~ Rapport de ZHPDiag v2014.4.14.26 - Nicolas Coolman  (14/04/2014)
~ Lancé par HP (14/04/2014 22:24:20)
~ Adresse du Site Web  http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version : 
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16798 (Defaut)
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v34.0.1847.116

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : Absent (Not found)
Windows ID Activation : Inconnue (Unknown)
Windows Licence : Inconnue (Unknown)
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Microsoft Security Client v4.4.0304.0
McAfee Security Scan Plus v3.8.141.11
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v4.10  =>.Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader X

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1893 MB (41% free)
System Restore: Activé (Enable)
System drive C: has 25 GB (50%) free of 50 GB

---\\ Mode de connexion au système
~ Computer Name: HP-PC
~ User Name: HP
~ All Users Names: HP, Guest, Administrator, 
~ Unselected Option: O45,O61
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\HP\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\HP\AppData\Roaming\
~ %Desktop% : C:\Users\HP\Desktop\
~ %Favorites% : C:\Users\HP\Favorites\
~ %LocalAppData% : C:\Users\HP\AppData\Local\
~ %StartMenu% : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 25 Go of 50 Go)
D: Hard drive, Flash drive, Thumb drive (Free 126 Go of 236 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Windows Start-Up Application.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.1FF83D2BE92B40DAE234CF4236680B6E] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/03/2014 - 21:44:24.) -- C:\Windows\System32\wininet.dll [1767936]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - i8042 Port Driver.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Parallel Port Driver.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 11:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/5
~ Mes Favoris (My Favorites) : 1/17
~ Mes Documents (My Documents) : 2/28
~ Mon Bureau (My Desktop) : 1/40
~ Menu demarrer (Programs) : 1/39
~ Hidden Files:  Scanned in 00mn 00s



---\\ Processus lancés
[MD5.672BCF4A9B382509515198B4F118CB9E] - (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe   [6670192] [PID.3884]
[MD5.7D72F14608A4B5F55FD837A5F404A0FF] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe   [1996072] [PID.3892]
[MD5.E93DB97D6A5824CEDF87FE61034CB243] - (.Atheros Commnucations - Bluetooth Stack Server.) -- C:\Program Files\Bluetooth Suite\BtvStack.exe   [498848] [PID.4024]
[MD5.B6ED1F274909311C896286E94FF28548] - (.Atheros Commnucations - Bluetooth Tray.) -- C:\Program Files\Bluetooth Suite\AthBtTray.exe   [302240] [PID.4068]
[MD5.596D8807D351C43496DDF4495FBD391C] - (.www.IslamicFinder.org -  Automatic Athan (Azan)  five times a day f.) -- C:\Program Files\Athan\Athan.exe   [1208320] [PID.2344]
[MD5.0EE209370FAA94C2267B3B201D31E412] - (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe   [687336] [PID.2604]
[MD5.A67545475E813DE7AF4240FBA5B95FAB] - (.Pas de propriétaire - VProtect Application (Official).) -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe   [2544664] [PID.2648]
[MD5.E791053DEC4AABD684562E179E5FDCA7] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe   [181232] [PID.2932]
[MD5.D3015E9F08474732A3FD7D0788A30EA3] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe   [189936] [PID.3016]
[MD5.586353748ACCACAAAE86F4B4125BA14C] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe   [107816] [PID.3288]
[MD5.D653D895588DF213CA85164FB6901576] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   [20924576] [PID.3228]
[MD5.A60DB2C4E19913B42E82B1095045E305] - (.Tango Inc. - Tango.) -- C:\Program Files\Tango\Tango.exe   [13489992] [PID.3648]
[MD5.43E2CFC37953501EA40D852AE585E7C0] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe   [277920] [PID.3696]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe   [53784] [PID.4980]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe   [275568] [PID.4984]
[MD5.CBA0013EBDE3F0B08B043F61857E9809] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe   [18544] [PID.2264]
[MD5.2F777711F4A380AACADBB85A3E7EBFCB] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe   [1864368] [PID.4280]
[MD5.775DDB699B40C42E1BD799CC0EBF3528] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [8215552] [PID.5080]
~ Processes Running:  Scanned in 00mn 04s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome

~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2rx0epq6.default\prefs.js
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2rx0epq6.default\user.js
M3 - MFPP: Plugins - [HP] -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2rx0epq6.default\searchplugins\bingp.xml
M3 - MFPP: Plugins - [HP] -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2rx0epq6.default\searchplugins\default-search.xml
M3 - MFPP: Plugins - [HP] -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2rx0epq6.default\searchplugins\improvedsearch.xml
M3 - MFPP: Plugins - [HP] -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2rx0epq6.default\searchplugins\speedbit.xml
M3 - MFPP: Plugins - [HP] -- C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2rx0epq6.default\searchplugins\yahoo_ff.xml
M2 - MFEP: prefs.js [HP - 2rx0epq6.default\extension@linkeyproject.com] [] Linkey for Firefox v1.0 (..)  =>PUP.LinkeySearch
M2 - MFEP: prefs.js [HP - 2rx0epq6.default\sitefinder@sitefinder.com] [] Site Finder v1.0 (..)  =>Adware.ShoppingReport
M2 - MFEP: prefs.js [HP - 2rx0epq6.default\zqwdpk@ddfh-a.com] [] surrf and keeup v2.3 (..)  =>Adware.SurfAndKeep
M2 - MFEP: prefs.js [HP - 2rx0epq6.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v3.2.3.20140316101110 (..)
M2 - MFEP: prefs.js [HP - 2rx0epq6.default\{96f454ea-9d38-474f-b504-56193e00c1a5}] [] uTorrentControl_v6  v10.23.0.722 (..)  =>P2P.µTorrent
M2 - MFEP: prefs.js [HP - 2rx0epq6.default\{F739D6FC-F9EF-F58F-254C-FC49E2694E5E}] [] Settings Manager v5.0.0.11471 (..)
P2 - FPN: [HKLM] [@GamingWonderland.com/Plugin] - (...) -- C:\Program Files\GamingWonderland\bar\1.bin\NPgtStub.dll (.not file.)
