Répondre à : Infection brontok.a16 2016-09-08T13:10:19+00:00
Photo du profil de anne-soanne-so
Participant
Nombre d'articles : 11

~ Rapport de ZHPDiag v2013.10.20.55 – Nicolas Coolman (20/10/2013)
~ Lancé par HAAS (20/10/2013 16:45:49)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Norton Internet Security v19.9.1.14
Windows Defender W7

—\ Logiciels d’optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX 64-bit
Adobe Reader X

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6037 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 505 GB (87%) free of 575 GB

—\ Mode de connexion au système
~ Computer Name: HAAS-HP
~ User Name: HAAS
~ All Users Names: UpdatusUser, HomeGroupUser$, HAAS, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UsersHAASAppDataRoamingZHP
~ %AppData% : C:UsersHAASAppDataRoaming
~ %Desktop% : C:UsersHAASDesktop
~ %Favorites% : C:UsersHAASFavorites
~ %LocalAppData% : C:UsersHAASAppDataLocal
~ %StartMenu% : C:UsersHAASAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 505 Go of 575 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 20 Go)
E: CD-ROM drive (Free 0 Go of 1 Go)
F: Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.26/02/2012 – 19:46:55.) — C:WindowsExplorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.22/09/2013 – 23:55:10.) — C:WindowsSystem32wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.21/11/2010 – 04:24:29.) — C:WindowsSystem32Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/11/2010 – 04:24:16.) — C:WindowsSystem32sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.14/09/2013 – 02:10:19.) — C:Windowssystem32DriversAFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.26/02/2012 – 19:48:56.) — C:Windowssystem32DriversMRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.21/11/2010 – 04:23:51.) — C:Windowssystem32DriversnetBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/11/2010 – 04:24:33.) — C:Windowssystem32DriversRasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32Driverstdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.26/02/2012 – 19:45:13.) — C:Windowssystem32Driversvolsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/8
~ Mes Favoris (My Favorites) : 1/14
~ Mes Documents (My Documents) : 1/136
~ Mon Bureau (My Desktop) : 1/669
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 00s

