Répondre à : Clé USB infecté 2016-09-08T13:16:10+00:00
Photo du profil de LawLaw
Participant
Post count: 7

[spoiler:1my2zuol]~ Rapport de ZHPDiag v2013.11.10.24 – Nicolas Coolman (10/11/2013)
~ Lancé par Sophiane (10/11/2013 17:54:19)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721
GCIE: Google Chrome v30.0.1599.101 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 3Q6C9
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
avast! Free Antivirus v8.0.1483.0
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

—\ Logiciels d'optimisation du système
CCleaner v4.07 =>Piriform Ltd

—\ Logiciels de partage PeerToPeer
Vuze v5.1.0.0 =>P2P.Azureus

—\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 45

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3893 MB (54% free)
System Restore: Activé (Enable)
System drive C: has 520 GB (76%) free of 684 GB

—\ Mode de connexion au système
~ Computer Name: SOPHIANE-HP
~ User Name: Sophiane
~ All Users Names: UpdatusUser, Sophiane, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d'environnement
~ System Unit : C:
~ %AppZHP% : C:UsersSophianeAppDataRoamingZHP
~ %AppData% : C:UsersSophianeAppDataRoaming
~ %Desktop% : C:UsersSophianeDesktop
~ %Favorites% : C:UsersSophianeFavorites
~ %LocalAppData% : C:UsersSophianeAppDataLocal
~ %StartMenu% : C:UsersSophianeAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 520 Go of 684 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Free 30 Go of 30 Go)
G: CD-ROM drive (Free 0 Go of 1 Go)
H: Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.22/09/2013 – 23:55:10.) — C:WindowsSystem32wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.21/11/2010 – 04:24:29.) — C:WindowsSystem32Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/11/2010 – 04:24:16.) — C:WindowsSystem32sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.14/09/2013 – 02:10:19.) — C:Windowssystem32DriversAFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.21/11/2010 – 04:23:51.) — C:Windowssystem32DriversnetBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/11/2010 – 04:24:33.) — C:Windowssystem32DriversRasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32Driverstdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32Driversvolsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/2224
~ Mes musiques (My Musics) : 1/145
~ Mes Videos (My Videos) : 2/70
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 2/21571
~ Mon Bureau (My Desktop) : 1/11
~ Menu demarrer (Programs) : 1/36
~ Hidden Files: Scanned in 00mn 14s

