Répondre à : Clef usb transforme dossiers en raccourcis 2016-09-08T13:21:41+00:00
Dakapi
Participant
Nombre d'articles : 11

Rapport zhdiag fin
[spoiler:13eg2pvw]—\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 – FAEL: “{A4A18C2E-206A-48D8-9330-ABDB0DFE6C35}” |In – Private – P6 – TRUE | .(…) — C:WindowsTempCMC_DRAGONrestart_helper.exe (.not file.)
O87 – FAEL: “{2D110718-936D-4D2E-AE76-E30991321A4D}” |In – Private – P17 – TRUE | .(…) — C:WindowsTempCMC_DRAGONrestart_helper.exe (.not file.)
~ Firewall: 215 Legitimates Filtered in 00mn 06s

—\ Enumère les codes produits des logiciels (PUC) (O90)
O90 – PUC: “CFA37D7451CE22B4698DCF4478BEEB75” . (..) — C:WindowsInstaller{47D73AFC-EC15-4B22-96D8-FC4487EBBE57}ARPPRODUCTICON.exe
~ Update Products: 110 Legitimates Filtered in 00mn 00s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 9/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe
SS – | Auto 14/06/2012 136176 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 14/06/2012 136176 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 16/08/2012 194032 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
SS – | Demand 17/09/2013 118680 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
SS – | Auto 25/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) – C:Program FilesNVIDIA CorporationNVIDIA Update Coredaemonu.exe
SS – | Auto 10/07/1658 0 | (vToolbarUpdater17.1.2) . (…) – C:Program FilesCommon FilesAVG Secure SearchvToolbarUpdater17.1.2ToolbarUpdater.exe =>Toolbar.AVGSearch
SS – | Demand 23/06/2013 22016 | (wampapache) . (.Apache Software Foundation.) – c:wampbinapacheapache2.4.4binhttpd.exe
SS – | Demand 23/06/2013 10923520 | (wampmysqld) . (…) – c:wampbinmysqlmysql5.6.12binmysqld.exe

SR – | Auto 17/10/2013 2494040 | (acssrv) . (.Agnitum Ltd..) – C:Program FilesAgnitumOutpost Security Suite Proacs.exe
SR – | Auto 5/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program FilesCommon FilesAdobeARM1.0armsvc.exe
SR – | Auto 6/03/2007 198168 | (Capture Device Service) . (.InterVideo Inc..) – C:Program FilesCommon FilesInterVideoDeviceServiceDevSvc.exe
SR – | Auto 12/03/2012 133280 | (Intel(R) PROSet Monitoring Service) . (.Intel Corporation.) – C:Windowssystem32IProsetMonitor.exe
SR – | Auto 4/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes' Anti-Malwarembamscheduler.exe
SR – | Auto 4/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes' Anti-Malwarembamservice.exe
SR – | Auto 14/07/2009 20992 | C:Windowssystem32HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
SR – | Auto 18/01/2013 639776 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
SR – | Auto 14/07/2009 20992 | C:Windowssystem32HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
SR – | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) – c:Program FilesCommon FilesProtexisLicense ServicePsiService_2.exe
SR – | Auto 30/07/2008 61440 | (RCSERVICE) . (…) – C:Program FilesASUSP7131Remote ControlRCService.exe
SR – | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) – C:Program FilesNVIDIA Corporation3D VisionnvSCPAPISvr.exe
SR – | Demand 29/09/2013 85264 | (VBFilt) . (.Agnitum Ltd..) – C:Windowssystem32FiltVBFilt.dll
SR – | Auto 14/07/2009 20992 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 14/07/2009 20992 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe

~ Services: Scanned in 00mn 33s

—\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;

~ MBR: 1 Legitimates Filtered in 00mn 02s

—\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Daniel at 27/11/2013 16:56:17

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s
\ Scan Additionnel (O88)
Database Version : 13000 – (26/11/2013)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1

[HKLMSoftwareGoogleChromeExtensionsndibdjnfmopecpmkdieinmbadjfpblof] =>Toolbar.AVGSearch^
[HKLMSYSTEMCurrentControlSetServicesvToolbarUpdater17.1.2] =>Toolbar.AVGSearch^
[HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:swg =>Toolbar.Google^
C:UsersDanielAppDataLocalGoogleChromeUser DataDefaultExtensionsndibdjnfmopecpmkdieinmbadjfpblof =>Toolbar.AVGSearch^
C:Program FilesGoogleGoogle ToolbarGoogleToolbarUser_32.exe =>Toolbar.Google^
~ Additionnel Scan: 424439 Items scanned in 00mn 25s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26601058-adware-addlyrics” onclick=”window.open(this.href);return false; =>Adware.AddLyrics
~ MSI: 1 link(s) detected in 00mn 25s

~ 2595 Legitimates filtered by white list
End of the scan (700 lines in 39mn 42s)(0)[/spoiler:13eg2pvw]