Répondre à : raccourcis sur les supports amovibles 2016-09-08T13:19:58+00:00
J.M.
Nombre d'articles : 0

Voila la vaccination a été faite

Et je met aussi le rapport de ZHPdiag(que l’on m’avait demandé dans le post précédent)

[spoiler:1f77843m]~ Rapport de ZHPDiag v2013.11.20.42 – Nicolas Coolman (20/11/2013)
~ Lancé par jeremy (21/11/2013 11:05:23)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16438
GCIE: Google Chrome v31.0.1650.57 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : C7GBG
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
avast! Free Antivirus v9.0.2006
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8

—\ Logiciels d'optimisation du système
CCleaner v4.07 =>Piriform Ltd

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Java 7 Update 45

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8145 MB (76% free)
System Restore: Activé (Enable)
System drive C: has 58 GB (38%) free of 150 GB

—\ Mode de connexion au système
~ Computer Name: MON-PC
~ User Name: jeremy
~ All Users Names: UpdatusUser, jeremy, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d'environnement
~ System Unit : C:
~ %AppZHP% : C:UsersjeremyAppDataRoamingZHP
~ %AppData% : C:UsersjeremyAppDataRoaming
~ %Desktop% : C:UsersjeremyDesktop
~ %Favorites% : C:UsersjeremyFavorites
~ %LocalAppData% : C:UsersjeremyAppDataLocal
~ %StartMenu% : C:UsersjeremyAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 58 Go of 150 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2589 Go of 2629 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Free 6 Go of 7 Go)
K: Floppy drive, Flash card reader, USB Key (Free 4 Go of 4 Go)

—\ Etat du Centre de Sécurité Windows
~ Security Center: 41 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] – (.Microsoft Corporation – Explorateur Windows.) (.22/10/2013 – 08:55:27.) — C:WindowsExplorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] – (.Microsoft Corporation – Application de démarrage de Windows.) (.22/08/2013 – 10:58:29.) — C:WindowsSystem32Wininit.exe [144384]
[MD5.92E05214CC073A85CEDFF9BD4966F96B] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.19/10/2013 – 04:53:26.) — C:WindowsSystem32wininet.dll [2332160]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.22/08/2013 – 10:55:08.) — C:WindowsSystem32Winlogon.exe [564736]
[MD5.2F18065618E39AA2E656EE737B71E791] – (.Microsoft Corporation – Bibliothèque de licences.) (.22/08/2013 – 11:39:40.) — C:WindowsSystem32sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] – (.Microsoft Corporation – Pilote de fonction connexe pour WinSock.) (.22/08/2013 – 14:25:35.) — C:Windowssystem32DriversAFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.22/08/2013 – 13:43:41.) — C:Windowssystem32Driversatapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] – (.Microsoft Corporation – CD-ROM File System Driver.) (.22/08/2013 – 12:40:15.) — C:Windowssystem32DriversCdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.22/08/2013 – 09:46:35.) — C:Windowssystem32DriversCdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.22/08/2013 – 12:38:00.) — C:Windowssystem32DriversDfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.22/08/2013 – 12:38:38.) — C:Windowssystem32DriversHDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] – (.Microsoft Corporation – Pilote de port i8042.) (.22/08/2013 – 12:39:15.) — C:Windowssystem32Driversi8042prt.sys [107520]
[MD5.E23D32BAF152FBE35F18C6A2AB8EF271] – (.Microsoft Corporation – IP Network Address Translator.) (.30/09/2013 – 05:14:00.) — C:Windowssystem32DriversIpNat.sys [141824]
[MD5.6129EDB793A4255B1E2FB41773AC9D9A] – (.Microsoft Corporation – Minirdr SMB Windows NT.) (.30/09/2013 – 05:13:57.) — C:Windowssystem32DriversMRxSmb.sys [404992]
[MD5.0217532E19A748F0E5D569307363D5FD] – (.Microsoft Corporation – MBT Transport driver.) (.22/08/2013 – 12:37:02.) — C:Windowssystem32DriversnetBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.22/08/2013 – 14:25:41.) — C:Windowssystem32Driversntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] – (.Microsoft Corporation – Pilote de port parallèle.) (.22/08/2013 – 12:40:02.) — C:Windowssystem32DriversParport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.22/08/2013 – 12:35:51.) — C:Windowssystem32DriversRasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] – (.Microsoft Corporation – Redirecteur de périphérique de Microsoft RDP.) (.30/09/2013 – 04:59:53.) — C:Windowssystem32Driversrdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] – (.Microsoft Corporation – TDI Translation Driver.) (.22/08/2013 – 14:25:35.) — C:Windowssystem32Driverstdx.sys [107520]
[MD5.9F9CE33B50611A1C61A46B8911E0B30B] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.22/08/2013 – 13:39:15.) — C:Windowssystem32Driversvolsnap.sys [312160]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/3
~ Mes musiques (My Musics) : 1/1584
~ Mes Videos (My Videos) : 1/29
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 1/191
~ Mon Bureau (My Desktop) : 1/308
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 00s

