEF9370F03A1E49A49BE2] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136] [PID.2084]
[MD5.DFEFF67508D3A9AEB1A85D7B0F513B24] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2176]
[MD5.C7F5C284B6F46FCAF6910EA4E644700B] - (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208] [PID.2248]
[MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe [81920] [PID.2524]
[MD5.1117AF8C53AA278A4C5B7EF1B00E08F4] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840] [PID.2800]
[MD5.8726802EA4FBFFA3FD54FD2449BF51D4] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe [217992] [PID.3016]
[MD5.C2644DC3CAC06AFF97A9359632C9C175] - (.Nokia - ServiceLayer Module.) -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe [651776] [PID.4928]
[MD5.9B0C086221E066C46BBEC017EABA3DF3] - (.Nokia - Serial Media Server.) -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe [120832] [PID.4216]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://search.qvo6.com =>Hijacker.Qvo6
G2 - GCE: Preference [User Data\Default] [cnmdgidklhhnmppphpohildcefnaaflp] Services x86 v.1.24.124, (Activ�) =>PUP.CrossRider
G2 - GCE: Preference [User Data\Default] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.1.1.5.0, (Activ�)
~ Google Browser: 11 Legitimates Filtered in 00mn 26s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Yohan\AppData\Roaming\Mozilla\Firefox\Profiles\89480t25.default\prefs.js
M3 - MFPP: Plugins - [Yohan] -- C:\Users\Yohan\AppData\Roaming\Mozilla\Firefox\Profiles\89480t25.default\searchplugins\durable.xml
M0 - MFSP: prefs.js [Yohan - 89480t25.default] r_pref("browser.startup.homepage", );
M2 - MFEP: prefs.js [Yohan - 89480t25.default\2020Player@2020Technologies.com] [] Visualisateur 3D de 20-20 v5.0.4.0 (..)
M2 - MFEP: prefs.js [Yohan - 89480t25.default\217e8200-a3b3-43df-b951-8ec01d483d7f@b98c6809-1f3f-41a1-bb1c-692cf84781e9.com] [] Services x86 v5.0.4.0 (..) =>PUP.CrossRider
M2 - MFEP: prefs.js [Yohan - 89480t25.default\toolbar@waltershop.com] [] WalterShop v1.0 (..)
M2 - MFEP: prefs.js [Yohan - 89480t25.default\{3112ca9c-de6d-4884-a869-9855de68056c}(205)] [] Google Toolbar for Firefox v7.1.20110512W (..) =>Toolbar.Google
M2 - MFEP: prefs.js [Yohan - 89480t25.default\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}] [] Adobe DLM (powered by getPlus(R)) v1,6,2,48 (..)
~ Firefox Browser: 43 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com =>Hijacker.Qvo6
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.durable.com
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Shareaza Web Download Hook [64Bits] - {0EEDB912-C5FA-486F-8334-57288578C627} . (.Shareaza Development Team - Shareaza Web Download Hook.) -- C:\Program Files (x86)\Shareaza\RazaWebHook64.dll
~ BHO: 8 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Easy Photo Print [64Bits] - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL x64).) -- C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (.not file.)
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe (.not file.)
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PC Suite Tray] . (.Nokia - Nokia Launch Application.) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [EPSON2827E2 (Epson Stylus SX420W)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe
O4 - HKCU\..\Run: [Epson Stylus SX420W(R�seau)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Yohan\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Wow6432Node\Run: [KBD] . (.Microsoft - Kbd Stub.) -- C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Wow6432Node\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [LWS] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-21262426-847970319-4084508109-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-21262426-847970319-4084508109-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-21262426-847970319-4084508109-1000\..\Run: [PC Suite Tray] . (.Nokia - Nokia Launch Application.) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
O4 - HKUS\S-1-5-21-21262426-847970319-4084508109-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-21262426-847970319-4084508109-1000\..\Run: [EPSON2827E2 (Epson Stylus SX420W)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe
O4 - HKUS\S-1-5-21-21262426-847970319-4084508109-1000\..\Run: [Epson Stylus SX420W(R�seau)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe
O4 - HKUS\S-1-5-21-21262426-847970319-4084508109-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Yohan\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-21262426-847970319-4084508109-1000\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe (.not file.)
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: CyberLink DVD Suite Deluxe.lnk . (.CyberLink - PowerStarter.) -- C:\Program Files (x86)\Cyberlink\CyberLink DVD Suite Deluxe\PowerStarter.exe
O4 - GS\Programs: Free mp3 Wma Converter.lnk . (.Koyote Soft - Free Audio Converter.) -- C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe
O4 - GS\Programs: MediaInfo.lnk . (.MediaArea.net - All about your audio and video files.) -- C:\Program Files\MediaInfo\MediaInfo.exe
O4 - GS\Programs: Webplayer.lnk . (...) -- C:\Users\Yohan\AppData\Roaming\Microsoft\Installer\{9937E55B-6331-4804-93EF-77E992F204BD}\_3F7CDAE07E1639C4AEA7A8.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: iexplore - Raccourci.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Microsoft Office Outlook.lnk . (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Nokia Ovi Player.lnk . (.Macrovision Corporation - InstallShield.) -- C:\Windows\Installer\{A528306A-C5EC-481C-A619-6106334E6800}\NewShortcut2_CDF681E133824FFDB6C41A0530C561D5.exe
O4 - GS\QuickLaunch: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
O4 - Global Startup: C:\Users\Yohan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Plantation des l�gumes du soleil au potager.url . (.Google Inc. - Picasa.) -- C:\Users\Yohan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Plantation des l�gumes du soleil au potager.url
O4 - GS\QuickLaunch: Shareaza.lnk . (.Shareaza Development Team - Shareaza Ultimate File Sharing.) -- C:\Program Files (x86)\Shareaza\Shareaza.exe
O4 - GS\QuickLaunch: SpeedUpMyPC.lnk . (...) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\Launcher.exe (.not file.) =>Rogue SpeedUpMyPC
O4 - GS\QuickLaunch: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
O4 - GS\QuickLaunch: VDownloader.lnk . (.Vitzo - VDownloader.) -- C:\Program Files (x86)\VDownloader\VDownloader.exe
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\SendTo: MediaInfo.lnk . (...) -- C:\Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe
O4 - GS\Desktop: Continue Codec Pack Installation.lnk . (...) -- C:\Users\Yohan\AppData\Local\Temp\ICReinstall_UltimateCodec.exe
O4 - GS\Desktop: Easy Audio Cutter.lnk . (.Koyote Soft - Pas de description.) -- C:\Program Files (x86)\Free Audio Pack\Easy Audio Cutter\AudioCutter.exe
O4 - GS\Desktop: Farming Simulator 2011 Demo.lnk . (.GIANTS Software GmbH - GIANTS Startup.) -- C:\Program Files (x86)\Farming Simulator 2011 Demo\FarmingSimulator2011.exe
O4 - GS\Desktop: Free CD Ripper.lnk . (.Koyote Soft - FreeCDRipper.) -- C:\Program Files (x86)\Free Audio Pack\Free CD Ripper\FreeCDRipper.exe
O4 - GS\Desktop: Free Mp3 Wma Converter.lnk . (.Koyote Soft - Free Audio Converter.) -- C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe
O4 - GS\Desktop: Img sequentielles.lnk . (.od - Images s�quentielles 2.0.0.0 for Windows.) -- C:\Program Files (x86)\CD Maternelle\Images Sequentielles\Images sequentielles.exe
O4 - GS\Desktop: JPEG Compression.lnk . (...) -- C:\Program Files (x86)\JPEG Compression\JPEG Compression.exe
O4 - GS\Desktop: Microsoft Office PowerPoint 2007.lnk . (...) -- C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\Desktop: Ordinateur.lnk - Cl� orpheline
O4 - GS\Desktop: PhotoFiltre.lnk . (.Antonio Da Cruz - PhotoFiltre.) -- C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe
O4 - GS\Desktop: Public.lnk . (...) -- C:\Users\Public
O4 - GS\Desktop: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.) -- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
O4 - GS\Desktop: Video Performer.lnk . (.PerformerSoft LLC - Video Performer.) -- C:\Program Files (x86)\VideoPerformer\VideoPerformer.exe =>PUP.VideoPerformer
O4 - GS\Desktop: Webplayer.lnk . (...) -- C:\Users\Yohan\AppData\Roaming\Microsoft\Installer\{9937E55B-6331-4804-93EF-77E992F204BD}\_481820CA410C366184E158.exe
~ Global Startup: Scanned in 00mn 01s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} ((no name)) - http://download.eset.com/special/eos/OnlineScanner.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EECF099-8002-4DE0-A3B2-2C9A6260450C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3EECF099-8002-4DE0-A3B2-2C9A6260450C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3EECF099-8002-4DE0-A3B2-2C9A6260450C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Titr_HJT34=Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\OPTIMI~1\OPTPRO~2.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s
---\\ Cl� de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon [64Bits] - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioth�que de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\ROC_REG_JAN_DELETE.job [298]
[MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files (x86)\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find
[MD5.C78234DCAFDA1C5D4440977DF9A39F51] [APT] [ROC_REG_JAN_DELETE] (...) -- C:\ProgramData\AVG January 2013 Campaign\ROC.exe [1234000]
