Répondre à : pc infecté par akhamaid 2016-09-08T13:28:10+00:00
Photo du profil de gwada30gwada30
Participant
Nombre d'articles : 26

voici le nouveau rapport :

~ Rapport de ZHPDiag v2014.1.2.5 – Nicolas Coolman (02/01/2014)
~ Lancé par DAUMAS (05/01/2014 08:54:23)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v7.0.6000.16982
MFIE: Mozilla Firefox 27.0
GCIE: Google Chrome v31.0.1650.63 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows Vista (TM) Home Basic, 32-bit (Build 6000)
Windows Server License Manager Script : OK
~ Vista, OEM_COA_SLP channel
Windows ID Activation : OK
~ Windows Partial Key : MHYYC
Windows License : OK
Windows Automatic Updates : OK

—\ Logiciels de protection du système
avast! Free Antivirus v9.0.2011
Malwarebytes Anti-Malware version 1.75.0.1300

—\ Logiciels d’optimisation du système
CCleaner v4.04 =>Piriform Ltd

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X

—\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3002 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 224 GB (76%) free of 293 GB

—\ Mode de connexion au système
~ Computer Name: PC-DE-DAUMAS
~ User Name: DAUMAS
~ All Users Names: DAUMAS, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UsersDAUMASAppDataRoamingZHP
~ %AppData% : C:UsersDAUMASAppDataRoaming
~ %Desktop% : E:UtilsateursDesktop
~ %Favorites% : E:UtilsateursFavorites
~ %LocalAppData% : C:UsersDAUMASAppDataLocal
~ %StartMenu% : C:UsersDAUMASAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 224 Go of 293 Go)
D: CD-ROM drive (Not Inserted)
E: Hard drive, Flash drive, Thumb drive (Free 547 Go of 639 Go)