~ Firefox Browser: 28 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=476&aid=148&itype=n&ver=11471&tm=309&src=hmp  =>Hijacker.SearchNet
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.us.com  =>PUP.StartSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://go.speedbit.com
R3 - URLSearchHook: SiteFinder - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} . (...) (No version) -- (.not file.)  =>Adware.ShoppingReport
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} . (.Orbitdownloader.com - Orbitcth.) -- C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} . (.Spigot, Inc. - Slick Savings for Internet Explorer.) -- C:\Users\HP\AppData\Roaming\Slick Savings\Coupons.dll  =>PUP.Dealio
O2 - BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} . (.AVG Secure Search - toolbar.dll (Official).) -- C:\Program Files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll  =>Toolbar.AVGSearch
~ BHO: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: AVG SafeGuard toolbar - [HKLM]{95B7759C-8C7F-4BF1-B163-73684A933233} . (.AVG Secure Search - toolbar.dll (Official).) -- C:\Program Files\AVG SafeGuard toolbar\18.0.5.292\AVG SafeGuard toolbar_toolbar.dll  =>Toolbar.AVGSearch
O3 - Toolbar: Grab Pro - [HKLM]{C55BBCD6-41AD-48AD-9953-3609C48EACC7} . (.Pas de propriétaire - Grab Pro.) -- C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: SiteFinder - [HKLM]{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} . (.Site Finder - Site Finder Toolbar.) -- C:\Program Files\SiteFinder\SiteFinder.dll  =>Adware.ShoppingReport
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{C55BBCD6-41AD-48AD-9953-3609C48EACC7} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Clé orpheline
~ Toolbar:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Ayat.lnk . (...)  -- C:\Program Files\Ayat\Ayat.exe
O4 - GS\Desktop [Public]: BEIN SPORT.lnk . (...)  -- C:\Program Files\BEIN SPORT\BEIN SPORT.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files\Google\Chrome\Application\chrome.exe 
O4 - GS\Desktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee.)  -- C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe 
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files\Mozilla Firefox\firefox.exe 
O4 - GS\Desktop [Public]: Tango.lnk . (.Tango Inc. - Tango.)  -- C:\Program Files\Tango\Tango.exe 
O4 - GS\Desktop [Public]: USB Disk Security.lnk . (.Zbshareware Lab - USB Disk Security.)  -- C:\Program Files\USB Disk Security\USBGuard.exe 
O4 - GS\Program [Public]: Ayat.lnk . (...)  -- C:\Program Files\Ayat\Ayat.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files\Mozilla Firefox\firefox.exe 
O4 - GS\QuickLaunch [HP]: Google Chrome.lnk . (.Google Inc. - Google Chrome.)  -- C:\Program Files\Google\Chrome\Application\chrome.exe 
O4 - GS\QuickLaunch [HP]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch [HP]: Orbit.lnk . (.Orbitdownloader.com - Orbit Downloader.)  -- C:\Program Files\Orbitdownloader\orbitdm.exe 
O4 - GS\TaskBar [HP]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\TaskBar [HP]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files\Mozilla Firefox\firefox.exe 
O4 - GS\TaskBar [HP]: PC Cleaner Pro.lnk . (.PC Cleaners Inc. - PC Cleaner.)  -- C:\ProgramData\PC Cleaners\PCCleaners.exe   =>Rogue.PCCleanerPro
O4 - GS\Program [HP]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\SystemTools [HP]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files\Internet Explorer\iexplore.exe 
O4 - GS\Desktop [HP]: Athan.lnk . (.www.IslamicFinder.org -  Automatic Athan (Azan)  five times a day f.)  -- C:\Program Files\Athan\Athan.exe 
O4 - GS\Desktop [HP]: Orbit.lnk . (.Orbitdownloader.com - Orbit Downloader.)  -- C:\Program Files\Orbitdownloader\orbitdm.exe 
O4 - GS\Desktop [HP]: PC Cleaner Pro.lnk . (.PC Cleaners Inc. - PC Cleaner.)  -- C:\ProgramData\PC Cleaners\PCCleaners.exe   =>Rogue.PCCleanerPro
~ Global Startup: 75 Legitimates Filtered in 00mn 11s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. - McAfee Security Scanner Scheduler.)  -- C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe 
O4 - GS\Startup [HP]: MaxTV Powertools.lnk . (...)  -- C:\Program Files\MaxTV\MaxTV4\maxtv_powertools.exe (.not file.)
O4 - GS\Startup [HP]: MaxTV Recorder Manager.lnk . (...)  -- C:\Program Files\MaxTV\MaxTV4\task_scheduler.exe (.not file.)
O4 - GS\Startup [HP]: MaxTV.lnk . (...)  -- C:\Program Files\MaxTV\MaxTV4\maxtv.exe (.not file.)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe 
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [AtherosBtStack] . (.Atheros Commnucations - Bluetooth Stack Server.) -- C:\Program Files\Bluetooth Suite\BtvStack.exe 
O4 - HKLM\..\Run: [AthBtTray] . (.Atheros Commnucations - Bluetooth Tray.) -- C:\Program Files\Bluetooth Suite\AthBtTray.exe 
O4 - HKLM\..\Run: [Athan] . (.www.IslamicFinder.org -  Automatic Athan (Azan)  five times a day f.) -- C:\Program Files\Athan\Athan.exe 
O4 - HKLM\..\Run: [USB Security] . (.Zbshareware Lab - USB Disk Security.) -- C:\Program Files\USB Disk Security\USBGuard.exe 
O4 - HKLM\..\Run: [vProt] . (.Pas de propriétaire - VProtect Application (Official).) -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe 
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe 
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe 
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe 
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe 
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe 
O4 - HKCU\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\HP\AppData\Roaming\newnext.me\nengine.dll   =>PUP.NextLive
