Répondre à : aartemis 2016-09-08T13:20:33+00:00
franckybay
Participant
Post count: 51

Je te copie Quand meme le rapport de zhp.diag
[spoiler:2wy4310q]~ Rapport de ZHPDiag v2013.11.22.46 – Nicolas Coolman (22/11/2013)
~ Lancé par User (23/11/2013 08:16:11)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program

—\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16428 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : W8DQG
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
Avira Free Antivirus v13.0.0.4042
Emsisoft Anti-Malware
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

—\ Logiciels d'optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 45

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 7986 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 29 GB (8%) free of 342 GB

—\ Mode de connexion au système
~ Computer Name: USER-PC
~ User Name: User
~ All Users Names: User, UpdatusUser, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d'environnement
~ System Unit : C:
~ %AppZHP% : C:UsersUserAppDataRoamingZHP
~ %AppData% : C:UsersUserAppDataRoaming
~ %Desktop% : C:UsersUserDesktop
~ %Favorites% : C:UsersUserFavorites
~ %LocalAppData% : C:UsersUserAppDataLocal
~ %StartMenu% : C:UsersUserAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 29 Go of 342 Go)
D: CD-ROM drive (Not Inserted)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.E6CB36B85BE59095337427E853A5B65A] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.17/11/2013 – 14:04:27.) — C:WindowsSystem32wininet.dll [2332160]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:30.) — C:WindowsSystem32Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/6053
~ Mes musiques (My Musics) : 8/53
~ Mes Videos (My Videos) : 2/542
~ Mes Favoris (My Favorites) : 1/58
~ Mes Documents (My Documents) : 1/85
~ Mon Bureau (My Desktop) : 1/23
~ Menu demarrer (Programs) : 1/31
~ Hidden Files: Scanned in 00mn 00s

—\ Processus lancés
[MD5.A4159CBC4FC1EC188948DC5E65DF5150] – (.TomTom – MyTomTom.) — C:Program Files (x86)MyTomTom 3MyTomTomSA.exe [455608] [PID.3284]
[MD5.1DE65EBD6DF1ADC1D74CD9218FC68693] – (.Spotify Ltd – SpotifyWebHelper.) — C:UsersUserAppDataRoamingSpotifyDataSpotifyWebHelper.exe [1168896] [PID.3388]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] – (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [39408] [PID.3404] =>Toolbar.Google
[MD5.DB3F7F19F942D3CE4E1A0E8D9FF541FB] – (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program Files (x86)AviraAntiVir Desktopavgnt.exe [347192] [PID.3872]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.4016]
[MD5.C8A8321292A459B0A17FB39A782A5C74] – (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet ExplorerIEXPLORE.exe [806096] [PID.2572]
[MD5.BB4F6465EEB9ACAA5C60C36983740219] – (.Google Inc. – Google Toolbar Broker.) — C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbarUser_32.exe [310352] [PID.6100] =>Toolbar.Google
[MD5.06BC146E6C2E881A7235A142BA877B82] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8262144] [PID.4384]
[MD5.D25A01AC95B7210260793CB80CE10B38] – (.Emsisoft GmbH – Emsisoft Anti-Malware Service.) — C:Program Files (x86)Emsisoft Anti-Malwarea2service.exe [4153784] [PID.784]
[MD5.8769E2D1072B62AB071F166F03B3E3DC] – (.Avira Operations GmbH & Co. KG – Avira Scheduler.) — C:Program Files (x86)AviraAntiVir Desktopsched.exe [84024] [PID.1496]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.1640]
[MD5.AD1D13E6326E0B8DA2A7BE13B39A8FE0] – (.Avira Operations GmbH & Co. KG – Avira On-Access Service.) — C:Program Files (x86)AviraAntiVir Desktopavguard.exe [108088] [PID.1680]
~ Processes Running: Scanned in 00mn 00s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersUserAppDataLocalGoogleChromeUser DataDefaultPreferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = preserve
~ IE Browser: 17 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: Google Toolbar [64Bits] – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
O3 – ToolbarWebBrowser: (no name) [64Bits] – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: Emsisoft Anti-Malware.lnk . (.Emsisoft GmbH – Security Center.) — C:Program Files (x86)Emsisoft Anti-Malwarea2start.exe
O4 – GSDesktop [Public]: EPSON Scan.lnk . (.SEIKO EPSON CORP. – EPSON Scan.) — C:Windowstwain_32escndvescndv.exe
O4 – GSQuickLaunch [User]: Emsisoft Anti-Malware.lnk . (.Emsisoft GmbH – Security Center.) — C:Program Files (x86)Emsisoft Anti-Malwarea2start.exe
O4 – GSQuickLaunch [User]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSQuickLaunch [User]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:UsersUserAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
O4 – GSProgram [User]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSSystemTools [User]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSDesktop [User]: Avatar Sizer.lnk . (.JQL – http://www.jql.co.uk – Avatar Sizer Wizard.) — C:Program Files (x86)Avatar SizerAvatarSizer.exe
O4 – GSDesktop [User]: HomePlayer.lnk . (…) — C:Program Files (x86)HomePlayerHomePlayer.exe
O4 – GSDesktop [User]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSDesktop [User]: µTorrent.lnk . (.BitTorrent Inc. – µTorrent.) — C:UsersUserAppDataRoaminguTorrentuTorrent.exe =>P2P.BitTorrent
~ Global Startup: 66 Legitimates Filtered in 00mn 00s