—\ Processus lancés
[MD5.73F3118CD145756A812A2529281D6F36] – (.AuthenTec Inc. – TouchControl.) — C:Program Files (x86)HP SimplePassTouchControl.exe [875336] [PID.2612]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamgui.exe [532040] [PID.2872]
[MD5.F7128E5772F9312F0D111A5FA5D41773] – (.Skype Technologies S.A. – Skype.) — C:Program Files (x86)SkypePhoneSkype.exe [20684656] [PID.3648]
[MD5.7E4E3EE20FF5D10A60E6267A8EE67786] – (.Intel Corporation – Intel(R) USB 3.0 Monitor.) — C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe [291096] [PID.3700]
[MD5.8A3B69683E63808719D24E1C68C21CC7] – (.Hewlett-Packard Development Company, L.P. – HP On Screen Display.) — C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe [379960] [PID.2396]
[MD5.9F3655267BA37004F519ABDDB3AEE244] – (.Hewlett-Packard Development Company, L.P. – HP CoolSense.) — C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe [1342008] [PID.4084]
[MD5.F88D89A73142BA1148453654EEC12E02] – (.HP – BioMonitor.) — C:Program Files (x86)HP SimplePassBioMonitor.exe [148296] [PID.5088]
[MD5.5658972765AF193BDC813197B5AA8C85] – (.Dropbox, Inc. – Dropbox.) — C:UsersHAASAppDataRoamingDropboxbinDropbox.exe [29768376] [PID.4344]
[MD5.C64E9B1C9EA057DCECDCB98F34377811] – (.Microsoft Corporation – Microsoft OneNote Quick Launcher.) — C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.exe [228552] [PID.4544]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] – (.CyberLink – YouCam Mirage.) — C:Program Files (x86)CyberLinkYouCamYCMMirage.exe [136488] [PID.4472]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] – (…) — ysWOW64RunDll32.exe [0] [PID.3476]
[MD5.5FF7F859FD581D952C2BFAB3D4819DE3] – (.Broadcom Corporation. – Bluetooth Headset Helper.) — C:Program FilesWIDCOMMBluetooth SoftwareBluetooth Headset Helper.exe [148768] [PID.5548]
[MD5.D6B7DDB68436F13C3CAE2B92524F1FEC] – (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet ExplorerIEXPLORE.exe [770648] [PID.5476]
[MD5.F2840DBFE9322F35557219AE82CC4597] – (.Symantec Corporation – Symantec Service Framework.) — C:Program Files (x86)Norton Internet SecurityEngine19.9.1.14ccSvcHst.exe [138272] [PID.3196]
[MD5.DD425C93255671A5FE81A95E686C03D7] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8111104] [PID.2200]
[MD5.BA0F98B69D84EFAE63EA80A957F9EF31] – (.HP – HP Service.) — C:Program Files (x86)HP SimplePassTrueSuiteService.exe [260424] [PID.916]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.2056]
[MD5.CA793DCC1D5F619021EF1D37CC7A831E] – (.EasyBits Software AS – Shared EasyBits services for Windows.) — C:WindowsSysWOW64ezSharedSvcHost.exe [514232] [PID.2272]
[MD5.C9DCE1CB628AEED3C0C30ABBF4F1E718] – (…) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe [128280] [PID.2752]
[MD5.3628933AF5305EAB8173949BFF912F04] – (.Intel Corporation – Intel(R) Dynamic Application Loader Host In.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe [161560] [PID.2784]
[MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe [418376] [PID.2820]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe [701512] [PID.2840]
[MD5.388AE59FE75F1B959DFA0900923C61BB] – (.Skype Technologies S.A. – Skype C2C Service.) — C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe [3064000] [PID.2944]
[MD5.9B7EDD3FE7C211C36E921D34D18A3A0A] – (.Hewlett-Packard Company – HP Software Framework WMI Service.) — C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe [1001376] [PID.3928]
[MD5.7D4B9A48430ED57ACA6373B71D5904CA] – (.Intel Corporation – IAStorDataSvc.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [13592] [PID.4008]
[MD5.BF22ACF4CF3734D61357E67F0521BC03] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [277784] [PID.5788]
[MD5.FD6F5B42DB429FD1AE1A4483DB4DD2E0] – (.NVIDIA Corporation – NVIDIA Settings Update Manager.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe [2458944] [PID.1192]
[MD5.B097EBA0E3FEB020BB65FE43AF5ECCFF] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [363800] [PID.2140]
~ Processes Running: Scanned in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: HP SimplePass Toolbar [64Bits] – [HKLM]{C98EE38D-21E4-4A50-907D-2B56FEC7013E} . (.HP – Website Log On.) — C:Program Files (x86)HP SimplePassIEBHO.dll
O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: HP Support Assistant.lnk . (.Hewlett-Packard Company – HP Support Assistant.) — C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSF.exe =>.Hewlett-Packard Co
O4 – GSQuickLaunch [HAAS]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSTaskBar [HAAS]: HP Recommended.LNK . (…) — C:Program Files (x86)Hewlett-PackardHP LaunchBoxHPTaskBar1.exe (.not file.)
O4 – GSProgram [HAAS]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSSystemTools [HAAS]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSDesktop [HAAS]: Dropbox.lnk . (.Dropbox, Inc. – Dropbox.) — C:UsersHAASAppDataRoamingDropboxbinDropbox.exe
O4 – GSDesktop [HAAS]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
O4 – GSDesktop [HAAS]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
O4 – GSDesktop [HAAS]: UsbFix Faire un Don.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.usbfix.net” onclick=”window.open(this.href);return false;
~ Global Startup: 75 Legitimates Filtered in 00mn 01s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Public]: Bluetooth.lnk . (…) — C:Program Files (x86)WIDCOMMBluetooth SoftwareBTTray.exe (.not file.)
O4 – GSStartup [HAAS]: Dropbox.lnk . (.Dropbox, Inc. – Dropbox.) — C:UsersHAASAppDataRoamingDropboxbinDropbox.exe
O4 – GSStartup [HAAS]: OneNote 2010 – Capture d’écran et lancement.lnk . (.Microsoft Corporation – Microsoft OneNote Quick Launcher.) — C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.exe =>.Microsoft Corporation
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:Windowssystem32igfxpers.exe
O4 – HKLM..Run: [SysTrayApp] . (.IDT, Inc. – IDT PC Audio.) — C:Program FilesIDTWDMsttray64.exe
O4 – HKLM..Run: [SynTPEnh] C:Program Files (x86)SynapticsSynTPSynTPEnh.exe (.not file.)
O4 – HKLM..Run: [SetDefault] . (.Hewlett-Packard Development Company, L.P. – SetDefault.) — C:Program FilesHewlett-PackardHP LaunchBoxSetDefault.exe
O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKCU..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program Files (x86)SkypePhoneSkype.exe =>.Skype Technologies S.A.
O4 – HKLM..Wow6432NodeRun: [USB3MON] . (.Intel Corporation – Intel(R) USB 3.0 Monitor.) — C:Program Files (x86)IntelIntel(R) USB 3.0 eXtensible Host Controller DriverApplicationiusb3mon.exe
O4 – HKLM..Wow6432NodeRun: [Easybits Recovery] C:Program Files (x86)EasyBits For KidsezRecover.exe (.not file.)
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [HPOSD] . (.Hewlett-Packard Development Company, L.P. – HP On Screen Display.) — C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe
O4 – HKLM..Wow6432NodeRun: [HP CoolSense] . (.Hewlett-Packard Development Company, L.P. – HP CoolSense.) — C:Program Files (x86)Hewlett-PackardHP CoolSenseCoolSense.exe
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-80593312-139361152-551366047-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-80593312-139361152-551366047-1000..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: &Envoyer à OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:Program Files (x86)MICROS~2Office14ONBttnIE.dll (.not file.)
O9 – Extra button: Notes &liées OneNote [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} — C:Program Files (x86)MICROS~2Office14ONBTTN~1.dll (.not file.)
O9 – Extra button: Skype Click to Call [64Bits] – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (…) — c:program files (x86)skypetoolbarsinternet explorer x64icon.ico
O9 – Extra button: @C:Program FilesWIDCOMMBluetooth Softwarebtrez.dll,-12650 [64Bits] – {CCA281CA-C863-46ef-9331-5C8D4460577F} . (…) — C:Program FilesWIDCOMMBluetooth Softwarebt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{3B3D8650-78C4-4DD0-9719-B55EB02C5E97}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpip..{4DE85213-CFE0-47DF-AEFA-0020ED9CA6FF}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{3B3D8650-78C4-4DD0-9719-B55EB02C5E97}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{4DE85213-CFE0-47DF-AEFA-0020ED9CA6FF}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{3B3D8650-78C4-4DD0-9719-B55EB02C5E97}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{4DE85213-CFE0-47DF-AEFA-0020ED9CA6FF}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
O18 – Filter: text/xml [64Bits] – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – AppInit_DLLs: . (…) – C:Windowssystem32nvinitx.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s

