florie
Participant
Nombre d'articles : 7

Non je n’ai plus de raccourcis sur ma clé usb.
Après avoir lancé le logiciel ZHP j’obtiens le rapport suivant :

~ Rapport de ZHPDiag v2013.11.22.46 – Nicolas Coolman (22/11/2013)
~ Lancé par Florie Copon (23/11/2013 12:50:05)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16736
GCIE: Google Chrome v31.0.1650.57 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Windows Server License Manager Script : OK

—\ Logiciels de protection du système
avast! Free Antivirus v9.0.2008
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8

—\ Logiciels d’optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Reader X

—\ Informations sur le système
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3673 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 42 GB (22%) free of 186 GB

—\ Mode de connexion au système
~ Computer Name: FLORIE
~ User Name: Florie Copon
~ All Users Names: Florie Copon, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UsersFlorie CoponAppDataRoamingZHP
~ %AppData% : C:UsersFlorie CoponAppDataRoaming
~ %Desktop% : C:UsersFlorie CoponDesktop
~ %Favorites% : C:UsersFlorie CoponFavorites
~ %LocalAppData% : C:UsersFlorie CoponAppDataLocal
~ %StartMenu% : C:UsersFlorie CoponAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 42 Go of 186 Go)
D: Hard drive, Flash drive, Thumb drive (Free 224 Go of 258 Go)
E: Floppy drive, Flash card reader, USB Key (Free 4 Go of 4 Go)
F: Floppy drive, Flash card reader, USB Key (Free 1 Go of 7 Go)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] – (.Microsoft Corporation – Explorateur Windows.) (.01/06/2013 – 12:34:21.) — C:WindowsExplorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] – (.Microsoft Corporation – Application de démarrage de Windows.) (.26/07/2012 – 04:08:50.) — C:WindowsSystem32Wininit.exe [132608]
[MD5.9706C99DAEBE3FEAC811B239617E98C4] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.12/10/2013 – 09:45:20.) — C:WindowsSystem32wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.11/10/2012 – 06:46:58.) — C:WindowsSystem32Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] – (.Microsoft Corporation – Bibliothèque de licences.) (.26/07/2012 – 04:07:20.) — C:WindowsSystem32sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] – (.Microsoft Corporation – Pilote de fonction connexe pour WinSock.) (.04/09/2013 – 04:11:23.) — C:Windowssystem32DriversAFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.26/07/2012 – 06:00:48.) — C:Windowssystem32Driversatapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] – (.Microsoft Corporation – CD-ROM File System Driver.) (.26/07/2012 – 03:30:10.) — C:Windowssystem32DriversCdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.26/07/2012 – 03:26:36.) — C:Windowssystem32DriversCdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.26/07/2012 – 03:26:53.) — C:Windowssystem32DriversDfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/09/2012 – 07:08:44.) — C:Windowssystem32DriversHDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] – (.Microsoft Corporation – Pilote de port i8042.) (.26/07/2012 – 03:28:51.) — C:Windowssystem32Driversi8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] – (.Microsoft Corporation – IP Network Address Translator.) (.26/07/2012 – 03:23:01.) — C:Windowssystem32DriversIpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] – (.Microsoft Corporation – Minirdr SMB Windows NT.) (.05/02/2013 – 23:29:09.) — C:Windowssystem32DriversMRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] – (.Microsoft Corporation – MBT Transport driver.) (.26/07/2012 – 03:24:28.) — C:Windowssystem32DriversnetBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.02/02/2013 – 11:54:54.) — C:Windowssystem32Driversntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] – (.Microsoft Corporation – Pilote de port parallèle.) (.26/07/2012 – 03:29:53.) — C:Windowssystem32DriversParport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.26/07/2012 – 03:23:17.) — C:Windowssystem32DriversRasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] – (.Microsoft Corporation – Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 – 03:25:18.) — C:Windowssystem32Driversrdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] – (.Microsoft Corporation – TDI Translation Driver.) (.26/07/2012 – 06:26:47.) — C:Windowssystem32Driverstdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.01/06/2013 – 12:26:33.) — C:Windowssystem32Driversvolsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/667
~ Mes musiques (My Musics) : 1/11882
~ Mes Videos (My Videos) : 1/30
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 8/222
~ Mon Bureau (My Desktop) : 1/8
~ Menu demarrer (Programs) : 1/22
~ Hidden Files: Scanned in 00mn 09s

