Répondre à : PC infecté suite à virus clé usb raccourcis 2016-09-08T13:12:09+00:00
omartin
Participant
Post count: 10

Voilà le rapport ZHPDiag :

[spoiler:3n4gqaxu]~ Rapport de ZHPDiag v2013.10.28.74 – Nicolas Coolman (28/10/2013)
~ Lancé par Olivia (29/10/2013 19:21:02)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program

—\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721
GCIE: Google Chrome v23.0.1271.95 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : PV9HW
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

—\ Logiciels d'optimisation du système
CCleaner v4.04 =>Piriform Ltd

—\ Logiciels de partage PeerToPeer
µTorrent v2.0.3 =>P2P.µTorrent

—\ Surveillance de Logiciels
Adobe Flash Player 10 Plugin
Adobe Reader XI

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4008 MB (40% free)
System Restore: Activé (Enable)
System drive C: has 71 GB (36%) free of 195 GB

—\ Mode de connexion au système
~ Computer Name: OLIVIA-PC
~ User Name: Olivia
~ All Users Names: UpdatusUser, Olivia, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d'environnement
~ System Unit : C:
~ %AppZHP% : C:UsersOliviaAppDataRoamingZHP
~ %AppData% : C:UsersOliviaAppDataRoaming
~ %Desktop% : C:UsersOliviaDesktop
~ %Favorites% : C:UsersOliviaFavorites
~ %LocalAppData% : C:UsersOliviaAppDataLocal
~ %StartMenu% : C:UsersOliviaAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 71 Go of 195 Go)
D: Hard drive, Flash drive, Thumb drive (Free 245 Go of 245 Go)
E: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)

—\ Etat du Centre de Sécurité Windows
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyGames: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.22/09/2013 – 23:55:10.) — C:WindowsSystem32wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:32.) — C:WindowsSystem32Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:28.) — C:WindowsSystem32sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.14/09/2013 – 02:10:19.) — C:Windowssystem32DriversAFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:22.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:34.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:44.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:22.) — C:Windowssystem32DriversnetBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:36.) — C:Windowssystem32DriversRasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.20/11/2010 – 12:06:42.) — C:Windowssystem32Driversrdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:58.) — C:Windowssystem32Driverstdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:04.) — C:Windowssystem32Driversvolsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/14577
~ Mes musiques (My Musics) : 1/86
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 4/1418
~ Mon Bureau (My Desktop) : 1/593
~ Menu demarrer (Programs) : 1/41
~ Hidden Files: Scanned in 00mn 05s