—\ HKCU & HKLM Software Keys
[HKCUSoftwareAUTORUN]
[HKCUSoftwareSafe Browser]
~ Key Software: 152 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 20/10/2013 – 16:10:28 – [0,007] —-D C:ProgramDataDatamngr =>PUP.Datamngr
~ 11 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 133 Legitimates Filtered in 00mn 13s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.A36E09F25C140974936A73C702002DC7] – 12/10/2013 – 11:50:18 —A- . (…) — C:Windowswininit.ini [1276]
O44 – LFC:[MD5.2F215E6153DEE49E17D9B5ACF6763647] – 20/10/2013 – 15:00:45 —A- . (…) — C:UsbFix [Clean 1] HAAS-HP.txt [18676]
O44 – LFC:[MD5.4D3F31E8BC89C9D5A88CB3D271166E1E] – 20/10/2013 – 15:38:42 –HA- . (…) — C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [31472]
O44 – LFC:[MD5.4D3F31E8BC89C9D5A88CB3D271166E1E] – 20/10/2013 – 15:38:42 –HA- . (…) — C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [31472]
O44 – LFC:[MD5.4D3F31E8BC89C9D5A88CB3D271166E1E] – 20/10/2013 – 15:38:42 –HA- . (…) — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [31472]
O44 – LFC:[MD5.4D3F31E8BC89C9D5A88CB3D271166E1E] – 20/10/2013 – 15:38:42 –HA- . (…) — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [31472]
~ Files: 108 Legitimates Filtered in 00mn 03s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.903C4E040ABDD930353CA8471549BA2B] – 14/10/2013 – 20:10:44 —A- – C:WindowsPrefetchCACAOWEB.EXE-D296FD41.pf =>PUP.CacaoWeb
~ Prefetcher: 105 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableLUA”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 20 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 8 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] – 14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
~ Drivers: 20 Legitimates Filtered in 00mn 01s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 20/10/2013 – 16:46:29 —A- . (…) — C:UsersHAASAppDataRoamingZHPLog.txt [18606] =>.Nicolas Coolman
O61 – LFC: 20/10/2013 – 16:46:29 —A- . (…) — C:UsersHAASAppDataRoamingZHPTestsZHPDiag.txt [2832] =>.Nicolas Coolman
~ 56 Fichiers temporaires (Temporary files)
~ Files: 92 Legitimates Filtered in 00mn 03s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {450275E3-FD13-4B20-92F6-8A2725588CC6} – (Propositions de recherche Amazon.fr) – http://www.amazon.fr” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} – (eBay) – http://rover.ebay.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.D2B48C62D4E77881DF37119BBADB8A0F] [SPRF][05/06/2013] (…) — C:UsersHAASAppDataLocalTempMybabylonTB.exe [11] =>Toolbar.Babylon
[MD5.1B80378EA920FCD0EA146B28C3DBA2AE] [SPRF][05/06/2013] (…) — C:UsersHAASAppDataLocalTemppropsys.dll [6]
[MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][19/10/2013] (…) — C:UsersHAASAppDataLocalTempQuarantine.exe [344355]
[MD5.EC8956637A99787BD197EACD77ACCE5E] [SPRF][05/06/2013] (…) — C:UsersHAASAppDataLocalTempsysid.dat [3]
[MD5.634A2D9A4B23C8BFF56D8F4F59CC10A6] [SPRF][30/04/2013] (…) — C:UsersHAASAppDataLocalTemptemp.bat [441]
[MD5.16854E1621CE417C6C35CB658B6EB50F] [SPRF][05/06/2013] (…) — C:UsersHAASAppDataLocalTemptrackid.dat [10]
[MD5.EB5D11A1A5C8DDC012AD3926DBB33D1B] [SPRF][20/10/2013] (…) — C:UsersHAASDesktopadwcleaner.exe [1056666]
~ Files: 20 Legitimates Filtered in 00mn 05s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “TCP Query User{74F437FC-0512-4E2E-88BB-DDF34FDE98FE}C:usershaasappdataroamingcacaowebcacaoweb.exe” |In – Private – P6 – TRUE | .(…) — C:usershaasappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “UDP Query User{CC96D2FA-F47B-4BC3-9737-F7370BBFFB21}C:usershaasappdataroamingcacaowebcacaoweb.exe” |In – Private – P17 – TRUE | .(…) — C:usershaasappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “{00FD8DD0-C0A0-4B6A-9341-F60EB79AC264}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)Search Results ToolbarDatamngrSRTOOL~1dtUser.exe (.not file.) =>PUP.SearchResults
O87 – FAEL: “{904DC4FD-A6F2-48FF-B00B-984953A41A13}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)Search Results ToolbarDatamngrSRTOOL~1dtUser.exe (.not file.) =>PUP.SearchResults
~ Firewall: 208 Legitimates Filtered in 00mn 01s

