Répondre à : infection yac 2016-09-08T13:38:51+00:00
Photo du profil de EEDLOEEDLO
Participant
Post count: 6

Bonjour,

J’ai eu des problèmes de connexion!

YAC a disparu

Le rapport ZHPDiag :

~ Rapport de ZHPDiag v2014.5.7.56 – Nicolas Coolman (07/05/2014)
~ Lancé par diluna (07/05/2014 10:20:34)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16659
GCIE: Google Chrome v34.0.1847.131 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Professional, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System – Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : PV9HW
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client v4.5.0216.0
Windows Defender W7

—\ Logiciels d’optimisation du système
CCleaner v3.22

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader XI

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3948 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 21 GB (18%) free of 116 GB

—\ Mode de connexion au système
~ Computer Name: DILUNA-PC
~ User Name: diluna
~ All Users Names: HomeGroupUser$, diluna, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UsersdilunaAppDataRoamingZHP
~ %AppData% : C:UsersdilunaAppDataRoaming
~ %Desktop% : C:UsersdilunaDesktop
~ %Favorites% : C:UsersdilunaFavorites
~ %LocalAppData% : C:UsersdilunaAppDataLocal
~ %StartMenu% : C:UsersdilunaAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 21 Go of 116 Go)
D: Hard drive, Flash drive, Thumb drive (Free 216 Go of 335 Go)
F: CD-ROM drive (Not Inserted)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] EnableLUA: Modified
[HKCUSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvanced] Start_ShowMyGames: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 07:19:30.) — C:WindowsExplorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.DF79CE9B950C62677D232154E93A81C7] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.01/03/2014 – 04:10:28.) — C:WindowsSystem32wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:30.) — C:WindowsSystem32Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:26.) — C:WindowsSystem32sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.28/09/2013 – 02:09:10.) — C:Windowssystem32DriversAFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:21.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:32.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:43.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:40:40.) — C:Windowssystem32DriversMRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:20.) — C:Windowssystem32DriversnetBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.24/01/2014 – 03:37:55.) — C:Windowssystem32Driversntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:35.) — C:Windowssystem32DriversRasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.20/11/2010 – 12:06:41.) — C:Windowssystem32Driversrdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:56.) — C:Windowssystem32Driverstdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 14:34:02.) — C:Windowssystem32Driversvolsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 3/13599
~ Mes musiques (My Musics) : 1/196
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 3/13223
~ Mon Bureau (My Desktop) : 2/173
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 09s

