Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
Avatar du membre
par Phenix
#1295
2012-12-30 13h15

Infection USBFix Desktop.ini.vir et ZHPScan Trojan.Alert
================================================

Bonjour,

Merci de me donner un coup de pouce !

Mon laptop a une infection récalcitrante qui se propage aussi à  mes disques et clés externes et aux autres ordinateurs qui ont été en contact avec ces clés et disques externes...

Voici le rapport USBFix qui identifie des éléments supprimés et mis en quarantaine (dont desktop.ini.vir) et le rapport ZHPDiag qui identifie un Trojan.Alert :

Rapport USB Fix (3e rapport de désinfaction - après avoir utilisé l'outil pour la 3e fois ce matin ...) :
Code: Tout sélectionner
############################## | UsbFix V 7.102 | [Suppression]

Utilisateur: (Administrateur) #
Mis à  jour le 20/12/2012 par El Desaparecido
Lancé à  12:16:53 | 30/12/2012

Site Web: http://sosvirus.org" onclick="window.open(this.href);return false;
Contact: contact@eldesaparecido.com

PC: SAMSUNG ELECTRONICS CO., LTD. (700Z3C/700Z5C) (x64-based PC
CPU: Intel(R) Core(TM) i7-3615QM CPU @ 2.30GHz (2301)
RAM -> [Total : 7974 | Free : 6349]
BIOS: Phoenix BIOS SC-T v2.2 P04AAG
BOOT: Normal boot

OS: Microsoft Windows 7 à‰dition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Norton Internet Security [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 453 Go (411 Go libre(s) - 91%) [] # NTFS
D:\ -> CD-ROM

################## | Processus Actif |

C:\windows\system32\csrss.exe (644)
C:\windows\system32\wininit.exe (808)
C:\windows\system32\csrss.exe (828)
C:\windows\system32\services.exe (872)
C:\windows\system32\lsass.exe (888)
C:\windows\system32\lsm.exe (896)
C:\windows\system32\winlogon.exe (956)
C:\windows\system32\svchost.exe (180)
C:\windows\system32\svchost.exe (736)
C:\windows\System32\svchost.exe (1044)
C:\windows\System32\svchost.exe (1084)
C:\windows\system32\svchost.exe (1136)
C:\windows\system32\svchost.exe (1240)
C:\windows\system32\Dwm.exe (1572)
C:\windows\system32\svchost.exe (1704)
C:\windows\system32\svchost.exe (1996)
C:\windows\system32\svchost.exe (2292)
C:\windows\system32\wbem\unsecapp.exe (2640)
C:\windows\system32\wbem\wmiprvse.exe (2716)
C:\windows\system32\svchost.exe (3332)
C:\windows\system32\svchost.exe (3380)
C:\windows\system32\wbem\wmiprvse.exe (3508)
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (4696)
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (4340)
C:\Program Files\Intel\iCLS Client\HeciServer.exe (5360)
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (3100)
C:\windows\System32\rundll32.exe (4860)
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (4796)
C:\windows\system32\SearchIndexer.exe (2712)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (5752)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (5916)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3284)
C:\windows\Explorer.exe (1236)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (4260)
C:\Program Files (x86)\Internet Explorer\iexplore.exe (4136)
C:\windows\System32\spoolsv.exe (5592)
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (4172)
C:\UsbFix\Go.exe (3452)

################## | Processus Stoppés |

Stoppé! C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (4696)
Stoppé! C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (4340)
Stoppé! C:\Program Files\Intel\iCLS Client\HeciServer.exe (5360)
Stoppé! C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (3100)
Stoppé! C:\windows\System32\rundll32.exe (4860)
Stoppé! C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (4796)
Stoppé! C:\windows\system32\SearchIndexer.exe (2712)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (5752)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (5916)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3284)
Stoppé! C:\windows\Explorer.exe (1236)
Stoppé! C:\Program Files (x86)\Internet Explorer\iexplore.exe (4260)
Stoppé! C:\Program Files (x86)\Internet Explorer\iexplore.exe (4136)
Stoppé! C:\windows\System32\spoolsv.exe (5592)
Stoppé! C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (4172)

################## | à‰léments infectieux |

Supprimé! C:\$RECYCLE.BIN\S-1-5-21-2301189805-754272816-1718501073-1001

(!) Fichiers temporaires supprimés.

################## | Registre |


################## | Mountpoints2 |


################## | Listing |

[30/12/2012 - 12:17:02 | SHD ] C:\$Recycle.Bin
[30/12/2012 - 12:15:43 | RASHD ] C:\Autorun.inf
[27/12/2012 - 22:35:05 | D ] C:\Config.Msi
[27/12/2012 - 21:05:07 | N | 0] C:\detestfrag.txt
[14/07/2009 - 00:08:56 | SHD ] C:\Documents and Settings
[30/12/2012 - 12:02:10 | ASH | 8360857600] C:\hiberfil.sys
[26/03/2012 - 13:38:08 | D ] C:\Intel
[26/03/2012 - 14:08:25 | N | 32] C:\kiessetup.log
[27/12/2012 - 21:05:07 | N | 41592] C:\mbr1.txt
[30/12/2012 - 12:02:12 | ASH | 8360857600] C:\pagefile.sys
[13/07/2009 - 22:20:08 | D ] C:\PerfLogs
[30/12/2012 - 12:09:18 | N | 512] C:\PhysicalDisk0_MBR.bin
[26/03/2012 - 14:48:27 | D ] C:\Program Files
[30/12/2012 - 11:12:55 | D ] C:\Program Files (x86)
[27/12/2012 - 21:34:41 | HD ] C:\ProgramData
[27/12/2012 - 20:57:09 | SHD ] C:\Recovery
[26/03/2012 - 13:38:03 | N | 2184] C:\RHDSetup.log
[26/03/2012 - 14:50:21 | D ] C:\samsung
[26/03/2012 - 14:19:19 | N | 163] C:\setup.log
[29/12/2012 - 19:38:00 | SHD ] C:\System Volume Information
[30/12/2012 - 12:17:02 | D ] C:\UsbFix
[30/12/2012 - 12:16:55 | A | 5273] C:\UsbFix.txt
[30/12/2012 - 12:15:43 | N | 2414] C:\UsbFix_Upload_Me_UTILISATEUR-PC.zip
[27/12/2012 - 21:01:11 | D ] C:\Users
[30/12/2012 - 12:01:43 | D ] C:\Windows
[30/12/2012 - 12:13:21 | D ] C:\ZHP

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_UTILISATEUR.zip
http://eldesaparecido.com/upload.php" onclick="window.open(this.href);return false;
Merci de votre contribution.

################## | E.O.F |
Rapport abrégé ZHPDiag :
Code: Tout sélectionner
Rapport de ZHPDiag v1.33.29 par Nicolas Coolman, Update du 30/12/2012
Run by Utilisateur at 2012-12-30 12:08:30
State : Version à  jour.
UAC : Deactivate by program


---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Utilisateur\AppData\Roaming\
~ %Desktop% : C:\Users\Utilisateur\Desktop\
~ %Favorites% : C:\Users\Utilisateur\Favorites\
~ %LocalAppData% : C:\Users\Utilisateur\AppData\Local\
~ %StartMenu% : C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\


---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ Scan Keys in 00mn 00s


---\\ Scan Additionnel (O88)
Database Version : 10233 - (2012-12-30)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}] =>Toolbar.Agent
[HKCU\Software\{B2CB09FF-2453-4f85-9F40-21C05BE4CBA8}] =>Trojan.Agent
~ Scan Additionnel in 00mn 07s


---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-2301189805-754272816-1718501073-1001-2301189805-754272816-1718501073-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-2301189805-754272816-1718501073-1001-2301189805-754272816-1718501073-1000\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Scan Application in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 295.) - C:\windows\system32\nvinitx.dll
~ Scan AppInit DLL in 00mn 00s


---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s


---\\ Tà¢ches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[MD5.FD674B6D10C38AAAD412867980DF14AA] [APT] [advSRS5] (.SEC.) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
[MD5.784C46078733CE7915B0810E1DD2FB34] [APT] [EasyDisplayMgr] (.Samsung Electronics Co., Ltd..) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
[MD5.C7AAC31A910E4BBFDF94D3786ED13E71] [APT] [ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d] (.Intel Corporation.) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
[MD5.C7AAC31A910E4BBFDF94D3786ED13E71] [APT] [ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon] (.Intel Corporation.) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
[MD5.4D9A519FB2231F088910D57F05AE1AB5] [APT] [KiesHelper] (.Samsung.) -- C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
[MD5.B00F98FF6FE8682FF941BEB2559BF191] [APT] [MirageAgent] (.CyberLink.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
[MD5.591CC20D2FB85ACF1823734FA225FEDC] [APT] [Norton WSC Integration] (.Symantec Corporation.) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\WSCStub.exe
[MD5.0B236192CBDD38D2588C3C926B4FDA5B] [APT] [Norton Error Analyzer] (.Symantec Corporation.) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\SymErr.exe
[MD5.0B236192CBDD38D2588C3C926B4FDA5B] [APT] [Norton Error Processor] (.Symantec Corporation.) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\SymErr.exe
~ Scan Scheduled Task in 00mn 00s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll
O40 - ASIC: Internet Explorer [64Bits] - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: Browser Customizations [64Bits] - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Personnalisation d‚IEAK.) -- C:\Windows\System32\iedkcs32.dll
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll
O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe
O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll
O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Scan Active Setup in 00mn 00s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (excfs) . (.Diskeeper Corporation - ExpressCache Filesystem Filter Driver.) - C:\Windows\System32\DRIVERS\excfs.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\System32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: (SABI) . (.SAMSUNG ELECTRONICS - SAMSUNG Kernel Driver.) - C:\windows\system32\Drivers\SABI.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (VWiFiFlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
~ Scan Drivers in 00mn 00s




