cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

~ Rapport de ZHPDiag v2014.1.12.13 - Nicolas Coolman (12/01/2014)
~ Lancé par omar seddiki (15/01/2014 11:28:37)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v6.0.2900.5512 (Defaut)
GCIE: Google Chrome v31.0.1650.63

---\\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2011

---\\ Logiciels d'optimisation du système

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 47 Stepping 0, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1023 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 29 GB (79%) free of 36 GB

---\\ Mode de connexion au système
~ Computer Name: SEDDIKI-DEE3DFB
~ User Name: omar seddiki
~ All Users Names: SUPPORT_388945a0, omar seddiki, HelpAssistant, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\omar seddiki\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\omar seddiki\Application Data\
~ %Desktop% : C:\Documents and Settings\omar seddiki\Bureau\
~ %Favorites% : C:\Documents and Settings\omar seddiki\Favoris\
~ %LocalAppData% : C:\Documents and Settings\omar seddiki\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\omar seddiki\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 29 Go of 36 Go)
D: Hard drive, Flash drive, Thumb drive (Free 161 Go of 197 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Free 4 Go of 4 Go)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 37 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 21:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.4A6E04EA20F48D750D9BFED8600D516B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.13/04/2008 - 21:33:50.) -- C:\WINDOWS\system32\wininet.dll [670208]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 21:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/04/2008 - 14:19:24.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 13:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 14:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 13:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 20:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 11:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 21:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 13:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 13:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 14:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/04/2008 - 14:17:02.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 14:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 14:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 21:47:24.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 14:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 19:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 20:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 02s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/3
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/24
~ Mon Bureau (My Desktop) : 0/4
~ Menu demarrer (Programs) : 1/21
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1212]
[MD5.BD1F9ABA4706E5852F1F9112FC3D76FE] - (...) -- C:\WINDOWS\system32\dmwu.exe [1447216] [PID.1568]
[MD5.F9D905B18752AEB78FDA90E42C5F5095] - (.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [2077008] [PID.1740]
[MD5.0C28BCC9A8A9E8CAC62A348D93DE8A46] - (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\slserv.exe [73796] [PID.2008]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.464]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.1196]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024] [PID.1628]
[MD5.E0C95266EC88E4E1521611B8048C4FBB] - (...) -- C:\WINDOWS\system32\jmdp\stij.exe [411440] [PID.2156]
[MD5.80FD4D46B0E9B620CF757A9A5C789329] - (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SOUNDMAN.exe [577536] [PID.2164]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.2196] =>Toolbar.Google
[MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe [1695232] [PID.2212]
[MD5.7D677B93A0CFA26C8A4029ABA71C2EA6] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20472992] [PID.2428]
[MD5.4C9D9C380E70FF2103E5C33EDF7599AD] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8334336] [PID.3348]
~ Processes Running: Scanned in 00mn 07s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://mysearch.sweetpacks.com =>Adware.MyWebSearch
G0 - GCSP: Preference [User Data\Default][HomePage] http://mysearch.sweetpacks.com =>Adware.MyWebSearch
G2 - GCE: Preference [User Data\Default] [pflphaooapbgpeakohlggbpidpppgdff] MySearchDial Nouvel onglet v.9.4.4 (Activé) =>Adware.MyWebSearch
~ Google Browser: 14 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.sweetpacks.com =>Adware.MyWebSearch
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://start.mysearchdial.com =>Adware.MyWebSearch
~ IE Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 01s
~ Nombre de lignes (Lines number): 23



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: CrossriderApp0037180 - {11111111-1111-1111-1111-110311711180} . (.Plus HD - Plus-HD-3.5 BHO.) -- C:\Program Files\Plus-HD-3.5\Plus-HD-3.5-bho.dll =>Adware.PlusHD
O2 - BHO: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} . (.Ironsource Israel (2011) LTD - Pas de description.) -- C:\Program Files\Mysearchdial\1.8.21.0\bh\mysearchdial.dll =>Adware.MyWebSearch
~ BHO: 8 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar: mysearchdial Toolbar - [HKLM]{3004627E-F8E9-4E8B-909D-316753CBA923} . (.Ironsource Israel (2011) LTD - Pas de description.) -- C:\Program Files\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll =>Adware.MyWebSearch
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: MSN.lnk . (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe =>.Microsoft Corporation
O4 - GS\Program [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - GS\Program [omar seddiki]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O4 - GS\Program [omar seddiki]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
~ Global Startup: 7 Legitimates Filtered in 00mn 00s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [SoundMan] . (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SOUNDMAN.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-725345543-1336601894-1801674531-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-725345543-1336601894-1801674531-1003\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-725345543-1336601894-1801674531-1003\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-21-725345543-1336601894-1801674531-1003\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 01s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{F62A9EFE-49BE-4867-9188-62D2E9B41424}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{F62A9EFE-49BE-4867-9188-62D2E9B41424}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{F62A9EFE-49BE-4867-9188-62D2E9B41424}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (IBUpdaterService) . (...) - C:\WINDOWS\system32\dmwu.exe =>Adware.InstallBrain
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 5 Legitimates Filtered in 00mn 21s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\At1.job [416]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Plus-HD-3.5-chromeinstaller.job [1932] =>Adware.PlusHD
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Plus-HD-3.5-codedownloader.job [1200] =>Adware.PlusHD
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Plus-HD-3.5-enabler.job [1100] =>Adware.PlusHD
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Plus-HD-3.5-firefoxinstaller.job [2062] =>Adware.PlusHD
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Plus-HD-3.5-updater.job [1298] =>Adware.PlusHD
~ Scheduled Task: 9 Legitimates Filtered in 00mn 29s



