Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par whynot
#211411
La suite


O43 - CFD: 11/12/2014 - 21:12:46 - [0] ----D C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\F-Secure
O43 - CFD: 31/07/2014 - 12:52:43 - [] ----D C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\FLVService
O43 - CFD: 04/11/2014 - 09:31:17 - [] ----D C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\Google
O43 - CFD: 04/09/2006 - 13:11:00 - [0] ----D C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\Help
O43 - CFD: 10/07/2007 - 15:01:07 - [] ----D C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\Identities
O43 - CFD: 13/09/2014 - 08:36:07 - [] ----D C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\LogMeIn Rescue Applet
O43 - CFD: 26/07/2014 - 13:59:38 - [] ----D C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\MFAData
O43 - CFD: 28/04/2014 - 12:41:31 - [] ----D C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\Microsoft
O43 - CFD: 05/09/2008 - 12:31:26 - [] ----D C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\Mozilla
O43 - CFD: 24/03/2009 - 19:34:06 - [] ----D C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\Opera
O43 - CFD: 22/11/2009 - 20:18:09 - [] ----D C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\PCHealth
O43 - CFD: 13/11/2014 - 09:11:09 - [0] ----D C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\Samsung
O43 - CFD: 12/04/2013 - 17:38:44 - [] ----D C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\Sun
O43 - CFD: 10/07/2014 - 08:03:32 - [] ----D C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\Temp
O43 - CFD: 09/09/2011 - 14:09:41 - [] ----D C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\TomTom
O43 - CFD: 09/07/2011 - 08:25:00 - [] ----D C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\TradeNetworks_Ltd
O43 - CFD: 13/04/2009 - 11:32:33 - [0] ----D C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\WMTools Downloaded Files
O43 - CFD: 10/12/2009 - 14:01:31 - [] ----D C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\Yahoo!
O43 - CFD: 17/08/2006 - 14:06:55 - [] ----D C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
O43 - CFD: 01/05/2008 - 07:50:42 - [] R---D C:\Documents and Settings\UTILISATEUR\Menu Démarrer\Programmes\Accessoires
O43 - CFD: 18/09/2013 - 18:00:30 - [0] ----D C:\Documents and Settings\UTILISATEUR\Menu Démarrer\Programmes\BitTorrent =>P2P.BitTorrent
O43 - CFD: 18/08/2014 - 19:17:39 - [] ----D C:\Documents and Settings\UTILISATEUR\Menu Démarrer\Programmes\CCleaner
O43 - CFD: 14/09/2014 - 15:42:39 - [] R---D C:\Documents and Settings\UTILISATEUR\Menu Démarrer\Programmes\Démarrage
O43 - CFD: 19/04/2011 - 19:49:34 - [0] ----D C:\Documents and Settings\UTILISATEUR\Menu Démarrer\Programmes\Games
O43 - CFD: 25/04/2009 - 08:51:25 - [] R---D C:\Documents and Settings\UTILISATEUR\Menu Démarrer\Programmes\Outils d'administration
O43 - CFD: 18/09/2013 - 18:00:31 - [0] ----D C:\Documents and Settings\UTILISATEUR\Menu Démarrer\Programmes\TomTom
~ Program Folder: 224 Scanned in 00mn 03s
Avatar du membre
par whynot
#211412
Et la fin



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.4DF37D408396ED5B973DE1561777DC2E] - 07/12/2014 - 13:59:17 ---A- . (...) -- C:\WINDOWS\system32\wpa.dbl [12658]
O44 - LFC:[MD5.2EB0D3528698E825AC3E31F20FEC5FF7] - 10/12/2014 - 10:52:43 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl [71344]
O44 - LFC:[MD5.2E8EE30A29AD149DD94283AE64C7B6F4] - 10/12/2014 - 10:52:45 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\WINDOWS\system32\FlashPlayerApp.exe [701616]
O44 - LFC:[MD5.B46DD94B96636132B60BE333B83CF718] - 10/12/2014 - 14:49:12 ---A- . (.Microsoft Corporation - Outil de suppression de logiciels malveilla.) -- C:\WINDOWS\system32\MRT.exe [109818608]
O44 - LFC:[MD5.A3F4391DFDF2F9E9FE4EAD193265A5AD] - 15/12/2014 - 09:29:59 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\system32\Drivers\mbam.sys [23256]
O44 - LFC:[MD5.FFB32E70D735146F5630DC7A96B6E1A8] - 15/12/2014 - 09:31:13 ---A- . (.Malwarebytes Corporation - Malwarebytes Chameleon Protection Driver.) -- C:\WINDOWS\system32\Drivers\mbamchameleon.sys [54360]
O44 - LFC:[MD5.D1B9540CF911CB55F7A04B40F8AEA026] - 15/12/2014 - 10:31:46 ---A- . (...) -- C:\malware.txt [20215]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 16/12/2014 - 12:25:49 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.3A31273450D18CDF34779EB17B5D26D1] - 16/12/2014 - 12:26:02 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 16/12/2014 - 12:26:05 ---A- . (...) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.99AD8510A2E31A5BE303533543583016] - 16/12/2014 - 12:26:06 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.04D3193DA13DCBB915BFF018563B43C9] - 16/12/2014 - 12:51:33 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1095588]
O44 - LFC:[MD5.D662EE7A02FC243C748AC6B4C951BB88] - 16/12/2014 - 13:30:01 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32498]
O44 - LFC:[MD5.8E2E9CCD873ABF180F48BCAEEEBE347D] - 16/12/2014 - 13:35:37 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\system32\Drivers\mbamswissarmy.sys [114904]
~ Files: 15 Scanned in 00mn 41s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "C:\Program Files\BitTorrent\bittorrent.exe" [Enabled] .(...) -- C:\Program Files\BitTorrent\bittorrent.exe (.not file.) =>P2P.BitTorrent
O47 - AAKE:Key Export SP - "C:\Program Files\Messenger\msmsgs.exe" [Enabled] .(.Microsoft Corporation.) -- C:\Program Files\Messenger\msmsgs.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Vuze\Azureus.exe" [Enabled] .(...) -- C:\Program Files\Vuze\Azureus.exe (.not file.) =>P2P.Azureus
O47 - AAKE:Key Export SP - "C:\Program Files\Internet Explorer\iexplore.exe" [Enabled] .(.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O47 - AAKE:Key Export SP - "C:\Program Files\eMule\emule.exe" [Enabled] .(.http://www.emule-project.net" onclick="window.open(this.href);return false;.) -- C:\Program Files\eMule\emule.exe =>P2P.eMule
O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Plugin Manager\skypePM.exe" [Enabled] .(...) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\AVG\AVG PC TuneUp\Integrator.exe" [Enabled] .(...) -- C:\Program Files\AVG\AVG PC TuneUp\Integrator.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Mozilla Firefox\firefox.exe" [Enabled] .(.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
~ Keys Export: 12 Scanned in 00mn 00s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'à‰diteur de configuration de sécurité Windows.) -- C:\WINDOWS\system32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Kerberos Security Package.) -- C:\WINDOWS\system32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\WINDOWS\system32\wdigest.dll
~ LSA: 6 Scanned in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\system32\Drivers\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\system32\Drivers\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\system32\Drivers\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\system32\Drivers\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\system32\Drivers\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\system32\Drivers\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\system32\Drivers\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys . (...) -- C:\WINDOWS\system32\Drivers\rdpdd.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\system32\Drivers\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\system32\Drivers\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.)
~ CSB: 21 Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech(TM) DSP Group pour MSACM V3.50.) -- C:\WINDOWS\system32\tssoft32.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\system32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\system32\ir41_32.ax
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\system32\ir50_32.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \Drivers32\"VIDC.MJPG"="mtkjpeg.dll" . (...) -- C:\WINDOWS\system32\mtkjpeg.dll
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
~ TDSD: 13 Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\ANIWZCS2Service [Key] . (.Alpha Networks Inc. - ANIWZCS2 launcher for Windows..) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O53 - SMSR:HKLM\...\startupreg\avgnt [Key] . (...) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\TkBellExe [Key] . (...) -- C:\program files\real\realplayer\update\realsched.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\TomTomHOME.exe [Key] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
~ SMSR Keys: 4 Scanned in 00mn 00s



