Sujet Précédent Sujet Suivant

Carte mémoire infecter, besoin d'aide pour désinfection.

Résolu/Fermé
Utilisateur anonyme - Modifié par minette2013 le 1/12/2013 à 18:28
 Utilisateur anonyme - 5 déc. 2013 à 00:02
Bonjour,

Mon ami ma donner une carte mémoire de 32go de marque Transcend class10 avec des photos et des vidéos mais elle est infecté par des virus car je ne voit rien dedans a part un seule fichier de 28go avec un nom bizarre.

J'ai essayer de la désinfecter avec USB Fix mais il bug en mode suppression a 93% j'ai un message d'erreur comme ceci : Line 19039 (File "C:\UsbFix\Go.exe")
Error : Subscript used with non-Array Variable.

J'ai essayer avec Avast, combofix, rav, mbam en mode normal, sans échec, sans échec avec prise en charge réseaux etc. et rien n'est détecter... j'ai besoin de votre aide s'il vous plais merci.

A voir également:

29 réponses

Précédent
  • 1
  • 2
Réponse 21 / 29
Utilisateur anonyme
1 déc. 2013 à 21:36
Ok juste par précision faut il que la carte soit insérée ou retirée?
0
Réponse 22 / 29
Utilisateur anonyme
1 déc. 2013 à 21:45
Voici le rapport de ZHPDiag sans la carte mémoire insérée :


~ Rapport de ZHPDiag v2013.12.1.4 - Nicolas Coolman (2013-12-01)
~ Lancé par House (2013-12-01 15:39:58)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16428 (Defaut)
GCIE: Google Chrome v31.0.1650.57

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : W8DQG
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2008
COMODO Firewall v6.3.32439.2937
Secunia PSI
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v4.07 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader XI
Java 7 Update 45

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4008 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 258 GB (57%) free of 452 GB

---\\ Mode de connexion au système
~ Computer Name: HOUSE-PC
~ User Name: House
~ All Users Names: House, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\House\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\House\AppData\Roaming\
~ %Desktop% : C:\Users\House\Desktop\
~ %Favorites% : C:\Users\House\Favorites\
~ %LocalAppData% : C:\Users\House\AppData\Local\
~ %StartMenu% : C:\Users\House\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 258 Go of 452 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.2011-02-25 - 01:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2009-07-13 - 20:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.E6CB36B85BE59095337427E853A5B65A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2013-11-17 - 11:47:43.) -- C:\Windows\System32\wininet.dll [2332160]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.2010-11-20 - 22:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.2010-11-20 - 22:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2013-09-27 - 20:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-07-13 - 20:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009-07-13 - 18:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010-11-20 - 22:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010-11-20 - 22:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010-11-20 - 22:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.2009-07-13 - 18:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.2009-07-13 - 19:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-26 - 21:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.2010-11-20 - 22:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2013-04-12 - 09:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.2009-07-13 - 19:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2010-11-20 - 22:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.2009-07-13 - 19:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.2010-11-20 - 22:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2010-11-20 - 22:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 1/39
~ Mes Documents (My Documents) : 1/2173
~ Mon Bureau (My Desktop) : 1/1354
~ Menu demarrer (Programs) : 1/39
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.CAA0C16ADCCE6142A43AD83BFA20B38B] - (.Motorola Mobility LLC - MotoHelperAgent.) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe [698680] [PID.2632]
[MD5.97A1AFD42B8016D132C7BF38C955C6E1] - (.TOSHIBA CORPORATION - ConfigFree Task Tray Menu.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [304560] [PID.3144]
[MD5.1C5A81304F4B3A24914E10E339E3D51A] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\House\AppData\Roaming\uTorrent\uTorrent.exe [900440] [PID.3752] =>P2P.BitTorrent
[MD5.17F8160E5E3BCA4784AF3F11325027DF] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3825232] [PID.3912]
[MD5.D2C618BC5394D6D91D148556F22016A5] - (.Secunia - Secunia PSI Tray.) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe [565464] [PID.2500]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3716]
[MD5.1F0A97900FC718CE617A722BEF8580CD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312] [PID.3660]
[MD5.BD95E822E7A958BBCA842D078426A151] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [269848] [PID.4404]
[MD5.8A07221789D46B2EA7DFCA2BC807572A] - (.TOSHIBA CORPORATION - ConfigFree Switch Manager Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe [62848] [PID.4908]
[MD5.19225588505F3FFB12E8A6EED9E248CF] - (.Glarysoft Ltd - Glary Utilities 4.) -- C:\Program Files (x86)\Glary Utilities 4\Integrator.exe [757024] [PID.4568]
[MD5.3E02FD57FDAF184A15CCAD9D9BD9C626] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8263680] [PID.5000]
[MD5.4D41D30E2FAB3307967C7A0B045DC874] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1476]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1900]
[MD5.1BCB26A55B2E092FAA4DA01D9A3DE528] - (.Motorola Mobility LLC - MotoHelper Service.) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528] [PID.2100]
[MD5.EA735BF6DF13A857A83C99BF27A422AD] - (.Motorola - ForwardDemon.) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657] [PID.2312]
[MD5.DA6C0E0B15CD0B135FD385AEABAE3A4C] - (.Secunia - Secunia PSI Agent.) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504] [PID.2352]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2620]
[MD5.F67C21CC4195F6AFC447418FE163E156] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [5087584] [PID.2748]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.1780]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3792]
[MD5.CAB0EEAF5295FC96DDD3E19DCE27E131] - (.TOSHIBA CORPORATION - ConfigFree Service Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [46448] [PID.4244]
[MD5.7F32D4C47A50E7223491E8FB9359907D] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.6688]
[MD5.2C16648A12999AE69A9EBF41974B0BA2] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.3552]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\House\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [booedmolknjekdopkepjjeckmjkdpfgl] Managerr v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé)
~ Google Browser: 25 Legitimates Filtered in 00mn 03s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 42



