mymy
Nombre d'articles : 0

Malwarebytes Anti-Malware (Essai) 1.75.0.1300
http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

Version de la base de données: v2013.11.19.10

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16736
emilie :: EMILIE [administrateur]

Protection: Activé

19-11-13 20:26:25
mbam-log-2013-11-19 (20-26-25).txt

Voilà les 3 rapports :) par contre ma clé usb est toujours infectée :s

Type d’examen: Examen rapide
Options d’examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d’examen désactivées: P2P
Elément(s) analysé(s): 204604
Temps écoulé: 4 minute(s), 58 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)

# AdwCleaner v3.012 – Rapport créé le 19/11/2013 à 20:34:17
# Mis à jour le 11/11/2013 par Xplode
# Système d’exploitation : Windows 8 (64 bits)
# Nom d’utilisateur : emilie – EMILIE
# Exécuté depuis : C:UsersemilieDesktopadwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:UsersemilieAppDataLocalBundled software uninstaller
Dossier Supprimé : C:UsersemilieAppDataLocalIlivid
Fichier Supprimé : C:UsersemilieAppDataRoamingMicrosoftWindowsStart MenuProgramsiLivid.lnk

***** [ Raccourcis ] *****

***** [ Registre ] *****

Clé Supprimée : HKLMSOFTWAREClassesInterface{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Clé Supprimée : HKCUSoftwareBI
Clé Supprimée : HKCUSoftwareilivid
Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallilivid

***** [ Navigateurs ] *****

-\ Internet Explorer v10.0.9200.16537

-\ Google Chrome v31.0.1650.57

[ Fichier : C:UsersemilieAppDataLocalGoogleChromeUser DataDefaultpreferences ]

*************************

AdwCleaner[R0].txt – [1323 octets] – [19/11/2013 20:33:02]
AdwCleaner[S0].txt – [1173 octets] – [19/11/2013 20:34:17]

########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [1233 octets] ##########

~ Rapport de ZHPDiag v2013.11.19.41 – Nicolas Coolman (19-11-13)
~ Lancé par emilie (19-11-13 20:46:36)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16736 (Defaut)
GCIE: Google Chrome v31.0.1650.57

—\ Informations sur les produits Windows
~ Langage: Français
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : BPWYG
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
avast! Free Antivirus v8.0.1489.0
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8

—\ Logiciels d’optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Reader XI MUI
Java 7 Update 9
Java 7 Update 9

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6091 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 625 GB (93%) free of 669 GB

