Blocage clé USB par VBS:Agent-AXN 2013-12-07T10:41:10+00:00

Dépannage Informatique : Blocage clé USB par VBS:Agent-AXN

  • Auteur
    Messages
  • dbout
    Participant
    Nombre d'articles : 1

    Bonjour,

    Suite à l’utilisation d’une clé USB pour transférer un fichier venant d’un autre PC je rencontre le problème suivant:
    L’antivirus avast me signale l’infection VBS:Agent-AXN et depuis le lien de mes fichiers deviennent que des raccourcis, et Avast me trouve le même problème sur d’autre clé malgré un formatage complet de celles-ci
    Depuis j’ai redémarrer mon PC sur une version antérieure mais je n’ai pas l’impression avoir résolu mon problème.
    Ci-joint le rapport ZHPi, quand je veux mettre les autres le système me dit trop volumineux et je n’ai pas trouvé comment les ajouter
    Merci pour votre aide

    DB

    Voilà la suite du test

    DB

    [spoiler:1mh6t8le]~ Rapport de ZHPDiag v2013.12.6.12 – Nicolas Coolman (06/12/2013)
    ~ Lancé par Daniel (07/12/2013 10:08:48)
    ~ Adresse du Site Web http://nicolascoolman.webs.com” onclick=”window.open(this.href);return false;
    ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version :
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v10.0.9200.16736
    MFIE: Mozilla Firefox 25.0.1 (Defaut)
    GCIE: Google Chrome v31.0.1650.63

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows(R) 7, OEM_COA_NSLP channel
    Windows ID Activation : OK
    ~ Windows Partial Key : FDKK3
    Windows License : OK
    ~ Windows Remaining Initializations Number : 5
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2008
    Malwarebytes Anti-Malware version 1.75.0.1300
    Windows Defender W7

    —\ Logiciels d'optimisation du système
    CCleaner v4.05 =>Piriform Ltd
    Uniblue RegistryBooster v4.7.7.26

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.4 – Français
    Java 7 Update 25

    —\ Informations sur le système
    ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3066.8 MB (45% free)
    System Restore: Activé (Enable)
    System drive C: has 53 GB (23%) free of 223 GB

    —\ Mode de connexion au système
    ~ Computer Name: PC-DE-DANIEL
    ~ User Name: Daniel
    ~ All Users Names: HomeGroupUser$, Geneviève, Daniel, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersDanielAppDataRoamingZHP
    ~ %AppData% : C:UsersDanielAppDataRoaming
    ~ %Desktop% : C:UsersDanielDesktop
    ~ %Favorites% : C:UsersDanielFavorites
    ~ %LocalAppData% : C:UsersDanielAppDataLocal
    ~ %StartMenu% : C:UsersDanielAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 53 Go of 223 Go)
    D: CD-ROM drive (Not Inserted)
    Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 42 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] – (.Microsoft Corporation – Explorateur Windows.) (.25/02/2011 – 06:30:54.) — C:WindowsExplorer.exe [2616320]
    [MD5.B5C5DCAD3899512020D135600129D665] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:14:45.) — C:WindowsSystem32Wininit.exe [96256]
    [MD5.5FD4335DCD343D0FEA9FA6B18ED408D9] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.12/10/2013 – 08:03:50.) — C:WindowsSystem32wininet.dll [1767936]
    [MD5.6D13E1406F50C66E2A95D97F22C47560] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 13:17:54.) — C:WindowsSystem32Winlogon.exe [286720]
    [MD5.E3AE23569749DE12D45BA3B489A036AE] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 13:21:24.) — C:WindowsSystem32sppcomapi.dll [193536]
    [MD5.F81BB7E487EDCEAB630A7EE66CF23913] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.14/09/2013 – 01:48:58.) — C:Windowssystem32DriversAFD.sys [338944]
    [MD5.338C86357871C167A96AB976519BF59E] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:26:15.) — C:Windowssystem32Driversatapi.sys [21584]
    [MD5.77EA11B065E0A8AB902D78145CA51E10] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:11:15.) — C:Windowssystem32DriversCdfs.sys [70656]
    [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 09:38:10.) — C:Windowssystem32DriversCdrom.sys [108544]
    [MD5.F024449C97EC1E464AAFFDA18593DB88] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 09:42:32.) — C:Windowssystem32DriversDfsC.sys [78336]
    [MD5.9036377B8A6C15DC2EEC53E489D159B5] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 10:59:29.) — C:Windowssystem32DriversHDAudBus.sys [108544]
    [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:11:24.) — C:Windowssystem32Driversi8042prt.sys [80896]
    [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 00:54:29.) — C:Windowssystem32DriversIpNat.sys [101888]
    [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.27/04/2011 – 03:17:22.) — C:Windowssystem32DriversMRxSmb.sys [123904]
    [MD5.280122DDCF04B378EDD1AD54D71C1E54] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 09:39:44.) — C:Windowssystem32DriversnetBT.sys [187904]
    [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.12/04/2013 – 14:45:29.) — C:Windowssystem32Driversntfs.sys [1211752]
    [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 00:45:35.) — C:Windowssystem32DriversParport.sys [79360]
    [MD5.D9F91EAFEC2815365CBE6D167E4E332A] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/07/2009 – 00:54:34.) — C:Windowssystem32DriversRasl2tp.sys [78848]
    [MD5.3E21C083B8A01CB70BA1F09303010FCE] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 00:53:41.) — C:Windowssystem32Driverssmb.sys [71168]
    [MD5.B459575348C20E8121D6039DA063C704] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 09:39:17.) — C:Windowssystem32Driverstdx.sys [74752]
    [MD5.F497F67932C6FA693D7DE2780631CFE7] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 13:30:16.) — C:Windowssystem32Driversvolsnap.sys [245632]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 3/32314
    ~ Mes musiques (My Musics) : 1/2610
    ~ Mes Videos (My Videos) : 2/3
    ~ Mes Favoris (My Favorites) : 1/30
    ~ Mes Documents (My Documents) : 2/5007
    ~ Mon Bureau (My Desktop) : 2/119
    ~ Menu demarrer (Programs) : 1/37
    ~ Hidden Files: Scanned in 01mn 30s

