- jeu. 26 sept. 2013 16:15
#64051
~ Rapport de ZHPDiag v2013.9.22.410 - Nicolas Coolman (22/09/2013)
~ Lancé par Utilisateur (23/09/2013 17:12:01)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
GCIE: Google Chrome v29.0.1547.76
---\\ Informations sur les produits Windows
~ Langage: Français
Windows XP Home Edition Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ Logiciels de protection du système
Microsoft Security Client FR-FR Language Pack v2.1.1116.0
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader XI
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 28 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1013 MB (50% free)
System Restore: Désactivé (Disabled)
System drive C: has 32 GB (43%) free of 75 GB
---\\ Mode de connexion au système
~ Computer Name: NOTEBOOK
~ User Name: Utilisateur
~ All Users Names: Utilisateur, SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Utilisateur\Application Data\
~ %Desktop% : C:\Documents and Settings\Utilisateur\Bureau\
~ %Favorites% : C:\Documents and Settings\Utilisateur\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Utilisateur\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Utilisateur\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 32 Go of 75 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 30 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.EA7AB3839BE1FFE067A8131F3547160D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/08/2013 - 07:05:46.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 23:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 19:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/28
~ Mes musiques (My Musics) : 1/125
Mes Videos (My Videos) : 2/2 (Modified)
~ Mes Favoris (My Favorites) : 1/29
~ Mes Documents (My Documents) : 3/275
~ Mon Bureau (My Desktop) : 0/21
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 01s
---\\ Processus lancés
[MD5.957C9C20B7DF85C3F8D08E53F4720BA1] - (.Woodtale Technology Inc - eBPSvc.) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DProtect\DProtectSvc.exe [345152] [PID.1612] =Trojan.Staser
[MD5.4B5AE15E5C73EB4DC8DBEC2788230D41] - (.Apple Inc. - Apple Mobile Device Service.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672] [PID.292]
[MD5.3F56903E124E820AEECE6D471583C6C1] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [238888] [PID.316]
[MD5.934F4153380EDB6809EB9231C6B5F2A9] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe [93984] [PID.436] =Toolbar.Conduit
[MD5.10DBAA1703253FB511D0F5C5F6064B00] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [77824] [PID.956]
[MD5.CB2BAE47B5B74BF8185C1F9FB01EAA4E] - (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2416040] [PID.1884]
[MD5.2E7315B147E524E055026E6634B14EA6] - (.TOSHIBA CORPORATION - TOSHIBA Bluetooth Service.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [128360] [PID.508]
[MD5.5A2FDD7C49FBB13A9FE500ECFC4DA793] - (.WebConnect - WebConnect.) -- C:\Program Files\WebConnect\updateWebConnect.exe [206632] [PID.1572] =PUP.WebConnect
[MD5.4AA2CC5979AFF984227364F2C23B04F3] - (.Wajam - Auto-updater.) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064] [PID.948] =Toolbar.Wajam
[MD5.8B0DE4B972DB725FB9D591E69CD236FB] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [159744] [PID.2620]
[MD5.CC632EB3A7D106464E933E7D53883550] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [131072] [PID.2648]
[MD5.6E0B205042FC3AF5DE84F90F875AFFDA] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [249856] [PID.2680]
[MD5.07C0A803658AAD1A235DC656AF81563D] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16862208] [PID.2688]
[MD5.55D7A219AD8D0DB8980528944152A6FD] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe [417792] [PID.2736]
[MD5.8DC7685764B22DB97891012026FA7ED1] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [141608] [PID.2768]
[MD5.EF1FDB2A4B30AA4761376183FD81CC18] - (.France Telecom SA - Pas de description.) -- C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe [282624] [PID.2780]
[MD5.AFCFE8754D09BDBE22CBC759AB9FF0B0] - (.SEIKO EPSON CORPORATION - EEventManager MFC Application.) -- C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400] [PID.2844]
[MD5.E7BFAEC48B638814F9DA09FF1F4B723A] - (.Conduit - Search Protect by Conduit.) -- C:\Documents and Settings\Utilisateur\Application Data\SearchProtect\bin\cltmng.exe [2852640] [PID.2912] =Toolbar.Conduit
[MD5.FC12F1689AFDE41D48E00A8B05806BEE] - (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files\Fichiers communs\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [442896] [PID.2920]
[MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe [1695232] [PID.3096]
[MD5.070753E47E04181DD440EA2FEFE3115C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18678376] [PID.3108]
[MD5.B0AA18B45282C99D75D2878F69CB88C8] - (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\Utilisateur\Application Data\uTorrent\uTorrent.exe [1130576] [PID.3292] =P2P.BitTorrent
[MD5.F4B99CFB424950A292C01491179DAAE5] - (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe [8167336] [PID.3584]
[MD5.C74736DF452F20FF2DCD54A4EC19C5FC] - (.Research In Motion Limited - BlackBerry Device Manager.) -- C:\Program Files\Fichiers communs\Research In Motion\USB Drivers\BbDevMgr.exe [585728] [PID.1292]
[MD5.1E6F080D5EDB4C3B4C4EB787A0848DCC] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [545576] [PID.3264]
[MD5.82496FC05D85C9C3B9ABBC66B3A97F11] - (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.exe [196440] [PID.2504]
[MD5.63DCE64797C64FB6110727B993440EA5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8000512] [PID.1156]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.3924]
~ Processes Running: Scanned in 00mn 04s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\fspagdjn.default\prefs.js
M3 - MFPP: Plugins - [Utilisateur] -- C:\Program Files\Mozilla FireFox\searchplugins\qvo6.xml =Hijacker.Qvo6
M0 - MFSP: prefs.js [Utilisateur - fspagdjn.default] http://www.qvo6.com =Hijacker.Qvo6
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com =Hijacker.Qvo6
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com =Hijacker.Qvo6
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qvo6.com =Hijacker.Qvo6
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.qvo6.com =Hijacker.Qvo6
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.qvo6.com =Hijacker.Qvo6
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: WebConnect - {2316c625-b487-4410-a1a5-ff040b65245f} . (.Web Connect - WebConnect.) -- C:\Program Files\WebConnect\WebConnectbho.dll =PUP.WebConnect
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} . (.Wajam - Wajam Internet Explorer Add-on.) -- C:\Program Files\Wajam\IE\priam_bho.dll =Toolbar.Wajam
~ BHO: 6 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: FlashFXP.lnk . (.IniCom Networks, Inc. - FlashFXP.) -- C:\Program Files\FlashFXP\FlashFXP.exe
O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - GS\Program [AllUsers]: Windows Search.lnk . (.Microsoft Corporation - Windows Search System Tray.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - GS\Program [Utilisateur]: Free mp3 Wma Converter.lnk . (...) -- C:\Program Files\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe (.not file.)