—\ Mode de connexion au système
~ Computer Name: EMILIE
~ User Name: emilie
~ All Users Names: HomeGroupUser$, emilie, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UsersemilieAppDataRoamingZHP
~ %AppData% : C:UsersemilieAppDataRoaming
~ %Desktop% : C:UsersemilieDesktop
~ %Favorites% : C:UsersemilieFavorites
~ %LocalAppData% : C:UsersemilieAppDataLocal
~ %StartMenu% : C:UsersemilieAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 625 Go of 669 Go)
D: CD-ROM drive (Not Inserted)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] – (.Microsoft Corporation – Explorateur Windows.) (.01-06-13 – 12:34:21.) — C:WindowsExplorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] – (.Microsoft Corporation – Application de démarrage de Windows.) (.26-07-12 – 04:08:50.) — C:WindowsSystem32Wininit.exe [132608]
[MD5.9706C99DAEBE3FEAC811B239617E98C4] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.12-10-13 – 09:45:20.) — C:WindowsSystem32wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.11-10-12 – 06:46:58.) — C:WindowsSystem32Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] – (.Microsoft Corporation – Bibliothèque de licences.) (.26-07-12 – 04:07:20.) — C:WindowsSystem32sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] – (.Microsoft Corporation – Pilote de fonction connexe pour WinSock.) (.04-09-13 – 04:11:23.) — C:Windowssystem32DriversAFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.26-07-12 – 06:00:48.) — C:Windowssystem32Driversatapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] – (.Microsoft Corporation – CD-ROM File System Driver.) (.26-07-12 – 03:30:10.) — C:Windowssystem32DriversCdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.26-07-12 – 03:26:36.) — C:Windowssystem32DriversCdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.26-07-12 – 03:26:53.) — C:Windowssystem32DriversDfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20-10-12 – 01:32:50.) — C:Windowssystem32DriversHDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] – (.Microsoft Corporation – Pilote de port i8042.) (.26-07-12 – 03:28:51.) — C:Windowssystem32Driversi8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] – (.Microsoft Corporation – IP Network Address Translator.) (.26-07-12 – 03:23:01.) — C:Windowssystem32DriversIpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] – (.Microsoft Corporation – Minirdr SMB Windows NT.) (.05-02-13 – 23:29:09.) — C:Windowssystem32DriversMRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] – (.Microsoft Corporation – MBT Transport driver.) (.26-07-12 – 03:24:28.) — C:Windowssystem32DriversnetBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.02-02-13 – 11:54:54.) — C:Windowssystem32Driversntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] – (.Microsoft Corporation – Pilote de port parallèle.) (.26-07-12 – 03:29:53.) — C:Windowssystem32DriversParport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.26-07-12 – 03:23:17.) — C:Windowssystem32DriversRasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] – (.Microsoft Corporation – Redirecteur de périphérique de Microsoft RDP.) (.26-07-12 – 03:25:18.) — C:Windowssystem32Driversrdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] – (.Microsoft Corporation – TDI Translation Driver.) (.26-07-12 – 06:26:47.) — C:Windowssystem32Driverstdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.01-06-13 – 12:26:33.) — C:Windowssystem32Driversvolsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/6
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 1/7
~ Mon Bureau (My Desktop) : 6/38
~ Menu demarrer (Programs) : 1/20
~ Hidden Files: Scanned in 00mn 00s

—\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes’ Anti-Malwarembamgui.exe [532040] [PID.2376]
[MD5.2E2F360FF158A67F8128EFAAF974189C] – (.Sony Corporation – ISB Utility.) — C:Program Files (x86)SonyISB UtilityISBMgr.exe [68776] [PID.3340]
[MD5.717CECF8A6F55295A2A8B9ED4C64D800] – (.Sony Corporation – Media Check Tool.) — C:Program Files (x86)SonyPlayMemories HomePMBVolumeWatcher.exe [724576] [PID.4668]
[MD5.FE821F6FA60E9DF9FDEE69A23488BBAB] – (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [926896] [PID.4900]
[MD5.49CD8D25D932C5BF867EBFF00D432B75] – (.Intel Corporation – Intel Services Manager.) — C:Program Files (x86)IntelIntelAppStorebinismagent.exe [156000] [PID.4332]
[MD5.3F11B20D12D89365D7721BDC860CE5F0] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [4858968] [PID.4340]
[MD5.672E1B3140D78F01E5563C32A72E3ED3] – (.Pas de propriétaire – VaioCare Window Listener Application.) — C:Program FilesSonyVAIO Carelistener.exe [62464] [PID.5240]
[MD5.E4F6125ED5185F8FA37CC4F449B85526] – (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet ExplorerIEXPLORE.exe [770608] [PID.2036]
[MD5.5B201C6E792E3CBAA7AE8CAA680BA28F] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8259072] [PID.1188]
~ Processes Running: Scanned in 00mn 00s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersemilieAppDataLocalGoogleChromeUser DataDefaultPreferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSProgram [Public]: Desktop.lnk – Clé orpheline
O4 – GSProgram [Public]: Xperia Link.lnk . (.Sony Corporation – Xperia Link.) — C:Program Files (x86)SonyXperia LinkXperia Link.exe
O4 – GSQuickLaunch [emilie]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [emilie]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSTaskBar [emilie]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSProgram [emilie]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSDesktop [emilie]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
O4 – GSDesktop [emilie]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
~ Global Startup: 46 Legitimates Filtered in 00mn 01s

