pc qui s’arrête 2014-12-14T11:44:45+00:00
15 sujets de 1 à 15 (sur un total de 25)
  • Auteur
    Messages
  • whynot
    Participant
    Nombre d'articles : 16

    bonjour mon pc s’arrête tout seul d’abord la souris se bloque puis plus rien puis extinction des feux je vous joins ce que j’ai
    TL logfile created on: 14/12/2014 12:14:05 – Run 1
    OTL by OldTimer – Version 3.2.69.0 Folder = C:Documents and SettingsUTILISATEURMes documentsTéléchargements
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) – Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    447,23 Mb Total Physical Memory | 18,46 Mb Available Physical Memory | 4,13% Memory free
    1,12 Gb Paging File | 0,63 Gb Available in Paging File | 56,36% Paging File free
    Paging file location(s): C:pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:windows | %ProgramFiles% = C:Program Files
    Drive C: | 76,33 Gb Total Space | 52,25 Gb Free Space | 68,45% Space Free | Partition Type: NTFS

    Computer Name: UTILISAT-449851 | User Name: UTILISATEUR | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC – [2014/12/14 12:13:38 | 000,602,112 | —- | M] (OldTimer Tools) — C:Documents and SettingsUTILISATEURMes documentsTéléchargementsOTL.exe
    PRC – [2014/12/09 13:47:24 | 000,337,520 | —- | M] (Mozilla Corporation) — C:Program FilesMozilla Firefoxfirefox.exe
    PRC – [2014/10/23 16:21:34 | 004,825,880 | —- | M] (Piriform Ltd) — C:Program FilesCCleanerCCleaner.exe
    PRC – [2014/10/06 15:07:08 | 000,187,432 | —- | M] (F-Secure Corporation) — C:Program FilesSFR Sécuritéfshoster32.exe
    PRC – [2014/06/05 03:19:38 | 000,093,040 | —- | M] (TomTom) — C:Program FilesTomTom HOME 2TomTomHOMEService.exe
    PRC – [2008/04/14 03:34:03 | 001,037,824 | —- | M] (Microsoft Corporation) — C:WINDOWSexplorer.exe
    PRC – [2008/02/22 09:33:00 | 000,104,960 | —- | M] (ArcSoft Inc.) — C:Program FilesFichiers communsArcSoftConnection ServiceBinACService.exe

    ========== Modules (No Company Name) ==========

    MOD – [2014/12/10 10:52:42 | 016,843,952 | —- | M] () — C:WINDOWSsystem32MacromedFlashNPSWF32_16_0_0_235.dll
    MOD – [2014/12/09 13:47:21 | 003,758,192 | —- | M] () — C:Program FilesMozilla Firefoxmozjs.dll
    MOD – [2014/10/23 20:19:48 | 000,061,440 | —- | M] () — C:Program FilesCCleanerLanglang-1036.dll
    MOD – [2005/06/28 12:59:48 | 000,053,248 | —- | M] () — C:Program FilesArcSoftPhotoImpression 5SharePIHook.dll

    ========== Services (SafeList) ==========

    SRV – File not found [Disabled | Stopped] — C:Program FilesNOSbingetPlus_Helper.dll — (getPlusHelper)
    SRV – File not found [On_Demand | Stopped] — %SystemRoot%System32appmgmts.dll — (AppMgmt)
    SRV – [2014/12/10 10:52:46 | 000,267,440 | —- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] — C:WINDOWSsystem32MacromedFlashFlashPlayerUpdateService.exe — (AdobeFlashPlayerUpdateSvc)
    SRV – [2014/12/09 13:47:21 | 000,114,800 | —- | M] (Mozilla Foundation) [On_Demand | Stopped] — C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe — (MozillaMaintenance)
    SRV – [2014/10/06 15:07:08 | 000,187,432 | —- | M] (F-Secure Corporation) [Auto | Running] — C:Program FilesSFR Sécuritéfshoster32.exe — (fshoster)
    SRV – [2014/09/13 08:36:08 | 003,079,488 | —- | M] (LogMeIn, Inc.) [Disabled | Stopped] — C:Documents and SettingsUTILISATEURLocal SettingsApplication DataLogMeIn Rescue AppletLMIR0001.tmpLMI_Rescue_srv.exe — (LMIRescue_24882919-0c02-4d63-8f5d-3c864251866e)
    SRV – [2014/06/05 03:19:38 | 000,093,040 | —- | M] (TomTom) [Auto | Running] — C:Program FilesTomTom HOME 2TomTomHOMEService.exe — (TomTomHOMEService)
    SRV – [2008/02/22 09:33:00 | 000,104,960 | —- | M] (ArcSoft Inc.) [Auto | Running] — C:Program FilesFichiers communsArcSoftConnection ServiceBinACService.exe — (ACDaemon)
    SRV – [2005/10/19 17:19:10 | 000,049,152 | —- | M] (Alpha Networks Inc.) [On_Demand | Stopped] — C:Program FilesANIANIWZCS2 ServiceANIWZCSdS.exe — (ANIWZCSdService)

    ========== Driver Services (SafeList) ==========

    DRV – File not found [Kernel | On_Demand | Stopped] — — (WDICA)
    DRV – File not found [Kernel | On_Demand | Stopped] — — (PDRFRAME)
    DRV – File not found [Kernel | On_Demand | Stopped] — — (PDRELI)
    DRV – File not found [Kernel | On_Demand | Stopped] — — (PDFRAME)
    DRV – File not found [Kernel | On_Demand | Stopped] — — (PDCOMP)
    DRV – File not found [Kernel | System | Stopped] — — (PCIDump)
    DRV – File not found [Kernel | System | Stopped] — — (lbrtfdc)
    DRV – File not found [Kernel | System | Stopped] — — (i2omgmt)
    DRV – File not found [Kernel | System | Stopped] — — (Changer)
    DRV – File not found [Kernel | On_Demand | Stopped] — system32driversALCXWDM.SYS — (ALCXWDM)
    DRV – File not found [Kernel | On_Demand | Stopped] — system32driversALCXSENS.SYS — (ALCXSENS)
    DRV – [2013/08/25 10:30:48 | 000,013,120 | —- | M] () [File_System | Auto | Running] — C:windowsSystem32driversStarOpen.sys — (StarOpen)
    DRV – [2009/08/05 21:48:42 | 000,054,752 | —- | M] (Microsoft Corporation) [Kernel | Auto | Running] — C:WINDOWSsystem32driversfssfltr_tdi.sys — (fssfltr)
    DRV – [2008/04/13 19:45:30 | 000,010,624 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] — C:WINDOWSsystem32driversgameenum.sys — (gameenum)
    DRV – [2007/06/14 14:29:08 | 000,457,856 | —- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversPAC7302.SYS — (PAC7302)
    DRV – [2006/11/10 14:05:00 | 000,018,688 | —- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] — C:WINDOWSsystem32driversafc.sys — (Afc)
    DRV – [2006/04/17 09:31:26 | 004,262,912 | R— | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] — C:WINDOWSsystem32driversRtkHDAud.Sys — (IntcAzAudAddService)
    DRV – [2005/11/09 14:44:48 | 000,024,288 | —- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] — C:WINDOWSsystem32ANIO.sys — (ANIO)
    DRV – [2005/11/03 19:39:02 | 000,245,504 | —- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] — C:WINDOWSsystem32driversDr71WU.sys — (RT73)
    DRV – [2005/07/29 10:11:04 | 000,012,928 | R— | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] — C:WINDOWSsystem32driversnvnetbus.sys — (nvnetbus)
    DRV – [2005/07/29 10:11:02 | 000,034,048 | R— | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] — C:WINDOWSsystem32driversNVENETFD.sys — (NVENETFD)
    DRV – [2004/08/03 21:31:34 | 000,020,992 | —- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversRTL8139.sys — (rtl8139)
    DRV – [2004/06/03 03:40:46 | 000,079,360 | R— | M] (NVIDIA Corporation) [Kernel | Boot | Running] — C:WINDOWSsystem32driversnvatabus.sys — (nvatabus)
    DRV – [2003/10/29 06:02:00 | 000,021,120 | R— | M] (NVIDIA Corporation) [Kernel | Boot | Running] — C:WINDOWSsystem32driversnv_agp.SYS — (nv_agp)
    DRV – [2001/08/17 23:00:04 | 000,002,944 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversmsmpu401.sys — (ms_mpu401)
    DRV – [2001/08/17 20:51:32 | 000,018,688 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversirsir.sys — (irsir)

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE – HKLM..SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE – HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://search.live.com/results.aspx?q=” onclick=”window.open(this.href);return false;{searchTerms}&src={referrer:source?}
    IE – HKLM..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q=” onclick=”window.open(this.href);return false;{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE – HKLM..SearchScopes{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: “URL” = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p=” onclick=”window.open(this.href);return false;{searchTerms}
    IE – HKLM..SearchScopes{CF739809-1C6C-47C0-85B9-569DBB141420}: “URL” = http://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q=” onclick=”window.open(this.href);return false;{searchTerms}&crm=1

    IE – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = https://fr.yahoo.com?fr=hp-avast&type=avastbcl” onclick=”window.open(this.href);return false;
    IE – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Page = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p=” onclick=”window.open(this.href);return false;{searchTerms}
    IE – HKCUSOFTWAREMicrosoftInternet ExplorerMain,SearchDefaultBranded = 1
    IE – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Secondary Start Pages = http://www.google.fr/” onclick=”window.open(this.href);return false; [binary data]
    IE – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = https://fr.yahoo.com/?fr=hp-avast&type=avastbcl” onclick=”window.open(this.href);return false;
    IE – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp” onclick=”window.open(this.href);return false;
    IE – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = fr
    IE – HKCU..SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
    IE – HKCU..SearchScopes{0939AB17-9F6C-4CD5-862D-A667486E9E29}: “URL” = http://fr.search.yahoo.com/search?p=” onclick=”window.open(this.href);return false;{searchTerms}&ei=UTF-8&fr=FP-tab-web-t340&x=wrt&meta=vl%3D
    IE – HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: “URL” = http://www.google.com/search?q=” onclick=”window.open(this.href);return false;{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE – HKCU..SearchScopes{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: “URL” = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p=” onclick=”window.open(this.href);return false;{searchTerms}
    IE – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: “ProxyEnable” = 0

    ========== FireFox ==========

    FF – prefs.js..browser.search.selectedEngine: “Astromenda”
    FF – prefs.js..browser.startup.homepage: “http://astromenda.com/?f=1&a=ast_tele_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzyyD0B0C0AtD0FyCtAzz0Czz0AtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyE0EyBtDtAyBtD0AtG0Ezy0DyEtGtCtC0DyEtGtDyByC0EtGyEtA0AzzyB0EtBzz0AyCtB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyzytAyDyByB0EyEtGyCtAtD0DtGyE0A0C0DtGzz0C0C0EtGtB0F0DzzzztAtBtD0AyCtB0C2Q&cr=876908220&ir=”

    FF – HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:windowssystem32MacromedFlashNPSWF32_16_0_0_235.dll ()
    FF – HKLMSoftwareMozillaPlugins@adobe.com/ShockwavePlayer: C:windowssystem32AdobeDirectornp32dsw_1213153.dll (Adobe Systems, Inc.)
    FF – HKLMSoftwareMozillaPlugins@divx.com/DivX Player Plugin,version=1.0.0: File not found
    FF – HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: File not found
    FF – HKLMSoftwareMozillaPlugins@microsoft.com/WPF,version=3.5: c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)
    FF – HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.1.3: C:Program FilesVideoLANVLCnpvlc.dll (VideoLAN)
    FF – HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.1.5: C:Program FilesVideoLANVLCnpvlc.dll (VideoLAN)
    FF – HKLMSoftwareMozillaPluginsAdobe Reader: C:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

    FF – HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:Documents and SettingsAll UsersApplication DataRealNetworksRealDownloaderBrowserPluginsFirefoxExt
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 34.0.5extensions\Components: C:Program FilesMozilla Firefoxcomponents
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 34.0.5extensions\Plugins: C:Program FilesMozilla Firefoxplugins

    [2011/09/09 14:09:50 | 000,000,000 | —D | M] (No name found) — C:Documents and SettingsUTILISATEURApplication DataMozillaExtensions
    [2011/09/09 14:09:50 | 000,000,000 | —D | M] (No name found) — C:Documents and SettingsUTILISATEURApplication DataMozillaExtensionshome2@tomtom.com
    [2014/10/28 13:48:33 | 000,000,000 | —D | M] (No name found) — C:Documents and SettingsUTILISATEURApplication DataMozillaFirefoxProfilesf08gypgk.defaultextensions
    [2014/10/28 13:48:40 | 000,000,000 | —D | M] (Avira Browser Safety) — C:Documents and SettingsUTILISATEURApplication DataMozillaFirefoxProfilesf08gypgk.defaultextensionsabs@avira.com
    [2014/10/26 11:56:56 | 000,000,000 | —D | M] (No name found) — C:Documents and SettingsUTILISATEURApplication DataMozillaFirefoxProfilesf08gypgk.defaultextensionsstaged
    [2014/12/04 08:57:52 | 000,000,000 | —D | M] (No name found) — C:Documents and SettingsUTILISATEURApplication DataMozillaFirefoxProfilesf6ze2k3r.default-1408001852015extensions
    [2014/10/26 11:55:25 | 000,001,235 | —- | M] () — C:Documents and SettingsUTILISATEURApplication DataMozillaFirefoxProfilesf08gypgk.defaultsearchpluginsAstromenda.xml
    [2014/12/09 13:46:51 | 000,000,000 | —D | M] (No name found) — C:Program FilesMozilla Firefoxextensions
    [2014/12/09 13:46:52 | 000,000,000 | —D | M] (Google Toolbar for Firefox) — C:Program FilesMozilla Firefoxextensions{3112ca9c-de6d-4884-a869-9855de68056c}
    [2014/12/09 13:46:49 | 000,000,000 | —D | M] (No name found) — C:Program FilesMozilla Firefoxbrowserextensions
    [2014/12/09 13:47:26 | 000,000,000 | —D | M] (Default) — C:Program FilesMozilla Firefoxbrowserextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2014/12/09 13:46:50 | 000,000,000 | —D | M] (No name found) — C:Program FilesMozilla Firefoxdistributionextensions
    [2014/12/09 13:46:51 | 000,000,000 | —D | M] (Yahoo! Toolbar) — C:Program FilesMozilla Firefoxdistributionextensions{635abd67-4fe9-1b23-4f01-e679fa7484c1}