—\ Applications lancées au démarrage du sytème (O4)
O4 – HKLM..Run: [SynTPEnh] C:Program Files (x86)SynapticsSynTPSynTPEnh.exe (.not file.)
O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [RtHDVBg] . (.Realtek Semiconductor – HD Audio Background Process.) — C:Program FilesRealtekAudioHDARAVBg64.exe
O4 – HKLM..Run: [ThpSrv] Clé orpheline
O4 – HKLM..Run: [EvtMgr6] . (.Logitech, Inc. – Logitech SetPoint Event Manager (UNICODE).) — C:Program FilesLogitechSetPointPSetPoint.exe
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:Windowssystem32igfxpers.exe
O4 – HKCU..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKCU..Run: [EPSON Stylus SX400 Series] . (.SEIKO EPSON CORPORATION – EPSON Status Monitor 3.) — C:Windowssystem32spoolDRIVERSx643E_IATIEGE.exe =>.Epson Seiko Corporation
O4 – HKCU..Run: [MyTomTomSA.exe] . (.TomTom – MyTomTom.) — C:Program Files (x86)MyTomTom 3MyTomTomSA.exe
O4 – HKCU..Run: [BTLive] C:UsersUserAppDataRoamingBTLiveBTLive.exe (.not file.)
O4 – HKCU..Run: [Spotify] . (.Spotify Ltd – Spotify.) — C:UsersUserAppDataRoamingSpotifySpotify.exe
O4 – HKCU..Run: [Spotify Web Helper] . (.Spotify Ltd – SpotifyWebHelper.) — C:UsersUserAppDataRoamingSpotifyDataSpotifyWebHelper.exe
O4 – HKCU..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
O4 – HKLM..Wow6432NodeRun: [avgnt] . (.Avira Operations GmbH & Co. KG – Avira System Tray Tool.) — C:Program Files (x86)AviraAntiVir Desktopavgnt.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Wow6432NodeRun: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program Files (x86)QuickTimeQTTask.exe
O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-1416314505-1888072257-1104572345-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows Sidebarsidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-1416314505-1888072257-1104572345-1000..Run: [EPSON Stylus SX400 Series] . (.SEIKO EPSON CORPORATION – EPSON Status Monitor 3.) — C:Windowssystem32spoolDRIVERSx643E_IATIEGE.exe =>.Epson Seiko Corporation
O4 – HKUSS-1-5-21-1416314505-1888072257-1104572345-1000..Run: [MyTomTomSA.exe] . (.TomTom – MyTomTom.) — C:Program Files (x86)MyTomTom 3MyTomTomSA.exe
O4 – HKUSS-1-5-21-1416314505-1888072257-1104572345-1000..Run: [BTLive] C:UsersUserAppDataRoamingBTLiveBTLive.exe (.not file.)
O4 – HKUSS-1-5-21-1416314505-1888072257-1104572345-1000..Run: [Spotify] . (.Spotify Ltd – Spotify.) — C:UsersUserAppDataRoamingSpotifySpotify.exe
O4 – HKUSS-1-5-21-1416314505-1888072257-1104572345-1000..Run: [Spotify Web Helper] . (.Spotify Ltd – SpotifyWebHelper.) — C:UsersUserAppDataRoamingSpotifyDataSpotifyWebHelper.exe
O4 – HKUSS-1-5-21-1416314505-1888072257-1104572345-1000..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
~ Application: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{2BCF695F-DCEB-4BF7-BE8E-95B550E18009}: DhcpNameServer = 192.168.0.254
O17 – HKLMSystemCCSServicesTcpip..{50269BF3-2599-4580-83D2-0232943BE4EF}: DhcpNameServer = 192.168.0.254
O17 – HKLMSystemCS1ServicesTcpip..{2BCF695F-DCEB-4BF7-BE8E-95B550E18009}: DhcpNameServer = 192.168.0.254
O17 – HKLMSystemCS1ServicesTcpip..{50269BF3-2599-4580-83D2-0232943BE4EF}: DhcpNameServer = 192.168.0.254
O17 – HKLMSystemCS2ServicesTcpip..{2BCF695F-DCEB-4BF7-BE8E-95B550E18009}: DhcpNameServer = 192.168.0.254
O17 – HKLMSystemCS2ServicesTcpip..{50269BF3-2599-4580-83D2-0232943BE4EF}: DhcpNameServer = 192.168.0.254
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
O20 – Winlogon Notify: LBTWlgn . (.Logitech, Inc. – Logitech Bluetooth Service.) — c:program filescommon fileslogishrdbluetoothLBTWlgn.dll
~ Winlogon: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – AppInit_DLLs: . (…) – C:Windowssystem32nvinitx.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s

