Répondre à : Virus rvzr-a. akamaihd 2016-09-08T13:17:09+00:00
lcemegane
Participant
Nombre d'articles : 15

voici le premier scan :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by M‚gane on 13/11/2013 at 12:06:08,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINESoftwareWow6432NodeMicrosoftInternet ExplorerMain\Default_Page_URL

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/11/2013 at 12:33:35,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

et le deuxième :

~ Rapport de ZHPDiag v2013.11.11.25 – Nicolas Coolman (11/11/2013)
~ Lancé par Mégane (13/11/2013 13:23:35)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program

—\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16736
GCIE: Google Chrome v30.0.1599.101 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : 66JYG
Windows License : OK
~ Windows Remaining Initializations Number : 998
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
Bitdefender Antivirus Plus v17.20.0.883
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8

—\ Logiciels d’optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Reader XI
Java 7 Update 45

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6029 MB (73% free)
System Restore: Activé (Enable)
System drive C: has 214 GB (76%) free of 279 GB

—\ Mode de connexion au système
~ Computer Name: PC-MEGANE
~ User Name: Mégane
~ All Users Names: UpdatusUser, Mégane, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UsersMéganeAppDataRoamingZHP
~ %AppData% : C:UsersMéganeAppDataRoaming
~ %Desktop% : C:UsersMéganeDesktop
~ %Favorites% : C:UsersMéganeFavorites
~ %LocalAppData% : C:UsersMéganeAppDataLocal
~ %StartMenu% : C:UsersMéganeAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 214 Go of 279 Go)
D: Hard drive, Flash drive, Thumb drive (Free 398 Go of 398 Go)
E: CD-ROM drive (Not Inserted)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] – (.Microsoft Corporation – Explorateur Windows.) (.01/06/2013 – 12:34:21.) — C:WindowsExplorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] – (.Microsoft Corporation – Application de démarrage de Windows.) (.26/07/2012 – 04:08:50.) — C:WindowsSystem32Wininit.exe [132608]
[MD5.9706C99DAEBE3FEAC811B239617E98C4] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.12/10/2013 – 09:45:20.) — C:WindowsSystem32wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.11/10/2012 – 06:46:58.) — C:WindowsSystem32Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] – (.Microsoft Corporation – Bibliothèque de licences.) (.26/07/2012 – 04:07:20.) — C:WindowsSystem32sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] – (.Microsoft Corporation – Pilote de fonction connexe pour WinSock.) (.04/09/2013 – 04:11:23.) — C:Windowssystem32DriversAFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.26/07/2012 – 06:00:48.) — C:Windowssystem32Driversatapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] – (.Microsoft Corporation – CD-ROM File System Driver.) (.26/07/2012 – 03:30:10.) — C:Windowssystem32DriversCdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.26/07/2012 – 03:26:36.) — C:Windowssystem32DriversCdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.26/07/2012 – 03:26:53.) — C:Windowssystem32DriversDfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.27/11/2012 – 13:56:51.) — C:Windowssystem32DriversHDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] – (.Microsoft Corporation – Pilote de port i8042.) (.26/07/2012 – 03:28:51.) — C:Windowssystem32Driversi8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] – (.Microsoft Corporation – IP Network Address Translator.) (.26/07/2012 – 03:23:01.) — C:Windowssystem32DriversIpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] – (.Microsoft Corporation – Minirdr SMB Windows NT.) (.05/02/2013 – 23:29:09.) — C:Windowssystem32DriversMRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] – (.Microsoft Corporation – MBT Transport driver.) (.26/07/2012 – 03:24:28.) — C:Windowssystem32DriversnetBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.02/02/2013 – 11:54:54.) — C:Windowssystem32Driversntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] – (.Microsoft Corporation – Pilote de port parallèle.) (.26/07/2012 – 03:29:53.) — C:Windowssystem32DriversParport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.26/07/2012 – 03:23:17.) — C:Windowssystem32DriversRasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] – (.Microsoft Corporation – Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 – 03:25:18.) — C:Windowssystem32Driversrdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] – (.Microsoft Corporation – TDI Translation Driver.) (.26/07/2012 – 06:26:47.) — C:Windowssystem32Driverstdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.01/06/2013 – 12:26:33.) — C:Windowssystem32Driversvolsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2456
~ Mes musiques (My Musics) : 1/994
~ Mes Videos (My Videos) : 1/26
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 1/72
~ Mon Bureau (My Desktop) : 1/18
~ Menu demarrer (Programs) : 1/21
~ Hidden Files: Scanned in 00mn 01s

—\ Processus lancés
[MD5.E40AF754F43E3B44E2D6DE829267AD52] – (.ASUSTek Computer Inc. – ASLDR Service.) — C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe [110976] [PID.1768]
[MD5.DBC598E47E7A382E60E2A4745D41FEF9] – (.ASUS – GFNEXSrv.) — C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe [96896] [PID.1844]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1580]
[MD5.30E3850F303EAE5C364782EA78579CC9] – (.Apple Inc. – MobileDeviceService.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [55624] [PID.1456]
[MD5.6A122B4F0E5293CACFA8A5F2CBA9B356] – (.ASUS – ASUS InstantOn Program.) — C:Program Files (x86)ASUSASUS InstantOnInsOnSrv.exe [277120] [PID.1288]
[MD5.2126CCA1F93D7BCDF6F37CB8A7BFC004] – (.Microsoft Corp. – Bing Desktop updating service.) — C:Program Files (x86)MicrosoftBingDesktopBingDesktopUpdater.exe [173192] [PID.1468]
[MD5.78ABBE558F57144047F10A0F50FE4B2F] – (.Intel Corporation – Intel(R) Dynamic Application Loader Host In.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe [166720] [PID.2228]
[MD5.B07086D59443DAC6A668D691B27B968C] – (.ASUSTeK Computer Inc. – ASUS Color Engine.) — C:Program Files (x86)ASUSSplendidColorUService.exe [176240] [PID.3404]
[MD5.C570FD825751F7805CE226F68C4605DE] – (.ASUS – ACMON.) — C:Program Files (x86)ASUSSplendidACMON.exe [54488] [PID.3412]
[MD5.8969286F44A62758AACBD38F27D59BF5] – (.ASUSTek Computer Inc. – HControl.) — C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe [184704] [PID.3420]
[MD5.97432AB9F1B3B3E63E778C1E69E71E91] – (.ASUSTek Computer Inc. – ASUS USB Charger Plus.) — C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe [1124032] [PID.3428]
[MD5.C6D3BB61E24F66EB976C6CC55346B5F2] – (.ASUS – ASUS InstantOn.) — C:Program Files (x86)ASUSASUS InstantOnInsOnCfg.exe [1196416] [PID.3436]
[MD5.3A8D1E216D2F16551B37234E6E7341CB] – (.ASUS – ASUS InstantOn Program.) — C:Program Files (x86)ASUSASUS InstantOnInsOnWMI.exe [590208] [PID.3504]
[MD5.4F870EF9292559AB9DE6F31527A1DCBF] – (.ASUSTek Computer Inc. – KBFiltr.) — C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe [113312] [PID.3760]
[MD5.498622161649098034DA1893F00E9762] – (.ASUSTeK Computer Inc. – ASUS Quick Gesture Exe.) — C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe [20792] [PID.1384]
[MD5.0B50F07E63EE15383CDFDC26D7A3D3E3] – (.ASUSTek Computer Inc. – ATK Media.) — C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe [205184] [PID.3468]
[MD5.2D32F0EF950AED6AD007D042676FD39E] – (.ASUSTek Computer Inc. – ATKOSD2.) — C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe [328064] [PID.3752]
[MD5.83FF82FE209E7997067B375DAD6CF23D] – (.Intel Corporation – Intel(R) Integrated Clock Controller Servic.) — C:Program Files (x86)IntelIntel(R) Integrated Clock Controller ServiceICCProxy.exe [169752] [PID.4792]
[MD5.169A19284E9397EF95A5F36749301993] – (.CyberLink Corp. – Power2Go Desktop Burning Gadget.) — C:Program Files (x86)CyberLinkPower2GoPower2GoExpress.exe [2646504] [PID.4992]