    O1 HOSTS File: ([2004/08/05 13:00:00 | 000,000,790 | —- | M]) – C:WINDOWSsystem32driversetchosts
    O1 – Hosts: 127.0.0.1 localhost
    O2 – BHO: (ECarteBleueBrowserHelper Class) – {2E03C0FD-4C48-43A7-9A54-00240C70FF16} – C:WINDOWSsystem32BhoECart.dll (Orbiscom Ltd. All rights reserved.)
    O3 – HKLM..Toolbar: (Easy-WebPrint) – {327C2873-E90D-4c37-AA9D-10AC9BABA46C} – C:Program FilesCanonEasy-WebPrintToolband.dll ()
    O3 – HKLM..Toolbar: (no name) – Locked – No CLSID value found.
    O3 – HKCU..ToolbarWebBrowser: (no name) – {21FA44EF-376D-4D53-9B0F-8A89D3229068} – No CLSID value found.
    O3 – HKCU..ToolbarWebBrowser: (no name) – {2318C2B1-4965-11D4-9B18-009027A5CD4F} – No CLSID value found.
    O3 – HKCU..ToolbarWebBrowser: (no name) – {41564952-412D-5350-00A7-7A786E7484D7} – No CLSID value found.
    O3 – HKCU..ToolbarWebBrowser: (no name) – {41564952-412D-5637-4300-7A786E7484D7} – No CLSID value found.
    O3 – HKCU..ToolbarWebBrowser: (no name) – {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} – No CLSID value found.
    O3 – HKCU..ToolbarWebBrowser: (no name) – {EEE6C35B-6118-11DC-9C72-001320C79847} – No CLSID value found.
    O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k File not found
    O4 – HKCU..Run: [CCleaner Monitoring] C:Program FilesCCleanerCCleaner.exe (Piriform Ltd)
    O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: HonorAutoRunSetting = 1
    O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoCDBurning = 0
    O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 0
    O6 – HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 0
    O7 – HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 0
    O7 – HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveAutoRun = 0
    O16 – DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:Program FilesYahoo!CommonYinsthelper.dll (Reg Error: Key error.)
    O16 – DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab” onclick=”window.open(this.href);return false; (Reg Error: Key error.)
    O16 – DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab” onclick=”window.open(this.href);return false; (Reg Error: Key error.)
    O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab” onclick=”window.open(this.href);return false; (Reg Error: Key error.)
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{7782A84B-31DC-44B2-AF9D-4452260CAE0F}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{EA534E04-065C-4606-80AF-0E1542220AC9}: DhcpNameServer = 212.27.54.252 212.27.53.252
    O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{F1DDA3B0-C859-4861-A065-0A7FFC66D371}: DhcpNameServer = 192.168.1.1
    O18 – ProtocolHandlerippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} – C:Program FilesFichiers communsSystemOle DBmsdaipp.dll (Microsoft Corporation)
    O18 – ProtocolHandlermsdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} – C:Program FilesFichiers communsSystemOle DBmsdaipp.dll (Microsoft Corporation)
    O18 – ProtocolHandlermsdaippoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} – C:Program FilesFichiers communsSystemOle DBmsdaipp.dll (Microsoft Corporation)
    O20 – HKLM Winlogon: Shell – (Explorer.exe) – C:windowsexplorer.exe (Microsoft Corporation)
    O20 – HKLM Winlogon: UserInit – (C:windowsSystem32Userinit.exe) – C:WINDOWSsystem32userinit.exe (Microsoft Corporation)
    O20 – HKLM Winlogon: UserInit – (lorer.exe) – C:windowsexplorer.) – File not found
    O20 – WinlogonNotifyAtiExtEvent: DllName – (Reg Error: Value error.) – Reg Error: Value error. File not found
    O24 – Desktop Components:0 (Ma page d’accueil) – About:Home
    O24 – Desktop WallPaper: C:Documents and SettingsUTILISATEURLocal SettingsApplication DataMicrosoftWallpaper1.bmp
    O24 – Desktop BackupWallPaper: C:Documents and SettingsUTILISATEURLocal SettingsApplication DataMicrosoftWallpaper1.bmp
    O28 – HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} – C:Program FilesWindows Desktop SearchMsnlNamespaceMgr.dll (Microsoft Corporation)
    O32 – HKLM CDRom: AutoRun – 1
    O32 – AutoRun File – [2014/07/29 08:57:37 | 000,000,000 | —- | M] () – C:autoexec.bat — [ NTFS ]
    O32 – AutoRun File – [2010/08/17 12:21:18 | 000,000,000 | RHSD | M] – C:Autorun.inf — [ NTFS ]
    O35 – HKLM..comfile [open] — “%1” %*
    O35 – HKLM..exefile [open] — “%1” %*
    O37 – HKLM…com [@ = comfile] — “%1” %*
    O37 – HKLM…exe [@ = exefile] — “%1” %*
    O38 – SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 – SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders – Created Within 30 Days ==========

    [2014/12/14 11:57:03 | 000,000,000 | RH-D | C] — C:Documents and SettingsUTILISATEURRecent
    [2014/12/13 10:44:08 | 000,000,000 | —D | C] — C:Documents and SettingsUTILISATEURBureausfr free
    [2014/12/11 21:05:00 | 000,000,000 | —D | C] — C:Program FilesSFR Sécurité
    [2014/12/09 13:46:48 | 000,000,000 | —D | C] — C:Program FilesMozilla Firefox
    [2014/12/09 08:32:53 | 000,000,000 | —D | C] — C:Documents and SettingsUTILISATEURLocal SettingsApplication DataF-Secure
    [2014/12/09 08:32:53 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataF-Secure
    [2014/08/01 13:35:02 | 009,414,952 | —- | C] (PC Cleaners) — C:Documents and SettingsAll UsersApplication Datapclunst.exe
    [2009/04/10 13:48:26 | 000,047,360 | —- | C] (VSO Software) — C:Documents and SettingsUTILISATEURApplication Datapcouffin.sys
    [3 C:windows*.tmp files -> C:windows*.tmp -> ]

    ========== Files – Modified Within 30 Days ==========

    [2014/12/14 12:25:02 | 000,000,434 | -H– | M] () — C:windowstasksUser_Feed_Synchronization-{69E32961-E86E-4AE3-ADD0-159BACBC9AFF}.job
    [2014/12/14 12:17:13 | 000,001,364 | —- | M] () — C:Documents and SettingsUTILISATEURBureauUsbFix.lnk
    [2014/12/14 11:53:14 | 000,000,444 | -H– | M] () — C:windowstasksUser_Feed_Synchronization-{FC660AB2-8564-4557-9EBF-60FA6E95D004}.job
    [2014/12/14 11:50:47 | 000,000,312 | —- | M] () — C:windowstasksRealDownloaderRealUpgradeLogonTaskS-1-5-21-1935655697-261478967-725345543-1004.job
    [2014/12/14 11:50:46 | 000,000,290 | —- | M] () — C:windowstasksRealUpgradeLogonTaskS-1-5-21-1935655697-261478967-725345543-1004.job
    [2014/12/14 11:50:46 | 000,000,290 | —- | M] () — C:windowstasksRealPlayerRealUpgradeLogonTaskS-1-5-21-1935655697-261478967-725345543-1004.job
    [2014/12/14 11:50:36 | 000,002,048 | –S- | M] () — C:windowsbootstat.dat
    [2014/12/14 08:50:00 | 000,001,002 | —- | M] () — C:windowstasksAdobe Flash Player Updater.job
    [2014/12/10 10:52:45 | 000,701,616 | —- | M] (Adobe Systems Incorporated) — C:windowsSystem32FlashPlayerApp.exe
    [2014/12/10 10:52:43 | 000,071,344 | —- | M] (Adobe Systems Incorporated) — C:windowsSystem32FlashPlayerCPLApp.cpl
    [2014/12/08 12:06:00 | 000,000,298 | —- | M] () — C:windowstasksRealUpgradeScheduledTaskS-1-5-21-1935655697-261478967-725345543-1004.job
    [2014/12/07 13:59:17 | 000,012,658 | —- | M] () — C:windowsSystem32wpa.dbl
    [2014/11/18 09:48:06 | 000,000,520 | —- | M] () — C:Documents and SettingsUTILISATEURMes documentsspider.sav
    [3 C:windows*.tmp files -> C:windows*.tmp -> ]

    ========== Files Created – No Company Name ==========

    [2014/12/14 12:17:12 | 000,001,364 | —- | C] () — C:Documents and SettingsUTILISATEURBureauUsbFix.lnk
    [2014/10/26 21:24:26 | 000,183,424 | —- | C] () — C:windowsSystem32FNTCACHE.DAT
    [2014/09/13 10:08:08 | 000,308,560 | —- | C] () — C:windowsSystem32vipre.dll
    [2014/08/26 13:43:44 | 000,138,686 | —- | C] () — C:Documents and SettingsLocalServiceLocal SettingsApplication DataWPFFontCache_v0400-S-1-5-18-0.dat
    [2014/08/18 19:24:26 | 000,013,120 | —- | C] () — C:windowsSystem32driversStarOpen.sys
    [2014/07/10 08:49:08 | 000,138,686 | —- | C] () — C:Documents and SettingsLocalServiceLocal SettingsApplication DataWPFFontCache_v0400-S-1-5-21-1935655697-261478967-725345543-1004-0.dat
    [2014/07/10 08:49:01 | 000,138,686 | —- | C] () — C:Documents and SettingsLocalServiceLocal SettingsApplication DataWPFFontCache_v0400-System.dat
    [2014/01/23 18:31:12 | 000,030,568 | —- | C] () — C:windowsMusiccityDownload.exe
    [2014/01/23 18:31:08 | 000,974,848 | —- | C] () — C:windowsSystem32cis-2.4.dll
    [2014/01/23 18:31:08 | 000,081,920 | —- | C] () — C:windowsSystem32issacapi_bs-2.3.dll
    [2014/01/23 18:31:08 | 000,065,536 | —- | C] () — C:windowsSystem32issacapi_pe-2.3.dll
    [2014/01/23 18:31:08 | 000,057,344 | —- | C] () — C:windowsSystem32issacapi_se-2.3.dll
    [2013/09/18 18:44:46 | 000,002,424 | —- | C] () — C:windowsSystem32ASOROSet.bin
    [2013/04/15 13:36:35 | 001,072,544 | —- | C] () — C:windowsSystem32nvdrsdb1.bin
    [2013/04/15 13:36:35 | 001,072,544 | —- | C] () — C:windowsSystem32nvdrsdb0.bin
    [2013/04/15 13:36:35 | 000,000,001 | —- | C] () — C:windowsSystem32nvdrssel.bin
    [2013/02/08 04:03:08 | 002,816,504 | —- | C] () — C:windowsSystem32nvdata.data
    [2010/03/27 13:28:28 | 000,000,850 | —- | C] () — C:Documents and SettingsUTILISATEURApplication DataProductTweaks.xml
    [2010/03/26 12:51:55 | 000,000,025 | —- | C] () — C:Documents and SettingsUTILISATEURApplication Databdfvconp.ini
    [2010/03/26 12:51:46 | 000,000,385 | —- | C] () — C:Documents and SettingsUTILISATEURApplication Datauser_gensett.xml
    [2010/03/26 12:51:32 | 000,000,376 | —- | C] () — C:Documents and SettingsUTILISATEURApplication Dataprivacy.xml
    [2009/04/10 13:50:01 | 000,001,044 | —- | C] () — C:Documents and SettingsUTILISATEURApplication Datavso_ts_preview.xml
    [2009/04/10 13:48:27 | 000,087,608 | —- | C] () — C:Documents and SettingsUTILISATEURApplication Datainst.exe
    [2009/04/10 13:48:27 | 000,007,887 | —- | C] () — C:Documents and SettingsUTILISATEURApplication Datapcouffin.cat
    [2009/04/10 13:48:26 | 000,001,144 | —- | C] () — C:Documents and SettingsUTILISATEURApplication Datapcouffin.inf
    [2008/07/12 14:04:59 | 003,702,784 | —- | C] () — C:Documents and SettingsUTILISATEURs-1-5-21-1935655697-261478967-725345543-1004.rrr
    [2007/09/09 08:28:34 | 000,186,880 | —- | C] () — C:Documents and SettingsUTILISATEURLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/01/28 22:27:55 | 000,000,140 | —- | C] () — C:Documents and SettingsUTILISATEURdefault.pls
    [2006/10/10 15:24:59 | 000,000,134 | —- | C] () — C:Documents and SettingsUTILISATEURLocal SettingsApplication Datafusioncache.dat
    [2005/01/07 11:28:20 | 000,000,000 | —- | C] () — C:Documents and SettingsUTILISATEURApplication Datasversion.ini

    ========== ZeroAccess Check ==========

    [2006/10/10 15:21:26 | 000,000,227 | RHS- | M] () — C:windowsassemblyDesktop.ini

    [HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

    [HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32]

    [HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]
    “” = %SystemRoot%system32shdocvw.dll — [2008/04/14 03:33:41 | 001,499,136 | —- | M] (Microsoft Corporation)
    “ThreadingModel” = Apartment

    [HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32]
    “” = C:WINDOWSsystem32wbemfastprox.dll — [2009/02/09 11:53:55 | 000,473,600 | —- | M] (Microsoft Corporation)
    “ThreadingModel” = Free

    [HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32]
    “” = C:WINDOWSsystem32wbemwbemess.dll — [2008/04/14 03:33:48 | 000,273,920 | —- | M] (Microsoft Corporation)
    “ThreadingModel” = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream – 116 bytes -> C:Documents and SettingsAll UsersApplication DataTEMP:D1B5B4F1

    < End of report >
    :merci2:

    Evasion60Evasion60
    Participant
    Nombre d'articles : 1559

    :hello: Bonjour, et :welcome: sur SosVirus

    /! Je vais t’assister au cours de cette désinfection. Si tu es d’accord, on va fixer quelques règles pour que la désinfection soit efficace
    •Si tu as ouvert un sujet similaire sur un autre forum, merci de me prévenir afin que je ne fasse pas de recherches inutiles et par souci d’efficacité (on ne prend pas rendez-vous dans 2 garages pour le même problème mécanique)
    •Si tu as des cracks ou des keygens, tu les supprimes
    •Si tu as un windows illégal, je ne désinfecte pas
    •Tu poursuis la désinfection jusqu’au bout, même si tu constates une amélioration rapide, et de préférence sur un temps restreint (pas une réponse tous les 3 jours), sinon, cela ne sert à rien
    •La désinfection comprend un diagnostic, un nettoyage, la suppression des outils utilisés et des conseils pour éviter des ré-infections futures, mettre le système à jour, créer des sauvegardes etc…
    •Quelques-uns des outils utilisés peuvent faire réagir certains antivirus, car ils sont puissants et destructeurs s’ils sont mal utilisés
    •Pour me permettre d’établir un diagnostic, peux-tu suivre les consignes ci dessous, et éditer les trois rapports demandés ? (Adwcleaner, malwarebyte’s et ZHPDiag)
    •Si tu as des questions, n’hésite pas

    Consignes => post3055.html#p3055

    Evasion60

    /! Dans un premier temps, saches que Windows XP Home & Pro sont obsolètes, et plus tenus à jour, via Microsoft ! :(
    /! Dans un second temps, tu es infecté, et ton symptôme ressemble à +/- une surchauffe machine => La tour ou le portable ont-ils déjà été nettoyée physiquement parlant ? (poussières + ventirades + cartes + radiateurs + filtres)

    Sinon, en attente des trois rapports demandés =>
    – MalwareBytes AM
    – AdwCleaner
    – ZHPDiag

    ;)

    whynot
    Participant
    Nombre d'articles : 16

    Bonjour et merci pour votre aide , pour vous répondre je ne suis inscrite sur aucun autre forum pour ce sujet, mon pc est d’origine ,je ne vole pas n’y ne falsifie, effectivement j’ai commencer par nettoyer la tour époussetage et aspirateur, je pense que depuis le temps que j’ai mon pc j’ai du télécharger beaucoup de choses inutiles j’essaie de les enlever mais je ne sais pas toujours à quoi ça correspond pour le reste je serais attentive à ce que vous me direr; merci sandrine

    whynot
    Participant
    Nombre d'articles : 16

    rebonjour ci joins le fichier adw cleaner
    # AdwCleaner v4.105 – Rapport créé le 15/12/2014 à 09:36:23
    # Mis à jour le 08/12/2014 par Xplode
    # Database : 2014-12-13.4 [Live]
    # Système d’exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
    # Nom d’utilisateur : UTILISATEUR – UTILISAT-449851
    # Exécuté depuis : C:Documents and SettingsUTILISATEURMes documentsTéléchargementsAdwCleaner-4.1.0.5.exe
    # Option : Scanner

