Répondre à : Clé USB infectée 2016-09-08T13:16:41+00:00
Kiwi Givre
Participant
Nombre d'articles : 3

Je me suis rendue compte que je n’avais pas exécuter ZHPDiag en tant qu’administrateur donc j’ai refait le scan et voici le rapport :

[spoiler:24tneywk]~ Rapport de ZHPDiag v2013.11.10.24 – Nicolas Coolman (10/11/2013)
~ Lancé par Tiffany (11/11/2013 17:00:34)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 22.0
GCIE: Google Chrome v30.0.1599.101 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
avast! Free Antivirus v9.0.2007
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

—\ Logiciels d'optimisation du système
CCleaner v4.01 =>Piriform Ltd

—\ Logiciels de partage PeerToPeer
Pando Media Booster v2.6.0.7

—\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.5 MUI
Java 7 Update 45

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3766 MB (48% free)
System Restore: Activé (Enable)
System drive C: has 47 GB (18%) free of 253 GB

—\ Mode de connexion au système
~ Computer Name: TIFFANY-PC
~ User Name: Tiffany
~ All Users Names: Tiffany, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d'environnement
~ System Unit : C:
~ %AppZHP% : C:UsersTiffanyAppDataRoamingZHP
~ %AppData% : C:UsersTiffanyAppDataRoaming
~ %Desktop% : C:UsersTiffanyDesktop
~ %Favorites% : C:UsersTiffanyFavorites
~ %LocalAppData% : C:UsersTiffanyAppDataLocal
~ %StartMenu% : C:UsersTiffanyAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 47 Go of 253 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 94 Go of 200 Go)
F: Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)
G: Floppy drive, Flash card reader, USB Key (Free 2 Go of 4 Go)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowHelp: Modified =>PUA.StartShow
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyMusic: Modified
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyPics: Modified
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowSetProgramAccessAndDefaults: Modified =>PUA.StartShow
~ Security Center: 41 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.0862495E0C825893DB75EF44FAEA8E93] – (.Microsoft Corporation – Explorateur Windows.) (.26/02/2011 – 07:23:14.) — C:WindowsExplorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.8523338F749AC8C5300C125BC4B08275] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.02/03/2013 – 06:49:19.) — C:WindowsSystem32wininet.dll [1198080]
[MD5.DA3E2A6FA9660CC75B471530CE88453A] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.28/10/2009 – 07:24:40.) — C:WindowsSystem32Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] – (.Microsoft Corporation – Bibliothèque de licences.) (.14/07/2009 – 02:41:54.) — C:WindowsSystem32sppcomapi.dll [231936]
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/12/2011 – 04:59:11.) — C:Windowssystem32DriversAFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.14/07/2009 – 00:19:54.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.27/04/2011 – 03:57:40.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.14/07/2009 – 01:06:13.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.04/05/2011 – 03:51:08.) — C:Windowssystem32DriversMRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] – (.Microsoft Corporation – MBT Transport driver.) (.14/07/2009 – 00:21:29.) — C:Windowssystem32DriversnetBT.sys [259072]
[MD5.9A6089B056EA1B83B36424FC9D0A300E] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:36:37.) — C:Windowssystem32Driversntfs.sys [1653096]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/07/2009 – 01:10:12.) — C:Windowssystem32DriversRasl2tp.sys [130048]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] – (.Microsoft Corporation – TDI Translation Driver.) (.14/07/2009 – 00:21:15.) — C:Windowssystem32Driverstdx.sys [99840]
[MD5.9E425AC5C9A5A973273D169F43B4F5E1] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.06/09/2012 – 18:38:18.) — C:Windowssystem32Driversvolsnap.sys [295792]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/14
~ Mes Videos (My Videos) : 1/314
~ Mes Favoris (My Favorites) : 1/30
~ Mes Documents (My Documents) : 1/5946
~ Mon Bureau (My Desktop) : 1/1573
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 08s