[MD5.077541A539C9454FA2077D0EBE1FD93D] – (.Bitdefender – Bitdefender Application Password Manager Ag.) — C:Program FilesBitdefenderBitdefenderantispam32bdapppassmgr.exe [621448] [PID.4376]
[MD5.B7995C675014EEBE77A0BEB7AFCCFC08] – (.CyberLink Corp. – PowerDVD RC Service.) — C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe [91432] [PID.4700]
[MD5.35048D8E8A0BF7A797CD5757ACD7EED0] – (.CyberLink – CyberLink MediaLibray Service.) — C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe [107816] [PID.4888]
[MD5.B2387FD351A3D4780A917E4C00A83310] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152392] [PID.2496]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.2564]
[MD5.B53B22F4BEDDF8D7AAC5DFC50097BC9B] – (.Microsoft Corp. – Bing Desktop Application.) — C:Program Files (x86)MicrosoftBingDesktopBingDesktop.exe [2258056] [PID.4572]
[MD5.DB0C938BC311B31CF90C13821AE682B3] – (.ASUSTeK Computer Inc. – ASUS Live Update.) — C:Program Files (x86)ASUSASUS Live UpdateLiveUpdate.exe [1559936] [PID.5556]
[MD5.32AE4864E55782B00CA6B213F8E383F0] – (.Microsoft Corp. – BDExtHost.exe.) — C:Program Files (x86)MicrosoftBingDesktopBDExtHost.exe [207496] [PID.6140]
[MD5.6176E2630EA5759CA6E915AD0EB9F460] – (.Microsoft Corp. – BDAppHost.exe.) — C:Program Files (x86)MicrosoftBingDesktopBDAppHost.exe [153224] [PID.4940]
[MD5.687C7EF01D3AF31D8844FB22BC6B88D4] – (.Microsoft Corp. – BDRuntimeHost.exe.) — C:Program Files (x86)MicrosoftBingDesktopBDRuntimeHost.exe [369800] [PID.5208]
[MD5.9656F8E29F6C3161A3E99BCD3A472FF9] – (.Intel Corporation – Intel(R) ME Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe [129856] [PID.5500]
[MD5.2C24DC448DBE8DB9BE1441B824C57E79] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [277824] [PID.5488]
[MD5.1208E6455ED65E48691422D1FF093574] – (.NVIDIA Corporation – NVIDIA Settings Update Manager.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe [1260320] [PID.2264]
[MD5.E1A119AD21F5AFE22EB516C549306D3D] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [365376] [PID.4160]
[MD5.86FB5E8D5D1E3E405C46CCBF991E6FD4] – (.Thisisu – Junkware Removal Tool.) — C:UsersMéganeDesktopJRT.exe [1034531] [PID.3132]
[MD5.3E399A1328181C2A352472369DE2A93A] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [844752] [PID.1912]
[MD5.0248882379D37F3DC3EA1C721803B645] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8202752] [PID.5904]
~ Processes Running: Scanned in 00mn 00s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersMéganeAppDataLocalGoogleChromeUser DataDefaultPreferences
G2 – GCE: Preference [User DataDefault] [aaaaacalgebmfelllfiaoknifldpngjh] Avira SearchFree Toolbar plus Web Protection v.25.62074, (Désactivé) =>Toolbar.Avira
G2 – GCE: Preference [User DataDefault] [ccahoghmggldkcdjiebjkidpfongdfbl] Bitdefender Wallet v.17.19.0 (Activé)
G2 – GCE: Preference [User DataDefault] [jpmbfleldcgkldadpdinhjjopdfpjfjp] Wajam v.1.24 (Désactivé) =>PUP.Wajam
~ Google Browser: 16 Legitimates Filtered in 00mn 11s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: ASUS Install.lnk . (.ASUSTek Computer INC. – AsInsWiz.) — C:eSupporteDriverAsInsWiz.exe
O4 – GSDesktop [Public]: ASUS Instant Connect Installer.lnk . (…) — C:windowsInstaller{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}_77CD0D17CE4BC69D3FCD39.exe
O4 – GSDesktop [Public]: ASUS Tutor.lnk . (…) — C:windowsInstaller{58172D66-2F69-4215-9AEC-ED8196023736}_E2D96973328BFA48EC703B.exe
O4 – GSDesktop [Public]: eManual.Lnk . (.ASUSTek Computer Inc. – EManual Application.) — C:eSupportManualeManual.exe
O4 – GSDesktop [Public]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSDesktop [Public]: OpenOffice 4.0.0.lnk . (.Apache Software Foundation – OpenOffice 4.0.0.) — C:Program Files (x86)OpenOffice 4programsoffice.exe
O4 – GSDesktop [Public]: Scene Switch.lnk . (…) — C:WindowsInstaller{5172E572-C175-4F80-A6D5-5CB45826AD61}_BA416CBB8E260BCD465EF1.exe
O4 – GSDesktop [Public]: Waves MAXXAudio.lnk . (…) — C:Program Files (x86)RealtekAudioHDAMaxxAudioControl64.exe (.not file.)
