Pc infecté

Bonjour,

je pense que mon PC est infecté par un virus "WPM17.8.0.3442"
J'ai lancé un scan avec ZHPDiag
le rapport ci-dessous
quelqu'un peut-il m'aider ? merci d'avance!
guillaume


~ Rapport de ZHPDiag v2014.4.19.35 - Nicolas Coolman (19/04/2014)
~ Lancé par guillaume (20/04/2014 20:15:19)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16659
MFIE: Mozilla Firefox 28.0 (Defaut)
GCIE: Google Chrome

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 733WD
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v8.0.1483.0
Microsoft Security Client v4.5.0216.0
Spybot - Search & Destroy v1.6.2
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v4.05 =>.Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 55

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3539 MB (49% free)
System Restore: Activé (Enable)
System drive C: has 17 GB (22%) free of 77 GB

---\\ Mode de connexion au système
~ Computer Name: PACTP-INV05
~ User Name: guillaume
~ All Users Names: HomeGroupUser$, guillaume, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\guillaume\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\guillaume\AppData\Roaming\
~ %Desktop% : C:\Users\guillaume\Desktop\
~ %Favorites% : C:\Users\guillaume\Favorites\
~ %LocalAppData% : C:\Users\guillaume\AppData\Local\
~ %StartMenu% : C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 17 Go of 77 Go)
D: Hard drive, Flash drive, Thumb drive (Free 16 Go of 71 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 38 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.AAFEAB4FC9D70253F8C7E353E879E8A2] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.01/03/2014 - 03:32:16.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 01:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.24/01/2014 - 03:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 11:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/269
~ Mes musiques (My Musics) : 6/7
Mes Videos (My Videos) : 2/2 (Modified)
~ Mes Favoris (My Favorites) : 1/114
~ Mes Documents (My Documents) : 2/10324
~ Mon Bureau (My Desktop) : 1/483
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 28s



---\\ Processus lancés
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.2796]
[MD5.9C68DC8806635C64B67B8B0D19CEED86] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe [249856] [PID.3204]
[MD5.F8796FAA5CDECC9A6C347B1A13E6D3B3] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [458844] [PID.4840]
[MD5.C65D1EA188A6301EAC28077254B76C00] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [174104] [PID.2148]
[MD5.95F1CC093CC3DA369DBB1794EFF629B7] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [151064] [PID.3600]
[MD5.0B1B7568CED61ABF5FD717F28175C96A] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.1880]
[MD5.DAF94FB704ADB9103F6B693E2637D6F6] - (.Dell Inc. - DW WLAN Card Wireless Network Tray Applet.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [4685824] [PID.2060]
[MD5.ACDAF7B434A78E36B8CA19D2A8516DCE] - (.Dell Inc. - Dell ControlPoint.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [657920] [PID.920]
[MD5.F4CEAE5F653C6001BDB30608C244BA22] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.5104]
[MD5.072B50A439E3326C22B990DE45A37B5C] - (.Smith Micro Software, Inc. - Dell.UCM.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe [1845248] [PID.4588]
[MD5.FE422C17EED3A195418C99C307A7A0D5] - (.Wave Systems Corp. - WavX Document Manager Application.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe [147328] [PID.2608]
[MD5.16A3AFCAFD3B2822E3EA6C6CB9BE591E] - (.Broadcom Corporation - Dell Security Device and Task Status.) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232] [PID.5368]
[MD5.1F5A26DF97C33CD24A8ED4D4A1FF1348] - (.CyberLink Corp. - CyberLink PowerDVD Resident Program.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520] [PID.5108]
[MD5.12FD7C1EADDDA10A67B1D6F905B3CC1E] - (.Sony Corporation - Content Transfer Walkman Detector.) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe [583016] [PID.2800]
[MD5.48E6868781B4E8BF4B77DBEC7694BCE8] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [295072] [PID.1364]
[MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4767304] [PID.5540]
[MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480] [PID.2544]
[MD5.28A4DF487E029F614C4E5BBD27B93598] - (.Dell Inc. - DCP System Manager.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [1327472] [PID.5592]
[MD5.F03FFC962E18F36A922E61F96BE09925] - (.Avanquest Software - Digital Line Detection.) -- C:\Program Files\Digital Line Detect\DLG.exe [50688] [PID.5704]
[MD5.EB0AD0BBAB987A31AE6478D576403445] - (.Alps Electric Co., Ltd. - ApMsgFwd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe [54568] [PID.3616]
[MD5.EA7F750C761E49B544335D9AE39802CD] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\HidFind.exe [49250] [PID.5936]
[MD5.09EAABEC4C378C788E3137F0D31D0CFC] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver for Windows NT/.) -- C:\Program Files\DellTPad\Apntex.exe [49152] [PID.6020]
[MD5.72E236523814A3178C9D9738AAEDCEAF] - (.Intel Corporation - igfxext Module.) -- C:\Windows\system32\igfxext.exe [173080] [PID.5972]
[MD5.29D30400A6B832CEEAE36CF25613B8AA] - (.Wave Systems Corp. - TdmNotify Module.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [132456] [PID.5456]
[MD5.A1C1669580EF1D8F54D7EAFF527AB6A9] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8219648] [PID.3248]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.4452]
[MD5.CBA0013EBDE3F0B08B043F61857E9809] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [18544] [PID.4472]
[MD5.2F777711F4A380AACADBB85A3E7EBFCB] - (.Adobe Systems, Inc. - Adobe Flash Player 13.0 r0.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe [1864368] [PID.2576]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Default\Preferences

