Répondre à : Virus sur ma clé Usb 2016-09-08T13:09:39+00:00
Photo du profil de Miss_estrellitaMiss_estrellita
Participant
Post count: 23

Ok :)

Voici le rapport suivant :[spoiler:2wp9pwwe]~ Rapport de ZHPDiag v2013.10.15.37 – Nicolas Coolman (15/10/2013)
~ Lancé par Magda RAIS (16/10/2013 11:29:40)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program

—\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721
MFIE: Mozilla Firefox 24.0 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK

—\ Logiciels de protection du système
avast! Free Antivirus v8.0.1497.0
ESET Online Scanner v3
Windows Defender W7

—\ Logiciels d'optimisation du système
CCleaner v4.06 =>Piriform Ltd

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 40

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4077 MB (51% free)
System Restore: Activé (Enable)
System drive C: has 242 GB (81%) free of 297 GB

—\ Mode de connexion au système
~ Computer Name: MAGDARAIS-TOSH
~ User Name: Magda RAIS
~ All Users Names: Magda RAIS, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d'environnement
~ System Unit : C:
~ %AppZHP% : C:UsersMagda RAISAppDataRoamingZHP
~ %AppData% : C:UsersMagda RAISAppDataRoaming
~ %Desktop% : C:UsersMagda RAISDesktop
~ %Favorites% : C:UsersMagda RAISFavorites
~ %LocalAppData% : C:UsersMagda RAISAppDataLocal
~ %StartMenu% : C:UsersMagda RAISAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 242 Go of 297 Go)
D: Hard drive, Flash drive, Thumb drive (Free 260 Go of 298 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Free 30 Go of 30 Go)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

—\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.22/09/2013 – 23:55:10.) — C:WindowsSystem32wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.21/11/2010 – 04:24:29.) — C:WindowsSystem32Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/11/2010 – 04:24:16.) — C:WindowsSystem32sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.14/09/2013 – 02:10:19.) — C:Windowssystem32DriversAFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.21/11/2010 – 04:23:51.) — C:Windowssystem32DriversnetBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/11/2010 – 04:24:33.) — C:Windowssystem32DriversRasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32Driverstdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.25/02/2011 – 07:25:38.) — C:Windowssystem32Driversvolsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/371
~ Mes musiques (My Musics) : 5/27
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/32
~ Mes Documents (My Documents) : 2/587
~ Mon Bureau (My Desktop) : 1/1095
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 01s

—\ Processus lancés
[MD5.97A1AFD42B8016D132C7BF38C955C6E1] – (.TOSHIBA CORPORATION – ConfigFree Task Tray Menu.) — C:Program Files (x86)TOSHIBAConfigFreeNDSTray.exe [304560] [PID.3840]
[MD5.B141F8F8B0FF37FFC51F9B71EE7A641B] – (.Skype Technologies S.A. – Skype.) — C:Program Files (x86)SkypePhoneSkype.exe [19875432] [PID.4652]
[MD5.FE5534272E1BD61F21FBB2451DFC15B8] – (.TOSHIBA CORPORATION. – Bluetooth Manager.) — C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtMng.exe [2749856] [PID.4760]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [4858968] [PID.4868]
[MD5.8A07221789D46B2EA7DFCA2BC807572A] – (.TOSHIBA CORPORATION – ConfigFree Switch Manager Process.) — C:Program Files (x86)TOSHIBAConfigFreeCFSwMgr.exe [62848] [PID.4888]
[MD5.C64E9B1C9EA057DCECDCB98F34377811] – (.Microsoft Corporation – Microsoft OneNote Quick Launcher.) — C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.exe [228552] [PID.5040]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.4348]
[MD5.A9182CE59CFC56F9C1DDE8B3C0AE8378] – (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe [274840] [PID.5136]
[MD5.934C25B08D102832B0095E0668205EF8] – (.TOSHIBA CORPORATION. – TosA2DP.) — C:Program Files (x86)ToshibaBluetooth Toshiba StackTosA2dp.exe [677264] [PID.6044]
[MD5.6868CFBF025314D630918A23939B494D] – (.TOSHIBA CORPORATION. – TosBtHid.) — C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtHid.exe [87440] [PID.6128]
[MD5.C2546BD4174CAD72C78D79339CB2347A] – (.TOSHIBA CORPORATION. – TosBtHSP.) — C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtHsp.exe [746384] [PID.4720]
[MD5.47B4FCDCE4C0A64A54BC9A66B176B0F1] – (.TOSHIBA CORPORATION. – TosAVRC.) — C:Program Files (x86)ToshibaBluetooth Toshiba StackTosAVRC.exe [447816] [PID.2860]
[MD5.12FD4EF8F2CBBF98E0A5CED88258DDF3] – (.Mozilla Corporation – Plugin Container for Firefox.) — C:Program Files (x86)Mozilla Firefoxplugin-container.exe [17816] [PID.6180]
[MD5.EB68851F020D35293EADAADEB18B8220] – (.Adobe Systems, Inc. – Adobe Flash Player 11.9 r900.) — C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe [1862536] [PID.5736]
[MD5.72BE75AADEB890AE5BD8DEC30508F992] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8091648] [PID.5732]
~ Processes Running: Scanned in 00mn 00s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersMagda RAISAppDataLocalGoogleChromeUser DataDefaultPreferences
G1 – GCS: Preference [User DataDefault] http://www.google.com” onclick=”window.open(this.href);return false;
G2 – GCE: Preference [User DataDefault] [cnmdgidklhhnmppphpohildcefnaaflp] Services x86 v.1.24.125, (Activé) =>PUP.CrossRider
~ Google Browser: 13 Legitimates Filtered in 00mn 08s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:UsersMagda RAISAppDataRoamingMozillaFirefoxProfilesua6j0rqr.defaultprefs.js
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 3

