Virus transformant contenu des clés USB en raccourcis Réparation PC

Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
 Sujet verrouillé
  • Avatar du membre
  • Avatar du membre
Avatar du membre

Re: Virus transformant contenu des clés USB en raccourcis

par Evasion60
 jeu. 22 mai 2014 09:54 #149127
:hello: Bonjour, et :welcome: sur SoSVirus

/!\ Je vais t'assister au cours de cette désinfection. Si tu es d'accord, on va fixer quelques règles pour que la désinfection soit efficace
•Si tu as ouvert un sujet similaire sur un autre forum, merci de me prévenir afin que je ne fasse pas de recherches inutiles et par souci d'efficacité (on ne prend pas rendez-vous dans 2 garages pour le même problème mécanique)
•Si tu as des cracks ou des keygens, tu les supprimes
•Si tu as un windows illégal, je ne désinfecte pas
•Tu poursuis la désinfection jusqu'au bout, même si tu constates une amélioration rapide, et de préférence sur un temps restreint (pas une réponse tous les 3 jours), sinon, cela ne sert à  rien
•La désinfection comprend un diagnostic, un nettoyage, la suppression des outils utilisés et des conseils pour éviter des ré-infections futures, mettre le système à  jour, créer des sauvegardes etc...
•Quelques-uns des outils utilisés peuvent faire réagir certains antivirus, car ils sont puissants et destructeurs s'ils sont mal utilisés
•Pour me permettre d'établir un diagnostic, peux-tu suivre les consignes ci dessous, et éditer les trois rapports demandés ? (Adwcleaner, malwarebyte's et ZHPDiag)
•Si tu as des questions, n'hésite pas

Dans un premier temps =>

Télécharge UsbFix => https://www.usbfix.net/?wpdmdl=497 de El Desaparecido, sur ton Bureau
/!\ Si tu as une alerte de ton antivirus, désactive le temporairement, le temps du téléchargement

* Branche tes supports USB externes (clé, disque dur, carte SD, etc...), sans les ouvrir
Clic droit sur l'icône UsbFix sur ton bureau et Exécuter en tant qu'administrateur

Clique sur le bouton Nettoyage/Suppression

/!\ Si blocage de l'outil dans ce mode
Démarre en mode sans échec avec prise en charge du réseau => https://www.sosvirus.net/mode-sans-echec ... t1391.html

Image

Poste le rapport qui va s'ouvrir

:)
Avatar du membre

Re: Virus transformant contenu des clés USB en raccourcis

par bonaparte75
 jeu. 22 mai 2014 10:47 #149152
Voici le rapport USBfix

############################## | UsbFix V 7.171 | [Nettoyage]

Utilisateur: Administrateur (Administrateur) # DELLUP1-4WT634J
Mis à  jour le 18/05/2014 par El Desaparecido - SosVirus
Lancé à  10:32:58 | 22/05/2014

Site Web : https://www.usbfix.net/
Changelog : https://www.usbfix.net/maj/
Assistance : https://www.sosvirus.net/forum-virus-securite.html
Upload Malware : https://www.sosvirus.net/upload_malware.php
Contact : https://www.usbfix.net/contact/

PC: Dell Inc. (0RX493)
CPU: Processeur Intel Pentium III Xeon
RAM -> [Total : 2000 Mo| Free : 455 Mo]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702
WB: Mozilla Firefox : 1.9.2.12

SC: Security Center [Enabled]
WU: Windows Update [Enabled]

FW: Windows FireWall [Enabled]
AS: Malwarebytes' Anti-Malware : 1.46.0001

C:\ (%SystemDrive%) -> Disque fixe # 56 Go (30 Go libre(s) - 53%) [Systeme] # NTFS
D:\ -> Disque fixe # 56 Go (50 Go libre(s) - 89%) [Utilisateur] # NTFS
E:\ -> CD-ROM

################## | Processus Stoppés |

C:\WINDOWS\system32\spoolsv.exe (ID: 604|ParentID: 1428|SYSTEM)
C:\drivers\audio\R190031\stacsv.exe (ID: 676|ParentID: 1428|SYSTEM)
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (ID: 764|ParentID: 1428|SYSTEM)
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (ID: 876|ParentID: 1428|SYSTEM)
C:\WINDOWS\system32\scardsvr.exe (ID: 892|ParentID: 1428|SERVICE LOCAL)
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (ID: 1220|ParentID: 1428|SYSTEM)
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (ID: 328|ParentID: 1428|SYSTEM)
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (ID: 360|ParentID: 1428|SYSTEM)
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (ID: 412|ParentID: 1428|SYSTEM)
C:\Program Files\Canon\IJPLM\ijplmsvc.exe (ID: 808|ParentID: 1428|SYSTEM)
C:\Program Files\Java\jre6\bin\jqs.exe (ID: 836|ParentID: 1428|SYSTEM)
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe (ID: 1168|ParentID: 1428|SYSTEM)
C:\Program Files\OCS Inventory Agent\OcsService.exe (ID: 2024|ParentID: 1428|SYSTEM)
C:\WINDOWS\explorer.exe (ID: 2352|ParentID: 2276|Administrateur)
C:\WINDOWS\system32\ctfmon.exe (ID: 2880|ParentID: 2352|Administrateur)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID: 2896|ParentID: 2696|Administrateur)
C:\WINDOWS\system32\wdfmgr.exe (ID: 2984|ParentID: 1428|SERVICE LOCAL)
C:\Program Files\UPHClean\uphclean.exe (ID: 3064|ParentID: 1428|SYSTEM)
C:\WINDOWS\system32\wscript.exe (ID: 3084|ParentID: 2820|Administrateur)
C:\Program Files\Skype\Phone\Skype.exe (ID: 3864|ParentID: 2352|Administrateur)
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (ID: 3976|ParentID: 2352|Administrateur)
C:\WINDOWS\system32\alg.exe (ID: 2064|ParentID: 1428|SERVICE LOCAL)
C:\Program Files\Mozilla Firefox\firefox.exe (ID: 3944|ParentID: 2352|Administrateur)
C:\WINDOWS\system32\wscript.exe (ID: 3556|ParentID: 2872|Administrateur)
C:\WINDOWS\system32\wuauclt.exe (ID: 2148|ParentID: 1872|Administrateur)

################## | Autorun |


################## | Recherche générique |

Supprimé! C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\iTunesHelper.vbe
Supprimé! C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\BBuJUuKs.vbs
Supprimé! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iTunesHelper.vbe
Supprimé! C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BBuJUuKs.vbs
Supprimé! C:\Documents and Settings\Utilisateur\Local Settings\Temp\BBuJUuKs.vbs
Supprimé! C:\Documents and Settings\Utilisateur\Local Settings\Temp\iTunesHelper.vbe
Supprimé! C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\BBuJUuKs.vbs
Supprimé! C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\iTunesHelper.vbe

(!) Fichiers temporaires supprimés.

################## | Registre |

Supprimé! HKLM\Software\BBuJUuKs
Supprimé! HKLM\Software\iTunesHelper
Supprimé! HKU\S-1-5-21-3337138972-799123264-1414335551-500\Software\Microsoft\Windows\CurrentVersion\Run|BBuJUuKs
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|BBuJUuKs
Supprimé! HKU\S-1-5-21-3337138972-799123264-1414335551-500\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper
Supprimé! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|iTunesHelper

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-19\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-20\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-21-3337138972-799123264-1414335551-500\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-21-3337138972-799123264-1414335551-500\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-18\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

################## | UsbFix - Information |

UsbFix a détecté sur votre ordinateur, une infection qui dispose d'une fonction de Keylogger.
Après désinfection par UsbFix, veuillez modifier tous vos mots de passe.
Si vous avez effectué des achats sur internet,
veuillez contacter votre banque afin d'envisager une opposition sur votre carte bancaire.

Info (Fr) : https://www.sosvirus.net/infection-dinih ... t4852.html
Info (Fr) : https://www.sosvirus.net/les-infections- ... t4948.html

################## | C:\ %SystemDrive% - Disque Fixe (NTFS) |

[08/06/2010 - 11:07:50 | N | 0 Ko] - C:\mbam-error.txt
[03/10/2008 - 13:45:46 | RASH | 0 Ko] - C:\MSDOS.SYS
[03/10/2008 - 13:45:46 | N | 0 Ko] - C:\CONFIG.SYS
[03/10/2008 - 13:45:46 | RASH | 0 Ko] - C:\IO.SYS
[22/05/2014 - 10:18:43 | ASH | 2095104 Ko] - C:\pagefile.sys
[22/02/2010 - 12:36:09 | N | 0 Ko] - C:\sqmnoopt06.sqm
[22/02/2010 - 12:36:09 | N | 0 Ko] - C:\sqmdata06.sqm
[23/02/2010 - 13:31:06 | N | 0 Ko] - C:\sqmnoopt07.sqm
[23/02/2010 - 13:31:06 | N | 0 Ko] - C:\sqmdata07.sqm
[25/02/2010 - 12:56:08 | N | 0 Ko] - C:\sqmnoopt08.sqm
[25/02/2010 - 12:56:08 | N | 0 Ko] - C:\sqmdata08.sqm
[02/04/2010 - 09:49:07 | N | 0 Ko] - C:\sqmnoopt09.sqm
[02/04/2010 - 09:49:07 | N | 0 Ko] - C:\sqmdata09.sqm
[09/04/2010 - 12:20:15 | N | 0 Ko] - C:\sqmnoopt10.sqm
[09/04/2010 - 12:20:15 | N | 0 Ko] - C:\sqmdata10.sqm
[09/04/2010 - 15:56:42 | N | 0 Ko] - C:\sqmnoopt11.sqm
[09/04/2010 - 15:56:42 | N | 0 Ko] - C:\sqmdata11.sqm
[09/04/2010 - 16:27:45 | N | 0 Ko] - C:\sqmnoopt12.sqm
[09/04/2010 - 16:27:45 | N | 0 Ko] - C:\sqmdata12.sqm
[12/05/2010 - 12:09:34 | N | 0 Ko] - C:\sqmnoopt13.sqm
[12/05/2010 - 12:09:34 | N | 0 Ko] - C:\sqmdata13.sqm
[19/05/2010 - 19:27:19 | N | 0 Ko] - C:\sqmdata14.sqm
[19/05/2010 - 19:27:19 | N | 0 Ko] - C:\sqmnoopt14.sqm
[28/05/2010 - 11:01:03 | N | 0 Ko] - C:\sqmnoopt15.sqm
[28/05/2010 - 11:01:03 | N | 0 Ko] - C:\sqmdata15.sqm
[08/06/2010 - 11:02:39 | N | 0 Ko] - C:\sqmnoopt16.sqm
[08/06/2010 - 11:02:39 | N | 0 Ko] - C:\sqmdata16.sqm
[10/09/2010 - 14:47:28 | N | 0 Ko] - C:\sqmnoopt17.sqm
[10/09/2010 - 14:47:28 | N | 0 Ko] - C:\sqmdata17.sqm
[21/09/2010 - 15:20:01 | N | 0 Ko] - C:\sqmnoopt18.sqm
[21/09/2010 - 15:20:01 | N | 0 Ko] - C:\sqmdata18.sqm
[12/11/2010 - 15:33:57 | N | 0 Ko] - C:\sqmnoopt19.sqm
[12/11/2010 - 15:33:57 | N | 0 Ko] - C:\sqmdata19.sqm
[19/11/2010 - 15:23:14 | N | 0 Ko] - C:\sqmnoopt00.sqm
[19/11/2010 - 15:23:14 | N | 0 Ko] - C:\sqmdata00.sqm
[06/12/2010 - 14:19:37 | N | 0 Ko] - C:\sqmnoopt01.sqm
[06/12/2010 - 14:19:37 | N | 0 Ko] - C:\sqmdata01.sqm
[10/12/2010 - 18:18:14 | N | 0 Ko] - C:\sqmnoopt02.sqm
[10/12/2010 - 18:18:14 | N | 0 Ko] - C:\sqmdata02.sqm
[16/12/2010 - 10:27:07 | N | 0 Ko] - C:\sqmnoopt03.sqm
[16/12/2010 - 10:27:07 | N | 0 Ko] - C:\sqmdata03.sqm
[16/03/2011 - 13:47:42 | N | 0 Ko] - C:\sqmnoopt04.sqm
[16/03/2011 - 13:47:42 | N | 0 Ko] - C:\sqmdata04.sqm
[19/05/2011 - 17:50:18 | N | 0 Ko] - C:\sqmnoopt05.sqm
[19/05/2011 - 17:50:18 | N | 0 Ko] - C:\sqmdata05.sqm
[13/03/2012 - 16:13:19 | D] - C:\Config.Msi
[08/12/2008 - 15:32:37 | RASH | 0 Ko] - C:\boot.ini
[03/08/2004 - 22:38:34 | N | 46 Ko | VirusTotal - (0/52)] - C:\NTDETECT.COM
[28/09/2001 - 14:00:00 | N | 5 Ko] - C:\Bootfont.bin
[03/10/2008 - 13:45:46 | A | 0 Ko] - C:\AUTOEXEC.BAT
[21/10/2008 - 12:09:58 | D] - C:\Documents and Settings
[03/12/2008 - 19:13:10 | D] - C:\drivers
[03/12/2008 - 19:28:38 | D] - C:\dell
[08/12/2008 - 15:32:59 | SHD] - C:\System Volume Information
[08/12/2008 - 16:29:44 | RASH | 246 Ko] - C:\ntldr
[08/12/2008 - 16:43:38 | RHD] - C:\MSOCache
[10/12/2008 - 13:02:23 | SHD] - C:\RECYCLER
[07/10/2013 - 10:43:18 | D] - C:\Program Files
[05/11/2013 - 18:58:29 | D] - C:\MDT
[22/05/2014 - 10:20:02 | D] - C:\WINDOWS
[22/05/2014 - 10:32:15 | D] - C:\UsbFix

################## | D:\ - Disque Fixe (NTFS) |

[07/10/2008 - 11:52:57 | D] - D:\Documents partagés
[07/10/2008 - 13:15:15 | RHD] - D:\MSOCache
[21/10/2008 - 11:35:12 | SHD] - D:\System Volume Information
[15/12/2008 - 14:19:37 | SHD] - D:\RECYCLER
[14/05/2009 - 10:10:39 | D] - D:\ee590ce3e45b6d1f5273b060b6106a
[28/06/2013 - 12:36:26 | D] - D:\utilisateur

################## | Vaccin |

D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.sosvirus.net/ | https://www.usbfix.net/ |
Avatar du membre

Re: Virus transformant contenu des clés USB en raccourcis

par bonaparte75
 jeu. 22 mai 2014 11:04 #149162
Rapport AdwCleaner

# AdwCleaner v3.210 - Rapport créé le 22/05/2014 à  10:56:10
# Mis à  jour le 19/05/2014 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : Administrateur - DELLUP1-4WT634J
# Exécuté depuis : C:\Documents and Settings\Administrateur\Bureau\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Fichier Supprimé : C:\Program Files\Mozilla Firefox\.autoreg

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKCU\Software\YahooPartnerToolbar

***** [ Navigateurs ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v3.6.12 (fr)

[ Fichier : C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\l4ltrqo3.default\prefs.js ]


[ Fichier : C:\Documents and Settings\CRIR\Application Data\Mozilla\Firefox\Profiles\l4ltrqo3.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1103 octets] - [22/05/2014 10:55:45]
AdwCleaner[S0].txt - [1027 octets] - [22/05/2014 10:56:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1087 octets] ##########
Avatar du membre

Re: Virus transformant contenu des clés USB en raccourcis

par bonaparte75
 jeu. 22 mai 2014 11:21 #149174
Rapport Malwarebytes

Malwarebytes Anti-Malware
https://www.malwarebytes.org

Scan Date: 22/05/2014
Scan Time: 11:06:16
Logfile: m.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.22.04
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrateur

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 304792
Time Elapsed: 7 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUM.Hijack.StartMenu, HKU\S-1-5-21-3337138972-799123264-1414335551-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|StartMenuLogoff, 1, Good: (0), Bad: (1),Replaced,[1e4e064e443761d5433faea18381926e]

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Avatar du membre

Re: Virus transformant contenu des clés USB en raccourcis

par bonaparte75
 jeu. 22 mai 2014 11:52 #149195
Rapport ZHPDiag

~ Rapport de ZHPDiag v2014.5.21.70 - Nicolas Coolman (21/05/2014)
~ Lancé par Administrateur (22/05/2014 11:23:57)
~ Adresse du Site Web https://nicolascoolman.webs.com
~ Blog d'analyse software : https://nicolascoolman.byethost7.com
~ Forums gratuits d'Assistance à  la désinfection : https://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox v3.6.12 (fr) (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Logiciels de protection du système
Malwarebytes' Anti-Malware
Malwarebytes Anti-Malware version 2.0.2.1012
Symantec AntiVirus v10.1.394.0
McAfee Security Scan Plus v3.0.318.3

---\\ Logiciels d'optimisation du système
CCleaner v3.06

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader 9.4.0 - Français

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1999 MB (47% free)
System Restore: Activé (Enable)
System drive C: has 30 GB (52%) free of 56 GB