[MD5.00000000000000000000000000000000] [APT] [{1192810D-3228-4D09-9C35-CB036E1F02ED}] (...) -- C:\Users\Yohan\Desktop\tux-typing_tuxtype_2_v.1.5.3_francais_12808.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{374B588B-638D-4A21-B558-E987EA6650EE}] (...) -- E:\Install.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B292F52E-CAAE-4E0E-8422-5E48470AE345}] (...) -- c:\Users\Yohan\Documents\Yohan\APTunerInstall308.exe (.not file.) [0]
[MD5.7129CB4990153CE3B841D9BB5E74A4D2] [APT] [{CBF2F516-02E6-460B-8C9C-EBD937D5738B}] (...) -- C:\Users\Yohan\Downloads\time_mr_wolf_WWS.exe [729851]
[MD5.00000000000000000000000000000000] [APT] [{E18942AF-1152-450D-BC02-BB2AB2ED646F}] (...) -- E:\Setup.exe (.not file.) [0]
~ Scheduled Task: 29 Legitimates Filtered in 00mn 05s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Ens Demo - 9782011178725 - 0 - (.Hachette Collection.) [HKLM][64Bits] -- Hachette Education MN2.0-9782011178725-0
O42 - Logiciel: Images S�quentielles - (...) [HKCU][64Bits] -- Images S�quentielles
O42 - Logiciel: Logico Floc - (...) [HKLM][64Bits] -- Logico Floc
O42 - Logiciel: MyPC Backup - (.MyPC Backup.) [HKLM][64Bits] -- MyPC Backup =>PUP.MyPCBackup
O42 - Logiciel: Shareaza 2.5.5.0 - (.Shareaza Development Team.) [HKLM][64Bits] -- Shareaza_is1
O42 - Logiciel: mots_eval 1.1 - (...) [HKLM][64Bits] -- ST6UNST #1
~ Logic: 210 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Shareaza]
[HKCU\Software\TVANTS]
[HKCU\Software\Yahoo] =>Toolbar.Yahoo
[HKLM\Software\Wow6432Node\Editions JOCATOP]
[HKLM\Software\Wow6432Node\SEJER]
[HKLM\Software\Wow6432Node\Shareaza]
[HKLM\Software\Wow6432Node\Yahoo] =>Toolbar.Yahoo
~ Key Software: 336 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/08/2013 - 08:05:23 - [0,471] ----D C:\Program Files (x86)\BrowseToSave =>Adware.Browse2Save
O43 - CFD: 20/02/2013 - 16:34:09 - [3,563] ----D C:\Program Files (x86)\CD Maternelle
O43 - CFD: 10/07/2011 - 12:13:45 - [0] ----D C:\Program Files (x86)\comptes
O43 - CFD: 19/01/2011 - 18:23:58 - [151,918] ----D C:\Program Files (x86)\FlocPM
O43 - CFD: 29/06/2011 - 15:43:56 - [0,529] ----D C:\Program Files (x86)\mots_eval 1.1
O43 - CFD: 03/09/2011 - 15:17:25 - [26,981] ----D C:\Program Files (x86)\Shareaza
O43 - CFD: 31/12/2009 - 15:53:36 - [0,000] ----D C:\Program Files (x86)\SuperMarioPac
O43 - CFD: 26/02/2011 - 14:25:48 - [10,206] ----D C:\Program Files (x86)\Tux4kids
O43 - CFD: 22/10/2009 - 14:35:54 - [0] ----D C:\Program Files (x86)\Yahoo! =>Toolbar.Yahoo
O43 - CFD: 05/06/2011 - 09:24:02 - [0,003] ----D C:\Program Files (x86)\Common Files\Spigot(2) =>PUP.Dealio
O43 - CFD: 09/06/2011 - 07:20:51 - [0,003] ----D C:\Program Files (x86)\Common Files\Spigot(6) =>PUP.Dealio
O43 - CFD: 22/10/2009 - 15:38:49 - [0,001] ----D C:\ProgramData\Gamerizon
O43 - CFD: 03/04/2013 - 05:10:15 - [1,575] ----D C:\ProgramData\InstallMate
O43 - CFD: 09/05/2009 - 23:09:35 - [6,585] ----D C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
O43 - CFD: 20/08/2013 - 09:03:39 - [0] ----D C:\ProgramData\?C?C
O43 - CFD: 15/04/2013 - 19:15:38 - [0] ----D C:\Users\Yohan\AppData\Roaming\4152013191417
O43 - CFD: 15/04/2013 - 19:17:00 - [0] ----D C:\Users\Yohan\AppData\Roaming\4152013191638
O43 - CFD: 21/10/2009 - 00:20:53 - [0] ----D C:\Users\Yohan\AppData\Roaming\PPLive
O43 - CFD: 21/10/2009 - 00:18:39 - [0] ----D C:\Users\Yohan\AppData\Roaming\PPStream
O43 - CFD: 07/07/2009 - 15:36:09 - [1,495] ----D C:\Users\Yohan\AppData\Roaming\Shareaza
O43 - CFD: 12/10/2009 - 18:51:49 - [0] ----D C:\Users\Yohan\AppData\Roaming\Yahoo! =>Toolbar.Yahoo
O43 - CFD: 01/11/2010 - 15:59:15 - [0,602] ----D C:\Users\Yohan\AppData\Roaming\_dlytmp
O43 - CFD: 07/07/2009 - 15:36:09 - [1331,961] ----D C:\Users\Yohan\AppData\Local\Shareaza
O43 - CFD: 20/02/2013 - 16:34:19 - [0,003] ----D C:\Users\Yohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD Maternelle
O43 - CFD: 06/01/2011 - 20:26:27 - [0,001] ----D C:\Users\Yohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jeux
O43 - CFD: 19/01/2011 - 18:24:43 - [0] ----D C:\Users\Yohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logico Floc
O43 - CFD: 29/06/2011 - 15:43:56 - [0] ----D C:\Users\Yohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mots_eval 1.1
~ 133 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 441 Legitimates Filtered in 01mn 07s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.251D06CD1F16488413D8AD3863DA7804] - 01/09/2013 - 07:34:58 ---A- - C:\Windows\Prefetch\LOLLIPOPINSTALLER_14633.EXE-EADC7BB4.pf =>Adware.Lollipop
O45 - LFCP:[MD5.E996853C5E6A1DB5A66E75871000B9DD] - 01/09/2013 - 07:35:37 ---A- - C:\Windows\Prefetch\DESKSVC.EXE-8515B334.pf
O45 - LFCP:[MD5.59D31DDD2C63C1A67BB53B6320DBF216] - 01/09/2013 - 07:36:00 ---A- - C:\Windows\Prefetch\EGDPSVC.EXE-6538F154.pf
O45 - LFCP:[MD5.D993C0BD5D7257DB06ACFBDB5576E1F0] - 01/09/2013 - 07:36:42 ---A- - C:\Windows\Prefetch\OPTIMIZERPRO.EXE-A8629C8A.pf =>PUP.OptimizerPro
O45 - LFCP:[MD5.47571C949525AFEE5DABFCAC9B687DE8] - 01/09/2013 - 07:40:00 ---A- - C:\Windows\Prefetch\DEALPLYLIVEHANDLER.EXE-899DE85E.pf =>PUP.DealPly
O45 - LFCP:[MD5.A68369CBEC2047CD334F4A43DA5D3159] - 01/09/2013 - 07:42:04 ---A- - C:\Windows\Prefetch\OPTIMIZERPRO.EXE-FBADA244.pf =>PUP.OptimizerPro
O45 - LFCP:[MD5.8413068D6CF466EFB08BF9473D381CFD] - 01/09/2013 - 14:36:05 ---A- - C:\Windows\Prefetch\UNINST1.EXE-A7003E31.pf
O45 - LFCP:[MD5.2EBE3ACF1A7247820E9E827F934EF3B5] - 01/09/2013 - 14:40:45 ---A- - C:\Windows\Prefetch\DELTASRV.EXE-87DFC3CC.pf
O45 - LFCP:[MD5.CE2680FB16320C0260D267B88A0384D0] - 01/09/2013 - 14:46:56 ---A- - C:\Windows\Prefetch\WINZIPERSVC.EXE-4098CB18.pf
O45 - LFCP:[MD5.53A79337F310125A050BD9EB37CC9828] - 01/09/2013 - 15:40:10 ---A- - C:\Windows\Prefetch\DEALPLYLIVE.EXE-7C5A9B4D.pf =>PUP.DealPly
O45 - LFCP:[MD5.FFB1917D2A05DFF1730B37827D850256] - 02/09/2013 - 06:09:05 ---A- - C:\Windows\Prefetch\HPWUSCHD.EXE-811D3EC4.pf
O45 - LFCP:[MD5.5522B8AF7246DF85070AEEC084B00095] - 02/09/2013 - 06:09:22 ---A- - C:\Windows\Prefetch\DELIVERYMANAGER.EXE-E13D97D2.pf
O45 - LFCP:[MD5.88B9DFB9CD93220A685DC05DC5C8936B] - 02/09/2013 - 06:09:55 ---A- - C:\Windows\Prefetch\OPTPROSMARTSCAN.EXE-C1870D10.pf
O45 - LFCP:[MD5.1DCAA7FE4ED6C84E492E1E021EC76ED3] - 02/09/2013 - 16:45:04 ---A- - C:\Windows\Prefetch\EEBSVC.EXE-B54BBA46.pf
O45 - LFCP:[MD5.F52122F89AC78FB341B487044C234115] - 02/09/2013 - 17:08:01 ---A- - C:\Windows\Prefetch\IBSVC.EXE-01CFB7AC.pf =>Adware.InstallBrain
O45 - LFCP:[MD5.9753993F3D6D80A087F10D7E0869115F] - 02/09/2013 - 18:34:00 ---A- - C:\Windows\Prefetch\UPDATE~1.EXE-5FC928B2.pf
O45 - LFCP:[MD5.45578DC934E36878F8818378B6C5843F] - 02/09/2013 - 18:42:21 ---A- - C:\Windows\Prefetch\DUP.EXE-17314DD1.pf
O45 - LFCP:[MD5.4C09DA6347750877E4BB0F757714FDFE] - 02/09/2013 - 19:09:24 ---A- - C:\Windows\Prefetch\KBDSTUB.EXE-5D73B5F0.pf
O45 - LFCP:[MD5.6E898BAB55B8FA0F5242E78970E1618C] - 02/09/2013 - 19:09:30 ---A- - C:\Windows\Prefetch\CAMERAHELPERSHELL.EXE-B72657EC.pf
O45 - LFCP:[MD5.876EBBA4B5F0CCB291D54F1EF5497EEE] - 02/09/2013 - 19:10:19 ---A- - C:\Windows\Prefetch\NCLINSTALLER64.EXE-3236F8A6.pf
O45 - LFCP:[MD5.11651C0545AF80C1719E5F479D60A2C6] - 31/08/2013 - 20:01:05 ---A- - C:\Windows\Prefetch\WEBPLAYER.EXE-23034C49.pf =>Adware.SocialSkinz
O45 - LFCP:[MD5.A275027252DA2F69DFC2F55F1AA06E6B] - 31/08/2013 - 20:01:39 ---A- - C:\Windows\Prefetch\DELTATB.EXE-F45D3BCC.pf =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.C50F2C0A86959ABC135769E561D7AF8B] - 31/08/2013 - 20:02:21 ---A- - C:\Windows\Prefetch\BPROTECT.EXE-29953251.pf
O45 - LFCP:[MD5.4F3DB07EAA3DEFEAC052D89F7051F7C9] - 31/08/2013 - 20:02:54 ---A- - C:\Windows\Prefetch\MYDELTATB.EXE-9DDDE2D6.pf =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.516E1E72C5AE403D94DE110935661BF0] - 31/08/2013 - 20:02:57 ---A- - C:\Windows\Prefetch\DELTA4IE.EXE-83532506.pf
O45 - LFCP:[MD5.83689CD427C6627FFBF45ACFD00004BA] - 31/08/2013 - 20:03:01 ---A- - C:\Windows\Prefetch\DELTA4FFX.EXE-A8E9D9EC.pf
O45 - LFCP:[MD5.DBFEC0DE78AA3C53B9DB287F3E3F9547] - 31/08/2013 - 20:03:07 ---A- - C:\Windows\Prefetch\BABMAINT.EXE-F97FB5C2.pf =>Hijacker.BabSolution
O45 - LFCP:[MD5.A716D4B928FBE57A25695BC31960C131] - 31/08/2013 - 20:03:19 ---A- - C:\Windows\Prefetch\PUSH.EXE-5BC94E9C.pf
O45 - LFCP:[MD5.3C1EDE1C25819B06C78169F41974FDE1] - 31/08/2013 - 20:05:19 ---A- - C:\Windows\Prefetch\BUBBLE.EXE-949FB2C0.pf
O45 - LFCP:[MD5.D7771FECFF910F17D6209153E89DC8F0] - 31/08/2013 - 21:11:24 ---A- - C:\Windows\Prefetch\BROWSERDEFENDER.EXE-4144012A.pf =>Hijacker.Eazel
~ Prefetcher: 137 Legitimates Filtered in 00mn 00s
---\\ Enum�ration des cl�s de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\VeohPlugin [Key] . (...) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (.not file.) =>Adware.SocialSkinz
~ SMSR Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Enum�ration des cl�s de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enum�ration des cl�s de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "HonorAutoRunSetting"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=0
~ MWPE Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du syst�me (SDL) (O58)
O58 - SDL:[MD5.241C32E942869FD1351CC5864976C3AC] - 20/07/2013 - 00:50:56 . (...) -- C:\Windows\System32\Drivers\avgidsdrivera.sys [246072]
O58 - SDL:[MD5.BE913403ED7219894B30E362FD8D4313] - 11/09/2011 - 09:37:12 ---A- . (.Oak Technology Inc. - Audio File System.) -- C:\Windows\SysWOW64\drivers\AFS.SYS [77004]
~ Drivers: 16 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 01/09/2013 - 14:35:58 ---A- . (...) -- C:\Users\Yohan\AppData\Local\avgchrome\avgp [150157]
O61 - LFC: 02/09/2013 - 18:40:48 ---A- . (.BFOURNIER.) -- C:\Users\Yohan\Downloads\gs_fiche_eleve.doc [30208]
