cathmuse
Participant
Nombre d'articles : 21

Voici le rapport : [spoiler:15krhlma]~ Rapport de ZHPDiag v2013.11.7.13 – Nicolas Coolman (07/11/2013)
~ Lancé par Cathy (07/11/2013 20:27:03)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : QRPMG
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
avast! Free Antivirus v9.0.2006
Windows Defender W8

—\ Logiciels d'optimisation du système
CCleaner v4.01 =>Piriform Ltd

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Reader XI

—\ Informations sur le système
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3786 MB (67% free)
System Restore: Activé (Enable)
System drive C: has 119 GB (28%) free of 419 GB

—\ Mode de connexion au système
~ Computer Name: CATHMUSE
~ User Name: Cathy
~ All Users Names: HomeGroupUser$, Cathy, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d'environnement
~ System Unit : C:
~ %AppZHP% : C:UsersCathyAppDataRoamingZHP
~ %AppData% : C:UsersCathyAppDataRoaming
~ %Desktop% : C:UsersCathyDesktop
~ %Favorites% : C:UsersCathyFavorites
~ %LocalAppData% : C:UsersCathyAppDataLocal
~ %StartMenu% : C:UsersCathyAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 119 Go of 419 Go)
E: Floppy drive, Flash card reader, USB Key (Free 4 Go of 7 Go)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall] LastSuccessTime : Out Of Date
~ Security Center: 41 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] – (.Microsoft Corporation – Explorateur Windows.) (.01/06/2013 – 12:34:21.) — C:WindowsExplorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] – (.Microsoft Corporation – Application de démarrage de Windows.) (.26/07/2012 – 04:08:50.) — C:WindowsSystem32Wininit.exe [132608]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.22/09/2013 – 23:55:10.) — C:WindowsSystem32wininet.dll [2241024]
[MD5.BCF2036A0DD579E47C008C133550283E] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.11/10/2012 – 06:46:58.) — C:WindowsSystem32Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] – (.Microsoft Corporation – Bibliothèque de licences.) (.26/07/2012 – 04:07:20.) — C:WindowsSystem32sppcomapi.dll [273408]
[MD5.36D6A3201721558A8AFBCC09C2DA4C2C] – (.Microsoft Corporation – Pilote de fonction connexe pour WinSock.) (.06/11/2012 – 04:53:44.) — C:Windowssystem32DriversAFD.sys [560640]
[MD5.A721FF570C2387E383BDDEA9632863C9] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.26/07/2012 – 06:00:48.) — C:Windowssystem32Driversatapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] – (.Microsoft Corporation – CD-ROM File System Driver.) (.26/07/2012 – 03:30:10.) — C:Windowssystem32DriversCdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.26/07/2012 – 03:26:36.) — C:Windowssystem32DriversCdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.26/07/2012 – 03:26:53.) — C:Windowssystem32DriversDfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/09/2012 – 07:08:44.) — C:Windowssystem32DriversHDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] – (.Microsoft Corporation – Pilote de port i8042.) (.26/07/2012 – 03:28:51.) — C:Windowssystem32Driversi8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] – (.Microsoft Corporation – IP Network Address Translator.) (.26/07/2012 – 03:23:01.) — C:Windowssystem32DriversIpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] – (.Microsoft Corporation – Minirdr SMB Windows NT.) (.05/02/2013 – 23:29:09.) — C:Windowssystem32DriversMRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] – (.Microsoft Corporation – MBT Transport driver.) (.26/07/2012 – 03:24:28.) — C:Windowssystem32DriversnetBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.02/02/2013 – 11:54:54.) — C:Windowssystem32Driversntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] – (.Microsoft Corporation – Pilote de port parallèle.) (.26/07/2012 – 03:29:53.) — C:Windowssystem32DriversParport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.26/07/2012 – 03:23:17.) — C:Windowssystem32DriversRasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] – (.Microsoft Corporation – Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 – 03:25:18.) — C:Windowssystem32Driversrdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] – (.Microsoft Corporation – TDI Translation Driver.) (.26/07/2012 – 06:26:47.) — C:Windowssystem32Driverstdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.01/06/2013 – 12:26:33.) — C:Windowssystem32Driversvolsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/456
~ Mes musiques (My Musics) : 1/3
~ Mes Videos (My Videos) : 2/95
~ Mes Favoris (My Favorites) : 1/13
~ Mes Documents (My Documents) : 1/165
~ Mon Bureau (My Desktop) : 2/268
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 01s

