Répondre à : Virus AGENT-AXN "Trj" 2016-09-08T13:23:31+00:00
Photo du profil de vincentgruasvincentgruas
Participant
Post count: 27

Bonjour

Voici les rapports
############################## | UsbFix V 7.150 | [Recherche]

Utilisateur: BAC 5 (Administrateur) # BAC5
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 08:38:08 | 06/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Dell Inc. (0CU409)
CPU: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
RAM -> [Total : 2037 | Free : 1677]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 298 Go (283 Go libre(s) – 95%) [] # NTFS
D: -> CD-ROM
F: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [USB2] # FAT32

################## | Processus Actif |

C:WINDOWSSystem32smss.exe (ID: 648 |ParentID: 4)
C:WINDOWSsystem32csrss.exe (ID: 704 |ParentID: 648)
C:WINDOWSsystem32winlogon.exe (ID: 728 |ParentID: 648)
C:WINDOWSsystem32services.exe (ID: 780 |ParentID: 728)
C:WINDOWSsystem32lsass.exe (ID: 792 |ParentID: 728)
C:WINDOWSsystem32svchost.exe (ID: 976 |ParentID: 780)
C:WINDOWSsystem32svchost.exe (ID: 1044 |ParentID: 780)
C:WINDOWSSystem32svchost.exe (ID: 1184 |ParentID: 780)
C:WINDOWSsystem32svchost.exe (ID: 1296 |ParentID: 780)
C:WINDOWSsystem32svchost.exe (ID: 1400 |ParentID: 780)
C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1456 |ParentID: 780)
C:WINDOWSsystem32svchost.exe (ID: 296 |ParentID: 780)
C:WINDOWSsystem32svchost.exe (ID: 332 |ParentID: 780)
C:WINDOWSsystem32svchost.exe (ID: 696 |ParentID: 780)
C:WINDOWSsystem32wbemwmiprvse.exe (ID: 1616 |ParentID: 976)
C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 2968 |ParentID: 2460)
C:WINDOWSExplorer.exe (ID: 2372 |ParentID: 4080)
C:UsbFixGo.exe (ID: 2488 |ParentID: 2476)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [IgfxTray] – C:WINDOWSsystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:WINDOWSsystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:WINDOWSsystem32igfxpers.exe
04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesFichiers communsJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [USB-Set] – wscript “C:Program FilesUSB-setTSR.vbe”
04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdate771560b6-4cf2-40ab-81dd-87c85dee7605.exe /check
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-21-1229272821-484763869-839522115-1003SOFTWARE | Run : [ctfmon.exe] – C:WINDOWSsystem32ctfmon.exe
04 – HKUS-1-5-18SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE

################## | Recherche générique |

Présent! F:AUTORUN.INF
Présent! F:AUTORUN_.INF

################## | Registre |

################## | Vaccin |

C:adober.exe -> Vaccin créé par VaccinUSB (Gof)
C:autorun.inf -> Vaccin créé par VaccinUSB (Gof)
C:comment.htt -> Vaccin créé par VaccinUSB (Gof)
C:copy.exe -> Vaccin créé par VaccinUSB (Gof)
C:host.exe -> Vaccin créé par VaccinUSB (Gof)
C:info.exe -> Vaccin créé par VaccinUSB (Gof)
C:msvcr71.dll -> Vaccin créé par VaccinUSB (Gof)
C:ntdelect.com -> Vaccin créé par VaccinUSB (Gof)
C:ravmon.exe -> Vaccin créé par VaccinUSB (Gof)
C:ravmon.log -> Vaccin créé par VaccinUSB (Gof)
C:sqlserv.exe -> Vaccin créé par VaccinUSB (Gof)
C:start.exe -> Vaccin créé par VaccinUSB (Gof)
C:temp.exe -> Vaccin créé par VaccinUSB (Gof)
C:temp1.exe -> Vaccin créé par VaccinUSB (Gof)
C:temp2.exe -> Vaccin créé par VaccinUSB (Gof)
C:winfile.exe -> Vaccin créé par VaccinUSB (Gof)
F:AUTORUN_.INF -> Vaccin créé par USB-set (Loup Blanc)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |
_________________________________________________________________________________________________________

############################## | UsbFix V 7.150 | [Suppression]

Utilisateur: BAC 5 (Administrateur) # BAC5
Mis à jour le 08/11/2013 par El Desaparecido – Team SosVirus
Lancé à 08:43:04 | 06/12/2013

Site Web : http://www.usbfix.net” onclick=”window.open(this.href);return false;
Forum : https://www.sosvirus.net/” onclick=”window.open(this.href);return false;
Upload Malware : upload_malware.php
Contact : http://www.usbfix.net/contact/” onclick=”window.open(this.href);return false;

PC: Dell Inc. (0CU409)
CPU: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz
RAM -> [Total : 2037 | Free : 1662]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C: (%systemdrive%) -> Disque fixe # 298 Go (283 Go libre(s) – 95%) [] # NTFS
D: -> CD-ROM
F: -> Disque amovible # 4 Go (4 Go libre(s) – 100%) [USB2] # FAT32

################## | Processus Stoppés |

Stoppé! C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1456 |ParentID: 780)
Stoppé! C:Program FilesAVAST SoftwareAvastAvastUI.exe (ID: 2968 |ParentID: 2460)
Stoppé! C:WINDOWSExplorer.exe (ID: 2764 |ParentID: 2488)

