Et c’est l’infection! 2014-11-15T20:16:20+00:00
  • Auteur
    Messages
  • Photo du profil de titoupittitoupit
    Participant
    Nombre d'articles : 2

    Bonjour!

    J’ai choppé une saleté qui ne veux pas partir … d’abord j’ai eu de gros soucis avec Firefox (freeze) que j’ai desinstallé/reinstallé sans amélioration, puis impossible de faire certaines choses sous IE11 (changer le moteur de recherche par exemple), puis Windows Defender qui s’est arrêté (impossible de le relancer: MSASCui.exe introuvable). J’ai donc tenter d’installer Malware byte pour voir, et impossible de l’installer (‘runtime error’).

    ADWCleaner a bien voulu s’installer et se lancer
    [spoiler:dyb9daqb]# AdwCleaner v4.101 – Rapport créé le 15/11/2014 à 20:50:19
    # Mis à jour le 09/11/2014 par Xplode
    # Database : 2014-11-13.1 [Live]
    # Système d'exploitation : Windows 8.1 (64 bits)
    # Nom d'utilisateur : Pete – PC_PETE_0914
    # Exécuté depuis : C:UsersPeteDownloadsAdwCleaner.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    Service Supprimé : WindowsMangerProtect
    Service Supprimé : {e9bebce7-deb3-4ab9-896c-549739f208c5}Gw64

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:ProgramDataIePluginServices
    Dossier Supprimé : C:ProgramDataWindowsMangerProtect
    Dossier Supprimé : C:Program Files (x86)SupTab
    Dossier Supprimé : C:UsersPeteAppDataRoamingSupTab
    Dossier Supprimé : C:UsersPeteAppDataRoamingsweet-page
    Fichier Supprimé : C:windowsSystem32\drivers{e9bebce7-deb3-4ab9-896c-549739f208c5}Gw64.sys

    ***** [ Tâches planifiées ] *****

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Supprimée : HKLMSYSTEMCurrentControlSetServicesEventlogApplicationWindowsMangerProtect
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{917CAAE9-DD47-4025-936E-1414F07DF5B8}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesCLSID{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{917CAAE9-DD47-4025-936E-1414F07DF5B8}
    Clé Supprimée : [x64] HKLMSOFTWAREClassesInterface{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Donnée Restaurée : HKEY_LOCAL_MACHINESOFTWAREClientsStartMenuInternetIEXPLORE.EXEshellopencommand
    Clé Supprimée : HKCUSoftwareInstallCore
    Clé Supprimée : HKCUSoftwareSupHpUISoft
    Clé Supprimée : HKLMSOFTWARESupDp
    Clé Supprimée : HKLMSOFTWARESupTab
    Clé Supprimée : HKLMSOFTWAREsupWindowsMangerProtect
    Clé Supprimée : HKLMSOFTWAREsweet-pageSoftware
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallWindowsMangerProtect

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v11.0.9600.17278

    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerMain [Default_Search_URL]
    Paramètre Restauré : HKLMSOFTWAREMicrosoftInternet ExplorerMain [Search Page]
    Paramètre Restauré : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerMain [Default_Search_URL]
    Paramètre Restauré : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerMain [Search Page]

    *************************

    AdwCleaner[R0].txt – [4283 octets] – [15/11/2014 20:48:32]
    AdwCleaner[S0].txt – [3445 octets] – [15/11/2014 20:50:19]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [3505 octets] ##########[/spoiler:dyb9daqb]

  • Photo du profil de titoupittitoupit
    Participant
    Nombre d'articles : 2

    Et ZHP aussi

    [spoiler:23zb14ya]~ Rapport de ZHPDiag v2014.11.13.163 – Nicolas Coolman (13/11/2014)
    ~ Lancé par Pete (15/11/2014 21:04:21)
    ~ Adresse du Site Web http://nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Adresse du Forum http://forum.nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Version à jour.
    ~ Liste blanche : Désactivée par l'utilisateur
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by program

    —\ Navigateurs Internet
    MSIE: Internet Explorer v11.0.9600.17278 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 8.1, 64-bit (Build 9600)
    Windows Server License Manager Script : OK
    ~ Windows(R) Operating System, OEM_COA_NSLP channel
    Windows ID Activation : OK
    ~ Windows Partial Key : 3YGR7
    Windows License : OK
    ~ Windows Remaining Initializations Number : 999
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    Windows Defender W8 (Activate)

    —\ Logiciels d'optimisation du système
    CCleaner v4.17

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 15 Plugin
    Java 7 Update 67 (64-bit)

    —\ Informations sur le système
    ~ Processor: Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
    ~ Operating System: 64 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 8135 MB (67% free)
    System Restore: Activé (Enable)
    System drive C: has 127 GB (55%) free of 230 GB

    —\ Mode de connexion au système
    ~ Computer Name: PC_PETE_0914
    ~ User Name: Pete
    ~ All Users Names: Pete, HomeGroupUser$, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersPeteAppDataRoamingZHP
    ~ %AppData% : C:UsersPeteAppDataRoaming
    ~ %Desktop% : C:UsersPeteDesktop
    ~ %Favorites% : C:UsersPeteFavorites
    ~ %LocalAppData% : C:UsersPeteAppDataLocal
    ~ %StartMenu% : C:UsersPeteAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 127 Go of 230 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 1209 Go of 1863 Go)
    F: CD-ROM drive (Not Inserted)
    G: CD-ROM drive (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiSpywareOverride: OK
    [HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiVirusOverride: OK
    [HKLMSOFTWAREMicrosoftSecurity CenterSvc] FirewallOverride: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorer] NoActiveDesktopChanges: Modified
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] EnableLUA: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN] CheckedValue: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL] CheckedValue: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations] Application: Modified =>Hijacker.Application
    [HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] Shell: OK
    [HKLMSYSTEMCurrentControlSetServicesCOMSysApp] Type: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall] LastSuccessTime : Out Of Date
    ~ Security Center: 41 Scanned in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.ACDBE1ED38167C8B01B8F63161BB2CEA] – (.Microsoft Corporation – Explorateur Windows.) (.23/08/2014 – 08:48:28.) — C:WindowsExplorer.exe [2374784]
    [MD5.48CFA7BE561A7BE144C29BB912055016] – (.Microsoft Corporation – Application de démarrage de Windows.) (.22/08/2013 – 10:58:29.) — C:WindowsSystem32Wininit.exe [144384]
    [MD5.30C355249224173151874A7B86A8BB66] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.16/08/2014 – 01:56:32.) — C:WindowsSystem32wininet.dll [2310656]
    [MD5.306EB21E5B480AE9065EA55AC8C35936] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.18/03/2014 – 11:09:53.) — C:WindowsSystem32Winlogon.exe [562176]
    [MD5.AFCAB4DC692CCE37E283B00E2D7B438F] – (.Microsoft Corporation – Bibliothèque de licences.) (.18/03/2014 – 11:09:55.) — C:WindowsSystem32sppcomapi.dll [447488]
    [MD5.374E27295F0A9DCAA8FC96370F9BEEA5] – (.Microsoft Corporation – Pilote de fonction connexe pour WinSock.) (.30/05/2014 – 04:03:03.) — C:Windowssystem32DriversAFD.sys [563200]
    [MD5.74B14192CF79A72F7536B27CB8814FBD] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.22/08/2013 – 13:43:41.) — C:Windowssystem32Driversatapi.sys [26464]
    [MD5.2FA6510E33F7DEFEC03658B74101A9B9] – (.Microsoft Corporation – CD-ROM File System Driver.) (.22/08/2013 – 12:40:15.) — C:Windowssystem32DriversCdfs.sys [88576]
    [MD5.C6796EA22B513E3457514D92DCDB1A3D] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.22/08/2013 – 09:46:35.) — C:Windowssystem32DriversCdrom.sys [164352]
    [MD5.A03F362C5557E238CBFA914689C77248] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.06/03/2014 – 10:22:50.) — C:Windowssystem32DriversDfsC.sys [134144]
    [MD5.D4B7ED39C7900384D9E5C1283F1E7926] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.24/07/2014 – 12:45:39.) — C:Windowssystem32DriversHDAudBus.sys [76800]
    [MD5.84CFC5EFA97D0C965EDE1D56F116A541] – (.Microsoft Corporation – Pilote de port i8042.) (.22/08/2013 – 12:39:15.) — C:Windowssystem32Driversi8042prt.sys [107520]
    [MD5.B7342B3C58E91107F6E946A93D9D4EFD] – (.Microsoft Corporation – IP Network Address Translator.) (.18/03/2014 – 11:09:57.) — C:Windowssystem32DriversIpNat.sys [142848]
    [MD5.7A1A3F213CDB3363D179D5014272025D] – (.Microsoft Corporation – Minirdr SMB Windows NT.) (.30/04/2014 – 07:41:46.) — C:Windowssystem32DriversMRxSmb.sys [402432]
    [MD5.0217532E19A748F0E5D569307363D5FD] – (.Microsoft Corporation – MBT Transport driver.) (.22/08/2013 – 12:37:02.) — C:Windowssystem32DriversnetBT.sys [282624]
    [MD5.038C77D577900EE39410662478BB0D50] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.24/07/2014 – 16:07:52.) — C:Windowssystem32Driversntfs.sys [2009920]
    [MD5.764B1121867B2D9B31C491668AC72B2B] – (.Microsoft Corporation – Pilote de port parallèle.) (.22/08/2013 – 12:40:02.) — C:Windowssystem32DriversParport.sys [94208]
    [MD5.BBB6272B7F46C4640A8CDB8A70C3450F] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.22/08/2013 – 12:35:51.) — C:Windowssystem32DriversRasl2tp.sys [120832]
    [MD5.680C1DAE268B6FB67FA21B389A8B79EF] – (.Microsoft Corporation – Redirecteur de périphérique de Microsoft RDP.) (.18/03/2014 – 10:41:24.) — C:Windowssystem32Driversrdpdr.sys [195584]
    [MD5.FFF28F9F6823EB1756C60F1649560BBF] – (.Microsoft Corporation – TDI Translation Driver.) (.22/08/2013 – 14:25:35.) — C:Windowssystem32Driverstdx.sys [107520]
    [MD5.64CA2B4A49A8EAF495E435623ECCE7DB] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.19/06/2014 – 03:13:36.) — C:Windowssystem32Driversvolsnap.sys [310080]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes Favoris (My Favorites) : 1/72
    ~ Mes Documents (My Documents) : 1/22
    ~ Mon Bureau (My Desktop) : 2/7
    ~ Menu demarrer (Programs) : 1/34
    ~ Hidden Files: Scanned in 00mn 00s