—\ Etat du Centre de Sécurité Windows
~ Security Center: 38 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.37440D09DEAE0B672A04DCCF7ABF06BE] – (.Microsoft Corporation – Explorateur Windows.) (.18/06/2013 – 19:01:12.) — C:WindowsExplorer.exe [2923520]
[MD5.D4385B03E8CCCEE6F0EE249F827C1F3E] – (.Microsoft Corporation – Application de démarrage de Windows.) (.02/11/2006 – 05:45:57.) — C:WindowsSystem32Wininit.exe [95744]
[MD5.C7A318E74FEF945EBFF855C1513CD96C] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.19/06/2013 – 20:36:29.) — C:WindowsSystem32wininet.dll [832512]
[MD5.9F75392B9128A91ABAFB044EA350BAAD] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.02/11/2006 – 05:45:57.) — C:WindowsSystem32Winlogon.exe [308224]
[MD5.5D24CAF8EFD924A875698FF28384DB8B] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.02/11/2006 – 04:58:43.) — C:Windowssystem32DriversAFD.sys [270336]
[MD5.B35CFCEF838382AB6490B321C87EDF17] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.18/06/2013 – 19:01:54.) — C:Windowssystem32Driversatapi.sys [21560]
[MD5.6C3A437FC873C6F6A4FC620B6888CB86] – (.Microsoft Corporation – CD-ROM File System Driver.) (.02/11/2006 – 04:30:50.) — C:Windowssystem32DriversCdfs.sys [70144]
[MD5.8D1866E61AF096AE8B582454F5E4D303] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.02/11/2006 – 04:51:44.) — C:Windowssystem32DriversCdrom.sys [67072]
[MD5.A7179DE59AE269AB70345527894CCD7C] – (.Microsoft Corporation – DFS Client MUP Surrogate Driver.) (.02/11/2006 – 04:31:04.) — C:Windowssystem32DriversDfsC.sys [74752]
[MD5.0DB613A7E427B5663563677796FD5258] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.18/06/2013 – 18:47:50.) — C:Windowssystem32DriversHDAudBus.sys [53760]
[MD5.1C9EE072BAA3ABB460B91D7EE9152660] – (.Microsoft Corporation – Pilote de port i8042.) (.19/06/2013 – 19:42:44.) — C:Windowssystem32Driversi8042prt.sys [54784]
[MD5.10077C35845101548037DF04FD1A420B] – (.Microsoft Corporation – IP Network Address Translator.) (.02/11/2006 – 04:58:09.) — C:Windowssystem32DriversIpNat.sys [99840]
[MD5.8AF705CE1BB907932157FAB821170F27] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.19/06/2013 – 20:18:26.) — C:Windowssystem32DriversMRxSmb.sys [102400]
[MD5.E3A168912E7EEFC3BD3B814720D68B41] – (.Microsoft Corporation – MBT Transport driver.) (.02/11/2006 – 04:57:20.) — C:Windowssystem32DriversnetBT.sys [184320]
[MD5.37430AA7A66D7A63407ADC2C0D05E9F6] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.19/06/2013 – 20:04:46.) — C:Windowssystem32Driversntfs.sys [1060920]
[MD5.0FA9B5055484649D63C303FE404E5F4D] – (.Microsoft Corporation – Pilote de port parallèle.) (.02/11/2006 – 04:51:30.) — C:Windowssystem32DriversParport.sys [79360]
[MD5.88587DD843E2059848995B407B67F6CF] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.02/11/2006 – 04:58:13.) — C:Windowssystem32DriversRasl2tp.sys [75776]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.02/11/2006 – 05:03:00.) — C:Windowssystem32Driversrdpdr.sys [242688]
[MD5.AC0D90738ADB51A6FD12FF00874A2162] – (.Microsoft Corporation – SMB Transport driver.) (.02/11/2006 – 04:57:10.) — C:Windowssystem32Driverssmb.sys [66048]
[MD5.AB4FDE8AF4A0270A46A001C08CBCE1C2] – (.Microsoft Corporation – TDI Translation Driver.) (.02/11/2006 – 04:57:35.) — C:Windowssystem32Driverstdx.sys [68096]
[MD5.80DC0C9BCB579ED9815001A4D37CBFD5] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.18/06/2013 – 19:01:53.) — C:Windowssystem32Driversvolsnap.sys [211000]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/10155
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 1/467
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 1/50
~ Mon Bureau (My Desktop) : 2/5059
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 00s

