Répondre à : iTunesHelper.vbe 2016-09-08T13:26:28+00:00
Samuel
Nombre d'articles : 0

Malwarebytes Anti-Malware (Essai) 1.75.0.1300
http://www.malwarebytes.org

Version de la base de données: v2014.02.16.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
temp :: TEMP-PC [administrateur]

Protection: Activé

16/02/2014 21:00:12
mbam-log-2014-02-16 (21-00-12).txt

Type d’examen: Examen complet (A:|C:|D:|F:|G:|Q:|)
Options d’examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d’examen désactivées: P2P
Elément(s) analysé(s): 352741
Temps écoulé: 1 heure(s), 13 minute(s), 24 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 1
HKCRAppID{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 1
C:UserstempAppDataLocalLollipop (Adware.LolliPop.IT) -> Mis en quarantaine et supprimé avec succès.

Fichier(s) détecté(s): 6
C:UserstempDownloadsUnlocker1.9.1.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
F:Program FilesConduitCommunity AlertsAlert.dll (PUP.Optional.Conduit) -> Mis en quarantaine et supprimé avec succès.
F:UsersutilisateurDownloadsfreeyoutubetomp.exe (PUP.Toolbar.Repacked) -> Mis en quarantaine et supprimé avec succès.
F:UsersutilisateurDownloadsFree Mp3 Wma Converter.exe (PUP.AdBundler) -> Mis en quarantaine et supprimé avec succès.
C:UserstempAppDataLocalLollipoplollipop.bat (Adware.LolliPop.IT) -> Mis en quarantaine et supprimé avec succès.
C:UserstempAppDataLocalLollipopLollipop.exe (Adware.LolliPop.IT) -> Mis en quarantaine et supprimé avec succès.

(fin)

# AdwCleaner v3.018 – Rapport créé le 16/02/2014 à 22:29:23
# Mis à jour le 28/01/2014 par Xplode
# Système d’exploitation : Windows 7 Professional Service Pack 1 (32 bits)
# Nom d’utilisateur : temp – TEMP-PC
# Exécuté depuis : C:UserstempAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5MIEKD1UAadwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****

[#] Service Supprimé : BackupStack

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:ProgramDataAsk
Dossier Supprimé : C:Program FilesMyPC Backup
Dossier Supprimé : C:UserstempAppDataLocalDuuqu
Dossier Supprimé : C:UserstempAppDataLocalSwvUpdater
Dossier Supprimé : C:UserstempAppDataRoamingAdvanced System Protector
Dossier Supprimé : C:UserstempAppDataRoamingSystweak
Dossier Supprimé : C:UserstempAppDataRoamingMicrosoftWindowsStart MenuProgramsMyPC Backup
Fichier Supprimé : C:UserstempAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupMyPC Backup.lnk
Fichier Supprimé : C:UserstempDesktopMyPC Backup.lnk

***** [ Raccourcis ] *****

***** [ Registre ] *****

Clé Supprimée : HKLMSOFTWAREGoogleChromeExtensionsaaaaojmikegpiepcfdkkjaplodkpfmlo
Clé Supprimée : HKLMSOFTWAREMicrosoftTracingAskPIP_FF__RASAPI32
Clé Supprimée : HKLMSOFTWAREMicrosoftTracingAskPIP_FF__RASMANCS
Clé Supprimée : HKLMSOFTWAREMicrosoftTracingQuickShare_RASAPI32
Clé Supprimée : HKLMSOFTWAREMicrosoftTracingQuickShare_RASMANCS
Clé Supprimée : HKLMSOFTWAREMicrosoftTracingwajam_install_rasapi32
Clé Supprimée : HKLMSOFTWAREMicrosoftTracingwajam_install_rasmancs
Clé Supprimée : HKLMSOFTWAREMicrosoftTracingwajamupdater_rasapi32
Clé Supprimée : HKLMSOFTWAREMicrosoftTracingwajamupdater_rasmancs
Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp Pathsmypc backup
Clé Supprimée : HKLMSOFTWAREClassesCLSID{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Clé Supprimée : HKLMSOFTWAREClassesCLSID{AE07101B-46D4-4A98-AF68-0333EA26E113}
Clé Supprimée : HKLMSOFTWAREClassesInterface{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Clé Supprimée : HKLMSOFTWAREClassesInterface{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Clé Supprimée : HKLMSOFTWAREClassesTypeLib{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AE07101B-46D4-4A98-AF68-0333EA26E113}
Valeur Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Clé Supprimée : HKCUSoftwareAPN PIP
Clé Supprimée : HKCUSoftwareConduit
Clé Supprimée : HKCUSoftwareDuuqu
Clé Supprimée : HKCUSoftwareInstallCore
Clé Supprimée : HKCUSoftwarelollipop
Clé Supprimée : HKCUSoftwareParetoLogic
Clé Supprimée : HKCUSoftwaresmartbar
Clé Supprimée : HKCUSoftwareAppDataLowSoftwaresmartbar
Clé Supprimée : HKLMSoftwareDuuqu
Clé Supprimée : HKLMSoftwareParetoLogic
Clé Supprimée : HKLMSoftwarePIP
Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallMyPC Backup

