Répondre à : je suis infecté par RVZR-a.akamaihd.net2016-09-08T13:18:30+00:00
yuri4460
Participant
Nombre d'articles : 10

Voici le rapport:

~ Rapport de ZHPDiag v2013.11.17.37 – Nicolas Coolman (17/11/2013)
~ Lancé par loic (17/11/2013 15:59:35)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program

—\ Navigateurs Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 9.0.1
GCIE: Google Chrome v31.0.1650.57 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Ultimate Edition, 64-bit (Build 7600)
Windows Server License Manager Script : Absent (Not found)
Windows ID Activation : Inconnue (Unknown)
Windows Licence : Inconnue (Unknown)
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

—\ Logiciels d’optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1 – Français
Java 7 Update 21

—\ Informations sur le système
~ Processor: AMD64 Family 16 Model 5 Stepping 3, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046 MB (30% free)
System Restore: Activé (Enable)
System drive C: has 389 GB (65%) free of 596 GB

—\ Mode de connexion au système
~ Computer Name: LOIC-PC
~ User Name: loic
~ All Users Names: UpdatusUser, loic, HomeGroupUser$, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UsersloicAppDataRoamingZHP
~ %AppData% : C:UsersloicAppDataRoaming
~ %Desktop% : C:UsersloicDesktop
~ %Favorites% : C:UsersloicFavorites
~ %LocalAppData% : C:UsersloicAppDataLocal
~ %StartMenu% : C:UsersloicAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 389 Go of 596 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.9AAAEC8DAC27AA17B053E6352AD233AE] – (.Microsoft Corporation – Explorateur Windows.) (.31/10/2009 – 07:34:59.) — C:WindowsExplorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.A4F6142CABA82FB7293ECE5FF864B440] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.22/02/2013 – 07:20:51.) — C:WindowsSystem32wininet.dll [1392128]
[MD5.DA3E2A6FA9660CC75B471530CE88453A] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.28/10/2009 – 07:24:40.) — C:WindowsSystem32Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] – (.Microsoft Corporation – Bibliothèque de licences.) (.14/07/2009 – 02:41:54.) — C:WindowsSystem32sppcomapi.dll [231936]
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/12/2011 – 04:59:11.) — C:Windowssystem32DriversAFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.14/07/2009 – 00:19:54.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.27/04/2011 – 03:57:40.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.14/07/2009 – 01:06:13.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.4/05/2011 – 03:51:08.) — C:Windowssystem32DriversMRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] – (.Microsoft Corporation – MBT Transport driver.) (.14/07/2009 – 00:21:29.) — C:Windowssystem32DriversnetBT.sys [259072]
[MD5.9A6089B056EA1B83B36424FC9D0A300E] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:36:37.) — C:Windowssystem32Driversntfs.sys [1653096]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/07/2009 – 01:10:12.) — C:Windowssystem32DriversRasl2tp.sys [130048]
[MD5.9706B84DBABFC4B4CA46C5A82B14DFA3] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.14/07/2009 – 01:18:02.) — C:Windowssystem32Driversrdpdr.sys [165376]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] – (.Microsoft Corporation – TDI Translation Driver.) (.14/07/2009 – 00:21:15.) — C:Windowssystem32Driverstdx.sys [99840]
[MD5.9E425AC5C9A5A973273D169F43B4F5E1] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.6/09/2012 – 18:38:18.) — C:Windowssystem32Driversvolsnap.sys [295792]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/2702
~ Mes musiques (My Musics) : 1/10
Mes Videos (My Videos) : 2/2 (Modified)
~ Mes Favoris (My Favorites) : 1/112
~ Mes Documents (My Documents) : 3/1262
~ Mon Bureau (My Desktop) : 3/7243
~ Menu demarrer (Programs) : 1/56
~ Hidden Files: Scanned in 00mn 03s