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Dossier Présent : C:Documents and SettingsAll UsersApplication Dataapn
    Dossier Présent : C:Documents and SettingsAll UsersApplication Dataapn
    Dossier Présent : C:Documents and SettingsAll UsersApplication DataBabylon
    Dossier Présent : C:Documents and SettingsAll UsersApplication DataBabylon
    Dossier Présent : C:Documents and SettingsAll UsersApplication DataIePluginServices
    Dossier Présent : C:Documents and SettingsAll UsersApplication DataIePluginServices
    Dossier Présent : C:Documents and SettingsAll UsersApplication DataWindowsMangerProtect
    Dossier Présent : C:Documents and SettingsAll UsersApplication DataWindowsMangerProtect
    Dossier Présent : C:Documents and SettingsAll UsersApplication DataWinMaximizer
    Dossier Présent : C:Documents and SettingsAll UsersApplication DataWinMaximizer
    Dossier Présent : C:Documents and SettingsAll UsersApplication DataYahoo! Companion
    Dossier Présent : C:Documents and SettingsAll UsersApplication DataYahoo! Companion
    Dossier Présent : C:Documents and SettingsUTILISATEURApplication DataBabSolution
    Dossier Présent : C:Documents and SettingsUTILISATEURApplication DataBabylon
    Dossier Présent : C:Documents and SettingsUTILISATEURApplication DataDSite
    Dossier Présent : C:Documents and SettingsUTILISATEURApplication Datawebssearches
    Dossier Présent : C:Documents and SettingsUTILISATEURLocal SettingsApplication DataSoftware
    Dossier Présent : C:Program FilesDomaIQ Uninstaller
    Dossier Présent : C:Program FilesMyPC Backup
    Dossier Présent : C:Program Filesregistry mechanic
    Dossier Présent : C:Program FilesSoftware
    Dossier Présent : C:Program FilesSupTab
    Dossier Présent : C:Program FilesSweetIM
    Dossier Présent : C:windowssystem32BrowserProtect
    Fichier Présent : C:Documents and SettingsUTILISATEURApplication DataMozillaFirefoxProfilesf08gypgk.defaultsearchpluginsastromenda.xml
    Fichier Présent : C:Documents and SettingsUTILISATEURApplication DataMozillaFirefoxProfilesf08gypgk.defaultuser.js
    Fichier Présent : C:Documents and SettingsUTILISATEURApplication DataMozillaFirefoxProfilesf6ze2k3r.default-1408001852015searchpluginsastromenda.xml
    Fichier Présent : C:Documents and SettingsUTILISATEURApplication DataMozillaFirefoxProfilesf6ze2k3r.default-1408001852015user.js
    Fichier Présent : C:windowssystem32roboot.exe

    ***** [ Tâches planifiées ] *****

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Présente : HKCUSoftwareBABSOLUTION
    Clé Présente : HKCUSoftwareBI
    Clé Présente : HKCUSoftwareDataMngr
    Clé Présente : HKCUSoftwaredsiteproducts
    Clé Présente : HKCUSoftwaref6d9dcbc6fe410
    Clé Présente : HKCUSoftwarefilescout
    Clé Présente : HKCUSoftwareInstallCore
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheDSite
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{0055C089-8582-441B-A0BF-17B458C2A3A8}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{201F27D4-3704-41D6-89C1-AA35E39143ED}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{82E1477C-B154-48D3-9891-33D83C26BCD3}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{EEE6C35B-6118-11DC-9C72-001320C79847}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{EEE6C35C-6118-11DC-9C72-001320C79847}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{00000000-6E41-4FD3-8538-502F5495E5FC}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{0055C089-8582-441B-A0BF-17B458C2A3A8}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{201F27D4-3704-41D6-89C1-AA35E39143ED}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{82E1477C-B154-48D3-9891-33D83C26BCD3}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{EEE6C35B-6118-11DC-9C72-001320C79847}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{EEE6C35C-6118-11DC-9C72-001320C79847}
    Clé Présente : HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallDSite
    Clé Présente : HKCUSoftwareSoftonic
    Clé Présente : HKCUSoftwareSpeeditUp
    Clé Présente : HKCUSoftwareSweetIM
    Clé Présente : HKCUSoftwareYahooPartnerToolbar
    Clé Présente : HKLMSOFTWAREBabylon
    Clé Présente : HKLMSOFTWAREClassesAppID{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Clé Présente : HKLMSOFTWAREClassesAppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Clé Présente : HKLMSOFTWAREClassesAppID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    Clé Présente : HKLMSOFTWAREClassesAppIDsecman.DLL
    Clé Présente : HKLMSOFTWAREClassesCLSID{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
    Clé Présente : HKLMSOFTWAREClassesCLSID{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Clé Présente : HKLMSOFTWAREClassesCLSID{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
    Clé Présente : HKLMSOFTWAREClassesCLSID{826D7151-8D99-434B-8540-082B8C2AE556}
    Clé Présente : HKLMSOFTWAREClassesCLSID{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Clé Présente : HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Clé Présente : HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Clé Présente : HKLMSOFTWAREClassesProd.cap
    Clé Présente : HKLMSOFTWAREClassessecman.OutlookSecurityManager
    Clé Présente : HKLMSOFTWAREClassessecman.OutlookSecurityManager.1
    Clé Présente : HKLMSOFTWAREClassesTypeLib{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Clé Présente : HKLMSOFTWAREDataMngr
    Clé Présente : HKLMSOFTWAREDomaIQ
    Clé Présente : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{CF739809-1C6C-47C0-85B9-569DBB141420}
    Clé Présente : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSoftwareUpdate.exe
    Clé Présente : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheMyPC Backup
    Clé Présente : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheYahoo! Companion
    Clé Présente : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Clé Présente : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Clé Présente : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC
    Clé Présente : HKLMSOFTWARESweetIM
    Clé Présente : HKLMSOFTWAREUniblue
    Valeur Présente : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
    Valeur Présente : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v8.0.6001.18702

    -\ Mozilla Firefox v34.0.5 (x86 fr)

    [f08gypgk.default] – Ligne Trouvée : user_pref(“browser.search.selectedEngine”, “Astromenda”);
    [f08gypgk.default] – Ligne Trouvée : user_pref(“browser.startup.homepage”, “hxxp://astromenda.com/?f=1&a=ast_tele_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzyyD0B0C0AtD0FyCtAzz0Czz0AtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1[…]
    [f6ze2k3r.default-1408001852015] – Ligne Trouvée : user_pref(“extensions.astrmndasr.hmpgUrl”, “hxxp://astromenda.com/?f=1&a=ast_tele_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzyyD0B0C0AtD0FyCtAzz0Czz0AtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytD[…]
    [f6ze2k3r.default-1408001852015] – Ligne Trouvée : user_pref(“extensions.astrmndasr.newTabUrl”, “hxxp://astromenda.com/?f=2&a=ast_tele_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzyyD0B0C0AtD0FyCtAzz0Czz0AtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzy[…]
    [f6ze2k3r.default-1408001852015] – Ligne Trouvée : user_pref(“extensions.astrmndasr.prtnrId”, “WSE_Astromenda”);
    [f6ze2k3r.default-1408001852015] – Ligne Trouvée : user_pref(“extensions.astrmndasr.srchPrvdr”, “Astromenda”);
    [f6ze2k3r.default-1408001852015] – Ligne Trouvée : user_pref(“extensions.astrmndasr.tlbrSrchUrl”, “hxxp://astromenda.com/?f=3&a=ast_tele_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzyyD0B0C0AtD0FyCtAzz0Czz0AtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtB[…]

    *************************

    AdwCleaner[R0].txt – [10191 octets] – [15/12/2014 09:36:23]

    ########## EOF – C:AdwCleanerAdwCleaner[R0].txt – [10252 octets] ##########

    whynot
    Participant
    Nombre d'articles : 16

    ci après la suite malware
    Malwarebytes Anti-Malware
    http://www.malwarebytes.org

    Date de l’examen: 15/12/2014
    Heure de l’examen: 10:00:21
    Fichier journal: malware.txt
    Administrateur: Oui

    Version: 2.00.4.1028
    Base de données Malveillants: v2014.12.15.01
    Base de données Rootkits: v2014.12.14.01
    Licence: Gratuit
    Protection contre les malveillants: Désactivé(e)
    Protection contre les sites Web malveillants: Désactivé(e)
    Auto-protection: Désactivé(e)

    Système d’exploitation: Windows XP Service Pack 3
    Processeur: x86
    Système de fichiers: NTFS
    Utilisateur: UTILISATEUR

    Type d’examen: Examen “Menaces”
    Résultat: Terminé
    Objets analysés: 346093
    Temps écoulé: 29 min, 3 sec

    Mémoire: Activé(e)
    Démarrage: Activé(e)
    Système de fichiers: Activé(e)
    Archives: Activé(e)
    Rootkits: Désactivé(e)
    Heuristique: Activé(e)
    PUP: Activé(e)
    PUM: Activé(e)

    Processus: 0
    (Aucun élément malicieux detecté)

    Modules: 0
    (Aucun élément malicieux detecté)

    Clés du Registre: 16
    PUP.Optional.Delta.A, HKLMSOFTWARECLASSESAPPID{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, , [53ca77ec522a4fe710b3f81017ec718f],
    PUP.Optional.Delta.A, HKUS-1-5-21-1935655697-261478967-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSETTINGS{82E1477C-B154-48D3-9891-33D83C26BCD3}, , [9786e47f4d2f48eeb013e81fd23134cc],
    PUP.Optional.Delta.A, HKUS-1-5-21-1935655697-261478967-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSTATS{82E1477C-B154-48D3-9891-33D83C26BCD3}, , [9786e47f4d2f48eeb013e81fd23134cc],
    PUP.Optional.Delta.A, HKUS-1-5-21-1935655697-261478967-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSETTINGS{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, , [54c962016a125adc814165a28c77ed13],
    PUP.Optional.Delta.A, HKUS-1-5-21-1935655697-261478967-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSTATS{C1AF5FA5-852C-4C90-812E-A7F75E011D87}, , [54c962016a125adc814165a28c77ed13],
    PUP.Optional.SweetPacks, HKUS-1-5-21-1935655697-261478967-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSETTINGS{EEE6C35C-6118-11DC-9C72-001320C79847}, , [001de08379032f0775b7cd091ee43fc1],
    PUP.Optional.SweetPacks, HKUS-1-5-21-1935655697-261478967-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXTSTATS{EEE6C35C-6118-11DC-9C72-001320C79847}, , [001de08379032f0775b7cd091ee43fc1],
    PUP.Optional.DigitalSites.A, HKUS-1-5-21-1935655697-261478967-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREMICROSOFTWINDOWSCURRENTVERSIONUNINSTALLDSite, , [7ca1303319632e087a7f8bc37889f709],
    PUP.Optional.DataMangr.A, HKLMSOFTWAREDataMngr, , [a17c9ac9c4b8f244ebf696dfd62d01ff],
    PUP.Optional.DomaIQ.A, HKLMSOFTWAREDomaIQ, , [77a6e182710b70c6a9837f1617ec0cf4],
    PUP.Optional.SweetIM.A, HKLMSOFTWARESweetIM, , [ac714b18f18b9f970213d97718eb5da3],
    PUP.Optional.DataMngr.A, HKUS-1-5-21-1935655697-261478967-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREDataMngr, , [d04d1d46017b95a1dc6d50587c8848b8],
    PUP.Optional.DigitalSites.A, HKUS-1-5-21-1935655697-261478967-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREDSiteProducts, , [ee2fc0a3f389c96dc47722afb252ce32],
    PUP.Optional.Softonic.A, HKUS-1-5-21-1935655697-261478967-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWARESoftonic, , [e23bc69ddd9fe94d139a77da7c8722de],
    PUP.Optional.SweetIM.A, HKUS-1-5-21-1935655697-261478967-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWARESweetIM, , [87961b48d6a6979f1400b59b47bc966a],
    PUP.Optional.Babylon.A, HKUS-1-5-21-1935655697-261478967-725345543-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREBABSOLUTIONUpdater, , [0f0ee97a45370a2cd874a20710f4857b],

    Valeurs du Registre: 0
    (Aucun élément malicieux detecté)

    Données du Registre: 0
    (Aucun élément malicieux detecté)

    Dossiers: 40
    PUP.Optional.Delta.A, C:Documents and SettingsUTILISATEURApplication DataBabSolutionShared, , [8d90eb78b9c3de58fa413a8cec1833cd],
    PUP.Optional.SweetIM.A, C:Program FilesSweetIMToolbars, , [4ad3f66d0e6e6dc958a08f8d32d1c63a],
    PUP.Optional.SweetIM.A, C:Program FilesSweetIMToolbarsInternet Explorer, , [4ad3f66d0e6e6dc958a08f8d32d1c63a],
    PUP.Optional.SweetIM.A, C:Program FilesSweetIMToolbarsInternet ExplorerMicrosoft.VC90.CRT, , [4ad3f66d0e6e6dc958a08f8d32d1c63a],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearches, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimages, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimagescode, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.IePluginServices.A, C:Documents and SettingsAll UsersApplication DataIePluginServices, , [71ac75ee6e0e4de9f5fd4ce5897a926e],
    PUP.Optional.IePluginServices.A, C:Documents and SettingsAll UsersApplication DataIePluginServicesupdate, , [71ac75ee6e0e4de9f5fd4ce5897a926e],
    PUP.Optional.BabSolution.A, C:Documents and SettingsUTILISATEURApplication DataBabSolutionCR, , [7da070f392ead56117ef58dc847f669a],
    PUP.Optional.WPM.A, C:Documents and SettingsAll UsersApplication DataWindowsMangerProtect, , [74a9263d522a5bdbbb9481b3e51e4bb5],
    PUP.Optional.WPM.A, C:Documents and SettingsAll UsersApplication DataWindowsMangerProtectlog, , [74a9263d522a5bdbbb9481b3e51e4bb5],
    PUP.Optional.WPM.A, C:Documents and SettingsAll UsersApplication DataWindowsMangerProtectupdate, , [74a9263d522a5bdbbb9481b3e51e4bb5],
    PUP.Optional.Updater.A, C:Documents and SettingsUTILISATEURApplication DataDSiteUpdateProc, , [71acd0935b21b97d30a7bb7e7390d62a],
    PUP.Optional.SupTab.A, C:Program FilesSupTab, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabskin, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabskinimage, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabwebimg, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabwebjs, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_locales, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesen-US, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localeses-419, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localeses-ES, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesfr-BE, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesfr-CA, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesfr-CH, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesfr-FR, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesfr-LU, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesit-CH, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesit-IT, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localespl, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localespt, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localespt-BR, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesru, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesru-MO, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localestr-TR, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesvi-VI, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localeszh-CN, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localeszh-TW, , [a578bba8c5b7b086d6853703d92af60a],