---\\ Liste des dossiers d'extension Google Chrome

~ Google Lines Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\mssmndph.default\prefs.js
C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\mssmndph.default\user.js
C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\p27l5l4i.Guillaume\prefs.js
C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\p27l5l4i.Guillaume\user.js
M3 - MFPP: Plugins - [guillaume] -- C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\mssmndph.default\searchplugins\Mysearchdial.xml =>Adware.MyWebSearch
M3 - MFPP: Plugins - [guillaume] -- C:\Users\guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\p27l5l4i.Guillaume\searchplugins\Mysearchdial.xml =>Adware.MyWebSearch
M0 - MFSP: prefs.js [guillaume - p27l5l4i.Guillaume] http://start.mysearchdial.com =>Adware.MyWebSearch
P2 - FPN: [HKCU] [@radvision.com/ConfClient] - (.RADVISION Ltd. - 1.5.0.5.) -- C:\Users\guillaume\AppData\Local\Radvision\Installer\1.5.0.5\npclientinstmgr.dll
~ Firefox Browser: 44 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com =>Hijacker.Qone8
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.qone8.com =>Hijacker.Qone8
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qone8.com =>Hijacker.Qone8
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.RADVISION Ltd. - 1.5.0.5.) (No version) -- (.not file.)
~ IE Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 06s
~ Nombre de lignes (Lines number): 14983



