Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Réparez votre ordinateur gratuitement sur notre assistance en ligne.
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par Miaka
#14701
voici le rapport, merci
ps: est-ce que je peux désinstaller tous les pgms car le pc devient très lent de nouveau...?
merci d'avance

Malwarebytes Anti-Malware (Essai) 1.75.0.1300


Version de la base de données: v2013.11.05.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
dell :: ADM-E6577662901 [administrateur]

Protection: Activé

5/11/2013 21:32:28
mbam-log-2013-11-05 (21-32-28).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 190976
Temps écoulé: 10 minute(s), 50 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712} (PUP.Optional.AmazonTB.A) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 2
C:\Documents and Settings\All Users\Documents\Babylon9_setup.exe (PUP.Optional.Babylon.A) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\dell\Application Data\dell-wchelper.dll (Trojan.Agent.Gen) -> Mis en quarantaine et supprimé avec succès.

(fin)
Avatar du membre
par El Desaparecido
#14736
ps: est-ce que je peux désinstaller tous les pgms car le pc devient très lent de nouveau...?
Pas encore , refais un scan ZHPdiag et post le nouveau rapport stp
Avatar du membre
par Miaka
#14815
Bonjour,
Merci pour votre patience..

~ Rapport de ZHPDiag v2013.11.6.9 - Nicolas Coolman (6/11/2013)
~ Lancé par dell (6/11/2013 11:54:10)
~ Adresse du Site Web
~ Forums gratuits d'Assistance à la désinfection :
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client FR-FR Language Pack v2.1.1116.0

---\\ Logiciels d'optimisation du système
CCleaner =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 758 MB (21% free)
System Restore: Activé (Enable)
System drive C: has 19 GB (51%) free of 37 GB

