5 sujets de 1 à 5 (sur un total de 5)
  • Auteur
    Messages
  • saif
    Participant
    Nombre d'articles : 2

    Bonsoir à tous, voilà, j’ai une clé usb infectée avec les icônes sous forme de raccourcis et un message qui s’affiche me disant qu’activator.vbs je sais pas quoi. J’ai vu qu’il falait télécharger usbfix dont voilà le rapport. Pourriez-vous m’aider s’il vous plaît.
    Un grand merci à vous.

    ############################## | UsbFix V 7.152 | [Recherche]

    Utilisateur: Saïf-Eddine (Administrateur) # SAÏF
    Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 19:14:34 | 03/12/2013

    Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
    Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
    Upload Malware : upload_malware.php
    Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

    PC: ASUSTeK COMPUTER INC. (K55A)
    CPU: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
    RAM -> [Total : 3982 | Free : 2373]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 8 (6.2.9200 64-Bit)
    WB: Windows Internet Explorer : 10.0.9200.16736
    WB: Mozilla Firefox : 25.0.1

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [(!) Disabled]
    AV: Kaspersky PURE 2.0 [(!) Disabled | (!) Outdated]
    AS: Windows Defender : 4.3.0215.0
    FW: Windows FireWall Service [Enabled]

    C: (%systemdrive%) -> Disque fixe # 186 Go (87 Go libre(s) – 47%) [OS] # NTFS
    D: -> Disque fixe # 258 Go (258 Go libre(s) – 100%) [DATA] # NTFS
    E: -> CD-ROM
    G: -> Disque amovible # 15 Go (15 Go libre(s) – 100%) [INTENSO] # FAT32

    ################## | Processus Actif |

    C:Windowssystem32csrss.exe (ID: 592 |ParentID: 580)
    C:Windowssystem32wininit.exe (ID: 636 |ParentID: 580)
    C:Windowssystem32csrss.exe (ID: 652 |ParentID: 644)
    C:Windowssystem32winlogon.exe (ID: 696 |ParentID: 644)
    C:Windowssystem32services.exe (ID: 736 |ParentID: 636)
    C:Windowssystem32lsass.exe (ID: 744 |ParentID: 636)
    C:Windowssystem32svchost.exe (ID: 848 |ParentID: 736)
    C:Windowssystem32svchost.exe (ID: 904 |ParentID: 736)
    C:WindowsSystem32svchost.exe (ID: 956 |ParentID: 736)
    C:Windowssystem32svchost.exe (ID: 988 |ParentID: 736)
    C:Windowssystem32svchost.exe (ID: 292 |ParentID: 736)
    C:Windowssystem32dwm.exe (ID: 432 |ParentID: 696)
    C:WindowsSystem32svchost.exe (ID: 456 |ParentID: 736)
    C:Windowssystem32svchost.exe (ID: 1184 |ParentID: 736)
    C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe (ID: 1252 |ParentID: 736)
    C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe (ID: 1296 |ParentID: 736)
    C:WindowsSystem32spoolsv.exe (ID: 1432 |ParentID: 736)
    C:Windowssystem32svchost.exe (ID: 1468 |ParentID: 736)
    C:Windowssystem32svchost.exe (ID: 1488 |ParentID: 736)
    C:Program Files (x86)ASUSASUS InstantOnInsOnSrv.exe (ID: 1636 |ParentID: 736)
    C:Program Files (x86)Kaspersky LabKaspersky PURE 2.0avp.exe (ID: 1676 |ParentID: 736)
    C:Program Files (x86)Common FilesInfoWatchCryptoStorageProtectedObjectsSrv.exe (ID: 1752 |ParentID: 736)
    C:Windowssystem32dashost.exe (ID: 1796 |ParentID: 456)
    C:Program FilesInteliCLS ClientHeciServer.exe (ID: 1828 |ParentID: 736)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe (ID: 1860 |ParentID: 736)
    C:Program Files (x86)RealNetworksRealDownloaderrndlresolversvc.exe (ID: 1932 |ParentID: 736)
    C:Windowssystem32svchost.exe (ID: 1960 |ParentID: 736)
    C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater17.1.2ToolbarUpdater.exe (ID: 2016 |ParentID: 736)
    C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater17.1.2loggingserver.exe (ID: 1896 |ParentID: 2016)
    C:Windowssystem32conhost.exe (ID: 1988 |ParentID: 1896)
    C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe (ID: 2536 |ParentID: 1252)
    C:Program Files (x86)ASUSASUS InstantOnInsOnWMI.exe (ID: 2544 |ParentID: 1636)
    C:Program Files (x86)ASUSASUS InstantOnInsOnCfg.exe (ID: 2560 |ParentID: 736)
    C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe (ID: 2600 |ParentID: 736)
    C:Windowssystem32taskhostex.exe (ID: 2608 |ParentID: 736)
    C:Program FilesASUSP4GBatteryLife.exe (ID: 2640 |ParentID: 736)
    C:WindowsExplorer.EXE (ID: 2816 |ParentID: 2708)
    C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe (ID: 2916 |ParentID: 2536)
    C:Windowssystem32wbemwmiprvse.exe (ID: 2948 |ParentID: 848)
    C:Program FilesWindowsAppsmicrosoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbweLiveComm.exe (ID: 2152 |ParentID: 848)
    C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe (ID: 3144 |ParentID: 2796)
    C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe (ID: 3152 |ParentID: 2752)
    C:Windowssystem32SearchIndexer.exe (ID: 3176 |ParentID: 736)
    C:WindowsSystem32igfxtray.exe (ID: 3728 |ParentID: 2816)
    C:WindowsSystem32hkcmd.exe (ID: 3808 |ParentID: 2816)
    C:Program FilesRealtekAudioHDARAVCpl64.exe (ID: 3880 |ParentID: 2816)
    C:Program Files (x86)ASUSSplendidACMON.exe (ID: 3964 |ParentID: 2816)
    C:WindowsSysWOW64ACEngSvr.exe (ID: 4020 |ParentID: 848)
    C:Windowssystem32igfxpers.exe (ID: 4048 |ParentID: 3992)
    C:Program Files (x86)Windows LiveMessengermsnmsgr.exe (ID: 3096 |ParentID: 2816)
    C:Program Files (x86)OpenOffice.org 3programsoffice.exe (ID: 3956 |ParentID: 2788)
    C:Program Files (x86)OpenOffice.org 3programsoffice.bin (ID: 3860 |ParentID: 3956)
    C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe (ID: 3600 |ParentID: 3080)
    C:Program Files (x86)Common FilesJavaJava Updatejusched.exe (ID: 2784 |ParentID: 3080)
    C:Program Files (x86)AVG Secure Searchvprot.exe (ID: 3752 |ParentID: 3080)
    C:Program Files (x86)RealRealPlayerUpdaterealsched.exe (ID: 2452 |ParentID: 3080)
    C:Program Files (x86)Kaspersky LabKaspersky PURE 2.0avp.exe (ID: 3540 |ParentID: 3080)
    C:Program Files (x86)ASUSASUS Live UpdateLiveUpdate.exe (ID: 4252 |ParentID: 736)
    C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPLoader.exe (ID: 4836 |ParentID: 2524)
    C:WindowsSystem32RuntimeBroker.exe (ID: 4912 |ParentID: 848)
    C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex64QuickGesture64.exe (ID: 4936 |ParentID: 4836)
    C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe (ID: 4948 |ParentID: 4836)
    C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPCenter.exe (ID: 4956 |ParentID: 4836)
    C:Program Files (x86)ASUSASUS Smart GestureAsTPCenterx64AsusTPHelper.exe (ID: 1112 |ParentID: 4956)
    C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe (ID: 4472 |ParentID: 736)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe (ID: 1164 |ParentID: 736)
    C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe (ID: 4740 |ParentID: 736)
    C:Program FilesWindows Media Playerwmpnetwk.exe (ID: 4148 |ParentID: 736)
    C:Windowsexplorer.exe (ID: 3504 |ParentID: 848)
    C:Program Files (x86)Mozilla Firefoxfirefox.exe (ID: 2876 |ParentID: 2816)
    C:Program Files (x86)RealNetworksRealDownloaderrecordingmanager.exe (ID: 4808 |ParentID: 2876)
    C:Windowssystem32svchost.exe (ID: 2860 |ParentID: 736)
    C:Program Files (x86)Mozilla Firefoxplugin-container.exe (ID: 5772 |ParentID: 2876)
    C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 5804 |ParentID: 5772)
    C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe (ID: 5840 |ParentID: 5804)
    C:UsbFixGo.exe (ID: 6136 |ParentID: 36)
    C:Windowssystem32taskeng.exe (ID: 5304 |ParentID: 988)
    C:WindowsSystem32WUDFHost.exe (ID: 4844 |ParentID: 456)
    C:WindowsSystem32ThumbnailExtractionHost.exe (ID: 5428 |ParentID: 848)
    C:Windowssystem32wbemwmiprvse.exe (ID: 5480 |ParentID: 848)