—\ Processus lancés
[MD5.736E57247F12EACECDB224B8D1F7F187] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe [3568312] [PID.4080]
[MD5.34B25A7B5FBA206C17B9F028736E9B36] – (.Don HO don.h@free.fr – Notepad++ : a free (GNU) source code editor.) — C:Program Files (x86)Notepad++notepad++.exe [1785856] [PID.6072]
[MD5.3E399A1328181C2A352472369DE2A93A] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [844752] [PID.2020]
[MD5.5F4634A5F4629F2FC242C45F78F44668] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8201216] [PID.4632]
[MD5.7A189530FD0CFD415DBE41123F8A6A59] – (.AVAST Software – avast! Service.) — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [50344] [PID.1328]
[MD5.DBC1136A62BD4DECC3632DF650284C2E] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [268824] [PID.1968]
~ Processes Running: Scanned in 00mn 00s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersTiffanyAppDataLocalGoogleChromeUser DataDefaultPreferences
G2 – GCE: Preference [User DataDefault] [jpmbfleldcgkldadpdinhjjopdfpjfjp] Wajam v.1.24 (Désactivé) =>Toolbar.Wajam
~ Google Browser: 16 Legitimates Filtered in 00mn 14s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:UsersTiffanyAppDataRoamingMozillaFirefoxProfilesa5ps8751.defaultprefs.js
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 23

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: Monopoly Tycoon.lnk . (.DeepRed Games Ltd – Monopoly Tycoon.) — C:Program Files (x86)Monopoly Tycoonmc.exe
O4 – GSDesktop [Public]: Oracle VM VirtualBox.lnk . (…) — C:Program Files (x86)OracleVirtualBoxVirtualBox.exe (.not file.)
O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O4 – GSQuickLaunch [Tiffany]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [Tiffany]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSQuickLaunch [Tiffany]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O4 – GSQuickLaunch [Tiffany]: Packard Bell Games.lnk . (.WildTangent, Inc. – GameConsole.) — C:Program Files (x86)Packard Bell GamesPackard Bell Game ConsoleGameConsole-wt.exe
O4 – GSTaskBar [Tiffany]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSProgram [Tiffany]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSProgram [Tiffany]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSSystemTools [Tiffany]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSDesktop [Tiffany]: ArgoUML.lnk . (.Oracle Corporation – Java(TM) Platform SE binary.) — C:Program Files (x86)Javajre7binjavaw.exe
O4 – GSDesktop [Tiffany]: DrScheme.lnk . (.PLT Scheme Inc. – PLT Scheme GUI application.) — C:Program Files (x86)PLTDrScheme.exe
O4 – GSDesktop [Tiffany]: eclipse.exe.lnk . (…) — C:UsersTiffanyDocuments_Manueeclipseeclipse.exe
O4 – GSDesktop [Tiffany]: Packard Bell Games.lnk . (.WildTangent, Inc. – GameConsole.) — C:Program Files (x86)Packard Bell GamesPackard Bell Game ConsoleGameConsole-wt.exe
O4 – GSDesktop [Tiffany]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
O4 – GSDesktop [Tiffany]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
O4 – GSDesktop [Tiffany]: TeXnicCenter.lnk . (.TeXnicCenter.org (www.TeXnicCenter.org) – TeXnicCenter.) — C:Program Files (x86)TeXnicCenterTEXCNTR.exe
~ Global Startup: 82 Legitimates Filtered in 00mn 01s

—\ Applications lancées au démarrage du sytème (O4)
O4 – HKLM..Wow6432NodeRun: [avast5] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5avastUI.exe
O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe
O4 – HKLM..Wow6432NodeRunOnce: [Malwarebytes Anti-Malware] . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 – Extra button: &Envoyer à OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} — C:Program Files (x86)MICROS~2Office14ONBttnIE.dll (.not file.)
O9 – Extra button: Notes &liées OneNote [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} — C:Program Files (x86)MICROS~2Office14ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{5C0A3319-D615-4123-A350-3B56102C00B3}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 – HKLMSystemCS1ServicesTcpip..{5C0A3319-D615-4123-A350-3B56102C00B3}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 – HKLMSystemCS2ServicesTcpip..{5C0A3319-D615-4123-A350-3B56102C00B3}: DhcpNameServer = 89.2.0.1 89.2.0.2
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 89.2.0.1 89.2.0.2
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlmailhtml [64Bits] – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (…) —
O18 – Filter: text/xml [64Bits] – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