—\ Enumère les codes produits des logiciels (PUC) (O90)
O90 – PUC: “11BC8E7AE90B8F64B9EA2B0EE1FBE715” . (.Bing Bar.) — C:WindowsInstaller{A7E8CB11-B09E-46F8-9BAE-B2E01EBF7E51}icon_installer_ico =>Toolbar.Bing
~ Update Products: 110 Legitimates Filtered in 00mn 00s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 03/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SS – | Demand 26/02/2012 253600 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
SS – | Demand 15/09/2011 195320 | (BBSvc) . (.Microsoft Corporation..) – C:Program Files (x86)MicrosoftBingBarBBSvc.exe
SR – | Auto 13/07/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) – C:Program Files (x86)MicrosoftBingBarSeaPort.exe
SR – | Auto 05/12/2011 1084192 | (btwdins) . (.Broadcom Corporation..) – C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe
SS – | Demand 30/01/2012 276248 | (cphs) . (.Intel Corporation.) – C:WindowsSysWow64IntelCpHeciSvc.exe
SR – | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) – C:WindowsSystem32ezSharedSvcHost.exe =>.EasyBits Software AS
SR – | Auto 11/12/2011 260424 | (FPLService) . (.HP.) – C:Program Files (x86)HP SimplePassTrueSuiteService.exe
SR – | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe =>.Hewlett-Packard Co
SR – | Auto 11/10/2010 346168 | (HPClientSvc) . (.Hewlett-Packard Company.) – C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe
SR – | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe
SR – | Auto 24/09/2012 31040 | (hpsrv) . (.Hewlett-Packard Company.) – C:WindowsSystem32Hpservice.exe
SR – | Auto 30/11/2011 13592 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
SR – | Auto 08/12/2011 607456 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientHeciServer.exe
SR – | Auto 16/12/2011 128280 | (Intel(R) ME Service) . (…) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe
SR – | Auto 16/12/2011 161560 | (jhi_service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
SR – | Auto 16/12/2011 277784 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe
SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe
SR – | Auto 16/06/2012 138272 | (NIS) . (.Symantec Corporation.) – C:Program Files (x86)Norton Internet SecurityEngine19.9.1.14ccSvcHst.exe
SR – | Auto 28/01/2012 889664 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
SR – | Auto 02/02/2012 2458944 | (nvUpdatusService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe
SR – | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) – C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe
SS – | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
SR – | Auto 04/01/2012 311808 | (STacSV) . (.IDT, Inc..) – C:Program FilesIDTWDMSTacSV64.exe
SS – | Demand 09/12/2011 269640 | (TrueService) . (.AuthenTec, Inc..) – C:Program FilesCommon FilesAuthenTecTrueService.exe
SR – | Auto 16/12/2011 363800 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 22s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Run by HAAS at 20/10/2013 16:48:01
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by HAAS at 20/10/2013 16:48:03

