Répondre à : ordi infesté 2016-09-08T13:11:21+00:00
Le canard
Post count: 0

http://cjoint.com/?0JzxZjtTxhW” onclick=”window.open(this.href);return false;

[spoiler:4pnhjyqj]~ Rapport de ZHPDiag v2013.10.24.63 – Nicolas Coolman (24/10/2013)
~ Lancé par Pierre (25/10/2013 22:35:47)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program

—\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16521
GCIE: Google Chrome v29.0.1547.76 (Defaut)
GCIE: Google Chrome Frame v29.0.1547.76 (Defaut)
OBIE: Safari v5.34.57.2

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : CGKHQ
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
avast! Free Antivirus v8.0.1497.0
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

—\ Logiciels d'optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 10 Plugin
Adobe Reader X
Java 7 Update 45

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3950 MB (44% free)
System Restore: Activé (Enable)
System drive C: has 285 GB (62%) free of 455 GB

—\ Mode de connexion au système
~ Computer Name: PIERRE-VAIO
~ User Name: Pierre
~ All Users Names: Pierre, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d'environnement
~ System Unit : C:
~ %AppZHP% : C:UsersPierreAppDataRoamingZHP
~ %AppData% : C:UsersPierreAppDataRoaming
~ %Desktop% : C:UsersPierreDesktop
~ %Favorites% : C:UsersPierreFavorites
~ %LocalAppData% : C:UsersPierreAppDataLocal
~ %StartMenu% : C:UsersPierreAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 285 Go of 455 Go)
D: Floppy drive, Flash card reader, USB Key (Not Inserted)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.69F1D418B4C4EC23033D598E4CBC6B73] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.19/06/2013 – 14:01:18.) — C:WindowsSystem32wininet.dll [2240512]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:30.) — C:WindowsSystem32Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/12/2011 – 04:59:24.) — C:Windowssystem32DriversAFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 09s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/674
~ Mes musiques (My Musics) : 1/491
~ Mes Favoris (My Favorites) : 1/53
~ Mes Documents (My Documents) : 2/56
~ Mon Bureau (My Desktop) : 3/3276
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 50s