—\ Processus lancés
[MD5.B1B7BF8A406A19CC4AD6E45555EA77E5] – (.Microsoft Corporation – Isolation graphique de périphérique audio W.) — C:Windowssystem32AUDIODG.exe [88064] [PID.1192]
[MD5.A1DCD30534835CB67733AD00175125A6] – (.Microsoft Corporation – Service de gestion des licences Microsoft.) — C:Windowssystem32SLsvc.exe [2605568] [PID.1228]
[MD5.D74884939D53612FD84AC82C59CCFE27] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [50344] [PID.1664]
[MD5.6FA10A2C0FED94F48F12CEBC20EAA609] – (.Microsoft Corporation – Infrastructure d’extensibilité pour les ser.) — C:Windowssystem32WLANExt.exe [73728] [PID.1696]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] – (.Google Inc. – Programme d’installation de Google.) — C:Program FilesGoogleUpdateGoogleUpdate.exe [116648] [PID.2032]
[MD5.A42BF2034166AA1EE9AD3CACDC374BA5] – (.Hewlett-Packard – HP Wireless Assistant main program.) — C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe [506936] [PID.1384]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program FilesCommon FilesAdobeARM1.0armsvc.exe [65640] [PID.512]
[MD5.F9D905B18752AEB78FDA90E42C5F5095] – (.CybelSoft – Service de détection matériel.) — C:Program Filesma-config.comMaConfigAgent.exe [2077008] [PID.2084]
[MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe [418376] [PID.2208]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe [701512] [PID.2344]
[MD5.7CF1B716372B89568AE4C0FE769F5869] – (.Microsoft Corporation – Machine Debug Manager.) — C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGmdm.exe [335872] [PID.2372]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe [532040] [PID.2512]
[MD5.AFEBF9E0B223FF04709F747C172D3540] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [3764024] [PID.3028]
[MD5.2A3FB4C98F139038E23330D2439DB8A4] – (.Facebook Inc. – Programme d’installation de Facebook.) — C:UsersDAUMASAppDataLocalFacebookUpdateFacebookUpdate.exe [138096] [PID.3196]
[MD5.32BD04B415865C8BCAF77310CCCB8A10] – (.Dropbox, Inc. – Dropbox.) — C:UsersDAUMASAppDataRoamingDropboxbinDropbox.exe [30714312] [PID.2856]
[MD5.0D8F9EAE265FD7485BB9E62D4C9148A7] – (.Intel Corporation – igfxsrvc Module.) — C:Windowssystem32igfxsrvc.exe [253976] [PID.768]
[MD5.FDF273A845F1FFCCEADF363AAF47582F] – (.Hewlett-Packard Development Company, L.P. – hpqwmiex Module.) — C:Program FilesHewlett-PackardSharedhpqwmiex.exe [229944] [PID.1560]
[MD5.0DE3C7622EC33126579B1742260F08C2] – (.Pas de propriétaire – HpqToaster Module.) — C:Program FilesHewlett-PackardSharedhpqToaster.exe [632888] [PID.1744]
[MD5.ADDB7E0139BBCD62CB4BE92EC4FE5EF1] – (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe [275568] [PID.5220]
[MD5.F4F6351D1CEDF10E99DBB37BABF5D3D7] – (.Mozilla Corporation – Plugin Container for Firefox.) — C:Program FilesMozilla Firefoxplugin-container.exe [18544] [PID.4796]
[MD5.5D60EE718D0C708D69DFF4B3336B68BF] – (.Adobe Systems, Inc. – Adobe Flash Player 11.9 r900.) — C:Windowssystem32MacromedFlashFlashPlayerPlugin_11_9_900_170.exe [1862536] [PID.2836]
[MD5.05CB3DA78A4BBD9B799A5957F9D101CC] – (.Microsoft Corporation – Console IME.) — C:Windowssystem32conime.exe [68608] [PID.5212]
[MD5.486BDC196F8914845302745A15310D62] – (.Nicolas Coolman – ZHPDiag.) — E:UtilsateursDesktopZHPDiagZHPDiag.exe [8321024] [PID.5956]
~ Processes Running: Scanned in 00mn 00s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersDAUMASAppDataLocalGoogleChromeUser DataDefaultPreferences
~ Google Browser: 1 Legitimates Filtered in 00mn 02s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:UsersDAUMASAppDataRoamingMozillaFirefoxProfilesi20zjtvi.defaultprefs.js
M2 – MFEP: prefs.js [DAUMAS – i20zjtvi.defaultd8222698-19e5-4827-b79e-0a077ea8eb7a@7b662f6d-3899-41e4-8864-6393447568da.com] [] Plus-HD-3.5 v (..) =>Adware.PlusHD
~ Firefox Browser: 10 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride =
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = 10.3.0.250:8080
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: avast! Online Security – [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software – IE Webrep plugin.) — C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll
O3 – ToolbarWebBrowser: (no name) – [HKCU]{F2CF5485-4E02-4F68-819C-B92DE9277049} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O4 – GSDesktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O4 – GSQuickLaunch [DAUMAS]: Google Chrome (2).lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [DAUMAS]: Google Chrome (3).lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [DAUMAS]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O4 – GSQuickLaunch [DAUMAS]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSQuickLaunch [DAUMAS]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O4 – GSSystemTools [DAUMAS]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Global Startup: 53 Legitimates Filtered in 00mn 00s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [DAUMAS]: Dropbox.lnk . (.Dropbox, Inc. – Dropbox.) — C:UsersDAUMASAppDataRoamingDropboxbinDropbox.exe =>.Dropbox
O4 – HKLM..Run: [WirelessAssistant] . (.Hewlett-Packard – HP Wireless Assistant main program.) — C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
O4 – HKLM..Run: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
O4 – HKLM..Run: [MSConfig] . (.Microsoft Corporation – Utilitaire de configuration système.) — C:Windowssystem32msconfig.exe
O4 – HKCU..Run: [Facebook Update] . (.Facebook Inc. – Programme d’installation de Facebook.) — C:UsersDAUMASAppDataLocalFacebookUpdateFacebookUpdate.exe
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..Run: [WindowsWelcomeCenter] Clé orpheline
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [WindowsWelcomeCenter] Clé orpheline
O4 – HKUSS-1-5-21-512772411-3986802996-2619441153-1000..Run: [Facebook Update] . (.Facebook Inc. – Programme d’installation de Facebook.) — C:UsersDAUMASAppDataLocalFacebookUpdateFacebookUpdate.exe
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) — C:Program FilesMicrosoft OfficeOffice12REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{0C07B2D7-D206-462D-8DE7-E0757DBB0B58}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpip..{7AF50F2F-FFC9-4F79-8F03-B3F4F64E26A0}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpip..{0C07B2D7-D206-462D-8DE7-E0757DBB0B58}: DhcpDomain = Box
O17 – HKLMSystemCCSServicesTcpip..{7AF50F2F-FFC9-4F79-8F03-B3F4F64E26A0}: DhcpDomain = Box
O17 – HKLMSystemCS1ServicesTcpip..{0C07B2D7-D206-462D-8DE7-E0757DBB0B58}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{7AF50F2F-FFC9-4F79-8F03-B3F4F64E26A0}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{0C07B2D7-D206-462D-8DE7-E0757DBB0B58}: DhcpDomain = Box
O17 – HKLMSystemCS1ServicesTcpip..{7AF50F2F-FFC9-4F79-8F03-B3F4F64E26A0}: DhcpDomain = Box
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: vbscript – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:Windowssystem32mshtml.dll =>.Microsoft Corporation
O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