---\\ Logiciels installés (O42)
O42 - Logiciel: Mysearchdial - (.Mysearchdial.) [HKLM] -- mysearchdial =>Adware.MyWebSearch
O42 - Logiciel: Plus-HD-3.5 - (.Plus HD.) [HKLM] -- Plus-HD-3.5 =>Adware.PlusHD
O42 - Logiciel: SweetPacks Updater Service - (...) [HKLM] -- WNLT =>Adware.IncrediBar
~ Logic: 16 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\IM]
[HKCU\Software\IncrediMail]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\Plus-HD-3.5] =>Adware.PlusHD
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\WNLT] =>Adware.IncrediBar
[HKCU\Software\mysearchdial] =>Adware.MyWebSearch
[HKLM\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\SweetIM] =>PUP.SweetIM
~ Key Software: 90 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 04/01/2014 - 14:23:05 - [0] ----D C:\Program Files\GUM1.tmp
O43 - CFD: 06/01/2014 - 12:45:59 - [2,654] ----D C:\Program Files\Mysearchdial =>Adware.MyWebSearch
O43 - CFD: 04/01/2014 - 18:08:20 - [7,206] ----D C:\Program Files\Plus-HD-3.5 =>Adware.PlusHD
O43 - CFD: 06/01/2014 - 13:02:51 - [0,174] ----D C:\Documents and Settings\omar seddiki\Application Data\mysearchdial =>Adware.MyWebSearch
O43 - CFD: 07/01/2014 - 19:40:33 - [0,007] ----D C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Plus-HD-3.5 =>Adware.PlusHD
~ Program Folder: 67 Legitimates Filtered in 01mn 55s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.A4A0F53B606AC04F46FEF17A90945D95] - 01/01/2014 - 18:35:12 ---A- . (...) -- C:\WINDOWS\cmsetacl.log [200]
O44 - LFC:[MD5.2CE7B1EEB99C14032C0E2201B004F80E] - 01/01/2014 - 18:37:11 ---A- . (...) -- C:\WINDOWS\system32\wmimgmt.msc [63488]
O44 - LFC:[MD5.CDD932EDCB756FB5F7CE5E2F090BA838] - 01/01/2014 - 18:37:25 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.h [768]
O44 - LFC:[MD5.FDA18F513403E67CAE9BF0D2DD948B28] - 01/01/2014 - 18:37:25 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.ini [3914]
O44 - LFC:[MD5.4A547D74B435E78418BE06406250C1D3] - 01/01/2014 - 18:37:30 ---A- . (...) -- C:\WINDOWS\system32\tslabels.h [3286]
O44 - LFC:[MD5.F9A14C7B36E10052A1B0F071BC3C1C65] - 01/01/2014 - 18:37:30 ---A- . (...) -- C:\WINDOWS\system32\tslabels.ini [27768]
O44 - LFC:[MD5.9F27B27C8405FEAF7DFC4DA3751DEF22] - 01/01/2014 - 18:37:31 ---A- . (...) -- C:\WINDOWS\system32\usrlogon.cmd [1263]
O44 - LFC:[MD5.405E1EF8E3C88E9BCD2853382BB12430] - 01/01/2014 - 18:37:34 ---A- . (...) -- C:\WINDOWS\system32\bopomofo.uce [22984]
O44 - LFC:[MD5.4FDED87068052EEB9B72A97FDBC141DB] - 01/01/2014 - 18:37:35 ---A- . (...) -- C:\WINDOWS\system32\gb2312.uce [24006]
O44 - LFC:[MD5.038F6AD6CEE43585D814CDBC7CDFD3EC] - 01/01/2014 - 18:37:35 ---A- . (...) -- C:\WINDOWS\system32\ideograf.uce [60458]
O44 - LFC:[MD5.7C0C25F4BA1084C4ABBEEA2C74194C5F] - 01/01/2014 - 18:37:36 ---A- . (...) -- C:\WINDOWS\system32\kanji_1.uce [6948]
O44 - LFC:[MD5.529BBD63519BBD654EF328454019693F] - 01/01/2014 - 18:37:36 ---A- . (...) -- C:\WINDOWS\system32\kanji_2.uce [8484]
O44 - LFC:[MD5.7A7A04370A6030B9B0E8178DAD4A6E41] - 01/01/2014 - 18:37:36 ---A- . (...) -- C:\WINDOWS\system32\korean.uce [12876]
O44 - LFC:[MD5.DAC71A10A6A71CB6E3F427AE3283734B] - 01/01/2014 - 18:37:37 ---A- . (...) -- C:\WINDOWS\Rosace bleue 16.bmp [1272]
O44 - LFC:[MD5.8CA32E9D986FA76F60EFBCFCD9D80A58] - 01/01/2014 - 18:37:37 ---A- . (...) -- C:\WINDOWS\system32\shiftjis.uce [16740]
O44 - LFC:[MD5.30F5568679A54042F99CA9EC1102EBCD] - 01/01/2014 - 18:37:37 ---A- . (...) -- C:\WINDOWS\system32\subrange.uce [93702]
O44 - LFC:[MD5.39F43DBCE366B2561DF073B4C0839299] - 01/01/2014 - 18:37:38 ---A- . (...) -- C:\WINDOWS\Bulles de savon.bmp [65978]
O44 - LFC:[MD5.73D70ED3EC3BBFD8FD35DF431C38F374] - 01/01/2014 - 18:37:38 ---A- . (...) -- C:\WINDOWS\Tasse à café.bmp [17062]
O44 - LFC:[MD5.1AC5E83598D4F2143B59A2D893C3279A] - 01/01/2014 - 18:37:40 ---A- . (...) -- C:\WINDOWS\Granit vert.bmp [26582]
O44 - LFC:[MD5.203EF178BF8B0A8EC34E27E4DEDB6349] - 01/01/2014 - 18:37:40 ---A- . (...) -- C:\WINDOWS\Jour de pêche.bmp [17336]
O44 - LFC:[MD5.3A8B85AB7B415BF3F8AFE285DFE0CE29] - 01/01/2014 - 18:37:40 ---A- . (...) -- C:\WINDOWS\Plume.bmp [16730]
O44 - LFC:[MD5.280920B6773C74C3649A934257112BE1] - 01/01/2014 - 18:37:40 ---A- . (...) -- C:\WINDOWS\Vent de prairie.bmp [65954]
O44 - LFC:[MD5.EB3BFC14E41FBAA41B4FD4489AA82D39] - 01/01/2014 - 18:37:41 ---A- . (...) -- C:\WINDOWS\Mur de Santa Fe.bmp [65832]
O44 - LFC:[MD5.927A66BD587E31CB12D3AB25381658DC] - 01/01/2014 - 18:37:41 ---A- . (...) -- C:\WINDOWS\Rhododendron.bmp [17362]
O44 - LFC:[MD5.5B4AC407E566076BB726BA91E067D313] - 01/01/2014 - 18:37:41 ---A- . (...) -- C:\WINDOWS\Rivière Sumida.bmp [26680]
O44 - LFC:[MD5.5290EA6951F4724259F423B12C8E1393] - 01/01/2014 - 18:37:41 ---A- . (...) -- C:\WINDOWS\Zapotec.bmp [9522]
O44 - LFC:[MD5.AECDAECD37EC0A0808D5A7E61B37A329] - 01/01/2014 - 18:38:48 ---A- . (...) -- C:\WINDOWS\msmqinst.log [10126]
O44 - LFC:[MD5.6D2FF134AD46E0CF57472A7451C8E908] - 01/01/2014 - 18:38:52 ---A- . (...) -- C:\WINDOWS\DtcInstall.log [130]
O44 - LFC:[MD5.487403459F0B2F1A3ADEEF02496BD80E] - 01/01/2014 - 18:38:57 ---A- . (...) -- C:\WINDOWS\vb.ini [36]
O44 - LFC:[MD5.6C2F0BA210C2B53EF07653ABAC6C2490] - 01/01/2014 - 18:38:58 ---A- . (...) -- C:\WINDOWS\vbaddin.ini [37]
O44 - LFC:[MD5.9387177AFE8068BB2896341A7BDFE396] - 01/01/2014 - 18:39:05 ---A- . (...) -- C:\WINDOWS\system32\emptyregdb.dat [21892]
O44 - LFC:[MD5.ACE870ED05F1149019DAE336D7C3BB8C] - 01/01/2014 - 18:39:23 ---A- . (...) -- C:\WINDOWS\netfxocm.log [2790]
O44 - LFC:[MD5.CCA4D496958B968A643245E854F8CD87] - 01/01/2014 - 18:39:25 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [14755]
O44 - LFC:[MD5.AD9B412167183CAFA5FFE6A20E33DDEB] - 01/01/2014 - 18:39:25 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [1487]