—\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe [532040] [PID.2452]
[MD5.EF4BF6AB09A06867104DAC48DF35E779] – (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe [284696] [PID.3204]
[MD5.6C72E91639AA9D190CDA13D389FE7827] – (.Sony Corporation – Pas de description.) — C:Program Files (x86)SONYISB UtilityISBMgr.exe [320880] [PID.3452]
[MD5.F81BB17F053CCF309C49107B0B09F2DA] – (.Sony Corporation – Media Check Tool.) — C:Program Files (x86)SONYPMBPMBVolumeWatcher.exe [597792] [PID.2836]
[MD5.F6EA75A95BE7580273F6F4437E58A508] – (.Sony Corporation – Marketing Tools.) — C:Program Files (x86)SONYMarketing ToolsMarketingTools.exe [26624] [PID.3864]
[MD5.CBC7D8E5416AD30CF16DC2FD4A6AA399] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe [4858968] [PID.744]
[MD5.E4401CF27225C1D6E664E86195978562] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152544] [PID.3836]
[MD5.569E547273C25B019054A12A40400ECE] – (.OpenOffice.org – OpenOffice.org 3.2.) — C:Program Files (x86)OpenOffice.org 3programsoffice.exe [11318784] [PID.4640]
[MD5.4B723F33D7331F20E06F3A2FD76EC1D5] – (.OpenOffice.org – OpenOffice.org 3.2.) — C:Program Files (x86)OpenOffice.org 3programsoffice.bin [11312128] [PID.4316]
[MD5.2859EBC065D2E1CCC94161CE28BAC085] – (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet ExplorerIEXPLORE.exe [770560] [PID.3424]
[MD5.BB4F6465EEB9ACAA5C60C36983740219] – (.Google Inc. – Google Toolbar Broker.) — C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbarUser_32.exe [310352] [PID.4460] =>Toolbar.Google
[MD5.5397E32E882C0148CEC13D9EACFB7157] – (.Microsoft Corporation – Internet Low-Mic Utility Tool.) — C:Program Files (x86)Internet ExplorerIELowutil.exe [222208] [PID.6620]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] – (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [39408] [PID.7028] =>Toolbar.Google
[MD5.4D96F6F7508BDF46771262EEEA505F98] – (.Sony of America Corporation – VaioCare Window Listener Application.) — C:Program FilesSonyVAIO Carelistener.exe [81016] [PID.1332]
[MD5.534A3CB0847BA114F0D8A5F2BB2EF6D0] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembam.exe [887432] [PID.6256]
[MD5.B93FFCF1D42AE4613CDFF7450F7D4199] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8128512] [PID.1468]
[MD5.9330941C8F6DF417F6DBBE998DB6687E] – (.AVAST Software – avast! Service.) — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [46808] [PID.1336]
[MD5.626A24ED1228580B9518C01930936DF9] – (.Google Inc. – Programme d'installation de Google.) — C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [133104] [PID.1932]
[MD5.A5299D04ED225D64CF07A568A3E1BF8C] – (.Apple Inc. – MobileDeviceService.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [55184] [PID.2008]
[MD5.5460828F8951D310B42B442877603B8D] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [268824] [PID.2332]
[MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [418376] [PID.2372]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [701512] [PID.2392]
[MD5.627FA58ADC043704F9D14CA44340956F] – (.Sony Corporation – Device Information Provider.) — C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe [360224] [PID.2480]
[MD5.63F6D08C54D5B3C1B12A6172032055C7] – (.ArcSoft, Inc. – MgiSvr.) — C:Program Files (x86)ArcSoftMagic-i Visual Effects 2uCamMonitor.exe [104960] [PID.2684]
[MD5.6B31C9CB94927DBEEB62E15275F4CC54] – (.Sony Corporation – VAIO Event Service (Service Module).) — C:Program Files (x86)SONYVAIO Event ServiceVESMgr.exe [205168] [PID.2744]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] – (.Microsoft Corporation – COM Surrogate.) — C:WindowsSysWOW64DllHost.exe [7168] [PID.2196]
[MD5.7CD368DFF5D7D4BA9F8F46F31EA8877D] – (.Sony Corporation – VAIO Event Service(Service Sub Module).) — C:Program Files (x86)SONYVAIO Event ServiceVESMgrSub.exe [112488] [PID.2852]
[MD5.10E212BFB7EAB152A64C1AAEC2F7F4E0] – (.Sony Corporation – VCM Intelligent Analyzing Manager.) — C:Program FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe [529776] [PID.2940]
[MD5.7A88CFD3FE99F2C9B95A6E2A08B96E14] – (.Sony Corporation – VCM Intelligent Network Service Manager.) — C:Program FilesSonyVCM Intelligent Network Service ManagerVcmINSMgr.exe [386416] [PID.2980]
[MD5.D8BEF4AC1EAC809DBDBD441D6CFF6C4C] – (.Sony Corporation – VAIO Entertainment Database Service.) — C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe [206336] [PID.3484]
[MD5.CC800D2D9FD467542BAC7C186C4774AD] – (.Intel Corporation – IAStorDataSvc.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [13336] [PID.3184]
[MD5.6A740F5FF3246C3BE3DD317299EFC88E] – (.Sony Corporation – VAIO Content Folder Watcher.) — C:Program Files (x86)Common FilesSony SharedVAIO Content Folder WatcherVCFw.exe [642416] [PID.1060]
[MD5.C5A75EB48E2344ABDC162BDA79E16841] – (.Microsoft Corporation – .NET Runtime Optimization Service.) — C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [130384] [PID.6664]
[MD5.9E89C2D6945389270DE067CE51FF7425] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2320920] [PID.5564]
[MD5.D347D3ABE070AA09C22FC37121555D52] – (.Sony Corporation – VAIOCare.) — C:Program FilesSonyVAIO CareVCService.exe [44736] [PID.6576]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1356]
~ Processes Running: Scanned in 00mn 12s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersPierreAppDataLocalGoogleChromeUser DataDefaultPreferences
G1 – GCS: Preference [User DataDefault] http://www.google.com” onclick=”window.open(this.href);return false;
G2 – GCE: Preference [User DataDefault] [aaaaabcbmongicmdegkmmfgdickgnnob] Movies Toolbar v.21.56092, (Désactivé) =>Adware.Bandoo
G2 – GCE: Preference [User DataDefault] [chdboodilddefglllfoimeceomkpmkbi] SaltarSmart v.1.0.0 (Activé) =>PUP.SaltarSmart
G2 – GCE: Preference [User DataDefault] [lifbcibllhkdhoafpjfnlhfpfgnpldfl] Skype Extension v.5.3.0.7550 (Désactivé)
~ Google Browser: 13 Legitimates Filtered in 00mn 20s