    Fichiers: 83
    PUP.Optional.DigitalSites.A, C:Documents and SettingsUTILISATEURApplication DataDSiteUpdateProcUpdateTask.exe, , [7ca1303319632e087a7f8bc37889f709],
    PUP.Optional.Astromenda, C:Documents and SettingsUTILISATEURApplication DataMozillaFirefoxProfilesf08gypgk.defaultSEARCHPLUGINSASTROMENDA.XML, , [43dad48fd2aa86b0f9b8451ec63d0df3],
    PUP.Optional.Astromenda, C:Documents and SettingsUTILISATEURApplication DataMozillaFirefoxProfilesf6ze2k3r.default-1408001852015SEARCHPLUGINSASTROMENDA.XML, , [0617580bf78591a588297ce7ce35cd33],
    PUP.Optional.Delta.A, C:Documents and SettingsUTILISATEURApplication DataBabSolutionSharedDelta.ico, , [8d90eb78b9c3de58fa413a8cec1833cd],
    PUP.Optional.Delta.A, C:Documents and SettingsUTILISATEURApplication DataBabSolutionSharedBabMaint.exe, , [8d90eb78b9c3de58fa413a8cec1833cd],
    PUP.Optional.Delta.A, C:Documents and SettingsUTILISATEURApplication DataBabSolutionSharedBUSolution.dll, , [8d90eb78b9c3de58fa413a8cec1833cd],
    PUP.Optional.Delta.A, C:Documents and SettingsUTILISATEURApplication DataBabSolutionSharedchu.js, , [8d90eb78b9c3de58fa413a8cec1833cd],
    PUP.Optional.Delta.A, C:Documents and SettingsUTILISATEURApplication DataBabSolutionSharedGUninstaller.exe, , [8d90eb78b9c3de58fa413a8cec1833cd],
    PUP.Optional.Delta.A, C:Documents and SettingsUTILISATEURApplication DataBabSolutionSharedSetupParams.ini, , [8d90eb78b9c3de58fa413a8cec1833cd],
    PUP.Optional.Delta.A, C:Documents and SettingsUTILISATEURApplication DataBabSolutionSharedsqlite3.dll, , [8d90eb78b9c3de58fa413a8cec1833cd],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearches215.json, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication DatawebssearchesMessageBox.xml, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication DatawebssearchesuninstallDlg2.xml, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimagesbg.png, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimagesbg1.png, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimagesbk_shadow.png, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimagesbutton.png, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimagesbutton1.png, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimagescheckbox.png, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimagescheckbox_select.png, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimageschecked.png, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimagesclose.png, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimagesloading_bg.png, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimagesloading_light.png, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimagesmin.png, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimagesscrollbar.bmp, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimagesunchecked.png, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimagescodecode1.jpg, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimagescodecode2.jpg, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimagescodecode3.jpg, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimagescodecode4.jpg, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimagescodecode5.jpg, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.WebsSearches.A, C:Documents and SettingsUTILISATEURApplication Datawebssearchesimagescodecode6.jpg, , [49d46201a2da191d5aa968bbe61dff01],
    PUP.Optional.IePluginServices.A, C:Documents and SettingsAll UsersApplication DataIePluginServicesupdateconf, , [71ac75ee6e0e4de9f5fd4ce5897a926e],
    PUP.Optional.WPM.A, C:Documents and SettingsAll UsersApplication DataWindowsMangerProtectupdateconf, , [74a9263d522a5bdbbb9481b3e51e4bb5],
    PUP.Optional.Updater.A, C:Documents and SettingsUTILISATEURApplication DataDSiteUpdateProcconfig.dat, , [71acd0935b21b97d30a7bb7e7390d62a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabient.json, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabskinbk_shadow.png, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabskinbtn.png, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabskinclose.png, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabskinmain.xml, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabskinmain.xml.bak, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabskinimageck_box.png, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabskinimageck_check.png, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabskinimageradio_bk.png, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabskinimageradio_check.png, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabwebdata.html, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabwebindexIE.html, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabwebindexIE8.html, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabwebmain.css, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabwebver.txt, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabwebimggoogle_trends.png, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabwebimgicon128.png, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabwebimgicon16.png, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabwebimgicon48.png, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabwebimgloading.gif, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabwebjscommon.js, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabwebjsga.js, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabwebjsjquery-1.11.0.min.js, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabwebjsjquery.autocomplete.js, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabwebjsjs.js, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabwebjslibrary.js, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabwebjsxagainit.js, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesen-USmessages.json, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localeses-419messages.json, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localeses-ESmessages.json, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesfr-BEmessages.json, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesfr-CAmessages.json, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesfr-CHmessages.json, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesfr-FRmessages.json, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesfr-LUmessages.json, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesit-CHmessages.json, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesit-ITmessages.json, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesplmessages.json, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesptmessages.json, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localespt-BRmessages.json, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesrumessages.json, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesru-MOmessages.json, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localestr-TRmessages.json, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localesvi-VImessages.json, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localeszh-CNmessages.json, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.SupTab.A, C:Program FilesSupTabweb_localeszh-TWmessages.json, , [a578bba8c5b7b086d6853703d92af60a],
    PUP.Optional.Astromenda.A, C:Documents and SettingsUTILISATEURApplication DataMozillaFirefoxProfilesf08gypgk.defaultprefs.js, Bon: (), Mauvais: (user_pref(“browser.startup.homepage”, “http://astromenda.com/?f=1&a=ast_tele_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzyyD0B0C0AtD0FyCtAzz0Czz0AtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2SyE0EyBtDtAyBtD0AtG0Ezy0DyEtGtCtC0DyEtGtDyByC0EtGyEtA0AzzyB0EtBzz0AyCtB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyzytAyDyByB0EyEtGyCtAtD0DtGyE0A0C0DtGzz0C0C0EtGtB0F0DzzzztAtBtD0AyCtB0C2Q&cr=876908220&ir=”);), ,[bc618bd8ee8e88aeda8ddbcb7f86c23e]

    Secteurs physiques: 0
    (Aucun élément malicieux detecté)

    whynot
    Participant
    Nombre d'articles : 16

    et voici le dernier merci pour tout
    Rapport de ZHPDiag v2014.8.28.125 – Nicolas Coolman (28/08/2014)
    ~ Lancé par UTILISATEUR (15/12/2014 10:39:06)
    ~ Adresse du Site Web http://nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Adresse du Forum http://forum.nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Nouvelle version disponible
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Not Found

    —\ Navigateurs Internet
    MSIE: Internet Explorer v8.0.6001.18702
    MFIE: Mozilla Firefox 34.0.5 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
    Windows Automatic Updates : OK
    Windows Genuine Advantage : OK

    —\ Logiciels de protection du système
    SFR Sécurité v2.21.282.0
    Malwarebytes’ Anti-Malware
    Malwarebytes Anti-Malware version 2.0.4.1028
    Microsoft Security Client FR-FR Language Pack v2.1.1116.0

    —\ Logiciels d’optimisation du système
    CCleaner v4.19

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 16 NPAPI
    Adobe Reader X

    —\ Informations sur le système
    ~ Processor: x86 Family 15 Model 79 Stepping 2, AuthenticAMD
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 447 MB (16% free)
    System Restore: Activé (Enable)
    System drive C: has 52 GB (68%) free of 76 GB

    —\ Mode de connexion au système
    ~ Computer Name: UTILISAT-449851
    ~ User Name: UTILISATEUR
    ~ All Users Names: UTILISATEUR, SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur,
    ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:Documents and SettingsUTILISATEURApplication DataZHP
    ~ %AppData% : C:Documents and SettingsUTILISATEURApplication Data
    ~ %Desktop% : C:Documents and SettingsUTILISATEURBureau
    ~ %Favorites% : C:Documents and SettingsUTILISATEURFavoris
    ~ %LocalAppData% : C:Documents and SettingsUTILISATEURLocal SettingsApplication Data
    ~ %StartMenu% : C:Documents and SettingsUTILISATEURMenu Démarrer
    ~ %Windir% : C:WINDOWS
    ~ %System% : C:WINDOWSsystem32

    —\ Enumération des unités disques
    A: Floppy drive, Flash card reader, USB Key (Not Inserted)
    C: Hard drive, Flash drive, Thumb drive (Free 52 Go of 76 Go)
    D: CD-ROM drive (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 45 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] – (.Microsoft Corporation – Explorateur Windows.) (.14/04/2008 – 03:34:03.) — C:WINDOWSExplorer.exe [1037824]
    [MD5.E1948B1F45A176FB4A0251446A5AE86D] – (.Microsoft Corporation – Internet Extensions for Win32.) (.06/03/2014 – 18:58:52.) — C:WINDOWSsystem32wininet.dll [920064]
    [MD5.DD73D6B9F6B4CB630CF35B438B540174] – (.Microsoft Corporation – Application d’ouverture de session Windows NT.) (.14/04/2008 – 03:34:28.) — C:WINDOWSsystem32Winlogon.exe [512000]
    [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.17/08/2011 – 14:49:54.) — C:WINDOWSsystem32DriversAFD.sys [138496]
    [MD5.9F3A2F5AA6875C72BF062C712CFA2674] – (.Microsoft Corporation – IDE/ATAPI Port Driver.) (.13/04/2008 – 19:40:30.) — C:WINDOWSsystem32Driversatapi.sys [96512]
    [MD5.C885B02847F5D2FD45A24E219ED93B32] – (.Microsoft Corporation – CD-ROM File System Driver.) (.13/04/2008 – 20:14:21.) — C:WINDOWSsystem32DriversCdfs.sys [63744]
    [MD5.1F4260CC5B42272D71F79E570A27A4FE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.13/04/2008 – 19:40:46.) — C:WINDOWSsystem32DriversCdrom.sys [62976]
    [MD5.31F923EB2170FC172C81ABDA0045D18C] – (.Microsoft Corporation – Pilote de cryptographie FIPS.) (.14/04/2008 – 02:57:38.) — C:WINDOWSsystem32DriversFips.sys [44672]
    [MD5.573C7D0A32852B48F3058CFD8026F511] – (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) (.13/04/2008 – 17:36:06.) — C:WINDOWSsystem32DriversHDAudBus.sys [144384]
    [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] – (.Microsoft Corporation – Pilote de port i8042.) (.14/04/2008 – 03:00:52.) — C:WINDOWSsystem32Driversi8042prt.sys [54144]
    [MD5.083A052659F5310DD8B6A6CB05EDCF8E] – (.Microsoft Corporation – IMAPI Kernel Driver.) (.13/04/2008 – 19:40:58.) — C:WINDOWSsystem32DriversImapi.sys [42112]
    [MD5.CC748EA12C6EFFDE940EE98098BF96BB] – (.Microsoft Corporation – IP Network Address Translator.) (.13/04/2008 – 19:57:15.) — C:WINDOWSsystem32DriversIpNat.sys [152832]
    [MD5.23C74D75E36E7158768DD63D92789A91] – (.Microsoft Corporation – IPSec Driver.) (.13/04/2008 – 20:19:42.) — C:WINDOWSsystem32DriversIPSec.sys [75264]
    [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.15/07/2011 – 14:29:31.) — C:WINDOWSsystem32DriversMRxSmb.sys [456320]
    [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] – (.Microsoft Corporation – MBT Transport driver.) (.13/04/2008 – 20:21:00.) — C:WINDOWSsystem32DriversnetBT.sys [162816]
    [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] – (.Microsoft Corporation – NT File System Driver.) (.13/04/2008 – 20:15:53.) — C:WINDOWSsystem32Driversntfs.sys [574976]
    [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/04/2008 – 03:09:40.) — C:WINDOWSsystem32DriversParport.sys [80384]
    [MD5.11B4A627BC9614B885C4969BFA5FF8A6] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.13/04/2008 – 20:19:43.) — C:WINDOWSsystem32DriversRasl2tp.sys [51328]
    [MD5.15CABD0F7C00C47C70124907916AF3F1] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.13/04/2008 – 19:32:52.) — C:WINDOWSsystem32Driversrdpdr.sys [196224]
    [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] – (.Microsoft Corporation – Pilote de filtre audio Livre rouge.) (.14/04/2008 – 02:57:34.) — C:WINDOWSsystem32Driversredbook.sys [58752]
    [MD5.46DE1126684369BACE4849E4FC8C43CA] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.14/04/2008 – 02:56:04.) — C:WINDOWSsystem32Driversvolsnap.sys [53376]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/962
    ~ Mes musiques (My Musics) : 1/241
    ~ Mes Videos (My Videos) : 1/93
    ~ Mes Favoris (My Favorites) : 1/98
    ~ Mes Documents (My Documents) : 1/419
    ~ Mon Bureau (My Desktop) : 0/1661
    ~ Menu demarrer (Programs) : 1/25
    ~ Hidden Files: Scanned in 00mn 08s

    —\ Processus lancés
    [MD5.288069F15E1C7498A5E7A2FBE2E8A70A] – (.ArcSoft Inc. – ArcSoft Connect Service.) — C:Program FilesFichiers communsArcSoftConnection ServiceBinACService.exe [104960] [PID.580]
    [MD5.CB7B56F9DB8B297972320DE2B1F2E6AA] – (.F-Secure Corporation – F-Secure Host Process.) — C:Program FilesSFR Sécuritéfshoster32.exe [187432] [PID.668]
    [MD5.0A03E85A641F2672796D34F506066594] – (.TomTom – Windows Service for TomTom HOME.) — C:Program FilesTomTom HOME 2TomTomHOMEService.exe [93040] [PID.1368]
    [MD5.947835240308F523C9D980C89D35E76D] – (.Piriform Ltd – CCleaner.) — C:Program FilesCCleanerCCleaner.exe [4825880] [PID.3348]
    [MD5.2E0B0A051FFAA86E358465BB0880D453] – (.Microsoft Corporation – Windows Update.) — C:windowssystem32wuauclt.exe [53784] [PID.3084]
    [MD5.DADDD62BEDC91BC96CFC794A2CA0D94A] – (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe [337520] [PID.2852]
    [MD5.33BF80A2291C54DC7D7601CDEF63138E] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8099328] [PID.3564]
    ~ Processes Running: Scanned in 00mn 04s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:Documents and SettingsUTILISATEURApplication DataMozillaFirefoxProfilesf08gypgk.defaultprefs.js
    C:Documents and SettingsUTILISATEURApplication DataMozillaFirefoxProfilesf08gypgk.defaultuser.js
    C:Documents and SettingsUTILISATEURApplication DataMozillaFirefoxProfilesf6ze2k3r.default-1408001852015prefs.js
    C:Documents and SettingsUTILISATEURApplication DataMozillaFirefoxProfilesf6ze2k3r.default-1408001852015user.js
    M2 – MFEP: prefs.js [UTILISATEUR – f08gypgk.defaultabs@avira.com] [] Avira Browser Safety v1.4.0 (..)
    ~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    R5 – HKLMSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKLMSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:windowsSystem32Userinit.exe,
    F2 – REG:system.ini: Shell=C:WINDOWSexplorer.exe
    F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hôte est sain (The hosts file is clean) (20)
    ~ Hosts File: Scanned in 00mn 00s