    —\ Processus lancés
    [MD5.FC298ABC9A1376D9AC292F78C5AACA25] – (.Microsoft Corporation – Microsoft® Resource File To COFF Object Con.) — C:WindowsMicrosoft.NETFrameworkv2.0.50727cvtres.exe [32912] [PID.2988]
    [MD5.92CECBEF7FE590E11EABDC49FAD8C1B5] – (.Belkin Corporation – Activator Application for Nostromo.) — C:Program Files (x86)BelkinNostromonost_LM.exe [562416] [PID.4236]
    [MD5.154E6F681AE6AA93252EB0EB36D20389] – (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet ExplorerIEXPLORE.exe [812184] [PID.4748]
    [MD5.2545A3C12E99CAA24F9367D7F5A80D83] – (.Intel Corporation – IAStorIcon.) — C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorIcon.exe [287592] [PID.4368]
    [MD5.A0DA0ED7F15F4E3259C8FF3ADAE1B495] – (.Nicolas Coolman – ZHPDiag.) — C:Program Files (x86)ZHPDiagZHPDiag.exe [8126464] [PID.592]
    ~ Processes Running: Scanned in 00mn 00s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    P2 – FPN: [HKLM] [@adobe.com/FlashPlayer] – (…) — C:windowssystem32MacromedFlashNPSWF64_15_0_0_152.dll
    P2 – FPN: [HKLM] [@esn/npbattlelog,version=2.5.1] – (.EA Digital Illusions CE AB – Battlelog Game Launcher (2.5.1).) — C:Program Files (x86)Battlelog Web Plugins2.5.1npbattlelogx64.dll
    P2 – FPN: [HKLM] [@java.com/DTPlugin,version=10.67.2] – (.Oracle Corporation – NPRuntime Script Plug-in Library for Java(TM) Deploy.) — C:Program FilesJavajre7bindtpluginnpDeployJava1.dll
    P2 – FPN: [HKLM] [@java.com/JavaPlugin,version=10.67.2] – (.Oracle Corporation – Next Generation Java Plug-in 10.67.2 for Mozilla browsers.) — C:Program FilesJavajre7binplugin2npjp2.dll
    P2 – FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] – (. Microsoft Corporation – 5.1.30514.0.) — C:Program FilesMicrosoft Silverlight5.1.30514.0npctrl.dll
    ~ Firefox Browser: 5 Scanned in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com” onclick=”window.open(this.href);return false;
    R0 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = about:blank
    R0 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Start Page = about:blank
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com” onclick=”window.open(this.href);return false;
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://www.google.com” onclick=”window.open(this.href);return false;
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Extensions Off Page = about:noadd-ons
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Security Risk Page = about:securityrisk
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.google.com” onclick=”window.open(this.href);return false;
    R1 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Search Page = http://www.google.com” onclick=”window.open(this.href);return false;
    R1 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank
    R1 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.google.com” onclick=”window.open(this.href);return false;
    R1 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Extensions Off Page = about:noadd-ons
    R1 – HKLMSOFTWAREWow6432NodeMicrosoftInternet ExplorerMain,Security Risk Page = about:securityrisk
    R3 – URLSearchHook: Microsoft Url Search Hook [64Bits] – {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation – Navigateur Internet.) (11.00.9600.17278 (winblue_r2.140815-1500)) — C:WindowsSysWOW64ieframe.dll
    ~ IE Browser: 16 Scanned in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hôte est sain (The hosts file is clean) (21)
    ~ Hosts File: Scanned in 00mn 00s

    —\ Browser Helper Objects de navigateur (O2)
    O2 – BHO: (no name) [64Bits] – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} Clé orpheline
    O2 – BHO: (no name) [64Bits] – {DBC80044-A445-435b-BC74-9C25C1C588A9} Clé orpheline
    ~ BHO: 2 Scanned in 00mn 00s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [RTHDVCPL] . (.Realtek Semiconductor – Gestionnaire audio HD Realtek.) — C:Program FilesRealtekAudioHDARtkNGUI64.exe =>.Realtek Semiconductor Corp
    O4 – HKLM..Run: [RtHDVBg_DTS] . (.Realtek Semiconductor – HD Audio Background Process.) — C:Program FilesRealtekAudioHDARAVBg64.exe
    O4 – HKLM..Run: [IAStorIcon] . (.Intel Corporation – Delayed launcher.) — C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorIconLaunch.exe
    O4 – HKLM..Run: [Launch LCore] . (.Logitech Inc. – Logitech Gaming Framework.) — C:Program FilesLogitech Gaming SoftwareLCore.exe =>.Logitech Inc
    O4 – HKLM..Run: [SamsungRapidApp] . (.Samsung Electronics Co., Ltd. – Samsung RAPID Mode Notification Utility.) — C:Program Files (x86)RAPIDCacheFilterSamsungRapidApp.exe
    O4 – HKCU..Run: [SkyDrive] . (.Microsoft Corporation – Microsoft OneDrive.) — C:UsersPeteAppDataLocalMicrosoftSkyDriveSkyDrive.exe
    O4 – HKCU..Run: [AlcoholAutomount] . (.Alcohol Soft Development Team – Alcohol Virtual Drive Auto-mount Service.) — C:Program Files (x86)Alcohol SoftAlcohol 52AxAutoMntSrv.exe
    O4 – HKLM..Wow6432NodeRun: [StartCCC] . (.Advanced Micro Devices, Inc. – Catalyst® Control Center Launcher.) — C:Program Files (x86)ATI TechnologiesATI.ACECore-Staticamd64CLIStart.exe =>.Advanced Micro Devices, Inc
    O4 – HKUSS-1-5-21-1460372796-1414826035-3659446440-1001..Run: [SkyDrive] . (.Microsoft Corporation – Microsoft OneDrive.) — C:UsersPeteAppDataLocalMicrosoftSkyDriveSkyDrive.exe
    O4 – HKUSS-1-5-21-1460372796-1414826035-3659446440-1001..Run: [AlcoholAutomount] . (.Alcohol Soft Development Team – Alcohol Virtual Drive Auto-mount Service.) — C:Program Files (x86)Alcohol SoftAlcohol 52AxAutoMntSrv.exe
    ~ Application: Scanned in 00mn 00s

    —\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
    O5 – control.ini: [HKLM..Control Panel] inetcpl.cpl=no
    ~ IE Control Panel: 1 Scanned in 00mn 00s

    —\ Winsock hijacker (Layered Service Provider) (O10)
    O10 – WLSP:00000000001Winsock LSP File . (.Microsoft Corporation – Fournisseur Shim d’affectation de noms de messagerie.) — C:windowssystem32napinsp.dll
    O10 – WLSP:00000000002Winsock LSP File . (.Microsoft Corporation – Fournisseur d’espace de noms PNRP.) — C:windowssystem32pnrpnsp.dll
    O10 – WLSP:00000000003Winsock LSP File . (.Microsoft Corporation – Fournisseur d’espace de noms PNRP.) — C:windowssystem32pnrpnsp.dll
    O10 – WLSP:00000000004Winsock LSP File . (.Microsoft Corporation – Network Location Awareness 2.) — C:windowssystem32NLAapi.dll
    O10 – WLSP:00000000005Winsock LSP File . (.Microsoft Corporation – Fournisseur de service Sockets 2.0 de Microsoft Windows.) — C:windowssystem32mswsock.dll =>.Microsoft Corporation
    O10 – WLSP:00000000006Winsock LSP File . (.Microsoft Corporation – LDAP RnR Provider DLL.) — C:windowssystem32winrnr.dll
    ~ Winsock: 6 Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{6BF73DD6-8C88-4E36-9547-56596667AF3C}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCS1ServicesTcpip..{6BF73DD6-8C88-4E36-9547-56596667AF3C}: DhcpNameServer = 192.168.1.254
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.254
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg [64Bits] – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (…) —
    O18 – Filter: application/x-msdownload [64Bits] – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
    O21 – SSODL: WebCheck – {E6FB5E20-DE35-11CF-9C87-00AA005127ED} – CLSID or File not found.
    ~ SSODL: 1 Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: (AMD External Events Utility) . (.AMD – AMD External Events Service Module.) – C:WindowsSystem32atiesrxx.exe
    O23 – Service: ASUS Com Service (asComSvc) . (…) – C:Program Files (x86)ASUSAXSP1.02.00atkexComSvc.exe
    O23 – Service: ASUS HM Com Service (asHmComSvc) . (.ASUSTeK Computer Inc. – Pas de description.) – C:Program Files (x86)ASUSAAHM1.00.22aaHMSvc.exe
    O23 – Service: ASUS System Control Service (AsSysCtrlService) . (…) – C:Program Files (x86)ASUSAsSysCtrlService1.00.22AsSysCtrlService.exe
    O23 – Service: AsusFanControlService (AsusFanControlService) . (.ASUSTeK Computer Inc. – ASUS Motherboard Fan Control Service.) – C:Program Files (x86)ASUSAsusFanControlService1.06.01AsusFanControlService.exe
    O23 – Service: Alcohol Virtual Drive Auto-mount Service (AxAutoMntSrv) . (.Alcohol Soft Development Team – Alcohol Virtual Drive Auto-mount Service.) – C:Program Files (x86)Alcohol SoftAlcohol 52AxAutoMntSrv.exe
    O23 – Service: DTSAudioSvc (DTSAudioSvc) . (.DTS, Inc – DTS Audio Service.) – C:Program FilesRealtekAudioHDADTSU2PAuSrv64.exe
    O23 – Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation – IAStorDataSvc.) – C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    O23 – Service: Intel(R) PROSet Monitoring Service (Intel(R) PROSet Monitoring Service) . (.Intel Corporation – Intel® PROSet Monitoring Service.) – C:windowssystem32IProsetMonitor.exe
    O23 – Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) . (.Intel Corporation – Intel(R) Dynamic Application Loader Host In.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
    O23 – Service: Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation – Intel(R) Local Management Service.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    O23 – Service: PnkBstrA (PnkBstrA) . (…) – C:windowssystem32PnkBstrA.exe
    O23 – Service: Samsung RAPID Mode Service (SamsungRapidSvc) . (.Samsung Electronics Co., Ltd. – Samsung RAPID Mode Service.) – C:WindowsSystem32RAPIDSamsungRapidSvc.exe
    O23 – Service: Skype Updater (SkypeUpdate) . (.Skype Technologies – Skype Updater Service.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
    ~ Services: 14 Scanned in 00mn 00s

    —\ Enumération Active Desktop & MHTML Editor (O24)
    O24 – Default MHTML Editor: Last – .(…) – (.not file.)
    ~ Desktop Component: 4 Scanned in 00mn 00s

    —\ Enumère les données de BootExecute (BEX) (O34)
    O34 – HKLM BootExecute: (autocheck autochk *) – File not found
    ~ BEX: 1 Scanned in 00mn 00s

    —\ Composants installés (ActiveSetup Installed Components) (O40)
    O40 – ASIC: Microsoft Windows Media Player [64Bits] – >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation – Ressources du Lecteur Windows Media.) — C:WindowsSystem32wmploc.dll =>.Microsoft Corporation
    O40 – ASIC: Microsoft Windows Media Player 12.0 [64Bits] – {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation – Windows Media Player Extension.) — C:WindowsSysWOW64wmpdxm.dll =>.Microsoft Corporation
    O40 – ASIC: Themes Setup [64Bits] – {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation – API Windows Theme.) — C:WindowsSystem32themeui.dll
    O40 – ASIC: Microsoft Windows [64Bits] – {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation – Windows Mail.) — C:Program Files (x86)Windows MailWinMail.exe =>.Microsoft Corporation
    O40 – ASIC: Browsing Enhancements [64Bits] – {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation – Extension Shell dossier FTP Microsoft Internet Explorer..) — C:WindowsSystem32msieftp.dll
    O40 – ASIC: Microsoft Windows Media Player [64Bits] – {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation – Ressources du Lecteur Windows Media.) — C:WindowsSystem32wmploc.dll =>.Microsoft Corporation
    O40 – ASIC: Windows Desktop Update [64Bits] – {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation – DLL commune du shell Windows.) — C:WindowsSystem32shell32.dll
    O40 – ASIC: Web Platform Customizations [64Bits] – {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation – Utilitaire d'initialisation d'Internet Explorer par utilisateur.) — C:WindowsSystem32ie4uinit.exe
    O40 – ASIC: (no name) [64Bits] – {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation – Microsoft .NET IE SECURITY REGISTRATION.) — C:WindowsSystem32mscories.dll
    ~ Active Setup: 9 Scanned in 00mn 00s