—\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation – Bibliothèque de l’interface utilisateur du.) — C:WindowsSystem32browseui.dll
~ STS/SSO: Scanned in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: avast! Firewall (avast! Firewall) . (…) – C:Program FilesAVAST SoftwareAvastafwServ.exe (.not file.)
O23 – Service: Skype Updater (SkypeUpdate) . (.Skype Technologies – Skype Updater Service.) – C:Program FilesSkypeUpdaterUpdater.exe
~ Services: 7 Legitimates Filtered in 00mn 07s

—\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [WinZipDriverUpdaterRunAtStartup] (…) — C:Program FilesWinZip Driver Updaterwinzipdu.exe (.not file.) [0]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 01s

—\ Pilotes lancés au démarrage du système (O41)
O41 – Driver: (aswKbd) . (. – .) – C:Windowssystem32driversaswKbd.sys (.not file.)
~ Drivers: 50 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.ABCB640E1870C83513FD39CC7A063299] – 05/01/2014 – 08:12:43 —A- . (…) — C:Windowsntbtlog.txt [312418]
~ Files: 18 Legitimates Filtered in 00mn 01s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.97C54E250E7F0C093E32394D1444A683] – 04/01/2014 – 14:35:41 —A- – C:WindowsPrefetchDIGITALX.EXE-C49241FD.pf
O45 – LFCP:[MD5.003FA310212EDC6EA4A974217F902975] – 05/01/2014 – 08:15:54 —A- – C:WindowsPrefetchINSTUP.EXE-20062FAA.pf
~ Prefetcher: 101 Legitimates Filtered in 00mn 00s