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe 
O4 - HKCU\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe   =>.Piriform Ltd
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Slick Savings] . (.Spigot, Inc. - Slick Savings Helper.) -- C:\Users\HP\AppData\Roaming\Slick Savings\CouponsHelper.exe   =>PUP.Dealio
O4 - HKCU\..\Run: [PC Cleaners] . (.PC Cleaners Inc. - PC Cleaner.) -- C:\ProgramData\PC Cleaners\PCCleaners.exe   =>Rogue.PCCleanerPro
O4 - HKCU\..\Run: [Tango] . (.Tango Inc. - Tango.) -- C:\Program Files\Tango\Tango.exe 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\Sidebar.exe 
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1059086181-65806679-2862780855-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe 
O4 - HKUS\S-1-5-21-1059086181-65806679-2862780855-1000\..\Run: [NextLive] . (.NewNextDotMe - NewNext Helper Engine.) -- C:\Users\HP\AppData\Roaming\newnext.me\nengine.dll   =>PUP.NextLive
O4 - HKUS\S-1-5-21-1059086181-65806679-2862780855-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\HP\AppData\Local\Facebook\Update\FacebookUpdate.exe 
O4 - HKUS\S-1-5-21-1059086181-65806679-2862780855-1000\..\Run: [CCleaner Monitoring] . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe   =>.Piriform Ltd
O4 - HKUS\S-1-5-21-1059086181-65806679-2862780855-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1059086181-65806679-2862780855-1000\..\Run: [Slick Savings] . (.Spigot, Inc. - Slick Savings Helper.) -- C:\Users\HP\AppData\Roaming\Slick Savings\CouponsHelper.exe   =>PUP.Dealio
O4 - HKUS\S-1-5-21-1059086181-65806679-2862780855-1000\..\Run: [PC Cleaners] . (.PC Cleaners Inc. - PC Cleaner.) -- C:\ProgramData\PC Cleaners\PCCleaners.exe   =>Rogue.PCCleanerPro
O4 - HKUS\S-1-5-21-1059086181-65806679-2862780855-1000\..\Run: [Tango] . (.Tango Inc. - Tango.) -- C:\Program Files\Tango\Tango.exe 
~ Application:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} -- Clé orpheline
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Site Finder - {CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} . (...) -- C:\Program Files\SiteFinder\hotbtn.ico  =>Adware.ShoppingReport
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C498051B-72CE-444C-9E96-5F5E3DAE2B23}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CS1\Services\Tcpip\..\{C498051B-72CE-444C-9E96-5F5E3DAE2B23}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CS2\Services\Tcpip\..\{C498051B-72CE-444C-9E96-5F5E3DAE2B23}: DhcpNameServer = 192.168.1.1 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} . (.AVG Secure Search - ViProtocol (Official).) -- C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll  =>Toolbar.AVGSearch
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: SpeedBit Update (SBUpd) . (.Speedbit Ltd. - SpeedBit Update Service.) - C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
O23 - Service:  (vToolbarUpdater18.0.5) . (.AVG Secure Search - ToolbarU Application (Official).) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe  =>Toolbar.AVGSearch
~ Services: 12 Legitimates Filtered in 00mn 56s



---\\ Clés Session Manager (AppCertDlls,KnownDLLs) (O36)
O36 - AppCertDlls: (x64) . (...) -- c:\program files\settings manager\systemk\x64\sysapcrt.dll  =>PUP.SystemK
O36 - AppCertDlls: (x86) . (...) -- C:\Program Files\Settings Manager\systemk\sysapcrt.dll  =>PUP.SystemK
~ Keys:  Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task  - C:\Windows\Tasks\Driver Booster Update.job   [266]
[MD5.00000000000000000000000000000000] [APT] [LaunchApp] (...) -- C:\Program Files\MyPC Backup\MyPC Backup.exe (.not file.)   [0]  =>PUP.MyPCBackup
[MD5.CF150B9EF6CF07E2485732A25CEB73FE] [APT] [PC Cleaner Pro Update Job] (.PC Cleaners Inc..) -- C:\ProgramData\PC Cleaners\PCCleaners.exe   [71675152]  =>Rogue.PCCleanerPro
[MD5.00000000000000000000000000000000] [APT] [SBW_UpdateTask_Logon_3633383539303335312d2d5b50342a4155456c5a236c] (...) -- C:\ProgramData\SpeedBit\sbhe.js" sbu.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [wp_update] (...) -- C:\Users\HP\AppData\Roaming\~qqhtgda.exe (.not file.)   [0]  =>PUP.WpManager
[MD5.C58106CB7A9AAE644623E39526C0BC12] [APT] [{3D8592BE-D42E-4750-9B86-9322507B686C}] (...) -- C:\Users\HP\Downloads\AthanBasic1.exe   [1538317]
[MD5.C58106CB7A9AAE644623E39526C0BC12] [APT] [{815C9AF5-3340-42A7-91DD-AE1F738B9030}] (...) -- C:\Users\HP\Downloads\AthanBasic1.exe   [1538317]
~ Scheduled Task: 25 Legitimates Filtered in 00mn 16s



---\\ Logiciels installés (O42)
O42 - Logiciel: BEIN SPORT version 3 - (.Daz iptv.) [HKLM] -- {A1D86539-9DC7-4F89-A0A7-3A381857B1DE}_is1
O42 - Logiciel: PC Cleaners - (.PC Cleaners.) [HKCU] -- PC Cleaners  =>Rogue.PCCleanerPro
O42 - Logiciel: SiteFinder - (.SiteFinder.) [HKLM] -- SiteFinder  =>Adware.ShoppingReport
O42 - Logiciel: Slick Savings - (.Spigot, Inc..) [HKLM] -- {3A787631-66A2-4634-B928-A37E73B58FB6}  =>PUP.Dealio
O42 - Logiciel: Webplayer - (.Kreapixel.) [HKLM] -- {F750DB0E-D452-3108-63C9-FE16BC686741}  =>Adware.SocialSkinz
~ Logic: 18 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Conduit]  =>Toolbar.Conduit
[HKCU\Software\Iminent.com]  =>Adware.IMBooster
[HKCU\Software\InstallCore]  =>Adware.InstallCore
[HKCU\Software\ParetoLogic]  =>PUP.Paretologic
[HKCU\Software\Softonic]  =>Toolbar.Conduit
[HKCU\Software\SpeedBit]
[HKCU\Software\SpeedItUp]
[HKCU\Software\SystemK]  =>PUP.SystemK
[HKLM\Software\Conduit]  =>Toolbar.Conduit
[HKLM\Software\Datamngr]  =>PUP.Datamngr
[HKLM\Software\Iminent]  =>Adware.IMBooster
[HKLM\Software\Linkey]  =>PUP.LinkeySearch
[HKLM\Software\ParetoLogic]  =>PUP.Paretologic
[HKLM\Software\SpeedBit]
[HKLM\Software\SystemK]  =>PUP.SystemK