---\\ Mode de connexion au système
~ Computer Name: ADM-E6577662901
~ User Name: dell
~ All Users Names: SUPPORT_388945a0, HelpAssistant, dell, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\dell\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\dell\Application Data\
~ %Desktop% : C:\Documents and Settings\dell\Bureau\
~ %Favorites% : C:\Documents and Settings\dell\Favoris\
~ %LocalAppData% : C:\Documents and Settings\dell\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\dell\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumération des unités disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 19 Go of 37 Go)
D: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 42 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 19:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.F8DD21FC65131E064FBF11F01E4F4BFD] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/09/2013 - 19:23:33.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 19:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 18:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 9:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 19:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 18:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 18:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 01s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/25
~ Mes musiques (My Musics) : 2/4
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/34
~ Mes Documents (My Documents) : 2/35
~ Mon Bureau (My Desktop) : 2/14
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.0A7F86657755ADA92C57E597BF5151F7] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.1080]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.396]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.840]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.304]
[MD5.E89028D8068170E606AA0996D457AAA3] - (.Intel Corporation - Intel Corporation.) -- C:\Users\Public\jusched.exe [85470352] [PID.3300]
[MD5.2D894EDBC9348BD01168AF0D062BEEB1] - (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe [21223942] [PID.972]
[MD5.10247C15D999CC116C87DA36BD0AD64D] - (.Analog Devices, Inc. - SMax4PNP MFC Application.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928] [PID.2916]
[MD5.DDE4A991F26179573D2CFA7A093F56FA] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [163840] [PID.3264]
[MD5.EAF47A526B911B0961D3FECEB442E0C4] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [135168] [PID.3524]
[MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe [1695232] [PID.2760]
[MD5.E05E86D484CDA786CAA97B750F243DDC] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20474528] [PID.2432]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816] [PID.1824]
[MD5.E85885654C2E05ED6EEF9DDE0E4880C4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8179712] [PID.1060]
~ Processes Running: Scanned in 00mn 08s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\5lzax1qx.default\prefs.js
M3 - MFPP: Plugins - [dell] -- C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\5lzax1qx.default\searchplugins\amazon.xml
~ Firefox Browser: 8 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cd.feuvert.be;<local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: MSN.lnk . (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe =>.Microsoft Corporation
O4 - GS\Program [dell]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
~ Global Startup: 7 Legitimates Filtered in 01mn 15s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [SoundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP MFC Application.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [KernelFaultCheck] Clé orpheline
O4 - HKLM\..\Run: [Intel(R)Bl] . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
O4 - HKLM\..\Run: [jusched7] . (.Intel Corporation - Intel Corporation.) -- C:\Users\Public\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Intel(R)Bl4] . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
O4 - HKCU\..\Run: [8jusched] . (.Intel Corporation - Intel Corporation.) -- C:\Users\Public\jusched.exe
O4 - HKLM\..\policies\Explorer\Run: [jusched9] . (.Intel Corporation - Intel Corporation.) -- C:\Users\Public\jusched.exe
O4 - HKLM\..\policies\Explorer\Run: [Intel(R)Bl5] . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
O4 - HKCU\..\policies\Explorer\Run: [jusched9] . (.Intel Corporation - Intel Corporation.) -- C:\Users\Public\jusched.exe
O4 - HKCU\..\policies\Explorer\Run: [Intel(R)Bl5] . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1957994488-152049171-725345543-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1957994488-152049171-725345543-1003\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-21-1957994488-152049171-725345543-1003\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1957994488-152049171-725345543-1003\..\Run: [Intel(R)Bl4] . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
O4 - HKUS\S-1-5-21-1957994488-152049171-725345543-1003\..\Run: [8jusched] . (.Intel Corporation - Intel Corporation.) -- C:\Users\Public\jusched.exe
~ Application: Scanned in 00mn 01s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2ECDA66A-513B-46B4-B6DD-906B1D15A884}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2ECDA66A-513B-46B4-B6DD-906B1D15A884}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{2ECDA66A-513B-46B4-B6DD-906B1D15A884}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 4 Legitimates Filtered in 00mn 11s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\dell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\dell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: (no name) - {X1A25B25-0C22-13AW-1V25-L5HMUV12V36O} . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
~ Active Setup: 22 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Poussin]
[HKCU\Software\à€ classé]
[HKCU\Software\Æ’AÆ’vÆ’Å Æ’P[Æ’Vƒ‡ƒ“ Æ’EÆ’BÆ’U[Æ’h‚à…¶¬‚³‚ꂽƒ[Æ’Jƒ‹ Æ’AÆ’vÆ’Å Æ’P[Æ’Vƒ‡ƒ“]
[HKLM\Software\De Boeck & Larcier S.A.]
~ Key Software: 101 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 8/04/2005 - 3:16:43 - [0,027] --H-D C:\Documents and Settings\dell\Application Data\0842810B
~ Program Folder: 105 Legitimates Filtered in 00mn 21s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.F76868188B955ACF92B41089C7FDF1B1] - 1/11/2013 - 15:48:06 ---A- . (...) -- C:\WINDOWS\wmsetup.log [3050]
O44 - LFC:[MD5.59C6F6D7843521AADB43A82E3B94B064] - 2/11/2013 - 19:09:05 ---A- . (...) -- C:\WINDOWS\pLsd.dat [93102]
O44 - LFC:[MD5.44697312B74BDD433CC3763579E4F06B] - 27/10/2013 - 23:20:07 ---A- . (...) -- C:\WINDOWS\permis.ini [82]
O44 - LFC:[MD5.6F544ECDE31A1AD9FFD3AB3294CD3465] - 6/11/2013 - 9:14:20 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.B08E952DC68D68DFFA3907232826CEAA] - 6/11/2013 - 9:14:28 ---A- . (...) -- C:\WINDOWS\wiadebug.log [441]
~ Files: 20 Legitimates Filtered in 00mn 19s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.045CA94556CCDA700309075E82FACA90] - 5/11/2013 - 18:33:27 ---A- - C:\WINDOWS\Prefetch\OTM.EXE-3790DD77.pf
O45 - LFCP:[MD5.B44494E2B91320DAD8445F790704D095] - 5/11/2013 - 18:33:38 ---A- - C:\WINDOWS\Prefetch\DATAMN~1.EXE-0B977BB4.pf
O45 - LFCP:[MD5.32AB13F47215E1BD78B1698FBFF91629] - 6/11/2013 - 9:19:49 ---A- - C:\WINDOWS\Prefetch\INTEL(R)BL.EXE-2D0670F3.pf
O45 - LFCP:[MD5.F4E814B89F7809A68F749305D5893870] - 6/11/2013 - 9:21:07 ---A- - C:\WINDOWS\Prefetch\INTEL(R)BL.EXE-35B8F253.pf
~ Prefetcher: 60 Legitimates Filtered in 00mn 00s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.E6F53D6C0DEA3D375362265E175CA638] - 24/02/2010 - 11:22:10 ---A- . (.Protect Software GmbH - ProtectDisc x64/x86 Hybrid Driver.) -- C:\WINDOWS\system32\Drivers\acedrv11.sys [185472]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 5/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: 5 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 3/11/2013 - 11:58:56 ---A- . (...) -- C:\Documents and Settings\dell\Recent\UsbFix [Scan 2] ADM-E6577662901.lnk [612]