    —\ Processus lancés
    [MD5.E78BBE0C8A2DC0DB12DBE746CE67674F] – (.Uniblue Systems Limited – Uniblue RegistryBooster Monitor.) — C:Program FilesUniblueRegistryBoosterrbmonitor.exe [25976] [PID.1332]
    [MD5.D1D5DAB39DCB4BE0359943738D87409B] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:UsersDanielDesktopMalwarebytes' Anti-Malwarembamgui.exe [532040] [PID.2668]
    [MD5.6C4878F3483B959891408B804DE4475C] – (.Synaptics, Inc. – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe [1410344] [PID.3604]
    [MD5.E3F058D8721EA53BEAB9079A8FB53FD7] – (.Realtek Semiconductor – HD Audio Control Panel.) — C:Program FilesRealtekAudioHDARtHDVCpl.exe [7600672] [PID.4048]
    [MD5.04AF1033DA631C180CB606571BD05B65] – (.CyberLink Corp. – Acer Arcade Deluxe Resident Program.) — C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeArcadeDeluxeAgent.exe [156968] [PID.3960]
    [MD5.9029943CC4A2E9BD58036F070D8713E3] – (.Acer Incorporated – ePowerTray.) — C:Program FilesAcerAcer PowerSmart ManagerePowerTray.exe [707104] [PID.2176]
    [MD5.632D5B4CECA11FAC1ED5D3D8FD5EECD5] – (.NewTech Infosystems, Inc. – Acer Backup Manager.) — C:Program FilesNewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe [249600] [PID.2904]
    [MD5.81CB1A5F6CDEA9D644A8538ADEE23FFB] – (.CyberLink – CyberLink MediaLibray Service.) — C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeKernelCLMLCLMLSvc.exe [202024] [PID.4036]
    [MD5.2B2D8EF4BE4648FC0BB91DE59D395574] – (.EgisTec Inc. – EgisUpdate Release Application.) — C:Program FilesEgisTec Egis Software UpdateEgisUpdate.exe [199464] [PID.3924]
    [MD5.9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F] – (.Google – Google Desktop.) — C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe [30192] [PID.2712]
    [MD5.25173C73A8E66BDCE0991643B3810BC8] – (.EgisTec Inc. – mwlDaemon Application.) — C:Program FilesEgisTecMyWinLocker 3x86mwlDaemon.exe [346672] [PID.2340]
    [MD5.98E216DEF3BFA62E9A849FD3E3B6AFDB] – (.Acer Corp. – Acer Arcade Deluxe PlayMovie Resident Progr.) — C:Program FilesAcer Arcade DeluxePlayMoviePMVService.exe [173288] [PID.2860]
    [MD5.0D3DFFA8BA3E63592FC2C652CF3B0E9C] – (.Pas de propriétaire – DefaultSettingEXE MFC Application.) — C:WindowsPLFSetI.exe [200704] [PID.3928]
    [MD5.C8649EDF4955DE896A7AED515C932B09] – (.Synaptics, Inc. – Synaptics Pointing Device Helper.) — C:Program FilesSynapticsSynTPSynTPHelper.exe [103720] [PID.5828]
    [MD5.C7A9C4FDCEA704A34A5997FE0A8A0A38] – (.Dritek System Inc. – Launch Manager Keyboard Application.) — C:Program FilesLaunch ManagerLManager.exe [1194504] [PID.4432]
    [MD5.1AA5F0A2E3E65A9F6B35C19A7C9D7762] – (.Nikon Corporation – Nikon Message Center 2.) — C:Program FilesNikonNikon Message Center 2NkMC2.exe [571392] [PID.4800]
    [MD5.1568FF282E268082C67CF0C3EBCC9179] – (.SEIKO EPSON CORPORATION – EEventManager Application.) — C:Program FilesEpson SoftwareEvent ManagerEEventManager.exe [976320] [PID.5128]
    [MD5.3CB07566302BCEEB898DE270A0BEC175] – (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [946352] [PID.6112]
    [MD5.65D923E46699E76228BEA0AF04F2A244] – (.Luis Cobian, CobianSoft – Cobian backup 11 Gravity – Interface.) — C:Program FilesCobian Backup 11cbInterface.exe [4478976] [PID.6128]
    [MD5.1F0A97900FC718CE617A722BEF8580CD] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe [3568312] [PID.3776]
    [MD5.EF1ECB9DF42AF6BF7514BB5EBC5C59EC] – (.Google Inc. – Picasa.) — C:Program FilesPicasa2PicasaMediaDetector.exe [443968] [PID.5460]
    [MD5.8EEFD0B92F46B6762A5EC41EF55F7043] – (.TomTom – System Tray application for TomTom HOME.) — C:Program FilesTomTom HOME 2TomTomHOMERunner.exe [248208] [PID.2976]
    [MD5.C3C077A40B42178B33A40E2D3D1BED3F] – (.Google – Google Drive.) — C:Program FilesGoogleDrivegoogledrivesync.exe [20133824] [PID.5652]
    [MD5.43D083268A0919F3527A2837390BAF63] – (.Macrovision Corporation – Macrovision Software Manager.) — C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe [218032] [PID.6120]
    [MD5.376A9B411BF8B77D5BF84B24D0C7DACD] – (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe [863184] [PID.4312]
    [MD5.EB46B8E56C1B6C73C4251EED5F0E6DD6] – (.Dropbox, Inc. – Dropbox.) — C:UsersDanielAppDataRoamingDropboxbinDropbox.exe [27370808] [PID.5072]
    [MD5.32C26797AB646074A2BB562F9D10ADB5] – (.Microsoft Corporation – Microsoft Office OneNote Quick Launcher.) — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.exe [97680] [PID.5308]
    [MD5.F1CB88B90F5CE1A6D2BCDE90E2100ECC] – (.Apache Software Foundation – OpenOffice Writer.) — C:Program FilesOpenOffice 4programswriter.exe [103936] [PID.5556]
    [MD5.818DBC9026FDB4A519A4B74A30A7F485] – (.Microsoft Corporation – Media Center Media Status Aggregator Servic.) — C:Windowsehomeehmsas.exe [38912] [PID.5960]
    [MD5.55F18BE55D04A5CC961B0A013B2B8FD7] – (.Apache Software Foundation – OpenOffice 4.0.1.) — C:Program FilesOpenOffice 4programsoffice.exe [9837056] [PID.5012]
    [MD5.0AC5756636A90E33559439295B25FA94] – (.Apache Software Foundation – OpenOffice 4.0.1.) — C:Program FilesOpenOffice 4programsoffice.bin [9828864] [PID.5928]
    [MD5.077D59BA0FD4007E841B6C670862B065] – (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe [275568] [PID.7116]
    [MD5.91AC7CDFBF88A850C120A8D674611897] – (.Mozilla Corporation – Thunderbird.) — C:Program FilesMozilla Thunderbirdthunderbird.exe [390256] [PID.7148]
    [MD5.AADD0892A428B133ABEF5EBCCE5E1799] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8281600] [PID.4228]
    ~ Processes Running: Scanned in 05mn 01s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersDanielAppDataLocalGoogleChromeUser DataDefaultPreferences
    G0 – GCSP: Preference [User DataDefault][HomePage] about:blank
    ~ Google Browser: 12 Legitimates Filtered in 00mn 02s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UsersDanielAppDataRoamingMozillaFirefoxProfilesqtq8yfrd.defaultprefs.js
    M3 – MFPP: Plugins – [Daniel] — C:UsersDanielAppDataRoamingMozillaFirefoxProfilesqtq8yfrd.defaultsearchpluginsla-conjugaison.xml
    M3 – MFPP: Plugins – [Daniel] — C:UsersDanielAppDataRoamingMozillaFirefoxProfilesqtq8yfrd.defaultsearchpluginsmozilla-add-ons.xml
    M2 – MFEP: prefs.js [Daniel – qtq8yfrd.defaultfr-FR@dictionaries.addons.mozilla.org] [] Dictionnaire français «Classique» v3.5 (..)
    ~ Firefox Browser: 37 Legitimates Filtered in 00mn 01s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 20

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: Easy Photo Print – [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology – Epson Easy Photo Print (TBL).) — C:Program FilesEpson SoftwareEasy Photo PrintEPTBL.dll
    O3 – Toolbar: avast! Online Security – [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software – IE Webrep plugin.) — C:Program FilesAlwil SoftwareAvast5aswWebRepIE.dll
    O3 – Toolbar: Google Toolbar – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll =>Toolbar.Google
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Autres liens utilisateurs (O4)
    O4 – GSDesktop [Public]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O4 – GSDesktop [Public]: Google Docs.lnk . (.Google – Google Drive.) — C:Program FilesGoogleDrivegoogledrivesync.exe
    O4 – GSDesktop [Public]: Google Sheets.lnk . (.Google – Google Drive.) — C:Program FilesGoogleDrivegoogledrivesync.exe
    O4 – GSDesktop [Public]: Google Slides.lnk . (.Google – Google Drive.) — C:Program FilesGoogleDrivegoogledrivesync.exe
    O4 – GSDesktop [Public]: PicturesToExe 6.0.lnk . (…) — C:Program FilesWnSoft PicturesToexe6.0PicturesToexe.exe
    O4 – GSProgram [Public]: Conseiller de mise à niveau vers Windows 7.lnk . (.Microsoft Corporation – Windows 7 Upgrade Advisor.) — C:Program FilesMicrosoft Windows 7 Upgrade AdvisorWindowsUpgradeAdvisor.exe
    O4 – GSProgram [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O4 – GSProgram [Public]: my Picturetown.lnk . (…) — C:Program Filesmy Picturetownmy Picturetown.exe
    O4 – GSProgram [Public]: Orion.lnk . (…) — C:WindowsInstaller{5B63A470-9334-44D1-AF61-6CE2DB565AE9}_3A7580B7A2383DA8AA203A.exe
    O4 – GSProgram [Public]: ZelioSoft2.lnk . (.Schneider Electric – ZelioSoft 2.) — C:Program FilesSchneider ElectricZelio Soft 2Zelio2.exe
    O4 – GSQuickLaunch [Daniel]: Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O4 – GSQuickLaunch [Daniel]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSQuickLaunch [Daniel]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O4 – GSQuickLaunch [Daniel]: Uniblue RegistryBooster.lnk . (.Uniblue Systems Limited – Uniblue Launcher.) — C:Program FilesUniblueRegistryBoosterLauncher.exe
    O4 – GSTaskBar [Daniel]: Google Chrome (2).lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O4 – GSTaskBar [Daniel]: Lanceur d'applications Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O4 – GSTaskBar [Daniel]: Mozilla Firefox.lnk . (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O4 – GSProgram [Daniel]: Internet Explorer.lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSSystemTools [Daniel]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O4 – GSSendTo [Daniel]: PanoramaStudio 2.lnk . (.Tobias Huellmandel Software – Pas de description.) — C:Program FilesPanoramaStudio2PanoramaStudio2.exe
    O4 – GSDesktop [Daniel]: Google Drive.lnk . (…) — C:UsersDanielDaniel Drive
    O4 – GSDesktop [Daniel]: Lanceur d'applications Google Chrome.lnk . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O4 – GSDesktop [Daniel]: MG-PC – Raccourci.lnk – Clé orpheline
    ~ Global Startup: 90 Legitimates Filtered in 00mn 04s

