SéverineD
Nombre d'articles : 0

Et voici le 3ème!
[spoiler:2p6svs2x]Rapport de ZHPDiag v2013.11.9.20 – Nicolas Coolman (9/11/2013)
~ Lancé par Séverine (10/11/2013 11:23:40)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user

—\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721

—\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 9YQTR
Windows License : OK
~ Windows Remaining Initializations Number : 1
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
AVG 2013 v13.0.3426
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

—\ Logiciels d'optimisation du système

—\ Logiciels de partage PeerToPeer
µTorrent v3.2.0 =>P2P.µTorrent

—\ Surveillance de Logiciels
Adobe Flash Player 10 Plugin
Adobe Reader X
Java 7 Update 45

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 5920 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 97 GB (51%) free of 186 GB

—\ Mode de connexion au système
~ Computer Name: SÉVERINE-PC
~ User Name: Séverine
~ All Users Names: UpdatusUser, Séverine, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d'environnement
~ System Unit : C:
~ %AppZHP% : C:UsersSéverineAppDataRoamingZHP
~ %AppData% : C:UsersSéverineAppDataRoaming
~ %Desktop% : C:UsersSéverineDesktop
~ %Favorites% : C:UsersSéverineFavorites
~ %LocalAppData% : C:UsersSéverineAppDataLocal
~ %StartMenu% : C:UsersSéverineAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 97 Go of 186 Go)
D: Hard drive, Flash drive, Thumb drive (Free 233 Go of 254 Go)
E: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall] LastSuccessTime : Out Of Date
~ Security Center: 46 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] – (.Microsoft Corporation – Explorateur Windows.) (.19/10/2011 – 03:54:37.) — C:WindowsExplorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:39:52.) — C:WindowsSystem32Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.22/09/2013 – 23:55:10.) — C:WindowsSystem32wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 14:25:32.) — C:WindowsSystem32Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 14:27:28.) — C:WindowsSystem32sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.14/09/2013 – 02:10:19.) — C:Windowssystem32DriversAFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:52:21.) — C:Windowssystem32Driversatapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:19:47.) — C:Windowssystem32DriversCdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 10:19:22.) — C:Windowssystem32DriversCdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 10:26:34.) — C:Windowssystem32DriversDfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 11:43:44.) — C:Windowssystem32DriversHDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:19:57.) — C:Windowssystem32Driversi8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 01:10:03.) — C:Windowssystem32DriversIpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.19/10/2011 – 04:02:02.) — C:Windowssystem32DriversMRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 10:23:22.) — C:Windowssystem32DriversnetBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 15:45:08.) — C:Windowssystem32Driversntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 01:00:41.) — C:Windowssystem32DriversParport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.20/11/2010 – 11:52:36.) — C:Windowssystem32DriversRasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 01:09:09.) — C:Windowssystem32Driverssmb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 10:21:58.) — C:Windowssystem32Driverstdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.19/10/2011 – 03:34:22.) — C:Windowssystem32Driversvolsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 01s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/111
~ Mes musiques (My Musics) : 87/207
~ Mes Favoris (My Favorites) : 1/10
~ Mes Documents (My Documents) : 1/698
~ Mon Bureau (My Desktop) : 1/32
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 01s

