Répondre à : Clé USB infectée 2016-09-08T13:17:50+00:00
Photo du profil de lechatlilas85lechatlilas85
Participant
Post count: 8

Bonsoir,
Je pensais avoir envoyé le rapport…Désolé!Le voici: siffle

~ Rapport de ZHPDiag v2013.11.16.34 – Nicolas Coolman (16/11/2013)
~ Lancé par Le Club des Cinq (19/11/2013 17:26:00)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16736

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK

—\ Logiciels de protection du système
avast! Free Antivirus v9.0.2008
Malwarebytes Anti-Malware version 1.75.0.1300
Spybot – Search & Destroy v1.6.2
Windows Defender W7

—\ Logiciels d’optimisation du système
CCleaner v4.07 =>Piriform Ltd

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader XI
Java 7 Update 45

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3980 MB (43% free)
System Restore: Activé (Enable)
System drive C: has 729 GB (79%) free of 914 GB

—\ Mode de connexion au système
~ Computer Name: AVRILLE
~ User Name: Le Club des Cinq
~ All Users Names: Le Club des Cinq, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UsersLe Club des CinqAppDataRoamingZHP
~ %AppData% : C:UsersLe Club des CinqAppDataRoaming
~ %Desktop% : C:UsersLe Club des CinqDesktop
~ %Favorites% : C:UsersLe Club des CinqFavorites
~ %LocalAppData% : C:UsersLe Club des CinqAppDataLocal
~ %StartMenu% : C:UsersLe Club des CinqAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 729 Go of 914 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 17 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.28/06/2012 – 12:44:19.) — C:WindowsExplorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.9706C99DAEBE3FEAC811B239617E98C4] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.12/10/2013 – 09:45:20.) — C:WindowsSystem32wininet.dll [2241536]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.21/11/2010 – 04:24:29.) — C:WindowsSystem32Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.21/11/2010 – 04:24:16.) — C:WindowsSystem32sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.21/11/2010 – 04:23:47.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.28/06/2012 – 12:44:50.) — C:Windowssystem32DriversMRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.21/11/2010 – 04:23:51.) — C:Windowssystem32DriversnetBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.21/11/2010 – 04:24:33.) — C:Windowssystem32DriversRasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.21/11/2010 – 04:24:32.) — C:Windowssystem32Driverstdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.28/06/2012 – 12:49:52.) — C:Windowssystem32Driversvolsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/7029
~ Mes musiques (My Musics) : 8/2041
~ Mes Videos (My Videos) : 2/234
~ Mes Favoris (My Favorites) : 1/15
~ Mes Documents (My Documents) : 3/8706
~ Mon Bureau (My Desktop) : 0/178
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 22s