—\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = preserve
~ IE Browser: 16 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 – Toolbar: Google Toolbar [64Bits] – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSProgram [Public]: Safari.lnk . (…) — C:WindowsInstaller{FA4C2D53-205F-4245-9717-F3761154824D}SafariIco.exe
O4 – GSQuickLaunch [Pierre]: Apple Safari.lnk . (…) — C:WindowsInstaller{FA4C2D53-205F-4245-9717-F3761154824D}SafariIco.exe
O4 – GSQuickLaunch [Pierre]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSTaskBar [Pierre]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSProgram [Pierre]: Create Amazing Presentations.lnk – Clé orpheline
~ Global Startup: 67 Legitimates Filtered in 00mn 12s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Public]: Bluetooth.lnk . (…) — C:Program Files (x86)WIDCOMMBluetooth SoftwareBTTray.exe (.not file.)
O4 – GSStartup [Pierre]: OpenOffice.org 3.2.lnk . (…) — C:Program Files (x86)OpenOffice.org 3programquickstart.exe
O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [Apoint] C:Program Files (x86)ApointApoint.exe (.not file.)
O4 – HKLM..Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. – Java(TM) Platform SE binary.) — C:Program FilesJavajre6binjusched.exe =>.Oracle Corporation
O4 – HKCU..Run: [RegistryBooster] C:Program Files (x86)UniblueRegistryBoosterlauncher.exe (.not file.)
O4 – HKCU..Run: [EA Core] C:Program Files (x86)Electronic ArtsEADMCore.exe (.not file.)
O4 – HKCU..Run: [MobileDocuments] C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe (.not file.)
O4 – HKCU..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
O4 – HKLM..Wow6432NodeRun: [IAStorIcon] . (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
O4 – HKLM..Wow6432NodeRun: [ISBMgr.exe] . (.Sony Corporation – Pas de description.) — C:Program Files (x86)SonyISB UtilityISBMgr.exe
O4 – HKLM..Wow6432NodeRun: [PMBVolumeWatcher] . (.Sony Corporation – Media Check Tool.) — C:Program Files (x86)SonyPMBPMBVolumeWatcher.exe
O4 – HKLM..Wow6432NodeRun: [MarketingTools] . (.Sony Corporation – Marketing Tools.) — C:Program Files (x86)SonyMarketing ToolsMarketingTools.exe
O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [avast] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5avastUI.exe
O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Wow6432NodeRun: [AppleSyncNotifier] . (.Apple Inc. – AppleSyncNotifier.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe
O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-3189626866-2071851707-179816275-1000..Run: [RegistryBooster] C:Program Files (x86)UniblueRegistryBoosterlauncher.exe (.not file.)
O4 – HKUSS-1-5-21-3189626866-2071851707-179816275-1000..Run: [EA Core] C:Program Files (x86)Electronic ArtsEADMCore.exe (.not file.)
O4 – HKUSS-1-5-21-3189626866-2071851707-179816275-1000..Run: [MobileDocuments] C:Program Files (x86)Common FilesAppleInternet Servicesubd.exe (.not file.)
O4 – HKUSS-1-5-21-3189626866-2071851707-179816275-1000..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
~ Application: Scanned in 00mn 01s

—\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 – Extra button: @C:Program FilesWIDCOMMBluetooth Softwarebtrez.dll,-12650 [64Bits] – {CCA281CA-C863-46ef-9331-5C8D4460577F} . (…) — C:Program FilesWIDCOMMBluetooth Softwarebt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{07E4CE2C-F705-4C12-A47C-8A10D4018C37}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{07E4CE2C-F705-4C12-A47C-8A10D4018C37}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{07E4CE2C-F705-4C12-A47C-8A10D4018C37}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlmailhtml [64Bits] – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (…) —
O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: Util SaltarSmart (Util SaltarSmart) . (…) – C:Program Files (x86)SaltarSmartbinutilSaltarSmart.exe (.not file.) =>PUP.SaltarSmart
O23 – Service: VAIO Entertainment Database Service (VzCdbSvc) . (.Sony Corporation – VAIO Entertainment Database Service.) – C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe
~ Services: 23 Legitimates Filtered in 00mn 28s

—\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{6349EAA0-7E30-40DC-9783-08462CE24A99}] (…) — C:UsersPierreDesktopopen office.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9FC8BC47-EAC3-43CB-89AB-51EAAB3B983C}] (…) — E:autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Launch Application] (…) — C:Program FilesSONYVAIO Update CommonShellexeProxy.exe (.not file.) [0]
~ Scheduled Task: 34 Legitimates Filtered in 00mn 38s