—\ Processus lancés
[MD5.FCEF5DC1794CB2C4B305F780D4F7797B] – (.DT Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe [3514176] [PID.2496]
[MD5.D213F06AE294341F3503FD74E22E7DDA] – (.Microsoft Corporation – Microsoft SkyDrive.) — C:UsersloicAppDataLocalMicrosoftSkyDriveSkyDrive.exe [257136] [PID.2536]
[MD5.00AB2B491C7037BB219BEB26FAD34C72] – (.CANON INC. – Canon Solution Menu EX.) — C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.exe [1612920] [PID.2368]
[MD5.8334E5088E74401490001EF65E07CAC5] – (.CANON INC. – Canon Solution Menu EX Updater.) — C:Program Files (x86)CanonSolution Menu EXCNSEUPDT.exe [593032] [PID.3372]
[MD5.636D97B3BAF854511FF3F4093E895FED] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [863184] [PID.4364]
[MD5.824512C3EAE3462388B8861986907E28] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8227328] [PID.2812]
[MD5.5A19667A580B1CE886EAF968B9743F45] – (.NVIDIA Corporation – Stereo Vision Control Panel API Server.) — C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [383264] [PID.760]
[MD5.ACC9C8C560C567FAD6F79C977AB2EA09] – (.B.H.A Corporation – B’s Recorder GOLD Service Library.) — C:WindowsSysWOW64bgsvcgen.exe [145504] [PID.1568]
[MD5.CE1EE31FFF730CA975A5535D8A71AF61] – (.Pas de propriétaire – Inkjet Printer/Scanner/Fax Extended Survey.) — C:Program Files (x86)CanonIJPLMIJPLMSVC.exe [138192] [PID.1768]
[MD5.817D2C3EB4A215DE95B4BCFB8D6281FA] – (.iAnywhere Solutions, Inc. – Advantage Database Server.) — C:Program Files (x86)Advantage 9.10ServerADS.exe [2932736] [PID.2084]
[MD5.4789E020D2617046862D1790FC235FF6] – (.NVIDIA Corporation – NVIDIA Settings Update Manager.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe [1260320] [PID.3548]
~ Processes Running: Scanned in 00mn 00s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersloicAppDataLocalGoogleChromeUser DataDefaultPreferences
G2 – GCE: Preference [User DataDefault] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [ihklobncbkangkiiamccfgnlihbmjhlh] Cycling the Alps v.4.9.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [ipompnhhmomcadebeinnkibgehdpmfhh] Normandie – Arromanches one v.2.0 (Activé)
~ Google Browser: 17 Legitimates Filtered in 00mn 12s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:UsersloicAppDataRoamingMozillaFirefoxProfiles8qbihj4x.defaultprefs.js
P2 – FPN: [HKLM] [@microsoft.com/VirtualEarth3D,version=4.0] – (…) — (.not file.)
~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: BOB 50 System.lnk . (…) — C:bobschool50BOBSystem.exe
O4 – GSDesktop [Public]: BOB 50.lnk . (.Sage S.A. – BOB 50 Application executable file.) — C:bobschool50BOB.exe
O4 – GSDesktop [Public]: DRIV3R.lnk . (…) — C:Program Files (x86)AtariDRIV3RDriv3r.exe
O4 – GSDesktop [Public]: LaCie Desktop Manager.lnk . (.LaCie – LaCie Desktop Manager.) — C:Program FilesLaCieDesktop ManagerLaCieDesktopManager.exe
O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O4 – GSQuickLaunch [loic]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [loic]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSTaskBar [loic]: F1 2012.lnk . (.Codemasters – F1 2012 Executable.) — C:Program Files (x86)F1 2012f1_2012.exe
O4 – GSTaskBar [loic]: Farming Simulator 2013 .lnk . (.GIANTS Software GmbH – GIANTS Launcher.) — C:Program Files (x86)Farming Simulator 2013FarmingSimulator2013.exe
O4 – GSTaskBar [loic]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSProgram [loic]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSProgram [loic]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSSystemTools [loic]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSSendTo [loic]: Documents sur HD2 T8585 de loic.LNK – Clé orpheline
O4 – GSDesktop [loic]: GRID.lnk – Clé orpheline
O4 – GSDesktop [loic]: Lancer Test Drive Unlimited.lnk . (.Eden Games – Test Drive Unlimited.) — C:Program Files (x86)AtariTest Drive UnlimitedTestDriveUnlimited.exe
~ Global Startup: 76 Legitimates Filtered in 00mn 02s