################## | Regedit Run |

04 – HKLMSOFTWARE | Run : [IgfxTray] – C:WINDOWSsystem32igfxtray.exe
04 – HKLMSOFTWARE | Run : [HotKeysCmds] – C:WINDOWSsystem32hkcmd.exe
04 – HKLMSOFTWARE | Run : [Persistence] – C:WINDOWSsystem32igfxpers.exe
04 – HKLMSOFTWARE | Run : [Adobe Reader Speed Launcher] – “C:Program FilesAdobeReader 9.0ReaderReader_sl.exe”
04 – HKLMSOFTWARE | Run : [Adobe ARM] – “C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe”
04 – HKLMSOFTWARE | Run : [AvastUI.exe] – “C:Program FilesAVAST SoftwareAvastAvastUI.exe” /nogui
04 – HKLMSOFTWARE | Run : [SunJavaUpdateSched] – “C:Program FilesFichiers communsJavaJava Updatejusched.exe”
04 – HKLMSOFTWARE | Run : [USB-Set] – wscript “C:Program FilesUSB-setTSR.vbe”
04 – HKLMSOFTWARE | Run : [20131121] – C:Program FilesAVAST SoftwareAvastsetupemupdate771560b6-4cf2-40ab-81dd-87c85dee7605.exe /check
04 – HKLMSOFTWARE | RunOnce : [] –
04 – HKUS-1-5-21-1229272821-484763869-839522115-1003SOFTWARE | Run : [ctfmon.exe] – C:WINDOWSsystem32ctfmon.exe
04 – HKUS-1-5-18SOFTWARE | Run : [CTFMON.EXE] – C:WINDOWSsystem32CTFMON.EXE

################## | Recherche générique |

Non supprimé ! F:AUTORUN.INF
Non supprimé ! F:AUTORUN_.INF

(!) Fichiers temporaires supprimés.

################## | Registre |

################## | Listing |

[17/10/2013 – 17:29:44 | D ] C:47364ae1a4919a5f1df5699c9b84b9cb
[21/11/2013 – 11:47:44 | RASHD ] C:adober.exe
[08/10/2013 – 15:48:55 | N | 0] C:AUTOEXEC.BAT
[21/11/2013 – 11:47:44 | RASHD ] C:autorun.inf
[08/10/2013 – 15:45:17 | N | 212] C:Boot.bak
[06/11/2013 – 11:04:43 | N | 328] C:boot.ini
[05/08/2004 – 13:00:00 | N | 4952] C:Bootfont.bin
[06/11/2013 – 11:04:42 | D ] C:cmdcons
[03/08/2004 – 23:00:08 | N | 263488] C:cmldr
[06/11/2013 – 11:10:28 | N | 6286] C:ComboFix.txt
[21/11/2013 – 11:47:45 | RASHD ] C:comment.htt
[08/10/2013 – 15:48:55 | N | 0] C:CONFIG.SYS
[21/11/2013 – 11:47:44 | RASHD ] C:copy.exe
[29/10/2013 – 14:56:14 | N | 3559] C:DelFix.txt
[08/10/2013 – 16:15:44 | D ] C:DELL
[29/10/2013 – 14:40:17 | D ] C:Documents and Settings
[21/11/2013 – 11:47:45 | RASHD ] C:host.exe
[21/11/2013 – 11:47:45 | RASHD ] C:info.exe
[08/10/2013 – 16:18:02 | D ] C:Intel
[08/10/2013 – 15:48:55 | N | 0] C:IO.SYS
[08/10/2013 – 15:48:55 | N | 0] C:MSDOS.SYS
[11/10/2013 – 14:03:23 | RHD ] C:MSOCache
[21/11/2013 – 11:47:45 | RASHD ] C:msvcr71.dll
[21/11/2013 – 11:47:45 | RASHD ] C:ntdelect.com
[05/08/2004 – 13:00:00 | N | 47564] C:NTDETECT.COM
[10/10/2013 – 08:35:41 | N | 252240] C:ntldr
[06/12/2013 – 08:16:15 | ASH | 2145386496] C:pagefile.sys
[21/11/2013 – 15:41:09 | D ] C:Program Files
[06/11/2013 – 11:10:30 | D ] C:Qoobox
[21/11/2013 – 11:47:45 | RASHD ] C:ravmon.exe
[21/11/2013 – 11:47:45 | RASHD ] C:ravmon.log
[15/11/2013 – 16:50:04 | SHD ] C:RECYCLER
[21/11/2013 – 11:47:45 | RASHD ] C:sqlserv.exe
[21/11/2013 – 11:47:45 | RASHD ] C:start.exe
[08/10/2013 – 15:51:17 | SHD ] C:System Volume Information
[21/11/2013 – 11:47:45 | RASHD ] C:temp.exe
[21/11/2013 – 11:47:45 | RASHD ] C:temp1.exe
[21/11/2013 – 11:47:45 | RASHD ] C:temp2.exe
[06/12/2013 – 08:43:10 | D ] C:UsbFix
[22/11/2013 – 11:45:18 | N | 6976] C:UsbFix [Clean 12] BAC5.txt
[29/11/2013 – 10:33:01 | N | 7185] C:UsbFix [Clean 13] BAC5.txt
[29/11/2013 – 14:49:28 | N | 4139] C:UsbFix [Clean 15] BAC5.txt
[03/12/2013 – 08:37:17 | N | 9827] C:UsbFix [Clean 16] BAC5.txt
[04/12/2013 – 12:42:33 | N | 7529] C:UsbFix [Clean 17] BAC5.txt
[05/12/2013 – 11:36:34 | N | 10748] C:UsbFix [Clean 18] BAC5.txt
[05/12/2013 – 15:28:57 | N | 9955] C:UsbFix [Clean 19] BAC5.txt
[22/11/2013 – 11:44:35 | N | 6385] C:UsbFix [Clean 1] BAC5.txt
[05/12/2013 – 16:34:16 | N | 8243] C:UsbFix [Clean 20] BAC5.txt
[05/12/2013 – 18:37:16 | N | 8341] C:UsbFix [Clean 2] BAC5.txt
[06/12/2013 – 08:43:49 | A | 5186] C:UsbFix [Clean 3] BAC5.txt
[06/12/2013 – 08:36:27 | N | 4921] C:UsbFix [Scan 1] BAC5.txt
[06/12/2013 – 08:38:51 | N | 4323] C:UsbFix [Scan 2] BAC5.txt
[22/11/2013 – 09:47:59 | D ] C:WINDOWS
[21/11/2013 – 11:47:45 | RASHD ] C:winfile.exe
[11/10/2013 – 14:40:47 | D ] C:_rpcs
[21/11/2013 – 15:57:28 | D ] F:AUTORUN_.INF
[21/11/2013 – 15:57:30 | H | 16] F:AUTORUN.INF
[05/12/2013 – 12:22:50 | N | 324727] F:POSTER ALeclerc_GDR-2.pdf
[05/12/2013 – 14:21:10 | N | 2310369] F:Dépliant PDF.pdf