    —\ Pilotes lancés au démarrage du système (O41)
    O41 – Driver: C:WindowsSystem32driversafd.sys (AFD) . (.Microsoft Corporation – Pilote de fonction connexe pour WinSock.) – C:Windowssystem32driversafd.sys
    O41 – Driver: C:WindowsSystem32driversahcache.sys (ahcache) . (.Microsoft Corporation – Application Compatibility Cache.) – C:WindowsSystem32DRIVERSahcache.sys
    O41 – Driver: (AsIO) . (…) – C:WindowsSyswow64driversAsIO.sys
    O41 – Driver: (AsUpIO) . (…) – C:WindowsSyswow64driversAsUpIO.sys
    O41 – Driver: (BasicDisplay) . (.Microsoft Corporation – Microsoft Basic Display Driver.) – C:Windowssystem32driversBasicDisplay.sys
    O41 – Driver: (BasicRender) . (.Microsoft Corporation – Microsoft Basic Render Driver.) – C:Windowssystem32driversBasicRender.sys
    O41 – Driver: cdrom.inf (cdrom) . (.Microsoft Corporation – SCSI CD-ROM Driver.) – C:Windowssystem32driverscdrom.sys
    O41 – Driver: C:WindowsSystem32driversdam.sys (dam) . (.Microsoft Corporation – DAM Kernel Driver.) – C:WindowsSystem32driversdam.sys
    O41 – Driver: C:WindowsSystem32wkssvc.dll (Dfsc) . (.Microsoft Corporation – DFS Namespace Client Driver.) – C:WindowsSystem32Driversdfsc.sys
    O41 – Driver: mssmbios.inf (mssmbios) . (.Microsoft Corporation – System Management BIOS Driver.) – C:Windowssystem32driversmssmbios.sys
    O41 – Driver: netnb.inf (NetBIOS) . (.Microsoft Corporation – NetBIOS interface driver.) – C:WindowsSystem32DRIVERSnetbios.sys
    O41 – Driver: C:WindowsSystem32driversnetbt.sys (NetBT) . (.Microsoft Corporation – MBT Transport driver.) – C:WindowsSystem32DRIVERSnetbt.sys
    O41 – Driver: npsvctrig.inf (npsvctrig) . (.Microsoft Corporation – Named pipe service triggers.) – C:Windowssystem32driversnpsvctrig.sys
    O41 – Driver: C:WindowsSystem32driversnsiproxy.sys (nsiproxy) . (.Microsoft Corporation – NSI Proxy.) – C:WindowsSystem32driversnsiproxy.sys
    O41 – Driver: C:WindowsSystem32driverspacer.sys (Psched) . (.Microsoft Corporation – Planificateur de paquets QoS.) – C:Windowssystem32DRIVERSpacer.sys
    O41 – Driver: C:WindowsSystem32wkssvc.dll (rdbss) . (.Microsoft Corporation – Pilote du sous-système de mise en mémoire t.) – C:WindowsSystem32DRIVERSrdbss.sys
    O41 – Driver: C:WindowsSystem32tcpipcfg.dll (tdx) . (.Microsoft Corporation – TDI Translation Driver.) – C:Windowssystem32DRIVERStdx.sys
    ~ Drivers: 34 Scanned in 00mn 00s