—\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe [532040] [PID.4424]
[MD5.64A7C84C0A8C79B22033F92D43919062] – (.ASUS – ACMON.) — C:Program Files (x86)ASUSSplendidACMON.exe [102568] [PID.5048]
[MD5.98CADC34741738CFC24F5CDFDAA408FA] – (.ASUSTeK – ACEngSvr Module.) — C:WindowsSysWOW64ACEngSvr.exe [162456] [PID.4568]
[MD5.37DEB76A2CF005841C4E45DE2B94D84F] – (.ASUS – AsScrPro.) — C:WindowsAsScrPro.exe [3058304] [PID.3344]
[MD5.81800928E0F713DF31F3393CC26F4013] – (.Pas de propriétaire – DivX Update.) — C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe [1263952] [PID.4244]
[MD5.F7E1CCBAD109329203AACB1E87BE614C] – (.Dropbox, Inc. – Dropbox.) — C:UsersSéverineAppDataRoamingDropboxbinDropbox.exe [27776968] [PID.4404]
[MD5.F6573F33A8BB3525ABECCD8DD00603FD] – (.AVG Technologies CZ, s.r.o. – AVG User Interface.) — C:Program Files (x86)AVGAVG2013avgui.exe [4411952] [PID.4896]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [254336] [PID.4412]
[MD5.35048D8E8A0BF7A797CD5757ACD7EED0] – (.CyberLink – CyberLink MediaLibray Service.) — C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe [107816] [PID.4292]
[MD5.D5E4E7A2E8CC651ED737B4CF9515D225] – (.ASUSTeK Computer Inc. – ASUS Live Update.) — C:Program Files (x86)ASUSASUS Live UpdateLiveUpdate.exe [1556128] [PID.5104]
[MD5.2CC9F71A12C3F7E1D8F1EBD52163637C] – (.ASUSTek Computer Inc. – ATKOSD2.) — C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe [318080] [PID.5564]
[MD5.3E399A1328181C2A352472369DE2A93A] – (.Google Inc. – Google Chrome.) — C:UsersSéverineAppDataLocalGoogleChromeApplicationchrome.exe [844752] [PID.1992]
[MD5.0C3C47124215C5E566F92C3F2E31D86A] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8192512] [PID.5016]
[MD5.A3626C6D3F2DC95497F3F61842D7FD89] – (.ASUS – ASLDR Service.) — C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe [80512] [PID.1616]
[MD5.DBC598E47E7A382E60E2A4745D41FEF9] – (.ASUS – GFNEXSrv.) — C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe [96896] [PID.1780]
[MD5.3927397AC60D943DAF8808AFFED582B7] – (.Adobe Systems Incorporated – Adobe Acrobat Update Service.) — C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [65192] [PID.1632]
[MD5.4DB93F4DB7077801D2D82013506AC1D0] – (.AVG Technologies CZ, s.r.o. – AVG Identity Protection Service.) — C:Program Files (x86)AVGAVG2013avgidsagent.exe [4939312] [PID.2064]
[MD5.48939D9F350AEF9370F03A1E49A49BE2] – (.AVG Technologies CZ, s.r.o. – AVG Watchdog Service.) — C:Program Files (x86)AVGAVG2013avgwdsvc.exe [283136] [PID.2124]
[MD5.AD5DF6F4FBBC798636EDC66BFEC7D0DE] – (.Pas de propriétaire – Inkjet Printer/Scanner/Fax Extended Survey.) — C:Program Files (x86)CanonIJPLMIJPLMSVC.exe [116104] [PID.2308]
[MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [418376] [PID.2404]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [701512] [PID.2692]
[MD5.39B1D0A636A400304565D4521FAD6D77] – (.Microsoft Corporation – Microsoft Application Virtualization Virtua.) — C:Program Files (x86)Microsoft Application Virtualization Clientsftvsa.exe [207528] [PID.2284]
[MD5.77C5A741A7452812F278EF2C18478862] – (.Microsoft Corporation – Microsoft Application Virtualization Client.) — C:Program Files (x86)Microsoft Application Virtualization Clientsftlist.exe [523944] [PID.2744]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] – (.Microsoft Corporation – Microsoft Office Client Virtualization Serv.) — C:Program Files (x86)Common FilesMicrosoft SharedVirtualization HandlerCVHSVC.exe [822504] [PID.3460]
[MD5.C14E6798A092E0E86556104767BEBD48] – (.ASUSTek Computer Inc. – HControl.) — C:Program Files (x86)ASUSATK PackageATK HotkeyHControl.exe [174720] [PID.4192]
[MD5.149126216A694E6BA84E92ECA77AAE3B] – (.ASUS – ATKOSD.) — C:Program Files (x86)ASUSATK PackageATK HotkeyATKOSD.exe [2488888] [PID.4840]
[MD5.AA11E1368EEB237DD100BAC6AFFE1C57] – (.ASUS – KBFiltr.) — C:Program Files (x86)ASUSATK PackageATK HotkeyKBFiltr.exe [113208] [PID.4444]
[MD5.4A7C441D99D86704D194E7678873B95D] – (.ASUS – WDC.) — C:Program Files (x86)ASUSATK PackageATK HotkeyWDC.exe [174648] [PID.4960]
[MD5.7F32D4C47A50E7223491E8FB9359907D] – (.Intel Corporation – Local Manageability Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe [325656] [PID.7136]
[MD5.03AA7307C0D92D38D7AF90E181736B8D] – (.NVIDIA Corporation – NVIDIA Settings Update Manager.) — C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe [2253120] [PID.6420]
[MD5.2C16648A12999AE69A9EBF41974B0BA2] – (.Intel Corporation – User Notification Service.) — C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe [2656280] [PID.6372]
~ Processes Running: Scanned in 00mn 03s