################## | Vaccin |

C:adober.exe -> Vaccin créé par VaccinUSB (Gof)
C:autorun.inf -> Vaccin créé par VaccinUSB (Gof)
C:comment.htt -> Vaccin créé par VaccinUSB (Gof)
C:copy.exe -> Vaccin créé par VaccinUSB (Gof)
C:host.exe -> Vaccin créé par VaccinUSB (Gof)
C:info.exe -> Vaccin créé par VaccinUSB (Gof)
C:msvcr71.dll -> Vaccin créé par VaccinUSB (Gof)
C:ntdelect.com -> Vaccin créé par VaccinUSB (Gof)
C:ravmon.exe -> Vaccin créé par VaccinUSB (Gof)
C:ravmon.log -> Vaccin créé par VaccinUSB (Gof)
C:sqlserv.exe -> Vaccin créé par VaccinUSB (Gof)
C:start.exe -> Vaccin créé par VaccinUSB (Gof)
C:temp.exe -> Vaccin créé par VaccinUSB (Gof)
C:temp1.exe -> Vaccin créé par VaccinUSB (Gof)
C:temp2.exe -> Vaccin créé par VaccinUSB (Gof)
C:winfile.exe -> Vaccin créé par VaccinUSB (Gof)
F:AUTORUN_.INF -> Vaccin créé par USB-set (Loup Blanc)

################## | E.O.F | http://www.usbfix.net” onclick=”window.open(this.href);return false; – https://www.sosvirus.net” onclick=”window.open(this.href);return false; |

____________________________________________________________________________________________________________

Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org

Version de la base de données: v2013.12.06.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
BAC 5 :: BAC5 [administrateur]

06/12/2013 09:02:50
mbam-log-2013-12-06 (09-02-50).txt

Type d’examen: Examen complet (C:|D:|E:|F:|G:|H:|I:|)
Options d’examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d’examen désactivées: P2P
Elément(s) analysé(s): 298608
Temps écoulé: 19 minute(s), 42 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)
__________________________________________________________________________________________________________

# AdwCleaner v3.014 – Rapport créé le 06/12/2013 à 09:35:25
# Mis à jour le 01/12/2013 par Xplode
# Système d’exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d’utilisateur : BAC 5 – BAC5
# Exécuté depuis : C:Documents and SettingsBAC 5Bureauadwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:Documents and SettingsBAC 5Application Datapdfforge

***** [ Raccourcis ] *****

***** [ Registre ] *****

Clé Supprimée : HKCUSoftwareMicrosoftInternet ExplorerDOMStoragewajam.com

***** [ Navigateurs ] *****

-\ Internet Explorer v8.0.6001.18702

*************************

AdwCleaner[R1].txt – [834 octets] – [06/12/2013 09:33:31]
AdwCleaner[S1].txt – [760 octets] – [06/12/2013 09:35:25]

########## EOF – C:AdwCleanerAdwCleaner[S1].txt – [819 octets] ##########
___________________________________________________________________________________________________________

~ Rapport de ZHPDiag v2013.12.6.12 – Nicolas Coolman (06/12/2013)
~ Lancé par BAC 5 (06/12/2013 09:49:22)
~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
~ Forums gratuits d’Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found

—\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)

—\ Informations sur les produits Windows
~ Langage: Français
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

—\ Logiciels de protection du système
avast! Free Antivirus v9.0.2008
Malwarebytes Anti-Malware version 1.75.0.1300

—\ Logiciels d’optimisation du système

—\ Logiciels de partage PeerToPeer

—\ Surveillance de Logiciels
Adobe Reader 9.5.5 – Français
Java 7 Update 45

—\ Informations sur le système
~ Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2037 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 283 GB (94%) free of 298 GB

—\ Mode de connexion au système
~ Computer Name: BAC5
~ User Name: BAC 5
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Client 5, BAC 5, Administrateur,
~ Unselected Option: None
Logged in as Administrator

—\ Variables d’environnement
~ System Unit : C:
~ %AppZHP% : C:Documents and SettingsBAC 5Application DataZHP
~ %AppData% : C:Documents and SettingsBAC 5Application Data
~ %Desktop% : C:Documents and SettingsBAC 5Bureau
~ %Favorites% : C:Documents and SettingsBAC 5Favoris
~ %LocalAppData% : C:Documents and SettingsBAC 5Local SettingsApplication Data
~ %StartMenu% : C:Documents and SettingsBAC 5Menu Démarrer
~ %Windir% : C:WINDOWS
~ %System% : C:WINDOWSsystem32