***** [ Navigateurs ] *****

-\ Internet Explorer v11.0.9600.16518

*************************

AdwCleaner[R0].txt – [3403 octets] – [16/02/2014 22:28:02]
AdwCleaner[S0].txt – [3238 octets] – [16/02/2014 22:29:23]

########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [3298 octets] ##########

~ Rapport de ZHPDiag v2014.2.14.14 – Nicolas Coolman (14/02/2014)
~ Lancé par temp (16/02/2014 22:37:02)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program

—\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16518

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : 84QFM
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
avast! Free Antivirus v9.0.2013
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus v3.8.141.11
Windows Defender W7

—\ Logiciels d’optimisation du système
CCleaner v4.10 =>Piriform Ltd

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 21

—\ Informations sur le système
~ Processor: x86 Family 15 Model 4 Stepping 7, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 54 GB (72%) free of 74 GB

—\ Mode de connexion au système
~ Computer Name: TEMP-PC
~ User Name: temp
~ All Users Names: temp, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UserstempAppDataRoamingZHP
~ %AppData% : C:UserstempAppDataRoaming
~ %Desktop% : C:UserstempDesktop
~ %Favorites% : C:UserstempFavorites
~ %LocalAppData% : C:UserstempAppDataLocal
~ %StartMenu% : C:UserstempAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 54 Go of 74 Go)
D: CD-ROM drive (Not Inserted)
F: Hard drive, Flash drive, Thumb drive (Free 221 Go of 240 Go)
G: Hard drive, Flash drive, Thumb drive (Free 58 Go of 58 Go)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

—\ Etat du Centre de Sécurité Windows
~ Security Center: 47 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 06:30:54.) — C:WindowsExplorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:14:45.) — C:WindowsSystem32Wininit.exe [96256]
[MD5.9C89246184979A070B0C6CCF61C68136] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.06/02/2014 – 09:41:35.) — C:WindowsSystem32wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 22:29:06.) — C:WindowsSystem32Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 22:29:24.) — C:WindowsSystem32sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.14/09/2013 – 01:48:58.) — C:Windowssystem32DriversAFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:26:15.) — C:Windowssystem32Driversatapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:11:15.) — C:Windowssystem32DriversCdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 22:29:03.) — C:Windowssystem32DriversCdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 22:29:07.) — C:Windowssystem32DriversDfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 22:29:03.) — C:Windowssystem32DriversHDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:11:24.) — C:Windowssystem32Driversi8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 00:54:29.) — C:Windowssystem32DriversIpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:17:22.) — C:Windowssystem32DriversMRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 22:29:08.) — C:Windowssystem32DriversnetBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 14:45:29.) — C:Windowssystem32Driversntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 00:45:35.) — C:Windowssystem32DriversParport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/07/2009 – 00:54:34.) — C:Windowssystem32DriversRasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.20/11/2010 – 22:29:49.) — C:Windowssystem32Driversrdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 00:53:41.) — C:Windowssystem32Driverssmb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 22:29:07.) — C:Windowssystem32Driverstdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 22:29:03.) — C:Windowssystem32Driversvolsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/4
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 1/17
~ Mon Bureau (My Desktop) : 1/723
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 01s