—\ Tâches planifiées en automatique (O39)
O39 – APT:Automatic Planified Task – C:WindowsTasksAutoKMS.job [268]
[MD5.00000000000000000000000000000000] [APT] [{14964A8D-1136-4627-9A80-89EF95403825}] (…) — C:UsersTiffanyDownloadsWin7_64_152612.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3393B27B-B521-42C4-A6B0-EFCF7886FD5C}] (…) — C:UsersTiffanyDownloadsWin7Vista_64_152254.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9810EFDE-9DD9-4888-A890-A3B90F2D5850}] (…) — C:UsersTiffanyDownloadsProgrammesWin7_64_152612.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BAD935DC-F7CD-4003-ACAA-17AE78C6F4C9}] (…) — C:UsersTiffanyDownloadsWin7Vista_152258.exe (.not file.) [0]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 06s

—\ Logiciels installés (O42)
O42 – Logiciel: Graphviz 2.28 – (.AT&T Research Labs.) [HKLM][64Bits] — {D437FFB6-5C49-4DAC-ABAE-33FF065FE7CC}
O42 – Logiciel: PLT Scheme v4.2.5 – (.PLT Scheme Inc..) [HKLM][64Bits] — PLT-4.2.5
~ Logic: 174 Legitimates Filtered in 00mn 00s

—\ HKCU & HKLM Software Keys
[HKCUSoftwarePando Networks]
[HKCUSoftwareQGIS]
[HKLMSoftwareWow6432NodePando Networks]
~ Key Software: 281 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 10/04/2012 – 10:08:34 – [153,213] —-D C:Program Files (x86)Graphviz 2.28
O43 – CFD: 02/10/2011 – 23:54:44 – [0,021] —-D C:Program Files (x86)Jeux
O43 – CFD: 05/05/2012 – 08:48:57 – [7,182] —-D C:Program Files (x86)Pando Networks
O43 – CFD: 04/11/2011 – 17:08:36 – [194,569] —-D C:Program Files (x86)PLT
O43 – CFD: 13/02/2011 – 12:15:21 – [0,001] —-D C:UsersTiffanyAppDataRoamingfr.barrierepoker.air.D043989C8F5E91300BF71855036B28F854BB8613.1
O43 – CFD: 16/12/2011 – 14:50:44 – [0,004] —-D C:UsersTiffanyAppDataRoamingPLT Scheme
O43 – CFD: 04/11/2011 – 17:06:42 – [0,001] —-D C:UsersTiffanyAppDataRoamingRacket
O43 – CFD: 13/02/2011 – 11:47:24 – [0,614] —-D C:UsersTiffanyAppDataRoamingwam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
O43 – CFD: 21/07/2011 – 19:01:59 – [5,318] —-D C:UsersTiffanyAppDataLocalPokerStars.FR
~ Program Folder: 227 Legitimates Filtered in 01mn 12s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.E77F8FA7BBFD2BBA473019209FC25DB8] – 11/11/2013 – 12:25:00


. (…) — C:UsbFix [Scan 1] TIFFANY-PC.txt [8160]
O44 – LFC:[MD5.308C731E964E015761F4F4C514E2E91C] – 11/11/2013 – 15:55:54