    ################## | Regedit Run |

    04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
    04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWARE | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
    04 – HKLMSOFTWARE | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe /S
    04 – HKLMSOFTWARE | Run : [beid] – “C:Program Files (x86)Belgium Identity Cardbeid35gui.exe” /startup
    04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWARE | Run : [vProt] – “C:Program Files (x86)AVG Secure Searchvprot.exe”
    04 – HKLMSOFTWARE | Run : [TkBellExe] – “c:program files (x86)realrealplayerUpdaterealsched.exe” -osboot
    04 – HKLMSOFTWARE | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky PURE 2.0avp.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe Reader Speed Launcher] – “C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [Adobe ARM] – “C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [RemoteControl10] – “C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [ASUSWebStorage] – C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe /S
    04 – HKLMSOFTWAREwow6432Node | Run : [beid] – “C:Program Files (x86)Belgium Identity Cardbeid35gui.exe” /startup
    04 – HKLMSOFTWAREwow6432Node | Run : [SunJavaUpdateSched] – “C:Program Files (x86)Common FilesJavaJava Updatejusched.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [vProt] – “C:Program Files (x86)AVG Secure Searchvprot.exe”
    04 – HKLMSOFTWAREwow6432Node | Run : [TkBellExe] – “c:program files (x86)realrealplayerUpdaterealsched.exe” -osboot
    04 – HKLMSOFTWAREwow6432Node | Run : [AVP] – “C:Program Files (x86)Kaspersky LabKaspersky PURE 2.0avp.exe”
    04 – HKLMSOFTWARE | RunOnce : [] –
    04 – HKLMSOFTWAREwow6432Node | RunOnce : [] –
    04 – HKUS-1-5-21-3609288828-2702090838-3575063521-1001SOFTWARE | Run : [msnmsgr] – “C:Program Files (x86)Windows LiveMessengerMsnMsgr.Exe” /background

    ################## | Recherche générique |

    Présent! G:Betul – MA1.lnk
    Présent! G:Dégats egouts.lnk
    Présent! G:Gastro – Tableau 01.lnk
    Présent! G:Gastro – Tableau 02.lnk
    Présent! G:Gastro – Tableau 03.lnk
    Présent! G:Indexation loyer 2013.lnk
    Présent! G:mp3 Ashnaei ba olum qorani.lnk
    Présent! G:mp3 Tarikh Islam.lnk
    Présent! G:RECYCLER.lnk
    Présent! G:résumés 1er master.lnk
    Présent! G:RyanairBoardingPass.lnk
    Présent! G:saghir.lnk
    Présent! G:Said – MEDE4.lnk
    Présent! G:StudentAtWork50Days-Attestation.lnk
    Présent! G:syllabus3.lnk
    Présent! C:UsersSAF-ED~1AppDataLocalTemputtD696.tmp.exe
    Présent! C:UsersSAF-ED~1AppDataLocalTempwinziprosetup-WZRO6_20130221.exe

    ################## | Registre |

    Présent! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktop -> 1
    Présent! HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer|NoActiveDesktopChanges -> 1

    ################## | Vaccin |

    (!) Cet ordinateur n’est pas vacciné!