—\ HKCU & HKLM Software Keys
[HKLMSoftwareWow6432NodeVBMZ]
~ Key Software: 173 Legitimates Filtered in 00mn 01s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 24/09/2012 – 18:18:28 – [0] —-D C:Program Files (x86)GUM318B.tmp
O43 – CFD: 22/12/2010 – 17:51:40 – [0] —-D C:Program Files (x86)LimeWire
O43 – CFD: 03/06/2011 – 11:23:25 – [1,325] —-D C:Program Files (x86)Shareaza
O43 – CFD: 25/10/2013 – 21:48:28 – [0,019] —-D C:ProgramDataDatamngr =>PUP.Datamngr
O43 – CFD: 03/06/2011 – 11:23:21 – [0,092] —-D C:UsersPierreAppDataRoamingShareaza
O43 – CFD: 31/10/2010 – 12:52:11 – [0] —-D C:UsersPierreAppDataLocalShareaza
~ Program Folder: 178 Legitimates Filtered in 03mn 58s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.42E457CA221EFE73CB07585251B3FB07] – 24/10/2013 – 20:23:42 —A- . (…) — C:WindowsIE10_main.log [149336]
O44 – LFC:[MD5.EA4FD9AFC988185F62B9A70D6DECFB04] – 25/10/2013 – 21:41:28 –HA- . (…) — C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [22704]
O44 – LFC:[MD5.EA4FD9AFC988185F62B9A70D6DECFB04] – 25/10/2013 – 21:41:28 –HA- . (…) — C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [22704]
O44 – LFC:[MD5.EA4FD9AFC988185F62B9A70D6DECFB04] – 25/10/2013 – 21:41:28 –HA- . (…) — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [22704]
O44 – LFC:[MD5.EA4FD9AFC988185F62B9A70D6DECFB04] – 25/10/2013 – 21:41:28 –HA- . (…) — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [22704]
~ Files: 46 Legitimates Filtered in 01mn 13s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.1FDC331F69590A732DFF987F3C466BEC] – 01/10/2013 – 19:51:31 —A- – C:WindowsPrefetchWBCBATTERYCARE.EXE-DF7B7EEA.pf
O45 – LFCP:[MD5.37F4BBD83A67BCBB60CB9C1F7B4854A0] – 19/10/2013 – 22:14:57 —A- – C:WindowsPrefetchADMLOAD.EXE-BC3F26C0.pf
O45 – LFCP:[MD5.BC0B688FD86A734B3311CD299F68ACC9] – 24/10/2013 – 20:15:22 —A- – C:WindowsPrefetchVCMIALZMGR.EXE-40E91E41.pf
O45 – LFCP:[MD5.4CD6842BA9F85A3AE966D97CAF24E9CB] – 24/10/2013 – 20:16:45 —A- – C:WindowsPrefetchVCSYSTRAY.EXE-6744AB5E.pf
O45 – LFCP:[MD5.9D87E91C243BA43D1D3607697E1805DE] – 25/09/2013 – 20:49:21 —A- – C:WindowsPrefetchCOM.APPLE.WINDOWSCONTACTS.CLI-FDA196F1.pf
O45 – LFCP:[MD5.8E4F792CEE11B51F339636E48D5D8D70] – 25/09/2013 – 20:49:30 —A- – C:WindowsPrefetchSYNCUIHANDLER.EXE-328587BA.pf
O45 – LFCP:[MD5.E4D4334DF59C6F475197B7BBD47A05BF] – 25/09/2013 – 21:03:34 —A- – C:WindowsPrefetchMINGLER.EXE-D8BD2F63.pf
O45 – LFCP:[MD5.37D9A86C5A6B0825625BD93856361BF3] – 25/10/2013 – 20:37:53 —A- – C:WindowsPrefetchVCMINSMGR.EXE-F1F81419.pf
O45 – LFCP:[MD5.E0E1CFFABF963BC426027AE2EB935327] – 25/10/2013 – 20:37:58 —A- – C:WindowsPrefetchVSNSERVICE.EXE-F4985EFC.pf
O45 – LFCP:[MD5.EFA5303768905FB4E41D9702000CC13A] – 25/10/2013 – 20:37:59 —A- – C:WindowsPrefetchVESMGRSUB.EXE-E0B47857.pf
O45 – LFCP:[MD5.59FEA2A340808194F060459129BF59E5] – 25/10/2013 – 20:37:59 —A- – C:WindowsPrefetchVZCDBSVC.EXE-AB953ACE.pf
O45 – LFCP:[MD5.CA6AD61474611DC2ABCCD5A3879E9E0C] – 25/10/2013 – 20:39:35 —A- – C:WindowsPrefetchAPVFB.EXE-2F577785.pf
~ Prefetcher: 122 Legitimates Filtered in 00mn 06s

—\ Image File Execution Options (IFEO) (O50)
O50 – IFEO:Image File Execution Options – bitguard.exe – tasklist.exe =>PUP.BitGuard
O50 – IFEO:Image File Execution Options – bprotect.exe – tasklist.exe
O50 – IFEO:Image File Execution Options – browserdefender.exe – tasklist.exe =>Hijacker.Eazel
O50 – IFEO:Image File Execution Options – browserprotect.exe – tasklist.exe =>Hijacker.Eazel
~ IFEO: Scanned in 00mn 00s