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: CrossriderApp0053098 - {11111111-1111-1111-1111-110511301198} . (.Plus HD - Plus-HD-9.3 BHO.) -- C:\Program Files\Plus-HD-9.3\Plus-HD-9.3-bho.dll =>PUP.CrossRider
~ BHO: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: PDF Architect Toolbar - [HKLM]{25A3A431-30BB-47C8-AD6A-E1063801134F} . (.pdfforge GbR - PDF Architect Toolbar.) -- C:\Program Files\PDF Architect\PDFIEPlugin.dll
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Audio Transcoder.lnk . (.Digital Music Software - Audio Converter and CD Ripper.) -- D:\AudioTranscoder\Audiotranscoder.exe
O4 - GS\Desktop [Public]: Content Transfer.lnk . (.Sony Corporation - Content Transfer.) -- C:\Program Files\Sony\Content Transfer\ContentTransfer.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe http://start.qone8.com =>Hijacker.Qone8
O4 - GS\Desktop [Public]: NWZ-E360 WALKMAN Guide.lnk . (.Sony Corporation - WALKMAN Guide.) -- C:\Program Files\Sony\WALKMAN Guide\NWZ-E360\WALKMANGuide.exe
O4 - GS\Desktop [Public]: Roxio Creator Home.lnk . (...) -- C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe
O4 - GS\Program [Public]: Documentation d'aide de Dell.lnk . (.Dell Inc. - Dell Document Viewer.) -- C:\Program Files\Dell Inc\Dell Edoc Viewer\EDocs.exe
O4 - GS\Program [Public]: Haihaisoft PDF Reader.lnk . (...) -- C:\Program Files\Haihaisoft PDF Reader\hpreader.exe (.not file.)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe http://start.qone8.com =>Hijacker.Qone8
O4 - GS\QuickLaunch [guillaume]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [guillaume]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [guillaume]: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - GS\TaskBar [guillaume]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [guillaume]: Mozilla Firefox (2).lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [guillaume]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [guillaume]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [guillaume]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [guillaume]: +++ Besançon - Raccourci.lnk . (...) -- C:\Users\guillaume\Documents\TRAVAIL\+++ Besançon
O4 - GS\Desktop [guillaume]: ADAPTALIT - Raccourci.lnk . (...) -- C:\Users\guillaume\Documents\TRAVAIL\ANR, recherche\ADAPTALIT
O4 - GS\Desktop [guillaume]: Dropbox (2).lnk - Clé orpheline
O4 - GS\Desktop [guillaume]: IEP - Raccourci.lnk - Clé orpheline
O4 - GS\Desktop [guillaume]: my music - Raccourci.lnk . (...) -- C:\Users\guillaume\AppData\Local\VirtualStore\Program Files\CDex\my music
O4 - GS\Desktop [guillaume]: Participations - Raccourci.lnk . (...) -- C:\Users\guillaume\Documents\TRAVAIL\PUBLICATIONS\Participations
O4 - GS\Desktop [guillaume]: POPSU - Raccourci.lnk . (...) -- C:\Users\guillaume\Documents\TRAVAIL\ANR, recherche\POPSU
O4 - GS\Desktop [guillaume]: RECHERCHE Fiat - Raccourci.lnk . (...) -- C:\Users\guillaume\Documents\TRAVAIL\RECHERCHE Fiat
O4 - GS\Desktop [guillaume]: RECHERCHE Lip - Raccourci.lnk . (...) -- C:\Users\guillaume\Documents\TRAVAIL\RECHERCHE Lip
O4 - GS\Desktop [guillaume]: SopCast.lnk . (.www.sopcast.com - SopCast Main Application.) -- C:\Program Files\SopCast\SopCast.exe
O4 - GS\Desktop [guillaume]: Spybot - Search & Destroy.lnk . (.Safer Networking Limited - Spybot - Search & Destroy.) -- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O4 - GS\Desktop [guillaume]: TRAVAIL - Raccourci.lnk . (...) -- C:\Users\guillaume\Documents\TRAVAIL
~ Global Startup: 85 Legitimates Filtered in 00mn 03s