O44 - LFC:[MD5.DDC530726C1104EC635C7AF36E0AB984] - 01/01/2014 - 18:39:25 ---A- . (...) -- C:\WINDOWS\msgsocm.log [871]
O44 - LFC:[MD5.EDF3CA7E0FD409E25108A4583AD1AC96] - 01/01/2014 - 18:39:25 ---A- . (...) -- C:\WINDOWS\ocgen.log [14772]
O44 - LFC:[MD5.DADB3267CF9AA47E7EF8BBF043FBC4B8] - 01/01/2014 - 18:39:25 ---A- . (...) -- C:\WINDOWS\sessmgr.setup.log [1022]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 01/01/2014 - 18:42:59 ---A- . (...) -- C:\WINDOWS\desktop.ini [2]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 01/01/2014 - 18:42:59 ---A- . (...) -- C:\WINDOWS\system32\desktop.ini [2]
O44 - LFC:[MD5.8FBEC4D51D39DB985490F7C049AF488E] - 01/01/2014 - 18:42:59 -SH-- . (...) -- C:\WINDOWS\winnt.bmp [49102]
O44 - LFC:[MD5.8FBEC4D51D39DB985490F7C049AF488E] - 01/01/2014 - 18:42:59 -SH-- . (...) -- C:\WINDOWS\winnt256.bmp [49102]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 01/01/2014 - 18:44:16 R-HA- . (...) -- C:\WINDOWS\WindowsShell.Manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 01/01/2014 - 18:44:16 R-HA- . (...) -- C:\WINDOWS\system32\cdplayer.exe.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 01/01/2014 - 18:44:16 R-HA- . (...) -- C:\WINDOWS\system32\ncpa.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 01/01/2014 - 18:44:16 R-HA- . (...) -- C:\WINDOWS\system32\nwc.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 01/01/2014 - 18:44:16 R-HA- . (...) -- C:\WINDOWS\system32\sapi.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 01/01/2014 - 18:44:16 R-HA- . (...) -- C:\WINDOWS\system32\wuaucpl.cpl.manifest [749]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 01/01/2014 - 18:44:20 R-HA- . (...) -- C:\WINDOWS\system32\WindowsLogon.manifest [488]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 01/01/2014 - 18:44:20 R-HA- . (...) -- C:\WINDOWS\system32\logonui.exe.manifest [488]
O44 - LFC:[MD5.2B9C717D21A1331BA3731886E3EE87BB] - 01/01/2014 - 18:45:04 ---A- . (...) -- C:\WINDOWS\ODBCINST.INI [4205]
O44 - LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - 01/01/2014 - 18:45:12 ---A- . (...) -- C:\WINDOWS\system32\amcompat.tlb [16832]
O44 - LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] - 01/01/2014 - 18:45:12 ---A- . (...) -- C:\WINDOWS\system32\nscompat.tlb [23392]
O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 01/01/2014 - 18:45:13 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 01/01/2014 - 18:45:20 ---A- . (...) -- C:\AUTOEXEC.BAT [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 01/01/2014 - 18:45:20 ---A- . (...) -- C:\CONFIG.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 01/01/2014 - 18:45:20 ---A- . (...) -- C:\WINDOWS\control.ini [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 01/01/2014 - 18:45:20 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 01/01/2014 - 18:45:20 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.2A06DD2B3C0188B40DDBE0762DBD3A3B] - 01/01/2014 - 18:48:38 ---A- . (...) -- C:\WINDOWS\comsetup.log [15945]
O44 - LFC:[MD5.AA3EDA7383BA8ED9101FBC74C26C0E14] - 01/01/2014 - 18:48:38 ---A- . (...) -- C:\WINDOWS\iis6.log [48908]
O44 - LFC:[MD5.68C7E2F1F3CD09A31A4FA4EB29F5CB4C] - 01/01/2014 - 18:48:38 ---A- . (...) -- C:\WINDOWS\imsins.log [4326]
O44 - LFC:[MD5.0F28DBA452E4039232180776E0FA23F2] - 01/01/2014 - 18:48:38 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [7967]
O44 - LFC:[MD5.E5A08F9E08A6AED6F0EF961B6E4245D5] - 01/01/2014 - 18:48:38 ---A- . (...) -- C:\WINDOWS\ocmsn.log [885]
O44 - LFC:[MD5.F543147789179272C7AC7FF9E50E1F39] - 01/01/2014 - 18:48:38 ---A- . (...) -- C:\WINDOWS\system32\$winnt$.inf [589]
O44 - LFC:[MD5.C58778044EC8783536B139C9708C639B] - 01/01/2014 - 18:48:38 ---A- . (...) -- C:\WINDOWS\tabletoc.log [1252]
O44 - LFC:[MD5.E1A380E402C6E7FFEF64C64BE454DBD9] - 01/01/2014 - 18:48:38 ---A- . (...) -- C:\WINDOWS\tsoc.log [10818]
O44 - LFC:[MD5.364C353C32D05690F3EFA0C19D740EFB] - 01/01/2014 - 18:49:44 ---A- . (...) -- C:\WINDOWS\REGLOCS.OLD [8192]
O44 - LFC:[MD5.EBA67C52CD8DB6D5E122EB8818162FDB] - 01/01/2014 - 18:52:54 ---A- . (...) -- C:\WINDOWS\setuplog.txt [798247]
O44 - LFC:[MD5.44B5AC4D73E6C91845CB75D0C558F42A] - 01/01/2014 - 18:53:06 ---A- . (...) -- C:\WINDOWS\wmsetup.log [936]
O44 - LFC:[MD5.8EA0FC6FA0AFF90FD716CF59A3575693] - 01/01/2014 - 18:53:07 ---A- . (...) -- C:\WINDOWS\OEWABLog.txt [833]
O44 - LFC:[MD5.F344F18497404ED4E03F63C294F27F44] - 01/01/2014 - 18:58:58 ---A- . (...) -- C:\WINDOWS\nsw.log [276]
O44 - LFC:[MD5.A799EA2E17F8C6747801E37F25FE078F] - 01/01/2014 - 19:29:32 R--A- . (...) -- C:\WINDOWS\SET3.tmp [1246130]
O44 - LFC:[MD5.7DEBF83AF61B07063EF0CEEADD4B4E59] - 01/01/2014 - 19:29:35 R--A- . (...) -- C:\WINDOWS\SET4.tmp [1088840]
O44 - LFC:[MD5.619D9DD12A0BFDB080A86CE19F09CA10] - 01/01/2014 - 19:29:40 R--A- . (...) -- C:\WINDOWS\SET8.tmp [16825]
O44 - LFC:[MD5.486E0B1BC94C346E5C352C295388C803] - 01/01/2014 - 19:29:56 ----- . (...) -- C:\WINDOWS\system32\CONFIG.TMP [3072]
O44 - LFC:[MD5.F08DBD8C48A168818A3DFC28929EE6B5] - 01/01/2014 - 19:29:56 ---A- . (...) -- C:\WINDOWS\system32\AUTOEXEC.NT [1896]
O44 - LFC:[MD5.6CB26848BCDAA361B6EE21264FB362C3] - 01/01/2014 - 19:30:07 ---A- . (...) -- C:\WINDOWS\system32\c_20127.nls [66082]
O44 - LFC:[MD5.6F8A509550FE8C92D07EE0143BF29BA1] - 01/01/2014 - 19:30:09 ---A- . (...) -- C:\WINDOWS\system32\c_10010.nls [66082]
O44 - LFC:[MD5.D2CA471D36A69D17F82D5C1B64FAEE39] - 01/01/2014 - 19:30:09 ---A- . (...) -- C:\WINDOWS\system32\c_10029.nls [66082]
O44 - LFC:[MD5.9CA501D2A8E6909C5B2E8C9274682BF1] - 01/01/2014 - 19:30:09 ---A- . (...) -- C:\WINDOWS\system32\c_10082.nls [66082]
O44 - LFC:[MD5.21E928C8E6ED8EEAB0D1AAEE82ACDD76] - 01/01/2014 - 19:30:09 ---A- . (...) -- C:\WINDOWS\system32\c_852.nls [66594]