---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2012-03-26 - 13:41:54 - [6,757] ----D C:\Program Files (x86)\Cisco
O43 - CFD: 2012-12-27 - 22:21:53 - [161,406] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 2012-03-26 - 13:56:28 - [1084,268] ----D C:\Program Files (x86)\CyberLink
O43 - CFD: 2012-03-26 - 14:19:01 - [102,166] ----D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 2012-12-27 - 20:57:46 - [309,318] ----D C:\Program Files (x86)\Intel
O43 - CFD: 2012-03-26 - 13:44:40 - [72,369] ----D C:\Program Files (x86)\Intel Corporation
O43 - CFD: 2012-12-27 - 22:34:31 - [4,933] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 2012-03-26 - 14:07:21 - [2,414] ----D C:\Program Files (x86)\MarkAny
O43 - CFD: 2012-03-26 - 15:06:25 - [17,977] ----D C:\Program Files (x86)\Microsoft
O43 - CFD: 2012-03-26 - 14:43:35 - [6,126] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 2012-12-27 - 22:35:05 - [36,641] ----D C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 2012-03-26 - 14:53:52 - [1,745] ----D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 2012-12-27 - 21:38:03 - [0,015] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 2009-07-14 - 00:32:38 - [0,025] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 2012-03-26 - 13:58:28 - [226,948] ----D C:\Program Files (x86)\Norton Internet Security
O43 - CFD: 2012-03-26 - 13:57:43 - [38,213] ----D C:\Program Files (x86)\NortonInstaller
O43 - CFD: 2012-03-26 - 13:40:24 - [103,594] ----D C:\Program Files (x86)\NVIDIA Corporation
O43 - CFD: 2012-12-29 - 18:45:19 - [171,229] ----D C:\Program Files (x86)\Panda Security
O43 - CFD: 2012-03-26 - 13:40:53 - [5,867] ----D C:\Program Files (x86)\Realtek
O43 - CFD: 2009-07-14 - 00:32:38 - [37,349] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 2012-03-26 - 14:09:59 - [659,287] ----D C:\Program Files (x86)\Samsung
O43 - CFD: 2012-12-27 - 22:21:53 - [16,855] R---D C:\Program Files (x86)\Skype
O43 - CFD: 2012-03-26 - 13:59:59 - [6,148] ----D C:\Program Files (x86)\Symantec
O43 - CFD: 2012-03-26 - 13:38:03 - [0] ----D C:\Program Files (x86)\Temp
O43 - CFD: 2009-07-13 - 23:57:06 - [0] ----D C:\Program Files (x86)\Uninstall Information
O43 - CFD: 2012-03-26 - 14:18:11 - [230,244] ----D C:\Program Files (x86)\WildGames
O43 - CFD: 2012-12-29 - 09:29:21 - [0,500] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 2012-03-26 - 15:06:19 - [543,559] ----D C:\Program Files (x86)\Windows Live
O43 - CFD: 2012-12-29 - 09:29:21 - [5,895] ----D C:\Program Files (x86)\Windows Mail
O43 - CFD: 2012-12-29 - 09:29:21 - [4,791] ----D C:\Program Files (x86)\Windows Media Player
O43 - CFD: 2009-07-14 - 00:32:38 - [11,632] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 2012-12-29 - 09:29:21 - [4,213] ----D C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 2010-11-20 - 22:31:38 - [0,181] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 2012-12-29 - 09:29:21 - [5,717] ----D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 2012-12-30 - 12:08:33 - [10,192] ----D C:\Program Files (x86)\ZHPDiag
O43 - CFD: 2012-03-26 - 13:47:08 - [0] ----D C:\Program Files (x86)\Common Files\CyberLink
O43 - CFD: 2012-03-26 - 13:37:32 - [3,522] ----D C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 2012-03-26 - 13:38:56 - [14,075] ----D C:\Program Files (x86)\Common Files\Intel
O43 - CFD: 2012-03-26 - 13:44:42 - [71,022] ----D C:\Program Files (x86)\Common Files\Intel Corporation
O43 - CFD: 2012-03-26 - 14:48:13 - [20,982] ----D C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 2012-03-26 - 13:36:45 - [0,185] ----D C:\Program Files (x86)\Common Files\postureAgent
O43 - CFD: 2009-07-13 - 22:20:08 - [0,003] ----D C:\Program Files (x86)\Common Files\Services
O43 - CFD: 2012-12-27 - 22:21:53 - [2,056] ----D C:\Program Files (x86)\Common Files\Skype
O43 - CFD: 2009-07-13 - 22:20:08 - [39,200] ----D C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 2012-12-27 - 22:03:42 - [0,595] ----D C:\Program Files (x86)\Common Files\Symantec Shared
O43 - CFD: 2012-12-29 - 09:29:21 - [9,767] ----D C:\Program Files (x86)\Common Files\System
O43 - CFD: 2012-03-26 - 14:46:27 - [0] ----D C:\Program Files (x86)\Common Files\Windows Live
O43 - CFD: 2009-07-14 - 00:08:56 - [0] --H-D C:\ProgramData\Application Data
O43 - CFD: 2012-03-26 - 13:51:27 - [0,033] ----D C:\ProgramData\CyberLink
O43 - CFD: 2009-07-14 - 00:08:56 - [0] --H-D C:\ProgramData\Desktop
O43 - CFD: 2012-03-26 - 13:46:03 - [52,173] ----D C:\ProgramData\Diskeeper Corporation
O43 - CFD: 2009-07-14 - 00:08:56 - [0] --H-D C:\ProgramData\Documents
O43 - CFD: 2009-07-14 - 00:08:56 - [0] --H-D C:\ProgramData\Favorites
O43 - CFD: 2012-12-27 - 22:35:18 - [0,089] ----D C:\ProgramData\Geek Squad
O43 - CFD: 2012-03-26 - 13:44:40 - [0,157] ----D C:\ProgramData\Intel
O43 - CFD: 2012-12-27 - 20:57:09 - [1886,358] -S--D C:\ProgramData\Microsoft
O43 - CFD: 2012-12-27 - 20:59:42 - [224,026] ----D C:\ProgramData\Norton
O43 - CFD: 2012-03-26 - 13:57:43 - [0,782] ----D C:\ProgramData\NortonInstaller
O43 - CFD: 2012-03-26 - 14:39:45 - [3,276] ----D C:\ProgramData\NVIDIA
O43 - CFD: 2012-03-26 - 13:39:37 - [0,959] ----D C:\ProgramData\NVIDIA Corporation
O43 - CFD: 2012-03-26 - 13:42:24 - [0] ----D C:\ProgramData\Roaming
O43 - CFD: 2012-03-26 - 15:15:33 - [22,499] ----D C:\ProgramData\SAMSUNG
O43 - CFD: 2012-12-27 - 22:21:59 - [37,892] ----D C:\ProgramData\Skype
O43 - CFD: 2009-07-14 - 00:08:56 - [0] --H-D C:\ProgramData\Start Menu
O43 - CFD: 2012-03-26 - 13:59:59 - [0,002] ----D C:\ProgramData\Symantec
O43 - CFD: 2012-03-26 - 13:55:20 - [0,293] ----D C:\ProgramData\Temp
O43 - CFD: 2009-07-14 - 00:08:56 - [0] --H-D C:\ProgramData\Templates
O43 - CFD: 2012-03-26 - 14:18:12 - [1559,621] ----D C:\ProgramData\WildTangent
O43 - CFD: 2012-12-27 - 23:16:47 - [14,388] ----D C:\ProgramData\WinClon
O43 - CFD: 2012-12-27 - 21:03:34 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\Adobe
O43 - CFD: 2012-12-27 - 21:01:20 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\Identities
O43 - CFD: 2012-12-27 - 20:57:39 - [0,001] ----D C:\Users\Utilisateur\AppData\Roaming\Intel
O43 - CFD: 2012-12-29 - 20:36:30 - [0,001] ----D C:\Users\Utilisateur\AppData\Roaming\Macromedia
O43 - CFD: 2012-03-26 - 20:44:01 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\Media Center Programs
O43 - CFD: 2012-12-29 - 20:45:23 - [2,918] -S--D C:\Users\Utilisateur\AppData\Roaming\Microsoft
O43 - CFD: 2012-12-27 - 22:22:10 - [1,453] ----D C:\Users\Utilisateur\AppData\Roaming\Skype
O43 - CFD: 2012-12-27 - 20:57:38 - [0] ----D C:\Users\Utilisateur\AppData\Local\Application Data
O43 - CFD: 2012-12-27 - 20:57:38 - [0] ----D C:\Users\Utilisateur\AppData\Local\Historique
O43 - CFD: 2012-12-28 - 09:50:33 - [0] ----D C:\Users\Utilisateur\AppData\Local\LogMeIn Rescue Applet
O43 - CFD: 2012-12-27 - 21:02:39 - [47,905] ----D C:\Users\Utilisateur\AppData\Local\Microsoft
O43 - CFD: 2012-12-27 - 21:01:57 - [0,039] ----D C:\Users\Utilisateur\AppData\Local\Power2Go
O43 - CFD: 2012-12-29 - 16:09:25 - [0,010] ----D C:\Users\Utilisateur\AppData\Local\Samsung
O43 - CFD: 2012-12-30 - 12:05:38 - [0,003] ----D C:\Users\Utilisateur\AppData\Local\Temp
O43 - CFD: 2012-12-27 - 20:57:38 - [0] ----D C:\Users\Utilisateur\AppData\Local\Temporary Internet Files
O43 - CFD: 2012-12-27 - 20:58:09 - [0] ----D C:\Users\Utilisateur\AppData\Local\VirtualStore
O43 - CFD: 2009-07-13 - 23:54:32 - [0,014] R---D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 2012-12-27 - 22:35:17 - [0,000] R---D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 2009-07-13 - 23:49:38 - [0,001] R---D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 2012-12-27 - 22:35:17 - [0,000] R---D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
~ Scan Program Folder in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.BC4133E8F2311394FF990DE5A8F2F7D9] - 2009-11-09 - 03:32:02 ---A- . (...) -- C:\Windows\surbey.ico [562718]
O44 - LFC:[MD5.C118A82CD78818C29AB228366EBF81C3] - 2011-11-17 - 01:33:55 . (...) -- C:\Windows\System32\lsass.exe [206462]
O44 - LFC:[MD5.66A6063D0BAAD3F7B2B9868859E0743B] - 2011-11-17 - 01:35:19 . (...) -- C:\Windows\System32\lsasrv.dll [206462]
O44 - LFC:[MD5.45CFBFA8EDC3DF4E2B7FB0D0260FE051] - 2012-05-14 - 00:26:34 . (...) -- C:\Windows\System32\localspl.dll [206462]
O44 - LFC:[MD5.0B984635501604D42A7A1AC7DA191376] - 2012-11-28 - 15:58:30 . (...) -- C:\Windows\System32\MRT.exe [206462]
O44 - LFC:[MD5.CB2ABB2DA1E9C977302A78D86D4AE3B0] - 2012-12-16 - 09:45:03 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\SysNative\atmfd.dll [367616]
O44 - LFC:[MD5.CB2ABB2DA1E9C977302A78D86D4AE3B0] - 2012-12-16 - 09:45:03 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\System32\atmfd.dll [367616]
O44 - LFC:[MD5.2ED72B3F76C9368ABC01464DA64DB7AE] - 2012-12-16 - 12:11:22 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\SysNative\atmlib.dll [46080]
O44 - LFC:[MD5.2ED72B3F76C9368ABC01464DA64DB7AE] - 2012-12-16 - 12:11:22 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\System32\atmlib.dll [46080]
O44 - LFC:[MD5.04D98743206D094FFB2D43EA89A4E36B] - 2012-12-27 - 06:56:57 ---A- . (...) -- C:\Windows\SysNative\license.rtf [206462]
O44 - LFC:[MD5.04D98743206D094FFB2D43EA89A4E36B] - 2012-12-27 - 06:56:57 ---A- . (...) -- C:\Windows\System32\license.rtf [206462]
O44 - LFC:[MD5.2A127D4847A4698935D28E5E0FF9394E] - 2012-12-27 - 20:57:40 ---A- . (...) -- C:\Windows\LCDStretchMode.log [1586]
O44 - LFC:[MD5.4EFCE916E758716C9F4D22194168955A] - 2012-12-27 - 20:59:01 ---A- . (...) -- C:\Windows\SetDisplayResolution.log [14053]
O44 - LFC:[MD5.6EA0E0507BCB5A2EE81D94753F15F8BA] - 2012-12-27 - 21:01:02 ---A- . (...) -- C:\Windows\DPINST.LOG [13210]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2012-12-27 - 21:05:07 ----- . (...) -- C:\detestfrag.txt [0]
O44 - LFC:[MD5.73505D239F4EB34EF9C88456EED2DDC1] - 2012-12-27 - 21:05:07 ----- . (...) -- C:\mbr1.txt [41592]
O44 - LFC:[MD5.FF40BBF5EAFC30D502B3D96BC1CF2B11] - 2012-12-27 - 22:35:10 ---A- . (...) -- C:\Windows\SysNative\FNTCACHE.DAT [277648]
O44 - LFC:[MD5.AA593436C035E9C6F8CCC9C056D48BD9] - 2012-12-29 - 20:52:54 ---A- . (...) -- C:\UsbFix.txt [10778]
O44 - LFC:[MD5.1E37996765526F7E1CA776D857E0C955] - 2012-12-29 - 20:52:54 ---A- . (...) -- C:\UsbFix_Upload_Me_UTILISATEUR-PC.zip [5289]
O44 - LFC:[MD5.C9B5FD451BA4FBD742970F8A94DD4FBA] - 2012-12-30 - 12:01:43 ---A- . (...) -- C:\Windows\PFRO.log [5618]
O44 - LFC:[MD5.75BB6DC1D22538207CBA4614FD8FC26A] - 2012-12-30 - 12:01:54 ---A- . (...) -- C:\Windows\ntbtlog.txt [268174]
O44 - LFC:[MD5.E001741675D7CDBD023B3EC78E409743] - 2012-12-30 - 12:02:14 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.26FC72AD76B50C9B3D24412A8606D9DD] - 2012-12-30 - 12:02:16 ---A- . (...) -- C:\Windows\setupact.log [42317]
O44 - LFC:[MD5.9ED58DE21C8D42E9D8A104347EB4939E] - 2012-12-30 - 12:05:22 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1297123]
O44 - LFC:[MD5.4D88265A595F61B4860CBC9267FE9567] - 2012-12-30 - 12:05:42 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]
O44 - LFC:[MD5.9EAF2F06AA660D45D5179220AA2C5BE8] - 2012-12-30 - 12:06:30 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [1549700]
O44 - LFC:[MD5.2C3B82E4B8D9F3452153B2234D904A36] - 2012-12-30 - 12:06:30 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [106388]
O44 - LFC:[MD5.6E787897E8629356821CBEF1179937EB] - 2012-12-30 - 12:06:30 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat [130754]
O44 - LFC:[MD5.6BBCEC9F83A495704E014903DBD5DDC1] - 2012-12-30 - 12:06:30 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [616008]
O44 - LFC:[MD5.BE7A8FF4DE5AC72DFA79E7CAA96AD1F3] - 2012-12-30 - 12:06:30 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat [704480]
~ Scan Files in 00mn 01s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.693096ECC99D1127E7D257E172249ACE] - 2012-12-28 - 02:08:14 ---A- - C:\Windows\Prefetch\AgAppLaunch.db
O45 - LFCP:[MD5.15FF3AB8E342D79669FA585FD28C5907] - 2012-12-28 - 02:09:11 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf
O45 - LFCP:[MD5.C4A9CE349D9FBAFEC75D4A4D6B29DB6D] - 2012-12-28 - 16:46:22 ---A- - C:\Windows\Prefetch\IGFXEXT.EXE-D5F523DB.pf
O45 - LFCP:[MD5.6D5182FEF81BC89D83FA0F4C09C75688] - 2012-12-28 - 16:53:26 ---A- - C:\Windows\Prefetch\ARA.EXE-F9E9DF84.pf
O45 - LFCP:[MD5.984CBEFEC6AD4F0F9D459311A390DDBE] - 2012-12-28 - 16:53:42 ---A- - C:\Windows\Prefetch\SDCLT.EXE-E10B972A.pf
O45 - LFCP:[MD5.A19D1B0CE448535F7C0445D6CDB80497] - 2012-12-28 - 19:57:16 ---A- - C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf
O45 - LFCP:[MD5.BC1A5376355E234B70AD471F7DC6EC85] - 2012-12-28 - 20:00:01 ---A- - C:\Windows\Prefetch\WSQMCONS.EXE-118B52B7.pf
O45 - LFCP:[MD5.4E5806A85065E3012AC1D99FCACED155] - 2012-12-29 - 09:01:58 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-0A6AE3B2.pf
O45 - LFCP:[MD5.1C262D3D628A24509DD076A8840013DB] - 2012-12-29 - 09:01:58 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-D305612A.pf
O45 - LFCP:[MD5.28DDA4166E7C267A9B3C24D7E9A4046A] - 2012-12-29 - 09:05:13 ---A- - C:\Windows\Prefetch\ASOELNCH.EXE-A664DB6B.pf
O45 - LFCP:[MD5.1BB1966E1150458DAAEFD374D9BB4D97] - 2012-12-29 - 09:27:19 ---A- - C:\Windows\Prefetch\WMPNSCFG.EXE-FC0D39BF.pf
O45 - LFCP:[MD5.FE33136C22D505ABAEB746F7F8C9494C] - 2012-12-29 - 09:27:22 ---A- - C:\Windows\Prefetch\AgCx_SC1.db.trx
O45 - LFCP:[MD5.45FEBAA9D8C22D2BD87A69548B994CA0] - 2012-12-29 - 09:28:23 ---A- - C:\Windows\Prefetch\AgCx_SC1.db
O45 - LFCP:[MD5.82F0A9B00E5394184AE5B450D728D739] - 2012-12-29 - 09:29:23 ---A- - C:\Windows\Prefetch\POQEXEC.EXE-69592829.pf
O45 - LFCP:[MD5.F8A6C4DD6B83F4E10DD946B793B2B801] - 2012-12-29 - 16:08:05 ---A- - C:\Windows\Prefetch\SAMOYEDAGENT.EXE-230AD80D.pf
O45 - LFCP:[MD5.8664D6B96FBE110A180DA67AE3BABF1A] - 2012-12-29 - 16:08:30 ---A- - C:\Windows\Prefetch\MRI.EXE-977C572C.pf
O45 - LFCP:[MD5.19BEF5E136BCAE126898CF3A33927C6D] - 2012-12-29 - 16:08:52 ---A- - C:\Windows\Prefetch\NOBUAGENT.EXE-8FDB8677.pf
O45 - LFCP:[MD5.7FC39A89C224FF44EA8CF5E79E904958] - 2012-12-29 - 16:10:27 ---A- - C:\Windows\Prefetch\MSCONFIG.EXE-3A52734E.pf
O45 - LFCP:[MD5.87E14CF25AAA69724F38F7C019E9F332] - 2012-12-29 - 16:10:28 ---A- - C:\Windows\Prefetch\TASKMGR.EXE-5F5F473D.pf
O45 - LFCP:[MD5.C13BA7F8D676ADB79AC176DB93FB9639] - 2012-12-29 - 16:11:36 ---A- - C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf
O45 - LFCP:[MD5.03873BE8D970A77E43661B1889B102C8] - 2012-12-29 - 16:12:13 ---A- - C:\Windows\Prefetch\SYSTEMPROPERTIESADVANCED.EXE-68C7C4F0.pf
O45 - LFCP:[MD5.CA24E960E52AD8FADEB3D7005989D16D] - 2012-12-29 - 16:12:43 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin
O45 - LFCP:[MD5.BE86584F4F01E89778FD3024B3DF6BF9] - 2012-12-29 - 18:35:29 ---A- - C:\Windows\Prefetch\IWRAP.EXE-20582B89.pf
O45 - LFCP:[MD5.0EB5E41DD93A705BAC6AFA90086B56CA] - 2012-12-29 - 18:37:06 ---A- - C:\Windows\Prefetch\DAEMONU.EXE-79EAD54C.pf
O45 - LFCP:[MD5.71A22AF317CC69688730AC423349EF8B] - 2012-12-29 - 18:37:07 ---A- - C:\Windows\Prefetch\CCSVCHST.EXE-6DAEC457.pf
O45 - LFCP:[MD5.0568B79BD49F811799AD3014BDEFCB8A] - 2012-12-29 - 18:37:08 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-DE976B47.pf
O45 - LFCP:[MD5.50638E0EA22335D19EDB80EFD8628202] - 2012-12-29 - 18:37:22 ---A- - C:\Windows\Prefetch\NOBUCLIENT.EXE-0874E89F.pf
O45 - LFCP:[MD5.B42E942D67BCCFDA473721FE96AE3D14] - 2012-12-29 - 18:42:02 ---A- - C:\Windows\Prefetch\CLTLMH.EXE-8D123476.pf
O45 - LFCP:[MD5.C343B5F4EB858A22A51EC14F006B238E] - 2012-12-29 - 18:45:09 ---A- - C:\Windows\Prefetch\IEINSTAL.EXE-9C71E8B0.pf
O45 - LFCP:[MD5.49E78CEEAB1F48A5213C6106CEC329F1] - 2012-12-29 - 18:45:12 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-5C0A7A6A.pf
O45 - LFCP:[MD5.A3606543E9953E619781679900D0D3F7] - 2012-12-29 - 18:45:22 ---A- - C:\Windows\Prefetch\REGSVR32.EXE-D5170E12.pf
O45 - LFCP:[MD5.2184E3B869A4EB17D0E42C0D77B839E5] - 2012-12-29 - 18:45:22 ---A- - C:\Windows\Prefetch\RUNONCE.EXE-0E293DD6.pf
O45 - LFCP:[MD5.20E3F20072D39D9A2FBD81E2D513A953] - 2012-12-29 - 18:47:50 ---A- - C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf
O45 - LFCP:[MD5.E1C5C234014BCABB484E8D6B594C8847] - 2012-12-29 - 19:00:13 ---A- - C:\Windows\Prefetch\SOFTWARE LAUNCHER.EXE-9292D60D.pf
O45 - LFCP:[MD5.876A96CAE7FAF33F32AC5E97471A9D52] - 2012-12-29 - 19:00:21 ---A- - C:\Windows\Prefetch\SOUNDALIVERUN64.EXE-53E16E97.pf
O45 - LFCP:[MD5.8441F16DD10FCC0C20D86F7B14F43384] - 2012-12-29 - 19:00:21 ---A- - C:\Windows\Prefetch\SOUNDALIVEUTILX64.EXE-BAE83784.pf
O45 - LFCP:[MD5.49049C89623FDD08791E3FC524511E60] - 2012-12-29 - 19:00:28 ---A- - C:\Windows\Prefetch\CONTROLCENTER.EXE-7C09A58C.pf
O45 - LFCP:[MD5.D35E4C46309BFB8E4EB18ED282BF0CD5] - 2012-12-29 - 19:05:21 ---A- - C:\Windows\Prefetch\EXPRESSCACHERUN64.EXE-A5A84E5B.pf
O45 - LFCP:[MD5.B3329245ACAF33D5BBB5F5929A7840E1] - 2012-12-29 - 19:13:01 ---A- - C:\Windows\Prefetch\WMIAPSRV.EXE-29F35ED0.pf
O45 - LFCP:[MD5.E33678F82039196BB78BC161F9628854] - 2012-12-29 - 19:37:57 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-DD5E21F2.pf
O45 - LFCP:[MD5.4D42B1809E0CA535B16793F013EB22DB] - 2012-12-29 - 19:49:54 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-7D7EBC64.pf
O45 - LFCP:[MD5.253A2CFFDB1293FDED926B89D2CE8451] - 2012-12-29 - 20:36:44 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-0C9AAE75.pf
O45 - LFCP:[MD5.963AB681852F27E9D98F6FA774EEE18B] - 2012-12-29 - 20:45:24 ---A- - C:\Windows\Prefetch\MMC.EXE-7308A8A3.pf
O45 - LFCP:[MD5.4263DD8AA2592B068996F22A0F942E80] - 2012-12-29 - 20:45:33 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-88E42EAD.pf
O45 - LFCP:[MD5.F99D22FA68C91CC814AE0A1A7A7F46C1] - 2012-12-29 - 20:47:45 ---A- - C:\Windows\Prefetch\IGFXSRVC.EXE-96A493A4.pf
O45 - LFCP:[MD5.96A90634F8CE78A6744C950787A72057] - 2012-12-29 - 20:48:26 ---A- - C:\Windows\Prefetch\HELPPANE.EXE-FEDC965B.pf
O45 - LFCP:[MD5.87F87451B5CAA3429EF12280DA7DA80D] - 2012-12-29 - 20:48:27 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-594C560E.pf
O45 - LFCP:[MD5.CC9E2660371F717660F6980C05E6C103] - 2012-12-29 - 20:48:32 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-82BE5716.pf
O45 - LFCP:[MD5.71971897D3F1B152F370B1418F53921C] - 2012-12-29 - 20:52:01 ---A- - C:\Windows\Prefetch\USBFIX.EXE-DF7E2C78.pf
O45 - LFCP:[MD5.853A882B1918D22F692B308BB3221FEC] - 2012-12-29 - 20:52:10 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-AF96FD2E.pf
O45 - LFCP:[MD5.8BE88F0582D544825F39AE659918ED9D] - 2012-12-29 - 20:52:10 ---A- - C:\Windows\Prefetch\WSCRIPT.EXE-9093C9D0.pf
O45 - LFCP:[MD5.BC0747DB2228B7E4EC2A566B64579171] - 2012-12-29 - 20:52:12 ---A- - C:\Windows\Prefetch\GO.EXE-0A7DE786.pf
O45 - LFCP:[MD5.4FC28AE0D5F8AF92B8C0F027D42BD6DE] - 2012-12-29 - 20:52:13 ---A- - C:\Windows\Prefetch\GREP.COM-A0F2EC80.pf
O45 - LFCP:[MD5.0ABDAA53141D73EFB0665F303EC03211] - 2012-12-29 - 20:52:22 ---A- - C:\Windows\Prefetch\HECISERVER.EXE-27DA4210.pf
O45 - LFCP:[MD5.BFF9179804D1CBF0CDB818624F09FDD5] - 2012-12-29 - 20:52:36 ---A- - C:\Windows\Prefetch\SEARCHINDEXER.EXE-4A6353B9.pf
O45 - LFCP:[MD5.441D779659DB8CF0DD471FF67C623EA9] - 2012-12-29 - 20:52:54 ---A- - C:\Windows\Prefetch\ZIP.COM-CFC974C9.pf
O45 - LFCP:[MD5.F1C292CBA6D51998B26CAA60495AAAB8] - 2012-12-29 - 20:53:04 ---A- - C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
O45 - LFCP:[MD5.ED83EF0ABB566386A4328A7174F8AAE7] - 2012-12-29 - 20:53:17 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-1605FA5B.pf
O45 - LFCP:[MD5.CD3353126F603C1309E78D7E376BB2CE] - 2012-12-29 - 20:53:22 ---A- - C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf
O45 - LFCP:[MD5.8FCFC5A8F1DBF6818E1B6EF1269E9B3E] - 2012-12-29 - 20:55:13 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-FC4C4534.pf
O45 - LFCP:[MD5.493487FF7AB76916FA534EB46CCA8C15] - 2012-12-29 - 20:55:18 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-E653440D.pf
O45 - LFCP:[MD5.2F63A9007F9654842965067B73465A41] - 2012-12-29 - 20:58:00 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-0DA32766.pf
O45 - LFCP:[MD5.B8972BDAEAF04233CEDCA29C35922B9A] - 2012-12-29 - 20:58:00 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-C5D5084E.pf
O45 - LFCP:[MD5.0E06D70D922C8391AC10AC47B742A9DD] - 2012-12-29 - 21:29:15 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-1C37F0CA.pf
O45 - LFCP:[MD5.7A7762CBA598577747CD0078116386B8] - 2012-12-30 - 00:00:01 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-5B3E6BB2.pf
O45 - LFCP:[MD5.C44C6A8878D783FDF7B0CA2078B19F54] - 2012-12-30 - 00:00:11 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-8F6A8F43.pf
O45 - LFCP:[MD5.E1A0E7BD7E772F9B8E31476FC0313B48] - 2012-12-30 - 00:00:11 ---A- - C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf
O45 - LFCP:[MD5.11C85933068F1822DCB526E6C5DD1D34] - 2012-12-30 - 00:30:02 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-2EE46A2D.pf
O45 - LFCP:[MD5.9E2AC4619970AAFAEA3BA6F66894727D] - 2012-12-30 - 01:00:02 ---A- - C:\Windows\Prefetch\CSC.EXE-BE9AC2DF.pf
O45 - LFCP:[MD5.F0B2E856E92BB795AD69558C6FDB5A74] - 2012-12-30 - 01:00:02 ---A- - C:\Windows\Prefetch\CVTRES.EXE-2B9D810D.pf
O45 - LFCP:[MD5.C4F262168D18CA7DC4F2292815D5B8A1] - 2012-12-30 - 01:00:02 ---A- - C:\Windows\Prefetch\PING.EXE-7E94E73E.pf
O45 - LFCP:[MD5.688DC913C321DB3924E460B349A692F9] - 2012-12-30 - 01:00:02 ---A- - C:\Windows\Prefetch\W32TM.EXE-1101AF41.pf
O45 - LFCP:[MD5.D6462C66D186F99E8E058D5C65F4E8AF] - 2012-12-30 - 01:00:03 ---A- - C:\Windows\Prefetch\SDIAGNHOST.EXE-8D72177C.pf
O45 - LFCP:[MD5.B2B3D217114AE1A2C5A18FD40B5AF5A5] - 2012-12-30 - 01:05:46 ---A- - C:\Windows\Prefetch\Layout.ini
O45 - LFCP:[MD5.78F2B20DE8F52CB4704431B4C8F0A644] - 2012-12-30 - 02:32:15 ---A- - C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf
O45 - LFCP:[MD5.B619BDE99ABB525A15751104DC67F831] - 2012-12-30 - 10:47:24 ---A- - C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf
O45 - LFCP:[MD5.5DA7F063B148ED1031281C6C21EFF187] - 2012-12-30 - 10:47:57 ---A- - C:\Windows\Prefetch\DRVINST.EXE-4CB4314A.pf
O45 - LFCP:[MD5.BA190F25E7388E6B37E95DD22B71709B] - 2012-12-30 - 10:48:02 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-CCAE8CCE.pf
O45 - LFCP:[MD5.99AE295A1708FE7CAA62AA6635DF3D00] - 2012-12-30 - 10:48:07 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-1D4185F2.pf
O45 - LFCP:[MD5.F23E2A610A65A5647E771EAA8AAF8A77] - 2012-12-30 - 10:48:12 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-929A559F.pf
O45 - LFCP:[MD5.1FC9CB09B6D01021F53E7CBE929216EC] - 2012-12-30 - 10:48:17 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-9E99272C.pf
O45 - LFCP:[MD5.95C42D873ECD38C329E7C2D5CD046E2E] - 2012-12-30 - 10:48:22 ---A- - C:\Windows\Prefetch\DINOTIFY.EXE-35A869D6.pf
O45 - LFCP:[MD5.503ED62AB65AB3AA0D6432FE3CCE176E] - 2012-12-30 - 10:48:22 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-FC902B71.pf
O45 - LFCP:[MD5.27406A3F3716952C8D8EAD3E4FEDBD12] - 2012-12-30 - 10:48:23 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-2AB56DFE.pf
O45 - LFCP:[MD5.2DBCB86EB31521BA068D0DBA97E2F561] - 2012-12-30 - 10:48:33 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-4F364283.pf
O45 - LFCP:[MD5.4C67C01AD3C92781196770FF8C58762D] - 2012-12-30 - 10:48:33 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-8ECB0B0A.pf
O45 - LFCP:[MD5.3B75513AE10DCBC2F689771FEAAF83CD] - 2012-12-30 - 10:49:22 ---A- - C:\Windows\Prefetch\AgCx_SC2.db
O45 - LFCP:[MD5.6BAABF8F1FCABF7AEF7CDABCE0989489] - 2012-12-30 - 10:52:09 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-2301189805-754272816-1718501073-1001.db
O45 - LFCP:[MD5.C47C5924137F694B93A3FE4D79474589] - 2012-12-30 - 10:52:09 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-2301189805-754272816-1718501073-1001.db
O45 - LFCP:[MD5.EAD4D51FB52259BA23E845305F147238] - 2012-12-30 - 10:57:47 ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf
O45 - LFCP:[MD5.44D37CF22979F1C02B3180F0CFD2E166] - 2012-12-30 - 10:57:49 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf
O45 - LFCP:[MD5.58BC8346E43DCE2CD842E9AA014CA215] - 2012-12-30 - 10:59:43 ---A- - C:\Windows\Prefetch\CLTRT.EXE-7452F94F.pf
O45 - LFCP:[MD5.F467DDF71D04291888EA70B39449820E] - 2012-12-30 - 11:10:58 ---A- - C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf
O45 - LFCP:[MD5.018F799F0ED1BE377DD4C0304EAB188C] - 2012-12-30 - 11:11:00 ---A- - C:\Windows\Prefetch\FLASHUTIL10U_ACTIVEX.EXE-AE24378B.pf
O45 - LFCP:[MD5.A7CC0ADE42C6BECE51B605D9201A1514] - 2012-12-30 - 11:12:52 ---A- - C:\Windows\Prefetch\ZHPDIAG2.TMP-BF50E60B.pf
O45 - LFCP:[MD5.C2C96362865C530F477867680FE21B08] - 2012-12-30 - 11:15:04 ---A- - C:\Windows\Prefetch\WORDPAD.EXE-D7FD7414.pf
O45 - LFCP:[MD5.C1EDAA5AF1220B595EF899D292A63855] - 2012-12-30 - 11:40:37 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db
O45 - LFCP:[MD5.AD82F072B8B82A0284FDA89BE0DF97CC] - 2012-12-30 - 11:40:37 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db
O45 - LFCP:[MD5.B3EB15220E8075A7BF9C7C944A55F88D] - 2012-12-30 - 11:40:37 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db
O45 - LFCP:[MD5.9AFF2213F37045B46DC60DA021D98F83] - 2012-12-30 - 11:40:37 ---A- - C:\Windows\Prefetch\AgRobust.db
O45 - LFCP:[MD5.483D4D902CC4A192611DF6F4845836EC] - 2012-12-30 - 11:48:15 ---A- - C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf
O45 - LFCP:[MD5.63281797AFC4A90AA39C1A8D68ABA22C] - 2012-12-30 - 11:55:50 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf
O45 - LFCP:[MD5.48A2DECD78F650FCA5540FAF4361D5A3] - 2012-12-30 - 11:59:03 ---A- - C:\Windows\Prefetch\SYMERR.EXE-F4EEC5DC.pf
O45 - LFCP:[MD5.4C1E26739BE346F490D65DB3C20FD247] - 2012-12-30 - 12:03:25 ---A- - C:\Windows\Prefetch\CONNECTIONMANAGER.EXE-16E4A452.pf
O45 - LFCP:[MD5.533E059ED3D546B08E1646CBAF40D090] - 2012-12-30 - 12:03:25 ---A- - C:\Windows\Prefetch\DEVICEMANAGER.EXE-945D0CD2.pf
O45 - LFCP:[MD5.479560DFB4CA8E08ABFC3BEB3E89BBB7] - 2012-12-30 - 12:03:34 ---A- - C:\Windows\Prefetch\PRESENTATIONFONTCACHE.EXE-73BE9E78.pf
O45 - LFCP:[MD5.3B3FA2EDEF0AE6A3694E9522DFF22865] - 2012-12-30 - 12:03:50 ---A- - C:\Windows\Prefetch\ZHPDIAG2.EXE-CD5C5E80.pf
O45 - LFCP:[MD5.8057177BACAEE168C6C846DFF716E1C0] - 2012-12-30 - 12:04:06 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf
O45 - LFCP:[MD5.A7345D3EF799380711EDB78A7453D219] - 2012-12-30 - 12:04:18 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-57D17DAF.pf
O45 - LFCP:[MD5.21609C9929A013686B27A7D42B583F80] - 2012-12-30 - 12:04:18 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf
O45 - LFCP:[MD5.5D809D48FD4D1CFAAF417D1EC57FBA96] - 2012-12-30 - 12:04:21 ---A- - C:\Windows\Prefetch\WCSCHEDULER.EXE-F0BE5D1B.pf
O45 - LFCP:[MD5.E6894F779AE00A4F2CA8F47C588222D6] - 2012-12-30 - 12:04:27 ---A- - C:\Windows\Prefetch\BTHSAMPPALSERVICE.EXE-D65F3E7C.pf
O45 - LFCP:[MD5.214D747AB75489F0D3F13494AEA69071] - 2012-12-30 - 12:04:28 ---A- - C:\Windows\Prefetch\BTHSSECURITYMGR.EXE-B9C50DC6.pf
O45 - LFCP:[MD5.08C3ABB6A3C8E54CFE0E0F9481B529AB] - 2012-12-30 - 12:04:28 ---A- - C:\Windows\Prefetch\SPPSVC.EXE-B0F8131B.pf
O45 - LFCP:[MD5.E62B457F866D246751694DA3375A32F3] - 2012-12-30 - 12:04:28 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-6768A320.pf
O45 - LFCP:[MD5.E5E9C8995DF0E2A6C24CF3C9B414C240] - 2012-12-30 - 12:04:29 ---A- - C:\Windows\Prefetch\LMS.EXE-8C70F87D.pf
O45 - LFCP:[MD5.92C08959A89447E262B30B4FD5FE46C9] - 2012-12-30 - 12:04:33 ---A- - C:\Windows\Prefetch\LADS.EXE-046BC4A8.pf
O45 - LFCP:[MD5.3B0571288BA7FF7A162997F5E290ED24] - 2012-12-30 - 12:04:35 ---A- - C:\Windows\Prefetch\SIGCHECK.EXE-F42FC051.pf
O45 - LFCP:[MD5.24706486BC816237829524F7852F66FE] - 2012-12-30 - 12:04:40 ---A- - C:\Windows\Prefetch\WLIDSVC.EXE-5514E75E.pf
O45 - LFCP:[MD5.161B5E098D5A386D62EDA2475BA5B00A] - 2012-12-30 - 12:04:40 ---A- - C:\Windows\Prefetch\WLIDSVCM.EXE-A6EF5B2F.pf
O45 - LFCP:[MD5.DC16E0BA4C54BD0242832F9CCF2C0143] - 2012-12-30 - 12:04:41 ---A- - C:\Windows\Prefetch\UNS.EXE-E6E49771.pf
O45 - LFCP:[MD5.B6C98A0D25CE805533F42346DD88E6FA] - 2012-12-30 - 12:04:59 ---A- - C:\Windows\Prefetch\CLMLSVC.EXE-2A642111.pf
O45 - LFCP:[MD5.77230EA93E08DF220698D09A3EA7C6BD] - 2012-12-30 - 12:05:12 ---A- - C:\Windows\Prefetch\NSLOOKUP.EXE-8DBC12C3.pf
O45 - LFCP:[MD5.E918162AFF1E473504F8D483B289D51D] - 2012-12-30 - 12:05:22 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-8049FA24.pf
O45 - LFCP:[MD5.16F4A584F4C99EBFE3860708B9995F97] - 2012-12-30 - 12:05:23 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-F44E39AD.pf
O45 - LFCP:[MD5.6BCFFB768D0D769A02FA84A0004872AE] - 2012-12-30 - 12:05:32 ---A- - C:\Windows\Prefetch\COMUPDATUS.EXE-8D36D2F0.pf
O45 - LFCP:[MD5.15BF116EAA222ADD2BC026A93D8F4C4B] - 2012-12-30 - 12:05:35 ---A- - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
O45 - LFCP:[MD5.2DDB87F71D8FE89AF8C68FD27F7D10B1] - 2012-12-30 - 12:05:35 ---A- - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
O45 - LFCP:[MD5.81FB462ABC1AD0B3036604F4D2C785DA] - 2012-12-30 - 12:05:38 ---A- - C:\Windows\Prefetch\MBR.EXE-836B8DE9.pf
O45 - LFCP:[MD5.18C6806A6A80612AC5BD1C7CF176E632] - 2012-12-30 - 12:05:38 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-0A411499.pf
O45 - LFCP:[MD5.BA231844FE1621FC200DF769272DFE4A] - 2012-12-30 - 12:05:42 ---A- - C:\Windows\Prefetch\MBRCHECK.EXE-2CA9EB2F.pf
O45 - LFCP:[MD5.99B2BB12E4FA27EA954B5798E931AB03] - 2012-12-30 - 12:06:27 ---A- - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf
O45 - LFCP:[MD5.C0881FB075272FBC136747AB62FDC8DB] - 2012-12-30 - 12:07:06 ---A- - C:\Windows\Prefetch\ZHPFIX.EXE-1A4C3389.pf
O45 - LFCP:[MD5.71A3BD9902D0707FB85B2787EBC5CB27] - 2012-12-30 - 12:08:03 ---A- - C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf
O45 - LFCP:[MD5.DB6450C6DD0EBFA0F891247E4F2B69BB] - 2012-12-30 - 12:08:08 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-0C6AD872.pf
O45 - LFCP:[MD5.D1AC50141C2D0C2C65ECB2AFD7CE04DF] - 2012-12-30 - 12:08:23 ---A- - C:\Windows\Prefetch\ZHPDIAG.EXE-0D117CAF.pf
O45 - LFCP:[MD5.721DA32C2CD5D0726D85A6F370E9ACEA] - 2012-12-30 - 12:08:32 ---A- - C:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
O45 - LFCP:[MD5.03EA9D3318B7863EF929415531B50350] - 2012-12-30 - 12:08:32 ---A- - C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
O45 - LFCP:[MD5.0D202ED5BA99B57DB7863D5E96B7C83B] - 2012-12-30 - 12:08:32 ---A- - C:\Windows\Prefetch\CSCRIPT.EXE-0FB3F22C.pf
O45 - LFCP:[MD5.B4C7BB3E7F7AB66BDF31BAC3D9B803AF] - 2012-12-30 - 12:08:32 ---A- - C:\Windows\Prefetch\PV.EXE-34B75B82.pf
O45 - LFCP:[MD5.01BF346E9B451C588AC4C63BC5F05BD1] - 2012-12-30 - 12:08:34 ---A- - C:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
~ Scan Prefetcher in 00mn 00s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l‚à‰diteur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\livessp.dll
~ Scan Keys in 00mn 00s