    —\ Browser Helper Objects de navigateur (O2)
    O2 – BHO: e-Carte Bleue Browser Helper Object – {2E03C0FD-4C48-43A7-9A54-00240C70FF16} . (.Orbiscom Ltd. All rights reserved. – e-Carte Bleue.) — C:WINDOWSsystem32BhoECart.dll
    ~ BHO: 4 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: Easy-WebPrint – [HKLM]{327C2873-E90D-4c37-AA9D-10AC9BABA46C} . (.Pas de propriétaire – Easy-WebPrint.) — C:Program FilesCanonEasy-WebPrintToolband.dll
    O3 – Toolbar: (no name) – [HKCU]{1E796980-9CC5-11D1-A83F-00C04FC99D61} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{EEE6C35B-6118-11DC-9C72-001320C79847} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{41564952-412D-5637-4300-7A786E7484D7} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{F2CF5485-4E02-4F68-819C-B92DE9277049} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{41564952-412D-5350-00A7-7A786E7484D7} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesQuickTimeqttask.exe
    O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
    O4 – HKLM..RunOnce: [Malwarebytes’ Anti-Malware] . (.Malwarebytes Corporation – Malwarebytes’ Anti-Malware.) — C:Program FilesMalwarebytes’ Anti-Malwarembamgui.exe
    O4 – HKLM..RunOnce: [Malwarebytes Anti-Malware (cleanup)] . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Documents and SettingsAll UsersApplication DataMalwarebytesMalwarebytes Anti-Malwarembamdor.exe
    O4 – HKCU..Run: [ctfmon.exe] . (.Microsoft Corporation – CTF Loader.) — C:windowssystem32ctfmon.exe
    O4 – HKCU..Run: [CCleaner Monitoring] . (.Piriform Ltd – CCleaner.) — C:Program FilesCCleanerCCleaner.exe =>.Piriform Ltd
    O4 – HKCU..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-20..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-21-1935655697-261478967-725345543-1004..Run: [ctfmon.exe] . (.Microsoft Corporation – CTF Loader.) — C:windowssystem32ctfmon.exe
    O4 – HKUSS-1-5-21-1935655697-261478967-725345543-1004..Run: [CCleaner Monitoring] . (.Piriform Ltd – CCleaner.) — C:Program FilesCCleanerCCleaner.exe =>.Piriform Ltd
    O4 – HKUSS-1-5-21-1935655697-261478967-725345543-1004..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} — Clé orpheline
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 – DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} – ((no name)) – (.not file.) – C:Program FilesYahoo!CommonYinsthelper.dll
    O16 – DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} ((no name)) – http://download.divx.com/player/DivXBrowserPlugin.cab” onclick=”window.open(this.href);return false;
    O16 – DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) – http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab” onclick=”window.open(this.href);return false;
    O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) – http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab” onclick=”window.open(this.href);return false;
    ~ Objets ActiveX: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{7782A84B-31DC-44B2-AF9D-4452260CAE0F}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{EA534E04-065C-4606-80AF-0E1542220AC9}: DhcpNameServer = 212.27.54.252 212.27.53.252
    O17 – HKLMSystemCCSServicesTcpip..{F1DDA3B0-C859-4861-A065-0A7FFC66D371}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{4C904225-FC72-4DE1-89E7-ECB6474A5C08}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 – HKLMSystemCS1ServicesTcpip..{EA534E04-065C-4606-80AF-0E1542220AC9}: DhcpNameServer = 212.27.54.252 212.27.53.252
    O17 – HKLMSystemCS1ServicesTcpip..{F1DDA3B0-C859-4861-A065-0A7FFC66D371}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{7782A84B-31DC-44B2-AF9D-4452260CAE0F}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{EA534E04-065C-4606-80AF-0E1542220AC9}: DhcpNameServer = 212.27.54.252 212.27.53.252
    O17 – HKLMSystemCS2ServicesTcpip..{F1DDA3B0-C859-4861-A065-0A7FFC66D371}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS3ServicesTcpip..{7782A84B-31DC-44B2-AF9D-4452260CAE0F}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS3ServicesTcpip..{EA534E04-065C-4606-80AF-0E1542220AC9}: DhcpNameServer = 212.27.54.252 212.27.53.252
    O17 – HKLMSystemCS3ServicesTcpip..{F1DDA3B0-C859-4861-A065-0A7FFC66D371}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wia – {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation – WIA Scripting Layer.) — C:WINDOWSsystem32wiascr.dll
    O18 – Filter: text/webviewhtml – {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation – DLL commune du shell Windows.) — C:WINDOWSsystem32SHELL32.dll
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: crypt32chain . (.Microsoft Corporation – Crypto API32.) — C:WINDOWSsystem32crypt32.dll
    O20 – Winlogon Notify: cryptnet . (.Microsoft Corporation – Crypto Network Related API.) — C:WINDOWSsystem32cryptnet.dll
    O20 – Winlogon Notify: cscdll . (.Microsoft Corporation – Agent réseau hors connexion.) — C:WINDOWSsystem32cscdll.dll
    O20 – Winlogon Notify: dimsntfy . (.Microsoft Corporation – DIMS Notification Handler.) — C:WINDOWSsystem32dimsntfy.dll
    O20 – Winlogon Notify: ScCertProp . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: Schedule . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: sclgntfy . (.Microsoft Corporation – DLL secondaire de notification de service d.) — C:WINDOWSsystem32sclgntfy.dll
    O20 – Winlogon Notify: SensLogn . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32WlNotify.dll
    O20 – Winlogon Notify: termsrv . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: wlballoon . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Enumération Active Desktop & MHTML Editor (O24)
    O24 – Desktop General: BackupWallPaper – .(…) – C:Documents and SettingsUTILISATEURLocal SettingsApplication DataMicrosoftWallpaper1.bmp
    O24 – Desktop General: WallPaper – .(…) – C:Documents and SettingsUTILISATEURLocal SettingsApplication DataMicrosoftWallpaper1.bmp
    ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    O39 – APT: – (..) — C:WINDOWSTasksNotification de fin de service de Microsoft Windows XP -mensuellement.job [228]
    ~ Scheduled Task: 11 Legitimates Filtered in 00mn 00s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Digital Video – (…) [HKLM] — {C833C7B6-1140-471D-932B-391B5CA66D7D}
    O42 – Logiciel: PC Cleaners – (.PC Cleaners.) [HKCU] — PC Cleaners =>Rogue.PCCleanerPro
    O42 – Logiciel: Yahoo! Internet Mail – (…) [HKLM] — Yahoo! Mail
    ~ Logic: 25 Legitimates Filtered in 00mn 01s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareBI]
    [HKCUSoftwareBabSolution] =>Hijacker.BabSolution
    [HKCUSoftwareFileScout] =>PUP.FileScout
    [HKCUSoftwareInstallCore] =>Adware.InstallCore
    [HKCUSoftwarePartyFrance]
    [HKCUSoftwareSigel]
    [HKCUSoftwareSpeedItUp]
    [HKCUSoftwareYahooPartnerToolbar]
    [HKCUSoftwaref6d9dcbc6fe410] =>Hijacker.Eazel
    [HKCUSoftwareobj funk showteam]
    [HKLMSoftware685D6D1C-D73A-4F37-B7E5E53660311DDB]
    [HKLMSoftwareBabylon] =>PUP.Babylon
    [HKLMSoftwareSOSVirus]
    ~ Key Software: 242 Legitimates Filtered in 00mn 01s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 19/09/2009 – 13:10:24 – [] —-D C:Program FilesDigital Video
    O43 – CFD: 19/05/2013 – 15:34:42 – [] —-D C:Program FilesDomaIQ Uninstaller =>Adware.DomaIQ
    O43 – CFD: 24/04/2009 – 16:10:02 – [0] —-D C:Program FilesManager Setup Tons
    O43 – CFD: 17/09/2014 – 09:15:24 – [0] —-D C:Program FilesMyPC Backup =>PUP.MyPCBackup
    O43 – CFD: 19/04/2011 – 19:49:38 – [] —-D C:Program FilesPartyFrance
    O43 – CFD: 26/07/2014 – 13:17:30 – [] —-D C:Program FilesResource Kit
    O43 – CFD: 15/12/2014 – 10:36:17 – [0] —-D C:Program FilesSweetIM =>PUP.SweetIM
    O43 – CFD: 09/07/2011 – 08:20:00 – [0] —-D C:Program FilesTradeNetworks
    O43 – CFD: 07/01/2005 – 11:58:42 – [] —-D C:Program FilesTweak-XP Pro 3
    O43 – CFD: 10/07/2014 – 08:43:20 – [] —-D C:Documents and SettingsAll UsersApplication DataAPN
    O43 – CFD: 19/05/2013 – 14:45:21 – [0] —-D C:Documents and SettingsAll UsersApplication DataBabylon =>PUP.Babylon
    O43 – CFD: 20/10/2009 – 22:04:32 – [] —-D C:Documents and SettingsAll UsersApplication DataGrid Blue Memo Site
    O43 – CFD: 09/07/2011 – 08:37:06 – [] —-D C:Documents and SettingsAll UsersApplication DataTradeNetworks
    O43 – CFD: 26/07/2014 – 14:34:04 – [0] -SH-D C:Documents and SettingsAll UsersApplication Data{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
    O43 – CFD: 15/12/2014 – 10:36:16 – [0] —-D C:Documents and SettingsUTILISATEURApplication DataBabSolution =>Hijacker.BabSolution
    O43 – CFD: 19/05/2013 – 14:45:19 – [] —-D C:Documents and SettingsUTILISATEURApplication DataBabylon =>PUP.Babylon
    O43 – CFD: 20/10/2009 – 21:30:37 – [] —-D C:Documents and SettingsUTILISATEURApplication DataManager Setup Tons
    O43 – CFD: 09/07/2011 – 08:25:00 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataTradeNetworks_Ltd
    ~ Program Folder: 237 Legitimates Filtered in 00mn 08s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.D64A80B5EC3F5DA3558F907030D7785C] – 15/12/2014 – 09:13:03 —A- . (…) — C:WINDOWSwiaservc.log [50]
    O44 – LFC:[MD5.FA66A6B6F54F8315F38132D8796CEC3E] – 15/12/2014 – 09:13:04 —A- . (…) — C:WINDOWSwiadebug.log [159]
    O44 – LFC:[MD5.D1B9540CF911CB55F7A04B40F8AEA026] – 15/12/2014 – 10:31:46 —A- . (…) — C:malware.txt [20215]
    ~ Files: 16 Legitimates Filtered in 00mn 20s

    —\ Opérations et fonctions au démarrage de Windows Explorer (O46)
    O46 – SEH:ShellExecuteHooks – URL Exec Hook – {AEB6717E-7E19-11d0-97EE-00C04FD91972} – shell32.dll
    O46 – SEH:ShellExecuteHooks – Windows Desktop Search Namespace Manager – {56F9679E-7826-4C84-81F3-532071A8BCC5} – C:Program FilesWindows Desktop SearchMSNLNamespaceMgr.dll
    ~ ShellExecuteHooks: Scanned in 00mn 00s

    —\ Image File Execution Options (IFEO) (O50)
    O50 – IFEO:Image File Execution Options – Your Image File Name Here without a path – ntsd -d
    ~ IFEO: Scanned in 00mn 00s

    —\ Recherche d’infection sur les pilotes (HKLM)(TDSD) (O52)
    O52 – TDSD: Drivers32″VIDC.MJPG”=”mtkjpeg.dll” . (…) — C:WINDOWSsystem32mtkjpeg.dll
    ~ TDSD: 13 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregANIWZCS2Service [Key] . (.Alpha Networks Inc. – ANIWZCS2 launcher for Windows..) — C:Program FilesANIANIWZCS2 ServiceWZCSLDR2.exe
    ~ SMSR Keys: 4 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKCU…policiesExplorer] – “NoInstrumentation”=1
    ~ MWPE Keys: 7 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:29/03/2000 – 15:17:42 —A- . (…) — C:WINDOWSsystem32DriversASUSHWIO.SYS [5824]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.RAVISENT Technologies Inc. – Pilote principal CineMaster C 1.2 WDM.) — C:WINDOWSsystem32Driverscinemst2.sys [262528]
    O58 – SDL:03/11/2003 – 16:31:14 —A- . (.Accapella Ltd. – Video Capture Minidriver for Digital Camera.) — C:WINDOWSsystem32DriversCoachVc.sys [44256]
    O58 – SDL:23/01/2014 – 18:31:06 —A- . (.Devguru Co., Ltd – Device Error Recovery SDK(x86).) — C:WINDOWSsystem32Driversdgderdrv.sys [20032]
    O58 – SDL:13/04/2008 – 17:36:06 —A- . (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) — C:WINDOWSsystem32Drivershdaudbus.sys [144384]
    O58 – SDL:14/06/2007 – 14:29:08 —A- . (.PixArt Imaging Inc. – PAC7302.) — C:WINDOWSsystem32DriversPAC7302.SYS [457856]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.Parallel Technologies, Inc. – Parallel Technologies DirectParallel IO Library.) — C:WINDOWSsystem32Driversptilink.sys [17792]
    O58 – SDL:25/08/2013 – 10:30:48 —A- . (…) — C:WINDOWSsystem32DriversStarOpen.sys [13120]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.RAVISENT Technologies Inc. – CineMaster C WDM DVD Minidriver.) — C:WINDOWSsystem32Driversvdmindvd.sys [58112]
    O58 – SDL:09/11/2005 – 14:44:48 —A- . (.Alpha Networks Inc. – ANIO (NT5) Driver.) — C:WINDOWSsystem32ANIO.sys [24288]
    O58 – SDL:14/10/2004 – 09:29:16 —A- . (.ANI – ANIO (NDIS4) Driver.) — C:WINDOWSsystem32anio4.sys [11904]
    O58 – SDL:10/11/2005 – 06:13:00 —A- . (.Alpha Networks Inc. – ANIO (NT5) Driver.) — C:WINDOWSsystem32ANIO64.sys [50176]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ansi.sys [9037]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32country.sys [27097]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32himem.sys [4912]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32key01.sys [42809]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32keyboard.sys [42537]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos.sys [27916]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos404.sys [29146]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos411.sys [29370]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos412.sys [29274]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos804.sys [29146]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio.sys [34000]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio404.sys [34560]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio411.sys [35648]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio412.sys [35424]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio804.sys [34560]
    ~ Drivers: 57 Legitimates Filtered in 00mn 02s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 09/11/2005 – C:windowssystem32ANIO.sys (ANIO) .(.Alpha Networks Inc. – ANIO (NT5) Driver.) – LEGACY_ANIO
    ~ Legacy: 914 Legitimates Filtered in 00mn 02s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0939AB17-9F6C-4CD5-862D-A667486E9E29} – (Yahoo!) – http://fr.search.yahoo.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {9CB96984-43C3-4D44-90EF-01466EFCF7BB} [DefaultScope] – (Yahoo! (Avast)) – http://fr.search.yahoo.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.C439F625386EB58FA373A4EC101786BD] [SPRF][16/09/2014] (.PC Cleaners – PC Cleaner Pro.) — C:Documents and SettingsAll UsersApplication Datapclunst.exe [9414952] =>Rogue.PCCleanerPro
    [MD5.254FBCA565E049648B0CCE2CEADF05D2] [SPRF][19/07/2009] (…) — C:Documents and SettingsUTILISATEURApplication Datainst.exe [87608]
    [MD5.17C995AA808CEE87A0E49A4B02E423E6] [SPRF][02/09/2010] (…) — C:Documents and SettingsUTILISATEURBureaurevosetup.exe [2406288]
    ~ Files: 6 Legitimates Filtered in 00mn 07s

    —\ Export de clés de registre aléatoires (O91)
    [HKCUSoftwaref6d9dcbc6fe4102.6.1339.144upd]:=”upd=1″ =>Hijacker.Eazel
    [HKCUSoftwaref6d9dcbc6fe4102.6.1519.190upd]:=”upd=1″ =>Hijacker.Eazel
    [HKCUSoftwaref6d9dcbc6fe410history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:guid=”{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}” =>Hijacker.Eazel
    [HKCUSoftwaref6d9dcbc6fe410history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:version=”2.6.1249.132″ =>Hijacker.Eazel
    [HKCUSoftwaref6d9dcbc6fe410history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid=”{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}” =>Hijacker.Eazel
    [HKCUSoftwaref6d9dcbc6fe410history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:version=”2.6.1339.144″ =>Hijacker.Eazel
    [HKCUSoftwaref6d9dcbc6fe410] =>PUP.Babylon^
    ~ Export Key Software: Scanned in 00mn 00s