O4 – GSDesktop [Public]: WebStorage.lnk . (.ASUS Cloud Corporation – ASUS WebStorage Panel.) — C:Program Files (x86)ASUSWebStorage Sync Agent1.1.10.123AsusWSPanel.exe
O4 – GSProgram [Public]: Desktop.lnk – Clé orpheline
O4 – GSQuickLaunch [Mégane]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [Mégane]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSTaskBar [Mégane]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSTaskBar [Mégane]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSTaskBar [Mégane]: OpenOffice 4.0.0.lnk . (.Apache Software Foundation – OpenOffice 4.0.0.) — C:Program Files (x86)OpenOffice 4programsoffice.exe
O4 – GSProgram [Mégane]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
~ Global Startup: 52 Legitimates Filtered in 00mn 01s

—\ Applications lancées au démarrage du sytème (O4)
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
O4 – HKLM..Run: [RTHDVCPL] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [RtHDVBg] . (.Realtek Semiconductor – HD Audio Background Process.) — C:Program FilesRealtekAudioHDARAVBg64.exe
O4 – HKLM..Run: [Bdagent] . (.Bitdefender – Bitdefender Agent.) — C:Program FilesBitdefenderBitdefenderbdagent.exe
O4 – HKCU..Run: [Power2GoExpress] . (.CyberLink Corp. – Power2Go Desktop Burning Gadget.) — C:Program Files (x86)CyberLinkPower2GoPower2GoExpress.exe
O4 – HKCU..Run: [msnmsgr] . (.Microsoft Corporation – Windows Live Messenger.) — C:Program Files (x86)Windows LiveMessengermsnmsgr.exe
O4 – HKCU..Run: [Bitdefender Wallet Agent] . (.Bitdefender – Bitdefender Password Manager Agent.) — C:Program FilesBitdefenderBitdefenderpmbxag.exe
O4 – HKCU..Run: [Bitdefender Wallet] . (.Bitdefender – Bitdefender Password Manager.) — C:Program FilesBitdefenderBitdefenderpwdmanui.exe
O4 – HKCU..Run: [Bitdefender Agent de l’application Wallet] . (.Bitdefender – Bitdefender Application Password Manager Ag.) — C:Program FilesBitdefenderBitdefenderantispam32bdapppassmgr.exe
O4 – HKLM..Wow6432NodeRun: [ASUSPRP] . (.ASUSTek Computer Inc. – ASUS Product Register Program.) — C:Program Files (x86)ASUSAPRPAPRP.exe
O4 – HKLM..Wow6432NodeRun: [ASUSWebStorage] . (.ASUS Cloud Corporation – ASUS WebStorage Panel.) — C:Program Files (x86)ASUSWebStorage Sync Agent1.1.10.123AsusWSPanel.exe
O4 – HKLM..Wow6432NodeRun: [RemoteControl10] . (.CyberLink Corp. – PowerDVD RC Service.) — C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe
O4 – HKLM..Wow6432NodeRun: [CLMLServer] . (.CyberLink – CyberLink MediaLibray Service.) — C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe
O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Wow6432NodeRun: [BingDesktop] . (.Microsoft Corp. – Bing Desktop Application.) — C:Program Files (x86)MicrosoftBingDesktopBingDesktop.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKUSS-1-5-18..Run: [Bitdefender Wallet Agent] . (.Bitdefender – Bitdefender Password Manager Agent.) — C:Program FilesBitdefenderBitdefenderpmbxag.exe
O4 – HKUSS-1-5-18..Run: [Bitdefender Wallet] . (.Bitdefender – Bitdefender Password Manager.) — C:Program FilesBitdefenderBitdefenderpwdmanui.exe
O4 – HKUSS-1-5-18..Run: [Bitdefender Agent de l’application Wallet] . (.Bitdefender – Bitdefender Application Password Manager Ag.) — C:Program FilesBitdefenderBitdefenderantispam32bdapppassmgr.exe
~ Application: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{126EF352-55B9-459E-B6EA-65454DEC9394}: DhcpNameServer = 127.0.0.1
O17 – HKLMSystemCCSServicesTcpip..{F109431D-AF75-40B1-8A24-12D4CA0EC0F9}: DhcpNameServer = 10.188.0.1
O17 – HKLMSystemCCSServicesTcpip..{126EF352-55B9-459E-B6EA-65454DEC9394}: DhcpDomain = ANCE.com
O17 – HKLMSystemCS1ServicesTcpip..{126EF352-55B9-459E-B6EA-65454DEC9394}: DhcpNameServer = 127.0.0.1
O17 – HKLMSystemCS1ServicesTcpip..{F109431D-AF75-40B1-8A24-12D4CA0EC0F9}: DhcpNameServer = 10.188.0.1
O17 – HKLMSystemCS1ServicesTcpip..{126EF352-55B9-459E-B6EA-65454DEC9394}: DhcpDomain = ANCE.com
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 10.188.0.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
O18 – Filter: application/x-msdownload [64Bits] – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – AppInit_DLLs: . (.NVIDIA Corporation – NVIDIA shim initialization dll, Version 311.) – C:Windowssystem32nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: McAfee AP Service (McAPExe) . (…) – C:Program FilesMcAfeeMSCMcAPexe.exe (.not file.)