---\\ MountPoints2 Shell Key (O51) (None)



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\BTMTrayAgent [Key] . (.Intel Corporation - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll
O53 - SMSR:HKLM\...\startupreg\RtHDVCpl [Key] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
~ Scan SMSR Keys in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDesktopCleanupWizard"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=3
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=3
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=0
~ Scan Keys in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 2009-07-13 - 20:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
~ Scan Drivers in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC:Last File Created 1899-12-30 - 21:01:27 R-HA- C:\Users\Utilisateur\Searches\Everywhere.search-ms [248]
O61 - LFC:Last File Created 1899-12-30 - 21:01:27 R-HA- C:\Users\Utilisateur\Searches\Indexed Locations.search-ms [248]
O61 - LFC:Last File Created 2012-12-27 - 20:57:39 ----- C:\Users\Utilisateur\AppData\Roaming\Microsoft\Protect\CREDHIST [24]
O61 - LFC:Last File Created 2012-12-27 - 20:57:39 ----- C:\Users\Utilisateur\AppData\Roaming\Microsoft\Protect\S-1-5-21-2301189805-754272816-1718501073-1001\77013957-30c3-4166-b3c6-917486617443 [468]
O61 - LFC:Last File Created 2012-12-27 - 20:57:39 ----- C:\Users\Utilisateur\AppData\Roaming\Microsoft\Protect\S-1-5-21-2301189805-754272816-1718501073-1001\Preferred [24]
O61 - LFC:Last File Created 2012-12-27 - 21:01:19 ---A- C:\Users\Utilisateur\Contacts\Utilisateur.contact [44602]
O61 - LFC:Last File Created 2012-12-27 - 21:02:03 ---A- C:\Users\Utilisateur\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk [0]
O61 - LFC:Last File Created 2012-12-27 - 22:21:59 ---A- C:\Users\Utilisateur\AppData\Roaming\Skype\shared.lck [0]
O61 - LFC:Last File Created 2012-12-27 - 22:21:59 ---A- C:\Users\Utilisateur\AppData\Roaming\Skype\shared_dynco\dc.lock [0]
O61 - LFC:Last File Created 2012-12-27 - 22:21:59 ---A- C:\Users\Utilisateur\AppData\Roaming\Skype\shared_httpfe\queue.lock [0]
O61 - LFC:Last File Created 2012-12-27 - 22:22:00 ---A- C:\Users\Utilisateur\AppData\Roaming\Skype\shared_dynco\dc.db [753664]
O61 - LFC:Last File Created 2012-12-27 - 22:22:00 ---A- C:\Users\Utilisateur\AppData\Roaming\Skype\shared_dynco\dc.db-journal [718712]
O61 - LFC:Last File Created 2012-12-27 - 22:22:00 ---A- C:\Users\Utilisateur\AppData\Roaming\Skype\shared_httpfe\queue.db [36864]
O61 - LFC:Last File Created 2012-12-27 - 22:22:00 ---A- C:\Users\Utilisateur\AppData\Roaming\Skype\shared_httpfe\queue.db-journal [12824]
O61 - LFC:Last File Created 2012-12-27 - 22:22:10 ---A- C:\Users\Utilisateur\AppData\Roaming\Skype\shared.xml [1218]
O61 - LFC:Last File Created 2012-12-27 - 22:35:17 ---A- C:\Users\Utilisateur\Links\Desktop.lnk [455]
O61 - LFC:Last File Created 2012-12-27 - 22:35:17 ---A- C:\Users\Utilisateur\Links\Downloads.lnk [918]
O61 - LFC:Last File Created 2012-12-27 - 22:35:17 ---A- C:\Users\Utilisateur\Links\RecentPlaces.lnk [383]
O61 - LFC:Last File Created 2012-12-29 - 16:09:24 ---A- C:\Users\Utilisateur\AppData\Local\GDIPFONTCACHEV1.DAT [63104]
O61 - LFC:Last File Created 2012-12-29 - 20:50:34 ---A- C:\Users\Utilisateur\Downloads\UsbFix.exe [965841]
O61 - LFC:Last File Created 2012-12-29 - 20:53:04 ---A- C:\Users\Utilisateur\AppData\Local\Temp\FXSAPIDebugLogFile.txt [0]
O61 - LFC:Last File Created 2012-12-30 - 11:10:20 ---A- C:\Users\Utilisateur\Downloads\ZHPDiag2.exe [3593021]
O61 - LFC:Last File Created 2012-12-30 - 12:00:09 ---A- C:\Users\Utilisateur\AppData\Local\ZHPFixReport.txt [1834]
O61 - LFC:Last File Created 2012-12-30 - 12:00:29 ---A- C:\Users\Utilisateur\AppData\Local\Temp\nsm7321.tmp\UserInfo.dll [3584]
O61 - LFC:Last File Created 2012-12-30 - 12:02:21 ---A- C:\Users\Utilisateur\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc [48]
~ Scan Files in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 1.32 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ Scan ADS in 00mn 00s