—\ Tâches planifiées en automatique (O39)
[MD5.DBE9C7B6965FB61ED436DCC489A08961] [APT] [{E55EF33E-B023-4C9D-8D40-BF61D5B6104B}] (…) — C:UsersUserDownloadsavira-antivir-personal-free-antivirus_avira_antivir_personal_free_10.2.0.703_francais_10821 (1).exe [69342960]
[MD5.00000000000000000000000000000000] [APT] [{EBC6874D-BC4A-42EC-B92C-9638A5442C0F}] (…) — D:toolsActiveX_IP.exe (.not file.) [0]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 01s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 20/11/2010 – 13:18:02 – [0] -SH-D C:UsersUserAppDataRoaming216307
~ 1185 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1385 Legitimates Filtered in 00mn 14s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] – 17/11/2013 – 14:04:25 —A- . (…) — C:WindowsSysNativeieuinit.inf [16284]
O44 – LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] – 17/11/2013 – 14:04:25 —A- . (…) — C:WindowsSystem32ieuinit.inf [16284]
O44 – LFC:[MD5.CCFF88CC312136BBC2759AAC3D9D35D9] – 17/11/2013 – 14:09:04 —A- . (…) — C:WindowsIE11_main.log [10791]
O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 21/11/2013 – 12:35:20 —A- . (…) — C:autoexec.bat [0]
~ Files: 172 Legitimates Filtered in 00mn 01s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.2DB6BF03123BC31EF20A78457B91ADB0] – 22/11/2013 – 18:41:56 —A- – C:WindowsPrefetchYONTOODESKTOP.EXE-65F445DA.pf =>Adware.Yontoo
O45 – LFCP:[MD5.C09AC37E2818040427AD352BFF1417C9] – 23/11/2013 – 07:55:07 —A- – C:WindowsPrefetchCCUAC.EXE-3A725DBA.pf
~ Prefetcher: 82 Legitimates Filtered in 00mn 00s

