Répondre à : soucis sur usb virus 2016-09-08T13:15:48+00:00
pouille
Post count: 0

~ Rapport de ZHPDiag v2013.11.9.20 – Nicolas Coolman (09/11/2013)
~ Lancé par poe (10/11/2013 22:24:24)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721
GCIE: Google Chrome v30.0.1599.101 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 0
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
Avira Free Antivirus v12.1.9.2500
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

—\ Logiciels d’optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader X MUI
Java 7 Update 7

—\ Informations sur le système
~ Processor: x86 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3578 MB (55% free)
System Restore: Activé (Enable)
System drive C: has 326 GB (73%) free of 445 GB

—\ Mode de connexion au système
~ Computer Name: POUPOUILLE
~ User Name: poe
~ All Users Names: poe, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UserspoeAppDataRoamingZHP
~ %AppData% : C:UserspoeAppDataRoaming
~ %Desktop% : C:UserspoeDesktop
~ %Favorites% : C:UserspoeFavorites
~ %LocalAppData% : C:UserspoeAppDataLocal
~ %StartMenu% : C:UserspoeAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 326 Go of 445 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 17 Go)
E: Hard drive, Flash drive, Thumb drive (Free 1 Go of 4 Go)
F: Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

—\ Etat du Centre de Sécurité Windows
~ Security Center: 45 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] – (.Microsoft Corporation – Explorateur Windows.) (.12/08/2011 – 09:40:47.) — C:WindowsExplorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:14:45.) — C:WindowsSystem32Wininit.exe [96256]
[MD5.E4FEB264B47360B7296AEA4E052F88D8] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.23/09/2013 – 00:28:06.) — C:WindowsSystem32wininet.dll [1767936]
[MD5.6D13E1406F50C66E2A95D97F22C47560] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 22:29:06.) — C:WindowsSystem32Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 22:29:24.) — C:WindowsSystem32sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.14/09/2013 – 01:48:58.) — C:Windowssystem32DriversAFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:26:15.) — C:Windowssystem32Driversatapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:11:15.) — C:Windowssystem32DriversCdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 22:29:03.) — C:Windowssystem32DriversCdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 22:29:07.) — C:Windowssystem32DriversDfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 22:29:03.) — C:Windowssystem32DriversHDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:11:24.) — C:Windowssystem32Driversi8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 00:54:29.) — C:Windowssystem32DriversIpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.12/08/2011 – 09:44:16.) — C:Windowssystem32DriversMRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 22:29:08.) — C:Windowssystem32DriversnetBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 14:45:29.) — C:Windowssystem32Driversntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 00:45:35.) — C:Windowssystem32DriversParport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/07/2009 – 00:54:34.) — C:Windowssystem32DriversRasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 00:53:41.) — C:Windowssystem32Driverssmb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 22:29:07.) — C:Windowssystem32Driverstdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 22:29:03.) — C:Windowssystem32Driversvolsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/9868
~ Mes musiques (My Musics) : 1/1918
~ Mes Videos (My Videos) : 1/289
~ Mes Favoris (My Favorites) : 1/51
~ Mes Documents (My Documents) : 1/437
~ Mon Bureau (My Desktop) : 1/15
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 14s