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: FL Studio 11.lnk . (.Image-Line - FL Studio launcher.) -- C:\Program Files (x86)\Image-Line\FL Studio 11\FL.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [Public]: FL Studio 11.lnk . (.Image-Line - FL Studio launcher.) -- C:\Program Files (x86)\Image-Line\FL Studio 11\FL.exe
O4 - GS\Program [Public]: hubiC.lnk . (...) -- C:\Program Files (x86)\OVH\hubiC\hubiC.exe (.not file.)
O4 - GS\Program [Public]: Outlast.lnk . (.Red Barrels Inc. - Outlast.) -- C:\Program Files (x86)\Outlast\Binaries\Win32\OLGame.exe
O4 - GS\Program [Public]: Recovery Media Creator Help.lnk . (.TOSHIBA Corporation - Help Application.) -- C:\Program Files\TOSHIBA\TOSHIBA Recovery Media Creator\help\Help.exe
O4 - GS\Program [Public]: Recovery Media Creator.lnk . (.Toshiba Information Equipment(Hangzhou)Co., - TOSHIBA Recovery Media Creator Launcher.) -- C:\Program Files\TOSHIBA\TOSHIBA Recovery Media Creator\TRMCLcher.exe
O4 - GS\QuickLaunch [House]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [House]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [House]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\House\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [House]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [House]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [House]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [House]: CNC4.exe.lnk . (.Electronic Arts Inc. - Command & Conquer(TM) 4.) -- C:\Program Files (x86)\Electronic Arts\Command & Conquer 4 Le Crépuscule du Tiberium\CNC4.exe
O4 - GS\Desktop [House]: Usb fix.lnk . (...) -- C:\UsbFix\Go.exe
O4 - GS\Desktop [House]: WD Live.lnk . (...) -- \\WDTVLIVE\Elements
~ Global Startup: 74 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: hubiC.lnk . (...) -- C:\Program Files (x86)\OVH\hubiC\hubiC.exe (.not file.)
O4 - GS\Startup [Public]: Secunia PSI Tray.lnk . (.Secunia - Secunia PSI Tray.) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\House\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [FileHippo.com] . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKLM\..\Wow6432Node\Run: [ToshibaServiceStation] . (.TOSHIBA Corporation - TOSHIBA Service Station.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe =>.Toshiba Corporation
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [20131121] . (.AVAST Software - avast! Emergency Update.) -- C:\Program Files\AVAST Software\Avast\setup\emupdate\1ba8923c-2fbf-41dd-8626-4220e1d1dee9.exe
O4 - HKUS\S-1-5-21-3506287002-3972640781-1100786848-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\House\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-3506287002-3972640781-1100786848-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-3506287002-3972640781-1100786848-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3506287002-3972640781-1100786848-1001\..\Run: [FileHippo.com] . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
O4 - HKUS\S-1-5-21-3506287002-3972640781-1100786848-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 [64Bits] - {97F922BD-8563-4184-87EE-8C4ACA438823} . (...) -- C:\Program Files\TOSHIBA\BulletinBoard\images\pin.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E11E986-8488-4FE2-9670-1EAF2DF3CD57}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E11E986-8488-4FE2-9670-1EAF2DF3CD57}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{2E11E986-8488-4FE2-9670-1EAF2DF3CD57}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
~ BEX: 1 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.B6037110B175707A353B12C814D34968] [APT] [Motorola Device Manager Engine] (...) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [196920]
[MD5.B6037110B175707A353B12C814D34968] [APT] [Motorola Device Manager Initial Update] (...) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [196920]
[MD5.B6037110B175707A353B12C814D34968] [APT] [Motorola Device Manager Update] (...) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [196920]
[MD5.00000000000000000000000000000000] [APT] [{07EA2A76-A7F4-4B48-AA7B-6E0155A42D0C}] (...) -- E:\Windows\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{17C94384-A073-4A3A-A4EC-370F4DD5C785}] (...) -- E:\Autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A76F3EC1-2243-42C8-8C2B-8AE7CA209F6A}] (...) -- C:\Users\House\Downloads\Programs\Win32_152818.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{AEA0D443-0C0F-43E6-85ED-85316FC46CD9}] (...) -- C:\Users\House\Downloads\Programs\Flash_Disinfector.exe (.not file.) [0]
~ Scheduled Task: 25 Legitimates Filtered in 00mn 04s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\FlashBoot]
~ Key Software: 283 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2013-10-13 - 22:01:35 - [0] ----D C:\ProgramData\Partner
~ Program Folder: 165 Legitimates Filtered in 00mn 06s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 2013-11-17 - 11:47:40 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [16284]
O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 2013-11-17 - 11:47:40 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284]
O44 - LFC:[MD5.1C65C01F76C74CF03A7391BFE3531A31] - 2013-11-19 - 18:58:11 ---A- . (...) -- C:\Windows\SIERRA.INI [224]
O44 - LFC:[MD5.C11C2EC507C58B97139F5664AF91AD88] - 2013-11-28 - 18:16:26 ----- . (...) -- C:\bootsqm.dat [3288]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 2013-11-30 - 10:41:34 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 2013-11-30 - 10:41:34 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 2013-11-30 - 10:41:34 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 2013-11-30 - 10:41:34 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 2013-11-30 - 10:41:34 ---A- . (...) -- C:\Windows\zip.exe [68096]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 2013-11-30 - 10:55:23 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.E8E42740BF7D331207B507CEC6B47CB8] - 2013-11-30 - 20:21:22 ----- . (...) -- C:\curr_ver.tmp [1233]
O44 - LFC:[MD5.97E1ECE17A033BBE3B28B8DD1ED33057] - 2013-12-01 - 14:45:32 ----- . (...) -- C:\DelFix.txt [1013]
O44 - LFC:[MD5.5D41CE351800DCE1B5477A0B394CD6DE] - 2013-12-01 - 15:09:32 ----- . (...) -- C:\UsbFix [Clean 1] HOUSE-PC.txt [9324]
O44 - LFC:[MD5.B7F5DE8381C59CA8261F577305948FC6] - 2013-12-01 - 15:11:49 ----- . (...) -- C:\UsbFix [Clean 2] HOUSE-PC.txt [6465]
O44 - LFC:[MD5.76EE14F56DB63E7A46A3503F9D5C7512] - 2013-12-01 - 15:12:32 ---A- . (...) -- C:\UsbFix [Clean 3] HOUSE-PC.txt [6141]
~ Files: 193 Legitimates Filtered in 00mn 09s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.55BBF03EDE166523575A010363C3A2B6] - 2013-12-01 - 15:20:52 ---A- - C:\Windows\Prefetch\HUBIC.EXE-3835F941.pf
O45 - LFCP:[MD5.CE1E79349FE05DC77465D76F03F96669] - 2013-12-01 - 15:22:05 ---A- - C:\Windows\Prefetch\NACL64.EXE-90D94E4E.pf
O45 - LFCP:[MD5.AD8306ED70332E42B0A5923FE1564DA3] - 2013-12-01 - 15:24:07 ---A- - C:\Windows\Prefetch\REGSVR64.EXE-15F84E66.pf
O45 - LFCP:[MD5.6E616DD23887F0613DB5CF67B9569D73] - 2013-12-01 - 15:24:11 ---A- - C:\Windows\Prefetch\INSTUP.EXE-4F33E695.pf
O45 - LFCP:[MD5.4EDA479BE685BED71D751F1E1E7A9AD3] - 2013-12-01 - 15:24:50 ---A- - C:\Windows\Prefetch\INSTUP.EXE-7E543EAF.pf
~ Prefetcher: 93 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 2013-10-23 - 17:45:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.59787B95DD9CA44CB139D96863438587] - 2013-10-23 - 17:45:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [205320]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 2009-07-13 - 20:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 2009-06-10 - 15:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.03F5F3EE4E8DB1CE944A6FA6DBE148CB] - 2013-11-07 - 18:41:38 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [174968]
O58 - SDL:[MD5.DD3FD48D69F5FBBB21D46D1514C1C2DB] - 2013-11-04 - 07:42:02 ---A- . (.Secunia - Secunia PSI Driver.) -- C:\Windows\System32\Drivers\psi_mf_amd64.sys [18456]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 2009-07-13 - 20:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 17 Legitimates Filtered in 00mn 05s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 2013-11-28 - 15:41:47 ---A- . (...) -- C:\Users\House\AppData\Roaming\ZHP\HOSTS.txt [1539] =>.Nicolas Coolman
O61 - LFC: 2013-12-01 - 15:41:26 ---A- . (...) -- C:\Users\House\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [269467]
O61 - LFC: 2013-12-01 - 15:41:26 ---A- . (...) -- C:\Users\House\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 2013-12-01 - 15:41:40 ---A- . (...) -- C:\Users\House\AppData\Local\Google\Chrome\User Data\Local State [47740]
O61 - LFC: 2013-12-01 - 15:41:40 ---A- . (...) -- C:\Users\House\AppData\Local\Google\Chrome\User Data\nacl_validation_cache.bin [128]
O61 - LFC: 2013-12-01 - 15:41:42 ---A- . (...) -- C:\Users\House\AppData\Roaming\hubiC\hubiC.db [431104]
O61 - LFC: 2013-12-01 - 15:41:42 ---A- . (...) -- C:\Users\House\AppData\Roaming\hubiC\hubiC.db-journal [6704]
O61 - LFC: 2013-12-01 - 15:41:47 ---A- . (...) -- C:\Users\House\AppData\Roaming\ZHP\Log.txt [17161] =>.Nicolas Coolman
O61 - LFC: 2013-12-01 - 15:41:47 ---A- . (...) -- C:\Users\House\AppData\Roaming\ZHP\TestsZHPDiag.txt [2859] =>.Nicolas Coolman
~ 4 Fichiers temporaires (Temporary files)
~ Files: 140 Legitimates Filtered in 00mn 39s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - www.usbfix.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} - (Conduit Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.26351D4072C506B0BBEA9AC5C09BC4FC] [SPRF][2013-12-01] (...) -- C:\Users\House\AppData\Local\Temp\~gu3-ver.dat [106]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 2013-11-24 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 2013-09-24 164056 | (cmdvirth) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
SS - | Demand 2013-08-09 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 2010-04-03 246520 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
SS - | Auto 2013-10-13 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2013-10-13 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2011-05-09 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 2005-11-14 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SS - | Auto 2013-11-04 660184 | (Secunia Update Agent) . (.Secunia.) - C:\Program Files (x86)\Secunia\PSI\sua.exe
SS - | Auto 2013-09-05 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 2010-12-08 137632 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