~ Global Startup: 15 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Program [AllUsers]: Windows Search.lnk . (.Microsoft Corporation - Windows Search System Tray.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe
O4 - HKLM\..\Run: [ITSecMng] . (. TOSHIBA CORPORATION - IT Security Manager for Toshiba Stack.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [CardDetectorHUAWEI1752_1552] . (.France Telecom SA - Pas de description.) -- C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] . (.France Telecom SA - Pas de description.) -- C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager MFC Application.) -- C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [SearchProtectAll] . (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\bin\cltmng.exe =Toolbar.Conduit
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =.Adobe Systems Incorporated
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] . (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files\Fichiers communs\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [SearchProtect] . (.Conduit - Search Protect by Conduit.) -- C:\Documents and Settings\Utilisateur\Application Data\SearchProtect\bin\cltmng.exe =Toolbar.Conduit
O4 - HKCU\..\Run: [Bubble Dock] C:\Documents and Settings\Utilisateur\Application Data\Nosibay\Bubble Dock\LBubble Dock.exe (.not file.) =Toolbar.BubbleDock
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\Utilisateur\Application Data\uTorrent\uTorrent.exe =P2P.BitTorrent
O4 - HKCU\..\Run: [Software updater] . (...) -- C:\Documents and Settings\Utilisateur\Application Data\FreeSoftwareUpdater\updater.exe =PUP.Eorezo
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.exe
O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] C:\Documents and Settings\LocalService\Application Data\SearchProtect\bin\cltmng.exe (.not file.) =Toolbar.Conduit
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-3234308076-302741528-3291305106-1005\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3234308076-302741528-3291305106-1005\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-21-3234308076-302741528-3291305106-1005\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-3234308076-302741528-3291305106-1005\..\Run: [SearchProtect] . (.Conduit - Search Protect by Conduit.) -- C:\Documents and Settings\Utilisateur\Application Data\SearchProtect\bin\cltmng.exe =Toolbar.Conduit
O4 - HKUS\S-1-5-21-3234308076-302741528-3291305106-1005\..\Run: [Bubble Dock] C:\Documents and Settings\Utilisateur\Application Data\Nosibay\Bubble Dock\LBubble Dock.exe (.not file.) =Toolbar.BubbleDock
O4 - HKUS\S-1-5-21-3234308076-302741528-3291305106-1005\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\Utilisateur\Application Data\uTorrent\uTorrent.exe =P2P.BitTorrent
O4 - HKUS\S-1-5-21-3234308076-302741528-3291305106-1005\..\Run: [Software updater] . (...) -- C:\Documents and Settings\Utilisateur\Application Data\FreeSoftwareUpdater\updater.exe =PUP.Eorezo
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} . (.Kaspersky Lab - Script Monitor Internet Explorer plugin.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microso ... 3860978343
~ Objets ActiveX Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E713575F-B689-4240-9F41-12A563433BA4}: NameServer = 178.33.4.181,46.4.70.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EA0D8D1-7BAC-4723-8DF9-72E26459C76E}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{E713575F-B689-4240-9F41-12A563433BA4}: NameServer = 178.33.4.181,46.4.70.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{5EA0D8D1-7BAC-4723-8DF9-72E26459C76E}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS3\Services\Tcpip\..\{E713575F-B689-4240-9F41-12A563433BA4}: NameServer = 178.33.4.181,46.4.70.20
O17 - HKLM\System\CS3\Services\Tcpip\..\{5EA0D8D1-7BAC-4723-8DF9-72E26459C76E}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.dll =.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\DOCUME~1\UTILIS~1\LOCALS~1\APPLIC~1\DProtect\eBP.dll =Trojan.Staser
~ AppInit DLL: Scanned in 00mn 00s
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Moniteur et dossier UPNP Tray.) -- C:\WINDOWS\system32\upnpui.dll
~ SSODL: 6 Legitimates Filtered in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Search Protect by Conduit Updater (CltMngSvc) . (.Conduit - Search Protect by Conduit.) - C:\Program Files\SearchProtect\bin\CltMngSvc.exe =Toolbar.Conduit
O23 - Service: Micro Star SCM (Micro Star SCM) . (...) - C:\Program Files\System Control Manager\MSIService.exe (.not file.)
O23 - Service: Update WebConnect (Update WebConnect) . (.WebConnect - WebConnect.) - C:\Program Files\WebConnect\updateWebConnect.exe =PUP.WebConnect
O23 - Service: WajamUpdater (WajamUpdater) . (.Wajam - Auto-updater.) - C:\Program Files\Wajam\Updater\WajamUpdater.exe =Toolbar.Wajam
~ Services: 10 Legitimates Filtered in 00mn 07s
---\\ Enumération Active Desktop MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: DProtect - (.DProtect Lab.) [HKLM] -- DProtect =Trojan.Staser
O42 - Logiciel: Search Protect by conduit - (.Conduit.) [HKLM] -- SearchProtect =Toolbar.Conduit
O42 - Logiciel: Wajam - (.Wajam.) [HKLM] -- Wajam =Toolbar.Wajam
O42 - Logiciel: WebConnect 3.0.0 - (.Web Connect.) [HKLM] -- WebConnect =PUP.WebConnect
~ Logic: 101 Legitimates Filtered in 00mn 02s
---\\ HKCU HKLM Software Keys
[HKCU\Software\5d6d9d0e76ee412]
[HKCU\Software\BabylonToolbar] =Toolbar.Babylon
[HKCU\Software\ConduitSearchScopes]
[HKCU\Software\Conduit] =Toolbar.Conduit
[HKCU\Software\DataMngr] =PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =PUP.Datamngr
[HKCU\Software\Iminent] =Adware.IMBooster
[HKCU\Software\InstallCore] =Adware.InstallCore
[HKCU\Software\OfferBox] =PUP.OfferBox
[HKCU\Software\Smartbar] =Hijacker.SmartBar
[HKCU\Software\Softonic] =Toolbar.Conduit
[HKCU\Software\SpeedMaxPc] =PUP.SpeedMaxPc
[HKCU\Software\Wajam] =Toolbar.Wajam
[HKCU\Software\WebConnect] =PUP.WebConnect
[HKLM\Software\5d6d9d0e76ee412]
[HKLM\Software\Babylon] =Toolbar.Babylon
[HKLM\Software\Conduit] =Toolbar.Conduit
[HKLM\Software\DataMngr] =PUP.Datamngr
[HKLM\Software\DeltaT]
[HKLM\Software\FotoAngelo]
[HKLM\Software\Iminent] =Adware.IMBooster
[HKLM\Software\InstallIQ]
[HKLM\Software\OfferBox] =PUP.OfferBox
[HKLM\Software\SpeedMaxPc] =PUP.SpeedMaxPc
[HKLM\Software\Tarma Installer] =Toolbar.Tarma
~ Key Software: 193 Legitimates Filtered in 00mn 02s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/04/2013 - 20:21:16 - [0,609] ----D C:\Program Files\Conduit
O43 - CFD: 02/05/2013 - 17:29:40 - [1,378] ----D C:\Program Files\Iminent =Adware.IMBooster
O43 - CFD: 22/05/2013 - 15:50:01 - [0,712] ----D C:\Program Files\Wajam =Toolbar.Wajam
O43 - CFD: 19/09/2013 - 20:36:02 - [1,172] ----D C:\Program Files\WebConnect =PUP.WebConnect
O43 - CFD: 05/08/2013 - 14:49:29 - [0] ----D C:\Documents and Settings\All Users\Application Data\APN
O43 - CFD: 12/04/2013 - 11:01:28 - [0] ----D C:\Documents and Settings\All Users\Application Data\Babylon =Toolbar.Babylon
O43 - CFD: 12/04/2013 - 11:01:41 - [0,002] ----D C:\Documents and Settings\All Users\Application Data\IBUpdaterService =Adware.InstallBrain
O43 - CFD: 15/04/2013 - 11:43:15 - [0] ----D C:\Documents and Settings\All Users\Application Data\SpeedMaxPc =PUP.SpeedMaxPc
O43 - CFD: 05/08/2013 - 15:23:41 - [0,556] ----D C:\Documents and Settings\All Users\Application Data\Tarma Installer =Toolbar.Tarma
O43 - CFD: 12/04/2013 - 11:01:28 - [0,033] ----D C:\Documents and Settings\Utilisateur\Application Data\Babylon =Toolbar.Babylon
O43 - CFD: 12/04/2013 - 11:01:39 - [0,308] ----D C:\Documents and Settings\Utilisateur\Application Data\File Scout
O43 - CFD: 18/04/2013 - 17:38:23 - [0,016] ----D C:\Documents and Settings\Utilisateur\Application Data\Iminent =Adware.IMBooster
O43 - CFD: 15/04/2013 - 11:35:26 - [0,449] ----D C:\Documents and Settings\Utilisateur\Application Data\OfferBox =PUP.OfferBox
O43 - CFD: 15/04/2013 - 11:01:32 - [0] ----D C:\Documents and Settings\Utilisateur\Application Data\SpeedMaxPc =PUP.SpeedMaxPc
O43 - CFD: 01/05/2013 - 16:01:05 - [0] ----D C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Conduit
O43 - CFD: 19/09/2013 - 20:38:39 - [1,893] ----D C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DProtect =Trojan.Staser
O43 - CFD: 22/05/2013 - 15:49:49 - [0,054] ----D C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Wajam =Toolbar.Wajam
O43 - CFD: 22/05/2013 - 15:49:52 - [0,001] ----D C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Wajam =Toolbar.Wajam
~ Program Folder: 162 Legitimates Filtered in 00mn 35s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.9839C0FE69C9FAA622965C1D4145B19C] - 23/09/2013 - 15:04:26 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.35D98E07A31646D66A1796B492F67DD8] - 23/09/2013 - 15:04:11 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.306954B564D1D081BDECF1EB40D59C5E] - 13/09/2013 - 14:44:35 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [1982648]
O44 - LFC:[MD5.59D129F623312FD9F3BB5E9333728A47] - 13/09/2013 - 14:44:35 ---A- . (...) -- C:\WINDOWS\comsetup.log [673197]
O44 - LFC:[MD5.5D2CF21C81F57426EEB02A8329DF54C2] - 13/09/2013 - 14:44:35 ---A- . (...) -- C:\WINDOWS\iis6.log [315310]
O44 - LFC:[MD5.332C2E5AFB81332E27DCFAD83F30EFFF] - 13/09/2013 - 14:44:35 ---A- . (...) -- C:\WINDOWS\imsins.log [1374]
O44 - LFC:[MD5.EE914BB72CBF20FB1115A021F4919DB4] - 13/09/2013 - 14:44:35 ---A- . (...) -- C:\WINDOWS\msgsocm.log [99701]
O44 - LFC:[MD5.F9A9E5B159B8E0672FBAF83AB01FC3A6] - 13/09/2013 - 14:44:35 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [406312]
O44 - LFC:[MD5.3CF710A1FE438F75FA15481874227FEF] - 13/09/2013 - 14:44:35 ---A- . (...) -- C:\WINDOWS\ocgen.log [966108]
O44 - LFC:[MD5.7BB2BD1D46BE2A90BCE85F2BA7DCEBD5] - 13/09/2013 - 14:44:35 ---A- . (...) -- C:\WINDOWS\ocmsn.log [110184]
O44 - LFC:[MD5.2FD6FCB13B2328D840ED58FA44D8BCCD] - 13/09/2013 - 14:44:35 ---A- . (...) -- C:\WINDOWS\tsoc.log [764861]
O44 - LFC:[MD5.82E3EC58012931EEC2E234853F9A2722] - 13/09/2013 - 14:44:31 ---A- . (...) -- C:\WINDOWS\updspapi.log [461581]
O44 - LFC:[MD5.A29926E96B159B4AE657DB0B3DBE8A00] - 13/09/2013 - 14:41:53 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374]
O44 - LFC:[MD5.3061FA5D8E3DFC2AADEB088BA5A752F8] - 13/09/2013 - 14:40:02 ---A- . (...) -- C:\WINDOWS\win.ini [654]
~ Files: 33 Legitimates Filtered in 00mn 09s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Utilisateur\Mes documents\dreamset\Dreamset.exe" [Enabled] .(.John V..) -- C:\Documents and Settings\Utilisateur\Mes documents\dreamset\Dreamset.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DProtect\DProtectSvc.exe" [Enabled] .(.Woodtale Technology Inc.) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DProtect\DProtectSvc.exe =Trojan.Staser
~ Keys Export: 16 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{4ec0395e-2ea8-11e0-adea-001d92c96d88}\AutoRun\command. (...) -- D:\AutoRunCardDetector.exe (.not file.)