—\ Processus lancés
[MD5.7C0704D4523BA671AFE6D028399942D3] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastavastui.exe [3567800] [PID.4636]
[MD5.636D97B3BAF854511FF3F4093E895FED] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [863184] [PID.1100]
[MD5.4A5946CF3E24DBFAAB97346A29B9A81A] – (.Nicolas Coolman – ZHPDiag.) — D:Program Files (x86)ZHPDiagZHPDiag.exe [8260096] [PID.1604]
~ Processes Running: Scanned in 00mn 00s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersjeremyAppDataLocalGoogleChromeUser DataDefaultPreferences
G0 – GCSP: Preference [User DataDefault][HomePage] http://asus.msn.com” onclick=”window.open(this.href);return false;
G2 – GCE: Preference [User DataDefault] [bmiabdepfhhiieiipmeecdmeljggmfee] TrendMicro BEP Extension v.7.5.0.1107 (Désactivé)
G2 – GCE: Preference [User DataDefault] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [gffkhmkbijdmbncaoclaclldnbndflck] Wolf and the Ice Planet v.1 (Activé)
G2 – GCE: Preference [User DataDefault] [nenmginbkicadaakopinjeahdnejgffp] Ask Toolbar v.26.64401, (Désactivé) =>Toolbar.Ask
~ Google Browser: 20 Legitimates Filtered in 00mn 04s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: AI Suite II.lnk . (.ASUSTeK Computer Inc. – AI Suite II.) — C:Program Files (x86)ASUSAI Suite IIAI Suite II.exe
O4 – GSDesktop [Public]: ASUS MX Suite.lnk . (.MAGIX AG – MAGIX Media Suite.) — C:Program Files (x86)ASUSASUS MX SuiteASUS MX SuiteMediaSuite.exe
O4 – GSDesktop [Public]: ASUSDVD.lnk . (.CyberLink Corp. – ASUSDVD.) — C:Program Files (x86)CyberLinkPowerDVD10PDVDLaunchPolicy.exe
O4 – GSDesktop [Public]: eManual.lnk . (…) — C:Program Files (x86)ASUSeManualeManual.exe
O4 – GSDesktop [Public]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSDesktop [Public]: MP Navigator EX 2.0.lnk . (.CANON INC. – MP Navigator EX.) — C:Program Files (x86)CanonMP Navigator EX 2.0mpnex20.exe
O4 – GSDesktop [Public]: MP3 Rocket 6.4.lnk . (…) — C:Program Files (x86)MP3 RocketMP3Rocket.exe
O4 – GSDesktop [Public]: OpenOffice 4.0.0.lnk . (.Apache Software Foundation – OpenOffice 4.0.0.) — C:Program Files (x86)OpenOffice 4programsoffice.exe
O4 – GSDesktop [Public]: RomStation.lnk . (…) — D:Program Files (x86)RomStationRomStation.exe
O4 – GSDesktop [Public]: SimCity™.lnk . (.Electronic Arts Inc. – SimCity (TM).) — D:Program Files (x86)Origin GamesSimCitySimCitySimCity.exe
O4 – GSDesktop [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH – TeamSpeak 3 Client.) — D:Program FilesTeamSpeak 3 Clientts3client_win64.exe
O4 – GSDesktop [Public]: Why ASUS PC.lnk . (.Adobe Systems, Inc. – Adobe Flash Player 9.0 r115.) — C:Program Files (x86)ASUSWhy ASUS PCDesktop.exe
O4 – GSProgram [Public]: Desktop.lnk – Clé orpheline
O4 – GSQuickLaunch [jeremy]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [jeremy]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSQuickLaunch [jeremy]: MP3 Rocket 6.4.lnk . (…) — C:Program Files (x86)MP3 RocketMP3Rocket.exe
O4 – GSTaskBar [jeremy]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSProgram [jeremy]: CivilizationV_DX11.lnk . (.Firaxis Games – Sid Meier's Civilization V.) — D:Sid Meier's Civilization V – Gods and KingsCivilizationV_DX11.exe
O4 – GSProgram [jeremy]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSProgram [jeremy]: Wow.lnk . (.Blizzard Entertainment – World of Warcraft Retail.) — C:World of WarcraftWow.exe
O4 – GSDesktop [jeremy]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
O4 – GSDesktop [jeremy]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
O4 – GSDesktop [jeremy]: Wow.lnk . (.Blizzard Entertainment – World of Warcraft Retail.) — C:World of WarcraftWow.exe
O4 – GSDesktop [jeremy]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:UsersjeremyAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
~ Global Startup: 63 Legitimates Filtered in 00mn 00s