---\\ Applications lancées au démarrage du système (O4)
O4 - GS\Startup [Public]: Dell ControlPoint System Manager.lnk . (.Dell Inc. - DCP System Manager.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O4 - GS\Startup [Public]: Digital Line Detect.lnk . (.Avanquest Software - Digital Line Detection.) -- C:\Program Files\Digital Line Detect\DLG.exe
O4 - GS\Startup [Public]: TdmNotify.lnk . (.Wave Systems Corp. - TdmNotify Module.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] . (.Dell Inc. - DW WLAN Card Wireless Network Tray Applet.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [DellControlPoint] . (.Dell Inc. - Dell ControlPoint.) -- c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
O4 - HKLM\..\Run: [DellConnectionManager] . (.Smith Micro Software, Inc. - Dell.UCM.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
O4 - HKLM\..\Run: [WavXMgr] . (.Wave Systems Corp. - WavX Document Manager Application.) -- C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [USCService] . (.Broadcom Corporation - Dell Security Device and Task Status.) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [PDVDDXSrv] . (.CyberLink Corp. - CyberLink PowerDVD Resident Program.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] . (.Sony Corporation - Content Transfer Walkman Detector.) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- c:\program files\real\realplayer\Update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2083118505-3889576573-3468375614-1000\..\Run: [SpybotSD TeaTimer] . (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-2083118505-3889576573-3468375614-1000\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_Plugin.exe (.not file.)
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{87AACC0D-E8FB-4EAD-A816-980461098A73}: DhcpNameServer = 195.221.39.239 130.190.226.99
O17 - HKLM\System\CCS\Services\Tcpip\..\{B98071A0-8FA7-48D3-8522-203AE28212F4}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2AEC4B1-6841-4AA6-AAE7-A0D494F230E6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{87AACC0D-E8FB-4EAD-A816-980461098A73}: DhcpDomain = upmf-grenoble.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{D2AEC4B1-6841-4AA6-AAE7-A0D494F230E6}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{87AACC0D-E8FB-4EAD-A816-980461098A73}: DhcpNameServer = 195.221.39.239 130.190.226.99
O17 - HKLM\System\CS1\Services\Tcpip\..\{B98071A0-8FA7-48D3-8522-203AE28212F4}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{D2AEC4B1-6841-4AA6-AAE7-A0D494F230E6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{87AACC0D-E8FB-4EAD-A816-980461098A73}: DhcpDomain = upmf-grenoble.fr
O17 - HKLM\System\CS1\Services\Tcpip\..\{D2AEC4B1-6841-4AA6-AAE7-A0D494F230E6}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{87AACC0D-E8FB-4EAD-A816-980461098A73}: DhcpNameServer = 195.221.39.239 130.190.226.99
O17 - HKLM\System\CS2\Services\Tcpip\..\{B98071A0-8FA7-48D3-8522-203AE28212F4}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{87AACC0D-E8FB-4EAD-A816-980461098A73}: DhcpDomain = upmf-grenoble.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files\SupTab\SEARCH~1.dll (.not file.) =>PUP.SupTab
~ AppInit DLL: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: IePlugin Service (IePluginService) . (.Cherished Technololgy LIMITED - IePlugin Service.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector
~ Services: 19 Legitimates Filtered in 00mn 07s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files\ExpressFiles\EFUpdater.exe (.not file.) [0] =>Adware.ExpressFiles
[MD5.00000000000000000000000000000000] [APT] [Go for FilesUpdate] (...) -- C:\Program Files\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles
[MD5.EABD9125E2751A00E6C91F50BB97360D] [APT] [Plus-HD-9.3-chromeinstaller] (.Plus HD.) -- C:\Program Files\Plus-HD-9.3\Plus-HD-9.3-chromeinstaller.exe [2035200] =>Adware.PlusHD
[MD5.00000000000000000000000000000000] [APT] [SomotoUpdateCheckerAutoStart] (...) -- C:\Users\guillaume\AppData\Local\FilesFrog Update Checker\update_checker.exe (.not file.) [0] =>Adware.MegaSearch
[MD5.00000000000000000000000000000000] [APT] [YourFile Update] (...) -- C:\Program Files\YourFileDownloader\YourFileUpdater.exe (.not file.) [0] =>PUP.YourFileDownloader
[MD5.00000000000000000000000000000000] [APT] [{2798EA42-26A2-4B9B-B5DC-4661B46364D1}] (...) -- C:\Users\guillaume\AppData\Roaming\qone8\UninstallManager.exe (.not file.) [0] =>Hijacker.Qone8
[MD5.00000000000000000000000000000000] [APT] [{E9A73A14-17E6-4DD2-91A0-076C78E99B35}] (...) -- E:\livebox.exe (.not file.) [0]
O39 - APT: Plus-HD-9.3-chromeinstaller - (.Plus HD.) -- C:\Windows\Tasks\Plus-HD-9.3-chromeinstaller.job [3088] =>Adware.PlusHD
~ Scheduled Task: 23 Legitimates Filtered in 00mn 04s



