Benoit11
Participant
Nombre d'articles : 10

~ Rapport de ZHPDiag v2013.12.14.22 – Nicolas Coolman (14/12/2013)
~ Lancé par Mélodie (20/12/2013 10:14:47)
~ Adresse du Site Web http://nicolascoolman.webs.com » onclick= »window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ » onclick= »window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
GCIE: Google Chrome v31.0.1650.63 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 8.1 Pro, 64-bit (Build 9600)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : Y4DG7
Windows License : OK
~ Windows Remaining Initializations Number : 999
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
avast! Free Antivirus v9.0.2006
COMODO Firewall v6.3.32439.2937
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W8

—\ Logiciels d’optimisation du système

—\ Logiciels de partage PeerToPeer
Vuze v5.2.0.0 =>P2P.Azureus

—\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 25
Java 7 Update 45

—\ Informations sur le système
~ Processor: AMD64 Family 18 Model 1 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 7654 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 529 GB (77%) free of 682 GB

—\ Mode de connexion au système
~ Computer Name: MÉLODIE-PC
~ User Name: Mélodie
~ All Users Names: Mélodie, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UsersMélodieAppDataRoamingZHP
~ %AppData% : C:UsersMélodieAppDataRoaming
~ %Desktop% : C:UsersMélodieDesktop
~ %Favorites% : C:UsersMélodieFavorites
~ %LocalAppData% : C:UsersMélodieAppDataLocal
~ %StartMenu% : C:UsersMélodieAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 529 Go of 682 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Free 15 Go of 15 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.63DC38C3E4564B2405D562855643ABA2] – (.Microsoft Corporation – Explorateur Windows.) (.22/10/2013 – 08:55:27.) — C:WindowsExplorer.exe [2328872]
[MD5.48CFA7BE561A7BE144C29BB912055016] – (.Microsoft Corporation – Application de démarrage de Windows.) (.22/08/2013 – 10:58:29.) — C:WindowsSystem32Wininit.exe [144384]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.26/11/2013 – 08:07:57.) — C:WindowsSystem32wininet.dll [2334208]
[MD5.7C94FDA3809015B8F2208D2E1C221F17] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.22/08/2013 – 10:55:08.) — C:WindowsSystem32Winlogon.exe [564736]
[MD5.2F18065618E39AA2E656EE737B71E791] – (.Microsoft Corporation – Bibliothèque de licences.) (.22/08/2013 – 11:39:40.) — C:WindowsSystem32sppcomapi.dll [447488]
[MD5.239268BAB58EAE9A3FF4E08334C00451] – (.Microsoft Corporation – Pilote de fonction connexe pour WinSock.) (.22/08/2013 – 14:25:35.) — C:Windowssystem32DriversAFD.sys [567296]
[MD5.74B14192CF79A72F7536B27CB8814FBD] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.22/08/2013 – 13:43:41.) — C:Windowssystem32Driversatapi.sys [26464]
[MD5.2FA6510E33F7DEFEC03658B74101A9B9] – (.Microsoft Corporation – CD-ROM File System Driver.) (.22/08/2013 – 12:40:15.) — C:Windowssystem32DriversCdfs.sys [88576]
[MD5.C6796EA22B513E3457514D92DCDB1A3D] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.22/08/2013 – 09:46:35.) — C:Windowssystem32DriversCdrom.sys [164352]
[MD5.5DB26D7E0216D0BF364A81D3829AD7B9] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.22/08/2013 – 12:38:00.) — C:Windowssystem32DriversDfsC.sys [134656]
[MD5.03909BDBFF0DCACCABF2B2D4ADEE44DC] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.22/08/2013 – 12:38:38.) — C:Windowssystem32DriversHDAudBus.sys [78336]
[MD5.84CFC5EFA97D0C965EDE1D56F116A541] – (.Microsoft Corporation – Pilote de port i8042.) (.22/08/2013 – 12:39:15.) — C:Windowssystem32Driversi8042prt.sys [107520]
[MD5.E23D32BAF152FBE35F18C6A2AB8EF271] – (.Microsoft Corporation – IP Network Address Translator.) (.30/09/2013 – 05:13:41.) — C:Windowssystem32DriversIpNat.sys [141824]
[MD5.6129EDB793A4255B1E2FB41773AC9D9A] – (.Microsoft Corporation – Minirdr SMB Windows NT.) (.30/09/2013 – 05:13:38.) — C:Windowssystem32DriversMRxSmb.sys [404992]
[MD5.0217532E19A748F0E5D569307363D5FD] – (.Microsoft Corporation – MBT Transport driver.) (.22/08/2013 – 12:37:02.) — C:Windowssystem32DriversnetBT.sys [282624]
[MD5.4412D565C0278C401575E11072C7DCE3] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.22/08/2013 – 14:25:41.) — C:Windowssystem32Driversntfs.sys [2011488]
[MD5.764B1121867B2D9B31C491668AC72B2B] – (.Microsoft Corporation – Pilote de port parallèle.) (.22/08/2013 – 12:40:02.) — C:Windowssystem32DriversParport.sys [94208]
[MD5.BBB6272B7F46C4640A8CDB8A70C3450F] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.22/08/2013 – 12:35:51.) — C:Windowssystem32DriversRasl2tp.sys [120832]
[MD5.680C1DAE268B6FB67FA21B389A8B79EF] – (.Microsoft Corporation – Redirecteur de périphérique de Microsoft RDP.) (.30/09/2013 – 04:59:55.) — C:Windowssystem32Driversrdpdr.sys [195584]
[MD5.FFF28F9F6823EB1756C60F1649560BBF] – (.Microsoft Corporation – TDI Translation Driver.) (.22/08/2013 – 14:25:35.) — C:Windowssystem32Driverstdx.sys [107520]
[MD5.9F9CE33B50611A1C61A46B8911E0B30B] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.22/08/2013 – 13:39:15.) — C:Windowssystem32Driversvolsnap.sys [312160]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/4403
~ Mes musiques (My Musics) : 1/17491
~ Mes Videos (My Videos) : 2/3
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 2/5747
~ Mon Bureau (My Desktop) : 1/9
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 32s