O44 - LFC:[MD5.5D038EEABA8EA438F6B5ABD5E91BC851] - 01/01/2014 - 19:30:13 ---A- . (...) -- C:\WINDOWS\system32\C_28594.NLS [66082]
O44 - LFC:[MD5.3E969213F35127D83DAB48FF1283E8E4] - 01/01/2014 - 19:30:13 ---A- . (...) -- C:\WINDOWS\system32\c_855.nls [66594]
O44 - LFC:[MD5.5CD475CA7B87844DE1E0483B536F9AAE] - 01/01/2014 - 19:30:13 ---A- . (...) -- C:\WINDOWS\system32\c_866.nls [66594]
O44 - LFC:[MD5.BAC7072B365F9648CA318154BA7E03EC] - 01/01/2014 - 19:30:16 ---A- . (...) -- C:\WINDOWS\system32\c_737.nls [66594]
O44 - LFC:[MD5.B537ACFAB9E70F0EF48DB696A08ADC81] - 01/01/2014 - 19:30:17 ---A- . (...) -- C:\WINDOWS\system32\C_28597.NLS [66082]
O44 - LFC:[MD5.0A206B5CACD3CA70D2044DA691304765] - 01/01/2014 - 19:30:17 ---A- . (...) -- C:\WINDOWS\system32\c_10006.nls [66082]
O44 - LFC:[MD5.780C444EB16B65E6DE96F794A732DA12] - 01/01/2014 - 19:30:17 ---A- . (...) -- C:\WINDOWS\system32\c_869.nls [66594]
O44 - LFC:[MD5.8BE0D77A873730B4EB1DAB7C6622CD46] - 01/01/2014 - 19:30:17 ---A- . (...) -- C:\WINDOWS\system32\c_875.nls [66082]
O44 - LFC:[MD5.AF4A866226BD04ACF06135088D75BB63] - 01/01/2014 - 19:30:22 ---A- . (...) -- C:\WINDOWS\system32\c_10007.nls [66082]
O44 - LFC:[MD5.314E85390BEBDAE5D1E11DB2D8CBC6E9] - 01/01/2014 - 19:30:22 ---A- . (...) -- C:\WINDOWS\system32\c_10017.nls [66082]
O44 - LFC:[MD5.E22D1B9AC7854C0A654E4C4232074E49] - 01/01/2014 - 19:30:23 ---A- . (...) -- C:\WINDOWS\system32\C_28595.NLS [66082]
O44 - LFC:[MD5.EFFDFF60A38CF648811BBCDD722ECF5E] - 01/01/2014 - 19:30:28 ---A- . (...) -- C:\WINDOWS\system32\c_10081.nls [66082]
O44 - LFC:[MD5.C37A21EE1ADFDC13FC707D97073148ED] - 01/01/2014 - 19:30:28 ---A- . (...) -- C:\WINDOWS\system32\c_28599.nls [66082]
O44 - LFC:[MD5.A8764750B22B528D85A691A52CB21856] - 01/01/2014 - 19:30:28 ---A- . (...) -- C:\WINDOWS\system32\c_857.nls [66594]
O44 - LFC:[MD5.35448F3A71EBBECF8E997FAD3A99327D] - 01/01/2014 - 19:30:37 ---A- . (...) -- C:\WINDOWS\system32\c_28603.nls [66082]
O44 - LFC:[MD5.60F8839C393B30E0194DFE5F415538F4] - 01/01/2014 - 19:30:38 ---A- . (...) -- C:\WINDOWS\regopt.log [1488]
O44 - LFC:[MD5.A0E02492452D4E237465D99D005D91FD] - 01/01/2014 - 19:30:38 ---A- . (...) -- C:\WINDOWS\system.ini [231]
O44 - LFC:[MD5.E22BA739381400DA0BF2C939D1F6154E] - 01/01/2014 - 19:30:52 ---A- . (...) -- C:\WINDOWS\system32\pid.PNF [4444]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 01/01/2014 - 19:33:24 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 01/01/2014 - 19:34:39 ---A- . (...) -- C:\WINDOWS\system32\h323log.txt [0]
O44 - LFC:[MD5.EE9D8B7FAD6E066F255E7598D3CB25F4] - 01/01/2014 - 20:14:41 ---A- . (...) -- C:\WINDOWS\win.ini [552]
O44 - LFC:[MD5.2FA286AF32F6CE8BC818D169EE571331] - 01/01/2014 - 22:10:02 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.60CB14BDE36D1E85C7997FF3F5F19E2E] - 01/01/2014 - 22:27:05 ---A- . (...) -- C:\WINDOWS\wiadebug.log [618]
O44 - LFC:[MD5.BB47824F9B42B7EF93E4F7129782A48E] - 04/01/2014 - 18:51:01 ---A- . (.Pas de propriétaire - RtlCPAPI Module.) -- C:\WINDOWS\system32\RtlCPAPI.dll [147456]
O44 - LFC:[MD5.C99E22EFE74C8B3EFF93E227472FE247] - 04/01/2014 - 18:51:06 ---A- . (...) -- C:\WINDOWS\system32\alsndmgr.wav [141016]
O44 - LFC:[MD5.43C3571EADA5BC1EDEAD7CA22AD66F30] - 04/01/2014 - 18:54:04 ---A- . (...) -- C:\WINDOWS\system32\ChCfg.exe [49152]
O44 - LFC:[MD5.3B1F87F8EE07E0A286C83A5D9FC18238] - 04/01/2014 - 18:59:48 ---A- . (...) -- C:\WINDOWS\DPINST.LOG [8896]
O44 - LFC:[MD5.0D0C4C47CAB5F227C9E6E9971FC06AEF] - 04/01/2014 - 22:24:07 ---A- . (...) -- C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT [68464]
O44 - LFC:[MD5.BD1F9ABA4706E5852F1F9112FC3D76FE] - 06/01/2014 - 14:11:23 ---A- . (...) -- C:\WINDOWS\system32\dmwu.exe [1447216]
O44 - LFC:[MD5.0D1BE2F838B0C03A82013B44FA26595E] - 06/01/2014 - 14:11:23 ---A- . (.IncrediMail, Ltd. - IMHttpCo Dynamic Link Library.) -- C:\WINDOWS\system32\ImHttpComm.dll [27136]
O44 - LFC:[MD5.188E68005ED62F32248032C65CB4DE96] - 06/01/2014 - 14:11:26 ---A- . (...) -- C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest [1870]
O44 - LFC:[MD5.852FFDBAD603C1E6FB90175103303F97] - 15/01/2014 - 11:25:28 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [664]
~ Files: 374 Legitimates Filtered in 04mn 36s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.6C9AF24B3E374FCD3B48B8FF53B2543F] - 01/01/2014 - 18:50:19 ---A- - C:\WINDOWS\Prefetch\SLSERV.EXE-3109E15D.pf
O45 - LFCP:[MD5.B0E275C1AB130D2B2FB3E9C28CA0EFE0] - 01/01/2014 - 18:50:35 ---A- - C:\WINDOWS\Prefetch\AGENTSVR.EXE-260B72BD.pf
O45 - LFCP:[MD5.32DE2C42BD6B3EC57096F28F0D57D60E] - 01/01/2014 - 19:10:50 ---A- - C:\WINDOWS\Prefetch\INSTUP.EXE-345DFF85.pf
O45 - LFCP:[MD5.4BE5D9D3AE6C4408F62950E6EEF961E0] - 01/01/2014 - 19:13:29 ---A- - C:\WINDOWS\Prefetch\CHROME_SETUP_13885999961812.E-1621CC5D.pf
O45 - LFCP:[MD5.CCDD9D74D3E4541DF380884EC4430707] - 01/01/2014 - 19:20:31 ---A- - C:\WINDOWS\Prefetch\GTOOLBAR_SETUP_13886004181372-1E611EFE.pf
O45 - LFCP:[MD5.A5A23EA1A0FDB3F7510BA3820F0A054A] - 01/01/2014 - 19:23:00 ---A- - C:\WINDOWS\Prefetch\6442399A-FC80-4163-957F-84FCA-24542819.pf
O45 - LFCP:[MD5.6D6B7D3097E3B3F0F484BF6D4CAF92FD] - 01/01/2014 - 19:57:41 ---A- - C:\WINDOWS\Prefetch\OSE00000.EXE-0638187C.pf
O45 - LFCP:[MD5.DC75E1E31CA60C494FCE0F239E13D8C2] - 01/01/2014 - 22:00:58 ---A- - C:\WINDOWS\Prefetch\RCIMLBY.EXE-389F960F.pf
O45 - LFCP:[MD5.1A2DF641400985F0227F16177039707D] - 04/01/2014 - 17:57:58 ---A- - C:\WINDOWS\Prefetch\NS31.TMP-36FA7BBE.pf
O45 - LFCP:[MD5.5A7806D80CF4F09E274B0B4EF298CCE4] - 04/01/2014 - 18:01:58 ---A- - C:\WINDOWS\Prefetch\INSTALLATION-IE8-XP-01NET[1].-251C00E2.pf
O45 - LFCP:[MD5.50117A73857C0552D3884538571FFEE0] - 04/01/2014 - 18:02:31 ---A- - C:\WINDOWS\Prefetch\WAJAM_VALIDATE.EXE-2B401F81.pf =>PUP.Wajam
O45 - LFCP:[MD5.F89478DDE1D813D2CB5DFF6F0FB62F8D] - 04/01/2014 - 18:02:57 ---A- - C:\WINDOWS\Prefetch\MYSEARCHDIAL.EXE-1932F312.pf =>Adware.MyWebSearch