—\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe [532040] [PID.2584]
[MD5.B7F55E2AE978D3D34F7876EE5D689AAE] – (.CyberLink – YouCam Mirage.) — C:Program Files (x86)CyberLinkYouCamYCMMirage.exe [136488] [PID.3768]
[MD5.4091C21689BF8044979AEDFBE8966F9E] – (.LogMeIn Inc. – Hamachi Client Application.) — C:Program Files (x86)LogMeIn Hamachihamachi-2-ui.exe [2349392] [PID.3676]
[MD5.7FCF3650242F8F8C1EE2E7E98CBD88BB] – (.NVIDIA Corporation – NVIDIA NvTmru Application.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Update CoreNvTmru.exe [1028384] [PID.4276]
[MD5.7D677B93A0CFA26C8A4029ABA71C2EA6] – (.Skype Technologies S.A. – Skype.) — C:Program Files (x86)SkypePhoneSkype.exe [20472992] [PID.4852]
[MD5.23C2FCAA50C4F80F7D1B8A0771D45328] – (.Apple Inc. – iCloud.) — C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe [59720] [PID.4928]
[MD5.41D1214B86A06FD29423A797EBDA17E4] – (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe [283160] [PID.2072]
[MD5.D59ABED205F424BD4C52419479930BE9] – (.Hewlett-Packard Development Company, L.P. – HP Message Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe [586296] [PID.4132]
[MD5.148C545849C1379A3D4448F5DE768E86] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [4767304] [PID.5020]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.4680]
[MD5.7613D16AF3AE9DC337B071F994D6C53D] – (.Geek Software GmbH – PDF24 Creator.) — C:Program Files (x86)PDF24pdf24.exe [185896] [PID.4688]
[MD5.E6E8DE4DF98FAD01BCF3770433F3E37B] – (.CHENGDU YIWO Tech Development Co., Ltd – EaseUS Partition Master Free Edition Applic.) — C:Program Files (x86)EaseUSEaseUS Partition Master 9.2.2binEpmNews.exe [2081792] [PID.5576]
[MD5.D8465C1AE6CE673E60045E16CFBC6E64] – (.Motorola Solutions, Inc. – Bluetooth Media Player Controller.) — C:Program FilesMotorolaBluetoothbtplayerctrl.exe [1503824] [PID.5984]
[MD5.65936C60384BED1DE30881DCA03F3DAC] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8201216] [PID.3228]
[MD5.41735B82DB57E4EBE9504EC400FD120E] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [45248] [PID.1520]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.2028]
[MD5.30E3850F303EAE5C364782EA78579CC9] – (.Apple Inc. – MobileDeviceService.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [55624] [PID.832]
[MD5.CA793DCC1D5F619021EF1D37CC7A831E] – (.EasyBits Software AS – Shared EasyBits services for Windows.) — C:WindowsSysWOW64ezSharedSvcHost.exe [514232] [PID.2208]
[MD5.F630DD7564EBB7248A13B1CC774D9EA6] – (.Hewlett-Packard Development Company, L.P. – HP Quick Launch WMI Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [26680] [PID.2344]
[MD5.0405F4BCD1C7A7B309F620FE0B5DE5E6] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [268824] [PID.2504]
[MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [418376] [PID.2528]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [701512] [PID.2548]
[MD5.10DEF604B1929D9515969E1CAE7D250A] – (.NVIDIA Corporation – NVIDIA Settings Update Manager.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe [1914656] [PID.3008]
[MD5.7B1637E5E0476CE22E8D76AC1203205E] – (.Hewlett-Packard Company – hpqwmiex Module.) — C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe [799800] [PID.5524]
[MD5.6F895CA96552069B3D3EF5B4F6E90D3E] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2320920] [PID.4240]
[MD5.983FC69644DDF0486C8DFEA262948D1A] – (.Intel Corporation – IAStorDataSvc.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe [13336] [PID.1112]