---\\ Mode de connexion au système
~ Computer Name: DELLUP1-4WT634J
~ User Name: Administrateur
~ All Users Names: Utilisateur, SUPPORT_388945a0, HelpAssistant, CRIR, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Administrateur\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Administrateur\Application Data\
~ %Desktop% : C:\Documents and Settings\Administrateur\Bureau\
~ %Favorites% : C:\Documents and Settings\Administrateur\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Administrateur\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Administrateur\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 30 Go of 56 Go)
D: Hard drive, Flash drive, Thumb drive (Free 50 Go of 56 Go)
E: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 42 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.7DF35C3D173E799F97F208CC5F3B1C93] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/08/2011 - 00:41:31.) -- C:\WINDOWS\system32\wininet.dll [916480]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 1/14
~ Mon Bureau (My Desktop) : 0/22
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.12898D947CFCB36CB7A43E8F86A53CBC] - (.IDT, Inc. - IDT PC Audio.) -- c:\drivers\audio\r190031\stacsv.exe [221273] [PID.672]
[MD5.5B0C32A596FDD0AAA10E147E4D71E086] - (.Broadcom Corporation - Host Control Application.) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [808296] [PID.856]
[MD5.14CE9DEC178A24356BC2FDE8CE586D80] - (.Broadcom Corporation - Host Storage Application.) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [21352] [PID.872]
[MD5.142EB9DFED214C274D862D3D17E4498B] - (.Smith Micro Software, Inc. - SMManager Application.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [69632] [PID.1280]
[MD5.7591238EBF7DD1FD13B353C382227DC3] - (.Broadcom Corporation - Broadcom ASF IP and SMBIOS Mailbox Monitor.) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79432] [PID.1560]
[MD5.D48148110AE078CB7221D0FCF20ADFEC] - (.Broadcom Corporation. - Bluetooth Support Server.) -- c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [342624] [PID.684]
[MD5.4749020C47AA0F13F256D8F694751812] - (.Dell Inc. - Dell ControlPoint - Button Service.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [386328] [PID.704]
[MD5.324318BD026AA58E3EA8C23647ADE1C3] - (.Symantec Corporation - Symantec Settings Manager Service.) -- C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe [169632] [PID.744]
[MD5.9C6809FA4C3EF528E3266879F4A8E669] - (.Symantec Corporation - Virus Definition Daemon.) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe [30352] [PID.772]
[MD5.51516252DBBFED36F70B341DBA263167] - (.Pas de propriétaire - PIXMA Extended Servey Program Service.) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.exe [101528] [PID.884]
[MD5.126A16F569122AE00AD3D12EF831D651] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376] [PID.1016]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.1116]
[MD5.44D7E8362B043826118BB20E7C8F0C47] - (.https://www.ocsinventory-ng.org - Open Computers and Software Inventory Agent.) -- C:\Program Files\OCS Inventory Agent\ocsservice.exe [69632] [PID.1660]
[MD5.DABD8523D9B60CE6513653DFD8B96C1B] - (.Symantec Corporation - SPBBC Service.) -- C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe [1160848] [PID.524]
[MD5.61BAFF40AB24DBDA251DB00C7E42A10A] - (.Symantec Corporation - Symantec AntiVirus.) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe [1821328] [PID.2060]
[MD5.3F9A3232E5F942874488981F3242C989] - (.Microsoft Corporation - User Profile Hive Cleanup Service.) -- C:\Program Files\UPHClean\uphclean.exe [241725] [PID.2240]
[MD5.C5F0C1FFF968E9D143F62075CBD8ED60] - (.Symantec Corporation - Symantec Event Manager Service.) -- C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe [192160] [PID.2296]
[MD5.4D5900DB7E367A7C566FF536B8E43EFD] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe [604776] [PID.1504]
[MD5.B6080F3A1CA495190D1583C2202CAA61] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [17148552] [PID.3048]
[MD5.BD713579A87D698E1F2158CE10E48130] - (.McAfee, Inc. - McAfee Security Scanner Scheduler.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe [272248] [PID.3072]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.1420]
[MD5.E1AB298BAFC8ECCA8C322A29C5FDC68C] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [912344] [PID.788]
[MD5.65C450CCC15ADDED610EB58DE35B307A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7877120] [PID.2944]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\l4ltrqo3.default\prefs.js
M2 - MFEP: prefs.js [Administrateur - l4ltrqo3.default\fr@dictionaries.addons.mozilla.org] [] Dictionnaire HunSpell en FranàƒÂ§ais (ràƒÂ©forme 1990) v2.0 (..)
~ Firefox Browser: 34 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-3337138972-799123264-1414335551-500\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3337138972-799123264-1414335551-500\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- c:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - https://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - https://www.update.microsoft.com/windows ... 8744908046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - https://update.microsoft.com/microsoftup ... 8748366531
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - https://fpdownload.macromedia.com/get/fl ... rashim.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ((no name)) - https://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDDAA6B3-5181-49F5-8FEC-A1C9A9FD3E53}: NameServer = 193.55.96.70,193.55.96.84
O17 - HKLM\System\CS1\Services\Tcpip\..\{CDDAA6B3-5181-49F5-8FEC-A1C9A9FD3E53}: NameServer = 193.55.96.70,193.55.96.84
O17 - HKLM\System\CS3\Services\Tcpip\..\{CDDAA6B3-5181-49F5-8FEC-A1C9A9FD3E53}: NameServer = 193.55.96.70,193.55.96.84
O17 - HKLM\System\CS3\Services\Tcpip\..\{2DB2E143-2DF6-4EB9-9E62-872AED4EF497}: DhcpNameServer = 10.42.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{2DB2E143-2DF6-4EB9-9E62-872AED4EF497}: DhcpDomain = paris-sorbonne.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = univ-paris1.fr
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: NavLogon . (.Symantec Corporation - Symantec AntiVirus Logon Notification.) -- C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (InCDPass) . (. - .) - C:\WINDOWS\system32\drivers\InCDPass.sys (.not file.)
O41 - Driver: (InCDRm) . (. - .) - C:\WINDOWS\system32\drivers\InCDRm.sys (.not file.)
O41 - Driver: (omci) . (. - .) - C:\WINDOWS\system32\DRIVERS\omci.sys (.not file.)
~ Drivers: 93 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Alfa & Ariss]
[HKLM\Software\Alfa & Ariss]
[HKLM\Software\NetMotion]
~ Key Software: 282 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/01/2010 - 12:21:07 - [] ----D C:\Program Files\Alfa & Ariss
O43 - CFD: 21/10/2008 - 10:48:39 - [] R---D C:\Program Files\CRIR
O43 - CFD: 03/10/2008 - 14:12:31 - [] ----D C:\Program Files\UP1-icons
~ Program Folder: 161 Legitimates Filtered in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.B8ED4C77CE1E2912F118814D3B30D4A9] - 22/05/2014 - 09:58:22 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.2631AD40FA53C6EC60899BCBEC082244] - 22/05/2014 - 09:58:23 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.E0271276821590DA737275EA2978F3E1] - 22/05/2014 - 10:19:34 ---A- . (...) -- C:\m.txt [1289]
~ Files: 56 Legitimates Filtered in 00mn 01s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "LinkResolveIgnoreLinkInfo"=1
~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:28/04/2003 - 15:15:38 ---A- . (.Promise Technology, Inc. - Promise FastTrak Series Driver for WindowsXP.) -- C:\WINDOWS\system32\Drivers\fasttx2k.sys [140544]
O58 - SDL:13/04/2008 - 17:36:05 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:12/08/2004 - 17:45:52 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Function Driver v1.0.) -- C:\WINDOWS\system32\Drivers\Hdaudio.sys [113664]
O58 - SDL:10/06/2008 - 18:02:44 ---A- . (...) -- C:\WINDOWS\system32\Drivers\mbamcatchme.sys [34296]
O58 - SDL:03/08/2004 - 21:41:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686]
O58 - SDL:03/08/2004 - 21:41:38 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184]
O58 - SDL:03/08/2004 - 21:29:38 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736]
O58 - SDL:03/08/2004 - 21:41:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:03/08/2004 - 21:41:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776]
O58 - SDL:01/07/2008 - 22:12:18 ---A- . (.REDC - RICOH SD Driver.) -- C:\WINDOWS\system32\Drivers\rimmptsk.sys [39936]
O58 - SDL:03/08/2004 - 21:41:42 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535]
O58 - SDL:03/08/2004 - 21:41:44 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990]
O58 - SDL:03/08/2004 - 21:41:46 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424]
O58 - SDL:03/08/2004 - 21:41:46 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240]
O58 - SDL:30/06/2008 - 01:57:26 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\WINDOWS\system32\Drivers\sthda.sys [1381914]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:02/03/2002 - 05:21:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\WINIO.SYS [4944]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:03/08/2004 - 21:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:03/08/2004 - 21:45:26 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:03/08/2004 - 21:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:03/08/2004 - 21:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:03/08/2004 - 21:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:03/08/2004 - 21:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 124 Legitimates Filtered in 00mn 01s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: UsbFix - (.El Desaparecido - https://www.usbfix.net - https://www.sosvirus.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - https://search.live.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à  la racine du système (SPRF) (O84)
[MD5.70F851F7A524071E13F17DC401A21906] [SPRF][22/05/2014] (...) -- C:\Documents and Settings\Administrateur\Bureau\adwcleaner.exe [1326389]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 22/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Demand 03/03/2009 33176 | (getPlus(R) Helper) . (.NOS Microsystems Ltd..) - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
SS - | Demand 29/03/2006 2045632 | C:\Program Files\Symantec\LIVEUP~1\LUCOMS~1.exe (LiveUpdate) . (.Symantec Corporation.) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.exe
SS - | Demand 05/02/2013 235216 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
SS - | Demand 31/03/2006 118928 | (SavRoam) . (.symantec.) - C:\Program Files\Symantec AntiVirus\SavRoam.exe
SS - | Auto 29/02/2012 158856 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 24/01/2006 214720 | (SNDSrvc) . (.Symantec Corporation.) - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
SS - | Demand 14/09/2006 73728 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
SR - | Auto 19/12/2006 79432 | (ASFIPmon) . (.Broadcom Corporation.) - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
SR - | Auto 15/08/2008 342624 | (btwdins) . (.Broadcom Corporation..) - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
SR - | Auto 03/06/2008 386328 | (buttonsvc32) . (.Dell Inc..) - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
SR - | Auto 07/03/2006 192160 | (ccEvtMgr) . (.Symantec Corporation.) - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
SR - | Auto 07/03/2006 169632 | (ccSetMgr) . (.Symantec Corporation.) - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
SR - | Auto 31/07/2008 808296 | (Credential Vault Host Control Service) . (.Broadcom Corporation.) - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
SR - | Auto 31/07/2008 21352 | (Credential Vault Host Storage) . (.Broadcom Corporation.) - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
SR - | Auto 31/03/2006 30352 | (DefWatch) . (.Symantec Corporation.) - C:\Program Files\Symantec AntiVirus\DefWatch.exe
SR - | Auto 13/04/2007 101528 | (IJPLMSVC) . (...) - C:\Program Files\Canon\IJPLM\IJPLMSVC.exe
SR - | Auto 17/07/2010 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Program Files\Java\jre6\bin\jqs.exe
SR - | Auto 21/04/2008 69632 | (OCS INVENTORY) . (.https://www.ocsinventory-ng.org.) - C:\Program Files\OCS Inventory Agent\ocsservice.exe
SR - | Auto 09/09/2008 69632 | (SMManager) . (.Smith Micro Software, Inc..) - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
SR - | Auto 06/02/2006 1160848 | (SPBBCSvc) . (.Symantec Corporation.) - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
SR - | Auto 30/06/2008 221273 | (STacSV) . (.IDT, Inc..) - c:\drivers\audio\r190031\stacsv.exe
SR - | Auto 31/03/2006 1821328 | (Symantec AntiVirus) . (.Symantec Corporation.) - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
~ Services: Scanned in 00mn 06s



---\\ Scan Additionnel (O88)
Database Version : 13029 - (21/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 229765 Items scanned in 00mn 29s



~ 946 Legitimates filtered by white list
End of the scan (412 lines in 00mn 57s)(0)
Avatar du membre

Re: Virus transformant contenu des clés USB en raccourcis

par Evasion60
 jeu. 22 mai 2014 11:54 #149208
:hello: Re

Tu avais bien branché ta clé USB pour le passage de USBFix ?
Car je ne la vois pas, à  moins que ce soit le Volume D:\ qui ressemble plus à  un disque dur !
Merci de confirmer
C:\ (%SystemDrive%) -> Disque fixe # 56 Go (30 Go libre(s) - 53%) [Systeme] # NTFS
D:\ -> Disque fixe # 56 Go (50 Go libre(s) - 89%) [Utilisateur] # NTFS
E:\ -> CD-ROM
Si ce n'est pas le cas fait le, et relance USBFix en mode Suppression
Poste son rapport, STP

As-tu pris connaissance de ci dessous =>
################## | UsbFix - Information |

UsbFix a détecté sur votre ordinateur, une infection qui dispose d'une fonction de Keylogger.
Après désinfection par UsbFix, veuillez modifier tous vos mots de passe.
Si vous avez effectué des achats sur internet,
veuillez contacter votre banque afin d'envisager une opposition sur votre carte bancaire.
Tu vas me configurer ZHPDiag, comme demandé
Ton rapport est très incomplet !
---\\ Mode de connexion au système
~ Computer Name: DELLUP1-4WT634J
~ User Name: Administrateur
~ All Users Names: Utilisateur, SUPPORT_388945a0, HelpAssistant, CRIR, ASPNET, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
;)
Avatar du membre

Re: Virus transformant contenu des clés USB en raccourcis

par bonaparte75
 jeu. 22 mai 2014 13:13 #149311
Nouveau rapport USBfix avec clé USB connecté

############################## | UsbFix V 7.171 | [Nettoyage]

Utilisateur: Administrateur (Administrateur) # DELLUP1-4WT634J
Mis à  jour le 18/05/2014 par El Desaparecido - SosVirus
Lancé à  12:01:53 | 22/05/2014

Site Web : https://www.usbfix.net/
Changelog : https://www.usbfix.net/maj/
Assistance : https://www.sosvirus.net/forum-virus-securite.html
Upload Malware : https://www.sosvirus.net/upload_malware.php
Contact : https://www.usbfix.net/contact/

PC: Dell Inc. (0RX493)
CPU: Processeur Intel Pentium III Xeon
RAM -> [Total : 2000 Mo| Free : 905 Mo]
Bios: Dell Inc.
Boot: Normal boot

OS: Microsoft Windows XP Professionnel (5.1.2600 32-Bit) Service Pack 3
WB: Windows Internet Explorer : 8.0.6001.18702
WB: Mozilla Firefox : 1.9.2.12

SC: Security Center [Enabled]
WU: Windows Update [Enabled]

FW: Windows FireWall [Enabled]
AS: Malwarebytes' Anti-Malware : 1.46.0001

C:\ (%SystemDrive%) -> Disque fixe # 56 Go (30 Go libre(s) - 53%) [Systeme] # NTFS
D:\ -> Disque fixe # 56 Go (50 Go libre(s) - 89%) [Utilisateur] # NTFS
E:\ -> CD-ROM
F:\ -> Disque amovible # 982 Mo (593 Mo libre(s) - 60%) [NO NAME] # FAT32

################## | Processus Stoppés |

C:\WINDOWS\system32\spoolsv.exe (ID: 636|ParentID: 1428|SYSTEM)
C:\drivers\audio\R190031\stacsv.exe (ID: 672|ParentID: 1428|SYSTEM)
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (ID: 856|ParentID: 1428|SYSTEM)
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (ID: 872|ParentID: 1428|SYSTEM)
C:\WINDOWS\system32\scardsvr.exe (ID: 892|ParentID: 1428|SERVICE LOCAL)
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (ID: 1280|ParentID: 1428|SYSTEM)
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (ID: 1560|ParentID: 1428|SYSTEM)
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (ID: 684|ParentID: 1428|SYSTEM)
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (ID: 704|ParentID: 1428|SYSTEM)
C:\Program Files\Canon\IJPLM\ijplmsvc.exe (ID: 884|ParentID: 1428|SYSTEM)
C:\Program Files\Java\jre6\bin\jqs.exe (ID: 1016|ParentID: 1428|SYSTEM)
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe (ID: 1116|ParentID: 1428|SYSTEM)
C:\Program Files\OCS Inventory Agent\OcsService.exe (ID: 1660|ParentID: 1428|SYSTEM)
C:\WINDOWS\system32\wdfmgr.exe (ID: 2192|ParentID: 1428|SERVICE LOCAL)
C:\Program Files\UPHClean\uphclean.exe (ID: 2240|ParentID: 1428|SYSTEM)
C:\WINDOWS\system32\alg.exe (ID: 2780|ParentID: 1428|SERVICE LOCAL)
C:\WINDOWS\explorer.exe (ID: 3816|ParentID: 3776|Administrateur)
C:\WINDOWS\system32\ctfmon.exe (ID: 304|ParentID: 3816|Administrateur)
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID: 1504|ParentID: 4068|Administrateur)
C:\Program Files\Skype\Phone\Skype.exe (ID: 3048|ParentID: 3816|Administrateur)
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (ID: 3072|ParentID: 3816|Administrateur)
C:\WINDOWS\system32\wuauclt.exe (ID: 1420|ParentID: 1912|Administrateur)
C:\Program Files\Mozilla Firefox\firefox.exe (ID: 788|ParentID: 3816|Administrateur)

################## | Autorun |


################## | Recherche générique |

Supprimé! F:\iTunesHelper.vbe
Supprimé! F:\start.ini
Supprimé! F:\syncguid.dat

(!) Fichiers temporaires supprimés.