—\ Applications lancées au démarrage du sytème (O4)
O4 – HKLM..Run: [EvtMgr6] . (.Logitech, Inc. – Logitech SetPoint Event Manager (UNICODE).) — C:Program FilesLogitechSetPointPSetPoint.exe
O4 – HKLM..Run: [CanonMyPrinter] . (.CANON INC. – Canon My Printer.) — C:Program FilesCanonMyPrinterBJMyPrt.exe
O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKCU..Run: [DAEMON Tools Lite] . (.DT Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
O4 – HKCU..Run: [SkyDrive] . (.Microsoft Corporation – Microsoft SkyDrive.) — C:UsersloicAppDataLocalMicrosoftSkyDriveSkyDrive.exe =>.Microsoft Corporation
O4 – HKLM..Wow6432NodeRun: [CanonSolutionMenuEx] . (.CANON INC. – Canon Solution Menu EX.) — C:Program Files (x86)CanonSolution Menu EXCNSEMAIN.exe
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-2451616973-4043583944-2096761945-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-2451616973-4043583944-2096761945-1000..Run: [DAEMON Tools Lite] . (.DT Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
O4 – HKUSS-1-5-21-2451616973-4043583944-2096761945-1000..Run: [SkyDrive] . (.Microsoft Corporation – Microsoft SkyDrive.) — C:UsersloicAppDataLocalMicrosoftSkyDriveSkyDrive.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{78875025-4AE8-4E4F-A4D7-25B8C2FB5E32}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpip..{78875025-4AE8-4E4F-A4D7-25B8C2FB5E32}: DhcpDomain = lan
O17 – HKLMSystemCS1ServicesTcpip..{78875025-4AE8-4E4F-A4D7-25B8C2FB5E32}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{78875025-4AE8-4E4F-A4D7-25B8C2FB5E32}: DhcpDomain = lan
O17 – HKLMSystemCS2ServicesTcpip..{78875025-4AE8-4E4F-A4D7-25B8C2FB5E32}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{78875025-4AE8-4E4F-A4D7-25B8C2FB5E32}: DhcpDomain = lan
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlmailhtml [64Bits] – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (…) —
O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: LBTWlgn . (.Logitech, Inc. – Logitech Bluetooth Service.) — c:program filescommon fileslogishrdbluetoothLBTWlgn.dll
~ Winlogon: Scanned in 00mn 00s

—\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 – SSODL: EldosMountNotificator – {5FF49FE8-B332-4CB9-B102-FB6951629E55} . (.EldoS Corporation – CbFs Mount Notifier.) — C:Windowssystem32CbFsMntNtf3.dll
~ SSODL: 2 Legitimates Filtered in 00mn 00s

—\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 – SharedTaskScheduler: (no name) [64Bits] – {5FF49FE8-B332-4CB9-B102-FB6951629E55} . (.EldoS Corporation – CbFs Mount Notifier.) — C:WindowsSysWOW64CbFsMntNtf3.dll
~ STS/SSO: Scanned in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: Advantage Database Server (Advantage) . (.iAnywhere Solutions, Inc. – Advantage Database Server.) – C:Program Files (x86)Advantage 9.10ServerADS.exe
O23 – Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation – Stereo Vision Control Panel API Server.) – C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe
~ Services: 11 Legitimates Filtered in 00mn 04s