    —\ Recherche de clés de registre CLSID (O101)
    [HKCRCLSID{C11CBDA9-6702-469E-9CE1-64E3971A6B44}] (PC Antivirus Pro Web Protection BHO) =>PUP.WebProtect
    ~ BCK: 3501 Legitimates Filtered in 00mn 12s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 10/12/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:windowssystem32MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 19/10/2005 49152 | (ANIWZCSdService) . (.Alpha Networks Inc..) – C:Program FilesANIANIWZCS2 ServiceANIWZCSdS.exe
    SS – | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) – C:WINDOWSsystem32dmadmin.exe
    SS – | Disabled 13/09/2014 3079488 | (LMIRescue_24882919-0c02-4d63-8f5d-3c864251866e) . (.LogMeIn, Inc..) – C:Documents and SettingsUTILISATEURLocal SettingsApplication DataLogMeIn Rescue AppletLMIR0001.tmpLMI_Rescue_srv.exe
    SS – | Demand 09/12/2014 114800 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
    SS – | Auto 10/10/2005 131139 | (NVSvc) . (.NVIDIA Corporation.) – C:WINDOWSsystem32nvsvc32.exe
    SS – | Demand 19/05/2009 240512 | (SeaPort) . (.Microsoft Corporation.) – C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
    SR – | Auto 22/02/2008 104960 | (ACDaemon) . (.ArcSoft Inc..) – C:Program FilesFichiers communsArcSoftConnection ServiceBinACService.exe
    SR – | Auto 06/10/2014 187432 | (fshoster) . (.F-Secure Corporation.) – C:Program FilesSFR Sécuritéfshoster32.exe
    SR – | Auto 05/06/2014 93040 | (TomTomHOMEService) . (.TomTom.) – C:Program FilesTomTom HOME 2TomTomHOMEService.exe
    ~ Services: Scanned in 00mn 15s

    —\ Scan Additionnel (O88)
    Database Version : 13026 – (28/08/2014)
    Clés trouvées (Keys found) : 28
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 8
    Fichiers trouvés (Files found) : 8

    [HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallPC Cleaners] =>Rogue.PCCleanerPro^
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{00000000-6E41-4FD3-8538-502F5495E5FC}] =>Toolbar.AskTBar
    [HKLMSoftwareClassesTypeLib{11549FE4-7C5A-4C17-9FC3-56FC5162A994}] =>Toolbar.Agent
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{201f27d4-3704-41d6-89c1-aa35e39143ed}] =>Toolbar.Ask
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{201f27d4-3704-41d6-89c1-aa35e39143ed}] =>Toolbar.Ask
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{3041D03E-FD4B-44E0-B742-2D9B88305F98}] =>Adware.Bandoo
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{3041D03E-FD4B-44E0-B742-2D9B88305F98}] =>Adware.Bandoo
    [HKLMSoftwareClassesCLSID{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
    [HKLMSoftwareClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}] =>PUP.Whitesmoke
    [HKLMSoftwareClassesCLSID{826D7151-8D99-434B-8540-082B8C2AE556}] =>PUP.Babylon
    [HKLMSoftwareClassesCLSID{9AFB8248-617F-460D-9366-D71CDEDA3179}] =>PUP.Dealio
    [HKLMSoftwareMicrosoftInternet ExplorerSearchScopes{cf739809-1c6c-47c0-85b9-569dbb141420}] =>Toolbar.AskBarDis
    [HKCUSoftwarePartyFrance] =>Casino.OnlineGames
    [HKLMSoftwareClassesAppID{4D076AB4-7562-427A-B5D2-BD96E19DEE56}] =>PUP.Babylon
    [HKLMSoftwareClassesProd.cap] =>PUP.Babylon
    [HKCUSoftwareInstallCore] =>Adware.InstallCore
    [HKLMSoftwareClassesAppIDsecman.DLL] =>PUP.Babylon
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}] =>PUP.Babylon
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{280B5D37-4A76-467A-B3D6-942FCA90ACDE}] =>Worm.Vispat
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{280B5D37-4A76-467A-B3D6-942FCA90ACDE}] =>Worm.Vispat
    [HKCUSoftwareBI] =>Adware.MegaSearch
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{327C2873-E90D-4c37-AA9D-10AC9BABA46C}] =>Toolbar.EasyWebPrint
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{327C2873-E90D-4c37-AA9D-10AC9BABA46C}] =>Toolbar.EasyWebPrint
    [HKLMSoftwareClassesCLSID{327C2873-E90D-4c37-AA9D-10AC9BABA46C}] =>Toolbar.EasyWebPrint
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^
    C:Program FilesDomaIQ Uninstaller =>Adware.DomaIQ^
    C:Program FilesMyPC Backup =>PUP.MyPCBackup^
    C:Program FilesSweetIM =>PUP.SweetIM^
    C:Documents and SettingsAll UsersApplication DataBabylon =>PUP.Babylon^
    C:Documents and SettingsUTILISATEURApplication DataBabSolution =>Hijacker.BabSolution^
    C:Documents and SettingsUTILISATEURApplication DataBabylon =>PUP.Babylon^
    C:Program FilesSoftware =>Adware.Boxore
    C:Documents and SettingsUTILISATEURLocal SettingsApplication DataSoftware =>Adware.Boxore
    [HKCUSoftwareBabSolution] =>Hijacker.BabSolution^
    [HKCUSoftwareFileScout] =>PUP.FileScout^
    [HKLMSoftwareBabylon] =>PUP.Babylon^
    C:Documents and SettingsAll UsersApplication Datapclunst.exe =>Rogue.PCCleanerPro^
    [HKCUSoftwaref6d9dcbc6fe410history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1249.132]:guid=”{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}” =>Hijacker.Eazel^
    [HKCUSoftwaref6d9dcbc6fe410history{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}2.6.1339.144]:guid=”{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}” =>Hijacker.Eazel^
    [HKCUSoftwaref6d9dcbc6fe410] =>PUP.Babylon^^
    [HKCRCLSID{C11CBDA9-6702-469E-9CE1-64E3971A6B44}] (PC Antivirus Pro Web Protection BHO) =>PUP.WebProtect^
    ~ Additionnel Scan: 186776 Items scanned in 01mn 18s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/” onclick=”window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/” onclick=”window.open(this.href);return false; =>.Browser Helper Objects de navigateur (O2)
    ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/” onclick=”window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
    ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/” onclick=”window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
    ~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/” onclick=”window.open(this.href);return false; =>.Image File Execution Options (IFEO) (O50)
    ~ AMI: 5 Legitimates Filtered in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.fr/hijacker-babsolution” onclick=”window.open(this.href);return false; =>Hijacker.BabSolution
    http://nicolascoolman.fr/pup-filescout” onclick=”window.open(this.href);return false; =>PUP.FileScout
    http://nicolascoolman.fr/adware-installcore” onclick=”window.open(this.href);return false; =>Adware.InstallCore
    http://nicolascoolman.fr/hijacker-eazel” onclick=”window.open(this.href);return false; =>Hijacker.Eazel
    http://nicolascoolman.fr/pup-babylon” onclick=”window.open(this.href);return false; =>PUP.Babylon
    http://nicolascoolman.fr/adware-domaiq” onclick=”window.open(this.href);return false; =>Adware.DomaIQ
    http://nicolascoolman.fr/pup-mypcbackup” onclick=”window.open(this.href);return false; =>PUP.MyPCBackup
    http://nicolascoolman.fr/pup-sweetim” onclick=”window.open(this.href);return false; =>PUP.SweetIM
    http://nicolascoolman.fr/toolbar-ask” onclick=”window.open(this.href);return false; =>Toolbar.Ask
    http://nicolascoolman.fr/adware-bandoo” onclick=”window.open(this.href);return false; =>Adware.Bandoo
    http://nicolascoolman.fr/pup-whitesmoke” onclick=”window.open(this.href);return false; =>PUP.Whitesmoke
    http://nicolascoolman.fr/pup-dealio” onclick=”window.open(this.href);return false; =>PUP.Dealio
    http://nicolascoolman.fr/adware-megasearch” onclick=”window.open(this.href);return false; =>Adware.MegaSearch
    http://nicolascoolman.fr/adware-boxore” onclick=”window.open(this.href);return false; =>Adware.Boxore
    ~ MSI: 14 link(s) detected in 00mn 00s

    ~ 1680 Legitimates filtered by white list
    End of the scan (542 lines in 03mn 03s)(0)

    Evasion60Evasion60
    Participant
    Nombre d'articles : 1559

    :hello: Bonsoir Sandrine

    /! Dans un premier temps, saches que Windows XP Home & Pro sont obsolètes, et plus tenus à jour, via Microsoft ! :(

    /! Merci de bien suivre les tutos d’Aides, car tu ne tiens compte de rien =>
    – AdwCleaner a juste été passé en mode Recherche
    – MBAM, aucune sélection trouvée a été mise en quarantine
    – ZHPDiag n’est pas en mode Complet

    1/
    Relance AdwCleaner
    Clique sur le bouton Nettoyer
    Poste son rapport

    2/
    Relance MalwareBytes AM
    Mettre tout en quarantine comme demandé dans le tuto d’Aide proposé
    Poste son rapport

    3/
    Supprime le fichier de rapport ZHPDiag.txt présent sur ton Bureau
    Vide ta corbeille

    Relance ZHPDiag en mode Complet
    Héberge son nouveau rapport aussi

    ;)

    whynot
    Participant
    Nombre d'articles : 16

    bonjour merci d’avoir pris le temps de me répondre ci joint adwcleaner
    # AdwCleaner v4.105 – Rapport créé le 15/12/2014 à 20:40:40
    # Mis à jour le 08/12/2014 par Xplode
    # Database : 2014-12-13.4 [Live]
    # Système d’exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
    # Nom d’utilisateur : UTILISATEUR – UTILISAT-449851
    # Exécuté depuis : C:Documents and SettingsUTILISATEURMes documentsTéléchargementsAdwCleaner-4.1.0.5.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:Documents and SettingsAll UsersApplication Dataapn
    Dossier Supprimé : C:Documents and SettingsAll UsersApplication DataBabylon
    Dossier Supprimé : C:Documents and SettingsAll UsersApplication DataWinMaximizer
    Dossier Supprimé : C:Documents and SettingsAll UsersApplication DataYahoo! Companion
    Dossier Supprimé : C:Program FilesDomaIQ Uninstaller
    Dossier Supprimé : C:Program FilesMyPC Backup
    Dossier Supprimé : C:Program Filesregistry mechanic
    Dossier Supprimé : C:Program FilesSweetIM
    Dossier Supprimé : C:Program FilesSoftware
    Dossier Supprimé : C:windowssystem32BrowserProtect
    Dossier Supprimé : C:Documents and SettingsUTILISATEURLocal SettingsApplication DataSoftware
    Dossier Supprimé : C:Documents and SettingsUTILISATEURApplication DataBabSolution
    Dossier Supprimé : C:Documents and SettingsUTILISATEURApplication DataBabylon
    Dossier Supprimé : C:Documents and SettingsUTILISATEURApplication DataDSite
    Fichier Supprimé : C:windowssystem32roboot.exe
    Fichier Supprimé : C:Documents and SettingsUTILISATEURApplication DataMozillaFirefoxProfilesf08gypgk.defaultuser.js
    Fichier Supprimé : C:Documents and SettingsUTILISATEURApplication DataMozillaFirefoxProfilesf6ze2k3r.default-1408001852015user.js

    ***** [ Tâches planifiées ] *****

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    Clé Supprimée : HKLMSOFTWAREClassesAppIDsecman.DLL
    Clé Supprimée : HKLMSOFTWAREClassesProd.cap
    Clé Supprimée : HKLMSOFTWAREClassessecman.OutlookSecurityManager
    Clé Supprimée : HKLMSOFTWAREClassessecman.OutlookSecurityManager.1
    Clé Supprimée : HKCUSoftwaref6d9dcbc6fe410
    Clé Supprimée : HKLMSOFTWAREClassesAppID{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{826D7151-8D99-434B-8540-082B8C2AE556}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Clé Supprimée : HKLMSOFTWAREClassesCLSID{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Clé Supprimée : HKLMSOFTWAREClassesInterface{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Clé Supprimée : HKLMSOFTWAREClassesTypeLib{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{00000000-6E41-4FD3-8538-502F5495E5FC}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{201F27D4-3704-41D6-89C1-AA35E39143ED}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{EEE6C35B-6118-11DC-9C72-001320C79847}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{0055C089-8582-441B-A0BF-17B458C2A3A8}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{201F27D4-3704-41D6-89C1-AA35E39143ED}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{3041D03E-FD4B-44E0-B742-2D9B88305F98}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{EEE6C35B-6118-11DC-9C72-001320C79847}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{0055C089-8582-441B-A0BF-17B458C2A3A8}
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExtPreApproved{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Valeur Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]
    Valeur Supprimée : HKCUSoftwareMicrosoftInternet ExplorerToolbarWebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
    Clé Supprimée : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{CF739809-1C6C-47C0-85B9-569DBB141420}
    Clé Supprimée : HKCUSoftwareBABSOLUTION
    Clé Supprimée : HKCUSoftwareBI
    Clé Supprimée : HKCUSoftwarefilescout
    Clé Supprimée : HKCUSoftwareInstallCore
    Clé Supprimée : HKCUSoftwareYahooPartnerToolbar
    Clé Supprimée : HKCUSoftwareSpeeditUp
    Clé Supprimée : HKLMSOFTWAREBabylon
    Clé Supprimée : HKLMSOFTWAREUniblue
    Clé Supprimée : HKCUSoftwareMicrosoftWindowsCurrentVersionApp ManagementARPCacheDSite
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheMyPC Backup
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionApp ManagementARPCacheYahoo! Companion
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18ComponentsCA0054A5AB3EFFE4CB5660E44A1E7DCC
    Clé Supprimée : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsSoftwareUpdate.exe

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v8.0.6001.18702

    -\ Mozilla Firefox v34.0.5 (x86 fr)

    [f08gypgk.defaultprefs.js] – Ligne Supprimée : user_pref(“browser.search.selectedEngine”, “Astromenda”);
    [f6ze2k3r.default-1408001852015prefs.js] – Ligne Supprimée : user_pref(“extensions.astrmndasr.hmpgUrl”, “hxxp://astromenda.com/?f=1&a=ast_tele_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzyyD0B0C0AtD0FyCtAzz0Czz0AtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytD[…]
    [f6ze2k3r.default-1408001852015prefs.js] – Ligne Supprimée : user_pref(“extensions.astrmndasr.newTabUrl”, “hxxp://astromenda.com/?f=2&a=ast_tele_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzyyD0B0C0AtD0FyCtAzz0Czz0AtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzy[…]
    [f6ze2k3r.default-1408001852015prefs.js] – Ligne Supprimée : user_pref(“extensions.astrmndasr.prtnrId”, “WSE_Astromenda”);
    [f6ze2k3r.default-1408001852015prefs.js] – Ligne Supprimée : user_pref(“extensions.astrmndasr.srchPrvdr”, “Astromenda”);
    [f6ze2k3r.default-1408001852015prefs.js] – Ligne Supprimée : user_pref(“extensions.astrmndasr.tlbrSrchUrl”, “hxxp://astromenda.com/?f=3&a=ast_tele_14_43_ff&cd=2XzuyEtN2Y1L1QzutDtDtCzyyD0B0C0AtD0FyCtAzz0Czz0AtN0D0Tzu0StCtDtBzytN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtB[…]