SR - | Auto 2013-09-05 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 2013-11-17 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 2010-01-28 249200 | (cfWiMAXService) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
SR - | Auto 2013-10-19 6254152 | (cmdAgent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
SR - | Auto 2009-03-10 46448 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
SR - | Auto 2010-09-09 162824 | (GFNEXSrv) . (...) - C:\Windows\System32\GFNEXSrv.exe
SR - | Auto 2010-12-20 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 2013-10-25 2768208 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 2013-07-31 137528 | (Motorola Device Manager) . (.Motorola Mobility LLC.) - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
SR - | Auto 2011-09-02 65657 | (PST Service) . (.Motorola.) - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
SR - | Auto 2013-11-04 1228504 | (Secunia PSI Agent) . (.Secunia.) - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
SR - | Auto 2013-10-01 5087584 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Demand 2010-11-29 54136 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
SR - | Auto 2010-10-20 138656 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\windows\system32\TODDSrv.exe
SR - | Auto 2010-12-09 489384 | (TosCoSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
SR - | Auto 2010-12-20 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 2009-07-13 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 1658-07-10 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 2009-07-13 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 14s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by House at 2013-12-01 15:42:54
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by House at 2013-12-01 15:42:56

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13007 - (2013-12-01)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 2

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\ProgramData\Partner =>Spyware.Partner
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow ^
C:\Users\House\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 398385 Items scanned in 00mn 27s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/34077727-pua-startshow =>PUA.StartShow
~ http://nicolascoolman.webs.com/apps/blog/show/28193283-spyware-partner =>Spyware.Partner
~ MSI: 2 link(s) detected in 00mn 27s



~ 1442 Legitimates filtered by white list
End of the scan (466 lines in 03mn 25s)(0)
0
Réponse 23 / 29
Utilisateur anonyme
1 déc. 2013 à 22:05
Ceci est le rapport ZHPDiag avec la carte mémoire insérée :


~ Rapport de ZHPDiag v2013.12.1.4 - Nicolas Coolman (2013-12-01)
~ Lancé par House (2013-12-01 16:01:55)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16428 (Defaut)
GCIE: Google Chrome v31.0.1650.57

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : W8DQG
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
avast! Free Antivirus v9.0.2008
COMODO Firewall v6.3.32439.2937
Secunia PSI
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v4.07 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX
Adobe Reader XI
Java 7 Update 45

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4008 MB (49% free)
System Restore: Activé (Enable)
System drive C: has 258 GB (57%) free of 452 GB