. (…) — C:UsbFix [Clean 2] TIFFANY-PC.txt [4477]
O44 – LFC:[MD5.24A81C015212B8B6DE995839CCD988E9] – 11/11/2013 – 16:04:19 —A- . (…) — C:UsbFix [Clean 3] TIFFANY-PC.txt [7812]
~ Files: 30 Legitimates Filtered in 00mn 03s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.C7686DBE0C9DA51B2EA7EC73C84B0A57] – 11/11/2013 – 16:09:01 —A- – C:WindowsPrefetchINSTUP.EXE-A21AC9E7.pf
~ Prefetcher: 35 Legitimates Filtered in 00mn 00s

—\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 – SEH:ShellExecuteHooks – Groove GFS Stub Execution Hook [64Bits] – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:PROGRA~2MICROS~1Office14GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

—\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 – SMSR:HKLM…startupreghpqSRMon [Key] . (…) — C:Program Files (x86)HPDigital ImagingbinhpqSRMon.exe (.not file.)
~ SMSR Keys: 19 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] – 07/11/2013 – 11:52:15 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776]
~ Drivers: 16 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 08/11/2013 – 17:02:48 —A- . (…) — C:UsersTiffanyAppDataRoamingZHPHOSTS.txt [851] =>.Nicolas Coolman
O61 – LFC: 08/11/2013 – 17:02:51 —A- . (…) — C:UsersTiffanyDownloadsmod_python-3.4.1.tgz [566218]
O61 – LFC: 08/11/2013 – 17:02:51 —A- . (…) — C:UsersTiffanyDownloadsnpp.6.5.1.Installer.exe [7520740]
O61 – LFC: 08/11/2013 – 17:02:51 —A- . (.Hervé Leclerc (HeL).) — C:UsersTiffanyDownloadsWampserver2.4-x64.exe [40603386]
O61 – LFC: 11/11/2013 – 17:02:43 —A- . (…) — C:UsersTiffanyAppDataLocalGoogleChromeUser DataLocal State [46636]
O61 – LFC: 11/11/2013 – 17:02:44 —A- . (…) — C:UsersTiffanyAppDataLocalPMB Files56755675AC921A572AA06D3E8B96168B76413393FD85.ct1 [494] =>P2P.Pando
O61 – LFC: 11/11/2013 – 17:02:44 —A- . (…) — C:UsersTiffanyAppDataLocalPMB Filescertcert8.db [65536] =>P2P.Pando
O61 – LFC: 11/11/2013 – 17:02:44 —A- . (…) — C:UsersTiffanyAppDataLocalPMB Filescertkey3.db [16384] =>P2P.Pando
O61 – LFC: 11/11/2013 – 17:02:44 —A- . (…) — C:UsersTiffanyAppDataLocalPMB Filescertsecmod.db [16384] =>P2P.Pando
O61 – LFC: 11/11/2013 – 17:02:44 —A- . (…) — C:UsersTiffanyAppDataLocalPMB Filespando.save [10160] =>P2P.Pando
O61 – LFC: 11/11/2013 – 17:02:48 —A- . (…) — C:UsersTiffanyAppDataRoamingZHPLog.txt [42698] =>.Nicolas Coolman
O61 – LFC: 11/11/2013 – 17:02:48 —A- . (…) — C:UsersTiffanyAppDataRoamingZHPTestsZHPDiag.txt [2899] =>.Nicolas Coolman
O61 – LFC: 11/11/2013 – 17:02:48 —A- . (…) — C:UsersTiffanyAppDataRoamingZHPZHPADSReport.txt [351] =>.Nicolas Coolman
O61 – LFC: 11/11/2013 – 17:02:48 —A- . (…) — C:UsersTiffanyAppDataRoamingZHPZHPDiag.txt [33826] =>.Nicolas Coolman
~ Files: 270 Legitimates Filtered in 00mn 11s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {AC13A09F-B424-489A-94D0-B5D625AA9109} – (Ask Search) – http://websearch.ask.com” onclick=”window.open(this.href);return false; =>Toolbar.Ask
~ Keys: Scanned in 00mn 00s