    —\ Logiciels installés (O42)
    O42 – Logiciel: 7-Zip 9.20 (x64 edition) – (.Igor Pavlov.) [HKLM][64Bits] — {23170F69-40C1-2702-0920-000001000000}
    O42 – Logiciel: AI Suite 3 – (.ASUSTeK Computer Inc..) [HKLM][64Bits] — {D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}
    O42 – Logiciel: AMD Accelerated Video Transcoding – (.Advanced Micro Devices, Inc..) [HKLM][64Bits] — {ABD878B8-E7E3-2BC4-5A95-478133DCFFC3}
    O42 – Logiciel: AMD Catalyst Install Manager – (.Advanced Micro Devices, Inc..) [HKLM][64Bits] — {6119B3A6-3603-9695-0398-CDF2AF0A13F8}
    O42 – Logiciel: Adobe Flash Player 15 Plugin – (.Adobe Systems Incorporated.) [HKLM][64Bits] — Adobe Flash Player Plugin
    O42 – Logiciel: Battlefield 4™ – (.Electronic Arts.) [HKLM][64Bits] — {ABADE36E-EC37-413B-8179-B432AD3FACE7}
    O42 – Logiciel: Battlelog Web Plugins – (.EA Digital Illusions CE AB.) [HKLM][64Bits] — Battlelog Web Plugins
    O42 – Logiciel: Bulk Rename Utility 2.7.1.3 – (.TGRMN Software.) [HKLM][64Bits] — Bulk Rename Utility_is1
    O42 – Logiciel: CCleaner – (.Piriform.) [HKLM][64Bits] — CCleaner
    O42 – Logiciel: Call of Duty Advanced Warfare – (…) [HKLM][64Bits] — Call of Duty Advanced Warfare_is1
    O42 – Logiciel: Catalyst Control Center – Branding – (.Advanced Micro Devices, Inc..) [HKLM][64Bits] — {25A3B953-1423-3F15-640E-B620DD0F419A}
    O42 – Logiciel: D3DX10 – (.Microsoft.) [HKLM][64Bits] — {E09C4DB7-630C-4F06-A631-8EA7239923AF}
    O42 – Logiciel: FileBot – (.Reinhard Pointner.) [HKLM][64Bits] — {15003E45-BBE8-4CAE-AA60-A56E3FC4E9BB}
    O42 – Logiciel: Galerie de photos – (.Microsoft Corporation.) [HKLM][64Bits] — {446CC8CE-0E90-44F7-ADD0-774B243EF090}
    O42 – Logiciel: Gauntlet™ – (.Arrowhead Game Studios.) [HKLM][64Bits] — Steam App 258970
    O42 – Logiciel: Intel(R) Chipset Device Software – (.Intel Corporation.) [HKLM][64Bits] — {46C478DE-C381-4200-9627-0DA025B555EB}
    O42 – Logiciel: Intel(R) Management Engine Components – (.Intel Corporation.) [HKLM][64Bits] — {1CEAC85D-2590-4760-800F-8DE5E91F3700}
    O42 – Logiciel: Intel(R) Management Engine Components – (.Intel Corporation.) [HKLM][64Bits] — {D4FC649C-0247-4873-930D-D9E6904DCAF5}
    O42 – Logiciel: Intel(R) Management Engine Components – (.Intel Corporation.) [HKLM][64Bits] — {E1CBE9A2-1323-488E-9F3B-736DF6399F38}
    O42 – Logiciel: Intel(R) Network Connections 19.1.51.0 – (.Intel.) [HKLM][64Bits] — PROSetDX
    O42 – Logiciel: Intel(R) Network Connections 19.1.51.0 – (.Intel.) [HKLM][64Bits] — {FD42EE05-18F9-459F-935D-770E75B3BEE5}
    O42 – Logiciel: Intel(R) Rapid Storage Technology – (.Intel Corporation.) [HKLM][64Bits] — {409CB30E-E457-4008-9B1A-ED1B9EA21140}
    O42 – Logiciel: Intel(R) Rapid Storage Technology – (.Intel Corporation.) [HKLM][64Bits] — {EAF826C0-245E-4D02-9D51-BA4C98717EAE}
    O42 – Logiciel: Intel® Trusted Connect Service Client – (.Intel Corporation.) [HKLM][64Bits] — {3DE97849-544D-4D68-9255-11DF6F9F10D8}
    O42 – Logiciel: Java 7 Update 67 (64-bit) – (.Oracle.) [HKLM][64Bits] — {26A24AE4-039D-4CA4-87B4-2F06417067FF}
    O42 – Logiciel: K-Lite Codec Pack 10.6.5 Basic – (…) [HKLM][64Bits] — KLiteCodecPack_is1
    O42 – Logiciel: Logiciel pour périphérique à chipset Intel® – (.Intel(R) Corporation.) [HKLM][64Bits] — {4a87bd28-a855-4a8d-b133-60ca8ccffd30}
    O42 – Logiciel: Logitech – Assistant pour jeux vidéo 8.55 – (.Logitech Inc..) [HKLM][64Bits] — Logitech Gaming Software =>.Logitech Inc
    O42 – Logiciel: Logitech Gaming Software – (.Logitech Inc..) [HKLM][64Bits] — {690285C2-2481-44FB-8402-162EA970A6DD} =>.Logitech Inc
    O42 – Logiciel: MSVCRT – (.Microsoft.) [HKLM][64Bits] — {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
    O42 – Logiciel: MSVCRT110 – (.Microsoft.) [HKLM][64Bits] — {8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
    O42 – Logiciel: MSVCRT110_amd64 – (.Microsoft.) [HKLM][64Bits] — {E9FA781F-3E80-4399-825A-AD3E11C28C77}
    O42 – Logiciel: Microsoft OneDrive – (.Microsoft Corporation.) [HKCU][64Bits] — OneDriveSetup.exe
    O42 – Logiciel: Microsoft Silverlight – (.Microsoft Corporation.) [HKLM][64Bits] — {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    O42 – Logiciel: Mumble 1.2.8 – (.Thorvald Natvig.) [HKLM][64Bits] — {5D198290-6E7D-426C-9AF0-8DA34CC7E596}
    O42 – Logiciel: NVIDIA PhysX – (.NVIDIA Corporation.) [HKLM][64Bits] — {8B922CF8-8A6C-41CE-A858-F1755D7F5D29}
    O42 – Logiciel: Naruto Shippuden Ultimate Ninja Storm Revolution – (…) [HKLM][64Bits] — Naruto Shippuden Ultimate Ninja Storm Revolution_is1
    O42 – Logiciel: Nexus Mod Manager – (.Black Tree Gaming.) [HKLM][64Bits] — 6af12c54-643b-4752-87d0-8335503010de_is1
    O42 – Logiciel: NiouzeFire+ version 1.7.3 – (.IdeoSi.) [HKLM][64Bits] — {A7E871FF-2989-4F74-8576-C3F8F4664A72}_is1
    O42 – Logiciel: Nostromo – (.Nom de votre société.) [HKLM][64Bits] — {548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}
    O42 – Logiciel: Origin – (.Electronic Arts, Inc..) [HKLM][64Bits] — Origin
    O42 – Logiciel: PunkBuster Services – (.Even Balance, Inc..) [HKLM][64Bits] — PunkBusterSvc
    O42 – Logiciel: RAPID Mode – (.Samsung Electronics Co., Ltd..) [HKLM][64Bits] — {2806889C-B2E7-4B91-898B-4C3198BD258F}
    O42 – Logiciel: Realtek High Definition Audio Driver – (.Realtek Semiconductor Corp..) [HKLM][64Bits] — {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
    O42 – Logiciel: Samsung Magician – (.Samsung Electronics.) [HKLM][64Bits] — {29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1
    O42 – Logiciel: Skype™ 6.21 – (.Skype Technologies S.A..) [HKLM][64Bits] — {24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}
    O42 – Logiciel: Steam – (.Valve Corporation.) [HKLM][64Bits] — {048298C9-A4D3-490B-9FF9-AB023A9238F3}
    O42 – Logiciel: Supercopier 4.0.1.13 – (.Supercopier.) [HKLM][64Bits] — Supercopier
    O42 – Logiciel: Uplay – (.Ubisoft.) [HKLM][64Bits] — Uplay
    O42 – Logiciel: VLC media player – (.VideoLAN.) [HKLM][64Bits] — VLC media player =>.VideoLAN
    O42 – Logiciel: WBFS Manager 3.0 – (.AlexDP.) [HKLM][64Bits] — WBFS Manager 3.0
    O42 – Logiciel: Xilisoft Convertisseur Vidéo Ultimate – (.Xilisoft.) [HKLM][64Bits] — Xilisoft Convertisseur Vidéo Ultimate
    O42 – Logiciel: Xilisoft Video Converter 7 Ultimate – (.Xilisoft Video Converter 7 Ultimate.) [HKLM][64Bits] — Xilisoft Video Converter 7 Ultimate
    ~ Logic: 48 Scanned in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftware7-Zip]
    [HKCUSoftwareATI]
    [HKCUSoftwareAkeo Consulting]
    [HKCUSoftwareAlcohol Soft]
    [HKCUSoftwareAlcoholSoftGen]
    [HKCUSoftwareAppDataLowSoftwareJavaSoft]
    [HKCUSoftwareAppDataLow]
    [HKCUSoftwareBelkin]
    [HKCUSoftwareBlizzard Entertainment]
    [HKCUSoftwareCD Projekt RED]
    [HKCUSoftwareClasses]
    [HKCUSoftwareClients]
    [HKCUSoftwareDSS]
    [HKCUSoftwareDropbox]
    [HKCUSoftwareElectronic Arts]
    [HKCUSoftwareFilefacts]
    [HKCUSoftwareGabest]
    [HKCUSoftwareIM Providers]
    [HKCUSoftwareIcaros]
    [HKCUSoftwareIdeoSi]
    [HKCUSoftwareJavaSoft]
    [HKCUSoftwareJeu]
    [HKCUSoftwareLogitech]
    [HKCUSoftwareMPC-HC]
    [HKCUSoftwareMacromedia]
    [HKCUSoftwareMozilla]
    [HKCUSoftwareMumble]
    [HKCUSoftwarePiriform]
    [HKCUSoftwarePolicies]
    [HKCUSoftwarePopcorn Time]
    [HKCUSoftwareQtProject]
    [HKCUSoftwareQuickPar]
    [HKCUSoftwareRealtek]
    [HKCUSoftwareRegisteredApplications]
    [HKCUSoftwareSkype]
    [HKCUSoftwareSmart File Advisor]
    [HKCUSoftwareTGRMN Software]
    [HKCUSoftwareTrolltech]
    [HKCUSoftwareUltracopier]
    [HKCUSoftwareVB and VBA Program Settings]
    [HKCUSoftwareValve]
    [HKCUSoftwareWow6432Node]
    [HKCUSoftwareXilisoft]
    [HKCUSoftwareZebHelpProcess Helper]
    [HKLMSoftware7-Zip]
    [HKLMSoftwareAGEIA Technologies]
    [HKLMSoftwareAMD]
    [HKLMSoftwareATI Technologies]
    [HKLMSoftwareATI]
    [HKLMSoftwareAlienware]
    [HKLMSoftwareClasses]
    [HKLMSoftwareClients]
    [HKLMSoftwareDTS]
    [HKLMSoftwareDolby]
    [HKLMSoftwareEA Games]
    [HKLMSoftwareIM Providers]
    [HKLMSoftwareIcaros]
    [HKLMSoftwareIntel]
    [HKLMSoftwareJavaSoft]
    [HKLMSoftwareKhronos]
    [HKLMSoftwareKnowles]
    [HKLMSoftwareLAV64]
    [HKLMSoftwareLogitech]
    [HKLMSoftwareMCCI]
    [HKLMSoftwareMacromedia]
    [HKLMSoftwareMozillaPlugins]
    [HKLMSoftwareMozilla]
    [HKLMSoftwareNahimic]
    [HKLMSoftwareNuance]
    [HKLMSoftwareODBC]
    [HKLMSoftwarePiriform]
    [HKLMSoftwarePolicies]
    [HKLMSoftwareRAPID]
    [HKLMSoftwareRealtek]
    [HKLMSoftwareRegisteredApplications]
    [HKLMSoftwareSRS Labs]
    [HKLMSoftwareSonicFocus]
    [HKLMSoftwareWaves Audio]
    [HKLMSoftwareWow6432NodeAGEIA Technologies]
    [HKLMSoftwareWow6432NodeASUS]
    [HKLMSoftwareWow6432NodeATI Technologies]
    [HKLMSoftwareWow6432NodeATI]
    [HKLMSoftwareWow6432NodeAdwCleaner]
    [HKLMSoftwareWow6432NodeAlcohol Soft]
    [HKLMSoftwareWow6432NodeBioWare]
    [HKLMSoftwareWow6432NodeBlizzard Entertainment]
    [HKLMSoftwareWow6432NodeClasses]
    [HKLMSoftwareWow6432NodeClients]
    [HKLMSoftwareWow6432NodeEA Games]
    [HKLMSoftwareWow6432NodeESN Launcher]
    [HKLMSoftwareWow6432NodeESN Sonar-0.70.4]
    [HKLMSoftwareWow6432NodeElectronic Arts]
    [HKLMSoftwareWow6432NodeEven Balance]
    [HKLMSoftwareWow6432NodeGoogle]
    [HKLMSoftwareWow6432NodeIM Providers]
    [HKLMSoftwareWow6432NodeIntel]
    [HKLMSoftwareWow6432NodeKLCodecPack]
    [HKLMSoftwareWow6432NodeKhronos]
    [HKLMSoftwareWow6432NodeLAV]
    [HKLMSoftwareWow6432NodeMacromedia]
    [HKLMSoftwareWow6432NodeMimarSinan]
    [HKLMSoftwareWow6432NodeMozillaPlugins]
    [HKLMSoftwareWow6432NodeMozilla]
    [HKLMSoftwareWow6432NodeNVIDIA Corporation]
    [HKLMSoftwareWow6432NodeNuance]
    [HKLMSoftwareWow6432NodeODBC]
    [HKLMSoftwareWow6432NodeOrigin Games]
    [HKLMSoftwareWow6432NodePolicies]
    [HKLMSoftwareWow6432NodeRealtek Semiconductor Corp.]
    [HKLMSoftwareWow6432NodeRealtek]
    [HKLMSoftwareWow6432NodeRegisteredApplications]
    [HKLMSoftwareWow6432NodeSamsung Magician]
    [HKLMSoftwareWow6432NodeSkype]
    [HKLMSoftwareWow6432NodeSmart File Advisor]
    [HKLMSoftwareWow6432NodeUbisoft]
    [HKLMSoftwareWow6432NodeValve]
    [HKLMSoftwareWow6432NodeVideoLAN]
    [HKLMSoftwareWow6432NodeXilisoft]
    [HKLMSoftwareWow6432Nodemozilla.org]
    [HKLMSoftwareWow6432Node]
    [HKLMSoftwareYamaha APO]
    ~ Key Software: 227 Scanned in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 02/11/2014 – 16:59:57 – [0] —-D C:Program Files (x86)AGEIA Technologies
    O43 – CFD: 03/10/2014 – 18:51:37 – [] —-D C:Program Files (x86)Alcohol Soft
    O43 – CFD: 12/09/2014 – 14:13:44 – [] —-D C:Program Files (x86)AMD AVT
    O43 – CFD: 27/09/2014 – 01:41:37 – [] —-D C:Program Files (x86)ASUS
    O43 – CFD: 12/09/2014 – 14:13:29 – [] —-D C:Program Files (x86)ATI Technologies
    O43 – CFD: 26/09/2014 – 18:37:32 – [] —-D C:Program Files (x86)Battlelog Web Plugins
    O43 – CFD: 19/09/2014 – 18:11:31 – [] —-D C:Program Files (x86)Belkin
    O43 – CFD: 22/09/2014 – 18:19:38 – [] —-D C:Program Files (x86)Common Files
    O43 – CFD: 27/09/2014 – 01:42:09 – [] –H-D C:Program Files (x86)InstallShield Installation Information
    O43 – CFD: 27/09/2014 – 01:41:41 – [] —-D C:Program Files (x86)Intel
    O43 – CFD: 11/09/2014 – 09:39:21 – [] —-D C:Program Files (x86)Internet Explorer
    O43 – CFD: 26/09/2014 – 18:16:08 – [] —-D C:Program Files (x86)K-Lite Codec Pack
    O43 – CFD: 27/09/2014 – 00:44:07 – [] —-D C:Program Files (x86)Microsoft Silverlight
    O43 – CFD: 11/09/2014 – 07:34:29 – [] —-D C:Program Files (x86)Microsoft SkyDrive =>.Microsoft Corporation
    O43 – CFD: 11/09/2014 – 07:34:38 – [] —-D C:Program Files (x86)Microsoft SQL Server Compact Edition
    O43 – CFD: 22/08/2013 – 16:36:30 – [] —-D C:Program Files (x86)Microsoft.NET
    O43 – CFD: 11/09/2014 – 07:34:14 – [] —-D C:Program Files (x86)MSBuild
    O43 – CFD: 30/09/2014 – 12:38:15 – [] —-D C:Program Files (x86)Mumble
    O43 – CFD: 18/09/2014 – 19:02:03 – [] —-D C:Program Files (x86)NiouzeFire+
    O43 – CFD: 02/11/2014 – 16:59:57 – [] —-D C:Program Files (x86)NVIDIA Corporation