---\\ Liste des fichiers non signés (O65) (None)


---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d&#130;événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - à‰diteur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d&#130;événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - à‰diteur du Registre.) -- C:\Windows\regedit.exe
~ Scan Keys in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com" onclick="window.open(this.href);return false;
~ Scan Keys in 00mn 00s



---\\ Recherche détournement de DNS routeur (O89) (None)



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Run by Utilisateur at 2012-12-30 12:09:18

device: opened successfully
user: error reading MBR

Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR
~ Scan MBR in 00mn 02s


---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog" onclick="window.open(this.href);return false;
Run by Utilisateur at 2012-12-30 12:09:20

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ Scan MBR in 00mn 04s


End of the scan (1164 lines in 00mn 49s)(0)


======
Dans l'attente vos recommandations, je vous remercie d'avance pour votre aide.


Phenix
Avatar du membre
par Phenix
#1296
Voici le rapport ZHPDiag complet en 2 parties :

Rapport ZHPDiag - Partie 1 de 2 :
Code: Tout sélectionner
Rapport de ZHPDiag v1.33.29 par Nicolas Coolman, Update du 30/12/2012
Run by Utilisateur at 2012-12-30 12:08:30
State : Version à  jour.
UAC : Deactivate by program


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 2BT4J
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 7973 MB (77% free)
System Restore: Activé (Enable)
System drive C: has 411 GB (90%) free of 453 GB

---\\ Logged in mode
~ Computer Name: UTILISATEUR-PC
~ User Name: Utilisateur
~ All Users Names: Utilisateur, UpdatusUser, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Utilisateur\AppData\Roaming\
~ %Desktop% : C:\Users\Utilisateur\Desktop\
~ %Favorites% : C:\Users\Utilisateur\Favorites\
~ %LocalAppData% : C:\Users\Utilisateur\AppData\Local\
~ %StartMenu% : C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 411 Go of 453 Go)
D:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
~ Scan Security Center in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.2011-02-25 - 01:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2009-07-13 - 20:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.5121DB613E10A46A3C5085B479026AA7] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2012-11-14 - 01:04:11.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d&#130;ouverture de session Windows.) (.2010-11-20 - 22:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.2010-11-20 - 22:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2011-12-27 - 22:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-07-13 - 20:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009-07-13 - 18:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010-11-20 - 22:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010-11-20 - 22:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010-11-20 - 22:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.2009-07-13 - 18:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.2009-07-13 - 19:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-26 - 21:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.2010-11-20 - 22:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2012-08-31 - 13:19:35.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.2009-07-13 - 19:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2010-11-20 - 22:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.2009-07-13 - 19:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.2010-11-20 - 22:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2011-02-25 - 01:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Scan Generic Processes in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 0/1
~ Mes musiques (My Musics) : 0/1
~ Mes Videos (My Videos) : 0/1
~ Mes Favoris (My Favorites) : 0/5
~ Mes Documents (My Documents) : 0/1
~ Mon Bureau (My Desktop) : 0/3
~ Menu demarrer (Programs) : 0/23
~ Scan Hidden Files in 00mn 00s



---\\ Processus lancés
[MD5.B00F98FF6FE8682FF941BEB2559BF191] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.3944]
[MD5.74422E42099FDA6E206E0DA0112B3A8F] - (.Samsung Electronics Co., Ltd. - Smart Setting Program.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2277256] [PID.1460]
[MD5.5AB7CCCEB94C3C9ECE35142CCC527B0D] - (.Samsung Electronics - Easy Speed Up Manager.) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [1640328] [PID.3484]
[MD5.784C46078733CE7915B0810E1DD2FB34] - (.Samsung Electronics Co., Ltd. - Easy Display Manager.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [1112656] [PID.3476]
[MD5.FF4F0A9F049A5E5FADF0FE4DD0E63D63] - (.Samsung Electronics Co., Ltd. - MovieColorEnhancer.exe.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [784264] [PID.3548]
[MD5.FD674B6D10C38AAAD412867980DF14AA] - (.SEC - Samsung Recovery Solution 5.) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [4466256] [PID.980]
[MD5.F2840DBFE9322F35557219AE82CC4597] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [138272] [PID.4696]
[MD5.57B4D34232852BFE4453BE571DF90D21] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720] [PID.4368]
[MD5.2C7CF4D4A17B5765E23F6B82C16AF4EB] - (.CyberLink Corp. - Media+Player RC Service.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe [87336] [PID.4736]
[MD5.6364FA7D825B600251A4D1DE7D6FF695] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.4408]
[MD5.1DD742BFF1266DAAB186190C26EB0DD0] - (.Samsung - SWMAgent.) -- C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2790992] [PID.1884]
[MD5.ACC89A5EF24EBBB18894FE366C439064] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [3809280] [PID.5376]
[MD5.9571D8BDB56EBC52280E8020574508E6] - (...) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280] [PID.2124]
[MD5.DBD76BC1D498FE368F2C8CB76C3E00A4] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560] [PID.2188]
[MD5.5E66ABD041D76C46CBF55AEF910FCA56] - (...) -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624] [PID.2268]
[MD5.86E4CC39C953D11EF57CF54C4DC78238] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.4676]
[MD5.FD6F5B42DB429FD1AE1A4483DB4DD2E0] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2458944] [PID.3772]
[MD5.D80B1075B69B57A3AB78F750CE463ECE] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.4828]
~ Scan Processes Running in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com" onclick="window.open(this.href);return false;
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com" onclick="window.open(this.href);return false;
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com" onclick="window.open(this.href);return false;
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com" onclick="window.open(this.href);return false;
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com" onclick="window.open(this.href);return false;
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com" onclick="window.open(this.href);return false;
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm" onclick="window.open(this.href);return false;
R3 - URLSearchHook: (no name) [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\SysWOW64\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Scan Keys in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Norton Identity Protection [64Bits] - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection [64Bits] - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} . (.Symantec Corporation - IPS Browser Helper DLL.) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper [64Bits] - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} . (...) -- "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (.not file.)
~ Scan BHO in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-2301189805-754272816-1718501073-1001-2301189805-754272816-1718501073-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-2301189805-754272816-1718501073-1001-2301189805-754272816-1718501073-1000\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Scan Application in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Utilisateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Scan Global Startup in 00mn 00s



---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ Scan IE Control Panel in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d&#130;affectation de noms de messagerie.) -- C:\windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d&#130;espace de noms PNRP.) -- C:\windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d&#130;espace de noms PNRP.) -- C:\windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\windows\system32\winrnr.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\windows\system32\wshbth.dll
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll
O10 - WLSP:\000000000009\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll
~ Scan Winsock in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E931E94F-8C39-4FAC-B1CA-3D169711B053}: DhcpNameServer = 192.169.1.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{E931E94F-8C39-4FAC-B1CA-3D169711B053}: DhcpNameServer = 192.169.1.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{E931E94F-8C39-4FAC-B1CA-3D169711B053}: DhcpNameServer = 192.169.1.10
~ Scan Domain in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: livecall [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\system32\inetcomm.dll
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\system32\urlmon.dll
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: msnim [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) -- C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: skype4com [64Bits] - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) -- C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Scan Protocole Additionnel in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Scan Winlogon in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 295.) - C:\windows\system32\nvinitx.dll
~ Scan AppInit DLL in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 (AMPPALR3) . (.Intel Corporation - Intel® Centrino® Wireless Bluetooth® 3.0 +.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth (BTHSSecurityMgr) . (.Intel(R) Corporation - Intel(R) BlueTooth(R) HS Security Manager S.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Event Log Service.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: ExpressCache (ExpressCache) . (.Diskeeper Corporation - ExpressCache Service.) - C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
O23 - Service: Intel(R) Capability Licensing Service In (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation - Intel(R) Capability Licensing Service Inter.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service (Intel(R) ME Service) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host (jhi_service) . (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: Intel(R) Management and Security Applica (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Norton Internet Security (NIS) . (.Symantec Corporation - Symantec Service Framework.) - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 295.5.) - C:\windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Servic (RegSrvc) . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Registry Service.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SamsungDeviceConfiguration (SamsungDeviceConfigurationWinService) . (...) - C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
O23 - Service: Intel(R) Management and Security Applica (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configurat (ZeroConfigService) . (.Intel® Corporation - Intel® PROSet/Wireless Zero Configure Servi.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Scan Services in 00mn 00s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s



---\\ Tà¢ches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[MD5.FD674B6D10C38AAAD412867980DF14AA] [APT] [advSRS5] (.SEC.) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
[MD5.784C46078733CE7915B0810E1DD2FB34] [APT] [EasyDisplayMgr] (.Samsung Electronics Co., Ltd..) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
[MD5.C7AAC31A910E4BBFDF94D3786ED13E71] [APT] [ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d] (.Intel Corporation.) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
[MD5.C7AAC31A910E4BBFDF94D3786ED13E71] [APT] [ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon] (.Intel Corporation.) -- C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
[MD5.4D9A519FB2231F088910D57F05AE1AB5] [APT] [KiesHelper] (.Samsung.) -- C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
[MD5.B00F98FF6FE8682FF941BEB2559BF191] [APT] [MirageAgent] (.CyberLink.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
[MD5.591CC20D2FB85ACF1823734FA225FEDC] [APT] [Norton WSC Integration] (.Symantec Corporation.) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\WSCStub.exe
[MD5.0B236192CBDD38D2588C3C926B4FDA5B] [APT] [Norton Error Analyzer] (.Symantec Corporation.) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\SymErr.exe
[MD5.0B236192CBDD38D2588C3C926B4FDA5B] [APT] [Norton Error Processor] (.Symantec Corporation.) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\SymErr.exe
~ Scan Scheduled Task in 00mn 00s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll
O40 - ASIC: Internet Explorer [64Bits] - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: Browser Customizations [64Bits] - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Personnalisation d&#130;IEAK.) -- C:\Windows\System32\iedkcs32.dll
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll
O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe
O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll
O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Scan Active Setup in 00mn 00s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (excfs) . (.Diskeeper Corporation - ExpressCache Filesystem Filter Driver.) - C:\Windows\System32\DRIVERS\excfs.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\System32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: (SABI) . (.SAMSUNG ELECTRONICS - SAMSUNG Kernel Driver.) - C:\windows\system32\Drivers\SABI.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (VWiFiFlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys
~ Scan Drivers in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: CyberLink Media+ Player10 - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}
O42 - Logiciel: CyberLink Media+ Player10 - (.CyberLink Corp..) [HKLM][64Bits] -- {34FBC7C4-CD31-4D93-A428-0E524EAC4586}
O42 - Logiciel: CyberLink MediaShow - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}
O42 - Logiciel: CyberLink MediaShow - (.CyberLink Corp..) [HKLM][64Bits] -- {80E158EA-7181-40FE-A701-301CE6BE64AB}
O42 - Logiciel: CyberLink Power2Go - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}
O42 - Logiciel: CyberLink Power2Go - (.CyberLink Corp..) [HKLM][64Bits] -- {40BF1E83-20EB-11D8-97C5-0009C5020658}
O42 - Logiciel: CyberLink PowerDirector - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
O42 - Logiciel: CyberLink PowerDirector - (.CyberLink Corp..) [HKLM][64Bits] -- {CB099890-1D5F-11D5-9EA9-0050BAE317E1}
O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM][64Bits] -- InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
O42 - Logiciel: CyberLink YouCam - (.CyberLink Corp..) [HKLM][64Bits] -- {01FB4998-33C4-4431-85ED-079E3EEFE75D}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: Diner Dash 2 Restaurant Rescue - (.WildTangent.) [HKLM][64Bits] -- WT085559
O42 - Logiciel: E-POP - (.Samsung.) [HKLM][64Bits] -- {F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}
O42 - Logiciel: Easy File Share - (.Samsung Electronics Co., Ltd..) [HKLM][64Bits] -- {12F81925-F3C1-40DB-91F7-777817974319}
O42 - Logiciel: Easy Migration - (.Samsung Electronics Co., Ltd..) [HKLM][64Bits] -- {AD86049C-3D9C-43E1-BE73-643F57D83D50}
O42 - Logiciel: Easy Settings - (.Samsung Electronics Co., Ltd..) [HKLM][64Bits] -- {17283B95-21A8-4996-97DA-547A48DB266F}
O42 - Logiciel: Easy Software Manager - (.Samsung Electronics Co., Ltd..) [HKLM][64Bits] -- {DE256D8B-D971-456D-BC02-CB64DA24F115}
O42 - Logiciel: Easy Support Center - (.Samsung Electronics Co., Ltd..) [HKLM][64Bits] -- {0738F5F1-8E70-49A6-8692-F5722E1E5A4D}
O42 - Logiciel: ExpressCache - (.Diskeeper Corporation.) [HKLM][64Bits] -- {F9EB0DDE-931C-4E89-96B2-DE8286EDFA6C}
O42 - Logiciel: Farm Frenzy - (.WildTangent.) [HKLM][64Bits] -- WT085618
O42 - Logiciel: Insaniquarium Deluxe - (.WildTangent.) [HKLM][64Bits] -- WT085622
O42 - Logiciel: Intel PROSet Wireless - (.Pas de propriétaire.) [HKLM][64Bits] -- ProInst
O42 - Logiciel: Intel(R) Manageability Engine Firmware Recovery Agent - (.Intel Corporation.) [HKLM][64Bits] -- {A6C48A9F-694A-4234-B3AA-62590B668927}
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] -- {65153EA5-8B6E-43B6-857B-C6E4FC25798A}
O42 - Logiciel: Intel(R) OpenCL CPU Runtime - (.Intel Corporation.) [HKLM][64Bits] -- {FCB3772C-B7D0-4933-B1A9-3707EBACC573}
O42 - Logiciel: Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed - (.Intel Corporation.) [HKLM][64Bits] -- {2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] -- {3E29EE6C-963A-4aae-86C1-DC237C4A49FC}
O42 - Logiciel: Intel(R) USB 3.0 eXtensible Host Controller Driver - (.Intel Corporation.) [HKLM][64Bits] -- {240C3DDD-C5E9-4029-9DF7-95650D040CF2}
O42 - Logiciel: Intel(R) WiDi - (.Intel Corporation.) [HKLM][64Bits] -- {93F34C5C-ACAA-48F3-9B26-70359A117F12}
O42 - Logiciel: Intel® PROSet/Wireless WiFi Software - (.Intel Corporation.) [HKLM][64Bits] -- {DF7756DD-656A-45C3-BA71-74673E8259A9}
O42 - Logiciel: Intel® Trusted Connect Service Client - (.Intel Corporation.) [HKLM][64Bits] -- {09536BA1-E498-4CC3-B834-D884A67D7E34}
O42 - Logiciel: John Deere Drive Green - (.WildTangent.) [HKLM][64Bits] -- WT085580
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] -- {D0B44725-3666-492D-BEF6-587A14BD9BD9}
O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM][64Bits] -- {8C6D6116-B724-4810-8F2D-D047E6B7D68E}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Multimedia POP - (.Pas de propriétaire.) [HKLM][64Bits] -- {119B7882-19D7-4BE7-A417-29BB479D3ABE}
O42 - Logiciel: NVIDIA Graphics Driver 295.55 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver
O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM][64Bits] -- {46ED2B64-85C7-4E1F-920C-A555B21F2E4C}
O42 - Logiciel: NVIDIA PhysX System Software 9.11.1111 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX
O42 - Logiciel: Norton Internet Security - (.Symantec Corporation.) [HKLM][64Bits] -- NIS
O42 - Logiciel: Norton Online Backup - (.Symantec Corporation.) [HKLM][64Bits] -- {40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}
O42 - Logiciel: Panda ActiveScan 2.0 - (.Panda Security.) [HKLM][64Bits] -- ActiveScan 2.0
O42 - Logiciel: Peggle - (.WildTangent.) [HKLM][64Bits] -- WT085663
O42 - Logiciel: Penguins! - (.WildTangent.) [HKLM][64Bits] -- WT085581
O42 - Logiciel: Plants vs. Zombies - (.WildTangent.) [HKLM][64Bits] -- WT085669
O42 - Logiciel: Polar Golfer - (.WildTangent.) [HKLM][64Bits] -- WT085583
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM][64Bits] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: SAMSUNG USB Driver for Mobile Phones - (.SAMSUNG Electronics Co., Ltd..) [HKLM][64Bits] -- {D0795B21-0CDA-4a92-AB9E-6E92D8111E44}
O42 - Logiciel: Samsung Kies - (.Samsung Electronics Co., Ltd..) [HKLM][64Bits] -- InstallShield_{758C8301-2696-4855-AF45-534B1200980A}
O42 - Logiciel: Samsung Kies - (.Samsung Electronics Co., Ltd..) [HKLM][64Bits] -- {758C8301-2696-4855-AF45-534B1200980A}
O42 - Logiciel: Samsung Recovery Solution 5 - (.Samsung.) [HKLM][64Bits] -- {145DE957-0679-4A2A-BB5C-1D3E9808FAB2}
O42 - Logiciel: Skypeâ„¢ 5.10 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}
O42 - Logiciel: Software Launcher - (.Samsung.) [HKLM][64Bits] -- {B750B5C2-CC17-4967-905B-29F4EB986131}
O42 - Logiciel: User Guide - (.Pas de propriétaire.) [HKLM][64Bits] -- {D52FC4BE-204A-49BC-84D6-443B6C7AA2D5}
O42 - Logiciel: WildTangent Games - (.WildTangent.) [HKLM][64Bits] -- WildTangent wildgames Master Uninstall
O42 - Logiciel: WildTangent ORB Game Console - (.WildTangent.) [HKLM][64Bits] -- Game Console - WildGames
O42 - Logiciel: Zuma Deluxe - (.WildTangent.) [HKLM][64Bits] -- WT089285