[MD5.E040F0064D39F73BB4995D494F3DCBB8] – (.Hewlett-Packard Development Company L.P. – HP Connection Manager Service.) — C:Program Files (x86)Hewlett-PackardHP Connection ManagerhpCMSrv.exe [1071160] [PID.1236]
~ Processes Running: Scanned in 00mn 02s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersSophianeAppDataLocalGoogleChromeUser DataDefaultPreferences
G2 – GCE: Preference [User DataDefault] [aelbknmfcacjffmgnoaaonhgoghlmlkp] HP Product Detection Plugin v.2.0.5.6 (Activé)
G2 – GCE: Preference [User DataDefault] [jkpadlfbbnobnjaeodjfnkogiigdmgff] Mac OS theme v.2.1 (Activé)
G2 – GCE: Preference [User DataDefault] [mjcnijlhddpbdemagnpefmlkjdagkogk] Pocket v.0.600 (Activé)
G2 – GCE: Preference [User DataDefault] [ndibdjnfmopecpmkdieinmbadjfpblof] AVG SafeGuard v.17.0.0.12 (Désactivé)
G2 – GCE: Preference [User DataDefault] [pnafpgbiiobelphegdbieldnmojicndb] Cracking Sands Racing v.1.0.1 (Activé)
~ Google Browser: 25 Legitimates Filtered in 02mn 50s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: GeForce Experience.lnk . (.NVIDIA – NVIDIA GeForce Experience.) — C:Program Files (x86)NVIDIA CorporationNVIDIA GeForce ExperienceGFExperience.exe
O4 – GSDesktop [Public]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSDesktop [Public]: iFunbox.lnk . (.i-Funbox.com – File & App Manager for iPhone/iPad.) — C:Program Files (x86)i-Funbox DevTeamiFunBox.exe
O4 – GSDesktop [Public]: ManiaPlanet.lnk . (…) — C:Program Files (x86)ManiaPlanetManiaPlanetLauncher.exe
O4 – GSDesktop [Public]: Oracle VM VirtualBox.lnk . (…) — C:Program Files (x86)OracleVirtualBoxVirtualBox.exe (.not file.)
O4 – GSDesktop [Public]: PDF24 Creator.lnk . (.Geek Software GmbH – PDF24 Creator.) — C:Program Files (x86)PDF24pdf24-Creator.exe
O4 – GSDesktop [Public]: Vegas Pro 12.0 (64-bit).lnk . (…) — C:Program Files (x86)SonyVegas Pro 12.0vegas120.exe (.not file.)
O4 – GSDesktop [Public]: Vuze.lnk . (…) — C:Program Files (x86)VuzeAzureus.exe (.not file.) =>P2P.Azureus
O4 – GSProgram [Public]: Vuze.lnk . (…) — C:Program Files (x86)VuzeAzureus.exe (.not file.) =>P2P.Azureus
O4 – GSQuickLaunch [Sophiane]: CodeBlocks.lnk . (…) — C:Program Files (x86)CodeBlockscodeblocks.exe
O4 – GSQuickLaunch [Sophiane]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [Sophiane]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSQuickLaunch [Sophiane]: Oracle VM VirtualBox.lnk . (…) — C:Program Files (x86)OracleVirtualBoxVirtualBox.exe (.not file.)
O4 – GSQuickLaunch [Sophiane]: Vuze.lnk . (…) — C:Program Files (x86)VuzeAzureus.exe (.not file.) =>P2P.Azureus
O4 – GSTaskBar [Sophiane]: Azureus.lnk . (…) — C:Program Files (x86)VuzeAzureus.exe (.not file.) =>P2P.Azureus
O4 – GSTaskBar [Sophiane]: hpDST.lnk . (.Hewlett-Packard Company – Setup Manager.) — C:Program Files (x86)Hewlett-PackardSetup ManagerhpDST.exe
O4 – GSTaskBar [Sophiane]: Lanceur d'applications Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSProgram [Sophiane]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSSystemTools [Sophiane]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSDesktop [Sophiane]: Auslogics DiskDefrag.lnk . (.Auslogics – Disk Defrag.) — C:Program Files (x86)AuslogicsDiskDefragDiskDefrag.exe
O4 – GSDesktop [Sophiane]: CodeBlocks.lnk . (…) — C:Program Files (x86)CodeBlockscodeblocks.exe
O4 – GSDesktop [Sophiane]: Ordinateur.lnk – Clé orpheline
O4 – GSDesktop [Sophiane]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
O4 – GSDesktop [Sophiane]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
~ Global Startup: 90 Legitimates Filtered in 00mn 02s