O23 – Service: Bitdefender Virus Shield (VSSERV) . (.Bitdefender – Bitdefender Security Service.) – C:Program FilesBitdefenderBitdefendervsserv.exe
~ Services: 17 Legitimates Filtered in 00mn 06s

—\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{8590CA3A-4956-42E6-A81E-A0BABFDA13F5}] (…) — C:Program Files (x86)ElectroLyrics-1Uninstall.exe (.not file.) [0] =>Adware.AddLyrics
~ Scheduled Task: 17 Legitimates Filtered in 00mn 04s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.4E8F2BB3A5A87E75C35533723B50E685] – 09/11/2013 – 14:45:24 —A- . (…) — C:WindowsSysNativeuser_gensett.xml [385]
O44 – LFC:[MD5.4E8F2BB3A5A87E75C35533723B50E685] – 09/11/2013 – 14:45:24 —A- . (…) — C:WindowsSystem32user_gensett.xml [385]
O44 – LFC:[MD5.E1E9A5B1BD6AC67E2C017552CECDAE87] – 13/11/2013 – 09:13:22 —A- . (…) — C:bdlog.txt [5078]
~ Files: 100 Legitimates Filtered in 00mn 29s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.04BDCD830B3009647A0D9A50F683C24C] – 05/11/2013 – 17:51:59 —A- – C:WindowsPrefetchHOROSCOPE.EXE-39F22478.pf
O45 – LFCP:[MD5.5E5FDEF9517263F04E293E917F8F8D9E] – 07/11/2013 – 13:26:40 —A- – C:WindowsPrefetchGLCND.EXE-DD45F588.pf
O45 – LFCP:[MD5.7E8737DC303C53B75749325A8068AADD] – 09/11/2013 – 14:05:21 —A- – C:WindowsPrefetchBITDEFENDER_AV_64B.EXE-6559A4F5.pf
O45 – LFCP:[MD5.B48F0D81812B3FB53C7F8AF64246FBCF] – 09/11/2013 – 14:09:12 —A- – C:WindowsPrefetchINSTALLERPACKAGE.EXE-C9871E88.pf
O45 – LFCP:[MD5.FA41B0A4E9B284C1468B38207482F7AC] – 09/11/2013 – 14:09:33 —A- – C:WindowsPrefetchINSTALLER.EXE-2463F9E4.pf
O45 – LFCP:[MD5.03796ECA22DF9A2F01AABE877933E4C0] – 09/11/2013 – 17:33:51 —A- – C:WindowsPrefetchODSW.EXE-983DD055.pf
O45 – LFCP:[MD5.B20E85ECAA0AD437CFED830489D6CE01] – 09/11/2013 – 18:08:41 —A- – C:WindowsPrefetchODSLV.EXE-1ECDDD1C.pf
O45 – LFCP:[MD5.932F310B417598F4BB9F89F06061EC81] – 09/11/2013 – 19:39:07 —A- – C:WindowsPrefetchOBK.EXE-DCF2DD96.pf
O45 – LFCP:[MD5.9A63F9B33663E43A4B6595E7FCBE9847] – 10/11/2013 – 17:36:48 —A- – C:WindowsPrefetchFIRSTRUN.EXE-ED4F9EAB.pf
O45 – LFCP:[MD5.612E4173269E4652693E5E50E8E86114] – 12/11/2013 – 12:45:10 —A- – C:WindowsPrefetchdynreservedpri.db
O45 – LFCP:[MD5.DED66970164D203E206FEC258A7F935D] – 12/11/2013 – 16:24:28 —A- – C:WindowsPrefetch_IU14D2N.TMP-A8098D0F.pf
O45 – LFCP:[MD5.1A43C4F10D674C3DEA237BF58C108DFA] – 12/11/2013 – 23:18:48 —A- – C:WindowsPrefetchPMBXAG.EXE-EE66F507.pf
O45 – LFCP:[MD5.E56A35176F7B9DA0E3DC3D848D65EE6C] – 13/11/2013 – 09:16:20 —A- – C:WindowsPrefetchPDVD10SERV.EXE-99C8A7B5.pf
O45 – LFCP:[MD5.A92FE4B0DCAF4A2232FC95B411C2195D] – 13/11/2013 – 09:16:57 —A- – C:WindowsPrefetchBDAPPHOST.EXE-3F03D4E8.pf
O45 – LFCP:[MD5.71D9F2EAA65FE6DDCD671F7926E9F2CC] – 13/11/2013 – 09:16:57 —A- – C:WindowsPrefetchBDEXTHOST.EXE-46A5DBB8.pf
O45 – LFCP:[MD5.47B3A44E1C8122D51A2D190BFA48A19E] – 13/11/2013 – 09:16:59 —A- – C:WindowsPrefetchBDRUNTIMEHOST.EXE-686E0807.pf
O45 – LFCP:[MD5.D23D25FD9755D9A188659FCAD8BDE4DF] – 13/11/2013 – 12:03:09 —A- – C:WindowsPrefetchUPDATESRV.EXE-9AD36E5A.pf