—\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 – MPSK:{1f2609f7-d0b6-11df-ae8d-0024bec45d8a}AutoRuncommand. (…) — G:AutoRunCardDetector.exe (.not file.)
O51 – MPSK:{856390f8-e80a-11df-979d-0024bec45d8a}AutoRuncommand. (…) — G:LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.286193DC28CFB4CEB8D378E20A0850A9] – 30/08/2013 – 08:48:10 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65336]
~ Drivers: 16 Legitimates Filtered in 00mn 01s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 25/10/2013 – 22:45:47 —A- . (…) — C:UsersPierreAppDataLocalGoogleToolbar Cache7.5.4601.54frtranslate_languages.json.content [1497]
O61 – LFC: 25/10/2013 – 23:00:21 —A- . (…) — C:UsersPierreAppDataRoamingGoogleLocal Search Historygoogle%2Eweb.w [63452]
O61 – LFC: 25/10/2013 – 23:00:35 —A- . (…) — C:UsersPierreAppDataRoamingZHPLog.txt [18908] =>.Nicolas Coolman
O61 – LFC: 25/10/2013 – 23:00:35 —A- . (…) — C:UsersPierreAppDataRoamingZHPTestsZHPDiag.txt [2884] =>.Nicolas Coolman
O61 – LFC: 25/10/2013 – 23:00:44 —A- . (…) — C:UsersPierreDownloadsadwcleaner.exe [1060070]
~ 6 Fichiers temporaires (Temporary files)
~ Files: 32 Legitimates Filtered in 16mn 38s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Apple Inc. – Safari.) — C:Program Files (x86)SafariSafari.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Not Key.)
~ Keys: Scanned in 00mn 00s