---\\ Enumération des clés de registre SecurityProviders (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
~ MSCP: 6 Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
~ MWPS: 5 Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoInstrumentation"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoCDBurning"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=0
~ MWPE Keys: 7 Scanned in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:10/11/2006 - 14:05:00 ---A- . (.Arcsoft, Inc. - Arcsoft(R) ASPI Shell.) -- C:\WINDOWS\system32\Drivers\afc.sys [18688]
O58 - SDL:29/03/2000 - 15:17:42 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ASUSHWIO.SYS [5824]
O58 - SDL:04/08/2004 - 00:38:44 ---A- . (.ATI Technologies Inc. - Pilote de miniport ATI RAGE 128.) -- C:\WINDOWS\system32\Drivers\ati2mtag.sys [701440]
O58 - SDL:02/06/2008 - 15:16:08 ---A- . (.BitDefender SRL - BitDefender Firewall NDIS Filter Driver.) -- C:\WINDOWS\system32\Drivers\bdfndisf.sys [86792]
O58 - SDL:07/01/2008 - 17:41:34 ---A- . (.BitDefender S.R.L. Bucharest, ROMANIA - BitDefender AntiVirus FS filter driver.) -- C:\WINDOWS\system32\Drivers\bdfsfltr.sys [196368]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:22/01/2004 - 11:41:16 ---A- . (.FotoNation Ltd. - USB Driver for Digital Camera.) -- C:\WINDOWS\system32\Drivers\CoachUsb.sys [46944]
O58 - SDL:03/11/2003 - 16:31:14 ---A- . (.Accapella Ltd. - Video Capture Minidriver for Digital Camera.) -- C:\WINDOWS\system32\Drivers\CoachVc.sys [44256]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\Drivers\cpqdap01.sys [11776]
O58 - SDL:23/01/2014 - 18:31:06 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\WINDOWS\system32\Drivers\dgderdrv.sys [20032]
O58 - SDL:14/04/2008 - 03:05:07 ---A- . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\system32\Drivers\dmboot.sys [800256]
O58 - SDL:14/04/2008 - 03:05:12 ---A- . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\system32\Drivers\dmio.sys [154496]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys [5888]
O58 - SDL:03/11/2005 - 19:39:02 ---A- . (.Ralink Technology, Corp. - Ralink 802.11 USB Wireless Adapter Driver.) -- C:\WINDOWS\system32\Drivers\Dr71WU.sys [245504]
O58 - SDL:13/04/2008 - 17:36:06 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:21/11/2014 - 06:14:06 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\system32\Drivers\mbam.sys [23256]
O58 - SDL:21/11/2014 - 06:14:14 ---A- . (.Malwarebytes Corporation - Malwarebytes Chameleon Protection Driver.) -- C:\WINDOWS\system32\Drivers\mbamchameleon.sys [54360]
O58 - SDL:16/12/2014 - 13:35:37 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\system32\Drivers\mbamswissarmy.sys [114904]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\Drivers\nikedrv.sys [12032]
O58 - SDL:08/02/2013 - 04:02:44 ---A- . (.NVIDIA Corporation - NVIDIA Windows XP Miniport Driver, Version 307.83.) -- C:\WINDOWS\system32\Drivers\nv4_mini.sys [12648960]
O58 - SDL:03/06/2004 - 03:40:46 R--A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) IDE Performance Driver.) -- C:\WINDOWS\system32\Drivers\nvatabus.sys [79360]
O58 - SDL:29/07/2005 - 10:11:02 R--A- . (.NVIDIA Corporation - NVIDIA Networking Function Driver..) -- C:\WINDOWS\system32\Drivers\NVENETFD.sys [34048]
O58 - SDL:29/07/2005 - 10:11:04 R--A- . (.NVIDIA Corporation - NVIDIA Networking Bus Driver..) -- C:\WINDOWS\system32\Drivers\nvnetbus.sys [12928]
O58 - SDL:29/07/2005 - 10:10:46 R--A- . (.NVIDIA Corporation - NVIDIA Network Resource Manager..) -- C:\WINDOWS\system32\Drivers\nvnrm.sys [301312]
O58 - SDL:29/07/2005 - 10:10:32 R--A- . (.NVIDIA Corporation - NVIDIA Networking Soft-NPU Driver..) -- C:\WINDOWS\system32\Drivers\nvsnpu.sys [221824]
O58 - SDL:29/07/2005 - 10:10:54 R--A- . (.NVIDIA Corporation - NVIDIA Networking Protocol Driver..) -- C:\WINDOWS\system32\Drivers\nvtcp.sys [100480]
O58 - SDL:29/10/2003 - 06:02:00 R--A- . (.NVIDIA Corporation - NVIDIA nForce AGP Filter.) -- C:\WINDOWS\system32\Drivers\nv_agp.SYS [21120]
O58 - SDL:14/06/2007 - 14:29:08 ---A- . (.PixArt Imaging Inc. - PAC7302.) -- C:\WINDOWS\system32\Drivers\PAC7302.SYS [457856]
O58 - SDL:19/07/2009 - 11:59:24 ---A- . (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\WINDOWS\system32\Drivers\pcouffin.sys [47360]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\Drivers\rio8drv.sys [12032]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\Drivers\riodrv.sys [12032]
O58 - SDL:17/04/2006 - 09:31:26 R---- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\WINDOWS\system32\Drivers\RtkHDAud.Sys [4262912]
O58 - SDL:03/08/2004 - 21:31:34 ---A- . (.Realtek Semiconductor Corporation - Realtek RTL8139 NDIS 5.0 Driver.) -- C:\WINDOWS\system32\Drivers\RTL8139.sys [20992]
O58 - SDL:13/11/2007 - 11:25:54 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\Drivers\secdrv.sys [20480]
O58 - SDL:25/08/2013 - 10:30:48 ---A- . (...) -- C:\WINDOWS\system32\Drivers\StarOpen.sys [13120]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\Drivers\tsbvcap.sys [21376]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:09/11/2005 - 14:44:48 ---A- . (.Alpha Networks Inc. - ANIO (NT5) Driver.) -- C:\WINDOWS\system32\ANIO.sys [24288]
O58 - SDL:14/10/2004 - 09:29:16 ---A- . (.ANI - ANIO (NDIS4) Driver.) -- C:\WINDOWS\system32\anio4.sys [11904]
O58 - SDL:10/11/2005 - 06:13:00 ---A- . (.Alpha Networks Inc. - ANIO (NT5) Driver.) -- C:\WINDOWS\system32\ANIO64.sys [50176]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 56 Scanned in 00mn 02s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 09/12/2014 - 14:11:18 ---A- . (.F-Secure Corporation.) -- C:\Documents and Settings\UTILISATEUR\Mes documents\Téléchargements\SFR-Securite.exe [836648]
O61 - LFC: 11/12/2014 - 14:11:18 ---A- . (.F-Secure Corporation.) -- C:\Documents and Settings\UTILISATEUR\Mes documents\Téléchargements\SFR-Securite(1).exe [836648]
O61 - LFC: 14/12/2014 - 14:11:18 ---A- . (.El Desaparecido - SosVirus.net - UsbFix.net.) -- C:\Documents and Settings\UTILISATEUR\Mes documents\Téléchargements\UsbFix.exe [3989160]
O61 - LFC: 14/12/2014 - 14:11:18 ---A- . (.OldTimer Tools.) -- C:\Documents and Settings\UTILISATEUR\Mes documents\Téléchargements\OTL.exe [602112]
O61 - LFC: 15/12/2014 - 14:11:17 ---A- . (...) -- C:\Documents and Settings\UTILISATEUR\Mes documents\Téléchargements\AdwCleaner-4.1.0.5.exe [2166272]
O61 - LFC: 15/12/2014 - 14:11:19 ---A- . (.Nicolas Coolman.) -- C:\Documents and Settings\UTILISATEUR\Mes documents\Téléchargements\ZHPDiag2.exe [6860008] =>.Nicolas Coolman
O61 - LFC: 16/12/2014 - 14:11:18 ---A- . (.Malwarebytes Corporation.) -- C:\Documents and Settings\UTILISATEUR\Mes documents\Téléchargements\mbam-setup-2.0.4.1028.exe [20447072]
~ 69 Fichiers temporaires (Temporary files)
~ 16 Fichiers cookies (Cookies files)
~ Files: 7 Scanned in 00mn 59s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false;.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 22/02/2008 - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe (ACDaemon) .(.ArcSoft Inc. - ArcSoft Connect Service.) - LEGACY_ACDAEMON
O64 - Services: CurCS - 09/11/2005 - C:\windows\system32\ANIO.sys (ANIO) .(.Alpha Networks Inc. - ANIO (NT5) Driver.) - LEGACY_ANIO
O64 - Services: CurCS - 06/10/2014 - C:\Program Files\SFR Sécurité\fshoster32.exe (fshoster) .(.F-Secure Corporation - F-Secure Host Process.) - LEGACY_FSHOSTER
O64 - Services: CurCS - 16/12/2014 - C:\windows\system32\drivers\MBAMSwissArmy.sys (MBAMSwissArmy) .(.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - LEGACY_MBAMSWISSARMY
O64 - Services: CurCS - 03/06/2004 - C:\WINDOWS\system32\DRIVERS\nvatabus.sys (nvatabus) .(.NVIDIA Corporation - NVIDIA® nForce(TM) IDE Performance Driver.) - LEGACY_NVATABUS
O64 - Services: CurCS - 29/10/2003 - C:\WINDOWS\system32\DRIVERS\nv_agp.sys (nv_agp) .(.NVIDIA Corporation - NVIDIA nForce AGP Filter.) - LEGACY_NV_AGP
O64 - Services: CurCS - 05/06/2014 - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTomHOMEService) .(.TomTom - Windows Service for TomTom HOME.) - LEGACY_TOMTOMHOMESERVICE
~ Legacy: 915 Scanned in 00mn 02s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - à‰diteur du Registre.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
~ FASS Keys: 10 Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {0939AB17-9F6C-4CD5-862D-A667486E9E29} - (Yahoo!) - http://fr.search.yahoo.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {9CB96984-43C3-4D44-90EF-01466EFCF7BB} - (Yahoo! (Avast)) - http://fr.search.yahoo.com" onclick="window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s