—\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:UsersSéverineAppDataLocalGoogleChromeUser DataDefaultPreferences
G0 – GCSP: Preference [User DataDefault] http://my.ulg.ac.be” onclick=”window.open(this.href);return false;
G2 – GCE: Preference [User DataDefault] [eooncjejnppfjjklapaamhcdmjbilmde] Delta Toolbar v.1.4 (Désactivé) =>Toolbar.DeltaSearch
~ Google Browser: 17 Legitimates Filtered in 00mn 28s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride =
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: ASUS Sonic Focus.lnk . (.Acresso Software Inc. – InstallShield.) — C:WindowsInstaller{B0002707-4F7E-4745-88A7-852DA8A88635}SonicFocus.exe1_B0A8CDAEB7C14C9B9559672250622EF7.exe
O4 – GSDesktop [Public]: eID Viewer.lnk . (.FedICT – eID Viewer.) — C:Program Files (x86)Belgium Identity CardEidViewereID Viewer.exe
O4 – GSDesktop [Public]: eManual.Lnk . (.ASUSTek Computer Inc. – EManual Application.) — C:eSupportManualeManual.exe
O4 – GSDesktop [Public]: Free YouTube to MP3 Converter.lnk . (.DVDVideoSoft Ltd. – FreeYouTubeToMP3Converter.) — C:Program Files (x86)DVDVideoSoftFree YouTube to MP3 ConverterFreeYouTubeToMP3Converter.exe
O4 – GSDesktop [Public]: Splendid Utility.Lnk . (…) — C:Program Files (x86)ASUSSplendidBackbone.exe
O4 – GSDesktop [Public]: STATISTICA.lnk . (.StatSoft, Inc. – Application STATISTICA.) — C:Program FilesStatSoftSTATISTICA 10statist.exe
O4 – GSDesktop [Public]: µTorrent.lnk . (.BitTorrent, Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
O4 – GSQuickLaunch [Séverine]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSQuickLaunch [Séverine]: µTorrent.lnk . (.BitTorrent, Inc. – µTorrent.) — C:Program Files (x86)uTorrentuTorrent.exe =>P2P.BitTorrent
O4 – GSTaskBar [Séverine]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:UsersSéverineAppDataLocalGoogleChromeApplicationchrome.exe
O4 – GSProgram [Séverine]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSSystemTools [Séverine]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSDesktop [Séverine]: Canon IJ Network Scan Utility.lnk . (.CANON INC. – Canon IJ Network Scan Utility.) — C:Program Files (x86)CanonCanon IJ Network Scan UtilityCNMNSUT.exe
O4 – GSDesktop [Séverine]: cardio_2Dgel – Raccourci.lnk . (…) — C:UsersSéverineDocumentsUniversitéM2Biomarqueurs et protéomiquecardio_2Dgel.pdf
O4 – GSDesktop [Séverine]: dossier_Stage en milieu hospitalier Q10 2012-03-23 – Raccourci.lnk . (…) — C:UsersSéverineDocumentsUniversitéSTAGEHOSPIdossier_Stage en milieu hospitalier Q10 2012-03-23.pdf
O4 – GSDesktop [Séverine]: HOSPI – Raccourci.lnk . (…) — C:UsersSéverineDocumentsUniversitéSTAGEHOSPI
O4 – GSDesktop [Séverine]: Q9 – Raccourci.lnk . (…) — C:UsersSéverineDocumentsUniversitéSTAGECHIMIE CLINIQUE
O4 – GSDesktop [Séverine]: SosVirus Forum Gratuit.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe https://www.sosvirus.net” onclick=”window.open(this.href);return false;
O4 – GSDesktop [Séverine]: SosVirus sur Facebook.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe http://www.facebook.com” onclick=”window.open(this.href);return false;
~ Global Startup: 85 Legitimates Filtered in 00mn 01s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Public]: AsusVibeLauncher.lnk . (.ASUSTeK Computer Inc. – AsusVibe Application.) — C:Program Files (x86)ASUSAsusVibeAsusVibeLauncher.exe
O4 – GSStartup [Séverine]: Dropbox.lnk . (.Dropbox, Inc. – Dropbox.) — C:UsersSéverineAppDataRoamingDropboxbinDropbox.exe
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
O4 – HKLM..Run: [SynTPEnh] C:Program Files (x86)SynapticsSynTPSynTPEnh.exe (.not file.)
O4 – HKLM..Run: [AmIcoSinglun64] . (.Alcor Micro Corp. – Single LUN Icon Utility for VID 058F PID 63.) — C:Program Files (x86)AmIcoSingLunAmIcoSinglun64.exe
O4 – HKLM..Run: [RtHDVBg] . (.Realtek Semiconductor – HD Audio Background Process.) — C:Program FilesRealtekAudioHDARAVBg64.exe
O4 – HKLM..Run: [IntelPAN] . (.Intel(R) Corporation – Intel(R) PROSet/Wireless Framework.) — C:Program FilesCommon FilesIntelWirelessCommoniFrmewrk.exe
O4 – HKLM..Run: [SynAsusAcpi] C:Program Files (x86)SynapticsSynTPSynAsusAcpi.exe (.not file.)
O4 – HKCU..Run: [Google Update] . (.Google Inc. – Programme d'installation de Google.) — C:UsersSéverineAppDataLocalGoogleUpdateGoogleUpdate.exe =>.Google Inc
O4 – HKCU..Run: [GoogleChromeAutoLaunch_118283770E8080451048D13BC16E7A12] . (.Google Inc. – Google Chrome.) — C:UsersSéverineAppDataLocalGoogleChromeApplicationchrome.exe
O4 – HKLM..Wow6432NodeRun: [DivXMediaServer] . (.DivX, LLC – DivX DLNA Media Server.) — C:Program Files (x86)DivXDivX Media ServerDivXMediaServer.exe
O4 – HKLM..Wow6432NodeRun: [DivXUpdate] . (.Pas de propriétaire – DivX Update.) — C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe
O4 – HKLM..Wow6432NodeRun: [AVG_UI] . (.AVG Technologies CZ, s.r.o. – AVG User Interface.) — C:Program Files (x86)AVGAVG2013avgui.exe
O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-997506354-3732783889-75539924-1000..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program Files (x86)Windows SidebarSidebar.exe =>.Microsoft Corporation
O4 – HKUSS-1-5-21-997506354-3732783889-75539924-1000..Run: [ISUSPM] C:ProgramDataFLEXnetConnect11ISUSPM.exe (.not file.)
O4 – HKUSS-1-5-21-997506354-3732783889-75539924-1000..Run: [AVG-Secure-Search-Update_JUNE2013_TB] C:Program Files (x86)AVG Secure SearchAVG-Secure-Search-Update_JUNE2013_TB.exe (.not file.) =>Toolbar.AVGSearch
O4 – HKUSS-1-5-21-997506354-3732783889-75539924-1000..Run: [AVG-Secure-Search-Update_JUNE2013_HP] C:Program Files (x86)AVG Secure SearchAVG-Secure-Search-Update_JUNE2013_HP.exe (.not file.) =>Toolbar.AVGSearch
O4 – HKUSS-1-5-21-997506354-3732783889-75539924-1000..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 – Extra button: Free YouTube Download [64Bits] – {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} . (…) — C:Program Files (x86)Common FilesDVDVideoSoftpluginsdvdvideosoft.ico
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{2423EC71-7D0F-4D4C-9430-5974B0560A77}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpip..{817B809A-C1B4-45E7-BD1E-274B4F3F2E7C}: DhcpNameServer = 139.165.214.214
O17 – HKLMSystemCS1ServicesTcpip..{2423EC71-7D0F-4D4C-9430-5974B0560A77}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{817B809A-C1B4-45E7-BD1E-274B4F3F2E7C}: DhcpNameServer = 139.165.214.214
O17 – HKLMSystemCS2ServicesTcpip..{2423EC71-7D0F-4D4C-9430-5974B0560A77}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{817B809A-C1B4-45E7-BD1E-274B4F3F2E7C}: DhcpNameServer = 139.165.214.214
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
O18 – Filter: application/x-msdownload [64Bits] – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
~ Winlogon: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – AppInit_DLLs: . (…) – c:windowssystem32nvinitx.dll (.not file.)
~ AppInit DLL: Scanned in 00mn 00s