    O43 – CFD: 11/10/2014 – 10:06:25 – [] —-D C:Program Files (x86)RAPID
    O43 – CFD: 18/09/2014 – 18:59:16 – [] —-D C:Program Files (x86)Razer
    O43 – CFD: 12/09/2014 – 13:36:21 – [] —-D C:Program Files (x86)Realtek
    O43 – CFD: 11/09/2014 – 07:34:14 – [] —-D C:Program Files (x86)Reference Assemblies
    O43 – CFD: 20/09/2014 – 14:52:40 – [] —-D C:Program Files (x86)Samsung Magician
    O43 – CFD: 22/09/2014 – 18:19:38 – [] R—D C:Program Files (x86)Skype
    O43 – CFD: 16/09/2014 – 18:15:33 – [] —-D C:Program Files (x86)Supercopier
    O43 – CFD: 12/09/2014 – 13:37:13 – [0] –H-D C:Program Files (x86)Temp
    O43 – CFD: 18/09/2014 – 18:51:52 – [] —-D C:Program Files (x86)VideoLAN
    O43 – CFD: 11/09/2014 – 08:05:57 – [] —-D C:Program Files (x86)Windows Defender
    O43 – CFD: 11/09/2014 – 07:34:37 – [] —-D C:Program Files (x86)Windows Live
    O43 – CFD: 18/03/2014 – 10:26:19 – [] —-D C:Program Files (x86)Windows Mail =>.Microsoft Corporation
    O43 – CFD: 18/03/2014 – 11:28:58 – [] —-D C:Program Files (x86)Windows Media Player =>.Microsoft Corporation
    O43 – CFD: 18/03/2014 – 11:28:58 – [] —-D C:Program Files (x86)Windows Multimedia Platform
    O43 – CFD: 22/08/2013 – 16:36:30 – [] —-D C:Program Files (x86)Windows NT
    O43 – CFD: 18/03/2014 – 10:26:19 – [] —-D C:Program Files (x86)Windows Photo Viewer
    O43 – CFD: 18/03/2014 – 11:28:58 – [] —-D C:Program Files (x86)Windows Portable Devices
    O43 – CFD: 22/08/2013 – 16:36:30 – [] -SH-D C:Program Files (x86)Windows Sidebar
    O43 – CFD: 22/08/2013 – 16:36:30 – [] —-D C:Program Files (x86)WindowsPowerShell
    O43 – CFD: 15/11/2014 – 16:25:17 – [] —-D C:Program Files (x86)Xilisoft
    O43 – CFD: 15/11/2014 – 16:24:57 – [] —-D C:Program Files (x86)Xilisoft Video Converter 7 Ultimate
    O43 – CFD: 15/11/2014 – 20:58:06 – [] —-D C:Program Files (x86)ZHPDiag =>.Nicolas Coolman
    O43 – CFD: 12/09/2014 – 14:13:44 – [] —-D C:Program Files (x86)Common FilesATI Technologies
    O43 – CFD: 20/09/2014 – 16:16:40 – [] –H-D C:Program Files (x86)Common FilesEAInstaller
    O43 – CFD: 27/09/2014 – 01:41:29 – [] —-D C:Program Files (x86)Common FilesInstallShield
    O43 – CFD: 12/09/2014 – 14:11:32 – [] —-D C:Program Files (x86)Common FilesIntel Corporation
    O43 – CFD: 20/09/2014 – 16:54:34 – [] —-D C:Program Files (x86)Common FilesMicrosoft Shared
    O43 – CFD: 12/09/2014 – 14:10:36 – [] —-D C:Program Files (x86)Common FilesPostureAgent
    O43 – CFD: 22/08/2013 – 16:36:33 – [] —-D C:Program Files (x86)Common FilesServices
    O43 – CFD: 22/09/2014 – 18:19:38 – [] —-D C:Program Files (x86)Common FilesSkype
    O43 – CFD: 02/11/2014 – 13:28:11 – [] —-D C:Program Files (x86)Common FilesSteam
    O43 – CFD: 18/03/2014 – 10:26:19 – [] —-D C:Program Files (x86)Common FilesSystem
    O43 – CFD: 11/09/2014 – 07:34:21 – [] —-D C:Program Files (x86)Common FilesWindows Live
    O43 – CFD: 12/09/2014 – 14:13:45 – [] —-D C:ProgramDataAMD
    O43 – CFD: 22/08/2013 – 15:45:52 – [] -SH-D C:ProgramDataApplication Data
    O43 – CFD: 27/09/2014 – 01:42:42 – [] —-D C:ProgramDataASUS
    O43 – CFD: 12/09/2014 – 14:47:14 – [] —-D C:ProgramDataATI
    O43 – CFD: 20/09/2014 – 15:01:28 – [] —-D C:ProgramDataBattle.net
    O43 – CFD: 20/09/2014 – 15:02:38 – [] —-D C:ProgramDataBlizzard Entertainment
    O43 – CFD: 12/09/2014 – 14:47:54 – [] -SH-D C:ProgramDataBureau
    O43 – CFD: 22/08/2013 – 15:45:52 – [] -SH-D C:ProgramDataDesktop
    O43 – CFD: 22/08/2013 – 15:45:52 – [] -SH-D C:ProgramDataDocuments
    O43 – CFD: 21/09/2014 – 10:13:32 – [] —-D C:ProgramDataElectronic Arts
    O43 – CFD: 12/09/2014 – 14:10:36 – [] —-D C:ProgramDataIntel
    O43 – CFD: 22/09/2014 – 17:53:19 – [] —-D C:ProgramDataLogiShrd
    O43 – CFD: 15/11/2014 – 20:23:03 – [] —-D C:ProgramDataMalwarebytes
    O43 – CFD: 12/09/2014 – 14:47:54 – [] -SH-D C:ProgramDataMenu Démarrer
    O43 – CFD: 22/09/2014 – 18:31:33 – [] -S–D C:ProgramDataMicrosoft
    O43 – CFD: 22/09/2014 – 17:51:36 – [] —-D C:ProgramDataMicrosoft OneDrive
    O43 – CFD: 11/09/2014 – 07:34:23 – [] —-D C:ProgramDataMicrosoft SkyDrive =>.Microsoft Corporation
    O43 – CFD: 12/09/2014 – 14:47:54 – [] -SH-D C:ProgramDataModèles
    O43 – CFD: 10/11/2014 – 17:10:23 – [] —-D C:ProgramDataOrigin
    O43 – CFD: 30/09/2014 – 09:52:13 – [] —-D C:ProgramDataPackage Cache
    O43 – CFD: 15/11/2014 – 19:31:36 – [] -SH-D C:ProgramDataRealtek Audio
    O43 – CFD: 18/03/2014 – 10:41:33 – [] —-D C:ProgramDataregid.1991-06.com.microsoft
    O43 – CFD: 18/09/2014 – 20:09:03 – [] —-D C:ProgramDataSamsung
    O43 – CFD: 02/11/2014 – 22:12:48 – [] —-D C:ProgramDataSkype
    O43 – CFD: 22/08/2013 – 15:45:52 – [] -SH-D C:ProgramDataStart Menu
    O43 – CFD: 11/11/2014 – 19:47:48 – [] —-D C:ProgramDataSteam
    O43 – CFD: 22/08/2013 – 15:45:52 – [] -SH-D C:ProgramDataTemplates
    O43 – CFD: 15/11/2014 – 16:25:17 – [] —-D C:ProgramDataXilisoft
    O43 – CFD: 15/11/2014 – 16:24:57 – [] –H-D C:ProgramData{9F04E980-4B91-45B3-82F9-526C44BD34D2}
    O43 – CFD: 16/09/2014 – 18:03:58 – [] —-D C:UsersPeteAppDataRoamingAdobe
    O43 – CFD: 02/11/2014 – 16:59:59 – [] —-D C:UsersPeteAppDataRoamingArrowhead
    O43 – CFD: 16/09/2014 – 18:04:13 – [] —-D C:UsersPeteAppDataRoamingATI
    O43 – CFD: 20/09/2014 – 15:04:03 – [] —-D C:UsersPeteAppDataRoamingBattle.net
    O43 – CFD: 19/09/2014 – 18:11:37 – [] —-D C:UsersPeteAppDataRoamingBelkin
    O43 – CFD: 18/09/2014 – 18:52:55 – [] —-D C:UsersPeteAppDataRoamingDropbox
    O43 – CFD: 28/09/2014 – 11:31:47 – [] —-D C:UsersPeteAppDataRoamingFileBot
    O43 – CFD: 16/09/2014 – 18:05:12 – [] —-D C:UsersPeteAppDataRoamingIntel Corporation
    O43 – CFD: 22/09/2014 – 17:52:43 – [] —-D C:UsersPeteAppDataRoamingLogishrd
    O43 – CFD: 22/09/2014 – 17:52:43 – [] —-D C:UsersPeteAppDataRoamingLogitech
    O43 – CFD: 26/09/2014 – 17:55:37 – [] —-D C:UsersPeteAppDataRoamingMacromedia
    O43 – CFD: 22/09/2014 – 18:38:38 – [] -S–D C:UsersPeteAppDataRoamingMicrosoft
    O43 – CFD: 10/11/2014 – 17:10:06 – [] —-D C:UsersPeteAppDataRoamingMumble
    O43 – CFD: 20/09/2014 – 15:38:43 – [] —-D C:UsersPeteAppDataRoamingOrigin
    O43 – CFD: 15/11/2014 – 16:25:02 – [] —-D C:UsersPeteAppDataRoamingRealtek
    O43 – CFD: 15/11/2014 – 19:04:54 – [] —-D C:UsersPeteAppDataRoamingSkype
    O43 – CFD: 03/10/2014 – 19:07:51 – [] —-D C:UsersPeteAppDataRoamingSteam
    O43 – CFD: 15/11/2014 – 19:03:24 – [] —-D C:UsersPeteAppDataRoamingvlc
    O43 – CFD: 15/11/2014 – 16:25:34 – [] —-D C:UsersPeteAppDataRoamingXilisoft
    O43 – CFD: 15/11/2014 – 21:04:23 – [] —-D C:UsersPeteAppDataRoamingZHP =>.Nicolas Coolman
    O43 – CFD: 26/09/2014 – 17:32:56 – [0] —-D C:UsersPeteAppDataLocalAdobe
    O43 – CFD: 16/09/2014 – 18:03:57 – [] -SH-D C:UsersPeteAppDataLocalApplication Data
    O43 – CFD: 18/10/2014 – 16:54:37 – [] —-D C:UsersPeteAppDataLocalApps
    O43 – CFD: 16/09/2014 – 18:04:13 – [] —-D C:UsersPeteAppDataLocalATI
    O43 – CFD: 15/11/2014 – 19:04:19 – [] —-D C:UsersPeteAppDataLocalBattle.net
    O43 – CFD: 20/09/2014 – 17:04:33 – [] —-D C:UsersPeteAppDataLocalBlack_Tree_Gaming
    O43 – CFD: 21/09/2014 – 15:00:12 – [] —-D C:UsersPeteAppDataLocalBlizzard
    O43 – CFD: 20/09/2014 – 15:02:45 – [] —-D C:UsersPeteAppDataLocalBlizzard Entertainment
    O43 – CFD: 15/11/2014 – 20:16:05 – [0] —-D C:UsersPeteAppDataLocalDeployment
    O43 – CFD: 15/11/2014 – 20:19:54 – [] —-D C:UsersPeteAppDataLocalDiagnostics
    O43 – CFD: 19/09/2014 – 18:11:09 – [] —-D C:UsersPeteAppDataLocalDownloaded Installations
    O43 – CFD: 15/11/2014 – 20:20:09 – [] —-D C:UsersPeteAppDataLocalElevatedDiagnostics
    O43 – CFD: 18/09/2014 – 17:38:36 – [] -SH-D C:UsersPeteAppDataLocalEmieSiteList
    O43 – CFD: 18/09/2014 – 17:38:36 – [] -SH-D C:UsersPeteAppDataLocalEmieUserList
    O43 – CFD: 21/09/2014 – 10:11:14 – [] —-D C:UsersPeteAppDataLocalESN
    O43 – CFD: 16/09/2014 – 18:03:57 – [] -SH-D C:UsersPeteAppDataLocalHistorique
    O43 – CFD: 21/09/2014 – 09:53:16 – [] —-D C:UsersPeteAppDataLocalIdeoSi
    O43 – CFD: 15/11/2014 – 16:24:57 – [] —-D C:UsersPeteAppDataLocalIII
    O43 – CFD: 22/09/2014 – 17:53:18 – [] —-D C:UsersPeteAppDataLocalLogitech
    O43 – CFD: 26/09/2014 – 17:59:04 – [] —-D C:UsersPeteAppDataLocalMacromedia
    O43 – CFD: 03/10/2014 – 18:49:58 – [] —-D C:UsersPeteAppDataLocalMicrosoft
    O43 – CFD: 20/09/2014 – 15:31:50 – [] —-D C:UsersPeteAppDataLocalOrigin
    O43 – CFD: 27/09/2014 – 16:22:07 – [] —-D C:UsersPeteAppDataLocalPackages
    O43 – CFD: 18/09/2014 – 19:01:47 – [] —-D C:UsersPeteAppDataLocalPrograms
    O43 – CFD: 04/10/2014 – 14:40:29 – [] —-D C:UsersPeteAppDataLocalPunkBuster
    O43 – CFD: 22/09/2014 – 18:19:39 – [] —-D C:UsersPeteAppDataLocalSkype
    O43 – CFD: 20/09/2014 – 22:56:32 – [] —-D C:UsersPeteAppDataLocalSkyrim
    O43 – CFD: 15/11/2014 – 21:03:48 – [] —-D C:UsersPeteAppDataLocalTemp
    O43 – CFD: 16/09/2014 – 18:03:57 – [] -SH-D C:UsersPeteAppDataLocalTemporary Internet Files
    O43 – CFD: 26/09/2014 – 17:45:20 – [] —-D C:UsersPeteAppDataLocalUbisoft Game Launcher
    O43 – CFD: 26/09/2014 – 18:16:13 – [] —-D C:UsersPeteAppDataLocalVirtualStore
    O43 – CFD: 19/09/2014 – 18:14:37 – [] —-D C:UsersPeteAppDataLocalWBFSManager
    O43 – CFD: 11/09/2014 – 09:39:21 – [] R—D C:UsersPeteAppDataRoamingMicrosoftWindowsStart MenuProgramsAccessibility
    O43 – CFD: 22/08/2013 – 16:36:32 – [] R—D C:UsersPeteAppDataRoamingMicrosoftWindowsStart MenuProgramsAccessories
    O43 – CFD: 16/09/2014 – 18:03:59 – [] R—D C:UsersPeteAppDataRoamingMicrosoftWindowsStart MenuProgramsAdministrative Tools
    O43 – CFD: 03/10/2014 – 20:46:20 – [] —-D C:UsersPeteAppDataRoamingMicrosoftWindowsStart MenuProgramsAMD Catalyst Control Center
    O43 – CFD: 19/09/2014 – 18:17:37 – [] —-D C:UsersPeteAppDataRoamingMicrosoftWindowsStart MenuProgramsFileBot
    O43 – CFD: 22/08/2013 – 16:36:32 – [] —-D C:UsersPeteAppDataRoamingMicrosoftWindowsStart MenuProgramsMaintenance
    O43 – CFD: 20/09/2014 – 14:52:39 – [] R—D C:UsersPeteAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
    O43 – CFD: 16/09/2014 – 18:15:33 – [] —-D C:UsersPeteAppDataRoamingMicrosoftWindowsStart MenuProgramsSupercopier
    O43 – CFD: 11/09/2014 – 08:05:57 – [] R—D C:UsersPeteAppDataRoamingMicrosoftWindowsStart MenuProgramsSystem Tools
    O43 – CFD: 26/09/2014 – 17:38:36 – [] —-D C:UsersPeteAppDataRoamingMicrosoftWindowsStart MenuProgramsUbisoft
    O43 – CFD: 19/09/2014 – 18:14:13 – [] —-D C:UsersPeteAppDataRoamingMicrosoftWindowsStart MenuProgramsWBFS Manager
    ~ Program Folder: 145 Scanned in 00mn 00s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.EBBB161339CC7D5FFC0749EB6BE8A126] – 09/11/2014 – 11:36:50 —A- . (.ASUSTeK Computer Inc. – ASUS Kernel Mode Driver for NT.) — C:WindowsSystem32DriversIOMap64.sys [24824]
    O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 15/11/2014 – 20:18:05 —A- . (…) — C:Windowssetupact.log [0]
    O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 15/11/2014 – 20:18:05 —A- . (…) — C:Windowssetuperr.log [0]
    O44 – LFC:[MD5.74BF0BE2473138232D7AAE8D48F411E6] – 15/11/2014 – 20:25:55 —A- . (…) — C:WindowsWindowsUpdate.log [27597]
    O44 – LFC:[MD5.88BE79100BDEA902EB6D1F791C90CB7B] – 15/11/2014 – 20:41:01 —A- . (…) — C:Windowsntbtlog.txt [166236]
    O44 – LFC:[MD5.DE8D68DB92877127258EEEB3A4371156] – 15/11/2014 – 20:55:14 —A- . (…) — C:WindowsPFRO.log [24944]
    O44 – LFC:[MD5.6A107943AAC5729EB5448318077BE6E6] – 15/11/2014 – 20:57:15 -S-A- . (…) — C:Windowsbootstat.dat [67584]
    O44 – LFC:[MD5.ADB4C768088FC382568DA05089B4A39E] – 15/11/2014 – 20:59:23 —A- . (…) — C:WindowsSystem32PerfStringBackup.INI [1827432]
    O44 – LFC:[MD5.C36D3E04611B7647D01D56A7D3059ADB] – 15/11/2014 – 20:59:23 —A- . (…) — C:WindowsSystem32perfc009.dat [135930]
    O44 – LFC:[MD5.A4094F6D332841EBA59971CBDEC19FEB] – 15/11/2014 – 20:59:23 —A- . (…) — C:WindowsSystem32perfc00C.dat [159742]
    O44 – LFC:[MD5.8A06DEC317EF85D203A9C8F8F938CE7B] – 15/11/2014 – 20:59:23 —A- . (…) — C:WindowsSystem32perfh009.dat [723316]
    O44 – LFC:[MD5.ED96A71820ACBADE2D213FC80304CACB] – 15/11/2014 – 20:59:23 —A- . (…) — C:WindowsSystem32perfh00C.dat [812146]
    ~ Files: 12 Scanned in 00mn 00s