O61 - LFC: 3/11/2013 - 11:58:56 ---A- . (...) -- C:\Documents and Settings\dell\Recent\UsbFix [Scan 3] ADM-E6577662901.lnk [612]
O61 - LFC: 4/11/2013 - 11:57:15 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\Microsoft\Media Player\00B3338C.wpl [355]
O61 - LFC: 4/11/2013 - 11:58:02 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb [1900544]
O61 - LFC: 4/11/2013 - 11:58:02 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Microsoft\Media Player\wmpfolders.wmdb [430]
O61 - LFC: 4/11/2013 - 11:58:07 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML [13846]
O61 - LFC: 4/11/2013 - 11:58:53 ---A- . (...) -- C:\Documents and Settings\dell\Recent\Cheb Hindi 2012 - Nekhdam Clandestin.lnk [393]
O61 - LFC: 4/11/2013 - 11:58:53 ---A- . (...) -- C:\Documents and Settings\dell\Recent\Cheb Hindi Best Of 2013 - Sahabha Alamha Lamour.lnk [436]
O61 - LFC: 4/11/2013 - 11:58:53 ---A- . (...) -- C:\Documents and Settings\dell\Recent\Cheb el Omari 2010.lnk [321]
O61 - LFC: 4/11/2013 - 11:58:53 ---A- . (...) -- C:\Documents and Settings\dell\Recent\cheb el hendi 2013 datni mp3.lnk [361]
O61 - LFC: 4/11/2013 - 11:58:53 ---A- . (...) -- C:\Documents and Settings\dell\Recent\cheb hindi nediha gawria 2012.lnk [369]
O61 - LFC: 4/11/2013 - 11:58:54 ---A- . (...) -- C:\Documents and Settings\dell\Recent\El Hindi 2011 - Merga Had Chira.lnk [372]
O61 - LFC: 4/11/2013 - 11:58:54 ---A- . (...) -- C:\Documents and Settings\dell\Recent\lhbitri 2007.lnk [297]
O61 - LFC: 4/11/2013 - 11:58:56 ---A- . (...) -- C:\Documents and Settings\dell\Recent\UsbFix [Scan 1] ADM-E6577662901.lnk [612]
O61 - LFC: 5/11/2013 - 11:56:56 --H-- . (...) -- C:\Documents and Settings\dell\Application Data\0842810B\05-11-2013 [28039]
O61 - LFC: 5/11/2013 - 11:56:58 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\Google\Local Search History\google%2Eweb.w [0]
O61 - LFC: 5/11/2013 - 11:56:58 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\dellv3.4.2.2.vbs [808]
O61 - LFC: 5/11/2013 - 11:56:58 --H-- . (...) -- C:\Documents and Settings\dell\Application Data\dell-wchelper.dll [154283]
O61 - LFC: 5/11/2013 - 11:57:18 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\5lzax1qx.default\prefs.js [1849]
O61 - LFC: 5/11/2013 - 11:57:39 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\ZHP\ZHPDiag.txt [42620] =>.Nicolas Coolman
O61 - LFC: 5/11/2013 - 11:57:39 ---A- . (...) -- C:\Documents and Settings\dell\Bureau\adwcleaner.exe [1073258]
O61 - LFC: 5/11/2013 - 11:57:39 ---A- . (...) -- C:\Documents and Settings\dell\Bureau\mbam-log-2013-11-05 (21-32-28).txt [2934]
O61 - LFC: 5/11/2013 - 11:57:48 ---A- . (...) -- C:\Documents and Settings\dell\Favoris\La doudoune longue wow.url [1048]
O61 - LFC: 5/11/2013 - 11:57:49 ---A- . (...) -- C:\Documents and Settings\dell\Favoris\Manteau long - A vendre €25 à Mettet 2ememain.be.url [4600]
O61 - LFC: 5/11/2013 - 11:57:49 ---A- . (...) -- C:\Documents and Settings\dell\Favoris\PC BANKING\PC BANKING FORTIS BANQUE.url [1088]
O61 - LFC: 5/11/2013 - 11:57:49 ---A- . (...) -- C:\Documents and Settings\dell\Favoris\Parka capuche amovible SOFT GREY La Redoute.url [1059]
O61 - LFC: 5/11/2013 - 11:57:49 ---A- . (...) -- C:\Documents and Settings\dell\Favoris\TELECHARGER.url [596]
O61 - LFC: 5/11/2013 - 11:57:50 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Google\Toolbar Cache\7.5.4601.54\fr\translate_element.js.content [2381]
O61 - LFC: 5/11/2013 - 11:57:50 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Google\Toolbar Cache\7.5.4601.54\fr\translate_languages.json.content [1497]
O61 - LFC: 5/11/2013 - 11:57:50 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Google\Toolbar\metrics_15328146919.xml [5405]
O61 - LFC: 5/11/2013 - 11:57:50 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Google\Toolbar\metrics_3081481753.xml [7135]
O61 - LFC: 5/11/2013 - 11:58:53 ---A- . (...) -- C:\Documents and Settings\dell\Recent\11052013_182649.log.lnk [420]
O61 - LFC: 5/11/2013 - 11:58:53 ---A- . (...) -- C:\Documents and Settings\dell\Recent\Adele - Someone Like You.lnk [345]
O61 - LFC: 5/11/2013 - 11:58:54 ---A- . (...) -- C:\Documents and Settings\dell\Recent\mbam-log-2013-11-05 (21-32-28).lnk [585]
O61 - LFC: 5/11/2013 - 11:58:55 ---A- . (...) -- C:\Documents and Settings\dell\Recent\MOUNIR (E).lnk [185]
O61 - LFC: 5/11/2013 - 11:58:55 ---A- . (...) -- C:\Documents and Settings\dell\Recent\mounir.lnk [249]
O61 - LFC: 5/11/2013 - 11:58:56 ---A- . (...) -- C:\Documents and Settings\dell\Recent\will.i.am - Heartbreaker ft. Cheryl Cole.lnk [409]
O61 - LFC: 5/11/2013 - 11:58:57 ---A- . (...) -- C:\Documents and Settings\dell\Recent\_____ _____ ______ (_____ ___ ______).lnk [473]
O61 - LFC: 6/11/2013 - 11:56:56 --H-- . (...) -- C:\Documents and Settings\dell\Application Data\0842810B\06-11-2013 [188]
O61 - LFC: 6/11/2013 - 11:57:39 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\ZHP\Log.txt [44581] =>.Nicolas Coolman
O61 - LFC: 6/11/2013 - 11:57:39 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\ZHP\TestsZHPDiag.txt [3172] =>.Nicolas Coolman
O61 - LFC: 6/11/2013 - 11:57:40 ---A- . (...) -- C:\Documents and Settings\dell\Bureau\ZHPDiag.lnk [1523] =>.Nicolas Coolman
O61 - LFC: 6/11/2013 - 11:57:40 ---A- . (...) -- C:\Documents and Settings\dell\Bureau\ZHPFix.lnk [1628] =>.Nicolas Coolman
O61 - LFC: 6/11/2013 - 11:57:49 -SHA- . (...) -- C:\Documents and Settings\dell\IECompatCache\index.dat [65536]
O61 - LFC: 6/11/2013 - 11:57:49 -SHA- . (...) -- C:\Documents and Settings\dell\IETldCache\index.dat [262144]
O61 - LFC: 6/11/2013 - 11:57:50 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Google\Toolbar DNS data\data [460]
O61 - LFC: 6/11/2013 - 11:57:50 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Google\Toolbar\metrics_30663584894.xml [17028]
O61 - LFC: 6/11/2013 - 11:58:53 -SHA- . (...) -- C:\Documents and Settings\dell\PrivacIE\index.dat [9158656]
~ 6 Fichiers temporaires (Temporary files)
~ 237 Fichiers cookies (Cookies files)
~ Files: 374 Legitimates Filtered in 02mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: OTM - (.OldTimer.)
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <htmlfile>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 9 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] A144FA10FAB840C1BBB3C125047CF88B [DefaultScope] - (Amazon) -
O69 - SBI: SearchScopes [HKCU] {78539862-2E3B-4F4E-AA81-2E42695902C1} - (Ask Search) - =>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {FEC05A40-4F72-4D7B-8066-6CE05F5FF1C2} - (Google) -
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.A9220115BF8D64017F66887732304B24] [SPRF][5/11/2013] (...) -- C:\Documents and Settings\dell\Bureau\adwcleaner.exe [1073258]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A20F87C59CDD86A1BB68D2058F2C5263] [WIS][16/05/2013] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\137058.msi [24064] =>Toolbar.Google
~ WIS: 48 Legitimates Filtered in 00mn 07s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 9/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 16/05/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 16/05/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 16/05/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 4/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 4/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Auto 5/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: Scanned in 00mn 10s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer,
Run by dell at 6/11/2013 12:00:10