—\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 283 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Free 4 Go of 4 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)

—\ Etat du Centre de Sécurité Windows
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall] LastSuccessTime : Out Of Date
~ Security Center: 44 Legitimates Filtered in 00mn 00s

—\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] – (.Microsoft Corporation – Explorateur Windows.) (.13/04/2008 – 18:34:04.) — C:WINDOWSExplorer.exe [1037824]
[MD5.F8A2979A0A33389A1D2BA4C967F6EDD6] – (.Microsoft Corporation – Internet Extensions for Win32.) (.13/10/2013 – 08:25:45.) — C:WINDOWSsystem32wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] – (.Microsoft Corporation – Application d’ouverture de session Windows NT.) (.13/04/2008 – 18:34:30.) — C:WINDOWSsystem32Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.17/08/2011 – 14:49:54.) — C:WINDOWSsystem32DriversAFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] – (.Microsoft Corporation – IDE/ATAPI Port Driver.) (.13/04/2008 – 10:40:32.) — C:WINDOWSsystem32Driversatapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] – (.Microsoft Corporation – CD-ROM File System Driver.) (.13/04/2008 – 11:14:22.) — C:WINDOWSsystem32DriversCdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.13/04/2008 – 10:40:48.) — C:WINDOWSsystem32DriversCdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] – (.Microsoft Corporation – Pilote de cryptographie FIPS.) (.13/04/2008 – 17:57:40.) — C:WINDOWSsystem32DriversFips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] – (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) (.13/04/2008 – 08:36:06.) — C:WINDOWSsystem32DriversHDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] – (.Microsoft Corporation – Pilote de port i8042.) (.13/04/2008 – 18:00:54.) — C:WINDOWSsystem32Driversi8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] – (.Microsoft Corporation – IMAPI Kernel Driver.) (.13/04/2008 – 10:41:00.) — C:WINDOWSsystem32DriversImapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] – (.Microsoft Corporation – IP Network Address Translator.) (.13/04/2008 – 10:57:16.) — C:WINDOWSsystem32DriversIpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] – (.Microsoft Corporation – IPSec Driver.) (.13/04/2008 – 11:19:44.) — C:WINDOWSsystem32DriversIPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.15/07/2011 – 14:29:31.) — C:WINDOWSsystem32DriversMRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] – (.Microsoft Corporation – MBT Transport driver.) (.13/04/2008 – 11:21:02.) — C:WINDOWSsystem32DriversnetBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] – (.Microsoft Corporation – NT File System Driver.) (.13/04/2008 – 11:15:54.) — C:WINDOWSsystem32Driversntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] – (.Microsoft Corporation – Pilote de port parallèle.) (.13/04/2008 – 18:09:42.) — C:WINDOWSsystem32DriversParport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.13/04/2008 – 11:19:44.) — C:WINDOWSsystem32DriversRasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.13/04/2008 – 10:32:52.) — C:WINDOWSsystem32Driversrdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] – (.Microsoft Corporation – Pilote de filtre audio Livre rouge.) (.13/04/2008 – 17:57:36.) — C:WINDOWSsystem32Driversredbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.13/04/2008 – 17:56:06.) — C:WINDOWSsystem32Driversvolsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s

—\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/16
~ Mes Documents (My Documents) : 1/6
~ Mon Bureau (My Desktop) : 0/142
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 00s

—\ Processus lancés
[MD5.4D41D30E2FAB3307967C7A0B045DC874] – (.AVAST Software – avast! Service.) — C:Program FilesAVAST SoftwareAvastAvastSvc.exe [50344] [PID.1456]
[MD5.73686FE0B2E0469F89FD2075BE724704] – (.Apple Computer, Inc. – Bonjour Service.) — C:Program FilesBonjourmDNSResponder.exe [229376] [PID.380]
[MD5.80A79264302910C7C24BA7E44267EFEF] – (.Oracle Corporation – Java Quick Starter Service.) — C:Program FilesJavajre7binjqs.exe [182696] [PID.556]
[MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] – (.Microsoft Corporation – Application Layer Gateway Service.) — C:WINDOWSSystem32alg.exe [44544] [PID.992]
[MD5.C0417E571BA2837EA3CBE17E728E17DD] – (.Panda Security – USB Vaccine.) — C:Program FilesPanda USB VaccineUSBVaccine.exe [1287176] [PID.2724]
[MD5.65085456FD9A74D7F1A999520C299ECB] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe [418376] [PID.2808]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe [701512] [PID.2860]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe [532040] [PID.2896]
[MD5.B265AD2A5791B25C65F8F401764C53A9] – (.Intel Corporation – igfxTray Module.) — C:WINDOWSsystem32igfxtray.exe [142104] [PID.2988]
[MD5.DB28088CDADA0BE4A2896024393EFA93] – (.Intel Corporation – hkcmd Module.) — C:WINDOWSsystem32hkcmd.exe [162584] [PID.3008]
[MD5.C591E7DB162689C9A73A3BC9E5050F8E] – (.Intel Corporation – persistence Module.) — C:WINDOWSsystem32igfxpers.exe [138008] [PID.3016]
[MD5.44F5561C38F33CB1BC99D34573067CBD] – (.Intel Corporation – igfxsrvc Module.) — C:WINDOWSsystem32igfxsrvc.exe [252696] [PID.3032]
[MD5.1F0A97900FC718CE617A722BEF8580CD] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe [3568312] [PID.3104]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] – (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program FilesFichiers communsJavaJava Updatejusched.exe [254336] [PID.3248]
[MD5.CEA8F7E45B7B098F5FB085BB6A6A4432] – (.Microsoft Corporation – Microsoft (R) Windows Based Script Host.) — C:WINDOWSsystem32wscript.exe [155648] [PID.3260]
[MD5.B60DDDD2D63CE41CB8C487FCFBB6419E] – (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe [638816] [PID.3872]
[MD5.AADD0892A428B133ABEF5EBCCE5E1799] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8281600] [PID.1008]
~ Processes Running: Scanned in 00mn 00s