    —\ Déni du service (Local Security Authority) (O48)
    O48 – LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WindowsSystem32msv1_0.dll
    O48 – LSA:Local Security Authority Notification Packages . (.Microsoft Corporation – Moteur du client de l’Éditeur de configuration de sécurité Windows.) — C:WindowsSystem32scecli.dll
    ~ LSA: 3 Scanned in 00mn 00s

    —\ Contrôle du Safe Boot (CSB) (O49)
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalBasicDisplay.sys . (.Microsoft Corporation – Microsoft Basic Display Driver.) — C:WindowsSystem32DriversBasicDisplay.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalBasicRender.sys . (.Microsoft Corporation – Microsoft Basic Render Driver.) — C:WindowsSystem32DriversBasicRender.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimaldxgkrnl.sys . (.Microsoft Corporation – DirectX Graphics Kernel.) — C:WindowsSystem32Driversdxgkrnl.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalFsDepends.sys . (.Microsoft Corporation – File System Dependency Manager Mini Filter Driver.) — C:WindowsSystem32DriversFsDepends.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalsermouse.sys . (.Microsoft Corporation – Pilote de filtre souris série.) — C:WindowsSystem32Driverssermouse.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvolmgr.sys . (.Microsoft Corporation – Volume Manager Driver.) — C:WindowsSystem32Driversvolmgr.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvolmgrx.sys . (.Microsoft Corporation – Pilote d’extension du gestionnaire de volumes.) — C:WindowsSystem32Driversvolmgrx.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkBasicDisplay.sys . (.Microsoft Corporation – Microsoft Basic Display Driver.) — C:WindowsSystem32DriversBasicDisplay.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkBasicRender.sys . (.Microsoft Corporation – Microsoft Basic Render Driver.) — C:WindowsSystem32DriversBasicRender.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkdxgkrnl.sys . (.Microsoft Corporation – DirectX Graphics Kernel.) — C:WindowsSystem32Driversdxgkrnl.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkFsDepends.sys . (.Microsoft Corporation – File System Dependency Manager Mini Filter Driver.) — C:WindowsSystem32DriversFsDepends.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkipnat.sys . (.Microsoft Corporation – IP Network Address Translator.) — C:WindowsSystem32Driversipnat.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworknsiproxy.sys . (.Microsoft Corporation – NSI Proxy.) — C:WindowsSystem32Driversnsiproxy.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkrdpencdd.sys . (…) — C:WindowsSystem32Driversrdpencdd.sys (.not file.)
    O49 – CSB:Control Safe Boot HKLM…CCSNetworksermouse.sys . (.Microsoft Corporation – Pilote de filtre souris série.) — C:WindowsSystem32Driverssermouse.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvolmgr.sys . (.Microsoft Corporation – Volume Manager Driver.) — C:WindowsSystem32Driversvolmgr.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvolmgrx.sys . (.Microsoft Corporation – Pilote d’extension du gestionnaire de volumes.) — C:WindowsSystem32Driversvolmgrx.sys
    ~ CSB: 17 Scanned in 00mn 00s[/spoiler:23zb14ya]

  • Photo du profil de titoupittitoupit
    Participant
    Nombre d'articles : 2

    [spoiler:nx7vkrdf]—\ Image File Execution Options (IFEO) (O50)
    O50 – IFEO:Image File Execution Options – AvastSvc.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – AvastUI.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – avcenter.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – avconfig.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – avgcsrvx.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – avgidsagent.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – avgnt.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – avgrsx.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – avguard.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – avgui.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – avgwdsvc.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – avp.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – avscan.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – bdagent.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – blindman.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – ccuac.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – ComboFix.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – egui.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – hijackthis.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – instup.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – keyscrambler.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – mbam.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – mbamgui.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – mbampt.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – mbamscheduler.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – mbamservice.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – MpCmdRun.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – MSASCui.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – MsMpEng.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – msseces.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – rstrui.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – SDFiles.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – SDMain.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – SDWinSec.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – spybotsd.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – wireshark.exe – nqij.exe
    O50 – IFEO:Image File Execution Options – zlclient.exe – nqij.exe
    ~ IFEO: Scanned in 00mn 00s

    —\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
    O52 – TDSD: Drivers32″msacm.l3acm”=”C:WindowsSystem32l3codeca.acm” . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WindowsSystem32l3codeca.acm
    O52 – TDSD: drivers.desc”C:WindowsSystem32l3codeca.acm”=”Fraunhofer IIS MPEG Layer-3 Codec” . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WindowsSystem32l3codeca.acm
    ~ TDSD: 2 Scanned in 00mn 00s