    *************************

    AdwCleaner[R0].txt – [10333 octets] – [15/12/2014 09:36:23]
    AdwCleaner[R1].txt – [8150 octets] – [15/12/2014 20:24:42]
    AdwCleaner[R2].txt – [8210 octets] – [15/12/2014 20:30:39]
    AdwCleaner[S0].txt – [7934 octets] – [15/12/2014 20:40:40]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [7994 octets] ##########

    Evasion60Evasion60
    Participant
    Nombre d'articles : 1559

    :hello: Bonsoir

    /! Ok avec ADWC

    La suite, STP !
    MalwareBytes AM & ZHPDiag

    :)

    whynot
    Participant
    Nombre d'articles : 16

    bonsoir ci après ZHP Diag par contre malwarebyte j’ai supprimer ce qui y avais en quarantaine je suis désolé

    ~ Rapport de ZHPDiag v2014.8.28.125 – Nicolas Coolman (28/08/2014)
    ~ Lancé par UTILISATEUR (16/12/2014 14:08:55)
    ~ Adresse du Site Web http://nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Adresse du Forum http://forum.nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Nouvelle version disponible
    ~ Liste blanche : Désactivée par l’utilisateur
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Not Found

    —\ Navigateurs Internet
    MSIE: Internet Explorer v8.0.6001.18702
    MFIE: Mozilla Firefox 34.0.5 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
    Windows Automatic Updates : OK
    Windows Genuine Advantage : OK

    —\ Logiciels de protection du système
    SFR Sécurité v2.21.282.0
    Malwarebytes’ Anti-Malware
    Malwarebytes Anti-Malware version 2.0.4.1028
    Microsoft Security Client FR-FR Language Pack v2.1.1116.0

    —\ Logiciels d’optimisation du système
    CCleaner v4.19

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 16 NPAPI
    Adobe Reader X

    —\ Informations sur le système
    ~ Processor: x86 Family 15 Model 79 Stepping 2, AuthenticAMD
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 447 MB (11% free)
    System Restore: Activé (Enable)
    System drive C: has 52 GB (68%) free of 76 GB

    —\ Mode de connexion au système
    ~ Computer Name: UTILISAT-449851
    ~ User Name: UTILISATEUR
    ~ All Users Names: UTILISATEUR, SUPPORT_388945a0, HelpAssistant, ASPNET, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:Documents and SettingsUTILISATEURApplication DataZHP
    ~ %AppData% : C:Documents and SettingsUTILISATEURApplication Data
    ~ %Desktop% : C:Documents and SettingsUTILISATEURBureau
    ~ %Favorites% : C:Documents and SettingsUTILISATEURFavoris
    ~ %LocalAppData% : C:Documents and SettingsUTILISATEURLocal SettingsApplication Data
    ~ %StartMenu% : C:Documents and SettingsUTILISATEURMenu Démarrer
    ~ %Windir% : C:WINDOWS
    ~ %System% : C:WINDOWSsystem32

    —\ Enumération des unités disques
    A: Floppy drive, Flash card reader, USB Key (Not Inserted)
    C: Hard drive, Flash drive, Thumb drive (Free 52 Go of 76 Go)
    D: CD-ROM drive (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations] Application: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations] Intl: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations] XMLLookup: OK
    [HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] Shell: OK
    [HKCUSOFTWAREMicrosoftWindows NTCurrentVersionWindows] Load: OK
    [HKLMSYSTEMCurrentControlSetServicesCOMSysApp] Type: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall] LastSuccessTime : OK
    ~ Security Center: 45 Scanned in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] – (.Microsoft Corporation – Explorateur Windows.) (.14/04/2008 – 03:34:03.) — C:WINDOWSExplorer.exe [1037824]
    [MD5.E1948B1F45A176FB4A0251446A5AE86D] – (.Microsoft Corporation – Internet Extensions for Win32.) (.06/03/2014 – 18:58:52.) — C:WINDOWSsystem32wininet.dll [920064]
    [MD5.DD73D6B9F6B4CB630CF35B438B540174] – (.Microsoft Corporation – Application d’ouverture de session Windows NT.) (.14/04/2008 – 03:34:28.) — C:WINDOWSsystem32Winlogon.exe [512000]
    [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.17/08/2011 – 14:49:54.) — C:WINDOWSsystem32DriversAFD.sys [138496]
    [MD5.9F3A2F5AA6875C72BF062C712CFA2674] – (.Microsoft Corporation – IDE/ATAPI Port Driver.) (.13/04/2008 – 19:40:30.) — C:WINDOWSsystem32Driversatapi.sys [96512]
    [MD5.C885B02847F5D2FD45A24E219ED93B32] – (.Microsoft Corporation – CD-ROM File System Driver.) (.13/04/2008 – 20:14:21.) — C:WINDOWSsystem32DriversCdfs.sys [63744]
    [MD5.1F4260CC5B42272D71F79E570A27A4FE] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.13/04/2008 – 19:40:46.) — C:WINDOWSsystem32DriversCdrom.sys [62976]
    [MD5.31F923EB2170FC172C81ABDA0045D18C] – (.Microsoft Corporation – Pilote de cryptographie FIPS.) (.14/04/2008 – 02:57:38.) — C:WINDOWSsystem32DriversFips.sys [44672]
    [MD5.573C7D0A32852B48F3058CFD8026F511] – (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) (.13/04/2008 – 17:36:06.) — C:WINDOWSsystem32DriversHDAudBus.sys [144384]
    [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] – (.Microsoft Corporation – Pilote de port i8042.) (.14/04/2008 – 03:00:52.) — C:WINDOWSsystem32Driversi8042prt.sys [54144]
    [MD5.083A052659F5310DD8B6A6CB05EDCF8E] – (.Microsoft Corporation – IMAPI Kernel Driver.) (.13/04/2008 – 19:40:58.) — C:WINDOWSsystem32DriversImapi.sys [42112]
    [MD5.CC748EA12C6EFFDE940EE98098BF96BB] – (.Microsoft Corporation – IP Network Address Translator.) (.13/04/2008 – 19:57:15.) — C:WINDOWSsystem32DriversIpNat.sys [152832]
    [MD5.23C74D75E36E7158768DD63D92789A91] – (.Microsoft Corporation – IPSec Driver.) (.13/04/2008 – 20:19:42.) — C:WINDOWSsystem32DriversIPSec.sys [75264]
    [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.15/07/2011 – 14:29:31.) — C:WINDOWSsystem32DriversMRxSmb.sys [456320]
    [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] – (.Microsoft Corporation – MBT Transport driver.) (.13/04/2008 – 20:21:00.) — C:WINDOWSsystem32DriversnetBT.sys [162816]
    [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] – (.Microsoft Corporation – NT File System Driver.) (.13/04/2008 – 20:15:53.) — C:WINDOWSsystem32Driversntfs.sys [574976]
    [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/04/2008 – 03:09:40.) — C:WINDOWSsystem32DriversParport.sys [80384]
    [MD5.11B4A627BC9614B885C4969BFA5FF8A6] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.13/04/2008 – 20:19:43.) — C:WINDOWSsystem32DriversRasl2tp.sys [51328]
    [MD5.15CABD0F7C00C47C70124907916AF3F1] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.13/04/2008 – 19:32:52.) — C:WINDOWSsystem32Driversrdpdr.sys [196224]
    [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] – (.Microsoft Corporation – Pilote de filtre audio Livre rouge.) (.14/04/2008 – 02:57:34.) — C:WINDOWSsystem32Driversredbook.sys [58752]
    [MD5.46DE1126684369BACE4849E4FC8C43CA] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.14/04/2008 – 02:56:04.) — C:WINDOWSsystem32Driversvolsnap.sys [53376]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 2/962
    ~ Mes musiques (My Musics) : 1/241
    ~ Mes Videos (My Videos) : 1/93
    ~ Mes Favoris (My Favorites) : 1/98
    ~ Mes Documents (My Documents) : 1/420
    ~ Mon Bureau (My Desktop) : 0/1661
    ~ Menu demarrer (Programs) : 1/25
    ~ Hidden Files: Scanned in 00mn 09s

    —\ Processus lancés
    [MD5.288069F15E1C7498A5E7A2FBE2E8A70A] – (.ArcSoft Inc. – ArcSoft Connect Service.) — C:Program FilesFichiers communsArcSoftConnection ServiceBinACService.exe [104960] [PID.684]
    [MD5.CB7B56F9DB8B297972320DE2B1F2E6AA] – (.F-Secure Corporation – F-Secure Host Process.) — C:Program FilesSFR Sécuritéfshoster32.exe [187432] [PID.780]
    [MD5.0A03E85A641F2672796D34F506066594] – (.TomTom – Windows Service for TomTom HOME.) — C:Program FilesTomTom HOME 2TomTomHOMEService.exe [93040] [PID.288]
    [MD5.947835240308F523C9D980C89D35E76D] – (.Piriform Ltd – CCleaner.) — C:Program FilesCCleanerCCleaner.exe [4825880] [PID.4020]
    [MD5.2E0B0A051FFAA86E358465BB0880D453] – (.Microsoft Corporation – Windows Update.) — C:windowssystem32wuauclt.exe [53784] [PID.1096]
    [MD5.3C13F26A4766752314A5413038BD86B4] – (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:Program FilesMalwarebytes Anti-Malwarembam.exe [7229752] [PID.1692]
    [MD5.DADDD62BEDC91BC96CFC794A2CA0D94A] – (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe [337520] [PID.2512]
    [MD5.33BF80A2291C54DC7D7601CDEF63138E] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8099328] [PID.3716]
    [MD5.FEE2BA1AD38F457F418E82EA30724053] – (.Microsoft Corporation – Microsoft Feeds Synchronization.) — C:windowssystem32msfeedssync.exe [13312] [PID.2980]
    ~ Processes Running: Scanned in 00mn 02s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:Documents and SettingsUTILISATEURApplication DataMozillaFirefoxProfilesf08gypgk.defaultprefs.js
    C:Documents and SettingsUTILISATEURApplication DataMozillaFirefoxProfilesf6ze2k3r.default-1408001852015prefs.js
    M0 – MFSP: prefs.js [UTILISATEUR – f6ze2k3r.default-1408001852015] http://fr.yahoo.com” onclick=”window.open(this.href);return false;
    M2 – MFEP: prefs.js [UTILISATEUR – f08gypgk.defaultabs@avira.com] [] Avira Browser Safety v1.4.0 (..)
    P2 – FPN: [HKLM] [@adobe.com/FlashPlayer] – (…) — C:windowssystem32MacromedFlashNPSWF32_16_0_0_235.dll
    P2 – FPN: [HKLM] [@adobe.com/ShockwavePlayer] – (.Adobe Systems, Inc. – Adobe Shockwave for Director Netscape plug-in, version 12.1.3.153.) — C:windowssystem32AdobeDirectornp32dsw_1213153.dll
    P2 – FPN: [HKLM] [@microsoft.com/WPF,version=3.5] – (.Microsoft Corporation – Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll
    P2 – FPN: [HKLM] [@videolan.org/vlc,version=2.1.3] – (.VideoLAN – VLC media player Web Plugin 2.1.3.) — C:Program FilesVideoLANVLCnpvlc.dll =>.VideoLAN
    P2 – FPN: [HKLM] [@videolan.org/vlc,version=2.1.5] – (.VideoLAN – VLC media player Web Plugin 2.1.3.) — C:Program FilesVideoLANVLCnpvlc.dll =>.VideoLAN
    P2 – FPN: [HKLM] [Adobe Reader] – (.Adobe Systems Inc. – Adobe PDF Plug-In For Firefox and Netscape 10.1.9.) — C:Program FilesAdobeReader 10.0ReaderAIRnppdf32.dll
    ~ Firefox Browser: 9 Scanned in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://fr.yahoo.com” onclick=”window.open(this.href);return false;
    R0 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com” onclick=”window.open(this.href);return false;
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://fr.search.yahoo.com” onclick=”window.open(this.href);return false;
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Bar = http://fr.yahoo.com” onclick=”window.open(this.href);return false;
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com” onclick=”window.open(this.href);return false;
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com” onclick=”window.open(this.href);return false;
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Extensions Off Page = about:noadd-ons
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Security Risk Page = about:securityrisk
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com” onclick=”window.open(this.href);return false;
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerAboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm” onclick=”window.open(this.href);return false;
    R3 – URLSearchHook: Microsoft Url Search Hook – {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. – Adobe PDF Plug-In For Firefox and Netscape 10.1.9.) (No version) — (.not file.)
    R4 – HKLMSOFTWAREMicrosoftInternet ExplorerPhishingFilter,EnabledV8 = 0
    R4 – HKCUSOFTWAREMicrosoftInternet ExplorerPhishingFilter,Enabled = 2
    ~ IE Browser: 13 Scanned in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    R5 – HKLMSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKLMSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:windowsSystem32Userinit.exe,
    F2 – REG:system.ini: Shell=C:WINDOWSexplorer.exe
    F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hôte est sain (The hosts file is clean) (20)
    ~ Hosts File: Scanned in 00mn 00s

    —\ Browser Helper Objects de navigateur (O2)
    O2 – BHO: e-Carte Bleue Browser Helper Object – {2E03C0FD-4C48-43A7-9A54-00240C70FF16} . (.Orbiscom Ltd. All rights reserved. – e-Carte Bleue.) — C:WINDOWSsystem32BhoECart.dll
    O2 – BHO: Search Helper – {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corporation – Search Helper for Internet Explorer.) — C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll
    ~ BHO: 4 Scanned in 00mn 00s

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: (no name) – [HKCU]{1E796980-9CC5-11D1-A83F-00C04FC99D61} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{41564952-412D-5637-4300-7A786E7484D7} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{F2CF5485-4E02-4F68-819C-B92DE9277049} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{41564952-412D-5350-00A7-7A786E7484D7} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesQuickTimeqttask.exe
    O4 – HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
    O4 – HKCU..Run: [ctfmon.exe] . (.Microsoft Corporation – CTF Loader.) — C:windowssystem32ctfmon.exe
    O4 – HKCU..Run: [CCleaner Monitoring] . (.Piriform Ltd – CCleaner.) — C:Program FilesCCleanerCCleaner.exe =>.Piriform Ltd
    O4 – HKCU..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-20..Run: [CTFMON.EXE] . (.Microsoft Corporation – CTF Loader.) — C:WINDOWSsystem32CTFMON.exe
    O4 – HKUSS-1-5-21-1935655697-261478967-725345543-1004..Run: [ctfmon.exe] . (.Microsoft Corporation – CTF Loader.) — C:windowssystem32ctfmon.exe
    O4 – HKUSS-1-5-21-1935655697-261478967-725345543-1004..Run: [CCleaner Monitoring] . (.Piriform Ltd – CCleaner.) — C:Program FilesCCleanerCCleaner.exe =>.Piriform Ltd
    O4 – HKUSS-1-5-21-1935655697-261478967-725345543-1004..Run: [WMPNSCFG] . (.Microsoft Corporation – Application de configuration du service Par.) — C:Program FilesWindows Media PlayerWMPNSCFG.exe =>.Microsoft Corporation
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} — Clé orpheline
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Winsock hijacker (Layered Service Provider) (O10)
    O10 – WLSP:00000000001Winsock LSP File . (.Microsoft Corporation – Fournisseur de service Sockets 2.0 de Microsoft Windows.) — C:windowssystem32mswsock.dll =>.Microsoft Corporation
    O10 – WLSP:00000000002Winsock LSP File . (.Microsoft Corporation – LDAP RnR Provider DLL.) — C:windowssystem32winrnr.dll
    O10 – WLSP:00000000003Winsock LSP File . (.Microsoft Corporation – Fournisseur de service Sockets 2.0 de Microsoft Windows.) — C:windowssystem32mswsock.dll =>.Microsoft Corporation
    ~ Winsock: 3 Scanned in 00mn 00s