O51 - MPSK:{9f694438-cd7e-11e1-ae0d-001d92c96d88}\AutoRun\command. (...) -- D:\Setup.exe (.not file.)
O51 - MPSK:{a8a7e27c-fa4c-11df-ade2-001d92c96d88}\AutoRun\command. (...) -- D:\iStudio.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 14/04/2008 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 11/04/2013 - C:\Program Files\SearchProtect\bin\CltMngSvc.exe (CltMngSvc) .(.Conduit - Search Protect by Conduit.) - LEGACY_CLTMNGSVC =Toolbar.Conduit
O64 - Services: CurCS - 19/09/2013 - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DProtect\DProtectSvc.exe (DPService) .(.Woodtale Technology Inc - eBPSvc.) - LEGACY_DPSERVICE =Trojan.Staser
O64 - Services: CurCS - 02/01/1601 - Pas de propriétaire (Micro Star SCM) .(...) - LEGACY_MICRO_STAR_SCM
O64 - Services: CurCS - 30/08/2013 - C:\Program Files\WebConnect\updateWebConnect.exe (Update WebConnect) .(.WebConnect - WebConnect.) - LEGACY_UPDATE_WEBCONNECT =PUP.WebConnect
O64 - Services: CurCS - 02/05/2013 - C:\Program Files\Wajam\Updater\WajamUpdater.exe (WajamUpdater) .(.Wajam - Auto-updater.) - LEGACY_WAJAMUPDATER =Toolbar.Wajam
~ Legacy: 152 Legitimates Filtered in 00mn 01s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 17 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.qvo6.com =Hijacker.Qvo6
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.qvo6.com =Hijacker.Qvo6
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =Hijacker.Qvo6
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Hola Search) - http://www.holasearch.com =Hijacker.HolaSearch
O69 - SBI: SearchScopes [HKCU] {2F6C427E-12EF-4B24-9AB0-3F9D48F24B68} - (FileConverter 1.5 Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (qvo6) - http://search.qvo6.com =Hijacker.Qvo6
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {A5F3D639-D63F-4670-B7C2-707D106686D0} - (Yahoo!) - http://search.yahoo.com =Toolbar.Yahoo
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.EF4152EB232F7AE2EDF20DD09E37FF5A] [SPRF][19/10/2008] (...) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\fusioncache.dat [134]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\5d6d9d0e76ee412\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5d6d9d0e76ee412\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80"
[HKCU\Software\5d6d9d0e76ee412] =Toolbar.Babylon^
[HKLM\Software\5d6d9d0e76ee412] = Clé orpheline
~ Export Key Software: Scanned in 00mn 00s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 19/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 28/08/2009 144672 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
SR - | Demand 27/06/2013 585728 | (BlackBerry Device Manager) . (.Research In Motion Limited.) - C:\Program Files\Fichiers communs\Research In Motion\USB Drivers\BbDevMgr.exe
SR - | Auto 12/12/2008 238888 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 11/04/2013 93984 | (CltMngSvc) . (.Conduit.) - C:\Program Files\SearchProtect\bin\CltMngSvc.exe =Toolbar.Conduit
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 19/09/2013 345152 | (DPService) . (.Woodtale Technology Inc.) - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DProtect\DProtectSvc.exe =Trojan.Staser
SR - | Auto 25/08/2009 77824 | C:\Program Files\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
SS - | Auto 01/05/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 01/05/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Demand 15/02/2010 545576 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 10/07/1658 0 | (Micro Star SCM) . (...) - C:\Program Files\System Control Manager\MSIService.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 16/07/2012 2416040 | (TeamViewer6) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
SR - | Auto 28/09/2007 128360 | (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION.) - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
SR - | Auto 30/08/2013 206632 | (Update WebConnect) . (.WebConnect.) - C:\Program Files\WebConnect\updateWebConnect.exe =PUP.WebConnect
SR - | Auto 02/05/2013 109064 | (WajamUpdater) . (.Wajam.) - C:\Program Files\Wajam\Updater\WajamUpdater.exe =Toolbar.Wajam
~ Services: Scanned in 00mn 09s
---\\ Scan Additionnel (O88)
Database Version : 12928 - (22/09/2013)
Clés trouvées (Keys found) : 131
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 18
Fichiers trouvés (Files found) : 19
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2316C625-B487-4410-A1A5-FF040B65245F}] =PUP.WebConnect^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =Toolbar.Wajam^
[HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc] =Toolbar.Conduit^
[HKLM\SYSTEM\CurrentControlSet\Services\Update WebConnect] =PUP.WebConnect^
[HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdater] =Toolbar.Wajam^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DProtect] =Trojan.Staser^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =Toolbar.Conduit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wajam] =Toolbar.Wajam^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect] =PUP.WebConnect^
[HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =Adware.RecordNRip
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =Adware.RecordNRip
[HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =Adware.Agent
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =Adware.IMBooster
[HKLM\Software\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}] =Toolbar.Wajam
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =Toolbar.Babylon
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =Adware.SPointer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =Adware.SPointer
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}] =Toolbar.Wajam
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =PUP.V9Software
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =Adware.iWinArcade
[HKLM\Software\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =Toolbar.Wajam
[HKLM\Software\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =Toolbar.Wajam
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}] =Toolbar.Wajam
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =PUP.DealPly
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =PUP.DealPly
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =Toolbar.Agent
[HKLM\Software\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =Toolbar.Agent
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =Toolbar.Wajam
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =PUP.RewardsArcade
[HKLM\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp] =Toolbar.Wajam
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater] =Toolbar.Wajam
[HKCU\Software\BabylonToolbar] =Toolbar.Babylon
[HKCU\Software\ConduitSearchScopes] =Toolbar.Conduit
[HKCU\Software\DataMngr] =Adware.Bandoo
[HKLM\Software\DataMngr] =Adware.Bandoo
[HKCU\Software\Iminent] =Adware.IMBooster
[HKLM\Software\Iminent] =Adware.IMBooster
[HKCU\Software\OfferBox] =PUP.OfferBox
[HKLM\Software\OfferBox] =PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect] =Toolbar.Conduit
[HKCU\Software\Softonic] =Toolbar.Conduit
[HKCU\Software\SpeedMaxPc] =PUP.SpeedMaxPc
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SpeedMaxPc] =PUP.SpeedMaxPc
[HKLM\Software\SpeedMaxPc] =PUP.SpeedMaxPc
[HKLM\Software\Tarma Installer] =Toolbar.Tarma
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly] =PUP.DealPly
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =Adware.IMBooster
[HKLM\Software\Classes\Prod.cap] =Toolbar.Babylon
[HKLM\Software\Classes\AppID\priam_bho.DLL] =Toolbar.Wajam
[HKCU\Software\InstallCore] =Adware.InstallCore
[HKLM\Software\InstallIQ] =Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =Toolbar.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =Toolbar.Tarma
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =PUP.Funmoods
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =Toolbar.DeltaSearch
[HKLM\Software\qvo6Software] =Hijacker.Qvo6
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}] =Hijacker.HolaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}] =Hijacker.HolaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFF9B2DA-EF99-4B26-83CB-7058299999D8}] =Hijacker.HolaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFF9B2DA-EF99-4B26-83CB-7058299999D8}] =Hijacker.HolaSearch
[HKLM\Software\SoftwareUpdater] =Hijacker.Eazel
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}] =Adware.WebCake
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}] =Adware.WebCake
[HKLM\Software\Google\Chrome\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon] =PUP.WebConnect
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2316C625-B487-4410-A1A5-FF040B65245F}] =PUP.WebConnect
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2316C625-B487-4410-A1A5-FF040B65245F}] =PUP.WebConnect
[HKLM\Software\Classes\CLSID\{2316C625-B487-4410-A1A5-FF040B65245F}] =PUP.WebConnect