[HKLM\Software\b1.org]
[HKLM\Software\zgametb]  =>Toolbar.ZGame
~ Key Software: 208 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/03/2014 - 18:43:45 - [4,095] ----D C:\Program Files\BEIN SPORT
O43 - CFD: 07/11/2013 - 19:14:25 - [0,781] ----D C:\Program Files\GUM3DA3.tmp
O43 - CFD: 29/10/2013 - 15:24:54 - [0] ----D C:\Program Files\IminentToolbar  =>Adware.IMBooster
O43 - CFD: 06/04/2014 - 12:18:37 - [2,542] ----D C:\Program Files\Linkey  =>PUP.LinkeySearch
O43 - CFD: 01/02/2014 - 15:16:26 - [0,102] ----D C:\Program Files\Rarlab
O43 - CFD: 06/04/2014 - 12:17:33 - [17,256] ----D C:\Program Files\Settings Manager
O43 - CFD: 06/04/2014 - 12:39:19 - [0,749] ----D C:\Program Files\SiteFinder  =>Adware.ShoppingReport
O43 - CFD: 19/12/2013 - 19:41:08 - [0] ----D C:\Program Files\suRf anad keep  =>Adware.SurfAndKeep
O43 - CFD: 19/12/2013 - 19:41:20 - [0] ----D C:\Program Files\YoutubeAdblocker  =>PUP.TubeAdBlocker
O43 - CFD: 04/01/2014 - 17:12:02 - [4,091] ----D C:\Program Files\Common Files\SpeedBit
O43 - CFD: 31/03/2014 - 11:18:37 - [0,073] ----D C:\Program Files\Common Files\Spigot  =>PUP.Dealio
O43 - CFD: 02/02/2014 - 20:46:30 - [0,002] ----D C:\ProgramData\b56b0d2600e6838d
O43 - CFD: 06/04/2014 - 12:55:34 - [0] ----D C:\ProgramData\BitGuard  =>PUP.BitGuard
O43 - CFD: 06/04/2014 - 12:55:34 - [0] ----D C:\ProgramData\Browser Manager
O43 - CFD: 06/04/2014 - 12:55:34 - [0] ----D C:\ProgramData\BrowserProtect  =>Hijacker.Eazel
O43 - CFD: 19/12/2013 - 19:35:32 - [0,117] ----D C:\ProgramData\InstallMate  =>PUP.Tarma
O43 - CFD: 26/03/2014 - 07:39:36 - [68,373] ----D C:\ProgramData\PC Cleaners  =>Rogue.PCCleanerPro
O43 - CFD: 01/02/2014 - 15:57:55 - [0] ----D C:\ProgramData\ProductData
O43 - CFD: 11/04/2014 - 21:47:44 - [0] ----D C:\ProgramData\SpeedBit
O43 - CFD: 20/12/2013 - 12:04:46 - [0] ----D C:\ProgramData\suRf anad keep  =>Adware.SurfAndKeep
O43 - CFD: 14/04/2014 - 22:22:26 - [0,011] ----D C:\ProgramData\systemk  =>PUP.SystemK
O43 - CFD: 20/12/2013 - 12:04:46 - [0] ----D C:\ProgramData\YoutubeAdblocker  =>PUP.TubeAdBlocker
O43 - CFD: 01/02/2014 - 15:57:54 - [0] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
O43 - CFD: 27/10/2013 - 21:29:57 - [27,641] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 13/04/2014 - 12:33:49 - [1,228] ----D C:\Users\HP\AppData\Roaming\newnext.me  =>PUP.NextLive
O43 - CFD: 28/10/2013 - 11:07:59 - [49,585] ----D C:\Users\HP\AppData\Roaming\OpenCandy  =>Adware.OpenCandy
O43 - CFD: 06/04/2014 - 12:20:11 - [0] ----D C:\Users\HP\AppData\Roaming\SimilarSites
O43 - CFD: 21/03/2014 - 16:59:35 - [2,119] ----D C:\Users\HP\AppData\Roaming\Slick Savings  =>PUP.Dealio
O43 - CFD: 04/01/2014 - 17:19:25 - [0] ----D C:\Users\HP\AppData\Roaming\SpeedBit
O43 - CFD: 02/02/2014 - 20:19:16 - [0] ----D C:\Users\HP\AppData\Roaming\wp_update  =>PUP.WpManager
O43 - CFD: 12/02/2014 - 18:12:10 - [0,163] ----D C:\Users\HP\AppData\Local\B1E
O43 - CFD: 03/01/2014 - 20:49:05 - [1,224] ----D C:\Users\HP\AppData\Local\genienext  =>PUP.NextLive
O43 - CFD: 01/02/2014 - 15:43:41 - [0,021] ----D C:\Users\HP\AppData\Local\Slick Savings  =>PUP.Dealio
O43 - CFD: 11/03/2014 - 17:40:23 - [23,466] ----D C:\Users\HP\AppData\Local\Tem
~ Program Folder: 195 Legitimates Filtered in 00mn 34s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 06/04/2014 - 11:54:05 RSHA- . (...) -- C:\IO.SYS   [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 06/04/2014 - 11:54:05 RSHA- . (...) -- C:\MSDOS.SYS   [0]
O44 - LFC:[MD5.499E7B8FD5BA6FA5A48691B116771909] - 06/04/2014 - 11:55:23 ---A- . (...) -- C:\Windows\MaxTV Setup Log.txt   [168754]
O44 - LFC:[MD5.D78015967468B1269BF85EAAE78E288B] - 06/04/2014 - 12:06:01 ---A- . (...) -- C:\Windows\MaxTV Uninstall Log.txt   [149652]
O44 - LFC:[MD5.E6A2863AFAA2498AF8C6C2EFC4774748] - 10/04/2014 - 12:01:42 ---A- . (...) -- C:\Windows\System32\Drivers\RTAIODAT.DAT   [747989]
O44 - LFC:[MD5.AFFEDCF766B6C85A1916DB12E3DA2C34] - 10/04/2014 - 12:03:10 ---A- . (...) -- C:\log.txt   [24452]
~ Files: 19 Legitimates Filtered in 00mn 10s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Orbitdownloader\orbitdm.exe" [Enabled] .(.Orbitdownloader.com.) -- C:\Program Files\Orbitdownloader\orbitdm.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Orbitdownloader\orbitnet.exe" [Enabled] .(.Orbitdownloader.com.) -- C:\Program Files\Orbitdownloader\orbitnet.exe
~ Keys Export: 2 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe  =>PUP.BitGuard
O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browsemngr.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe  =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsermngr.exe - tasklist.exe  =>PUP.Babylon
O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe  =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe  =>PUP.BrowserSafeguard
O50 - IFEO:Image File Execution Options - bundlesweetimsetup.exe - tasklist.exe  =>PUP.SweetIM
O50 - IFEO:Image File Execution Options - cltmngsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - delta babylon.exe - tasklist.exe  =>PUP.Babylon
O50 - IFEO:Image File Execution Options - delta tb.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - delta2.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltainstaller.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltasetup.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - deltatb.exe - tasklist.exe  =>Toolbar.DeltaSearch
O50 - IFEO:Image File Execution Options - deltatb_2501-c733154b.exe - tasklist.exe  =>Toolbar.DeltaSearch
O50 - IFEO:Image File Execution Options - dprotectsvc.exe - tasklist.exe  =>Trojan.Staser