—\ Tâches planifiées en automatique (O39)
O39 – APT:Automatic Planified Task – C:WindowsTasksSK.Enhancer-S-747939423.job [454]
[MD5.00000000000000000000000000000000] [APT] [Run RoboForm TaskBar Icon] (…) — C:Program Files (x86)Siber SystemsAI RoboFormRoboTaskBarIcon.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [SK.Enhancer-S-747939423] (…) — c:programdatawintersoftsk.enhancerSK.Enhancer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{476151BC-D166-4A55-AF81-8A62C6DF77A2}] (…) — F:cmr4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6E5764AF-5888-46D6-BCF5-C459655C92CB}] (…) — C:UsersloicDownloadsCiel Devis Factures 3.00 FRCrack.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8217D337-E53B-4287-9513-D3BBD01D178C}] (…) — C:Program Files (x86)SOFTON~1UNWISE.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{86ED178A-EE8A-4ADA-A0A7-27D793478724}] (…) — C:Program Files (x86)ColinMcrae 4cmr4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F1FF0ED7-C9FD-4BF8-A384-4468D64B0259}] (…) — D:autorun.exe (.not file.) [0]
~ Scheduled Task: 22 Legitimates Filtered in 00mn 03s

—\ Logiciels installés (O42)
O42 – Logiciel: DRIV3R – (…) [HKLM][64Bits] — {01DBF423-E27B-45DA-B7F3-F9D4DB39B1C9}
O42 – Logiciel: WinBooks – (.WinBooks.) [HKLM][64Bits] — WinBooks
~ Logic: 98 Legitimates Filtered in 00mn 00s