—\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:UsersTiffanyDocuments_Jean-lucDossiers JlucWinRAR 3.92Keygen — COREkeygen.exe
C:UsersTiffanyDocuments_Jean-lucDossiers JlucWinRAR 3.92Keygen — COREkeygen.exe
~ Files: Scanned in 01mn 07s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.055E35E21556FB513679E77D0A80ADB6] [SPRF][05/02/2011] (…) — C:ProgramDataezsidmv.dat [56]
[MD5.E447F6E7BF834A145A5B0EC513EA5AEA] [SPRF][20/03/2013] (…) — C:UsersTiffanyAppDataRoamingwklnhst.dat [1084]
[MD5.9812917FE2FCDEA2FD800573D7842E5D] [SPRF][11/11/2013] (…) — C:UsersTiffanyDesktopadwcleaner.exe [1085542]
~ Files: 4 Legitimates Filtered in 00mn 00s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “TCP Query User{BA8C4616-43E3-4CCF-B84B-5D9E33BAB4FC}C:program files (x86)monopoly tycoonmc.exe” | In – Public – P6 – TRUE | .(.DeepRed Games Ltd – Monopoly Tycoon.) — C:program files (x86)monopoly tycoonmc.exe
O87 – FAEL: “UDP Query User{459324B6-EA86-4CE9-9DA4-A392B0CDFDB8}C:program files (x86)monopoly tycoonmc.exe” | In – Public – P17 – TRUE | .(.DeepRed Games Ltd – Monopoly Tycoon.) — C:program files (x86)monopoly tycoonmc.exe
~ Firewall: 218 Legitimates Filtered in 00mn 01s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.435E6AD30125295F5A3F4961D33E898F] [WIS][08/03/2010] (.NewTech Infosystems – Backup Manager Basic.) — C:WindowsInstaller2829c.msi [996864]
[MD5.9EBB84AEEA8B9883B968E32A549BA77D] [WIS][25/08/2013] (.Husdawg, LLC – System Requirements Lab for Intel.) — C:WindowsInstaller7041213.msi [405504]
[MD5.7AE5FF598B22E4F65558BAF73107FA7E] [WIS][14/05/2009] (.Builds the Destinations MSI – Builds the Destinations MSI.) — C:WindowsInstallerc58f9.msi [459264]
~ WIS: 123 Legitimates Filtered in 00mn 16s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 09/10/2009 169312 | (AdobeActiveFileMonitor8.0) . (.Adobe Systems Incorporated.) – c:Program Files (x86)AdobeElements Organizer 8.0PhotoshopElementsFileAgent.exe
SR – | Auto 07/11/2013 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
SS – | Auto 08/04/2010 312400 | (DsiWMIService) . (.Dritek System Inc..) – C:Program Files (x86)Launch Managerdsiwmis.exe
SS – | Auto 17/03/2010 866336 | (ePowerSvc) . (.Acer Incorporated.) – C:Program FilesPackard BellPackard Bell Power ManagementePowerSvc.exe
SS – | Demand 07/06/2010 867080 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) – C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
SS – | Demand 10/10/2009 238328 | (GameConsoleService) . (.WildTangent, Inc..) – C:Program Files (x86)Packard Bell GamesPackard Bell Game ConsoleGameConsoleService.exe
SS – | Auto 08/01/2010 23584 | (GREGService) . (.Acer Incorporated.) – C:Program Files (x86)Packard BellRegistrationGREGsvc.exe
SS – | Auto 30/07/2013 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 30/07/2013 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SR – | Demand 14/07/2009 27136 | C:Program Files (x86)HPDigital Imagingbinhpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)HPDigital Imagingbinhpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)HPDigital ImagingbinHPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
SS – | Auto 24/12/2009 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
SR – | Auto 18/03/2010 268824 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
SS – | Demand 03/08/2012 427672 | (maconfservice) . (.CybelSoft.) – C:Program Filesma-config.comx64maconfservice.exe
SS – | Demand 03/07/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
SS – | Demand 15/01/2010 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) – C:Program Files (x86)Common FilesNeroNero BackItUp 4NBService.exe
SS – | Auto 14/07/2009 27136 | C:Windowssystem32HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
SS – | Auto 09/03/2010 250368 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) – C:Program Files (x86)NewTech InfosystemsPackard Bell MyBackupIScheduleSvc.exe
SS – | Auto 14/07/2009 27136 | C:Windowssystem32HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
SS – | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
SS – | Demand 02/11/2009 126352 | (TurboBoost) . (.Intel(R) Corporation.) – C:Program FilesIntelTurboBoostTurboBoost.exe
SS – | Auto 18/03/2010 2320920 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
SS – | Auto 29/01/2010 243232 | (Updater Service) . (.Acer Group.) – C:Program FilesPackard BellPackard Bell UpdaterUpdaterService.exe
SS – | Demand 23/06/2013 24576 | (wampapache) . (.Apache Software Foundation.) – c:wampbinapacheapache2.4.4binhttpd.exe
SS – | Demand 23/06/2013 12867584 | (wampmysqld) . (…) – c:wampbinmysqlmysql5.6.12binmysqld.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 18s