—\ Processus lancés
[MD5.1B38F4C2BCDB133B757E22BEB61FB3FC] – (.Dritek System Inc. – Launch Manager.) — C:Program Files (x86)Launch ManagerLManager.exe [1176176] [PID.1276]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] – (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [39408] [PID.2336] =>Toolbar.Google
[MD5.0049D80BAB72557E9DD09C223FD71E58] – (…) — C:Program Files (x86)SpotifyDataSpotifyWebHelper.exe [1193176] [PID.2512]
[MD5.704A01D402F0275877E7FA1BB151D997] – (.NTI Corporation – Acer Backup Manager.) — C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe [533056] [PID.2692]
[MD5.A12BAE32D24CB4960266DC8FFC45DE7E] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastavastUi.exe [3568312] [PID.1996]
[MD5.E4F6125ED5185F8FA37CC4F449B85526] – (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet ExplorerIEXPLORE.exe [770608] [PID.2252]
[MD5.E85D5AABE354C66EED43FC4495AB543A] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8186368] [PID.4752]
~ Processes Running: Scanned in 00mn 02s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: Google Toolbar [64Bits] – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: Acer Backup Manager.lnk . (.NTI Corporation – Acer Backup Manager.) — C:Program Files (x86)NTIAcer Backup ManagerBackupManager.exe
O4 – GSDesktop [Public]: Acheter en ligne.lnk . (…) — C:Program Files (x86)Accessory StoreStartUrl.exe (.not file.)
O4 – GSDesktop [Public]: Help and Support.lnk – Clé orpheline
O4 – GSProgram [Public]: Desktop.lnk – Clé orpheline
O4 – GSQuickLaunch [Cathy]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSTaskBar [Cathy]: AcerCloud Docs.lnk . (…) — C:Program Files (x86)AcerAcerCloud DocsAcerCloud Docs.exe
O4 – GSTaskBar [Cathy]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSProgram [Cathy]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSDesktop [Cathy]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation – OpenOffice 4.0.1.) — C:Program Files (x86)OpenOffice 4programsoffice.exe
O4 – GSDesktop [Cathy]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
O4 – GSDesktop [Cathy]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
O4 – GSDesktop [Cathy]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:UsersCathyAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
~ Global Startup: 50 Legitimates Filtered in 00mn 01s

—\ Applications lancées au démarrage du sytème (O4)
O4 – HKLM..Run: [RTHDVCPL] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [ETDCtrl] C:Program Files (x86)ElantechETDCtrl.exe (.not file.)
O4 – HKLM..Run: [AmIcoSinglun64] . (.Alcor Micro Corp. – Single LUN Icon Utility for VID 058F PID 63.) — C:Program Files (x86)AmIcoSingLunAmIcoSinglun64.exe
O4 – HKCU..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
O4 – HKCU..Run: [Spotify Web Helper] . (…) — C:Program Files (x86)SpotifyDataSpotifyWebHelper.exe
O4 – HKLM..Wow6432NodeRun: [BakupManagerTray] . (.NTI Corporation – Acer Backup Manager.) — C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe
O4 – HKLM..Wow6432NodeRun: [LManager] Clé orpheline
O4 – HKLM..Wow6432NodeRun: [Norton Online Backup] . (.Symantec Corporation – Norton Online Backup Service.) — C:Program Files (x86)SymantecNorton Online BackupNOBuClient.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
O4 – HKUSS-1-5-18..RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation – Installateur Windows®.) — C:WindowsSystem32msiexec.exe
O4 – HKUSS-1-5-19..RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation – Installateur Windows®.) — C:WindowsSystem32msiexec.exe
O4 – HKUSS-1-5-20..RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation – Installateur Windows®.) — C:WindowsSystem32msiexec.exe
O4 – HKUSS-1-5-21-2184142341-1401073927-1793244442-1001..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
O4 – HKUSS-1-5-21-2184142341-1401073927-1793244442-1001..Run: [Spotify Web Helper] . (…) — C:Program Files (x86)SpotifyDataSpotifyWebHelper.exe
~ Application: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{12A2E1CE-1714-40ED-AEEB-3028519CF2E6}: DhcpNameServer = 30.30.1.1 30.30.1.2
O17 – HKLMSystemCCSServicesTcpip..{8C97D46D-40F3-45AF-BE53-C76678490E7D}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 – HKLMSystemCCSServicesTcpip..{12A2E1CE-1714-40ED-AEEB-3028519CF2E6}: DhcpDomain = F2-NB4-WDS.COM
O17 – HKLMSystemCS1ServicesTcpip..{12A2E1CE-1714-40ED-AEEB-3028519CF2E6}: DhcpNameServer = 30.30.1.1 30.30.1.2
O17 – HKLMSystemCS1ServicesTcpip..{8C97D46D-40F3-45AF-BE53-C76678490E7D}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 – HKLMSystemCS1ServicesTcpip..{12A2E1CE-1714-40ED-AEEB-3028519CF2E6}: DhcpDomain = F2-NB4-WDS.COM
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 89.2.0.1 89.2.0.2
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: vbscript [64Bits] – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:WindowsSystem32mshtml.dll =>.Microsoft Corporation
O18 – Filter: application/x-msdownload [64Bits] – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: Elan Service (ETDService) . (.ELAN Microelectronics Corp. – Elan Service.) – C:Program FilesElantechETDService.exe
O23 – Service: Skype Updater (SkypeUpdate) . (.Skype Technologies – Skype Updater Service.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
~ Services: 11 Legitimates Filtered in 01mn 00s