—\ Contrôle du Safe Boot (CSB) (O49)
O49 – CSB:Control Safe Boot HKLM…CCSMinimalCleanHlp.sys . (…) — C:WindowsSystem32DriversCleanHlp.sys (.not file.)
O49 – CSB:Control Safe Boot HKLM…CCSNetworkCleanHlp.sys . (…) — C:WindowsSystem32DriversCleanHlp.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.1E5B4A00DDD744F9F02C1FE000572A92] – 22/01/2010 – 17:42:26 —A- . (.DiBcom – MOD7700 AVSTREAM/BDA driver.) — C:WindowsSystem32Driversdvb7700all.sys [945664]
~ Drivers: 16 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 20/11/2013 – 08:16:43 —A- . (…) — C:UsersUserDocumentsAnti-MalwareReportsa2scan_131120-193052.txt [1632]
O61 – LFC: 20/11/2013 – 08:16:44 —A- . (…) — C:UsersUserSyncFolderMyPC Backup Guide rapide de démarrage .pdf [890103] =>PUP.MyPCBackup
O61 – LFC: 21/11/2013 – 08:16:43 —A- . (…) — C:UsersUserDocumentsfactures free mobileFreemobile_0658840626_19-11-2013.pdf [132370]
O61 – LFC: 22/11/2013 – 08:16:39 —A- . (…) — C:UsersUserAppDataLocalGoogleToolbar Cache7.5.4601.54frtranslate_languages.json.content [1861]
O61 – LFC: 22/11/2013 – 08:16:42 —A- . (…) — C:UsersUserAppDataRoamingGoogleLocal Search Historygoogle%2Eweb.w [11414]
O61 – LFC: 22/11/2013 – 08:16:43 —A- . (…) — C:UsersUserDocumentsAnti-MalwareReportsa2scan_131122-072131.txt [1246]
O61 – LFC: 23/11/2013 – 08:16:39 —A- . (…) — C:UsersUserAppDataLocalGoogleToolbarbroker_metrics.xml [5060]
O61 – LFC: 23/11/2013 – 08:16:43 —A- . (…) — C:UsersUserAppDataRoamingZHPLog.txt [38484] =>.Nicolas Coolman
O61 – LFC: 23/11/2013 – 08:16:43 —A- . (…) — C:UsersUserAppDataRoamingZHPTestsZHPDiag.txt [2835] =>.Nicolas Coolman
O61 – LFC: 23/11/2013 – 08:16:43 —A- . (…) — C:UsersUserAppDataRoamingZHPZHPADSReport.txt [351] =>.Nicolas Coolman
O61 – LFC: 23/11/2013 – 08:16:43 —A- . (…) — C:UsersUserAppDataRoamingZHPZHPDiag.txt [34611] =>.Nicolas Coolman
~ 6 Fichiers temporaires (Temporary files)
~ Files: 133 Legitimates Filtered in 00mn 04s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (…) — C:Program Files (x86)Internet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKUS.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKUS.DEFAULT] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKUSS-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKUSS-1-5-18] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.858D895AD40DE9779E78C39A116F9553] [SPRF][18/11/2013] (…) — C:UsersUserAppDataLocalTempBackupSetup.exe [10355400]
[MD5.2F08D91BFE7D5B863F7DDE4826B1955F] [SPRF][05/11/2013] (.The Software Group – Software Update Setup.) — C:UsersUserAppDataLocalTempBoxoreInstaller.exe [621168] =>Adware.Boxore
[MD5.3B32CAA07D672F8A2E0DF5CB3A873F45] [SPRF][22/06/2012] (…) — C:UsersUserAppDataLocalTempESGScanner.sys [22704]
[MD5.378189889438568FEF3D98588283B3A5] [SPRF][11/11/2013] (…) — C:UsersUserAppDataLocalTempQuarantine.exe [350377]
[MD5.883DFC791AAF1298FCFC2BCF5471BBFC] [SPRF][21/11/2013] (…) — C:UsersUserAppDataLocalTempSHSetup.exe [46777424] =>Crapware.SpyHunter
[MD5.9812917FE2FCDEA2FD800573D7842E5D] [SPRF][22/11/2013] (…) — C:UsersUserDesktopadwcleaner.exe [1085542]
[MD5.36CE0F1A101A6AD12B8DCE0CBF034F23] [SPRF][06/09/2013] (…) — C:UsersUserDesktopepson324852eu.exe [12313600]
~ Files: 9 Legitimates Filtered in 00mn 00s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “TCP Query User{FC4121BA-48FD-4063-9B43-AFC0DE583626}C:usersuserappdataroamingbtlivebtlive.exe” |In – Private – P6 – TRUE | .(…) — C:usersuserappdataroamingbtlivebtlive.exe (.not file.)
O87 – FAEL: “UDP Query User{9963C40F-A769-45D7-A325-25ECFAE506B2}C:usersuserappdataroamingbtlivebtlive.exe” |In – Private – P17 – TRUE | .(…) — C:usersuserappdataroamingbtlivebtlive.exe (.not file.)
O87 – FAEL: “TCP Query User{B71C6F0E-446D-4665-9AC5-12D9F545F62F}C:usersuserappdataroamingbtlivebtlive.exe” |In – Public – P6 – TRUE | .(…) — C:usersuserappdataroamingbtlivebtlive.exe (.not file.)
O87 – FAEL: “UDP Query User{230AFB36-001B-42CC-AEC2-28C354907C71}C:usersuserappdataroamingbtlivebtlive.exe” |In – Public – P17 – TRUE | .(…) — C:usersuserappdataroamingbtlivebtlive.exe (.not file.)
O87 – FAEL: “TCP Query User{B97AC622-B128-442C-8DDE-E11A6B64E44E}C:usersuserappdataroamingcacaowebcacaoweb.exe” |In – Private – P6 – TRUE | .(…) — C:usersuserappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “UDP Query User{EC5B2270-2145-453D-98FD-2271A3409420}C:usersuserappdataroamingcacaowebcacaoweb.exe” |In – Private – P17 – TRUE | .(…) — C:usersuserappdataroamingcacaowebcacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “TCP Query User{A42811FA-06D6-439B-A867-F4C9906C8A72}C:usersuserappdatalocalapps2.069tjd5ce.tcyhy515az3.w5olaun…app_59711684aa47878d_0001.0022_9b05f8bc24ab37d0launcher.exe” |In – Private – P6 – TRUE | .(…) — C:usersuserappdatalocalapps2.069tjd5ce.tcyhy515az3.w5olaun…app_59711684aa47878d_0001.0022_9b05f8bc24ab37d0launcher.exe (.not file.)
O87 – FAEL: “UDP Query User{388308B7-2BA7-48C1-9165-868EB2EB48F6}C:usersuserappdatalocalapps2.069tjd5ce.tcyhy515az3.w5olaun…app_59711684aa47878d_0001.0022_9b05f8bc24ab37d0launcher.exe” |In – Private – P17 – TRUE | .(…) — C:usersuserappdatalocalapps2.069tjd5ce.tcyhy515az3.w5olaun…app_59711684aa47878d_0001.0022_9b05f8bc24ab37d0launcher.exe (.not file.)
~ Firewall: 230 Legitimates Filtered in 00mn 00s