—\ Processus lancés
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] – (.CyberLink – YouCam Mirage.) — C:Program FilesCyberLinkYouCamYCMMirage.exe [136488] [PID.3148]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] – (…) — ystem32rundll32.exe [0] [PID.3852]
[MD5.D21D0FFF8D2BAE2822F860BCDECED294] – (.Synaptics Incorporated – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe [2333968] [PID.1352]
[MD5.DE0045B88E2A0E53457FC3D033F73D91] – (.IDT, Inc. – IDT PC Audio.) — C:Program FilesIDTWDMsttray.exe [1138780] [PID.1284]
[MD5.E58BA6B9B0829F08E279088087AE48B6] – (.Hewlett-Packard Company – HP QuickWeb Utilities.) — C:Program FilesHewlett-PackardHP QuickWebhpqwutils.exe [169528] [PID.1752]
[MD5.8B4CFEE322B7F3C92342BB6C8E10209D] – (.Pas de propriétaire – HP Taskbar Process HP.) — C:Program FilesHewlett-PackardHP LaunchBoxHPTaskBar1.exe [99896] [PID.1472]
[MD5.573FB8BBAD721AEBD7D7C457E52B25B4] – (.Hewlett-Packard Development Company, L.P. – HP Taskbar Process TP.) — C:Program FilesHewlett-PackardHP LaunchBoxHPTaskBar2.exe [702008] [PID.684]
[MD5.BAD6BEA0DE1F69C82BDB74378CE0C20A] – (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [932288] [PID.1940]
[MD5.FE31F1C15D1AFF7A9557BD33406CC4D1] – (.Hewlett-Packard Development Company, L.P. – HP CoolSense.) — C:Program FilesHewlett-PackardHP CoolSenseCoolSense.exe [1342008] [PID.3092]
[MD5.9F0BE235A0136EA9E94CF9BD037C30EC] – (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program FilesAviraAntiVir Desktopavgnt.exe [348664] [PID.3652]
[MD5.12916E0642E92561C98B18A2A2D01B14] – (.Sun Microsystems, Inc. – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe [252848] [PID.2564]
[MD5.E4401CF27225C1D6E664E86195978562] – (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe [152544] [PID.3572]
[MD5.8192B2E274607D1D530F5C191698C544] – (.Hewlett-Packard Development Company, L.P. – HP Message Service.) — C:Program FilesHewlett-PackardHP Quick LaunchHPMSGSVC.exe [578944] [PID.300]
[MD5.8A3B69683E63808719D24E1C68C21CC7] – (.Hewlett-Packard Development Company, L.P. – HP On Screen Display.) — C:Program FilesHewlett-PackardHP On Screen DisplayHPOSD.exe [379960] [PID.372]
[MD5.6411B4ECFFFD47D6872506CF8E2258C6] – (…) — C:UserspoeAppDataRoamingSpotifyDataSpotifyWebHelper.exe [1193176] [PID.708]
[MD5.F7128E5772F9312F0D111A5FA5D41773] – (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe [20684656] [PID.4568]
[MD5.7E68EC81576FCE3582A566B87E41B926] – (.Broadcom Corporation. – Bluetooth Tray Application.) — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe [1008928] [PID.4632]
[MD5.A6B0C674D7ED96EB7C783E8CE2D7CA79] – (.Synaptics Incorporated – Synaptics Pointing Device Helper.) — C:PROGRAM FILESSYNAPTICSSYNTPSYNTPHELPER.exe [109840] [PID.4672]
[MD5.7C3B185D1B2C5B9050AA4F522ACA946E] – (.Broadcom Corporation. – Bluetooth Stack COM Server.) — C:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe [3544352] [PID.5716]
[MD5.C861851A0BBD9903E324487011AA3705] – (.Advanced Micro Devices Inc. – Catalyst Control Center: Monitoring program.) — C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe [299008] [PID.5756]
[MD5.D28C5A1411BB0B47E05E0D6AAF896690] – (.ATI Technologies Inc. – Catalyst Control Center: Host application.) — C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe [299008] [PID.5996]
[MD5.075657021D14F61B6B1C57D621A99A86] – (.Broadcom Corporation. – Bluetooth Headset Helper.) — C:Program FilesWIDCOMMBluetooth SoftwareBluetooth Headset Helper.exe [148768] [PID.4212]
[MD5.2E0B0A051FFAA86E358465BB0880D453] – (.Microsoft Corporation – Windows Update.) — C:Windowssystem32wuauclt.exe [53784] [PID.3072]
[MD5.3E399A1328181C2A352472369DE2A93A] – (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe [844752] [PID.1696]
[MD5.0C3C47124215C5E566F92C3F2E31D86A] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8192512] [PID.5220]
~ Processes Running: Scanned in 00mn 02s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UserspoeAppDataLocalGoogleChromeUser DataDefaultPreferences