—\ Applications lancées au démarrage du sytème (O4)
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:Windowssystem32igfxpers.exe
O4 – HKLM..Run: [SynTPEnh] C:Program Files (x86)SynapticsSynTPSynTPEnh.exe (.not file.)
O4 – HKLM..Run: [BTMTrayAgent] . (.Motorola Solutions, Inc. – Bluetooth Shell Extension.) — C:Program FilesMotorolaBluetoothbtmshell.dll
O4 – HKLM..Run: [SysTrayApp] . (.IDT, Inc. – IDT PC Audio.) — C:Program FilesIDTWDMsttray64.exe
O4 – HKLM..Run: [Nvtmru] . (.NVIDIA Corporation – NVIDIA NvTmru Application.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Update Corenvtmru.exe
O4 – HKLM..Run: [ShadowPlay] . (.NVIDIA Corporation – NVIDIA Capture Server Proxy.) — C:Windowssystem32nvspcap64.dll
O4 – HKCU..Run: [Skype] . (.Skype Technologies S.A. – Skype.) — C:Program Files (x86)SkypePhoneSkype.exe =>.Skype Technologies S.A.
O4 – HKCU..Run: [iCloudServices] . (.Apple Inc. – iCloud.) — C:Program Files (x86)Common FilesAppleInternet ServicesiCloudServices.exe
O4 – HKCU..Run: [DAEMON Tools Lite] . (.Disc Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKLM..Wow6432NodeRun: [IAStorIcon] . (.Intel Corporation – IAStorIcon.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe
O4 – HKLM..Wow6432NodeRun: [IMSS] . (.Pas de propriétaire – PIconStartup application.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsIMSSPIconStartup.exe
O4 – HKLM..Wow6432NodeRun: [HPConnectionManager] . (.Hewlett-Packard Development Company L.P. – HPCMDelayStart Application.) — C:Program Files (x86)Hewlett-PackardHP Connection ManagerHPCMDelayStart.exe
O4 – HKLM..Wow6432NodeRun: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. – HP Message Service.) — C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe
O4 – HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [avast] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastavastUI.exe
O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Wow6432NodeRun: [BCSSync] . (.Microsoft Corporation – Microsoft Office 2010 component.) — C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe =>.Microsoft Corporation
O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Wow6432NodeRun: [PDFPrint] . (.Geek Software GmbH – PDF24 Creator.) — C:Program Files (x86)PDF24pdf24.exe
O4 – HKLM..Wow6432NodeRun: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. – Hamachi Client Application.) — C:Program Files (x86)LogMeIn Hamachihamachi-2-ui.exe
O4 – HKLM..Wow6432NodeRun: [EaseUS EPM tray] . (.CHENGDU YIWO Tech Development Co., Ltd – EaseUS Partition Master Free Edition Applic.) — C:Program Files (x86)EaseUSEaseUS Partition Master 9.2.2binEpmNews.exe
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-3231291721-3476658805-130605364-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-3231291721-3476658805-130605364-1000..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 – Extra button: Se&nd to OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:Program Files (x86)MICROS~2Office14ONBttnIE.dll (.not file.)
O9 – Extra button: Notes &liées OneNote [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} — C:Program Files (x86)MICROS~2Office14ONBTTN~1.dll (.not file.)
O9 – Extra button: @C:Program FilesMotorolaBluetoothResourcesfra.dll,-247 [64Bits] – {bd707fe6-39f6-4bda-9265-86a76719bdc5} . (…) — C:Program FilesMotorolaBluetoothbluetooth.ico
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{1D81DC3F-C037-4183-9277-79D60127584D}: DhcpNameServer = 172.20.2.10 172.20.2.39
O17 – HKLMSystemCCSServicesTcpip..{E2758768-5BC3-42AB-859F-589CD5FE5F3D}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 – HKLMSystemCS1ServicesTcpip..{1D81DC3F-C037-4183-9277-79D60127584D}: DhcpNameServer = 172.20.2.10 172.20.2.39
O17 – HKLMSystemCS1ServicesTcpip..{E2758768-5BC3-42AB-859F-589CD5FE5F3D}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 – HKLMSystemCS2ServicesTcpip..{1D81DC3F-C037-4183-9277-79D60127584D}: DhcpNameServer = 172.20.2.10 172.20.2.39
O17 – HKLMSystemCS2ServicesTcpip..{E2758768-5BC3-42AB-859F-589CD5FE5F3D}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 89.2.0.1 89.2.0.2
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: vbscript [64Bits] – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:WindowsSystem32mshtml.dll =>.Microsoft Corporation
O18 – Filter: text/xml [64Bits] – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – AppInit_DLLs: . (.NVIDIA Corporation – NVIDIA shim initialization dll, Version 331.) – C:Windowssystem32nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: KMService (KMService) . (…) – C:WindowsSysWOW64srvany.exe =>Hijacker.Office
O23 – Service: Intel(R) Management & Security Applicati (UNS) . (.Intel Corporation – User Notification Service.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
~ Services: 22 Legitimates Filtered in 00mn 23s