################## | Registre |


################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-19\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-20\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
04 - HKU\S-1-5-21-3337138972-799123264-1414335551-500\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-21-3337138972-799123264-1414335551-500\..\Run : [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
04 - HKU\S-1-5-18\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

################## | C:\ %SystemDrive% - Disque Fixe (NTFS) |

[08/06/2010 - 11:07:50 | N | 0 Ko] - C:\mbam-error.txt
[22/05/2014 - 11:19:34 | N | 1 Ko] - C:\m.txt
[03/10/2008 - 13:45:46 | RASH | 0 Ko] - C:\MSDOS.SYS
[03/10/2008 - 13:45:46 | RASH | 0 Ko] - C:\IO.SYS
[03/10/2008 - 13:45:46 | N | 0 Ko] - C:\CONFIG.SYS
[22/05/2014 - 10:57:33 | ASH | 2095104 Ko] - C:\pagefile.sys
[22/02/2010 - 12:36:09 | N | 0 Ko] - C:\sqmdata06.sqm
[22/02/2010 - 12:36:09 | N | 0 Ko] - C:\sqmnoopt06.sqm
[23/02/2010 - 13:31:06 | N | 0 Ko] - C:\sqmdata07.sqm
[23/02/2010 - 13:31:06 | N | 0 Ko] - C:\sqmnoopt07.sqm
[25/02/2010 - 12:56:08 | N | 0 Ko] - C:\sqmnoopt08.sqm
[25/02/2010 - 12:56:08 | N | 0 Ko] - C:\sqmdata08.sqm
[02/04/2010 - 09:49:07 | N | 0 Ko] - C:\sqmnoopt09.sqm
[02/04/2010 - 09:49:07 | N | 0 Ko] - C:\sqmdata09.sqm
[09/04/2010 - 12:20:15 | N | 0 Ko] - C:\sqmnoopt10.sqm
[09/04/2010 - 12:20:15 | N | 0 Ko] - C:\sqmdata10.sqm
[09/04/2010 - 15:56:42 | N | 0 Ko] - C:\sqmnoopt11.sqm
[09/04/2010 - 15:56:42 | N | 0 Ko] - C:\sqmdata11.sqm
[09/04/2010 - 16:27:45 | N | 0 Ko] - C:\sqmdata12.sqm
[09/04/2010 - 16:27:45 | N | 0 Ko] - C:\sqmnoopt12.sqm
[12/05/2010 - 12:09:34 | N | 0 Ko] - C:\sqmnoopt13.sqm
[12/05/2010 - 12:09:34 | N | 0 Ko] - C:\sqmdata13.sqm
[19/05/2010 - 19:27:19 | N | 0 Ko] - C:\sqmnoopt14.sqm
[19/05/2010 - 19:27:19 | N | 0 Ko] - C:\sqmdata14.sqm
[28/05/2010 - 11:01:03 | N | 0 Ko] - C:\sqmdata15.sqm
[28/05/2010 - 11:01:03 | N | 0 Ko] - C:\sqmnoopt15.sqm
[08/06/2010 - 11:02:39 | N | 0 Ko] - C:\sqmnoopt16.sqm
[08/06/2010 - 11:02:39 | N | 0 Ko] - C:\sqmdata16.sqm
[10/09/2010 - 14:47:28 | N | 0 Ko] - C:\sqmnoopt17.sqm
[10/09/2010 - 14:47:28 | N | 0 Ko] - C:\sqmdata17.sqm
[21/09/2010 - 15:20:01 | N | 0 Ko] - C:\sqmnoopt18.sqm
[21/09/2010 - 15:20:01 | N | 0 Ko] - C:\sqmdata18.sqm
[12/11/2010 - 15:33:57 | N | 0 Ko] - C:\sqmnoopt19.sqm
[12/11/2010 - 15:33:57 | N | 0 Ko] - C:\sqmdata19.sqm
[19/11/2010 - 15:23:14 | N | 0 Ko] - C:\sqmnoopt00.sqm
[19/11/2010 - 15:23:14 | N | 0 Ko] - C:\sqmdata00.sqm
[06/12/2010 - 14:19:37 | N | 0 Ko] - C:\sqmnoopt01.sqm
[06/12/2010 - 14:19:37 | N | 0 Ko] - C:\sqmdata01.sqm
[10/12/2010 - 18:18:14 | N | 0 Ko] - C:\sqmnoopt02.sqm
[10/12/2010 - 18:18:14 | N | 0 Ko] - C:\sqmdata02.sqm
[16/12/2010 - 10:27:07 | N | 0 Ko] - C:\sqmnoopt03.sqm
[16/12/2010 - 10:27:07 | N | 0 Ko] - C:\sqmdata03.sqm
[16/03/2011 - 13:47:42 | N | 0 Ko] - C:\sqmnoopt04.sqm
[16/03/2011 - 13:47:42 | N | 0 Ko] - C:\sqmdata04.sqm
[19/05/2011 - 17:50:18 | N | 0 Ko] - C:\sqmnoopt05.sqm
[19/05/2011 - 17:50:18 | N | 0 Ko] - C:\sqmdata05.sqm
[13/03/2012 - 16:13:19 | D] - C:\Config.Msi
[08/12/2008 - 15:32:37 | RASH | 0 Ko] - C:\boot.ini
[03/08/2004 - 22:38:34 | N | 46 Ko | VirusTotal - (0/52)] - C:\NTDETECT.COM
[28/09/2001 - 14:00:00 | N | 5 Ko] - C:\Bootfont.bin
[03/10/2008 - 13:45:46 | A | 0 Ko] - C:\AUTOEXEC.BAT
[21/10/2008 - 12:09:58 | D] - C:\Documents and Settings
[03/12/2008 - 19:13:10 | D] - C:\drivers
[03/12/2008 - 19:28:38 | D] - C:\dell
[08/12/2008 - 15:32:59 | SHD] - C:\System Volume Information
[08/12/2008 - 16:29:44 | RASH | 246 Ko] - C:\ntldr
[08/12/2008 - 16:43:38 | RHD] - C:\MSOCache
[10/12/2008 - 13:02:23 | SHD] - C:\RECYCLER
[05/11/2013 - 18:58:29 | D] - C:\MDT
[22/05/2014 - 10:20:02 | D] - C:\WINDOWS
[22/05/2014 - 10:56:11 | D] - C:\AdwCleaner
[22/05/2014 - 11:23:25 | D] - C:\Program Files
[22/05/2014 - 11:23:59 | N | 0 Ko] - C:\Documents
[22/05/2014 - 12:01:35 | D] - C:\UsbFix

################## | D:\ - Disque Fixe (NTFS) |

[07/10/2008 - 11:52:57 | D] - D:\Documents partagés
[07/10/2008 - 13:15:15 | RHD] - D:\MSOCache
[21/10/2008 - 11:35:12 | SHD] - D:\System Volume Information
[15/12/2008 - 14:19:37 | SHD] - D:\RECYCLER
[14/05/2009 - 10:10:39 | D] - D:\ee590ce3e45b6d1f5273b060b6106a
[28/06/2013 - 12:36:26 | D] - D:\utilisateur

################## | F:\ - Disque USB (FAT32) |

[28/01/2013 - 11:09:28 | N | 11 Ko] - F:\Planing Laurent Radiguet (3).xlsx
[22/03/2013 - 17:16:04 | N | 10 Ko] - F:\Récapitulatif vacations 2012-2013.xlsx
[08/04/2013 - 21:07:40 | N | 0 Ko] - F:\~$Planing Laurent Radiguet (3).xlsx
[11/04/2013 - 16:01:44 | N | 20 Ko] - F:\Heures des vacations en Licences 2011-2012 et 2012-2013.xlsx
[16/04/2013 - 11:07:18 | N | 22 Ko] - F:\Copie de Heures vacations Masters 2012 et 2013.xlsx
[13/05/2013 - 15:51:58 | N | 11 Ko] - F:\Répartition des charges d'enseignement du patrimoine par Université.xlsx
[06/06/2013 - 15:35:20 | N | 24 Ko] - F:\Heures vacations Masters 2012 et 2013.xlsx
[12/06/2013 - 11:58:14 | N | 11 Ko] - F:\Classeur1.xlsx
[13/06/2013 - 11:54:52 | N | 14 Ko] - F:\Volume Horaire enseignements du Master Pro Cinema.xlsx
[13/09/2013 - 10:52:14 | N | 0 Ko] - F:\~$Répertoire.xlsx
[23/09/2013 - 15:51:30 | N | 13 Ko] - F:\Tableau des vacations Master Pro Cinéma.xlsx
[23/09/2013 - 16:18:48 | N | 12 Ko] - F:\Enseignants vacataires restant à  rémunérer au 20 septembre 2013.xlsx
[15/11/2013 - 11:17:04 | N | 15 Ko] - F:\S1 2013.xlsx
[15/11/2013 - 11:17:18 | N | 12 Ko] - F:\Liste vacataires 2013-2014 par semestre.xlsx
[09/12/2013 - 14:41:44 | N | 56 Ko] - F:\Répertoire.xlsx
[20/05/2014 - 17:06:14 | N | 18 Ko] - F:\Avancement brochure.xlsx
[25/09/2012 - 19:12:52 | N | 55 Ko] - F:\L3_Histoire_Art.xls
[28/09/2012 - 17:22:36 | N | 51 Ko] - F:\Copie de Planning hebdo 2012-2013 (M2pro).xls
[18/12/2012 - 20:46:52 | N | 57 Ko] - F:\sector786160.xls
[18/12/2012 - 20:47:04 | N | 66 Ko] - F:\sector786640.xls
[18/12/2012 - 20:47:10 | N | 38 Ko] - F:\sector804456.xls
[18/12/2012 - 20:57:56 | N | 19 Ko] - F:\sector2212840.xls
[18/12/2012 - 21:52:56 | N | 48 Ko] - F:\sector631376.xls
[19/12/2012 - 09:20:46 | N | 63 Ko] - F:\sector1098376.xls
[07/01/2013 - 11:47:54 | N | 57 Ko] - F:\sector1219792.xls
[22/01/2013 - 14:38:32 | N | 72 Ko] - F:\sector1098496.xls
[04/03/2013 - 10:41:38 | N | 30 Ko] - F:\2011 s2.xls
[25/03/2013 - 17:01:38 | N | 61 Ko] - F:\s2 2011.xls
[08/04/2013 - 21:36:26 | N | 48 Ko] - F:\2011 s1.xls
[26/08/2013 - 11:47:02 | N | 83 Ko] - F:\Planning L3 Archéo.xls
[07/11/2013 - 14:36:36 | N | 22 Ko] - F:\S1 2012.xls
[25/03/2014 - 11:54:20 | N | 50 Ko] - F:\S1 2012 BIS.xls
[04/04/2014 - 10:13:14 | N | 47 Ko] - F:\s2 2012.xls
[30/03/2010 - 17:18:50 | N | 9 Ko] - F:\Corse.wps
[30/03/2010 - 17:18:56 | N | 9 Ko] - F:\Amen_du_Territ.wps
[01/04/2010 - 14:45:16 | N | 11 Ko] - F:\Fce et monde.wps
[10/08/2010 - 22:31:22 | N | 9 Ko] - F:\HE Ind agro aliment.wps
[14/08/2010 - 14:29:58 | N | 10 Ko] - F:\HE Transport.wps
[30/08/2010 - 21:05:10 | N | 18 Ko] - F:\HE Textile.wps
[06/09/2010 - 23:23:06 | N | 18 Ko] - F:\hs bourgeois.wps
[06/09/2010 - 23:37:26 | N | 24 Ko] - F:\HE economie générale.wps
[04/10/2010 - 17:39:58 | N | 50 Ko] - F:\Economie 1.wps
[27/12/2010 - 16:04:22 | N | 9 Ko] - F:\CG Droits.wps
[23/10/2013 - 18:23:38 | AH | 4 Ko] - F:\._.Trashes
[23/10/2013 - 18:23:38 | HD] - F:\.Trashes
[04/10/2010 - 17:05:44 | N | 71 Ko] - F:\Economie 1.rtf
[10/12/2010 - 17:09:12 | N | 7 Ko] - F:\disser econ.rtf
[10/12/2010 - 23:32:34 | N | 16 Ko] - F:\Sujet CG.rtf
[20/07/2011 - 15:04:02 | N | 6 Ko] - F:\Lettre motivation polytechnique.rtf
[24/09/2011 - 19:40:02 | N | 6 Ko] - F:\lettre motiv upec.rtf
[20/03/2013 - 13:17:32 | N | 79 Ko] - F:\Wd0000051.rtf
[21/07/2013 - 21:25:22 | N | 5 Ko] - F:\Intitulés cours Monsieur POULOT.rtf
[11/08/2010 - 00:00:00 | N | 526 Ko] - F:\42053-6541-6246.pdf
[07/02/2013 - 10:19:46 | N | 22 Ko] - F:\M1_archeo.pdf
[08/02/2013 - 10:28:12 | N | 7 Ko] - F:\M2_Hist_et_Po.pdf
[01/03/2013 - 11:51:46 | N | 18 Ko] - F:\doc.pdf
[20/03/2013 - 13:18:00 | N | 129 Ko] - F:\Wd0000051.pdf
[20/03/2013 - 16:28:12 | N | 56 Ko] - F:\Convention Paris I Paris IV Paris X.pdf
[13/11/2013 - 16:24:44 | N | 1161 Ko] - F:\Dossier vacataire Copy.pdf
[07/04/2010 - 16:51:20 | N | 18 Ko] - F:\industrie.odt
[07/04/2010 - 23:29:42 | N | 22 Ko] - F:\Energie.odt
[12/08/2010 - 00:09:12 | N | 12 Ko] - F:\CG Art.odt
[14/08/2010 - 17:04:16 | N | 16 Ko] - F:\Additif sciences.odt
[24/08/2010 - 23:14:16 | N | 9 Ko] - F:\Communicatio.odt
[24/08/2010 - 23:14:30 | N | 9 Ko] - F:\Media.odt
[14/08/2010 - 22:33:52 | N | 2 Ko] - F:\BOOTEX.LOG
[19/11/2013 - 09:44:10 | N | 94 Ko] - F:\Fiche renseignement 2-1.jpg
[19/11/2013 - 09:44:34 | N | 57 Ko] - F:\Cumul d'heures-1.jpg
[22/09/2011 - 14:42:54 | N | 11752 Ko] - F:\Base Centre de documentation - libre accès.fp7
[03/08/2007 - 18:46:18 | N | 68 Ko | VirusTotal - (0/45)] - F:\start.exe
[23/10/2013 - 18:29:22 | AH | 21 Ko] - F:\.DS_Store
[27/09/2012 - 11:29:52 | N | 12 Ko] - F:\Copie des courriels d.docx
[06/02/2013 - 11:35:28 | N | 10 Ko] - F:\Ecran tactile en panne.docx
[25/02/2013 - 17:07:38 | N | 11 Ko] - F:\Les caractères de la Guerre Froide à  partir des lieux.docx
[18/03/2013 - 14:55:14 | N | 12 Ko] - F:\L.docx
[19/03/2013 - 17:03:30 | N | 14 Ko] - F:\Les espaces productifs français dans la mondialisation.docx
[27/05/2013 - 11:31:02 | N | 19 Ko] - F:\Le Royaume Uni.docx
[27/05/2013 - 14:50:14 | N | 11 Ko] - F:\Les économies.docx
[27/05/2013 - 16:37:46 | N | 12 Ko] - F:\Le monde britannique.docx
[05/06/2013 - 12:42:12 | N | 22 Ko] - F:\Université Paris I Panthéon.docx
[05/06/2013 - 15:11:12 | N | 22 Ko] - F:\Pour Val.docx
[25/09/2013 - 14:34:16 | N | 15 Ko] - F:\LABORATOIRE INFORMATIQUE DE PARIS 1.docx
[25/09/2013 - 14:34:32 | N | 15 Ko] - F:\REGLEMENT LABORATOIRE INFORMATIQUE DE PARIS 1.docx
[24/10/2013 - 14:55:32 | N | 44 Ko] - F:\RCC M2 Archéo.docx
[24/10/2013 - 15:02:46 | N | 22 Ko] - F:\RCC M2 PRO Marché de l'Art.docx
[24/10/2013 - 15:07:10 | N | 23 Ko] - F:\RCC M2 PRO Archéo.docx
[24/10/2013 - 15:55:14 | N | 21 Ko] - F:\RCC M2 Ciné.docx
[24/10/2013 - 15:56:40 | N | 23 Ko] - F:\RCC M2 Pro Ciné.docx
[18/12/2012 - 21:23:14 | N | 46 Ko] - F:\sector1082056.doc
[18/12/2012 - 21:23:26 | N | 27 Ko] - F:\sector1082480.doc
[18/03/2013 - 14:56:54 | N | 137 Ko] - F:\BORDEREAU Envoi 12-86 LR.doc
[05/06/2013 - 15:11:18 | N | 42 Ko] - F:\Pour Val.doc
[03/07/2013 - 13:10:28 | N | 194 Ko] - F:\Fiche cours.doc
[17/07/2013 - 11:28:10 | N | 193 Ko] - F:\Fiche cours.M2. Poulot.doc
[30/08/2013 - 10:05:42 | N | 686 Ko] - F:\sector1080160.doc
[30/08/2013 - 10:06:04 | N | 25 Ko] - F:\sector1081904.doc
[17/10/2013 - 10:38:04 | N | 194 Ko] - F:\sector1083688.doc
[25/03/2014 - 14:30:50 | N | 125 Ko] - F:\PLANNING etudiants.doc
[17/04/2013 - 17:10:00 | N | 16 Ko] - F:\FE9DB100
[23/10/2013 - 18:24:26 | D] - F:\Pièces à  envoyer
[09/12/2013 - 13:56:06 | N | 339 Ko] - F:\INBOX)3738
[20/05/2014 - 14:24:52 | D] - F:\Brochure 2015