—\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe [532040] [PID.1928]
[MD5.68239842340DDFF8993DFD9127553EDA] – (.Intel Corporation – igfxTray Module.) — C:WindowsSystem32igfxtray.exe [141848] [PID.2608]
[MD5.D9C51528488EA0D98D3C4D02ABD16759] – (.Intel Corporation – igfxsrvc Module.) — C:Windowssystem32igfxsrvc.exe [252952] [PID.2664]
[MD5.004763BDF8E48244DBB9FDFDE3065EBC] – (.Intel Corporation – hkcmd Module.) — C:WindowsSystem32hkcmd.exe [173592] [PID.2744]
[MD5.CD1102E5D340216138C7F56FA8D26998] – (.Intel Corporation – persistence Module.) — C:WindowsSystem32igfxpers.exe [150552] [PID.2808]
[MD5.255E405D801CF01247390F38F92D8042] – (…) — C:Program FilesUnlockerUnlockerAssistant.exe [17408] [PID.2924]
[MD5.D63797E8E7781EE1500A810CB6194FA6] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe [253816] [PID.3012]
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [3767096] [PID.3068]
[MD5.43E2CFC37953501EA40D852AE585E7C0] – (.McAfee, Inc. – McAfee Security Scanner Scheduler.) — C:Program FilesMcAfee Security Scan3.8.141SSScheduler.exe [277920] [PID.3268]
[MD5.4263F6C131E513CEA1AE82B5B81A4E1A] – (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe [808152] [PID.3212]
[MD5.E936FA1DF62070DCE5F08A7E68F68094] – (.Eyeo GmbH – Adblock Plus Engine.) — C:Program FilesAdblock Plus for IEAdblockPlusEngine.exe [4227336] [PID.2796]
[MD5.AAC307B421DE27F6E026DF1E625BA81F] – (.Adobe Systems Incorporated – Adobe® Flash® Player Installer/Uninstaller.) — C:Windowssystem32MacromedFlashFlashUtil32_12_0_0_44_ActiveX.exe [840584] [PID.5352]
[MD5.B5C774CFA944AF3E9A42B592B476F570] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8337920] [PID.1512]
[MD5.A2CB714DCF8F0E134F2429AF673C7C08] – (.Oracle Corporation – Java(TM) Update Checker.) — C:Program FilesCommon FilesJavaJava Updatejucheck.exe [506744] [PID.5236]
~ Processes Running: Scanned in 00mn 01s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32Userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Browser Helper Objects de navigateur (O2)
O2 – BHO: Adblock Plus for IE Browser Helper Object – {FFCB3198-32F3-4E8B-9539-4324694ED664} . (.Adblock Plus – Adblock Plus Module.) — C:Program FilesAdblock Plus for IEAdblockPlus32.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: avast! Online Security – [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software – IE Webrep plugin.) — C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll
O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. – McAfee.) — C:Program FilesMcAfee Security Scan3.8.141McUICnt.exe
O4 – GSQuickLaunch [temp]: Easy Audio Cutter.lnk . (.Koyote Soft – Pas de description.) — C:Program FilesFree mp3 Wma ConverterEasy Audio CutterAudioCutter.exe
O4 – GSQuickLaunch [temp]: Free CD Ripper.lnk . (.Koyote Soft – FreeCDRipper.) — C:Program FilesFree mp3 Wma ConverterFree CD RipperFreeCDRipper.exe
O4 – GSQuickLaunch [temp]: Free Mp3 Wma Converter.lnk . (.Koyote Soft – Free Audio Converter.) — C:Program FilesFree mp3 Wma ConverterFreeConverterFreeConverter.exe
O4 – GSQuickLaunch [temp]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSProgram [temp]: Free mp3 Wma Converter.lnk . (.Koyote Soft – Free Audio Converter.) — C:Program FilesFree mp3 Wma ConverterFreeConverterFreeConverter.exe
O4 – GSProgram [temp]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSSystemTools [temp]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSDesktop [temp]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSDesktop [temp]: mbam-log-2014-02-16 (21-00-12) – Raccourci.lnk . (…) — C:UserstempAppDataRoamingMalwarebytesMalwarebytes’ Anti-MalwareLogsmbam-log-2014-02-16 (21-00-12).txt
O4 – GSDesktop [temp]: Microsoft Word Starter 2010.lnk . (.Microsoft Corporation – Microsoft Office Client Virtualization Hand.) — C:Program FilesCommon Filesmicrosoft sharedVirtualization HandlerCVH.exe
O4 – GSDesktop [temp]: Sync Folder.lnk . (…) — C:Program FilesMyPC BackupMyPC Backup.exe (.not file.) =>PUP.MyPCBackup
~ Global Startup: 68 Legitimates Filtered in 00mn 01s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Public]: McAfee Security Scan Plus.lnk . (.McAfee, Inc. – McAfee Security Scanner Scheduler.) — C:Program FilesMcAfee Security Scan3.8.141SSScheduler.exe
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:Windowssystem32igfxpers.exe
O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Run: [UnlockerAssistant] . (…) — C:Program FilesUnlockerUnlockerAssistant.exe
O4 – HKLM..Run: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Run: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{0FD103FA-76F4-4F7B-A57D-B06959CB45A3}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{0FD103FA-76F4-4F7B-A57D-B06959CB45A3}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{0FD103FA-76F4-4F7B-A57D-B06959CB45A3}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: vbscript – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:WindowsSystem32mshtml.dll =>.Microsoft Corporation
O18 – Filter: application/x-msdownload – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