—\ Internet Explorer, Proxy Management (R5)
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

—\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
F2 – REG:system.ini: USERINIT=C:WINDOWSsystem32Userinit.exe,
F2 – REG:system.ini: Shell=C:WINDOWSexplorer.exe
F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
~ Keys: Scanned in 00mn 00s

—\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20

—\ Internet Explorer Toolbars (O3)
O3 – Toolbar: avast! Online Security – [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software – IE Webrep plugin.) — C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll
O3 – ToolbarWebBrowser: (no name) – [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 – ToolbarWebBrowser: (no name) – [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
~ Toolbar: Scanned in 00mn 00s

—\ Autres liens utilisateurs (O4)
O4 – GSProgram [AllUsers]: Dell ResourceCD.lnk . (…) — D:RCDMENU.EXE
O4 – GSProgram [AllUsers]: MSN.lnk . (.Microsoft Corporation – Win32 Cabinet Self-Extractor.) — C:Program FilesMSNMSNCoreFilesInstallmsnsusii.exe =>.Microsoft Corporation
O4 – GSProgram [AllUsers]: Windows Messenger.lnk . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
O4 – GSProgram [Client 5]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSProgram [Client 5]: Lecteur Windows Media.lnk . (.Microsoft Corporation – Lecteur Windows Media.) — C:Program FilesWindows Media Playerwmplayer.exe =>.Microsoft Corporation
O4 – GSProgram [Client 5]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Documents and SettingsClient 5Local SettingsApplication DataMozilla Firefoxfirefox.exe
O4 – GSProgram [BAC 5]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSProgram [BAC 5]: Lecteur Windows Media.lnk . (.Microsoft Corporation – Lecteur Windows Media.) — C:Program FilesWindows Media Playerwmplayer.exe =>.Microsoft Corporation
O4 – GSProgram [Administrateur]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O4 – GSProgram [Administrateur]: Lecteur Windows Media.lnk . (.Microsoft Corporation – Lecteur Windows Media.) — C:Program FilesWindows Media Playerwmplayer.exe =>.Microsoft Corporation
~ Global Startup: 23 Legitimates Filtered in 00mn 00s

—\ Applications lancées au démarrage du sytème (O4)
O4 – HKLM..Run: [IgfxTray] . (.Intel Corporation – igfxTray Module.) — C:WINDOWSsystem32igfxtray.exe
O4 – HKLM..Run: [HotKeysCmds] . (.Intel Corporation – hkcmd Module.) — C:WINDOWSsystem32hkcmd.exe
O4 – HKLM..Run: [Persistence] . (.Intel Corporation – persistence Module.) — C:WINDOWSsystem32igfxpers.exe
O4 – HKLM..Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program FilesAdobeReader 9.0ReaderReader_sl.exe
O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesFichiers communsAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O4 – HKLM..Run: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
O4 – HKLM..Run: [SunJavaUpdateSched] . (.Oracle Corporation – Java(TM) Update Scheduler.) — C:Program FilesFichiers communsJavaJava Updatejusched.exe =>.Oracle Corporation
O4 – HKLM..Run: [USB-Set] wscript C:Program FilesUSB-setTSR.vbe (.not file.)
O4 – HKLM..Run: [20131121] . (.AVAST Software – avast! Emergency Update.) — C:Program FilesAVAST SoftwareAvastsetupemupdate771560b6-4cf2-40ab-81dd-87c85dee7605.exe
O4 – HKCU..Run: [ctfmon.exe] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
O4 – HKUSS-1-5-18..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
O4 – HKUSS-1-5-21-1229272821-484763869-839522115-1003..Run: [ctfmon.exe] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32ctfmon.exe
~ Application: Scanned in 00mn 00s

—\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
O9 – Extra button: &Envoyer à OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~2Office14ONBttnIE.dll =>.Microsoft Corporation
O9 – Extra button: Notes &liées OneNote – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~2Office14ONBTTN~1.dll =>.Microsoft Corporation
O9 – Extra button: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} — Clé orpheline
O9 – Extra button: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation – Windows Messenger.) — C:Program FilesMessengermsmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s

—\ Objets ActiveX (Downloaded Program Files)(O16)
O16 – DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) – http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1381411576656” onclick=”window.open(this.href);return false;
~ Objets ActiveX: Scanned in 00mn 00s

—\ Modification Domaine/Adresses DNS (O17)
O17 – HKLMSystemCCSServicesTcpip..{6E84BA96-B955-4264-BC78-ABF0A4520A06}: NameServer = 192.168.1.1
O17 – HKLMSystemCS1ServicesTcpip..{6E84BA96-B955-4264-BC78-ABF0A4520A06}: NameServer = 192.168.1.1
O17 – HKLMSystemCS2ServicesTcpip..{6E84BA96-B955-4264-BC78-ABF0A4520A06}: NameServer = 192.168.1.1
O17 – HKLMSystemCS3ServicesTcpip..{6E84BA96-B955-4264-BC78-ABF0A4520A06}: NameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s