—\ HKCU & HKLM Software Keys
[HKCUSoftwareAdvantage 9.10 Links]
[HKCUSoftwareCABviaActiveSync]
[HKCUSoftwareTimeGate Studios]
[HKCUSoftwareTreo]
[HKLMSoftwareWow6432NodeSK.Enhancer]
~ Key Software: 243 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 5/11/2013 – 19:27:58 – [14,317] —-D C:Program Files (x86)Advantage 9.10
O43 – CFD: 4/03/2011 – 18:21:45 – [0,161] —-D C:Program Files (x86)CABviaActiveSync
O43 – CFD: 17/11/2013 – 13:19:41 – [0,396] —-D C:Program Files (x86)seUrf aand keoeP
O43 – CFD: 9/11/2013 – 16:20:59 – [1,316] —-D C:Program Files (x86)Sk.Enhancer
O43 – CFD: 17/11/2013 – 13:19:41 – [0,396] —-D C:Program Files (x86)YoutubeAdblocker =>PUP.Multiplug
O43 – CFD: 9/11/2013 – 16:20:55 – [0,075] —-D C:ProgramData71277372ea384179
O43 – CFD: 10/11/2013 – 17:00:45 – [7,335] —-D C:ProgramDataInstallMate =>PUP.Tarma
O43 – CFD: 17/11/2013 – 13:19:41 – [0,004] —-D C:ProgramDataseUrf aand keoeP =>Adware.SurfAndKeep
O43 – CFD: 17/11/2013 – 13:19:41 – [0,004] —-D C:ProgramDataYoutubeAdblocker =>PUP.Multiplug
O43 – CFD: 5/01/2011 – 15:14:12 – [0] —-D C:UsersloicAppDataRoamingFS2009 Fruit-importer
O43 – CFD: 10/09/2010 – 08:54:25 – [0,435] —-D C:UsersloicAppDataLocalGIANTS Editor 4.1.2
O43 – CFD: 29/06/2011 – 19:29:25 – [0,047] —-D C:UsersloicAppDataLocalGIANTS Editor 4.1.7
O43 – CFD: 26/09/2013 – 19:19:48 – [0,001] —-D C:UsersloicAppDataRoamingMicrosoftWindowsStart MenuProgramsWinBooks
~ 509 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 782 Legitimates Filtered in 00mn 26s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.FD6266E74F6E016A94001B60B79AB77E] – 11/11/2013 – 18:36:29 –HA- . (…) — C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [13120]
O44 – LFC:[MD5.FD6266E74F6E016A94001B60B79AB77E] – 11/11/2013 – 18:36:29 –HA- . (…) — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [13120]
O44 – LFC:[MD5.FD6266E74F6E016A94001B60B79AB77E] – 11/11/2013 – 18:36:30 –HA- . (…) — C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [13120]
O44 – LFC:[MD5.FD6266E74F6E016A94001B60B79AB77E] – 11/11/2013 – 18:36:30 –HA- . (…) — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [13120]
O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 16/11/2013 – 23:12:58 —A- . (…) — C:autoexec.bat [0]
O44 – LFC:[MD5.EA0C689992D69E24ED9CB63D0B153ED2] – 5/11/2013 – 19:31:44 —A- . (…) — C:ADS_ERR.adm [2048]
O44 – LFC:[MD5.8CD2F2121A3787FCB1EA17F40ABC08C5] – 5/11/2013 – 19:32:26 —A- . (…) — C:ADS_ERR.ADI [3072]
O44 – LFC:[MD5.B75F81BA7FFBC280F131367039DECBF6] – 5/11/2013 – 19:32:26 —A- . (…) — C:ADS_ERR.ADT [21448]
O44 – LFC:[MD5.424C124AF0F860E1CE3F1D1E2FA9E294] – 7/11/2013 – 22:33:28 —A- . (…) — C:WindowsDirectX.log [497892]
~ Files: 37 Legitimates Filtered in 00mn 03s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.D55F24C0EB3D26B8AD9E96AF6E358333] – 12/11/2013 – 09:21:09 —A- – C:WindowsPrefetchBULK_HANDLING_KIT.EXE-B0E831D4.pf
O45 – LFCP:[MD5.7C765F2B56DA3A99F8A436135DC608E0] – 16/11/2013 – 21:46:45 —A- – C:WindowsPrefetchAUTORUN.EXE-29C0BC07.pf
O45 – LFCP:[MD5.A9AFFBA6A6BB46093C3B84A212B45B6C] – 16/11/2013 – 22:05:06 —A- – C:WindowsPrefetchF1_2012.EXE-9D27D44C.pf
O45 – LFCP:[MD5.E88C46FBAFE905D2D62BE0B86CF9F11A] – 17/11/2013 – 12:21:33 —A- – C:WindowsPrefetchMPNEX50.EXE-505B1249.pf
O45 – LFCP:[MD5.5F48B7E58E5D0FAF05DA9B3DE34FB717] – 17/11/2013 – 13:00:26 —A- – C:WindowsPrefetchCNMSEAR.EXE-B15D5322.pf
O45 – LFCP:[MD5.0817422634DC3FB4140DFCA806DC73FF] – 27/10/2013 – 17:00:49 —A- – C:WindowsPrefetchSETPOINT.EXE-3D9C2601.pf
O45 – LFCP:[MD5.0B0CF7A34C49AF1EC971B4390BEF4F29] – 27/10/2013 – 18:14:33 —A- – C:WindowsPrefetchPES2012.EXE-DB4611C9.pf
O45 – LFCP:[MD5.E659035C9C512391A5BA6E9060333535] – 30/10/2013 – 10:48:30 —A- – C:WindowsPrefetchAGCO_DT240.EXE-968AD83A.pf
O45 – LFCP:[MD5.A0BBE4D73AA778585076F1FDA6B2848F] – 30/10/2013 – 10:52:53 —A- – C:WindowsPrefetchRENAULT95_14TX_V3.EXE-E187950C.pf
~ Prefetcher: 141 Legitimates Filtered in 00mn 00s

