saif
Participant
Nombre d'articles : 2

Salut, un grand merci à toi pour ton aide. Ça fait vraiment toubib :-). Le rapport usbfix avait déjà été mis dans mon premier poste, voilà celui de ZHPdiag:

~ Rapport de ZHPDiag v2013.12.5.11 – Nicolas Coolman (05/12/2013)
~ Lancé par Saïf-Eddine (05/12/2013 20:07:40)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program

—\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16736
MFIE: Mozilla Firefox 25.0.1 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : X2BQ6
Windows License : OK
~ Windows Remaining Initializations Number : 998
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

—\ Logiciels de protection du système
Kaspersky PURE 2.0 v12.0.2.733
Windows Defender W8

—\ Logiciels d’optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Java 7 Update 21

—\ Informations sur le système
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3981.7 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 87 GB (46%) free of 186 GB

—\ Mode de connexion au système
~ Computer Name: SAÏF
~ User Name: Saïf-Eddine
~ All Users Names: Saïf-Eddine, HomeGroupUser$, El Bouhali-Zian, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:UsersSaïf-EddineAppDataRoamingZHP
~ %AppData% : C:UsersSaïf-EddineAppDataRoaming
~ %Desktop% : C:UsersSaïf-EddineDesktop
~ %Favorites% : C:UsersSaïf-EddineFavorites
~ %LocalAppData% : C:UsersSaïf-EddineAppDataLocal
~ %StartMenu% : C:UsersSaïf-EddineAppDataRoamingMicrosoftWindowsStart Menu
~ %Windir% : C:Windows
~ %System% : C:WindowsSystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 87 Go of 186 Go)
D: Hard drive, Flash drive, Thumb drive (Free 258 Go of 258 Go)
E: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Free 15 Go of 15 Go)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] – (.Microsoft Corporation – Explorateur Windows.) (.01/06/2013 – 12:34:21.) — C:WindowsExplorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] – (.Microsoft Corporation – Application de démarrage de Windows.) (.26/07/2012 – 04:08:50.) — C:WindowsSystem32Wininit.exe [132608]
[MD5.9706C99DAEBE3FEAC811B239617E98C4] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.12/10/2013 – 09:45:20.) — C:WindowsSystem32wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.11/10/2012 – 06:46:58.) — C:WindowsSystem32Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] – (.Microsoft Corporation – Bibliothèque de licences.) (.26/07/2012 – 04:07:20.) — C:WindowsSystem32sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] – (.Microsoft Corporation – Pilote de fonction connexe pour WinSock.) (.04/09/2013 – 04:11:23.) — C:Windowssystem32DriversAFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.26/07/2012 – 06:00:48.) — C:Windowssystem32Driversatapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] – (.Microsoft Corporation – CD-ROM File System Driver.) (.26/07/2012 – 03:30:10.) — C:Windowssystem32DriversCdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.26/07/2012 – 03:26:36.) — C:Windowssystem32DriversCdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.26/07/2012 – 03:26:53.) — C:Windowssystem32DriversDfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/09/2012 – 07:08:44.) — C:Windowssystem32DriversHDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] – (.Microsoft Corporation – Pilote de port i8042.) (.26/07/2012 – 03:28:51.) — C:Windowssystem32Driversi8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] – (.Microsoft Corporation – IP Network Address Translator.) (.26/07/2012 – 03:23:01.) — C:Windowssystem32DriversIpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] – (.Microsoft Corporation – Minirdr SMB Windows NT.) (.05/02/2013 – 23:29:09.) — C:Windowssystem32DriversMRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] – (.Microsoft Corporation – MBT Transport driver.) (.26/07/2012 – 03:24:28.) — C:Windowssystem32DriversnetBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.02/02/2013 – 11:54:54.) — C:Windowssystem32Driversntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] – (.Microsoft Corporation – Pilote de port parallèle.) (.26/07/2012 – 03:29:53.) — C:Windowssystem32DriversParport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.26/07/2012 – 03:23:17.) — C:Windowssystem32DriversRasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] – (.Microsoft Corporation – Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 – 03:25:18.) — C:Windowssystem32Driversrdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] – (.Microsoft Corporation – TDI Translation Driver.) (.26/07/2012 – 06:26:47.) — C:Windowssystem32Driverstdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.01/06/2013 – 12:26:33.) — C:Windowssystem32Driversvolsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/18
~ Mes Videos (My Videos) : 1/103
~ Mes Favoris (My Favorites) : 1/7
~ Mes Documents (My Documents) : 3/879
~ Mon Bureau (My Desktop) : 1/791
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 00s