---\\ Mode de connexion au système
~ Computer Name: HOUSE-PC
~ User Name: House
~ All Users Names: House, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\House\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\House\AppData\Roaming\
~ %Desktop% : C:\Users\House\Desktop\
~ %Favorites% : C:\Users\House\Favorites\
~ %LocalAppData% : C:\Users\House\AppData\Local\
~ %StartMenu% : C:\Users\House\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 258 Go of 452 Go)
D: CD-ROM drive (Not Inserted)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Free 25 Go of 29 Go)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Etat du Centre de Sécurité Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.2011-02-25 - 01:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2009-07-13 - 20:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.E6CB36B85BE59095337427E853A5B65A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2013-11-17 - 11:47:43.) -- C:\Windows\System32\wininet.dll [2332160]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.2010-11-20 - 22:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.2010-11-20 - 22:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2013-09-27 - 20:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-07-13 - 20:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009-07-13 - 18:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010-11-20 - 22:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010-11-20 - 22:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010-11-20 - 22:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.2009-07-13 - 18:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.2009-07-13 - 19:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-26 - 21:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.2010-11-20 - 22:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2013-04-12 - 09:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.2009-07-13 - 19:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2010-11-20 - 22:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.2009-07-13 - 19:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.2010-11-20 - 22:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2010-11-20 - 22:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/78
~ Mes Documents (My Documents) : 1/4346
~ Mon Bureau (My Desktop) : 1/2707
~ Menu demarrer (Programs) : 1/78
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.CAA0C16ADCCE6142A43AD83BFA20B38B] - (.Motorola Mobility LLC - MotoHelperAgent.) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe [698680] [PID.2632]
[MD5.97A1AFD42B8016D132C7BF38C955C6E1] - (.TOSHIBA CORPORATION - ConfigFree Task Tray Menu.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [304560] [PID.3144]
[MD5.1C5A81304F4B3A24914E10E339E3D51A] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\House\AppData\Roaming\uTorrent\uTorrent.exe [900440] [PID.3752] =>P2P.BitTorrent
[MD5.17F8160E5E3BCA4784AF3F11325027DF] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3825232] [PID.3912]
[MD5.D2C618BC5394D6D91D148556F22016A5] - (.Secunia - Secunia PSI Tray.) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe [565464] [PID.2500]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3716]
[MD5.1F0A97900FC718CE617A722BEF8580CD] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312] [PID.3660]
[MD5.BD95E822E7A958BBCA842D078426A151] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe [269848] [PID.4404]
[MD5.8A07221789D46B2EA7DFCA2BC807572A] - (.TOSHIBA CORPORATION - ConfigFree Switch Manager Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe [62848] [PID.4908]
[MD5.19225588505F3FFB12E8A6EED9E248CF] - (.Glarysoft Ltd - Glary Utilities 4.) -- C:\Program Files (x86)\Glary Utilities 4\Integrator.exe [757024] [PID.4568]
[MD5.3E02FD57FDAF184A15CCAD9D9BD9C626] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8263680] [PID.5000]
[MD5.636D97B3BAF854511FF3F4093E895FED] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [863184] [PID.5920]
[MD5.4D41D30E2FAB3307967C7A0B045DC874] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1476]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1900]
[MD5.1BCB26A55B2E092FAA4DA01D9A3DE528] - (.Motorola Mobility LLC - MotoHelper Service.) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528] [PID.2100]
[MD5.EA735BF6DF13A857A83C99BF27A422AD] - (.Motorola - ForwardDemon.) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657] [PID.2312]
[MD5.DA6C0E0B15CD0B135FD385AEABAE3A4C] - (.Secunia - Secunia PSI Agent.) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504] [PID.2352]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2620]
[MD5.F67C21CC4195F6AFC447418FE163E156] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [5087584] [PID.2748]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.1780]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.3792]
[MD5.CAB0EEAF5295FC96DDD3E19DCE27E131] - (.TOSHIBA CORPORATION - ConfigFree Service Process.) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [46448] [PID.4244]
[MD5.7F32D4C47A50E7223491E8FB9359907D] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.6688]
[MD5.2C16648A12999AE69A9EBF41974B0BA2] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.3552]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\House\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [booedmolknjekdopkepjjeckmjkdpfgl] Managerr v.0.1 (Activé)
G2 - GCE: Preference [User Data\Default] [flpcjncodpafbgdpnkljologafpionhb] Managera v.0.1 (Activé)
~ Google Browser: 48 Legitimates Filtered in 00mn 04s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 42