—\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 – MPSK:{62758675-2f59-11e2-a00b-00c0df08e524}AutoRuncommand. (…) — F:Startme.exe (.not file.)
O51 – MPSK:{85c004ef-698a-11e0-851b-806e6f6e6963}AutoRuncommand. (…) — E:LaunchU3.exe (.not file.)
O51 – MPSK:{86dd653f-dc54-11df-a9a1-485b398c87d5}AutoRuncommand. (…) — F:setup_.exe (.not file.)
~ Keys: Scanned in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.03B7145C889603537E9FFEABB1AD1089] – 29/03/2005 – 00:30:38 —A- . (.Pas de propriétaire – ATK0110 ACPI Utility.) — C:WindowsSystem32DriversASACPI.sys [8192]
~ Drivers: 16 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 16/11/2013 – 16:00:52 —A- . (…) — C:UsersloicDocumentsKONAMIPro Evolution Soccer 2012addftm.dat [4192]
O61 – LFC: 16/11/2013 – 16:00:52 —A- . (…) — C:UsersloicDocumentsKONAMIPro Evolution Soccer 2012addfts.dat [536]
O61 – LFC: 16/11/2013 – 16:00:52 —A- . (…) — C:UsersloicDocumentsKONAMIPro Evolution Soccer 2012aduser.var [760]
O61 – LFC: 16/11/2013 – 16:00:52 —A- . (…) — C:UsersloicDocumentsKONAMIPro Evolution Soccer 2012saveCL01.bin [5243688]
O61 – LFC: 16/11/2013 – 16:00:52 —A- . (…) — C:UsersloicDocumentsKONAMIPro Evolution Soccer 2012saveOPTION.bin [263096]
O61 – LFC: 16/11/2013 – 16:00:53 —A- . (…) — C:UsersloicDownloadsJD8410.zip [16753127]
O61 – LFC: 16/11/2013 – 16:00:53 —A- . (…) — C:UsersloicDownloadsMarchand_Loic_HELHA_CV.pdf [65470]
O61 – LFC: 17/11/2013 – 16:00:40 —A- . (…) — C:UsersloicAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [263442]
O61 – LFC: 17/11/2013 – 16:00:44 —A- . (…) — C:UsersloicAppDataLocalGoogleChromeUser DataLocal State [48419]
O61 – LFC: 17/11/2013 – 16:00:51 —A- . (…) — C:UsersloicAppDataRoamingZHPLog.txt [79461] =>.Nicolas Coolman
O61 – LFC: 17/11/2013 – 16:00:51 —A- . (…) — C:UsersloicAppDataRoamingZHPTestsZHPDiag.txt [2817] =>.Nicolas Coolman
O61 – LFC: 17/11/2013 – 16:00:51 —A- . (…) — C:UsersloicAppDataRoamingZHPZHPADSReport.txt [351] =>.Nicolas Coolman
O61 – LFC: 17/11/2013 – 16:00:51 —A- . (…) — C:UsersloicAppDataRoamingZHPZHPDiag.txt [34619] =>.Nicolas Coolman
~ 27 Fichiers temporaires (Temporary files)
~ Files: 251 Legitimates Filtered in 00mn 13s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Liste les services legacy du registre (LALS) (O64)
~ Legacy: 132 Legitimates Filtered in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (…) — C:Program Files (x86)OperaOpera.exe (.not file.)
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.55CA5C77EB0B76D393BB5916DA8779C3] [SPRF][14/04/2013] (…) — C:UsersloicAppDataLocalfusioncache.dat [92]
[MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] [SPRF][22/06/2012] (…) — C:UsersloicAppDataLocalTempESGScanner.sys [22704]
[MD5.B82994CB256839F3F404CAFB29060EC6] [SPRF][2/06/2013] (…) — C:UsersloicAppDataLocalTempFastDownload.exe [86528]
[MD5.378189889438568FEF3D98588283B3A5] [SPRF][11/11/2013] (…) — C:UsersloicAppDataLocalTempQuarantine.exe [350377]
[MD5.883DFC791AAF1298FCFC2BCF5471BBFC] [SPRF][16/11/2013] (…) — C:UsersloicAppDataLocalTempSHSetup.exe [46777424] =>Crapware.SpyHunter
~ Files: 9 Legitimates Filtered in 00mn 06s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “TCP Query User{DBCD0001-D525-46EC-9B42-BF315D6A5FC9}C:program files (x86)ataritest drive unlimitedtestdriveunlimited.exe” | In – Private – P6 – TRUE | .(.Eden Games.) — C:program files (x86)ataritest drive unlimitedtestdriveunlimited.exe
O87 – FAEL: “UDP Query User{E750432D-D302-421A-AF04-0981719F36B1}C:program files (x86)ataritest drive unlimitedtestdriveunlimited.exe” | In – Private – P17 – TRUE | .(.Eden Games.) — C:program files (x86)ataritest drive unlimitedtestdriveunlimited.exe
~ Firewall: 289 Legitimates Filtered in 00mn 01s