—\ Enumère les codes produits des logiciels (PUC) (O90)
O90 – PUC: “F5E6185D0BE1AF042AD1D5AE101F4F2C” . (.ASIX AX88772 Vista 64Bit Driver.) — C:WindowsInstaller{D5816E5F-1EB0-40FA-A21D-5DEA01F1F4C2}ARPPRODUCTICON.exe
~ Update Products: 106 Legitimates Filtered in 00mn 00s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 04/10/2013 4153784 | (a2AntiMalware) . (.Emsisoft GmbH.) – C:Program Files (x86)Emsisoft Anti-Malwarea2service.exe
SR – | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SS – | Demand 12/11/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
SR – | Auto 10/09/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) – C:Program Files (x86)AviraAntiVir Desktopsched.exe
SR – | Auto 10/09/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) – C:Program Files (x86)AviraAntiVir Desktopavguard.exe
SS – | Disabled 10/09/2013 815160 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) – C:Program Files (x86)AviraAntiVir DesktopAVWEBGRD.exe
SS – | Auto 25/12/2011 136176 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 25/12/2011 136176 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 14/08/2012 194032 | (gusvc) . (.Google.) – C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
SS – | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) – C:Program Files (x86)Common FilesInstallShieldDriver11Intel 32IDriverT.exe
SS – | Demand 27/09/2011 359192 | (LBTServ) . (.Logitech, Inc..) – C:Program FilesCommon FilesLogiShrdBluetoothlbtserv.exe
SS – | Demand 14/11/2011 427640 | (maconfservice) . (.CybelSoft.) – C:Program Filesma-config.comx64maconfservice.exe
SR – | Auto 02/10/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
SS – | Auto 02/10/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe
SS – | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
SR – | Auto 21/10/2009 531520 | (Thpsrv) . (.TOSHIBA Corporation.) – C:Windowssystem32ThpSrv.exe
SR – | Auto 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 02s