O61 - LFC: 02/09/2013 - 18:41:20 ---A- . (.BFOURNIER.) -- C:\Users\Yohan\Downloads\gs_recapitulatif_classe.doc [65536]
O61 - LFC: 02/09/2013 - 18:41:33 ---A- . (.BFOURNIER.) -- C:\Users\Yohan\Downloads\gs_recapitulatif_classe (1).doc [65536]
O61 - LFC: 02/09/2013 - 18:58:55 ---A- . (...) -- C:\Users\Yohan\Downloads\UltimateCodec.exe [714368]
O61 - LFC: 02/09/2013 - 19:00:58 ---A- . (...) -- C:\Users\Yohan\Downloads\adwcleaner.exe [1037134]
O61 - LFC: 02/09/2013 - 20:06:17 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\Local State [52790]
O61 - LFC: 30/08/2013 - 08:09:07 ---A- . (...) -- C:\Users\Yohan\Downloads\EVALUATION_DIAGNOSTIQUE.doc [221184]
O61 - LFC: 30/08/2013 - 09:10:24 ---A- . (.Maryline.) -- C:\Users\Yohan\Downloads\trousseau_de_cl---.doc [726016]
O61 - LFC: 30/08/2013 - 09:10:35 ---A- . (.Maryline.) -- C:\Users\Yohan\Downloads\trousseau_de_cl---2.doc [79872]
O61 - LFC: 30/08/2013 - 09:10:44 ---A- . (.Penfret.) -- C:\Users\Yohan\Downloads\porte_individuelle.doc [31744]
O61 - LFC: 30/08/2013 - 09:11:13 ---A- . (.Penfret.) -- C:\Users\Yohan\Downloads\les_droits_lies_aux_portes.doc [86528]
O61 - LFC: 30/08/2013 - 10:18:29 ---A- . (...) -- C:\Users\Yohan\Downloads\Progression_Maths_CE2.pdf [445925]
O61 - LFC: 30/08/2013 - 10:26:05 ---A- . (...) -- C:\Users\Yohan\Downloads\programmation-de-mathematiques-2011-2012 (1).zip [12544]
O61 - LFC: 30/08/2013 - 10:26:16 ---A- . (...) -- C:\Users\Yohan\Downloads\programmation-de-mathematiques-2011-2012.zip [12544]
O61 - LFC: 30/08/2013 - 14:20:25 ---A- . (...) -- C:\Users\Yohan\Downloads\CA_Maths_CM1_FR.pdf [1047559]
O61 - LFC: 30/08/2013 - 14:23:54 ---A- . (...) -- C:\Users\Yohan\Downloads\CA_Maths_CM1_DIFF.pdf [750138]
O61 - LFC: 30/08/2013 - 15:03:44 ---A- . (...) -- C:\Users\Yohan\Downloads\pdf_Outil_pour_le_diagnostic_et_la_remediation_des_difficultes_d-acquisition_de_la_lecture_en_3e_et_4e_a_ressource_6664_1_.pdf [3012197]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_pnacl_json [379]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtbeginS_o [2432]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o [2008]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o [2120]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtendS_o [1343]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o [1342]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe [2221512]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a [6416]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a [46812]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_eh_a [234888]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a [167354]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a [1710]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe [8944040]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\manifest.fingerprint [66]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\manifest.json [575]
O61 - LFC: 30/08/2013 - 19:44:09 ---A- . (...) -- C:\Users\Yohan\Downloads\CA_EXT_MATHS_CM1_BASSEDEF.pdf [11661005]
O61 - LFC: 31/08/2013 - 10:25:27 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [268170]
O61 - LFC: 31/08/2013 - 20:00:40 ---A- . (...) -- C:\Users\Yohan\Downloads\webplayer.exe [523920] =>Adware.SocialSkinz
O61 - LFC: 31/08/2013 - 20:00:43 ---A- . (...) -- C:\Users\Yohan\Downloads\webplayer (1).exe [523920]
O61 - LFC: 31/08/2013 - 20:01:34 ---A- . (...) -- C:\Users\Yohan\Downloads\webplayer (2).exe [523920]
O61 - LFC: 31/08/2013 - 20:04:12 ---A- . (...) -- C:\Users\Yohan\Downloads\webplayer (3).exe [523920]
O61 - LFC: 31/08/2013 - 20:04:17 ---A- . (...) -- C:\Users\Yohan\Downloads\webplayer (4).exe [523920]
~ 55 Fichiers temporaires (Temporary files)
~ Files: 412 Legitimates Filtered in 06mn 37s
---\\ Liste des outils de d�sinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 18 Legitimates Filtered in 00mn 00s
---\\ Menu de d�marrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {3B0AF159-7765-4FC2-9782-9A80B1225097} - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {3EEFB6E4-3B31-44F0-9409-95F73FDE69FF} - (Yahoo!) - http://fr.search.yahoo.com =>Toolbar.Yahoo
O69 - SBI: SearchScopes [HKCU] {54E62DFE-A1E4-4A2A-83EA-D104E92E70D5} - (01NET.com Main Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKCU] {82B5F35F-ABDC-4BC6-BF94-0F12E247F09C} - (Kelkoo) - http://fr.kelkoopartners.net
O69 - SBI: SearchScopes [HKCU] {ACC77B45-9F4A-44CF-9694-1A189FD93AF4} - (Yahoo-Mp3Tube) - http://mp3tubetoolbarsearch.com =>Adware.Mp3Tube
O69 - SBI: SearchScopes [HKCU] {F9692F89-191E-4B2E-8628-5F78389EE0A7} - (Yahoo! Search) - http://fr.search.yahoo.com =>Toolbar.Yahoo
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {316B56CA-C460-45E9-A062-91B1AFF8943E} - (AVG Secure Search) - http://search.avg.com =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {316B56CA-C460-45E9-A062-91B1AFF8943E} - (AVG Secure Search) - http://search.avg.com =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuli�re � la racine du syst�me (SPRF) (O84)
[MD5.34A25AB73766C2E9B8E5B507F1415E73] [SPRF][02/09/2013] (...) -- C:\ProgramData\nvModes.dat [81327]
[MD5.800C53D5480E733E18056489BC068A30] [SPRF][11/11/2011] (...) -- C:\Users\Yohan\AppData\Local\d3d9caps.dat [680]
[MD5.105F54F12671D2C85B7E91777FA55835] [SPRF][21/08/2013] (...) -- C:\Users\Yohan\AppData\Local\d3d9caps64.dat [1460]
[MD5.3C3C170247315525BAA5B3526741FC16] [SPRF][14/09/2011] (...) -- C:\Users\Yohan\AppData\Local\fusioncache.dat [93]
[MD5.6E1799926209C193FDB2E05A271C5B49] [SPRF][01/09/2013] (...) -- C:\Users\Yohan\AppData\Local\Temp\BackupSetup.exe [10340624]
[MD5.3BB12F100F4CA64D8FCFCB6EAEC22767] [SPRF][30/06/2013] (.DealPly Technologies Ltd. - DealPly.) -- C:\Users\Yohan\AppData\Local\Temp\dp.exe [1443656] =>PUP.DealPly
[MD5.A0F824989CB843D3C9EEDB7457254C0F] [SPRF][02/09/2013] (...) -- C:\Users\Yohan\AppData\Local\Temp\ICReinstall_UltimateCodec.exe [714368]
[MD5.2A00675C8B0105BF938F22DAA5FC9B79] [SPRF][01/09/2013] (...) -- C:\Users\Yohan\AppData\Local\Temp\Quarantine.exe [344507]
[MD5.DE1BD315B11A2C3B11882004A660906F] [SPRF][27/02/2013] (...) -- C:\Users\Yohan\AppData\Local\Temp\restorer1.0.0.1.exe [195072]
[MD5.50AC1576693B7026D54B2D73E2C51E76] [SPRF][19/08/2013] (.Pas de propri�taire - Pricora.) -- C:\Users\Yohan\AppData\Local\Temp\silent_pricora_deltaArgs_FR.exe [5658552] =>Adware.Pricora
[MD5.3C74C26999F2060BC6302448F173A342] [SPRF][28/08/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Yohan\AppData\Local\Temp\uninst1.exe [340464] =>Toolbar.Babylon
[MD5.1FFB2EBE1F95C5E5AEC1512EA686049C] [SPRF][24/08/2012] (...) -- C:\Users\Yohan\AppData\LocalLow\dt.dat [27520]
[MD5.C1BF28202A1376FD30BC9FA34E32AB2D] [SPRF][19/08/2013] (...) -- C:\Users\Yohan\AppData\Roaming\wklnhst.dat [3080]
[MD5.84E71D807E1F09F3E6870C75EF0E60BE] [SPRF][06/02/2011] (.Green Eclipse Software - WebSetup.) -- C:\Users\Yohan\Desktop\Install EclipseCrossword.exe [49152]
[MD5.D29B36A48AFF5923981944E567F819BC] [SPRF][09/01/2011] (...) -- C:\Users\Yohan\Desktop\inst_jepuisje.exe [2282354]
[MD5.01A26D7E991E53515E90B3010C3F66D8] [SPRF][19/08/2013] (.Media Player - Codec Pack - Media Player - Codec Pack.) -- C:\Users\Yohan\Desktop\media-player-codec-pack-v4-2-5-setup.exe [27640048]
[MD5.3851DD14F26DF2AF30FC3E58AC37E8EC] [SPRF][10/08/2008] (.Squared 5 - MPEG Streamclip.) -- C:\Users\Yohan\Desktop\MPEG_Streamclip.exe [1083904]
~ Files: 23 Legitimates Filtered in 00mn 08s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{30A935E0-BA51-492A-BC5B-C11F0F4DCC1D}C:\program files (x86)\shareaza\shareaza.exe" | In - Public - P6 - TRUE | .(.Shareaza Development Team.) -- C:\program files (x86)\shareaza\shareaza.exe
O87 - FAEL: "UDP Query User{9CE005C7-BFCD-48D5-89A7-32B150DB98F7}C:\program files (x86)\shareaza\shareaza.exe" | In - Public - P17 - TRUE | .(.Shareaza Development Team.) -- C:\program files (x86)\shareaza\shareaza.exe
O87 - FAEL: "TCP Query User{C80E389F-ED73-4281-826D-17166E547E68}C:\program files (x86)\shareaza\shareaza.exe" | In - Private - P6 - TRUE | .(.Shareaza Development Team.) -- C:\program files (x86)\shareaza\shareaza.exe
O87 - FAEL: "UDP Query User{7B4CCEBA-9F5E-4137-8135-D2CEE29C9A8D}C:\program files (x86)\shareaza\shareaza.exe" | In - Private - P17 - TRUE | .(.Shareaza Development Team.) -- C:\program files (x86)\shareaza\shareaza.exe
~ Firewall: 272 Legitimates Filtered in 00mn 03s
---\\ Enum�re les codes produits des logiciels (PUC) (O90)
O90 - PUC: "DF77116C4C73F5C4EBC60EA4A83C996B" . (.EclipseCrossword.) -- C:\Windows\Installer\{C61177FD-37C4-4C5F-BE6C-E04A8AC399B6}\_6FEFF9B68218417F98F549.exe
~ Update Products: 161 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.24207776E93D8980FDD8DBA523DD33D8] [WIS][28/02/2010] (.Nokia Corporation - Ovi Player Installation.) -- C:\Windows\Installer\140a6c.msi [774656]
[MD5.305C8D7D563079F13ADC054466EEC9DB] [WIS][15/07/2013] (.Google Inc. - Google Update Helper.) -- C:\Windows\Installer\253f1b1.msi [22528]
[MD5.61BABC630A2F30BCCFF38C98F1B08A6B] [WIS][10/02/2013] (.Skype Limited - Facebook Video Calling 1.2.0.287.) -- C:\Windows\Installer\6eca84a.msi [112640]
~ WIS: 168 Legitimates Filtered in 00mn 12s
---\\ Etat g�n�ral des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 14/05/2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
SS - | Demand 20/08/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 04/07/2013 4939312 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
SR - | Auto 23/07/2013 283136 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