—\ Processus lancés
[MD5.554A50B5310E702029D3A675459108FF] – (.Hewlett-Packard – hpsysdrv.) — C:Program Files (x86)Hewlett-PackardHP Odometerhpsysdrv.exe [62768] [PID.2908]
[MD5.9567905E8DFA5D82C7F1A3DB576B1397] – (.Lexmark International, Inc. – Lexmark Device Monitor.) — C:Program Files (x86)Lexmark 2300 Serieslxcgmon.exe [205744] [PID.3108]
[MD5.53E365A499EA365F97D7A31918B3D54B] – (.Lexmark International Inc. – Lexmark Fast Pics Application.) — C:Program Files (x86)Lexmark 2300 Seriesezprint.exe [103344] [PID.3136]
[MD5.636D97B3BAF854511FF3F4093E895FED] – (.Google Inc. – Google Chrome.) — C:UsersLe Club des CinqAppDataLocalGoogleChromeApplicationchrome.exe [863184] [PID.3164]
[MD5.177E24726F38D24B10532D7DDEE0DCC7] – (…) — C:UsersLe Club des CinqAppDataRoamingcacaowebcacaoweb.exe [454656] [PID.3240] =>PUP.CacaoWeb
[MD5.C637FC4638A96165256B28D38DE7B953] – (.Hewlett-Packard – hpwuSchd Application.) — C:Program Files (x86)HpHP Software Updatehpwuschd2.exe [49208] [PID.3408]
[MD5.9F59AFA3110D7C7A41E7082FBD72CFFA] – (.Pas de propriétaire – Printer Device Monitor.) — C:Program Files (x86) (x86)Lexmark Z2300 Serieslxdpmon.exe [672424] [PID.3596]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.3840]
[MD5.1F0A97900FC718CE617A722BEF8580CD] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [3568312] [PID.3860]
[MD5.E6C1D2F421AF7096D75D0735C7E64542] – (.Hewlett-Packard – HP TouchSmart Calendar Service.) — C:Program Files (x86)Hewlett-PackardTouchSmartCalendarServiceHPTouchSmartSyncCalReminderApp.exe [20480] [PID.2980]
[MD5.8FCF9BFFCA49923C504C4BFE8378BF8A] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8220160] [PID.2000]
~ Processes Running: Scanned in 00mn 00s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersLe Club des CinqAppDataLocalGoogleChromeUser DataDefaultPreferences
G2 – GCE: Preference [User DataDefault] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [leahdjjpjmnamomgpojikeapflgbmjab] cacaoweb v.1.16 (Désactivé) =>PUP.CacaoWeb
G2 – GCE: Preference [User DataDefault] [licjnkifamhpbaefhdpacpmihicfbomb] PricePeep v.2.1.293.0 (Désactivé) =>Adware.PricePeep
G2 – GCE: Preference [User DataDefault] [ndibdjnfmopecpmkdieinmbadjfpblof] AVG Secure Search v.13.2.0.4 (Désactivé) =>Toolbar.AVGSearch
~ Google Browser: 17 Legitimates Filtered in 00mn 24s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:windowssystem32userinit.exe
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 05s
~ Nombre de lignes (Lines number): 15505

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: OpenOffice 4.0.1.lnk . (.Apache Software Foundation – OpenOffice 4.0.1.) — C:Program Files (x86)OpenOffice 4programsoffice.exe
O4 – GSQuickLaunch [Le Club des Cinq]: DVD Shrink 3.2.lnk . (.DVD Shrink – DVD Shrink 3.2.) — C:Program Files (x86)DVD ShrinkDVD Shrink 3.2.exe
O4 – GSQuickLaunch [Le Club des Cinq]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSQuickLaunch [Le Club des Cinq]: Spybot – Search & Destroy.lnk . (.Safer Networking Limited – Spybot – Search & Destroy.) — C:Program Files (x86)Spybot – Search & DestroySpybotSD.exe
O4 – GSTaskBar [Le Club des Cinq]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSTaskBar [Le Club des Cinq]: Lanceur d’applications Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:UsersLe Club des CinqAppDataLocalGoogleChromeApplicationchrome.exe
O4 – GSTaskBar [Le Club des Cinq]: Pinball.lnk . (.Cinematronics – 3D Pinball.) — C:Program Files (x86)Microsoft GamesPinballpinball.exe
O4 – GSProgram [Le Club des Cinq]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSSystemTools [Le Club des Cinq]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSDesktop [Le Club des Cinq]: DVD Shrink 3.2.lnk . (.DVD Shrink – DVD Shrink 3.2.) — C:Program Files (x86)DVD ShrinkDVD Shrink 3.2.exe
O4 – GSDesktop [Le Club des Cinq]: Word 2003.lnk . (…) — C:windowsInstaller{9011040C-6000-11D3-8CFE-0150048383C9}wordicon.exe
~ Global Startup: 78 Legitimates Filtered in 00mn 02s