—\ Processus lancés
[MD5.18E5C2F937F9DEB8C282DF66A3761925] – (.ASUS – ASLDR Service.) — C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe [84536] [PID.1428]
[MD5.63F1212FFE13E62CA1E8D8EE19ABD9A7] – (.ASUS – GFNEXSrv.) — C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe [96896] [PID.1448]
[MD5.B362181ED3771DC03B4141927C80F801] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65432] [PID.1892]
[MD5.C811032EBB2C2E9FACFC364599E91BE3] – (.ASUS – HControl.) — C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe [174720] [PID.1908]
[MD5.221564CC7BE37611FE15EACF443E1BF6] – (.Apple Inc. – YSLoader.exe.) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe [43336] [PID.1992]
[MD5.1971D838A88F58D59543E9B3CDA5FFC4] – (.ASUS – SmartLogon Application.) — C:Program Files (x86)ASUSSmartLogonsensorsrv.exe [305720] [PID.1672]
[MD5.97F60D16F052DA9CB619AB9A96CB2D4E] – (.Pas de propriétaire – Wireless Console 3.) — C:Program Files (x86)ASUSWireless Console 3wcourier.exe [1597440] [PID.2076]
[MD5.BA2B4E07561CF877F61B0EEED654BC96] – (…) — C:Program Files (x86)ASUSControlDeckControlDeckStartUp.exe [53888] [PID.2096]
[MD5.F4DCD4912B185C3AAEB92A7040832AD1] – (.Pas de propriétaire – ALU.) — C:Program Files (x86)ASUSASUS Live UpdateALU.exe [51768] [PID.2120]
[MD5.FCE1FAAE8DE25340FB6B20F0099C230F] – (…) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752IEWLauncher.exe [142336] [PID.2596]
[MD5.69643F616FA67B33428FDF870604B059] – (.Pas de propriétaire – Orange SMS.) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752SMSNotifier.exe [1121792] [PID.2648]
[MD5.77D8E2219CA86043DBCFD9223F2CCF18] – (…) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752HSSModule.exe [285696] [PID.2668]
[MD5.79C28DDF889C26FDD6162F796FD49BC4] – (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe [152392] [PID.2696]
[MD5.A1C148801B4AF64847AEB9F3AD9594EF] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [262144] [PID.2480]
[MD5.149126216A694E6BA84E92ECA77AAE3B] – (.ASUS – ATKOSD.) — C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe [2488888] [PID.3268]
[MD5.4A7C441D99D86704D194E7678873B95D] – (.ASUS – WDC.) — C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe [174648] [PID.3324]
[MD5.3ECCDD3FE310DD8F82D085447089ADB0] – (.ASUSTek Computer Inc. – ADSMTray.) — C:Program Files (x86)ASUSASUS Data Security ManagerADSMTray.exe [272952] [PID.4296]
[MD5.C0BF554D2277F7A4C735D475ADE2E3B2] – (.ASUSTek Computer Inc. – ADSMSrv.) — C:Program Files (x86)ASUSASUS Data Security ManagerADSMSrv.exe [225280] [PID.4304]
[MD5.5C396DDE6AAFFB64ABC0E0FD88F53553] – (.ASUS – AsScrPro.) — C:WindowsAsScrPro.exe [3054136] [PID.4332]
[MD5.8CFCA7E2FD4B57C2BEF929C1C1A4C56E] – (.Pas de propriétaire – RichVideo Module.) — C:Program Files (x86)CyberlinkShared filesRichVideo.exe [271760] [PID.4340]
[MD5.57B4D34232852BFE4453BE571DF90D21] – (.CyberLink – CyberLink MediaLibray Service.) — C:Program Files (x86)CyberlinkPower2GoCLMLSvc.exe [103720] [PID.4380]
[MD5.41118D920B2B268C0ADC36421248CDCF] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2314240] [PID.5044]
[MD5.64A5D30EF57D4214DC9B27798DE2B19E] – (.Microsoft Corporation – Microsoft Office Outlook.) — C:Program Files (x86)Microsoft OfficeOffice12OUTLOOK.exe [13018808] [PID.6132]
[MD5.3A3BEA53F039CE2E997A918E26E30B1D] – (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet ExplorerIEXPLORE.exe [808152] [PID.5216]
[MD5.09DCE8B39E88D8C4B7223B569C1BF06F] – (.Microsoft Corporation. – Bing Client Application Process.) — C:Program Files (x86)MicrosoftBingBar7.3.132.0BingApp.exe [267936] [PID.5560] =>Toolbar.Bing
[MD5.7623FF497EA07A7F82F9146A9BD10ADE] – (.Microsoft Corporation. – Bing Client Runtime.) — C:Program Files (x86)MicrosoftBingBar7.3.132.0BingBar.exe [453280] [PID.1932] =>Toolbar.Bing
[MD5.0885935600C6489D49B25526A8BEBFDF] – (.Microsoft Corporation. – Hôte d’extension natif du runtime du client.) — C:Program Files (x86)MicrosoftBingBar7.3.132.0BingSurrogate.exe [141984] [PID.5604] =>Toolbar.Bing
[MD5.5F685973740F289BE3C809952DB8408B] – (.Microsoft Corporation. – BingBar Service.) — C:Program Files (x86)MicrosoftBingBar7.3.132.0BBSvc.exe [193696] [PID.2380] =>Toolbar.Bing
[MD5.E6DA875D24C3774E045499F6BFA76F30] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [7873024] [PID.652]
~ Processes Running: Scanned in 00mn 00s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersdilunaAppDataLocalGoogleChromeUser DataDefaultPreferences
G2 – GCE: Preference [User DataDefault] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)

—\ Liste des dossiers d’extension Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 01s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: Bing Bar – [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. – Bing Client Extensions.) — C:Program Files (x86)MicrosoftBingBar7.3.132.0amd64BingExt.dll =>Toolbar.Bing
O3 – ToolbarWebBrowser: (no name) – [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
~ Toolbar: Scanned in 00mn 01s