    —\ Applications lancées au démarrage du sytème (O4)
    O4 – GSStartup [Geneviève]: OpenOffice.org 3.1.lnk . (…) — C:Program FilesOpenOffice.org 3programquickstart.exe (.not file.)
    O4 – GSStartup [Daniel]: Dropbox.lnk . (.Dropbox, Inc. – Dropbox.) — C:UsersDanielAppDataRoamingDropboxbinDropbox.exe =>.Dropbox
    O4 – GSStartup [Daniel]: OneNote 2007 – Capture d'écran et lancement.lnk . (.Microsoft Corporation – Microsoft Office OneNote Quick Launcher.) — C:Program FilesMicrosoft OfficeOffice12ONENOTEM.exe
    O4 – HKLM..Run: [SynTPEnh] . (.Synaptics, Inc. – Synaptics TouchPad Enhancements.) — C:Program FilesSynapticsSynTPSynTPEnh.exe
    O4 – HKLM..Run: [RtHDVCpl] . (.Realtek Semiconductor – HD Audio Control Panel.) — C:Program FilesRealtekAudioHDARtHDVCpl.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [Skytel] . (.Realtek Semiconductor Corp. – Realtek Voice Manager.) — C:Program FilesRealtekAudioHDASkytel.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [Acer ePower Management] . (.Acer Incorporated – ePowerTrayLauncher.) — C:Program FilesAcerAcer PowerSmart ManagerePowerTrayLauncher.exe
    O4 – HKLM..Run: [ArcadeDeluxeAgent] . (.CyberLink Corp. – Acer Arcade Deluxe Resident Program.) — C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeArcadeDeluxeAgent.exe
    O4 – HKLM..Run: [BackupManagerTray] . (.NewTech Infosystems, Inc. – Acer Backup Manager.) — C:Program FilesNewTech InfosystemsAcer Backup ManagerBackupManagerTray.exe
    O4 – HKLM..Run: [CLMLServer] . (.CyberLink – CyberLink MediaLibray Service.) — C:Program FilesAcer Arcade DeluxeAcer Arcade DeluxeKernelCLMLCLMLSvc.exe
    O4 – HKLM..Run: [EgisTecLiveUpdate] . (.EgisTec Inc. – EgisUpdate Release Application.) — C:Program FilesEgisTec Egis Software UpdateEgisUpdate.exe
    O4 – HKLM..Run: [Google Desktop Search] . (.Google – Google Desktop.) — C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
    O4 – HKLM..Run: [mwlDaemon] . (.EgisTec Inc. – mwlDaemon Application.) — C:Program FilesEgisTecMyWinLocker 3x86mwlDaemon.exe
    O4 – HKLM..Run: [PlayMovie] . (.Acer Corp. – Acer Arcade Deluxe PlayMovie Resident Progr.) — C:Program FilesAcer Arcade DeluxePlayMoviePMVService.exe
    O4 – HKLM..Run: [PLFSetI] . (.Pas de propriétaire – DefaultSettingEXE MFC Application.) — C:WindowsPLFSetI.exe
    O4 – HKLM..Run: [LManager] . (.Dritek System Inc. – Launch Manager Keyboard Application.) — C:Program FilesLaunch ManagerLManager.exe
    O4 – HKLM..Run: [NvCplDaemon] . (.NVIDIA Corporation – NVIDIA Display Properties Extension.) — C:Windowssystem32NvCpl.dll =>.NVIDIA Corporation
    O4 – HKLM..Run: [Nikon Message Center 2] . (.Nikon Corporation – Nikon Message Center 2.) — C:Program FilesNikonNikon Message Center 2NkMC2.exe
    O4 – HKLM..Run: [EEventManager] . (.SEIKO EPSON CORPORATION – EEventManager Application.) — C:Program FilesEpson SoftwareEvent ManagerEEventManager.exe
    O4 – HKLM..Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated – Adobe Updater Startup Utility.) — C:Program FilesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Run: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program FilesAdobeReader 9.0ReaderReader_sl.exe
    O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Run: [Cobian Backup 11 interface] . (.Luis Cobian, CobianSoft – Cobian backup 11 Gravity – Interface.) — C:Program FilesCobian Backup 11cbInterface.exe
    O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesQuickTimeQTTask.exe
    O4 – HKLM..Run: [20131121] . (.AVAST Software – avast! Emergency Update.) — C:Program FilesAlwil SoftwareAvast5setupemupdatea244853e-b72c-4e91-81a2-1593dad4a7f5.exe
    O4 – HKLM..Run: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe
    O4 – HKCU..Run: [ehTray.exe] . (.Microsoft Corporation – Windows Media Center.) — C:WindowsehomeehTray.exe =>.Microsoft Corporation
    O4 – HKCU..Run: [Picasa Media Detector] . (.Google Inc. – Picasa.) — C:Program FilesPicasa2PicasaMediaDetector.exe
    O4 – HKCU..Run: [EPSON SX420W Series] . (.SEIKO EPSON CORPORATION – EPSON Status Monitor 3.) — C:Windowssystem32spoolDRIVERSW32X863E_FATIGCE.exe =>.Epson Seiko Corporation
    O4 – HKCU..Run: [Epson Stylus SX420W(Réseau)] . (.SEIKO EPSON CORPORATION – EPSON Status Monitor 3.) — C:Windowssystem32spoolDRIVERSW32X863E_FATIGCE.exe =>.Epson Seiko Corporation
    O4 – HKCU..Run: [TomTomHOME.exe] . (.TomTom – System Tray application for TomTom HOME.) — C:Program FilesTomTom HOME 2TomTomHOMERunner.exe
    O4 – HKCU..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
    O4 – HKCU..Run: [GoogleDriveSync] . (.Google – Google Drive.) — C:Program FilesGoogleDrivegoogledrivesync.exe
    O4 – HKCU..Run: [ISUSPM] . (.Macrovision Corporation – Macrovision Software Manager.) — C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe
    O4 – HKCU..Run: [GoogleChromeAutoLaunch_9CB2B8404301F8169D10E27C4B481A41] . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-1964342343-3737078880-3081171147-1000..Run: [ehTray.exe] . (.Microsoft Corporation – Windows Media Center.) — C:WindowsehomeehTray.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-1964342343-3737078880-3081171147-1000..Run: [Picasa Media Detector] . (.Google Inc. – Picasa.) — C:Program FilesPicasa2PicasaMediaDetector.exe
    O4 – HKUSS-1-5-21-1964342343-3737078880-3081171147-1000..Run: [EPSON SX420W Series] . (.SEIKO EPSON CORPORATION – EPSON Status Monitor 3.) — C:Windowssystem32spoolDRIVERSW32X863E_FATIGCE.exe =>.Epson Seiko Corporation
    O4 – HKUSS-1-5-21-1964342343-3737078880-3081171147-1000..Run: [Epson Stylus SX420W(Réseau)] . (.SEIKO EPSON CORPORATION – EPSON Status Monitor 3.) — C:Windowssystem32spoolDRIVERSW32X863E_FATIGCE.exe =>.Epson Seiko Corporation
    O4 – HKUSS-1-5-21-1964342343-3737078880-3081171147-1000..Run: [TomTomHOME.exe] . (.TomTom – System Tray application for TomTom HOME.) — C:Program FilesTomTom HOME 2TomTomHOMERunner.exe
    O4 – HKUSS-1-5-21-1964342343-3737078880-3081171147-1000..Run: [swg] . (.Google Inc. – GoogleToolbarNotifier.) — C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe =>Toolbar.Google
    O4 – HKUSS-1-5-21-1964342343-3737078880-3081171147-1000..Run: [GoogleDriveSync] . (.Google – Google Drive.) — C:Program FilesGoogleDrivegoogledrivesync.exe
    O4 – HKUSS-1-5-21-1964342343-3737078880-3081171147-1000..Run: [ISUSPM] . (.Macrovision Corporation – Macrovision Software Manager.) — C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe
    O4 – HKUSS-1-5-21-1964342343-3737078880-3081171147-1000..Run: [GoogleChromeAutoLaunch_9CB2B8404301F8169D10E27C4B481A41] . (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 – Extra button: Paramètres de Google &Gears – {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} — Clé orpheline
    O9 – Extra button: &Ajout Direct dans Windows Live Writer – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation – Windows Live Writer Blog This Extension.) — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
    O9 – Extra button: &Envoyer à OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft Office OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~3Office12ONBttnIE.dll
    O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (…) — C:Program FilesMicrosoft OfficeOffice12REFBARH.ICO
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{9423CB0A-900B-4344-9C2B-45ABA440B870}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{9423CB0A-900B-4344-9C2B-45ABA440B870}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: DhcpNameServer = 192.168.111.69
    O17 – HKLMSystemCS2ServicesTcpip..{9423CB0A-900B-4344-9C2B-45ABA440B870}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS3ServicesTcpip..{9423CB0A-900B-4344-9C2B-45ABA440B870}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS3ServicesTcpip..{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: DhcpNameServer = 192.168.111.69
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlmailhtml – {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation – Windows Live Mail.) — C:Program FilesWindows LiveMailmailcomm.dll =>.Microsoft Corporation
    O18 – Filter: text/xml – {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon Filesmicrosoft sharedOFFICE12MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – AppInit_DLLs: . (.Google – Google Desktop.) – C:Program FilesGoogleGoogle Desktop SearchGoogleDesktopNetwork3.dll
    ~ AppInit DLL: Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: Sony Ericsson OMSI download service (OMSI download service) . (…) – C:Program FilesSony EricssonSony Ericsson PC SuiteSupServ.exe
    O23 – Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom – Windows Service for TomTom HOME.) – C:Program FilesTomTom HOME 2TomTomHOMEService.exe
    ~ Services: 22 Legitimates Filtered in 00mn 14s