—\ Processus lancés
[MD5.DF552350CDC2AA39C01CE40612DF82A8] – (.Samsung – Kies.) — C:Program Files (x86)SamsungKiesKies.exe [1564528] [PID.5080]
[MD5.0D360F06B168A6F37ACA9D9F958245DA] – (.NTI Corporation – Acer Backup Manager.) — C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe [297280] [PID.5188]
[MD5.2ADC102A6D92BFB1F092A1A165E24181] – (.Dritek System Inc. – Launch Manager.) — C:Program Files (x86)Launch ManagerLManager.exe [1081424] [PID.5248]
[MD5.0203706E97B7286EDDBC62B1D16025C3] – (.Dritek System Inc. – Launch Manager Worker.) — C:Program Files (x86)Launch ManagerLMworker.exe [334416] [PID.5352]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.5376]
[MD5.7C0704D4523BA671AFE6D028399942D3] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastavastui.exe [3567800] [PID.5408]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] – (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe [863184] [PID.1832]
[MD5.2330B5A4A3824F042DC96D524893A6B5] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8295936] [PID.3344]
[MD5.4BE7EC02133544CDE7A580875E130208] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [50344] [PID.1292]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — c:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65640] [PID.2000]
[MD5.4AB2A58816CC6BE771F1D8C768B804C5] – (.Dritek System Inc. – Dritek WMI Service.) — C:Program Files (x86)Launch Managerdsiwmis.exe [352336] [PID.1896]
[MD5.424E19980318AE562FFE3948649AFD65] – (.Dritek System Inc. – Launch Manager utility process.) — C:Program Files (x86)Launch ManagerLMutilps32.exe [414800] [PID.2072]
[MD5.CFD54D70F76E84E1E737AE1140FBC5C0] – (.Garmin Ltd or its subsidiaries – Garmin Core Update Service.) — C:Program Files (x86)GarminCore Update ServiceGarmin.Cartography.MapUpdate.CoreService.exe [220504] [PID.2092]
[MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] – (.Acer Incorporated – Global Registration Service.) — C:Program Files (x86)AcerRegistrationGREGsvc.exe [36456] [PID.2260]
[MD5.B705C7097F9A0EC941D02DCE7C7D426C] – (.Acer Incorporated – Updater Service.) — C:Program FilesAcerAcer UpdaterUpdaterService.exe [244624] [PID.2284]
[MD5.1873214666F6F0A883742DF91FBC48C9] – (.NTI Corporation – Backup Manager Module.) — C:Program Files (x86)NTIAcer Backup ManagerIScheduleSvc.exe [256832] [PID.2744]
[MD5.338700E2C721DFCC932C4CC9D175DD70] – (.WildTangent – WildTangent Games App Integration Service.) — C:Program Files (x86)WildTangent GamesAppGamesAppIntegrationService.exe [227936] [PID.5244]
~ Processes Running: Scanned in 00mn 01s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersMélodieAppDataLocalGoogleChromeUser DataDefaultPreferences
G2 – GCE: Preference [User DataDefault] [boeajhmfdjldchidhphikilcgdacljfm] Facebook v.1.0.3 (Activé)
G2 – GCE: Preference [User DataDefault] [cjpmpckipdajjiflmahgnddgflinnjec] https://bpaid.bpost.be/fr/Account/Logon/Valid » onclick= »window.open(this.href);return false; v.2013.5.21.35917 (Activé)
G2 – GCE: Preference [User DataDefault] [fnmpflnibnegcpilignjdcnekmfmlkcb] http://horaires.helha.be/ » onclick= »window.open(this.href);return false; v.2013.5.21.35886 (Activé)
G2 – GCE: Preference [User DataDefault] [hfaomjndflnakaokhdmagfhlhjhehmfa] http://www.crelan-online.be/index.html » onclick= »window.open(this.href);return false; v.2013.5.21.35911 (Activé)
G2 – GCE: Preference [User DataDefault] [jlgdloilieclkegafohackmhffbmdpko] Yulia Brodskaya v.2 (Activé)
G2 – GCE: Preference [User DataDefault] [mbfpeklmpfhimdjidpmcihdmnoohcbom] http://mail.student.helha.be/ » onclick= »window.open(this.href);return false; v.2013.5.21.35882 (Activé)