—\ Processus lancés
[MD5.79174FD5F4DE078642BE1CACB124BFCA] – (.ASUS – ASUS InstantOn.) — C:Program Files (x86)ASUSASUS InstantOnInsOnCfg.exe [1126784] [PID.3740]
[MD5.7C58A2513C3DA421A461D75C66C56D21] – (.ASUSTek Computer Inc. – ASUS USB Charger Plus.) — C:Program Files (x86)ASUSUSBChargerPlusUSBChargerPlus.exe [1123536] [PID.3772]
[MD5.A2791CF11D1ED52DBCD75D2FFD4D50E7] – (.ASUSTek Computer Inc. – ATK Media.) — C:Program Files (x86)ASUSATK PackageATK MediaDMedia.exe [178848] [PID.3184]
[MD5.2C35624F79B9ADBFE47090879F0D8673] – (.ASUSTek Computer Inc. – ATKOSD2.) — C:Program Files (x86)ASUSATK PackageATKOSD2ATKOSD2.exe [322208] [PID.2528]
[MD5.29769215DEB6E8418EF3656B0423776E] – (.ASUSTeK Computer Inc. – ASUS Quick Gesture Exe.) — C:Program Files (x86)ASUSASUS Smart GestureQuickGesturex86QuickGesture.exe [20352] [PID.3220]
[MD5.E05FFF1C05C80CCE83C766198896C7CF] – (.ASUS – ACMON.) — C:Program Files (x86)ASUSSplendidACMON.exe [90832] [PID.4092]
[MD5.98CADC34741738CFC24F5CDFDAA408FA] – (.ASUSTeK – ACEngSvr Module.) — C:WindowsSysWOW64ACEngSvr.exe [162456] [PID.3096]
[MD5.B7995C675014EEBE77A0BEB7AFCCFC08] – (.CyberLink Corp. – PowerDVD RC Service.) — C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe [91432] [PID.4240]
[MD5.D63797E8E7781EE1500A810CB6194FA6] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [253816] [PID.4260]
[MD5.2E068599FCF51B3F4640458950A069FC] – (.Pas de propriétaire – VProtect Application.) — C:Program Files (x86)AVG Secure Searchvprot.exe [2420248] [PID.4288] =>Toolbar.AVGSearch
[MD5.225518F190EDBC37CA32197A3E94B498] – (.RealNetworks, Inc. – RealNetworks Scheduler.) — C:Program Files (x86)RealRealPlayerUpdaterealsched.exe [295512] [PID.4312]
[MD5.AEFC1353D0FB4E92A23CFB7E3372356D] – (.Kaspersky Lab ZAO – Kaspersky Anti-Virus.) — C:Program Files (x86)Kaspersky LabKaspersky PURE 2.0avp.exe [202328] [PID.1684]
[MD5.749949494676218FFA99501F4AA22ECC] – (.OpenOffice.org – OpenOffice.org 3.4.1.) — C:Program Files (x86)OpenOffice.org 3programsoffice.exe [10376704] [PID.4396]
[MD5.4EE367B8B1964160A1F1B80095183D3A] – (.OpenOffice.org – OpenOffice.org 3.4.1.) — C:Program Files (x86)OpenOffice.org 3programsoffice.bin [10368512] [PID.4548]
[MD5.01F1839AD462D146BB15B1DA9FDE2EE7] – (.ASUSTeK Computer Inc. – ASUS Live Update.) — C:Program Files (x86)ASUSASUS Live UpdateLiveUpdate.exe [1557664] [PID.4736]
[MD5.59588AA5DDCB31B8155D49FE11987A69] – (.Microsoft Corporation – Microsoft Office Word.) — C:Program Files (x86)Microsoft OfficeOffice12WINWORD.exe [409776] [PID.5860]
[MD5.077D59BA0FD4007E841B6C670862B065] – (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe [275568] [PID.3688]
[MD5.013CBC83D1C8131EB623567EF4D3FFCC] – (.RealNetworks, Inc. – RealDownloader.) — C:Program Files (x86)RealNetworksRealDownloaderrecordingmanager.exe [233048] [PID.5888]
[MD5.E0B173F23D873286169995D66B9E3CDF] – (.Mozilla Corporation – Plugin Container for Firefox.) — C:Program Files (x86)Mozilla Firefoxplugin-container.exe [18544] [PID.3952]
[MD5.EB68851F020D35293EADAADEB18B8220] – (.Adobe Systems, Inc. – Adobe Flash Player 11.9 r900.) — C:WindowsSysWOW64MacromedFlashFlashPlayerPlugin_11_9_900_117.exe [1862536] [PID.4472]
[MD5.7B121F44335FE23A1B54B4399A5EC116] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8281088] [PID.6932]
~ Processes Running: Scanned in 00mn 00s