---\\ Logiciels installés (O42)
O42 - Logiciel: Audio Transcoder - (.Digital Music Software.) [HKLM] -- {0EDB29CF-5FFC-4824-9F13-3D1C4286CA98}_is1
O42 - Logiciel: Plus-HD-9.3 - (.Plus HD.) [HKLM] -- Plus-HD-9.3 =>Adware.PlusHD
O42 - Logiciel: Security Wizards - (.Nom de votre société.) [HKLM] -- InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}
O42 - Logiciel: WPM17.8.0.3442 - (.Cherished Technololgy LIMITED.) [HKLM] -- WPM =>PUP.WpManager
~ Logic: 19 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\RICEDAEDALUS520]
[HKCU\Software\Radvision]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Somoto] =>Adware.MegaSearch
[HKCU\Software\mysearchdial.com] =>Adware.MyWebSearch
[HKLM\Software\NetMotion]
[HKLM\Software\Wpm] =>PUP.WpManager
[HKLM\Software\supTab] =>PUP.SupTab
~ Key Software: 285 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 20/04/2014 - 20:13:12 - [] ----D C:\Program Files\Plus-HD-9.3 =>Adware.PlusHD
O43 - CFD: 11/04/2014 - 09:19:06 - [] ----D C:\Program Files\SupTab =>PUP.SupTab
O43 - CFD: 11/04/2014 - 09:19:05 - [] ----D C:\ProgramData\IePluginService =>Trojan.SProtector
O43 - CFD: 20/04/2014 - 17:55:39 - [0] ----D C:\ProgramData\WPM =>PUP.WpManager
O43 - CFD: 02/06/2010 - 12:30:18 - [] ----D C:\Users\guillaume\AppData\Roaming\BACS.exe
O43 - CFD: 23/03/2014 - 19:17:41 - [] ----D C:\Users\guillaume\AppData\Roaming\qone8 =>Hijacker.Qone8
O43 - CFD: 23/03/2014 - 18:59:29 - [] ----D C:\Users\guillaume\AppData\Roaming\SupTab =>PUP.SupTab
O43 - CFD: 27/01/2014 - 15:21:22 - [0] ----D C:\Users\guillaume\AppData\Local\Lollipop =>Adware.Lollipop
O43 - CFD: 04/12/2013 - 10:02:50 - [] ----D C:\Users\guillaume\AppData\Local\Radvision
O43 - CFD: 13/01/2014 - 11:34:58 - [] ----D C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop
~ Program Folder: 203 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.C1099E1EEA8FCD46F725FD9B6C037D51] - 20/04/2014 - 12:53:51 ---A- . (...) -- C:\Windows\System32\jupdate-1.7.0_55-b14.log [5420]
O44 - LFC:[MD5.FE2E715EE0A16B26824ABE025CA6C910] - 20/04/2014 - 16:54:33 ---A- . (...) -- C:\Windows\wininit.ini [101]
O44 - LFC:[MD5.FAF2A87120B291D9078CF6F79BCAEA80] - 20/04/2014 - 16:56:41 ---A- . (...) -- C:\.rnd [1024]
~ Files: 27 Legitimates Filtered in 00mn 38s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{13cd971b-698a-11df-ae91-a4badba7d3e4}\AutoRun\command. (...) -- F:\SETUP.exe (.not file.)
O51 - MPSK:{230eeb5b-0879-11e0-96fc-89f0fbcca5cc}\AutoRun\command. (...) -- G:\LaunchU3.exe (.not file.)
O51 - MPSK:{8b3aa63b-7d58-11e1-95c5-a4badba7d3e4}\AutoRun\command. (...) -- G:\WD SmartWare.exe (.not file.)
O51 - MPSK:{adc9066e-19ba-11e2-a154-a4badba7d3e4}\AutoRun\command - Clé orpheline
O51 - MPSK:{b646f3ec-e63e-11e2-8a8b-a4badba7d3e4}\AutoRun\command. (...) -- F:\setup.exe (.not file.)
O51 - MPSK:{d2456b7d-e8dd-11e0-a402-a4badba7d3e4}\AutoRun\command. (...) -- G:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.657A61979F40D67CA29716149766FFA7] - 06/03/2013 - 23:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49248]
O58 - SDL:[MD5.EDB0C9BA44B748E420CCA989FD8B826E] - 06/03/2013 - 23:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [164736]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 14/07/2009 - 02:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 23:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.DF672613FBBCD58C38BB0BC2694BCFB0] - 26/06/2009 - 01:58:10 ---A- . (.REDC - RICOH SD/MMC Driver.) -- C:\Windows\System32\Drivers\rimmptsk.sys [48128]
O58 - SDL:[MD5.AF213955C4D952C914620E8DB0CD0CF7] - 02/07/2009 - 17:50:16 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspe86.sys [47104]
O58 - SDL:[MD5.9BFB54D3559F2FF7301271D29D383564] - 26/06/2009 - 01:10:48 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimsptsk.sys [44544]
O58 - SDL:[MD5.6978DECC2C38C5CE10A8B0F2B12F4451] - 01/07/2009 - 04:28:28 ---A- . (.REDC - RICOH SD/MMC Driver.) -- C:\Windows\System32\Drivers\risdpe86.sys [49152]
O58 - SDL:[MD5.764C1F3453E779724BA647327DE7DDD4] - 05/07/2009 - 03:37:08 ---A- . (.REDC - RICOH PCIe XD Driver.) -- C:\Windows\System32\Drivers\rixdpe86.sys [38400]
O58 - SDL:[MD5.DCB87DA83CC1010CBC9FC4DC9E395BBC] - 26/06/2009 - 01:25:58 ---A- . (.REDC - RICOH XD SM Driver.) -- C:\Windows\System32\Drivers\rixdptsk.sys [38400]
O58 - SDL:[MD5.68103A2B441BBF3908EBB587F0704D6C] - 06/07/2013 - 14:16:12 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [466008]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 14/07/2009 - 02:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.674BE634B14A6C773D2F4F46B7A1628B] - 01/08/2009 - 01:16:12 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [409088]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 22:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 22:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 22:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 22:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 22:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 22:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 22:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 22:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 22:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 22:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 22:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 22:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 22:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 04s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("browser.search.order.1", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.crossrider.bic", "144efe48620350c6725efb55e68bb5f4"); =>PUP.CrossRider