    —\ Enumération Active Desktop & MHTML Editor (O24)
    O24 – Desktop General: BackupWallPaper – .(…) – C:UsersDanielPicturesModifications Picasapicasabackground.bmp
    O24 – Desktop General: WallPaper – .(…) – C:UsersDanielPicturesModifications Picasapicasabackground.bmp
    ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    O39 – APT:Automatic Planified Task – C:WindowsTasksRegistryBooster.job [334]
    [MD5.00000000000000000000000000000000] [APT] [{101863C3-009B-4436-AB20-6F4D18341716}] (…) — C:UsersDanielDownloadsS-CNX2__-020302WU-___FR-ALL___.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{1ABDDAA7-D4E1-4605-AE6A-677E38BC3EE3}] (…) — C:UsersDanielAppDataLocalTempTemp1_LecteurVTC5.1-Win32.zipInstallation PC.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{1D63F5AC-E7DB-4A66-A371-ACC72770D1F8}] (…) — C:UsersDanielDownloadsS-VNX2__-020301WF-EURFR-32BIT_.exe (.not file.) [0]
    [MD5.74AE0F4C82D8CA9881D9965918840BBE] [APT] [{299E14F3-ABD0-412F-A6DB-5E9DFDF2119C}] (…) — C:Program FilesKyodai Mahjongg 2006unins000.exe [681300]
    [MD5.553863F36D8C1B02BCC38452724F6960] [APT] [{38F58FA9-C59B-467D-B73B-3EE6B9B384B6}] (…) — C:Program FilesNikonCapture NX 2Uninstall.exe [1187594]
    [MD5.DBD50D8D66A324D4D7599836E260D9A5] [APT] [{59CECE80-31F3-48DC-9C38-89FFB690151B}] (…) — C:UsersDanielDownloadsOptimisation image nikonP-OPCLS-D300S-V100W.exe [125600]
    [MD5.0E9E92C4066D97D5779FF691937A0C2D] [APT] [{87C0A008-D4C1-4867-B692-41133341CACA}] (…) — C:UsersDanielDownloadsOptimisation image nikonP-OPCPT-D300S-V100W.exe [125416]
    [MD5.00000000000000000000000000000000] [APT] [{9204DD4F-4107-4893-8FEC-68A78CF77298}] (…) — C:UsersDanielDownloadsP-OPCLS-D300S-V100W.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{CF97FFC1-C7FE-4C26-A9BF-0DB0C7D68FFA}] (…) — C:UsersDanielAppDataLocalTempTemp1_CardReader_drivers.zipCardReaderDriver(Win98&Win2KBelowSP3)_Generic_Setup_v2.03.03.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{D227D800-D57E-4A04-9813-99D002547A65}] (…) — C:UsersDanielDownloadsS-VNX2__-212WF-EURFR-32BIT_.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{E93F7CF9-339A-4944-A09E-C26F3670A217}] (…) — C:UsersDanielDownloadsS-VNX2__-020203WF-EURFR-32BIT_.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{FA87169B-270F-4541-93D4-8CF00BB9C3BC}] (…) — C:Program FilesFree TarotFreeTarot.exe (.not file.) [0]
    ~ Scheduled Task: 28 Legitimates Filtered in 00mn 06s