—\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Tiffany at 11/11/2013 17:04:25
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Tiffany at 11/11/2013 17:04:27

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 12993 – (10/11/2013)
Clés trouvées (Keys found) : 14
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 1

[HKLMSoftwareGoogleChromeExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp] =>Toolbar.Wajam^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodes1C875DDE39636004CA8CDAEC335B4160] =>Adware.PredictAd
[HKLMSoftwareClassesesri3DAnalystUI.DeltaXYZSketch3DMenuItem] =>Toolbar.DeltaSearch
[HKLMSoftwareClassesesri3DAnalystUI.DeltaXYZSketch3DMenuItem.1] =>Toolbar.DeltaSearch
[HKLMSoftwareClassesesriCadastralUI.DeltaXYConstructionMenuItem] =>Toolbar.DeltaSearch
[HKLMSoftwareClassesesriCadastralUI.DeltaXYConstructionMenuItem.1] =>Toolbar.DeltaSearch
[HKLMSoftwareWow6432NodeClassesesri3DAnalystUI.DeltaXYZSketch3DMenuItem] =>Toolbar.DeltaSearch
[HKLMSoftwareWow6432NodeClassesesri3DAnalystUI.DeltaXYZSketch3DMenuItem.1] =>Toolbar.DeltaSearch
[HKLMSoftwareWow6432NodeClassesesriCadastralUI.DeltaXYConstructionMenuItem] =>Toolbar.DeltaSearch
[HKLMSoftwareWow6432NodeClassesesriCadastralUI.DeltaXYConstructionMenuItem.1] =>Toolbar.DeltaSearch
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components38D5CDD0A851B3940A43CC50ABBA251C] =>Adware.Boxore^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsAAC05EAA51DC78A41A1DCE3B31038584] =>Adware.Boxore^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsBA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
C:UsersTiffanyAppDataLocalGoogleChromeUser DataDefaultExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp =>Toolbar.Wajam^
C:UsersTiffanyAppDataLocalSoftware =>Adware.Boxore
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowHelp: Modified =>PUA.StartShow ^
~ Additionnel Scan: 580950 Items scanned in 00mn 38s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/34077727-pua-startshow” onclick=”window.open(this.href);return false; =>PUA.StartShow
~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam” onclick=”window.open(this.href);return false; =>Toolbar.Wajam
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask” onclick=”window.open(this.href);return false; =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/27229962-adware-predictad” onclick=”window.open(this.href);return false; =>Adware.PredictAd
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore” onclick=”window.open(this.href);return false; =>Adware.Boxore
~ MSI: 6 link(s) detected in 00mn 38s

~ 1585 Legitimates filtered by white list
End of the scan (502 lines in 04mn 31s)(2)[/spoiler:24tneywk]