[HKLM\Software\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}] =PUP.WebConnect
[HKLM\Software\Classes\TypeLib\{D8CAF2DF-52D3-42CF-9DDB-F4FF828DB4F8}] =PUP.WebConnect
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =Adware.BrowseFox
[HKLM\Software\Classes\Toolbar.CT3241952] =Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT3282499] =Toolbar.Conduit
[HKLM\Software\Classes\wajam.WajamBHO] =Toolbar.Wajam
[HKLM\Software\Classes\wajam.WajamBHO.1] =Toolbar.Wajam
[HKLM\Software\Classes\wajam.WajamDownloader] =Toolbar.Wajam
[HKLM\Software\Classes\wajam.WajamDownloader.1] =Toolbar.Wajam
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\Wajam] =Toolbar.Wajam
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:SearchProtectAll =Toolbar.Conduit^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:SearchProtect =Toolbar.Conduit^
C:\Program Files\Iminent =Adware.IMBooster^
C:\Program Files\Wajam =Toolbar.Wajam^
C:\Program Files\WebConnect =PUP.WebConnect^
C:\Documents and Settings\All Users\Application Data\Babylon =Toolbar.Babylon^
C:\Documents and Settings\All Users\Application Data\IBUpdaterService =Adware.InstallBrain^
C:\Documents and Settings\All Users\Application Data\SpeedMaxPc =PUP.SpeedMaxPc^
C:\Documents and Settings\All Users\Application Data\Tarma Installer =Toolbar.Tarma^
C:\Documents and Settings\Utilisateur\Application Data\Babylon =Toolbar.Babylon^
C:\Documents and Settings\Utilisateur\Application Data\Iminent =Adware.IMBooster^
C:\Documents and Settings\Utilisateur\Application Data\OfferBox =PUP.OfferBox^
C:\Documents and Settings\Utilisateur\Application Data\SpeedMaxPc =PUP.SpeedMaxPc^
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DProtect =Trojan.Staser^
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Wajam =Toolbar.Wajam^
C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Wajam =Toolbar.Wajam^
C:\Program Files\Conduit =Toolbar.Conduit
C:\Program Files\SearchProtect =Toolbar.Conduit
C:\Documents and Settings\Utilisateur\Application Data\SearchProtect =Toolbar.Conduit
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Conduit =Toolbar.Conduit
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DProtect\DProtectSvc.exe =Trojan.Staser^
C:\Program Files\SearchProtect\bin\CltMngSvc.exe =Toolbar.Conduit^
C:\Program Files\WebConnect\updateWebConnect.exe =PUP.WebConnect^
C:\Program Files\Wajam\Updater\WajamUpdater.exe =Toolbar.Wajam^
C:\Documents and Settings\Utilisateur\Application Data\SearchProtect\bin\cltmng.exe =Toolbar.Conduit^
C:\Program Files\Mozilla FireFox\searchplugins\qvo6.xml =Hijacker.Qvo6^
C:\Program Files\WebConnect\WebConnectbho.dll =PUP.WebConnect^
C:\Program Files\Wajam\IE\priam_bho.dll =Toolbar.Wajam^
C:\Program Files\SearchProtect\bin\cltmng.exe =Toolbar.Conduit^
C:\Documents and Settings\Utilisateur\Application Data\FreeSoftwareUpdater\updater.exe =PUP.Eorezo^
C:\DOCUME~1\UTILIS~1\LOCALS~1\APPLIC~1\DProtect\eBP.dll =Trojan.Staser^
[HKCU\Software\Conduit] =Toolbar.Conduit^
[HKCU\Software\DataMngr_Toolbar] =PUP.Datamngr^
[HKCU\Software\Smartbar] =Hijacker.SmartBar^
[HKCU\Software\Wajam] =Toolbar.Wajam^
[HKCU\Software\WebConnect] =PUP.WebConnect^
[HKLM\Software\Babylon] =Toolbar.Babylon^
[HKLM\Software\Conduit] =Toolbar.Conduit^
[HKCU\Software\5d6d9d0e76ee412] =Toolbar.Babylon^^
~ Additionnel Scan: 221214 Items scanned in 00mn 39s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blo ... jan-staser =Trojan.Staser
~ http://nicolascoolman.webs.com/apps/blo ... ar-conduit =Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blo ... webconnect =PUP.WebConnect
~ http://nicolascoolman.webs.com/apps/blo ... lbar-wajam =Toolbar.Wajam
~ http://nicolascoolman.webs.com/apps/blo ... acker-qvo6 =Hijacker.Qvo6
~ http://nicolascoolman.webs.com/apps/blo ... bubbledock =Toolbar.BubbleDock
~ http://nicolascoolman.webs.com/apps/blo ... pup-eorezo =PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blo ... ar-babylon =Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blo ... p-datamngr =PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blo ... -imbooster =Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blo ... nstallcore =Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blo ... p-offerbox =PUP.OfferBox
~ http://nicolascoolman.webs.com/apps/blo ... r-smartbar =Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blo ... speedmaxpc =PUP.SpeedMaxPc
~ http://nicolascoolman.webs.com/apps/blo ... lbar-tarma =Toolbar.Tarma
~ http://nicolascoolman.webs.com/apps/blo ... stallbrain =Adware.InstallBrain
~ http://nicolascoolman.webs.com/apps/blo ... holasearch =Hijacker.HolaSearch
~ http://nicolascoolman.webs.com/apps/blo ... lbar-yahoo =Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blo ... recordnrip =Adware.RecordNRip
~ http://nicolascoolman.webs.com/apps/blo ... ardsarcade =PUP.RewardsArcade
~ http://nicolascoolman.webs.com/apps/blo ... e-spointer =Adware.SPointer
~ http://nicolascoolman.webs.com/apps/blo ... v9software =PUP.V9Software
~ http://nicolascoolman.webs.com/apps/blo ... iwinarcade =Adware.iWinArcade
~ http://nicolascoolman.webs.com/apps/blo ... up-dealply =PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blo ... are-bandoo =Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blo ... eltasearch =Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blo ... p-funmoods =PUP.Funmoods
~ http://nicolascoolman.webs.com/apps/blo ... cker-eazel =Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blo ... re-webcake =Adware.WebCake
~ http://nicolascoolman.webs.com/apps/blo ... -browsefox =Adware.BrowseFox
~ MSI: 30 link(s) detected in 00mn 39s
~ 869 Legitimates filtered by white list
End of the scan (739 lines in 02mn 09s)(0)
~ Lancé par Utilisateur (23/09/2013 17:12:01)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found
---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
GCIE: Google Chrome v29.0.1547.76
---\\ Informations sur les produits Windows
~ Langage: Français
Windows XP Home Edition Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ Logiciels de protection du système
Microsoft Security Client FR-FR Language Pack v2.1.1116.0
---\\ Logiciels d'optimisation du système
---\\ Logiciels de partage PeerToPeer
---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader XI
---\\ Informations sur le système
~ Processor: x86 Family 6 Model 28 Stepping 2, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1013 MB (50% free)
System Restore: Désactivé (Disabled)
System drive C: has 32 GB (43%) free of 75 GB
---\\ Mode de connexion au système
~ Computer Name: NOTEBOOK
~ User Name: Utilisateur
~ All Users Names: Utilisateur, SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Utilisateur\Application Data\
~ %Desktop% : C:\Documents and Settings\Utilisateur\Bureau\
~ %Favorites% : C:\Documents and Settings\Utilisateur\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Utilisateur\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Utilisateur\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 32 Go of 75 Go)
---\\ Etat du Centre de Sécurité Windows
~ Security Center: 30 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.EA7AB3839BE1FFE067A8131F3547160D] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/08/2013 - 07:05:46.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 10:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 23:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 19:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/28
~ Mes musiques (My Musics) : 1/125
Mes Videos (My Videos) : 2/2 (Modified)
~ Mes Favoris (My Favorites) : 1/29
~ Mes Documents (My Documents) : 3/275
~ Mon Bureau (My Desktop) : 0/21
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 01s
---\\ Processus lancés
[MD5.957C9C20B7DF85C3F8D08E53F4720BA1] - (.Woodtale Technology Inc - eBPSvc.) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DProtect\DProtectSvc.exe [345152] [PID.1612] =Trojan.Staser
[MD5.4B5AE15E5C73EB4DC8DBEC2788230D41] - (.Apple Inc. - Apple Mobile Device Service.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [144672] [PID.292]
[MD5.3F56903E124E820AEECE6D471583C6C1] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [238888] [PID.316]
[MD5.934F4153380EDB6809EB9231C6B5F2A9] - (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe [93984] [PID.436] =Toolbar.Conduit
[MD5.10DBAA1703253FB511D0F5C5F6064B00] - (.France Telecom SA - Pas de description.) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [77824] [PID.956]
[MD5.CB2BAE47B5B74BF8185C1F9FB01EAA4E] - (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe [2416040] [PID.1884]
[MD5.2E7315B147E524E055026E6634B14EA6] - (.TOSHIBA CORPORATION - TOSHIBA Bluetooth Service.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [128360] [PID.508]
[MD5.5A2FDD7C49FBB13A9FE500ECFC4DA793] - (.WebConnect - WebConnect.) -- C:\Program Files\WebConnect\updateWebConnect.exe [206632] [PID.1572] =PUP.WebConnect