################## | Vaccin |
Avatar du membre

Re: Virus transformant contenu des clés USB en raccourcis

par bonaparte75
 jeu. 22 mai 2014 13:30 #149327
ZHP Diag début
Code: Tout sélectionner
~ Rapport de ZHPDiag v2014.5.21.70 - Nicolas Coolman (21/05/2014)
~ Lancé par Administrateur (22/05/2014 13:15:08)
~ Adresse du Site Web https://nicolascoolman.webs.com
~ Blog d'analyse software : https://nicolascoolman.byethost7.com
~ Forums gratuits d'Assistance à  la désinfection : https://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Désactivée par l'utilisateur
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Not Found


---\\ Navigateurs Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox v3.6.12 (fr) (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Logiciels de protection du système
Malwarebytes' Anti-Malware
Malwarebytes Anti-Malware version 2.0.2.1012
Symantec AntiVirus v10.1.394.0
McAfee Security Scan Plus v3.0.318.3

---\\ Logiciels d'optimisation du système
CCleaner v3.06

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 13 Plugin
Adobe Reader 9.4.0 - Français

---\\ Informations sur le système
~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1999 MB (52% free)
System Restore: Activé (Enable)
System drive C: has 29 GB (52%) free of 56 GB

---\\ Mode de connexion au système
~ Computer Name: DELLUP1-4WT634J
~ User Name: Administrateur
~ All Users Names: Utilisateur, SUPPORT_388945a0, HelpAssistant, CRIR, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Administrateur\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Administrateur\Application Data\
~ %Desktop% : C:\Documents and Settings\Administrateur\Bureau\
~ %Favorites% : C:\Documents and Settings\Administrateur\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Administrateur\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Administrateur\Menu Démarrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 29 Go of 56 Go)
D: Hard drive, Flash drive, Thumb drive (Free 50 Go of 56 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Free 1 Go of 1 Go)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 42 Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.7DF35C3D173E799F97F208CC5F3B1C93] - (.Microsoft Corporation - Internet Extensions for Win32.) (.23/08/2011 - 00:41:31.) -- C:\WINDOWS\system32\wininet.dll [916480]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 1/14
~ Mon Bureau (My Desktop) : 0/22
~ Menu demarrer (Programs) : 1/27
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.324318BD026AA58E3EA8C23647ADE1C3] - (.Symantec Corporation - Symantec Settings Manager Service.) -- C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe [169632] [PID.744]
[MD5.9C6809FA4C3EF528E3266879F4A8E669] - (.Symantec Corporation - Virus Definition Daemon.) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe [30352] [PID.772]
[MD5.DABD8523D9B60CE6513653DFD8B96C1B] - (.Symantec Corporation - SPBBC Service.) -- C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe [1160848] [PID.524]
[MD5.61BAFF40AB24DBDA251DB00C7E42A10A] - (.Symantec Corporation - Symantec AntiVirus.) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe [1821328] [PID.2060]
[MD5.C5F0C1FFF968E9D143F62075CBD8ED60] - (.Symantec Corporation - Symantec Event Manager Service.) -- C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe [192160] [PID.2296]
[MD5.D48148110AE078CB7221D0FCF20ADFEC] - (.Broadcom Corporation. - Bluetooth Support Server.) -- c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [342624] [PID.3016]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.892]
[MD5.E1AB298BAFC8ECCA8C322A29C5FDC68C] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [912344] [PID.1420]
[MD5.65C450CCC15ADDED610EB58DE35B307A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7877120] [PID.3840]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\l4ltrqo3.default\prefs.js
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml =>Toolbar.eBay
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
M0 - MFSP: prefs.js [Administrateur - l4ltrqo3.default] https://www.google.fr
M2 - MFEP: prefs.js [Administrateur - l4ltrqo3.default\fr@dictionaries.addons.mozilla.org] [] Dictionnaire HunSpell en FranàƒÂ§ais (ràƒÂ©forme 1990) v2.0 (..)
M2 - MFEP: prefs.js [Administrateur - l4ltrqo3.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (..)
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.0.) -- C:\Program Files\Mozilla Firefox\Plugins\np32dsw.dll
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
P2 - FPN:Firefox Plugin Navigator . (.mozilla.org - Default Plug-in.) -- C:\Program Files\Mozilla Firefox\Plugins\npnul32.dll
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFF12.DLL
P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.4.0".) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Mozilla Firefox\Plugins\nppl3260.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll
P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Mozilla Firefox\Plugins\nprjplug.dll
P2 - FPN:Firefox Plugin Navigator . (.RealNetworks, Inc. - 6.0.12.69.) -- C:\Program Files\Mozilla Firefox\Plugins\nprpjplug.dll
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.0.) -- C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
P2 - FPN: [HKLM] [@canon.com/EPPEX] - (.CANON INC. - CANON iMAGE GATEWAY Album Plugin Utility Module.) -- C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_21 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
P2 - FPN: [HKLM] [@mcafee.com/McAfeeMssPlugin] - (.McAfee, Inc. - McAfee MSS+ NPAPI Plugin.) -- C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.12.69] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
P2 - FPN: [HKLM] [@real.com/nprjplug;version=1.0.3.69] - (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.69] - (.RealNetworks, Inc. - 6.0.12.69.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=0.9.2] - (.the VideoLAN Team - Version 0.9.2, copyright 1996-2008 The VideoLAN Team<br><a href="http:.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll
~ Firefox Browser: 34 Scanned in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.microsoft.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://ie.search.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = https://ie.search.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.the VideoLAN Team - Version 0.9.2, copyright 1996-2008 The VideoLAN Team<br><a href="http:.) (No version) -- (.not file.)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ IE Browser: 13 Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} . (.McAfee, Inc. - Quick Browser Identifier for MSS+ Tool.) -- C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} Clé orpheline
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Skype Click to Call for Internet Explorer.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} . (.Sun Microsystems, Inc. - Java(TM) Quick Starter binary.) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
~ BHO: 12 Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications lancées au démarrage du système (O4)
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-3337138972-799123264-1414335551-500\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3337138972-799123264-1414335551-500\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- c:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll =>.Microsoft Corporation
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll =>.Microsoft Corporation
~ Winsock: 3 Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} ((no name)) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - https://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228744908046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - https://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228748366531
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - https://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ((no name)) - https://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDDAA6B3-5181-49F5-8FEC-A1C9A9FD3E53}: NameServer = 193.55.96.70,193.55.96.84
O17 - HKLM\System\CS1\Services\Tcpip\..\{CDDAA6B3-5181-49F5-8FEC-A1C9A9FD3E53}: NameServer = 193.55.96.70,193.55.96.84
O17 - HKLM\System\CS3\Services\Tcpip\..\{CDDAA6B3-5181-49F5-8FEC-A1C9A9FD3E53}: NameServer = 193.55.96.70,193.55.96.84
O17 - HKLM\System\CS3\Services\Tcpip\..\{2DB2E143-2DF6-4EB9-9E62-872AED4EF497}: DhcpNameServer = 10.42.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{2DB2E143-2DF6-4EB9-9E62-872AED4EF497}: DhcpDomain = paris-sorbonne.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = univ-paris1.fr
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: NavLogon . (.Symantec Corporation - Symantec AntiVirus Logon Notification.) -- C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll
~ SSODL: 5 Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) . (.Broadcom Corporation - Broadcom ASF IP and SMBIOS Mailbox Monitor.) - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bluetooth Service (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) . (.Dell Inc. - Dell ControlPoint - Button Service.) - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) . (.Symantec Corporation - Symantec Event Manager Service.) - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) . (.Symantec Corporation - Symantec Settings Manager Service.) - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Credential Vault Host Control Service (Credential Vault Host Control Service) . (.Broadcom Corporation - Host Control Application.) - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage (Credential Vault Host Storage) . (.Broadcom Corporation - Host Storage Application.) - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) . (.Symantec Corporation - Virus Definition Daemon.) - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) . (.Pas de propriétaire - PIXMA Extended Servey Program Service.) - C:\Program Files\Canon\IJPLM\IJPLMSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) . (.https://www.ocsinventory-ng.org - Open Computers and Software Inventory Agent.) - C:\Program Files\OCS Inventory Agent\ocsservice.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Smith Micro Connection Manager Service (SMManager) . (.Smith Micro Software, Inc. - SMManager Application.) - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) . (.Symantec Corporation - SPBBC Service.) - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Audio Service (STacSV) . (.IDT, Inc. - IDT PC Audio.) - c:\drivers\audio\r190031\stacsv.exe
O23 - Service: Symantec AntiVirus (Symantec AntiVirus) . (.Symantec Corporation - Symantec AntiVirus.) - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
~ Services: 16 Scanned in 00mn 03s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Scanned in 00mn 00s



---\\ Enumère les données de BootExecute (BEX) (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 1 Scanned in 00mn 00s