~ Google Browser: 13 Legitimates Filtered in 00mn 45s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 – FPN: [HKLM] [@WildTangent.com/GamesAppPresenceDetector,Version=1.0] – (…) — C:Program FilesWildTangent GamesAppBrowserIntegrationRegisteredNP_wtapp.dll
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R3 – URLSearchHook: UrlSearchHook Class – {00000000-6E41-4FD3-8538-502F5495E5FC} . (…) (No version) — (.not file.)
R3 – URLSearchHook: Microsoft Url Search Hook – {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (…) (No version) — (.not file.)
~ IE Browser: 11 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32Userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: Bing Bar – [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. – Extensions du client Bing.) — C:Program FilesMicrosoftBingBar7.2.241.0BingExt.dll =>Toolbar.Bing
O3 – Toolbar: Google Toolbar – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
O3 – ToolbarWebBrowser: (no name) – [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: Découvrez HP webOS.lnk . (…) — C:Program FilesHewlett-PackardSharedWizLink.exe
O4 – GSDesktop [Public]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O4 – GSDesktop [Public]: HP Support Assistant.lnk . (.Hewlett-Packard Company – HP Support Assistant.) — C:Program FilesHewlett-PackardHP Support FrameworkHPSF.exe =>.Hewlett-Packard Co
O4 – GSDesktop [Public]: Magic Desktop.lnk . (.EasyBits Software AS – EasyBits Security Shield.) — C:Program FilesEasyBits For KidsezSecShield.exe =>.EasyBits Software AS
O4 – GSQuickLaunch [poe]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [poe]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSTaskBar [poe]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O4 – GSTaskBar [poe]: HP Recommended.LNK . (…) — C:Program FilesHewlett-PackardHP LaunchBoxHPTaskBar1.exe
O4 – GSTaskBar [poe]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSProgram [poe]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSSystemTools [poe]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSSendTo [poe]: Evernote.lnk . (.Evernote Corp., 333 W Evelyn Ave. Mountain – Evernote.) — C:Program FilesEvernoteEvernoteEvernote.exe
O4 – GSDesktop [poe]: FoxTab Video Converter.lnk . (…) — C:Program FilesFoxTabVideoConverterVideoConverter.exe
O4 – GSDesktop [poe]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
O4 – GSDesktop [poe]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
O4 – GSDesktop [poe]: VirtualDJ Home FREE.lnk . (.Atomix Productions – VirtualDJ.) — C:Program FilesVirtualDJvirtualdj_home.exe
~ Global Startup: 78 Legitimates Filtered in 00mn 03s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Public]: Bluetooth.lnk . (.Broadcom Corporation. – Bluetooth Tray Application.) — C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
O4 – HKLM..Run: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
O4 – HKLM..Run: [SynTPEnh] . (.Synaptics Incorporated – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 – HKLM..Run: [SysTrayApp] . (.IDT, Inc. – IDT PC Audio.) — C:Program FilesIDTWDMsttray.exe
O4 – HKLM..Run: [HPQuickWebProxy] . (.Hewlett-Packard Company – HP QuickWeb Utilities.) — C:Program FilesHewlett-PackardHP QuickWebhpqwutils.exe
O4 – HKLM..Run: [SetDefault] . (.Hewlett-Packard Development Company, L.P. – SetDefault.) — C:Program FilesHewlett-PackardHP LaunchBoxSetDefault.exe
O4 – HKLM..Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program FilesAdobeReader 10.0ReaderReader_sl.exe
O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Run: [HP CoolSense] . (.Hewlett-Packard Development Company, L.P. – HP CoolSense.) — C:Program FilesHewlett-PackardHP CoolSenseCoolSense.exe
O4 – HKLM..Run: [Easybits Recovery] . (.EasyBits Software AS – Pas de description.) — C:Program FilesEasyBits For KidsezRecover.exe =>.EasyBits Software AS
O4 – HKLM..Run: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Run: [avgnt] . (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program FilesAviraAntiVir Desktopavgnt.exe