—\ Tâches planifiées en automatique (O39)
O39 – APT:Automatic Planified Task – C:WindowsTasksAVG-Secure-Search-Update_JUNE2013_HP_rmv.job [352]
O39 – APT:Automatic Planified Task – C:WindowsTasksAVG-Secure-Search-Update_JUNE2013_TB_rmv.job [352]
[MD5.00000000000000000000000000000000] [APT] [AVG-Secure-Search-Update_JUNE2013_HP_rmv] (…) — C:WindowsTEMP{F5FC3459-FFD2-4143-AFF1-9AC2B5E8AA7C}.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [AVG-Secure-Search-Update_JUNE2013_TB_rmv] (…) — C:WindowsTEMP{5FBC593C-5BEB-4DB6-8DE6-982867A2DA29}.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [RunGadgetController] (…) — C:Program Files (x86)ASUSInstantOn for NBGadgetController.exe (.not file.) [0]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 05s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
~ 23 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 191 Legitimates Filtered in 00mn 14s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.F74E38AA910A1FFB7C051A4D418E9F63] – 10/11/2013 – 10:48:23 —A- . (…) — C:UsbFix [Scan 1] SÉVERINE-PC.txt [11206]
O44 – LFC:[MD5.8AB9DA70012829D8FB927FF4AA36655A] – 10/11/2013 – 11:02:38 —A- . (…) — C:WindowsSysNativeServiceFilter.ini [1595]
O44 – LFC:[MD5.8AB9DA70012829D8FB927FF4AA36655A] – 10/11/2013 – 11:02:38 —A- . (…) — C:WindowsSystem32ServiceFilter.ini [1595]
~ Files: 18 Legitimates Filtered in 00mn 16s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.0094C81343FDFAE9780C48B758BC9064] – 4/11/2013 – 18:02:30 —A- – C:WindowsPrefetchVPROT.EXE-2BBCC12F.pf
O45 – LFCP:[MD5.2DD0D1CB6A75FEB89C802B7C5A521D0C] – 8/11/2013 – 16:21:04 —A- – C:WindowsPrefetchCACLS.EXE-D332D70E.pf
O45 – LFCP:[MD5.D75C39CEFA8E234FD4336E2B712E4B9D] – 9/11/2013 – 19:49:21 —A- – C:WindowsPrefetchBABMAINT.EXE-A134CAD2.pf =>Hijacker.BabSolution
~ Prefetcher: 124 Legitimates Filtered in 00mn 00s