—\ Processus lancés
[MD5.1F0A97900FC718CE617A722BEF8580CD] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [3568312] [PID.1880]
[MD5.636D97B3BAF854511FF3F4093E895FED] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [863184] [PID.2028]
[MD5.06BC146E6C2E881A7235A142BA877B82] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8262144] [PID.3260]
~ Processes Running: Scanned in 00mn 00s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersFlorie CoponAppDataLocalGoogleChromeUser DataDefaultPreferences
G2 – GCE: Preference [User DataDefault] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [pflphaooapbgpeakohlggbpidpppgdff] MySearchDial Nouvel onglet v.9.4.1.1 (Désactivé) =>Adware.MyWebSearch
~ Google Browser: 16 Legitimates Filtered in 00mn 03s

—\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
R1 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerAboutURLs,Tabs = http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
~ IE Browser: 14 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSProgram [Public]: Desktop.lnk – Clé orpheline
O4 – GSQuickLaunch [Florie Copon]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [Florie Copon]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSTaskBar [Florie Copon]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSProgram [Florie Copon]: cacaoweb.lnk . (…) — C:UsersFlorie CoponDesktopcacaoweb.exe =>PUP.CacaoWeb
O4 – GSProgram [Florie Copon]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSDesktop [Florie Copon]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
O4 – GSDesktop [Florie Copon]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
~ Global Startup: 35 Legitimates Filtered in 00mn 01s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Public]: AsusVibeLauncher.lnk . (.ASUSTeK Computer Inc. – AsusVibe Application.) — C:Program Files (x86)ASUSAsusVibeAsusVibeLauncher.exe
O4 – GSStartup [Florie Copon]: OneNote 2010 – Capture d’écran et lancement.lnk . (.Microsoft Corporation – Microsoft OneNote Quick Launcher.) — C:Program Files (x86)Microsoft OfficeOffice14ONENOTEM.exe =>.Microsoft Corporation
O4 – HKLM..Run: [RTHDVCPL] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
O4 – HKCU..Run: [Facebook Update] . (.Facebook Inc. – Programme d’installation de Facebook.) — C:UsersFlorie CoponAppDataLocalFacebookUpdateFacebookUpdate.exe
O4 – HKCU..Run: [cacaoweb] . (…) — C:UsersFlorie CoponAppDataRoamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
O4 – HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [ASUSWebStorage] . (.ASUS Cloud Corporation – ASUS WebStorage Panel.) — C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe
O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Wow6432NodeRun: [BCSSync] . (.Microsoft Corporation – Microsoft Office 2010 component.) — C:Program Files (x86)Microsoft OfficeOffice14BCSSync.exe =>.Microsoft Corporation
O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
O4 – HKUSS-1-5-21-1391351973-4093424353-1624542879-1001..Run: [Facebook Update] . (.Facebook Inc. – Programme d’installation de Facebook.) — C:UsersFlorie CoponAppDataLocalFacebookUpdateFacebookUpdate.exe
O4 – HKUSS-1-5-21-1391351973-4093424353-1624542879-1001..Run: [cacaoweb] . (…) — C:UsersFlorie CoponAppDataRoamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: &Envoyer à OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program Files (x86)MICROS~1Office14ONBttnIE.dll =>.Microsoft Corporation
O9 – Extra button: Notes &liées OneNote [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program Files (x86)MICROS~1Office14ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{A09FF915-5E9B-4E3D-9825-01031D15C03D}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{A09FF915-5E9B-4E3D-9825-01031D15C03D}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: vbscript [64Bits] – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:WindowsSystem32mshtml.dll =>.Microsoft Corporation
O18 – Filter: text/xml [64Bits] – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Tâches planifiées en automatique (O39)
O39 – APT:Automatic Planified Task – C:WindowsTasksMySearchDial.job [326] =>Adware.MyWebSearch
[MD5.00000000000000000000000000000000] [APT] [MySearchDial] (…) — C:UsersFlorie CoponAppDataRoamingMYSEAR~1UPDATE~1UPDATE~1.exe (.not file.) [0] =>Adware.MyWebSearch
~ Scheduled Task: 21 Legitimates Filtered in 00mn 11s

—\ Logiciels installés (O42)
O42 – Logiciel: Robert/Collins 1.2 – (…) [HKLM][64Bits] — Le Robert & Collins Maxi Plus anglais_is1
O42 – Logiciel: Setuprog Toolbar – (…) [HKLM][64Bits] — Setuprog Toolbar
~ Logic: 69 Legitimates Filtered in 00mn 01s