—\ Protocole additionnel (O18)
O18 – Handler: wia – {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation – WIA Scripting Layer.) — C:WINDOWSsystem32wiascr.dll
O18 – Filter: text/xml – {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesFichiers communsMicrosoft SharedOFFICE14MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

—\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 – Winlogon Notify: crypt32chain . (.Microsoft Corporation – Crypto API32.) — C:WINDOWSsystem32crypt32.dll
O20 – Winlogon Notify: cryptnet . (.Microsoft Corporation – Crypto Network Related API.) — C:WINDOWSsystem32cryptnet.dll
O20 – Winlogon Notify: cscdll . (.Microsoft Corporation – Agent réseau hors connexion.) — C:WINDOWSsystem32cscdll.dll
O20 – Winlogon Notify: dimsntfy . (.Microsoft Corporation – DIMS Notification Handler.) — C:WINDOWSsystem32dimsntfy.dll
O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WINDOWSsystem32igfxdev.dll
O20 – Winlogon Notify: ScCertProp . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: Schedule . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: sclgntfy . (.Microsoft Corporation – DLL secondaire de notification de service d.) — C:WINDOWSsystem32sclgntfy.dll
O20 – Winlogon Notify: SensLogn . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32WlNotify.dll
O20 – Winlogon Notify: termsrv . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
O20 – Winlogon Notify: WgaLogon . (.Microsoft Corporation – Notifications Windows Genuine Advantage.) — C:WINDOWSsystem32WgaLogon.dll
O20 – Winlogon Notify: wlballoon . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
~ Winlogon: Scanned in 00mn 00s

—\ Enumération Active Desktop & MHTML Editor (O24)
O24 – Desktop General: BackupWallPaper – .(…) – C:WINDOWSwebwallpaperColline verdoyante.bmp
O24 – Desktop General: WallPaper – .(…) – C:WINDOWSwebwallpaperColline verdoyante.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.C5BADF15DE13B32D96EE22CC18860750] – 03/12/2013 – 08:37:17


. (…) — C:UsbFix [Clean 16] BAC5.txt [9827]
O44 – LFC:[MD5.67B8D91CF27C4C744057D179AA5937A2] – 04/12/2013 – 12:42:33


. (…) — C:UsbFix [Clean 17] BAC5.txt [7529]
O44 – LFC:[MD5.AFC18B4FD33DF242A100721215554F8C] – 05/12/2013 – 11:36:34


. (…) — C:UsbFix [Clean 18] BAC5.txt [10748]
O44 – LFC:[MD5.88BF648E245E8B2E6D6C18B07E2A7ED9] – 05/12/2013 – 15:28:57


. (…) — C:UsbFix [Clean 19] BAC5.txt [9955]
O44 – LFC:[MD5.9119B86A051E0EC25B941D7F23D931DB] – 05/12/2013 – 16:34:16


. (…) — C:UsbFix [Clean 20] BAC5.txt [8243]
O44 – LFC:[MD5.D572703ADFC755F7F6AE5E1D1FFACD74] – 05/12/2013 – 18:37:16


. (…) — C:UsbFix [Clean 2] BAC5.txt [8341]
O44 – LFC:[MD5.F4B6061B6C448481E331193B8CA202BD] – 06/12/2013 – 08:36:27


. (…) — C:UsbFix [Scan 1] BAC5.txt [4921]
O44 – LFC:[MD5.39B0AFBC9E6CB1157776138BD014618D] – 06/12/2013 – 08:38:51


. (…) — C:UsbFix [Scan 2] BAC5.txt [4323]
O44 – LFC:[MD5.B348B6B9737CAD5AB4FB97F440F93490] – 06/12/2013 – 08:43:54 —A- . (…) — C:UsbFix [Clean 3] BAC5.txt [6710]
O44 – LFC:[MD5.FFC224CAA475575C55CE4278917128FB] – 06/12/2013 – 09:37:21 —A- . (…) — C:WINDOWSwiadebug.log [159]
O44 – LFC:[MD5.22AC7F886E87E3D36244E275B21C402F] – 06/12/2013 – 09:37:21 —A- . (…) — C:WINDOWSwiaservc.log [50]
O44 – LFC:[MD5.DCE4CE9F7412D206BEA4FC57A5CDC851] – 22/11/2013 – 11:44:35


. (…) — C:UsbFix [Clean 1] BAC5.txt [6385]
O44 – LFC:[MD5.838B489CC838CBED01FD1EA709D89AE4] – 22/11/2013 – 11:45:18


. (…) — C:UsbFix [Clean 12] BAC5.txt [6976]
O44 – LFC:[MD5.ABDD60194D24F7F03F430733520624A0] – 29/11/2013 – 10:33:01


. (…) — C:UsbFix [Clean 13] BAC5.txt [7185]
O44 – LFC:[MD5.50BDE429631BE80D0C45FFFEAD234A66] – 29/11/2013 – 14:49:28


. (…) — C:UsbFix [Clean 15] BAC5.txt [4139]
~ Files: 32 Legitimates Filtered in 00mn 04s

—\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 – SEH:ShellExecuteHooks – URL Exec Hook – {AEB6717E-7E19-11d0-97EE-00C04FD91972} – shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s