—\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{0D51A400-CB91-4723-940D-222D42CE9960}] (…) — F:OpenOfficePortableOpenOfficeWriterPortable.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{DAC42B8C-C6E9-464D-B8A1-1685394C029C}] (…) — C:UsersSophianeDownloadsVirtualBox-4.2.18-88781-Win.exe (.not file.) [0]
~ Scheduled Task: 20 Legitimates Filtered in 00mn 09s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 10/11/2013 – 14:28:11 – [27,641] -SH-D C:ProgramData{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
~ Program Folder: 190 Legitimates Filtered in 00mn 28s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.24C3E9182AEFFE63000E8807B071CADD] – 02/11/2013 – 17:34:09 —A- . (…) — C:WindowsSysNativeCNC1746D.TBL [12800]
O44 – LFC:[MD5.24C3E9182AEFFE63000E8807B071CADD] – 02/11/2013 – 17:34:09 —A- . (…) — C:WindowsSystem32CNC1746D.TBL [12800]
O44 – LFC:[MD5.991C04A31777ED77CB92A4F96F14C2E2] – 10/11/2013 – 14:28:05 —A- . (…) — C:WindowsSysNativeEuGdiDrv.sys [9800]
O44 – LFC:[MD5.6106653B08F4F72EEAA7F099E7C408A4] – 10/11/2013 – 14:28:05 —A- . (…) — C:WindowsSysNativeepmntdrv.sys [17480]
O44 – LFC:[MD5.65355919686BE70BE3B5781CBC0999CF] – 10/11/2013 – 14:28:05 —A- . (…) — C:WindowsSysNativesetupempdrvx64.exe [100936]
O44 – LFC:[MD5.991C04A31777ED77CB92A4F96F14C2E2] – 10/11/2013 – 14:28:05 —A- . (…) — C:WindowsSystem32EuGdiDrv.sys [9800]
O44 – LFC:[MD5.6106653B08F4F72EEAA7F099E7C408A4] – 10/11/2013 – 14:28:05 —A- . (…) — C:WindowsSystem32epmntdrv.sys [17480]
O44 – LFC:[MD5.65355919686BE70BE3B5781CBC0999CF] – 10/11/2013 – 14:28:05 —A- . (…) — C:WindowsSystem32setupempdrvx64.exe [100936]
O44 – LFC:[MD5.105542E1CC839C25496ADB62ADF4F73E] – 10/11/2013 – 14:28:06 —A- . (…) — C:WindowsSysNativeBootMan.exe [3381832]
O44 – LFC:[MD5.105542E1CC839C25496ADB62ADF4F73E] – 10/11/2013 – 14:28:06 —A- . (…) — C:WindowsSystem32BootMan.exe [3381832]
O44 – LFC:[MD5.C773F06312FA82C7517D0F9101CFC4CF] – 10/11/2013 – 14:28:07 —A- . (…) — C:WindowsSysNativeEuEpmGdi.dll [16256]
O44 – LFC:[MD5.C773F06312FA82C7517D0F9101CFC4CF] – 10/11/2013 – 14:28:07 —A- . (…) — C:WindowsSystem32EuEpmGdi.dll [16256]
O44 – LFC:[MD5.1F0341E4D6F35B7FF75E832696D7CFFE] – 10/11/2013 – 15:13:57