    —\ Logiciels installés (O42)
    O42 – Logiciel: DMM V1.0 – (.DMM V1.0.) [HKLM] — {C94C4D9E-465D-4137-B2A6-B44A45AC8045}
    O42 – Logiciel: DMM V2.0 – (.DMM V2.0.) [HKLM] — {4A8CFFB1-AAFB-44CE-9A93-DA0FC31A305E}
    O42 – Logiciel: DMM V4.0 – (.DMM V4.0.) [HKLM] — {CC4379C2-1D22-4DBF-A847-3DEBC659A583}
    O42 – Logiciel: DMM V5.0 – (.DMM V5.0.) [HKLM] — {5A548CB3-E0AB-4AD0-92CE-AA503E74EA64}
    O42 – Logiciel: HYDAC ELECTRONIC HMGWIN Version 3 – (.HYDAC ELECTRONIC GMBH.) [HKLM] — HMGWIN_is1
    O42 – Logiciel: Imager – (.-.) [HKLM] — {5E65EF8F-3899-426D-9175-F20FEF851394}
    O42 – Logiciel: Iminent – (.Iminent.) [HKLM] — {90259377-55E9-4D60-A0C0-32EF312931A1} =>Adware.IMBooster
    O42 – Logiciel: SyncMX 1.0 – (.Couitchy Corp..) [HKLM] — SyncMX_is1
    O42 – Logiciel: Zelio Soft 2 v2.0.7 – (.Schneider Electric.) [HKLM] — {997DE126-E529-4306-9657-B9229C81DA2D}
    ~ Logic: 23 Legitimates Filtered in 00mn 01s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareConvesoft] =>PUP.Convesoft
    [HKCUSoftwareHYDAC ELECTRONIC]
    [HKCUSoftwareLight Machine]
    [HKCUSoftwareMAS]
    [HKCUSoftwareReceipts]
    [HKCUSoftwareSchneider]
    [HKCUSoftwareTuner]
    [HKCUSoftwareVB6Dock]
    [HKLMSoftwareDMM V1.0]
    [HKLMSoftwareDMM V2.0]
    [HKLMSoftwareDMM V4.0]
    [HKLMSoftwareDMM V5.0]
    [HKLMSoftwareMetadata Importer]
    [HKLMSoftwareScreen Saver]
    [HKLMSoftwareStrings]
    [HKLMSoftwarebusiness-inkjet]
    ~ Key Software: 385 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 20/02/2011 – 10:21:33 – [15.047] —-D C:Program FilesConvesoft =>PUP.Convesoft
    O43 – CFD: 03/12/2013 – 21:11:46 – [2.756] —-D C:Program FilesDMM V1.0
    O43 – CFD: 03/12/2013 – 22:06:00 – [1.822] —-D C:Program FilesDMM V2.0
    O43 – CFD: 04/12/2013 – 18:44:41 – [0.003] —-D C:Program FilesDMM V3.0
    O43 – CFD: 03/12/2013 – 21:19:46 – [1.802] —-D C:Program FilesDMM V4.0
    O43 – CFD: 03/12/2013 – 20:55:05 – [1.838] —-D C:Program FilesDMM V5.0
    O43 – CFD: 08/11/2013 – 14:07:29 – [3.106] —-D C:Program FilesHYDAC ELECTRONIC
    O43 – CFD: 08/06/2012 – 22:26:23 – [1.677] —-D C:Program Filesmy Picturetown
    O43 – CFD: 10/02/2012 – 21:00:14 – [7.192] —-D C:Program FilesOptris GmbH
    O43 – CFD: 15/10/2013 – 08:58:05 – [1.066] —-D C:Program FilesPC Cleaner =>USP.PCCleaner
    O43 – CFD: 20/02/2011 – 10:25:14 – [1.475] —-D C:Program FilesSyncMX
    O43 – CFD: 09/10/2011 – 18:44:06 – [0.000] —-D C:ProgramDatabusiness-inkjet
    O43 – CFD: 09/10/2011 – 18:45:16 – [0.000] —-D C:ProgramDatahowto
    O43 – CFD: 20/02/2011 – 10:25:48 – [7.722] –H-D C:ProgramData{F03307B7-E779-4F5E-A32E-9A73D8D6E0F2}
    O43 – CFD: 05/12/2011 – 19:41:02 – [1.065] —-D C:UsersDanielAppDataRoamingcom.mypicturetown.myptuploader.F9C4985A082C78528AFA4529A49FFE7D3454A64B.1
    O43 – CFD: 10/02/2012 – 23:35:53 – [1.726] —-D C:UsersDanielAppDataRoamingImager
    O43 – CFD: 29/10/2011 – 13:56:24 – [0.026] —-D C:UsersDanielAppDataRoamingvtcmovies
    O43 – CFD: 29/10/2011 – 13:55:26 – [0.107] —-D C:UsersDanielAppDataRoamingvtc_demo_setup
    O43 – CFD: 29/10/2011 – 13:55:21 – [0] —-D C:UsersDanielAppDataRoamingvtc_language
    O43 – CFD: 18/06/2012 – 21:38:23 – [0.000] —-D C:UsersDanielAppDataLocal_NkvMail@
    O43 – CFD: 10/02/2012 – 21:00:46 – [0.005] —-D C:UsersDanielAppDataRoamingMicrosoftWindowsStart MenuProgramsOptris GmbH
    ~ Program Folder: 286 Legitimates Filtered in 01mn 38s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.428D7BAA390B3F761E61245A7B0FE7F5] – 01/12/2013 – 16:20:09 —A- . (…) — C:WindowsSystem32PteVideo.dll [26000]
    O44 – LFC:[MD5.06E58102D671A2CBBB59C60D8909E4FE] – 07/12/2013 – 10:13:59 –HA- . (…) — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [19344]
    O44 – LFC:[MD5.06E58102D671A2CBBB59C60D8909E4FE] – 07/12/2013 – 10:13:59 –HA- . (…) — C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [19344]
    O44 – LFC:[MD5.793FE87864DF96B611F3481CCA66A801] – 22/11/2013 – 13:36:55 —A- . (…) — C:WindowsSystem32shortcut_ex.dat [17]
    O44 – LFC:[MD5.B3BFB3C5BF8BD43521838FD3302EC1A6] – 27/11/2013 – 18:04:31 —A- . (…) — C:WindowsIE11_main.log [4767]
    ~ Files: 28 Legitimates Filtered in 00mn 45s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.20A16FA243A0AF18CBE25AA1814E34DD] – 06/12/2013 – 21:55:54 —A- – C:WindowsPrefetchDL.EXE-20EC3889.pf
    O45 – LFCP:[MD5.FCDCC8F0D23A0ED3A9D7689CCA93C2A8] – 06/12/2013 – 21:55:54 —A- – C:WindowsPrefetchYET_ANOTHER_CLEANER.EXE-EF9D3ABC.pf
    O45 – LFCP:[MD5.2D838FCE5AE5167AD70643001597FCF0] – 06/12/2013 – 22:02:21 —A- – C:WindowsPrefetchNKMC2.EXE-A7E05A27.pf
    O45 – LFCP:[MD5.E3A938E1B67CFDA7BD9B923F61D7A645] – 06/12/2013 – 22:59:47 —A- – C:WindowsPrefetchA244853E-B72C-4E91-81A2-1593D-D93EBF3F.pf
    O45 – LFCP:[MD5.D0437D693057F8B41A1EEDDA5C48E730] – 06/12/2013 – 22:59:50 —A- – C:WindowsPrefetchPICASAMEDIADETECTOR.EXE-4D35D73C.pf
    O45 – LFCP:[MD5.324D518C50C07F078DC242762B52F95E] – 06/12/2013 – 23:02:01 —A- – C:WindowsPrefetch31.0.1650.63_31.0.1650.57_CHR-37462650.pf
    O45 – LFCP:[MD5.AFE2DB36A2061837B4F973673A3B0CEC] – 06/12/2013 – 23:02:30 —A- – C:WindowsPrefetchINSTUP.EXE-3ED611B0.pf
    O45 – LFCP:[MD5.77F76A0BEA63ED20789C94383E3E37C8] – 07/12/2013 – 08:15:07 —A- – C:WindowsPrefetchINSTUP.EXE-52AC782A.pf
    O45 – LFCP:[MD5.2646AC232BA3A80F9858497AA56298EE] – 07/12/2013 – 08:22:03 —A- – C:WindowsPrefetchPREVIEWERSURROGATE.EXE-54AACE7C.pf
    O45 – LFCP:[MD5.043F1DE7123552D9712350831064AC3A] – 07/12/2013 – 09:59:22 —A- – C:WindowsPrefetchNVHYBRIDGRAPHICSWITCH.EXE-FD65FA11.pf
    O45 – LFCP:[MD5.C6D7C887F0C12DBCC548072654BE6544] – 07/12/2013 – 09:59:22 —A- – C:WindowsPrefetchSETINTELDPST.EXE-311EFEEA.pf
    O45 – LFCP:[MD5.60B728131275605F3A549B332F73F4E1] – 07/12/2013 – 10:10:36 —A- – C:WindowsPrefetchPDFTOTEXT.EXE-935B1FD6.pf
    ~ Prefetcher: 140 Legitimates Filtered in 00mn 01s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{630a71d6-d309-11e1-9510-001f169580c7}AutoRuncommand. (…) — E:MicroLauncher.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
    O52 – TDSD: Drivers32″vidc.ptev”=”PteVideo.dll” . (…) — C:WindowsSystem32PteVideo.dll
    O52 – TDSD: drivers.desc”PteVideo.dll”=”PicturesToExe video codec” . (…) — C:WindowsSystem32PteVideo.dll
    ~ TDSD: 5 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 16 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:[MD5.F385467DF95D0A73775CB3B076B8B969] – 01/12/2013 – 15:26:54 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [49944]
    O58 – SDL:[MD5.BADA8FD627F1D0E22308211C33F0BDB5] – 01/12/2013 – 15:26:54 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [178304]
    O58 – SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] – 14/07/2009 – 02:20:28 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [453712]
    O58 – SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] – 13/07/2009 – 23:54:14 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [26624]
    O58 – SDL:[MD5.1FC8A7E5C3AED31F00940C6AB2FD9B49] – 31/07/2006 – 06:44:00 —A- . (.Omnivision Technologies, Inc. – Stream Class Mini Driver.) — C:WindowsSystem32Driversov550i.sys [580992]
    O58 – SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] – 14/07/2009 – 02:19:04 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [21072]
    O58 – SDL:[MD5.8AAD333C876590293F72B315E162BCC7] – 13/07/2009 – 22:40:41 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
    O58 – SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] – 13/07/2009 – 22:40:44 —A- . (…) — C:WindowsSystem32country.sys [27097]
    O58 – SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] – 13/07/2009 – 22:40:40 —A- . (…) — C:WindowsSystem32HIMEM.SYS [4768]
    O58 – SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] – 13/07/2009 – 22:40:43 —A- . (…) — C:WindowsSystem32KEY01.SYS [42809]
    O58 – SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] – 13/07/2009 – 22:40:43 —A- . (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
    O58 – SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] – 13/07/2009 – 22:40:23 —A- . (…) — C:WindowsSystem32NTDOS.SYS [27866]
    O58 – SDL:[MD5.CF9ED169FF86D935E47999E82359E898] – 13/07/2009 – 22:40:31 —A- . (…) — C:WindowsSystem32NTDOS404.SYS [29146]
    O58 – SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] – 13/07/2009 – 22:40:35 —A- . (…) — C:WindowsSystem32NTDOS411.SYS [29370]
    O58 – SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] – 13/07/2009 – 22:40:39 —A- . (…) — C:WindowsSystem32NTDOS412.SYS [29274]
    O58 – SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] – 13/07/2009 – 22:40:27 —A- . (…) — C:WindowsSystem32NTDOS804.SYS [29146]
    O58 – SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] – 13/07/2009 – 22:40:11 —A- . (…) — C:WindowsSystem32NTIO.SYS [33952]
    O58 – SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] – 13/07/2009 – 22:40:15 —A- . (…) — C:WindowsSystem32NTIO404.SYS [34672]
    O58 – SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] – 13/07/2009 – 22:40:17 —A- . (…) — C:WindowsSystem32NTIO411.SYS [35776]
    O58 – SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] – 13/07/2009 – 22:40:19 —A- . (…) — C:WindowsSystem32NTIO412.SYS [35536]
    O58 – SDL:[MD5.D86B6435729231C171432B4E77801BDB] – 13/07/2009 – 22:40:13 —A- . (…) — C:WindowsSystem32NTIO804.SYS [34672]
    ~ Drivers: 16 Legitimates Filtered in 00mn 03s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 04/12/2013 – 10:32:58 —A- . (…) — C:UsersDanielDocumentsCOMITE DES FETES2013CR 2013CR du 2013-11-14.pdf [269438]
    O61 – LFC: 04/12/2013 – 10:34:03 -SHA- . (…) — C:UsersDanielDocumentsMISTThumbs.db [35840]
    O61 – LFC: 06/12/2013 – 10:19:00 —A- . (…) — C:UsersDanielAppDataLocalGoogleChromeUser DataLanceur d'applications Google Chrome.lnk [2311]
    O61 – LFC: 06/12/2013 – 10:19:00 —A- . (…) — C:UsersDanielAppDataLocalGoogleChromeUser Datafr-FR-3-0.bdic [1074744]
    O61 – LFC: 06/12/2013 – 10:32:36 -SHA- . (…) — C:UsersDanielDocumentsADMINISTRATIFAdministratif diversThumbs.db [13312]
    O61 – LFC: 06/12/2013 – 10:32:37 -SHA- . (…) — C:UsersDanielDocumentsADMINISTRATIFBanqueCRCAThumbs.db [22016]
    O61 – LFC: 06/12/2013 – 10:34:03 —A- . (…) — C:UsersDanielDocumentsMISTTechniqueCours Galinaintegrite et equilibre du cadre.ppt [8681472]
    O61 – LFC: 06/12/2013 – 10:34:08 —A- . (…) — C:UsersDanielDocumentsvirus du 06-12-13.docx [279364]
    O61 – LFC: 07/12/2013 – 10:18:53 —A- . (…) — C:UsersDanielAppDataLocalGoogleChromeUser DataCertificate Revocation Lists [265395]
    O61 – LFC: 07/12/2013 – 10:19:00 —A- . (…) — C:UsersDanielAppDataLocalGoogleChromeUser DataFirst Run [0]
    O61 – LFC: 07/12/2013 – 10:19:00 —A- . (…) — C:UsersDanielAppDataLocalGoogleChromeUser DataLocal State [49114]
    O61 – LFC: 07/12/2013 – 10:32:21 —A- . (…) — C:UsersDanielAppDataRoamingZHPLog.txt [21346] =>.Nicolas Coolman
    O61 – LFC: 07/12/2013 – 10:32:22 —A- . (…) — C:UsersDanielAppDataRoamingZHPTestsZHPDiag.txt [2844] =>.Nicolas Coolman
    O61 – LFC: 07/12/2013 – 10:34:08 -SHA- . (…) — C:UsersDanielDocumentsPHOTOSThumbs.db [14336]
    O61 – LFC: 07/12/2013 – 10:34:11 —A- . (…) — C:UsersDanielDownloadsadwcleaner.exe [1110034]
    O61 – LFC: 07/12/2013 – 10:34:12 —A- . (…) — C:UsersDanielDownloadsAnniversaires Daniel & Pilippe.zip [8217229]
    ~ 1390 Fichiers temporaires (Temporary files)
    ~ Files: 1973 Legitimates Filtered in 27mn 27s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2013 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet:
    [HKLM..ShellopenCommand] (…) — C:UsersDanielAppDataLocalGoogleChromeApplicationchrome.exe (.not file.)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {FBB76871-576F-444A-A96B-47F2E7D86D1C} – (Ask Search) – http://websearch.ask.com” onclick=”window.open(this.href);return false; =>Toolbar.Ask
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.2607C3CC4E011D5826A4E36CE904202C] [SPRF][23/11/2013] (…) — C:UsersDanielAppDataLocalTempchart_data.dat [20730]
    [MD5.2A00675C8B0105BF938F22DAA5FC9B79] [SPRF][01/09/2013] (…) — C:UsersDanielAppDataLocalTempQuarantine.exe [344507]
    ~ Files: 6 Legitimates Filtered in 00mn 00s