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EE1A0] >> \Device\Harddisk0\DR0[0x82FAEAB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 12 Legitimates Filtered in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13,
Run by dell at 6/11/2013 12:00:12

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 12989 - (6/11/2013)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\Interface\{8DEC3C75-9A5D-446C-B7B5-E4AB4FDD6309}] =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
C:\Windows\Installer\137058.msi =>Toolbar.Google^
~ Additionnel Scan: 163397 Items scanned in 00mn 35s



---\\ Récapitulatif des détections trouvées sur votre station
~ =>Toolbar.Google
~ =>Toolbar.Ask
~ =>Toolbar.Skype
~ =>Adware.Bandoo
~ MSI: 4 link(s) detected in 00mn 35s



~ 1138 Legitimates filtered by white list
End of the scan (480 lines in 06mn 38s)(0)
Avatar du membre
par El Desaparecido
#14821
Ton infection se relance :(

Exécute usbFix avec tes clé usb connecté et choisi Vacciner , ensuite :
  • Séléctionne et copie le script suivant :
    Script ZHPFix
    O4 - HKLM\..\Run: [Intel(R)Bl] . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
    O4 - HKLM\..\Run: [jusched7] . (.Intel Corporation - Intel Corporation.) -- C:\Users\Public\jusched.exe
    O4 - HKCU\..\Run: [Intel(R)Bl4] . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
    O4 - HKCU\..\Run: [8jusched] . (.Intel Corporation - Intel Corporation.) -- C:\Users\Public\jusched.exe
    O4 - HKLM\..\policies\Explorer\Run: [jusched9] . (.Intel Corporation - Intel Corporation.) -- C:\Users\Public\jusched.exe
    O4 - HKLM\..\policies\Explorer\Run: [Intel(R)Bl5] . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
    O4 - HKCU\..\policies\Explorer\Run: [jusched9] . (.Intel Corporation - Intel Corporation.) -- C:\Users\Public\jusched.exe
    O4 - HKCU\..\policies\Explorer\Run: [Intel(R)Bl5] . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
    O4 - HKUS\S-1-5-21-1957994488-152049171-725345543-1003\..\Run: [Intel(R)Bl4] . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
    O4 - HKUS\S-1-5-21-1957994488-152049171-725345543-1003\..\Run: [8jusched] . (.Intel Corporation - Intel Corporation.) -- C:\Users\Public\jusched.exe
    O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
    O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    O40 - ASIC: (no name) - {X1A25B25-0C22-13AW-1V25-L5HMUV12V36O} . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
    [HKCU\Software\à€ classé]
    [HKCU\Software\Æ’AÆ’vÆ’Å Æ’P[Æ’Vƒ‡ƒ“ Æ’EÆ’BÆ’U[Æ’h‚à…¶¬‚³‚ꂽƒ[Æ’Jƒ‹ Æ’AÆ’vÆ’Å Æ’P[Æ’Vƒ‡ƒ“]
    C:\Documents and Settings\dell\Application Data\0842810B
    [HKLM\Software\Classes\Interface\{8DEC3C75-9A5D-446C-B7B5-E4AB4FDD6309}]

    EmptyCLSID
    Emptytemp
    EmptyFlash
    Firewallraz
    ShortcutFix
  • Lances ZHPFix, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
    1. Clique sur Importer
    2. Les lignes précedemment copiées doivent être collées dans le cadre
    3. Si c'est le cas, Clic sur "GO"
    Image

    Image
  • Confirmes les nettoyages des données en cliquant sur "Oui"
  • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
  • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.
Avatar du membre
par Miaka
#14865
re-bjr,

je n'arrive pas à héberger le document dans sosupload, est-ce grave?
ils proposent le bouton vert "héberger" pour les images mais pas pour les docs ?!

voici le rapport, merci

Rapport de ZHPFix 2013.11.4.1 par Nicolas Coolman, Update du 03/11/2013
Fichier d'export Registre :
Run by dell at 6/11/2013 16:14:46
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)

Corbeille vidée (00mn 03s)
Réparation des raccourcis navigateur

========== Clés du Registre ==========
SUPPRIMà‰: CLSID Extra Buttons: {e2e2dd38-d088-4134-82b7-f2ba38496583}
SUPPRIMà‰: [HKLM\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}]
SUPPRIMà‰: [HKLM\SOFTWARE\Classes\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}]
SUPPRIMà‰: [HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
SUPPRIMà‰: CLSID ASIC: \SOFTWARE\Microsoft\Active Setup\Installed Components\{X1A25B25-0C22-13AW-1V25-L5HMUV12V36O}
SUPPRIMà‰: HKCU\Software\à€ classé
SUPPRIMà‰: HKCU\Software\Æ’AÆ’vÆ’Å Æ’P[Æ’Vƒ‡ƒ“ Æ’EÆ’BÆ’U[Æ’h‚à…¶¬‚³‚ꂽƒ[Æ’Jƒ‹ Æ’AÆ’vÆ’Å Æ’P[Æ’Vƒ‡ƒ“
SUPPRIMà‰: HKLM\Software\Classes\Interface\{8DEC3C75-9A5D-446C-B7B5-E4AB4FDD6309}

========== Valeurs du Registre ==========
SUPPRIMà‰ RunValue: Intel(R)Bl
SUPPRIMà‰ RunValue: jusched7
SUPPRIMà‰ RunValue: Intel(R)Bl4
SUPPRIMà‰ RunValue: 8jusched
SUPPRIMà‰ RunValue: jusched9
SUPPRIMà‰ RunValue: Intel(R)Bl5
SUPPRIMà‰: Toolbar: {01E04581-4EEE-11D0-BFE9-00AA005B4383}
SUPPRIMà‰: Toolbar: {0E5CBF21-D15F-11D0-8301-00AA005B4383}
SUPPRIMà‰: Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}
SUPPRIMà‰: FirewallRaz (SP) : %windir%\system32\sessmgr.exe
SUPPRIMà‰: FirewallRaz (SP) : %windir%\Network Diagnostic\xpnetdiag.exe
SUPPRIMà‰: FirewallRaz (SP) : C:\Program Files\Windows Live\Messenger\wlcsdk.exe
SUPPRIMà‰: FirewallRaz (SP) : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
SUPPRIMà‰: FirewallRaz (DP) : %windir%\system32\sessmgr.exe
SUPPRIMà‰: FirewallRaz (DP) : %windir%\Network Diagnostic\xpnetdiag.exe
SUPPRIMà‰: FirewallRaz (DP) : C:\Program Files\Windows Live\Messenger\wlcsdk.exe
SUPPRIMà‰: FirewallRaz (DP) : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Aucune valeur présente dans la clé d'exception du registre (FirewallRaz)