SR - | Auto 19/12/2006 94208 | (EpsonBidirectionalService) . (.SEIKO EPSON CORPORATION.) - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 15/10/2009 238328 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
SS - | Auto 08/07/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08/07/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 09/10/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 03/11/2008 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 17/03/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 05/02/2013 235216 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
SS - | Demand 13/02/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 24/09/2008 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
SR - | Auto 26/06/2009 382496 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 24/09/2008 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe
SR - | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Demand 17/09/2009 651776 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 21/01/2008 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 00\00\0000 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 26/09/2008 27632 | ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.Cyberlink Corp..) - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
~ Services: Scanned in 00mn 16s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Yohan at 02/09/2013 21:17:52
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Yohan at 02/09/2013 21:17:54
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : v2.12874 - (01/09/2013)
Cl�s trouv�es (Keys found) : 14
Valeurs trouv�es (Values found) : 2
Dossiers trouv�s (Folders found) : 10
Fichiers trouv�s (Files found) : 21
[HKLM\Software\Google\Chrome\Extensions\cnmdgidklhhnmppphpohildcefnaaflp] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup] =>PUP.MyPCBackup^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\VeohPlugin] =>Adware.SocialSkinz^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{49783ED4-258D-4f9f-BE11-137C18D3E543}] =>Adware.Casino
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8959EC83-3C83-4E74-8086-7AA5D9C75CAC}] =>PUP.Whitesmoke
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =>PUP.Dealio
C:\Users\Yohan\AppData\Roaming\Mozilla\Firefox\Profiles\89480t25.default\217e8200-a3b3-43df-b951-8ec01d483d7f@b98c6809-1f3f-41a1-bb1c-692cf84781e9.com =>PUP.CrossRider^
C:\Users\Yohan\AppData\Roaming\Mozilla\Firefox\Profiles\89480t25.default\{3112ca9c-de6d-4884-a869-9855de68056c}(205) =>Toolbar.Google^
C:\Program Files (x86)\BrowseToSave =>Adware.Browse2Save^
C:\Program Files (x86)\Yahoo! =>Toolbar.Yahoo^
C:\Program Files (x86)\Common Files\Spigot(2) =>PUP.Dealio^
C:\Program Files (x86)\Common Files\Spigot(6) =>PUP.Dealio^
C:\Users\Yohan\AppData\Roaming\Yahoo! =>Toolbar.Yahoo^
C:\Program Files (x86)\VideoPerformer =>PUP.VideoPerformer
C:\ProgramData\InstallMate =>Toolbar.Tarma
C:\ProgramData\AVG January 2013 Campaign =>Toolbar.AVGSearch
C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp =>PUP.CrossRider^
C:\Program Files (x86)\VideoPerformer\VideoPerformer.exe =>PUP.VideoPerformer^
[HKCU\Software\Yahoo] =>Toolbar.Yahoo^
[HKLM\Software\Wow6432Node\Yahoo] =>Toolbar.Yahoo^
C:\Windows\Prefetch\LOLLIPOPINSTALLER_14633.EXE-EADC7BB4.pf =>Adware.Lollipop^
C:\Windows\Prefetch\OPTIMIZERPRO.EXE-A8629C8A.pf =>PUP.OptimizerPro^
C:\Windows\Prefetch\DEALPLYLIVEHANDLER.EXE-899DE85E.pf =>PUP.DealPly^
C:\Windows\Prefetch\OPTIMIZERPRO.EXE-FBADA244.pf =>PUP.OptimizerPro^
C:\Windows\Prefetch\DEALPLYLIVE.EXE-7C5A9B4D.pf =>PUP.DealPly^
C:\Windows\Prefetch\IBSVC.EXE-01CFB7AC.pf =>Adware.InstallBrain^
C:\Windows\Prefetch\WEBPLAYER.EXE-23034C49.pf =>Adware.SocialSkinz^
C:\Windows\Prefetch\DELTATB.EXE-F45D3BCC.pf =>Toolbar.DeltaSearch^
C:\Windows\Prefetch\MYDELTATB.EXE-9DDDE2D6.pf =>Toolbar.DeltaSearch^
C:\Windows\Prefetch\BABMAINT.EXE-F97FB5C2.pf =>Hijacker.BabSolution^
C:\Windows\Prefetch\BROWSERDEFENDER.EXE-4144012A.pf =>Hijacker.Eazel^
C:\Users\Yohan\Downloads\webplayer.exe =>Adware.SocialSkinz^
C:\Users\Yohan\AppData\Local\Temp\dp.exe =>PUP.DealPly^
C:\Users\Yohan\AppData\Local\Temp\silent_pricora_deltaArgs_FR.exe =>Adware.Pricora^
C:\Users\Yohan\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon^
~ Additionnel Scan: 455947 Items scanned in 00mn 46s
---\\ R�capitulatif des d�tections trouv�es sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26631242-hijacker-qvo6 =>Hijacker.Qvo6
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blog/show/29895028-pup-videoperformer =>PUP.VideoPerformer
~ http://nicolascoolman.webs.com/apps/blog/show/26630379-hijacker-22find =>Hijacker.22Find
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blog/show/26627530-adware-browse2save =>Adware.Browse2Save
~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
~ http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro =>PUP.OptimizerPro
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/26907365-adware-installbrain =>Adware.InstallBrain
~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/27134028-adware-mp3tube =>Adware.MP3Tube
~ http://nicolascoolman.webs.com/apps/blog/show/29294184-adware-pricora =>Adware.Pricora
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/28388393-adware-casino =>Adware.Casino
~ http://nicolascoolman.webs.com/apps/blog/show/27636417-pup-whitesmoke =>PUP.WhiteSmoke
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>Toolbar.Tarma
~ MSI: 23 link(s) detected in 00mn 46s
~ 2202 Legitimates filtered by white list
End of the scan (722 lines in 13mn 22s)(0)
~ Lanc� par Yohan (02/09/2013 21:05:20)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version : Version � jour.
~ Liste blanche : Activ�e par le programme
~ El�vation des Privil�ges : OK
~ User Account Control (UAC): Activate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.19453
---\\ Informations sur les produits Windows
~ Langage: Fran�ais
Windows Vista Home Premium Edition, 64-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : WQD8Q
Windows License : OK
Windows Automatic Updates : OK
---\\ Logiciels de protection du syst�me
AVG 2013 v13.0.3222
McAfee Security Scan Plus v3.0.318.3
Spybot - Search & Destroy v1.6.2
---\\ Logiciels d'optimisation du syst�me
CCleaner v3.23 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5 - Fran�ais
---\\ Informations sur le syst�me
~ Processor: Intel64 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4094 MB (40% free)
System Restore: Activ� (Enable)
System drive C: has 517 GB (56%) free of 917 GB
---\\ Mode de connexion au syst�me
~ Computer Name: PC-DE-YOHAN
~ User Name: Yohan
~ All Users Names: Yohan, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\Yohan\AppData\Roaming\
~ %Desktop% : C:\Users\Yohan\Desktop\
~ %Favorites% : C:\Users\Yohan\Favorites\
~ %LocalAppData% : C:\Users\Yohan\AppData\Local\
~ %StartMenu% : C:\Users\Yohan\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enum�ration des unit�s disques
C:\ Hard drive, Flash drive, Thumb drive (Free 517 Go of 917 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 14 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de S�curit� Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.6B08E54A451B3F95E4109DBA7E594270] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 08:10:17.) -- C:\Windows\Explorer.exe [3079168]
[MD5.117EA87DF785CA1B9D821F6F213DCE07] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.21/01/2008 - 03:50:23.) -- C:\Windows\System32\Wininit.exe [123904]
[MD5.05ACA4E454DDD55C60F6033FE6CB7550] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.24/07/2013 - 19:33:25.) -- C:\Windows\System32\wininet.dll [1147392]
[MD5.6D0773A3A65D28B663F334C90441D01A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 08:11:08.) -- C:\Windows\System32\Winlogon.exe [405504]
[MD5.C4F6CE6087760AD70960C9EB130E7943] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.03/01/2012 - 15:25:21.) -- C:\Windows\system32\Drivers\AFD.sys [404992]
[MD5.1898FAE8E07D97F2F6C2D5326C633FAC] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.21/01/2008 - 03:46:50.) -- C:\Windows\system32\Drivers\atapi.sys [22584]
[MD5.B4D787DB8D30793A4D4DF9FEED18F136] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:50:39.) -- C:\Windows\system32\Drivers\Cdfs.sys [90624]
[MD5.C025AA69BE3D0D25C7A2E746EF6F94FC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 06:34:39.) -- C:\Windows\system32\Drivers\Cdrom.sys [79872]
[MD5.8B722BA35205C71E7951CDC4CDBADE19] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 16:14:19.) -- C:\Windows\system32\Drivers\DfsC.sys [97792]
[MD5.F942C5820205F2FB453243EDFEC82A3D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 06:39:41.) -- C:\Windows\system32\Drivers\HDAudBus.sys [948736]
[MD5.CBB597659A2713CE0C9CC20C88C7591F] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:46:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [64000]
[MD5.B7E6212F581EA5F6AB0C3A6CEEEB89BE] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:48:45.) -- C:\Windows\system32\Drivers\IpNat.sys [115712]
[MD5.1485811B320FF8C7EDAD1CAEBB1C6C2B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:39:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [135680]
[MD5.FC2C792EBDDC8E28DF939D6A92C83D61] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 06:42:33.) -- C:\Windows\system32\Drivers\netBT.sys [248320]
[MD5.2ACCAA3C3C55370A32F17B3595E1A217] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.03/03/2013 - 20:13:14.) -- C:\Windows\system32\Drivers\ntfs.sys [1513320]
[MD5.AECD57F94C887F58919F307C35498EA0] - (.Microsoft Corporation - Pilote de port parall�le.) (.02/11/2006 - 10:37:57.) -- C:\Windows\system32\Drivers\Parport.sys [96768]