—\ Internet Explorer Toolbars (O3)
O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O4 – GSProgram [Public]: Poedit.lnk . (.Vaclav Slavik – Poedit.) — C:Program Files (x86)Poeditbinpoedit.exe
O4 – GSQuickLaunch [Magda RAIS]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSQuickLaunch [Magda RAIS]: PhotoScape.lnk . (…) — C:Program Files (x86)PhotoScapePhotoScape.exe
O4 – GSQuickLaunch [Magda RAIS]: Quick Media Converter.lnk . (.Cocoon Software – Quick Media Converter Next Generation HD.) — C:Program FilesQuickMediaConverterQuickMediaConverter.exe
O4 – GSTaskBar [Magda RAIS]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:UsersMagda RAISAppDataLocalGoogleChromeApplicationchrome.exe
O4 – GSTaskBar [Magda RAIS]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O4 – GSProgram [Magda RAIS]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSSystemTools [Magda RAIS]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSDesktop [Magda RAIS]: PhotoScape.lnk . (…) — C:Program Files (x86)PhotoScapePhotoScape.exe
O4 – GSDesktop [Magda RAIS]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
O4 – GSDesktop [Magda RAIS]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
~ Global Startup: 92 Legitimates Filtered in 00mn 03s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Public]: Bluetooth Manager.lnk . (.TOSHIBA CORPORATION. – Bluetooth Manager.) — C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtMng.exe
O4 – GSStartup [Public]: Toshiba Places Icon Utility.lnk . (.Toshiba – Toshiba Places Icon Utility.) — C:Program FilesTOSHIBATOSHIBA Places Icon UtilityTosDIMonitor.exe
O4 – GSStartup [Magda RAIS]: OneNote 2010 – Capture d’écran et lancement.lnk . (.Microsoft Corporation – Microsoft OneNote Quick Launcher.) — C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.exe =>.Microsoft Corporation
O4 – HKLM..Run: [Toshiba TEMPRO] . (.Toshiba Europe GmbH – Toshiba TEMPRO.) — C:Program Files (x86)Toshiba TEMPROTemproTray.exe =>.Toshiba Corporation
O4 – HKLM..Run: [TosNC] C:Program Files (x86)ToshibaBulletinBoardTosNcCore.exe (.not file.)
O4 – HKLM..Run: [TosReelTimeMonitor] C:Program Files (x86)TOSHIBAReelTimeTosReelTimeMonitor.exe (.not file.)
O4 – HKLM..Run: [TPwrMain] C:Program Files (x86)TOSHIBAPower SaverTPwrMain.exe (.not file.)
O4 – HKLM..Run: [HSON] C:Program Files (x86)TOSHIBATBSHSON.exe (.not file.)
O4 – HKLM..Run: [TCrdMain] C:Program Files (x86)TOSHIBAFlashCardsTCrdMain.exe (.not file.)
O4 – HKLM..Run: [SmartAudio] . (.Conexant systems, Inc. – SmartAudio Control Panel application.) — C:Program FilesCONEXANTSAIISAIICpl.exe
O4 – HKLM..Run: [SynTPEnh] C:Program Files (x86)SynapticsSynTPSynTPEnh.exe (.not file.)
O4 – HKLM..Run: [ThpSrv] Clé orpheline
O4 – HKLM..Run: [Teco] C:Program Files (x86)TOSHIBATECOTeco.exe (.not file.)
O4 – HKLM..Run: [TosSENotify] . (.TOSHIBA Corporation – Pas de description.) — C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosWaitSrv.exe
O4 – HKLM..Run: [TosWaitSrv] C:Program Files (x86)TOSHIBATPHMTosWaitSrv.exe (.not file.)
O4 – HKLM..Run: [TosVolRegulator] . (.TOSHIBA Corporation – Toshiba Volume Regulator.) — C:Program FilesTOSHIBATosVolRegulatorTosVolRegulator.exe =>.Toshiba Corporation
O4 – HKLM..Run: [Toshiba Registration] . (.Toshiba Europe GmbH – Toshiba Notebook Registration Reminder.) — C:Program FilesTOSHIBARegistrationToshibaReminder.exe