[MD5.4AA2CC5979AFF984227364F2C23B04F3] - (.Wajam - Auto-updater.) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064] [PID.948] =Toolbar.Wajam
[MD5.8B0DE4B972DB725FB9D591E69CD236FB] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [159744] [PID.2620]
[MD5.CC632EB3A7D106464E933E7D53883550] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [131072] [PID.2648]
[MD5.6E0B205042FC3AF5DE84F90F875AFFDA] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [249856] [PID.2680]
[MD5.07C0A803658AAD1A235DC656AF81563D] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16862208] [PID.2688]
[MD5.55D7A219AD8D0DB8980528944152A6FD] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe [417792] [PID.2736]
[MD5.8DC7685764B22DB97891012026FA7ED1] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [141608] [PID.2768]
[MD5.EF1FDB2A4B30AA4761376183FD81CC18] - (.France Telecom SA - Pas de description.) -- C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe [282624] [PID.2780]
[MD5.AFCFE8754D09BDBE22CBC759AB9FF0B0] - (.SEIKO EPSON CORPORATION - EEventManager MFC Application.) -- C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [102400] [PID.2844]
[MD5.E7BFAEC48B638814F9DA09FF1F4B723A] - (.Conduit - Search Protect by Conduit.) -- C:\Documents and Settings\Utilisateur\Application Data\SearchProtect\bin\cltmng.exe [2852640] [PID.2912] =Toolbar.Conduit
[MD5.FC12F1689AFDE41D48E00A8B05806BEE] - (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files\Fichiers communs\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [442896] [PID.2920]
[MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe [1695232] [PID.3096]
[MD5.070753E47E04181DD440EA2FEFE3115C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18678376] [PID.3108]
[MD5.B0AA18B45282C99D75D2878F69CB88C8] - (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\Utilisateur\Application Data\uTorrent\uTorrent.exe [1130576] [PID.3292] =P2P.BitTorrent
[MD5.F4B99CFB424950A292C01491179DAAE5] - (.TeamViewer GmbH - TeamViewer Remote Control Application.) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe [8167336] [PID.3584]
[MD5.C74736DF452F20FF2DCD54A4EC19C5FC] - (.Research In Motion Limited - BlackBerry Device Manager.) -- C:\Program Files\Fichiers communs\Research In Motion\USB Drivers\BbDevMgr.exe [585728] [PID.1292]
[MD5.1E6F080D5EDB4C3B4C4EB787A0848DCC] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [545576] [PID.3264]
[MD5.82496FC05D85C9C3B9ABBC66B3A97F11] - (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.exe [196440] [PID.2504]
[MD5.63DCE64797C64FB6110727B993440EA5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8000512] [PID.1156]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.3924]
~ Processes Running: Scanned in 00mn 04s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\fspagdjn.default\prefs.js
M3 - MFPP: Plugins - [Utilisateur] -- C:\Program Files\Mozilla FireFox\searchplugins\qvo6.xml =Hijacker.Qvo6
M0 - MFSP: prefs.js [Utilisateur - fspagdjn.default] http://www.qvo6.com =Hijacker.Qvo6
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com =Hijacker.Qvo6
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com =Hijacker.Qvo6
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qvo6.com =Hijacker.Qvo6
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.qvo6.com =Hijacker.Qvo6
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.qvo6.com =Hijacker.Qvo6
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: WebConnect - {2316c625-b487-4410-a1a5-ff040b65245f} . (.Web Connect - WebConnect.) -- C:\Program Files\WebConnect\WebConnectbho.dll =PUP.WebConnect
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} . (.Wajam - Wajam Internet Explorer Add-on.) -- C:\Program Files\Wajam\IE\priam_bho.dll =Toolbar.Wajam
~ BHO: 6 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: FlashFXP.lnk . (.IniCom Networks, Inc. - FlashFXP.) -- C:\Program Files\FlashFXP\FlashFXP.exe
O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - GS\Program [AllUsers]: Windows Search.lnk . (.Microsoft Corporation - Windows Search System Tray.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - GS\Program [Utilisateur]: Free mp3 Wma Converter.lnk . (...) -- C:\Program Files\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe (.not file.)
~ Global Startup: 15 Legitimates Filtered in 00mn 00s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Program [AllUsers]: Windows Search.lnk . (.Microsoft Corporation - Windows Search System Tray.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe
O4 - HKLM\..\Run: [ITSecMng] . (. TOSHIBA CORPORATION - IT Security Manager for Toshiba Stack.) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [CardDetectorHUAWEI1752_1552] . (.France Telecom SA - Pas de description.) -- C:\Program Files\CardDetector\HUAWEI1752_1552\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] . (.France Telecom SA - Pas de description.) -- C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager MFC Application.) -- C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [SearchProtectAll] . (.Conduit - Search Protect by Conduit.) -- C:\Program Files\SearchProtect\bin\cltmng.exe =Toolbar.Conduit
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe =.Adobe Systems Incorporated
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] . (.Research In Motion Limited - Launch Agent Service.) -- C:\Program Files\Fichiers communs\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [SearchProtect] . (.Conduit - Search Protect by Conduit.) -- C:\Documents and Settings\Utilisateur\Application Data\SearchProtect\bin\cltmng.exe =Toolbar.Conduit
O4 - HKCU\..\Run: [Bubble Dock] C:\Documents and Settings\Utilisateur\Application Data\Nosibay\Bubble Dock\LBubble Dock.exe (.not file.) =Toolbar.BubbleDock
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\Utilisateur\Application Data\uTorrent\uTorrent.exe =P2P.BitTorrent
O4 - HKCU\..\Run: [Software updater] . (...) -- C:\Documents and Settings\Utilisateur\Application Data\FreeSoftwareUpdater\updater.exe =PUP.Eorezo
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.exe
O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] C:\Documents and Settings\LocalService\Application Data\SearchProtect\bin\cltmng.exe (.not file.) =Toolbar.Conduit
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-3234308076-302741528-3291305106-1005\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3234308076-302741528-3291305106-1005\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-21-3234308076-302741528-3291305106-1005\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-3234308076-302741528-3291305106-1005\..\Run: [SearchProtect] . (.Conduit - Search Protect by Conduit.) -- C:\Documents and Settings\Utilisateur\Application Data\SearchProtect\bin\cltmng.exe =Toolbar.Conduit
O4 - HKUS\S-1-5-21-3234308076-302741528-3291305106-1005\..\Run: [Bubble Dock] C:\Documents and Settings\Utilisateur\Application Data\Nosibay\Bubble Dock\LBubble Dock.exe (.not file.) =Toolbar.BubbleDock
O4 - HKUS\S-1-5-21-3234308076-302741528-3291305106-1005\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\Utilisateur\Application Data\uTorrent\uTorrent.exe =P2P.BitTorrent
O4 - HKUS\S-1-5-21-3234308076-302741528-3291305106-1005\..\Run: [Software updater] . (...) -- C:\Documents and Settings\Utilisateur\Application Data\FreeSoftwareUpdater\updater.exe =PUP.Eorezo
~ Application: Scanned in 00mn 00s
---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} . (.Kaspersky Lab - Script Monitor Internet Explorer plugin.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microso ... 3860978343
~ Objets ActiveX Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E713575F-B689-4240-9F41-12A563433BA4}: NameServer = 178.33.4.181,46.4.70.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{5EA0D8D1-7BAC-4723-8DF9-72E26459C76E}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{E713575F-B689-4240-9F41-12A563433BA4}: NameServer = 178.33.4.181,46.4.70.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{5EA0D8D1-7BAC-4723-8DF9-72E26459C76E}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS3\Services\Tcpip\..\{E713575F-B689-4240-9F41-12A563433BA4}: NameServer = 178.33.4.181,46.4.70.20
O17 - HKLM\System\CS3\Services\Tcpip\..\{5EA0D8D1-7BAC-4723-8DF9-72E26459C76E}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.dll =.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\DOCUME~1\UTILIS~1\LOCALS~1\APPLIC~1\DProtect\eBP.dll =Trojan.Staser
~ AppInit DLL: Scanned in 00mn 00s
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Moniteur et dossier UPNP Tray.) -- C:\WINDOWS\system32\upnpui.dll
~ SSODL: 6 Legitimates Filtered in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Search Protect by Conduit Updater (CltMngSvc) . (.Conduit - Search Protect by Conduit.) - C:\Program Files\SearchProtect\bin\CltMngSvc.exe =Toolbar.Conduit
O23 - Service: Micro Star SCM (Micro Star SCM) . (...) - C:\Program Files\System Control Manager\MSIService.exe (.not file.)