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.AL", 2); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.aflt", "tele_14_12_ff"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0AyB0DtA0EyEtDyByBtDtN0D0Tzu0SzztCtAtN1L2XzutBtFtCzztFtBtFtDt[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.cntry", "EU"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.cr", "266347064"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.dfltLng", ""); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.dfltSrch", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.dnsErr", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.excTlbr", false); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.hdrMd5", "AFD88EA9DA8EE700AFFB9FE8E7EDDC8A"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.hmpg", true); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.hmpgUrl", "http://start.mysearchdial.com/?f=1&a=tele_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0A[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.hpFFXOld", "http://start.qone8.com/?type=hp&ts=1395594037&from=smt&uid=WDCXWD1600BJKT-75F4T0_WD[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.id", "A4BADBA7D3E40770"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.instlDay", "16152"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.instlRef", "140305_b"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.lastB", "http://start.qone8.com/?type=hp&ts=1395594037&from=smt&uid=WDCXWD1600BJKT-75F4T0_WD-WX[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.29.017:58:17"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.newTabUrl", "http://start.mysearchdial.com/?f=2&a=tele_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"92\",\"lastVrsn\":\"92\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"s[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.prdct", "mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.sg", "none"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.tlbrId", "base"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.tlbrSrchUrl", "http://start.mysearchdial.com/?f=3&a=tele_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D[...] =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.vrsn", "1.8.29.0"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial.vrsni", "1.8.29.0"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial_i.newTab", false); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial_i.smplGrp", "none"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - mssmndph.default] user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.017:58:17"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - p27l5l4i.Guillaume] user_pref("browser.search.selectedEngine", "Mysearchdial"); =>Adware.MyWebSearch
O69 - SBI: prefs.js [guillaume - p27l5l4i.Guillaume] user_pref("browser.startup.homepage", "http://start.mysearchdial.com/?f=1&a=tele_14_12_ff&cd=2XzuyEtN2Y1L1Qzu0AyE0B0A0D0B0AyB0DtA0[...] =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {261832E1-5D2A-4240-B006-15E700C77892} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {B6DE335D-EE91-4555-945B-C48918F3448E} - (Yahoo! Search) - http://fr.search.yahoo.com
~ Keys: Scanned in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "17D92BE8D8ED94B488335F80CE0FEB95" . (.DCP32MMWrapper.) -- C:\Windows\Installer\{8EB29D71-DE8D-4B49-8833-F508ECF0BE59}\ARPPRODUCTICON.exe
O90 - PUC: "24E9EA15D04641C49A6B346FA44A3E2E" . (.Document Manager Lite.) -- C:\Windows\Installer\{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}\ARPPRODUCTICON.exe
O90 - PUC: "293A837E096FD9A408E8B7FA080E3B89" . (.ESC Home Page Plugin.) -- C:\Windows\Installer\{E738A392-F690-4A9D-808E-7BAF80E0B398}\ARPPRODUCTICON.exe
O90 - PUC: "4BFD756D9DD5B2A4EA9CB3EB5245E17E" . (.SO32MMWrapper.) -- C:\Windows\Installer\{D657DFB4-5DD9-4A2B-AEC9-3BBE25541EE7}\ARPPRODUCTICON.exe
O90 - PUC: "6E3E48CE6D2CBFD4180E4438428CDF4F" . (.Security Wizards.) -- C:\Windows\Installer\{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}\ARPPRODUCTICON.exe
~ Update Products: 75 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.22FB3F39E59041770FE68030DFDC272A] [WIS][04/12/2009] (.NTRU Cryptosystems - NTRU TCG Software Stack.) -- C:\Windows\Installer\6307.msi [3345408]
~ WIS: 77 Legitimates Filtered in 00mn 19s