—\ Export de clé d’application autorisée (O47)
O47 – AAKE:Key Export SP – “C:Documents and SettingsClient 5Application DataColor_Server_Client_ToolsJREJRE1.5binDEX_CX700_V1.EXE” [Disabled] .(.Pas de propriétaire.) — C:Documents and SettingsClient 5Application DataColor_Server_Client_ToolsJREJRE1.5binDEX_CX700_V1.exe
O47 – AAKE:Key Export SP – “C:UsbFixGo.exe” [Enabled] .(.Pas de propriétaire.) — C:UsbFixGo.exe
~ Keys Export: 8 Legitimates Filtered in 00mn 00s

—\ Image File Execution Options (IFEO) (O50)
O50 – IFEO:Image File Execution Options – Your Image File Name Here without a path – ntsd -d
~ IFEO: Scanned in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] – 07/11/2013 – 08:33:03 —A- . (…) — C:WINDOWSsystem32DriversaswRvrt.sys [49944]
O58 – SDL:[MD5.BADA8FD627F1D0E22308211C33F0BDB5] – 07/11/2013 – 08:33:03 —A- . (…) — C:WINDOWSsystem32DriversaswVmm.sys [178304]
O58 – SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] – 05/08/2004 – 13:00:00 —A- . (.RAVISENT Technologies Inc. – Pilote principal CineMaster C 1.2 WDM.) — C:WINDOWSsystem32Driverscinemst2.sys [262528]
O58 – SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] – 13/04/2008 – 08:36:06


. (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) — C:WINDOWSsystem32Drivershdaudbus.sys [144384]
O58 – SDL:[MD5.C53775780148884AC87C455489A0C070] – 13/04/2008 – 10:23:42


. (.Smart Link – Pas de description.) — C:WINDOWSsystem32Driversmtlmnt5.sys [126686]
O58 – SDL:[MD5.54886A652BF5685192141DF304E923FD] – 13/04/2008 – 10:23:40


. (.Smart Link – Pas de description.) — C:WINDOWSsystem32Driversmtlstrm.sys [1309184]
O58 – SDL:[MD5.6DDA78A0BE692B61B668FAB860F276CF] – 13/04/2008 – 08:34:28


. (.Matrox Graphics Inc. – Matrox Parhelia Miniport Driver.) — C:WINDOWSsystem32Driversmtxparhm.sys [452736]
O58 – SDL:[MD5.576B34CEAE5B7E5D9FD2775E93B3DB53] – 13/04/2008 – 10:23:42


. (.Smart Link – Pas de description.) — C:WINDOWSsystem32Driversntmtlfax.sys [180360]
O58 – SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] – 05/08/2004 – 13:00:00 —A- . (.Parallel Technologies, Inc. – Parallel Technologies DirectParallel IO Library.) — C:WINDOWSsystem32Driversptilink.sys [17792]
O58 – SDL:[MD5.E9AAA0092D74A9D371659C4C38882E12] – 13/04/2008 – 10:23:44


. (.Smart Link – Pas de description.) — C:WINDOWSsystem32Driversrecagent.sys [13776]
O58 – SDL:[MD5.D9673011648A71ED1E1F77B831BC85E6] – 13/04/2008 – 10:23:44


. (.Smart Link – Pas de description.) — C:WINDOWSsystem32Driversslnt7554.sys [129535]
O58 – SDL:[MD5.2C1779C0FEB1F4A6033600305EBA623A] – 13/04/2008 – 10:23:46


. (.Smart Link – Pas de description.) — C:WINDOWSsystem32Driversslntamr.sys [404990]
O58 – SDL:[MD5.F9B8E30E82EE95CF3E1D3E495599B99C] – 13/04/2008 – 10:23:48


. (.Smart Link – Pas de description.) — C:WINDOWSsystem32Driversslnthal.sys [95424]
O58 – SDL:[MD5.DB56BB2C55723815CF549D7FC50CFCEB] – 13/04/2008 – 10:23:48