—\ Tâches planifiées en automatique (O39)
[MD5.65611587D8245CE8DB9E306D239EE22F] [APT] [EPUpdater] (…) — C:UsersCathyAppDataRoamingBabSolutionSharedBabMaint.exe [9808] =>Hijacker.BabSolution
~ Scheduled Task: 12 Legitimates Filtered in 00mn 08s

—\ HKCU & HKLM Software Keys
[HKLMSoftwareWow6432NodeBabylon] =>Toolbar.Babylon
~ Key Software: 164 Legitimates Filtered in 00mn 01s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 30/04/2013 – 20:29:28 – [0] —-D C:ProgramDataBabylon =>Toolbar.Babylon
O43 – CFD: 07/09/2012 – 01:50:44 – [0,040] —-D C:ProgramDataboost_interprocess
O43 – CFD: 30/04/2013 – 20:29:59 – [1,063] —-D C:UsersCathyAppDataRoamingBabSolution =>Hijacker.BabSolution
O43 – CFD: 30/04/2013 – 20:29:25 – [0,005] —-D C:UsersCathyAppDataRoamingBabylon =>Toolbar.Babylon
O43 – CFD: 22/04/2013 – 11:54:18 – [0,478] —-D C:UsersCathyAppDataRoaminglm
O43 – CFD: 30/04/2013 – 20:29:41 – [2,730] —-D C:UsersCathyAppDataLocalBabylon =>Toolbar.Babylon
~ Program Folder: 130 Legitimates Filtered in 00mn 14s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.8BD0DA0CB4604C5FAF8C4359A96A110C] – 07/11/2013 – 16:18:02


. (…) — C:UsbFix [Scan 1] CATHMUSE.txt [8520]
O44 – LFC:[MD5.147C468822F08496BDBD4A0E4BA92DEF] – 07/11/2013 – 16:32:46


. (…) — C:UsbFix [Clean 2] CATHMUSE.txt [9626]
O44 – LFC:[MD5.5C75BFE43EA3EE5459CEFA814FA2F525] – 07/11/2013 – 16:37:34