—\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:UsersSaïf-EddineAppDataRoamingMozillaFirefoxProfilesmyu1ml4x.defaultprefs.js
M0 – MFSP: prefs.js [Saïf-Eddine – myu1ml4x.default] google.be
M2 – MFEP: prefs.js [Saïf-Eddine – myu1ml4x.defaulta000b9@wips.com] [] Youtubeâ„¢ Search v1.0.5 (..)
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://google.be” onclick=”window.open(this.href);return false;
~ IE Browser: 11 Legitimates Filtered in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21

—\ Autres liens utilisateurs (O4)
O4 – GSDesktop [Public]: eID Viewer.lnk . (.FedICT – eID Viewer.) — C:Program Files (x86)Belgium Identity CardEidViewereID Viewer.exe
O4 – GSDesktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O4 – GSDesktop [Public]: WebStorage Sync Agent.lnk . (.ASUS Cloud Corporation – ASUS WebStorage Panel.) — C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe
O4 – GSProgram [Public]: Desktop.lnk – Clé orpheline
O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O4 – GSQuickLaunch [Saïf-Eddine]: Free PDF to Word Converter.lnk . (.Free-PDF-to-Word.com – Free PDF to Word Converter.) — C:Program Files (x86)Free PDF to Word ConverterPDF2Word.exe
O4 – GSQuickLaunch [Saïf-Eddine]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSTaskBar [Saïf-Eddine]: ASUS InstantOn.lnk . (…) — C:WindowsInstaller{749F674B-2674-47E8-879C-5626A06B2A91}_5071C9DBC1BB2B48AAB6B3.exe
O4 – GSTaskBar [Saïf-Eddine]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O4 – GSProgram [Saïf-Eddine]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSProgram [Saïf-Eddine]: Kaspersky PURE 2.0.lnk . (.Kaspersky Lab ZAO – Kaspersky Anti-Virus.) — C:Program Files (x86)Kaspersky LabKaspersky PURE 2.0avp.exe
O4 – GSQuickLaunch [El Bouhali-Zian]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSTaskBar [El Bouhali-Zian]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O4 – GSProgram [El Bouhali-Zian]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
O4 – GSProgram [El Bouhali-Zian]: Kaspersky PURE 2.0.lnk . (.Kaspersky Lab ZAO – Kaspersky Anti-Virus.) — C:Program Files (x86)Kaspersky LabKaspersky PURE 2.0avp.exe
O4 – GSDesktop [El Bouhali-Zian]: TP 306 27.02 – Raccourci.lnk . (…) — C:UsersSaïf-EddineDocumentsTP 306 27.02.xlsx (.not file.)
~ Global Startup: 47 Legitimates Filtered in 00mn 03s