---\\ Enumère les service demarrés par Svchost (SSS) (O83)
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (...) -- C:\WINDOWS\system32\appmgmts.dll [0]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\system32\audiosrv.dll [42496]
O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\system32\browser.dll [78336]
O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\system32\cryptsvc.dll [62464]
O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - DLL Service gestionnaire de disque logique.) -- C:\WINDOWS\system32\dmserver.dll [24576]
O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - Service client DHCP.) -- C:\WINDOWS\system32\dhcpcsvc.dll [127488]
O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\system32\ersvc.dll [23040]
O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - Pas de description.) -- C:\WINDOWS\system32\es.dll [253952]
O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\system32\shsvcs.dll [135680]
O83 - Search Svchost Services: HidServ (HidServ) . (.Microsoft Corporation - HID Audio Service.) -- C:\WINDOWS\system32\hidserv.dll [21504]
O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Moniteur infrarouge.) -- C:\WINDOWS\system32\irmon.dll [29184]
O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [99840]
O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\system32\wkssvc.dll [132096]
O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\system32\msgsvc.dll [33792]
O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Gestionnaire de connexions réseau.) -- C:\WINDOWS\system32\netman.dll [198144]
O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll [247808] =>.Microsoft Corporation
O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Gestionnaire de stockage amovible.) -- C:\WINDOWS\system32\ntmssvc.dll [438272]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\system32\rasauto.dll [88576]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\system32\rasmans.dll [186368]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\system32\mprdim.dll [53248]
O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Moteur du Planificateur de tà¢ches.) -- C:\WINDOWS\system32\schedsvc.dll [194560]
O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - DLL de service d'ouverture de session secondaire.) -- C:\WINDOWS\system32\seclogon.dll [18944]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll [39424]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l'application d'assistance à  Microsoft NAT.) -- C:\WINDOWS\system32\ipnathlp.dll [332800]
O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - Service de restauration du système.) -- C:\WINDOWS\system32\srsvc.dll [171520]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows(TM).) -- C:\WINDOWS\system32\tapisrv.dll [249856]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\system32\shsvcs.dll [135680]
O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32\trkwks.dll [90112]
O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Service de temps Windows.) -- C:\WINDOWS\system32\w32time.dll [178176]
O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Service configuration automatique sans fil.) -- C:\WINDOWS\system32\wzcsvc.dll [483840]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [145408]
O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll [80896]
O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\system32\xmlprov.dll [129024]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\WINDOWS\system32\qmgr.dll [409088]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\windows\system32\wuauserv.dll [6656]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\system32\shsvcs.dll [135680]
O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400]
O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Microsoft Media Device Service Provider.) -- C:\WINDOWS\system32\MsPMSNSv.dll [27136]
O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Exécution du service Agent de quarantaine.) -- C:\WINDOWS\system32\qagentrt.dll [293376]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\WINDOWS\system32\kmsvc.dll [61440]
~ Services: 40 Scanned in 00mn 01s