—\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.7ABE2BE30B5AFFBE8BD09B9EEF5C6961] [SPRF][14/06/2011] (…) — C:ProgramDataezsidmv.dat [56]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][29/12/2010] (…) — C:UsersPierreAppDataLocalTemp5abciw0t.dll [0]
[MD5.F59F192D75396538912A87A5A8447E70] [SPRF][24/09/2012] (.Ask.com – AskStub Application.) — C:UsersPierreAppDataLocalTempApnStub.exe [357032]
[MD5.709DC78EA9EFBDA2226AE93080ABC80A] [SPRF][02/08/2013] (…) — C:UsersPierreAppDataLocalTempapnuserid.dat [16]
[MD5.85D8CE590AD8981CA2C8286F79F59954] [SPRF][02/08/2013] (…) — C:UsersPierreAppDataLocalTempappid.dat [3]
[MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][01/10/2013] (…) — C:UsersPierreAppDataLocalTempBackupSetup.exe [10355400]
[MD5.4599E1CF12B415B88EC4D6473559523E] [SPRF][09/10/2010] (…) — C:UsersPierreAppDataLocalTempEADB875.exe [212992]
[MD5.9495FF73014B8A17BD4798911AD097FA] [SPRF][20/09/2011] (…) — C:UsersPierreAppDataLocalTempExtract.bat [87]
[MD5.4D8BA2E4CDF22E8AE6EDA93133CAA84D] [SPRF][14/06/2011] (…) — C:UsersPierreAppDataLocalTempGoogleChromeInstaller.exe [579976]
[MD5.4842726AF66D7AFB8FAC1B7FEF0F5634] [SPRF][01/10/2013] (…) — C:UsersPierreAppDataLocalTempICReinstall_FLVPlayerSetup.exe [936640]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][20/09/2013] (…) — C:UsersPierreAppDataLocalTempiojlkfmu.dll [0]
[MD5.8525CB5D57FBB87967169BC0735BDE57] [SPRF][09/12/2011] (.Complitly – Complitly Setup.) — C:UsersPierreAppDataLocalTempKreapixel_addonAcPro.exe [579904] =>Adware.PredictAd
[MD5.538719FC10378FF4E835008B37AD2CBB] [SPRF][08/10/2010] (.Lime Wire LLC – The Fastest File Sharing Program on Earth.) — C:UsersPierreAppDataLocalTempLimeWireWin.exe [29470991]
[MD5.7C90F77D368CABEA7B726A3758D6D761] [SPRF][07/12/2011] (.Babylon Ltd. – Babylon Client Setup.) — C:UsersPierreAppDataLocalTempMyBabylonTB.exe [919664] =>Toolbar.Babylon
[MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][19/10/2013] (…) — C:UsersPierreAppDataLocalTempQuarantine.exe [344355]
[MD5.466C4732BC4B126B94B0E69C6B5A2348] [SPRF][01/09/2013] (.Pas de propriétaire – SendMsg.) — C:UsersPierreAppDataLocalTempSendMsg.dll [9216]
[MD5.107DD417BE37F067AF3139976CD93C9B] [SPRF][07/12/2011] (…) — C:UsersPierreAppDataLocalTempSetup.exe [398635]
[MD5.39CA2C1AF7AB0621907A2606F617560B] [SPRF][19/08/2011] (…) — C:UsersPierreAppDataLocalTempSkypeSetup.exe [19505152]
[MD5.8CB22BDD0B7BA1AB13D742E22EED8DA2] [SPRF][02/08/2013] (…) — C:UsersPierreAppDataLocalTempsysid.dat [3]
[MD5.BDEE9D936EFB7C76DF778F45F1CF130D] [SPRF][02/08/2013] (…) — C:UsersPierreAppDataLocalTemptrackid.dat [6]
[MD5.3C74C26999F2060BC6302448F173A342] [SPRF][28/08/2013] (.Babylon Ltd. – Uninstaller Application.) — C:UsersPierreAppDataLocalTempuninst1.exe [340464] =>Toolbar.Babylon
[MD5.DA52CD11B68E526DE1EC4E730FF8AAF3] [SPRF][01/10/2013] (…) — C:UsersPierreAppDataLocalTempUnipack_Installer.exe [205436]
[MD5.02764A733C6F506C59F300929F3299C5] [SPRF][01/10/2013] (…) — C:UsersPierreAppDataLocalTempVisualBeeTB_yh.exe [775152] =>Adware.VisualBeeToolbar
[MD5.E93D456A74A43DCB034B5EBF37C3E40D] [SPRF][01/10/2013] (.Rcjbxb – Lqkliucvjk.) — C:UsersPierreAppDataLocalTempVisualBeeWebext.exe [4941896] =>Adware.VisualBeeToolbar
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][20/09/2013] (…) — C:UsersPierreAppDataLocalTempwl9px5qt.dll [0]
[MD5.287F564C6947747642013BA1F772EEB8] [SPRF][25/11/2011] (…) — C:UsersPierreAppDataLocalTemp{F3ECBB9C-587F-41E7-AA59-FD6147BEF8CF}-chrome_installer.exe [15661977]
[MD5.3C93AE560417C3963D1FDDD843BD4ED3] [SPRF][28/09/2013] (…) — C:UsersPierreAppDataRoamingwklnhst.dat [4568]
~ Files: 59 Legitimates Filtered in 00mn 35s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “{D0C6E0CB-51C2-4123-B145-A73FF75A6377}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)LimeWireLimeWire.exe (.not file.)
O87 – FAEL: “{EF924709-C5C6-4A08-95A0-15290A6C1BC1}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)LimeWireLimeWire.exe (.not file.)
O87 – FAEL: “TCP Query User{040A471F-57D0-43FE-82AD-0A40A99C7CEB}C:program files (x86)limewirelimewire.exe” |In – Public – P6 – TRUE | .(…) — C:program files (x86)limewirelimewire.exe (.not file.)
O87 – FAEL: “UDP Query User{4079E5A7-34E2-45E9-A5A9-6E8CD72CF1C7}C:program files (x86)limewirelimewire.exe” |In – Public – P17 – TRUE | .(…) — C:program files (x86)limewirelimewire.exe (.not file.)
O87 – FAEL: “TCP Query User{54BB10C3-4D9C-44D9-89C7-F748F2627352}C:program files (x86)shareazashareaza.exe” |In – Public – P6 – TRUE | .(…) — C:program files (x86)shareazashareaza.exe (.not file.)
O87 – FAEL: “UDP Query User{CCC5C5FC-A21C-4138-B14B-CB4FE6B3FA46}C:program files (x86)shareazashareaza.exe” |In – Public – P17 – TRUE | .(…) — C:program files (x86)shareazashareaza.exe (.not file.)
O87 – FAEL: “{DF8BD093-B460-4AB3-8CE1-26056611F425}” |In – Private – P6 – TRUE | .(…) — C:UsersPierreAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5PC3QSHDDSweetImSetup.exe (.not file.) =>PUP.SweetIM
O87 – FAEL: “{79B2BD7D-6880-463A-B10F-581DFD5813B5}” |In – Private – P17 – TRUE | .(…) — C:UsersPierreAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5PC3QSHDDSweetImSetup.exe (.not file.) =>PUP.SweetIM
O87 – FAEL: “{83E530DF-B4E3-452A-8DBC-45DC41F6739F}” |In – Private – P6 – TRUE | .(…) — C:Program Files (x86)Movies ToolbarDatamngrSRTOOL~1IEdtUser.exe (.not file.) =>Adware.Bandoo
O87 – FAEL: “{147600D2-8C3D-4AD3-9794-FD5F69D6A722}” |In – Private – P17 – TRUE | .(…) — C:Program Files (x86)Movies ToolbarDatamngrSRTOOL~1IEdtUser.exe (.not file.) =>Adware.Bandoo
~ Firewall: 244 Legitimates Filtered in 00mn 02s