—\ HKCU & HKLM Software Keys
[HKCUSoftwareCRSEPM]
[HKCUSoftwareCollins]
[HKCUSoftwareSEJER]
[HKCUSoftwareSoftonic] =>Toolbar.Conduit
[HKCUSoftwarecacaoweb] =>PUP.CacaoWeb
[HKLMSoftwareWow6432NodeCRSEPM]
[HKLMSoftwareWow6432NodeInstallCore] =>Adware.InstallCore
[HKLMSoftwareWow6432NodeSetuprog]
~ Key Software: 149 Legitimates Filtered in 00mn 01s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 15/11/2013 – 16:10:29 – [0] —-D C:Program Files (x86)Mysearchdial =>Adware.MyWebSearch
O43 – CFD: 27/07/2013 – 10:30:25 – [2,435] —-D C:Program Files (x86)Setuprog
O43 – CFD: 22/11/2013 – 21:36:20 – [303,291] —-D C:UsersFlorie CoponAppDataRoamingcacaoweb =>PUP.CacaoWeb
~ Program Folder: 124 Legitimates Filtered in 00mn 03s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.CF050255E21EE174449D2D817EA8A6FD] – 15/11/2013 – 15:49:47


. (…) — C:UsbFix [Scan 1] FLORIE.txt [10332]
O44 – LFC:[MD5.1567C4858E6466D803F2CA5DA09D4583] – 23/11/2013 – 12:03:47


. (…) — C:UsbFix [Scan 2] FLORIE.txt [10448]
O44 – LFC:[MD5.0D96EA4222DA78D88B381C8D6A4CC36C] – 23/11/2013 – 12:17:05 —A- . (…) — C:UsbFix [Clean 3] FLORIE.txt [11367]
~ Files: 97 Legitimates Filtered in 00mn 40s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.120766BCD9DE22176579A67BBB0C5EE9] – 18/11/2013 – 18:54:16 —A- – C:WindowsPrefetchdynreservedpri.db
O45 – LFCP:[MD5.1815FB869A141ACA6681837A490B60D0] – 23/11/2013 – 12:24:11 —A- – C:WindowsPrefetchINSTUP.EXE-3AF05CB9.pf
~ Prefetcher: 51 Legitimates Filtered in 00mn 00s

—\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 – SEH:ShellExecuteHooks – Groove GFS Stub Execution Hook [64Bits] – {B5A7F190-DDA6-4420-B3BA-52453494E6CD} – C:PROGRA~2MICROS~1Office14GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] – 22/11/2013 – 16:59:35 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776]
~ Drivers: 17 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 20/11/2013 – 12:53:56 —A- . (…) — C:UsersFlorie CoponDocumentsWhislit.docx [79116]
O61 – LFC: 21/11/2013 – 12:53:55 —A- . (…) — C:UsersFlorie CoponDocumentsMaster 1 sociologiePosture pro.docx [19905]
O61 – LFC: 21/11/2013 – 12:53:56 —A- . (…) — C:UsersFlorie CoponDownloadsOffreStage.pdf [49877]
O61 – LFC: 21/11/2013 – 12:53:56 —A- . (…) — C:UsersFlorie CoponDownloadsandvcata2013poursitedoublepage.pdf [3187931]
O61 – LFC: 21/11/2013 – 12:53:56 —A- . (…) — C:UsersFlorie CoponDownloadsbulletin_adhesion.pdf [97988]
O61 – LFC: 22/11/2013 – 12:53:51 —A- . (…) — C:UsersFlorie CoponAppDataRoamingcacaowebcacaoweb.exe [454656] =>PUP.CacaoWeb
O61 – LFC: 22/11/2013 – 12:53:51 —A- . (…) — C:UsersFlorie CoponAppDataRoamingcacaowebfile06CF7DC273561FBB8F2A426428C445DC.cacao [4006934] =>PUP.CacaoWeb
O61 – LFC: 22/11/2013 – 12:53:51 —A- . (…) — C:UsersFlorie CoponAppDataRoamingcacaowebfileF93808495B04F624DD01BA027AB251D8.cacao [252556522] =>PUP.CacaoWeb
O61 – LFC: 22/11/2013 – 12:53:51 —A- . (…) — C:UsersFlorie CoponAppDataRoamingcacaowebnpdfile.dat [462] =>PUP.CacaoWeb
O61 – LFC: 22/11/2013 – 12:53:51 —A- . (…) — C:UsersFlorie CoponAppDataRoamingcacaowebstorage.db [637] =>PUP.CacaoWeb
O61 – LFC: 23/11/2013 – 12:51:48 —A- . (…) — C:UsersFlorie CoponAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [266723]
O61 – LFC: 23/11/2013 – 12:51:51 —A- . (…) — C:UsersFlorie CoponAppDataLocalGoogleChromeUser DataLocal State [46851]
O61 – LFC: 23/11/2013 – 12:53:54 —A- . (…) — C:UsersFlorie CoponAppDataRoamingZHPLog.txt [17416] =>.Nicolas Coolman
O61 – LFC: 23/11/2013 – 12:53:54 —A- . (…) — C:UsersFlorie CoponAppDataRoamingZHPTestsZHPDiag.txt [3029] =>.Nicolas Coolman
~ 3 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 817 Legitimates Filtered in 05mn 11s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {30BD3E62-1DE1-0E36-50B6-060602C823A2} – (Setuprog Customized Web Search) – http://search.conduit.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {afdbddaa-5d3f-42ee-b79c-185a7020515b} [DefaultScope] – (Mysearchdial) – http://start.mysearchdial.com” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (…) — C:ProgramDataSetStretch.exe [24576]
[MD5.177E24726F38D24B10532D7DDEE0DCC7] [SPRF][22/11/2013] (…) — C:UsersFlorie CoponDesktopcacaoweb.exe [454656] =>PUP.CacaoWeb
~ Files: 3 Legitimates Filtered in 00mn 00s