---\\ Recherche particulière à  la racine du système (SPRF) (O84)
[MD5.C439F625386EB58FA373A4EC101786BD] [SPRF][16/09/2014] (.PC Cleaners - PC Cleaner Pro.) -- C:\Documents and Settings\All Users\Application Data\pclunst.exe [9414952] =>Rogue.PCCleanerPro
[MD5.254FBCA565E049648B0CCE2CEADF05D2] [SPRF][19/07/2009] (...) -- C:\Documents and Settings\UTILISATEUR\Application Data\inst.exe [87608]
[MD5.5B6C11DE7E839C05248CED8825470FEF] [SPRF][19/07/2009] (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Documents and Settings\UTILISATEUR\Application Data\pcouffin.sys [47360]
[MD5.ADD5959782B53F5DF504D4D867151A3D] [SPRF][30/08/2010] (.Microsoft Corporation - Client Full Install Package.) -- C:\Documents and Settings\UTILISATEUR\Bureau\mssefullinstall-x86fre-fr-fr-xp.exe [11899464]
[MD5.89871C1498F2A471290F0A2C088987A6] [SPRF][25/03/2009] (.RealNetworks, Inc. - RealNetworks Installer.) -- C:\Documents and Settings\UTILISATEUR\Bureau\RealPlayer11GOLD_fr.exe [476696]
[MD5.17C995AA808CEE87A0E49A4B02E423E6] [SPRF][02/09/2010] (...) -- C:\Documents and Settings\UTILISATEUR\Bureau\revosetup.exe [2406288]
~ Files: 6 Scanned in 00mn 06s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{C11CBDA9-6702-469E-9CE1-64E3971A6B44}] (PC Antivirus Pro Web Protection BHO) =>PUP.WebProtect
~ BCK: 3497 Scanned in 00mn 10s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/12/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 19/10/2005 49152 | (ANIWZCSdService) . (.Alpha Networks Inc..) - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Disabled 13/09/2014 3079488 | (LMIRescue_24882919-0c02-4d63-8f5d-3c864251866e) . (.LogMeIn, Inc..) - C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe
SS - | Demand 09/12/2014 114800 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 10/10/2005 131139 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SS - | Demand 19/05/2009 240512 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 22/02/2008 104960 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 06/10/2014 187432 | (fshoster) . (.F-Secure Corporation.) - C:\Program Files\SFR Sécurité\fshoster32.exe
SR - | Auto 05/06/2014 93040 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
~ Services: Scanned in 00mn 11s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Run by UTILISATEUR at 16/12/2014 14:14:01
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EE1A0] >> \Device\Harddisk0\DR0[0x85178AB8]
3 CLASSPNP[0xF75F6FD7] >> ntkrnlpa!IofCallDriver[0x804EE1A0] >> \Device\00000065[0x8517CF18]
5 ACPI[0xF748C620] >> ntkrnlpa!IofCallDriver[0x804EE1A0] >> \Device\Ide\IdeDeviceP2T0L0-5[0x8517B8E8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Scanned in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog" onclick="window.open(this.href);return false;
Run by UTILISATEUR at 16/12/2014 14:14:03
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:19/07/2009 - 11:59:24 ---A- . (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\WINDOWS\system32\Drivers\pcouffin.sys [47360]
~ Emulateurs: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (28/08/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 5

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PC Cleaners] =>Rogue.PCCleanerPro^
[HKCU\Software\PartyFrance] =>Casino.OnlineGames
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{280B5D37-4A76-467A-B3D6-942FCA90ACDE}] =>Worm.Vispat
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{280B5D37-4A76-467A-B3D6-942FCA90ACDE}] =>Worm.Vispat
C:\Program Files\Vuze =>P2P.Azureus^
C:\Documents and Settings\UTILISATEUR\Application Data\Azureus =>P2P.Azureus^
C:\Documents and Settings\UTILISATEUR\Application Data\BitTorrent =>P2P.BitTorrent^
C:\Documents and Settings\UTILISATEUR\Application Data\uTorrent =>P2P.µTorrent^
C:\Documents and Settings\UTILISATEUR\Menu Démarrer\Programmes\BitTorrent =>P2P.BitTorrent^
[HKCU\Software\BitTorrent] =>P2P.BitTorrent^
[HKCU\Software\PCCleaners] =>Rogue.PCCleanerPro^
[HKLM\Software\PCCleaners] =>Rogue.PCCleanerPro^
C:\Documents and Settings\All Users\Application Data\pclunst.exe =>Rogue.PCCleanerPro^
[HKCR\CLSID\{C11CBDA9-6702-469E-9CE1-64E3971A6B44}] (PC Antivirus Pro Web Protection BHO) =>PUP.WebProtect^
~ Additionnel Scan: 186437 Items scanned in 00mn 35s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-ex ... ment-iepm/" onclick="window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-hel ... avigateur/" onclick="window.open(this.href);return false; =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/" onclick="window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-application ... -registre/" onclick="window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o50-image-file ... s-zhpdiag/" onclick="window.open(this.href);return false; =>.Image File Execution Options (IFEO) (O50)
~ AMI: 5 Scanned in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
~ MSI: 0 link(s) detected in 00mn 00s



End of the scan (1226 lines in 05mn 50s)(0)
Avatar du membre
par Evasion60
#211413
:hello: Re

Je ne peux pas travailler avec un rapport saucissonné !
Héberge le sur => http://upload.sosvirus.net/" onclick="window.open(this.href);return false;

A ce soir, ou demain matin

:(
Avatar du membre
par whynot
#211414
Décidemment je suis pas douée j'espère que là  j'ai réussie