========== Dossiers ==========
Aucun dossiers CLSID Local utilisateur vide
SUPPRIMà‰S Temporaires Windows (3) (0 octets)
SUPPRIMà‰S Flash Cookies (1) (0 octets)

========== Fichiers ==========
SUPPRIMà‰ Redémarrage: c:\users\public\intel(r)bl.exe
SUPPRIMà‰ Redémarrage: c:\users\public\jusched.exe
SUPPRIMà‰S Temporaires Windows (0) (0 octets)
SUPPRIMà‰S Flash Cookies (0) (0 octets)


========== Récapitulatif ==========
8 : Clés du Registre
18 : Valeurs du Registre
3 : Dossiers
4 : Fichiers


End of clean in 00mn 10s

========== Chemin de fichier rapport ==========
C:\Documents and Settings\dell\Application Data\ZHP\ZHPFix[R1].txt - 6/11/2013 16:14:49 [2621]
Avatar du membre
par El Desaparecido
#14866
est-ce grave?
Oui c'est grave :excla: , tu seras punis mdr ^^

Si tu descends sur la page sosupload, tu verras un autre formulaire d'envoi .. ;)

Redémarre le PC, refais un scan ZHPdiag et post le nouveau rapport stp ( comme ça on va voir si l'infection s'est relancée ou pas )
Avatar du membre
par Miaka
#14879
:)

ZHPdiag OU ZHPFIX?

parce que tantot c'est zhpfix que vous aviez demandé..

pour info, le usbfix est bleu et rose comme avant...
Avatar du membre
par Miaka
#14968
je n'arrive pas à mettre le rapport sur sosupload.
je clique sur parcourir puis je sélectionne le rapport qui est sur le bureau mais rien ne se passe...

voici un copier/coller du rapport, merci de votre aide et patience

~ Rapport de ZHPDiag v2013.11.6.9 - Nicolas Coolman (6/11/2013)
~ Lancé par dell (6/11/2013 21:15:53)
~ Adresse du Site Web
~ Forums gratuits d'Assistance à la désinfection :
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Logiciels de protection du système
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Security Client FR-FR Language Pack v2.1.1116.0

---\\ Logiciels d'optimisation du système
CCleaner =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 11 ActiveX

---\\ Informations sur le système
~ Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 758 MB (36% free)
System Restore: Activé (Enable)
System drive C: has 20 GB (54%) free of 37 GB

---\\ Mode de connexion au système
~ Computer Name: ADM-E6577662901
~ User Name: dell
~ All Users Names: SUPPORT_388945a0, HelpAssistant, dell, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\dell\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\dell\Application Data\
~ %Desktop% : C:\Documents and Settings\dell\Bureau\
~ %Favorites% : C:\Documents and Settings\dell\Favoris\
~ %LocalAppData% : C:\Documents and Settings\dell\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\dell\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumération des unités disques
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 20 Go of 37 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Free 7 Go of 7 Go)
F: Floppy drive, Flash card reader, USB Key (Free 1 Go of 7 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 42 Legitimates Filtered in 00mn 01s