G2 – GCE: Preference [User DataDefault] [opjlceefgpddngngoomfoklpcchhdobe] http://claroline.helha.be/index.php?category= » onclick= »window.open(this.href);return false; v.2013.5.21.35879 (Activé)
~ Google Browser: 21 Legitimates Filtered in 00mn 14s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: (no name) [64Bits] – [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: calibre – E-book management.lnk . (…) — C:Program Files (x86)Calibre2calibre.exe
O4 – GSDesktop [Public]: Garmin Express.lnk . (.Garmin – Express.) — C:Program Files (x86)GarminExpressExpress.exe =>.Garmin Corporation
O4 – GSDesktop [Public]: Glowing Touchpad.lnk . (…) — C:Program Files (x86)SynapticsSynTPSynGlwPad.exe (.not file.)
O4 – GSDesktop [Public]: Nitro Reader.lnk . (.Nitro PDF – Nitro Reader 3.) — C:Program Files (x86)NitroReader 3NitroPDFReader.exe
O4 – GSDesktop [Public]: PCSX2 0.9.8 (r4600).lnk . (…) — C:Program Files (x86)PCSX2 0.9.8pcsx2-r4600.exe
O4 – GSProgram [Public]: Desktop.lnk – Clé orpheline
O4 – GSProgram [Public]: Vuze.lnk . (…) — C:Program Files (x86)VuzeAzureus.exe (.not file.) =>P2P.Azureus
O4 – GSQuickLaunch [Mélodie]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSQuickLaunch [Mélodie]: Vuze.lnk . (…) — C:Program Files (x86)VuzeAzureus.exe (.not file.) =>P2P.Azureus
O4 – GSTaskBar [Mélodie]: Excel 2013.lnk . (…) — C:Program Files (x86)Microsoft Office 15rootoffice15EXCEL.exe (.not file.)
O4 – GSTaskBar [Mélodie]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O4 – GSTaskBar [Mélodie]: PowerPoint 2013.lnk . (…) — C:Program Files (x86)Microsoft Office 15rootoffice15POWERPNT.exe (.not file.)
O4 – GSTaskBar [Mélodie]: Word 2013.lnk . (…) — C:Program Files (x86)Microsoft Office 15rootoffice15WINWORD.exe (.not file.)
O4 – GSProgram [Mélodie]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSDesktop [Mélodie]: CopyTrans Control Center.lnk . (.WindSolutions – Pas de description.) — C:UsersMélodieAppDataRoamingWindSolutionsCopyTransControlCenterApplicationsCopyTransControlCenter.exe
O4 – GSDesktop [Mélodie]: PDFTKBuilder – Raccourci.lnk . (…) — C:Program Files (x86)PDFTK BuilderPDFTKBuilder.exe
~ Global Startup: 64 Legitimates Filtered in 00mn 01s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Mélodie]: Envoyer à OneNote.lnk . (.Microsoft Corporation – Send to OneNote Tool.) — C:Program FilesMicrosoft Office 15rootoffice15ONENOTEM.exe
O4 – HKLM..Run: [SynTPEnh] C:Program Files (x86)SynapticsSynTPSynTPEnh.exe (.not file.)
O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor – HD Audio Background Process.) — C:Program FilesRealtekAudioHDARAVBg64.exe
O4 – HKLM..Run: [Power Management] . (.Acer Incorporated – ePowerTray.) — C:Program FilesAcerAcer ePower ManagementePowerTray.exe
O4 – HKLM..Run: [CanonMyPrinter] . (.CANON INC. – Canon My Printer.) — C:Program FilesCanonMyPrinterBJMyPrt.exe
O4 – HKCU..Run: [DAEMON Tools Lite] . (.Disc Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
O4 – HKCU..Run: [GarminExpressTrayApp] . (.Garmin Ltd or its subsidiaries – Express Tray.) — C:Program Files (x86)GarminExpress TrayExpressTray.exe
O4 – HKCU..Run: [KiesPreload] . (.Samsung – Kies.) — C:Program Files (x86)SamsungKiesKies.exe
O4 – HKCU..Run: [KiesAirMessage] C:Program Files (x86)SamsungKiesKiesAirMessage.exe (.not file.)
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [BackupManagerTray] . (.NTI Corporation – Acer Backup Manager.) — C:Program Files (x86)NTIAcer Backup ManagerBackupManagerTray.exe