—\ Applications lancées au démarrage du sytème (O4)
O4 – HKLM..Run: [RTHDVCPL] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARtkNGUI64.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [CanonSolutionMenu] . (.CANON INC. – CNSLMAIN.) — C:Program Files (x86)CanonSolutionMenuCNSLMAIN.exe
O4 – HKCU..Run: [RGSC] D:Program Files (x86)Rockstar GamesRockstar Games Social ClubRGSCLauncher.exe (.not file.)
O4 – HKLM..Wow6432NodeRun: [ASUS Easy Update] . (.ASUSTeK Computer Inc. – ALU MFC Application.) — C:Program Files (x86)ASUSASUS Easy UpdateALU.exe
O4 – HKLM..Wow6432NodeRun: [IAStorIcon] . (.Intel Corporation – Delayed launcher.) — C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorIconLaunch.exe
O4 – HKLM..Wow6432NodeRun: [RemoteControl10] . (.CyberLink Corp. – PowerDVD RC Service.) — C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe
O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
O4 – HKUSS-1-5-21-1337614179-3655045130-2581070099-1001..Run: [RGSC] D:Program Files (x86)Rockstar GamesRockstar Games Social ClubRGSCLauncher.exe (.not file.)
~ Application: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{BA0AE17B-0CE4-4593-8F0F-A8C80842F6BC}: DhcpNameServer = 192.168.0.254
O17 – HKLMSystemCCSServicesTcpip..{C80FD333-2C1C-46A8-B977-1B82B21CF3EC}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{BA0AE17B-0CE4-4593-8F0F-A8C80842F6BC}: DhcpNameServer = 192.168.0.254
O17 – HKLMSystemCS1ServicesTcpip..{C80FD333-2C1C-46A8-B977-1B82B21CF3EC}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
O18 – Filter: application/x-msdownload [64Bits] – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – AppInit_DLLs: . (.NVIDIA Corporation – NVIDIA Stereo Initialization dll, Version 3.) – C:Program Files (x86)NVIDIA Corporation3D VisionnvStInit64.dll
~ AppInit DLL: Scanned in 00mn 00s

—\ Logiciels installés (O42)
O42 – Logiciel: MP3 Rocket – (.MP3 TechSupport Inc.) [HKLM][64Bits] — MP3 Rocket
O42 – Logiciel: MP3Rocket Toolbar – (.APN, LLC.) [HKLM][64Bits] — {4D503352-5637-4300-76A7-A758B70C0700}
~ Logic: 105 Legitimates Filtered in 00mn 00s