O45 – LFCP:[MD5.14EF2D2E69B6EE080AAF816E51C83D19] – 13/11/2013 – 12:05:56 —A- – C:WindowsPrefetchWGET.DAT-1111CD68.pf
O45 – LFCP:[MD5.D1B247CE3923073AF87B2B39F776FE07] – 13/11/2013 – 12:06:00 —A- – C:WindowsPrefetchJRT.EXE-F1FE047E.pf
O45 – LFCP:[MD5.2FB9749D4AC6197F68EB150DDD88769B] – 13/11/2013 – 12:28:56 —A- – C:WindowsPrefetchCUT.DAT-6DB38D69.pf
O45 – LFCP:[MD5.9D8117C64816124C10AB61B7B9ABAE43] – 13/11/2013 – 12:33:09 —A- – C:WindowsPrefetchFIND.EXE-3298DC3B.pf
O45 – LFCP:[MD5.8FEBD20E3E229CA68C360D62C19BFBF5] – 13/11/2013 – 12:33:12 —A- – C:WindowsPrefetchSHORTCUT.DAT-8AB1FD09.pf
O45 – LFCP:[MD5.47D6F76862D76A55B254FFDF2819122F] – 13/11/2013 – 12:33:34 —A- – C:WindowsPrefetchFC.EXE-A601B343.pf
O45 – LFCP:[MD5.3BC305736F500A664BCFB65E2E6E3FFB] – 13/11/2013 – 12:33:35 —A- – C:WindowsPrefetchNIRCMD.DAT-AEC3928E.pf
O45 – LFCP:[MD5.3F1A34EC4194313F80B92F7E61243941] – 13/11/2013 – 13:13:24 —A- – C:WindowsPrefetchBDADDMTASK.EXE-35FD799F.pf
O45 – LFCP:[MD5.5CE4C105A8046E218CBEBE756E7EB5A4] – 13/11/2013 – 13:15:56 —A- – C:WindowsPrefetchINSTALLER.EXE-166619CC.pf
O45 – LFCP:[MD5.4C71B19C81D0DE948B457C3094636FA3] – 16/10/2013 – 16:22:52 —A- – C:WindowsPrefetchSYSTEMPROPERTIESREMOTE.EXE-A8B3EF40.pf
O45 – LFCP:[MD5.18B2437BC21ECE4ED813D16F454328E5] – 28/10/2013 – 19:10:40 —A- – C:WindowsPrefetchOFFERCAST_AVIRAV7_.EXE-0B097BEE.pf
O45 – LFCP:[MD5.2B0B5A53DC9E6B0D3681D0006A9388B9] – 28/10/2013 – 19:16:58 —A- – C:WindowsPrefetchMCUIHOST.EXE-AE5E0AD4.pf
~ Prefetcher: 217 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 8 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.A8080BEBCDB7A16495CE1205921DCAC5] – 02/08/2012 – 04:22:48 —A- . (.Pas de propriétaire – Keyboard Filter Driver.) — C:WindowsSystem32Driverskbfiltr.sys [14992]
~ Drivers: 21 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 10/11/2013 – 13:25:22 —A- . (…) — C:UsersMéganeDocumentsPOEM LANGUE ORALE.odt [22406]
O61 – LFC: 11/11/2013 – 13:25:22 —A- . (…) — C:UsersMéganeDownloads23054_OFFRE_Magasinier_e-commerce.pdf [371705]
O61 – LFC: 12/11/2013 – 13:25:21 —A- . (…) — C:UsersMéganeAppDataRoamingZHPZHPADSReport.txt [351] =>.Nicolas Coolman
O61 – LFC: 12/11/2013 – 13:25:21 —A- . (…) — C:UsersMéganeAppDataRoamingZHPZHPDiag.txt [37031] =>.Nicolas Coolman
O61 – LFC: 12/11/2013 – 13:25:21 —A- . (…) — C:UsersMéganeAppDataRoaminguser_gensett.xml [385]
O61 – LFC: 12/11/2013 – 13:25:21 —A- . (…) — C:UsersMéganeDocumentsAcademic writing pour le 19 novembre.odt [16986]
O61 – LFC: 12/11/2013 – 13:25:21 —A- . (…) — C:UsersMéganeDocumentsAdwCleaner[S1].txt [958]
O61 – LFC: 12/11/2013 – 13:25:21 —A- . (…) — C:UsersMéganeDocumentsAméricaine civi.odt [31574]
O61 – LFC: 12/11/2013 – 13:25:21 —A- . (…) — C:UsersMéganeDocumentsCivilisation Américaine CM 12 Novembre.odt [26066]
O61 – LFC: 12/11/2013 – 13:25:21 —A- . (…) — C:UsersMéganeDocumentsCivilisation Britannique CM 12 novembre.odt [26324]
O61 – LFC: 12/11/2013 – 13:25:22 —A- . (…) — C:UsersMéganeDocumentsResearch paper.odt [9433]