---\\ Tàches planifiées en automatique (O39)
[MD5.09E7C37DF4A911C8A9AA8BF88ACD10AA] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257712]
O39 - APT: Adobe Flash Player Updater - (.Adobe Systems Incorporated.) -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [1002]
~ Scheduled Task: 2 Scanned in 00mn 00s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Mise à  jour de la version d&#130;Internet Explorer - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} . (.Microsoft Corporation - IE Per User Active Setup Uninstall Utility.) -- C:\WINDOWS\system32\ieudinit.exe
O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Utilitaire d'installation du Lecteur Windows Media Microsoft.) -- C:\WINDOWS\inf\unregmp2.exe =>.Microsoft Corporation
O40 - ASIC: Internet Explorer - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d&#130;initialisation d&#130;Internet Explorer par utilisateur.) -- C:\WINDOWS\system32\ie4uinit.exe.mui
O40 - ASIC: Browser Customizations - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - IEAK branding.) -- C:\WINDOWS\system32\iedkcs32.dll
O40 - ASIC: Outlook Express - >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} . (.Microsoft Corporation - Windows NT User Data Migration Tool.) -- C:\WINDOWS\system32\shmgrate.exe =>.Microsoft Corporation
O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll
O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll
O40 - ASIC: Lecteur Windows Media Microsoft 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media 6.4 Player Shim.) -- C:\WINDOWS\system32\wmpdxm.dll =>.Microsoft Corporation
O40 - ASIC: Adobe Shockwave Director 10.4 - {233C1507-6A77-46A4-9443-F871F945D258} . (.Adobe Systems, Inc. - Shockwave ActiveX Control.) -- C:\WINDOWS\system32\Adobe\Director\swdir.dll
O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\WINDOWS\system32\themeui.dll
O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Bibliothèque d'installation Outlook Express.) -- C:\Program Files\Outlook Express\setup50.exe =>.Microsoft Corporation
O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (...) -- C:\WINDOWS\INF\msnetmtg.inf
O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} . (...) -- C:\WINDOWS\INF\msmsgs.inf
O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\WINDOWS\system32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (...) -- C:\WINDOWS\INF\wmp10.inf =>.Microsoft Corporation
O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} . (.Microsoft Corporation - Bibliothèque d'installation Outlook Express.) -- C:\Program Files\Outlook Express\setup50.exe =>.Microsoft Corporation
O40 - ASIC: Mise à  jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d&#130;initialisation d&#130;Internet Explorer par utilisateur.) -- C:\WINDOWS\system32\ie4uinit.exe.mui
O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\WINDOWS\system32\mscories.dll
O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 10.0 r12.) -- C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx
O40 - ASIC: Installed Component - S-1-5-21-3337138972-799123264-1414335551-500 - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -- Not Hexadécimal CLSID
O40 - ASIC: Installed Component - S-1-5-21-3337138972-799123264-1414335551-500 - >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS -- Not Hexadécimal CLSID
~ Active Setup: 22 Scanned in 00mn 00s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\WINDOWS\system32\DRIVERS\cdrom.sys
O41 - Driver: (DLACDBHM) . (.Roxio - Shared Driver Component.) - C:\WINDOWS\system32\Drivers\DLACDBHM.sys
O41 - Driver: (DLARTL_M) . (.Roxio - Shared Driver Component.) - C:\WINDOWS\system32\Drivers\DLARTL_M.sys
O41 - Driver: (eeCtrl) . (.Symantec Corporation - Symantec Eraser Control Driver.) - C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\WINDOWS\system32\DRIVERS\i8042prt.sys
O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\WINDOWS\system32\DRIVERS\imapi.sys
O41 - Driver: (InCDPass) . (. - .) - C:\WINDOWS\system32\drivers\InCDPass.sys (.not file.)
O41 - Driver: (InCDRm) . (. - .) - C:\WINDOWS\system32\drivers\InCDRm.sys (.not file.)
O41 - Driver: (intelppm) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\WINDOWS\system32\DRIVERS\intelppm.sys
O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\WINDOWS\system32\DRIVERS\ipsec.sys
O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\WINDOWS\system32\DRIVERS\kbdclass.sys
O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre souris HID.) - C:\WINDOWS\system32\DRIVERS\kbdhid.sys
O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\WINDOWS\system32\DRIVERS\mouclass.sys
O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\WINDOWS\system32\DRIVERS\netbios.sys
O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\WINDOWS\system32\DRIVERS\netbt.sys
O41 - Driver: (omci) . (. - .) - C:\WINDOWS\system32\DRIVERS\omci.sys (.not file.)
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\WINDOWS\system32\DRIVERS\rasacd.sys
O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\WINDOWS\system32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\WINDOWS\system32\DRIVERS\redbook.sys
O41 - Driver: (SAVRT) . (.Symantec Corporation - AutoProtect.) - C:\Program Files\Symantec AntiVirus\savrt.sys
O41 - Driver: (SAVRTPEL) . (.Symantec Corporation - SAVRTPEL.) - C:\Program Files\Symantec AntiVirus\Savrtpel.sys
O41 - Driver: (Serial) . (.Microsoft Corporation - Pilote de périphérique série.) - C:\WINDOWS\system32\DRIVERS\serial.sys
O41 - Driver: (SPBBCDrv) . (.Symantec Corporation - SPBBC Driver.) - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys
O41 - Driver: (SYMTDI) . (.Symantec Corporation - Network Dispatch Driver.) - C:\WINDOWS\system32\Drivers\SYMTDI.sys
O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\WINDOWS\system32\DRIVERS\tcpip.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\WINDOWS\system32\DRIVERS\termdd.sys
O41 - Driver: Carte vidéo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys
O41 - Driver: (WmiAcpi) . (.Microsoft Corporation - Windows Management Interface for ACPI.) - C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
~ Drivers: 93 Scanned in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 13 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Reader 9.4.0 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A94000000001}
O42 - Logiciel: Adobe Shockwave Player - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player
O42 - Logiciel: BioAPI Framework - (.Dell Inc..) [HKLM] -- {AF7E4468-E364-4991-BC2A-6E8293E1055B}
O42 - Logiciel: Broadcom ASF Management Applications - (.Nom de votre société.) [HKLM] -- {27E25625-DB51-42E6-BEB7-0C8DC878770C}
O42 - Logiciel: Broadcom Gigabit Integrated Controller - (.Broadcom Corporation.) [HKLM] -- {D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
O42 - Logiciel: Broadcom USH Host Components - (.Broadcom Corporation.) [HKLM] -- {066D25F6-8B8B-433C-88B4-EDF41D604E7E}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Canon Setup Utility 2.4 - (...) [HKLM] -- Canon Setup Utility 2.4
O42 - Logiciel: Canon Utilities Easy-PhotoPrint EX - (...) [HKLM] -- Easy-PhotoPrint EX
O42 - Logiciel: Canon Utilities My Printer - (...) [HKLM] -- CanonMyPrinter
O42 - Logiciel: Canon Utilities Solution Menu - (...) [HKLM] -- CanonSolutionMenu
O42 - Logiciel: Canon iP100 series - (...) [HKLM] -- {1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP100_series
O42 - Logiciel: Client Citrix Presentation Server - (.Citrix Systems, Inc..) [HKLM] -- {B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}
O42 - Logiciel: Dell ControlPoint Connection Manager - (.Nom de votre société.) [HKLM] -- {041F04B1-F985-44E8-A070-C3EB1A39369F}
O42 - Logiciel: Dell Image Preparation Tool - (.Dell Inc..) [HKLM] -- {45408D2E-180E-4F84-BBB1-E95090B06A1C}
O42 - Logiciel: Dell Security Device Driver Pack - (.Dell Inc..) [HKLM] -- {FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}
O42 - Logiciel: Dell Touchpad - (.Alps Electric.) [HKLM] -- {9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}
O42 - Logiciel: Enregistrement utilisateur de Canon iP100 series - (...) [HKLM] -- Enregistrement utilisateur de Canon iP100 series =>.Canon Inc
O42 - Logiciel: FileZilla Client 3.1.4.1 - (...) [HKLM] -- FileZilla Client
O42 - Logiciel: GPL Ghostscript 8.63 - (...) [HKLM] -- GPL Ghostscript 8.63
O42 - Logiciel: GSview 4.9 - (...) [HKLM] -- GSview 4.9
O42 - Logiciel: Gimp Pack Mode 2.4.2 - (.Association Mode.) [HKLM] -- Gimp Pack Mode_is1
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (...) [HKLM] -- HDMI
O42 - Logiciel: IrfanView (remove only) - (...) [HKLM] -- IrfanView
O42 - Logiciel: Java(TM) 6 Update 21 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216016FF}
O42 - Logiciel: Java(TM) 6 Update 7 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160070}
O42 - Logiciel: Lecteur Windows Media 10 - (...) [HKLM] -- Windows Media Player =>.Microsoft Corporation
O42 - Logiciel: LiveUpdate 3.0 (Symantec Corporation) - (.Symantec Corporation.) [HKLM] -- LiveUpdate
O42 - Logiciel: MSXML 4.0 SP2 (KB936181) - (.Microsoft Corporation.) [HKLM] -- {C04E32E0-0416-434D-AFB9-6969D703A9EF}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: MSXML 6 Service Pack 2 (KB954459) - (.Microsoft Corporation.) [HKLM] -- {1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
O42 - Logiciel: Malwarebytes Anti-Malware version 2.0.2.1012 - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes Anti-Malware_is1
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: McAfee Security Scan Plus - (.McAfee, Inc..) [HKLM] -- McAfee Security Scan
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM] -- IDNMitigationAPIs
O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 - (.Microsoft Corporation.) [HKLM] -- Wdf01005
O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM] -- NLSDownlevelMapping
O42 - Logiciel: Mozilla Firefox (3.6.12) - (.Mozilla.) [HKLM] -- Mozilla Firefox (3.6.12)
O42 - Logiciel: Mozilla Thunderbird (2.0.0.17) - (.Mozilla.) [HKLM] -- Mozilla Thunderbird (2.0.0.17) =>.Mozilla Corporation
O42 - Logiciel: Nero 7 Premium - (.Nero AG.) [HKLM] -- {4781569D-5404-1F26-4B2B-6DF444441031}
O42 - Logiciel: OCS Inventory Agent 4.0.4.8 - (.OCS Inventory NG Team.) [HKLM] -- OCS Inventory Agent
O42 - Logiciel: OpenOffice.org 3.1 - (.OpenOffice.org.) [HKLM] -- {0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
O42 - Logiciel: PDFCreator - (.Frank Heindà¶rfer, Philip Chinery.) [HKLM] -- {0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
O42 - Logiciel: PIXMA Extended Survey Program - (...) [HKLM] -- CANONIJPLM100
O42 - Logiciel: Package de pilotes Windows - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) - (.Dell Inc..) [HKLM] -- 9D57DE505B6D8C710EF3B74BE638DBB936EED8A3
O42 - Logiciel: PowerArchiver 2006 v9.64 French - (.ConeXware, Inc..) [HKLM] -- PowerArchiver 2006 v9.64 French_is1
O42 - Logiciel: PowerArchiver 2007 French - (.ConeXware, Inc..) [HKLM] -- {8E397FED-07AB-439C-80C5-1DA3A1E4C827}
O42 - Logiciel: PowerDVD - (.Dell.) [HKLM] -- {281ECE39-F043-492B-8337-F2E546B5604A}
O42 - Logiciel: PuTTY version 0.60 - (.Simon Tatham.) [HKLM] -- PuTTY_is1
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {8DC42D05-680B-41B0-8878-6C14D24602DB}
O42 - Logiciel: RealPlayer - (.RealNetworks.) [HKLM] -- RealPlayer 6.0
O42 - Logiciel: Roxio Creator Audio - (.Roxio.) [HKLM] -- {83FFCFC7-88C6-41c6-8752-958A45325C82}
O42 - Logiciel: Roxio Creator Copy - (.Roxio.) [HKLM] -- {619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
O42 - Logiciel: Roxio Creator DE - (.Roxio.) [HKLM] -- {C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
O42 - Logiciel: Roxio Creator Data - (.Roxio.) [HKLM] -- {0D397393-9B50-4c52-84D5-77E344289F87}
O42 - Logiciel: Roxio Creator Tools - (.Roxio.) [HKLM] -- {0394CDC8-FABD-4ed8-B104-03393876DFDF}
O42 - Logiciel: Roxio Drag-to-Disc - (.Roxio.) [HKLM] -- {2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
O42 - Logiciel: Roxio Express Labeler - (.Roxio.) [HKLM] -- {6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
O42 - Logiciel: Roxio Update Manager - (.Roxio.) [HKLM] -- {30465B6C-B53F-49A1-9EBA-A3F187AD502E}
O42 - Logiciel: SecureW2 Client 3.1.2 - (...) [HKLM] -- SecureW2 Client
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- KB931906
O42 - Logiciel: Security Update for CAPICOM (KB931906) - (.Microsoft Corporation.) [HKLM] -- {0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
O42 - Logiciel: Skype Click to Call - (.Skype Technologies S.A..) [HKLM] -- {B6CF2967-C81E-40C0-9815-C05774FEF120}
O42 - Logiciel: Skypeâ„¢ 5.8 - (.Skype Technologies S.A..) [HKLM] -- {EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}
O42 - Logiciel: Sonic Activation Module - (.Sonic Solutions.) [HKLM] -- {35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
O42 - Logiciel: Spelling Dictionaries Support For Adobe Reader 9 - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-5464-3428-900000000004}
O42 - Logiciel: Symantec AntiVirus - (.Symantec Corporation.) [HKLM] -- {A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}
O42 - Logiciel: USB-set 1.4 - (.Infoadom 38.) [HKLM] -- {B92B952E-4459-480F-A500-60D87F6F527F}_is1
O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (KB2596560) - (.Microsoft.) [HKLM] -- {90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{2964DDE1-4925-4DF1-AF2C-0A36B3442228}
O42 - Logiciel: User Profile Hive Cleanup Service - (.Microsoft Corporation.) [HKLM] -- {FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
O42 - Logiciel: VLC media player 0.9.2 - (.VideoLAN Team.) [HKLM] -- VLC media player =>.VideoLAN
O42 - Logiciel: WIDCOMM Bluetooth Software - (.Dell.) [HKLM] -- {84814E6B-2581-46EC-926A-823BD1C670F6}
O42 - Logiciel: WinSCP 4.1.7 - (.Martin Prikryl.) [HKLM] -- winscp3_is1
O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) - (.Microsoft Corporation.) [HKLM] -- WgaNotify
O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM] -- ie7
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11
O42 - Logiciel: Windows Media Format Runtime - (...) [HKLM] -- Windows Media Format Runtime
O42 - Logiciel: Windows Media Player 11 - (.Microsoft Corporation.) [HKLM] -- wmp11 =>.Microsoft Corporation
O42 - Logiciel: Windows Presentation Foundation - (.Microsoft Corporation.) [HKLM] -- {BAF78226-3200-4DB4-BE33-4D922A799840}
O42 - Logiciel: Windows Presentation Foundation Language Pack (FRA) - (.Microsoft Corporation.) [HKLM] -- {6901DD22-527A-41EF-9059-E81FEDE9E494}
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service
O42 - Logiciel: XML Paper Specification Shared Components Language Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XPSEPSCLP
O42 - Logiciel: XML Paper Specification Shared Components Pack 1.0 - (.Microsoft Corporation.) [HKLM] -- XpsEPSC
O42 - Logiciel: getPlus(R) for Adobe - (.NOS Microsystems Ltd..) [HKLM] -- {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
~ Logic: 84 Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\Alfa & Ariss]
[HKCU\Software\Alps]
[HKCU\Software\Andrea Electronics]
[HKCU\Software\Canon]
[HKCU\Software\Citrix]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CyberLink]
[HKCU\Software\IM Providers]
[HKCU\Software\InstallShield]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\NOS]
[HKCU\Software\Netscape]
[HKCU\Software\Novatel Wireless]
[HKCU\Software\ODBC]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\PDFCreator]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\PowerArchiverInt]
[HKCU\Software\Roxio]
[HKCU\Software\Skype]
[HKCU\Software\Smith Micro]
[HKCU\Software\Trolltech]
[HKCU\Software\UsbFix]
[HKCU\Software\Widcomm]
[HKLM\Software\781]
[HKLM\Software\AT&T]
[HKLM\Software\Adobe]
[HKLM\Software\AdwCleaner]
[HKLM\Software\Alfa & Ariss]
[HKLM\Software\Alps]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\BioAPI]
[HKLM\Software\Broadcom]
[HKLM\Software\C07ft5Y]
[HKLM\Software\Canon]
[HKLM\Software\Caphyon]
[HKLM\Software\CheckPoint]
[HKLM\Software\Cisco Systems]
[HKLM\Software\Citrix]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\CyberLink]
[HKLM\Software\Cygnus Solutions]
[HKLM\Software\Dell Computer Corporation]
[HKLM\Software\Dell]
[HKLM\Software\FileZilla 3]
[HKLM\Software\FullCircle]
[HKLM\Software\GIMP_Back_Mode]
[HKLM\Software\GPL Ghostscript]
[HKLM\Software\Gemplus]
[HKLM\Software\Ghostgum]
[HKLM\Software\Google]
[HKLM\Software\IDT]
[HKLM\Software\INTEL]
[HKLM\Software\InstallShield]
[HKLM\Software\InstalledOptions]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\Macromedia]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\Martin Prikryl]
[HKLM\Software\McAfee.com]
[HKLM\Software\MicroVision]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NOS]
[HKLM\Software\Nero]
[HKLM\Software\NetMotion]
[HKLM\Software\Nortel Networks]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\PowerArchiverFR]
[HKLM\Software\PowerArchiverInt]
[HKLM\Software\Program Groups]
[HKLM\Software\RealNetworks]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RichFX]
[HKLM\Software\Roxio]
[HKLM\Software\Schlumberger]
[HKLM\Software\Secure]
[HKLM\Software\Services]
[HKLM\Software\SigmaTel]
[HKLM\Software\Skype]
[HKLM\Software\Smith Micro]
[HKLM\Software\Sonic]
[HKLM\Software\Sun Microsystems]
[HKLM\Software\Symantec]
[HKLM\Software\Telespree]
[HKLM\Software\VideoLAN]
[HKLM\Software\Widcomm]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Windows]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\ahead]
[HKLM\Software\mcafeeupdater]
[HKLM\Software\mozilla.org]
~ Key Software: 282 Scanned in 00mn 00s
Modifié en dernier par bonaparte75 le jeu. 22 mai 2014 13:37, modifié 1 fois.
Avatar du membre