—\ Applications lancées au démarrage du système (O4)
O4 – HKLM..Run: [ETDWare] . (.ELAN Microelectronic Corp. – ETD Control Center.) — C:Program FilesElantechETDCtrl.exe
O4 – HKLM..Run: [MSC] . (.Microsoft Corporation – Microsoft Security Client User Interface.) — C:Program FilesMicrosoft Security Clientmsseces.exe
O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UsersdilunaAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
O4 – HKCU..Run: [Google+ Auto Backup] . (.Google Inc. – AutoBackup.) — C:UsersdilunaAppDataLocalProgramsGoogleGoogle+ Auto BackupGoogle+ Auto Backup.exe
O4 – HKCU..Run: [FileHippo.com] . (.FileHippo.com – FileHippo.com Update Checker.) — C:Program Files (x86)FileHippo.comUpdateChecker.exe
O4 – HKLM..Wow6432NodeRun: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [Start_Icon225_IEWLauncher] . (…) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752IEWLauncher.exe
O4 – HKLM..Wow6432NodeRun: [Start_Update] . (.Pas de propriétaire – Orange Updater.) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752UpdteApp.exe
O4 – HKLM..Wow6432NodeRun: [Start_Statistics] . (…) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752OrangeStats.exe
O4 – HKLM..Wow6432NodeRun: [Start_SMSNotifier] . (.Pas de propriétaire – Orange SMS.) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752SMSNotifier.exe
O4 – HKLM..Wow6432NodeRun: [Start_HSSModule] . (…) — C:Program Files (x86)OrangeLogiciel de Connexion OrangeHuaweiE1752HSSModule.exe
O4 – HKLM..Wow6432NodeRun: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program Files (x86)iTunesiTunesHelper.exe
O4 – HKLM..Wow6432NodeRun: [EfficientLadysOrganizerFree] Clé orpheline
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-192761103-4228053574-1910153200-1000..Run: [Google Update] . (.Google Inc. – Programme d’installation de Google.) — C:UsersdilunaAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
O4 – HKUSS-1-5-21-192761103-4228053574-1910153200-1000..Run: [Google+ Auto Backup] . (.Google Inc. – AutoBackup.) — C:UsersdilunaAppDataLocalProgramsGoogleGoogle+ Auto BackupGoogle+ Auto Backup.exe
O4 – HKUSS-1-5-21-192761103-4228053574-1910153200-1000..Run: [FileHippo.com] . (.FileHippo.com – FileHippo.com Update Checker.) — C:Program Files (x86)FileHippo.comUpdateChecker.exe
~ Application: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{6BCE37EA-F379-4FF5-8BDB-3A3BCC38FD92}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpip..{FAEBD4C0-65BB-4C28-BCD4-39BE15F84453}: DhcpNameServer = 172.20.2.39 172.20.2.10
O17 – HKLMSystemCS1ServicesTcpip..{6BCE37EA-F379-4FF5-8BDB-3A3BCC38FD92}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{FAEBD4C0-65BB-4C28-BCD4-39BE15F84453}: DhcpNameServer = 172.20.2.39 172.20.2.10
O17 – HKLMSystemCS2ServicesTcpip..{6BCE37EA-F379-4FF5-8BDB-3A3BCC38FD92}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{FAEBD4C0-65BB-4C28-BCD4-39BE15F84453}: DhcpNameServer = 172.20.2.39 172.20.2.10
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlmailhtml [64Bits] – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (…) —
O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{1AFEAA7C-E5DF-4567-884A-17E6F57929B2}] (…) — C:UsersdilunaDownloadsRegCleaner.exe (.not file.) [0]
O39 – APT: – (..) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1064]
O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1068]
O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskUserS-1-5-21-192761103-4228053574-1910153200-1000Core [1030]
O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskUserS-1-5-21-192761103-4228053574-1910153200-1000UA [1082]
~ Scheduled Task: 23 Legitimates Filtered in 00mn 06s

—\ Logiciels installés (O42)
O42 – Logiciel: CloneMaster version 5.00 – (.Softbyte Labs, Inc..) [HKLM][64Bits] — {B22AB4D0-3639-49A2-9CC9-3C12CDB17FEA}_is1
~ Logic: 25 Legitimates Filtered in 00mn 01s