—\ Applications lancées au démarrage du sytème (O4)
O4 – HKLM..Run: [RtHDVBg] . (.Realtek Semiconductor – HD Audio Background Process.) — C:Program FilesRealtekAudioHDARAVBg64.exe
O4 – HKLM..Run: [BtTray] . (.Qualcomm Atheros – BtTray.) — C:Program Files (x86)Bluetooth SuiteBtTray.exe
O4 – HKLM..Run: [BtvStack] . (.Qualcomm Atheros Commnucations – Extension Core.) — C:Program Files (x86)Bluetooth SuiteBtvStack.exe
O4 – HKCU..Run: [EPSON SX100 Series] . (.SEIKO EPSON CORPORATION – EPSON Status Monitor 3.) — C:Windowssystem32spoolDRIVERSx643E_IATIEDE.exe =>.Epson Seiko Corporation
O4 – HKCU..Run: [EPSON Stylus SX100] . (.SEIKO EPSON CORPORATION – EPSON Status Monitor 3.) — C:Windowssystem32spoolDRIVERSx643E_IATIEDE.exe =>.Epson Seiko Corporation
O4 – HKCU..Run: [iLivid] C:UsersemilieAppDataLocaliLividiLivid.exe (.not file.) =>Adware.Bandoo
O4 – HKCU..Run: [WxEduNKr] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
O4 – HKLM..Wow6432NodeRun: [ISBMgr.exe] . (.Sony Corporation – ISB Utility.) — C:Program Files (x86)SonyISB UtilityISBMgr.exe
O4 – HKLM..Wow6432NodeRun: [PMBVolumeWatcher] . (.Sony Corporation – Media Check Tool.) — C:Program Files (x86)SonyPlayMemories HomePMBVolumeWatcher.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — c:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [Intel AppUp(R) center] . (.Intel Corporation – Intel Services Manager.) — C:Program Files (x86)IntelIntelAppStorebinismagent.exe
O4 – HKLM..Wow6432NodeRun: [avast] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastavastUI.exe
O4 – HKUSS-1-5-21-2048194076-3241101371-304686481-1001..Run: [EPSON SX100 Series] . (.SEIKO EPSON CORPORATION – EPSON Status Monitor 3.) — C:Windowssystem32spoolDRIVERSx643E_IATIEDE.exe =>.Epson Seiko Corporation
O4 – HKUSS-1-5-21-2048194076-3241101371-304686481-1001..Run: [EPSON Stylus SX100] . (.SEIKO EPSON CORPORATION – EPSON Status Monitor 3.) — C:Windowssystem32spoolDRIVERSx643E_IATIEDE.exe =>.Epson Seiko Corporation
O4 – HKUSS-1-5-21-2048194076-3241101371-304686481-1001..Run: [iLivid] C:UsersemilieAppDataLocaliLividiLivid.exe (.not file.) =>Adware.Bandoo
O4 – HKUSS-1-5-21-2048194076-3241101371-304686481-1001..Run: [WxEduNKr] . (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32wscript.exe
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: Send by Bluetooth to [64Bits] – {7815BE26-237D-41A8-A98F-F7BD75F71086} — Clé orpheline
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{13906AA2-B591-4F99-99B6-A82AFC96E50B}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpip..{82FBA379-6980-449F-885D-D4A6DFA07695}: DhcpNameServer = 62.25.0.66
O17 – HKLMSystemCCSServicesTcpip..{82FBA379-6980-449F-885D-D4A6DFA07695}: DhcpDomain = J-WDS6.COM
O17 – HKLMSystemCS1ServicesTcpip..{13906AA2-B591-4F99-99B6-A82AFC96E50B}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{82FBA379-6980-449F-885D-D4A6DFA07695}: DhcpNameServer = 62.25.0.66
O17 – HKLMSystemCS1ServicesTcpip..{82FBA379-6980-449F-885D-D4A6DFA07695}: DhcpDomain = J-WDS6.COM
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: vbscript [64Bits] – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:WindowsSystem32mshtml.dll =>.Microsoft Corporation
O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 29-01-13 – 21:18:42 – [0] —-D C:ProgramDataInternet Content Filter
~ Program Folder: 112 Legitimates Filtered in 00mn 12s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.204BD9300EC716C482D9C9FD06BFF7A3] – 19-11-13 – 18:27:18