—\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 – MPSK:{264c59d2-1c0b-11e2-8d7e-c8600026263b}AutoRuncommand. (…) — F:LaunchU3.exe (.not file.)
O51 – MPSK:{4446336a-ddd5-11e2-b5a9-c8600026263b}AutoRuncommand. (…) — F:LaunchU3.exe (.not file.)
O51 – MPSK:{4eda4b5c-1157-11e2-8c11-c8600026263b}AutoRuncommand. (…) — F:WD SmartWare.exe (.not file.)
O51 – MPSK:{8d4e5865-7b53-11e2-bc91-c8600026263b}AutoRuncommand. (…) — F:LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.7D9E301AB3247765702D0B65E2E47E50] – 8/08/2011 – 16:32:08 —A- . (.Windows (R) Win 7 DDK provider – Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual A.) — C:WindowsSystem32DriversAmpPal.sys [299008]
~ Drivers: 16 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 10/11/2013 – 11:25:49 —A- . (…) — C:UsersSéverineAppDataLocalGoogleChromeUser DataLocal State [47853]
O61 – LFC: 10/11/2013 – 11:25:54 —A- . (…) — C:UsersSéverineAppDataRoamingASUS WebStorageLogsAWS-notepad.txt [0]
O61 – LFC: 10/11/2013 – 11:25:58 —A- . (…) — C:UsersSéverineAppDataRoamingsp_data.sys [387]
O61 – LFC: 10/11/2013 – 11:25:59 —A- . (…) — C:UsersSéverineAppDataRoamingZHPLog.txt [17124] =>.Nicolas Coolman
O61 – LFC: 10/11/2013 – 11:25:59 —A- . (…) — C:UsersSéverineAppDataRoamingZHPTestsZHPDiag.txt [2963] =>.Nicolas Coolman
O61 – LFC: 9/11/2013 – 11:25:51 —A- . (…) — C:UsersSéverineAppDataLocalPower2GoCLMLCLDB.db [364544]
~ 7 Fichiers temporaires (Temporary files)
~ Files: 241 Legitimates Filtered in 00mn 40s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.)” onclick=”window.open(this.href);return false; [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Liste les services legacy du registre (LALS) (O64)
O64 – Services: CurCS – 4/04/2013 – C:Windowssystem32driversmbam.sys (MBAMProtector) .(.Malwarebytes Corporation – Malwarebytes Anti-Malware.) – LEGACY_MBAMPROTECTOR
~ Legacy: 129 Legitimates Filtered in 00mn 01s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” /S
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:UsersSéverineAppDataLocalGoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {08DCE235-6E6D-46F8-B111-076324D72519} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.0D3B680986310AE5540578C0E481C6A0] [SPRF][6/10/2010] (…) — C:ProgramDataFullRemove.exe [131984]
[MD5.FC6AA20F66BD7958D3D7339B28A68B21] [SPRF][14/07/2012] (…) — C:UsersSéverineAppDataLocaldt.dat [27520]
[MD5.B3A840E05F27DC6AE773A5D622BFA994] [SPRF][11/09/2012] (.Ask.com – Offercast – APN Install Manager.) — C:UsersSéverineAppDataLocalTempAskPIP_FF_.exe [783560]
[MD5.B28C334C03CEE7C5E829C43AE75DAE5A] [SPRF][23/08/2012] (.Ask.com – AskIC Dynamic Link Library.) — C:UsersSéverineAppDataLocalTempAskSLib.dll [248008]
[MD5.5F723C80C66F7723766CD6686E8B8107] [SPRF][14/07/2012] (.Pas de propriétaire – CommonInstaller Application.) — C:UsersSéverineAppDataLocalTempCommonInstaller.exe [2740320]
[MD5.EE64A3996AF566B74F5CE0333FDDF5F8] [SPRF][13/08/2013] (…) — C:UsersSéverineAppDataLocalTempICReinstall_setup.exe [655200]
[MD5.C1C525F57EA2C077EFBD13A3AD06BCFD] [SPRF][14/07/2012] (.Pas de propriétaire – iGearedHelper.) — C:UsersSéverineAppDataLocalTempiGearedHelper.dll [692224]
[MD5.F4FF9FD95147DE7E55BFE2B7778DEEDB] [SPRF][14/07/2012] (.Pas de propriétaire – MachineIdCreator Application.) — C:UsersSéverineAppDataLocalTempMachineIdCreator.exe [163936]
[MD5.7FB70D1418FA3E8C5D25652DA143C0B1] [SPRF][14/07/2012] (.Pas de propriétaire – IntToolbarInstaller Application.) — C:UsersSéverineAppDataLocalTempoi_{6DD6CDE5-100C-449F-8B20-B8EB79D5FF38}.exe [10249824]
[MD5.F3B33AC8EF0950E8F37AC867DB2825F6] [SPRF][3/11/2013] (…) — C:UsersSéverineAppDataLocalTempQuarantine.exe [350259]
[MD5.245683BDEA19B8426100863404CAEE44] [SPRF][25/09/2013] (…) — C:UsersSéverineAppDataLocalTempsetup_fsu_cid.exe [182201]
[MD5.A6DD7F1A9F6E083606BF5223DB07903C] [SPRF][14/07/2012] (.Pas de propriétaire – ToolbarInstaller.) — C:UsersSéverineAppDataLocalTempToolbarInstaller.exe [7112288]
[MD5.FA2AEB6E70B6C6BB576C7576179B64FF] [SPRF][9/08/2012] (…) — C:UsersSéverineAppDataLocalTempvlc-2.0.2-win32.exe [22657136]
[MD5.E03F2F24BCA457A35E1E26732AFE4A2F] [SPRF][3/11/2012] (…) — C:UsersSéverineAppDataLocalTempvlc-2.0.4-win32.exe [22912657]
[MD5.E563A65BAEA25CEF8F49FB0228CB8555] [SPRF][2/04/2013] (…) — C:UsersSéverineAppDataLocalTempvlc-2.0.5-win32.exe [22916830]
[MD5.B22198403FFEAF57BE49FF5A08DA1EF4] [SPRF][30/10/2013] (…) — C:UsersSéverineAppDataLocalTempvlc-2.0.8-win32.exe [23003252]
[MD5.1FFB2EBE1F95C5E5AEC1512EA686049C] [SPRF][15/08/2012] (…) — C:UsersSéverineAppDataLocalLowdt.dat [27520]
[MD5.B4E23F662E877766EB5C7DD3BE2B3229] [SPRF][10/11/2013] (…) — C:UsersSéverineAppDataRoamingsp_data.sys [387]
[MD5.2FD19CB174B2CCB6A227BF0F321D4846] [SPRF][10/11/2013] (…) — C:UsersSéverineDesktopadwcleaner.exe [1073262]
~ Files: 25 Legitimates Filtered in 00mn 36s