. (…) — C:UsbFix [Scan 1] SOPHIANE-HP.txt [11381]
O44 – LFC:[MD5.941E72713021B80B4D24DD4C0C35C419] – 10/11/2013 – 15:46:26 —A- . (…) — C:UsbFix [Clean 1] SOPHIANE-HP.txt [11954]
O44 – LFC:[MD5.6C92DFB23D88A88C54A09B107208CF38] – 10/11/2013 – 17:17:39 —A- . (…) — C:rapport.txt [246]
~ Files: 77 Legitimates Filtered in 00mn 24s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.09C02DF02E7520D02BE0C9382F0476C0] – 10/11/2013 – 16:06:39 —A- – C:WindowsPrefetchYCMMIRAGE.EXE-5E0FEA70.pf
O45 – LFCP:[MD5.771330D8DC64CC56C55F92D0DC8A3F42] – 10/11/2013 – 16:07:12 —A- – C:WindowsPrefetchNVTMRU.EXE-231A7003.pf
O45 – LFCP:[MD5.777753656E4E09B4DA1A3712F2A58458] – 10/11/2013 – 16:07:34 —A- – C:WindowsPrefetchPDF24.EXE-9588DE99.pf
O45 – LFCP:[MD5.440F4B664E346FB21C47EADEAA12F90A] – 10/11/2013 – 16:07:40 —A- – C:WindowsPrefetchEPMNEWS.EXE-EA4082C0.pf
O45 – LFCP:[MD5.882AC99C3B8F187E2CCDC7B2559E3D6D] – 10/11/2013 – 17:16:53 —A- – C:WindowsPrefetchSHORTCUT_MODULE.EXE-437092D4.pf
O45 – LFCP:[MD5.243FDFE44C148D2C697C9746192FBCC7] – 10/11/2013 – 17:50:48 —A- – C:WindowsPrefetchPROCESSMANAGER64.EXE-03FFDA29.pf
~ Prefetcher: 130 Legitimates Filtered in 00mn 01s