O4 – HKLM..Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated – Adobe Updater Startup Utility.) — C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 – HKCU..Run: [TOPI.EXE] . (.TOSHIBA – TOSHIBA Online Product Information.) — C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe =>.Toshiba Corporation
O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d'installation de Google.) — C:UsersMagda RAISAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKCU..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program Files (x86)SkypePhoneSkype.exe =>.Skype Technologies S.A.
O4 – HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [NBAgent] . (.Nero AG – Nero BackItUp.) — c:Program Files (x86)NeroNero 10Nero BackItUpNBAgent.exe
O4 – HKLM..Wow6432NodeRun: [ToshibaServiceStation] . (.TOSHIBA Corporation – TOSHIBA Service Station.) — C:Program Files (x86)TOSHIBATOSHIBA Service StationToshibaServiceStation.exe =>.Toshiba Corporation
O4 – HKLM..Wow6432NodeRun: [avast] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastavastUI.exe
O4 – HKLM..Wow6432NodeRun: [AdobeCS5.5ServiceManager] . (.Adobe Systems Incorporated – Adobe CS5.5 Service Manager.) — C:Program Files (x86)Common FilesAdobeCS5.5ServiceManagerCS5.5ServiceManager.exe
O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKUSS-1-5-18..Run: [TOPI.EXE] . (.TOSHIBA – TOSHIBA Online Product Information.) — C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe =>.Toshiba Corporation
O4 – HKUSS-1-5-21-339401442-3039507466-214422036-1000..Run: [TOPI.EXE] . (.TOSHIBA – TOSHIBA Online Product Information.) — C:Program Files (x86)TOSHIBATOSHIBA Online Product Informationtopi.exe =>.Toshiba Corporation
O4 – HKUSS-1-5-21-339401442-3039507466-214422036-1000..Run: [Google Update] . (.Google Inc. – Programme d'installation de Google.) — C:UsersMagda RAISAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
O4 – HKUSS-1-5-21-339401442-3039507466-214422036-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-339401442-3039507466-214422036-1000..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program Files (x86)SkypePhoneSkype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 – Extra button: &Envoyer à OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:Program Files (x86)MICROS~2Office14ONBttnIE.dll (.not file.)
O9 – Extra button: Notes &liées OneNote [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} — C:Program Files (x86)MICROS~2Office14ONBTTN~1.dll (.not file.)
O9 – Extra button: @C:Program FilesTOSHIBABulletinBoardTosNcUi.dll,-228 [64Bits] – {97F922BD-8563-4184-87EE-8C4ACA438823} . (…) — C:Program FilesTOSHIBABulletinBoardimagespin.ico
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{1932FB34-0603-41E2-982D-CBF20C0D31A5}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 – HKLMSystemCCSServicesTcpip..{74785A63-7A7B-429A-A94F-CE98E685A4A9}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 – HKLMSystemCS1ServicesTcpip..{1932FB34-0603-41E2-982D-CBF20C0D31A5}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 – HKLMSystemCS1ServicesTcpip..{74785A63-7A7B-429A-A94F-CE98E685A4A9}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 – HKLMSystemCS2ServicesTcpip..{1932FB34-0603-41E2-982D-CBF20C0D31A5}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 – HKLMSystemCS2ServicesTcpip..{74785A63-7A7B-429A-A94F-CE98E685A4A9}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
O18 – Filter: text/xml [64Bits] – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{5B0ABE2C-6AE7-4C47-BD37-6C8280390EB3}] (…) — C:UsersMagda RAISDownloadsHiJackThis.exe (.not file.) [0]
~ Scheduled Task: 23 Legitimates Filtered in 00mn 03s