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: FL Studio 11.lnk . (.Image-Line - FL Studio launcher.) -- C:\Program Files (x86)\Image-Line\FL Studio 11\FL.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [Public]: FL Studio 11.lnk . (.Image-Line - FL Studio launcher.) -- C:\Program Files (x86)\Image-Line\FL Studio 11\FL.exe
O4 - GS\Program [Public]: hubiC.lnk . (...) -- C:\Program Files (x86)\OVH\hubiC\hubiC.exe (.not file.)
O4 - GS\Program [Public]: Outlast.lnk . (.Red Barrels Inc. - Outlast.) -- C:\Program Files (x86)\Outlast\Binaries\Win32\OLGame.exe
O4 - GS\Program [Public]: Recovery Media Creator Help.lnk . (.TOSHIBA Corporation - Help Application.) -- C:\Program Files\TOSHIBA\TOSHIBA Recovery Media Creator\help\Help.exe
O4 - GS\Program [Public]: Recovery Media Creator.lnk . (.Toshiba Information Equipment(Hangzhou)Co., - TOSHIBA Recovery Media Creator Launcher.) -- C:\Program Files\TOSHIBA\TOSHIBA Recovery Media Creator\TRMCLcher.exe
O4 - GS\QuickLaunch [House]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [House]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [House]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\House\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [House]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [House]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [House]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [House]: Usb fix.lnk . (...) -- C:\UsbFix\Go.exe
O4 - GS\Desktop [House]: WD Live.lnk . (...) -- \\WDTVLIVE\Elements
~ Global Startup: 73 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: hubiC.lnk . (...) -- C:\Program Files (x86)\OVH\hubiC\hubiC.exe (.not file.)
O4 - GS\Startup [Public]: Secunia PSI Tray.lnk . (.Secunia - Secunia PSI Tray.) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\House\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKCU\..\Run: [FileHippo.com] . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKLM\..\Wow6432Node\Run: [ToshibaServiceStation] . (.TOSHIBA Corporation - TOSHIBA Service Station.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe =>.Toshiba Corporation
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [20131121] . (.AVAST Software - avast! Emergency Update.) -- C:\Program Files\AVAST Software\Avast\setup\emupdate\1ba8923c-2fbf-41dd-8626-4220e1d1dee9.exe
O4 - HKUS\S-1-5-21-3506287002-3972640781-1100786848-1001\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\House\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-21-3506287002-3972640781-1100786848-1001\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-3506287002-3972640781-1100786848-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3506287002-3972640781-1100786848-1001\..\Run: [FileHippo.com] . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
O4 - HKUS\S-1-5-21-3506287002-3972640781-1100786848-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 [64Bits] - {97F922BD-8563-4184-87EE-8C4ACA438823} . (...) -- C:\Program Files\TOSHIBA\BulletinBoard\images\pin.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E11E986-8488-4FE2-9670-1EAF2DF3CD57}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E11E986-8488-4FE2-9670-1EAF2DF3CD57}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{2E11E986-8488-4FE2-9670-1EAF2DF3CD57}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk * ) - File not found
~ BEX: 1 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.B6037110B175707A353B12C814D34968] [APT] [Motorola Device Manager Engine] (...) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [196920]
[MD5.B6037110B175707A353B12C814D34968] [APT] [Motorola Device Manager Initial Update] (...) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [196920]
[MD5.B6037110B175707A353B12C814D34968] [APT] [Motorola Device Manager Update] (...) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [196920]
[MD5.00000000000000000000000000000000] [APT] [{07EA2A76-A7F4-4B48-AA7B-6E0155A42D0C}] (...) -- E:\Windows\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{17C94384-A073-4A3A-A4EC-370F4DD5C785}] (...) -- E:\Autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A76F3EC1-2243-42C8-8C2B-8AE7CA209F6A}] (...) -- C:\Users\House\Downloads\Programs\Win32_152818.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{AEA0D443-0C0F-43E6-85ED-85316FC46CD9}] (...) -- C:\Users\House\Downloads\Programs\Flash_Disinfector.exe (.not file.) [0]
~ Scheduled Task: 50 Legitimates Filtered in 00mn 03s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\FlashBoot]
~ Key Software: 283 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2013-10-13 - 22:01:35 - [0] ----D C:\ProgramData\Partner
~ Program Folder: 165 Legitimates Filtered in 00mn 03s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 2013-11-17 - 11:47:40 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [16284]
O44 - LFC:[MD5.F862CD08F1AD4EE39BD506853F3C6103] - 2013-11-17 - 11:47:40 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [16284]
O44 - LFC:[MD5.1C65C01F76C74CF03A7391BFE3531A31] - 2013-11-19 - 18:58:11 ---A- . (...) -- C:\Windows\SIERRA.INI [224]