—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “TCP Query User{053C94AB-7391-4D0A-B586-3183F271AF3A}C:usersflorie copondownloadscacaoweb.exe” |In – Private – P6 – TRUE | .(…) — C:usersflorie copondownloadscacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “UDP Query User{6A2E0249-F6C4-4364-A8E8-D0368F49242D}C:usersflorie copondownloadscacaoweb.exe” |In – Private – P17 – TRUE | .(…) — C:usersflorie copondownloadscacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “{BD22DF3F-3A75-4955-8EE6-D6296419FA1A}” |In – Public – P17 – TRUE | .(…) — C:usersflorie copondownloadscacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “{59CD9CCE-A807-4E9F-AD99-2019559A3962}” |In – Public – P6 – TRUE | .(…) — C:usersflorie copondownloadscacaoweb.exe (.not file.) =>PUP.CacaoWeb
O87 – FAEL: “TCP Query User{FE77526E-EB79-45B3-95BF-0E1AA016177C}C:usersflorie coponappdataroamingcacaowebcacaoweb.exe” | In – Private – P6 – TRUE | .(…) — C:usersflorie coponappdataroamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
O87 – FAEL: “UDP Query User{4590C09A-843A-4F19-B22A-5051B1222674}C:usersflorie coponappdataroamingcacaowebcacaoweb.exe” | In – Private – P17 – TRUE | .(…) — C:usersflorie coponappdataroamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
O87 – FAEL: “{B7E60CDC-3BFE-4773-81FB-3A88AA311363}” | In – Public – P17 – TRUE | .(…) — C:usersflorie coponappdataroamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
O87 – FAEL: “{03494554-5FB5-4852-869E-9093F6F50A4D}” | In – Public – P6 – TRUE | .(…) — C:usersflorie coponappdataroamingcacaowebcacaoweb.exe =>PUP.CacaoWeb
O87 – FAEL: “TCP Query User{0D2B81D9-C865-4A42-A912-29E266CE64EF}C:usersflorie coponappdatalocaltemprarsfx0hl.exe” |In – Public – P6 – TRUE | .(…) — C:usersflorie coponappdatalocaltemprarsfx0hl.exe (.not file.)
O87 – FAEL: “UDP Query User{F5384E25-5F9F-4229-B3E2-908E3C718B9B}C:usersflorie coponappdatalocaltemprarsfx0hl.exe” |In – Public – P17 – TRUE | .(…) — C:usersflorie coponappdatalocaltemprarsfx0hl.exe (.not file.)
O87 – FAEL: “TCP Query User{061E71FE-3B9B-416C-A183-32BF830AA9E9}C:usersflorie copondesktopcacaoweb.exe” | In – Public – P6 – TRUE | .(…) — C:usersflorie copondesktopcacaoweb.exe =>PUP.CacaoWeb
O87 – FAEL: “UDP Query User{5E78AB02-7C9A-4593-98D8-D215B226C749}C:usersflorie copondesktopcacaoweb.exe” | In – Public – P17 – TRUE | .(…) — C:usersflorie copondesktopcacaoweb.exe =>PUP.CacaoWeb
~ Firewall: 228 Legitimates Filtered in 00mn 03s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Auto 09/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SS – | Auto 08/08/2012 239616 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
SR – | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
SS – | Auto 23/07/2012 105120 | (ASLDRService) . (.ASUSTek Computer Inc..) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
SS – | Auto 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) – C:Program Files (x86)ASUSASUS InstantOnInsOnSrv.exe
SS – | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
SR – | Auto 22/11/2013 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
SS – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SS – | Auto 18/01/2013 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 18/01/2013 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 02/11/2013 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SR – | Auto 26/12/2012 241016 | (McShield) . (.McAfee, Inc..) – C:Program FilesCommon FilesMcAfeeSystemCoremcshield.exe
SR – | Auto 26/12/2012 218320 | (mfefire) . (.McAfee, Inc..) – C:Program FilesCommon FilesMcAfeeSystemCoremfefire.exe
SR – | Auto 26/12/2012 182312 | (mfevtp) . (.McAfee, Inc..) – C:windowssystem32mfevtps.exe
SR – | Demand 10/07/1658 0 | (WinDefend) . (…) – C:Program Files (x86)Windows DefenderMsMpEng.exe
SS – | Demand 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SS – | Demand 20/09/2012 29696 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 13s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Run by Florie Copon at 23/11/2013 12:59:20
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Florie Copon at 23/11/2013 12:59:22