---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.4DF37D408396ED5B973DE1561777DC2E] - 07/12/2014 - 13:59:17 ---A- . (...) -- C:\WINDOWS\system32\wpa.dbl [12658]
O44 - LFC:[MD5.2EB0D3528698E825AC3E31F20FEC5FF7] - 10/12/2014 - 10:52:43 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl [71344]
O44 - LFC:[MD5.2E8EE30A29AD149DD94283AE64C7B6F4] - 10/12/2014 - 10:52:45 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\WINDOWS\system32\FlashPlayerApp.exe [701616]
O44 - LFC:[MD5.B46DD94B96636132B60BE333B83CF718] - 10/12/2014 - 14:49:12 ---A- . (.Microsoft Corporation - Outil de suppression de logiciels malveilla.) -- C:\WINDOWS\system32\MRT.exe [109818608]
O44 - LFC:[MD5.A3F4391DFDF2F9E9FE4EAD193265A5AD] - 15/12/2014 - 09:29:59 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\system32\Drivers\mbam.sys [23256]
O44 - LFC:[MD5.FFB32E70D735146F5630DC7A96B6E1A8] - 15/12/2014 - 09:31:13 ---A- . (.Malwarebytes Corporation - Malwarebytes Chameleon Protection Driver.) -- C:\WINDOWS\system32\Drivers\mbamchameleon.sys [54360]
O44 - LFC:[MD5.D1B9540CF911CB55F7A04B40F8AEA026] - 15/12/2014 - 10:31:46 ---A- . (...) -- C:\malware.txt [20215]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 16/12/2014 - 12:25:49 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.3A31273450D18CDF34779EB17B5D26D1] - 16/12/2014 - 12:26:02 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 16/12/2014 - 12:26:05 ---A- . (...) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.99AD8510A2E31A5BE303533543583016] - 16/12/2014 - 12:26:06 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.04D3193DA13DCBB915BFF018563B43C9] - 16/12/2014 - 12:51:33 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1095588]
O44 - LFC:[MD5.D662EE7A02FC243C748AC6B4C951BB88] - 16/12/2014 - 13:30:01 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32498]
O44 - LFC:[MD5.8E2E9CCD873ABF180F48BCAEEEBE347D] - 16/12/2014 - 13:35:37 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\system32\Drivers\mbamswissarmy.sys [114904]
~ Files: 15 Scanned in 00mn 41s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "C:\Program Files\BitTorrent\bittorrent.exe" [Enabled] .(...) -- C:\Program Files\BitTorrent\bittorrent.exe (.not file.) =>P2P.BitTorrent
O47 - AAKE:Key Export SP - "C:\Program Files\Messenger\msmsgs.exe" [Enabled] .(.Microsoft Corporation.) -- C:\Program Files\Messenger\msmsgs.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Vuze\Azureus.exe" [Enabled] .(...) -- C:\Program Files\Vuze\Azureus.exe (.not file.) =>P2P.Azureus
O47 - AAKE:Key Export SP - "C:\Program Files\Internet Explorer\iexplore.exe" [Enabled] .(.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O47 - AAKE:Key Export SP - "C:\Program Files\eMule\emule.exe" [Enabled] .(.http://www.emule-project.net" onclick="window.open(this.href);return false;.) -- C:\Program Files\eMule\emule.exe =>P2P.eMule
O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Plugin Manager\skypePM.exe" [Enabled] .(...) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\AVG\AVG PC TuneUp\Integrator.exe" [Enabled] .(...) -- C:\Program Files\AVG\AVG PC TuneUp\Integrator.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Mozilla Firefox\firefox.exe" [Enabled] .(.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
~ Keys Export: 12 Scanned in 00mn 00s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'à‰diteur de configuration de sécurité Windows.) -- C:\WINDOWS\system32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Kerberos Security Package.) -- C:\WINDOWS\system32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\WINDOWS\system32\wdigest.dll
~ LSA: 6 Scanned in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\system32\Drivers\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\system32\Drivers\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\system32\Drivers\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\system32\Drivers\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\system32\Drivers\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\system32\Drivers\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\system32\Drivers\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys . (...) -- C:\WINDOWS\system32\Drivers\rdpdd.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\system32\Drivers\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\system32\Drivers\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.)
~ CSB: 21 Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech(TM) DSP Group pour MSACM V3.50.) -- C:\WINDOWS\system32\tssoft32.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\system32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\system32\ir41_32.ax
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\system32\ir50_32.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \Drivers32\"VIDC.MJPG"="mtkjpeg.dll" . (...) -- C:\WINDOWS\system32\mtkjpeg.dll
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
~ TDSD: 13 Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\ANIWZCS2Service [Key] . (.Alpha Networks Inc. - ANIWZCS2 launcher for Windows..) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O53 - SMSR:HKLM\...\startupreg\avgnt [Key] . (...) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\TkBellExe [Key] . (...) -- C:\program files\real\realplayer\update\realsched.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\TomTomHOME.exe [Key] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
~ SMSR Keys: 4 Scanned in 00mn 00s