---\\ Recherche de clés de registre Tracing (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS =>Toolbar.Bing
HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASAPI32 =>P2P.GoforFiles
HKLM\SOFTWARE\Microsoft\Tracing\GoforFiles_RASMANCS =>P2P.GoforFiles
HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32 =>Adware.OpenCandy
HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS =>Adware.OpenCandy
HKLM\SOFTWARE\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASAPI32 =>PUP.Dealio
HKLM\SOFTWARE\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASMANCS =>PUP.Dealio
HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32 =>Adware.SearchSettings
HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS =>Adware.SearchSettings
HKLM\SOFTWARE\Microsoft\Tracing\Smartbar_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Microsoft\Tracing\Smartbar_RASMANCS =>Hijacker.SmartBar
~ BTK: 300 Legitimates Filtered in 00mn 00s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{11111111-1111-1111-1111-110511301198}] (Plus-HD-9.3) =>Adware.PlusHD
[HKCR\CLSID\{22222222-2222-2222-2222-220522302298}] (CrossriderApp0053098.Sandbox) =>PUP.CrossRider
~ BCK: 6578 Legitimates Filtered in 00mn 09s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 20/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 31/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 18/11/2009 1032192 | (SecureStorageService) . (.Wave Systems Corp..) - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 16/01/2009 74392 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
SS - | Auto 12/11/2008 1273856 | (tcsd_win32.exe) . (...) - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 15/05/2009 1803512 | (ATService) . (.AuthenTec, Inc..) - C:\Program Files\Fingerprint Sensor\AtService.exe
SR - | Auto 06/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 20/11/2009 278304 | (buttonsvc32) . (.Dell Inc..) - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
SR - | Auto 08/02/2010 386928 | (dcpsysmgrsvc) . (.Dell Inc..) - c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\XAudio32.dll (HsfXAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 07/08/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 11/04/2014 705136 | (IePluginService) . (.Cherished Technololgy LIMITED.) - C:\ProgramData\IePluginService\PluginService.exe =>Trojan.SProtector
SR - | Auto 11/03/2014 22216 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 27/10/2009 69632 | (OCS INVENTORY) . (.http://www.ocsinventory-ng.org.) - C:\Program Files\OCS Inventory Agent\ocsservice.exe
SR - | Auto 09/01/2013 1324104 | (PDF Architect Helper Service) . (.pdfforge GbR.) - C:\Program Files\PDF Architect\HelperService.exe
SR - | Auto 09/01/2013 795208 | (PDF Architect Service) . (.pdfforge GbR.) - C:\Program Files\PDF Architect\ConversionService.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 29/11/2012 38608 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
SR - | Auto 22/12/2009 77312 | (SMManager) . (.Smith Micro Software, Inc..) - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
SR - | Auto 01/08/2009 221266 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
SR - | Auto 24/11/2009 1148264 | (TdmService) . (.Wave Systems Corp..) - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
SR - | Auto 19/08/2011 450848 | (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
SR - | Auto 17/05/2010 26112 | (wltrysvc) . (...) - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 11s