O45 - LFCP:[MD5.F200F7B1E730774733D19BC9A1AE3336] - 04/01/2014 - 18:03:12 ---A- - C:\WINDOWS\Prefetch\PLUS-HD-S-3-5.EXE-379122F8.pf =>Adware.PlusHD
O45 - LFCP:[MD5.64F627249B64AC3503F907F382C51933] - 04/01/2014 - 18:03:29 ---A- - C:\WINDOWS\Prefetch\WMUPO.EXE-145242B8.pf
O45 - LFCP:[MD5.639C2EC5D45C13BA6EAB415AAA57B2CC] - 04/01/2014 - 18:04:28 ---A- - C:\WINDOWS\Prefetch\INSTALLATION-IE8-XP-01NET.EXE-11BE2EFC.pf
O45 - LFCP:[MD5.93BB872C19A5FE9C8E867EAEB7C4E311] - 06/01/2014 - 12:47:33 ---A- - C:\WINDOWS\Prefetch\MYSEARCHDIALSRV.EXE-220AC8D4.pf =>Adware.MyWebSearch
O45 - LFCP:[MD5.AFA157B19F5F045CF92D54991945FC9D] - 06/01/2014 - 12:49:58 ---A- - C:\WINDOWS\Prefetch\AT.EXE-02A43BFA.pf
O45 - LFCP:[MD5.618F3A0A4F66AC451CE0D00ABAE338D6] - 06/01/2014 - 14:14:40 ---A- - C:\WINDOWS\Prefetch\INSTUP.EXE-2D344058.pf
O45 - LFCP:[MD5.E95040DB376FEEFD97FF830CA1075CA8] - 06/01/2014 - 18:05:07 ---A- - C:\WINDOWS\Prefetch\PLUS-HD-3.5-FIREFOXINSTALLER.-0DCAFD77.pf =>Adware.PlusHD
O45 - LFCP:[MD5.A6E05C3DAA86AE50B63D52A50DE3C147] - 06/01/2014 - 21:33:54 ---A- - C:\WINDOWS\Prefetch\IEDW.EXE-0F1DF43F.pf
O45 - LFCP:[MD5.534944064496EEBFD08D8DD64507D652] - 07/01/2014 - 15:49:54 ---A- - C:\WINDOWS\Prefetch\PLUS-HD-3.5-CODEDOWNLOADER.EX-1FBF4F4E.pf =>Adware.PlusHD
~ Prefetcher: 130 Legitimates Filtered in 00mn 10s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\omar seddiki\Local Settings\Temp\is42483369\1153305_stp\BundleSweetIMSetup.exe" [Enabled] .(...) -- C:\Documents and Settings\omar seddiki\Local Settings\Temp\is42483369\1153305_stp\BundleSweetIMSetup.exe (.not file.) =>PUP.SweetIM
O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\dmwu.exe" [Enabled] .(.Pas de propriétaire.) -- C:\WINDOWS\system32\dmwu.exe
~ Keys Export: 11 Legitimates Filtered in 00mn 06s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] - 01/01/2014 - 19:12:50 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] - 01/01/2014 - 19:12:50 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [180248]
O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 28/08/2001 - 16:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 13/04/2008 - 11:36:06 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.C53775780148884AC87C455489A0C070] - 13/04/2008 - 12:23:42 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686]
O58 - SDL:[MD5.54886A652BF5685192141DF304E923FD] - 13/04/2008 - 12:23:40 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184]
O58 - SDL:[MD5.576B34CEAE5B7E5D9FD2775E93B3DB53] - 13/04/2008 - 12:23:42 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 28/08/2001 - 16:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.E9AAA0092D74A9D371659C4C38882E12] - 13/04/2008 - 12:23:44 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\RecAgent.sys [13776]
O58 - SDL:[MD5.2C1779C0FEB1F4A6033600305EBA623A] - 13/04/2008 - 12:23:46 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990]
O58 - SDL:[MD5.F9B8E30E82EE95CF3E1D3E495599B99C] - 13/04/2008 - 12:23:48 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424]
O58 - SDL:[MD5.DB56BB2C55723815CF549D7FC50CFCEB] - 13/04/2008 - 12:23:48 ---A- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 28/08/2001 - 16:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 28/08/2001 - 16:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 28/08/2001 - 16:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 28/08/2001 - 16:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 28/08/2001 - 16:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/04/2008 - 11:50:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 28/08/2001 - 16:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 28/08/2001 - 16:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 28/08/2001 - 16:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 28/08/2001 - 16:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 28/08/2001 - 16:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 13/04/2008 - 11:49:52 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 13/04/2008 - 11:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 13/04/2008 - 11:49:40 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 13/04/2008 - 11:49:44 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 13/04/2008 - 11:49:42 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 5 Legitimates Filtered in 01mn 07s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 15/01/2014 - 11:38:39 -SHA- . (...) -- C:\Documents and Settings\omar seddiki\Application Data\Microsoft\Credentials\S-1-5-21-725345543-1336601894-1801674531-1003\Credentials [516]
O61 - LFC: 15/01/2014 - 11:38:45 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Application Data\ZHP\Log.txt [18427] =>.Nicolas Coolman
O61 - LFC: 15/01/2014 - 11:38:46 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Application Data\ZHP\TestsZHPDiag.txt [3379] =>.Nicolas Coolman
O61 - LFC: 15/01/2014 - 11:38:46 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Bureau\ZHPDiag.lnk [1523] =>.Nicolas Coolman
O61 - LFC: 15/01/2014 - 11:38:47 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Bureau\ZHPFix.lnk [1628] =>.Nicolas Coolman
O61 - LFC: 15/01/2014 - 11:39:27 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\background.html [1567]
O61 - LFC: 15/01/2014 - 11:39:28 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\crossriderManifest.json [738] =>PUP.CrossRider
O61 - LFC: 15/01/2014 - 11:39:29 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\manifest.xml [1728]
O61 - LFC: 15/01/2014 - 11:39:29 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\102_dealply_m.js [2247] =>PUP.DealPly