—\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by User at 23/11/2013 08:16:56
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by User at 23/11/2013 08:16:58

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 12996 – (22/11/2013)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 4

[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLMSoftwareMicrosoftWindows NTCurrentVersionScheduleTaskCacheTreeDealply] =>PUP.DealPly
[HKLMSoftwareClassesCLSID{11111111-1111-1111-1111-110311121157}] =>PUP.CrossRider
[HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{11111111-1111-1111-1111-110311121157}] =>PUP.CrossRider
[HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{21111111-1111-1111-1111-110111991162}] =>PUP.CrossRider
[HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
[HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:swg =>Toolbar.Google^
C:UsersUserAppDataLocalSoftware =>Adware.Boxore
C:UsersUserAppDataLocalGoogleChromeUser DataDefaultExtensionscnmdgidklhhnmppphpohildcefnaaflp =>PUP.CrossRider
C:UsersUserAppDataLocalGoogleChromeUser DataDefaultExtensionspbpohikckhbcljgombipcdoinkaedlfa =>Spyware.SmartDisplay
C:UsersUserAppDataLocalGoogleChromeUser DataDefaultExtensionsmocblcnaofikinigmceddfghppkkjbog =>Adware.SmileyBar
C:UsersUserAppDataLocalGoogleChromeUser DataDefaultExtensionsdgjkhjdcljddbedokogakmmdjgnbeanf =>PUP.SpeedAnalysis
C:Program Files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google^
C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbarUser_32.exe =>Toolbar.Google^
C:UsersUserAppDataLocalTempBoxoreInstaller.exe =>Adware.Boxore^
C:UsersUserAppDataLocalTempSHSetup.exe =>Crapware.SpyHunter^
~ Additionnel Scan: 232886 Items scanned in 00mn 12s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26811836-adware-yontoo” onclick=”window.open(this.href);return false; =>Adware.Yontoo
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup” onclick=”window.open(this.href);return false; =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore” onclick=”window.open(this.href);return false; =>Adware.Boxore
~ http://nicolascoolman.webs.com/apps/blog/show/26609241-crapware-spyhunter” onclick=”window.open(this.href);return false; =>Crapware.SpyHunter
~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb” onclick=”window.open(this.href);return false; =>PUP.CacaoWeb
~ http://nicolascoolman.webs.com/apps/blog/show/29637859-toolbar-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply” onclick=”window.open(this.href);return false; =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider” onclick=”window.open(this.href);return false; =>PUP.CrossRider
~ http://nicolascoolman.webs.com/apps/blog/show/32662245-spyware-smartdisplay” onclick=”window.open(this.href);return false; =>Spyware.SmartDisplay
~ http://nicolascoolman.webs.com/apps/blog/show/27530912-adware-smileybar” onclick=”window.open(this.href);return false; =>Adware.SmileyBar
~ http://nicolascoolman.webs.com/apps/blog/show/28153012-pup-speedanalysis” onclick=”window.open(this.href);return false; =>PUP.SpeedAnalysis
~ MSI: 11 link(s) detected in 00mn 12s

~ 2634 Legitimates filtered by white list
End of the scan (478 lines in 00mn 59s)(0)[/spoiler:2wy4310q]