[MD5.AC7BC4D42A7E558718DFDEC599BBFC2C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/04/2009 - 06:43:38.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.C045D1FB111C28DF0D1BE8D4BDA22C06] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:46:51.) -- C:\Windows\system32\Drivers\rdpdr.sys [314368]
[MD5.290B6F6A0EC4FCDFC90F5CB6D7020473] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 06:42:19.) -- C:\Windows\system32\Drivers\smb.sys [88064]
[MD5.458919C8C42E398DC4802178D5FFEE27] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 06:43:00.) -- C:\Windows\system32\Drivers\tdx.sys [94720]
[MD5.582F710097B46140F5A89A19A6573D4B] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.21/08/2012 - 12:50:57.) -- C:\Windows\system32\Drivers\volsnap.sys [267648]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/12137
~ Mes musiques (My Musics) : 1/4954
~ Mes Videos (My Videos) : 1/33
~ Mes Favoris (My Favorites) : 1/164
~ Mes Documents (My Documents) : 1/9541
~ Mon Bureau (My Desktop) : 1/217
~ Menu demarrer (Programs) : 1/42
~ Hidden Files: Scanned in 00mn 13s
---\\ Processus lanc�s au d�marrage du syst�me
[MD5.731F68141C806BD2359FD878CD05C929] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [182808] [PID.3876]
[MD5.762A5BD25FF00D0376959A8611B327AC] - (.Nokia - Nokia Launch Application.) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1414144] [PID.2780]
[MD5.5DC79FA6E8A946B425DCBFC2447807F0] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor (CUE).) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [233472] [PID.3520]
[MD5.BD713579A87D698E1F2158CE10E48130] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [272248] [PID.3580]
[MD5.5227A03FAC3C50B1C89A692887D6E39B] - (.Immanens - Delivery Manager.) -- C:\Users\Yohan\AppData\Roaming\Delivery\DeliveryManager.exe [1073288] [PID.1472]
[MD5.9A4322EE420D6FACD4D4B1FF6CB856B1] - (.Hewlett-Packard Company - hpsysdrv.) -- C:\hp\support\hpsysdrv.exe [65536] [PID.3676]
[MD5.4575C69BC34B111C99A5DFBE8AF10EBB] - (.Hewlett-Packard - hpwuSchd.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd.exe [49152] [PID.3980]
[MD5.1568FF282E268082C67CF0C3EBCC9179] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320] [PID.2504]
[MD5.B77081F8221968C7DAB794B0BA55C43E] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896] [PID.3468]
[MD5.8FFDB89A0FB7C8ABC3A8825E38047341] - (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136] [PID.3400]
[MD5.288D8A54FE326AE26AD43F348E646147] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440] [PID.3324]
[MD5.E4C53CE8409DCFF708C790A0AC76398D] - (...) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe [264040] [PID.3936]
[MD5.DDB1C559E36063532ED1CBC101C17DA3] - (.Hewlett-Packard Company - KBD EXE.) -- C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [94208] [PID.4848]
[MD5.A6430C0A0E1AAE273AA8F1BD1F341A36] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [508336] [PID.6128]
[MD5.8E436BD0D9C2CB57306070DFEA3D4513] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [829392] [PID.4460]
[MD5.68825D489DE0DC71FF3A62D6452684BA] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7860224] [PID.3784]
[MD5.ABDD5AD016AFFD34AD40E944CE94BF59] - (.SEIKO EPSON CORPORATION - eEBAPI Core Process module.) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208] [PID.1748]
[MD5.B33CF4DE909A5B30F526D82053A63C8E] - (.ABBYY - ABBYY network license server.) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048] [PID.1468]
[MD5.4DB93F4DB7077801D2D82013506AC1D0] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312] [PID.2064]
[MD5.48939D9F350AEF9370F03A1E49A49BE2] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136] [PID.2084]
[MD5.DFEFF67508D3A9AEB1A85D7B0F513B24] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2176]
[MD5.C7F5C284B6F46FCAF6910EA4E644700B] - (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208] [PID.2248]
[MD5.875E4E0661F3A5994DF9E5E3A0A4F96B] - (.Prolific Technology Inc. - PLFlash DeviceIoControl Service.) -- C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe [81920] [PID.2524]
[MD5.1117AF8C53AA278A4C5B7EF1B00E08F4] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840] [PID.2800]
[MD5.8726802EA4FBFFA3FD54FD2449BF51D4] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe [217992] [PID.3016]
[MD5.C2644DC3CAC06AFF97A9359632C9C175] - (.Nokia - ServiceLayer Module.) -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe [651776] [PID.4928]
[MD5.9B0C086221E066C46BBEC017EABA3DF3] - (.Nokia - Serial Media Server.) -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe [120832] [PID.4216]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://search.qvo6.com =>Hijacker.Qvo6
G2 - GCE: Preference [User Data\Default] [cnmdgidklhhnmppphpohildcefnaaflp] Services x86 v.1.24.124, (Activ�) =>PUP.CrossRider
G2 - GCE: Preference [User Data\Default] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.1.1.5.0, (Activ�)
~ Google Browser: 11 Legitimates Filtered in 00mn 26s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Yohan\AppData\Roaming\Mozilla\Firefox\Profiles\89480t25.default\prefs.js
M3 - MFPP: Plugins - [Yohan] -- C:\Users\Yohan\AppData\Roaming\Mozilla\Firefox\Profiles\89480t25.default\searchplugins\durable.xml
M0 - MFSP: prefs.js [Yohan - 89480t25.default] r_pref("browser.startup.homepage", );
M2 - MFEP: prefs.js [Yohan - 89480t25.default\2020Player@2020Technologies.com] [] Visualisateur 3D de 20-20 v5.0.4.0 (..)
M2 - MFEP: prefs.js [Yohan - 89480t25.default\217e8200-a3b3-43df-b951-8ec01d483d7f@b98c6809-1f3f-41a1-bb1c-692cf84781e9.com] [] Services x86 v5.0.4.0 (..) =>PUP.CrossRider
M2 - MFEP: prefs.js [Yohan - 89480t25.default\toolbar@waltershop.com] [] WalterShop v1.0 (..)
M2 - MFEP: prefs.js [Yohan - 89480t25.default\{3112ca9c-de6d-4884-a869-9855de68056c}(205)] [] Google Toolbar for Firefox v7.1.20110512W (..) =>Toolbar.Google
M2 - MFEP: prefs.js [Yohan - 89480t25.default\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}] [] Adobe DLM (powered by getPlus(R)) v1,6,2,48 (..)
~ Firefox Browser: 43 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com =>Hijacker.Qvo6
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.durable.com
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0
~ IE Browser: 18 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Shareaza Web Download Hook [64Bits] - {0EEDB912-C5FA-486F-8334-57288578C627} . (.Shareaza Development Team - Shareaza Web Download Hook.) -- C:\Program Files (x86)\Shareaza\RazaWebHook64.dll
~ BHO: 8 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Easy Photo Print [64Bits] - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL x64).) -- C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (.not file.)
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe (.not file.)
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PC Suite Tray] . (.Nokia - Nokia Launch Application.) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [EPSON2827E2 (Epson Stylus SX420W)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe
O4 - HKCU\..\Run: [Epson Stylus SX420W(R�seau)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Yohan\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Wow6432Node\Run: [KBD] . (.Microsoft - Kbd Stub.) -- C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Wow6432Node\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [LWS] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-21262426-847970319-4084508109-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-21262426-847970319-4084508109-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-21262426-847970319-4084508109-1000\..\Run: [PC Suite Tray] . (.Nokia - Nokia Launch Application.) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
O4 - HKUS\S-1-5-21-21262426-847970319-4084508109-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-21262426-847970319-4084508109-1000\..\Run: [EPSON2827E2 (Epson Stylus SX420W)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe
O4 - HKUS\S-1-5-21-21262426-847970319-4084508109-1000\..\Run: [Epson Stylus SX420W(R�seau)] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.exe
O4 - HKUS\S-1-5-21-21262426-847970319-4084508109-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Yohan\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-21262426-847970319-4084508109-1000\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe (.not file.)
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: CyberLink DVD Suite Deluxe.lnk . (.CyberLink - PowerStarter.) -- C:\Program Files (x86)\Cyberlink\CyberLink DVD Suite Deluxe\PowerStarter.exe
O4 - GS\Programs: Free mp3 Wma Converter.lnk . (.Koyote Soft - Free Audio Converter.) -- C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe
O4 - GS\Programs: MediaInfo.lnk . (.MediaArea.net - All about your audio and video files.) -- C:\Program Files\MediaInfo\MediaInfo.exe
O4 - GS\Programs: Webplayer.lnk . (...) -- C:\Users\Yohan\AppData\Roaming\Microsoft\Installer\{9937E55B-6331-4804-93EF-77E992F204BD}\_3F7CDAE07E1639C4AEA7A8.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: iexplore - Raccourci.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Microsoft Office Outlook.lnk . (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Nokia Ovi Player.lnk . (.Macrovision Corporation - InstallShield.) -- C:\Windows\Installer\{A528306A-C5EC-481C-A619-6106334E6800}\NewShortcut2_CDF681E133824FFDB6C41A0530C561D5.exe
O4 - GS\QuickLaunch: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