---\\ Enumération des clés de registre SecurityProviders (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
~ MSCP: 6 Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
~ MWPS: 5 Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoInstrumentation"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoCDBurning"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=0
~ MWPE Keys: 7 Scanned in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:10/11/2006 - 14:05:00 ---A- . (.Arcsoft, Inc. - Arcsoft(R) ASPI Shell.) -- C:\WINDOWS\system32\Drivers\afc.sys [18688]
O58 - SDL:29/03/2000 - 15:17:42 ---A- . (...) -- C:\WINDOWS\system32\Drivers\ASUSHWIO.SYS [5824]
O58 - SDL:04/08/2004 - 00:38:44 ---A- . (.ATI Technologies Inc. - Pilote de miniport ATI RAGE 128.) -- C:\WINDOWS\system32\Drivers\ati2mtag.sys [701440]
O58 - SDL:02/06/2008 - 15:16:08 ---A- . (.BitDefender SRL - BitDefender Firewall NDIS Filter Driver.) -- C:\WINDOWS\system32\Drivers\bdfndisf.sys [86792]
O58 - SDL:07/01/2008 - 17:41:34 ---A- . (.BitDefender S.R.L. Bucharest, ROMANIA - BitDefender AntiVirus FS filter driver.) -- C:\WINDOWS\system32\Drivers\bdfsfltr.sys [196368]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:22/01/2004 - 11:41:16 ---A- . (.FotoNation Ltd. - USB Driver for Digital Camera.) -- C:\WINDOWS\system32\Drivers\CoachUsb.sys [46944]
O58 - SDL:03/11/2003 - 16:31:14 ---A- . (.Accapella Ltd. - Video Capture Minidriver for Digital Camera.) -- C:\WINDOWS\system32\Drivers\CoachVc.sys [44256]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\Drivers\cpqdap01.sys [11776]
O58 - SDL:23/01/2014 - 18:31:06 ---A- . (.Devguru Co., Ltd - Device Error Recovery SDK(x86).) -- C:\WINDOWS\system32\Drivers\dgderdrv.sys [20032]
O58 - SDL:14/04/2008 - 03:05:07 ---A- . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\system32\Drivers\dmboot.sys [800256]
O58 - SDL:14/04/2008 - 03:05:12 ---A- . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\system32\Drivers\dmio.sys [154496]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys [5888]
O58 - SDL:03/11/2005 - 19:39:02 ---A- . (.Ralink Technology, Corp. - Ralink 802.11 USB Wireless Adapter Driver.) -- C:\WINDOWS\system32\Drivers\Dr71WU.sys [245504]
O58 - SDL:13/04/2008 - 17:36:06 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:21/11/2014 - 06:14:06 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\system32\Drivers\mbam.sys [23256]
O58 - SDL:21/11/2014 - 06:14:14 ---A- . (.Malwarebytes Corporation - Malwarebytes Chameleon Protection Driver.) -- C:\WINDOWS\system32\Drivers\mbamchameleon.sys [54360]
O58 - SDL:16/12/2014 - 13:35:37 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\system32\Drivers\mbamswissarmy.sys [114904]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\Drivers\nikedrv.sys [12032]
O58 - SDL:08/02/2013 - 04:02:44 ---A- . (.NVIDIA Corporation - NVIDIA Windows XP Miniport Driver, Version 307.83.) -- C:\WINDOWS\system32\Drivers\nv4_mini.sys [12648960]
O58 - SDL:03/06/2004 - 03:40:46 R--A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) IDE Performance Driver.) -- C:\WINDOWS\system32\Drivers\nvatabus.sys [79360]
O58 - SDL:29/07/2005 - 10:11:02 R--A- . (.NVIDIA Corporation - NVIDIA Networking Function Driver..) -- C:\WINDOWS\system32\Drivers\NVENETFD.sys [34048]
O58 - SDL:29/07/2005 - 10:11:04 R--A- . (.NVIDIA Corporation - NVIDIA Networking Bus Driver..) -- C:\WINDOWS\system32\Drivers\nvnetbus.sys [12928]
O58 - SDL:29/07/2005 - 10:10:46 R--A- . (.NVIDIA Corporation - NVIDIA Network Resource Manager..) -- C:\WINDOWS\system32\Drivers\nvnrm.sys [301312]
O58 - SDL:29/07/2005 - 10:10:32 R--A- . (.NVIDIA Corporation - NVIDIA Networking Soft-NPU Driver..) -- C:\WINDOWS\system32\Drivers\nvsnpu.sys [221824]
O58 - SDL:29/07/2005 - 10:10:54 R--A- . (.NVIDIA Corporation - NVIDIA Networking Protocol Driver..) -- C:\WINDOWS\system32\Drivers\nvtcp.sys [100480]
O58 - SDL:29/10/2003 - 06:02:00 R--A- . (.NVIDIA Corporation - NVIDIA nForce AGP Filter.) -- C:\WINDOWS\system32\Drivers\nv_agp.SYS [21120]
O58 - SDL:14/06/2007 - 14:29:08 ---A- . (.PixArt Imaging Inc. - PAC7302.) -- C:\WINDOWS\system32\Drivers\PAC7302.SYS [457856]
O58 - SDL:19/07/2009 - 11:59:24 ---A- . (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\WINDOWS\system32\Drivers\pcouffin.sys [47360]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\Drivers\rio8drv.sys [12032]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\Drivers\riodrv.sys [12032]
O58 - SDL:17/04/2006 - 09:31:26 R---- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\WINDOWS\system32\Drivers\RtkHDAud.Sys [4262912]
O58 - SDL:03/08/2004 - 21:31:34 ---A- . (.Realtek Semiconductor Corporation - Realtek RTL8139 NDIS 5.0 Driver.) -- C:\WINDOWS\system32\Drivers\RTL8139.sys [20992]
O58 - SDL:13/11/2007 - 11:25:54 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\Drivers\secdrv.sys [20480]
O58 - SDL:25/08/2013 - 10:30:48 ---A- . (...) -- C:\WINDOWS\system32\Drivers\StarOpen.sys [13120]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\Drivers\tsbvcap.sys [21376]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:09/11/2005 - 14:44:48 ---A- . (.Alpha Networks Inc. - ANIO (NT5) Driver.) -- C:\WINDOWS\system32\ANIO.sys [24288]
O58 - SDL:14/10/2004 - 09:29:16 ---A- . (.ANI - ANIO (NDIS4) Driver.) -- C:\WINDOWS\system32\anio4.sys [11904]
O58 - SDL:10/11/2005 - 06:13:00 ---A- . (.Alpha Networks Inc. - ANIO (NT5) Driver.) -- C:\WINDOWS\system32\ANIO64.sys [50176]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 56 Scanned in 00mn 02s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 09/12/2014 - 14:11:18 ---A- . (.F-Secure Corporation.) -- C:\Documents and Settings\UTILISATEUR\Mes documents\Téléchargements\SFR-Securite.exe [836648]
O61 - LFC: 11/12/2014 - 14:11:18 ---A- . (.F-Secure Corporation.) -- C:\Documents and Settings\UTILISATEUR\Mes documents\Téléchargements\SFR-Securite(1).exe [836648]
O61 - LFC: 14/12/2014 - 14:11:18 ---A- . (.El Desaparecido - SosVirus.net - UsbFix.net.) -- C:\Documents and Settings\UTILISATEUR\Mes documents\Téléchargements\UsbFix.exe [3989160]
O61 - LFC: 14/12/2014 - 14:11:18 ---A- . (.OldTimer Tools.) -- C:\Documents and Settings\UTILISATEUR\Mes documents\Téléchargements\OTL.exe [602112]
O61 - LFC: 15/12/2014 - 14:11:17 ---A- . (...) -- C:\Documents and Settings\UTILISATEUR\Mes documents\Téléchargements\AdwCleaner-4.1.0.5.exe [2166272]
O61 - LFC: 15/12/2014 - 14:11:19 ---A- . (.Nicolas Coolman.) -- C:\Documents and Settings\UTILISATEUR\Mes documents\Téléchargements\ZHPDiag2.exe [6860008] =>.Nicolas Coolman
O61 - LFC: 16/12/2014 - 14:11:18 ---A- . (.Malwarebytes Corporation.) -- C:\Documents and Settings\UTILISATEUR\Mes documents\Téléchargements\mbam-setup-2.0.4.1028.exe [20447072]
~ 69 Fichiers temporaires (Temporary files)
~ 16 Fichiers cookies (Cookies files)
~ Files: 7 Scanned in 00mn 59s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - http://www.usbfix.net" onclick="window.open(this.href);return false; - http://www.sosvirus.net" onclick="window.open(this.href);return false;.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 22/02/2008 - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe (ACDaemon) .(.ArcSoft Inc. - ArcSoft Connect Service.) - LEGACY_ACDAEMON
O64 - Services: CurCS - 09/11/2005 - C:\windows\system32\ANIO.sys (ANIO) .(.Alpha Networks Inc. - ANIO (NT5) Driver.) - LEGACY_ANIO
O64 - Services: CurCS - 06/10/2014 - C:\Program Files\SFR Sécurité\fshoster32.exe (fshoster) .(.F-Secure Corporation - F-Secure Host Process.) - LEGACY_FSHOSTER
O64 - Services: CurCS - 16/12/2014 - C:\windows\system32\drivers\MBAMSwissArmy.sys (MBAMSwissArmy) .(.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - LEGACY_MBAMSWISSARMY
O64 - Services: CurCS - 03/06/2004 - C:\WINDOWS\system32\DRIVERS\nvatabus.sys (nvatabus) .(.NVIDIA Corporation - NVIDIA® nForce(TM) IDE Performance Driver.) - LEGACY_NVATABUS
O64 - Services: CurCS - 29/10/2003 - C:\WINDOWS\system32\DRIVERS\nv_agp.sys (nv_agp) .(.NVIDIA Corporation - NVIDIA nForce AGP Filter.) - LEGACY_NV_AGP
O64 - Services: CurCS - 05/06/2014 - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTomHOMEService) .(.TomTom - Windows Service for TomTom HOME.) - LEGACY_TOMTOMHOMESERVICE
~ Legacy: 915 Scanned in 00mn 02s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - à‰diteur du Registre.) -- C:\WINDOWS\regedit.exe
O67 - Shell Spawning: <.scr> <scrfile>[HKLM\..\open\Command] (...) -- "%1" /S
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
~ FASS Keys: 10 Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {0939AB17-9F6C-4CD5-862D-A667486E9E29} - (Yahoo!) - http://fr.search.yahoo.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com" onclick="window.open(this.href);return false;
O69 - SBI: SearchScopes [HKCU] {9CB96984-43C3-4D44-90EF-01466EFCF7BB} - (Yahoo! (Avast)) - http://fr.search.yahoo.com" onclick="window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s