O4 – HKLM..Wow6432NodeRun: [Dolby Advanced Audio v2] . (.Dolby Laboratories Inc. – Dolby Profile Selector.) — C:Dolby PCEE4pcee4.exe
O4 – HKLM..Wow6432NodeRun: [LManager] . (.Dritek System Inc. – Launch Manager.) — C:Program Files (x86)Launch ManagerLManager.exe
O4 – HKLM..Wow6432NodeRun: [SuiteTray] . (.Egis Technology Inc. – SuiteTray.) — C:Program Files (x86)EgisTec MyWinLockerSuitex86SuiteTray.exe
O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe =>.Advanced Micro Devices, Inc
O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Wow6432NodeRun: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
O4 – HKLM..Wow6432NodeRun: [20131121] . (.AVAST Software – avast! Emergency Update.) — C:Program FilesAVAST SoftwareAvastsetupemupdateb7fd25dd-325c-4a45-9eaf-36d1b489195e.exe
O4 – HKLM..Wow6432NodeRun: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. – Kies TrayAgent Application.) — C:Program Files (x86)SamsungKiesKiesTrayAgent.exe =>.Samsung Electronics Co
O4 – HKUSS-1-5-18..Run: [EPSON Stylus SX200 Series] . (.SEIKO EPSON CORPORATION – EPSON Status Monitor 3.) — C:WINDOWSsystem32spoolDRIVERSx643E_IATIEFE.exe =>.Epson Seiko Corporation
O4 – HKUSS-1-5-21-190457762-3544485587-4066612957-1000..Run: [DAEMON Tools Lite] . (.Disc Soft Ltd – DAEMON Tools Lite.) — C:Program Files (x86)DAEMON Tools LiteDTLite.exe =>.DT Soft Ltd
O4 – HKUSS-1-5-21-190457762-3544485587-4066612957-1000..Run: [GarminExpressTrayApp] . (.Garmin Ltd or its subsidiaries – Express Tray.) — C:Program Files (x86)GarminExpress TrayExpressTray.exe
O4 – HKUSS-1-5-21-190457762-3544485587-4066612957-1000..Run: [KiesPreload] . (.Samsung – Kies.) — C:Program Files (x86)SamsungKiesKies.exe
O4 – HKUSS-1-5-21-190457762-3544485587-4066612957-1000..Run: [KiesAirMessage] C:Program Files (x86)SamsungKiesKiesAirMessage.exe (.not file.)
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: Se&nd to OneNote [64Bits] – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program FilesMicrosoft Office 15rootVFSProgramFilesX64Microsoft OfficeOffice15ONBttnIE.dll =>.Microsoft Corporation
O9 – Extra button: Lync Click to Call [64Bits] – {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} — C:Program FilesMicrosoft Office 15rootVFSProgramFilesX64Microsoft OfficeOffice15lync.exe (.not file.)
O9 – Extra button: OneNote Lin&ked Notes [64Bits] – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program FilesMicrosoft Office 15rootVFSProgramFilesX64Microsoft OfficeOffice15ONBttnIELinkedNotes.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{5A24B96A-A138-44A2-9285-B9B04BCA6011}: DhcpNameServer = 109.88.203.3 62.197.111.140
O17 – HKLMSystemCCSServicesTcpip..{87C0E1F2-D4FF-4F0F-B6B5-3476CF78A22A}: DhcpNameServer = 109.88.203.3 62.197.111.140
O17 – HKLMSystemCS1ServicesTcpip..{5A24B96A-A138-44A2-9285-B9B04BCA6011}: DhcpNameServer = 109.88.203.3 62.197.111.140
O17 – HKLMSystemCS1ServicesTcpip..{87C0E1F2-D4FF-4F0F-B6B5-3476CF78A22A}: DhcpNameServer = 109.88.203.3 62.197.111.140
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 109.88.203.3 62.197.111.140
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
O18 – Filter: video/x-flv [64Bits] – {20C75730-7C25-476B-95DC-C65810F9E489} . (.Advanced Micro Devices – MIME Video Detector for IE.) — C:Program FilesAMDSteadyVideoVideoMIMEFilter.dll
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Pilotes lancés au démarrage du système (O41)
O41 – Driver: (HMD) . (…) – C:Windowssystem32DRIVERShmd.sys
~ Drivers: 56 Legitimates Filtered in 00mn 00s