Re: Virus transformant contenu des clés USB en raccourcis

par bonaparte75
 jeu. 22 mai 2014 13:34 #149328
ZHPDIAG suite
Code: Tout sélectionner
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/10/2008 - 14:32:56 - [] ----D C:\Program Files\Adobe
O43 - CFD: 19/01/2010 - 12:21:07 - [] ----D C:\Program Files\Alfa & Ariss
O43 - CFD: 03/12/2008 - 19:25:33 - [] ----D C:\Program Files\AT&T
O43 - CFD: 03/10/2008 - 14:02:18 - [] ----D C:\Program Files\Broadcom
O43 - CFD: 03/12/2008 - 19:22:46 - [] ----D C:\Program Files\Broadcom Corporation
O43 - CFD: 07/10/2013 - 11:03:27 - [] ----D C:\Program Files\Canon
O43 - CFD: 07/10/2013 - 10:43:18 - [] --H-D C:\Program Files\CanonBJ
O43 - CFD: 25/05/2011 - 12:02:58 - [] ----D C:\Program Files\CCleaner
O43 - CFD: 03/10/2008 - 15:12:48 - [] ----D C:\Program Files\Citrix
O43 - CFD: 03/10/2008 - 13:42:00 - [0] ----D C:\Program Files\ComPlus Applications
O43 - CFD: 21/10/2008 - 10:48:39 - [] R---D C:\Program Files\CRIR
O43 - CFD: 07/10/2008 - 11:09:22 - [] ----D C:\Program Files\CyberLink
O43 - CFD: 03/12/2008 - 19:28:42 - [] ----D C:\Program Files\Dell
O43 - CFD: 03/12/2008 - 19:14:24 - [] ----D C:\Program Files\DellTPad
O43 - CFD: 03/12/2008 - 19:22:37 - [] ----D C:\Program Files\DIFX
O43 - CFD: 09/03/2012 - 18:01:33 - [] ----D C:\Program Files\Fichiers communs
O43 - CFD: 21/10/2008 - 11:30:36 - [] ----D C:\Program Files\FileZilla FTP Client
O43 - CFD: 03/10/2008 - 15:06:56 - [] ----D C:\Program Files\Ghostgum
O43 - CFD: 03/10/2008 - 15:27:05 - [] ----D C:\Program Files\Gimp Pack Mode
O43 - CFD: 03/10/2008 - 15:06:18 - [] ----D C:\Program Files\gs
O43 - CFD: 03/12/2008 - 19:19:15 - [] ----D C:\Program Files\IDT
O43 - CFD: 03/12/2008 - 19:21:50 - [] --H-D C:\Program Files\InstallShield Installation Information
O43 - CFD: 10/11/2011 - 13:07:43 - [] ----D C:\Program Files\Internet Explorer
O43 - CFD: 03/10/2008 - 15:27:28 - [] ----D C:\Program Files\IrfanView
O43 - CFD: 10/09/2010 - 15:01:45 - [] ----D C:\Program Files\Java
O43 - CFD: 06/11/2009 - 12:37:36 - [] ----D C:\Program Files\JRE
O43 - CFD: 22/05/2014 - 11:05:35 - [] ----D C:\Program Files\Malwarebytes Anti-Malware
O43 - CFD: 08/06/2010 - 11:07:48 - [] ----D C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 22/03/2013 - 12:02:54 - [] ----D C:\Program Files\McAfee Security Scan
O43 - CFD: 08/12/2008 - 16:34:04 - [] ----D C:\Program Files\Messenger
O43 - CFD: 08/12/2008 - 17:09:36 - [] ----D C:\Program Files\Microsoft CAPICOM 2.1.0.2
O43 - CFD: 03/10/2008 - 13:46:05 - [] ----D C:\Program Files\microsoft frontpage
O43 - CFD: 08/12/2008 - 16:47:21 - [] ----D C:\Program Files\Microsoft Office
O43 - CFD: 08/12/2008 - 16:47:20 - [] ----D C:\Program Files\Microsoft Visual Studio
O43 - CFD: 14/05/2009 - 10:03:12 - [] ----D C:\Program Files\Microsoft Works
O43 - CFD: 08/12/2008 - 16:47:07 - [] ----D C:\Program Files\Microsoft.NET
O43 - CFD: 10/09/2010 - 15:21:03 - [] ----D C:\Program Files\Movie Maker
O43 - CFD: 22/05/2014 - 13:09:22 - [] ----D C:\Program Files\Mozilla Firefox
O43 - CFD: 21/10/2008 - 11:25:45 - [] ----D C:\Program Files\Mozilla Thunderbird =>.Mozilla Corporation
O43 - CFD: 06/10/2008 - 11:25:51 - [] ----D C:\Program Files\MSBuild
O43 - CFD: 03/10/2008 - 13:40:52 - [] ----D C:\Program Files\MSN
O43 - CFD: 03/10/2008 - 13:41:35 - [] ----D C:\Program Files\MSN Gaming Zone
O43 - CFD: 07/10/2008 - 13:30:57 - [0] ----D C:\Program Files\MSXML 4.0
O43 - CFD: 07/10/2008 - 13:29:15 - [] ----D C:\Program Files\MSXML 6.0
O43 - CFD: 18/02/2010 - 10:09:18 - [] ----D C:\Program Files\Nero
O43 - CFD: 08/12/2008 - 16:30:49 - [] ----D C:\Program Files\NetMeeting
O43 - CFD: 14/05/2009 - 10:32:08 - [] ----D C:\Program Files\NOS
O43 - CFD: 22/05/2014 - 11:28:05 - [] ----D C:\Program Files\OCS Inventory Agent
O43 - CFD: 03/10/2008 - 13:41:46 - [] ----D C:\Program Files\Online Services
O43 - CFD: 06/11/2009 - 12:34:09 - [] ----D C:\Program Files\OpenOffice.org 2.4
O43 - CFD: 06/11/2009 - 12:37:35 - [] ----D C:\Program Files\OpenOffice.org 3
O43 - CFD: 25/05/2011 - 14:01:12 - [] ----D C:\Program Files\Outlook Express =>.Microsoft Corporation
O43 - CFD: 03/10/2008 - 15:08:34 - [] ----D C:\Program Files\PDFCreator
O43 - CFD: 21/10/2008 - 11:32:05 - [] ----D C:\Program Files\PowerArchiver
O43 - CFD: 03/10/2008 - 15:34:18 - [] ----D C:\Program Files\PuTTY
O43 - CFD: 03/10/2008 - 15:43:04 - [] ----D C:\Program Files\QuickTime
O43 - CFD: 03/10/2008 - 15:37:52 - [] ----D C:\Program Files\Real
O43 - CFD: 06/10/2008 - 11:21:17 - [] ----D C:\Program Files\Reference Assemblies
O43 - CFD: 07/10/2008 - 12:27:11 - [] ----D C:\Program Files\Roxio
O43 - CFD: 03/10/2008 - 13:44:23 - [] ----D C:\Program Files\Services en ligne
O43 - CFD: 09/03/2012 - 18:02:01 - [] R---D C:\Program Files\Skype
O43 - CFD: 03/10/2008 - 14:08:43 - [] ----D C:\Program Files\Symantec
O43 - CFD: 22/05/2014 - 10:58:45 - [] ----D C:\Program Files\Symantec AntiVirus
O43 - CFD: 03/12/2008 - 19:25:39 - [] ----D C:\Program Files\Telespree
O43 - CFD: 03/10/2008 - 13:53:43 - [0] --H-D C:\Program Files\Uninstall Information
O43 - CFD: 03/10/2008 - 14:12:31 - [] ----D C:\Program Files\UP1-icons
O43 - CFD: 07/10/2008 - 11:00:05 - [] ----D C:\Program Files\UPHClean
O43 - CFD: 08/06/2010 - 11:06:38 - [] ----D C:\Program Files\USB-set
O43 - CFD: 03/10/2008 - 15:29:36 - [] ----D C:\Program Files\VideoLAN
O43 - CFD: 03/12/2008 - 19:25:59 - [] ----D C:\Program Files\WIDCOMM
O43 - CFD: 08/12/2008 - 17:03:54 - [] ----D C:\Program Files\Windows Live
O43 - CFD: 06/10/2008 - 11:19:46 - [] ----D C:\Program Files\Windows Media Connect 2
O43 - CFD: 08/12/2008 - 16:30:47 - [] ----D C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 08/12/2008 - 16:30:47 - [] ----D C:\Program Files\Windows NT
O43 - CFD: 03/10/2008 - 13:44:27 - [0] --H-D C:\Program Files\WindowsUpdate
O43 - CFD: 03/10/2008 - 15:32:47 - [] ----D C:\Program Files\WinSCP
O43 - CFD: 03/10/2008 - 13:46:05 - [] ----D C:\Program Files\xerox
O43 - CFD: 22/05/2014 - 11:23:27 - [] ----D C:\Program Files\ZHPDiag =>.Nicolas Coolman
O43 - CFD: 12/11/2010 - 15:35:07 - [] ----D C:\Program Files\Fichiers communs\Adobe
O43 - CFD: 18/02/2010 - 10:09:18 - [] ----D C:\Program Files\Fichiers communs\Ahead
O43 - CFD: 03/10/2008 - 15:42:48 - [] ----D C:\Program Files\Fichiers communs\Apple
O43 - CFD: 08/12/2008 - 16:47:19 - [] ----D C:\Program Files\Fichiers communs\DESIGNER
O43 - CFD: 07/10/2008 - 12:27:11 - [] ----D C:\Program Files\Fichiers communs\InstallShield
O43 - CFD: 10/09/2010 - 15:01:56 - [] ----D C:\Program Files\Fichiers communs\Java
O43 - CFD: 13/03/2012 - 16:11:28 - [] ----D C:\Program Files\Fichiers communs\Microsoft Shared
O43 - CFD: 03/10/2008 - 13:43:24 - [] ----D C:\Program Files\Fichiers communs\MSSoap
O43 - CFD: 03/10/2008 - 15:20:30 - [] ----D C:\Program Files\Fichiers communs\ODBC
O43 - CFD: 03/10/2008 - 15:38:01 - [] ----D C:\Program Files\Fichiers communs\Real
O43 - CFD: 07/10/2008 - 12:26:40 - [] ----D C:\Program Files\Fichiers communs\Roxio Shared
O43 - CFD: 03/10/2008 - 13:43:28 - [] ----D C:\Program Files\Fichiers communs\Services
O43 - CFD: 09/03/2012 - 18:01:33 - [] ----D C:\Program Files\Fichiers communs\Skype
O43 - CFD: 07/10/2008 - 12:26:42 - [] ----D C:\Program Files\Fichiers communs\Sonic Shared
O43 - CFD: 03/10/2008 - 15:20:26 - [] ----D C:\Program Files\Fichiers communs\SpeechEngines
O43 - CFD: 07/10/2008 - 12:25:55 - [] ----D C:\Program Files\Fichiers communs\SureThing Shared
O43 - CFD: 03/10/2008 - 14:09:16 - [] ----D C:\Program Files\Fichiers communs\Symantec Shared
O43 - CFD: 13/03/2012 - 16:09:46 - [] ----D C:\Program Files\Fichiers communs\System
O43 - CFD: 03/12/2008 - 19:25:39 - [] ----D C:\Program Files\Fichiers communs\Telespree
O43 - CFD: 08/12/2008 - 17:03:41 - [] -SH-D C:\Program Files\Fichiers communs\WindowsLiveInstaller
O43 - CFD: 21/10/2008 - 12:11:18 - [] ----D C:\Program Files\Fichiers communs\Wise Installation Wizard
O43 - CFD: 03/10/2008 - 15:38:03 - [] ----D C:\Program Files\Fichiers communs\xing shared
O43 - CFD: 22/03/2013 - 11:22:28 - [] ----D C:\Documents and Settings\All Users\Application Data\Adobe
O43 - CFD: 03/10/2008 - 15:42:43 - [] ----D C:\Documents and Settings\All Users\Application Data\Apple Computer
O43 - CFD: 03/12/2008 - 19:25:33 - [] ----D C:\Documents and Settings\All Users\Application Data\AT&T
O43 - CFD: 07/10/2013 - 10:44:16 - [] --H-D C:\Documents and Settings\All Users\Application Data\CanonBJ
O43 - CFD: 07/10/2013 - 11:03:31 - [0] ----D C:\Documents and Settings\All Users\Application Data\CanonIJPLM
O43 - CFD: 03/10/2008 - 17:08:55 - [] ----D C:\Documents and Settings\All Users\Application Data\ConeXware
O43 - CFD: 07/10/2008 - 12:35:44 - [] ----D C:\Documents and Settings\All Users\Application Data\CyberLink
O43 - CFD: 07/10/2008 - 11:09:53 - [] ----D C:\Documents and Settings\All Users\Application Data\Dell
O43 - CFD: 16/12/2010 - 10:12:53 - [] ----D C:\Documents and Settings\All Users\Application Data\DellUCM
O43 - CFD: 07/10/2008 - 12:27:12 - [] ----D C:\Documents and Settings\All Users\Application Data\InstallShield
O43 - CFD: 22/05/2014 - 11:05:32 - [] ----D C:\Documents and Settings\All Users\Application Data\Malwarebytes
O43 - CFD: 22/03/2013 - 11:21:22 - [] ----D C:\Documents and Settings\All Users\Application Data\McAfee
O43 - CFD: 22/03/2013 - 11:21:26 - [] ----D C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
O43 - CFD: 08/12/2008 - 17:03:54 - [] -S--D C:\Documents and Settings\All Users\Application Data\Microsoft
O43 - CFD: 13/03/2012 - 16:12:48 - [] ----D C:\Documents and Settings\All Users\Application Data\Microsoft Help
O43 - CFD: 14/05/2009 - 10:32:09 - [] ----D C:\Documents and Settings\All Users\Application Data\NOS
O43 - CFD: 21/10/2008 - 14:30:14 - [0] ----D C:\Documents and Settings\All Users\Application Data\PKWARE
O43 - CFD: 09/03/2012 - 18:01:30 - [] ----D C:\Documents and Settings\All Users\Application Data\Skype
O43 - CFD: 07/10/2008 - 12:26:46 - [] ----D C:\Documents and Settings\All Users\Application Data\Sonic
O43 - CFD: 09/04/2010 - 12:43:20 - [] ----D C:\Documents and Settings\All Users\Application Data\Sun
O43 - CFD: 03/10/2008 - 14:08:27 - [] ----D C:\Documents and Settings\All Users\Application Data\Symantec
O43 - CFD: 08/06/2010 - 11:07:30 - [] ----D C:\Documents and Settings\All Users\Application Data\usb-set
O43 - CFD: 03/10/2008 - 14:30:45 - [] ----D C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
O43 - CFD: 14/05/2009 - 10:30:32 - [] ----D C:\Documents and Settings\All Users\Application Data\WLInstaller
O43 - CFD: 03/10/2008 - 15:03:13 - [] ----D C:\Documents and Settings\Administrateur\Application Data\Adobe
O43 - CFD: 18/02/2010 - 10:12:34 - [] ----D C:\Documents and Settings\Administrateur\Application Data\Ahead
O43 - CFD: 07/10/2008 - 12:35:51 - [] ----D C:\Documents and Settings\Administrateur\Application Data\CyberLink
O43 - CFD: 18/10/2011 - 16:18:50 - [] ----D C:\Documents and Settings\Administrateur\Application Data\dvdcss
O43 - CFD: 21/10/2008 - 12:10:24 - [] ----D C:\Documents and Settings\Administrateur\Application Data\Identities
O43 - CFD: 03/12/2008 - 19:21:34 - [] ----D C:\Documents and Settings\Administrateur\Application Data\InstallShield
O43 - CFD: 03/10/2008 - 15:26:33 - [] ----D C:\Documents and Settings\Administrateur\Application Data\IrfanView
O43 - CFD: 07/10/2008 - 12:45:37 - [] ----D C:\Documents and Settings\Administrateur\Application Data\Macromedia
O43 - CFD: 08/06/2010 - 11:05:05 - [] ----D C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
O43 - CFD: 18/10/2011 - 10:09:46 - [] -S--D C:\Documents and Settings\Administrateur\Application Data\Microsoft
O43 - CFD: 03/10/2008 - 14:27:30 - [] ----D C:\Documents and Settings\Administrateur\Application Data\Mozilla
O43 - CFD: 08/10/2008 - 10:33:19 - [] ----D C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
O43 - CFD: 21/10/2008 - 14:30:14 - [0] ----D C:\Documents and Settings\Administrateur\Application Data\PKWARE
O43 - CFD: 03/10/2008 - 15:38:12 - [] ----D C:\Documents and Settings\Administrateur\Application Data\Real
O43 - CFD: 22/05/2014 - 11:59:37 - [] ----D C:\Documents and Settings\Administrateur\Application Data\Skype
O43 - CFD: 07/10/2008 - 12:46:07 - [] ----D C:\Documents and Settings\Administrateur\Application Data\Sun
O43 - CFD: 03/10/2008 - 14:27:33 - [] ----D C:\Documents and Settings\Administrateur\Application Data\Talkback
O43 - CFD: 03/10/2008 - 14:27:29 - [] ----D C:\Documents and Settings\Administrateur\Application Data\Thunderbird =>.Mozilla Corporation
O43 - CFD: 14/01/2009 - 11:23:36 - [] ----D C:\Documents and Settings\Administrateur\Application Data\U3
O43 - CFD: 04/03/2011 - 15:42:37 - [] ----D C:\Documents and Settings\Administrateur\Application Data\vlc
O43 - CFD: 22/05/2014 - 13:15:14 - [] ----D C:\Documents and Settings\Administrateur\Application Data\ZHP =>.Nicolas Coolman
O43 - CFD: 12/11/2010 - 15:34:45 - [] ----D C:\Documents and Settings\Administrateur\Local Settings\Application Data\Adobe
O43 - CFD: 22/02/2010 - 12:27:51 - [] ----D C:\Documents and Settings\Administrateur\Local Settings\Application Data\Ahead
O43 - CFD: 03/10/2008 - 15:42:39 - [] ----D C:\Documents and Settings\Administrateur\Local Settings\Application Data\Apple Computer
O43 - CFD: 03/12/2008 - 19:28:20 - [] ----D C:\Documents and Settings\Administrateur\Local Settings\Application Data\ApplicationHistory
O43 - CFD: 22/03/2013 - 11:04:30 - [] ----D C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft
O43 - CFD: 08/12/2008 - 16:44:15 - [0] ----D C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft Help
O43 - CFD: 03/10/2008 - 14:25:48 - [] ----D C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla
O43 - CFD: 08/12/2008 - 16:57:10 - [] ----D C:\Documents and Settings\Administrateur\Local Settings\Application Data\PCHealth
O43 - CFD: 14/05/2009 - 09:39:48 - [] ----D C:\Documents and Settings\Administrateur\Local Settings\Application Data\PowerDVD DX
O43 - CFD: 07/01/2010 - 16:19:33 - [] ----D C:\Documents and Settings\Administrateur\Local Settings\Application Data\Roxio
O43 - CFD: 03/10/2008 - 14:09:13 - [] ----D C:\Documents and Settings\Administrateur\Local Settings\Application Data\Symantec
O43 - CFD: 03/10/2008 - 14:27:33 - [] ----D C:\Documents and Settings\Administrateur\Local Settings\Application Data\Thunderbird =>.Mozilla Corporation
O43 - CFD: 08/12/2008 - 16:19:27 - [] R---D C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Accessoires
O43 - CFD: 08/06/2010 - 11:04:40 - [] ----D C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\CCleaner
O43 - CFD: 22/05/2014 - 10:36:45 - [] R---D C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
O43 - CFD: 08/10/2008 - 10:57:08 - [] R---D C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Outils d'administration
~ Program Folder: 161 Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.8683C1B450F4B3872839308D836E0F92] - 12/05/2014 - 06:25:54 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\system32\Drivers\mbam.sys [23256]
O44 - LFC:[MD5.AED25CDB09FB4E56F45DAF6C9A1D3ED3] - 12/05/2014 - 06:26:02 ---A- . (.Malwarebytes Corporation - Malwarebytes Chameleon Protection Driver.) -- C:\WINDOWS\system32\Drivers\mbamchameleon.sys [53208]
O44 - LFC:[MD5.2BEAE954C52A6656A014E46C4627A8C4] - 22/05/2014 - 09:07:24 ---A- . (...) -- C:\WINDOWS\KB2584146.log [5131]
O44 - LFC:[MD5.80DFC42B0F16EBF09C540C2872CD57CF] - 22/05/2014 - 09:07:34 ---A- . (...) -- C:\WINDOWS\KB2620712.log [5180]
O44 - LFC:[MD5.0342033FE2BD179EF104814D8667EC1A] - 22/05/2014 - 09:07:47 ---A- . (...) -- C:\WINDOWS\KB2676562.log [6870]
O44 - LFC:[MD5.B848D137389D4F0F42D58C276063A5E2] - 22/05/2014 - 09:07:51 ---A- . (...) -- C:\WINDOWS\KB2813345.log [6272]
O44 - LFC:[MD5.3F5492C7B9C68C9B71FDB6F74B76D0D1] - 22/05/2014 - 09:07:53 ---A- . (...) -- C:\WINDOWS\KB2727528.log [5528]
O44 - LFC:[MD5.A071F310A36C91AC354C9951216F596E] - 22/05/2014 - 09:07:56 ---A- . (...) -- C:\WINDOWS\KB2705219-v2.log [5683]
O44 - LFC:[MD5.AB9B3BB8115945D5FBF5E6B1BC211C1E] - 22/05/2014 - 09:07:58 ---A- . (...) -- C:\WINDOWS\KB2619339.log [5758]
O44 - LFC:[MD5.407B38BB00A2F8C8F39F8F18B5909216] - 22/05/2014 - 09:08:00 ---A- . (...) -- C:\WINDOWS\KB2892075.log [5873]
O44 - LFC:[MD5.EE56363BF2B4AD251D5DEFFC091CF169] - 22/05/2014 - 09:08:05 ---A- . (...) -- C:\WINDOWS\KB2749655.log [5872]
O44 - LFC:[MD5.40F6D88DF91351210A3B409D4B244449] - 22/05/2014 - 09:08:11 ---A- . (...) -- C:\WINDOWS\KB2653956.log [5988]
O44 - LFC:[MD5.9A9A6A4A5E975314FFCC3FE1C0842D65] - 22/05/2014 - 09:08:13 ---A- . (...) -- C:\WINDOWS\KB2757638.log [6108]
O44 - LFC:[MD5.7FD12FCEB2EEC898DFB5C103E0150F36] - 22/05/2014 - 09:08:16 ---A- . (...) -- C:\WINDOWS\KB2893294.log [6217]
O44 - LFC:[MD5.494F475E0255EB17695055342957D80A] - 22/05/2014 - 09:08:18 ---A- . (...) -- C:\WINDOWS\KB2820917.log [6219]
O44 - LFC:[MD5.9EA9C5E41D592EB43BFF18F03A42430D] - 22/05/2014 - 09:08:21 ---A- . (...) -- C:\WINDOWS\KB2859537.log [6664]
O44 - LFC:[MD5.CC6456D391E65E02279CF0EDDC568C85] - 22/05/2014 - 09:08:24 ---A- . (...) -- C:\WINDOWS\KB2876331.log [6330]
O44 - LFC:[MD5.A59D9E80336CEBD365DAB25B2E22B38E] - 22/05/2014 - 09:08:30 ---A- . (...) -- C:\WINDOWS\KB2850869.log [6331]
O44 - LFC:[MD5.EC2AE8D0E088CE6A6D372BB8F499D8FE] - 22/05/2014 - 09:08:35 ---A- . (...) -- C:\WINDOWS\KB2770660.log [6333]
O44 - LFC:[MD5.37B2FDB766A72C040FF62871255EEE09] - 22/05/2014 - 09:08:37 ---A- . (...) -- C:\WINDOWS\KB2862152.log [6448]
O44 - LFC:[MD5.9D714D646B4E3A405627C443FE339431] - 22/05/2014 - 09:08:39 ---A- . (...) -- C:\WINDOWS\KB2719985.log [6458]
O44 - LFC:[MD5.0BC0657E3212FA8DD7C6C331ACEA0C08] - 22/05/2014 - 09:08:41 ---A- . (...) -- C:\WINDOWS\KB2864063.log [6564]
O44 - LFC:[MD5.B215837F65DEBEF3F94CD68298DDB648] - 22/05/2014 - 09:08:44 ---A- . (...) -- C:\WINDOWS\KB2930275.log [7082]
O44 - LFC:[MD5.1F212AC7DEDA9EDA55053A1C8EAA3612] - 22/05/2014 - 09:08:46 ---A- . (...) -- C:\WINDOWS\KB2876217.log [6569]
O44 - LFC:[MD5.BE4E826663B8E1A7D2A487A9C6F03751] - 22/05/2014 - 09:08:50 ---A- . (...) -- C:\WINDOWS\KB2780091.log [6568]
O44 - LFC:[MD5.6B57C9BB160494D3AFFD474FDF71DFEA] - 22/05/2014 - 09:08:55 ---A- . (...) -- C:\WINDOWS\KB2929961.log [6678]
O44 - LFC:[MD5.2C7B286AA748E2B717C37E0E5570A1CC] - 22/05/2014 - 09:08:59 ---A- . (...) -- C:\WINDOWS\KB2598479.log [6676]
O44 - LFC:[MD5.07BF5C3F62B690BBD50360901C56F33E] - 22/05/2014 - 09:09:01 ---A- . (...) -- C:\WINDOWS\KB2898715.log [6794]
O44 - LFC:[MD5.ADEA2B822AA3C6F7BE29ECAC93D38E1B] - 22/05/2014 - 09:09:03 ---A- . (...) -- C:\WINDOWS\KB2802968.log [6793]
O44 - LFC:[MD5.28CE6A46B7502156FA6BBC591854AC74] - 22/05/2014 - 09:09:05 ---A- . (...) -- C:\WINDOWS\KB2655992.log [6908]
O44 - LFC:[MD5.D7465F3FEBA2B4D175A9C0385F7D8D6D] - 22/05/2014 - 09:09:06 ---A- . (...) -- C:\WINDOWS\KB2847311.log [7023]
O44 - LFC:[MD5.B1AFFABD13E120D1A206A1856DEA55D2] - 22/05/2014 - 09:09:09 ---A- . (...) -- C:\WINDOWS\KB2691442.log [7033]
O44 - LFC:[MD5.F238EAEA2735371F1495D49E1A21FDED] - 22/05/2014 - 09:09:13 ---A- . (...) -- C:\WINDOWS\KB2631813.log [7142]
O44 - LFC:[MD5.92581D91E2D4CA6A26F79D1E23EA896F] - 22/05/2014 - 09:09:17 ---A- . (...) -- C:\WINDOWS\KB2585542.log [7254]
O44 - LFC:[MD5.36B51EF3BBB7A29DC68241B77FB7EE0F] - 22/05/2014 - 09:09:21 ---A- . (...) -- C:\WINDOWS\KB2916036.log [7371]
O44 - LFC:[MD5.8EACE5AF3C55A39E1BC14DF370C592EA] - 22/05/2014 - 09:09:23 ---A- . (...) -- C:\WINDOWS\KB2712808.log [7369]
O44 - LFC:[MD5.EB49B1BEED0C5AC8520A59D35F82B5E6] - 22/05/2014 - 09:09:24 ---A- . (...) -- C:\WINDOWS\KB2922229.log [7484]
O44 - LFC:[MD5.430B1BFE10712FC25A842E1C7013387F] - 22/05/2014 - 09:09:26 ---A- . (...) -- C:\WINDOWS\KB2868626.log [7484]
O44 - LFC:[MD5.23B9EB53778D5EE128E4803039099A1D] - 22/05/2014 - 09:16:41 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl [70832]
O44 - LFC:[MD5.545C16DA74C51050F80A8C18BABF130F] - 22/05/2014 - 09:16:42 ---A- . (.Adobe Systems Incorporated - Adobe Flash Player Control Panel Applet.) -- C:\WINDOWS\system32\FlashPlayerApp.exe [692400]
O44 - LFC:[MD5.9E5373F4EFF86E125FE16A800FCA7DD4] - 22/05/2014 - 09:56:34 ---A- . (...) -- C:\WINDOWS\SchedLgU.Txt [32572]
O44 - LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] - 22/05/2014 - 09:57:53 -S-A- . (...) -- C:\WINDOWS\bootstat.dat [2048]
O44 - LFC:[MD5.B8ED4C77CE1E2912F118814D3B30D4A9] - 22/05/2014 - 09:58:22 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.2631AD40FA53C6EC60899BCBEC082244] - 22/05/2014 - 09:58:23 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/05/2014 - 09:58:57 ---A- . (...) -- C:\WINDOWS\0.log [0]
O44 - LFC:[MD5.47A9C4B796D571B51978D620732B47C5] - 22/05/2014 - 09:59:01 ---A- . (...) -- C:\WINDOWS\system32\wpa.dbl [2206]
O44 - LFC:[MD5.12E71DA845D76665B56753AD149E32B3] - 22/05/2014 - 10:06:06 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\system32\Drivers\mbamswissarmy.sys [110296]
O44 - LFC:[MD5.E0271276821590DA737275EA2978F3E1] - 22/05/2014 - 10:19:34 ----- . (...) -- C:\m.txt [1289]
O44 - LFC:[MD5.08252DC2D8C045E1C0282F702F2A4F88] - 22/05/2014 - 11:00:58 ---A- . (...) -- C:\WINDOWS\setupapi.log [571826]
O44 - LFC:[MD5.DF112B297D38BCC8301399E58469CD1B] - 22/05/2014 - 11:02:00 ---A- . (...) -- C:\WINDOWS\system32\PerfStringBackup.INI [1123328]
O44 - LFC:[MD5.ACC4A46E6796DACFB1AB9876A4FAA322] - 22/05/2014 - 11:02:00 ---A- . (...) -- C:\WINDOWS\system32\perfc009.dat [71842]
O44 - LFC:[MD5.F97F77351B8CCED89F4657C9CCA521CA] - 22/05/2014 - 11:02:00 ---A- . (...) -- C:\WINDOWS\system32\perfc00C.dat [85412]
O44 - LFC:[MD5.5BFE9DFE54C108AA53BBAFF39850301E] - 22/05/2014 - 11:02:00 ---A- . (...) -- C:\WINDOWS\system32\perfh009.dat [441906]
O44 - LFC:[MD5.38D41DAA3EB629442D8FEEF5B2060A0F] - 22/05/2014 - 11:02:00 ---A- . (...) -- C:\WINDOWS\system32\perfh00C.dat [511428]
O44 - LFC:[MD5.FB9A3B1FFC74463EE511128736673FB7] - 22/05/2014 - 11:04:45 ---A- . (...) -- C:\WINDOWS\WindowsUpdate.log [1919446]
~ Files: 56 Scanned in 00mn 02s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Export de clé d'application autorisée (O47)
O47 - AAKE:Key Export SP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Mozilla Firefox\firefox.exe" [Enabled] .(.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O47 - AAKE:Key Export SP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" [Enabled] .(.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Windows Live\Messenger\livecall.exe" [Enabled] .(.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\livecall.exe
O47 - AAKE:Key Export SP - "C:\Program Files\Skype\Phone\Skype.exe" [Enabled] .(.Skype Technologies S.A..) -- C:\Program Files\Skype\Phone\Skype.exe
O47 - AAKE:Key Export DP - "%windir%\system32\sessmgr.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\system32\sessmgr.exe
O47 - AAKE:Key Export DP - "%windir%\Network Diagnostic\xpnetdiag.exe" [Enabled] .(.Microsoft Corporation.) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [Enabled] .(.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O47 - AAKE:Key Export DP - "C:\Program Files\Windows Live\Messenger\livecall.exe" [Enabled] .(.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\livecall.exe
~ Keys Export: 11 Scanned in 00mn 00s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'à‰diteur de configuration de sécurité Windows.) -- C:\WINDOWS\system32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Kerberos Security Package.) -- C:\WINDOWS\system32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\WINDOWS\system32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\WINDOWS\system32\wdigest.dll
~ LSA: 6 Scanned in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\system32\Drivers\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\system32\Drivers\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\system32\Drivers\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\Wdf01000.sys . (.Microsoft Corporation - WDF Dynamic.) -- C:\WINDOWS\system32\Drivers\Wdf01000.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\system32\Drivers\dmboot.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\system32\Drivers\dmio.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys . (.Microsoft Corporation - IPv6 Windows Firewall Driver.) -- C:\WINDOWS\system32\Drivers\ip6fw.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\WINDOWS\system32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\WINDOWS\system32\Drivers\rdpcdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys . (...) -- C:\WINDOWS\system32\Drivers\rdpdd.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys . (.Microsoft Corporation - RDP Terminal Stack Driver (US/Canada Only, Not for Export).) -- C:\WINDOWS\system32\Drivers\rdpwd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (...) -- C:\WINDOWS\system32\Drivers\sermouse.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys . (.Microsoft Corporation - Pilote de filtre de système de fichiers pour la restauration du système.) -- C:\WINDOWS\system32\Drivers\sr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys . (.Microsoft Corporation - Named Pipe Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdpipe.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys . (.Microsoft Corporation - TCP Transport Driver.) -- C:\WINDOWS\system32\Drivers\tdtcp.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\WINDOWS\system32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\WINDOWS\system32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\Wdf01000.sys . (.Microsoft Corporation - WDF Dynamic.) -- C:\WINDOWS\system32\Drivers\Wdf01000.sys
~ CSB: 23 Scanned in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"msacm.trspch"="tssoft32.acm" . (.DSP GROUP, INC. - Codec audio TrueSpeech(TM) DSP Group pour MSACM V3.50.) -- C:\WINDOWS\system32\tssoft32.acm
O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Cinepak® Codec.) -- C:\WINDOWS\system32\iccvid.dll
O52 - TDSD: \Drivers32\"vidc.iv31"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv32"="ir32_32.dll" . (...) -- C:\WINDOWS\system32\ir32_32.dll
O52 - TDSD: \Drivers32\"vidc.iv41"="ir41_32.ax" . (.Intel Corporation - Intel Indeo® Video 4.5.) -- C:\WINDOWS\system32\ir41_32.ax
O52 - TDSD: \Drivers32\"msacm.sl_anet"="sl_anet.acm" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm
O52 - TDSD: \Drivers32\"msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \Drivers32\"vidc.iv50"="ir50_32.dll" . (.Intel Corporation - Intel Indeo® video 5.10.) -- C:\WINDOWS\system32\ir50_32.dll
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\WINDOWS\system32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
O52 - TDSD: \drivers.desc\"sl_anet.acm"="Sipro Lab Telecom Audio Codec" . (.Sipro Lab Telecom Inc. - Audio codec for MS ACM.) -- C:\WINDOWS\system32\sl_anet.acm
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\iac25_32.ax"="Indeo® audio software" . (.Intel Corporation - Indeo® audio software.) -- C:\WINDOWS\system32\iac25_32.ax
O52 - TDSD: \drivers.desc\"C:\WINDOWS\system32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\WINDOWS\system32\l3codeca.acm
~ TDSD: 12 Scanned in 00mn 00s