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 19:34:04.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.F8DD21FC65131E064FBF11F01E4F4BFD] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/09/2013 - 19:23:33.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 19:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 18:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 9:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 19:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 18:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 18:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 01mn 59s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/25
~ Mes musiques (My Musics) : 2/4
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/34
~ Mes Documents (My Documents) : 2/35
~ Mon Bureau (My Desktop) : 2/16
~ Menu demarrer (Programs) : 1/29
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.0A7F86657755ADA92C57E597BF5151F7] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208] [PID.1040]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.428]
[MD5.10247C15D999CC116C87DA36BD0AD64D] - (.Analog Devices, Inc. - SMax4PNP MFC Application.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928] [PID.840]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.888]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1348]
[MD5.DDE4A991F26179573D2CFA7A093F56FA] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [163840] [PID.1376]
[MD5.EAF47A526B911B0961D3FECEB442E0C4] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [135168] [PID.1552]
[MD5.E13EA4860E8F2AA845B53BFD2B6FEC5B] - (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe [1695232] [PID.2052]
[MD5.E05E86D484CDA786CAA97B750F243DDC] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [20474528] [PID.2076]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [638816] [PID.3516]
[MD5.E85885654C2E05ED6EEF9DDE0E4880C4] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8179712] [PID.2596]
[MD5.2D894EDBC9348BD01168AF0D062BEEB1] - (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Documents and Settings\dell\Menu Démarrer\Programmes\Démarrage\Intel(R)Bl.exe [21223942] [PID.300]
[MD5.E89028D8068170E606AA0996D457AAA3] - (.Intel Corporation - Intel Corporation.) -- C:\Documents and Settings\dell\Menu Démarrer\Programmes\Démarrage\jusched.exe [85470352] [PID.2444]
~ Processes Running: Scanned in 00mn 09s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\5lzax1qx.default\prefs.js
M3 - MFPP: Plugins - [dell] -- C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\5lzax1qx.default\searchplugins\amazon.xml
~ Firefox Browser: 8 Legitimates Filtered in 00mn 21s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cd.feuvert.be;<local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 01s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} Clé orpheline
~ Toolbar: Scanned in 00mn 01s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [AllUsers]: MSN.lnk . (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe =>.Microsoft Corporation
O4 - GS\Program [dell]: Lecteur Windows Media.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
~ Global Startup: 7 Legitimates Filtered in 00mn 13s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [SoundMAXPnP] . (.Analog Devices, Inc. - SMax4PNP MFC Application.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [KernelFaultCheck] Clé orpheline
O4 - HKLM\..\Run: [Intel(R)Bl] . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
O4 - HKLM\..\Run: [jusched7] . (...) -- C:\Users\Public\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [Intel(R)Bl4] . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
O4 - HKCU\..\Run: [8jusched] . (...) -- C:\Users\Public\jusched.exe
O4 - HKLM\..\policies\Explorer\Run: [Intel(R)Bl5] . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
O4 - HKLM\..\policies\Explorer\Run: [jusched9] . (...) -- C:\Users\Public\jusched.exe
O4 - HKCU\..\policies\Explorer\Run: [Intel(R)Bl5] . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
O4 - HKCU\..\policies\Explorer\Run: [jusched9] . (...) -- C:\Users\Public\jusched.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] . (.Microsoft Corporation - Watson Subscriber for SENS Network Notifica.) -- C:\Program Files\Fichiers communs\Microsoft Shared\DW\DWTRIG20.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1957994488-152049171-725345543-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1957994488-152049171-725345543-1003\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-21-1957994488-152049171-725345543-1003\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-1957994488-152049171-725345543-1003\..\Run: [Intel(R)Bl4] . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
O4 - HKUS\S-1-5-21-1957994488-152049171-725345543-1003\..\Run: [8jusched] . (...) -- C:\Users\Public\jusched.exe
~ Application: Scanned in 00mn 11s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~4\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 03s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2ECDA66A-513B-46B4-B6DD-906B1D15A884}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2ECDA66A-513B-46B4-B6DD-906B1D15A884}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{2ECDA66A-513B-46B4-B6DD-906B1D15A884}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 03s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 04s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 4 Legitimates Filtered in 00mn 25s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\dell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\dell\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 06s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: (no name) - {X1A25B25-0C22-13AW-1V25-L5HMUV12V36O} . (.Java(TM) Scheduler - Java(TM) Scheduler.) -- C:\Users\Public\Intel(R)Bl.exe
~ Active Setup: 22 Legitimates Filtered in 00mn 03s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Poussin]
[HKCU\Software\à€ classé]
[HKLM\Software\De Boeck & Larcier S.A.]
~ Key Software: 102 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 8/04/2005 - 3:16:43 - [0] --H-D C:\Documents and Settings\dell\Application Data\0842810B
~ Program Folder: 105 Legitimates Filtered in 00mn 25s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.F76868188B955ACF92B41089C7FDF1B1] - 1/11/2013 - 15:48:06 ---A- . (...) -- C:\WINDOWS\wmsetup.log [3050]
O44 - LFC:[MD5.59C6F6D7843521AADB43A82E3B94B064] - 2/11/2013 - 19:09:05 ---A- . (...) -- C:\WINDOWS\pLsd.dat [93102]
O44 - LFC:[MD5.44697312B74BDD433CC3763579E4F06B] - 27/10/2013 - 23:20:07 ---A- . (...) -- C:\WINDOWS\permis.ini [82]
O44 - LFC:[MD5.35D8A1890BBC9451E99F582573A30567] - 6/11/2013 - 17:45:28 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.393962B5427061838F1240EEC7E11D4E] - 6/11/2013 - 17:45:37 ---A- . (...) -- C:\WINDOWS\wiadebug.log [441]
~ Files: 20 Legitimates Filtered in 00mn 22s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.045CA94556CCDA700309075E82FACA90] - 5/11/2013 - 18:33:27 ---A- - C:\WINDOWS\Prefetch\OTM.EXE-3790DD77.pf
O45 - LFCP:[MD5.B44494E2B91320DAD8445F790704D095] - 5/11/2013 - 18:33:38 ---A- - C:\WINDOWS\Prefetch\DATAMN~1.EXE-0B977BB4.pf
O45 - LFCP:[MD5.317F006241600C463E1440CA1B7FB4CC] - 6/11/2013 - 16:10:11 ---A- - C:\WINDOWS\Prefetch\GO.EXE-39722D3E.pf
O45 - LFCP:[MD5.F8B834DE900931F3165F417F5A006CDA] - 6/11/2013 - 21:18:51 ---A- - C:\WINDOWS\Prefetch\INTEL(R)BL.EXE-35B8F253.pf
O45 - LFCP:[MD5.32AB13F47215E1BD78B1698FBFF91629] - 6/11/2013 - 9:19:49 ---A- - C:\WINDOWS\Prefetch\INTEL(R)BL.EXE-2D0670F3.pf
~ Prefetcher: 76 Legitimates Filtered in 00mn 01s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.E6F53D6C0DEA3D375362265E175CA638] - 24/02/2010 - 11:22:10 ---A- . (.Protect Software GmbH - ProtectDisc x64/x86 Hybrid Driver.) -- C:\WINDOWS\system32\Drivers\acedrv11.sys [185472]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 5/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: 5 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 3/11/2013 - 21:27:26 ---A- . (...) -- C:\Documents and Settings\dell\Recent\UsbFix [Scan 2] ADM-E6577662901.lnk [612]
O61 - LFC: 3/11/2013 - 21:27:26 ---A- . (...) -- C:\Documents and Settings\dell\Recent\UsbFix [Scan 3] ADM-E6577662901.lnk [612]