—\ HKCU & HKLM Software Keys
[HKLMSoftwarePCTools]
~ Key Software: 377 Legitimates Filtered in 00mn 01s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.F8ACFF818ADB2097BAB1535B8428312B] – 19/12/2013 – 19:01:47


. (…) — C:UsbFix [Scan 1] MÉLODIE-PC.txt [13103]
O44 – LFC:[MD5.C5736367A4C9C318B07EC991C9FB724F] – 19/12/2013 – 19:11:13 —A- . (…) — C:UsbFix [Clean 2] MÉLODIE-PC.txt [10502]
~ Files: 64 Legitimates Filtered in 00mn 08s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.07D26A407794F74172A381CFC84F1753] – 17/12/2013 – 15:11:28 —A- – C:WindowsPrefetchdynreservedpri.db
O45 – LFCP:[MD5.67BE8CE1707174A7BFAE5886BD182E98] – 19/12/2013 – 21:39:39 —A- – C:WindowsPrefetchLMUTILPS32.EXE-34FC39D7.pf
O45 – LFCP:[MD5.F52377B39BCDCA942744B8B4E3931E20] – 19/12/2013 – 21:39:39 —A- – C:WindowsPrefetchSUITETRAY.EXE-42757614.pf
O45 – LFCP:[MD5.330257445F676DC7DF8483F0AD709658] – 19/12/2013 – 21:39:47 —A- – C:WindowsPrefetchPCEE4.EXE-98ED232C.pf
O45 – LFCP:[MD5.E5D33230E58493535430FE5DDF9710F2] – 19/12/2013 – 23:19:44 —A- – C:WindowsPrefetchPfPre_478cef54.db
O45 – LFCP:[MD5.81127433D547237968D3467B0480791D] – 20/12/2013 – 10:05:20 —A- – C:WindowsPrefetchWSHOST.EXE-20E1A6EA.pf
O45 – LFCP:[MD5.2B54864B95BD12B1D4B258C7A307D6FE] – 20/12/2013 – 10:05:46 —A- – C:WindowsPrefetchGAMESAPPINTEGRATIONSERVICE.EX-7AC925EC.pf
~ Prefetcher: 143 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – « EnableUIADesktopToggle »=0
O55 – MWPS:[HKLM…PoliciesSystem] – « FilterAdministratorToken »=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – « NoActiveDesktopChanges »=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.D168AE57558A6174FB35E0F82B32F62B] – 14/11/2012 – 15:11:37 —A- . (…) — C:WindowsSystem32Driversaswnet.sys.sum [175]
O58 – SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] – 25/10/2013 – 13:51:04 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [65776]
O58 – SDL:[MD5.2E83D2621E87C493AB45DC6655BA77D4] – 28/06/2013 – 20:15:19 —A- . (…) — C:WindowsSystem32DriversaswSnx.sys.sum [175]
O58 – SDL:[MD5.A5F29AC2F0ADE8B995B49D7350CE3AC0] – 28/06/2013 – 20:15:20 —A- . (…) — C:WindowsSystem32DriversaswSP.sys.sum [175]
O58 – SDL:[MD5.59787B95DD9CA44CB139D96863438587] – 25/10/2013 – 13:51:04 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [205320]
O58 – SDL:[MD5.E86C64478D9A90D62255FE9EB0150C6E] – 28/06/2013 – 20:15:21 —A- . (…) — C:WindowsSystem32Driversaswvmm.sys.sum [175]
O58 – SDL:[MD5.C1ABB0F7E3BEA48A0417BDF6FF14AB21] – 13/08/2013 – 00:25:46 —A- . (.Windows (R) Win 7 DDK provider – BCM Function 2 Device Driver.) — C:WindowsSystem32Driversbcmfn2.sys [17624]
O58 – SDL:[MD5.46571ED73AE84469DCA53081D33CF3C8] – 22/04/2013 – 18:27:04 —A- . (.DT Soft Ltd – DAEMON Tools Virtual Bus Driver.) — C:WindowsSystem32Driversdtsoftbus01.sys [283200]
O58 – SDL:[MD5.D3A6BCD0047EE7923C2C3960C4CDCA4D] – 04/10/2013 – 09:15:02 —A- . (…) — C:WindowsSystem32Drivershmd.sys [14888]