—\ Applications lancées au démarrage du sytème (O4)
O4 – GSStartup [Public]: AsusVibeLauncher.lnk . (.ASUSTeK Computer Inc. – AsusVibe Application.) — C:Program Files (x86)ASUSAsusVibeAsusVibeLauncher.exe
O4 – GSStartup [Saïf-Eddine]: OpenOffice.org 3.4.1.lnk . (…) — C:Program Files (x86)OpenOffice.org 3programquickstart.exe
O4 – GSStartup [El Bouhali-Zian]: OpenOffice.org 3.4.1.lnk . (…) — C:Program Files (x86)OpenOffice.org 3programquickstart.exe
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:Windowssystem32igfxtray.exe
O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:Windowssystem32hkcmd.exe
O4 – HKLM..Run: [RTHDVCPL] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARAVCpl64.exe =>.Realtek Semiconductor Corp
O4 – HKLM..Run: [ACMON] . (.ASUS – ACMON.) — C:Program Files (x86)ASUSSplendidACMON.exe
O4 – HKCU..Run: [msnmsgr] . (.Microsoft Corporation – Windows Live Messenger.) — C:Program Files (x86)Windows LiveMessengerMsnMsgr.exe
O4 – HKLM..Wow6432NodeRun: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program Files (x86)AdobeReader 10.0ReaderReader_sl.exe
O4 – HKLM..Wow6432NodeRun: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Wow6432NodeRun: [RemoteControl10] . (.CyberLink Corp. – PowerDVD RC Service.) — C:Program Files (x86)CyberLinkPowerDVD10PDVD10Serv.exe
O4 – HKLM..Wow6432NodeRun: [ASUSWebStorage] . (.ASUS Cloud Corporation – ASUS WebStorage Panel.) — C:Program Files (x86)ASUSWebStorage Sync Agent1.1.9.120AsusWSPanel.exe
O4 – HKLM..Wow6432NodeRun: [beid] C:Program Files (x86)Belgium Identity Cardbeid35gui.exe (.not file.)
O4 – HKLM..Wow6432NodeRun: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program Files (x86)Common FilesJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Wow6432NodeRun: [vProt] . (.Pas de propriétaire – VProtect Application.) — C:Program Files (x86)AVG Secure Searchvprot.exe =>Toolbar.AVGSearch
O4 – HKLM..Wow6432NodeRun: [TkBellExe] . (.RealNetworks, Inc. – RealNetworks Scheduler.) — c:program files (x86)realrealplayerUpdaterealsched.exe =>.RealNetworks, Inc
O4 – HKLM..Wow6432NodeRun: [AVP] . (.Kaspersky Lab ZAO – Kaspersky Anti-Virus.) — C:Program Files (x86)Kaspersky LabKaspersky PURE 2.0avp.exe
O4 – HKUSS-1-5-21-3609288828-2702090838-3575063521-1001..Run: [msnmsgr] . (.Microsoft Corporation – Windows Live Messenger.) — C:Program Files (x86)Windows LiveMessengerMsnMsgr.exe
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: Clavier &virtuel [64Bits] – {4248FE82-7FCB-46AC-B270-339F08212110} . (…) — C:Program Files (x86)Kaspersky LabKaspersky PURE 2.0kbrd.ico
O9 – Extra button: Analyse des &liens [64Bits] – {CCF151D8-D089-449F-A5A4-D9909053F20F} . (…) — C:Program Files (x86)Kaspersky LabKaspersky PURE 2.0logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{7F9D8706-5F2E-45EF-9603-A3C82B058643}: DhcpNameServer = 164.15.59.200
O17 – HKLMSystemCCSServicesTcpip..{BB32DDB4-48F4-49BE-A6CB-8932188DFF32}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCCSServicesTcpip..{7F9D8706-5F2E-45EF-9603-A3C82B058643}: DhcpDomain = ulb.ac.be
O17 – HKLMSystemCS1ServicesTcpip..{7F9D8706-5F2E-45EF-9603-A3C82B058643}: DhcpNameServer = 164.15.59.200
O17 – HKLMSystemCS1ServicesTcpip..{BB32DDB4-48F4-49BE-A6CB-8932188DFF32}: DhcpNameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{7F9D8706-5F2E-45EF-9603-A3C82B058643}: DhcpDomain = ulb.ac.be
O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 164.15.59.200
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: viprotocol [64Bits] – {B658800C-F66E-4EF3-AB85-6C0C227862A9} . (…) —
O18 – Filter: text/xml [64Bits] – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
O20 – Winlogon Notify: klogon . (.Kaspersky Lab ZAO – Logon Visualizer.) — C:WindowsSystem32klogon.dll
~ Winlogon: Scanned in 00mn 00s