    ################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

    billmaximebillmaxime
    Moderator
    Nombre d'articles : 1402

    :hello: saif et :welcome: sur sosvirus

    pour ton problème, fais ceci et poste le rapport s’il te plaît

    • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Branchez toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Choisis l’option Suppression

      Note : Si UsbFix bloque à 14%, démarrer en mode sans échec. (Voir >> ICI <<)

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse

    ensuite, fais ceci et poste aussi le rapport

    • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
    • Installe le logiciel.
    • Lance ZHPDiag, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clique sur Configurer
    • Clique sur l’icône représentant une loupe avec un + (« Lancer le diagnostic »)

      Note : Ne pas fermer le programme même si il est indiqué qu’il ne répond plus.

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
    • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    :merci2:

    ps: je regarde les rapports plus tard en fin de soirée

    saif
    Participant
    Nombre d'articles : 2

    Salut, un grand merci à toi pour ton aide. Ça fait vraiment toubib :-). Le rapport usbfix avait déjà été mis dans mon premier poste, voilà celui de ZHPdiag:

    ~ Rapport de ZHPDiag v2013.12.5.11 – Nicolas Coolman (05/12/2013)
    ~ Lancé par Saïf-Eddine (05/12/2013 20:07:40)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by program

    —\ Navigateurs Internet
    MSIE: Internet Explorer v10.0.9200.16736
    MFIE: Mozilla Firefox 25.0.1 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 8 Home Premium Edition, 64-bit (Build 9200)
    Windows Server License Manager Script : OK
    ~ ion : Windows(R) Operating System, OEM_DM channel
    Windows ID Activation : OK
    ~ Windows Partial Key : X2BQ6
    Windows License : OK
    ~ Windows Remaining Initializations Number : 998
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    Kaspersky PURE 2.0 v12.0.2.733
    Windows Defender W8

    —\ Logiciels d’optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader X MUI
    Java 7 Update 21

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3981.7 MB (57% free)
    System Restore: Activé (Enable)
    System drive C: has 87 GB (46%) free of 186 GB

    —\ Mode de connexion au système
    ~ Computer Name: SAÏF
    ~ User Name: Saïf-Eddine
    ~ All Users Names: Saïf-Eddine, HomeGroupUser$, El Bouhali-Zian, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersSaïf-EddineAppDataRoamingZHP
    ~ %AppData% : C:UsersSaïf-EddineAppDataRoaming
    ~ %Desktop% : C:UsersSaïf-EddineDesktop
    ~ %Favorites% : C:UsersSaïf-EddineFavorites
    ~ %LocalAppData% : C:UsersSaïf-EddineAppDataLocal
    ~ %StartMenu% : C:UsersSaïf-EddineAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 87 Go of 186 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 258 Go of 258 Go)
    E: CD-ROM drive (Not Inserted)
    G: Floppy drive, Flash card reader, USB Key (Free 15 Go of 15 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    ~ Security Center: 41 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.0E8E6463F81C80AFBED533E0F1F8895D] – (.Microsoft Corporation – Explorateur Windows.) (.01/06/2013 – 12:34:21.) — C:WindowsExplorer.exe [2391280]
    [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] – (.Microsoft Corporation – Application de démarrage de Windows.) (.26/07/2012 – 04:08:50.) — C:WindowsSystem32Wininit.exe [132608]
    [MD5.9706C99DAEBE3FEAC811B239617E98C4] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.12/10/2013 – 09:45:20.) — C:WindowsSystem32wininet.dll [2241536]
    [MD5.BCF2036A0DD579E47C008C133550283E] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.11/10/2012 – 06:46:58.) — C:WindowsSystem32Winlogon.exe [517120]
    [MD5.9448F5740A037EC0C18F0E9177232DD0] – (.Microsoft Corporation – Bibliothèque de licences.) (.26/07/2012 – 04:07:20.) — C:WindowsSystem32sppcomapi.dll [273408]
    [MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] – (.Microsoft Corporation – Pilote de fonction connexe pour WinSock.) (.04/09/2013 – 04:11:23.) — C:Windowssystem32DriversAFD.sys [576512]
    [MD5.A721FF570C2387E383BDDEA9632863C9] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.26/07/2012 – 06:00:48.) — C:Windowssystem32Driversatapi.sys [25840]
    [MD5.990B1BABE6E81FB18E65A87EBEFB1772] – (.Microsoft Corporation – CD-ROM File System Driver.) (.26/07/2012 – 03:30:10.) — C:Windowssystem32DriversCdfs.sys [108544]
    [MD5.339BFF85D788268752DA8C9644B188EE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.26/07/2012 – 03:26:36.) — C:Windowssystem32DriversCdrom.sys [174080]
    [MD5.09D9EB9E7898F8E6561473A20CC808B9] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.26/07/2012 – 03:26:53.) — C:Windowssystem32DriversDfsC.sys [118784]
    [MD5.7D87B5B6C7188D553E11B59DC7F0B111] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/09/2012 – 07:08:44.) — C:Windowssystem32DriversHDAudBus.sys [71168]
    [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] – (.Microsoft Corporation – Pilote de port i8042.) (.26/07/2012 – 03:28:51.) — C:Windowssystem32Driversi8042prt.sys [112640]
    [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] – (.Microsoft Corporation – IP Network Address Translator.) (.26/07/2012 – 03:23:01.) — C:Windowssystem32DriversIpNat.sys [145920]
    [MD5.93179D48066918323628CB016D8C94DC] – (.Microsoft Corporation – Minirdr SMB Windows NT.) (.05/02/2013 – 23:29:09.) — C:Windowssystem32DriversMRxSmb.sys [370688]
    [MD5.7CEC25C682D319D484630B3952C31A11] – (.Microsoft Corporation – MBT Transport driver.) (.26/07/2012 – 03:24:28.) — C:Windowssystem32DriversnetBT.sys [331776]
    [MD5.76929F4A69E425911A63B407E26C2589] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.02/02/2013 – 11:54:54.) — C:Windowssystem32Driversntfs.sys [1933544]
    [MD5.4563DAF8C6A740AD7F501E219BD10766] – (.Microsoft Corporation – Pilote de port parallèle.) (.26/07/2012 – 03:29:53.) — C:Windowssystem32DriversParport.sys [105984]
    [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.26/07/2012 – 03:23:17.) — C:Windowssystem32DriversRasl2tp.sys [124928]
    [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] – (.Microsoft Corporation – Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 – 03:25:18.) — C:Windowssystem32Driversrdpdr.sys [179712]
    [MD5.73DC722CE5DF26D7638CE2446F2655C7] – (.Microsoft Corporation – TDI Translation Driver.) (.26/07/2012 – 06:26:47.) — C:Windowssystem32Driverstdx.sys [117248]
    [MD5.78A5BBA3819FFFC62FFEC3E2220D102D] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.01/06/2013 – 12:26:33.) — C:Windowssystem32Driversvolsnap.sys [327936]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/18
    ~ Mes Videos (My Videos) : 1/103
    ~ Mes Favoris (My Favorites) : 1/7
    ~ Mes Documents (My Documents) : 3/879
    ~ Mon Bureau (My Desktop) : 1/791
    ~ Menu demarrer (Programs) : 1/25
    ~ Hidden Files: Scanned in 00mn 00s