—\ Processus lancés
[MD5.5BB1F77C8AF725A15EC9366498D275BB] – (.ASUS – ATKOSD2.) — C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe [5732992] [PID.3048]
[MD5.F4DCD4912B185C3AAEB92A7040832AD1] – (.Pas de propriétaire – ALU.) — C:Program Files (x86)ASUSASUS Live UpdateALU.exe [51768] [PID.3460]
[MD5.868E3486E7EC522330344152A5535783] – (.ASUS – SmartLogon Application.) — C:Program Files (x86)ASUSSmartLogonsensorsrv.exe [305720] [PID.3744]
[MD5.37DEB76A2CF005841C4E45DE2B94D84F] – (.ASUS – AsScrPro.) — C:WindowsAsScrPro.exe [3058304] [PID.3772]
[MD5.57B4D34232852BFE4453BE571DF90D21] – (.CyberLink – CyberLink MediaLibray Service.) — C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe [103720] [PID.3844]
[MD5.CFE31B91A0A997F1A0F797B717D087A8] – (.Ralink Technology, Corp. – Ralink Wireless LAN Card Utility.) — C:Program Files (x86)RalinkCommonRaUI.exe [15621008] [PID.4476]
[MD5.79A3B950988F8D2B81906D0C0473158B] – (.ASUS – ATK Media.) — C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe [170624] [PID.4892]
[MD5.5AEBF6FA9805C9101220AA4FB4FA17E7] – (.ASUS – HControlUser.) — C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe [105016] [PID.4908]
[MD5.FD22B00049F775E952371E9C3DAC631B] – (.Pas de propriétaire – Wireless Console 3.) — C:Program Files (x86)ASUSWireless Console 3wcourier.exe [1601536] [PID.4964]
[MD5.21293443961A4E2597453EE7A9347F22] – (.Hewlett-Packard – hpwuSchd Application.) — C:Program Files (x86)HPHP Software UpdatehpwuSchd2.exe [54840] [PID.5068]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [4858968] [PID.5076]
[MD5.D6264E83183E3E3D96F9B05AABE5E347] – (.Microsoft Corporation – Microsoft Word.) — C:Program Files (x86)Microsoft OfficeOffice14WINWORD.exe [1423008] [PID.2244]
[MD5.B6080F3A1CA495190D1583C2202CAA61] – (.Skype Technologies S.A. – Skype.) — C:Program Files (x86)SkypePhoneSkype.exe [17148552] [PID.4700]
[MD5.9209994CFBDF2814AC8CB16DA267600D] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [1242728] [PID.5272]
[MD5.3B605772669BDFD6DC266B9320E87B45] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8143872] [PID.628]
[MD5.18E5C2F937F9DEB8C282DF66A3761925] – (.ASUS – ASLDR Service.) — C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe [84536] [PID.1468]
[MD5.7910158929571214A959D5A6D16DD9C0] – (.ASUS – GFNEXSrv.) — C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe [96896] [PID.1536]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [46808] [PID.1560]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1732]
[MD5.A6307F356D778E18A76E7783EF98C6AA] – (.Atheros – Atheros Coex Service Application.) — C:Program Files (x86)AtherosAth_CoexAgent.exe [151552] [PID.1700]
[MD5.4E033A3D13F2D3611A7DF0A60CE090CB] – (.Ralink Technology, Corp. – RalinkRegistryWriter.) — C:Program Files (x86)RalinkCommonRaRegistry.exe [372736] [PID.2324]
[MD5.7F32D4C47A50E7223491E8FB9359907D] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [325656] [PID.2800]
[MD5.4B7636C52A359AB0783B350A5FBDBB49] – (.NVIDIA Corporation – NVIDIA Settings Update Manager.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe [2009704] [PID.5628]
[MD5.2C16648A12999AE69A9EBF41974B0BA2] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2656280] [PID.5880]
~ Processes Running: Scanned in 00mn 02s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersOliviaAppDataLocalGoogleChromeUser DataDefaultPreferences
G2 – GCE: Preference [User DataDefault] [aipfmkinhleccnodemkoofnnofpbbpac] Search-Gol Toolbar v.1.0 (Désactivé)
~ Google Browser: 8 Legitimates Filtered in 00mn 10s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. – EPSON Scan.) — C:Windowstwain_32escndvescndv.exe
O4 – GSDesktop [Public]: Internet Mobile 3G+ Bouygues Telecom.lnk . (.Bouygues – Internet Mobile 3G+ Bouygues Telecom.) — C:Program Files (x86)Bouygues TelecomInternet 3G+Bouygues.exe
O4 – GSDesktop [Public]: PDF-Viewer.lnk . (.Tracker Software Products (Canada) Ltd. – PDF-XChange Viewer.) — C:Program FilesTracker SoftwarePDF ViewerPDFXCview.exe
O4 – GSDesktop [Public]: SmartLogon Manager.lnk . (.ASUS – SmartLogon Application.) — C:Program Files (x86)ASUSSmartLogonlogonmgr.exe
O4 – GSProgram [Public]: HD VDeck.lnk . (.VIA – VIA HD Audio CPL.) — C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe
O4 – GSQuickLaunch [UpdatusUser]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [Olivia]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [Olivia]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSTaskBar [Olivia]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSTaskBar [Olivia]: µTorrent.lnk . (.BitTorrent, Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