—\ Liste des services NT non Microsoft et non désactivés (O23)
O23 – Service: (vToolbarUpdater17.1.2) . (.AVG Secure Search – ToolbarU Application.) – C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater17.1.2ToolbarUpdater.exe =>Toolbar.AVGSearch
~ Services: 13 Legitimates Filtered in 00mn 09s

—\ Tâches planifiées en automatique (O39)
O39 – APT:Automatic Planified Task – C:WindowsTasksReclaimerUpdateFiles_Saïf-Eddine.job [404]
O39 – APT:Automatic Planified Task – C:WindowsTasksReclaimerUpdateXML_Saïf-Eddine.job [400]
O39 – APT:Automatic Planified Task – C:WindowsTasksRNUpgradeHelperLogonPrompt_Saïf-Eddine.job [410]
~ Scheduled Task: 30 Legitimates Filtered in 00mn 07s

—\ HKCU & HKLM Software Keys
[HKCUSoftwareConduit] =>Toolbar.Conduit
[HKLMSoftwareWow6432NodeConduit] =>Toolbar.Conduit
~ Key Software: 212 Legitimates Filtered in 00mn 00s

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 30/05/2013 – 12:08:32 – [0] —-D C:UsersSaïf-EddineAppDataRoamingLite
~ 126 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 256 Legitimates Filtered in 00mn 37s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.6A4B9FBC1E88C400AD671A50DADFA84D] – 01/12/2013 – 21:21:44 —A- . (…) — C:WindowsSysNativeApnDatabase.xml [386923]
O44 – LFC:[MD5.6A4B9FBC1E88C400AD671A50DADFA84D] – 01/12/2013 – 21:21:44 —A- . (…) — C:WindowsSystem32ApnDatabase.xml [386923]
O44 – LFC:[MD5.2ADC500D8DAB0E1472F184DD3ED27F82] – 03/12/2013 – 19:15:15 —A- . (…) — C:UsbFix [Scan 1] SAÏF.txt [10932]
~ Files: 144 Legitimates Filtered in 01mn 03s