—\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR – | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
SS – | Demand 8/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
SR – | Auto 4/03/2011 379520 | (AFBAgent) . (.ASUSTeK Computer Inc..) – C:Windowssystem32FBAgent.exe
SR – | Auto 1/09/2011 1166848 | (AMPPALR3) . (.Intel Corporation.) – C:Program FilesIntelBluetoothHSBTHSAmpPalService.exe
SR – | Auto 21/11/2011 80512 | (ASLDRService) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
SR – | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
SR – | Auto 4/07/2013 4939312 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) – C:Program Files (x86)AVGAVG2013avgidsagent.exe
SR – | Auto 23/07/2013 283136 | (avgwd) . (.AVG Technologies CZ, s.r.o..) – C:Program Files (x86)AVGAVG2013avgwdsvc.exe
SR – | Auto 3/06/2011 134928 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) – C:Program FilesIntelBluetoothHSBTHSSecurityMgr.exe
SR – | Auto 28/07/2011 1517328 | (EvtEng) . (.Intel(R) Corporation.) – C:Program FilesIntelWiFibinEvtEng.exe
SR – | Auto 5/04/2010 116104 | (IJPLMSVC) . (…) – C:Program Files (x86)CanonIJPLMIJPLMSVC.exe
SR – | Auto 21/12/2010 325656 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
SR – | Auto 4/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe
SR – | Auto 4/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe
SS – | Demand 28/07/2011 340240 | (MyWiFiDHCPDNS) . (…) – C:Program FilesIntelWiFibinPanDhcpDns.exe
SR – | Auto 17/10/2011 1640768 | (nvsvc) . (.NVIDIA Corporation.) – C:Windowssystem32nvvsvc.exe
SR – | Auto 17/10/2011 2253120 | (nvUpdatusService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe
SR – | Auto 28/07/2011 844560 | (RegSrvc) . (.Intel(R) Corporation.) – C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
SR – | Auto 21/12/2010 2656280 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
SS – | Demand 14/07/2009 27136 | C:Program Files (x86)Windows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Auto 14/07/2009 27136 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 10s