—\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 – MPSK:{d8866192-38cc-11e3-846a-2c27d7ec61c0}AutoRuncommand. (…) — G:Setup.exe
~ Keys: Scanned in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.DE6759B8D8E62BF0FFF2B05F05AFCEE6] – 06/03/2013 – 23:33:21 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65336]
O58 – SDL:[MD5.6106653B08F4F72EEAA7F099E7C408A4] – 07/03/2013 – 09:49:18 —A- . (…) — C:WindowsSystem32epmntdrv.sys [17480]
O58 – SDL:[MD5.F17F09BA097D8EC3CE2084FA97886B85] – 07/03/2013 – 09:49:20 —A- . (…) — C:WindowsSysWOW64epmntdrv.sys [13896]
~ Drivers: 16 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E01_VOSTFR_720p_AC3.mp4 [288288326]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E02_VOSTFR_720p_AC3.mp4 [297957200]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E03_VOSTFR_720p_AC3.mp4 [297543041]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E04_VOSTFR_720p_AC3.mp4 [297005355]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E05_VOSTFR_720p_AC3_8bits.mp4 [300760669]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E06_VOSTFR_720p_8bits.mp4 [281187704]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E07_VOSTFR_720p_8bits.mp4 [283497185]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E08_VOSTFR_720p_8bits.mp4 [269523519]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E09_VOSTFR_720p_8bits.mp4 [218611927]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E10_VOSTFR_720p_8bits.mp4 [259672905]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E11_VOSTFR_720p_8bits.mp4 [259649752]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E12_VOSTFR_720p_8bits.mp4 [259659750]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E13_VOSTFR_720p_8bits.mp4 [259733884]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E14_VOSTFR_720p_8bits.mp4 [267642588]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E15_VOSTFR_720p_8bits.mp4 [266934571]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E16_VOSTFR_720p_8bits.mp4 [272475369]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E17_VOSTFR_720p_8bits.mp4 [272602999]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E18_VOSTFR_720p_8bits.mp4 [261179047]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E19_VOSTFR_720p_8bits.mp4 [260458070]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E20_VOSTFR_720p_8bits.mp4 [260397108]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E21_VOSTFR_720p_8bits.mp4 [255500583]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E22_VOSTFR_720p_8bits.mp4 [260145626]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E23_VOSTFR_720p_8bits.mp4 [260241818]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E24_VOSTFR_720p_8bits.mp4 [260367616]
O61 – LFC: 09/11/2013 – 18:03:42 —A- . (…) — C:UsersSophianeVideosBakuman Saison 3[NeoNoFansub]Bakuman_S03E25_VOSTFR_720p_8bits.mp4 [260335557]
O61 – LFC: 09/11/2013 – 18:03:42 -SHA- . (…) — C:UsersSophianeVideosBakuman Saison 2Thumbs.db [22016]
O61 – LFC: 09/11/2013 – 18:03:42 -SHA- . (…) — C:UsersSophianeVideosBakuman Saison 3Thumbs.db [28672]
O61 – LFC: 09/11/2013 – 18:03:42 -SHA- . (…) — C:UsersSophianeVideosThumbs.db [20992]
O61 – LFC: 10/11/2013 – 17:59:22 —A- . (…) — C:UsersSophianeAppDataLocalGoogleChromeUser Datachrome_shutdown_ms.txt [4]
O61 – LFC: 10/11/2013 – 17:59:43 —A- . (…) — C:UsersSophianeAppDataLocalGoogleChromeUser DataLocal State [48473]
O61 – LFC: 10/11/2013 – 18:01:17 —A- . (…) — C:UsersSophianeAppDataRoamingZHPLog.txt [38391] =>.Nicolas Coolman
O61 – LFC: 10/11/2013 – 18:01:17 —A- . (…) — C:UsersSophianeAppDataRoamingZHPTestsZHPDiag.txt [2939] =>.Nicolas Coolman
O61 – LFC: 10/11/2013 – 18:01:17 —A- . (…) — C:UsersSophianeAppDataRoamingZHPZHPADSReport.txt [351] =>.Nicolas Coolman
O61 – LFC: 10/11/2013 – 18:01:17 —A- . (…) — C:UsersSophianeAppDataRoamingZHPZHPDiag.txt [64315] =>.Nicolas Coolman
O61 – LFC: 10/11/2013 – 18:01:27 -SHA- . (…) — C:UsersSophianeDocumentsThumbs.db [8192]
O61 – LFC: 10/11/2013 – 18:03:16 —A- . (…) — C:UsersSophianeDownloadsadwcleaner.exe [1073262]
O61 – LFC: 10/11/2013 – 18:03:17 —A- . (…) — C:UsersSophianeDownloadsShortcut_Module.exe [488305]
O61 – LFC: 10/11/2013 – 18:03:41 -SHA- . (…) — C:UsersSophianeVideosBakuman Saison 1Thumbs.db [60416]
~ 2 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 592 Legitimates Filtered in 04mn 21s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {EDA0CFB8-BD12-456A-B4E0-B4F071C25AAE} – (Search the web (Softonic)) – http://search.softonic.com” onclick=”window.open(this.href);return false; =>Adware.IMBooster
~ Keys: Scanned in 00mn 00s