O4 - Global Startup: C:\Users\Yohan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Plantation des l�gumes du soleil au potager.url . (.Google Inc. - Picasa.) -- C:\Users\Yohan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Plantation des l�gumes du soleil au potager.url
O4 - GS\QuickLaunch: Shareaza.lnk . (.Shareaza Development Team - Shareaza Ultimate File Sharing.) -- C:\Program Files (x86)\Shareaza\Shareaza.exe
O4 - GS\QuickLaunch: SpeedUpMyPC.lnk . (...) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\Launcher.exe (.not file.) =>Rogue SpeedUpMyPC
O4 - GS\QuickLaunch: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
O4 - GS\QuickLaunch: VDownloader.lnk . (.Vitzo - VDownloader.) -- C:\Program Files (x86)\VDownloader\VDownloader.exe
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\SendTo: MediaInfo.lnk . (...) -- C:\Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe
O4 - GS\Desktop: Continue Codec Pack Installation.lnk . (...) -- C:\Users\Yohan\AppData\Local\Temp\ICReinstall_UltimateCodec.exe
O4 - GS\Desktop: Easy Audio Cutter.lnk . (.Koyote Soft - Pas de description.) -- C:\Program Files (x86)\Free Audio Pack\Easy Audio Cutter\AudioCutter.exe
O4 - GS\Desktop: Farming Simulator 2011 Demo.lnk . (.GIANTS Software GmbH - GIANTS Startup.) -- C:\Program Files (x86)\Farming Simulator 2011 Demo\FarmingSimulator2011.exe
O4 - GS\Desktop: Free CD Ripper.lnk . (.Koyote Soft - FreeCDRipper.) -- C:\Program Files (x86)\Free Audio Pack\Free CD Ripper\FreeCDRipper.exe
O4 - GS\Desktop: Free Mp3 Wma Converter.lnk . (.Koyote Soft - Free Audio Converter.) -- C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe
O4 - GS\Desktop: Img sequentielles.lnk . (.od - Images s�quentielles 2.0.0.0 for Windows.) -- C:\Program Files (x86)\CD Maternelle\Images Sequentielles\Images sequentielles.exe
O4 - GS\Desktop: JPEG Compression.lnk . (...) -- C:\Program Files (x86)\JPEG Compression\JPEG Compression.exe
O4 - GS\Desktop: Microsoft Office PowerPoint 2007.lnk . (...) -- C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\Desktop: Ordinateur.lnk - Cl� orpheline
O4 - GS\Desktop: PhotoFiltre.lnk . (.Antonio Da Cruz - PhotoFiltre.) -- C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe
O4 - GS\Desktop: Public.lnk . (...) -- C:\Users\Public
O4 - GS\Desktop: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.) -- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
O4 - GS\Desktop: Video Performer.lnk . (.PerformerSoft LLC - Video Performer.) -- C:\Program Files (x86)\VideoPerformer\VideoPerformer.exe =>PUP.VideoPerformer
O4 - GS\Desktop: Webplayer.lnk . (...) -- C:\Users\Yohan\AppData\Roaming\Microsoft\Installer\{9937E55B-6331-4804-93EF-77E992F204BD}\_481820CA410C366184E158.exe
~ Global Startup: Scanned in 00mn 01s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} ((no name)) - http://download.eset.com/special/eos/OnlineScanner.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EECF099-8002-4DE0-A3B2-2C9A6260450C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3EECF099-8002-4DE0-A3B2-2C9A6260450C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3EECF099-8002-4DE0-A3B2-2C9A6260450C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Titr_HJT34=Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\OPTIMI~1\OPTPRO~2.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s
---\\ Cl� de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon [64Bits] - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioth�que de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\ROC_REG_JAN_DELETE.job [298]
[MD5.00000000000000000000000000000000] [APT] [Desk 365 RunAsStdUser] (...) -- C:\Program Files (x86)\Desk 365\desk365.exe (.not file.) [0] =>Hijacker.22Find
[MD5.C78234DCAFDA1C5D4440977DF9A39F51] [APT] [ROC_REG_JAN_DELETE] (...) -- C:\ProgramData\AVG January 2013 Campaign\ROC.exe [1234000]
[MD5.00000000000000000000000000000000] [APT] [{1192810D-3228-4D09-9C35-CB036E1F02ED}] (...) -- C:\Users\Yohan\Desktop\tux-typing_tuxtype_2_v.1.5.3_francais_12808.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{374B588B-638D-4A21-B558-E987EA6650EE}] (...) -- E:\Install.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B292F52E-CAAE-4E0E-8422-5E48470AE345}] (...) -- c:\Users\Yohan\Documents\Yohan\APTunerInstall308.exe (.not file.) [0]
[MD5.7129CB4990153CE3B841D9BB5E74A4D2] [APT] [{CBF2F516-02E6-460B-8C9C-EBD937D5738B}] (...) -- C:\Users\Yohan\Downloads\time_mr_wolf_WWS.exe [729851]
[MD5.00000000000000000000000000000000] [APT] [{E18942AF-1152-450D-BC02-BB2AB2ED646F}] (...) -- E:\Setup.exe (.not file.) [0]
~ Scheduled Task: 29 Legitimates Filtered in 00mn 05s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Ens Demo - 9782011178725 - 0 - (.Hachette Collection.) [HKLM][64Bits] -- Hachette Education MN2.0-9782011178725-0
O42 - Logiciel: Images S�quentielles - (...) [HKCU][64Bits] -- Images S�quentielles
O42 - Logiciel: Logico Floc - (...) [HKLM][64Bits] -- Logico Floc
O42 - Logiciel: MyPC Backup - (.MyPC Backup.) [HKLM][64Bits] -- MyPC Backup =>PUP.MyPCBackup
O42 - Logiciel: Shareaza 2.5.5.0 - (.Shareaza Development Team.) [HKLM][64Bits] -- Shareaza_is1
O42 - Logiciel: mots_eval 1.1 - (...) [HKLM][64Bits] -- ST6UNST #1
~ Logic: 210 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Shareaza]
[HKCU\Software\TVANTS]
[HKCU\Software\Yahoo] =>Toolbar.Yahoo
[HKLM\Software\Wow6432Node\Editions JOCATOP]
[HKLM\Software\Wow6432Node\SEJER]
[HKLM\Software\Wow6432Node\Shareaza]
[HKLM\Software\Wow6432Node\Yahoo] =>Toolbar.Yahoo
~ Key Software: 336 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/08/2013 - 08:05:23 - [0,471] ----D C:\Program Files (x86)\BrowseToSave =>Adware.Browse2Save
O43 - CFD: 20/02/2013 - 16:34:09 - [3,563] ----D C:\Program Files (x86)\CD Maternelle
O43 - CFD: 10/07/2011 - 12:13:45 - [0] ----D C:\Program Files (x86)\comptes
O43 - CFD: 19/01/2011 - 18:23:58 - [151,918] ----D C:\Program Files (x86)\FlocPM
O43 - CFD: 29/06/2011 - 15:43:56 - [0,529] ----D C:\Program Files (x86)\mots_eval 1.1
O43 - CFD: 03/09/2011 - 15:17:25 - [26,981] ----D C:\Program Files (x86)\Shareaza
O43 - CFD: 31/12/2009 - 15:53:36 - [0,000] ----D C:\Program Files (x86)\SuperMarioPac
O43 - CFD: 26/02/2011 - 14:25:48 - [10,206] ----D C:\Program Files (x86)\Tux4kids
O43 - CFD: 22/10/2009 - 14:35:54 - [0] ----D C:\Program Files (x86)\Yahoo! =>Toolbar.Yahoo
O43 - CFD: 05/06/2011 - 09:24:02 - [0,003] ----D C:\Program Files (x86)\Common Files\Spigot(2) =>PUP.Dealio
O43 - CFD: 09/06/2011 - 07:20:51 - [0,003] ----D C:\Program Files (x86)\Common Files\Spigot(6) =>PUP.Dealio
O43 - CFD: 22/10/2009 - 15:38:49 - [0,001] ----D C:\ProgramData\Gamerizon
O43 - CFD: 03/04/2013 - 05:10:15 - [1,575] ----D C:\ProgramData\InstallMate
O43 - CFD: 09/05/2009 - 23:09:35 - [6,585] ----D C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
O43 - CFD: 20/08/2013 - 09:03:39 - [0] ----D C:\ProgramData\?C?C
O43 - CFD: 15/04/2013 - 19:15:38 - [0] ----D C:\Users\Yohan\AppData\Roaming\4152013191417
O43 - CFD: 15/04/2013 - 19:17:00 - [0] ----D C:\Users\Yohan\AppData\Roaming\4152013191638
O43 - CFD: 21/10/2009 - 00:20:53 - [0] ----D C:\Users\Yohan\AppData\Roaming\PPLive
O43 - CFD: 21/10/2009 - 00:18:39 - [0] ----D C:\Users\Yohan\AppData\Roaming\PPStream
O43 - CFD: 07/07/2009 - 15:36:09 - [1,495] ----D C:\Users\Yohan\AppData\Roaming\Shareaza
O43 - CFD: 12/10/2009 - 18:51:49 - [0] ----D C:\Users\Yohan\AppData\Roaming\Yahoo! =>Toolbar.Yahoo
O43 - CFD: 01/11/2010 - 15:59:15 - [0,602] ----D C:\Users\Yohan\AppData\Roaming\_dlytmp
O43 - CFD: 07/07/2009 - 15:36:09 - [1331,961] ----D C:\Users\Yohan\AppData\Local\Shareaza
O43 - CFD: 20/02/2013 - 16:34:19 - [0,003] ----D C:\Users\Yohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD Maternelle
O43 - CFD: 06/01/2011 - 20:26:27 - [0,001] ----D C:\Users\Yohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jeux
O43 - CFD: 19/01/2011 - 18:24:43 - [0] ----D C:\Users\Yohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logico Floc
O43 - CFD: 29/06/2011 - 15:43:56 - [0] ----D C:\Users\Yohan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mots_eval 1.1
~ 133 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 441 Legitimates Filtered in 01mn 07s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.251D06CD1F16488413D8AD3863DA7804] - 01/09/2013 - 07:34:58 ---A- - C:\Windows\Prefetch\LOLLIPOPINSTALLER_14633.EXE-EADC7BB4.pf =>Adware.Lollipop
O45 - LFCP:[MD5.E996853C5E6A1DB5A66E75871000B9DD] - 01/09/2013 - 07:35:37 ---A- - C:\Windows\Prefetch\DESKSVC.EXE-8515B334.pf
O45 - LFCP:[MD5.59D31DDD2C63C1A67BB53B6320DBF216] - 01/09/2013 - 07:36:00 ---A- - C:\Windows\Prefetch\EGDPSVC.EXE-6538F154.pf
O45 - LFCP:[MD5.D993C0BD5D7257DB06ACFBDB5576E1F0] - 01/09/2013 - 07:36:42 ---A- - C:\Windows\Prefetch\OPTIMIZERPRO.EXE-A8629C8A.pf =>PUP.OptimizerPro
O45 - LFCP:[MD5.47571C949525AFEE5DABFCAC9B687DE8] - 01/09/2013 - 07:40:00 ---A- - C:\Windows\Prefetch\DEALPLYLIVEHANDLER.EXE-899DE85E.pf =>PUP.DealPly
O45 - LFCP:[MD5.A68369CBEC2047CD334F4A43DA5D3159] - 01/09/2013 - 07:42:04 ---A- - C:\Windows\Prefetch\OPTIMIZERPRO.EXE-FBADA244.pf =>PUP.OptimizerPro
O45 - LFCP:[MD5.8413068D6CF466EFB08BF9473D381CFD] - 01/09/2013 - 14:36:05 ---A- - C:\Windows\Prefetch\UNINST1.EXE-A7003E31.pf
O45 - LFCP:[MD5.2EBE3ACF1A7247820E9E827F934EF3B5] - 01/09/2013 - 14:40:45 ---A- - C:\Windows\Prefetch\DELTASRV.EXE-87DFC3CC.pf
O45 - LFCP:[MD5.CE2680FB16320C0260D267B88A0384D0] - 01/09/2013 - 14:46:56 ---A- - C:\Windows\Prefetch\WINZIPERSVC.EXE-4098CB18.pf
O45 - LFCP:[MD5.53A79337F310125A050BD9EB37CC9828] - 01/09/2013 - 15:40:10 ---A- - C:\Windows\Prefetch\DEALPLYLIVE.EXE-7C5A9B4D.pf =>PUP.DealPly
O45 - LFCP:[MD5.FFB1917D2A05DFF1730B37827D850256] - 02/09/2013 - 06:09:05 ---A- - C:\Windows\Prefetch\HPWUSCHD.EXE-811D3EC4.pf