O61 – LFC: 12/11/2013 – 13:25:22 —A- . (…) — C:UsersMéganeDocumentsZHPDiag.txt [37031] =>.Nicolas Coolman
O61 – LFC: 12/11/2013 – 13:25:22 —A- . (…) — C:UsersMéganeDownloads23097_DS_Phonétique_-_Mr_Gauthier.pdf [10229]
O61 – LFC: 12/11/2013 – 13:25:24 —A- . (…) — C:UsersMéganeDownloadsadwcleaner.exe [1085542]
O61 – LFC: 13/11/2013 – 13:25:05 —A- . (…) — C:UsersMéganeAppDataLocalGoogleChromeUser DataLocal State [47190]
O61 – LFC: 13/11/2013 – 13:25:21 —A- . (…) — C:UsersMéganeAppDataRoamingZHPLog.txt [35242] =>.Nicolas Coolman
O61 – LFC: 13/11/2013 – 13:25:21 —A- . (…) — C:UsersMéganeAppDataRoamingZHPTestsZHPDiag.txt [2899] =>.Nicolas Coolman
O61 – LFC: 13/11/2013 – 13:25:21 —A- . (…) — C:UsersMéganeAppDataRoamingsp_data.sys [62]
~ 11 Fichiers temporaires (Temporary files)
~ Files: 704 Legitimates Filtered in 01mn 17s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.EF70DF92CF61D0CA3FE0D2AD50BB6FAD] [SPRF][09/11/2013] (…) — C:ProgramData1384002564.bdinstall.bin [1142527]
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (…) — C:ProgramDataSetStretch.exe [24576]
[MD5.5E873D6381A043A6380F2D991078E804] [SPRF][09/11/2013] (…) — C:UsersMéganeAppDataLocalTempdefaultCache.reg [85258]
[MD5.378189889438568FEF3D98588283B3A5] [SPRF][11/11/2013] (…) — C:UsersMéganeAppDataLocalTempQuarantine.exe [350377]
[MD5.22FB4C2FF5F50BD7492075457F0A3677] [SPRF][13/11/2013] (…) — C:UsersMéganeAppDataRoamingsp_data.sys [62]
[MD5.9812917FE2FCDEA2FD800573D7842E5D] [SPRF][12/11/2013] (…) — C:UsersMéganeDesktopadwcleaner.exe [1085542]
~ Files: 9 Legitimates Filtered in 00mn 00s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “TCP Query User{58F51957-CF37-4D8C-B0F3-9F136E989E8E}C:usersméganeappdataroamingcacaowebcacaoweb.exe” |In – Private – P6 – TRUE | .(…) — C:usersméganeappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “UDP Query User{C19950CF-FDDE-4ABF-B043-05EBD8C81AE1}C:usersméganeappdataroamingcacaowebcacaoweb.exe” |In – Private – P17 – TRUE | .(…) — C:usersméganeappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “TCP Query User{CBDF3A2E-823B-44B6-9F24-8D407BD00E33}C:usersméganeappdataroamingcacaowebcacaoweb.exe” |In – Public – P6 – TRUE | .(…) — C:usersméganeappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “UDP Query User{ED08F8CE-C9C0-4AB3-ABEF-72F0B2AD42FC}C:usersméganeappdataroamingcacaowebcacaoweb.exe” |In – Public – P17 – TRUE | .(…) — C:usersméganeappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
~ Firewall: 234 Legitimates Filtered in 00mn 00s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 05/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SR – | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
SR – | Auto 05/10/2012 110976 | (ASLDRService) . (.ASUSTek Computer Inc..) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
SR – | Auto 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) – C:Program Files (x86)ASUSASUS InstantOnInsOnSrv.exe
SR – | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SS – | Demand 13/12/2012 277616 | (cphs) . (.Intel Corporation.) – C:WindowsSysWow64IntelCpHeciSvc.exe