O4 – GSProgram [Olivia]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSSystemTools [Olivia]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSDesktop [Olivia]: APC – Alim32.lnk . (.Animal Production Consulting sa – Gestion de l'Alimentation Bovine.) — C:Alim32ALIM.exe
O4 – GSDesktop [Olivia]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
O4 – GSDesktop [Olivia]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
~ Global Startup: 79 Legitimates Filtered in 00mn 02s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Public]: Ralink Wireless Utility.lnk . (.Ralink Technology, Corp. – Ralink Wireless LAN Card Utility.) — C:Program Files (x86)RalinkCommonRaUI.exe
O4 – GSStartup [Olivia]: Dropbox.lnk . (.Dropbox, Inc. – Dropbox.) — C:UsersOliviaAppDataRoamingDropboxbinDropbox.exe
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:Windowssystem32igfxpers.exe
O4 – HKLM..Run: [ETDWare] C:Program Files (x86)ElantechETDCtrl.exe (.not file.)
O4 – HKLM..Run: [AmIcoSinglun64] . (.Alcor Micro Corp. – Single LUN Icon Utility for VID 058F PID 63.) — C:Program Files (x86)AmIcoSingLunAmIcoSinglun64.exe
O4 – HKLM..Run: [AtherosBtStack] . (.Atheros Communications – Serveur Stack Bluetooth.) — C:Program Files (x86)AtherosBluetooth SuiteBtvStack.exe
O4 – HKLM..Run: [AthBtTray] . (.Atheros Commnucations – Bluetooth Suite Common Rescource.) — C:Program Files (x86)AtherosBluetooth SuiteAthBtTray.exe
O4 – HKLM..Run: [IntelTBRunOnce] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
O4 – HKLM..Wow6432NodeRun: [ASUSPRP] . (.ASUSTek Computer Inc. – ASUS Product Register Program.) — C:Program Files (x86)ASUSAPRPAPRP.exe
O4 – HKLM..Wow6432NodeRun: [HDAudDeck] . (.VIA – VIA HD Audio CPL.) — C:Program Files (x86)VIAVIAudioiVDeckVDeck.exe
O4 – HKLM..Wow6432NodeRun: [ATKMEDIA] . (.ASUS – ATK Media.) — C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe
O4 – HKLM..Wow6432NodeRun: [HControlUser] . (.ASUS – HControlUser.) — C:Program Files (x86)ASUSATK PackageATK HotkeyHControlUser.exe
O4 – HKLM..Wow6432NodeRun: [Wireless Console 3] . (.Pas de propriétaire – Wireless Console 3.) — C:Program Files (x86)ASUSWireless Console 3wcourier.exe
O4 – HKLM..Wow6432NodeRun: [StopDefragment] Clé orpheline
O4 – HKLM..Wow6432NodeRun: [UpdateLBPShortCut] . (.CyberLink Corp. – MUI StartMenu Application.) — C:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe
O4 – HKLM..Wow6432NodeRun: [UpdateP2GoShortCut] . (.CyberLink Corp. – MUI StartMenu Application.) — C:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe
O4 – HKLM..Wow6432NodeRun: [HP Software Update] . (.Hewlett-Packard – hpwuSchd Application.) — C:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe =>.Hewlett-Packard Co
O4 – HKLM..Wow6432NodeRun: [avast] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastavastUI.exe
O4 – HKLM..Wow6432NodeRun: [BCSSync] . (.Microsoft Corporation – Microsoft Office 2010 component.) — C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe =>.Microsoft Corporation
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
O4 – HKLM..Wow6432NodeRunOnce: [Malwarebytes Anti-Malware] . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe
O4 – HKLM..Wow6432NodeRunOnce: [Malwarebytes Anti-Malware (cleanup)] . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:ProgramDataMalwarebytesMalwarebytes' Anti-Malwarecleanup.dll
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-4173958784-2195708382-2158073431-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-4173958784-2195708382-2158073431-1000..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 – Extra button: Send by Bluetooth to [64Bits] – {7815BE26-237D-41A8-A98F-F7BD75F71086} — Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{9537D861-4FD4-4722-89E9-6B61EF98B06C}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpip..{B3A18BED-2011-47AF-B4F0-1626EC27A009}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{9537D861-4FD4-4722-89E9-6B61EF98B06C}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{B3A18BED-2011-47AF-B4F0-1626EC27A009}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{9537D861-4FD4-4722-89E9-6B61EF98B06C}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{A95237C0-A63E-487F-AC75-A8A456F07497}: DhcpNameServer = 139.165.214.214
O17 – HKLMSystemCS2ServicesTcpip..{B3A18BED-2011-47AF-B4F0-1626EC27A009}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{A95237C0-A63E-487F-AC75-A8A456F07497}: DhcpDomain = ulg.priv
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
O18 – Filter: text/xml [64Bits] – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – AppInit_DLLs: . (…) – c:progra~3bitguard271769~1.27{c16c1~1loader.dll (.not file.) =>PUP.BitGuard
~ AppInit DLL: Scanned in 00mn 00s