—\ Applications lancées au démarrage du sytème (O4)
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:windowssystem32igfxtray.exe
O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:windowssystem32igfxpers.exe
O4 – HKLM..Run: [HPSYSDRV] . (.Hewlett-Packard – hpsysdrv.) — C:Program Files (x86)Hewlett-PackardHP OdometerHPSYSDRV.exe =>.Hewlett-Packard Co
O4 – HKLM..Run: [LXCGCATS] rundll32 C:windowssystem32spoolDRIVERSx643LXCGtime.dll (.not file.)
O4 – HKLM..Run: [lxcgmon.exe] . (.Lexmark International, Inc. – Lexmark Device Monitor.) — C:Program Files (x86)Lexmark 2300 Serieslxcgmon.exe
O4 – HKLM..Run: [EzPrint] . (.Lexmark International Inc. – Lexmark Fast Pics Application.) — C:Program Files (x86)Lexmark 2300 Seriesezprint.exe
O4 – HKLM..Run: [bEWm2wMR] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
O4 – HKLM..RunOnce: [NCPluginUpdater] . (.Hewlett-Packard – NCPluginUpdater.) — C:Program Files (x86)Hewlett-PackardHP Health CheckActiveCheckproduct_lineNCPluginUpdater.exe
O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UsersLe Club des CinqAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
O4 – HKCU..Run: [51D0DB0D7F1E399C1BF2E0D385F1BAABCEC9DC2A._service_run] . (.Google Inc. – Google Chrome.) — C:UsersLe Club des CinqAppDataLocalGoogleChromeApplicationchrome.exe
O4 – HKCU..Run: [Facebook Update] C:UsersLe Club des CinqAppDataLocalFacebookUpdateFacebookUpdate.exe (.not file.)
O4 – HKCU..Run: [cacaoweb] . (…) — C:UsersLe Club des CinqAppDataRoamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
O4 – HKLM..Wow6432NodeRun: [HP Software Update] . (.Hewlett-Packard – hpwuSchd Application.) — c:Program Files (x86)HPHP Software UpdateHPWuSchd2.exe =>.Hewlett-Packard Co
O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [lxdpmon.exe] . (.Pas de propriétaire – Printer Device Monitor.) — C:Program Files (x86) (x86)Lexmark Z2300 Serieslxdpmon.exe
O4 – HKLM..Wow6432NodeRun: [EzPrint] . (.Lexmark International Inc. – Lexmark Fast Pics Application.) — C:Program Files (x86) (x86)Lexmark Z2300 Seriesezprint.exe
O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-930800744-3864487761-3431598712-1000..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UsersLe Club des CinqAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
O4 – HKUSS-1-5-21-930800744-3864487761-3431598712-1000..Run: [51D0DB0D7F1E399C1BF2E0D385F1BAABCEC9DC2A._service_run] . (.Google Inc. – Google Chrome.) — C:UsersLe Club des CinqAppDataLocalGoogleChromeApplicationchrome.exe
O4 – HKUSS-1-5-21-930800744-3864487761-3431598712-1000..Run: [Facebook Update] C:UsersLe Club des CinqAppDataLocalFacebookUpdateFacebookUpdate.exe (.not file.)
O4 – HKUSS-1-5-21-930800744-3864487761-3431598712-1000..Run: [cacaoweb] . (…) — C:UsersLe Club des CinqAppDataRoamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPluginx64.dll,-102 [64Bits] – {25510184-5A38-4A99-B273-DCA8EEF6CD08} . (…) — C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckResourcesIconsHP.ico
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{FA0021B1-8D45-48FF-A4F7-F57BFB82619B}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{FA0021B1-8D45-48FF-A4F7-F57BFB82619B}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{FA0021B1-8D45-48FF-A4F7-F57BFB82619B}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
O18 – Filter: text/xml [64Bits] – {807553E5-5146-11D5-A672-00B0D022E945} . (…) —
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

—\ Tâches planifiées en automatique (O39)
[MD5.03253A3AFC6639366CD4F7C1EFEAF59D] [APT] [{3C57E803-845C-4FA9-AFA0-05105E53BC2A}] (…) — C:driversprinter2300Setup.exe [304048]
~ Scheduled Task: 33 Legitimates Filtered in 00mn 03s