O50 - IFEO:Image File Execution Options - iminentsetup.exe - tasklist.exe  =>Adware.IMBooster
O50 - IFEO:Image File Execution Options - jumpflip - tasklist.exe  =>PUP.JumpFlip
O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe  =>Spyware.ProtectedSearch
O50 - IFEO:Image File Execution Options - rjatydimofu.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - searchinstaller.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - searchprotection.exe - tasklist.exe  =>Toolbar.Conduit
O50 - IFEO:Image File Execution Options - searchprotector.exe - tasklist.exe  =>Toolbar.Conduit
O50 - IFEO:Image File Execution Options - searchsettings.exe - tasklist.exe  =>Adware.SearchSettings
O50 - IFEO:Image File Execution Options - searchsettings64.exe - tasklist.exe  =>Adware.SearchSettings
O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe  =>Hijacker.SmartBar
O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - sweetimsetup.exe - tasklist.exe  =>PUP.SweetIM
O50 - IFEO:Image File Execution Options - tbdelta.exetoolbar783881609.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - umbrella.exe - tasklist.exe  =>Adware.IMBooster
O50 - IFEO:Image File Execution Options - utiljumpflip.exe - tasklist.exe  =>PUP.JumpFlip
O50 - IFEO:Image File Execution Options - volaro - tasklist.exe  =>Trojan.Vonteera
O50 - IFEO:Image File Execution Options - vonteera - tasklist.exe  =>Trojan.Vonteera
O50 - IFEO:Image File Execution Options - websteroids.exe - tasklist.exe  =>PUP.TubeDimmer
O50 - IFEO:Image File Execution Options - websteroidsservice.exe - tasklist.exe  =>PUP.TubeDimmer
~ IFEO:  Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [26624]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys   [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS   [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS   [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS   [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS   [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS   [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS   [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS   [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS   [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS   [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS   [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS   [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS   [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS   [34672]
O58 - SDL:[MD5.C50DE6D0C04B230F185A13FDE0F047FA] - 16/08/2010 - 16:31:08 ----- . (...) -- C:\Windows\System32\pwdrvio.sys   [16472]
O58 - SDL:[MD5.CDC5704308222400AD606BCF87B006A5] - 16/08/2010 - 16:31:06 ----- . (...) -- C:\Windows\System32\pwdspio.sys   [11104]
~ Drivers: 16 Legitimates Filtered in 00mn 05s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [HP - 2rx0epq6.default] user_pref("CT3225826.installType", "conduitnsisintegration");
O69 - SBI: prefs.js [HP - 2rx0epq6.default] user_pref("CT3225826.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT3225826&octid=CT[...]
O69 - SBI: prefs.js [HP - 2rx0epq6.default] user_pref("CT3289075.installType", "conduitnsisintegration");
O69 - SBI: prefs.js [HP - 2rx0epq6.default] user_pref("CT3289075.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"http://search.conduit.com/?ctid=CT3289075&octid=CT[...]
O69 - SBI: prefs.js [HP - 2rx0epq6.default] user_pref("avg.install.disableHPGuard", false);
O69 - SBI: prefs.js [HP - 2rx0epq6.default] user_pref("avg.install.disableSPGuard", false);
O69 - SBI: prefs.js [HP - 2rx0epq6.default] user_pref("avg.install.guardCountInit", 156);
O69 - SBI: prefs.js [HP - 2rx0epq6.default] user_pref("avg.install.guardPopupCountInit", -1);
O69 - SBI: prefs.js [HP - 2rx0epq6.default] user_pref("avg.install.guardSPCountInit", 156);
O69 - SBI: prefs.js [HP - 2rx0epq6.default] user_pref("avg.install.guardSPPopupCountInit", -1);
O69 - SBI: prefs.js [HP - 2rx0epq6.default] user_pref("avg.install.guard_xpcom", 0);
O69 - SBI: prefs.js [HP - 2rx0epq6.default] user_pref("avg.install.guards_inactive", 1);
O69 - SBI: prefs.js [HP - 2rx0epq6.default] user_pref("avg.install.newtab", true);
O69 - SBI: prefs.js [HP - 2rx0epq6.default] user_pref("extensions.crossrider.bic", "142723f64e82f9bba124c10990ac27f5");  =>PUP.CrossRider
O69 - SBI: prefs.js [HP - 2rx0epq6.default] user_pref("plugin.state.npconduitfirefoxplugin", 2);
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab} - (Ask Web Search) - http://search.tb.ask.com
O69 - SBI: SearchScopes [HKCU] {7F4EFF06-7032-458e-AE16-1C1D8255C28A} - (Speedbit Search) - http://go.speedbit.com
O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (AVG Secure Search) - http://mysearch.avg.com  =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} - (default-search.net) - http://www.default-search.net  =>Hijacker.SearchNet
O69 - SBI: SearchScopes [HKCU] {C1777041-8DC1-4473-B33F-6C873FECD216} - (Yahoo) - http://search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {D05122C4-4618-4C9D-B85F-0161E6D50311} - (Yahoo!) - http://search.yahoo.com
~ Keys:  Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.6D4F4C58CB8BC800DCF73DC8D6B47A5B] [SPRF][26/03/2014] (.PC Cleaners - PC Cleaner Pro.) -- C:\ProgramData\pclunst.exe   [9112848]  =>Rogue.PCCleanerPro
[MD5.28FBD6D56407A17BB6D9645AD6908CFF] [SPRF][04/10/2008] (...) -- C:\Users\HP\Desktop\LES_JOURNAUX (dz).exe   [2728960]
~ Files: 2 Legitimates Filtered in 00mn 04s



---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{B0E781A1-FCA5-4195-B9AD-F8D62B3B4171}F:\beinsporthd\rtmpgw.exe" |In - Private - P6 - TRUE | .(...) -- F:\beinsporthd\rtmpgw.exe (.not file.)