O23 - Service: Update WebConnect (Update WebConnect) . (.WebConnect - WebConnect.) - C:\Program Files\WebConnect\updateWebConnect.exe =PUP.WebConnect
O23 - Service: WajamUpdater (WajamUpdater) . (.Wajam - Auto-updater.) - C:\Program Files\Wajam\Updater\WajamUpdater.exe =Toolbar.Wajam
~ Services: 10 Legitimates Filtered in 00mn 07s
---\\ Enumération Active Desktop MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Logiciels installés (O42)
O42 - Logiciel: DProtect - (.DProtect Lab.) [HKLM] -- DProtect =Trojan.Staser
O42 - Logiciel: Search Protect by conduit - (.Conduit.) [HKLM] -- SearchProtect =Toolbar.Conduit
O42 - Logiciel: Wajam - (.Wajam.) [HKLM] -- Wajam =Toolbar.Wajam
O42 - Logiciel: WebConnect 3.0.0 - (.Web Connect.) [HKLM] -- WebConnect =PUP.WebConnect
~ Logic: 101 Legitimates Filtered in 00mn 02s
---\\ HKCU HKLM Software Keys
[HKCU\Software\5d6d9d0e76ee412]
[HKCU\Software\BabylonToolbar] =Toolbar.Babylon
[HKCU\Software\ConduitSearchScopes]
[HKCU\Software\Conduit] =Toolbar.Conduit
[HKCU\Software\DataMngr] =PUP.Datamngr
[HKCU\Software\DataMngr_Toolbar] =PUP.Datamngr
[HKCU\Software\Iminent] =Adware.IMBooster
[HKCU\Software\InstallCore] =Adware.InstallCore
[HKCU\Software\OfferBox] =PUP.OfferBox
[HKCU\Software\Smartbar] =Hijacker.SmartBar
[HKCU\Software\Softonic] =Toolbar.Conduit
[HKCU\Software\SpeedMaxPc] =PUP.SpeedMaxPc
[HKCU\Software\Wajam] =Toolbar.Wajam
[HKCU\Software\WebConnect] =PUP.WebConnect
[HKLM\Software\5d6d9d0e76ee412]
[HKLM\Software\Babylon] =Toolbar.Babylon
[HKLM\Software\Conduit] =Toolbar.Conduit
[HKLM\Software\DataMngr] =PUP.Datamngr
[HKLM\Software\DeltaT]
[HKLM\Software\FotoAngelo]
[HKLM\Software\Iminent] =Adware.IMBooster
[HKLM\Software\InstallIQ]
[HKLM\Software\OfferBox] =PUP.OfferBox
[HKLM\Software\SpeedMaxPc] =PUP.SpeedMaxPc
[HKLM\Software\Tarma Installer] =Toolbar.Tarma
~ Key Software: 193 Legitimates Filtered in 00mn 02s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/04/2013 - 20:21:16 - [0,609] ----D C:\Program Files\Conduit
O43 - CFD: 02/05/2013 - 17:29:40 - [1,378] ----D C:\Program Files\Iminent =Adware.IMBooster
O43 - CFD: 22/05/2013 - 15:50:01 - [0,712] ----D C:\Program Files\Wajam =Toolbar.Wajam
O43 - CFD: 19/09/2013 - 20:36:02 - [1,172] ----D C:\Program Files\WebConnect =PUP.WebConnect
O43 - CFD: 05/08/2013 - 14:49:29 - [0] ----D C:\Documents and Settings\All Users\Application Data\APN
O43 - CFD: 12/04/2013 - 11:01:28 - [0] ----D C:\Documents and Settings\All Users\Application Data\Babylon =Toolbar.Babylon
O43 - CFD: 12/04/2013 - 11:01:41 - [0,002] ----D C:\Documents and Settings\All Users\Application Data\IBUpdaterService =Adware.InstallBrain
O43 - CFD: 15/04/2013 - 11:43:15 - [0] ----D C:\Documents and Settings\All Users\Application Data\SpeedMaxPc =PUP.SpeedMaxPc
O43 - CFD: 05/08/2013 - 15:23:41 - [0,556] ----D C:\Documents and Settings\All Users\Application Data\Tarma Installer =Toolbar.Tarma
O43 - CFD: 12/04/2013 - 11:01:28 - [0,033] ----D C:\Documents and Settings\Utilisateur\Application Data\Babylon =Toolbar.Babylon
O43 - CFD: 12/04/2013 - 11:01:39 - [0,308] ----D C:\Documents and Settings\Utilisateur\Application Data\File Scout
O43 - CFD: 18/04/2013 - 17:38:23 - [0,016] ----D C:\Documents and Settings\Utilisateur\Application Data\Iminent =Adware.IMBooster
O43 - CFD: 15/04/2013 - 11:35:26 - [0,449] ----D C:\Documents and Settings\Utilisateur\Application Data\OfferBox =PUP.OfferBox
O43 - CFD: 15/04/2013 - 11:01:32 - [0] ----D C:\Documents and Settings\Utilisateur\Application Data\SpeedMaxPc =PUP.SpeedMaxPc
O43 - CFD: 01/05/2013 - 16:01:05 - [0] ----D C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Conduit
O43 - CFD: 19/09/2013 - 20:38:39 - [1,893] ----D C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DProtect =Trojan.Staser
O43 - CFD: 22/05/2013 - 15:49:49 - [0,054] ----D C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Wajam =Toolbar.Wajam
O43 - CFD: 22/05/2013 - 15:49:52 - [0,001] ----D C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Wajam =Toolbar.Wajam
~ Program Folder: 162 Legitimates Filtered in 00mn 35s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.9839C0FE69C9FAA622965C1D4145B19C] - 23/09/2013 - 15:04:26 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.35D98E07A31646D66A1796B492F67DD8] - 23/09/2013 - 15:04:11 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.306954B564D1D081BDECF1EB40D59C5E] - 13/09/2013 - 14:44:35 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [1982648]
O44 - LFC:[MD5.59D129F623312FD9F3BB5E9333728A47] - 13/09/2013 - 14:44:35 ---A- . (...) -- C:\WINDOWS\comsetup.log [673197]
O44 - LFC:[MD5.5D2CF21C81F57426EEB02A8329DF54C2] - 13/09/2013 - 14:44:35 ---A- . (...) -- C:\WINDOWS\iis6.log [315310]
O44 - LFC:[MD5.332C2E5AFB81332E27DCFAD83F30EFFF] - 13/09/2013 - 14:44:35 ---A- . (...) -- C:\WINDOWS\imsins.log [1374]
O44 - LFC:[MD5.EE914BB72CBF20FB1115A021F4919DB4] - 13/09/2013 - 14:44:35 ---A- . (...) -- C:\WINDOWS\msgsocm.log [99701]
O44 - LFC:[MD5.F9A9E5B159B8E0672FBAF83AB01FC3A6] - 13/09/2013 - 14:44:35 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [406312]
O44 - LFC:[MD5.3CF710A1FE438F75FA15481874227FEF] - 13/09/2013 - 14:44:35 ---A- . (...) -- C:\WINDOWS\ocgen.log [966108]
O44 - LFC:[MD5.7BB2BD1D46BE2A90BCE85F2BA7DCEBD5] - 13/09/2013 - 14:44:35 ---A- . (...) -- C:\WINDOWS\ocmsn.log [110184]
O44 - LFC:[MD5.2FD6FCB13B2328D840ED58FA44D8BCCD] - 13/09/2013 - 14:44:35 ---A- . (...) -- C:\WINDOWS\tsoc.log [764861]
O44 - LFC:[MD5.82E3EC58012931EEC2E234853F9A2722] - 13/09/2013 - 14:44:31 ---A- . (...) -- C:\WINDOWS\updspapi.log [461581]
O44 - LFC:[MD5.A29926E96B159B4AE657DB0B3DBE8A00] - 13/09/2013 - 14:41:53 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374]
O44 - LFC:[MD5.3061FA5D8E3DFC2AADEB088BA5A752F8] - 13/09/2013 - 14:40:02 ---A- . (...) -- C:\WINDOWS\win.ini [654]
~ Files: 33 Legitimates Filtered in 00mn 09s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Utilisateur\Mes documents\dreamset\Dreamset.exe" [Enabled] .(.John V..) -- C:\Documents and Settings\Utilisateur\Mes documents\dreamset\Dreamset.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DProtect\DProtectSvc.exe" [Enabled] .(.Woodtale Technology Inc.) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DProtect\DProtectSvc.exe =Trojan.Staser
~ Keys Export: 16 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{4ec0395e-2ea8-11e0-adea-001d92c96d88}\AutoRun\command. (...) -- D:\AutoRunCardDetector.exe (.not file.)