SS – | Auto 08/11/2013 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 08/11/2013 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SR – | Demand 24/04/2012 169752 | (ICCS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Integrated Clock Controller ServiceICCProxy.exe
SR – | Auto 13/09/2012 2466448 | (IconMan_R) . (.Realsil Microelectronics Inc..) – C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe
SR – | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientHeciServer.exe
SR – | Auto 27/06/2012 129856 | (Intel(R) ME Service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe
SR – | Demand 17/09/2013 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SR – | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
SR – | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
SS – | Auto 10/07/1658 0 | (McAPExe) . (…) – C:Program FilesMcAfeeMSCMcAPexe.exe
SR – | Auto 14/03/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
SR – | Auto 14/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe
SR – | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
SR – | Auto 07/10/2013 67320 | (UPDATESRV) . (.Bitdefender.) – C:Program FilesBitdefenderBitdefenderupdatesrv.exe
SR – | Auto 14/10/2013 1506736 | (VSSERV) . (.Bitdefender.) – C:Program FilesBitdefenderBitdefendervsserv.exe
SS – | Demand 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SS – | Demand 27/11/2012 29696 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 13s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Run by Mégane at 13/11/2013 13:27:27
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Mégane at 13/11/2013 13:27:29

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 12994 – (11/11/2013)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 1

[HKLMSoftwareGoogleChromeExtensionsaaaaacalgebmfelllfiaoknifldpngjh] =>Toolbar.Avira^
[HKLMSoftwareGoogleChromeExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp] =>PUP.Wajam^
C:UsersMéganeAppDataLocalGoogleChromeUser DataDefaultExtensionsaaaaacalgebmfelllfiaoknifldpngjh =>Toolbar.Avira^
C:UsersMéganeAppDataLocalGoogleChromeUser DataDefaultExtensionsjpmbfleldcgkldadpdinhjjopdfpjfjp =>PUP.Wajam^
C:UsersMéganeDownloadscacaoweb.exe =>PUP.CacaoWeb
~ Additionnel Scan: 243563 Items scanned in 00mn 20s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28419247-toolbar-avira” onclick=”window.open(this.href);return false; =>Toolbar.Avira
~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam” onclick=”window.open(this.href);return false; =>PUP.Wajam
~ http://nicolascoolman.webs.com/apps/blog/show/26601058-adware-addlyrics” onclick=”window.open(this.href);return false; =>Adware.AddLyrics
~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb” onclick=”window.open(this.href);return false; =>PUP.CacaoWeb
~ MSI: 4 link(s) detected in 00mn 20s

~ 1873 Legitimates filtered by white list
End of the scan (482 lines in 04mn 15s)(0)