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Classes]
[HKCU\Software\CyberLink]
[HKCU\Software\Elantech]
[HKCU\Software\Intel]
[HKCU\Software\Macromedia]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Policies]
[HKCU\Software\Realtek]
[HKCU\Software\Samsung]
[HKCU\Software\Skype]
[HKCU\Software\SysInternals]
[HKCU\Software\Usbfix]
[HKCU\Software\Wow6432Node]
[HKCU\Software\ZebHelpProcess Helper]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\ATI Technologies]
[HKLM\Software\CBSTEST]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Cyberlink]
[HKLM\Software\DTS]
[HKLM\Software\Diskeeper Corporation]
[HKLM\Software\Dolby]
[HKLM\Software\Geek Squad]
[HKLM\Software\Intel]
[HKLM\Software\Khronos]
[HKLM\Software\Knowles]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\Norton]
[HKLM\Software\ODBC]
[HKLM\Software\Policies]
[HKLM\Software\RTLSetup]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SAMSUNG]
[HKLM\Software\SRS Labs]
[HKLM\Software\SonicFocus]
[HKLM\Software\Sonic]
[HKLM\Software\Symantec]
[HKLM\Software\Waves Audio]
[HKLM\Software\Wow6432Node\AGEIA Technologies]
[HKLM\Software\Wow6432Node\Classes]
[HKLM\Software\Wow6432Node\Clients]
[HKLM\Software\Wow6432Node\CyberLink]
[HKLM\Software\Wow6432Node\Geek Squad]
[HKLM\Software\Wow6432Node\Google]
[HKLM\Software\Wow6432Node\InstallShield]
[HKLM\Software\Wow6432Node\Intel]
[HKLM\Software\Wow6432Node\Khronos]
[HKLM\Software\Wow6432Node\LogMeIn Rescue]
[HKLM\Software\Wow6432Node\Macromedia]
[HKLM\Software\Wow6432Node\MozillaPlugins]
[HKLM\Software\Wow6432Node\Mozilla]
[HKLM\Software\Wow6432Node\NVIDIA Corporation]
[HKLM\Software\Wow6432Node\Norton]
[HKLM\Software\Wow6432Node\ODBC]
[HKLM\Software\Wow6432Node\Panda Software]
[HKLM\Software\Wow6432Node\Policies]
[HKLM\Software\Wow6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\Wow6432Node\Realtek]
[HKLM\Software\Wow6432Node\RegisteredApplications]
[HKLM\Software\Wow6432Node\Samsung Electronics Co., Ltd.]
[HKLM\Software\Wow6432Node\Samsung]
[HKLM\Software\Wow6432Node\Skype]
[HKLM\Software\Wow6432Node\Symantec]
[HKLM\Software\Wow6432Node\WildTangent]
[HKLM\Software\Wow6432Node\Wow6432Node]
[HKLM\Software\Wow6432Node]
~ Scan Softwares in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2012-03-26 - 13:41:54 - [6,757] ----D C:\Program Files (x86)\Cisco
O43 - CFD: 2012-12-27 - 22:21:53 - [161,406] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 2012-03-26 - 13:56:28 - [1084,268] ----D C:\Program Files (x86)\CyberLink
O43 - CFD: 2012-03-26 - 14:19:01 - [102,166] ----D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 2012-12-27 - 20:57:46 - [309,318] ----D C:\Program Files (x86)\Intel
O43 - CFD: 2012-03-26 - 13:44:40 - [72,369] ----D C:\Program Files (x86)\Intel Corporation
O43 - CFD: 2012-12-27 - 22:34:31 - [4,933] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 2012-03-26 - 14:07:21 - [2,414] ----D C:\Program Files (x86)\MarkAny
O43 - CFD: 2012-03-26 - 15:06:25 - [17,977] ----D C:\Program Files (x86)\Microsoft
O43 - CFD: 2012-03-26 - 14:43:35 - [6,126] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 2012-12-27 - 22:35:05 - [36,641] ----D C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 2012-03-26 - 14:53:52 - [1,745] ----D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
O43 - CFD: 2012-12-27 - 21:38:03 - [0,015] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 2009-07-14 - 00:32:38 - [0,025] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 2012-03-26 - 13:58:28 - [226,948] ----D C:\Program Files (x86)\Norton Internet Security
O43 - CFD: 2012-03-26 - 13:57:43 - [38,213] ----D C:\Program Files (x86)\NortonInstaller
O43 - CFD: 2012-03-26 - 13:40:24 - [103,594] ----D C:\Program Files (x86)\NVIDIA Corporation
O43 - CFD: 2012-12-29 - 18:45:19 - [171,229] ----D C:\Program Files (x86)\Panda Security
O43 - CFD: 2012-03-26 - 13:40:53 - [5,867] ----D C:\Program Files (x86)\Realtek
O43 - CFD: 2009-07-14 - 00:32:38 - [37,349] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 2012-03-26 - 14:09:59 - [659,287] ----D C:\Program Files (x86)\Samsung
O43 - CFD: 2012-12-27 - 22:21:53 - [16,855] R---D C:\Program Files (x86)\Skype
O43 - CFD: 2012-03-26 - 13:59:59 - [6,148] ----D C:\Program Files (x86)\Symantec
O43 - CFD: 2012-03-26 - 13:38:03 - [0] ----D C:\Program Files (x86)\Temp
O43 - CFD: 2009-07-13 - 23:57:06 - [0] ----D C:\Program Files (x86)\Uninstall Information
O43 - CFD: 2012-03-26 - 14:18:11 - [230,244] ----D C:\Program Files (x86)\WildGames
O43 - CFD: 2012-12-29 - 09:29:21 - [0,500] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 2012-03-26 - 15:06:19 - [543,559] ----D C:\Program Files (x86)\Windows Live
O43 - CFD: 2012-12-29 - 09:29:21 - [5,895] ----D C:\Program Files (x86)\Windows Mail
O43 - CFD: 2012-12-29 - 09:29:21 - [4,791] ----D C:\Program Files (x86)\Windows Media Player
O43 - CFD: 2009-07-14 - 00:32:38 - [11,632] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 2012-12-29 - 09:29:21 - [4,213] ----D C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 2010-11-20 - 22:31:38 - [0,181] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 2012-12-29 - 09:29:21 - [5,717] ----D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 2012-12-30 - 12:08:33 - [10,192] ----D C:\Program Files (x86)\ZHPDiag
O43 - CFD: 2012-03-26 - 13:47:08 - [0] ----D C:\Program Files (x86)\Common Files\CyberLink
O43 - CFD: 2012-03-26 - 13:37:32 - [3,522] ----D C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 2012-03-26 - 13:38:56 - [14,075] ----D C:\Program Files (x86)\Common Files\Intel
O43 - CFD: 2012-03-26 - 13:44:42 - [71,022] ----D C:\Program Files (x86)\Common Files\Intel Corporation
O43 - CFD: 2012-03-26 - 14:48:13 - [20,982] ----D C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 2012-03-26 - 13:36:45 - [0,185] ----D C:\Program Files (x86)\Common Files\postureAgent
O43 - CFD: 2009-07-13 - 22:20:08 - [0,003] ----D C:\Program Files (x86)\Common Files\Services
O43 - CFD: 2012-12-27 - 22:21:53 - [2,056] ----D C:\Program Files (x86)\Common Files\Skype
O43 - CFD: 2009-07-13 - 22:20:08 - [39,200] ----D C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 2012-12-27 - 22:03:42 - [0,595] ----D C:\Program Files (x86)\Common Files\Symantec Shared
O43 - CFD: 2012-12-29 - 09:29:21 - [9,767] ----D C:\Program Files (x86)\Common Files\System
O43 - CFD: 2012-03-26 - 14:46:27 - [0] ----D C:\Program Files (x86)\Common Files\Windows Live
O43 - CFD: 2009-07-14 - 00:08:56 - [0] --H-D C:\ProgramData\Application Data
O43 - CFD: 2012-03-26 - 13:51:27 - [0,033] ----D C:\ProgramData\CyberLink
O43 - CFD: 2009-07-14 - 00:08:56 - [0] --H-D C:\ProgramData\Desktop
O43 - CFD: 2012-03-26 - 13:46:03 - [52,173] ----D C:\ProgramData\Diskeeper Corporation
O43 - CFD: 2009-07-14 - 00:08:56 - [0] --H-D C:\ProgramData\Documents
O43 - CFD: 2009-07-14 - 00:08:56 - [0] --H-D C:\ProgramData\Favorites
O43 - CFD: 2012-12-27 - 22:35:18 - [0,089] ----D C:\ProgramData\Geek Squad
O43 - CFD: 2012-03-26 - 13:44:40 - [0,157] ----D C:\ProgramData\Intel
O43 - CFD: 2012-12-27 - 20:57:09 - [1886,358] -S--D C:\ProgramData\Microsoft
O43 - CFD: 2012-12-27 - 20:59:42 - [224,026] ----D C:\ProgramData\Norton
O43 - CFD: 2012-03-26 - 13:57:43 - [0,782] ----D C:\ProgramData\NortonInstaller
O43 - CFD: 2012-03-26 - 14:39:45 - [3,276] ----D C:\ProgramData\NVIDIA
O43 - CFD: 2012-03-26 - 13:39:37 - [0,959] ----D C:\ProgramData\NVIDIA Corporation
O43 - CFD: 2012-03-26 - 13:42:24 - [0] ----D C:\ProgramData\Roaming
O43 - CFD: 2012-03-26 - 15:15:33 - [22,499] ----D C:\ProgramData\SAMSUNG
O43 - CFD: 2012-12-27 - 22:21:59 - [37,892] ----D C:\ProgramData\Skype
O43 - CFD: 2009-07-14 - 00:08:56 - [0] --H-D C:\ProgramData\Start Menu
O43 - CFD: 2012-03-26 - 13:59:59 - [0,002] ----D C:\ProgramData\Symantec
O43 - CFD: 2012-03-26 - 13:55:20 - [0,293] ----D C:\ProgramData\Temp
O43 - CFD: 2009-07-14 - 00:08:56 - [0] --H-D C:\ProgramData\Templates
O43 - CFD: 2012-03-26 - 14:18:12 - [1559,621] ----D C:\ProgramData\WildTangent
O43 - CFD: 2012-12-27 - 23:16:47 - [14,388] ----D C:\ProgramData\WinClon
O43 - CFD: 2012-12-27 - 21:03:34 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\Adobe
O43 - CFD: 2012-12-27 - 21:01:20 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\Identities
O43 - CFD: 2012-12-27 - 20:57:39 - [0,001] ----D C:\Users\Utilisateur\AppData\Roaming\Intel
O43 - CFD: 2012-12-29 - 20:36:30 - [0,001] ----D C:\Users\Utilisateur\AppData\Roaming\Macromedia
O43 - CFD: 2012-03-26 - 20:44:01 - [0] ----D C:\Users\Utilisateur\AppData\Roaming\Media Center Programs
O43 - CFD: 2012-12-29 - 20:45:23 - [2,918] -S--D C:\Users\Utilisateur\AppData\Roaming\Microsoft
O43 - CFD: 2012-12-27 - 22:22:10 - [1,453] ----D C:\Users\Utilisateur\AppData\Roaming\Skype
O43 - CFD: 2012-12-27 - 20:57:38 - [0] ----D C:\Users\Utilisateur\AppData\Local\Application Data
O43 - CFD: 2012-12-27 - 20:57:38 - [0] ----D C:\Users\Utilisateur\AppData\Local\Historique
O43 - CFD: 2012-12-28 - 09:50:33 - [0] ----D C:\Users\Utilisateur\AppData\Local\LogMeIn Rescue Applet
O43 - CFD: 2012-12-27 - 21:02:39 - [47,905] ----D C:\Users\Utilisateur\AppData\Local\Microsoft
O43 - CFD: 2012-12-27 - 21:01:57 - [0,039] ----D C:\Users\Utilisateur\AppData\Local\Power2Go
O43 - CFD: 2012-12-29 - 16:09:25 - [0,010] ----D C:\Users\Utilisateur\AppData\Local\Samsung
O43 - CFD: 2012-12-30 - 12:05:38 - [0,003] ----D C:\Users\Utilisateur\AppData\Local\Temp
O43 - CFD: 2012-12-27 - 20:57:38 - [0] ----D C:\Users\Utilisateur\AppData\Local\Temporary Internet Files
O43 - CFD: 2012-12-27 - 20:58:09 - [0] ----D C:\Users\Utilisateur\AppData\Local\VirtualStore
O43 - CFD: 2009-07-13 - 23:54:32 - [0,014] R---D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 2012-12-27 - 22:35:17 - [0,000] R---D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 2009-07-13 - 23:49:38 - [0,001] R---D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 2012-12-27 - 22:35:17 - [0,000] R---D C:\Users\Utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
~ Scan Program Folder in 00mn 00s
Suite dans le message suivant
Avatar du membre
par Phenix
#1297
Rapport ZHPDiag - Partie 2 de 3 :
Code: Tout sélectionner
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.BC4133E8F2311394FF990DE5A8F2F7D9] - 2009-11-09 - 03:32:02 ---A- . (...) -- C:\Windows\surbey.ico [562718]
O44 - LFC:[MD5.C118A82CD78818C29AB228366EBF81C3] - 2011-11-17 - 01:33:55 . (...) -- C:\Windows\System32\lsass.exe [206462]
O44 - LFC:[MD5.66A6063D0BAAD3F7B2B9868859E0743B] - 2011-11-17 - 01:35:19 . (...) -- C:\Windows\System32\lsasrv.dll [206462]
O44 - LFC:[MD5.45CFBFA8EDC3DF4E2B7FB0D0260FE051] - 2012-05-14 - 00:26:34 . (...) -- C:\Windows\System32\localspl.dll [206462]
O44 - LFC:[MD5.0B984635501604D42A7A1AC7DA191376] - 2012-11-28 - 15:58:30 . (...) -- C:\Windows\System32\MRT.exe [206462]
O44 - LFC:[MD5.CB2ABB2DA1E9C977302A78D86D4AE3B0] - 2012-12-16 - 09:45:03 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\SysNative\atmfd.dll [367616]
O44 - LFC:[MD5.CB2ABB2DA1E9C977302A78D86D4AE3B0] - 2012-12-16 - 09:45:03 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\System32\atmfd.dll [367616]
O44 - LFC:[MD5.2ED72B3F76C9368ABC01464DA64DB7AE] - 2012-12-16 - 12:11:22 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\SysNative\atmlib.dll [46080]
O44 - LFC:[MD5.2ED72B3F76C9368ABC01464DA64DB7AE] - 2012-12-16 - 12:11:22 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\System32\atmlib.dll [46080]
O44 - LFC:[MD5.04D98743206D094FFB2D43EA89A4E36B] - 2012-12-27 - 06:56:57 ---A- . (...) -- C:\Windows\SysNative\license.rtf [206462]
O44 - LFC:[MD5.04D98743206D094FFB2D43EA89A4E36B] - 2012-12-27 - 06:56:57 ---A- . (...) -- C:\Windows\System32\license.rtf [206462]
O44 - LFC:[MD5.2A127D4847A4698935D28E5E0FF9394E] - 2012-12-27 - 20:57:40 ---A- . (...) -- C:\Windows\LCDStretchMode.log [1586]
O44 - LFC:[MD5.4EFCE916E758716C9F4D22194168955A] - 2012-12-27 - 20:59:01 ---A- . (...) -- C:\Windows\SetDisplayResolution.log [14053]
O44 - LFC:[MD5.6EA0E0507BCB5A2EE81D94753F15F8BA] - 2012-12-27 - 21:01:02 ---A- . (...) -- C:\Windows\DPINST.LOG [13210]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2012-12-27 - 21:05:07 ----- . (...) -- C:\detestfrag.txt [0]
O44 - LFC:[MD5.73505D239F4EB34EF9C88456EED2DDC1] - 2012-12-27 - 21:05:07 ----- . (...) -- C:\mbr1.txt [41592]
O44 - LFC:[MD5.FF40BBF5EAFC30D502B3D96BC1CF2B11] - 2012-12-27 - 22:35:10 ---A- . (...) -- C:\Windows\SysNative\FNTCACHE.DAT [277648]
O44 - LFC:[MD5.AA593436C035E9C6F8CCC9C056D48BD9] - 2012-12-29 - 20:52:54 ---A- . (...) -- C:\UsbFix.txt [10778]
O44 - LFC:[MD5.1E37996765526F7E1CA776D857E0C955] - 2012-12-29 - 20:52:54 ---A- . (...) -- C:\UsbFix_Upload_Me_UTILISATEUR-PC.zip [5289]
O44 - LFC:[MD5.C9B5FD451BA4FBD742970F8A94DD4FBA] - 2012-12-30 - 12:01:43 ---A- . (...) -- C:\Windows\PFRO.log [5618]
O44 - LFC:[MD5.75BB6DC1D22538207CBA4614FD8FC26A] - 2012-12-30 - 12:01:54 ---A- . (...) -- C:\Windows\ntbtlog.txt [268174]
O44 - LFC:[MD5.E001741675D7CDBD023B3EC78E409743] - 2012-12-30 - 12:02:14 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.26FC72AD76B50C9B3D24412A8606D9DD] - 2012-12-30 - 12:02:16 ---A- . (...) -- C:\Windows\setupact.log [42317]
O44 - LFC:[MD5.9ED58DE21C8D42E9D8A104347EB4939E] - 2012-12-30 - 12:05:22 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1297123]
O44 - LFC:[MD5.4D88265A595F61B4860CBC9267FE9567] - 2012-12-30 - 12:05:42 ---A- . (...) -- C:\PhysicalDisk0_MBR.bin [512]
O44 - LFC:[MD5.9EAF2F06AA660D45D5179220AA2C5BE8] - 2012-12-30 - 12:06:30 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [1549700]
O44 - LFC:[MD5.2C3B82E4B8D9F3452153B2234D904A36] - 2012-12-30 - 12:06:30 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [106388]
O44 - LFC:[MD5.6E787897E8629356821CBEF1179937EB] - 2012-12-30 - 12:06:30 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat [130754]
O44 - LFC:[MD5.6BBCEC9F83A495704E014903DBD5DDC1] - 2012-12-30 - 12:06:30 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [616008]
O44 - LFC:[MD5.BE7A8FF4DE5AC72DFA79E7CAA96AD1F3] - 2012-12-30 - 12:06:30 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat [704480]
~ Scan Files in 00mn 01s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.693096ECC99D1127E7D257E172249ACE] - 2012-12-28 - 02:08:14 ---A- - C:\Windows\Prefetch\AgAppLaunch.db
O45 - LFCP:[MD5.15FF3AB8E342D79669FA585FD28C5907] - 2012-12-28 - 02:09:11 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf
O45 - LFCP:[MD5.C4A9CE349D9FBAFEC75D4A4D6B29DB6D] - 2012-12-28 - 16:46:22 ---A- - C:\Windows\Prefetch\IGFXEXT.EXE-D5F523DB.pf
O45 - LFCP:[MD5.6D5182FEF81BC89D83FA0F4C09C75688] - 2012-12-28 - 16:53:26 ---A- - C:\Windows\Prefetch\ARA.EXE-F9E9DF84.pf
O45 - LFCP:[MD5.984CBEFEC6AD4F0F9D459311A390DDBE] - 2012-12-28 - 16:53:42 ---A- - C:\Windows\Prefetch\SDCLT.EXE-E10B972A.pf
O45 - LFCP:[MD5.A19D1B0CE448535F7C0445D6CDB80497] - 2012-12-28 - 19:57:16 ---A- - C:\Windows\Prefetch\DEFRAG.EXE-588F90AD.pf
O45 - LFCP:[MD5.BC1A5376355E234B70AD471F7DC6EC85] - 2012-12-28 - 20:00:01 ---A- - C:\Windows\Prefetch\WSQMCONS.EXE-118B52B7.pf
O45 - LFCP:[MD5.4E5806A85065E3012AC1D99FCACED155] - 2012-12-29 - 09:01:58 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-0A6AE3B2.pf
O45 - LFCP:[MD5.1C262D3D628A24509DD076A8840013DB] - 2012-12-29 - 09:01:58 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-D305612A.pf
O45 - LFCP:[MD5.28DDA4166E7C267A9B3C24D7E9A4046A] - 2012-12-29 - 09:05:13 ---A- - C:\Windows\Prefetch\ASOELNCH.EXE-A664DB6B.pf
O45 - LFCP:[MD5.1BB1966E1150458DAAEFD374D9BB4D97] - 2012-12-29 - 09:27:19 ---A- - C:\Windows\Prefetch\WMPNSCFG.EXE-FC0D39BF.pf
O45 - LFCP:[MD5.FE33136C22D505ABAEB746F7F8C9494C] - 2012-12-29 - 09:27:22 ---A- - C:\Windows\Prefetch\AgCx_SC1.db.trx
O45 - LFCP:[MD5.45FEBAA9D8C22D2BD87A69548B994CA0] - 2012-12-29 - 09:28:23 ---A- - C:\Windows\Prefetch\AgCx_SC1.db
O45 - LFCP:[MD5.82F0A9B00E5394184AE5B450D728D739] - 2012-12-29 - 09:29:23 ---A- - C:\Windows\Prefetch\POQEXEC.EXE-69592829.pf
O45 - LFCP:[MD5.F8A6C4DD6B83F4E10DD946B793B2B801] - 2012-12-29 - 16:08:05 ---A- - C:\Windows\Prefetch\SAMOYEDAGENT.EXE-230AD80D.pf
O45 - LFCP:[MD5.8664D6B96FBE110A180DA67AE3BABF1A] - 2012-12-29 - 16:08:30 ---A- - C:\Windows\Prefetch\MRI.EXE-977C572C.pf
O45 - LFCP:[MD5.19BEF5E136BCAE126898CF3A33927C6D] - 2012-12-29 - 16:08:52 ---A- - C:\Windows\Prefetch\NOBUAGENT.EXE-8FDB8677.pf
O45 - LFCP:[MD5.7FC39A89C224FF44EA8CF5E79E904958] - 2012-12-29 - 16:10:27 ---A- - C:\Windows\Prefetch\MSCONFIG.EXE-3A52734E.pf
O45 - LFCP:[MD5.87E14CF25AAA69724F38F7C019E9F332] - 2012-12-29 - 16:10:28 ---A- - C:\Windows\Prefetch\TASKMGR.EXE-5F5F473D.pf