. (…) — C:UsbFix [Scan 1] EMILIE.txt [10479]
O44 – LFC:[MD5.A4A07D3D6460ADF5E92B8A3CF60D770B] – 19-11-13 – 19:12:38


. (…) — C:UsbFix [Scan 2] EMILIE.txt [6424]
O44 – LFC:[MD5.16FA01EF35316D10128E1752BCA54226] – 19-11-13 – 19:24:08 —A- . (…) — C:UsbFix [Clean 2] EMILIE.txt [7465]
~ Files: 87 Legitimates Filtered in 00mn 07s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.EFE7BDBFCE382A29CE700D8D0F9DDA1D] – 19-11-13 – 18:15:29 —A- – C:WindowsPrefetchdynreservedpri.db
O45 – LFCP:[MD5.9C6255C3210C3B5D2B4FFF3DD80EB86E] – 19-11-13 – 20:40:02 —A- – C:WindowsPrefetchVESSHELLEXEPROXY.EXE-7B0CBAD0.pf
O45 – LFCP:[MD5.31E80F146D500CDEB2270004E41B0BD0] – 19-11-13 – 20:40:03 —A- – C:WindowsPrefetchVCGU.EXE-70C9FDA9.pf
~ Prefetcher: 111 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “DisableCAD”=1
~ MWPS: 18 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.5573AA70993A2BB81525B1C704B88763] – 09-05-13 – 09:59:07 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65336]
~ Drivers: 18 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 19-11-13 – 20:48:07 —A- . (…) — C:UsersemilieAppDataRoamingZHPLog.txt [17306] =>.Nicolas Coolman
O61 – LFC: 19-11-13 – 20:48:07 —A- . (…) — C:UsersemilieAppDataRoamingZHPTestsZHPDiag.txt [2871] =>.Nicolas Coolman
O61 – LFC: 19-11-13 – 20:48:07 —A- . (.Sanou.) — C:UsersemilieDownloadspatho veineuse.doc [117760]
~ 4 Fichiers temporaires (Temporary files)
~ Files: 127 Legitimates Filtered in 00mn 10s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net” onclick=”window.open(this.href);return false;.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {8496BDAB-9CDF-42CA-8CBB-C4CC5EB8D028} – (eBay) – http://rover.ebay.com” onclick=”window.open(this.href);return false; =>Toolbar.eBay
O69 – SBI: SearchScopes [HKCU] {E9BA2724-9076-4553-AF98-76B8CD7FAC48} [DefaultScope] – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.378189889438568FEF3D98588283B3A5] [SPRF][11-11-13] (…) — C:UsersemilieAppDataLocalTempQuarantine.exe [350377]
[MD5.9812917FE2FCDEA2FD800573D7842E5D] [SPRF][19-11-13] (…) — C:UsersemilieDesktopadwcleaner.exe [1085542]
~ Files: 6 Legitimates Filtered in 00mn 00s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “{78B55AB6-0FB2-4141-B0C2-9472B3204377}” |In – None – P6 – TRUE | .(…) — C:UsersemilieAppDataLocaliLividiLivid.exe (.not file.) =>Adware.Bandoo
O87 – FAEL: “{24CA278A-3447-4F10-9218-1EE5F0416C3B}” |In – None – P17 – TRUE | .(…) — C:UsersemilieAppDataLocaliLividiLivid.exe (.not file.) =>Adware.Bandoo
~ Firewall: 229 Legitimates Filtered in 00mn 01s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
~ WIS: 94 Legitimates Filtered in 00mn 10s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 23-09-12 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – c:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SR – | Auto 23-10-12 239616 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
SR – | Auto 05-11-12 231040 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) – C:Program Files (x86)Bluetooth Suiteadminservice.exe
SR – | Auto 09-05-13 46808 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
SS – | Demand 12-10-10 206072 | (GamesAppService) . (.WildTangent, Inc..) – C:Program Files (x86)WildTangent GamesAppGamesAppService.exe