O44 - LFC:[MD5.C11C2EC507C58B97139F5664AF91AD88] - 2013-11-28 - 18:16:26 ----- . (...) -- C:\bootsqm.dat [3288]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 2013-11-30 - 10:41:34 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 2013-11-30 - 10:41:34 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 2013-11-30 - 10:41:34 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 2013-11-30 - 10:41:34 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 2013-11-30 - 10:41:34 ---A- . (...) -- C:\Windows\zip.exe [68096]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 2013-11-30 - 10:55:23 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.E8E42740BF7D331207B507CEC6B47CB8] - 2013-11-30 - 20:21:22 ----- . (...) -- C:\curr_ver.tmp [1233]
O44 - LFC:[MD5.97E1ECE17A033BBE3B28B8DD1ED33057] - 2013-12-01 - 14:45:32 ----- . (...) -- C:\DelFix.txt [1013]
O44 - LFC:[MD5.5D41CE351800DCE1B5477A0B394CD6DE] - 2013-12-01 - 15:09:32 ----- . (...) -- C:\UsbFix [Clean 1] HOUSE-PC.txt [9324]
O44 - LFC:[MD5.B7F5DE8381C59CA8261F577305948FC6] - 2013-12-01 - 15:11:49 ----- . (...) -- C:\UsbFix [Clean 2] HOUSE-PC.txt [6465]
O44 - LFC:[MD5.76EE14F56DB63E7A46A3503F9D5C7512] - 2013-12-01 - 15:12:32 ---A- . (...) -- C:\UsbFix [Clean 3] HOUSE-PC.txt [6141]
~ Files: 194 Legitimates Filtered in 00mn 06s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.55BBF03EDE166523575A010363C3A2B6] - 2013-12-01 - 15:20:52 ---A- - C:\Windows\Prefetch\HUBIC.EXE-3835F941.pf
O45 - LFCP:[MD5.AD8306ED70332E42B0A5923FE1564DA3] - 2013-12-01 - 15:24:07 ---A- - C:\Windows\Prefetch\REGSVR64.EXE-15F84E66.pf
O45 - LFCP:[MD5.6E616DD23887F0613DB5CF67B9569D73] - 2013-12-01 - 15:24:11 ---A- - C:\Windows\Prefetch\INSTUP.EXE-4F33E695.pf
O45 - LFCP:[MD5.4EDA479BE685BED71D751F1E1E7A9AD3] - 2013-12-01 - 15:24:50 ---A- - C:\Windows\Prefetch\INSTUP.EXE-7E543EAF.pf
O45 - LFCP:[MD5.BFA97016BF178681675C35E5C7608189] - 2013-12-01 - 15:43:46 ---A- - C:\Windows\Prefetch\NACL64.EXE-90D94E4E.pf
~ Prefetcher: 100 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 2013-10-23 - 17:45:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776]
O58 - SDL:[MD5.59787B95DD9CA44CB139D96863438587] - 2013-10-23 - 17:45:31 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [205320]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 2009-07-13 - 20:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 2009-06-10 - 15:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.03F5F3EE4E8DB1CE944A6FA6DBE148CB] - 2013-11-07 - 18:41:38 ---A- . (.Tonec Inc. - Internet Download Manager WFP Driver.) -- C:\Windows\System32\Drivers\idmwfp.sys [174968]
O58 - SDL:[MD5.DD3FD48D69F5FBBB21D46D1514C1C2DB] - 2013-11-04 - 07:42:02 ---A- . (.Secunia - Secunia PSI Driver.) -- C:\Windows\System32\Drivers\psi_mf_amd64.sys [18456]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 2009-07-13 - 20:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 17 Legitimates Filtered in 00mn 01s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 2013-11-28 - 16:03:22 ---A- . (...) -- C:\Users\House\AppData\Roaming\ZHP\HOSTS.txt [1539] =>.Nicolas Coolman
O61 - LFC: 2013-12-01 - 16:03:05 ---A- . (...) -- C:\Users\House\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [269567]
O61 - LFC: 2013-12-01 - 16:03:16 ---A- . (...) -- C:\Users\House\AppData\Local\Google\Chrome\User Data\Local State [47787]
O61 - LFC: 2013-12-01 - 16:03:16 ---A- . (...) -- C:\Users\House\AppData\Local\Google\Chrome\User Data\nacl_validation_cache.bin [128]
O61 - LFC: 2013-12-01 - 16:03:18 ---A- . (...) -- C:\Users\House\AppData\Roaming\hubiC\hubiC.db [431104]
O61 - LFC: 2013-12-01 - 16:03:18 ---A- . (...) -- C:\Users\House\AppData\Roaming\hubiC\hubiC.db-journal [6704]
O61 - LFC: 2013-12-01 - 16:03:22 ---A- . (...) -- C:\Users\House\AppData\Roaming\ZHP\Log.txt [37907] =>.Nicolas Coolman
O61 - LFC: 2013-12-01 - 16:03:23 ---A- . (...) -- C:\Users\House\AppData\Roaming\ZHP\TestsZHPDiag.txt [2859] =>.Nicolas Coolman
O61 - LFC: 2013-12-01 - 16:03:23 ---A- . (...) -- C:\Users\House\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman
O61 - LFC: 2013-12-01 - 16:03:23 ---A- . (...) -- C:\Users\House\AppData\Roaming\ZHP\ZHPDiag.txt [34398] =>.Nicolas Coolman
~ 11 Fichiers temporaires (Temporary files)
~ Files: 139 Legitimates Filtered in 00mn 36s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - www.usbfix.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} - (Conduit Search) - http://search.conduit.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} [DefaultScope] - (Google) - https://www.google.com/?gws_rd=ssl
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.26351D4072C506B0BBEA9AC5C09BC4FC] [SPRF][2013-12-01] (...) -- C:\Users\House\AppData\Local\Temp\~gu3-ver.dat [106]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 2013-11-24 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 2013-09-24 164056 | (cmdvirth) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
SS - | Demand 2013-08-09 279024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 2010-04-03 246520 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
SS - | Auto 2013-10-13 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2013-10-13 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 2011-05-09 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 2005-11-14 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
SS - | Auto 2013-11-04 660184 | (Secunia Update Agent) . (.Secunia.) - C:\Program Files (x86)\Secunia\PSI\sua.exe
SS - | Auto 2013-09-05 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 2010-12-08 137632 | (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