—\ Tâches planifiées en automatique (O39)
[MD5.F86B0B4620EC70A68A87BAEF3B5CE42E] [APT] [ASUS Secure Delete] (…) — C:Program FilesASUSASUS Secure DeleteADDEL.exe [489392]
[MD5.00000000000000000000000000000000] [APT] [{B6F44231-253E-4ADA-A59E-110B41F6EB3F}] (…) — C:UsersOliviaDownloadsLeTarotInstallation_Win.exe (.not file.) [0]
~ Scheduled Task: 23 Legitimates Filtered in 00mn 07s

—\ HKCU & HKLM Software Keys
[HKLMSoftwareWow6432NodeIncrediMail]
~ Key Software: 182 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 05/12/2012 – 09:02:52 – [19,276] —-D C:Program Files (x86)PDF X Change Viewer
O43 – CFD: 24/04/2012 – 23:14:31 – [0,001] —-D C:UsersOliviaAppDataRoaming Dossier Gifour
O43 – CFD: 24/04/2012 – 23:14:31 – [0] —-D C:UsersOliviaAppDataRoamingDossier Gifour
~ 31 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 228 Legitimates Filtered in 00mn 20s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.47A10986E907FAA7A6D11E467402BAAA] – 24/10/2013 – 01:44:36 —A- . (…) — C:WindowsSysNativeServiceFilter.ini [1493]
O44 – LFC:[MD5.47A10986E907FAA7A6D11E467402BAAA] – 24/10/2013 – 01:44:36 —A- . (…) — C:WindowsSystem32ServiceFilter.ini [1493]
O44 – LFC:[MD5.65EEEF92731802B5488EEA4F807B372D] – 28/10/2013 – 22:18:09


. (…) — C:UsbFix [Scan 1] OLIVIA-PC.txt [13115]
O44 – LFC:[MD5.BB1D9630645BEFDAB41B69E484085D9E] – 28/10/2013 – 23:10:23


. (…) — C:UsbFix [Clean 1] OLIVIA-PC.txt [11555]
O44 – LFC:[MD5.6B12453585EC7D9D22E85E322A194086] – 28/10/2013 – 23:16:10