O87 - FAEL: "UDP Query User{AE869568-7AAA-4D9E-9D83-134A496B5116}F:\beinsporthd\rtmpgw.exe" |In - Private - P17 - TRUE | .(...) -- F:\beinsporthd\rtmpgw.exe (.not file.)
O87 - FAEL: "{B1BBDFB0-CBBA-4836-B1C3-4F003B5310AF}" | In - Private - P6 - TRUE | .(.Tango Inc. - Tango.) -- C:\Program Files\Tango\Tango.exe
O87 - FAEL: "{76B44592-7405-492F-BCA0-19E9B7713373}" | In - Private - P17 - TRUE | .(.Tango Inc. - Tango.) -- C:\Program Files\Tango\Tango.exe
O87 - FAEL: "TCP Query User{4634B965-11D2-4009-BBD0-CBC8205C1693}C:\program files\tango\tango.exe" | In - Public - P6 - TRUE | .(.Tango Inc. - Tango.) -- C:\program files\tango\tango.exe
O87 - FAEL: "UDP Query User{AE17990E-15A8-4740-900C-EDA37597C990}C:\program files\tango\tango.exe" | In - Public - P17 - TRUE | .(.Tango Inc. - Tango.) -- C:\program files\tango\tango.exe
~ Firewall: 211 Legitimates Filtered in 00mn 01s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.C3F265C5A27A9A260A191C38FA57D528] [WIS][19/11/2013] (.Kreapixel - Webplayer.) -- C:\Windows\Installer\1d4a133.msi   [21504]  =>Adware.SocialSkinz
[MD5.BDD8D26AD09D90DB8E691ABA38EFA25C] [WIS][01/02/2014] (.UNKNOWN - Ayat.) -- C:\Windows\Installer\3a5e80.msi   [29184]
~ WIS: 38 Legitimates Filtered in 00mn 05s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32  =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS  =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_0214b_RASAPI32  =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\AVG-Secure-Search-Update_0214b_RASMANCS  =>Toolbar.AVGSearch
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32  =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS  =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASAPI32  =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\BitTorrent_RASMANCS  =>P2P.BitTorrent
HKLM\SOFTWARE\Microsoft\Tracing\Bubble Dock Update_RASAPI32  =>PUP.BubbleDock
HKLM\SOFTWARE\Microsoft\Tracing\Bubble Dock Update_RASMANCS  =>PUP.BubbleDock
HKLM\SOFTWARE\Microsoft\Tracing\Bubble Dock_RASAPI32  =>PUP.BubbleDock
HKLM\SOFTWARE\Microsoft\Tracing\Bubble Dock_RASMANCS  =>PUP.BubbleDock
HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32  =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS  =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\iminent_RASAPI32  =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\iminent_RASMANCS  =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\KREAPIXEL_RASAPI32  =>Adware.SocialSkinz
HKLM\SOFTWARE\Microsoft\Tracing\KREAPIXEL_RASMANCS  =>Adware.SocialSkinz
HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32  =>Adware.OpenCandy
HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS  =>Adware.OpenCandy
HKLM\SOFTWARE\Microsoft\Tracing\LinkSwift_8162019_RASAPI32  =>PUP.LinkSwift
HKLM\SOFTWARE\Microsoft\Tracing\LinkSwift_8162019_RASMANCS  =>PUP.LinkSwift
HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32  =>PUP.Mobogenie
HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS  =>PUP.Mobogenie
HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASAPI32  =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASMANCS  =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\PCCleaners_RASAPI32  =>Rogue.PCCleanerPro
HKLM\SOFTWARE\Microsoft\Tracing\PCCleaners_RASMANCS  =>Rogue.PCCleanerPro
HKLM\SOFTWARE\Microsoft\Tracing\Pricora 2_RASAPI32  =>Adware.Pricora
HKLM\SOFTWARE\Microsoft\Tracing\Pricora 2_RASMANCS  =>Adware.Pricora
HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32  =>Adware.SearchSettings
HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS  =>Adware.SearchSettings
HKLM\SOFTWARE\Microsoft\Tracing\Signup Wizard_RASAPI32  =>PUP.JDIBackup
HKLM\SOFTWARE\Microsoft\Tracing\Signup Wizard_RASMANCS  =>PUP.JDIBackup
HKLM\SOFTWARE\Microsoft\Tracing\Softonic_EN_1-5-4_EN_RASAPI32  =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\Softonic_EN_1-5-4_EN_RASMANCS  =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\Softonic_RASAPI32  =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\Softonic_RASMANCS  =>Toolbar.Conduit
HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc(1)_RASAPI32  =>PUP.SpeedUpMyPC
HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc(1)_RASMANCS  =>PUP.SpeedUpMyPC
HKLM\SOFTWARE\Microsoft\Tracing\updateLinkSwift_RASAPI32  =>PUP.LinkSwift
HKLM\SOFTWARE\Microsoft\Tracing\updateLinkSwift_RASMANCS  =>PUP.LinkSwift
HKLM\SOFTWARE\Microsoft\Tracing\updateRightSurf_RASAPI32  =>PUP.RightSurf
HKLM\SOFTWARE\Microsoft\Tracing\updateRightSurf_RASMANCS  =>PUP.RightSurf
HKLM\SOFTWARE\Microsoft\Tracing\utilRightSurf_RASAPI32  =>PUP.RightSurf
HKLM\SOFTWARE\Microsoft\Tracing\utilRightSurf_RASMANCS  =>PUP.RightSurf
HKLM\SOFTWARE\Microsoft\Tracing\utorrent_RASAPI32  =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent_RASMANCS  =>P2P.µTorrent
~ BTK: 383 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}] (Slick Savings)  =>PUP.Dealio
[HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] (Linkey)  =>PUP.LinkeySearch
[HKCR\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}] (SystemK Module)  =>PUP.SystemK
[HKCR\CLSID\{5F861026-B133-F7B2-1B18-C61881BDCDEF}] (YoutubeAdblocker)  =>PUP.Multiplug
[HKCR\CLSID\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}] (SiteFinder)  =>Adware.ShoppingReport
~ BCK: 5291 Legitimates Filtered in 00mn 10s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/04/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/02/2014 279024 |  (cphs) . (.Intel Corporation.) - C:\Windows\System32\IntelCpHeciSvc.exe
SS - | Auto 07/11/2013 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 07/11/2013 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Auto 03/12/2013 2151200 |  (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 16/01/2014 235696 |  (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SS - | Demand 29/03/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 18/12/2013 65432 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 18/11/2009 87968 |  (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