—\ HKCU & HKLM Software Keys
[HKCUSoftwarecacaoweb] =>PUP.CacaoWeb
[HKLMSoftwarebEWm2wMR]
~ Key Software: 218 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 12/09/2012 – 14:42:43 – [31,287] —-D C:Program Files (x86)ET
O43 – CFD: 17/11/2013 – 15:41:49 – [0,449] —-D C:UsersLe Club des CinqAppDataRoamingcacaoweb =>PUP.CacaoWeb
~ 72 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 255 Legitimates Filtered in 00mn 18s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.80B57F43445226636DE1ACC36213FC11] – 14/11/2013 – 17:16:16


. (…) — C:UsbFix [Scan 1] PARELEMEUT.txt [9444]
O44 – LFC:[MD5.E6EE9009AFADE4CFBE4B112CA86D78B1] – 14/11/2013 – 18:42:05


. (…) — C:UsbFix [Clean 3] PARELEMEUT.txt [24843]
O44 – LFC:[MD5.B919A409237E607EAE23CABA286427C8] – 14/11/2013 – 18:46:57 —A- . (…) — C:UsbFix [Clean 4] PARELEMEUT.txt [26602]
~ Files: 102 Legitimates Filtered in 00mn 06s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.553554DD02D4BFF1562B23491BC05F51] – 19/11/2013 – 17:21:32 —A- – C:WindowsPrefetchLXCGCOMS.EXE-263EF515.pf
O45 – LFCP:[MD5.8CFB003E15887A6131EA37FA0B3700A7] – 19/11/2013 – 17:21:45 —A- – C:WindowsPrefetchLXCGMON.EXE-C73508C2.pf
O45 – LFCP:[MD5.120E58010E5DCE6C4F040C6680CBFE5D] – 19/11/2013 – 17:25:23 —A- – C:WindowsPrefetchINSTUP.EXE-DCA24DB4.pf
~ Prefetcher: 97 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableLUA”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 8 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] – 17/11/2013 – 15:32:54 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776]
~ Drivers: 19 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 16/11/2013 – 17:27:48 —A- . (…) — C:UsersLe Club des CinqAppDataLocalGoogleChromeUser DataProfile 1History [114688]
O61 – LFC: 16/11/2013 – 17:27:48 —A- . (…) — C:UsersLe Club des CinqAppDataLocalGoogleChromeUser DataProfile 1Web Data [90112]
O61 – LFC: 16/11/2013 – 17:27:52 —A- . (…) — C:UsersLe Club des CinqAppDataLocalGoogleChromeUser DataProfile 5History [114688]
O61 – LFC: 16/11/2013 – 17:27:52 —A- . (…) — C:UsersLe Club des CinqAppDataLocalGoogleChromeUser DataProfile 5Web Data [94208]
O61 – LFC: 16/11/2013 – 17:27:58 —A- . (…) — C:UsersLe Club des CinqAppDataRoamingMicrosoftModèlesNormal.dot [33280]
O61 – LFC: 16/11/2013 – 17:27:58 —A- . (…) — C:UsersLe Club des CinqAppDataRoamingcacaowebcacaoweb.crx [15838] =>PUP.CacaoWeb
O61 – LFC: 16/11/2013 – 17:27:58 —A- . (…) — C:UsersLe Club des CinqAppDataRoamingcacaowebcacaoweb.exe [454656] =>PUP.CacaoWeb
O61 – LFC: 16/11/2013 – 17:28:02 —A- . (…) — C:UsersLe Club des CinqAppDataRoamingZHPZHPDiag.txt [30686] =>.Nicolas Coolman
O61 – LFC: 16/11/2013 – 17:28:16 —A- . (…) — C:UsersLe Club des CinqDownloadsadwcleaner.exe [1085542]
O61 – LFC: 16/11/2013 – 17:28:17 —A- . (…) — C:UsersLe Club des CinqDownloadsConcert CLE DE FA 23 NOV 2013 (1).pdf [2294118]
O61 – LFC: 16/11/2013 – 17:28:17 —A- . (…) — C:UsersLe Club des CinqDownloadsConcert CLE DE FA 23 NOV 2013.pdf [2294118]
O61 – LFC: 16/11/2013 – 17:28:17 —A- . (…) — C:UsersLe Club des CinqDownloadscacaoweb.exe [454656] =>PUP.CacaoWeb
O61 – LFC: 17/11/2013 – 17:27:48 —A- . (…) — C:UsersLe Club des CinqAppDataLocalGoogleChromeUser DataProfile 1Preferences [44941]
O61 – LFC: 17/11/2013 – 17:27:52 —A- . (…) — C:UsersLe Club des CinqAppDataLocalGoogleChromeUser DataProfile 5Preferences [92093]
O61 – LFC: 17/11/2013 – 17:28:17 —A- . (…) — C:UsersLe Club des CinqDownloadscoloration c.wmv [7553175]
O61 – LFC: 17/11/2013 – 17:28:17 —A- . (…) — C:UsersLe Club des CinqDownloadsvlc-2.1.1-win32.exe [24489269]
O61 – LFC: 18/11/2013 – 17:27:44 —A- . (…) — C:UsersLe Club des CinqAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [263418]
O61 – LFC: 19/11/2013 – 17:27:48 —A- . (…) — C:UsersLe Club des CinqAppDataLocalGoogleChromeUser DataLocal State [48328]
O61 – LFC: 19/11/2013 – 17:27:58 —A- . (…) — C:UsersLe Club des CinqAppDataRoamingcacaowebnpdfile.dat [94] =>PUP.CacaoWeb