SS – | Auto 27-06-13 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 27-06-13 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SR – | Auto 29-09-12 2445968 | (IconMan_R) . (.Realsil Microelectronics Inc..) – C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe
SR – | Auto 20-04-12 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientHeciServer.exe
SR – | Auto 29-09-12 128896 | (Intel(R) ME Service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe
SR – | Auto 29-09-12 165760 | (jhi_service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
SR – | Auto 29-09-12 276864 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
SR – | Auto 04-04-13 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamscheduler.exe
SR – | Auto 04-04-13 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes’ Anti-Malwarembamservice.exe
SS – | Demand 18-10-12 623784 | (NetworkSupport) . (.Sony Corporation.) – C:Program Files (x86)SonyVAIO Control CenterNetworkSettingNetworkSupport.exe
SR – | Auto 27-07-12 474208 | (PMBDeviceInfoProvider) . (.Sony Corporation.) – C:Program Files (x86)SonyPlayMemories HomePMBDeviceInfoProvider.exe
SR – | Auto 06-08-12 156672 | (SampleCollector) . (…) – C:Program FilesSonyVAIO CareVCPerfService.exe
SS – | Demand 15-10-12 123616 | (SOHCImp) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHCImp.exe
SS – | Demand 15-10-12 461024 | (SOHDms) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHDms.exe
SS – | Demand 15-10-12 78560 | (SOHDs) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedSOHLibSOHDs.exe
SS – | Demand 01-12-11 289952 | (SpfService) . (.Sony Corporation.) – C:Program FilesCommon FilesSony SharedVAIO Entertainment PlatformSPFSpfService64.exe
SR – | Auto 29-09-12 364416 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
SR – | Auto 15-09-12 67536 | (VAIO Event Service) . (.Sony Corporation.) – C:Program Files (x86)SonyVAIO Control CenterVESMgr.exe
SS – | Demand 19-07-12 476328 | (VAIO Power Management) . (.Sony Corporation.) – C:Program FilesSonyVAIO Power ManagementSPMService.exe
SS – | Demand 28-09-12 964608 | (VCFw) . (.Sony Corporation.) – C:Program Files (x86)Common FilesSony SharedVAIO Content Folder WatcherVCFw.exe
SS – | Demand 12-10-12 54760 | (VCService) . (.Sony Corporation.) – C:Program FilesSonyVAIO CareVCService.exe
SR – | Demand 23-10-12 1265824 | (VUAgent) . (.Sony Corporation.) – C:Program FilesSonyVAIO UpdateVUAgent.exe
SR – | Auto 10-07-58 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Demand 20-10-12 29696 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 05-11-12 323584 | (ZAtheros Bt and Wlan Coex Agent) . (.Atheros.) – C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe
~ Services: Scanned in 00mn 12s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Run by emilie at 19-11-13 20:48:57
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by emilie at 19-11-13 20:48:59

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 12996 – (19-11-13)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:iLivid =>Adware.Bandoo^
~ Additionnel Scan: 220951 Items scanned in 00mn 28s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo” onclick=”window.open(this.href);return false; =>Adware.Bandoo
~ MSI: 1 link(s) detected in 00mn 28s

~ 1158 Legitimates filtered by white list
End of the scan (389 lines in 02mn 52s)(0)