. (…) — C:UsbFix [Scan 2] CATHMUSE.txt [5889]
O44 – LFC:[MD5.24F02E2FA52D76FF8F530CE1CFAD6A54] – 07/11/2013 – 16:40:49 —A- . (…) — C:UsbFix [Clean 3] CATHMUSE.txt [7113]
~ Files: 26 Legitimates Filtered in 00mn 40s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.34725286A9EC67039F02B5664138DA7E] – 04/11/2013 – 20:42:20 —A- – C:WindowsPrefetchARA.EXE-49583B18.pf
O45 – LFCP:[MD5.EF138BCE35F4EE2D5A101ABFE96E0C43] – 05/11/2013 – 19:45:22 —A- – C:WindowsPrefetchUTTCA26.TMP.EXE-E23A1880.pf
O45 – LFCP:[MD5.66CDF7807A203D36EE5DBBA09A8DD867] – 05/11/2013 – 19:45:24 —A- – C:WindowsPrefetchNSZE506.EXE-7B69B8CF.pf
O45 – LFCP:[MD5.E7E0B5FCC88CC41A1EF79EC9B2329999] – 05/11/2013 – 22:52:06 —A- – C:WindowsPrefetchdynreservedpri.db
O45 – LFCP:[MD5.D89DF18DD75D367573B0EB817988BFA3] – 07/11/2013 – 16:38:36 —A- – C:WindowsPrefetchGO.EXE-34414F70.pf
O45 – LFCP:[MD5.A970F011011872259156CF5EA7224742] – 07/11/2013 – 18:09:51 —A- – C:WindowsPrefetchINSTUP.EXE-2113325D.pf
O45 – LFCP:[MD5.AD926E031DD1A36951315A39C60B396B] – 11/10/2013 – 22:44:09 —A- – C:WindowsPrefetchACERCLOUD DOCS.EXE-BD9B7EA4.pf
O45 – LFCP:[MD5.2DCF7623394F2546C30D051981F831F4] – 15/10/2013 – 10:32:24 —A- – C:WindowsPrefetchDEVICEFASTLANEUI.EXE-DEE455D5.pf
O45 – LFCP:[MD5.DCB83FE7446192ED9BD1B6508C1EAD11] – 23/10/2013 – 13:40:53 —A- – C:WindowsPrefetchXPSRCHVW.EXE-5C2D99EB.pf
O45 – LFCP:[MD5.6B10A4172E459F5453E697CF9339D220] – 28/10/2013 – 10:42:53 —A- – C:WindowsPrefetchSPOTIFY.EXE-C7B8724F.pf
O45 – LFCP:[MD5.BCEA6EB035E4B6B397CAEFB0349D54E3] – 28/10/2013 – 15:18:17 —A- – C:WindowsPrefetchTAPTILES.EXE-B5DAB90C.pf
~ Prefetcher: 109 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] – 07/11/2013 – 18:10:39 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776]
~ Drivers: 17 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 04/11/2013 – 20:30:05 —A- . (…) — C:UsersCathyDownloadsPRINCIPES CONSTITUTIONNELS ET ASSURANCES DE DOMMAGES.docx [20591]
O61 – LFC: 05/11/2013 – 20:30:05 —A- . (…) — C:UsersCathyDownloadsDrop.Dead.Diva.S05E01.720p.HDTV.x264-EVOLVE-[PublicHD].torrent [6305]
O61 – LFC: 05/11/2013 – 20:30:05 —A- . (…) — C:UsersCathyDownloadsDrop.Dead.Diva.S05E02.720p.HDTV.x264-IMMERSE-[PublicHD].torrent [6947]
O61 – LFC: 05/11/2013 – 20:30:05 —A- . (…) — C:UsersCathyDownloadsDrop.Dead.Diva.S05E02.720p.HDTV.x264-IMMERSE.mkv [1273028431]
O61 – LFC: 05/11/2013 – 20:30:05 —A- . (…) — C:UsersCathyDownloadsDrop.Dead.Diva.S05E03.720p.HDTV.x264-EVOLVE-[PublicHD] (1).torrent [6685]
O61 – LFC: 05/11/2013 – 20:30:05 —A- . (…) — C:UsersCathyDownloadsDrop.Dead.Diva.S05E03.720p.HDTV.x264-EVOLVE.mkv [1218524402]
O61 – LFC: 05/11/2013 – 20:30:05 R–A- . (…) — C:UsersCathyDownloadsDrop.Dead.Diva.S05E01.720p.HDTV.x264-EVOLVE.mkv [1138052687]
O61 – LFC: 06/11/2013 – 20:30:03 —A- . (…) — C:UsersCathyDocumentsCVLM Stage.odt [20303]
O61 – LFC: 06/11/2013 – 20:30:04 —A- . (…) — C:UsersCathyDocumentsMaster 2 Droit des assurancesStageEntreprises.odt [13196]
O61 – LFC: 06/11/2013 – 20:30:04 —A- . (…) — C:UsersCathyDocumentsMaster 2 Droit des assurancesStageTableau des stages.ods [14805]
O61 – LFC: 07/11/2013 – 20:30:02 —A- . (…) — C:UsersCathyAppDataRoamingZHPLog.txt [16798] =>.Nicolas Coolman
O61 – LFC: 07/11/2013 – 20:30:02 —A- . (…) — C:UsersCathyAppDataRoamingZHPTestsZHPDiag.txt [2846] =>.Nicolas Coolman
~ Files: 165 Legitimates Filtered in 00mn 38s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” /S
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:UsersCathyDocumentsVieIncomingNERO 9 + KEY-KEYGEN-SERIAL-MULTILINGUAGE-ENG-SPA-GER-FRA-ITA ( SOFTWARE, APPLICATION, APP, 2008-2009 LICENSE, FULL EDITION).rar
C:UsersCathyDocumentsVieIncomingNERO 9 + KEY-KEYGEN-SERIAL-MULTILINGUAGE-ENG-SPA-GER-FRA-ITA ( SOFTWARE, APPLICATION, APP, 2008-2009 LICENSE, FULL EDITION).rar
~ Files: Scanned in 02mn 18s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 18/12/2012 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SR – | Auto 30/04/2013 239616 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
SR – | Auto 07/11/2013 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
SR – | Auto 27/07/2012 2415760 | (CCDMonitorService) . (.Acer Incorporated.) – C:Program Files (x86)AcerAcer CloudCCDMonitorService.exe
SS – | Demand 31/07/2012 466064 | (DeviceFastLaneService) . (.Acer Incorporated.) – C:Program FilesAcerAcer Device Fast-laneDeviceFastLaneSvc.exe
SR – | Auto 21/08/2012 348784 | (DsiWMIService) . (.Dritek System Inc..) – C:Program Files (x86)Launch Managerdsiwmis.exe
SS – | Demand 12/07/2012 174160 | (EgisTec Ticket Service) . (.Egis Technology Inc..) – C:Program Files (x86)Common FilesEgisTecServicesEgisTicketService.exe
SR – | Demand 31/07/2012 659600 | (ePowerSvc) . (.Acer Incorporated.) – C:Program FilesAcerAcer Power ManagementePowerSvc.exe
SR – | Auto 30/04/2013 92560 | (ETDService) . (.ELAN Microelectronics Corp..) – C:Program FilesElantechETDService.exe
SR – | Auto 12/10/2013 240736 | (GamesAppIntegrationService) . (.WildTangent.) – C:Program Files (x86)WildTangent GamesAppGamesAppIntegrationService.exe
SS – | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) – C:Program Files (x86)WildTangent GamesAppGamesAppService.exe
SS – | Auto 06/05/2013 136176 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 06/05/2013 136176 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 06/05/2013 194032 | (gusvc) . (.Google.) – C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
SR – | Auto 11/07/2012 3939008 | (NOBU) . (.Symantec Corporation.) – C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe
SS – | Demand 31/07/2012 259136 | (NTI IScheduleSvc) . (.NTI Corporation.) – C:Program Files (x86)NTIAcer Backup ManagerIScheduleSvc.exe
SR – | Auto 07/09/2012 93296 | (RfButtonDriverService) . (.Dritek System INC..) – C:WindowsRfBtnSvc64.exe
SS – | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
SS – | Demand 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SS – | Demand 20/09/2012 29696 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 12s