    —\ Liste des exceptions du parefeu (FirewallRules) (O87)
    O87 – FAEL: “TCP Query User{BDD41941-9131-44EE-8BEE-99F60430E250}C:program filescobian backup 11cbremotemanager.exe” | In – Private – P6 – TRUE | .(.Luis Cobian, CobianSoft – Cobian Backup 11, Gravity, Remote Manager.) — C:program filescobian backup 11cbremotemanager.exe
    O87 – FAEL: “UDP Query User{F3256E75-4B0E-4D7B-AD69-3E0164562064}C:program filescobian backup 11cbremotemanager.exe” | In – Private – P17 – TRUE | .(.Luis Cobian, CobianSoft – Cobian Backup 11, Gravity, Remote Manager.) — C:program filescobian backup 11cbremotemanager.exe
    ~ Firewall: 240 Legitimates Filtered in 00mn 02s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “773952099E5506D40A0C23FE1392131A” . (.Iminent.) — C:WindowsInstaller{90259377-55E9-4D60-A0C0-32EF312931A1}imbooster.ico =>Adware.IMBooster
    O90 – PUC: “E0710AC8E9E65A34EAF1588A82028B74” . (.FreeCompressor.) — C:WindowsInstaller{8CA0170E-6E9E-43A5-AE1F-85A82820B847}ARPPRODUCTICON.exe
    O90 – PUC: “EFE665B6D1CDF17439DD483862361F04” . (.OVT Scanner X86.) — C:WindowsInstaller{6B566EFE-DC1D-471F-93DD-84832663F140}ARPPRODUCTICON.exe
    O90 – PUC: “F8FE56E59983D62419572FF0FE583149” . (.Imager.) — C:WindowsInstaller{5E65EF8F-3899-426D-9175-F20FEF851394}ARPPRODUCTICON.exe
    ~ Update Products: 92 Legitimates Filtered in 00mn 00s