O4 – HKLM..Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Run: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe
O4 – HKLM..Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. – HP Message Service.) — C:Program FilesHewlett-PackardHP Quick LaunchHPMSGSVC.exe
O4 – HKLM..Run: [HPOSD] . (.Hewlett-Packard Development Company, L.P. – HP On Screen Display.) — C:Program FilesHewlett-PackardHP On Screen DisplayHPOSD.exe
O4 – HKLM..RunOnce: [NCPluginUpdater] . (.Hewlett-Packard – NCPluginUpdater.) — C:Program FilesHewlett-PackardHP Health CheckActiveCheckproduct_lineNCPluginUpdater.exe
O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKCU..Run: [Spotify] . (.Spotify Ltd – Spotify.) — C:UserspoeAppDataRoamingSpotifySpotify.exe
O4 – HKCU..Run: [Spotify Web Helper] . (…) — C:UserspoeAppDataRoamingSpotifyDataSpotifyWebHelper.exe
O4 – HKCU..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe =>.Skype Technologies S.A.
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-1393359087-3183399950-3005852446-1001..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-1393359087-3183399950-3005852446-1001..Run: [Spotify] . (.Spotify Ltd – Spotify.) — C:UserspoeAppDataRoamingSpotifySpotify.exe
O4 – HKUSS-1-5-21-1393359087-3183399950-3005852446-1001..Run: [Spotify Web Helper] . (…) — C:UserspoeAppDataRoamingSpotifyDataSpotifyWebHelper.exe
O4 – HKUSS-1-5-21-1393359087-3183399950-3005852446-1001..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program FilesSkypePhoneSkype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: @C:Program FilesWindows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation – Windows Live Writer Blog This Extension.) — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 – Extra button: @C:Program FilesHewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll,-102 – {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (…) — C:Program FilesHewlett-PackardHP Support FrameworkResourcesHPNetworkCheckResourcesIconsHP.ico
O9 – Extra button: Skype Click to Call – {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (…) — C:Program FilesSkypeToolbarsInternet Explorericon.ico
O9 – Extra button: @C:Program FilesEvernoteEvernoteResource.dll,-101 – {A95fe080-8f5d-11d2-a20b-00aa003c157a} . (.Evernote Corp., 333 W Evelyn Ave. Mountain – Evernote Clipper for Microsoft Internet Explorer.) — C:Program FilesEvernoteEvernoteEvernoteIE.dll
O9 – Extra button: @C:Program FilesWIDCOMMBluetooth Softwarebtrez.dll,-12650 – {CCA281CA-C863-46ef-9331-5C8D4460577F} . (…) — C:Program FilesWIDCOMMBluetooth Softwarebt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{68650587-910E-4190-9BDD-6AECDA0E17FC}: DhcpNameServer = 138.48.208.2
O17 – HKLMSystemCCSServicesTcpip..{85D9DB7C-7559-4D8E-84D3-6B80688A0595}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpip..{68650587-910E-4190-9BDD-6AECDA0E17FC}: DhcpDomain = student.fundp.ac.be
O17 – HKLMSystemCS1ServicesTcpip..{68650587-910E-4190-9BDD-6AECDA0E17FC}: DhcpNameServer = 138.48.208.2
O17 – HKLMSystemCS1ServicesTcpip..{85D9DB7C-7559-4D8E-84D3-6B80688A0595}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{68650587-910E-4190-9BDD-6AECDA0E17FC}: DhcpDomain = student.fundp.ac.be
O17 – HKLMSystemCS2ServicesTcpip..{68650587-910E-4190-9BDD-6AECDA0E17FC}: DhcpNameServer = 138.48.208.2
O17 – HKLMSystemCS2ServicesTcpip..{85D9DB7C-7559-4D8E-84D3-6B80688A0595}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{68650587-910E-4190-9BDD-6AECDA0E17FC}: DhcpDomain = student.fundp.ac.be
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation – Windows Live Album Download Protocol Handle.) — C:Program FilesWindows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
O18 – Filter: application/x-msdownload – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Logiciels installés (O42)
O42 – Logiciel: FoxTab Video Converter – (…) [HKCU] — FoxTab Video Converter
~ Logic: 126 Legitimates Filtered in 00mn 01s