—\ HKCU & HKLM Software Keys
[HKCUSoftwarePOWERARC]
[HKLMSoftwareWow6432NodeShortcut_Module]
~ Key Software: 268 Legitimates Filtered in 00mn 01s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 18/08/2010 – 14:15:22 – [] —-D C:Program Files (x86)R_MANUAL
O43 – CFD: 18/08/2010 – 14:21:01 – [] —-D C:Program Files (x86)R_MANUAL_SR
O43 – CFD: 02/05/2014 – 19:05:44 – [] —-D C:ProgramDataf52f930a7e938e9
O43 – CFD: 08/02/2014 – 12:00:19 – [] —-D C:UsersdilunaAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle+ Auto Backup
~ Program Folder: 173 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.219D9D2AC3A67712952461DADA60C0C3] – 04/05/2014 – 17:42:01 —A- . (…) — C:WindowsSystem32AutoRunFilter.ini [2700]
O44 – LFC:[MD5.7E1039FCD8259813570AC6889C6E7294] – 04/05/2014 – 18:54:02 —A- . (…) — C:WindowsSystem32ServiceFilter.ini [1924]
O44 – LFC:[MD5.B901E0E31CA49FF61A924E9AE5681B89] – 06/05/2014 – 11:20:43 —A- . (…) — C:Shortcut_Module_06_05_2014_12_20_43.txt [86598]
O44 – LFC:[MD5.23A80210F7D41EFFCDC1C1A49E941BF1] – 06/05/2014 – 18:00:04 —A- . (…) — C:Shortcut_Module_06_05_2014_19_00_04.txt [19478]
O44 – LFC:[MD5.CD81F6DF96AC72F4C76ED554041BC9D7] – 23/04/2014 – 11:19:45 —A- . (.Elex do Brasil Participações Ltda – iSafe Kernel Boot Driver.) — C:WindowsSystem32DriversiSafeKrnlBoot.sys [43520] =>Trojan.Staser
~ Files: 35 Legitimates Filtered in 00mn 02s

—\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 – MPSK:{9b5d732f-5c3d-11e3-a5bf-e0cb4e3447b2}AutoRuncommand. (…) — E:Setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s