    —\ Enumère les données de la clé NameSpace (MNS) (O92)
    O92 – MNS: Photos iCloud – {F0D63F85-37EC-4097-B30D-61B4A8917118}
    ~ MNS: 1 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.09E23D01862F0458EDADCF26BF51BC38] [WIS][06/03/2010] (.Google – Google Gears.) — C:WindowsInstaller14a6560f.msi [47104]
    [MD5.BF5A58A64869F3BDD1433E9A3049D022] [WIS][27/09/2012] (.Nikon – Blank Project Template.) — C:WindowsInstaller239675.msi [19497044]
    [MD5.5ADE4DCEABE47139A36C76642F2216FF] [WIS][16/09/2013] (.Nikon – ViewNX 2.) — C:WindowsInstaller2576514.msi [28185112]
    [MD5.2891F9DD58A0F1282E46D80E39A88A64] [WIS][22/05/2009] (.EgisTec – MyWinLocker.) — C:WindowsInstaller2d4cc.msi [5660160]
    [MD5.9B54E494E5E2D7F3EF388D12437CFD96] [WIS][03/06/2010] (.Secure Digital Services – FreeCompressor.) — C:WindowsInstaller63578cc6.msi [2588160] =>Adware.SPointer
    ~ WIS: 99 Legitimates Filtered in 00mn 30s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 10/07/1658 0 | (ACDaemon) . (…) – C:Program FilesCommon FilesArcSoftConnection ServiceBinACService.exe
    SS – | Demand 23/11/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe
    SS – | Auto 25/04/2012 1131008 | (CobianBackup11) . (.Luis Cobian, CobianSoft.) – C:Program FilesCobian Backup 11cbService.exe
    SS – | Demand 08/08/2010 30192 | (GoogleDesktopManager-051210-111108) . (.Google.) – C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
    SS – | Auto 28/12/2009 135664 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 28/12/2009 135664 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 22/08/2012 194032 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SS – | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) – C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
    SS – | Demand 17/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
    SS – | Demand 23/09/2008 50424 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) – C:Program FilesNewTech InfosystemsNTI Backup Now 5BackupSvc.exe
    SS – | Demand 10/02/2011 150528 | (Sony Ericsson PCCompanion) . (.Avanquest Software.) – C:Program FilesSony EricssonSony Ericsson PC CompanionPCCService.exe
    SS – | Demand 18/01/2012 155320 | (Sony PC Companion) . (.Avanquest Software.) – C:Program FilesSonySony PC CompanionPCCService.exe

    SR – | Auto 14/05/2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) – C:Program FilesCommon FilesABBYYFineReaderSprint9.00LicensingNetworkLicenseServer.exe
    SR – | Auto 14/09/2011 169624 | (AdobeActiveFileMonitor10.0) . (.Adobe Systems Incorporated.) – C:Program FilesAdobeElements 10 OrganizerPhotoshopElementsFileAgent.exe
    SR – | Auto 01/12/2013 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
    SR – | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Auto 25/04/2012 67584 | (cbVSCService11) . (.CobianSoft, Luis Cobian.) – C:Program FilesCobian Backup 11cbVSCService11.exe
    SR – | Auto 18/12/2008 75048 | (CLHNService) . (…) – C:Program FilesAcer Arcade DeluxeHomeMediaKernelDMPCLHNService.exe
    SR – | Auto 15/04/2009 703008 | (ePowerSvc) . (.Acer Incorporated.) – C:Program FilesAcerAcer PowerSmart ManagerePowerSvc.exe
    SR – | Auto 19/12/2006 94208 | (EpsonBidirectionalService) . (.SEIKO EPSON CORPORATION.) – C:Program FilesCommon FilesEPSONEBAPIeEBSVC.exe
    SR – | Auto 14/09/2009 153600 | (EPSON_EB_RPCV4_04) . (.SEIKO EPSON CORPORATION.) – C:Program FilesCommon FilesEPSONEPW!3 SSRPE_S50ST7.exe
    SR – | Auto 14/09/2009 121856 | (EPSON_PM_RPCV4_04) . (.SEIKO EPSON CORPORATION.) – C:Program FilesCommon FilesEPSONEPW!3 SSRPE_S50RP7.exe
    SR – | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:UsersDanielDesktopMalwarebytes' Anti-Malwarembamscheduler.exe
    SR – | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) – C:UsersDanielDesktopMalwarebytes' Anti-Malwarembamservice.exe
    SR – | Auto 27/10/2008 306736 | (MWLService) . (.EgisTec Inc..) – C:Program FilesEgisTecMyWinLocker 3x86MWLService.exe
    SR – | Auto 11/04/2009 61184 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) – C:Program FilesNewTech InfosystemsAcer Backup ManagerIScheduleSvc.exe
    SR – | Auto 23/09/2008 144632 | (NTISchedulerSvc) . (.NewTech Infosystems, Inc..) – C:Program FilesNewTech InfosystemsNTI Backup Now 5SchedulerSvc.exe
    SR – | Auto 28/07/2009 211488 | (nvsvc) . (.NVIDIA Corporation.) – C:WindowsSystem32nvvsvc.exe
    SR – | Auto 30/04/2009 90112 | (OMSI download service) . (…) – C:Program FilesSony EricssonSony Ericsson PC SuiteSupServ.exe
    SR – | Auto 08/04/2013 1320496 | (PDF Architect Helper Service) . (.pdfforge GmbH.) – C:Program FilesPDF ArchitectHelperService.exe
    SR – | Auto 08/04/2013 799280 | (PDF Architect Service) . (.pdfforge GmbH.) – C:Program FilesPDF ArchitectConversionService.exe
    SR – | Auto 22/03/2013 93072 | (TomTomHOMEService) . (.TomTom.) – C:Program FilesTomTom HOME 2TomTomHOMEService.exe
    SR – | Auto 14/07/2009 20992 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 14/07/2009 20992 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe

    ~ Services: Scanned in 00mn 34s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;

    ~ MBR: 1 Legitimates Filtered in 00mn 02s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Daniel at 07/12/2013 10:49:31

    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin

    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 13011 – (06/12/2013)
    Clés trouvées (Keys found) : 15
    Valeurs trouvées (Values found) : 2
    Dossiers trouvés (Folders found) : 2
    Fichiers trouvés (Files found) : 1

    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{90259377-55E9-4D60-A0C0-32EF312931A1}] =>Adware.IMBooster^
    [HKCUSoftwareConvesoft] =>PUP.Convesoft
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{5B63A470-9334-44D1-AF61-6CE2DB565AE9}] =>PUP.Convesoft
    [HKLMSoftwareClassesInstallerFeatures74A36B543391D44FA16C62EBD65A59E] =>PUP.Convesoft
    [HKLMSoftwareClassesInstallerProducts74A36B543391D44FA16C62EBD65A59E] =>PUP.Convesoft
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Products74A36B543391D44FA16C62EBD65A59E] =>PUP.Convesoft
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components1B812BD0725DF36459D5BA985C9193C4] =>PUP.Kiwee
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components2514EB7147619DA498D025C07B3421DD] =>PUP.Kiwee
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components73962F57F2FA32C43A431C9C05459330] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsB63FC54A3B9D36449AD536B3C29D2A97] =>PUP.OfferBox
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsC512D8DDA7F6553429ACE05EC3197DAB] =>PUP.OfferBox
    [HKLMSoftwareClassesInstallerFeaturesE0710AC8E9E65A34EAF1588A82028B74] =>Adware.SPointer
    [HKLMSoftwareClassesInstallerProductsE0710AC8E9E65A34EAF1588A82028B74] =>Adware.SPointer
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ProductsE0710AC8E9E65A34EAF1588A82028B74] =>Adware.SPointer
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{8CA0170E-6E9E-43A5-AE1F-85A82820B847}] =>Adware.SPointer
    [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
    [HKCUSOFTWAREMicrosoftWindowsCurrentVersionRun]:swg =>Toolbar.Google^
    C:Program FilesConvesoft =>PUP.Convesoft^
    C:Program FilesPC Cleaner =>USP.PCCleaner^
    C:WindowsInstaller63578cc6.msi =>Adware.SPointer^
    ~ Additionnel Scan: 347939 Items scanned in 01mn 05s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster” onclick=”window.open(this.href);return false; =>Adware.IMBooster
    ~ http://nicolascoolman.webs.com/apps/blog/show/31039710-pup-convesoft” onclick=”window.open(this.href);return false; =>PUP.Convesoft
    ~ http://nicolascoolman.webs.com/apps/blog/show/29956939-usp-pccleaner” onclick=”window.open(this.href);return false; =>USP.PCCleaner
    ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask” onclick=”window.open(this.href);return false; =>Toolbar.Ask
    ~ http://nicolascoolman.webs.com/apps/blog/show/27556476-adware-spointer” onclick=”window.open(this.href);return false; =>Adware.SPointer
    ~ http://nicolascoolman.webs.com/apps/blog/show/28863080-toolbar-kiwee” onclick=”window.open(this.href);return false; =>PUP.Kiwee
    ~ http://nicolascoolman.webs.com/apps/blog/show/28606910-pup-offerbox” onclick=”window.open(this.href);return false; =>PUP.OfferBox
    ~ MSI: 7 link(s) detected in 01mn 06s