—\ HKCU & HKLM Software Keys
[HKCUSoftwareAPN]
[HKLMSoftwareAPN]
~ Key Software: 158 Legitimates Filtered in 00mn 01s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 31/12/2011 – 13:40:51 – [13,520] —-D C:Program FilesFoxTabVideoConverter
O43 – CFD: 14/02/2012 – 23:13:57 – [0,001] —-D C:UserspoeAppDataRoamingMicrosoftWindowsStart MenuProgramsFoxTab Video Converter
~ Program Folder: 153 Legitimates Filtered in 00mn 33s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.F88D69527CB329AC2A1941C1E6B6A626] – 07/11/2013 – 23:35:18


. (…) — C:UsbFix [Scan 2] POUPOUILLE.txt [13929]
O44 – LFC:[MD5.C046FC55E2B18B513F50998897981F4E] – 07/11/2013 – 23:37:05


. (…) — C:UsbFix [Scan 1] POUPOUILLE.txt [13811]
O44 – LFC:[MD5.26B0F12F9A4C267AF5B2DA35F87A6EFA] – 09/11/2013 – 20:01:05 —A- . (…) — C:WindowsSystem32DOErrors.log [52]
O44 – LFC:[MD5.EAAC4A4F7498325B34235E1576430316] – 09/11/2013 – 22:41:36


. (…) — C:UsbFix [Scan 3] POUPOUILLE.txt [15397]
O44 – LFC:[MD5.E0AA645DFADA753D5267697CCDD5C886] – 09/11/2013 – 23:17:13 —A- . (…) — C:UsbFix [Clean 4] POUPOUILLE.txt [16083]
~ Files: 17 Legitimates Filtered in 00mn 55s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.0B40957E0286C6FB1ACCBD0287F889AF] – 10/11/2013 – 00:53:45 —A- – C:WindowsPrefetchNORTON_REMOVAL_TOOL (1).EXE-8B9DF994.pf
O45 – LFCP:[MD5.E96F92BCEE37A3F9B66987241E3F164C] – 10/11/2013 – 00:53:46 —A- – C:WindowsPrefetchSYMNRT.EXE-52D68DCF.pf
O45 – LFCP:[MD5.A641678E1938C27A43CD349C0022731A] – 10/11/2013 – 01:02:15 —A- – C:WindowsPrefetchJRT.EXE-A0DC17C0.pf
O45 – LFCP:[MD5.FFE835DA2846ECFF2161B765C23A1CBD] – 10/11/2013 – 01:11:55 —A- – C:WindowsPrefetchJRT (1).EXE-EC8FBFA2.pf
O45 – LFCP:[MD5.ADF5ACEB5B4E8876C804DC95BED9EE51] – 10/11/2013 – 01:12:12 —A- – C:WindowsPrefetchWGET.DAT-4FB983FF.pf
O45 – LFCP:[MD5.45A05BFF7D672F00904F714B98CF8456] – 10/11/2013 – 01:18:34 —A- – C:WindowsPrefetchSORT.EXE-99A4F778.pf
O45 – LFCP:[MD5.3F8932DDD136F1963C2484CE27866C86] – 10/11/2013 – 01:18:35 —A- – C:WindowsPrefetchFC.EXE-6D8DB995.pf
O45 – LFCP:[MD5.94E45E08771A3DF300A0E8B7A0B660FB] – 10/11/2013 – 01:18:56 —A- – C:WindowsPrefetchCUT.DAT-34B67AD8.pf
O45 – LFCP:[MD5.C7AE3A16FCA5A81A53911510CB0BB1D9] – 10/11/2013 – 01:19:21 —A- – C:WindowsPrefetchFIND.EXE-E2237F6D.pf
O45 – LFCP:[MD5.FB5EDC8C7C9CA8DB43EDAD8F80C7F613] – 10/11/2013 – 01:19:23 —A- – C:WindowsPrefetchSHORTCUT.DAT-7E8115C0.pf
O45 – LFCP:[MD5.C279F7621FCDBFFD8268B5E85A58D9DB] – 10/11/2013 – 01:19:40 —A- – C:WindowsPrefetchNIRCMD.DAT-37941EB5.pf
O45 – LFCP:[MD5.DE5AF1882FE2341E4504DC59AA2C2EA6] – 10/11/2013 – 18:05:49 —A- – C:WindowsPrefetchMIGRATIONASSISTANT.EXE-FAC78240.pf
O45 – LFCP:[MD5.A4F295B7E26ECDFF59D16E1D62C67FAD] – 10/11/2013 – 20:49:26 —A- – C:WindowsPrefetchHPOSD.EXE-0410A787.pf
O45 – LFCP:[MD5.C5B4ACB8F345CAEDEED8EF9C6AE01540] – 10/11/2013 – 20:49:31 —A- – C:WindowsPrefetchSPOTIFY.EXE-E148E7F5.pf
~ Prefetcher: 112 Legitimates Filtered in 00mn 00s