. (…) — C:UsbFix [Scan 2] OLIVIA-PC.txt [12433]
O44 – LFC:[MD5.6D2D00D3AC181410F200865AD25112AC] – 28/10/2013 – 23:28:48 —A- . (…) — C:UsbFix [Clean 3] OLIVIA-PC.txt [15249]
~ Files: 21 Legitimates Filtered in 00mn 19s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.598F0728BC2EBF6B67C04E29E95D4BC4] – 28/10/2013 – 23:10:09 —A- – C:WindowsPrefetchWLRMDR.EXE-C2B47318.pf
O45 – LFCP:[MD5.FD54E2C76004A083B7B175122BA66FCB] – 28/10/2013 – 23:21:54 —A- – C:WindowsPrefetchGO.EXE-0A7DE786.pf
O45 – LFCP:[MD5.CD780416893A6471012A92C8C3F1BD21] – 28/10/2013 – 23:22:27 —A- – C:WindowsPrefetchBITGUARD.EXE-C33DE7F4.pf =>PUP.BitGuard
O45 – LFCP:[MD5.D1E3F7D255880AC77A8E2292BABF2EE7] – 29/10/2013 – 00:42:43 —A- – C:WindowsPrefetchRAUI.EXE-8C9ABD01.pf
O45 – LFCP:[MD5.3A26F95D4018D5B48D638A2CD1A6CEBD] – 29/10/2013 – 00:50:58 —A- – C:WindowsPrefetchNIRCMD.DAT-3B9014DD.pf
O45 – LFCP:[MD5.BB30E7A3D09B9BD6EA0F95D59492D721] – 29/10/2013 – 00:50:59 —A- – C:WindowsPrefetchFC.EXE-F6221E79.pf
O45 – LFCP:[MD5.ECBDD12B8B4AD8CD62DE44EDC8BC1190] – 29/10/2013 – 00:50:59 —A- – C:WindowsPrefetchWGET.DAT-18AA9CA7.pf
O45 – LFCP:[MD5.1D8EAD59BE8CA17BDD198F009A03FD87] – 29/10/2013 – 00:51:07 —A- – C:WindowsPrefetchJRT.EXE-D7D9113B.pf
~ Prefetcher: 141 Legitimates Filtered in 00mn 01s

—\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 – SEH:ShellExecuteHooks – Groove GFS Stub Execution Hook [64Bits] – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:PROGRA~2MICROS~1Office14GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