—\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:UsersSophianeDocumentsVuze DownloadsFez.v1.03.Update.Cracked-ALI213FEZ.exe =>P2P.Azureus
C:UsersSophianeDocumentsVuze DownloadsFez.v1.03.Update.Cracked-ALI213OptimusFix.exe =>P2P.Azureus
C:UsersSophianeDocumentsVuze DownloadsFez.v1.03.Update.Cracked-ALI213FEZ.exe =>P2P.Azureus
C:UsersSophianeDocumentsVuze DownloadsFez.v1.03.Update.Cracked-ALI213OptimusFix.exe =>P2P.Azureus
~ Files: Scanned in 00mn 21s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][03/11/2013] (…) — C:UsersSophianeAppDataLocalTempQuarantine.exe [350259]
~ Files: 2 Legitimates Filtered in 00mn 00s

—\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 – MNS: Photos iCloud – {F0D63F85-37EC-4097-B30D-61B4A8917118}
~ MNS: 2 Legitimates Filtered in 00mn 00s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 09/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SS – | Demand 10/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
SR – | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
SR – | Auto 06/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
SR – | Demand 08/02/2011 4151376 | (Bluetooth Device Manager) . (.Motorola Solutions, Inc..) – C:Program FilesMotorolaBluetoothdevmgrsrv.exe
SR – | Demand 28/02/2011 1189968 | (Bluetooth Media Service) . (.Motorola Solutions, Inc..) – C:Program FilesMotorolaBluetoothaudiosrv.exe
SR – | Auto 15/02/2011 680016 | (Bluetooth OBEX Service) . (.Motorola Solutions, Inc..) – C:Program FilesMotorolaBluetoothobexsrv.exe
SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SR – | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) – C:WindowsSystem32ezSharedSvcHost.exe =>.EasyBits Software AS
SS – | Demand 30/12/2011 647680 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) – C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
SR – | Demand 30/12/2011 1028096 | (FLEXnet Licensing Service 64) . (.Macrovision Europe Ltd..) – C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService64.exe
SS – | Auto 12/04/2013 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 12/04/2013 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SR – | Auto 31/10/2013 2756944 | (Hamachi2Svc) . (.LogMeIn Inc..) – C:Program Files (x86)LogMeIn Hamachihamachi-2.exe
SR – | Auto 05/08/2010 291896 | (HPClientSvc) . (.Hewlett-Packard Company.) – C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe
SR – | Demand 15/02/2011 1071160 | (hpCMSrv) . (.Hewlett-Packard Development Company L.P..) – C:Program Files (x86)Hewlett-PackardHP Connection ManagerhpCMSrv.exe
SR – | Demand 28/02/2011 799800 | (hpqwmiex) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe
SR – | Auto 09/11/2010 26680 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) – C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe
SR – | Auto 12/01/2011 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
SR – | Auto 18/02/2011 2372096 | (IconMan_R) . (.Realsil Microelectronics Inc..) – C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe
SS – | Demand 01/10/2013 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SS – | Auto 10/07/1658 0 | (KMService) . (…) – C:Windowssystem32srvany.exe =>Hijacker.Office
SR – | Auto 11/10/2013 377104 | (LMIGuardianSvc) . (.LogMeIn, Inc..) – C:Program Files (x86)LogMeIn HamachiLMIGuardianSvc.exe
SR – | Auto 23/07/2010 268824 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe
SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe
SR – | Auto 18/10/2013 15122208 | (NvStreamSvc) . (.NVIDIA Corporation.) – C:Program FilesNVIDIA CorporationNvStreamSrvnvstreamsvc.exe
SR – | Auto 23/10/2013 922912 | (NVSvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
SR – | Auto 18/10/2013 1914656 | (nvUpdatusService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe
SS – | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
SR – | Auto 08/09/2011 305152 | (STacSV) . (.IDT, Inc..) – C:Program FilesIDTWDMSTacSV64.exe
SR – | Auto 23/07/2010 2320920 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 20s

—\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Sophiane at 10/11/2013 18:04:37
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Sophiane at 10/11/2013 18:04:39

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 12993 – (10/11/2013)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLMSYSTEMCurrentControlSetServicesKMService] =>Hijacker.Office^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
~ Additionnel Scan: 312066 Items scanned in 00mn 23s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/29626487-hijacker-office” onclick=”window.open(this.href);return false; =>Hijacker.Office
~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster” onclick=”window.open(this.href);return false; =>Adware.IMBooster
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
~ MSI: 3 link(s) detected in 00mn 23s

~ 1946 Legitimates filtered by white list
End of the scan (555 lines in 10mn 45s)(4)[/spoiler:1my2zuol]