---\\ Enumération des clés de registre SecurityProviders (MCSP) (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Client DPA pour plate-forme 32 bit.) -- C:\WINDOWS\system32\msapsspc.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\WINDOWS\system32\schannel.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Package d'authentification Digest SSPI.) -- C:\WINDOWS\system32\digest.dll
~ MSCP: 6 Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
~ MWPS: 5 Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=255
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=67108863
O56 - MWPE:[HKLM\...\policies\Explorer] - "LinkResolveIgnoreLinkInfo"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoCDBurning"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=255
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=67108863
~ MWPE Keys: 7 Scanned in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:18/02/2005 - 03:05:16 ---A- . (.Adaptec, Inc. - Adaptec hostRAID for Ultra320 SCSI.) -- C:\WINDOWS\system32\Drivers\A320RAID.SYS [218112]
O58 - SDL:07/04/2004 - 21:14:30 ---A- . (.Adaptec, Inc. - Adaptec RAID Miniport Driver.) -- C:\WINDOWS\system32\Drivers\aac.sys [48140]
O58 - SDL:18/05/2005 - 01:12:40 ---A- . (.Adaptec, Inc. - Adaptec hostRAID for Serial ATA.) -- C:\WINDOWS\system32\Drivers\aarich.sys [204800]
O58 - SDL:17/02/2004 - 19:38:30 ---A- . (.Adaptec, Inc. - Adaptec Win2K/XP/Server2003 Ultra320 SCSI Driver.) -- C:\WINDOWS\system32\Drivers\ADPU320.SYS [132608]
O58 - SDL:30/06/2008 - 01:57:16 ---A- . (.Andrea Electronics Corporation - Andrea Audio Driver.) -- C:\WINDOWS\system32\Drivers\AESTAud.sys [108160]
O58 - SDL:13/04/2008 - 19:36:39 ---A- . (.Advanced Micro Devices, Inc. - AMD Win2000 AGP Filter.) -- C:\WINDOWS\system32\Drivers\amdagp.sys [43008]
O58 - SDL:01/07/2008 - 22:22:14 ---A- . (.Alps Electric Co., Ltd. - Alps Touch Pad Driver.) -- C:\WINDOWS\system32\Drivers\Apfiltr.sys [170032]
O58 - SDL:03/08/2004 - 21:29:30 ----- . (.ATI Technologies Inc. - ATI WDM BT829 MiniDriver (A).) -- C:\WINDOWS\system32\Drivers\ati1btxx.sys [56623]
O58 - SDL:03/08/2004 - 21:29:30 ----- . (.ATI Technologies Inc. - ATI Specialized MVD VBI Codec.) -- C:\WINDOWS\system32\Drivers\ati1mdxx.sys [11615]
O58 - SDL:03/08/2004 - 21:29:30 ----- . (.ATI Technologies Inc. - ATI Specialized PCD VBI Codec.) -- C:\WINDOWS\system32\Drivers\ati1pdxx.sys [12047]
O58 - SDL:03/08/2004 - 21:29:32 ----- . (.ATI Technologies Inc. - ATI Rage Theater Audio WDM Minidriver.) -- C:\WINDOWS\system32\Drivers\ati1raxx.sys [30671]
O58 - SDL:03/08/2004 - 21:29:32 ----- . (.ATI Technologies Inc. - ATI WDM Rage Theater MiniDriver.) -- C:\WINDOWS\system32\Drivers\ati1rvxx.sys [63663]
O58 - SDL:03/08/2004 - 21:29:32 ----- . (.ATI Technologies Inc. - ATI WDM TV Sound MiniDriver.) -- C:\WINDOWS\system32\Drivers\ati1snxx.sys [26367]
O58 - SDL:03/08/2004 - 21:29:32 ----- . (.ATI Technologies Inc. - ATI WDM Teletext Decoder.) -- C:\WINDOWS\system32\Drivers\ati1ttxx.sys [21343]
O58 - SDL:03/08/2004 - 21:29:32 ----- . (.ATI Technologies Inc. - ATI WDM TVTuner MiniDriver.) -- C:\WINDOWS\system32\Drivers\ati1tuxx.sys [36463]
O58 - SDL:03/08/2004 - 21:29:32 ----- . (.ATI Technologies Inc. - ATI WDM CrossBar MiniDriver.) -- C:\WINDOWS\system32\Drivers\ati1xbxx.sys [29455]
O58 - SDL:03/08/2004 - 21:29:32 ----- . (.ATI Technologies Inc. - ATI WDM TVAUDIO_CrossBar MiniDriver.) -- C:\WINDOWS\system32\Drivers\ati1xsxx.sys [34735]
O58 - SDL:03/08/2004 - 23:38:42 ----- . (.ATI Technologies Inc. - Pilote de miniport ATI RAGE 128.) -- C:\WINDOWS\system32\Drivers\ati2mtaa.sys [327168]
O58 - SDL:03/08/2004 - 23:38:44 ----- . (.ATI Technologies Inc. - Pilote de miniport ATI RAGE 128.) -- C:\WINDOWS\system32\Drivers\ati2mtag.sys [701440]
O58 - SDL:03/08/2004 - 21:29:28 ----- . (.ATI Technologies Inc. - ATI WDM BT829 MiniDriver (A).) -- C:\WINDOWS\system32\Drivers\atinbtxx.sys [57856]
O58 - SDL:03/08/2004 - 21:29:30 ----- . (.ATI Technologies Inc. - ATI Specialized MVD VBI Codec RT2.) -- C:\WINDOWS\system32\Drivers\atinmdxx.sys [13824]
O58 - SDL:03/08/2004 - 21:29:30 ----- . (.ATI Technologies Inc. - ATI Specialized PCD VBI Codec RT2.) -- C:\WINDOWS\system32\Drivers\atinpdxx.sys [14336]
O58 - SDL:03/08/2004 - 21:29:30 ----- . (.ATI Technologies Inc. - ATI Rage Theater Audio WDM Minidriver.) -- C:\WINDOWS\system32\Drivers\atinraxx.sys [52224]
O58 - SDL:03/08/2004 - 21:29:32 ----- . (.ATI Technologies Inc. - ATI WDM Rage Theater MiniDriver RT2.) -- C:\WINDOWS\system32\Drivers\atinrvxx.sys [104960]
O58 - SDL:03/08/2004 - 21:29:32 ----- . (.ATI Technologies Inc. - ATI WDM TV Sound MiniDriver.) -- C:\WINDOWS\system32\Drivers\atinsnxx.sys [28672]
O58 - SDL:03/08/2004 - 21:29:32 ----- . (.ATI Technologies Inc. - ATI WDM Teletext Decoder.) -- C:\WINDOWS\system32\Drivers\atinttxx.sys [13824]
O58 - SDL:03/08/2004 - 21:29:32 ----- . (.ATI Technologies Inc. - ATI WDM TVTuner MiniDriver.) -- C:\WINDOWS\system32\Drivers\atintuxx.sys [73216]
O58 - SDL:03/08/2004 - 21:29:32 ----- . (.ATI Technologies Inc. - ATI WDM CrossBar MiniDriver.) -- C:\WINDOWS\system32\Drivers\atinxbxx.sys [31744]
O58 - SDL:03/08/2004 - 21:29:32 ----- . (.ATI Technologies Inc. - ATI WDM TVAUDIO_CrossBar MiniDriver RT2.) -- C:\WINDOWS\system32\Drivers\atinxsxx.sys [63488]
O58 - SDL:16/02/2007 - 14:46:00 R--A- . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver..) -- C:\WINDOWS\system32\Drivers\b57xp32.sys [160256]
O58 - SDL:18/08/2008 - 17:01:12 ---A- . (.Broadcom Corporation. - Bluetooth Audio Device.) -- C:\WINDOWS\system32\Drivers\btaudio.sys [534440]
O58 - SDL:18/08/2008 - 17:01:14 ---A- . (.Broadcom Corporation. - Bluetooth Bus Enumerator.) -- C:\WINDOWS\system32\Drivers\btkrnl.sys [991016]
O58 - SDL:18/08/2008 - 17:01:18 ---A- . (.Broadcom Corporation. - Bluetooth BTPORT Driver for Windows 2000.) -- C:\WINDOWS\system32\Drivers\btport.sys [37160]
O58 - SDL:18/08/2008 - 17:01:20 ---A- . (.Broadcom Corporation. - Bluetooth LAN Access Server Driver.) -- C:\WINDOWS\system32\Drivers\btwdndis.sys [156392]
O58 - SDL:18/08/2008 - 17:01:26 ---A- . (.Broadcom Corporation. - Bluetooth BTPORT Driver for Windows 2000.) -- C:\WINDOWS\system32\Drivers\btwmodem.sys [37032]
O58 - SDL:16/06/2008 - 01:40:56 ---A- . (.Broadcom Corporation. - Broadcom Bluetooth IT Manager Filter.) -- C:\WINDOWS\system32\Drivers\btwsecfl.sys [89896]
O58 - SDL:16/06/2008 - 01:40:58 ---A- . (.Broadcom Corporation. - Driver for Bluetooth USB Devices.) -- C:\WINDOWS\system32\Drivers\btwusb.sys [47272]
O58 - SDL:24/07/2006 - 02:00:00 ---A- . (.Sonic Solutions - CDR4 CD and DVD Place Holder Driver (see PxHelp).) -- C:\WINDOWS\system32\Drivers\cdr4_xp.sys [2432]
O58 - SDL:24/07/2006 - 02:00:00 ---A- . (.Sonic Solutions - CDRAL Place Holder Driver (see PxHelp).) -- C:\WINDOWS\system32\Drivers\cdralw2k.sys [2560]
O58 - SDL:13/12/2004 - 21:14:00 ---A- . (.Adaptec, Inc. - DELL CERC SATA1.5/6ch Miniport Driver.) -- C:\WINDOWS\system32\Drivers\cercsr6.sys [39904]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\Drivers\cpqdap01.sys [11776]
O58 - SDL:31/07/2008 - 21:39:26 ---A- . (.Broadcom Corporation - Broadcom Credential Vault USB Driver.) -- C:\WINDOWS\system32\Drivers\cvusbdrv.sys [32808]
O58 - SDL:11/08/2006 - 09:35:18 ---A- . (.Roxio - Shared Driver Component.) -- C:\WINDOWS\system32\Drivers\DLACDBHM.SYS [12920]
O58 - SDL:11/08/2006 - 09:35:16 ---A- . (.Roxio - Shared Driver Component.) -- C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [28184]
O58 - SDL:14/04/2008 - 03:05:07 ---A- . (.Microsoft Corp., Veritas Software - Pilote de démarrage du gestionnaire de disque NT.) -- C:\WINDOWS\system32\Drivers\dmboot.sys [800256]
O58 - SDL:14/04/2008 - 03:05:12 ---A- . (.Microsoft Corp., Veritas Software - Pilote E/S du Gestionnaire de disques NT.) -- C:\WINDOWS\system32\Drivers\dmio.sys [154496]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (.Microsoft Corp., Veritas Software. - NT Disk Manager Startup Driver.) -- C:\WINDOWS\system32\Drivers\dmload.sys [5888]
O58 - SDL:21/07/2006 - 10:21:26 ---A- . (.Sonic Solutions - Device Driver.) -- C:\WINDOWS\system32\Drivers\DRVMCDB.SYS [99176]
O58 - SDL:11/08/2006 - 10:05:58 ---A- . (.Roxio - Device Driver Manager.) -- C:\WINDOWS\system32\Drivers\DRVNDDM.SYS [51768]
O58 - SDL:30/06/2008 - 23:47:30 ---A- . (.Intel Corporation - Intel(R) Gigabit Network Connection NDIS 5.1 deserialized drive.) -- C:\WINDOWS\system32\Drivers\e1y5132.sys [244368]
O58 - SDL:28/04/2003 - 15:15:38 ---A- . (.Promise Technology, Inc. - Promise FastTrak Series Driver for WindowsXP.) -- C:\WINDOWS\system32\Drivers\fasttx2k.sys [140544]
O58 - SDL:13/04/2008 - 17:36:05 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:12/08/2004 - 17:45:52 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Function Driver v1.0.) -- C:\WINDOWS\system32\Drivers\Hdaudio.sys [113664]
O58 - SDL:03/08/2004 - 21:41:48 ----- . (.Conexant Systems, Inc. - HSF_HWB2 WDM driver.) -- C:\WINDOWS\system32\Drivers\hsfbs2s2.sys [220032]
O58 - SDL:03/08/2004 - 21:41:50 ----- . (.Conexant Systems, Inc. - HSF_CNXT driver.) -- C:\WINDOWS\system32\Drivers\hsfcxts2.sys [685056]
O58 - SDL:03/08/2004 - 21:41:56 ----- . (.Conexant Systems, Inc. - HSF_DP driver.) -- C:\WINDOWS\system32\Drivers\hsfdpsp2.sys [1041536]
O58 - SDL:08/08/2008 - 01:55:42 ---A- . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) -- C:\WINDOWS\system32\Drivers\iastor.sys [318488]
O58 - SDL:17/09/2008 - 05:02:42 ---A- . (.Intel Corporation - Intel Graphics Miniport Driver.) -- C:\WINDOWS\system32\Drivers\igxpmp32.sys [6045504]
O58 - SDL:15/08/2005 - 12:08:26 ---A- . (.Ahead Software AG - NERO IMAGEDRIVE SCSI miniport.) -- C:\WINDOWS\system32\Drivers\imagedrv.sys [5888]
O58 - SDL:15/08/2005 - 12:08:26 ---A- . (.Ahead Software AG - Nero Image Server.) -- C:\WINDOWS\system32\Drivers\imagesrv.sys [127488]
O58 - SDL:17/09/2008 - 05:03:02 ---A- . (.Intel(R) Corporation - Intel(R) High Definition Audio HDMI.) -- C:\WINDOWS\system32\Drivers\IntcHdmi.sys [110080]
O58 - SDL:12/05/2014 - 06:25:54 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\system32\Drivers\mbam.sys [23256]
O58 - SDL:10/06/2008 - 18:02:44 ---A- . (...) -- C:\WINDOWS\system32\Drivers\mbamcatchme.sys [34296]
O58 - SDL:12/05/2014 - 06:26:02 ---A- . (.Malwarebytes Corporation - Malwarebytes Chameleon Protection Driver.) -- C:\WINDOWS\system32\Drivers\mbamchameleon.sys [53208]
O58 - SDL:22/05/2014 - 10:06:06 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\WINDOWS\system32\Drivers\mbamswissarmy.sys [110296]
O58 - SDL:03/08/2004 - 21:41:56 ----- . (.Conexant - Diagnostic Interface DRIVER.) -- C:\WINDOWS\system32\Drivers\mdmxsdk.sys [11868]
O58 - SDL:07/09/2007 - 07:10:42 ---A- . (.LSI Corporation - MEGASAS RAID Controller Driver for XP 32.) -- C:\WINDOWS\system32\Drivers\megasas.sys [19200]
O58 - SDL:03/08/2004 - 21:41:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686]
O58 - SDL:03/08/2004 - 21:41:38 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184]
O58 - SDL:03/08/2004 - 21:29:38 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736]
O58 - SDL:06/08/2008 - 23:36:22 ---A- . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) -- C:\WINDOWS\system32\Drivers\NETw5x32.sys [3630080]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\Drivers\nikedrv.sys [12032]
O58 - SDL:03/08/2004 - 21:41:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360]
O58 - SDL:03/08/2004 - 21:29:56 ----- . (.NVIDIA Corporation - NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73.) -- C:\WINDOWS\system32\Drivers\nv4_mini.sys [1897408]
O58 - SDL:20/12/2007 - 00:25:40 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) IDE Performance Driver.) -- C:\WINDOWS\system32\Drivers\nvatabus.sys [105472]
O58 - SDL:20/12/2007 - 00:25:40 ---A- . (.NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) -- C:\WINDOWS\system32\Drivers\nvraid.sys [89344]
O58 - SDL:04/06/2008 - 14:14:00 ---A- . (.Dell Inc - PBA Support Driver.) -- C:\WINDOWS\system32\Drivers\PBADRV.sys [26608]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:24/07/2006 - 02:00:00 ---A- . (.Sonic Solutions - Px Engine Device Driver for Windows 2000/XP.) -- C:\WINDOWS\system32\Drivers\pxhelp20.sys [36528]
O58 - SDL:03/08/2004 - 21:41:40 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776]
O58 - SDL:01/07/2008 - 22:12:18 ---A- . (.REDC - RICOH SD Driver.) -- C:\WINDOWS\system32\Drivers\rimmptsk.sys [39936]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\Drivers\rio8drv.sys [12032]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\Drivers\riodrv.sys [12032]
O58 - SDL:03/08/2004 - 21:29:52 ----- . (.S3 Graphics, Inc. - S3 ProSavage(DDR) & Twister Miniport Driver.) -- C:\WINDOWS\system32\Drivers\s3gnbm.sys [166912]
O58 - SDL:13/11/2007 - 11:25:54 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\Drivers\secdrv.sys [20480]
O58 - SDL:13/04/2008 - 19:36:39 ---A- . (.Silicon Integrated Systems Corporation - SiS NT AGP Filter.) -- C:\WINDOWS\system32\Drivers\sisagp.sys [40960]
O58 - SDL:03/08/2004 - 21:41:42 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535]
O58 - SDL:03/08/2004 - 21:41:44 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990]
O58 - SDL:03/08/2004 - 21:41:46 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424]
O58 - SDL:03/08/2004 - 21:41:46 ----- . (.Smart Link - Pas de description.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240]
O58 - SDL:30/06/2008 - 01:57:26 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\WINDOWS\system32\Drivers\sthda.sys [1381914]
O58 - SDL:24/01/2006 - 19:06:14 ---A- . (.Symantec Corporation - DNS Filter Driver.) -- C:\WINDOWS\system32\Drivers\symdns.sys [12992]
O58 - SDL:31/01/2006 - 13:29:20 ---A- . (.Symantec Corporation - Symantec Event Library.) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [107696]
O58 - SDL:24/01/2006 - 19:06:18 ---A- . (.Symantec Corporation - Firewall Filter Driver.) -- C:\WINDOWS\system32\Drivers\symfw.sys [110784]
O58 - SDL:24/01/2006 - 19:06:28 ---A- . (.Symantec Corporation - IDS Filter Driver.) -- C:\WINDOWS\system32\Drivers\symids.sys [31936]
O58 - SDL:07/09/2007 - 06:18:46 ---A- . (.LSI Logic - LSI Logic Fusion-MPT MiniPort Driver (ScsiPort).) -- C:\WINDOWS\system32\Drivers\SYMMPI.SYS [100096]
O58 - SDL:24/01/2006 - 19:06:24 ---A- . (.Symantec Corporation - NDIS Filter Driver.) -- C:\WINDOWS\system32\Drivers\symndis.sys [28352]
O58 - SDL:24/01/2006 - 19:06:32 ---A- . (.Symantec Corporation - Redirector Filter Driver.) -- C:\WINDOWS\system32\Drivers\symredrv.sys [24768]
O58 - SDL:24/01/2006 - 19:06:36 ---A- . (.Symantec Corporation - Network Dispatch Driver.) -- C:\WINDOWS\system32\Drivers\symtdi.sys [195776]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\Drivers\tsbvcap.sys [21376]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:03/08/2004 - 21:29:40 ----- . (.Intel(R) Corporation - Digital Display Minidriver for Intel(R) Graphics Driver.) -- C:\WINDOWS\system32\Drivers\wadv07nt.sys [11807]
O58 - SDL:03/08/2004 - 21:29:40 ----- . (.Intel(R) Corporation - Digital Display Minidriver for Intel(R) Graphics Driver.) -- C:\WINDOWS\system32\Drivers\wadv08nt.sys [11295]
O58 - SDL:03/08/2004 - 21:29:42 ----- . (.Intel(R) Corporation - Digital Display Minidriver for Intel(R) Graphics Driver.) -- C:\WINDOWS\system32\Drivers\wadv09nt.sys [11871]
O58 - SDL:03/08/2004 - 21:29:42 ----- . (.Intel(R) Corporation - Digital Display Minidriver for Intel(R) Graphics Driver.) -- C:\WINDOWS\system32\Drivers\wadv11nt.sys [11935]
O58 - SDL:03/08/2004 - 21:29:46 ----- . (.Intel(R) Corporation - Digital Display Minidriver for Intel(R) Graphics Driver.) -- C:\WINDOWS\system32\Drivers\watv06nt.sys [22271]
O58 - SDL:03/08/2004 - 21:29:46 ----- . (.Intel(R) Corporation - Digital Display Minidriver for Intel(R) Graphics Driver.) -- C:\WINDOWS\system32\Drivers\watv10nt.sys [25471]
O58 - SDL:02/03/2002 - 05:21:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\WINIO.SYS [4944]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:03/08/2004 - 21:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:28/09/2001 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:03/08/2004 - 21:45:26 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
O58 - SDL:03/08/2004 - 21:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:03/08/2004 - 21:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:03/08/2004 - 21:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:03/08/2004 - 21:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 124 Scanned in 00mn 00s
 Sujet verrouillé
 Retourner vers « Aide à  la désinfection - Forum Virus Sécurité »
PC qui lag et beaucoup de pubs

Mimisuitou N' installez pas de cracks sur votre […]

LIRE LA SUITE
Mon pc ram

Bonjour, ce n'etait pas pour moi de base mon ami n[…]

LIRE LA SUITE
virus ou pas

Re, Démarrez en mode sans echec, et lance[…]

LIRE LA SUITE
reprendre un tuto est ce conseillé pour mon ordi aussi?

Plus de nouvelles problème résolu […]

LIRE LA SUITE
VOIR PLUS DE SUJETS