O61 - LFC: 4/11/2013 - 21:22:19 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\Microsoft\Media Player\00B3338C.wpl [355]
O61 - LFC: 4/11/2013 - 21:25:46 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb [1900544]
O61 - LFC: 4/11/2013 - 21:25:46 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Microsoft\Media Player\wmpfolders.wmdb [430]
O61 - LFC: 4/11/2013 - 21:25:54 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML [13846]
O61 - LFC: 4/11/2013 - 21:27:22 ---A- . (...) -- C:\Documents and Settings\dell\Recent\Cheb Hindi 2012 - Nekhdam Clandestin.lnk [393]
O61 - LFC: 4/11/2013 - 21:27:22 ---A- . (...) -- C:\Documents and Settings\dell\Recent\Cheb Hindi Best Of 2013 - Sahabha Alamha Lamour.lnk [436]
O61 - LFC: 4/11/2013 - 21:27:22 ---A- . (...) -- C:\Documents and Settings\dell\Recent\Cheb el Omari 2010.lnk [321]
O61 - LFC: 4/11/2013 - 21:27:22 ---A- . (...) -- C:\Documents and Settings\dell\Recent\cheb el hendi 2013 datni mp3.lnk [361]
O61 - LFC: 4/11/2013 - 21:27:22 ---A- . (...) -- C:\Documents and Settings\dell\Recent\cheb hindi nediha gawria 2012.lnk [369]
O61 - LFC: 4/11/2013 - 21:27:23 ---A- . (...) -- C:\Documents and Settings\dell\Recent\El Hindi 2011 - Merga Had Chira.lnk [372]
O61 - LFC: 4/11/2013 - 21:27:23 ---A- . (...) -- C:\Documents and Settings\dell\Recent\lhbitri 2007.lnk [297]
O61 - LFC: 4/11/2013 - 21:27:26 ---A- . (...) -- C:\Documents and Settings\dell\Recent\UsbFix [Scan 1] ADM-E6577662901.lnk [612]
O61 - LFC: 5/11/2013 - 21:21:53 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\Google\Local Search History\google%2Eweb.w [0]
O61 - LFC: 5/11/2013 - 21:22:25 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\Mozilla\Firefox\Profiles\5lzax1qx.default\prefs.js [1849]
O61 - LFC: 5/11/2013 - 21:22:55 --HA- . (...) -- C:\Documents and Settings\dell\Application Data\ZHP\Quarantine\0842810b.DIR\05-11-2013 [28039] =>.Nicolas Coolman
O61 - LFC: 5/11/2013 - 21:24:50 ---A- . (...) -- C:\Documents and Settings\dell\Bureau\adwcleaner.exe [1073258]
O61 - LFC: 5/11/2013 - 21:24:51 ---A- . (...) -- C:\Documents and Settings\dell\Bureau\mbam-log-2013-11-05 (21-32-28).txt [2934]
O61 - LFC: 5/11/2013 - 21:25:24 ---A- . (...) -- C:\Documents and Settings\dell\Favoris\PC BANKING\PC BANKING FORTIS BANQUE.url [1088]
O61 - LFC: 5/11/2013 - 21:25:24 ---A- . (...) -- C:\Documents and Settings\dell\Favoris\TELECHARGER.url [596]
O61 - LFC: 5/11/2013 - 21:25:26 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Google\Toolbar Cache\7.5.4601.54\fr\translate_element.js.content [2381]
O61 - LFC: 5/11/2013 - 21:25:26 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Google\Toolbar Cache\7.5.4601.54\fr\translate_languages.json.content [1497]
O61 - LFC: 5/11/2013 - 21:25:26 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Google\Toolbar\metrics_15328146919.xml [5405]
O61 - LFC: 5/11/2013 - 21:25:26 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Google\Toolbar\metrics_3081481753.xml [7135]
O61 - LFC: 5/11/2013 - 21:27:22 ---A- . (...) -- C:\Documents and Settings\dell\Recent\11052013_182649.log.lnk [420]
O61 - LFC: 5/11/2013 - 21:27:22 ---A- . (...) -- C:\Documents and Settings\dell\Recent\Adele - Someone Like You.lnk [345]
O61 - LFC: 5/11/2013 - 21:27:24 ---A- . (...) -- C:\Documents and Settings\dell\Recent\MOUNIR (E).lnk [185]
O61 - LFC: 5/11/2013 - 21:27:24 ---A- . (...) -- C:\Documents and Settings\dell\Recent\mbam-log-2013-11-05 (21-32-28).lnk [585]
O61 - LFC: 5/11/2013 - 21:27:24 ---A- . (...) -- C:\Documents and Settings\dell\Recent\mounir.lnk [249]
O61 - LFC: 5/11/2013 - 21:27:26 ---A- . (...) -- C:\Documents and Settings\dell\Recent\will.i.am - Heartbreaker ft. Cheryl Cole.lnk [409]
O61 - LFC: 5/11/2013 - 21:27:27 ---A- . (...) -- C:\Documents and Settings\dell\Recent\_____ _____ ______ (_____ ___ ______).lnk [473]
O61 - LFC: 6/11/2013 - 21:21:51 --H-- . (...) -- C:\Documents and Settings\dell\Application Data\dell-wchelper.dll [154283]
O61 - LFC: 6/11/2013 - 21:21:52 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\dellv3.4.2.2.vbs [808]
O61 - LFC: 6/11/2013 - 21:22:55 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\ZHP\Log.txt [82638] =>.Nicolas Coolman
O61 - LFC: 6/11/2013 - 21:22:55 --HA- . (...) -- C:\Documents and Settings\dell\Application Data\ZHP\Quarantine\0842810b.DIR\06-11-2013 [34240] =>.Nicolas Coolman
O61 - LFC: 6/11/2013 - 21:24:44 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\ZHP\TestsZHPDiag.txt [3172] =>.Nicolas Coolman
O61 - LFC: 6/11/2013 - 21:24:44 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\ZHP\ZHPDiag.txt [33626] =>.Nicolas Coolman
O61 - LFC: 6/11/2013 - 21:24:45 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\ZHP\ZHPFixQuarantine.txt [1358] =>.Nicolas Coolman
O61 - LFC: 6/11/2013 - 21:24:45 ---A- . (...) -- C:\Documents and Settings\dell\Application Data\ZHP\ZHPFix[R1].txt [2717] =>.Nicolas Coolman
O61 - LFC: 6/11/2013 - 21:25:01 ---A- . (...) -- C:\Documents and Settings\dell\Bureau\ZHPDiag.lnk [1523] =>.Nicolas Coolman
O61 - LFC: 6/11/2013 - 21:25:07 ---A- . (...) -- C:\Documents and Settings\dell\Bureau\ZHPFix.lnk [1628] =>.Nicolas Coolman
O61 - LFC: 6/11/2013 - 21:25:07 ---A- . (...) -- C:\Documents and Settings\dell\Bureau\ZHPFixReport.txt [2717] =>.Nicolas Coolman
O61 - LFC: 6/11/2013 - 21:25:20 ---A- . (...) -- C:\Documents and Settings\dell\Favoris\La doudoune longue wow.url [1048]
O61 - LFC: 6/11/2013 - 21:25:20 ---A- . (...) -- C:\Documents and Settings\dell\Favoris\Manteau SOFT GREY La Redoute.url [1026]
O61 - LFC: 6/11/2013 - 21:25:23 ---A- . (...) -- C:\Documents and Settings\dell\Favoris\Manteau long - A vendre €25 à Mettet 2ememain.be.url [4600]
O61 - LFC: 6/11/2013 - 21:25:23 ---A- . (...) -- C:\Documents and Settings\dell\Favoris\Parka capuche amovible SOFT GREY La Redoute.url [1059]
O61 - LFC: 6/11/2013 - 21:25:24 -SHA- . (...) -- C:\Documents and Settings\dell\IECompatCache\index.dat [65536]
O61 - LFC: 6/11/2013 - 21:25:24 -SHA- . (...) -- C:\Documents and Settings\dell\IETldCache\index.dat [262144]
O61 - LFC: 6/11/2013 - 21:25:26 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Google\Toolbar DNS data\data [1081]
O61 - LFC: 6/11/2013 - 21:25:26 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Google\Toolbar\metrics_30663584894.xml [17028]
O61 - LFC: 6/11/2013 - 21:25:26 ---A- . (...) -- C:\Documents and Settings\dell\Local Settings\Application Data\Google\Toolbar\metrics_89291734420.xml [21657]
O61 - LFC: 6/11/2013 - 21:27:21 -SHA- . (...) -- C:\Documents and Settings\dell\PrivacIE\index.dat [9388032]
O61 - LFC: 6/11/2013 - 21:27:27 ---A- . (...) -- C:\Documents and Settings\dell\Recent\ZHPFixReport.lnk [495] =>.Nicolas Coolman
~ 5 Fichiers temporaires (Temporary files)
~ 271 Fichiers cookies (Cookies files)
~ Files: 446 Legitimates Filtered in 05mn 37s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - .) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: OTM - (.OldTimer.)
~ ADS: Scanned in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <htmlfile>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 9 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] A144FA10FAB840C1BBB3C125047CF88B [DefaultScope] - (Amazon) -
O69 - SBI: SearchScopes [HKCU] {78539862-2E3B-4F4E-AA81-2E42695902C1} - (Ask Search) - =>Toolbar.Ask
O69 - SBI: SearchScopes [HKCU] {FEC05A40-4F72-4D7B-8066-6CE05F5FF1C2} - (Google) -
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.A9220115BF8D64017F66887732304B24] [SPRF][5/11/2013] (...) -- C:\Documents and Settings\dell\Bureau\adwcleaner.exe [1073258]
~ Files: 4 Legitimates Filtered in 00mn 09s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A20F87C59CDD86A1BB68D2058F2C5263] [WIS][16/05/2013] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\137058.msi [24064] =>Toolbar.Google
~ WIS: 48 Legitimates Filtered in 00mn 38s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 9/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 16/05/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 16/05/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 16/05/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 4/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 4/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Auto 5/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: Scanned in 00mn 46s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13,
Run by dell at 6/11/2013 21:30:21