O61 – LFC: 19/11/2013 – 17:27:58 —A- . (…) — C:UsersLe Club des CinqAppDataRoamingcacaowebstorage.db [25] =>PUP.CacaoWeb
O61 – LFC: 19/11/2013 – 17:28:02 —A- . (…) — C:UsersLe Club des CinqAppDataRoamingZHPLog.txt [39139] =>.Nicolas Coolman
O61 – LFC: 19/11/2013 – 17:28:02 —A- . (…) — C:UsersLe Club des CinqAppDataRoamingZHPTestsZHPDiag.txt [3147] =>.Nicolas Coolman
~ 27 Fichiers temporaires (Temporary files)
~ Files: 530 Legitimates Filtered in 01mn 01s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net” onclick=”window.open(this.href);return false;.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:UsersLe Club des CinqAppDataLocalGoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {49B9CF05-F6C4-48F9-964E-EE48ED8F8F89} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {92909562-E94F-4C7A-8546-688D6696D309} – (Propositions de recherche Amazon.fr) – http://www.amazon.fr” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} – (eBay) – http://rover.ebay.com” onclick=”window.open(this.href);return false; =>Toolbar.eBay
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.177E24726F38D24B10532D7DDEE0DCC7] [SPRF][19/11/2013] (…) — C:UsersLe Club des CinqDesktopcacaoweb.exe [454656] =>PUP.CacaoWeb
~ Files: 2 Legitimates Filtered in 00mn 00s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “TCP Query User{9D8884E6-E99C-4C5A-A4E3-3D1F8B886137}C:usersle club des cinqappdataroamingcacaowebcacaoweb.exe” | In – Private – P6 – TRUE | .(…) — C:usersle club des cinqappdataroamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
O87 – FAEL: “UDP Query User{CFAD8856-E3FD-44A8-9D84-AB40B655FFE9}C:usersle club des cinqappdataroamingcacaowebcacaoweb.exe” | In – Private – P17 – TRUE | .(…) — C:usersle club des cinqappdataroamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
O87 – FAEL: “{48837DD2-5C86-4054-AF42-5D06F9CBA17D}” |In – Public – P6 – TRUE | .(…) — C:ProgramDataeSafeeGdpSvc.exe (.not file.) =>PUP.eSafeSecurity
O87 – FAEL: “{69446489-FDBF-4134-8AD4-1E40F599DFAF}” |In – None – P6 – TRUE | .(…) — C:Program Files (x86)WinZip Driver Updaterwinzipdu.exe (.not file.)
~ Firewall: 210 Legitimates Filtered in 00mn 01s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SS – | Demand 09/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
SR – | Auto 17/11/2013 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
SR – | Auto 16/08/2011 16384 | (CalendarSynchService) . (.Hewlett-Packard.) – C:Program Files (x86)Hewlett-PackardTouchSmartCalendarServiceGCalService.exe
SS – | Demand 29/03/2012 276248 | (cphs) . (.Intel Corporation.) – C:WindowsSysWow64IntelCpHeciSvc.exe
SR – | Auto 10/07/1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) – C:windowsSystem32ezSharedSvcHost.exe =>.EasyBits Software AS
SS – | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) – C:Program Files (x86)WildTangent GamesAppGamesAppService.exe
SS – | Auto 12/09/2012 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 12/09/2012 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 09/05/2011 136120 | (gusvc) . (.Google.) – C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
SR – | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe =>.Hewlett-Packard Co
SS – | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) – C:Program Files (x86)Hewlett-PackardSharedhpqWmiEx.exe
SR – | Auto 20/04/2012 277784 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
SR – | Auto 29/04/2007 566704 | (lxcg_device) . (…) – C:windowssystem32lxcgcoms.exe
SR – | Auto 26/01/2009 1153368 | (SBSDWSCService) . (.Safer Networking Ltd..) – C:Program Files (x86)Spybot – Search & DestroySDWinSec.exe
SS – | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 15s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Run by Le Club des Cinq at 19/11/2013 17:29:26
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Le Club des Cinq at 19/11/2013 17:29:28