---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:[MD5.68103A2B441BBF3908EBB587F0704D6C] - 06/07/2013 - 14:16:12 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [466008]
~ Emulateurs: Scanned in 00mn 11s



---\\ Scan Additionnel (O88)
Database Version : 13044 - (19/04/2014)
Clés trouvées (Keys found) : 29
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 8
Fichiers trouvés (Files found) : 7

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511301198}] =>PUP.CrossRider^
[HKLM\SYSTEM\CurrentControlSet\Services\IePluginService] =>Trojan.SProtector^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-9.3] =>Adware.PlusHD^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM] =>PUP.WpManager^
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing
[HKCU\Software\Microsoft\handle] =>Malware.Trace
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Somoto] =>Adware.MegaSearch
[HKLM\Software\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF] =>PUP.Dealio
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\SpeedUpMyPC] =>PUP.SpeedUpMyPC
[HKLM\Software\Classes\CrossriderApp0053098.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0053098.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0053098.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0053098.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110511301198}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220522302298}] =>PUP.CrossRider
C:\Program Files\Plus-HD-9.3 =>Adware.PlusHD^
C:\Program Files\SupTab =>PUP.SupTab^
C:\ProgramData\IePluginService =>Trojan.SProtector^
C:\ProgramData\WPM =>PUP.WpManager^
C:\Users\guillaume\AppData\Roaming\qone8 =>Hijacker.Qone8^
C:\Users\guillaume\AppData\Roaming\SupTab =>PUP.SupTab^
C:\Users\guillaume\AppData\Local\Lollipop =>Adware.Lollipop^
C:\Users\guillaume\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop =>Adware.Lollipop^
C:\Program Files\Plus-HD-9.3\Plus-HD-9.3-chromeinstaller.exe =>Adware.PlusHD^
C:\Windows\Tasks\Plus-HD-9.3-chromeinstaller.job =>Adware.PlusHD^
[HKCU\Software\mysearchdial.com] =>Adware.MyWebSearch^
[HKLM\Software\Wpm] =>PUP.WpManager^
[HKLM\Software\supTab] =>PUP.SupTab^
[HKCR\CLSID\{11111111-1111-1111-1111-110511301198}] (Plus-HD-9.3) =>Adware.PlusHD^
[HKCR\CLSID\{22222222-2222-2222-2222-220522302298}] (CrossriderApp0053098.Sandbox) =>PUP.CrossRider^
~ Additionnel Scan: 279946 Items scanned in 00mn 37s



---\\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
http://nicolascoolman.webs.com/apps/blog/show/33262880-hijacker-qone8 =>Hijacker.Qone8
http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
http://nicolascoolman.webs.com/apps/blog/show/41133513-pup-suptab =>PUP.SupTab
http://nicolascoolman.webs.com/apps/blog/show/40789592-trojan-sprotector =>Trojan.SProtector
http://nicolascoolman.webs.com/apps/blog/show/26753274-adware-expressfiles =>Adware.ExpressFiles
http://nicolascoolman.webs.com/apps/blog/show/28138048-adware-plushd =>Adware.PlusHD
http://nicolascoolman.webs.com/apps/blog/show/26919368-adware-megasearch =>Adware.MegaSearch
http://nicolascoolman.webs.com/apps/blog/show/27752690-pup-yourfiledownloader =>PUP.YourFileDownloader
http://nicolascoolman.webs.com/apps/blog/show/38737316-pup-wpmanager =>PUP.WpManager
http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver
http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
http://nicolascoolman.webs.com/apps/blog/show/26630902-adware-lollipop =>Adware.Lollipop
http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy
http://nicolascoolman.webs.com/apps/blog/show/27443462-pup-dealio =>PUP.Dealio
http://nicolascoolman.webs.com/apps/blog/show/27529295-adware-searchsettings =>Adware.SearchSettings
http://nicolascoolman.webs.com/apps/blog/show/26990375-hijacker-smartbar =>Hijacker.SmartBar
http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ MSI: 19 link(s) detected in 00mn 00s



~ 1270 Legitimates filtered by white list
End of the scan (685 lines in 03mn 13s)(0)