. (.Smart Link – Pas de description.) — C:WINDOWSsystem32Driversslwdmsup.sys [13240]
O58 – SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] – 05/08/2004 – 13:00:00 —A- . (.RAVISENT Technologies Inc. – CineMaster C WDM DVD Minidriver.) — C:WINDOWSsystem32Driversvdmindvd.sys [58112]
O58 – SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] – 05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ansi.sys [9037]
O58 – SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] – 05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32country.sys [27097]
O58 – SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] – 05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32himem.sys [4912]
O58 – SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] – 05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32key01.sys [42809]
O58 – SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] – 05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32keyboard.sys [42537]
O58 – SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] – 05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos.sys [27916]
O58 – SDL:[MD5.CF9ED169FF86D935E47999E82359E898] – 05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos404.sys [29146]
O58 – SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] – 05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos411.sys [29370]
O58 – SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] – 05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos412.sys [29274]
O58 – SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] – 05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos804.sys [29146]
O58 – SDL:[MD5.CAAA108FD7BF71989946B39704323455] – 05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio.sys [34000]
O58 – SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] – 05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio404.sys [34560]
O58 – SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] – 05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio411.sys [35648]
O58 – SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] – 05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio412.sys [35424]
O58 – SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] – 05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio804.sys [34560]
~ Drivers: 5 Legitimates Filtered in 00mn 01s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 06/12/2013 – 09:49:54 —A- . (…) — C:Documents and SettingsBAC 5Application DataZHPLog.txt [18682] =>.Nicolas Coolman
O61 – LFC: 06/12/2013 – 09:49:54 —A- . (…) — C:Documents and SettingsBAC 5Application DataZHPTestsZHPDiag.txt [3256] =>.Nicolas Coolman
O61 – LFC: 06/12/2013 – 09:49:55 —A- . (…) — C:Documents and SettingsBAC 5BureauAdwCleaner[S1].txt [898]
O61 – LFC: 06/12/2013 – 09:49:55 —A- . (…) — C:Documents and SettingsBAC 5BureauSosVirus Forum Gratuit.lnk [1761]
O61 – LFC: 06/12/2013 – 09:49:55 —A- . (…) — C:Documents and SettingsBAC 5BureauUsbFix Faire un Don.lnk [1777]
O61 – LFC: 06/12/2013 – 09:49:55 —A- . (…) — C:Documents and SettingsBAC 5BureauUsbFix [Clean 3] BAC5.txt [6710]
O61 – LFC: 06/12/2013 – 09:49:55 —A- . (…) — C:Documents and SettingsBAC 5BureauUsbFix [Scan 2] BAC5.txt [4323]
O61 – LFC: 06/12/2013 – 09:49:55 —A- . (…) — C:Documents and SettingsBAC 5BureauZHPDiag.lnk [1523] =>.Nicolas Coolman
O61 – LFC: 06/12/2013 – 09:49:55 —A- . (…) — C:Documents and SettingsBAC 5BureauZHPFix.lnk [1628] =>.Nicolas Coolman
O61 – LFC: 06/12/2013 – 09:49:55 —A- . (…) — C:Documents and SettingsBAC 5Bureauadwcleaner.exe [1110034]
O61 – LFC: 06/12/2013 – 09:49:55 —A- . (…) — C:Documents and SettingsBAC 5Bureaumbam-log-2013-12-06 (09-02-50).txt [2168]
O61 – LFC: 06/12/2013 – 09:49:55 -SHA- . (…) — C:Documents and SettingsBAC 5IECompatCacheindex.dat [65536]
O61 – LFC: 06/12/2013 – 09:49:55 -SHA- . (…) — C:Documents and SettingsBAC 5IETldCacheindex.dat [262144]
O61 – LFC: 06/12/2013 – 09:49:56 —A- . (…) — C:Documents and SettingsBAC 5RecentAdwCleaner[S1].lnk [418]
O61 – LFC: 06/12/2013 – 09:49:56 —A- . (…) — C:Documents and SettingsBAC 5RecentUsbFix [Clean 3] BAC5.lnk [459]
O61 – LFC: 06/12/2013 – 09:49:56 —A- . (…) — C:Documents and SettingsBAC 5RecentUsbFix [Scan 2] BAC5.lnk [454]
O61 – LFC: 06/12/2013 – 09:49:56 —A- . (…) — C:Documents and SettingsBAC 5Recentmbam-log-2013-12-06 (09-02-50).lnk [514]
O61 – LFC: 06/12/2013 – 09:49:56 -SHA- . (…) — C:Documents and SettingsBAC 5PrivacIEindex.dat [344064]
~ 2 Fichiers temporaires (Temporary files)
~ 27 Fichiers cookies (Cookies files)
~ Files: 99 Legitimates Filtered in 00mn 05s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix By El Desaparecido – (.El Desaparecido – http://www.usbfix.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Liste les services legacy du registre (LALS) (O64)
O64 – Services: CurCS – 28/02/2006 – C:Program FilesBonjourmDNSResponder.exe (Bonjour Service) .(.Apple Computer, Inc. – Bonjour Service.) – LEGACY_BONJOUR_SERVICE
~ Legacy: 119 Legitimates Filtered in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.5CE10688C6671AE9AFC20B09376E8AB2] [SPRF][06/12/2013] (…) — C:Documents and SettingsBAC 5Bureauadwcleaner.exe [1110034]
[MD5.BE820DF8555FAC6BFAB784D8435A8F76] [SPRF][20/09/2011] (.Uwe Sieber – http://www.uwe-sieber.de – DriveCleanup (Win32) – removes non present storage volumes, Disks, CDROMs, Floppies and USB storage devices.) — C:Documents and SettingsBAC 5BureauDriveCleanup.exe [24544]
~ Files: 5 Legitimates Filtered in 00mn 00s

—\ Enumère les codes produits des logiciels (PUC) (O90)
O90 – PUC: “C04AC77760206FE40ACF16B80FB68F0D” . (..) — C:WINDOWSInstaller{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}ARPPRODUCTICON.exe
~ Update Products: 58 Legitimates Filtered in 00mn 00s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) – C:WINDOWSsystem32dmadmin.exe
SS – | Demand 11/10/2013 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) – C:Program FilesFichiers communsMacrovision SharedFLEXnet PublisherFNPLicensingService.exe

SR – | Auto 22/11/2013 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
SR – | Auto 28/02/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) – C:Program FilesBonjourmDNSResponder.exe
SR – | Auto 14/11/2013 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) – C:Program FilesJavajre7binjqs.exe
SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamscheduler.exe
SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program FilesMalwarebytes’ Anti-Malwarembamservice.exe

~ Services: Scanned in 00mn 05s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
Run by BAC 5 at 06/12/2013 09:50:27

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EF200] >> DeviceHarddisk0DR0[0x8A6B4AB8]
kernel: MBR read successfully
user & kernel MBR OK

~ MBR: 13 Legitimates Filtered in 00mn 02s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by BAC 5 at 06/12/2013 09:50:29

********* Dump file Name *********
C:PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 04s

—\ Scan Additionnel (O88)
Database Version : 13011 – (06/12/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 188277 Items scanned in 00mn 16s

~ 845 Legitimates filtered by white list
End of the scan (446 lines in 01mn 23s)(0)

désolé Je n’ai pas pu utiliser la plateforme de téléchargement

Vincent