O45 - LFCP:[MD5.5522B8AF7246DF85070AEEC084B00095] - 02/09/2013 - 06:09:22 ---A- - C:\Windows\Prefetch\DELIVERYMANAGER.EXE-E13D97D2.pf
O45 - LFCP:[MD5.88B9DFB9CD93220A685DC05DC5C8936B] - 02/09/2013 - 06:09:55 ---A- - C:\Windows\Prefetch\OPTPROSMARTSCAN.EXE-C1870D10.pf
O45 - LFCP:[MD5.1DCAA7FE4ED6C84E492E1E021EC76ED3] - 02/09/2013 - 16:45:04 ---A- - C:\Windows\Prefetch\EEBSVC.EXE-B54BBA46.pf
O45 - LFCP:[MD5.F52122F89AC78FB341B487044C234115] - 02/09/2013 - 17:08:01 ---A- - C:\Windows\Prefetch\IBSVC.EXE-01CFB7AC.pf =>Adware.InstallBrain
O45 - LFCP:[MD5.9753993F3D6D80A087F10D7E0869115F] - 02/09/2013 - 18:34:00 ---A- - C:\Windows\Prefetch\UPDATE~1.EXE-5FC928B2.pf
O45 - LFCP:[MD5.45578DC934E36878F8818378B6C5843F] - 02/09/2013 - 18:42:21 ---A- - C:\Windows\Prefetch\DUP.EXE-17314DD1.pf
O45 - LFCP:[MD5.4C09DA6347750877E4BB0F757714FDFE] - 02/09/2013 - 19:09:24 ---A- - C:\Windows\Prefetch\KBDSTUB.EXE-5D73B5F0.pf
O45 - LFCP:[MD5.6E898BAB55B8FA0F5242E78970E1618C] - 02/09/2013 - 19:09:30 ---A- - C:\Windows\Prefetch\CAMERAHELPERSHELL.EXE-B72657EC.pf
O45 - LFCP:[MD5.876EBBA4B5F0CCB291D54F1EF5497EEE] - 02/09/2013 - 19:10:19 ---A- - C:\Windows\Prefetch\NCLINSTALLER64.EXE-3236F8A6.pf
O45 - LFCP:[MD5.11651C0545AF80C1719E5F479D60A2C6] - 31/08/2013 - 20:01:05 ---A- - C:\Windows\Prefetch\WEBPLAYER.EXE-23034C49.pf =>Adware.SocialSkinz
O45 - LFCP:[MD5.A275027252DA2F69DFC2F55F1AA06E6B] - 31/08/2013 - 20:01:39 ---A- - C:\Windows\Prefetch\DELTATB.EXE-F45D3BCC.pf =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.C50F2C0A86959ABC135769E561D7AF8B] - 31/08/2013 - 20:02:21 ---A- - C:\Windows\Prefetch\BPROTECT.EXE-29953251.pf
O45 - LFCP:[MD5.4F3DB07EAA3DEFEAC052D89F7051F7C9] - 31/08/2013 - 20:02:54 ---A- - C:\Windows\Prefetch\MYDELTATB.EXE-9DDDE2D6.pf =>Toolbar.DeltaSearch
O45 - LFCP:[MD5.516E1E72C5AE403D94DE110935661BF0] - 31/08/2013 - 20:02:57 ---A- - C:\Windows\Prefetch\DELTA4IE.EXE-83532506.pf
O45 - LFCP:[MD5.83689CD427C6627FFBF45ACFD00004BA] - 31/08/2013 - 20:03:01 ---A- - C:\Windows\Prefetch\DELTA4FFX.EXE-A8E9D9EC.pf
O45 - LFCP:[MD5.DBFEC0DE78AA3C53B9DB287F3E3F9547] - 31/08/2013 - 20:03:07 ---A- - C:\Windows\Prefetch\BABMAINT.EXE-F97FB5C2.pf =>Hijacker.BabSolution
O45 - LFCP:[MD5.A716D4B928FBE57A25695BC31960C131] - 31/08/2013 - 20:03:19 ---A- - C:\Windows\Prefetch\PUSH.EXE-5BC94E9C.pf
O45 - LFCP:[MD5.3C1EDE1C25819B06C78169F41974FDE1] - 31/08/2013 - 20:05:19 ---A- - C:\Windows\Prefetch\BUBBLE.EXE-949FB2C0.pf
O45 - LFCP:[MD5.D7771FECFF910F17D6209153E89DC8F0] - 31/08/2013 - 21:11:24 ---A- - C:\Windows\Prefetch\BROWSERDEFENDER.EXE-4144012A.pf =>Hijacker.Eazel
~ Prefetcher: 137 Legitimates Filtered in 00mn 00s
---\\ Enum�ration des cl�s de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\VeohPlugin [Key] . (...) -- C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (.not file.) =>Adware.SocialSkinz
~ SMSR Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Enum�ration des cl�s de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enum�ration des cl�s de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "HonorAutoRunSetting"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=0
~ MWPE Keys: 10 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du syst�me (SDL) (O58)
O58 - SDL:[MD5.241C32E942869FD1351CC5864976C3AC] - 20/07/2013 - 00:50:56 . (...) -- C:\Windows\System32\Drivers\avgidsdrivera.sys [246072]
O58 - SDL:[MD5.BE913403ED7219894B30E362FD8D4313] - 11/09/2011 - 09:37:12 ---A- . (.Oak Technology Inc. - Audio File System.) -- C:\Windows\SysWOW64\drivers\AFS.SYS [77004]
~ Drivers: 16 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 01/09/2013 - 14:35:58 ---A- . (...) -- C:\Users\Yohan\AppData\Local\avgchrome\avgp [150157]
O61 - LFC: 02/09/2013 - 18:40:48 ---A- . (.BFOURNIER.) -- C:\Users\Yohan\Downloads\gs_fiche_eleve.doc [30208]
O61 - LFC: 02/09/2013 - 18:41:20 ---A- . (.BFOURNIER.) -- C:\Users\Yohan\Downloads\gs_recapitulatif_classe.doc [65536]
O61 - LFC: 02/09/2013 - 18:41:33 ---A- . (.BFOURNIER.) -- C:\Users\Yohan\Downloads\gs_recapitulatif_classe (1).doc [65536]
O61 - LFC: 02/09/2013 - 18:58:55 ---A- . (...) -- C:\Users\Yohan\Downloads\UltimateCodec.exe [714368]
O61 - LFC: 02/09/2013 - 19:00:58 ---A- . (...) -- C:\Users\Yohan\Downloads\adwcleaner.exe [1037134]
O61 - LFC: 02/09/2013 - 20:06:17 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\Local State [52790]
O61 - LFC: 30/08/2013 - 08:09:07 ---A- . (...) -- C:\Users\Yohan\Downloads\EVALUATION_DIAGNOSTIQUE.doc [221184]
O61 - LFC: 30/08/2013 - 09:10:24 ---A- . (.Maryline.) -- C:\Users\Yohan\Downloads\trousseau_de_cl---.doc [726016]
O61 - LFC: 30/08/2013 - 09:10:35 ---A- . (.Maryline.) -- C:\Users\Yohan\Downloads\trousseau_de_cl---2.doc [79872]
O61 - LFC: 30/08/2013 - 09:10:44 ---A- . (.Penfret.) -- C:\Users\Yohan\Downloads\porte_individuelle.doc [31744]
O61 - LFC: 30/08/2013 - 09:11:13 ---A- . (.Penfret.) -- C:\Users\Yohan\Downloads\les_droits_lies_aux_portes.doc [86528]
O61 - LFC: 30/08/2013 - 10:18:29 ---A- . (...) -- C:\Users\Yohan\Downloads\Progression_Maths_CE2.pdf [445925]
O61 - LFC: 30/08/2013 - 10:26:05 ---A- . (...) -- C:\Users\Yohan\Downloads\programmation-de-mathematiques-2011-2012 (1).zip [12544]
O61 - LFC: 30/08/2013 - 10:26:16 ---A- . (...) -- C:\Users\Yohan\Downloads\programmation-de-mathematiques-2011-2012.zip [12544]
O61 - LFC: 30/08/2013 - 14:20:25 ---A- . (...) -- C:\Users\Yohan\Downloads\CA_Maths_CM1_FR.pdf [1047559]
O61 - LFC: 30/08/2013 - 14:23:54 ---A- . (...) -- C:\Users\Yohan\Downloads\CA_Maths_CM1_DIFF.pdf [750138]
O61 - LFC: 30/08/2013 - 15:03:44 ---A- . (...) -- C:\Users\Yohan\Downloads\pdf_Outil_pour_le_diagnostic_et_la_remediation_des_difficultes_d-acquisition_de_la_lecture_en_3e_et_4e_a_ressource_6664_1_.pdf [3012197]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_pnacl_json [379]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtbeginS_o [2432]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o [2008]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o [2120]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtendS_o [1343]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o [1342]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe [2221512]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a [6416]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a [46812]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_eh_a [234888]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a [167354]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a [1710]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe [8944040]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\manifest.fingerprint [66]
O61 - LFC: 30/08/2013 - 17:34:48 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\manifest.json [575]
O61 - LFC: 30/08/2013 - 19:44:09 ---A- . (...) -- C:\Users\Yohan\Downloads\CA_EXT_MATHS_CM1_BASSEDEF.pdf [11661005]
O61 - LFC: 31/08/2013 - 10:25:27 ---A- . (...) -- C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [268170]
O61 - LFC: 31/08/2013 - 20:00:40 ---A- . (...) -- C:\Users\Yohan\Downloads\webplayer.exe [523920] =>Adware.SocialSkinz
O61 - LFC: 31/08/2013 - 20:00:43 ---A- . (...) -- C:\Users\Yohan\Downloads\webplayer (1).exe [523920]
O61 - LFC: 31/08/2013 - 20:01:34 ---A- . (...) -- C:\Users\Yohan\Downloads\webplayer (2).exe [523920]
O61 - LFC: 31/08/2013 - 20:04:12 ---A- . (...) -- C:\Users\Yohan\Downloads\webplayer (3).exe [523920]
O61 - LFC: 31/08/2013 - 20:04:17 ---A- . (...) -- C:\Users\Yohan\Downloads\webplayer (4).exe [523920]
~ 55 Fichiers temporaires (Temporary files)
~ Files: 412 Legitimates Filtered in 06mn 37s
---\\ Liste des outils de d�sinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 18 Legitimates Filtered in 00mn 00s
---\\ Menu de d�marrage Internet (SMI) (O68)
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {3B0AF159-7765-4FC2-9782-9A80B1225097} - (AOL Recherche) - http://slirsredirect.search.aol.com
O69 - SBI: SearchScopes [HKCU] {3EEFB6E4-3B31-44F0-9409-95F73FDE69FF} - (Yahoo!) - http://fr.search.yahoo.com =>Toolbar.Yahoo
O69 - SBI: SearchScopes [HKCU] {54E62DFE-A1E4-4A2A-83EA-D104E92E70D5} - (01NET.com Main Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.fr
O69 - SBI: SearchScopes [HKCU] {82B5F35F-ABDC-4BC6-BF94-0F12E247F09C} - (Kelkoo) - http://fr.kelkoopartners.net
O69 - SBI: SearchScopes [HKCU] {ACC77B45-9F4A-44CF-9694-1A189FD93AF4} - (Yahoo-Mp3Tube) - http://mp3tubetoolbarsearch.com =>Adware.Mp3Tube
O69 - SBI: SearchScopes [HKCU] {F9692F89-191E-4B2E-8628-5F78389EE0A7} - (Yahoo! Search) - http://fr.search.yahoo.com =>Toolbar.Yahoo
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {316B56CA-C460-45E9-A062-91B1AFF8943E} - (AVG Secure Search) - http://search.avg.com =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {316B56CA-C460-45E9-A062-91B1AFF8943E} - (AVG Secure Search) - http://search.avg.com =>Toolbar.AVGSearch
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuli�re � la racine du syst�me (SPRF) (O84)
[MD5.34A25AB73766C2E9B8E5B507F1415E73] [SPRF][02/09/2013] (...) -- C:\ProgramData\nvModes.dat [81327]
[MD5.800C53D5480E733E18056489BC068A30] [SPRF][11/11/2011] (...) -- C:\Users\Yohan\AppData\Local\d3d9caps.dat [680]
[MD5.105F54F12671D2C85B7E91777FA55835] [SPRF][21/08/2013] (...) -- C:\Users\Yohan\AppData\Local\d3d9caps64.dat [1460]
[MD5.3C3C170247315525BAA5B3526741FC16] [SPRF][14/09/2011] (...) -- C:\Users\Yohan\AppData\Local\fusioncache.dat [93]
[MD5.6E1799926209C193FDB2E05A271C5B49] [SPRF][01/09/2013] (...) -- C:\Users\Yohan\AppData\Local\Temp\BackupSetup.exe [10340624]