—\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 – MPSK:{b67652b6-3389-11e3-b973-00238b8ed232}AutoRuncommand. (…) — G:HDA_C3.exe (.not file.)
~ Keys: Scanned in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 15 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.7B948E3657BEA62E437BC46CA6EF6012] – 17/07/2013 – 05:17:56 —A- . (.ALWIL Software – avast! Filtering NDIS driver.) — C:WindowsSystem32DriversaswNdis.sys [12112]
O58 – SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] – 21/10/2013 – 13:49:22 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [49944]
O58 – SDL:[MD5.1B0662514A68C3A42E60D240C5ABEF28] – 25/12/2013 – 20:41:23 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [180248]
O58 – SDL:[MD5.E8F3F21A71720C84BCF423B80028359F] – 02/11/2006 – 05:51:34 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [316520]
O58 – SDL:[MD5.BCED60D16156E428F8DF8CF27B0DF150] – 02/11/2006 – 05:50:07 —A- . (.Integrated Technology Express, Inc. – ITE IT8211 ATA/ATAPI SCSI miniport.) — C:WindowsSystem32Driversiteatapi.sys [35944]
O58 – SDL:[MD5.06FA654504A498C30ADCA8BEC4E87E7E] – 02/11/2006 – 05:50:09 —A- . (.Integrated Technology Express, Inc. – ITE IT8212 ATA RAID SCSI miniport.) — C:WindowsSystem32Driversiteraid.sys [35944]
O58 – SDL:[MD5.3CD4EA35A6221B85DCC25DAA46313F8D] – 02/11/2006 – 05:51:25 —A- . (.ULi Electronics Inc. – ULi SATA Controller Driver.) — C:WindowsSystem32Driversuliahci.sys [235112]
O58 – SDL:[MD5.8514D0E5CD0534467C5FC61BE94A569F] – 02/11/2006 – 05:50:35 —A- . (.Promise Technology, Inc. – Promise Ultra/Sata Series Driver for Win2003.) — C:WindowsSystem32Driversulsata.sys [98408]
O58 – SDL:[MD5.38C3C6E62B157A6BC46594FADA45C62B] – 02/11/2006 – 05:50:45 —A- . (.Promise Technology, Inc. – Promise SATAII150 Series Windows Drivers.) — C:WindowsSystem32Driversulsata2.sys [115816]
O58 – SDL:[MD5.8AAD333C876590293F72B315E162BCC7] – 02/11/2006 – 03:09:42 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
O58 – SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] – 02/11/2006 – 03:09:45 —A- . (…) — C:WindowsSystem32country.sys [27097]
O58 – SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] – 02/11/2006 – 03:09:41 —A- . (…) — C:WindowsSystem32HIMEM.SYS [4768]
O58 – SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] – 02/11/2006 – 03:09:44 —A- . (…) — C:WindowsSystem32KEY01.SYS [42809]
O58 – SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] – 02/11/2006 – 03:09:44 —A- . (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
O58 – SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] – 02/11/2006 – 03:09:29 —A- . (…) — C:WindowsSystem32NTDOS.SYS [27866]
O58 – SDL:[MD5.CF9ED169FF86D935E47999E82359E898] – 02/11/2006 – 03:09:35 —A- . (…) — C:WindowsSystem32NTDOS404.SYS [29146]
O58 – SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] – 02/11/2006 – 03:09:38 —A- . (…) — C:WindowsSystem32NTDOS411.SYS [29370]
O58 – SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] – 02/11/2006 – 03:09:40 —A- . (…) — C:WindowsSystem32NTDOS412.SYS [29274]
O58 – SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] – 02/11/2006 – 03:09:31 —A- . (…) — C:WindowsSystem32NTDOS804.SYS [29146]
O58 – SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] – 02/11/2006 – 03:09:20 —A- . (…) — C:WindowsSystem32NTIO.SYS [33952]
O58 – SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] – 02/11/2006 – 03:09:23 —A- . (…) — C:WindowsSystem32NTIO404.SYS [34672]
O58 – SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] – 02/11/2006 – 03:09:24 —A- . (…) — C:WindowsSystem32NTIO411.SYS [35776]
O58 – SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] – 02/11/2006 – 03:09:26 —A- . (…) — C:WindowsSystem32NTIO412.SYS [35536]
O58 – SDL:[MD5.D86B6435729231C171432B4E77801BDB] – 02/11/2006 – 03:09:22 —A- . (…) — C:WindowsSystem32NTIO804.SYS [34672]
~ Drivers: 15 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 04/01/2014 – 08:54:57 —A- . (…) — C:UsersDAUMASAppDataLocalGoogleChromeUser Datachrome_shutdown_ms.txt [4]
O61 – LFC: 04/01/2014 – 08:55:02 —A- . (…) — C:UsersDAUMASAppDataLocalGoogleChromeUser DataLocal State [49724]
O61 – LFC: 04/01/2014 – 08:55:11 —A- . (…) — C:UsersDAUMASAppDataRoamingMicrosoftdigital lockerUrls.bin [4138]
O61 – LFC: 05/01/2014 – 08:55:12 —A- . (…) — C:UsersDAUMASAppDataRoamingZHPLog.txt [34361] =>.Nicolas Coolman
O61 – LFC: 05/01/2014 – 08:55:12 —A- . (…) — C:UsersDAUMASAppDataRoamingZHPTestsZHPDiag.txt [2839] =>.Nicolas Coolman
O61 – LFC: 05/01/2014 – 08:55:12 —A- . (…) — C:UsersDAUMASAppDataRoamingZHPZHPDiag.txt [27897] =>.Nicolas Coolman
~ 58 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 147 Legitimates Filtered in 00mn 56s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (@ieframe.dll,-12512) – http://www.bing.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.948C096AE2411C2B4B3F34F9BA09B29B] [SPRF][13/06/2013] (…) — C:UsersDAUMASAppDataLocald3d9caps.dat [680]
[MD5.F0A5B44B9B8A23E2F2950B346B5C7718] [SPRF][22/12/2013] (…) — C:UsersDAUMASAppDataLocalTempQuarantine.exe [360051]
~ Files: 2 Legitimates Filtered in 00mn 00s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 10/12/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe
SS – | Auto 10/07/1658 0 | (avast! Firewall) . (…) – C:Program FilesAVAST SoftwareAvastafwServ.exe
SS – | Demand 12/01/2010 227896 | (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P..) – C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4QLBEx.exe
SS – | Auto 29/06/2013 116648 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 29/06/2013 116648 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 18/12/2013 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
SS – | Auto 25/07/2013 162672 | (SkypeUpdate) . (.Skype Technologies.) – C:Program FilesSkypeUpdaterUpdater.exe