O45 - LFCP:[MD5.C13BA7F8D676ADB79AC176DB93FB9639] - 2012-12-29 - 16:11:36 ---A- - C:\Windows\Prefetch\CONTROL.EXE-817F8F1D.pf
O45 - LFCP:[MD5.03873BE8D970A77E43661B1889B102C8] - 2012-12-29 - 16:12:13 ---A- - C:\Windows\Prefetch\SYSTEMPROPERTIESADVANCED.EXE-68C7C4F0.pf
O45 - LFCP:[MD5.CA24E960E52AD8FADEB3D7005989D16D] - 2012-12-29 - 16:12:43 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin
O45 - LFCP:[MD5.BE86584F4F01E89778FD3024B3DF6BF9] - 2012-12-29 - 18:35:29 ---A- - C:\Windows\Prefetch\IWRAP.EXE-20582B89.pf
O45 - LFCP:[MD5.0EB5E41DD93A705BAC6AFA90086B56CA] - 2012-12-29 - 18:37:06 ---A- - C:\Windows\Prefetch\DAEMONU.EXE-79EAD54C.pf
O45 - LFCP:[MD5.71A22AF317CC69688730AC423349EF8B] - 2012-12-29 - 18:37:07 ---A- - C:\Windows\Prefetch\CCSVCHST.EXE-6DAEC457.pf
O45 - LFCP:[MD5.0568B79BD49F811799AD3014BDEFCB8A] - 2012-12-29 - 18:37:08 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-DE976B47.pf
O45 - LFCP:[MD5.50638E0EA22335D19EDB80EFD8628202] - 2012-12-29 - 18:37:22 ---A- - C:\Windows\Prefetch\NOBUCLIENT.EXE-0874E89F.pf
O45 - LFCP:[MD5.B42E942D67BCCFDA473721FE96AE3D14] - 2012-12-29 - 18:42:02 ---A- - C:\Windows\Prefetch\CLTLMH.EXE-8D123476.pf
O45 - LFCP:[MD5.C343B5F4EB858A22A51EC14F006B238E] - 2012-12-29 - 18:45:09 ---A- - C:\Windows\Prefetch\IEINSTAL.EXE-9C71E8B0.pf
O45 - LFCP:[MD5.49E78CEEAB1F48A5213C6106CEC329F1] - 2012-12-29 - 18:45:12 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-5C0A7A6A.pf
O45 - LFCP:[MD5.A3606543E9953E619781679900D0D3F7] - 2012-12-29 - 18:45:22 ---A- - C:\Windows\Prefetch\REGSVR32.EXE-D5170E12.pf
O45 - LFCP:[MD5.2184E3B869A4EB17D0E42C0D77B839E5] - 2012-12-29 - 18:45:22 ---A- - C:\Windows\Prefetch\RUNONCE.EXE-0E293DD6.pf
O45 - LFCP:[MD5.20E3F20072D39D9A2FBD81E2D513A953] - 2012-12-29 - 18:47:50 ---A- - C:\Windows\Prefetch\WERMGR.EXE-0F2AC88C.pf
O45 - LFCP:[MD5.E1C5C234014BCABB484E8D6B594C8847] - 2012-12-29 - 19:00:13 ---A- - C:\Windows\Prefetch\SOFTWARE LAUNCHER.EXE-9292D60D.pf
O45 - LFCP:[MD5.876A96CAE7FAF33F32AC5E97471A9D52] - 2012-12-29 - 19:00:21 ---A- - C:\Windows\Prefetch\SOUNDALIVERUN64.EXE-53E16E97.pf
O45 - LFCP:[MD5.8441F16DD10FCC0C20D86F7B14F43384] - 2012-12-29 - 19:00:21 ---A- - C:\Windows\Prefetch\SOUNDALIVEUTILX64.EXE-BAE83784.pf
O45 - LFCP:[MD5.49049C89623FDD08791E3FC524511E60] - 2012-12-29 - 19:00:28 ---A- - C:\Windows\Prefetch\CONTROLCENTER.EXE-7C09A58C.pf
O45 - LFCP:[MD5.D35E4C46309BFB8E4EB18ED282BF0CD5] - 2012-12-29 - 19:05:21 ---A- - C:\Windows\Prefetch\EXPRESSCACHERUN64.EXE-A5A84E5B.pf
O45 - LFCP:[MD5.B3329245ACAF33D5BBB5F5929A7840E1] - 2012-12-29 - 19:13:01 ---A- - C:\Windows\Prefetch\WMIAPSRV.EXE-29F35ED0.pf
O45 - LFCP:[MD5.E33678F82039196BB78BC161F9628854] - 2012-12-29 - 19:37:57 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-DD5E21F2.pf
O45 - LFCP:[MD5.4D42B1809E0CA535B16793F013EB22DB] - 2012-12-29 - 19:49:54 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-7D7EBC64.pf
O45 - LFCP:[MD5.253A2CFFDB1293FDED926B89D2CE8451] - 2012-12-29 - 20:36:44 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-0C9AAE75.pf
O45 - LFCP:[MD5.963AB681852F27E9D98F6FA774EEE18B] - 2012-12-29 - 20:45:24 ---A- - C:\Windows\Prefetch\MMC.EXE-7308A8A3.pf
O45 - LFCP:[MD5.4263DD8AA2592B068996F22A0F942E80] - 2012-12-29 - 20:45:33 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-88E42EAD.pf
O45 - LFCP:[MD5.F99D22FA68C91CC814AE0A1A7A7F46C1] - 2012-12-29 - 20:47:45 ---A- - C:\Windows\Prefetch\IGFXSRVC.EXE-96A493A4.pf
O45 - LFCP:[MD5.96A90634F8CE78A6744C950787A72057] - 2012-12-29 - 20:48:26 ---A- - C:\Windows\Prefetch\HELPPANE.EXE-FEDC965B.pf
O45 - LFCP:[MD5.87F87451B5CAA3429EF12280DA7DA80D] - 2012-12-29 - 20:48:27 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-594C560E.pf
O45 - LFCP:[MD5.CC9E2660371F717660F6980C05E6C103] - 2012-12-29 - 20:48:32 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-82BE5716.pf
O45 - LFCP:[MD5.71971897D3F1B152F370B1418F53921C] - 2012-12-29 - 20:52:01 ---A- - C:\Windows\Prefetch\USBFIX.EXE-DF7E2C78.pf
O45 - LFCP:[MD5.853A882B1918D22F692B308BB3221FEC] - 2012-12-29 - 20:52:10 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-AF96FD2E.pf
O45 - LFCP:[MD5.8BE88F0582D544825F39AE659918ED9D] - 2012-12-29 - 20:52:10 ---A- - C:\Windows\Prefetch\WSCRIPT.EXE-9093C9D0.pf
O45 - LFCP:[MD5.BC0747DB2228B7E4EC2A566B64579171] - 2012-12-29 - 20:52:12 ---A- - C:\Windows\Prefetch\GO.EXE-0A7DE786.pf
O45 - LFCP:[MD5.4FC28AE0D5F8AF92B8C0F027D42BD6DE] - 2012-12-29 - 20:52:13 ---A- - C:\Windows\Prefetch\GREP.COM-A0F2EC80.pf
O45 - LFCP:[MD5.0ABDAA53141D73EFB0665F303EC03211] - 2012-12-29 - 20:52:22 ---A- - C:\Windows\Prefetch\HECISERVER.EXE-27DA4210.pf
O45 - LFCP:[MD5.BFF9179804D1CBF0CDB818624F09FDD5] - 2012-12-29 - 20:52:36 ---A- - C:\Windows\Prefetch\SEARCHINDEXER.EXE-4A6353B9.pf
O45 - LFCP:[MD5.441D779659DB8CF0DD471FF67C623EA9] - 2012-12-29 - 20:52:54 ---A- - C:\Windows\Prefetch\ZIP.COM-CFC974C9.pf
O45 - LFCP:[MD5.F1C292CBA6D51998B26CAA60495AAAB8] - 2012-12-29 - 20:53:04 ---A- - C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
O45 - LFCP:[MD5.ED83EF0ABB566386A4328A7174F8AAE7] - 2012-12-29 - 20:53:17 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-1605FA5B.pf
O45 - LFCP:[MD5.CD3353126F603C1309E78D7E376BB2CE] - 2012-12-29 - 20:53:22 ---A- - C:\Windows\Prefetch\SPOOLSV.EXE-D1F6B8B6.pf
O45 - LFCP:[MD5.8FCFC5A8F1DBF6818E1B6EF1269E9B3E] - 2012-12-29 - 20:55:13 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-FC4C4534.pf
O45 - LFCP:[MD5.493487FF7AB76916FA534EB46CCA8C15] - 2012-12-29 - 20:55:18 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-E653440D.pf
O45 - LFCP:[MD5.2F63A9007F9654842965067B73465A41] - 2012-12-29 - 20:58:00 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-0DA32766.pf
O45 - LFCP:[MD5.B8972BDAEAF04233CEDCA29C35922B9A] - 2012-12-29 - 20:58:00 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-C5D5084E.pf
O45 - LFCP:[MD5.0E06D70D922C8391AC10AC47B742A9DD] - 2012-12-29 - 21:29:15 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-1C37F0CA.pf
O45 - LFCP:[MD5.7A7762CBA598577747CD0078116386B8] - 2012-12-30 - 00:00:01 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-5B3E6BB2.pf
O45 - LFCP:[MD5.C44C6A8878D783FDF7B0CA2078B19F54] - 2012-12-30 - 00:00:11 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-8F6A8F43.pf
O45 - LFCP:[MD5.E1A0E7BD7E772F9B8E31476FC0313B48] - 2012-12-30 - 00:00:11 ---A- - C:\Windows\Prefetch\VSSVC.EXE-B8AFC319.pf
O45 - LFCP:[MD5.11C85933068F1822DCB526E6C5DD1D34] - 2012-12-30 - 00:30:02 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-2EE46A2D.pf
O45 - LFCP:[MD5.9E2AC4619970AAFAEA3BA6F66894727D] - 2012-12-30 - 01:00:02 ---A- - C:\Windows\Prefetch\CSC.EXE-BE9AC2DF.pf
O45 - LFCP:[MD5.F0B2E856E92BB795AD69558C6FDB5A74] - 2012-12-30 - 01:00:02 ---A- - C:\Windows\Prefetch\CVTRES.EXE-2B9D810D.pf
O45 - LFCP:[MD5.C4F262168D18CA7DC4F2292815D5B8A1] - 2012-12-30 - 01:00:02 ---A- - C:\Windows\Prefetch\PING.EXE-7E94E73E.pf
O45 - LFCP:[MD5.688DC913C321DB3924E460B349A692F9] - 2012-12-30 - 01:00:02 ---A- - C:\Windows\Prefetch\W32TM.EXE-1101AF41.pf
O45 - LFCP:[MD5.D6462C66D186F99E8E058D5C65F4E8AF] - 2012-12-30 - 01:00:03 ---A- - C:\Windows\Prefetch\SDIAGNHOST.EXE-8D72177C.pf
O45 - LFCP:[MD5.B2B3D217114AE1A2C5A18FD40B5AF5A5] - 2012-12-30 - 01:05:46 ---A- - C:\Windows\Prefetch\Layout.ini
O45 - LFCP:[MD5.78F2B20DE8F52CB4704431B4C8F0A644] - 2012-12-30 - 02:32:15 ---A- - C:\Windows\Prefetch\TASKENG.EXE-48D4E289.pf
O45 - LFCP:[MD5.B619BDE99ABB525A15751104DC67F831] - 2012-12-30 - 10:47:24 ---A- - C:\Windows\Prefetch\LOGONUI.EXE-09140401.pf
O45 - LFCP:[MD5.5DA7F063B148ED1031281C6C21EFF187] - 2012-12-30 - 10:47:57 ---A- - C:\Windows\Prefetch\DRVINST.EXE-4CB4314A.pf
O45 - LFCP:[MD5.BA190F25E7388E6B37E95DD22B71709B] - 2012-12-30 - 10:48:02 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-CCAE8CCE.pf
O45 - LFCP:[MD5.99AE295A1708FE7CAA62AA6635DF3D00] - 2012-12-30 - 10:48:07 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-1D4185F2.pf
O45 - LFCP:[MD5.F23E2A610A65A5647E771EAA8AAF8A77] - 2012-12-30 - 10:48:12 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-929A559F.pf
O45 - LFCP:[MD5.1FC9CB09B6D01021F53E7CBE929216EC] - 2012-12-30 - 10:48:17 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-9E99272C.pf
O45 - LFCP:[MD5.95C42D873ECD38C329E7C2D5CD046E2E] - 2012-12-30 - 10:48:22 ---A- - C:\Windows\Prefetch\DINOTIFY.EXE-35A869D6.pf
O45 - LFCP:[MD5.503ED62AB65AB3AA0D6432FE3CCE176E] - 2012-12-30 - 10:48:22 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-FC902B71.pf
O45 - LFCP:[MD5.27406A3F3716952C8D8EAD3E4FEDBD12] - 2012-12-30 - 10:48:23 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-2AB56DFE.pf
O45 - LFCP:[MD5.2DBCB86EB31521BA068D0DBA97E2F561] - 2012-12-30 - 10:48:33 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-4F364283.pf
O45 - LFCP:[MD5.4C67C01AD3C92781196770FF8C58762D] - 2012-12-30 - 10:48:33 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-8ECB0B0A.pf
O45 - LFCP:[MD5.3B75513AE10DCBC2F689771FEAAF83CD] - 2012-12-30 - 10:49:22 ---A- - C:\Windows\Prefetch\AgCx_SC2.db
O45 - LFCP:[MD5.6BAABF8F1FCABF7AEF7CDABCE0989489] - 2012-12-30 - 10:52:09 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-2301189805-754272816-1718501073-1001.db
O45 - LFCP:[MD5.C47C5924137F694B93A3FE4D79474589] - 2012-12-30 - 10:52:09 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-2301189805-754272816-1718501073-1001.db
O45 - LFCP:[MD5.EAD4D51FB52259BA23E845305F147238] - 2012-12-30 - 10:57:47 ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-3CC531E5.pf
O45 - LFCP:[MD5.44D37CF22979F1C02B3180F0CFD2E166] - 2012-12-30 - 10:57:49 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-1628051C.pf
O45 - LFCP:[MD5.58BC8346E43DCE2CD842E9AA014CA215] - 2012-12-30 - 10:59:43 ---A- - C:\Windows\Prefetch\CLTRT.EXE-7452F94F.pf
O45 - LFCP:[MD5.F467DDF71D04291888EA70B39449820E] - 2012-12-30 - 11:10:58 ---A- - C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf
O45 - LFCP:[MD5.018F799F0ED1BE377DD4C0304EAB188C] - 2012-12-30 - 11:11:00 ---A- - C:\Windows\Prefetch\FLASHUTIL10U_ACTIVEX.EXE-AE24378B.pf
O45 - LFCP:[MD5.A7CC0ADE42C6BECE51B605D9201A1514] - 2012-12-30 - 11:12:52 ---A- - C:\Windows\Prefetch\ZHPDIAG2.TMP-BF50E60B.pf
O45 - LFCP:[MD5.C2C96362865C530F477867680FE21B08] - 2012-12-30 - 11:15:04 ---A- - C:\Windows\Prefetch\WORDPAD.EXE-D7FD7414.pf
O45 - LFCP:[MD5.C1EDAA5AF1220B595EF899D292A63855] - 2012-12-30 - 11:40:37 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db
O45 - LFCP:[MD5.AD82F072B8B82A0284FDA89BE0DF97CC] - 2012-12-30 - 11:40:37 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db
O45 - LFCP:[MD5.B3EB15220E8075A7BF9C7C944A55F88D] - 2012-12-30 - 11:40:37 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db
O45 - LFCP:[MD5.9AFF2213F37045B46DC60DA021D98F83] - 2012-12-30 - 11:40:37 ---A- - C:\Windows\Prefetch\AgRobust.db
O45 - LFCP:[MD5.483D4D902CC4A192611DF6F4845836EC] - 2012-12-30 - 11:48:15 ---A- - C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf
O45 - LFCP:[MD5.63281797AFC4A90AA39C1A8D68ABA22C] - 2012-12-30 - 11:55:50 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-D8414F97.pf
O45 - LFCP:[MD5.48A2DECD78F650FCA5540FAF4361D5A3] - 2012-12-30 - 11:59:03 ---A- - C:\Windows\Prefetch\SYMERR.EXE-F4EEC5DC.pf
O45 - LFCP:[MD5.4C1E26739BE346F490D65DB3C20FD247] - 2012-12-30 - 12:03:25 ---A- - C:\Windows\Prefetch\CONNECTIONMANAGER.EXE-16E4A452.pf
O45 - LFCP:[MD5.533E059ED3D546B08E1646CBAF40D090] - 2012-12-30 - 12:03:25 ---A- - C:\Windows\Prefetch\DEVICEMANAGER.EXE-945D0CD2.pf
O45 - LFCP:[MD5.479560DFB4CA8E08ABFC3BEB3E89BBB7] - 2012-12-30 - 12:03:34 ---A- - C:\Windows\Prefetch\PRESENTATIONFONTCACHE.EXE-73BE9E78.pf
O45 - LFCP:[MD5.3B3FA2EDEF0AE6A3694E9522DFF22865] - 2012-12-30 - 12:03:50 ---A- - C:\Windows\Prefetch\ZHPDIAG2.EXE-CD5C5E80.pf
O45 - LFCP:[MD5.8057177BACAEE168C6C846DFF716E1C0] - 2012-12-30 - 12:04:06 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-7238F31D.pf
O45 - LFCP:[MD5.A7345D3EF799380711EDB78A7453D219] - 2012-12-30 - 12:04:18 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-57D17DAF.pf
O45 - LFCP:[MD5.21609C9929A013686B27A7D42B583F80] - 2012-12-30 - 12:04:18 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-C3C515BD.pf
O45 - LFCP:[MD5.5D809D48FD4D1CFAAF417D1EC57FBA96] - 2012-12-30 - 12:04:21 ---A- - C:\Windows\Prefetch\WCSCHEDULER.EXE-F0BE5D1B.pf
O45 - LFCP:[MD5.E6894F779AE00A4F2CA8F47C588222D6] - 2012-12-30 - 12:04:27 ---A- - C:\Windows\Prefetch\BTHSAMPPALSERVICE.EXE-D65F3E7C.pf
O45 - LFCP:[MD5.214D747AB75489F0D3F13494AEA69071] - 2012-12-30 - 12:04:28 ---A- - C:\Windows\Prefetch\BTHSSECURITYMGR.EXE-B9C50DC6.pf
O45 - LFCP:[MD5.08C3ABB6A3C8E54CFE0E0F9481B529AB] - 2012-12-30 - 12:04:28 ---A- - C:\Windows\Prefetch\SPPSVC.EXE-B0F8131B.pf
O45 - LFCP:[MD5.E62B457F866D246751694DA3375A32F3] - 2012-12-30 - 12:04:28 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-6768A320.pf
O45 - LFCP:[MD5.E5E9C8995DF0E2A6C24CF3C9B414C240] - 2012-12-30 - 12:04:29 ---A- - C:\Windows\Prefetch\LMS.EXE-8C70F87D.pf
O45 - LFCP:[MD5.92C08959A89447E262B30B4FD5FE46C9] - 2012-12-30 - 12:04:33 ---A- - C:\Windows\Prefetch\LADS.EXE-046BC4A8.pf
O45 - LFCP:[MD5.3B0571288BA7FF7A162997F5E290ED24] - 2012-12-30 - 12:04:35 ---A- - C:\Windows\Prefetch\SIGCHECK.EXE-F42FC051.pf
O45 - LFCP:[MD5.24706486BC816237829524F7852F66FE] - 2012-12-30 - 12:04:40 ---A- - C:\Windows\Prefetch\WLIDSVC.EXE-5514E75E.pf
O45 - LFCP:[MD5.161B5E098D5A386D62EDA2475BA5B00A] - 2012-12-30 - 12:04:40 ---A- - C:\Windows\Prefetch\WLIDSVCM.EXE-A6EF5B2F.pf
O45 - LFCP:[MD5.DC16E0BA4C54BD0242832F9CCF2C0143] - 2012-12-30 - 12:04:41 ---A- - C:\Windows\Prefetch\UNS.EXE-E6E49771.pf
O45 - LFCP:[MD5.B6C98A0D25CE805533F42346DD88E6FA] - 2012-12-30 - 12:04:59 ---A- - C:\Windows\Prefetch\CLMLSVC.EXE-2A642111.pf
O45 - LFCP:[MD5.77230EA93E08DF220698D09A3EA7C6BD] - 2012-12-30 - 12:05:12 ---A- - C:\Windows\Prefetch\NSLOOKUP.EXE-8DBC12C3.pf
O45 - LFCP:[MD5.E918162AFF1E473504F8D483B289D51D] - 2012-12-30 - 12:05:22 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-8049FA24.pf
O45 - LFCP:[MD5.16F4A584F4C99EBFE3860708B9995F97] - 2012-12-30 - 12:05:23 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-F44E39AD.pf
O45 - LFCP:[MD5.6BCFFB768D0D769A02FA84A0004872AE] - 2012-12-30 - 12:05:32 ---A- - C:\Windows\Prefetch\COMUPDATUS.EXE-8D36D2F0.pf
O45 - LFCP:[MD5.15BF116EAA222ADD2BC026A93D8F4C4B] - 2012-12-30 - 12:05:35 ---A- - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-77482212.pf
O45 - LFCP:[MD5.2DDB87F71D8FE89AF8C68FD27F7D10B1] - 2012-12-30 - 12:05:35 ---A- - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
O45 - LFCP:[MD5.81FB462ABC1AD0B3036604F4D2C785DA] - 2012-12-30 - 12:05:38 ---A- - C:\Windows\Prefetch\MBR.EXE-836B8DE9.pf
O45 - LFCP:[MD5.18C6806A6A80612AC5BD1C7CF176E632] - 2012-12-30 - 12:05:38 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-0A411499.pf
O45 - LFCP:[MD5.BA231844FE1621FC200DF769272DFE4A] - 2012-12-30 - 12:05:42 ---A- - C:\Windows\Prefetch\MBRCHECK.EXE-2CA9EB2F.pf
O45 - LFCP:[MD5.99B2BB12E4FA27EA954B5798E931AB03] - 2012-12-30 - 12:06:27 ---A- - C:\Windows\Prefetch\WMIADAP.EXE-F8DFDFA2.pf
O45 - LFCP:[MD5.C0881FB075272FBC136747AB62FDC8DB] - 2012-12-30 - 12:07:06 ---A- - C:\Windows\Prefetch\ZHPFIX.EXE-1A4C3389.pf
O45 - LFCP:[MD5.71A3BD9902D0707FB85B2787EBC5CB27] - 2012-12-30 - 12:08:03 ---A- - C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf
O45 - LFCP:[MD5.DB6450C6DD0EBFA0F891247E4F2B69BB] - 2012-12-30 - 12:08:08 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-0C6AD872.pf
O45 - LFCP:[MD5.D1AC50141C2D0C2C65ECB2AFD7CE04DF] - 2012-12-30 - 12:08:23 ---A- - C:\Windows\Prefetch\ZHPDIAG.EXE-0D117CAF.pf
O45 - LFCP:[MD5.721DA32C2CD5D0726D85A6F370E9ACEA] - 2012-12-30 - 12:08:32 ---A- - C:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
O45 - LFCP:[MD5.03EA9D3318B7863EF929415531B50350] - 2012-12-30 - 12:08:32 ---A- - C:\Windows\Prefetch\CONHOST.EXE-1F3E9D7E.pf
O45 - LFCP:[MD5.0D202ED5BA99B57DB7863D5E96B7C83B] - 2012-12-30 - 12:08:32 ---A- - C:\Windows\Prefetch\CSCRIPT.EXE-0FB3F22C.pf
O45 - LFCP:[MD5.B4C7BB3E7F7AB66BDF31BAC3D9B803AF] - 2012-12-30 - 12:08:32 ---A- - C:\Windows\Prefetch\PV.EXE-34B75B82.pf
O45 - LFCP:[MD5.01BF346E9B451C588AC4C63BC5F05BD1] - 2012-12-30 - 12:08:34 ---A- - C:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
~ Scan Prefetcher in 00mn 00s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l&#130;à‰diteur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\livessp.dll
~ Scan Keys in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d&#130;extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d&#130;extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ Scan CSB in 00mn 00s