[MD5.3BB12F100F4CA64D8FCFCB6EAEC22767] [SPRF][30/06/2013] (.DealPly Technologies Ltd. - DealPly.) -- C:\Users\Yohan\AppData\Local\Temp\dp.exe [1443656] =>PUP.DealPly
[MD5.A0F824989CB843D3C9EEDB7457254C0F] [SPRF][02/09/2013] (...) -- C:\Users\Yohan\AppData\Local\Temp\ICReinstall_UltimateCodec.exe [714368]
[MD5.2A00675C8B0105BF938F22DAA5FC9B79] [SPRF][01/09/2013] (...) -- C:\Users\Yohan\AppData\Local\Temp\Quarantine.exe [344507]
[MD5.DE1BD315B11A2C3B11882004A660906F] [SPRF][27/02/2013] (...) -- C:\Users\Yohan\AppData\Local\Temp\restorer1.0.0.1.exe [195072]
[MD5.50AC1576693B7026D54B2D73E2C51E76] [SPRF][19/08/2013] (.Pas de propri�taire - Pricora.) -- C:\Users\Yohan\AppData\Local\Temp\silent_pricora_deltaArgs_FR.exe [5658552] =>Adware.Pricora
[MD5.3C74C26999F2060BC6302448F173A342] [SPRF][28/08/2013] (.Babylon Ltd. - Uninstaller Application.) -- C:\Users\Yohan\AppData\Local\Temp\uninst1.exe [340464] =>Toolbar.Babylon
[MD5.1FFB2EBE1F95C5E5AEC1512EA686049C] [SPRF][24/08/2012] (...) -- C:\Users\Yohan\AppData\LocalLow\dt.dat [27520]
[MD5.C1BF28202A1376FD30BC9FA34E32AB2D] [SPRF][19/08/2013] (...) -- C:\Users\Yohan\AppData\Roaming\wklnhst.dat [3080]
[MD5.84E71D807E1F09F3E6870C75EF0E60BE] [SPRF][06/02/2011] (.Green Eclipse Software - WebSetup.) -- C:\Users\Yohan\Desktop\Install EclipseCrossword.exe [49152]
[MD5.D29B36A48AFF5923981944E567F819BC] [SPRF][09/01/2011] (...) -- C:\Users\Yohan\Desktop\inst_jepuisje.exe [2282354]
[MD5.01A26D7E991E53515E90B3010C3F66D8] [SPRF][19/08/2013] (.Media Player - Codec Pack - Media Player - Codec Pack.) -- C:\Users\Yohan\Desktop\media-player-codec-pack-v4-2-5-setup.exe [27640048]
[MD5.3851DD14F26DF2AF30FC3E58AC37E8EC] [SPRF][10/08/2008] (.Squared 5 - MPEG Streamclip.) -- C:\Users\Yohan\Desktop\MPEG_Streamclip.exe [1083904]
~ Files: 23 Legitimates Filtered in 00mn 08s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{30A935E0-BA51-492A-BC5B-C11F0F4DCC1D}C:\program files (x86)\shareaza\shareaza.exe" | In - Public - P6 - TRUE | .(.Shareaza Development Team.) -- C:\program files (x86)\shareaza\shareaza.exe
O87 - FAEL: "UDP Query User{9CE005C7-BFCD-48D5-89A7-32B150DB98F7}C:\program files (x86)\shareaza\shareaza.exe" | In - Public - P17 - TRUE | .(.Shareaza Development Team.) -- C:\program files (x86)\shareaza\shareaza.exe
O87 - FAEL: "TCP Query User{C80E389F-ED73-4281-826D-17166E547E68}C:\program files (x86)\shareaza\shareaza.exe" | In - Private - P6 - TRUE | .(.Shareaza Development Team.) -- C:\program files (x86)\shareaza\shareaza.exe
O87 - FAEL: "UDP Query User{7B4CCEBA-9F5E-4137-8135-D2CEE29C9A8D}C:\program files (x86)\shareaza\shareaza.exe" | In - Private - P17 - TRUE | .(.Shareaza Development Team.) -- C:\program files (x86)\shareaza\shareaza.exe
~ Firewall: 272 Legitimates Filtered in 00mn 03s
---\\ Enum�re les codes produits des logiciels (PUC) (O90)
O90 - PUC: "DF77116C4C73F5C4EBC60EA4A83C996B" . (.EclipseCrossword.) -- C:\Windows\Installer\{C61177FD-37C4-4C5F-BE6C-E04A8AC399B6}\_6FEFF9B68218417F98F549.exe
~ Update Products: 161 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.24207776E93D8980FDD8DBA523DD33D8] [WIS][28/02/2010] (.Nokia Corporation - Ovi Player Installation.) -- C:\Windows\Installer\140a6c.msi [774656]
[MD5.305C8D7D563079F13ADC054466EEC9DB] [WIS][15/07/2013] (.Google Inc. - Google Update Helper.) -- C:\Windows\Installer\253f1b1.msi [22528]
[MD5.61BABC630A2F30BCCFF38C98F1B08A6B] [WIS][10/02/2013] (.Skype Limited - Facebook Video Calling 1.2.0.287.) -- C:\Windows\Installer\6eca84a.msi [112640]
~ WIS: 168 Legitimates Filtered in 00mn 12s
---\\ Etat g�n�ral des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 14/05/2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
SS - | Demand 20/08/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 04/07/2013 4939312 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
SR - | Auto 23/07/2013 283136 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
SR - | Auto 19/12/2006 94208 | (EpsonBidirectionalService) . (.SEIKO EPSON CORPORATION.) - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SS - | Demand 15/10/2009 238328 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
SS - | Auto 08/07/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08/07/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 09/10/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 03/11/2008 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 17/03/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Demand 05/02/2013 235216 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
SS - | Demand 13/02/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 24/09/2008 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
SR - | Auto 26/06/2009 382496 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\System32\nvvsvc.exe
SR - | Auto 24/09/2008 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe
SR - | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Demand 17/09/2009 651776 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 21/01/2008 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 00\00\0000 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 26/09/2008 27632 | ({55662437-DA8C-40c0-AADA-2C816A897A49}) . (.Cyberlink Corp..) - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
~ Services: Scanned in 00mn 16s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Yohan at 02/09/2013 21:17:52
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Yohan at 02/09/2013 21:17:54
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : v2.12874 - (01/09/2013)
Cl�s trouv�es (Keys found) : 14
Valeurs trouv�es (Values found) : 2
Dossiers trouv�s (Folders found) : 10
Fichiers trouv�s (Files found) : 21
[HKLM\Software\Google\Chrome\Extensions\cnmdgidklhhnmppphpohildcefnaaflp] =>PUP.CrossRider^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup] =>PUP.MyPCBackup^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\VeohPlugin] =>Adware.SocialSkinz^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{49783ED4-258D-4f9f-BE11-137C18D3E543}] =>Adware.Casino
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8959EC83-3C83-4E74-8086-7AA5D9C75CAC}] =>PUP.Whitesmoke
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =>PUP.Dealio
C:\Users\Yohan\AppData\Roaming\Mozilla\Firefox\Profiles\89480t25.default\217e8200-a3b3-43df-b951-8ec01d483d7f@b98c6809-1f3f-41a1-bb1c-692cf84781e9.com =>PUP.CrossRider^
C:\Users\Yohan\AppData\Roaming\Mozilla\Firefox\Profiles\89480t25.default\{3112ca9c-de6d-4884-a869-9855de68056c}(205) =>Toolbar.Google^
C:\Program Files (x86)\BrowseToSave =>Adware.Browse2Save^
C:\Program Files (x86)\Yahoo! =>Toolbar.Yahoo^
C:\Program Files (x86)\Common Files\Spigot(2) =>PUP.Dealio^
C:\Program Files (x86)\Common Files\Spigot(6) =>PUP.Dealio^
C:\Users\Yohan\AppData\Roaming\Yahoo! =>Toolbar.Yahoo^
C:\Program Files (x86)\VideoPerformer =>PUP.VideoPerformer
C:\ProgramData\InstallMate =>Toolbar.Tarma
C:\ProgramData\AVG January 2013 Campaign =>Toolbar.AVGSearch
C:\Users\Yohan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp =>PUP.CrossRider^
C:\Program Files (x86)\VideoPerformer\VideoPerformer.exe =>PUP.VideoPerformer^
[HKCU\Software\Yahoo] =>Toolbar.Yahoo^
[HKLM\Software\Wow6432Node\Yahoo] =>Toolbar.Yahoo^
C:\Windows\Prefetch\LOLLIPOPINSTALLER_14633.EXE-EADC7BB4.pf =>Adware.Lollipop^
C:\Windows\Prefetch\OPTIMIZERPRO.EXE-A8629C8A.pf =>PUP.OptimizerPro^
C:\Windows\Prefetch\DEALPLYLIVEHANDLER.EXE-899DE85E.pf =>PUP.DealPly^
C:\Windows\Prefetch\OPTIMIZERPRO.EXE-FBADA244.pf =>PUP.OptimizerPro^
C:\Windows\Prefetch\DEALPLYLIVE.EXE-7C5A9B4D.pf =>PUP.DealPly^
C:\Windows\Prefetch\IBSVC.EXE-01CFB7AC.pf =>Adware.InstallBrain^
C:\Windows\Prefetch\WEBPLAYER.EXE-23034C49.pf =>Adware.SocialSkinz^
C:\Windows\Prefetch\DELTATB.EXE-F45D3BCC.pf =>Toolbar.DeltaSearch^
C:\Windows\Prefetch\MYDELTATB.EXE-9DDDE2D6.pf =>Toolbar.DeltaSearch^
C:\Windows\Prefetch\BABMAINT.EXE-F97FB5C2.pf =>Hijacker.BabSolution^
C:\Windows\Prefetch\BROWSERDEFENDER.EXE-4144012A.pf =>Hijacker.Eazel^
C:\Users\Yohan\Downloads\webplayer.exe =>Adware.SocialSkinz^
C:\Users\Yohan\AppData\Local\Temp\dp.exe =>PUP.DealPly^
C:\Users\Yohan\AppData\Local\Temp\silent_pricora_deltaArgs_FR.exe =>Adware.Pricora^
C:\Users\Yohan\AppData\Local\Temp\uninst1.exe =>Toolbar.Babylon^
~ Additionnel Scan: 455947 Items scanned in 00mn 46s
---\\ R�capitulatif des d�tections trouv�es sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26631242-hijacker-qvo6 =>Hijacker.Qvo6
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blog/show/29895028-pup-videoperformer =>PUP.VideoPerformer
~ http://nicolascoolman.webs.com/apps/blog/show/26630379-hijacker-22find =>Hijacker.22Find
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blog/show/26627530-adware-browse2save =>Adware.Browse2Save
~ http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
~ http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
~ http://nicolascoolman.webs.com/apps/blog/show/28204239-pup-optimizerpro =>PUP.OptimizerPro
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/26907365-adware-installbrain =>Adware.InstallBrain
~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/27134028-adware-mp3tube =>Adware.MP3Tube
~ http://nicolascoolman.webs.com/apps/blog/show/29294184-adware-pricora =>Adware.Pricora
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/28388393-adware-casino =>Adware.Casino
~ http://nicolascoolman.webs.com/apps/blog/show/27636417-pup-whitesmoke =>PUP.WhiteSmoke
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma =>Toolbar.Tarma
~ MSI: 23 link(s) detected in 00mn 46s
~ 2202 Legitimates filtered by white list
End of the scan (722 lines in 13mn 22s)(0)