—\ Enumère les données de BootExecute (BEX) (O34)
O34 – HKLM BootExecute: (autocheck autochk /r ??E:) – File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s

—\ Composants installés (ActiveSetup Installed Components) (O40)
O40 – ASIC: Google Chrome – {8A69D345-D564-463c-AFF1-A69D9E530F96} . (…) — C:Program FilesGoogleChromeApplication32.0.1700.107Installerchrmstp.exe
~ Active Setup: 11 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 20/12/2013 – 22:13:58 – [0,001] —-D C:ProgramDataRegistry Gear
~ 15 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 121 Legitimates Filtered in 00mn 13s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.4F735C4C0E6D719DB8CEE0C9ADC03989] – 16/02/2014 – 20:45:44


. (…) — C:UsbFix [Scan 1] TEMP-PC.txt [6016]
O44 – LFC:[MD5.390A487497D5353653850F91563BB6DE] – 16/02/2014 – 20:47:30 —A- . (…) — C:UsbFix [Clean 2] TEMP-PC.txt [5675]
~ Files: 59 Legitimates Filtered in 00mn 22s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.D84E90A3E92551A9657FA805A7764A90] – 16/02/2014 – 22:25:08 —A- – C:WindowsPrefetchWAJAM_VALIDATE.EXE-47B07EAD.pf =>PUP.Wajam
O45 – LFCP:[MD5.315C3978DA9FF1D505C8B37F9DE1C799] – 16/02/2014 – 22:26:05 —A- – C:WindowsPrefetchNSA7A5.TMP-2F4F9824.pf
O45 – LFCP:[MD5.6DC515BFBAEC680133F9AC7958BA6FEA] – 16/02/2014 – 22:26:06 —A- – C:WindowsPrefetchNSABFA.TMP-9D8BB3D8.pf
O45 – LFCP:[MD5.C79B5D38E84A2A5AB0516CA151F0BAD6] – 16/02/2014 – 22:26:20 —A- – C:WindowsPrefetchMYPC BACKUP.EXE-E64F9341.pf =>PUP.MyPCBackup
O45 – LFCP:[MD5.B1AE98F6FC804D089EDAA03248ED8872] – 16/02/2014 – 22:32:21 —A- – C:WindowsPrefetchADBLOCKPLUSENGINE.EXE-2DDB5F32.pf
~ Prefetcher: 71 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] – 01/12/2013 – 15:22:16 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [49944]
O58 – SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] – 05/01/2014 – 21:17:51 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [180248]
O58 – SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] – 14/07/2009 – 02:20:28 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [453712]
O58 – SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] – 13/07/2009 – 23:54:14 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [26624]
O58 – SDL:[MD5.C80B84E4843B33DA56A806E1A1275BA0] – 29/11/2005 – 21:30:24 —A- . (.Analog Devices, Inc. – SoundMAX Integrated Digital Audio.) — C:WindowsSystem32Driverssmwdm.sys [260224]
O58 – SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] – 14/07/2009 – 02:19:04 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [21072]
O58 – SDL:[MD5.8AAD333C876590293F72B315E162BCC7] – 13/07/2009 – 22:40:41 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
O58 – SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] – 13/07/2009 – 22:40:44 —A- . (…) — C:WindowsSystem32country.sys [27097]
O58 – SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] – 13/07/2009 – 22:40:40 —A- . (…) — C:WindowsSystem32HIMEM.SYS [4768]
O58 – SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] – 13/07/2009 – 22:40:43 —A- . (…) — C:WindowsSystem32KEY01.SYS [42809]
O58 – SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] – 13/07/2009 – 22:40:43 —A- . (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
O58 – SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] – 13/07/2009 – 22:40:23 —A- . (…) — C:WindowsSystem32NTDOS.SYS [27866]
O58 – SDL:[MD5.CF9ED169FF86D935E47999E82359E898] – 13/07/2009 – 22:40:31 —A- . (…) — C:WindowsSystem32NTDOS404.SYS [29146]
O58 – SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] – 13/07/2009 – 22:40:35 —A- . (…) — C:WindowsSystem32NTDOS411.SYS [29370]
O58 – SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] – 13/07/2009 – 22:40:39 —A- . (…) — C:WindowsSystem32NTDOS412.SYS [29274]
O58 – SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] – 13/07/2009 – 22:40:27 —A- . (…) — C:WindowsSystem32NTDOS804.SYS [29146]
O58 – SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] – 13/07/2009 – 22:40:11 —A- . (…) — C:WindowsSystem32NTIO.SYS [33952]