—\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Séverine at 10/11/2013 11:27:50
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Séverine at 10/11/2013 11:27:52

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 12993 – (9/11/2013)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 1

[HKLMSoftwareGoogleChromeExtensionseooncjejnppfjjklapaamhcdmjbilmde] =>Toolbar.DeltaSearch^
C:UsersSéverineAppDataLocalGoogleChromeUser DataDefaultExtensionseooncjejnppfjjklapaamhcdmjbilmde =>Toolbar.DeltaSearch^
C:UsersSéverineAppDataLocalTempavg@toolbar =>Toolbar.AVGSearch
C:UsersSéverineAppDataLocalTempToolbarInstaller.exe =>Toolbar.Babylon
~ Additionnel Scan: 277769 Items scanned in 00mn 43s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/27875657-toolbar-deltasearch” onclick=”window.open(this.href);return false; =>Toolbar.DeltaSearch
~ http://nicolascoolman.webs.com/apps/blog/show/26678994-hijacker-babsolution” onclick=”window.open(this.href);return false; =>Hijacker.BabSolution
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon” onclick=”window.open(this.href);return false; =>Toolbar.Babylon
~ MSI: 3 link(s) detected in 00mn 44s

~ 1642 Legitimates filtered by white list
End of the scan (477 lines in 04mn 57s)(0)[/spoiler:2p6svs2x]