—\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 – LFCP:[MD5.651FDEA84F57294BE155BF2015757E72] – 01/12/2013 – 21:49:08 —A- – C:WindowsPrefetchTAPTILES.EXE-BCAE3C54.pf
O45 – LFCP:[MD5.B0B42E2A59CBD5D41E290E57896A3E3E] – 03/12/2013 – 19:24:01 —A- – C:WindowsPrefetchGO.EXE-34414F70.pf
O45 – LFCP:[MD5.87974A0A85DE021D9590CCB15A2DC1E2] – 03/12/2013 – 22:00:02 —A- – C:WindowsPrefetchPDVD10SERV.EXE-99C8A7B5.pf
O45 – LFCP:[MD5.A376644826DB7802D5D0AEDCEA7A8FF9] – 05/12/2013 – 10:26:57 —A- – C:WindowsPrefetchdynreservedpri.db
O45 – LFCP:[MD5.4750636DBD20535147CBCAD2B378F657] – 05/12/2013 – 14:28:24 —A- – C:WindowsPrefetchMY_INTEL_CPP_X64.EXE-1A95AA96.pf
O45 – LFCP:[MD5.EDA87DAA6BB348F16606B69E1F5B4727] – 05/12/2013 – 14:28:57 —A- – C:WindowsPrefetchVPROT.EXE-659B8A79.pf
O45 – LFCP:[MD5.4F2293E7BF83FEAB745284E68C98A409] – 05/12/2013 – 15:30:46 —A- – C:WindowsPrefetchGLCND.EXE-DD45F588.pf
O45 – LFCP:[MD5.71A342021764D1485D9178F621D74647] – 05/12/2013 – 20:05:30 —A- – C:WindowsPrefetch_IU14D2N.TMP-04EBDAA7.pf
O45 – LFCP:[MD5.3DF290CCE9A428E234EDA1B2BD1190BC] – 27/11/2013 – 22:33:26 —A- – C:WindowsPrefetchGLCND.EXE-1C7784D8.pf
~ Prefetcher: 186 Legitimates Filtered in 00mn 02s

—\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 – MPSK:{1071b829-6ac8-11e2-be78-08606e024a09}AutoRuncommand. (…) — F:iLinker.exe (.not file.)
~ Keys: Scanned in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.AB1201F8DE199E764DA9A32ABF71049C] – 14/12/2009 – 11:44:24 —A- . (.Infowatch – Cryptographic Algorithm Lib Driver..) — C:WindowsSystem32DriversCSCrySec.sys [85048]
O58 – SDL:[MD5.A6EED705BB510FA6B0F9F097165A3395] – 14/12/2009 – 11:44:24 —A- . (.Infowatch – Virtual Volume Container Driver (wnet).) — C:WindowsSystem32DriversCSVirtualDiskDrv.sys [66104]
O58 – SDL:[MD5.A8080BEBCDB7A16495CE1205921DCAC5] – 02/08/2012 – 04:22:48 —A- . (.Pas de propriétaire – Keyboard Filter Driver.) — C:WindowsSystem32Driverskbfiltr.sys [14992]
O58 – SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] – 26/07/2012 – 06:00:55 —A- . (.Promise Technology, Inc. – Promise SuperTrak EX Series Driver for Windows x64.) — C:WindowsSystem32Driversstexstor.sys [30960]
~ Drivers: 17 Legitimates Filtered in 00mn 04s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 02/12/2013 – 20:11:22 —A- . (…) — C:UsersSaïf-EddineLinksDesktop.lnk [493]
O61 – LFC: 02/12/2013 – 20:11:22 —A- . (…) — C:UsersSaïf-EddineLinksDownloads.lnk [960]
O61 – LFC: 02/12/2013 – 20:11:22 —A- . (…) — C:UsersSaïf-EddineLinksRecentPlaces.lnk [383]
O61 – LFC: 04/12/2013 – 20:10:05 —A- . (…) — C:UsersSaïf-EddineAppDataLocalAVG Secure SearchSiteSafetyl_2013_12_03_04_21_15.db [1045072] =>Toolbar.AVGSearch
O61 – LFC: 04/12/2013 – 20:10:05 —A- . (…) — C:UsersSaïf-EddineAppDataLocalGDIPFONTCACHEV1.DAT [119408]
O61 – LFC: 05/12/2013 – 20:10:05 —A- . (…) — C:UsersSaïf-EddineAppDataLocalAVG Secure SearchSiteSafetyl_2013_12_04_11_06_41.db [1348704] =>Toolbar.AVGSearch
O61 – LFC: 05/12/2013 – 20:10:40 –HA- . (…) — C:UsersSaïf-EddineAppDataRoamingMicrosoftTemplates~$Normal.dotm [162]
O61 – LFC: 05/12/2013 – 20:10:47 —A- . (…) — C:UsersSaïf-EddineAppDataRoamingZHPLog.txt [17576] =>.Nicolas Coolman
O61 – LFC: 05/12/2013 – 20:10:47 —A- . (…) — C:UsersSaïf-EddineAppDataRoamingZHPTestsZHPDiag.txt [3028] =>.Nicolas Coolman
O61 – LFC: 05/12/2013 – 20:10:47 —A- . (…) — C:UsersSaïf-EddineAppDataRoamingsp_data.sys [380]
~ 3 Fichiers temporaires (Temporary files)
~ Files: 182 Legitimates Filtered in 01mn 19s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.4A93070098539B54FDA391D4D551C880] [SPRF][22/07/2009] (…) — C:ProgramDataSetStretch.exe [24576]
[MD5.DB4F9C7CDB2EEF82337E2B289B61F827] [SPRF][26/09/2013] (…) — C:UsersSaïf-EddineAppDataLocalTempDelUS.bat [588]
[MD5.346CA14A185E93E96F6CCCC7D2A3D304] [SPRF][14/06/2013] (.AVG Secure Search – AVG Installer.) — C:UsersSaïf-EddineAppDataLocalTempoi_{5704CAA2-D194-42BC-9F76-DC6973276FC1}.exe [3239960] =>Toolbar.AVGSearch
[MD5.740F803BC9046BE7C3F1AA10EE287DF7] [SPRF][16/06/2013] (…) — C:UsersSaïf-EddineAppDataLocalTemputt943E.tmp.bat [104]
[MD5.79D33D56FDBC78AD319475CE6E497962] [SPRF][14/06/2013] (…) — C:UsersSaïf-EddineAppDataLocalTemputtD696.tmp.exe [8228864]
[MD5.293F0F4EC79E9E016F8193BA3552A33F] [SPRF][24/01/2013] (.Pas de propriétaire – Windows Live Installer.) — C:UsersSaïf-EddineAppDataLocalTempwlsetupc.exe [699464]
[MD5.441446D85E77BCDEA06B32D51A2016F7] [SPRF][05/12/2013] (…) — C:UsersSaïf-EddineAppDataRoamingsp_data.sys [380]
~ Files: 12 Legitimates Filtered in 00mn 00s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 08/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
SS – | Demand 16/08/2012 276288 | (cphs) . (.Intel Corporation.) – C:WindowsSysWow64IntelCpHeciSvc.exe
SS – | Auto 21/08/2013 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 21/08/2013 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
SS – | Demand 22/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe

SR – | Auto 23/07/2012 105120 | (ASLDRService) . (.ASUSTek Computer Inc..) – C:Program Files (x86)ASUSATK PackageATK HotkeyASLDRSrv.exe
SR – | Auto 13/04/2012 277120 | (ASUS InstantOn) . (.ASUS.) – C:Program Files (x86)ASUSASUS InstantOnInsOnSrv.exe
SR – | Auto 21/11/2011 96896 | (ATKGFNEXSrv) . (.ASUS.) – C:Program Files (x86)ASUSATK PackageATKGFNEXGFNEXSrv.exe
SR – | Auto 30/08/2012 202328 | (AVP) . (.Kaspersky Lab ZAO.) – C:Program Files (x86)Kaspersky LabKaspersky PURE 2.0avp.exe
SR – | Auto 21/12/2009 743992 | (CSObjectsSrv) . (.Infowatch.) – C:Program Files (x86)Common FilesInfoWatchCryptoStorageProtectedObjectsSrv.exe
SR – | Auto 13/07/2012 2451456 | (IconMan_R) . (.Realsil Microelectronics Inc..) – C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe
SR – | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientHeciServer.exe
SR – | Auto 25/06/2012 166720 | (jhi_service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
SR – | Auto 17/07/2012 277824 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
SR – | Auto 16/04/2013 39056 | (RealNetworks Downloader Resolver Service) . (…) – C:Program Files (x86)RealNetworksRealDownloaderrndlresolversvc.exe
SR – | Auto 17/07/2012 365376 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
SR – | Auto 11/11/2013 1734680 | (vToolbarUpdater17.1.2) . (.AVG Secure Search.) – C:Program Files (x86)Common FilesAVG Secure SearchvToolbarUpdater17.1.2ToolbarUpdater.exe =>Toolbar.AVGSearch
SR – | Demand 10/07/1658 0 | (WinDefend) . (…) – C:Program Files (x86)Windows DefenderMsMpEng.exe
SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
SR – | Demand 20/09/2012 29696 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe

~ Services: Scanned in 00mn 13s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Run by Saïf-Eddine at 05/12/2013 20:14:18
~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by Saïf-Eddine at 05/12/2013 20:14:20

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 13011 – (05/12/2013)
Clés trouvées (Keys found) : 27
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 4

[HKLMSYSTEMCurrentControlSetServicesvToolbarUpdater17.1.2] =>Toolbar.AVGSearch^
[HKLMSoftwareClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLMSoftwareWow6432NodeClassesInterface{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch
[HKLMSoftwareClassesAppID{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLMSoftwareWow6432NodeClassesAppID{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch
[HKLMSoftwareClassesInterface{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLMSoftwareWow6432NodeClassesInterface{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch
[HKLMSoftwareClassesTypeLib{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch
[HKLMSoftwareClassesTypeLib{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch
[HKLMSoftwareClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLMSoftwareWow6432NodeClassesInterface{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits
[HKLMSoftwareClassesAppID{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
[HKLMSoftwareWow6432NodeClassesAppID{BB711CB0-C70B-482E-9852-EC05EBD71DBB}] =>Toolbar.AVGSearch
[HKLMSoftwareClassesTypeLib{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch
[HKLMSoftwareClassesInterface{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLMSoftwareWow6432NodeClassesInterface{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch
[HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExtPreApproved{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit
[HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch
[HKLMSoftwareMicrosoftInternet ExplorerLow RightsElevationPolicy{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExtPreApproved{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch
[HKLMSoftwareClassesAppIDScriptHelper.EXE] =>Toolbar.AVGSearch
[HKLMSoftwareClassesScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch
[HKLMSoftwareClassesScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch
[HKLMSoftwareClassesViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch
[HKLMSoftwareClassesViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch
[HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionUninstallAVG Secure Search] =>Toolbar.AVGSearch
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]:vProt =>Toolbar.AVGSearch^
C:Program Files (x86)AVG Secure Search =>Toolbar.AVGSearch
C:Program Files (x86)Common FilesAVG Secure Search =>Toolbar.AVGSearch
C:ProgramDataAVG Secure Search =>Toolbar.AVGSearch
C:UsersSaïf-EddineAppDataLocalAVG Secure Search =>Toolbar.AVGSearch
C:UsersSaïf-EddineAppDataLocalLowAVG Secure Search =>Toolbar.AVGSearch
C:Program Files (x86)AVG Secure Searchvprot.exe =>Toolbar.AVGSearch^
[HKCUSoftwareConduit] =>Toolbar.Conduit^
[HKLMSoftwareWow6432NodeConduit] =>Toolbar.Conduit^
C:UsersSaïf-EddineAppDataLocalTempoi_{5704CAA2-D194-42BC-9F76-DC6973276FC1}.exe =>Toolbar.AVGSearch^
~ Additionnel Scan: 248157 Items scanned in 00mn 32s

—\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
~ http://nicolascoolman.webs.com/apps/blog/show/30234464-pup-toparcadehits” onclick=”window.open(this.href);return false; =>PUP.ToparcadeHits
~ MSI: 2 link(s) detected in 00mn 32s

~ 1511 Legitimates filtered by white list
End of the scan (482 lines in 07mn 13s)(0)