---\\ MountPoints2 Shell Key (O51) (None)

---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ Scan Keys in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\BTMTrayAgent [Key] . (.Intel Corporation - Bluetooth Shell Extension.) -- C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll
O53 - SMSR:HKLM\...\startupreg\RtHDVCpl [Key] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
~ Scan SMSR Keys in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDesktopCleanupWizard"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=3
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=3
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=0
~ Scan Keys in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 2009-07-13 - 20:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
~ Scan Drivers in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC:Last File Created 1899-12-30 - 21:01:27 R-HA- C:\Users\Utilisateur\Searches\Everywhere.search-ms [248]
O61 - LFC:Last File Created 1899-12-30 - 21:01:27 R-HA- C:\Users\Utilisateur\Searches\Indexed Locations.search-ms [248]
O61 - LFC:Last File Created 2012-12-27 - 20:57:39 ----- C:\Users\Utilisateur\AppData\Roaming\Microsoft\Protect\CREDHIST [24]
O61 - LFC:Last File Created 2012-12-27 - 20:57:39 ----- C:\Users\Utilisateur\AppData\Roaming\Microsoft\Protect\S-1-5-21-2301189805-754272816-1718501073-1001\77013957-30c3-4166-b3c6-917486617443 [468]
O61 - LFC:Last File Created 2012-12-27 - 20:57:39 ----- C:\Users\Utilisateur\AppData\Roaming\Microsoft\Protect\S-1-5-21-2301189805-754272816-1718501073-1001\Preferred [24]
O61 - LFC:Last File Created 2012-12-27 - 21:01:19 ---A- C:\Users\Utilisateur\Contacts\Utilisateur.contact [44602]
O61 - LFC:Last File Created 2012-12-27 - 21:02:03 ---A- C:\Users\Utilisateur\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk [0]
O61 - LFC:Last File Created 2012-12-27 - 22:21:59 ---A- C:\Users\Utilisateur\AppData\Roaming\Skype\shared.lck [0]
O61 - LFC:Last File Created 2012-12-27 - 22:21:59 ---A- C:\Users\Utilisateur\AppData\Roaming\Skype\shared_dynco\dc.lock [0]
O61 - LFC:Last File Created 2012-12-27 - 22:21:59 ---A- C:\Users\Utilisateur\AppData\Roaming\Skype\shared_httpfe\queue.lock [0]
O61 - LFC:Last File Created 2012-12-27 - 22:22:00 ---A- C:\Users\Utilisateur\AppData\Roaming\Skype\shared_dynco\dc.db [753664]
O61 - LFC:Last File Created 2012-12-27 - 22:22:00 ---A- C:\Users\Utilisateur\AppData\Roaming\Skype\shared_dynco\dc.db-journal [718712]
O61 - LFC:Last File Created 2012-12-27 - 22:22:00 ---A- C:\Users\Utilisateur\AppData\Roaming\Skype\shared_httpfe\queue.db [36864]
O61 - LFC:Last File Created 2012-12-27 - 22:22:00 ---A- C:\Users\Utilisateur\AppData\Roaming\Skype\shared_httpfe\queue.db-journal [12824]
O61 - LFC:Last File Created 2012-12-27 - 22:22:10 ---A- C:\Users\Utilisateur\AppData\Roaming\Skype\shared.xml [1218]
O61 - LFC:Last File Created 2012-12-27 - 22:35:17 ---A- C:\Users\Utilisateur\Links\Desktop.lnk [455]
O61 - LFC:Last File Created 2012-12-27 - 22:35:17 ---A- C:\Users\Utilisateur\Links\Downloads.lnk [918]
O61 - LFC:Last File Created 2012-12-27 - 22:35:17 ---A- C:\Users\Utilisateur\Links\RecentPlaces.lnk [383]
O61 - LFC:Last File Created 2012-12-29 - 16:09:24 ---A- C:\Users\Utilisateur\AppData\Local\GDIPFONTCACHEV1.DAT [63104]
O61 - LFC:Last File Created 2012-12-29 - 20:50:34 ---A- C:\Users\Utilisateur\Downloads\UsbFix.exe [965841]
O61 - LFC:Last File Created 2012-12-29 - 20:53:04 ---A- C:\Users\Utilisateur\AppData\Local\Temp\FXSAPIDebugLogFile.txt [0]
O61 - LFC:Last File Created 2012-12-30 - 11:10:20 ---A- C:\Users\Utilisateur\Downloads\ZHPDiag2.exe [3593021]
O61 - LFC:Last File Created 2012-12-30 - 12:00:09 ---A- C:\Users\Utilisateur\AppData\Local\ZHPFixReport.txt [1834]
O61 - LFC:Last File Created 2012-12-30 - 12:00:29 ---A- C:\Users\Utilisateur\AppData\Local\Temp\nsm7321.tmp\UserInfo.dll [3584]
O61 - LFC:Last File Created 2012-12-30 - 12:02:21 ---A- C:\Users\Utilisateur\AppData\Roaming\Intel\Wireless\WLANProfiles\Profiles.enc [48]
~ Scan Files in 00mn 00s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 1.32 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ Scan ADS in 00mn 00s