SR - | Auto 2013-09-05 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 2013-11-17 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 2010-01-28 249200 | (cfWiMAXService) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
SR - | Auto 2013-10-19 6254152 | (cmdAgent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
SR - | Auto 2009-03-10 46448 | (ConfigFree Service) . (.TOSHIBA CORPORATION.) - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
SR - | Auto 2010-09-09 162824 | (GFNEXSrv) . (...) - C:\Windows\System32\GFNEXSrv.exe
SR - | Auto 2010-12-20 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 2013-10-25 2768208 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 2013-07-31 137528 | (Motorola Device Manager) . (.Motorola Mobility LLC.) - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
SR - | Auto 2011-09-02 65657 | (PST Service) . (.Motorola.) - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
SR - | Auto 2013-11-04 1228504 | (Secunia PSI Agent) . (.Secunia.) - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
SR - | Auto 2013-10-01 5087584 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
SR - | Demand 2010-11-29 54136 | (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.Toshiba Corporation
SR - | Auto 2010-10-20 138656 | (TODDSrv) . (.TOSHIBA Corporation.) - C:\windows\system32\TODDSrv.exe
SR - | Auto 2010-12-09 489384 | (TosCoSrv) . (.TOSHIBA Corporation.) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
SR - | Auto 2010-12-20 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 2009-07-13 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 1658-07-10 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 2009-07-13 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 10s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by House at 2013-12-01 16:04:24
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by House at 2013-12-01 16:04:26