—\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 – SEH:ShellExecuteHooks – EasyBits Security Shield Hook – prevents launching insecure programs by kids – {E54729E8-BB3D-4270-9D49-7389EA579090} – C:Windowssystem32EZUPBH~1.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.D5541F0AFB767E85FC412FC609D96A74] – 18/08/2012 – 13:32:55 —A- . (.Avira GmbH – Avira Minifilter Driver.) — C:WindowsSystem32Driversavgntflt.sys [83392]
O58 – SDL:[MD5.8AAD333C876590293F72B315E162BCC7] – 13/07/2009 – 22:40:41 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
~ Drivers: 18 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 07/11/2013 – 22:27:49 —A- . (…) — C:UserspoeAppDataLocalGDIPFONTCACHEV1.DAT [58784]
O61 – LFC: 07/11/2013 – 22:32:21 —A- . (…) — C:UserspoeDocumentsUsbFix [Scan 1] POUPOUILLE.txt [13811]
O61 – LFC: 07/11/2013 – 22:32:21 —A- . (…) — C:UserspoeDocumentsUsbFix [Scan 2] POUPOUILLEa.txt [13929]
O61 – LFC: 07/11/2013 – 22:32:21 —A- . (…) — C:UserspoeDocumentsUsbFix [Scan 2] POUPOUILLEb.txt [27860]
O61 – LFC: 07/11/2013 – 22:32:36 —A- . (…) — C:UserspoeDownloadsTEST DE NOVEMBRE.docx [18224]
O61 – LFC: 09/11/2013 – 22:32:12 —A- . (…) — C:UserspoeAppDataRoamingZHPZHPADSReport.txt [351] =>.Nicolas Coolman
O61 – LFC: 09/11/2013 – 22:32:12 —A- . (…) — C:UserspoeAppDataRoamingZHPZHPDiag.txt [56014] =>.Nicolas Coolman
O61 – LFC: 09/11/2013 – 22:32:19 —A- . (…) — C:UserspoeDocumentsFLASH DRIVESNouveau document RTF.rtf [7]
O61 – LFC: 09/11/2013 – 22:32:19 —A- . (…) — C:UserspoeDocumentsFLASH DRIVESZHPDiag.txt [56014] =>.Nicolas Coolman
O61 – LFC: 09/11/2013 – 22:32:19 —A- . (…) — C:UserspoeDocumentsFLASH DRIVESZHPDiag2.txt [56014] =>.Nicolas Coolman
O61 – LFC: 09/11/2013 – 22:32:21 —A- . (…) — C:UserspoeDocumentsTest chimie novembre 2013.docx [75392]
O61 – LFC: 09/11/2013 – 22:32:26 —A- . (.leyens.) — C:UserspoeDownloadsB141_ch2_1314.doc [71168]
O61 – LFC: 10/11/2013 – 22:28:00 —A- . (…) — C:UserspoeAppDataLocalGoogleChromeUser DataLocal State [46516]
O61 – LFC: 10/11/2013 – 22:32:12 —A- . (…) — C:UserspoeAppDataRoamingZHPLog.txt [47184] =>.Nicolas Coolman
O61 – LFC: 10/11/2013 – 22:32:12 —A- . (…) — C:UserspoeAppDataRoamingZHPTestsZHPDiag.txt [2766] =>.Nicolas Coolman
O61 – LFC: 10/11/2013 – 22:32:19 —A- . (…) — C:UserspoeDocumentsFLASH DRIVESJRT.txt [7292]
O61 – LFC: 10/11/2013 – 22:32:25 —A- . (…) — C:UserspoeDocumentsZHPDiag3.rtf [61371] =>.Nicolas Coolman
O61 – LFC: 10/11/2013 – 22:32:34 —A- . (…) — C:UserspoeDownloadsNorton_Removal_Tool (1).exe [870728]
O61 – LFC: 10/11/2013 – 22:32:34 —A- . (…) — C:UserspoeDownloadsNorton_Removal_Tool.exe [870728]
~ 4 Fichiers temporaires (Temporary files)
~ Files: 135 Legitimates Filtered in 09mn 31s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net” onclick=”window.open(this.href);return false;.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” /S
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} – (eBay) – http://rover.ebay.com” onclick=”window.open(this.href);return false; =>Toolbar.eBay
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][03/11/2013] (…) — C:UserspoeAppDataLocalTempQuarantine.exe [350259]
[MD5.CC145E67B909BB879D38292352A90822] [SPRF][25/04/2012] (.CCCP Project – Playback Pack Installer.) — C:UserspoeDesktopCombined-Community-Codec-Pack-2011-11-11.exe [9889896]
~ Files: 3 Legitimates Filtered in 00mn 02s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “{6A095F4F-F361-40F2-838A-A0E03833ADC6}” |In – Public – P6 – TRUE | .(…) — C:UserspoeAppDataLocalTemp7zS7AE9.tmpSymNRT.exe (.not file.)
O87 – FAEL: “{D2E1C381-9585-44A2-AF42-80AFB1D8DFFB}” |In – Public – P17 – TRUE | .(…) — C:UserspoeAppDataLocalTemp7zS7AE9.tmpSymNRT.exe (.not file.)
~ Firewall: 208 Legitimates Filtered in 00mn 04s