—\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 – SMSR:HKLM…startupregAppleSyncNotifier [Key] . (…) — C:Program Files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier.exe (.not file.)
O53 – SMSR:HKLM…startupregBoxore Client [Key] . (…) — C:Program Files (x86)BoxoreBoxoreClientboxore.exe (.not file.) =>Adware.Boxore
O53 – SMSR:HKLM…startupregHP Software Update [Key] . (…) — C:Program Files (x86)HpHP Software UpdateHPWuSchd2.exe (.not file.) =>.Hewlett-Packard Co
O53 – SMSR:HKLM…startupregJobHisInit [Key] . (.Pas de propriétaire – JobHisInit MFC Application.) — C:Program Files (x86)RDSRMClientJobHisInit.exe
O53 – SMSR:HKLM…startupregMy Web Search Bar Search Scope Monitor [Key] . (…) — C:Program Files (x86)MYWEBS~1bar1.binm3SrchMn.exe (.not file.) =>Adware.MyWebSearch
O53 – SMSR:HKLM…startupregMyWebSearch Email Plugin [Key] . (…) — C:Program Files (x86)MYWEBS~1bar1.binmwsoemon.exe (.not file.) =>Adware.MyWebSearch
O53 – SMSR:HKLM…startupregSmartAudio [Key] . (.Pas de propriétaire – SAIICpl MFC Application.) — C:Program FilesCONEXANTSAIISAIICpl.exe
O53 – SMSR:HKLM…startupregwLite [Key] . (…) — C:Program Files (x86)webcamXP 5wLite.exe (.not file.)
~ SMSR Keys: 34 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableLUA”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:14/07/2009 – 02:47:48 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [530496]
O58 – SDL:15/10/2009 – 10:23:19 —A- . (.ELAN Microelectronic Corp. – ETD Control Center.) — C:WindowsSystem32DriversETD.sys [117760]
O58 – SDL:10/06/2009 – 21:31:59 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [31232]
O58 – SDL:23/04/2014 – 11:19:45 —A- . (.Elex do Brasil Participações Ltda – iSafe Kernel Boot Driver.) — C:WindowsSystem32DriversiSafeKrnlBoot.sys [43520] =>Trojan.Staser
O58 – SDL:20/07/2009 – 10:29:39 —A- . (.Pas de propriétaire – Keyboard Filter Driver.) — C:WindowsSystem32Driverskbfiltr.sys [15416]
O58 – SDL:18/06/2009 – 21:18:10 —A- . (.Windows (R) Win 7 DDK provider – ASUS CopyProtect driver.) — C:WindowsSystem32Driverslullaby.sys [15928]
O58 – SDL:14/07/2009 – 02:45:55 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [24656]
O58 – SDL:13/12/2012 – 12:50:36 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl64.sys [54784]
~ Drivers: 65 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 01/05/2014 – 10:21:34 —A- . (…) — C:UsersdilunaDownloadsEfficientLadysOrganizerFree-Setup (1).exe [285782]
O61 – LFC: 01/05/2014 – 10:21:34 —A- . (…) — C:UsersdilunaDownloadsEfficientLadysOrganizerFree-Setup.exe [14584568]
O61 – LFC: 02/05/2014 – 10:21:34 —A- . (…) — C:UsersdilunaDownloadsPDFWriterSetup.exe [1311304]
O61 – LFC: 04/05/2014 – 10:21:34 —A- . (…) — C:UsersdilunaDesktopadwcleaner-1.606-en.exe [581957]
O61 – LFC: 04/05/2014 – 10:21:34 —A- . (.Elex do Brasil Participações Ltda.) — C:UsersdilunaDownloadsyet_another_cleaner_dnf.exe [11822248]
O61 – LFC: 06/05/2014 – 10:21:34 —A- . (…) — C:UsersdilunaDownloadsFHSetup.exe [264757]
O61 – LFC: 06/05/2014 – 10:21:34 —A- . (…) — C:UsersdilunaDownloadsadwcleaner.exe [1316991]
O61 – LFC: 06/05/2014 – 10:21:34 —A- . (.Premium Installer.) — C:UsersdilunaDesktopShortcut module.exe [248096]
O61 – LFC: 06/05/2014 – 10:21:34 —A- . (.Premium Installer.) — C:UsersdilunaDownloadsSetup.exe [248096]
O61 – LFC: 30/04/2014 – 10:21:34 —A- . (…) — C:UsersdilunaDownloadsD1425563M_remote.exe [9653376]
O61 – LFC: 30/04/2014 – 10:21:34 —A- . (…) — C:UsersdilunaDownloadsD1425572J_remote.exe [4002377]
O61 – LFC: 30/04/2014 – 10:21:34 —A- . (…) — C:UsersdilunaDownloadsD1445559G_remote.exe [4505028]
~ 16 Fichiers temporaires (Temporary files)
~ 11 Fichiers cookies (Cookies files)
~ Files: 16 Legitimates Filtered in 00mn 02s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (…) — C:Program FilesGoogleChromeApplicationchrome.exe (.not file.)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — c:program filesinternet exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][10/09/2009] (…) — C:ProgramDataFullRemove.exe [131368]
[MD5.96030AE285C32ECCD1C599F1C5DD2BEF] [SPRF][04/05/2014] (…) — C:UsersdilunaDesktopadwcleaner-1.606-en.exe [581957]
[MD5.8581F1894CDAA37C958751FE2FD8BB52] [SPRF][06/05/2014] (.Premium Installer – Premium Installer.) — C:UsersdilunaDesktopShortcut module.exe [248096]
~ Files: 3 Legitimates Filtered in 00mn 00s

—\ Enumère les codes produits des logiciels (PUC) (O90)
O90 – PUC: “537E56336A8449149988EC95CAA55E30” . (.Bing Bar.) — C:WindowsInstaller{3365E735-48A6-4194-9988-CE59AC5AE503}icon_installer_ico =>Toolbar.Bing
O90 – PUC: “8B501B6E56F182443979D1DFA8309BD4” . (.SupraSavings.) — c:WindowsInstaller{E6B105B8-1F65-4428-9397-1DFD8A03B94D}icon64.ico =>PUP.SupraSavings
~ Update Products: 2 Legitimates Filtered in 00mn 00s

—\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.5D3A30ADD585A102F1B60C0BA313ECEE] [WIS][06/05/2014] (.Microsoft Corporation – Bing Bar.) — C:WindowsInstallerd65bc.msi [741376] =>Toolbar.Bing
~ WIS: 1 Legitimates Filtered in 00mn 01s

—\ Recherche de clés de registre Tracing (O100)
HKLMSOFTWAREWow6432NodeMicrosoftTracingBingBar_RASAPI32 =>Toolbar.Bing
~ BTK: 295 Legitimates Filtered in 00mn 00s