    —\ Processus lancés
    [MD5.79174FD5F4DE078642BE1CACB124BFCA] – (.ASUS – ASUS InstantOn.) — C:Program Files (x86)ASUSASUS InstantOnInsOnCfg.exe [1126784] [PID.3740]
    [MD5.7C58A2513C3DA421A461D75C66C56D21] – (.ASUSTek Computer Inc. – ASUS USB Charger Plus.) — C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe [1123536] [PID.3772]
    [MD5.A2791CF11D1ED52DBCD75D2FFD4D50E7] – (.ASUSTek Computer Inc. – ATK Media.) — C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe [178848] [PID.3184]
    [MD5.2C35624F79B9ADBFE47090879F0D8673] – (.ASUSTek Computer Inc. – ATKOSD2.) — C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe [322208] [PID.2528]
    [MD5.29769215DEB6E8418EF3656B0423776E] – (.ASUSTeK Computer Inc. – ASUS Quick Gesture Exe.) — C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe [20352] [PID.3220]
    [MD5.E05FFF1C05C80CCE83C766198896C7CF] – (.ASUS – ACMON.) — C:Program Files (x86)ASUSSplendidACMON.exe [90832] [PID.4092]
    [MD5.98CADC34741738CFC24F5CDFDAA408FA] – (.ASUSTeK – ACEngSvr Module.) — C:WindowsSysWOW64ACEngSvr.exe [162456] [PID.3096]
    [MD5.B7995C675014EEBE77A0BEB7AFCCFC08] – (.CyberLink Corp. – PowerDVD RC Service.) — C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe [91432] [PID.4240]
    [MD5.D63797E8E7781EE1500A810CB6194FA6] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [253816] [PID.4260]
    [MD5.2E068599FCF51B3F4640458950A069FC] – (.Pas de propriétaire – VProtect Application.) — C:Program Files (x86)AVG Secure Searchvprot.exe [2420248] [PID.4288] =>Toolbar.AVGSearch
    [MD5.225518F190EDBC37CA32197A3E94B498] – (.RealNetworks, Inc. – RealNetworks Scheduler.) — C:Program Files (x86)RealRealPlayerUpdaterealsched.exe [295512] [PID.4312]
    [MD5.AEFC1353D0FB4E92A23CFB7E3372356D] – (.Kaspersky Lab ZAO – Kaspersky Anti-Virus.) — C:Program Files (x86)Kaspersky LabKaspersky PURE 2.0avp.exe [202328] [PID.1684]
    [MD5.749949494676218FFA99501F4AA22ECC] – (.OpenOffice.org – OpenOffice.org 3.4.1.) — C:Program Files (x86)OpenOffice.org 3programsoffice.exe [10376704] [PID.4396]
    [MD5.4EE367B8B1964160A1F1B80095183D3A] – (.OpenOffice.org – OpenOffice.org 3.4.1.) — C:Program Files (x86)OpenOffice.org 3programsoffice.bin [10368512] [PID.4548]
    [MD5.01F1839AD462D146BB15B1DA9FDE2EE7] – (.ASUSTeK Computer Inc. – ASUS Live Update.) — C:Program Files (x86)ASUSASUS Live UpdateLiveUpdate.exe [1557664] [PID.4736]
    [MD5.59588AA5DDCB31B8155D49FE11987A69] – (.Microsoft Corporation – Microsoft Office Word.) — C:Program Files (x86)Microsoft OfficeOffice12WINWORD.exe [409776] [PID.5860]
    [MD5.077D59BA0FD4007E841B6C670862B065] – (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe [275568] [PID.3688]
    [MD5.013CBC83D1C8131EB623567EF4D3FFCC] – (.RealNetworks, Inc. – RealDownloader.) — C:Program Files (x86)RealNetworksRealDownloaderrecordingmanager.exe [233048] [PID.5888]
    [MD5.E0B173F23D873286169995D66B9E3CDF] – (.Mozilla Corporation – Plugin Container for Firefox.) — C:Program Files (x86)Mozilla Firefoxplugin-container.exe [18544] [PID.3952]
    [MD5.EB68851F020D35293EADAADEB18B8220] – (.Adobe Systems, Inc. – Adobe Flash Player 11.9 r900.) — C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe [1862536] [PID.4472]
    [MD5.7B121F44335FE23A1B54B4399A5EC116] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8281088] [PID.6932]
    ~ Processes Running: Scanned in 00mn 00s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersSaïf-EddineAppDataRoamingMozillaFirefoxProfilesmyu1ml4x.defaultprefs.js
    M0 – MFSP: prefs.js [Saïf-Eddine – myu1ml4x.default] google.be
    M2 – MFEP: prefs.js [Saïf-Eddine – myu1ml4x.defaulta000b9@wips.com] [] Youtubeâ„¢ Search v1.0.5 (..)
    ~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://google.be” onclick=”window.open(this.href);return false;
    ~ IE Browser: 11 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: eID Viewer.lnk . (.FedICT – eID Viewer.) — C:Program Files (x86)Belgium Identity CardEidViewereID Viewer.exe
    O4 – GSDesktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSDesktop [Public]: WebStorage Sync Agent.lnk . (.ASUS Cloud Corporation – ASUS WebStorage Panel.) — C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe
    O4 – GSProgram [Public]: Desktop.lnk – Clé orpheline
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [Saïf-Eddine]: Free PDF to Word Converter.lnk . (.Free-PDF-to-Word.com – Free PDF to Word Converter.) — C:Program Files (x86)Free PDF to Word ConverterPDF2Word.exe
    O4 – GSQuickLaunch [Saïf-Eddine]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSTaskBar [Saïf-Eddine]: ASUS InstantOn.lnk . (…) — C:WindowsInstaller{749F674B-2674-47E8-879C-5626A06B2A91}_5071C9DBC1BB2B48AAB6B3.exe