—\ Enumère les codes produits des logiciels (PUC) (O90)
O90 – PUC: “6CCF58E6290D45A488938282D471A25D” . (.SphinxIQ.) — C:WindowsInstaller{6E85FCC6-D092-4A54-8839-28284D172AD5}ARPPRODUCTICON.exe
~ Update Products: 160 Legitimates Filtered in 00mn 00s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.5FF2B0F7835519063800D9F2DB535131] [WIS][22/08/2013] (.QwertyBox Team – FrameFox Extensions 1.0.7.0 Setup.) — C:WindowsInstaller205f38.msi [417792] =>PUP.FrameFox
~ WIS: 162 Legitimates Filtered in 04mn 15s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 06/02/2009 109056 | (ACDaemon) . (.ArcSoft Inc..) – C:Program Files (x86)Common FilesArcSoftConnection ServiceBinACService.exe
SR – | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SS – | Demand 10/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
SR – | Auto 08/10/2010 202752 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
SR – | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
SR – | Auto 30/08/2013 46808 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SR – | Auto 04/09/2009 873248 | (btwdins) . (.Broadcom Corporation..) – C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe
SS – | Auto 11/02/2010 133104 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 11/02/2010 133104 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 03/09/2012 194032 | (gusvc) . (.Google.) – C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
SR – | Auto 21/11/2009 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
SR – | Demand 12/12/2012 641504 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SR – | Auto 14/12/2009 268824 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe
SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe
SR – | Auto 24/10/2009 360224 | (PMBDeviceInfoProvider) . (.Sony Corporation.) – C:Program Files (x86)SonyPMBPMBDeviceInfoProvider.exe
SS – | Demand 31/08/2009 313840 | (Roxio UPnP Renderer 10) . (.Sonic Solutions.) – C:Program Files (x86)RoxioDigital Home 10RoxioUPnPRenderer10.exe
SS – | Auto 31/08/2009 362992 | (Roxio Upnp Server 10) . (.Sonic Solutions.) – C:Program Files (x86)RoxioDigital Home 10RoxioUpnpService10.exe
SR – | Auto 29/01/2011 259192 | (SampleCollector) . (.Sony Corporation.) – C:Program FilesSonyVAIO CareVCPerfService.exe
SS – | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
SS – | Demand 15/10/2009 120104 | (SOHCImp) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHCImp.exe
SS – | Demand 15/10/2009 70952 | (SOHDBSvr) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHDBSvr.exe
SS – | Demand 15/10/2009 427304 | (SOHDms) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHDms.exe
SS – | Demand 15/10/2009 75048 | (SOHDs) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHDs.exe
SS – | Demand 15/10/2009 91432 | (SOHPlMgr) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHPlMgr.exe
SR – | Auto 18/09/2008 104960 | (uCamMonitor) . (.ArcSoft, Inc..) – C:Program Files (x86)ArcSoftMagic-i Visual Effects 2uCamMonitor.exe
SR – | Auto 14/12/2009 2320920 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
SS – | Auto 10/07/1658 0 | (Util SaltarSmart) . (…) – C:Program Files (x86)SaltarSmartbinutilSaltarSmart.exe =>PUP.SaltarSmart
SS – | Demand 14/09/2009 69632 | (VAIO Entertainment TV Device Arbitration Service) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzHardwareResourceManagerVzHardwareResourceManagerVzHardwareResourceManager.exe
SR – | Auto 28/05/2010 205168 | (VAIO Event Service) . (.Sony Corporation.) – C:Program Files (x86)SONYVAIO Event ServiceVESMgr.exe
SR – | Demand 30/11/2009 571248 | (VAIO Power Management) . (.Sony Corporation.) – C:Program FilesSonyVAIO Power ManagementSPMService.exe
SR – | Auto 14/09/2009 642416 | (VCFw) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedVAIO Content Folder WatcherVCFw.exe
SR – | Auto 19/02/2010 529776 | (VcmIAlzMgr) . (.Sony Corporation.) – C:Program FilesSonyVCM Intelligent Analyzing ManagerVcmIAlzMgr.exe
SR – | Auto 19/02/2010 386416 | (VcmINSMgr) . (.Sony Corporation.) – C:Program FilesSonyVCM Intelligent Network Service ManagerVcmINSMgr.exe
SS – | Demand 19/02/2010 115568 | (VcmXmlIfHelper) . (.Sony Corporation.) – C:Program FilesCommon FilesSony SharedVcmXmlVcmXmlIfHelper64.exe
SR – | Demand 14/02/2011 44736 | (VCService) . (.Sony Corporation.) – C:Program FilesSonyVAIO CareVCService.exe
SR – | Auto 11/08/2010 845312 | (VSNService) . (.Sony Corporation.) – C:Program FilesSonyVAIO Smart NetworkVSNService.exe
SR – | Demand 26/10/2012 1286784 | (VUAgent) . (.Sony Corporation.) – C:Program FilesSonyVAIO UpdateVUAgent.exe
SR – | Auto 14/09/2009 206336 | (VzCdbSvc) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedVAIO Entertainment PlatformVzCdbVzCdbSvc.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 04mn 30s