—\ Recherche de clés de registre CLSID (O101)
[HKCRCLSID{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing
[HKCRCLSID{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing
~ BCK: 4374 Legitimates Filtered in 00mn 10s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 01/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
SS – | Disabled 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SS – | Auto 16/07/2011 136176 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 16/07/2011 136176 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 04/01/2007 136120 | (gusvc) . (.Google.) – C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe
SS – | Demand 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SS – | Disabled 10/07/1658 0 | (wxpSvc) . (…) – C:Program Files (x86)webcamXP 5wService.exe
SR – | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SR – | Demand 31/03/2008 225280 | (ADSMService) . (.ASUSTek Computer Inc..) – C:Program Files (x86)ASUSASUS Data Security ManagerADSMSrv.exe
SR – | Auto 17/09/2009 359552 | (AFBAgent) . (.ASUSTeK Computer Inc..) – C:Windowssystem32FBAgent.exe
SR – | Auto 18/11/2009 202752 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
SR – | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
SR – | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
SR – | Auto 10/11/2009 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
SR – | Auto 11/03/2014 193696 | (BBSvc) . (.Microsoft Corporation..) – C:Program Files (x86)MicrosoftBingBar7.3.132.0BBSvc.exe =>Toolbar.Bing
SR – | Auto 11/03/2014 247968 | (BBUpdate) . (.Microsoft Corporation..) – C:Program Files (x86)MicrosoftBingBar7.3.132.0SeaPort.exe =>Toolbar.Bing
SR – | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
SR – | Auto 01/10/2009 262144 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
SR – | Auto 11/03/2014 23808 | (MsMpSvc) . (.Microsoft Corporation.) – C:Program FilesMicrosoft Security ClientMsMpEng.exe
SR – | Auto 15/09/2009 44312 | (OberonGameConsoleService) . (…) – C:Program Files (x86)AsusGame ParkGameConsoleOberonGameConsoleService.exe
SR – | Demand 15/04/2009 271760 | (RichVideo) . (…) – C:Program Files (x86)CyberlinkShared filesRichVideo.exe
SR – | Auto 01/10/2009 2314240 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 14/07/2009 27136 | C:Windowssystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 11s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Run by diluna at 07/05/2014 10:22:24
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by diluna at 07/05/2014 10:22:27
********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 13045 – (07/05/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 7

[HKLMSoftwareMicrosoftShared ToolsMSConfigstartupregBoxore Client] =>Adware.Boxore^
[HKLMSoftwareMicrosoftShared ToolsMSConfigstartupregMy Web Search Bar Search Scope Monitor] =>Adware.MyWebSearch^
[HKLMSoftwareMicrosoftShared ToolsMSConfigstartupregMyWebSearch Email Plugin] =>Adware.MyWebSearch^
[HKLMSoftwareWow6432NodeMicrosoftTracingBingBar_RASAPI32] =>Toolbar.Bing
[HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{8dcb7100-df86-4384-8842-8fa844297b3f} =>Toolbar.Bing^
C:Program Files (x86)MicrosoftBingBar7.3.132.0BingApp.exe =>Toolbar.Bing^
C:Program Files (x86)MicrosoftBingBar7.3.132.0BingBar.exe =>Toolbar.Bing^
C:Program Files (x86)MicrosoftBingBar7.3.132.0BingSurrogate.exe =>Toolbar.Bing^
C:Program Files (x86)MicrosoftBingBar7.3.132.0BBSvc.exe =>Toolbar.Bing^
C:WindowsInstallerd65bc.msi =>Toolbar.Bing^
[HKCRCLSID{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing^
[HKCRCLSID{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing^
~ Additionnel Scan: 351473 Items scanned in 00mn 34s

—\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.byethost7.com/wordpress/trojan-staser/” onclick=”window.open(this.href);return false; =>Trojan.Staser
http://nicolascoolman.byethost7.com/wordpress/adware-boxore/” onclick=”window.open(this.href);return false; =>Adware.Boxore
http://nicolascoolman.byethost7.com/wordpress/adware-mywebsearch/” onclick=”window.open(this.href);return false; =>Adware.MyWebSearch
http://nicolascoolman.webs.com/apps/blog/show/42067481-pup-suprasavings” onclick=”window.open(this.href);return false; =>PUP.SupraSavings
~ MSI: 4 link(s) detected in 00mn 00s

~ 858 Legitimates filtered by white list
End of the scan (486 lines in 02mn 28s)(0)

Encore merci pour ton aide.