    O4 – GSTaskBar [Saïf-Eddine]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSProgram [Saïf-Eddine]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSProgram [Saïf-Eddine]: Kaspersky PURE 2.0.lnk . (.Kaspersky Lab ZAO – Kaspersky Anti-Virus.) — C:Program Files (x86)Kaspersky LabKaspersky PURE 2.0avp.exe
    O4 – GSQuickLaunch [El Bouhali-Zian]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSTaskBar [El Bouhali-Zian]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O4 – GSProgram [El Bouhali-Zian]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    O4 – GSProgram [El Bouhali-Zian]: Kaspersky PURE 2.0.lnk . (.Kaspersky Lab ZAO – Kaspersky Anti-Virus.) — C:Program Files (x86)Kaspersky LabKaspersky PURE 2.0avp.exe
    O4 – GSDesktop [El Bouhali-Zian]: TP 306 27.02 – Raccourci.lnk . (…) — C:UsersSaïf-EddineDocumentsTP 306 27.02.xlsx (.not file.)
    ~ Global Startup: 47 Legitimates Filtered in 00mn 03s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Public]: AsusVibeLauncher.lnk . (.ASUSTeK Computer Inc. – AsusVibe Application.) — C:Program Files (x86)ASUSAsusVibeAsusVibeLauncher.exe
    O4 – GSStartup [Saïf-Eddine]: OpenOffice.org 3.4.1.lnk . (…) — C:Program Files (x86)OpenOffice.org 3programquickstart.exe
    O4 – GSStartup [El Bouhali-Zian]: OpenOffice.org 3.4.1.lnk . (…) — C:Program Files (x86)OpenOffice.org 3programquickstart.exe
    O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
    O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
    O4 – HKLM..Run: [RTHDVCPL] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [ACMON] . (.ASUS – ACMON.) — C:Program Files (x86)ASUSSplendidACMON.exe
    O4 – HKCU..Run: [msnmsgr] . (.Microsoft Corporation – Windows Live Messenger.) — C:Program Files (x86)Windows LiveMessengerMsnMsgr.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe
    O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Wow6432NodeRun: [RemoteControl10] . (.CyberLink Corp. – PowerDVD RC Service.) — C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe
    O4 – HKLM..Wow6432NodeRun: [ASUSWebStorage] . (.ASUS Cloud Corporation – ASUS WebStorage Panel.) — C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe
    O4 – HKLM..Wow6432NodeRun: [beid] C:Program Files (x86)Belgium Identity Cardbeid35gui.exe (.not file.)
    O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKLM..Wow6432NodeRun: [vProt] . (.Pas de propriétaire – VProtect Application.) — C:Program Files (x86)AVG Secure Searchvprot.exe =>Toolbar.AVGSearch
    O4 – HKLM..Wow6432NodeRun: [TkBellExe] . (.RealNetworks, Inc. – RealNetworks Scheduler.) — c:program files (x86)realrealplayerUpdaterealsched.exe =>.RealNetworks, Inc
    O4 – HKLM..Wow6432NodeRun: [AVP] . (.Kaspersky Lab ZAO – Kaspersky Anti-Virus.) — C:Program Files (x86)Kaspersky LabKaspersky PURE 2.0avp.exe
    O4 – HKUSS-1-5-21-3609288828-2702090838-3575063521-1001..Run: [msnmsgr] . (.Microsoft Corporation – Windows Live Messenger.) — C:Program Files (x86)Windows LiveMessengerMsnMsgr.exe
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: Clavier &virtuel [64Bits] – {4248FE82-7FCB-46AC-B270-339F08212110} . (…) — C:Program Files (x86)Kaspersky LabKaspersky PURE 2.0kbrd.ico
    O9 – Extra button: Analyse des &liens [64Bits] – {CCF151D8-D089-449F-A5A4-D9909053F20F} . (…) — C:Program Files (x86)Kaspersky LabKaspersky PURE 2.0logo.ico
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{7F9D8706-5F2E-45EF-9603-A3C82B058643}: DhcpNameServer = 164.15.59.200
    O17 – HKLMSystemCCSServicesTcpip..{BB32DDB4-48F4-49BE-A6CB-8932188DFF32}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{7F9D8706-5F2E-45EF-9603-A3C82B058643}: DhcpDomain = ulb.ac.be
    O17 – HKLMSystemCS1ServicesTcpip..{7F9D8706-5F2E-45EF-9603-A3C82B058643}: DhcpNameServer = 164.15.59.200
    O17 – HKLMSystemCS1ServicesTcpip..{BB32DDB4-48F4-49BE-A6CB-8932188DFF32}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{7F9D8706-5F2E-45EF-9603-A3C82B058643}: DhcpDomain = ulb.ac.be
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 164.15.59.200
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: viprotocol [64Bits] – {B658800C-F66E-4EF3-AB85-6C0C227862A9} . (…) —
    O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    O20 – Winlogon Notify: klogon . (.Kaspersky Lab ZAO – Logon Visualizer.) — C:WindowsSystem32klogon.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: (vToolbarUpdater17.1.2) . (.AVG Secure Search – ToolbarU Application.) – C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater17.1.2ToolbarUpdater.exe =>Toolbar.AVGSearch
    ~ Services: 13 Legitimates Filtered in 00mn 09s