    ~ 3451 Legitimates filtered by white list
    End of the scan (680 lines in 41mn 49s)(0)[/spoiler:1mh6t8le]

  • dbout
    Participant
    Nombre d'articles : 1

    Voilà la suite des tests:
    DB

    [spoiler:1lenoy56]Malwarebytes Anti-Malware (Essai) 1.75.0.1300
    http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

    Version de la base de données: v2013.12.07.03

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 10.0.9200.16736
    Daniel :: PC-DE-DANIEL [administrateur]

    Protection: Activé

    07/12/2013 09:23:49
    mbam-log-2013-12-07 (09-23-49).txt

    Type d'examen: Examen rapide
    Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
    Options d'examen désactivées: P2P
    Elément(s) analysé(s): 240437
    Temps écoulé: 20 minute(s), 10 seconde(s)

    Processus mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Module(s) mémoire détecté(s): 0
    (Aucun élément nuisible détecté)

    Clé(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre détectée(s): 0
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre détecté(s): 0
    (Aucun élément nuisible détecté)

    Dossier(s) détecté(s): 0
    (Aucun élément nuisible détecté)

    Fichier(s) détecté(s): 2
    C:WindowsInstaller5288a3e2.msi (PUP.Optional.Iminent.A) -> Mis en quarantaine et supprimé avec succès.
    C:UsersDanielSendToDesk 365.lnk (PUP.Optional.Desk365.A) -> Mis en quarantaine et supprimé avec succès.

    (fin)[/spoiler:1lenoy56]

    [spoiler:1lenoy56]# AdwCleaner v3.014 – Rapport créé le 06/12/2013 à 21:41:19
    # Mis à jour le 01/12/2013 par Xplode
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Nom d'utilisateur : Daniel – PC-DE-DANIEL
    # Exécuté depuis : C:UsersDanielDownloadsadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:ProgramDataboost_interprocess
    [!] Dossier Supprimé : C:Program FilesiSafe
    Dossier Supprimé : C:UsersDanielAppDataLocalTempboost_interprocess
    [!] Dossier Supprimé : C:UsersDanielAppDataRoamingiSafe
    Fichier Supprimé : C:UsersDanielAppDataLocalGoogleChromeUser DataDefaultExtensionsnewtab.crx
    Fichier Supprimé : C:WindowsSystem32TasksDesk 365 RunAsStdUser

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    [#] Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{AD65DD6E-107D-40A1-A8A4-5A93CCEF7A51}
    [#] Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{AD65DD6E-107D-40A1-A8A4-5A93CCEF7A51}
    Clé Supprimée : HKLMSOFTWAREClassesAppIDWLXQuickTimeShellExt.DLL
    Clé Supprimée : HKLMSOFTWAREClassesAppID{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Clé Supprimée : HKLMSoftwarehdcode
    Clé Supprimée : HKLMSoftwareUniblue
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components8121C32A9C319F4CB0C11FF059552A4
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components43C098337DB065A49B665D4EA7F16D1C
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA71991503412AEB42838B02C5ED9F9CD
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsF2E0D3DD9E5E4B74CA43BCE77815E287
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsF7652513C62FF63448CFF05163719DB7
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodesF1057DD419AED0B468AD8888429E139A

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v10.0.9200.16736

    -\ Mozilla Firefox v25.0.1 (fr)

    [ Fichier : C:UsersDanielAppDataRoamingMozillaFirefoxProfilesqtq8yfrd.defaultprefs.js ]

    Ligne Supprimée : user_pref(“iminent.LayoutId”, “1”);
    Ligne Supprimée : user_pref(“iminent.ShowThankyouPixel”, “0”);
    Ligne Supprimée : user_pref(“iminent.newtabredirect”, “false”);
    Ligne Supprimée : user_pref(“iminent.searchindex”, “1”);
    Ligne Supprimée : user_pref(“iminent.version”, “7.35.1.1”);

    [ Fichier : C:UsersGenevièveAppDataRoamingMozillaFirefoxProfilesq10cwq9g.defaultprefs.js ]

    -\ Google Chrome v

    [ Fichier : C:UsersDanielAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    *************************

    AdwCleaner[R0].txt – [60899 octets] – [04/09/2013 22:51:39]
    AdwCleaner[R1].txt – [3839 octets] – [13/10/2013 20:09:49]
    AdwCleaner[R2].txt – [3309 octets] – [06/12/2013 21:38:08]
    AdwCleaner[S0].txt – [59336 octets] – [04/09/2013 22:53:36]
    AdwCleaner[S1].txt – [3934 octets] – [13/10/2013 20:12:22]
    AdwCleaner[S2].txt – [3300 octets] – [06/12/2013 21:41:19]

    ########## EOF – C:AdwCleanerAdwCleaner[S2].txt – [3360 octets] ##########
    # AdwCleaner v3.014 – Rapport créé le 07/12/2013 à 09:56:00
    # Mis à jour le 01/12/2013 par Xplode
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Nom d'utilisateur : Daniel – PC-DE-DANIEL
    # Exécuté depuis : C:UsersDanielDownloadsadwcleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Fichier Supprimé : C:WindowsSystem32TasksDesk 365 RunAsStdUser

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    [#] Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCachePlain{AD65DD6E-107D-40A1-A8A4-5A93CCEF7A51}
    [#] Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionScheduleTaskCacheTasks{AD65DD6E-107D-40A1-A8A4-5A93CCEF7A51}
    Clé Supprimée : HKLMSOFTWAREClassesAppIDWLXQuickTimeShellExt.DLL
    Clé Supprimée : HKLMSOFTWAREClassesAppID{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Clé Supprimée : HKLMSoftwarehdcode
    Clé Supprimée : HKLMSoftwareUniblue
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components8121C32A9C319F4CB0C11FF059552A4
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components43C098337DB065A49B665D4EA7F16D1C
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsA71991503412AEB42838B02C5ED9F9CD
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsF2E0D3DD9E5E4B74CA43BCE77815E287
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsF7652513C62FF63448CFF05163719DB7
    Clé Supprimée : HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodesF1057DD419AED0B468AD8888429E139A

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v10.0.9200.16736

    -\ Mozilla Firefox v25.0.1 (fr)

    [ Fichier : C:UsersDanielAppDataRoamingMozillaFirefoxProfilesqtq8yfrd.defaultprefs.js ]

    Ligne Supprimée : user_pref(“iminent.LayoutId”, “1”);
    Ligne Supprimée : user_pref(“iminent.ShowThankyouPixel”, “0”);
    Ligne Supprimée : user_pref(“iminent.newtabredirect”, “false”);
    Ligne Supprimée : user_pref(“iminent.searchindex”, “1”);
    Ligne Supprimée : user_pref(“iminent.version”, “7.35.1.1”);

    [ Fichier : C:UsersGenevièveAppDataRoamingMozillaFirefoxProfilesq10cwq9g.defaultprefs.js ]

    -\ Google Chrome v31.0.1650.63

    [ Fichier : C:UsersDanielAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    *************************

    AdwCleaner[R0].txt – [60899 octets] – [04/09/2013 22:51:39]
    AdwCleaner[R1].txt – [3839 octets] – [13/10/2013 20:09:49]
    AdwCleaner[R2].txt – [6490 octets] – [06/12/2013 21:38:08]
    AdwCleaner[R3].txt – [1790 octets] – [06/12/2013 21:56:23]
    AdwCleaner[S0].txt – [59336 octets] – [04/09/2013 22:53:36]
    AdwCleaner[S1].txt – [3934 octets] – [13/10/2013 20:12:22]
    AdwCleaner[S2].txt – [6471 octets] – [06/12/2013 21:41:19]
    AdwCleaner[S3].txt – [1867 octets] – [06/12/2013 21:58:58]

    ########## EOF – C:AdwCleanerAdwCleaner[S2].txt – [6591 octets] ##########[/spoiler:1lenoy56]

  • g3n-h@ckm@n
    Admin bbPress
    Nombre d'articles : 8433

    salut :hello: :hello:

    • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Branchez toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Choisis l’option Suppression

      Note : Si UsbFix bloque à 14%, démarrer en mode sans échec. (Voir >> ICI <<)

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse

Le sujet ‘Blocage clé USB par VBS:Agent-AXN’ est fermé à de nouvelles réponses.