    —\ Enumération des clés de registre SecurityProviders (MCSP) (O54)
    O54 – MCSP:[HKLM…CurrentControlSetControl] – (SecurityProviders) – (.Microsoft Corporation – Credential Delegation Security Package.) — C:WindowsSystem32credssp.dll
    O54 – MCSP:[HKLM…ControlSet001Control] – (SecurityProviders) – (.Microsoft Corporation – Credential Delegation Security Package.) — C:WindowsSystem32credssp.dll
    ~ MSCP: 2 Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableVirtualization”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableInstallerDetection”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableLUA”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableSecureUIAPaths”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “ConsentPromptBehaviorAdmin”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “ValidateAdminCodeSignatures”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableCursorSuppression”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “ConsentPromptBehaviorUser”=3
    O55 – MWPS:[HKLM…PoliciesSystem] – “dontdisplaylastusername”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “legalnoticecaption”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “legalnoticetext”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “scforceoption”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “shutdownwithoutlogon”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “undockwithoutlogon”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    ~ MWPS: 17 Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – “ForceActiveDesktopOn”=0
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktopChanges”=1
    O56 – MWPE:[HKLM…policiesExplorer] – “NoActiveDesktop”=1
    ~ MWPE Keys: 3 Scanned in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:22/08/2013 – 13:43:41 —A- . (.LSI – LSI 3ware SCSI Storport Driver.) — C:WindowsSystem32Drivers3ware.sys [108896]
    O58 – SDL:22/08/2013 – 13:43:41 —A- . (.PMC-Sierra – PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller.) — C:WindowsSystem32Driversadp80xx.sys [782176]
    O58 – SDL:18/04/2014 – 03:39:06 —A- . (.Advanced Micro Devices – AMD ACP Kernel Service Driver.) — C:WindowsSystem32Driversamdacpksd.sys [274656]
    O58 – SDL:11/03/2014 – 15:19:46 —A- . (.Windows (R) Win 7 DDK provider – KSL Kernel-Mode Dll.) — C:WindowsSystem32Driversamdacpksl.sys [142848]
    O58 – SDL:23/09/2012 – 00:17:24 —A- . (.Advanced Micro Devices, Inc. – AMD Audio Bus Lower Filter.) — C:WindowsSystem32Driversamdkmafd.sys [21160]
    O58 – SDL:22/08/2013 – 13:43:41 —A- . (.Advanced Micro Devices – AHCI 1.3 Device Driver.) — C:WindowsSystem32Driversamdsata.sys [79200]
    O58 – SDL:22/08/2013 – 13:43:41 —A- . (.AMD Technologies Inc. – AMD Technology AHCI Compatible Controller Driver for Windows -.) — C:WindowsSystem32Driversamdsbs.sys [259424]
    O58 – SDL:22/08/2013 – 13:43:40 —A- . (.Advanced Micro Devices – Storage Filter Driver.) — C:WindowsSystem32Driversamdxata.sys [25952]
    O58 – SDL:22/08/2013 – 13:43:41 —A- . (.PMC-Sierra, Inc. – Adaptec SAS RAID WS03 Driver.) — C:WindowsSystem32Driversarcsas.sys [114016]
    O58 – SDL:11/03/2014 – 15:20:04 —A- . (.Advanced Micro Devices – AMD High Definition Audio Function Driver.) — C:WindowsSystem32DriversAtihdWB6.sys [222720]
    O58 – SDL:18/04/2014 – 03:36:46 —A- . (.Advanced Micro Devices, Inc. – ATI Radeon Kernel Mode Driver.) — C:WindowsSystem32Driversatikmdag.sys [15376384]
    O58 – SDL:18/04/2014 – 02:07:06 —A- . (.Advanced Micro Devices, Inc. – AMD multi-vendor Miniport Driver.) — C:WindowsSystem32Driversatikmpag.sys [638976]
    O58 – SDL:03/10/2014 – 18:52:09 —A- . (.Alcohol Soft Development Team – SCSI miniport.) — C:WindowsSystem32Driversaxscsidrv.sys [293888]
    O58 – SDL:14/08/2007 – 09:36:58 —A- . (.Belkin Corporation – USB Gaming Device HID MiniDriver.) — C:WindowsSystem32Driversbcgame.sys [35328]
    O58 – SDL:13/08/2013 – 00:25:46 —A- . (.Windows (R) Win 7 DDK provider – BCM Function 2 Device Driver.) — C:WindowsSystem32Driversbcmfn2.sys [17624]
    O58 – SDL:22/08/2013 – 13:43:41 —A- . (.Broadcom Corporation – Broadcom NetXtreme II GigE VBD.) — C:WindowsSystem32Driversbxvbda.sys [531296]
    O58 – SDL:14/03/2014 – 19:10:28 —A- . (.Intel Corporation – Intel(R) Gigabit Adapter NDIS 6.x driver.) — C:WindowsSystem32Driverse1d64x64.sys [457496]
    O58 – SDL:22/08/2013 – 13:43:45 —A- . (.Broadcom Corporation – Broadcom NetXtreme II 10 GigE VBD.) — C:WindowsSystem32Driversevbda.sys [3357024]
    O58 – SDL:26/10/2006 – 15:33:32 —A- . (.Razer (Asia-Pacific) Pte Ltd – Diamondback USB Optical Mouse Driver.) — C:WindowsSystem32Drivershabu.sys [13696]
    O58 – SDL:22/08/2013 – 13:43:45 —A- . (.Hewlett-Packard Company – Smart Array SAS/SATA Controller Media Driver.) — C:WindowsSystem32DriversHpSAMD.sys [64352]
    O58 – SDL:30/07/2013 – 19:47:35 —A- . (.Intel Corporation – Intel(R) Serial IO GPIO Controller Driver.) — C:WindowsSystem32DriversiaLPSSi_GPIO.sys [24568]
    O58 – SDL:25/07/2013 – 20:05:39 —A- . (.Intel Corporation – Intel(R) Serial IO I2C Controller Driver.) — C:WindowsSystem32DriversiaLPSSi_I2C.sys [99320]
    O58 – SDL:19/07/2013 – 13:55:54 —A- . (.Intel Corporation – NDIS 6.30 Advanced Networking Services..) — C:WindowsSystem32DriversiANSW60e.sys [153400]
    O58 – SDL:28/05/2014 – 09:10:20 —A- . (.Intel Corporation – Intel(R) Rapid Storage Technology driver – x64.) — C:WindowsSystem32DriversiaStorA.sys [672104]
    O58 – SDL:10/08/2013 – 01:39:30 —A- . (.Intel Corporation – Intel Rapid Storage Technology driver (inbox) – x64.) — C:WindowsSystem32DriversiaStorAV.sys [651248]
    O58 – SDL:22/08/2013 – 13:43:45 —A- . (.Intel Corporation – Intel Matrix Storage Manager driver – x64.) — C:WindowsSystem32DriversiaStorV.sys [412000]
    O58 – SDL:24/04/2014 – 13:29:26 —A- . (.ASUSTeK Computer Inc. – ASUS Kernel Mode Driver for NT.) — C:WindowsSystem32DriversIOMap64.sys [24824]
    O58 – SDL:26/02/2014 – 01:31:20 —A- . (.Intel Corporation – Intel(R) Network Adapter Diagnostic Driver.) — C:WindowsSystem32Driversiqvw64e.sys [34568]
    O58 – SDL:24/11/2009 – 01:37:50 —A- . (.Logitech Inc. – Logitech WingMan Virtual Bus Enumerator Driver.) — C:WindowsSystem32DriversLGBusEnum.sys [22408]
    O58 – SDL:30/05/2013 – 16:16:40 —A- . (.Logitech Inc. – Logitech Gaming HID Filter Driver..) — C:WindowsSystem32DriversLGSHidFilt.Sys [64280]
    O58 – SDL:24/11/2009 – 01:38:00 —A- . (.Logitech Inc. – Logitech GamePanel Virtual Hid Device Driver.) — C:WindowsSystem32DriversLGVirHid.sys [16008]
    O58 – SDL:20/10/2014 – 18:55:49 —A- . (.Logitech, Inc. – Logitech Non-Plug and Play Driver..) — C:WindowsSystem32DriversLNonPnP.sys [18960]
    O58 – SDL:22/08/2013 – 13:43:44 —A- . (.LSI Corporation – LSI Fusion-MPT SAS Driver (StorPort).) — C:WindowsSystem32Driverslsi_sas.sys [109408]
    O58 – SDL:22/08/2013 – 13:43:45 —A- . (.LSI Corporation – LSI SAS Gen2 Driver (StorPort).) — C:WindowsSystem32Driverslsi_sas2.sys [93536]
    O58 – SDL:22/08/2013 – 13:43:44 —A- . (.LSI Corporation – LSI SAS Gen3 Driver (StorPort).) — C:WindowsSystem32Driverslsi_sas3.sys [81760]
    O58 – SDL:22/08/2013 – 13:43:45 —A- . (.LSI Corporation – LSI SSS PCIe/Flash Driver (StorPort).) — C:WindowsSystem32Driverslsi_sss.sys [82784]
    O58 – SDL:22/08/2013 – 13:43:45 —A- . (.LSI Corporation – MEGASAS RAID Controller Driver for Windows.) — C:WindowsSystem32Driversmegasas.sys [56672]
    O58 – SDL:22/08/2013 – 13:43:45 —A- . (.LSI Corporation, Inc. – LSI MegaRAID Software RAID Driver.) — C:WindowsSystem32Driversmegasr.sys [575840]
    O58 – SDL:22/08/2013 – 13:43:49 —A- . (.Marvell Semiconductor, Inc. – Marvell Flash Controller Driver.) — C:WindowsSystem32Driversmvumis.sys [63840]
    O58 – SDL:22/08/2013 – 13:43:31 —A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) RAID Driver.) — C:WindowsSystem32Driversnvraid.sys [150368]
    O58 – SDL:22/08/2013 – 13:43:32 —A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) Sata Performance Driver.) — C:WindowsSystem32Driversnvstor.sys [168288]
    O58 – SDL:18/06/2013 – 15:46:17 —A- . (.Realtek – Realtek 8101E/8168/8169 NDIS 6.30 64-bit Driver.) — C:WindowsSystem32DriversRt630x64.sys [591360]
    O58 – SDL:24/04/2014 – 12:46:50 —A- . (.Realtek Semiconductor Corp. – Realtek(r) High Definition Audio Function Driver.) — C:WindowsSystem32DriversRTKVHD64.sys [3944536]
    O58 – SDL:18/10/2012 – 16:39:42 —A- . (.Razer USA Ltd – Razer JoyStick Device.) — C:WindowsSystem32Driversrzjoystk.sys [19968]
    O58 – SDL:19/05/2014 – 18:55:42 —A- . (.Samsung Electronics Co., Ltd. – Samsung RAPID Mode Disk Filter Driver.) — C:WindowsSystem32DriversSamsungRapidDiskFltr.sys [265952]
    O58 – SDL:19/05/2014 – 18:55:56 —A- . (.Samsung Electronics Co., Ltd. – Samsung RAPID Mode File Filter Driver.) — C:WindowsSystem32DriversSamsungRapidFSFltr.sys [111328]
    O58 – SDL:22/08/2013 – 16:35:09 —A- . (.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) — C:WindowsSystem32Driverssecdrv.sys [23040]
    O58 – SDL:22/08/2013 – 13:43:31 —A- . (.Silicon Integrated Systems Corp. – SiS RAID Stor Miniport Driver.) — C:WindowsSystem32Driverssisraid2.sys [44896]
    O58 – SDL:22/08/2013 – 13:43:32 —A- . (.Silicon Integrated Systems – SiS AHCI Stor-Miniport Driver.) — C:WindowsSystem32Driverssisraid4.sys [81760]
    O58 – SDL:03/10/2014 – 18:50:21 —A- . (.Duplex Secure Ltd. – SCSI Pass Through Direct Host.) — C:WindowsSystem32Driverssptd.sys [386680]
    O58 – SDL:22/08/2013 – 13:43:32 —A- . (.Promise Technology, Inc. – Promise SuperTrak EX Series Driver for Windows x64.) — C:WindowsSystem32Driversstexstor.sys [31072]
    O58 – SDL:20/03/2014 – 10:43:02 —A- . (.Intel Corporation – Intel(R) Management Engine Interface.) — C:WindowsSystem32DriversTeeDriverx64.sys [118272]
    O58 – SDL:22/08/2013 – 13:43:34 —A- . (.VIA Technologies, Inc. – VIA Generic PCI IDE Bus Driver.) — C:WindowsSystem32Driversviaide.sys [19808]
    O58 – SDL:22/08/2013 – 13:43:34 —A- . (.VIA Technologies Inc.,Ltd – VIA RAID DRIVER FOR AMD-X86-64.) — C:WindowsSystem32Driversvsmraid.sys [168800]
    O58 – SDL:22/08/2013 – 13:43:34 —A- . (.VIA Corporation – VIA StorX RAID Controller Driver.) — C:WindowsSystem32DriversVSTXRAID.SYS [305504]
    O58 – SDL:22/08/2012 – 10:54:10 —A- . (…) — C:WindowsSysWOW64driversAsIO.sys [15232]
    O58 – SDL:24/02/2014 – 16:49:22 —A- . (…) — C:WindowsSysWOW64driversAsUpIO.sys [14464]
    O58 – SDL:20/09/2011 – 11:25:56 —A- . (.MCCI Corporation – ASUS USB Hub filter driver.) — C:WindowsSysWOW64driversASUSFILTER.sys [46152]
    O58 – SDL:02/04/2009 – 13:30:14 —A- . (…) — C:WindowsSysWOW64driversASUSHWIO.SYS [10296]
    ~ Drivers: 59 Scanned in 00mn 00s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 09/11/2014 – 21:04:25 —A- . (…) — C:UsersPeteAppDataLocalTempQuarantine.exe [601088]
    O61 – LFC: 10/11/2014 – 21:04:25 —A- . (…) — C:UsersPeteAppDataLocalPunkBusterBF4pbPnkBstrB.exe [215416]
    O61 – LFC: 10/11/2014 – 21:04:25 —A- . (…) — C:UsersPeteAppDataLocalPunkBusterBF4pbPnkBstrK.sys [139264]
    O61 – LFC: 15/11/2014 – 21:04:25 —A- . (…) — C:UsersPeteAppDataLocalTempnsz3145.tmpInstallOptions.dll [15360]
    O61 – LFC: 15/11/2014 – 21:04:25 —A- . (…) — C:UsersPeteAppDataLocalTempnsz3145.tmpSystem.dll [9728]
    O61 – LFC: 15/11/2014 – 21:04:25 —A- . (…) — C:UsersPeteDownloadsAdwCleaner.exe [2140160]
    O61 – LFC: 15/11/2014 – 21:04:25 —A- . (.Bigasoft Corporation.) — C:UsersPeteAppDataRoamingRealtekaudioRtHDVCpl.exe [358912]
    O61 – LFC: 15/11/2014 – 21:04:25 —A- . (.Igor Pavlov.) — C:UsersPeteAppDataLocalIII7z.dll [914432]
    O61 – LFC: 15/11/2014 – 21:04:25 —A- . (.Malwarebytes Corporation.) — C:UsersPeteAppDataLocalMicrosoftWindowsINetCacheIEAGO0LLImbam-setup-2.0.3.1025.exe [19828376]
    O61 – LFC: 15/11/2014 – 21:04:25 —A- . (.Malwarebytes Corporation.) — C:UsersPeteDownloadsmbam-clean-2.1.1.1001.exe [321848]
    O61 – LFC: 15/11/2014 – 21:04:25 —A- . (.Malwarebytes Corporation.) — C:UsersPeteDownloadsmbam-setup-2.0.3.1025.exe [19828376]
    O61 – LFC: 15/11/2014 – 21:04:25 —A- . (.Microsoft Corporation.) — C:UsersPeteAppDataLocalTempis-TUJV0.tmp_isetup_shfoldr.dll [23312]
    O61 – LFC: 15/11/2014 – 21:04:25 —A- . (.Nicolas Coolman.) — C:UsersPeteDownloadsZHPDiag2.exe [6864822] =>.Nicolas Coolman
    ~ 240 Fichiers temporaires (Temporary files)
    ~ Files: 13 Scanned in 00mn 00s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..cplopenCommand] (.Microsoft Corporation – Windows Control Panel.) — C:WindowsSystem32control.exe =>.Microsoft Corporation
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Lanceur du composant logiciel enfichable Observateur d’événements.) — C:WindowsSystem32eventvwr.exe
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32WScript.exe
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Éditeur du Registre.) — C:Windowsregedit.exe
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” /S
    ~ FASS Keys: 10 Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program Files (x86)Internet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les service demarrés par Svchost (SSS) (O83)
    O83 – Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation – Service Expérience d’application.) — C:WindowsSystem32aelupsvc.dll [208896]
    O83 – Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation – Service de propagation de certificats de cartes à puce Microsoft.) — C:WindowsSystem32certprop.dll [155136]
    O83 – Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation – Service de propagation de certificats de cartes à puce Microsoft.) — C:WindowsSystem32certprop.dll [155136]
    O83 – Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation – DLL du service Serveur.) — C:WindowsSystem32srvsvc.dll [324096]
    O83 – Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation – Client de stratégie de groupe.) — C:WindowsSystem32gpsvc.dll [1261056]
    O83 – Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation – Extension IKE.) — C:WindowsSystem32ikeext.dll [1063424]
    O83 – Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation – Service offrant une connectivité IPv6 sur un réseau IPv4..) — C:WindowsSystem32iphlpsvc.dll [914432]
    O83 – Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation – DLL de service d’ouverture de session secondaire.) — C:Windowssystem32seclogon.dll [30720]
    O83 – Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation – Service Informations d’application.) — C:WindowsSystem32appinfo.dll [109568]
    O83 – Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation – Service de découverte iSCSI.) — C:WindowsSystem32iscsiexe.dll [150528]
    O83 – Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation – Service EAPHost Microsoft.) — C:WindowsSystem32eapsvc.dll [107008]
    O83 – Search Svchost Services: schedule (schedule) . (.Microsoft Corporation – Service du Planificateur de tâches.) — C:WindowsSystem32schedsvc.dll [1212928]
    O83 – Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation – WMI.) — C:WindowsSystem32wbemWMIsvc.dll [220672]
    O83 – Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation – Service Planificateur de classes multimédias.) — C:WindowsSystem32mmcss.dll [70656]
    O83 – Search Svchost Services: browser (browser) . (.Microsoft Corporation – DLL du service Explorateur d’ordinateurs.) — C:WindowsSystem32browser.dll [134144]
    O83 – Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation – ProfSvc.) — C:WindowsSystem32profsvc.dll [220160]
    O83 – Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation – Service Configuration des services Bureau à distance.) — C:WindowsSystem32sessenv.dll [324096]
    O83 – Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation – Rapports et solutions aux problèmes.) — C:WindowsSystem32wercplsupport.dll [81408]
    O83 – Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation – Service Gestion des clés.) — C:WindowsSystem32kmsvc.dll [97792]
    O83 – Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation – Service BDE.) — C:WindowsSystem32bdesvc.dll [339456]
    O83 – Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation – Service d’infrastructure de localisation Windows.) — C:WindowsSystem32GeofenceMonitorService.dll [491520]
    O83 – Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation – Service de compte Microsoft®.) — C:WindowsSystem32wlidsvc.dll [1576960]
    O83 – Search Svchost Services: Themes (Themes) . (.Microsoft Corporation – DLL du service des thèmes Windows Shell.) — C:WindowsSystem32themeservice.dll [50688]
    O83 – Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation – Gestionnaire d’installation de périphérique.) — C:WindowsSystem32DeviceSetupManager.dll [201728]
    O83 – Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation – Service Assistant Connectivité réseau Microsoft.) — C:WindowsSystem32ncasvc.dll [164352]
    O83 – Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation – Gestionnaire de numérotation automatique d’accès distant.) — C:WindowsSystem32rasauto.dll [101376]
    O83 – Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation – Gestionnaire des connexions d’accès à distance.) — C:WindowsSystem32rasmans.dll [534528]
    O83 – Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation – Gestionnaire d’interface dynamique.) — C:WindowsSystem32mprdim.dll [223744]
    O83 – Search Svchost Services: SENS (SENS) . (.Microsoft Corporation – Service de notification d’événements système (SENS).) — C:WindowsSystem32sens.dll [71680]
    O83 – Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation – Composants de l’application d’assistance à Microsoft NAT.) — C:WindowsSystem32ipnathlp.dll [433664]
    O83 – Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation – Serveur de téléphonie Microsoft® Windows(TM).) — C:WindowsSystem32tapisrv.dll [306688]
    O83 – Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation – Agent de mise à jour automatique Windows Update.) — C:WindowsSystem32wuaueng.dll [3465216]
    O83 – Search Svchost Services: BITS (BITS) . (.Microsoft Corporation – Service de transfert intelligent en arrière-plan.) — C:WindowsSystem32qmgr.dll [1017856]
    O83 – Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation – Dll des services Windows Shell.) — C:WindowsSystem32shsvcs.dll [629760]
    ~ Services: 34 Scanned in 00mn 00s