    —\ Tâches planifiées en automatique (O39)
    O39 – APT:Automatic Planified Task – C:WindowsTasksReclaimerUpdateFiles_Saïf-Eddine.job [404]
    O39 – APT:Automatic Planified Task – C:WindowsTasksReclaimerUpdateXML_Saïf-Eddine.job [400]
    O39 – APT:Automatic Planified Task – C:WindowsTasksRNUpgradeHelperLogonPrompt_Saïf-Eddine.job [410]
    ~ Scheduled Task: 30 Legitimates Filtered in 00mn 07s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareConduit] =>Toolbar.Conduit
    [HKLMSoftwareWow6432NodeConduit] =>Toolbar.Conduit
    ~ Key Software: 212 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 30/05/2013 – 12:08:32 – [0] —-D C:UsersSaïf-EddineAppDataRoamingLite
    ~ 126 Dossiers CLSID vides (CLSID Empty Folders)
    ~ Program Folder: 256 Legitimates Filtered in 00mn 37s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.6A4B9FBC1E88C400AD671A50DADFA84D] – 01/12/2013 – 21:21:44 —A- . (…) — C:WindowsSysNativeApnDatabase.xml [386923]
    O44 – LFC:[MD5.6A4B9FBC1E88C400AD671A50DADFA84D] – 01/12/2013 – 21:21:44 —A- . (…) — C:WindowsSystem32ApnDatabase.xml [386923]
    O44 – LFC:[MD5.2ADC500D8DAB0E1472F184DD3ED27F82] – 03/12/2013 – 19:15:15 —A- . (…) — C:UsbFix [Scan 1] SAÏF.txt [10932]
    ~ Files: 144 Legitimates Filtered in 01mn 03s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.651FDEA84F57294BE155BF2015757E72] – 01/12/2013 – 21:49:08 —A- – C:WindowsPrefetchTAPTILES.EXE-BCAE3C54.pf
    O45 – LFCP:[MD5.B0B42E2A59CBD5D41E290E57896A3E3E] – 03/12/2013 – 19:24:01 —A- – C:WindowsPrefetchGO.EXE-34414F70.pf
    O45 – LFCP:[MD5.87974A0A85DE021D9590CCB15A2DC1E2] – 03/12/2013 – 22:00:02 —A- – C:WindowsPrefetchPDVD10SERV.EXE-99C8A7B5.pf
    O45 – LFCP:[MD5.A376644826DB7802D5D0AEDCEA7A8FF9] – 05/12/2013 – 10:26:57 —A- – C:WindowsPrefetchdynreservedpri.db
    O45 – LFCP:[MD5.4750636DBD20535147CBCAD2B378F657] – 05/12/2013 – 14:28:24 —A- – C:WindowsPrefetchMY_INTEL_CPP_X64.EXE-1A95AA96.pf
    O45 – LFCP:[MD5.EDA87DAA6BB348F16606B69E1F5B4727] – 05/12/2013 – 14:28:57 —A- – C:WindowsPrefetchVPROT.EXE-659B8A79.pf
    O45 – LFCP:[MD5.4F2293E7BF83FEAB745284E68C98A409] – 05/12/2013 – 15:30:46 —A- – C:WindowsPrefetchGLCND.EXE-DD45F588.pf
    O45 – LFCP:[MD5.71A342021764D1485D9178F621D74647] – 05/12/2013 – 20:05:30 —A- – C:WindowsPrefetch_IU14D2N.TMP-04EBDAA7.pf
    O45 – LFCP:[MD5.3DF290CCE9A428E234EDA1B2BD1190BC] – 27/11/2013 – 22:33:26 —A- – C:WindowsPrefetchGLCND.EXE-1C7784D8.pf
    ~ Prefetcher: 186 Legitimates Filtered in 00mn 02s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{1071b829-6ac8-11e2-be78-08606e024a09}AutoRuncommand. (…) — F:iLinker.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 17 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.AB1201F8DE199E764DA9A32ABF71049C] – 14/12/2009 – 11:44:24 —A- . (.Infowatch – Cryptographic Algorithm Lib Driver..) — C:WindowsSystem32DriversCSCrySec.sys [85048]
    O58 – SDL:[MD5.A6EED705BB510FA6B0F9F097165A3395] – 14/12/2009 – 11:44:24 —A- . (.Infowatch – Virtual Volume Container Driver (wnet).) — C:WindowsSystem32DriversCSVirtualDiskDrv.sys [66104]
    O58 – SDL:[MD5.A8080BEBCDB7A16495CE1205921DCAC5] – 02/08/2012 – 04:22:48 —A- . (.Pas de propriétaire – Keyboard Filter Driver.) — C:WindowsSystem32Driverskbfiltr.sys [14992]
    O58 – SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] – 26/07/2012 – 06:00:55 —A- . (.Promise Technology, Inc. – Promise SuperTrak EX Series Driver for Windows x64.) — C:WindowsSystem32Driversstexstor.sys [30960]
    ~ Drivers: 17 Legitimates Filtered in 00mn 04s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 02/12/2013 – 20:11:22 —A- . (…) — C:UsersSaïf-EddineLinksDesktop.lnk [493]
    O61 – LFC: 02/12/2013 – 20:11:22 —A- . (…) — C:UsersSaïf-EddineLinksDownloads.lnk [960]
    O61 – LFC: 02/12/2013 – 20:11:22 —A- . (…) — C:UsersSaïf-EddineLinksRecentPlaces.lnk [383]
    O61 – LFC: 04/12/2013 – 20:10:05 —A- . (…) — C:UsersSaïf-EddineAppDataLocalAVG Secure SearchSiteSafetyl_2013_12_03_04_21_15.db [1045072] =>Toolbar.AVGSearch
    O61 – LFC: 04/12/2013 – 20:10:05 —A- . (…) — C:UsersSaïf-EddineAppDataLocalGDIPFONTCACHEV1.DAT [119408]
    O61 – LFC: 05/12/2013 – 20:10:05 —A- . (…) — C:UsersSaïf-EddineAppDataLocalAVG Secure SearchSiteSafetyl_2013_12_04_11_06_41.db [1348704] =>Toolbar.AVGSearch
    O61 – LFC: 05/12/2013 – 20:10:40 –HA- . (…) — C:UsersSaïf-EddineAppDataRoamingMicrosoftTemplates~$Normal.dotm [162]
    O61 – LFC: 05/12/2013 – 20:10:47 —A- . (…) — C:UsersSaïf-EddineAppDataRoamingZHPLog.txt [17576] =>.Nicolas Coolman
    O61 – LFC: 05/12/2013 – 20:10:47 —A- . (…) — C:UsersSaïf-EddineAppDataRoamingZHPTestsZHPDiag.txt [3028] =>.Nicolas Coolman
    O61 – LFC: 05/12/2013 – 20:10:47 —A- . (…) — C:UsersSaïf-EddineAppDataRoamingsp_data.sys [380]
    ~ 3 Fichiers temporaires (Temporary files)
    ~ Files: 182 Legitimates Filtered in 01mn 19s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (…) — C:ProgramDataSetStretch.exe [24576]
    [MD5.DB4F9C7CDB2EEF82337E2B289B61F827] [SPRF][26/09/2013] (…) — C:UsersSaïf-EddineAppDataLocalTempDelUS.bat [588]
    [MD5.346CA14A185E93E96F6CCCC7D2A3D304] [SPRF][14/06/2013] (.AVG Secure Search – AVG Installer.) — C:UsersSaïf-EddineAppDataLocalTempoi_{5704CAA2-D194-42BC-9F76-DC6973276FC1}.exe [3239960] =>Toolbar.AVGSearch
    [MD5.740F803BC9046BE7C3F1AA10EE287DF7] [SPRF][16/06/2013] (…) — C:UsersSaïf-EddineAppDataLocalTemputt943E.tmp.bat [104]
    [MD5.79D33D56FDBC78AD319475CE6E497962] [SPRF][14/06/2013] (…) — C:UsersSaïf-EddineAppDataLocalTemputtD696.tmp.exe [8228864]
    [MD5.293F0F4EC79E9E016F8193BA3552A33F] [SPRF][24/01/2013] (.Pas de propriétaire – Windows Live Installer.) — C:UsersSaïf-EddineAppDataLocalTempwlsetupc.exe [699464]
    [MD5.441446D85E77BCDEA06B32D51A2016F7] [SPRF][05/12/2013] (…) — C:UsersSaïf-EddineAppDataRoamingsp_data.sys [380]
    ~ Files: 12 Legitimates Filtered in 00mn 00s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 08/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 16/08/2012 276288 | (cphs) . (.Intel Corporation.) – C:WindowsSysWow64IntelCpHeciSvc.exe
    SS – | Auto 21/08/2013 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 21/08/2013 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 22/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe

    SR – | Auto 23/07/2012 105120 | (ASLDRService) . (.ASUSTek Computer Inc..) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
    SR – | Auto 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) – C:Program Files (x86)ASUSASUS InstantOnInsOnSrv.exe
    SR – | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
    SR – | Auto 30/08/2012 202328 | (AVP) . (.Kaspersky Lab ZAO.) – C:Program Files (x86)Kaspersky LabKaspersky PURE 2.0avp.exe
    SR – | Auto 21/12/2009 743992 | (CSObjectsSrv) . (.Infowatch.) – C:Program Files (x86)Common FilesInfoWatchCryptoStorageProtectedObjectsSrv.exe
    SR – | Auto 13/07/2012 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) – C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe
    SR – | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientHeciServer.exe
    SR – | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
    SR – | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 16/04/2013 39056 | (RealNetworks Downloader Resolver Service) . (…) – C:Program Files (x86)RealNetworksRealDownloaderrndlresolversvc.exe
    SR – | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SR – | Auto 11/11/2013 1734680 | (vToolbarUpdater17.1.2) . (.AVG Secure Search.) – C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater17.1.2ToolbarUpdater.exe =>Toolbar.AVGSearch
    SR – | Demand 10/07/1658 0 | (WinDefend) . (…) – C:Program Files (x86)Windows DefenderMsMpEng.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Demand 20/09/2012 29696 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe

    ~ Services: Scanned in 00mn 13s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Run by Saïf-Eddine at 05/12/2013 20:14:18
    ~ OS 64 not supported by MBR tool

    ~ MBR: 0 Legitimates Filtered in 00mn 00s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Saïf-Eddine at 05/12/2013 20:14:20

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13011 – (05/12/2013)
    Clés trouvées (Keys found) : 27
    Valeurs trouvées (Values found) : 1
    Dossiers trouvés (Folders found) : 5
    Fichiers trouvés (Files found) : 4

    [HKLMSYSTEMCurrentControlSetServicesvToolbarUpdater17.1.2] =>Toolbar.AVGSearch^
    [HKLMSoftwareClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
    [HKLMSoftwareWow6432NodeClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
    [HKLMSoftwareClassesAppID{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
    [HKLMSoftwareWow6432NodeClassesAppID{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
    [HKLMSoftwareClassesInterface{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
    [HKLMSoftwareWow6432NodeClassesInterface{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
    [HKLMSoftwareClassesTypeLib{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch
    [HKLMSoftwareClassesTypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
    [HKLMSoftwareClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
    [HKLMSoftwareWow6432NodeClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
    [HKLMSoftwareClassesAppID{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
    [HKLMSoftwareWow6432NodeClassesAppID{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
    [HKLMSoftwareClassesTypeLib{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch
    [HKLMSoftwareClassesInterface{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
    [HKLMSoftwareWow6432NodeClassesInterface{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
    [HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExtPreApproved{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit
    [HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
    [HKLMSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
    [HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
    [HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExtPreApproved{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
    [HKLMSoftwareClassesAppIDScriptHelper.EXE] =>Toolbar.AVGSearch
    [HKLMSoftwareClassesScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch
    [HKLMSoftwareClassesScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch
    [HKLMSoftwareClassesViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch
    [HKLMSoftwareClassesViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch
    [HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionUninstallAVG Secure Search] =>Toolbar.AVGSearch
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]:vProt =>Toolbar.AVGSearch^
    C:Program Files (x86)AVG Secure Search =>Toolbar.AVGSearch
    C:Program Files (x86)Common FilesAVG Secure Search =>Toolbar.AVGSearch
    C:ProgramDataAVG Secure Search =>Toolbar.AVGSearch
    C:UsersSaïf-EddineAppDataLocalAVG Secure Search =>Toolbar.AVGSearch
    C:UsersSaïf-EddineAppDataLocalLowAVG Secure Search =>Toolbar.AVGSearch
    C:Program Files (x86)AVG Secure Searchvprot.exe =>Toolbar.AVGSearch^
    [HKCUSoftwareConduit] =>Toolbar.Conduit^
    [HKLMSoftwareWow6432NodeConduit] =>Toolbar.Conduit^
    C:UsersSaïf-EddineAppDataLocalTempoi_{5704CAA2-D194-42BC-9F76-DC6973276FC1}.exe =>Toolbar.AVGSearch^
    ~ Additionnel Scan: 248157 Items scanned in 00mn 32s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
    ~ http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits” onclick=”window.open(this.href);return false; =>PUP.ToparcadeHits
    ~ MSI: 2 link(s) detected in 00mn 32s

    ~ 1511 Legitimates filtered by white list
    End of the scan (482 lines in 07mn 13s)(0)

    billmaximebillmaxime
    Moderator
    Nombre d'articles : 1402

    :hello: Saif,

    Le rapport usbfix avait déjà été mis dans mon premier poste

    ok mais c’est le rapport de recherche, et je t’ai demandé d’exécuter usbfix en mode suppression, puis de poster le rapport

    ton rapport d’usbfix>>############################## | UsbFix V 7.152 | [Recherche]

    Utilisateur: Saïf-Eddine (Administrateur) # SAÏF
    Mis à jour le 20/11/2013 par El Desaparecido – Team SosVirus
    Lancé à 19:14:34 | 03/12/2013

    donc, fais ceci et poste le rapport s’il te plaît

    • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Branchez toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Choisis l’option Suppression

      Note : Si UsbFix bloque à 14%, démarrer en mode sans échec. (Voir >> ICI <<)

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse

    ensuite, fais ceci et poste aussi le rapport

    • Télécharge Adwcleaner (de Xplode) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista,sinon double-clique pour XP
      1. Choisis l’option Scanner
      2. Choisis l’option Nettoyer
    • Accepte l’avertissement en cliquant sur OK

    • Accepte les avertissements/informations en cliquant sur OK
    • Copie et Colle le contenu du rapport qui apparaît au redémarrage du PC

    :merci2:

    billmaximebillmaxime
    Moderator
    Nombre d'articles : 1402

    [norephelpe:1je1m03x][/norephelpe:1je1m03x]

5 sujets de 1 à 5 (sur un total de 5)
  • Vous devez être connecté pour répondre à ce sujet.