—\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 – SMSR:HKLM…startupregBouygues Connection Manager [Key] . (.Bouygues – Internet Mobile 3G+ Bouygues Telecom.) — C:Program Files (x86)Bouygues TelecomInternet 3G+Bouygues.exe
O53 – SMSR:HKLM…startupregSetwallpaper [Key] . (…) — c:programdataSetWallpaper.cmd (.not file.)
~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.5573AA70993A2BB81525B1C704B88763] – 09/05/2013 – 09:59:07 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65336]
~ Drivers: 18 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 26/10/2013 – 19:22:44 —A- . (…) — C:UsersOliviaAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [260408]
O61 – LFC: 26/10/2013 – 19:23:46 —A- . (…) — C:UsersOliviaGMV 2MIPACardio 2013.pdf [9957047]
O61 – LFC: 26/10/2013 – 19:23:48 —A- . (…) — C:UsersOliviaGMV 2Pathologie systémiqueTP4- Bouche.docx [23713]
O61 – LFC: 26/10/2013 – 19:23:48 —A- . (…) — C:UsersOliviaGMV 2Pathologie systémiqueTP5- Estomac et intestins 1.docx [21125]
O61 – LFC: 26/10/2013 – 19:23:48 —A- . (.Pathologie Générale, TJ.) — C:UsersOliviaGMV 2Pathologie systémiqueTPTP2_Foie2(2).ppt [38372864]
O61 – LFC: 26/10/2013 – 19:23:48 —A- . (.Pathologie Générale, TJ.) — C:UsersOliviaGMV 2Pathologie systémiqueTPTP3 _VoiesBiliaires(3).ppt [35428864]
O61 – LFC: 26/10/2013 – 19:23:49 —A- . (.fmvtest.) — C:UsersOliviaGMV 2Pathologie systémiqueTPTP4_Bouche(1).ppt [65497600]
O61 – LFC: 26/10/2013 – 19:23:49 —A- . (.s033176.) — C:UsersOliviaGMV 2Pathologie systémiqueTPTP5_Estomac&Intestins(1).ppt [16388096]
O61 – LFC: 27/10/2013 – 19:23:42 —A- . (…) — C:UsersOliviaDownloadsRyanairBoardingPass.pdf [155874]
O61 – LFC: 27/10/2013 – 19:23:44 —A- . (…) — C:UsersOliviaGMV 2CliniquesBovineTest Clinique BV.docx [61904]
O61 – LFC: 28/10/2013 – 19:23:35 —A- . (.Depas Audrey (Epse Fafchamps).) — C:UsersOliviaDownloadsgmv2_q2_13-14_2013-09-26_18-10-21_587.xls [65024]
O61 – LFC: 28/10/2013 – 19:23:47 —A- . (…) — C:UsersOliviaGMV 2Pathologie systémiqueLe pancréas exocrine Sylvie.docx [24218]
O61 – LFC: 28/10/2013 – 19:23:49 —A- . (…) — C:UsersOliviaGMV 2Rollin 28-10.docx [21175]
O61 – LFC: 28/10/2013 – 19:23:52 —A- . (.Compaq.) — C:UsersOliviaGMV 2ThériogénologieR29_Insemination_2014.ppt [43229184]
O61 – LFC: 28/10/2013 – 19:23:52 —A- . (.Compaq.) — C:UsersOliviaGMV 2ThériogénologieR30_Embryons_invivo_2014.ppt [6139904]
O61 – LFC: 28/10/2013 – 19:23:52 —A- . (.Compaq.) — C:UsersOliviaGMV 2ThériogénologieR31_Embryons_invitro_2014.ppt [5692928]
O61 – LFC: 28/10/2013 – 19:23:53 —A- . (…) — C:UsersOliviaGMV 2ThériogénologieThério – IA.docx [15804]
O61 – LFC: 28/10/2013 – 19:23:53 —A- . (…) — C:UsersOliviaGMV 2ThériogénologieThério – Production d'embryons in vivo.docx [12523]
O61 – LFC: 28/10/2013 – 19:23:53 –HA- . (…) — C:UsersOliviaGMV 2Vaccino-immuno~$urs 5 immuno.docx [162]