---\\ Enumère les service demarrés par Svchost (SSS) (O83)
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (...) -- C:\WINDOWS\system32\appmgmts.dll [0]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\WINDOWS\system32\audiosrv.dll [42496]
O83 - Search Svchost Services: Browser (Browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\WINDOWS\system32\browser.dll [78336]
O83 - Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation - Cryptographic Services.) -- C:\WINDOWS\system32\cryptsvc.dll [62464]
O83 - Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. - DLL Service gestionnaire de disque logique.) -- C:\WINDOWS\system32\dmserver.dll [24576]
O83 - Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation - Service client DHCP.) -- C:\WINDOWS\system32\dhcpcsvc.dll [127488]
O83 - Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation - Windows Error Reporting Service.) -- C:\WINDOWS\system32\ersvc.dll [23040]
O83 - Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation - Pas de description.) -- C:\WINDOWS\system32\es.dll [253952]
O83 - Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\system32\shsvcs.dll [135680]
O83 - Search Svchost Services: HidServ (HidServ) . (.Microsoft Corporation - HID Audio Service.) -- C:\WINDOWS\system32\hidserv.dll [21504]
O83 - Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation - Moniteur infrarouge.) -- C:\WINDOWS\system32\irmon.dll [29184]
O83 - Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation - Server Service DLL.) -- C:\WINDOWS\system32\srvsvc.dll [99840]
O83 - Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation - Workstation Service DLL.) -- C:\WINDOWS\system32\wkssvc.dll [132096]
O83 - Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation - NT Messenger Service.) -- C:\WINDOWS\system32\msgsvc.dll [33792]
O83 - Search Svchost Services: Netman (Netman) . (.Microsoft Corporation - Gestionnaire de connexions réseau.) -- C:\WINDOWS\system32\netman.dll [198144]
O83 - Search Svchost Services: Nla (Nla) . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll [247808] =>.Microsoft Corporation
O83 - Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation - Gestionnaire de stockage amovible.) -- C:\WINDOWS\system32\ntmssvc.dll [438272]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\WINDOWS\system32\rasauto.dll [88576]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\WINDOWS\system32\rasmans.dll [186368]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\WINDOWS\system32\mprdim.dll [53248]
O83 - Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation - Moteur du Planificateur de tà¢ches.) -- C:\WINDOWS\system32\schedsvc.dll [194560]
O83 - Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation - DLL de service d'ouverture de session secondaire.) -- C:\WINDOWS\system32\seclogon.dll [18944]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\WINDOWS\system32\sens.dll [39424]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l'application d'assistance à  Microsoft NAT.) -- C:\WINDOWS\system32\ipnathlp.dll [332800]
O83 - Search Svchost Services: SRService (SRService) . (.Microsoft Corporation - Service de restauration du système.) -- C:\WINDOWS\system32\srsvc.dll [171520]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows(TM).) -- C:\WINDOWS\system32\tapisrv.dll [249856]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\system32\shsvcs.dll [135680]
O83 - Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation - Distributed Link Tracking Client.) -- C:\WINDOWS\system32\trkwks.dll [90112]
O83 - Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation - Service de temps Windows.) -- C:\WINDOWS\system32\w32time.dll [178176]
O83 - Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation - Service configuration automatique sans fil.) -- C:\WINDOWS\system32\wzcsvc.dll [483840]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\WINDOWS\system32\wbem\WMIsvc.dll [145408]
O83 - Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation - Windows Security Center Service.) -- C:\WINDOWS\system32\wscsvc.dll [80896]
O83 - Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation - Network Provisioning Service.) -- C:\WINDOWS\system32\xmlprov.dll [129024]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\WINDOWS\system32\qmgr.dll [409088]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update AutoUpdate Service.) -- C:\windows\system32\wuauserv.dll [6656]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\WINDOWS\system32\shsvcs.dll [135680]
O83 - Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation - Microsoft PCHealth Service Holder.) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400]
O83 - Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation - Microsoft Media Device Service Provider.) -- C:\WINDOWS\system32\MsPMSNSv.dll [27136]
O83 - Search Svchost Services: napagent (napagent) . (.Microsoft Corporation - Exécution du service Agent de quarantaine.) -- C:\WINDOWS\system32\qagentrt.dll [293376]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\WINDOWS\system32\kmsvc.dll [61440]
~ Services: 40 Scanned in 00mn 01s