O61 - LFC: 15/01/2014 - 11:39:30 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\103_intext_5_m.js [3094]
O61 - LFC: 15/01/2014 - 11:39:30 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\104_jollywallet_m.js [1383]
O61 - LFC: 15/01/2014 - 11:39:30 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\105_corticas_m.js [632]
O61 - LFC: 15/01/2014 - 11:39:31 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\108_icm_m.js [5117]
O61 - LFC: 15/01/2014 - 11:39:31 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\117_coupons_intext_ads_5_m.js [3217]
O61 - LFC: 15/01/2014 - 11:39:32 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\119_similar_web_m.js [5227]
O61 - LFC: 15/01/2014 - 11:39:32 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\120_luck_m.js [1238]
O61 - LFC: 15/01/2014 - 11:39:33 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\123_intext_adv_m.js [900]
O61 - LFC: 15/01/2014 - 11:39:33 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js [790]
O61 - LFC: 15/01/2014 - 11:39:39 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\125_arcadi2_m.js [922]
O61 - LFC: 15/01/2014 - 11:39:39 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\126_revizer_ws_m.js [1366]
O61 - LFC: 15/01/2014 - 11:39:40 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\127_revizer_p_m.js [1247]
O61 - LFC: 15/01/2014 - 11:39:40 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\128_superfish_pricora_m.js [763] =>Adware.Pricora
O61 - LFC: 15/01/2014 - 11:39:41 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\135_arcadi3_m.js [922]
O61 - LFC: 15/01/2014 - 11:39:41 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\138_getdeal_m.js [1416]
O61 - LFC: 15/01/2014 - 11:39:42 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\13_CrossriderAppUtils.js [7056] =>PUP.CrossRider
O61 - LFC: 15/01/2014 - 11:39:42 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\141_corticas_ru_m.js.js [720]
O61 - LFC: 15/01/2014 - 11:39:43 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\142_intext_fa_m.js [819]
O61 - LFC: 15/01/2014 - 11:39:43 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\14_CrossriderUtils.js [13554] =>PUP.CrossRider
O61 - LFC: 15/01/2014 - 11:39:44 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\155_ibario_pops_m.js [712]
O61 - LFC: 15/01/2014 - 11:39:44 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js [2402]
O61 - LFC: 15/01/2014 - 11:39:44 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\159_cortica_rollover_m.js [775]
O61 - LFC: 15/01/2014 - 11:39:45 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\171_arcadi2_sourceID_m.js [997]
O61 - LFC: 15/01/2014 - 11:39:45 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js [981]
O61 - LFC: 15/01/2014 - 11:39:46 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\175_coolmirage_m.js [6317]
O61 - LFC: 15/01/2014 - 11:39:46 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\177_crossriderDashboard.js [24865] =>PUP.CrossRider
O61 - LFC: 15/01/2014 - 11:39:47 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\178_revizer_ws_dynamic_m.js [1094]
O61 - LFC: 15/01/2014 - 11:39:47 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\179_revizer_p_dynamic_m.js [1092]
O61 - LFC: 15/01/2014 - 11:39:48 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\17_jQuery.js [79982]
O61 - LFC: 15/01/2014 - 11:39:48 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\180_bpo_serp_m.js [1006]
O61 - LFC: 15/01/2014 - 11:39:49 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\182_openUrl.js [14303]
O61 - LFC: 15/01/2014 - 11:39:49 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\184_noproblemppc_m.js [1053]
O61 - LFC: 15/01/2014 - 11:39:50 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\189_active_sanity.js [1766]
O61 - LFC: 15/01/2014 - 11:39:50 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\190_pops_5_m.js [817]
O61 - LFC: 15/01/2014 - 11:39:51 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\191_ciuvo_m.js [1150]
O61 - LFC: 15/01/2014 - 11:39:51 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js [974]
O61 - LFC: 15/01/2014 - 11:39:52 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js [972]
O61 - LFC: 15/01/2014 - 11:39:52 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\194_retargeting_bi_m.js.js [2301]
O61 - LFC: 15/01/2014 - 11:39:53 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\195_icm_convertmedia_m.js [28049]
O61 - LFC: 15/01/2014 - 11:39:53 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\197_kreapixel_pops_m.js [8435] =>Adware.SocialSkinz
O61 - LFC: 15/01/2014 - 11:39:54 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\198_superfish_no_search_no_coupons_plushd_m.js [809]
O61 - LFC: 15/01/2014 - 11:39:54 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\199_superfish_no_coupons_plushd_m.js [789]
O61 - LFC: 15/01/2014 - 11:39:54 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\19_CHAppAPIWrapper.js [6327]
O61 - LFC: 15/01/2014 - 11:39:55 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\1_base.js [6908]
O61 - LFC: 15/01/2014 - 11:39:55 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\200_foxydeal_m.js [639]
O61 - LFC: 15/01/2014 - 11:39:56 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\21_debug.js [3676]
O61 - LFC: 15/01/2014 - 11:39:56 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\22_resources.js [9082]
O61 - LFC: 15/01/2014 - 11:39:57 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\28_initializer.js [664]
O61 - LFC: 15/01/2014 - 11:39:57 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\47_resources_background.js [7720]
O61 - LFC: 15/01/2014 - 11:39:58 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\4_jquery_1_7_1.js [94180]