—\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Cathy at 07/11/2013 20:32:55
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Cathy at 07/11/2013 20:32:58

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 12993 – (07/11/2013)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 6
Fichiers trouvés (Files found) : 3

[HKLMSoftwareClassesAppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLMSoftwareWow6432NodeClassesAppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch
[HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:swg =>Toolbar.Google^
C:ProgramDataBabylon =>Toolbar.Babylon^
C:UsersCathyAppDataRoamingBabSolution =>Hijacker.BabSolution^
C:UsersCathyAppDataRoamingBabylon =>Toolbar.Babylon^
C:UsersCathyAppDataLocalBabylon =>Toolbar.Babylon^
C:Program Files (x86)Software =>Adware.Boxore
C:UsersCathyAppDataLocalSoftware =>Adware.Boxore
C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google^
C:UsersCathyAppDataRoamingBabSolutionSharedBabMaint.exe =>Hijacker.BabSolution^
[HKLMSoftwareWow6432NodeBabylon] =>Toolbar.Babylon^
~ Additionnel Scan: 168051 Items scanned in 00mn 52s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google” onclick=”window.open(this.href);return false; =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution” onclick=”window.open(this.href);return false; =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore” onclick=”window.open(this.href);return false; =>Adware.Boxore
~ MSI: 5 link(s) detected in 00mn 52s

~ 1115 Legitimates filtered by white list
End of the scan (418 lines in 06mn 48s)(2)[/spoiler:15krhlma]

Une autre manipulation à faire ?
Merci