O61 – LFC: 28/10/2013 – 19:26:34 -SHA- . (…) — C:UsersOliviaThumbs.db [307200]
O61 – LFC: 29/10/2013 – 19:22:43 —A- . (…) — C:UsersOliviaAppDataLocalavgchromeavgp [130110]
O61 – LFC: 29/10/2013 – 19:22:45 —A- . (…) — C:UsersOliviaAppDataLocalGoogleChromeUser DataLocal State [41751]
O61 – LFC: 29/10/2013 – 19:23:20 —A- . (…) — C:UsersOliviaAppDataRoamingZHPLog.txt [43538] =>.Nicolas Coolman
O61 – LFC: 29/10/2013 – 19:23:20 —A- . (…) — C:UsersOliviaAppDataRoamingZHPTestsZHPDiag.txt [2880] =>.Nicolas Coolman
O61 – LFC: 29/10/2013 – 19:23:39 —A- . (.Compaq.) — C:UsersOliviaDownloadsR19_Gestion_reproduction_2014 CH.ppt [11333120]
O61 – LFC: 29/10/2013 – 19:23:40 —A- . (.Compaq.) — C:UsersOliviaDownloadsR20_Glde_mamm_production_2014.ppt [20182528]
O61 – LFC: 29/10/2013 – 19:23:41 —A- . (.Compaq.) — C:UsersOliviaDownloadsR21_Mammites_propédeutique_symptomes_2014.ppt [26595840]
O61 – LFC: 29/10/2013 – 19:23:42 —A- . (.Compaq.) — C:UsersOliviaDownloadsR22_Mammites_ etiologie_2014.ppt [59362816]
O61 – LFC: 29/10/2013 – 19:23:42 —A- . (.Compaq.) — C:UsersOliviaDownloadsR22_Mammites_pathogenie_traitements_2014.ppt [15762944]
O61 – LFC: 29/10/2013 – 19:23:46 —A- . (…) — C:UsersOliviaGMV 2Médecine de troupeauR19_Gestion_reproduction_2014 CH.pdf [2027719]
O61 – LFC: 29/10/2013 – 19:23:46 —A- . (…) — C:UsersOliviaGMV 2Médecine de troupeauR20_Glde_mamm_production_2014.pdf [4236110]
O61 – LFC: 29/10/2013 – 19:23:46 —A- . (…) — C:UsersOliviaGMV 2Médecine de troupeauR21_Mammites_propédeutique_symptomes_2014.pdf [4271022]
O61 – LFC: 29/10/2013 – 19:23:46 —A- . (…) — C:UsersOliviaGMV 2Médecine de troupeauR22_Mammites_ etiologie_2014.pdf [13983797]
O61 – LFC: 29/10/2013 – 19:23:47 —A- . (…) — C:UsersOliviaGMV 2Médecine Oiseaux-Lapins-RongeursLapins et rongeurs de compagnie2GMV_ lapin_de_compagnie_2013_2014.pdf [12525668]
O61 – LFC: 29/10/2013 – 19:23:47 —A- . (…) — C:UsersOliviaGMV 2Médecine Oiseaux-Lapins-RongeursLapins et rongeurs de compagnie2GMV_rongeurs_2013_2014.pdf [27983959]
O61 – LFC: 29/10/2013 – 19:23:47 —A- . (…) — C:UsersOliviaGMV 2Médecine Oiseaux-Lapins-RongeursLapins et rongeurs de compagnie2GMV_urgences_Lapins_Rongeurs_2013_2014.pdf [3737543]
O61 – LFC: 29/10/2013 – 19:23:47 —A- . (…) — C:UsersOliviaGMV 2Médecine de troupeauR22_Mammites_pathogenie_traitements_2014.pdf [2580003]
O61 – LFC: 29/10/2013 – 19:23:47 —A- . (…) — C:UsersOliviaGMV 2Pathologie systémiquePatho 29-10.docx [18140]
O61 – LFC: 29/10/2013 – 19:23:49 –HA- . (…) — C:UsersOliviaGMV 2Pathologie systémique~$tho 29-10.docx [162]
O61 – LFC: 29/10/2013 – 19:23:53 —A- . (…) — C:UsersOliviaGMV 2Vaccino-immunoCours 5 immuno.docx [43803]
~ 5 Fichiers temporaires (Temporary files)
~ Files: 221 Legitimates Filtered in 03mn 51s