O58 – SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] – 13/07/2009 – 22:40:15 —A- . (…) — C:WindowsSystem32NTIO404.SYS [34672]
O58 – SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] – 13/07/2009 – 22:40:17 —A- . (…) — C:WindowsSystem32NTIO411.SYS [35776]
O58 – SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] – 13/07/2009 – 22:40:19 —A- . (…) — C:WindowsSystem32NTIO412.SYS [35536]
O58 – SDL:[MD5.D86B6435729231C171432B4E77801BDB] – 13/07/2009 – 22:40:13 —A- . (…) — C:WindowsSystem32NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 03s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 15/02/2014 – 22:38:50 —A- . (…) — C:UserstempDownloadsAffiche évenement Licence-AJU-upec.pdf [321117]
O61 – LFC: 16/02/2014 – 22:38:41 —A- . (…) — C:UserstempAppDataLocalGDIPFONTCACHEV1.DAT [67440]
O61 – LFC: 16/02/2014 – 22:38:43 —A- . (…) — C:UserstempAppDataRoamingMicrosoftClip OrganizerOffic14.MGC [148512]
O61 – LFC: 16/02/2014 – 22:38:43 —A- . (…) — C:UserstempAppDataRoamingMicrosoftClip Organizermstore14.mgc [197688]
O61 – LFC: 16/02/2014 – 22:38:44 —A- . (…) — C:UserstempAppDataRoamingMicrosoftTemplatesNormal.dotm [20629]
O61 – LFC: 16/02/2014 – 22:38:49 —A- . (…) — C:UserstempAppDataRoamingZHPLog.txt [18498] =>.Nicolas Coolman
O61 – LFC: 16/02/2014 – 22:38:49 —A- . (…) — C:UserstempAppDataRoamingZHPTestsZHPDiag.txt [2784] =>.Nicolas Coolman
O61 – LFC: 16/02/2014 – 22:38:49 —A- . (…) — C:UserstempDocumentscc_20140216_200810.reg [49186]
~ 8 Fichiers temporaires (Temporary files)
~ Files: 81 Legitimates Filtered in 00mn 09s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Liste les services legacy du registre (LALS) (O64)
O64 – Services: CurCS – 04/04/2013 – C:Windowssystem32driversmbam.sys (MBAMProtector) .(.Malwarebytes Corporation – Malwarebytes Anti-Malware.) – LEGACY_MBAMPROTECTOR
~ Legacy: 117 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (…) — C:Program FilesGoogleChromeApplicationchrome.exe (.not file.)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {A5E26684-C4E8-478A-9C58-A5143732DD44} – (Ask Search) – http://websearch.ask.com” onclick=”window.open(this.href);return false; =>Toolbar.Ask
~ Keys: Scanned in 00mn 00s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 15/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe
SS – | Demand 16/01/2014 235696 | (McComponentHostService) . (.McAfee, Inc..) – C:Program FilesMcAfee Security Scan3.8.141McCHSvc.exe
SS – | Auto 01/03/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) – C:Program FilesSkypeUpdaterUpdater.exe

SR – | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program FilesCommon FilesAdobeARM1.0armsvc.exe
SR – | Auto 16/02/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe
SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
SR – | Auto 14/07/2009 20992 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 14/07/2009 20992 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe

~ Services: Scanned in 00mn 09s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;

~ MBR: 1 Legitimates Filtered in 00mn 02s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by temp at 16/02/2014 22:39:36

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s

—\ Scan Additionnel (O88)
Database Version : 13031 – (14/02/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 179010 Items scanned in 00mn 34s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/32174815-pup-mypcbackup” onclick=”window.open(this.href);return false; =>PUP.MyPCBackup
~ http://nicolascoolman.webs.com/apps/blog/show/27379491-toolbar-wajam” onclick=”window.open(this.href);return false; =>PUP.Wajam
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask” onclick=”window.open(this.href);return false; =>Toolbar.Ask
~ MSI: 3 link(s) detected in 00mn 34s

~ 1046 Legitimates filtered by white list
End of the scan (400 lines in 03mn 09s)(0)

https://antimalware.top/log/SosUpload.3d38fee0166728a4d396b68299a5d59d.txt” onclick=”window.open(this.href);return false;

Voilà : )