    —\ Enumère les données de la clé NameSpace (MNS) (O92)
    O92 – MNS: – {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
    O92 – MNS: – {374DE290-123F-4565-9164-39C4925E467B}
    O92 – MNS: – {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
    O92 – MNS: – {A0953C92-50DC-43bf-BE83-3742FED03C9C}
    O92 – MNS: – {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
    O92 – MNS: – {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
    ~ MNS: 6 Scanned in 00mn 00s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Auto 05/01/2012 75624 | (AxAutoMntSrv) . (.Alcohol Soft Development Team.) – C:Program Files (x86)Alcohol SoftAlcohol 52AxAutoMntSrv.exe
    SS – | Demand 02/01/2013 171632 | (ICCS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Integrated Clock Controller ServiceICCProxy.exe
    SS – | Demand 31/01/2014 887232 | (Intel(R) Capability Licensing Service TCP IP Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientSocketHeciServer.exe
    SS – | Demand 09/11/2014 1900400 | (Origin Client Service) . (.Electronic Arts.) – D:JeuxOriginOriginClientService.exe
    SS – | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) – C:Program Files (x86)SkypeUpdaterUpdater.exe
    SS – | Demand 21/10/2014 833728 | (Steam Client Service) . (.Valve Corporation.) – C:Program Files (x86)Common FilesSteamSteamService.exe
    SS – | Demand 22/08/2013 37768 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 18/04/2014 239616 | (AMD External Events Utility) . (.AMD.) – C:WindowsSystem32atiesrxx.exe
    SR – | Auto 28/01/2014 936728 | (asComSvc) . (…) – C:Program Files (x86)ASUSAXSP1.02.00atkexComSvc.exe
    SR – | Auto 28/01/2014 954648 | (asHmComSvc) . (.ASUSTeK Computer Inc..) – C:Program Files (x86)ASUSAAHM1.00.22aaHMSvc.exe
    SR – | Auto 24/04/2014 1360016 | (AsSysCtrlService) . (…) – C:Program Files (x86)ASUSAsSysCtrlService1.00.22AsSysCtrlService.exe
    SR – | Auto 24/04/2014 382776 | (AsusFanControlService) . (.ASUSTeK Computer Inc..) – C:Program Files (x86)ASUSAsusFanControlService1.06.01AsusFanControlService.exe
    SR – | Auto 06/10/2013 240576 | (DTSAudioSvc) . (.DTS, Inc.) – C:Program FilesRealtekAudioHDADTSU2PAuSrv64.exe
    SR – | Auto 28/05/2014 16232 | (IAStorDataMgrSvc) . (.Intel Corporation.) – C:Program FilesIntelIntel(R) Rapid Storage TechnologyIAStorDataMgrSvc.exe
    SR – | Auto 11/03/2014 260360 | (Intel(R) PROSet Monitoring Service) . (.Intel Corporation.) – C:windowssystem32IProsetMonitor.exe
    SR – | Auto 20/03/2014 154584 | (jhi_service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
    SR – | Auto 20/03/2014 398296 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 04/10/2014 76152 | (PnkBstrA) . (…) – C:windowssystem32PnkBstrA.exe
    SR – | Auto 19/05/2014 27872 | (SamsungRapidSvc) . (.Samsung Electronics Co., Ltd..) – C:WindowsSystem32RAPIDSamsungRapidSvc.exe
    SR – | Demand 10/07/1658 0 | (WdNisSvc) . (…) – C:Program Files (x86)Windows DefenderNisSrv.exe
    SR – | Auto 10/07/1658 0 | (WinDefend) . (…) – C:Program Files (x86)Windows DefenderMsMpEng.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    ~ Services: Scanned in 00mn 03s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Run by Pete at 15/11/2014 21:04:35
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Scanned in 00mn 00s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by Pete at 15/11/2014 21:04:37
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Liste des émulateurs de CD/DVD (MBR Hook)
    O58 – SDL:03/10/2014 – 18:50:21 —A- . (.Duplex Secure Ltd. – SCSI Pass Through Direct Host.) — C:WindowsSystem32Driverssptd.sys [386680]
    ~ Emulateurs: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13026 – (13/11/2014)
    Clés trouvées (Keys found) : 0
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 0
    Fichiers trouvés (Files found) : 1

    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations] Application: Modified =>Hijacker.Application^
    ~ Additionnel Scan: 201278 Items scanned in 00mn 06s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/” onclick=”window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/” onclick=”window.open(this.href);return false; =>.Browser Helper Objects de navigateur (O2)
    ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/” onclick=”window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
    ~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/” onclick=”window.open(this.href);return false; =>.Image File Execution Options (IFEO) (O50)
    ~ AMI: 4 Scanned in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    http://www.nicolascoolman.fr/blog/” onclick=”window.open(this.href);return false; =>Hijacker.Application
    ~ MSI: 1 link(s) detected in 00mn 00s

    End of the scan (1024 lines in 00mn 22s)(0)[/spoiler:nx7vkrdf]

    Si vous avez une idée je suis preneur … j’ai pas trop envie de passer mon WE à tout réinstaller! (surtout que la bête risque d’être cacher qq pars)

    A votre bon cœur!

  • Anonyme
    Nombre d'articles : 0

    Hello :hello: ,

    Bienvenue sur SosVirus :welcome:

    Télécharge cet utilitaire –> https://www.sosvirus.net/telecharger/rstassociations/” onclick=”window.open(this.href);return false;

    Lance RstAssociations.
    Dans Sélection, clique sur –> Tous
    Dans Actions, clique sur –> Restaurer
    Redémarre ensuite le pc.

    [hr:3dlx1my2]

    • Télécharge MalwareBytes
    • Procède à l’installation de celui çi Décocher “Activer l’essai gratuit de Malwarebytes Anti-Malware Premium”
    • Clic sur Mettre à jour (à droite, au centre)
    • Clic sur Examen (en haut)
    • Sélectionne Examen “Menaces”
    • Clic sur Examiner maintenant

    • A la fin du scan clic sur Tout mettre en quarantaine !
    • Clic sur Copier dans le Presse-papiers
    • Un rapport va s’ouvrir. Copie/Colle son contenue dans ta prochaine réponse.
  • Anonyme
    Nombre d'articles : 0

    Bonjour El Desaparecido,

    Après 3 heures de bataille avec mon PC hier j’ai réinstallé Windows ce matin … et pour l’instant tout refonctionne (enfin, j’ai pas fini de tout reinstallé encore!)

    J’ai dessuite mis Avast et passé un scan mais il n’as rien trouvé, j’ai passé un coup de Malwarebyte aussi et RAS, tu vois quelque chose d’autre à faire pour vérifier que c’est bien clean et des conseil sur quoi installé pour éviter que cela revienne? (Si c’est gratuit c’est mieux :) )

  • Anonyme
    Nombre d'articles : 0

    T’avais un rootkit (certainement venu lors d’un téléchargement douteux), le fait d’avoir formaté a effacé cette infection.

    Donc non, rien à te proposer, juste de bien de protéger et de mettre Windows à jour.

    Bon dimanche alors :)

    [pagefb:15rt7esm][/pagefb:15rt7esm]

Le sujet ‘Et c’est l’infection!’ est fermé à de nouvelles réponses.