—\ HKCU & HKLM Software Keys
~ Key Software: 161 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 27/10/2013 – 20:50:54 – [47,128] —-D C:Program Files (x86)MP3 Rocket
O43 – CFD: 27/10/2013 – 20:50:55 – [1,799] —-D C:UsersjeremyAppDataRoamingMP3Rocket
O43 – CFD: 16/11/2013 – 09:09:25 – [0] —-D C:UsersjeremyAppDataLocalPackageStaging
~ Program Folder: 135 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.D2096B322A5F8D9354B61B4BFDFA7132] – 16/11/2013 – 16:32:49 —A- . (…) — C:WindowsSysNativeApnDatabase.xml [385528]
O44 – LFC:[MD5.D2096B322A5F8D9354B61B4BFDFA7132] – 16/11/2013 – 16:32:49 —A- . (…) — C:WindowsSystem32ApnDatabase.xml [385528]
O44 – LFC:[MD5.B6089A040D9868C1F8F0405CBF9A7060] – 21/11/2013 – 10:30:24


. (…) — C:UsbFix [Scan 1] MON-PC.txt [14989]
O44 – LFC:[MD5.484511101DE9D1161A0B71D44B2507EF] – 21/11/2013 – 10:53:19 —A- . (…) — C:UsbFix [Clean 5] MON-PC.txt [20430]
~ Files: 219 Legitimates Filtered in 00mn 01s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] – 28/10/2013 – 23:23:33 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776]
O58 – SDL:[MD5.ADAA34740E9F6AFF94CC75D5CF8ED7E2] – 04/01/2008 – 13:34:42 —A- . (…) — C:WindowsSysWOW64driversAsInsHelp32.sys [10216]
~ Drivers: 17 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 18/11/2013 – 11:05:51 —A- . (…) — C:UsersjeremySkyDriveDocumentsannée 2013-2014fiches remediationchapitre 4 disques et cerclesConnaitre le vocabulaire du cercle.odt [61302]
O61 – LFC: 20/11/2013 – 11:05:48 —A- . (…) — C:UsersjeremyAppDataLocalGoogleChromeUser DataWidevineCDM1.4.1.376_platform_specificwin_x86widevinecdm.dll [6940304]
O61 – LFC: 20/11/2013 – 11:05:48 —A- . (…) — C:UsersjeremyAppDataLocalGoogleChromeUser DataWidevineCDM1.4.1.376manifest.fingerprint [66]
O61 – LFC: 20/11/2013 – 11:05:48 —A- . (…) — C:UsersjeremyAppDataLocalGoogleChromeUser DataWidevineCDM1.4.1.376manifest.json [848]
O61 – LFC: 21/11/2013 – 11:05:48 —A- . (…) — C:UsersjeremyAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [265087]
O61 – LFC: 21/11/2013 – 11:05:48 —A- . (…) — C:UsersjeremyAppDataLocalGoogleChromeUser DataLocal State [47298]
O61 – LFC: 21/11/2013 – 11:05:51 —A- . (…) — C:UsersjeremyAppDataRoamingZHPLog.txt [35814] =>.Nicolas Coolman
O61 – LFC: 21/11/2013 – 11:05:51 —A- . (…) — C:UsersjeremyAppDataRoamingZHPTestsZHPDiag.txt [2881] =>.Nicolas Coolman
O61 – LFC: 21/11/2013 – 11:05:51 —A- . (…) — C:UsersjeremyAppDataRoamingZHPZHPADSReport.txt [351] =>.Nicolas Coolman
O61 – LFC: 21/11/2013 – 11:05:51 —A- . (…) — C:UsersjeremyAppDataRoamingZHPZHPDiag.txt [27509] =>.Nicolas Coolman
O61 – LFC: 21/11/2013 – 11:05:51 —A- . (…) — C:UsersjeremyDownloadsadwcleaner.exe [1085542]
O61 – LFC: 21/11/2013 – 11:05:51 —A- . (…) — C:UsersjeremySkyDriveDocumentsannée 2013-20145emechapitre 8 anglesfeuille exercices 8.odt [344591]
~ 1 Fichiers temporaires (Temporary files)
~ Files: 652 Legitimates Filtered in 00mn 03s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.)” onclick=”window.open(this.href);return false; [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “UDP Query User{BB2D1FB8-2A20-40A8-88B2-C3961D38AA9A}C:usersjeremyappdataroamingcacaowebcacaoweb.exe” |In – Public – P17 – TRUE | .(…) — C:usersjeremyappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “TCP Query User{811F2744-4E31-4443-B449-CC4C8EA0AD53}C:usersjeremyappdataroamingcacaowebcacaoweb.exe” |In – Public – P6 – TRUE | .(…) — C:usersjeremyappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
~ Firewall: 246 Legitimates Filtered in 00mn 00s