---\\ Recherche particulière à  la racine du système (SPRF) (O84)
[MD5.C439F625386EB58FA373A4EC101786BD] [SPRF][16/09/2014] (.PC Cleaners - PC Cleaner Pro.) -- C:\Documents and Settings\All Users\Application Data\pclunst.exe [9414952] =>Rogue.PCCleanerPro
[MD5.254FBCA565E049648B0CCE2CEADF05D2] [SPRF][19/07/2009] (...) -- C:\Documents and Settings\UTILISATEUR\Application Data\inst.exe [87608]
[MD5.5B6C11DE7E839C05248CED8825470FEF] [SPRF][19/07/2009] (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Documents and Settings\UTILISATEUR\Application Data\pcouffin.sys [47360]
[MD5.ADD5959782B53F5DF504D4D867151A3D] [SPRF][30/08/2010] (.Microsoft Corporation - Client Full Install Package.) -- C:\Documents and Settings\UTILISATEUR\Bureau\mssefullinstall-x86fre-fr-fr-xp.exe [11899464]
[MD5.89871C1498F2A471290F0A2C088987A6] [SPRF][25/03/2009] (.RealNetworks, Inc. - RealNetworks Installer.) -- C:\Documents and Settings\UTILISATEUR\Bureau\RealPlayer11GOLD_fr.exe [476696]
[MD5.17C995AA808CEE87A0E49A4B02E423E6] [SPRF][02/09/2010] (...) -- C:\Documents and Settings\UTILISATEUR\Bureau\revosetup.exe [2406288]
~ Files: 6 Scanned in 00mn 06s



---\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{C11CBDA9-6702-469E-9CE1-64E3971A6B44}] (PC Antivirus Pro Web Protection BHO) =>PUP.WebProtect
~ BCK: 3497 Scanned in 00mn 10s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/12/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 19/10/2005 49152 | (ANIWZCSdService) . (.Alpha Networks Inc..) - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Disabled 13/09/2014 3079488 | (LMIRescue_24882919-0c02-4d63-8f5d-3c864251866e) . (.LogMeIn, Inc..) - C:\Documents and Settings\UTILISATEUR\Local Settings\Application Data\LogMeIn Rescue Applet\LMIR0001.tmp\LMI_Rescue_srv.exe
SS - | Demand 09/12/2014 114800 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 10/10/2005 131139 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SS - | Demand 19/05/2009 240512 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 22/02/2008 104960 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 06/10/2014 187432 | (fshoster) . (.F-Secure Corporation.) - C:\Program Files\SFR Sécurité\fshoster32.exe
SR - | Auto 05/06/2014 93040 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
~ Services: Scanned in 00mn 11s



---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Run by UTILISATEUR at 16/12/2014 14:14:01
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EE1A0] >> \Device\Harddisk0\DR0[0x85178AB8]
3 CLASSPNP[0xF75F6FD7] >> ntkrnlpa!IofCallDriver[0x804EE1A0] >> \Device\00000065[0x8517CF18]
5 ACPI[0xF748C620] >> ntkrnlpa!IofCallDriver[0x804EE1A0] >> \Device\Ide\IdeDeviceP2T0L0-5[0x8517B8E8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 13 Scanned in 00mn 02s



---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog" onclick="window.open(this.href);return false;
Run by UTILISATEUR at 16/12/2014 14:14:03
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:19/07/2009 - 11:59:24 ---A- . (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\WINDOWS\system32\Drivers\pcouffin.sys [47360]
~ Emulateurs: Scanned in 00mn 04s



---\\ Scan Additionnel (O88)
Database Version : 13026 - (28/08/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 5

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\PC Cleaners] =>Rogue.PCCleanerPro^
[HKCU\Software\PartyFrance] =>Casino.OnlineGames
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{280B5D37-4A76-467A-B3D6-942FCA90ACDE}] =>Worm.Vispat
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{280B5D37-4A76-467A-B3D6-942FCA90ACDE}] =>Worm.Vispat
C:\Program Files\Vuze =>P2P.Azureus^
C:\Documents and Settings\UTILISATEUR\Application Data\Azureus =>P2P.Azureus^
C:\Documents and Settings\UTILISATEUR\Application Data\BitTorrent =>P2P.BitTorrent^
C:\Documents and Settings\UTILISATEUR\Application Data\uTorrent =>P2P.µTorrent^
C:\Documents and Settings\UTILISATEUR\Menu Démarrer\Programmes\BitTorrent =>P2P.BitTorrent^
[HKCU\Software\BitTorrent] =>P2P.BitTorrent^
[HKCU\Software\PCCleaners] =>Rogue.PCCleanerPro^
[HKLM\Software\PCCleaners] =>Rogue.PCCleanerPro^
C:\Documents and Settings\All Users\Application Data\pclunst.exe =>Rogue.PCCleanerPro^
[HKCR\CLSID\{C11CBDA9-6702-469E-9CE1-64E3971A6B44}] (PC Antivirus Pro Web Protection BHO) =>PUP.WebProtect^
~ Additionnel Scan: 186437 Items scanned in 00mn 35s



---\\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/r5-internet-ex ... ment-iepm/" onclick="window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-hel ... avigateur/" onclick="window.open(this.href);return false; =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/" onclick="window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-application ... -registre/" onclick="window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
~ http://nicolascoolman.fr/o50-image-file ... s-zhpdiag/" onclick="window.open(this.href);return false; =>.Image File Execution Options (IFEO) (O50)
~ AMI: 5 Scanned in 00mn 00s



---\\ Récapitulatif des détections trouvées sur votre station
~ MSI: 0 link(s) detected in 00mn 00s



End of the scan (1226 lines in 05mn 50s)(0)
Avatar du membre
par Evasion60
#211526
:hello: Bonjour

/!\ Je ne peux pas travailler avec un rapport coupé en plusieurs parties
Merci de l'héberger sur http://www.Cjoint.com" onclick="window.open(this.href);return false;
Coche 21 jours en lecture


:(
Avatar du membre
par whynot
#211533
Bonjour évasion 60 je suis désolé de te faire perdre ton temps, je te remercie pour ce que tu as fait mais je vais me débrouiller pour apporter mon pc à  réparer . merci encore et bonne journée sandrine
Avatar du membre
par Evasion60
#211553
:hello: Bonsoir whynot

V-X :)

Whynot ton rapport est incomplet, mais tu as l'intégralité sur ton Bureau (ZHPDiag.txt)

/!\ Je ne peux pas travailler avec un rapport coupé en plusieurs parties
Merci de l'héberger sur http://www.Cjoint.com" onclick="window.open(this.href);return false;


Aide pour héberger un rapport avec Cjoint =>


Rendez vous sur le site http://www.Cjoint.com" onclick="window.open(this.href);return false;
Cliquez sur "Parcourir" pour recueillir le rapport qui est sur votre ordinateur (ZHPDiag.txt)
Cochez "21 jours" pour la durée d'hébergement
Cliquez sur "Créer le lien Cjoint"
Dans la fenêtre suivante, vous "copiez" votre lien Cjoint
Vous "collez" ce lien dans votre réponse sur le forum qui vous aide

;)

Bonjour Emma bien pour kprm pour tes achats essa[…]

deinfecte disque dur et cle USB

salut tetedede, je crois que mon disque durs e[…]

De rien c'était un plaisir Séverine

oui j'ai oublié de l'indiquer. Le message e[…]