SR - | Auto 09/05/2011 146592 |  (Atheros Bt&Wlan Coex Agent) . (.Atheros.) - C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
SR - | Auto 09/05/2011 76960 |  (AtherosSvc) . (.Atheros Commnucations.) - C:\Program Files\Bluetooth Suite\adminservice.exe
SR - | System 10/04/2014 31120 |  (F06DEFF2-5B9C-490D-910F-35D3A9119622) . (.Aztec Media Inc.) - C:\Program Files\Settings Manager\systemk\systemkmgrc1.cfg  =>PUP.SystemK
SR - | Demand 24/04/2012 169752 |  (ICCS) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Auto 23/10/2013 22208 |  (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 27/03/2014 251096 |  (RtkAudioService) . (.Realtek Semiconductor.) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
SR - | Auto 04/03/2014 1751672 |  (SBUpd) . (.Speedbit Ltd..) - C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
SR - | Auto 10/04/2014 3543056 |  (SystemkService) . (.Aztec Media Inc.) - C:\Program Files\Settings Manager\systemk\SystemkService.exe  =>PUP.SystemK
SR - | Auto 21/03/2014 1771032 |  (vToolbarUpdater18.0.5) . (.AVG Secure Search.) - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe  =>Toolbar.AVGSearch
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services:  Scanned in 00mn 13s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by HP at 14/04/2014 22:27:38

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys intelppm.sys 
1 ntkrnlpa!IofCallDriver[0x82C75BBA] >> \Device\Harddisk0\DR0[0x85978030]
kernel: MBR read successfully
user & kernel MBR OK 

~ MBR: 12 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by HP at 14/04/2014 22:27:40

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR:  Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13044 - (14/04/2014)
Clés trouvées (Keys found) : 54
Valeurs trouvées (Values found) : 3
Dossiers trouvés  (Folders found) : 32
Fichiers trouvés  (Files found) : 18

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}]   =>PUP.Dealio^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]   =>Toolbar.AVGSearch^
[HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.0.5]   =>Toolbar.AVGSearch^
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PC Cleaners]   =>Rogue.PCCleanerPro^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SiteFinder]   =>Adware.ShoppingReport^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}]   =>PUP.Dealio^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F750DB0E-D452-3108-63C9-FE16BC686741}]   =>Adware.SocialSkinz^
[HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}]   =>Adware.Agent
[HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}]   =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}]   =>Adware.IMBooster
[HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}]   =>PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}]   =>PUP.ToparcadeHits
[HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}]   =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}]   =>Toolbar.Conduit
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}]   =>Adware.IMBooster
[HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]   =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}]   =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}]   =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1]   =>Toolbar.AVGSearch
[HKLM\Software\DataMngr]   =>Adware.Bandoo
[HKLM\Software\Iminent]   =>Adware.IMBooster
[HKCU\Software\AppDataLow\Software\Search Settings]   =>PUP.Dealio
[HKCU\Software\Softonic]   =>Toolbar.Conduit
[HKLM\Software\Microsoft\Tracing\Iminent_RASAPI32]   =>Adware.Bandoo
[HKLM\Software\Microsoft\Tracing\Iminent_RASMANCS]   =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP]   =>Adware.IMBooster
[HKCU\Software\InstallCore]   =>Adware.InstallCore
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar]   =>Toolbar.AVGSafeGuard
[HKCU\Software\AVG SafeGuard toolbar]   =>Toolbar.AVGSafeGuard
[HKLM\Software\AVG SafeGuard toolbar]   =>Toolbar.AVGSafeGuard
[HKCU\Software\AppDataLow\Software\Crossrider]   =>PUP.CrossRider
[HKLM\Software\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj]   =>PUP.Dealio
[HKLM\Software\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp]   =>PUP.Dealio
[HKCU\Software\ParetoLogic]   =>PUP.Paretologic
[HKLM\Software\ParetoLogic]   =>PUP.Paretologic
[HKLM\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk]   =>PUP.Dealio
[HKLM\Software\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}]   =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}]   =>Adware.BrowseFox
[HKLM\Software\Microsoft\Tracing\Mobogenie_RASAPI32]   =>PUP.Mobogenie
[HKLM\Software\Microsoft\Tracing\Mobogenie_RASMANCS]   =>PUP.Mobogenie
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}]   =>Adware.Bandoo^
[HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]:{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}   =>Adware.ShoppingReport^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{95B7759C-8C7F-4BF1-B163-73684A933233}   =>Toolbar.AVGSearch^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:NextLive   =>PUP.NextLive^
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2rx0epq6.default\extensions\extension@linkeyproject.com   =>PUP.LinkeySearch^
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2rx0epq6.default\extensions\sitefinder@sitefinder.com   =>Adware.ShoppingReport^
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2rx0epq6.default\extensions\zqwdpk@ddfh-a.com   =>Adware.SurfAndKeep^
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2rx0epq6.default\extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}   =>P2P.µTorrent^
C:\Program Files\IminentToolbar   =>Adware.IMBooster^
C:\Program Files\Linkey   =>PUP.LinkeySearch^
C:\Program Files\SiteFinder   =>Adware.ShoppingReport^
C:\Program Files\suRf anad keep   =>Adware.SurfAndKeep^
C:\Program Files\YoutubeAdblocker   =>PUP.TubeAdBlocker^
C:\Program Files\Common Files\Spigot   =>PUP.Dealio^
C:\ProgramData\BitGuard   =>PUP.BitGuard^
C:\ProgramData\BrowserProtect   =>Hijacker.Eazel^