—\ Enumère les codes produits des logiciels (PUC) (O90)
O90 – PUC: “F7315ED0B185C844FA074989FE63E443” . (.Advantage Database Server for Windows v9.10.) — C:WindowsInstaller{0DE5137F-581B-448C-AF70-9498EF364E34}ARPPRODUCTICON.exe
~ Update Products: 94 Legitimates Filtered in 00mn 00s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.4B642F3ADC270C197C61E306705EBD89] [WIS][14/11/2008] (.iAnywhere, Inc. – Advantage Database Server for Windows v9.10.) — C:WindowsInstaller7c1376.msi [3178496]
~ WIS: 98 Legitimates Filtered in 00mn 11s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 9/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
SR – | Auto 14/11/2008 2932736 | (Advantage) . (.iAnywhere Solutions, Inc..) – C:Program Files (x86)Advantage 9.10ServerADS.exe
SS – | Demand 10/07/1658 0 | (aspnet_state) . (…) – C:WindowsMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe
SR – | Auto 15/06/2007 145504 | (bgsvcgen) . (.B.H.A Corporation.) – C:WindowsSysWOW64bgsvcgen.exe
SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SR – | Auto 18/12/2007 163840 | (EPSON_EB_RPCV4_01) . (.SEIKO EPSON CORPORATION.) – C:ProgramDataEPSONEPW!3 SSRPE_S40STB.exe
SR – | Auto 12/01/2007 126464 | (EPSON_PM_RPCV4_01) . (.SEIKO EPSON CORPORATION.) – C:ProgramDataEPSONEPW!3 SSRPE_S40RPB.exe
SS – | Auto 7/01/2012 136176 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 7/01/2012 136176 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 4/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) – C:Program Files (x86)Common FilesInstallShieldDriver11Intel 32IDriverT.exe
SR – | Auto 7/02/2011 138192 | (IJPLMSVC) . (…) – C:Program Files (x86)CanonIJPLMIJPLMSVC.exe
SR – | Auto 29/07/2011 1227264 | (LaCieDesktopManagerService) . (…) – C:Program FilesLaCieDesktop Managerlacie_dm_service.exe
SS – | Demand 27/09/2011 359192 | (LBTServ) . (.Logitech, Inc..) – C:Program FilesCommon FilesLogiShrdBluetoothlbtserv.exe
SS – | Demand 29/06/2007 800040 | (NBService) . (.Nero AG.) – C:Program Files (x86)NeroNero 7Nero BackItUpNBService.exe
SS – | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) – C:Program Files (x86)Common FilesAheadLibNMIndexingService.exe
SR – | Auto 18/01/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
SR – | Auto 25/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe
SS – | Demand 4/02/2013 155824 | (Sony PC Companion) . (.Avanquest Software.) – C:Program Files (x86)SonySony PC CompanionPCCService.exe
SR – | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 14s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Run by loic at 17/11/2013 16:01:40
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by loic at 17/11/2013 16:01:42

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 12996 – (17/11/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 1

C:Program Files (x86)YoutubeAdblocker =>PUP.Multiplug^
C:ProgramDataInstallMate =>PUP.Tarma^
C:ProgramDataseUrf aand keoeP =>Adware.SurfAndKeep^
C:ProgramDataYoutubeAdblocker =>PUP.Multiplug^
C:UsersloicAppDataLocalTempSHSetup.exe =>Crapware.SpyHunter^
~ Additionnel Scan: 380594 Items scanned in 00mn 19s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/35582793-adware-surfandkeep” onclick=”window.open(this.href);return false; =>Adware.SurfAndKeep
~ http://nicolascoolman.webs.com/apps/blog/show/26609241-crapware-spyhunter” onclick=”window.open(this.href);return false; =>Crapware.SpyHunter
~ MSI: 3 link(s) detected in 00mn 19s

~ 2281 Legitimates filtered by white list
End of the scan (511 lines in 02mn 26s)(0)