—\ HKCU & HKLM Software Keys
[HKCUSoftwarevisionobjects]
~ Key Software: 200 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 25/11/2012 – 22:29:08 – [0,001] —-D C:UsersMagda RAISAppDataLocalPhotoSketcher
~ Program Folder: 171 Legitimates Filtered in 00mn 22s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.D1EDC28928A485DB4B2330012B3969CE] – 16/10/2013 – 09:59:11


. (…) — C:UsbFix [Scan 1] MAGDARAIS-TOSH.txt [11701]
O44 – LFC:[MD5.1327AD0CC991630C5611705B368EB670] – 16/10/2013 – 10:03:39 —A- . (…) — C:UsbFix [Clean 1] MAGDARAIS-TOSH.txt [12870]
~ Files: 101 Legitimates Filtered in 00mn 26s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.48AF07C630B3968B59CA91A79AC2DABB] – 16/10/2013 – 10:21:17 —A- – C:WindowsPrefetchSAIICPL.EXE-B8307A71.pf
O45 – LFCP:[MD5.D0FB93559FEB9B3E34EA4A0E82466739] – 16/10/2013 – 10:21:22 —A- – C:WindowsPrefetchHSON.EXE-D958FD41.pf
~ Prefetcher: 138 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableLinkedConnections”=1
~ MWPS: 17 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.286193DC28CFB4CEB8D378E20A0850A9] – 30/08/2013 – 08:48:10 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65336]
~ Drivers: 17 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 14/10/2013 – 11:31:20 —A- . (…) — C:UsersMagda RAISAppDataLocalThunderbirdMozilla Thunderbirdactive-update.xml [57] =>.Mozilla Corporation
O61 – LFC: 14/10/2013 – 11:31:29 —A- . (…) — C:UsersMagda RAISAppDataRoamingThunderbirdCrash ReportsInstallTime20131010053258 [10] =>.Mozilla Corporation
O61 – LFC: 14/10/2013 – 11:31:46 —A- . (.Magda RAIS.) — C:UsersMagda RAISDocumentsCV_Magda_RAIS.doc [51712]
O61 – LFC: 16/10/2013 – 11:31:45 —A- . (…) — C:UsersMagda RAISAppDataRoamingZHPLog.txt [18095] =>.Nicolas Coolman
O61 – LFC: 16/10/2013 – 11:31:45 —A- . (…) — C:UsersMagda RAISAppDataRoamingZHPTestsZHPDiag.txt [2988] =>.Nicolas Coolman
O61 – LFC: 16/10/2013 – 11:31:55 —A- . (…) — C:UsersMagda RAISDownloadsadwcleaner.exe [1048960]
~ Files: 61 Legitimates Filtered in 00mn 50s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.)” onclick=”window.open(this.href);return false; [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:UsersMagda RAISAppDataLocalGoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] ${searchCLSID} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {83C88B1B-3A02-4926-A5A1-01751D81E9D7} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {8DE5C7C9-2638-4DBA-8680-16C57DD47E01} – (eBay) – http://rover.ebay.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.6EA18C193AAF14F9EDFF65EED8EFAB2C] [SPRF][09/10/2013] (…) — C:UsersMagda RAISAppDataLocalTempQuarantine.exe [344355]
~ Files: 4 Legitimates Filtered in 00mn 00s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 09/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SS – | Demand 09/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
SR – | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
SR – | Auto 28/01/2010 249200 | (cfWiMAXService) . (.TOSHIBA CORPORATION.) – C:Program Files (x86)TOSHIBAConfigFreeCFIWmxSvcs64.exe
SR – | Auto 10/03/2009 46448 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) – C:Program Files (x86)TOSHIBAConfigFreeCFSvcs.exe