O58 – SDL:[MD5.955FFE2B1D74A9E0E3E0E558E6A17F3B] – 28/10/2013 – 01:12:10 —A- . (.DEVGURU Co., LTD.(http://www.devguru.co.kr) – SAMSUNG USB Composite Device Driver (MSS Ver.3).) — C:WindowsSystem32Driversssudbus.sys [107288]
O58 – SDL:[MD5.BB94A5E2CEE5FD83BA5A72A37AECADDF] – 28/10/2013 – 01:12:12 —A- . (.DEVGURU Co., LTD.(http://www.devguru.co.kr) – SAMSUNG Android Modem Device Driver (MSS Ver.3).) — C:WindowsSystem32Driversssudmdm.sys [204568]
O58 – SDL:[MD5.366DEA74BBA65B362BCCFC6FC2ADFD8B] – 22/08/2013 – 13:43:32 —A- . (.Promise Technology, Inc. – Promise SuperTrak EX Series Driver for Windows x64.) — C:WindowsSystem32Driversstexstor.sys [31072]
~ Drivers: 17 Legitimates Filtered in 00mn 06s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 17/12/2013 – 10:18:24 —A- . (…) — C:UsersMélodieDocuments- HELHAAA3GESTION PROsynthesesynthèse-3.docx [7904487]
O61 – LFC: 17/12/2013 – 10:18:24 —A- . (…) — C:UsersMélodieDocuments- HELHAAA3PFIPPW -eliot-MF.pptx [202447]
O61 – LFC: 17/12/2013 – 10:18:24 —A- . (…) — C:UsersMélodieDocuments- HELHAAA3PFIPPW- MF.pptx [890703]
O61 – LFC: 17/12/2013 – 10:18:26 —A- . (…) — C:UsersMélodieDownloadsPPW (2).pptx [812110]
O61 – LFC: 18/12/2013 – 10:18:22 —A- . (…) — C:UsersMélodieAppDataRoamingMicrosoftTemplatesConception Rapport.dotx [16180]
O61 – LFC: 18/12/2013 – 10:18:24 —A- . (…) — C:UsersMélodieDocuments- HELHAAA3PFIPPW final.pptx [920446]
O61 – LFC: 18/12/2013 – 10:18:24 —A- . (…) — C:UsersMélodieDocuments- HELHAAA3PFIRapport de laboratoire du PFI-2.docx [1423773]
O61 – LFC: 18/12/2013 – 10:18:25 —A- . (…) — C:UsersMélodieDocuments- HELHAAA3PFIRapport de laboratoire du PFI.docx [1425773]
O61 – LFC: 18/12/2013 – 10:18:26 —A- . (…) — C:UsersMélodieDownloadsPPW -eliot-MF-Tam.pptx [951075]
O61 – LFC: 19/12/2013 – 10:18:26 —A- . (…) — C:UsersMélodieDownloads[kickass.to]virus.shortcut.remover.v2.1.beta.2.zip (1).torrent [1565]
O61 – LFC: 19/12/2013 – 10:18:26 —A- . (…) — C:UsersMélodieDownloads[kickass.to]virus.shortcut.remover.v2.1.beta.2.zip.torrent [1565]
O61 – LFC: 19/12/2013 – 10:18:26 —A- . (…) — C:UsersMélodieDownloads[www.seedpeer.me] Virus Shortcut Remover V2 1 Beta 2 Zip.SEEDPEER (1).torrent [1553]
O61 – LFC: 19/12/2013 – 10:18:26 —A- . (…) — C:UsersMélodieDownloads[www.seedpeer.me] Virus Shortcut Remover V2 1 Beta 2 Zip.SEEDPEER.torrent [1553]
O61 – LFC: 20/12/2013 – 10:17:52 —A- . (…) — C:UsersMélodieAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [265023]
O61 – LFC: 20/12/2013 – 10:18:00 —A- . (…) — C:UsersMélodieAppDataLocalGoogleChromeUser DataLocal State [51447]
O61 – LFC: 20/12/2013 – 10:18:23 —A- . (…) — C:UsersMélodieAppDataRoamingZHPLog.txt [18737] =>.Nicolas Coolman
O61 – LFC: 20/12/2013 – 10:18:23 —A- . (…) — C:UsersMélodieAppDataRoamingZHPTestsZHPDiag.txt [2910] =>.Nicolas Coolman
~ 12 Fichiers temporaires (Temporary files)
~ Files: 1072 Legitimates Filtered in 00mn 44s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (…) — C:Program Files (x86)OperaOpera.exe (.not file.)
~ Keys: Scanned in 00mn 00s