---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 2011-12-27 - C:\Windows\system32\drivers\afd.sys (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD
O64 - Services: CurCS - 2012-11-30 - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx64.sys (BHDrvx64) .(.Symantec Corporation - BASH Driver.) - LEGACY_BHDRVX64
O64 - Services: CurCS - 2012-06-06 - C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys (ccSet_NIS) .(.Symantec Corporation - Common Client Settings Driver.) - LEGACY_CCSET_NIS
O64 - Services: CurCS - 2009-07-13 - C:\Windows\system32\clfs.sys (CLFS) .(.Microsoft Corporation - Common Log File System Driver.) - LEGACY_CLFS
O64 - Services: CurCS - 2012-06-02 - C:\Windows\System32\Drivers\cng.sys (CNG) .(.Microsoft Corporation - Kernel Cryptography, Next Generation.) - LEGACY_CNG
O64 - Services: CurCS - 2012-12-27 - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (eeCtrl) .(.Symantec Corporation - Symantec Eraser Control Driver.) - LEGACY_EECTRL
O64 - Services: CurCS - 2012-12-27 - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (EraserUtilRebootDrv) .(.Symantec Corporation - Symantec Eraser Utility Driver.) - LEGACY_ERASERUTILREBOOTDRV
O64 - Services: CurCS - 2011-09-23 - C:\Windows\System32\DRIVERS\excfs.sys (excfs) .(.Diskeeper Corporation - ExpressCache Filesystem Filter Driver.) - LEGACY_EXCFS
O64 - Services: CurCS - 2011-09-23 - C:\Windows\System32\DRIVERS\excsd.sys (excsd) .(.Diskeeper Corporation - ExpressCache Driver.) - LEGACY_EXCSD
O64 - Services: CurCS - 2010-11-20 - C:\Windows\system32\drivers\fvevol.sys (fvevol) .(.Microsoft Corporation - BitLocker Drive Encryption Driver.) - LEGACY_FVEVOL
O64 - Services: CurCS - 2011-11-29 - C:\Windows\System32\DRIVERS\iaStor.sys (iaStor) .(.Intel Corporation - Intel Rapid Storage Technology driver - x64.) - LEGACY_IASTOR
O64 - Services: CurCS - 2012-12-27 - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121228.001\IDSvia64.sys (IDSVia64) .(.Symantec Corporation - IDS Core Driver.) - LEGACY_IDSVIA64
O64 - Services: CurCS - 2009-07-13 - C:\Windows\System32\DRIVERS\lltdio.sys (lltdio) .(.Microsoft Corporation - Link-Layer Topology Mapper I/O Driver.) - LEGACY_LLTDIO
O64 - Services: CurCS - 2009-07-13 - C:\Windows\system32\drivers\luafv.sys (luafv) .(.Microsoft Corporation - Pilote de filtre de virtualisation de fichi.) - LEGACY_LUAFV
O64 - Services: CurCS - 2010-11-20 - C:\Windows\System32\drivers\msahci.sys (msahci) .(.Microsoft Corporation - MS AHCI 1.0 Standard Driver.) - LEGACY_MSAHCI
O64 - Services: CurCS - 2012-12-29 - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121229.017\ENG64.sys (NAVENG) .(.Symantec Corporation - AV Engine.) - LEGACY_NAVENG
O64 - Services: CurCS - 2012-12-29 - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20121229.017\EX64.sys (NAVEX15) .(.Symantec Corporation - AV Engine.) - LEGACY_NAVEX15
O64 - Services: CurCS - 2012-08-22 - C:\Windows\system32\drivers\ndis.sys (NDIS) .(.Microsoft Corporation - Pilote NDIS 6.20.) - LEGACY_NDIS
O64 - Services: CurCS - 2010-11-20 - C:\Windows\system32\drivers\netbt.sys (NetBT) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT
O64 - Services: CurCS - 2009-06-30 - C:\Windows\System32\drivers\pavboot64.sys (pavboot) .(.Panda Security, S.L. - Panda Boot Driver.) - LEGACY_PAVBOOT
O64 - Services: CurCS - 2010-11-20 - C:\Windows\System32\drivers\pacer.sys (Psched) .(.Microsoft Corporation - Planificateur de paquets QoS.) - LEGACY_PSCHED
O64 - Services: CurCS - 2011-09-22 - C:\windows\system32\Drivers\SABI.sys (SABI) .(.SAMSUNG ELECTRONICS - SAMSUNG Kernel Driver.) - LEGACY_SABI
O64 - Services: CurCS - 1899-12-30 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
O64 - Services: CurCS - 2012-07-05 - C:\Windows\system32\Drivers\NISx64\1309000.009\SRTSP64.sys (SRTSP) .(.Symantec Corporation - Symantec AutoProtect.) - LEGACY_SRTSP
O64 - Services: CurCS - 2012-07-05 - C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.sys (SRTSPX) .(.Symantec Corporation - Symantec AutoProtect.) - LEGACY_SRTSPX
O64 - Services: CurCS - 2011-04-28 - C:\Windows\System32\DRIVERS\srvnet.sys (srvnet) .(.Microsoft Corporation - Server Network driver.) - LEGACY_SRVNET
O64 - Services: CurCS - 2011-07-25 - C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.sys (SymDS) .(.Symantec Corporation - Symantec Data Store.) - LEGACY_SYMDS
O64 - Services: CurCS - 2012-05-21 - C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.sys (SymEFA) .(.Symantec Corporation - Symantec Extended File Attributes.) - LEGACY_SYMEFA
O64 - Services: CurCS - 2012-12-27 - C:\windows\system32\Drivers\SYMEVENT64x86.sys (SymEvent) .(.Symantec Corporation - Symantec Event Library.) - LEGACY_SYMEVENT
O64 - Services: CurCS - 2012-04-17 - C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.sys (SymIRON) .(.Symantec Corporation - Iron Driver.) - LEGACY_SYMIRON
O64 - Services: CurCS - 2012-04-17 - C:\Windows\system32\Drivers\NISx64\1309000.009\SYMNETS.sys (SymNetS) .(.Symantec Corporation - Network Security Driver.) - LEGACY_SYMNETS
O64 - Services: CurCS - 2009-07-13 - C:\Windows\system32\drivers\vga.sys (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE
O64 - Services: CurCS - 2011-02-25 - C:\Windows\System32\drivers\volsnap.sys (volsnap) .(.Microsoft Corporation - Pilote de cliché instantané du volume.) - LEGACY_VOLSNAP
O64 - Services: CurCS - 2009-07-13 - C:\Windows\system32\rascfg.dll (Wanarpv6) .(.Microsoft Corporation - Objets de configuration RAS.) - LEGACY_WANARPV6
~ Scan Services in 00mn 00s



---\\ Liste des fichiers non signés (O65) (None)

---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d&#130;événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - à‰diteur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d&#130;événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - à‰diteur du Registre.) -- C:\Windows\regedit.exe
~ Scan Keys in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)
~ Scan Keys in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com" onclick="window.open(this.href);return false;
~ Scan Keys in 00mn 00s



---\\ Recherche des services démarrés par Svchost (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d&#130;application.) -- C:\Windows\System32\aelupsvc.dll [72192]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à  puce Microsoft.) -- C:\Windows\System32\certprop.dll [80384]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à  puce Microsoft.) -- C:\Windows\System32\certprop.dll [80384]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\System32\srvsvc.dll [236032]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\System32\gpsvc.dll [777728]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\System32\ikeext.dll [853504]
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\System32\Audiosrv.dll [679424]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d&#130;accès distant.) -- C:\Windows\System32\rasauto.dll [99328]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d&#130;accès distant.) -- C:\Windows\System32\rasmans.dll [344064]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d&#130;interface dynamique.) -- C:\Windows\System32\mprdim.dll [97792]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d&#130;événements système (SENS).) -- C:\Windows\System32\sens.dll [64512]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l&#130;application d&#130;assistance à  Microsoft NAT.) -- C:\Windows\System32\ipnathlp.dll [359424]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows(TM).) -- C:\Windows\System32\tapisrv.dll [316928]
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes du serveur hôte de session Burea.) -- C:\Windows\System32\termsrv.dll [680960]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à  jour automatique Windows Update.) -- C:\Windows\System32\wuaueng.dll [2428952]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\System32\qmgr.dll [849920]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\System32\shsvcs.dll [370688]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\System32\iphlpsvc.dll [569344]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d&#130;ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [30720]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d&#130;application.) -- C:\Windows\System32\appinfo.dll [70656]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\System32\iscsiexe.dll [156672]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\System32\mmcss.dll [67584]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [242688]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à  distance.) -- C:\Windows\System32\sessenv.dll [121856]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d&#130;ordinateurs.) -- C:\Windows\System32\browser.dll [136704]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\System32\eapsvc.dll [111104]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tà¢ches.) -- C:\Windows\System32\schedsvc.dll [1110016]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\System32\kmsvc.dll [90624]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\System32\wercplsupport.dll [84480]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [209920]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\System32\themeservice.dll [44544]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\System32\bdesvc.dll [100864]
~ Scan Services in 00mn 00s

---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "WMPNSS-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-Out-UDP" |Out - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-In-UDP" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-Out-UDP-NoScope" |Out - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-In-UDP-NoScope" |In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "NetPres-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-WSD-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-WSD-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "NetPres-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.)
O87 - FAEL: "{99B306E6-FD85-410F-ABAE-2189E5DE4206}" | In - Public - P6 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O87 - FAEL: "{84149A83-33C0-4EC9-AD89-6DEA21A75B85}" | In - Public - P17 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O87 - FAEL: "{1FA04277-374E-459D-AC15-1143FC85507C}" | In - None - P17 - TRUE | .(.Pas de propriétaire - Wireless PAN DHCP and DNS Server.) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O87 - FAEL: "{BD16D65F-D552-44FA-9D37-9BD5879A6191}" | In - None - P17 - TRUE | .(.Intel Corporation - WiDiApp.) -- C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
O87 - FAEL: "{09F0F459-33F2-4DED-8AEE-B56C9EFD81A1}" | In - None - P17 - TRUE | .(.CyberLink Corp. - Media+Player 10.0.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10.exe
O87 - FAEL: "{E4E932B8-0210-41ED-80B0-84103A7DEC8A}" | In - None - P17 - TRUE | .(.CyberLink Corp. - PowerDirector.) -- C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.exe
O87 - FAEL: "{CC5053BD-2B87-454E-9400-D7040655915B}" | In - Public - P6 - TRUE | .(.Musiccity Co.Ltd. - MUZAoDApp Module.) -- C:\Windows\SysWOW64\muzapp.exe
O87 - FAEL: "{245D588F-ABF0-4556-BDB9-306FBEDFE7E2}" | In - Public - P17 - TRUE | .(.Musiccity Co.Ltd. - MUZAoDApp Module.) -- C:\Windows\SysWOW64\muzapp.exe
O87 - FAEL: "{684431D4-DAEC-48EC-A61C-667103642F1F}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
~ Scan Firewall in 00mn 00s



---\\ Scan Additionnel (O88)
Database Version : 10233 - (2012-12-30)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent
[HKLM\Software\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
[HKLM\Software\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}] =>Toolbar.Agent
[HKCU\Software\{B2CB09FF-2453-4f85-9F40-21C05BE4CBA8}] =>Trojan.Agent
~ Scan Additionnel in 00mn 07s


---\\ Recherche détournement de DNS routeur (O89) (None)
Suite et fin du rapport ZHPDiag dans le message suivante
Avatar du membre
par Phenix
#1298
Rapport ZHPDiag - Partie 3 de 3 :
Code: Tout sélectionner
---\\ Product Upgrade Codes (O90)
O90 - PUC: "00004159070000000000000000F01FEC" . (.Microsoft Office 2010.) -- C:\windows\Installer\{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe
O90 - PUC: "076CFAAAB965F2A4284B2449E5D03EFE" . (.Windows Live Writer.) -- C:\windows\Installer\{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}\ApplicationIcon.ico
O90 - PUC: "098990BCF5D15D11E99A0005AB3E711E" . (.PowerDirector.) -- C:\windows\Installer\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\ARPPRODUCTICON.exe
O90 - PUC: "1038C85769625584FA5435B4210089A0" . (.Samsung Kies.) -- C:\windows\Installer\{758C8301-2696-4855-AF45-534B1200980A}\ARPPRODUCTICON.exe
O90 - PUC: "11F12B5E3396B0E42AC597363E0CD711" . (.Windows Live Messenger.) -- C:\windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe
O90 - PUC: "1D034B0FAA6BD374B960AAD30DF10D8B" . (.Microsoft SQL Server 2005 Compact Edition [ENU].) -- C:\windows\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}\ProductIcon
O90 - PUC: "1F5F837007E86A9468295F27E2E1A5D4" . (.Easy Support Center.) -- C:\windows\Installer\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}\_853F67D554F05449430E7E.exe
O90 - PUC: "25BD30E1BC5D83343A835E62DDD4D41B" . (.Bing Bar.) -- C:\windows\Installer\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}\icon_installer_ico
O90 - PUC: "2A7527EE2A93F2D4D9CA9F2FB5A81E8D" . (.Skypeâ„¢ 5.10.) -- C:\windows\Installer\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}\SkypeIcon.exe
O90 - PUC: "2C5B057B71CC769409B5924FBE891613" . (.Software Launcher.) -- C:\windows\Installer\{B750B5C2-CC17-4967-905B-29F4EB986131}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "38E1FB04BE028D11795C00905C206085" . (.Power2Go.) -- C:\windows\Installer\{40BF1E83-20EB-11D8-97C5-0009C5020658}\ARPPRODUCTICON.exe
O90 - PUC: "4195BD842778D2748BFD2E90B25E896F" . (.Adobe Flash Player 10 ActiveX.) -- C:\windows\Installer\{48DB5914-8772-472D-B8DF-E2092BE598F6}\ARPPRODUCTICON.exe
O90 - PUC: "42C6FBF1DF1C10144AB2C065F4E9E897" . (.PowerStarter.) -- C:\windows\Installer\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\ARPPRODUCTICON.exe
O90 - PUC: "4C7CBF4313DC39D44A82E025E4CA5468" . (.Media+Player.) -- C:\windows\Installer\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}\ARPPRODUCTICON.exe
O90 - PUC: "4DB6E0C21B5628E42BCA34FECFF801C0" . (.Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed.) -- C:\windows\Installer\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}\IntelBluetoothICO
O90 - PUC: "52918F211C3FBD04197F778771793491" . (.Easy File Share.) -- C:\windows\Installer\{12F81925-F3C1-40DB-91F7-777817974319}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "6FD66A043D225B447A3D381B812A0CCD" . (.Norton Online Backup.) -- C:\windows\Installer\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}\MainIcon.ico
O90 - PUC: "8994BF104C33134458DE70E9E3FE7ED5" . (.YouCam.) -- C:\windows\Installer\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\ARPPRODUCTICON.exe
O90 - PUC: "9582390F06AAE9548B34B0EDAC432E7C" . (.Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology.) -- C:\windows\Installer\{F0932859-AA60-459E-B843-0BDECA34E2C7}\IntelBluetoothICO
O90 - PUC: "AE851E081817EF047A1003C16EEB46BA" . (.MediaShow.) -- C:\windows\Installer\{80E158EA-7181-40FE-A701-301CE6BE64AB}\ARPPRODUCTICON.exe
O90 - PUC: "C5C43F39AACA3F84B9620753A911F721" . (.Intel(R) WiDi.) -- C:\windows\Installer\{93F34C5C-ACAA-48F3-9B26-70359A117F12}\ARPPRODUCTICON.exe
O90 - PUC: "D7314F9862C648A4DB8BE2A5B47BE100" . (.Microsoft Silverlight.) -- C:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ARPIcon
O90 - PUC: "DD6577FDA6563C54AB174776E328959A" . (.Intel® PROSet/Wireless WiFi Software.) -- C:\windows\Installer\{DF7756DD-656A-45C3-BA71-74673E8259A9}\ARPPRODUCTICON.exe
O90 - PUC: "EDD0BE9FC13998E4692BED2868DEAFC6" . (.ExpressCache.) -- C:\windows\Installer\{F9EB0DDE-931C-4E89-96B2-DE8286EDFA6C}\ARPPRODUCTICON.exe
O90 - PUC: "F9A84C6AA49643243BAA2695B0669872" . (.Intel(R) Manageability Engine Firmware Recovery Agent.) -- C:\windows\Installer\{A6C48A9F-694A-4234-B3AA-62590B668927}\AppIcon
~ Scan Files in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 2011-12-04 659968 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SS - | Demand 2011-03-01 183560 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe
SS - | Disabled 2011-12-19 1014096 | (Bluetooth Device Monitor) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
SS - | Disabled 2011-12-19 1304912 | (Bluetooth Media Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
SS - | Disabled 2011-12-19 1104208 | (Bluetooth OBEX Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
SR - | Auto 2011-12-04 135952 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SS - | Demand 2012-02-02 274200 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SR - | Auto 2011-12-07 618256 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 2011-09-23 79664 | (ExpressCache) . (.Diskeeper Corporation.) - C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
SS - | Disabled 2010-06-03 246520 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
SR - | Auto 2012-02-02 628448 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 128280 | (Intel(R) ME Service) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 2012-02-07 161560 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 2012-02-07 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SS - | Disabled 273168 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SR - | Auto 2012-06-15 138272 | (NIS) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
SS - | Disabled 2010-06-01 2804568 | (NOBU) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
SR - | Auto 2012-01-28 889664 | (nvsvc) . (.NVIDIA Corporation.) - C:\windows\system32\nvvsvc.exe
SR - | Auto 2012-02-01 2458944 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 2011-12-07 148752 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 31624 | (SamsungDeviceConfigurationWinService) . (...) - C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
SR - | Auto 2011-02-24 249648 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.exe
SS - | Disabled 2012-07-13 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 2012-02-07 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 2011-03-01 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 2011-03-01 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 2011-12-07 594704 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Scan Services in 00mn 00s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net" onclick="window.open(this.href);return false;
Run by Utilisateur at 2012-12-30 12:09:18

device: opened successfully
user: error reading MBR

Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR
~ Scan MBR in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog" onclick="window.open(this.href);return false;
Run by Utilisateur at 2012-12-30 12:09:20

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ Scan MBR in 00mn 04s



End of the scan (1164 lines in 00mn 49s)(0)


======
Encore une fois, dans l'attente vos recommandations, je vous remercie d'avance pour votre aide.

Phenix
Avatar du membre
par Invité
#1320
Bonjour,

C'eà»t été bien gentil de votre part de m'aider avec ce problème urgent mais puisque je n'ai pas eu la chance de profiter de votre aide bien que ce soit le seul forum sur lequel j'avais enregistré ma demande, j'ai procédé à  une réinstallation complète après avoir remis mes disques à  zéro.

Maintenant, ni USBFix, ni ZHPScan ne montre de signes d'infections. :)

Pour ceux que cela pourra aider, le problème du Trojan.Alert (ZHPScan - clé de registre [HKCU\Software\{B2CB09FF-2453-4f85-9F40-21C05BE4CBA8}]) provient du driver Intel USB 3.0 extensible Host Controller 1.0.1.209 pour Windows 7. à‰tait-ce un faux positif ? Je ne saurais vous dire ... La seule chose demeure que mon ordinateur se porte mieux et qu'il n'a pas besoin de ce driver pour bien prendre en charge les disques USB 3.0.

Bonne continuation à  tous

Phenix
#1321
salut ZHPH est bon pour un diag mais basta ! il est plein de FP en detections c'est un peu comme le robot de hijackthis mais en moins farfelu

Bonsoir, Déplacez vos données per[…]

[El Magnifico] virus ou pas

Re, Démarrez en mode sans echec, et lance[…]

Plus de nouvelles problème résolu […]

Bonjour tu as ouvert un autre sujet dans la partie[…]