—\ Enumère les codes produits des logiciels (PUC) (O90)
O90 – PUC: “253305D473650034677A7A857BC07000” . (.MP3Rocket Toolbar.) — C:WINDOWSInstaller{4D503352-5637-4300-76A7-A758B70C0700}ToolbarIcon.exe
~ Update Products: 110 Legitimates Filtered in 00mn 00s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.3ED3E71FEEEECCB3B331935E32E05D7F] [WIS][30/10/2013] (.APN, LLC – MP3Rocket Toolbar.) — C:WindowsInstaller2ec3a8d.msi [363520]
~ WIS: 109 Legitimates Filtered in 00mn 01s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
SR – | Auto 01/06/2012 920736 | (asComSvc) . (…) – C:Program Files (x86)ASUSAXSP1.00.19atkexComSvc.exe
SR – | Auto 01/06/2012 951936 | (asHmComSvc) . (.ASUSTeK Computer Inc..) – C:Program Files (x86)ASUSAAHM1.00.20aaHMSvc.exe
SR – | Auto 17/02/2012 149120 | (AsSysCtrlService) . (.ASUSTeK Computer Inc..) – C:Program Files (x86)ASUSAsSysCtrlService1.00.13AsSysCtrlService.exe
SR – | Auto 28/10/2013 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SR – | Auto 24/05/2011 1840128 | (Fabs) . (.MAGIX AG.) – C:Program Files (x86)Common FilesMAGIX ServicesDatabasebinFABS.exe
SR – | Demand 26/04/2011 2702848 | (FirebirdServerMAGIXInstance) . (.MAGIX®.) – C:Program Files (x86)Common FilesMAGIX ServicesDatabasebinfbserver.exe
SR – | Auto 21/09/2013 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SR – | Demand 21/09/2013 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SR – | Auto 09/07/2012 7168 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
SR – | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) – C:Program Files (x86)Common FilesInstallShieldDriver11Intel 32IDriverT.exe
SR – | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientHeciServer.exe
SR – | Demand 02/11/2013 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SR – | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
SR – | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
SR – | Auto 14/07/2012 769432 | (NAUpdate) . (.Nero AG.) – C:Program Files (x86)NeroUpdateNASvc.exe
SR – | Auto 29/08/2013 920864 | (nvsvc) . (.NVIDIA Corporation.) – C:WINDOWSsystem32nvvsvc.exe
SR – | Auto 29/08/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe
SR – | Auto 12/09/2013 5071712 | (TeamViewer8) . (.TeamViewer GmbH.) – C:Program Files (x86)TeamViewerVersion8TeamViewer_Service.exe
SR – | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
SR – | Demand 10/07/1658 0 | (WdNisSvc) . (…) – C:Program Files (x86)Windows DefenderNisSrv.exe
SR – | Demand 10/07/1658 0 | (WinDefend) . (…) – C:Program Files (x86)Windows DefenderMsMpEng.exe
SR – | Demand 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Demand 22/08/2013 37768 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 01s

—\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by jeremy at 21/11/2013 11:06:06
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Scan Additionnel (O88)
Database Version : 12996 – (20/11/2013)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0

[HKLMSoftwareGoogleChromeExtensionsnenmginbkicadaakopinjeahdnejgffp] =>Toolbar.Ask^
C:UsersjeremyAppDataLocalGoogleChromeUser DataDefaultExtensionsnenmginbkicadaakopinjeahdnejgffp =>Toolbar.Ask^
~ Additionnel Scan: 263127 Items scanned in 00mn 09s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask” onclick=”window.open(this.href);return false; =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb” onclick=”window.open(this.href);return false; =>PUP.CacaoWeb
~ MSI: 2 link(s) detected in 00mn 09s

~ 1768 Legitimates filtered by white list
End of the scan (399 lines in 00mn 54s)(0)[/spoiler:1f77843m]