—\ Fichiers Alternate Data Stream (ADS) (O62)
O62 – ADS:Alternate Data Stream File – C:WindowsSystem32SpoonUninstall.exe:Zone.Identifier
~ ADS: Scanned in 00mn 03s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.90E1D86D979B92738A47D7072CB22DA8] [SPRF][07/07/2010] (…) — C:ProgramDataFullRemove.exe [131472]
[MD5.47025DD5CBA8B43E9D26C960FF5B32A7] [SPRF][19/10/2013] (…) — C:UsersOliviaAppDataLocalTempQuarantine.exe [344355]
[MD5.8C27D71B2F6719136407C525ECF18D51] [SPRF][29/10/2013] (…) — C:UsersOliviaDesktopadwcleaner.exe [1060070]
~ Files: 5 Legitimates Filtered in 00mn 00s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.04C2C633E9A11DF7371755C42E5E539B] [WIS][22/06/2013] (.Nom de votre société – Roaming Client.) — C:WindowsInstaller10c90bdf.msi [8307200]
[MD5.7AE5FF598B22E4F65558BAF73107FA7E] [WIS][14/05/2009] (.Builds the Destinations MSI – Builds the Destinations MSI.) — C:WindowsInstaller35328.msi [459264]
~ WIS: 280 Legitimates Filtered in 00mn 28s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SR – | Auto 30/11/2010 379520 | (AFBAgent) . (.ASUSTeK Computer Inc..) – C:Windowssystem32FBAgent.exe
SR – | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
SR – | Auto 24/05/2010 151552 | (Atheros Bt&Wlan Coex Agent) . (.Atheros.) – C:Program Files (x86)AtherosAth_CoexAgent.exe
SR – | Auto 26/11/2010 52896 | (AtherosSvc) . (.Atheros Commnucations.) – C:Program Files (x86)AtherosBluetooth Suiteadminservice.exe
SR – | Auto 15/12/2009 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
SR – | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
SS – | Demand 08/03/2011 114688 | (BouyguesRcAppSvc) . (.SmithMicro Inc..) – C:Program Files (x86)Bouygues TelecomInternet 3G+RcAppSvc.exe
SS – | Demand 08/03/2011 118784 | (CABouygues) . (.SmithMicro Inc..) – C:Program Files (x86)Bouygues TelecomInternet 3G+conappssvc.exe
SS – | Demand 08/03/2011 173376 | (EapSgnSvc) . (…) – C:Program Files (x86)Bouygues TelecomInternet 3G+EapSgnSvc64.exe
SR – | Auto 17/12/2007 163840 | (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) – C:ProgramDataEPSONEPW!3 SSRPE_S40STB.exe
SR – | Auto 11/01/2007 126464 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) – C:ProgramDataEPSONEPW!3 SSRPE_S40RPB.exe
SS – | Auto 09/04/2011 135664 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 09/04/2011 135664 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SR – | Demand 14/07/2009 27136 | C:Program Files (x86)HPDigital Imagingbinhpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)HPDigital Imagingbinhpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
SR – | Auto 21/12/2010 325656 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
SS – | Auto 14/07/2009 27136 | C:Windowssystem32HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
SR – | Auto 18/02/2011 993896 | (NVSvc) . (.NVIDIA Corporation.) – C:WindowsSystem32nvvsvc.exe
SR – | Auto 22/02/2011 2009704 | (nvUpdatusService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe
SS – | Auto 14/07/2009 27136 | C:Windowssystem32HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
SR – | Auto 04/07/2012 372736 | (RalinkRegistryWriter) . (.Ralink Technology, Corp..) – C:Program Files (x86)RalinkCommonRaRegistry.exe
SR – | Auto 04/07/2012 447488 | (RalinkRegistryWriter64) . (.Ralink Technology, Corp..) – C:Program Files (x86)RalinkCommonRaRegistry64.exe
SS – | Demand 06/07/2012 1863680 | (RaMediaServer) . (.Ralink.) – C:Program Files (x86)RalinkCommonRaMediaServer.exe
SR – | Auto 17/04/2010 134928 | (TurboBoost) . (.Intel(R) Corporation.) – C:Program FilesIntelTurboBoostTurboBoost.exe
SR – | Auto 21/12/2010 2656280 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
SR – | Auto 09/05/2011 27760 | (VIAKaraokeService) . (.VIA Technologies, Inc..) – C:WindowsSystem32viakaraokesrv.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 31s

—\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Olivia at 29/10/2013 19:28:09
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Olivia at 29/10/2013 19:28:11

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 12960 – (28/10/2013)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{21111111-1111-1111-1111-110011441179}] =>Adware.GamePlayLabs
[HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
[HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExtPreApproved{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider
[HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{11111111-1111-1111-1111-110011441179}] =>PUP.CrossRider
~ Additionnel Scan: 259683 Items scanned in 00mn 51s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/32979753-pup-bitguard” onclick=”window.open(this.href);return false; =>PUP.BitGuard
~ http://nicolascoolman.webs.com/apps/blog/show/26820943-adware-gameplaylabs” onclick=”window.open(this.href);return false; =>Adware.GamePlayLabs
~ http://nicolascoolman.webs.com/apps/blog/show/31536787-toolbar-bing” onclick=”window.open(this.href);return false; =>Toolbar.Bing
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider” onclick=”window.open(this.href);return false; =>PUP.CrossRider
~ MSI: 4 link(s) detected in 00mn 51s

~ 1723 Legitimates filtered by white list
End of the scan (522 lines in 08mn 01s)(0)[/spoiler:3n4gqaxu]