—\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:UsersMélodieDocumentsdiversSimCity Societies KeyGen-Subido por Cuervoamuerte.exe
C:UsersMélodieDocumentsdiversSimCity Societies KeyGen-Subido por Cuervoamuerte.exe
~ Files: Scanned in 00mn 55s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.0D26EF8C01E3E1C77877C303A9317F69] [SPRF][10/12/2013] (…) — C:UsersMélodieAppDataLocalTempQuarantine.exe [360051]
[MD5.FFA683DC592D4E91F76714D9BA2272D1] [SPRF][19/12/2013] (…) — C:UsersMélodieDesktopadwcleaner.exe [1226750]
~ Files: 4 Legitimates Filtered in 00mn 00s

—\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 – MNS: – {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
O92 – MNS: – {374DE290-123F-4565-9164-39C4925E467B}
O92 – MNS: – {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
O92 – MNS: – {A0953C92-50DC-43bf-BE83-3742FED03C9C}
O92 – MNS: – {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
O92 – MNS: – {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
~ MNS: 6 Legitimates Filtered in 00mn 00s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 24/09/2013 164056 | (cmdvirth) . (.COMODO.) – C:Program FilesCOMODOCOMODO Internet Securitycmdvirth.exe
SS – | Demand 21/06/2011 173424 | (EgisTec Ticket Service) . (.Egis Technology Inc..) – C:Program Files (x86)Common FilesEgisTecServicesEgisTicketService.exe
SS – | Demand 02/11/2011 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) – C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
SS – | Demand 12/10/2010 206072 | (GamesAppService) . (.WildTangent, Inc..) – C:Program Files (x86)WildTangent GamesAppGamesAppService.exe
SS – | Auto 22/11/2012 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 22/11/2012 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 23/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
SS – | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
SS – | Demand 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SS – | Demand 22/08/2013 37768 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe

SR – | Auto 09/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – c:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SR – | Auto 26/09/2013 239616 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
SR – | Auto 28/09/2012 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) – C:Program FilesATI TechnologiesATI.ACEFuelFuel.Service.exe
SR – | Auto 25/10/2013 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
SR – | Auto 20/10/2013 6254152 | (cmdAgent) . (.COMODO.) – C:Program FilesCOMODOCOMODO Internet Securitycmdagent.exe
SR – | Auto 15/03/2011 352336 | (DsiWMIService) . (.Dritek System Inc..) – C:Program Files (x86)Launch Managerdsiwmis.exe
SR – | Auto 02/08/2011 872552 | (ePowerSvc) . (.Acer Incorporated.) – C:Program FilesAcerAcer ePower ManagementePowerSvc.exe
SR – | Auto 09/11/2013 227936 | (GamesAppIntegrationService) . (.WildTangent.) – C:Program Files (x86)WildTangent GamesAppGamesAppIntegrationService.exe
SR – | Auto 22/08/2013 220504 | (Garmin Core Update Service) . (.Garmin Ltd or its subsidiaries.) – C:Program Files (x86)GarminCore Update ServiceGarmin.Cartography.MapUpdate.CoreService.exe
SR – | Auto 30/05/2011 36456 | (GREGService) . (.Acer Incorporated.) – C:Program Files (x86)AcerRegistrationGREGsvc.exe
SR – | Auto 22/04/2011 244624 | (Live Updater Service) . (.Acer Incorporated.) – C:Program FilesAcerAcer UpdaterUpdaterService.exe
SR – | Auto 26/03/2013 230416 | (NitroReaderDriverReadSpool3) . (.Nitro PDF Software.) – C:Program FilesCommon FilesNitroReader3.0NitroPDFReaderDriverService3x64.exe
SR – | Auto 24/04/2011 256832 | (NTI IScheduleSvc) . (.NTI Corporation.) – C:Program Files (x86)NTIAcer Backup ManagerIScheduleSvc.exe
SR – | Demand 10/07/1658 0 | (WdNisSvc) . (…) – C:Program Files (x86)Windows DefenderNisSrv.exe
SR – | Demand 10/07/1658 0 | (WinDefend) . (…) – C:Program Files (x86)Windows DefenderMsMpEng.exe

~ Services: Scanned in 00mn 33s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Run by Mélodie at 20/12/2013 10:20:16
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog » onclick= »window.open(this.href);return false;
Run by Mélodie at 20/12/2013 10:20:18

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 13013 – (14/12/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 262220 Items scanned in 00mn 43s

—\ Récapitulatif des détections trouvées sur votre station
~ MSI: 0 link(s) detected in 00mn 43s

~ 2750 Legitimates filtered by white list
End of the scan (463 lines in 06mn 14s)(2)

Bonjour , effectivement en désactivant Windows SmartScreen cela a fonctionné. Voici donc le rapport :)