O51 - MPSK:{9f694438-cd7e-11e1-ae0d-001d92c96d88}\AutoRun\command. (...) -- D:\Setup.exe (.not file.)
O51 - MPSK:{a8a7e27c-fa4c-11df-ade2-001d92c96d88}\AutoRun\command. (...) -- D:\iStudio.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 14/04/2008 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 11/04/2013 - C:\Program Files\SearchProtect\bin\CltMngSvc.exe (CltMngSvc) .(.Conduit - Search Protect by Conduit.) - LEGACY_CLTMNGSVC =Toolbar.Conduit
O64 - Services: CurCS - 19/09/2013 - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DProtect\DProtectSvc.exe (DPService) .(.Woodtale Technology Inc - eBPSvc.) - LEGACY_DPSERVICE =Trojan.Staser
O64 - Services: CurCS - 02/01/1601 - Pas de propriétaire (Micro Star SCM) .(...) - LEGACY_MICRO_STAR_SCM
O64 - Services: CurCS - 30/08/2013 - C:\Program Files\WebConnect\updateWebConnect.exe (Update WebConnect) .(.WebConnect - WebConnect.) - LEGACY_UPDATE_WEBCONNECT =PUP.WebConnect
O64 - Services: CurCS - 02/05/2013 - C:\Program Files\Wajam\Updater\WajamUpdater.exe (WajamUpdater) .(.Wajam - Auto-updater.) - LEGACY_WAJAMUPDATER =Toolbar.Wajam
~ Legacy: 152 Legitimates Filtered in 00mn 01s
---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 17 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.qvo6.com =Hijacker.Qvo6
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.qvo6.com =Hijacker.Qvo6
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com =Hijacker.Qvo6
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Hola Search) - http://www.holasearch.com =Hijacker.HolaSearch
O69 - SBI: SearchScopes [HKCU] {2F6C427E-12EF-4B24-9AB0-3F9D48F24B68} - (FileConverter 1.5 Customized Web Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {33BB0A4E-99AF-4226-BDF6-49120163DE86} [DefaultScope] - (qvo6) - http://search.qvo6.com =Hijacker.Qvo6
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {A5F3D639-D63F-4670-B7C2-707D106686D0} - (Yahoo!) - http://search.yahoo.com =Toolbar.Yahoo
~ Keys: Scanned in 00mn 00s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.EF4152EB232F7AE2EDF20DD09E37FF5A] [SPRF][19/10/2008] (...) -- C:\Documents and Settings\Utilisateur\Local Settings\Application Data\fusioncache.dat [134]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Export de clés de registre aléatoires (O91)
[HKCU\Software\5d6d9d0e76ee412\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:guid="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}"
[HKCU\Software\5d6d9d0e76ee412\history\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1125.80]:version="2.6.1125.80"
[HKCU\Software\5d6d9d0e76ee412] =Toolbar.Babylon^
[HKLM\Software\5d6d9d0e76ee412] = Clé orpheline
~ Export Key Software: Scanned in 00mn 00s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 19/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 28/08/2009 144672 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
SR - | Demand 27/06/2013 585728 | (BlackBerry Device Manager) . (.Research In Motion Limited.) - C:\Program Files\Fichiers communs\Research In Motion\USB Drivers\BbDevMgr.exe
SR - | Auto 12/12/2008 238888 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 11/04/2013 93984 | (CltMngSvc) . (.Conduit.) - C:\Program Files\SearchProtect\bin\CltMngSvc.exe =Toolbar.Conduit
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 19/09/2013 345152 | (DPService) . (.Woodtale Technology Inc.) - C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DProtect\DProtectSvc.exe =Trojan.Staser
SR - | Auto 25/08/2009 77824 | C:\Program Files\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
SS - | Auto 01/05/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 01/05/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Demand 15/02/2010 545576 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 10/07/1658 0 | (Micro Star SCM) . (...) - C:\Program Files\System Control Manager\MSIService.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 16/07/2012 2416040 | (TeamViewer6) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
SR - | Auto 28/09/2007 128360 | (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION.) - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
SR - | Auto 30/08/2013 206632 | (Update WebConnect) . (.WebConnect.) - C:\Program Files\WebConnect\updateWebConnect.exe =PUP.WebConnect
SR - | Auto 02/05/2013 109064 | (WajamUpdater) . (.Wajam.) - C:\Program Files\Wajam\Updater\WajamUpdater.exe =Toolbar.Wajam
~ Services: Scanned in 00mn 09s
---\\ Scan Additionnel (O88)
Database Version : 12928 - (22/09/2013)
Clés trouvées (Keys found) : 131
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 18
Fichiers trouvés (Files found) : 19
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2316C625-B487-4410-A1A5-FF040B65245F}] =PUP.WebConnect^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =Toolbar.Wajam^
[HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc] =Toolbar.Conduit^
[HKLM\SYSTEM\CurrentControlSet\Services\Update WebConnect] =PUP.WebConnect^
[HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdater] =Toolbar.Wajam^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\DProtect] =Trojan.Staser^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect] =Toolbar.Conduit^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wajam] =Toolbar.Wajam^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect] =PUP.WebConnect^
[HKLM\Software\Classes\CLSID\{35b8892d-c3fb-4d88-990d-31db2ebd72bd}] =Adware.RecordNRip
[HKLM\Software\Classes\Interface\{3f607e46-0d3c-4442-b1de-de7fa4768f5c}] =Adware.RecordNRip
[HKLM\Software\Classes\TypeLib\{93e3d79c-0786-48ff-9329-93bc9f6dc2b3}] =Adware.RecordNRip
[HKLM\Software\Classes\Interface\{fe0273d1-99df-4ac0-87d5-1371c6271785}] =Adware.RecordNRip
[HKLM\Software\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}] =Adware.Agent
[HKLM\Software\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}] =Adware.IMBooster
[HKLM\Software\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}] =Adware.IMBooster
[HKLM\Software\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}] =Adware.IMBooster
[HKLM\Software\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}] =Toolbar.Wajam
[HKLM\Software\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}] =Adware.IMBooster
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =Toolbar.Babylon
[HKLM\Software\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}] =PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =Adware.SPointer
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23AF19F7-1D5B-442c-B14C-3D1081953C94}] =Adware.SPointer
[HKLM\Software\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}] =PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}] =Toolbar.Wajam
[HKLM\Software\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}] =PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}] =PUP.RewardsArcade
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =PUP.V9Software
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] =PUP.V9Software
[HKLM\Software\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}] =PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =Adware.iWinArcade
[HKLM\Software\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =Toolbar.Wajam
[HKLM\Software\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}] =Toolbar.Wajam
[HKLM\Software\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}] =PUP.RewardsArcade
[HKLM\Software\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}] =Toolbar.Wajam
[HKLM\Software\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}] =PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =Adware.IMBooster
[HKLM\Software\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}] =PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =Adware.IMBooster
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =PUP.DealPly
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}] =PUP.DealPly
[HKLM\Software\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}] =PUP.RewardsArcade
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =Toolbar.Agent
[HKLM\Software\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}] =Toolbar.Agent
[HKLM\Software\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}] =PUP.RewardsArcade
[HKLM\Software\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}] =Toolbar.Wajam
[HKLM\Software\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}] =PUP.RewardsArcade
[HKLM\Software\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}] =PUP.RewardsArcade
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =Adware.IMBooster