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 12989 - (6/11/2013)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
C:\Windows\Installer\137058.msi =>Toolbar.Google^
~ Additionnel Scan: 163375 Items scanned in 01mn 50s



---\\ Récapitulatif des détections trouvées sur votre station
~ =>Toolbar.Ask
~ =>Toolbar.Google
~ =>Toolbar.Skype
~ MSI: 3 link(s) detected in 01mn 50s



~ 1206 Legitimates filtered by white list
End of the scan (466 lines in 16mn 19s)(0)
Avatar du membre
par El Desaparecido
#14970
Ton infection se relance, il va me falloir un rapport de diagnostique plus poussé pour l'exterminer.
  • Télécharge OTL de Old_Timer et enregistre le sur le Bureau
  • Ferme toutes les autres fenêtres et double-clique sur OTL.exe
  • Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'adminsitrateur.
  • Vérifie que les cases Tous les utilisateurs, Recherche Lop et Recherche Purity soient cochées.
  • Dans le cadre Personnalisation, copie-colle l'intégralité de ce qui suit :
Code : Tout sélectionner
netsvcs 
msconfig 
safebootminimal 
safebootnetwork 
activex 
drivers32 
%ALLUSERSPROFILE%\Application Data\*. 
%ALLUSERSPROFILE%\Application Data\*.exe /s 
%APPDATA%\*. 
%APPDATA%\*.exe /s 
%temp%\*.exe /s 
%SYSTEMDRIVE%\*.exe 
%systemroot%\*. /mp /s 
%systemroot%\system32\consrv.dll 
%systemroot%\system32\*.dll /lockedfiles 
%windir%\Tasks\*.job /lockedfiles 
%systemroot%\system32\drivers\*.sys /lockedfiles 
%systemroot%\System32\config\*.sav 
/md5start 
explorer.exe 
winlogon.exe 
services.exe 
wininit.exe 
/md5stop 
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s 
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s 
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor /s 
HKEY_CURRENT_USER\Software\Microsoft\Command Processor /s 
CREATERESTOREPOINT 
nslookup https://www.google.fr /c 
hklm\software\clients\startmenuinternet|command /rs 
hklm\software\clients\startmenuinternet|command /64 /rs 
CREATERESTOREPOINT
SAVEMBR:0 
  • Clique sur Analyse

    Image
  • Une fois le scan terminé 1 ou 2 rapports vont s'ouvrir OTL.txt et Extras.txt.
  • Héberge les rapports OTL.txt et Extras.txt sur Sosuploas, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    Note : Au cas oà¹, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Reviens avec une réponse à ma question & les deux rapports demandés avec OTL ;)

coucou :dieu: m'énerve de pas recevoir l[…]

Suspicion de virus crypto

Ok bonne route :)

Problème avec Adsfix

bonsoir ok , à te lire prochainement :)

suspicion de contamination

ok très bien, merci