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 12996 – (22/11/2013)
Clés trouvées (Keys found) : 27
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 2

[HKLMSoftwareGoogleChromeExtensionspflphaooapbgpeakohlggbpidpppgdff] =>Adware.MyWebSearch^
[HKLMSoftwareClassesAppID{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLMSoftwareWow6432NodeClassesAppID{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLMSoftwareClassesAppID{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLMSoftwareClassesTypeLib{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLMSoftwareWow6432NodeClassesAppID{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>PUP.Babylon
[HKLMSoftwareWow6432NodeClassesInterface{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
[HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerSearchScopes{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}] =>Toolbar.Conduit
[HKLMSoftwareClassesAppID{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLMSoftwareWow6432NodeClassesAppID{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>PUP.Babylon
[HKLMSoftwareClassesAppID{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLMSoftwareClassesTypeLib{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLMSoftwareWow6432NodeClassesAppID{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>PUP.Babylon
[HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{f4ef4468-9bbb-45a1-a2ce-f0c430a9a7e5}] =>Toolbar.Conduit
[HKLMSoftwareClassesAppIDescort.dll] =>PUP.Babylon
[HKLMSoftwareClassesAppIDescortapp.dll] =>PUP.Babylon
[HKLMSoftwareClassesAppIDescorteng.dll] =>PUP.Babylon
[HKLMSoftwareClassesAppIDesrv.EXE] =>PUP.Babylon
[HKCUSoftwarecacaoweb] =>PUP.CacaoWeb
[HKCUSoftwareSoftonic] =>Toolbar.Conduit
[HKLMSoftwareWow6432NodeInstallCore] =>Adware.InstallCore
[HKLMSoftwareClassesAppIDescorTlbr.DLL] =>PUP.Funmoods
[HKLMSoftwareWow6432NodeClassesAppIDescort.DLL] =>PUP.Funmoods
[HKLMSoftwareWow6432NodeClassesAppIDescortApp.DLL] =>PUP.Funmoods
[HKLMSoftwareWow6432NodeClassesAppIDescortEng.DLL] =>PUP.Funmoods
[HKLMSoftwareWow6432NodeClassesAppIDescorTlbr.DLL] =>PUP.Funmoods
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:cacaoweb =>PUP.CacaoWeb^
C:UsersFlorie CoponAppDataLocalGoogleChromeUser DataDefaultExtensionspflphaooapbgpeakohlggbpidpppgdff =>Adware.MyWebSearch^
C:Program Files (x86)Mysearchdial =>Adware.MyWebSearch^
C:UsersFlorie CoponAppDataRoamingcacaoweb =>PUP.CacaoWeb^
C:WindowsTasksMySearchDial.job =>Adware.MyWebSearch^
C:UsersFlorie CoponDesktopcacaoweb.exe =>PUP.CacaoWeb^
~ Additionnel Scan: 266849 Items scanned in 01mn 16s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27146838-adware-mywebsearch” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
~ http://nicolascoolman.webs.com/apps/blog/show/27566847-pup-cacaoweb” onclick=”window.open(this.href);return false; =>PUP.CacaoWeb
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/29790567-adware-installcore” onclick=”window.open(this.href);return false; =>Adware.InstallCore
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>PUP.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask” onclick=”window.open(this.href);return false; =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods” onclick=”window.open(this.href);return false; =>PUP.Funmoods
~ MSI: 7 link(s) detected in 01mn 16s

~ 1803 Legitimates filtered by white list
End of the scan (461 lines in 10mn 34s)(0)