—\ Enumère les codes produits des logiciels (PUC) (O90)
O90 – PUC: “3E9A223DB85706D47A4C568CF83D870D” . (.Bing Bar.) — C:WindowsInstaller{D322A9E3-758B-4D60-A7C4-65C88FD378D0}icon_installer_ico =>Toolbar.Bing
~ Update Products: 127 Legitimates Filtered in 00mn 00s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.22C9E7805145D0A0C4C62DDB591D2DAE] [WIS][27/06/2012] (.Babylon Ltd – BabylonObjectInstaller.) — C:WindowsInstaller1c3eac.msi [353280] =>Toolbar.Babylon
~ WIS: 131 Legitimates Filtered in 00mn 30s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 03/03/2009 81920 | (AESTFilters) . (.Andrea Electronics Corporation.) – C:Program FilesIDTWDMaestsrv.exe
SR – | Auto 29/06/2011 176128 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
SR – | Auto 18/08/2012 86224 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopsched.exe
SR – | Auto 18/08/2012 110032 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopavguard.exe
SR – | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) – C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
SS – | Auto 23/07/2013 193696 | (BBSvc) . (.Microsoft Corporation..) – C:Program FilesMicrosoftBingBar7.2.241.0BBSvc.exe
SR – | Demand 23/07/2013 240288 | (BBUpdate) . (.Microsoft Corporation..) – C:Program FilesMicrosoftBingBar7.2.241.0SeaPort.exe
SR – | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SR – | Auto 14/07/2011 742688 | (btwdins) . (.Broadcom Corporation..) – C:Program FilesWIDCOMMBluetooth Softwarebtwdins.exe
SR – | Auto 23/04/2010 514232 | (ezSharedSvc) . (.EasyBits Software AS.) – C:WindowsSystem32ezSharedSvcHost.exe =>.EasyBits Software AS
SS – | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) – C:Program FilesWildTangent GamesAppGamesAppService.exe
SS – | Auto 18/08/2012 136176 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 18/08/2012 136176 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 04/09/2012 194032 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
SR – | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) – C:Program FilesHewlett-PackardHP Support Frameworkhpsa_service.exe =>.Hewlett-Packard Co
SR – | Auto 11/10/2010 246840 | (HPClientSvc) . (.Hewlett-Packard Company.) – C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe
SR – | Auto 10/08/2012 197536 | (HPDrvMntSvc.exe) . (.Hewlett-Packard Company.) – C:Program FilesHewlett-PackardSharedHPDrvMntSvc.exe
SR – | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) – C:Program FilesHewlett-PackardSharedhpqWmiEx.exe
SR – | Auto 27/05/2011 26168 | (hpsrv) . (.Hewlett-Packard Company.) – C:WindowsSystem32Hpservice.exe
SR – | Auto 05/03/2012 35200 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) – C:Program FilesHewlett-PackardHP Quick LaunchHPWMISVC.exe
SR – | Demand 12/12/2012 553440 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SR – | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) – C:ProgramDataSkypeToolbarsSkype C2C Servicec2c_service.exe
SS – | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) – C:Program FilesSkypeUpdaterUpdater.exe
SR – | Auto 01/07/2011 282706 | (STacSV) . (.IDT, Inc..) – C:Program FilesIDTWDMSTacSV.exe
SR – | Auto 14/07/2009 20992 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 14/07/2009 20992 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 35s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
~ MBR: 1 Legitimates Filtered in 00mn 02s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by poe at 10/11/2013 22:39:34