SR – | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program FilesCommon FilesAdobeARM1.0armsvc.exe
SR – | Auto 25/12/2013 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
SR – | Demand 30/04/2009 229944 | (hpqwmiex) . (.Hewlett-Packard Development Company, L.P..) – C:Program FilesHewlett-PackardSharedhpqwmiex.exe
SR – | Auto 25/10/2013 2077008 | (MaConfigAgent) . (.CybelSoft.) – C:Program Filesma-config.comMaConfigAgent.exe
SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe
SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe
SR – | Auto 02/11/2006 22016 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 02/11/2006 22016 | C:Windowssystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe

~ Services: Scanned in 00mn 03s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;

~ MBR: 1 Legitimates Filtered in 00mn 02s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by DAUMAS at 05/01/2014 08:56:14

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s

—\ Scan Additionnel (O88)
Database Version : 13018 – (02/01/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0

[HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExtPreApproved{11111111-1111-1111-1111-110311711180}] =>PUP.CrossRider
C:UsersDAUMASAppDataRoamingMozillaFirefoxProfilesi20zjtvi.defaultextensionsd8222698-19e5-4827-b79e-0a077ea8eb7a@7b662f6d-3899-41e4-8864-6393447568da.com =>Adware.PlusHD^
~ Additionnel Scan: 179696 Items scanned in 00mn 25s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28138048-adware-plushd” onclick=”window.open(this.href);return false; =>Adware.PlusHD
~ http://nicolascoolman.webs.com/apps/blog/show/27583526-pup-crossrider” onclick=”window.open(this.href);return false; =>PUP.CrossRider
~ MSI: 2 link(s) detected in 00mn 25s

~ 1033 Legitimates filtered by white list
End of the scan (438 lines in 02mn 15s)(0)

merci !!!