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 12995 – (16/11/2013)
Clés trouvées (Keys found) : 8
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 3

[HKLMSoftwareGoogleChromeExtensionsleahdjjpjmnamomgpojikeapflgbmjab] =>PUP.CacaoWeb^
[HKLMSoftwareGoogleChromeExtensionslicjnkifamhpbaefhdpacpmihicfbomb] =>Adware.PricePeep^
[HKLMSoftwareGoogleChromeExtensionsndibdjnfmopecpmkdieinmbadjfpblof] =>Toolbar.AVGSearch^
[HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExtPreApproved{151867D5-7359-40AF-8764-66E58D06283C}] =>Toolbar.Agent
[HKCUSoftwarecacaoweb] =>PUP.CacaoWeb
[HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:cacaoweb =>PUP.CacaoWeb^
C:UsersLe Club des CinqAppDataLocalGoogleChromeUser DataDefaultExtensionsleahdjjpjmnamomgpojikeapflgbmjab =>PUP.CacaoWeb^
C:UsersLe Club des CinqAppDataLocalGoogleChromeUser DataDefaultExtensionslicjnkifamhpbaefhdpacpmihicfbomb =>Adware.PricePeep^
C:UsersLe Club des CinqAppDataLocalGoogleChromeUser DataDefaultExtensionsndibdjnfmopecpmkdieinmbadjfpblof =>Toolbar.AVGSearch^
C:UsersLe Club des CinqAppDataRoamingcacaoweb =>PUP.CacaoWeb^
C:UsersLe Club des CinqAppDataRoamingcacaowebcacaoweb.exe =>PUP.CacaoWeb^
C:UsersLe Club des CinqDesktopcacaoweb.exe =>PUP.CacaoWeb^
C:UsersLe Club des CinqDownloadscacaoweb.exe =>PUP.CacaoWeb
~ Additionnel Scan: 253185 Items scanned in 00mn 23s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb” onclick=”window.open(this.href);return false; =>PUP.CacaoWeb
~ http://nicolascoolman.webs.com/apps/blog/show/27588628-pup-esafesecurity” onclick=”window.open(this.href);return false; =>PUP.eSafeSecurity
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
~ MSI: 3 link(s) detected in 00mn 23s

~ 1910 Legitimates filtered by white list
End of the scan (449 lines in 03mn 51s)(0)