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s

—\ Scan Additionnel (O88)
Database Version : 12993 – (09/11/2013)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKLMSoftwareClassesCLSID{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
[HKLMSoftwareClassesCLSID{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLMSoftwareMicrosoftInternet Explorerextensions{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCUSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKCUSoftwareAPN] =>Toolbar.Ask
[HKLMSoftwareAPN] =>Toolbar.Ask
[HKLMSoftwareMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
[HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{8dcb7100-df86-4384-8842-8fa844297b3f} =>Toolbar.Bing^
[HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} =>Adware.ShopperReports
C:WindowsInstaller1c3eac.msi =>Toolbar.Babylon^
~ Additionnel Scan: 280373 Items scanned in 01mn 13s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/31536787-toolbar-bing” onclick=”window.open(this.href);return false; =>Toolbar.Bing
~ http://nicolascoolman.webs.com/apps/blog/show/32384220-toolbar-google” onclick=”window.open(this.href);return false; =>Toolbar.Google
~ http://nicolascoolman.webs.com/apps/blog/show/34702976-toolbar-ebay” onclick=”window.open(this.href);return false; =>Toolbar.eBay
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/30898245-toolbar-skype” onclick=”window.open(this.href);return false; =>Toolbar.Skype
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask” onclick=”window.open(this.href);return false; =>Toolbar.Ask
~ MSI: 6 link(s) detected in 01mn 13s

~ 1307 Legitimates filtered by white list
End of the scan (519 lines in 16mn 26s)(0)