C:\ProgramData\InstallMate   =>PUP.Tarma^
C:\ProgramData\PC Cleaners   =>Rogue.PCCleanerPro^
C:\ProgramData\suRf anad keep   =>Adware.SurfAndKeep^
C:\ProgramData\systemk   =>PUP.SystemK^
C:\ProgramData\YoutubeAdblocker   =>PUP.TubeAdBlocker^
C:\Users\HP\AppData\Roaming\newnext.me   =>PUP.NextLive^
C:\Users\HP\AppData\Roaming\OpenCandy   =>Adware.OpenCandy^
C:\Users\HP\AppData\Roaming\Slick Savings   =>PUP.Dealio^
C:\Users\HP\AppData\Roaming\wp_update   =>PUP.WpManager^
C:\Users\HP\AppData\Local\genienext   =>PUP.NextLive^
C:\Users\HP\AppData\Local\Slick Savings   =>PUP.Dealio^
C:\Program Files\Common Files\AVG Secure Search   =>Toolbar.AVGSearch
C:\ProgramData\AVG Secure Search   =>Toolbar.AVGSearch
C:\ProgramData\Browser Manager   =>PUP.Babylon
C:\Users\HP\AppData\Roaming\SimilarSites   =>Adware.SimilarSites
C:\Users\HP\AppData\Local\B1E   =>Toolbar.BrotherSoft
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp   =>PUP.Dealio
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj   =>PUP.Dealio
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk   =>PUP.Dealio
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\2rx0epq6.default\Smartbar   =>Hijacker.SmartBar
C:\ProgramData\PC Cleaners\PCCleaners.exe   =>Rogue.PCCleanerPro^
[HKCU\Software\Conduit]   =>Toolbar.Conduit^
[HKCU\Software\Iminent.com]   =>Adware.IMBooster^
[HKCU\Software\SystemK]   =>PUP.SystemK^
[HKLM\Software\Conduit]   =>Toolbar.Conduit^
[HKLM\Software\Datamngr]   =>PUP.Datamngr^
[HKLM\Software\Linkey]   =>PUP.LinkeySearch^
[HKLM\Software\SystemK]   =>PUP.SystemK^
[HKLM\Software\zgametb]   =>Toolbar.ZGame^
C:\ProgramData\pclunst.exe   =>Rogue.PCCleanerPro^
C:\Windows\Installer\1d4a133.msi   =>Adware.SocialSkinz^
[HKCR\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}] (Slick Savings)   =>PUP.Dealio^
[HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}] (Linkey)   =>PUP.LinkeySearch^
[HKCR\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}] (SystemK Module)   =>PUP.SystemK^
[HKCR\CLSID\{5F861026-B133-F7B2-1B18-C61881BDCDEF}] (YoutubeAdblocker)   =>PUP.Multiplug^
[HKCR\CLSID\{CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}] (SiteFinder)   =>Adware.ShoppingReport^
C:\Users\HP\AppData\Local\Temp\BundleSweetIMSetup.exe  =>PUP.SweetIM
C:\Users\HP\AppData\Local\Temp\MybabylonTB.exe  =>PUP.SweetIM
~ Additionnel Scan: 190954 Items scanned in 00mn 34s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/42036279-pup-linkeysearch  =>PUP.LinkeySearch
http://nicolascoolman.webs.com/apps/blog/show/27422225-adware-shoppingreport  =>Adware.ShoppingReport
http://nicolascoolman.webs.com/apps/blog/show/35582793-adware-surfandkeep  =>Adware.SurfAndKeep
http://nicolascoolman.webs.com/apps/blog/show/42042097-hijacker-searchnet  =>Hijacker.SearchNet
http://nicolascoolman.webs.com/apps/blog/show/28085716-pup-startsearch  =>PUP.StartSearch
http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio  =>PUP.Dealio
http://nicolascoolman.webs.com/apps/blog/show/40528410-pup-nextlive  =>PUP.NextLive
http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup  =>PUP.MyPCBackup
http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager  =>PUP.WpManager
http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz  =>Adware.SocialSkinz
http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit  =>Toolbar.Conduit
http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster  =>Adware.IMBooster
http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore  =>Adware.InstallCore
http://nicolascoolman.webs.com/apps/blog/show/30068076-pup-paretologic  =>PUP.Paretologic
http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr  =>PUP.Datamngr
http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard  =>PUP.BitGuard
http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel  =>Hijacker.Eazel
http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma  =>PUP.Tarma
http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy  =>Adware.OpenCandy
http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon  =>PUP.Babylon
http://nicolascoolman.webs.com/apps/blog/show/32799788-pup-browsersafeguard  =>PUP.BrowserSafeguard
http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim  =>PUP.SweetIM
http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch  =>Toolbar.DeltaSearch
http://nicolascoolman.webs.com/apps/blog/show/32771797-trojan-staser  =>Trojan.Staser
http://nicolascoolman.webs.com/apps/blog/show/33367156-spyware-protectedsearch  =>Spyware.ProtectedSearch
http://nicolascoolman.webs.com/apps/blog/show/27529295-adware-searchsettings  =>Adware.SearchSettings
http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar  =>Hijacker.SmartBar
http://nicolascoolman.webs.com/apps/blog/show/31951367-trojan-vonteera  =>Trojan.Vonteera
http://nicolascoolman.webs.com/apps/blog/show/37242682-pup-tubedimmer  =>PUP.TubeDimmer
http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider  =>PUP.CrossRider
http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch  =>Adware.MyWebSearch
http://nicolascoolman.webs.com/apps/blog/show/31746142-toolbar-bubbledock  =>PUP.BubbleDock
http://nicolascoolman.webs.com/apps/blog/show/32756514-pup-linkswift  =>PUP.LinkSwift
http://nicolascoolman.webs.com/apps/blog/show/41034005-pup-mobogenie  =>PUP.Mobogenie
http://nicolascoolman.webs.com/apps/blog/show/29294184-adware-pricora  =>Adware.Pricora
http://nicolascoolman.webs.com/apps/blog/show/41196115-pup-rightsurf  =>PUP.RightSurf
http://nicolascoolman.webs.com/apps/blog/show/28000037-pup-rewardsarcade   =>PUP.RewardsArcade
http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits  =>PUP.ToparcadeHits
http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo  =>Adware.Bandoo
http://nicolascoolman.webs.com/apps/blog/show/32363262-adware-browsefox  =>Adware.BrowseFox
http://nicolascoolman.webs.com/apps/blog/show/29344956-adware-similarsites  =>Adware.SimilarSites
~ MSI: 41 link(s) detected in 00mn 00s



~ 1041 Legitimates filtered by white list
End of the scan (859 lines in 03mn 55s)(0)