O61 - LFC: 15/01/2014 - 11:39:58 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\64_appApiMessage.js [2332]
O61 - LFC: 15/01/2014 - 11:39:59 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\72_appApiValidation.js [23624]
O61 - LFC: 15/01/2014 - 11:39:59 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\78_CrossriderInfo.js [2234] =>PUP.CrossRider
O61 - LFC: 15/01/2014 - 11:40:00 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\7_hooks.js [801]
O61 - LFC: 15/01/2014 - 11:40:00 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\80_CHPopupAppAPI.js [194]
O61 - LFC: 15/01/2014 - 11:40:01 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\87_ginyas_wrapper.js [20377]
O61 - LFC: 15/01/2014 - 11:40:01 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\91_monetizationLoader.js.js [142346]
O61 - LFC: 15/01/2014 - 11:40:02 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\93_superfish_no_coupons_m.js [775]
O61 - LFC: 15/01/2014 - 11:40:02 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\97_resourceApiWrapper.js [3299]
O61 - LFC: 15/01/2014 - 11:40:03 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins.json [15445]
O61 - LFC: 15/01/2014 - 11:40:03 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\plugins\9_search_engine_hook.js [2285]
O61 - LFC: 15/01/2014 - 11:40:04 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\userCode\background.js [428]
O61 - LFC: 15/01/2014 - 11:40:04 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\extensionData\userCode\extension.js [6521]
O61 - LFC: 15/01/2014 - 11:40:07 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\api\chrome.js [11566]
O61 - LFC: 15/01/2014 - 11:40:08 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\api\cookie.js [11793]
O61 - LFC: 15/01/2014 - 11:40:08 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\api\message.js [3346]
O61 - LFC: 15/01/2014 - 11:40:09 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\api\pageAction.js [1737]
O61 - LFC: 15/01/2014 - 11:40:09 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\api\pageActionBG.js [2519]
O61 - LFC: 15/01/2014 - 11:40:10 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\background.js [30353]
O61 - LFC: 15/01/2014 - 11:40:10 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\lib\app_api.js [6317]
O61 - LFC: 15/01/2014 - 11:40:11 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\lib\bg_app_api.js [4617]
O61 - LFC: 15/01/2014 - 11:40:11 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\lib\consts.js [335]
O61 - LFC: 15/01/2014 - 11:40:11 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\lib\cookie_store.js [5905]
O61 - LFC: 15/01/2014 - 11:40:12 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\lib\crossriderAPI.js [11366] =>PUP.CrossRider
O61 - LFC: 15/01/2014 - 11:40:12 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\lib\delegate.js [2002]
O61 - LFC: 15/01/2014 - 11:40:13 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\lib\events.js [5757]
O61 - LFC: 15/01/2014 - 11:40:13 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\lib\extensionDataStore.js [6294]
O61 - LFC: 15/01/2014 - 11:40:14 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\lib\installer.js [758]
O61 - LFC: 15/01/2014 - 11:40:14 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\lib\logFile.js [775]
O61 - LFC: 15/01/2014 - 11:40:15 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\lib\logging.js [944]
O61 - LFC: 15/01/2014 - 11:40:15 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\lib\onBGDocumentLoad.js [480]
O61 - LFC: 15/01/2014 - 11:40:16 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\lib\popupResource\newPopup.js [40]
O61 - LFC: 15/01/2014 - 11:40:16 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\lib\popupResource\popup.js [45]
O61 - LFC: 15/01/2014 - 11:40:17 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\lib\reports.js [4841]
O61 - LFC: 15/01/2014 - 11:40:17 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\lib\storageWrapper.js [903]
O61 - LFC: 15/01/2014 - 11:40:17 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\lib\updateManager.js [5665]
O61 - LFC: 15/01/2014 - 11:40:18 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\lib\util.js [5142]
O61 - LFC: 15/01/2014 - 11:40:18 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\lib\xhr.js [2478]
O61 - LFC: 15/01/2014 - 11:40:19 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\js\main.js [8452]
O61 - LFC: 15/01/2014 - 11:40:20 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\manifest.json [1097]
O61 - LFC: 15/01/2014 - 11:40:20 ---A- . (...) -- C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ldikpdnngdmeceeameoaannjilbjppnm\1.25.85_0\popup.html [139]
~ 2 Fichiers cookies (Cookies files)
~ Files: 111 Legitimates Filtered in 05mn 04s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 28/10/2013 - C:\WINDOWS\system32\dmwu.exe (IBUpdaterService) .(...) - LEGACY_IBUPDATERSERVICE =>Adware.InstallBrain
~ Legacy: 116 Legitimates Filtered in 00mn 15s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {77AA745B-F4F8-45DA-9B14-61D2D95054C8} - (Mysearchdial) - http://start.mysearchdial.com =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {EEE6C360-6118-11DC-9C72-001320C79847} [DefaultScope] - (Sweetpacks Search) - http://mysearch.sweetpacks.com =>Adware.MyWebSearch
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.884E144676C0C9679042E83574822FB9] [SPRF][15/01/2014] (...) -- C:\Documents and Settings\omar seddiki\AppData\LocalLow\SkwConfig.bin [8432]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 01/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 01/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 01/01/2014 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe

SR - | Auto 01/01/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 28/10/2013 1447216 | (IBUpdaterService) . (...) - C:\WINDOWS\system32\dmwu.exe =>Adware.InstallBrain
SR - | Auto 25/10/2013 2077008 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 13/04/2008 73796 | (SLService) . (.Smart Link.) - C:\WINDOWS\system32\slserv.exe

~ Services: Scanned in 00mn 14s



---\\ Scan Additionnel (O88)
Database Version : 13022 - (12/01/2014)
Clés trouvées (Keys found) : 50
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 8

[HKLM\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311711180}] =>Adware.PlusHD^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}] =>Adware.MyWebSearch^
[HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService] =>Adware.InstallBrain^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial] =>Adware.MyWebSearch^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-3.5] =>Adware.PlusHD^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WNLT] =>Adware.IncrediBar^
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escort.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escortapp.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\escorteng.dll] =>PUP.Babylon
[HKLM\Software\Classes\AppID\esrv.EXE] =>PUP.Babylon
[HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods
[HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods
[HKCU\Software\SweetIM] =>PUP.SweetIM
[HKLM\Software\SweetIM] =>PUP.SweetIM
[HKCU\Software\WNLT] =>Adware.IncrediBar
[HKLM\Software\WNLT] =>Adware.IncrediBar
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}] =>Adware.MyWebSearch
[HKLM\Software\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}] =>Adware.MyWebSearch
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\protector_dll.protectorbho] =>PUP.BProtector
[HKLM\Software\Classes\protector_dll.protectorbho.1] =>PUP.BProtector
[HKLM\Software\Classes\CrossriderApp0037180.BHO] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0037180.BHO.1] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0037180.Sandbox] =>PUP.CrossRider
[HKLM\Software\Classes\CrossriderApp0037180.Sandbox.1] =>PUP.CrossRider
[HKLM\Software\Classes\esrv.mysearchdialESrvc] =>Adware.MyWebSearch
[HKLM\Software\Classes\esrv.mysearchdialESrvc.1] =>Adware.MyWebSearch
[HKLM\Software\Classes\mysearchdial.mysearchdialappCore] =>Adware.MyWebSearch
[HKLM\Software\Classes\mysearchdial.mysearchdialappCore.1] =>Adware.MyWebSearch
[HKLM\Software\Classes\mysearchdial.mysearchdialdskBnd] =>Adware.MyWebSearch
[HKLM\Software\Classes\mysearchdial.mysearchdialdskBnd.1] =>Adware.MyWebSearch
[HKLM\Software\Classes\mysearchdial.mysearchdialHlpr] =>Adware.MyWebSearch
[HKLM\Software\Classes\mysearchdial.mysearchdialHlpr.1] =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311711180}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110311711180}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322712280}] =>PUP.CrossRider
[HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\Arpcache\mysearchdial] =>Adware.MyWebSearch
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311711180}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff =>Adware.MyWebSearch^
C:\Program Files\Mysearchdial =>Adware.MyWebSearch^
C:\Program Files\Plus-HD-3.5 =>Adware.PlusHD^
C:\Documents and Settings\omar seddiki\Application Data\mysearchdial =>Adware.MyWebSearch^
C:\Documents and Settings\omar seddiki\Local Settings\Application Data\Plus-HD-3.5 =>Adware.PlusHD^
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google^
C:\WINDOWS\Tasks\Plus-HD-3.5-chromeinstaller.job =>Adware.PlusHD^
C:\WINDOWS\Tasks\Plus-HD-3.5-codedownloader.job =>Adware.PlusHD^
C:\WINDOWS\Tasks\Plus-HD-3.5-enabler.job =>Adware.PlusHD^
C:\WINDOWS\Tasks\Plus-HD-3.5-firefoxinstaller.job =>Adware.PlusHD^
C:\WINDOWS\Tasks\Plus-HD-3.5-updater.job =>Adware.PlusHD^
[HKCU\Software\Plus-HD-3.5] =>Adware.PlusHD^
[HKCU\Software\mysearchdial] =>Adware.MyWebSearch^
~ Additionnel Scan: 105595 Items scanned in 00mn 33s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/28138048-adware-plushd =>Adware.PlusHD
~ http://nicolascoolman.webs.com/apps/blog/show/26907365-adware-installbrain =>Adware.InstallBrain
~ http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.Incredibar
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/27557062-adware-vidsaver =>Adware.VidSaver
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam =>PUP.Wajam
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/29294184-adware-pricora =>Adware.Pricora
~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods
~ http://nicolascoolman.webs.com/apps/blog/show/28133096-pup-bprotector =>PUP.BProtector
~ MSI: 15 link(s) detected in 00mn 33s



~ 1192 Legitimates filtered by white list
End of the scan (763 lines in 19mn 09s)(0)

Publicité


Signaler le contenu de ce document

Publicité