[HKLM\Software\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}] =PUP.RewardsArcade
[HKLM\Software\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}] =PUP.RewardsArcade
[HKLM\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp] =Toolbar.Wajam
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater] =Toolbar.Wajam
[HKCU\Software\BabylonToolbar] =Toolbar.Babylon
[HKCU\Software\ConduitSearchScopes] =Toolbar.Conduit
[HKCU\Software\DataMngr] =Adware.Bandoo
[HKLM\Software\DataMngr] =Adware.Bandoo
[HKCU\Software\Iminent] =Adware.IMBooster
[HKLM\Software\Iminent] =Adware.IMBooster
[HKCU\Software\OfferBox] =PUP.OfferBox
[HKLM\Software\OfferBox] =PUP.OfferBox
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect] =Toolbar.Conduit
[HKCU\Software\Softonic] =Toolbar.Conduit
[HKCU\Software\SpeedMaxPc] =PUP.SpeedMaxPc
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\SpeedMaxPc] =PUP.SpeedMaxPc
[HKLM\Software\SpeedMaxPc] =PUP.SpeedMaxPc
[HKLM\Software\Tarma Installer] =Toolbar.Tarma
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly] =PUP.DealPly
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =Toolbar.DeltaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =Toolbar.DeltaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP] =Adware.IMBooster
[HKLM\Software\Classes\Prod.cap] =Toolbar.Babylon
[HKLM\Software\Classes\AppID\priam_bho.DLL] =Toolbar.Wajam
[HKCU\Software\InstallCore] =Adware.InstallCore
[HKLM\Software\InstallIQ] =Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =Toolbar.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =Toolbar.Tarma
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =PUP.Funmoods
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =PUP.Funmoods
[HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =Toolbar.DeltaSearch
[HKLM\Software\qvo6Software] =Hijacker.Qvo6
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}] =Hijacker.HolaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}] =Hijacker.HolaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFF9B2DA-EF99-4B26-83CB-7058299999D8}] =Hijacker.HolaSearch
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFF9B2DA-EF99-4B26-83CB-7058299999D8}] =Hijacker.HolaSearch
[HKLM\Software\SoftwareUpdater] =Hijacker.Eazel
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}] =Adware.WebCake
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}] =Adware.WebCake
[HKLM\Software\Google\Chrome\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon] =PUP.WebConnect
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2316C625-B487-4410-A1A5-FF040B65245F}] =PUP.WebConnect
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2316C625-B487-4410-A1A5-FF040B65245F}] =PUP.WebConnect
[HKLM\Software\Classes\CLSID\{2316C625-B487-4410-A1A5-FF040B65245F}] =PUP.WebConnect
[HKLM\Software\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}] =PUP.WebConnect
[HKLM\Software\Classes\TypeLib\{D8CAF2DF-52D3-42CF-9DDB-F4FF828DB4F8}] =PUP.WebConnect
[HKLM\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}] =Adware.BrowseFox
[HKLM\Software\Classes\Toolbar.CT3241952] =Toolbar.Conduit
[HKLM\Software\Classes\Toolbar.CT3282499] =Toolbar.Conduit
[HKLM\Software\Classes\wajam.WajamBHO] =Toolbar.Wajam
[HKLM\Software\Classes\wajam.WajamBHO.1] =Toolbar.Wajam
[HKLM\Software\Classes\wajam.WajamDownloader] =Toolbar.Wajam
[HKLM\Software\Classes\wajam.WajamDownloader.1] =Toolbar.Wajam
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\Wajam] =Toolbar.Wajam
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:SearchProtectAll =Toolbar.Conduit^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:SearchProtect =Toolbar.Conduit^
C:\Program Files\Iminent =Adware.IMBooster^
C:\Program Files\Wajam =Toolbar.Wajam^
C:\Program Files\WebConnect =PUP.WebConnect^
C:\Documents and Settings\All Users\Application Data\Babylon =Toolbar.Babylon^
C:\Documents and Settings\All Users\Application Data\IBUpdaterService =Adware.InstallBrain^
C:\Documents and Settings\All Users\Application Data\SpeedMaxPc =PUP.SpeedMaxPc^
C:\Documents and Settings\All Users\Application Data\Tarma Installer =Toolbar.Tarma^
C:\Documents and Settings\Utilisateur\Application Data\Babylon =Toolbar.Babylon^
C:\Documents and Settings\Utilisateur\Application Data\Iminent =Adware.IMBooster^
C:\Documents and Settings\Utilisateur\Application Data\OfferBox =PUP.OfferBox^
C:\Documents and Settings\Utilisateur\Application Data\SpeedMaxPc =PUP.SpeedMaxPc^
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DProtect =Trojan.Staser^
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Wajam =Toolbar.Wajam^
C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Wajam =Toolbar.Wajam^
C:\Program Files\Conduit =Toolbar.Conduit
C:\Program Files\SearchProtect =Toolbar.Conduit
C:\Documents and Settings\Utilisateur\Application Data\SearchProtect =Toolbar.Conduit
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Conduit =Toolbar.Conduit
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\DProtect\DProtectSvc.exe =Trojan.Staser^
C:\Program Files\SearchProtect\bin\CltMngSvc.exe =Toolbar.Conduit^
C:\Program Files\WebConnect\updateWebConnect.exe =PUP.WebConnect^
C:\Program Files\Wajam\Updater\WajamUpdater.exe =Toolbar.Wajam^
C:\Documents and Settings\Utilisateur\Application Data\SearchProtect\bin\cltmng.exe =Toolbar.Conduit^
C:\Program Files\Mozilla FireFox\searchplugins\qvo6.xml =Hijacker.Qvo6^
C:\Program Files\WebConnect\WebConnectbho.dll =PUP.WebConnect^
C:\Program Files\Wajam\IE\priam_bho.dll =Toolbar.Wajam^
C:\Program Files\SearchProtect\bin\cltmng.exe =Toolbar.Conduit^
C:\Documents and Settings\Utilisateur\Application Data\FreeSoftwareUpdater\updater.exe =PUP.Eorezo^
C:\DOCUME~1\UTILIS~1\LOCALS~1\APPLIC~1\DProtect\eBP.dll =Trojan.Staser^
[HKCU\Software\Conduit] =Toolbar.Conduit^
[HKCU\Software\DataMngr_Toolbar] =PUP.Datamngr^
[HKCU\Software\Smartbar] =Hijacker.SmartBar^
[HKCU\Software\Wajam] =Toolbar.Wajam^
[HKCU\Software\WebConnect] =PUP.WebConnect^
[HKLM\Software\Babylon] =Toolbar.Babylon^
[HKLM\Software\Conduit] =Toolbar.Conduit^
[HKCU\Software\5d6d9d0e76ee412] =Toolbar.Babylon^^
~ Additionnel Scan: 221214 Items scanned in 00mn 39s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blo ... jan-staser =Trojan.Staser
~ http://nicolascoolman.webs.com/apps/blo ... ar-conduit =Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blo ... webconnect =PUP.WebConnect
~ http://nicolascoolman.webs.com/apps/blo ... lbar-wajam =Toolbar.Wajam
~ http://nicolascoolman.webs.com/apps/blo ... acker-qvo6 =Hijacker.Qvo6
~ http://nicolascoolman.webs.com/apps/blo ... bubbledock =Toolbar.BubbleDock
~ http://nicolascoolman.webs.com/apps/blo ... pup-eorezo =PUP.EoRezo
~ http://nicolascoolman.webs.com/apps/blo ... ar-babylon =Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blo ... p-datamngr =PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blo ... -imbooster =Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blo ... nstallcore =Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blo ... p-offerbox =PUP.OfferBox
~ http://nicolascoolman.webs.com/apps/blo ... r-smartbar =Hijacker.SmartBar
~ http://nicolascoolman.webs.com/apps/blo ... speedmaxpc =PUP.SpeedMaxPc
~ http://nicolascoolman.webs.com/apps/blo ... lbar-tarma =Toolbar.Tarma
~ http://nicolascoolman.webs.com/apps/blo ... stallbrain =Adware.InstallBrain
~ http://nicolascoolman.webs.com/apps/blo ... holasearch =Hijacker.HolaSearch
~ http://nicolascoolman.webs.com/apps/blo ... lbar-yahoo =Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blo ... recordnrip =Adware.RecordNRip
~ http://nicolascoolman.webs.com/apps/blo ... ardsarcade =PUP.RewardsArcade
~ http://nicolascoolman.webs.com/apps/blo ... e-spointer =Adware.SPointer
~ http://nicolascoolman.webs.com/apps/blo ... v9software =PUP.V9Software
~ http://nicolascoolman.webs.com/apps/blo ... iwinarcade =Adware.iWinArcade
~ http://nicolascoolman.webs.com/apps/blo ... up-dealply =PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blo ... are-bandoo =Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blo ... eltasearch =Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blo ... p-funmoods =PUP.Funmoods
~ http://nicolascoolman.webs.com/apps/blo ... cker-eazel =Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blo ... re-webcake =Adware.WebCake
~ http://nicolascoolman.webs.com/apps/blo ... -browsefox =Adware.BrowseFox
~ MSI: 30 link(s) detected in 00mn 39s
~ 869 Legitimates filtered by white list
End of the scan (739 lines in 02mn 09s)(0)
Bonjour,
FLTL_BYEl Magnifico
FLTL_BYKav