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 12960 – (20/10/2013)
Clés trouvées (Keys found) : 5
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1

[HKLMSoftwareMicrosoftInternet Explorerextensions{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{C98EE38D-21E4-4A50-907D-2B56FEC7013E}] =>Toolbar.Agent
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{C98EE38D-21E4-4A50-907D-2B56FEC7013E}] =>Toolbar.Agent
[HKLMSoftwareClassesCLSID{C98EE38D-21E4-4A50-907D-2B56FEC7013E}] =>Toolbar.Agent
[HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
C:ProgramDataDatamngr =>PUP.Datamngr^
C:UsersHAASAppDataLocalTempMybabylonTB.exe =>Toolbar.Babylon^
~ Additionnel Scan: 275194 Items scanned in 00mn 21s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr” onclick=”window.open(this.href);return false; =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb” onclick=”window.open(this.href);return false; =>PUP.CacaoWeb
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/30319724-pup-searchresults” onclick=”window.open(this.href);return false; =>PUP.SearchResults
~ http://nicolascoolman.webs.com/apps/blog/show/31536787-toolbar-bing” onclick=”window.open(this.href);return false; =>Toolbar.Bing
~ http://nicolascoolman.webs.com/apps/blog/show/30898245-toolbar-skype” onclick=”window.open(this.href);return false; =>Toolbar.Skype
~ MSI: 6 link(s) detected in 00mn 21s

~ 1278 Legitimates filtered by white list
End of the scan (448 lines in 02mn 34s)(0)