—\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Pierre at 25/10/2013 23:08:20
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Scan Additionnel (O88)
Database Version : 12960 – (24/10/2013)
Clés trouvées (Keys found) : 30
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 17

[HKLMSoftwareGoogleChromeExtensionsaaaaabcbmongicmdegkmmfgdickgnnob] =>Adware.Bandoo^
[HKLMSoftwareGoogleChromeExtensionschdboodilddefglllfoimeceomkpmkbi] =>PUP.SaltarSmart^
[HKLMSYSTEMCurrentControlSetServicesUtil SaltarSmart] =>PUP.SaltarSmart^
[HKCUSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsE12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ProductsA28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsB66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsD677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsDD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsE36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsEF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodesF928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch
[HKLMSoftwareWow6432NodeVBMZ] =>Toolbar.Conduit
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster
[HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:swg =>Toolbar.Google^
C:ProgramDataDatamngr =>PUP.Datamngr^
C:UsersPierreAppDataLocalGoogleChromeUser DataDefaultExtensionsdlfienamagdnkekbbbocojppncdambda =>Adware.PredictAd
C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbarUser_32.exe =>Toolbar.Google^
C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google^
C:UsersPierreAppDataLocalGoogleChromeUser DataDefaultExtensionsaaaaabcbmongicmdegkmmfgdickgnnob =>Adware.Bandoo^
C:UsersPierreAppDataLocalGoogleChromeUser DataDefaultExtensionschdboodilddefglllfoimeceomkpmkbi =>PUP.SaltarSmart^
C:UsersPierreAppDataLocalTempKreapixel_addonAcPro.exe =>Adware.PredictAd^
C:UsersPierreAppDataLocalTempMyBabylonTB.exe =>Toolbar.Babylon^
C:UsersPierreAppDataLocalTempuninst1.exe =>Toolbar.Babylon^
C:UsersPierreAppDataLocalTempVisualBeeTB_yh.exe =>Adware.VisualBeeToolbar^
C:UsersPierreAppDataLocalTempVisualBeeWebext.exe =>Adware.VisualBeeToolbar^
C:WindowsInstaller205f38.msi =>PUP.FrameFox^
C:UsersPierreAppDataLocalTempbabylon.jpg =>PUP.SweetIM
C:UsersPierreAppDataLocalTempGoogleToolbarInstaller1.log =>Toolbar.Babylon
C:UsersPierreAppDataLocalTempGoogleToolbarInstaller2.log =>Toolbar.Babylon
C:UsersPierreAppDataLocalTemppricepeep.bmp =>Adware.PricePeep
~ Additionnel Scan: 403210 Items scanned in 02mn 35s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google” onclick=”window.open(this.href);return false; =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo” onclick=”window.open(this.href);return false; =>Adware.Bandoo
~ http://nicolascoolman.webs.com/apps/blog/show/33293281-pup-saltarsmart” onclick=”window.open(this.href);return false; =>PUP.SaltarSmart
~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr” onclick=”window.open(this.href);return false; =>PUP.Datamngr
~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard” onclick=”window.open(this.href);return false; =>PUP.BitGuard
~ http://nicolascoolman.webs.com/apps/blog/show/27161672-hijacker-eazel” onclick=”window.open(this.href);return false; =>Hijacker.Eazel
~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad” onclick=”window.open(this.href);return false; =>Adware.PredictAd
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/29058830-adware-visualbeetoolbar” onclick=”window.open(this.href);return false; =>Adware.VisualBeeToolbar
~ http://nicolascoolman.webs.com/apps/blog/show/29216159-pup-sweetim” onclick=”window.open(this.href);return false; =>PUP.SweetIM
~ http://nicolascoolman.webs.com/apps/blog/show/32789922-pup-framefox” onclick=”window.open(this.href);return false; =>PUP.FrameFox
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask” onclick=”window.open(this.href);return false; =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster” onclick=”window.open(this.href);return false; =>Adware.IMBooster
~ MSI: 15 link(s) detected in 02mn 36s

~ 1361 Legitimates filtered by white list
End of the scan (606 lines in 35mn 13s)(0)[/spoiler:4pnhjyqj]