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s



---\\ Scan Additionnel (O88)
Database Version : 13007 - (2013-12-01)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 2

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\ProgramData\Partner =>Spyware.Partner
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowHelp: Modified =>PUA.StartShow ^
C:\Users\House\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 398520 Items scanned in 00mn 31s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/34077727-pua-startshow =>PUA.StartShow
~ http://nicolascoolman.webs.com/apps/blog/show/28193283-spyware-partner =>Spyware.Partner
~ MSI: 2 link(s) detected in 00mn 31s



~ 1481 Legitimates filtered by white list
End of the scan (469 lines in 03mn 02s)(0)
0
Réponse 24 / 29
Utilisateur anonyme
4 déc. 2013 à 00:32
Up!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 29
Utilisateur anonyme
4 déc. 2013 à 00:44
Bonsoir

A appliquer ;merci

https://forums.commentcamarche.net/forum/affich-29218398-carte-memoire-infecter-besoin-d-aide-pour-desinfection?full#23

@+
0
Réponse 26 / 29
Utilisateur anonyme
4 déc. 2013 à 00:49
Salut, j'ai redonner la carte mémoire a mon ami, je suis tanner d'essayer de la désinfecter, sinon d'après le rapport ZHPDiag mon ordinateur est il infecté? si oui par quel moyen le désinfecter s'il te plais?
0
Réponse 27 / 29
Utilisateur anonyme
4 déc. 2013 à 00:51
Re

As tu noté un dysfonctionnement?

@+
0
Réponse 28 / 29
Utilisateur anonyme
4 déc. 2013 à 00:55
non pas vraiment... sinon d'après le rapport le pc est sain?
0
Réponse 29 / 29
Utilisateur anonyme
5 déc. 2013 à 00:02
Merci guillaume5188

@+
0

Discussions similaires

Arnaque ou pas?
Pauline -
bonjour -

24 réponses
combien d'espace memoire occupe un entier ...
diddy_19 -
kamla -

7 réponses
Carte bancaire passée à la machine à laver
Nicolas -
kusanagi79 -

5 réponses