SS – | Auto 29/10/2011 136176 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 29/10/2011 136176 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) – C:Program Files (x86)Common FilesInstallShieldDriver1050Intel 32IDriverT.exe
SR – | Auto 20/12/2010 325656 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
SS – | Demand 14/10/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
SR – | Auto 14/01/2011 572712 | (NAUpdate) . (.Nero AG.) – c:Program Files (x86)NeroUpdateNASvc.exe
SR – | Auto 16/01/2011 993896 | (NVSvc) . (.NVIDIA Corporation.) – C:WindowsSystem32nvvsvc.exe
SS – | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
SR – | Auto 16/01/2011 378984 | (Stereo Service) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe
SS – | Demand 10/02/2011 112080 | (TemproMonitoringService) . (.Toshiba Europe GmbH.) – C:Program Files (x86)Toshiba TEMPROTemproSvc.exe =>.Toshiba Corporation
SR – | Auto 24/12/2010 526848 | (Thpsrv) . (.TOSHIBA Corporation.) – C:Windowssystem32ThpSrv.exe
SR – | Demand 29/11/2010 54136 | (TMachInfo) . (.TOSHIBA Corporation.) – C:Program Files (x86)TOSHIBATOSHIBA Service StationTMachInfo.exe =>.Toshiba Corporation
SR – | Auto 20/10/2010 138656 | (TODDSrv) . (.TOSHIBA Corporation.) – C:Windowssystem32TODDSrv.exe
SR – | Auto 09/12/2010 489384 | (TosCoSrv) . (.TOSHIBA Corporation.) – C:Program FilesTOSHIBAPower SaverTosCoSrv.exe
SR – | Demand 12/04/2010 196976 | (TOSHIBA Bluetooth Service) . (.TOSHIBA CORPORATION.) – C:Program Files (x86)ToshibaBluetooth Toshiba StackTosBtSrv.exe
SR – | Auto 02/03/2011 266680 | (TOSHIBA eco Utility Service) . (.TOSHIBA Corporation.) – C:Program FilesTOSHIBATECOTecoService.exe =>.Toshiba Corporation
SR – | Demand 08/12/2010 137632 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) – C:Program FilesTOSHIBATOSHIBA HDD SSD AlertTosSmartSrv.exe
SR – | Demand 20/12/2010 822704 | (TPCHSrv) . (.TOSHIBA Corporation.) – C:Program FilesTOSHIBATPHMTPCHSrv.exe
SR – | Auto 20/12/2010 2656280 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
SS – | Demand 13/05/2012 22016 | (wampapache) . (.Apache Software Foundation.) – c:wampbinapacheapache2.2.22binhttpd.exe
SS – | Demand 19/04/2012 9693696 | (wampmysqld) . (…) – c:wampbinmysqlmysql5.5.24binmysqld.exe
SR – | Auto 01/03/2011 27648 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 01/03/2011 27648 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 46s

—\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Magda RAIS at 16/10/2013 11:33:12
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Magda RAIS at 16/10/2013 11:33:14

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 12948 – (15/10/2013)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0

[HKLMSoftwareGoogleChromeExtensionscnmdgidklhhnmppphpohildcefnaaflp] =>PUP.CrossRider^
C:UsersMagda RAISAppDataLocalGoogleChromeUser DataDefaultExtensionscnmdgidklhhnmppphpohildcefnaaflp =>PUP.CrossRider
~ Additionnel Scan: 293664 Items scanned in 00mn 25s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider” onclick=”window.open(this.href);return false; =>PUP.CrossRider
~ MSI: 1 link(s) detected in 00mn 25s

~ 1433 Legitimates filtered by white list
End of the scan (418 lines in 03mn 59s)(0)[/spoiler:2wp9pwwe]