    —\ Objets ActiveX (Downloaded Program Files)(O16)
    O16 – DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} – ((no name)) – (.not file.) – C:Program FilesYahoo!CommonYinsthelper.dll
    O16 – DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} ((no name)) – http://download.divx.com/player/DivXBrowserPlugin.cab” onclick=”window.open(this.href);return false;
    O16 – DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) – http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab” onclick=”window.open(this.href);return false;
    O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) – http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab” onclick=”window.open(this.href);return false;
    ~ Objets ActiveX: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{7782A84B-31DC-44B2-AF9D-4452260CAE0F}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{EA534E04-065C-4606-80AF-0E1542220AC9}: DhcpNameServer = 212.27.54.252 212.27.53.252
    O17 – HKLMSystemCCSServicesTcpip..{F1DDA3B0-C859-4861-A065-0A7FFC66D371}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{4C904225-FC72-4DE1-89E7-ECB6474A5C08}: DhcpNameServer = 212.27.40.240 212.27.40.241
    O17 – HKLMSystemCS1ServicesTcpip..{EA534E04-065C-4606-80AF-0E1542220AC9}: DhcpNameServer = 212.27.54.252 212.27.53.252
    O17 – HKLMSystemCS1ServicesTcpip..{F1DDA3B0-C859-4861-A065-0A7FFC66D371}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{7782A84B-31DC-44B2-AF9D-4452260CAE0F}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{EA534E04-065C-4606-80AF-0E1542220AC9}: DhcpNameServer = 212.27.54.252 212.27.53.252
    O17 – HKLMSystemCS2ServicesTcpip..{F1DDA3B0-C859-4861-A065-0A7FFC66D371}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS3ServicesTcpip..{7782A84B-31DC-44B2-AF9D-4452260CAE0F}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS3ServicesTcpip..{EA534E04-065C-4606-80AF-0E1542220AC9}: DhcpNameServer = 212.27.54.252 212.27.53.252
    O17 – HKLMSystemCS3ServicesTcpip..{F1DDA3B0-C859-4861-A065-0A7FFC66D371}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 01s

    —\ Protocole additionnel (O18)
    O18 – Handler: wia – {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation – WIA Scripting Layer.) — C:WINDOWSsystem32wiascr.dll
    O18 – Filter: text/webviewhtml – {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation – DLL commune du shell Windows.) — C:WINDOWSsystem32SHELL32.dll
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: crypt32chain . (.Microsoft Corporation – Crypto API32.) — C:WINDOWSsystem32crypt32.dll
    O20 – Winlogon Notify: cryptnet . (.Microsoft Corporation – Crypto Network Related API.) — C:WINDOWSsystem32cryptnet.dll
    O20 – Winlogon Notify: cscdll . (.Microsoft Corporation – Agent réseau hors connexion.) — C:WINDOWSsystem32cscdll.dll
    O20 – Winlogon Notify: dimsntfy . (.Microsoft Corporation – DIMS Notification Handler.) — C:WINDOWSsystem32dimsntfy.dll
    O20 – Winlogon Notify: ScCertProp . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: Schedule . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: sclgntfy . (.Microsoft Corporation – DLL secondaire de notification de service d.) — C:WINDOWSsystem32sclgntfy.dll
    O20 – Winlogon Notify: SensLogn . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32WlNotify.dll
    O20 – Winlogon Notify: termsrv . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    O20 – Winlogon Notify: wlballoon . (.Microsoft Corporation – DLL commune de réception des notifications.) — C:WINDOWSsystem32wlnotify.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
    O21 – SSODL: PostBootReminder – {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation – DLL commune du shell Windows.) — C:WINDOWSsystem32SHELL32.dll
    O21 – SSODL: CDBurn – {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation – DLL commune du shell Windows.) — C:WINDOWSsystem32SHELL32.dll
    O21 – SSODL: WebCheck – {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation – Web Site Monitor.) — C:windowssystem32webcheck.dll
    O21 – SSODL: SysTray – {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation – Objet du service d’environnement Systray.) — C:WINDOWSsystem32stobject.dll
    O21 – SSODL: WPDShServiceObj – {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation – Windows Portable Device Shell Service Objec.) — C:WINDOWSsystem32WPDShServiceObj.dll
    ~ SSODL: 5 Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: ArcSoft Connect Daemon (ACDaemon) . (.ArcSoft Inc. – ArcSoft Connect Service.) – C:Program FilesFichiers communsArcSoftConnection ServiceBinACService.exe
    O23 – Service: F-Secure Dll Hoster (fshoster) . (.F-Secure Corporation – F-Secure Host Process.) – C:Program FilesSFR Sécuritéfshoster32.exe
    O23 – Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation – NVIDIA Driver Helper Service, Version 81.85.) – C:WINDOWSsystem32nvsvc32.exe
    O23 – Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom – Windows Service for TomTom HOME.) – C:Program FilesTomTom HOME 2TomTomHOMEService.exe
    ~ Services: 4 Scanned in 00mn 04s

    —\ Enumération Active Desktop & MHTML Editor (O24)
    O24 – Default MHTML Editor: Last – .(…) – (.not file.)
    O24 – Desktop General: BackupWallPaper – .(…) – C:Documents and SettingsUTILISATEURLocal SettingsApplication DataMicrosoftWallpaper1.bmp
    O24 – Desktop General: WallPaper – .(…) – C:Documents and SettingsUTILISATEURLocal SettingsApplication DataMicrosoftWallpaper1.bmp
    ~ Desktop Component: 4 Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    O39 – APT: – (..) — C:WINDOWSTasksAdobe Flash Player Updater.job [1002]
    O39 – APT: – (..) — C:WINDOWSTasksNotification de fin de service de Microsoft Windows XP -mensuellement.job [228]
    O39 – APT: – (..) — C:WINDOWSTasksRealDownloaderDownloaderScheduledTaskS-1-5-21-1935655697-261478967-725345543-1004.job [338]
    O39 – APT: – (..) — C:WINDOWSTasksRealDownloaderRealUpgradeLogonTaskS-1-5-21-1935655697-261478967-725345543-1004.job [312]
    O39 – APT: – (..) — C:WINDOWSTasksRealDownloaderRealUpgradeScheduledTaskS-1-5-21-1935655697-261478967-725345543-1004.job [320]
    O39 – APT: – (..) — C:WINDOWSTasksRealPlayerRealUpgradeLogonTaskS-1-5-21-1935655697-261478967-725345543-1004.job [290]
    O39 – APT: – (..) — C:WINDOWSTasksRealPlayerRealUpgradeScheduledTaskS-1-5-21-1935655697-261478967-725345543-1004.job [298]
    O39 – APT: APT: – (..) — C:WINDOWSTasksRealDownloaderRealUpgradeLogonTaskS-1-5-21-1935655697-261478967-725345543-1004.job [312] – (..) — C:WINDOWSTasksRealUpgradeLogonTaskS-1-5-21-1935655697-261478967-725345543-1004.job [290]
    O39 – APT: APT: – (..) — C:WINDOWSTasksRealDownloaderRealUpgradeScheduledTaskS-1-5-21-1935655697-261478967-725345543-1004.job [320] – (..) — C:WINDOWSTasksRealUpgradeScheduledTaskS-1-5-21-1935655697-261478967-725345543-1004.job [298]
    O39 – APT: – (..) — C:WINDOWSTasksUser_Feed_Synchronization-{69E32961-E86E-4AE3-ADD0-159BACBC9AFF}.job [434]
    O39 – APT: – (..) — C:WINDOWSTasksUser_Feed_Synchronization-{FC660AB2-8564-4557-9EBF-60FA6E95D004}.job [444]
    ~ Scheduled Task: 11 Scanned in 00mn 00s

    —\ Composants installés (ActiveSetup Installed Components) (O40)
    O40 – ASIC: Mise à jour de la version d’Internet Explorer – <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} . (.Microsoft Corporation – IE Per User Active Setup Uninstall Utility.) — C:windowssystem32ieudinit.exe
    O40 – ASIC: Microsoft Windows Media Player – >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation – Utilitaire d’installation du Lecteur Windows Media de Microsoft.) — C:WINDOWSinfunregmp2.exe =>.Microsoft Corporation
    O40 – ASIC: Internet Explorer – >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation – Utilitaire d’initialisation d’Internet Explorer par utilisateur.) — C:windowssystem32ie4uinit.exe.mui
    O40 – ASIC: Browser Customizations – >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation – IEAK branding.) — C:windowssystem32iedkcs32.dll
    O40 – ASIC: Outlook Express – >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} . (.Microsoft Corporation – Windows NT User Data Migration Tool.) — C:WINDOWSsystem32shmgrate.exe =>.Microsoft Corporation
    O40 – ASIC: Macromedia Shockwave Director 8.0 – {166B1BCA-3F9C-11CF-8075-444553540000} . (.Adobe Systems, Inc. – Shockwave ActiveX Control.) — C:windowssystem32AdobeDirectorSwDir_1213153.dll
    O40 – ASIC: Microsoft NetShow Player – {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} . (.Microsoft Corporation – Windows Media Player Extension.) — C:WINDOWSsystem32wmpdxm.dll =>.Microsoft Corporation
    O40 – ASIC: Microsoft Windows Media Player 6.4 – {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation – Windows Media Player Extension.) — C:WINDOWSsystem32wmpdxm.dll =>.Microsoft Corporation
    O40 – ASIC: Themes Setup – {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation – API Windows Theme.) — C:WINDOWSsystem32themeui.dll
    O40 – ASIC: Microsoft Outlook Express 6 – {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation – Bibliothèque d’installation Outlook Express.) — C:Program FilesOutlook Expresssetup50.exe =>.Microsoft Corporation
    O40 – ASIC: NetMeeting 3.01 – {44BBA842-CC51-11CF-AAFA-00AA00B6015B} . (…) — C:WINDOWSINFmsnetmtg.inf
    O40 – ASIC: Windows Messenger 4.7 – {5945c046-1e7d-11d1-bc44-00c04fd912be} . (…) — C:WINDOWSINFmsmsgs.inf
    O40 – ASIC: Browsing Enhancements – {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation – Extension Shell dossier FTP Microsoft Internet Explorer..) — C:WINDOWSsystem32msieftp.dll
    O40 – ASIC: Microsoft Windows Media Player – {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (…) — C:WINDOWSINFwmp11.inf =>.Microsoft Corporation
    O40 – ASIC: Carnet d’adresses 6 – {7790769C-0471-11d2-AF11-00C04FA35D02} . (.Microsoft Corporation – Bibliothèque d’installation Outlook Express.) — C:Program FilesOutlook Expresssetup50.exe =>.Microsoft Corporation
    O40 – ASIC: Mise à jour du Bureau Windows – {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation – DLL commune du shell Windows.) — C:WINDOWSsystem32shell32.dll
    O40 – ASIC: Internet Explorer – {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation – Utilitaire d’initialisation d’Internet Explorer par utilisateur.) — C:windowssystem32ie4uinit.exe.mui
    O40 – ASIC: (no name) – {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation – Microsoft .NET IE SECURITY REGISTRATION.) — c:windowssystem32mscories.dll
    O40 – ASIC: Adobe Flash Player – {D27CDB6E-AE6D-11cf-96B8-444553540000} . (.Adobe Systems, Inc. – Adobe Flash Player 14.0 r0.) — C:windowssystem32MacromedFlashFlash32_14_0_0_176.ocx
    O40 – ASIC: Installed Component – S-1-5-21-1935655697-261478967-725345543-1004 – <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} — Not Hexadécimal CLSID
    O40 – ASIC: Installed Component – S-1-5-21-1935655697-261478967-725345543-1004 – >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS — Not Hexadécimal CLSID
    ~ Active Setup: 21 Scanned in 00mn 00s

    —\ Pilotes lancés au démarrage du système (O41)
    O41 – Driver: (AFD) . (.Microsoft Corporation – Ancillary Function Driver for WinSock.) – C:WINDOWSsystem32driversafd.sys
    O41 – Driver: (Cdrom) . (.Microsoft Corporation – SCSI CD-ROM Driver.) – C:WINDOWSsystem32DRIVERScdrom.sys
    O41 – Driver: (i8042prt) . (.Microsoft Corporation – Pilote de port i8042.) – C:WINDOWSsystem32DRIVERSi8042prt.sys
    O41 – Driver: (Imapi) . (.Microsoft Corporation – IMAPI Kernel Driver.) – C:WINDOWSsystem32DRIVERSimapi.sys
    O41 – Driver: (IPSec) . (.Microsoft Corporation – IPSec Driver.) – C:WINDOWSsystem32DRIVERSipsec.sys
    O41 – Driver: (Kbdclass) . (.Microsoft Corporation – Pilote de la classe Clavier.) – C:WINDOWSsystem32DRIVERSkbdclass.sys
    O41 – Driver: (Mouclass) . (.Microsoft Corporation – Pilote de la classe Souris.) – C:WINDOWSsystem32DRIVERSmouclass.sys
    O41 – Driver: (MRxSmb) . (.Microsoft Corporation – Windows NT SMB Minirdr.) – C:WINDOWSsystem32DRIVERSmrxsmb.sys
    O41 – Driver: (NetBIOS) . (.Microsoft Corporation – NetBIOS interface driver.) – C:WINDOWSsystem32DRIVERSnetbios.sys
    O41 – Driver: (NetBT) . (.Microsoft Corporation – MBT Transport driver.) – C:WINDOWSsystem32DRIVERSnetbt.sys
    O41 – Driver: (Processor) . (.Microsoft Corporation – Pilote de périphérique processeur.) – C:WINDOWSsystem32DRIVERSprocessr.sys
    O41 – Driver: (RasAcd) . (.Microsoft Corporation – RAS Automatic Connection Driver.) – C:WINDOWSsystem32DRIVERSrasacd.sys
    O41 – Driver: (Rdbss) . (.Microsoft Corporation – Redirected Drive Buffering SubSystem Driver.) – C:WINDOWSsystem32DRIVERSrdbss.sys
    O41 – Driver: (RDPCDD) . (.Microsoft Corporation – RDP Miniport.) – C:WINDOWSsystem32DRIVERSRDPCDD.sys
    O41 – Driver: (redbook) . (.Microsoft Corporation – Pilote de filtre audio Livre rouge.) – C:WINDOWSsystem32DRIVERSredbook.sys
    O41 – Driver: (Serial) . (.Microsoft Corporation – Pilote de périphérique série.) – C:WINDOWSsystem32DRIVERSserial.sys
    O41 – Driver: (Tcpip) . (.Microsoft Corporation – TCP/IP Protocol Driver.) – C:WINDOWSsystem32DRIVERStcpip.sys
    O41 – Driver: (TermDD) . (.Microsoft Corporation – Terminal Server Driver.) – C:WINDOWSsystem32DRIVERStermdd.sys
    O41 – Driver: Carte vidéo VGA. (VgaSave) . (.Microsoft Corporation – VGA/Super VGA Video Driver.) – C:WINDOWSsystem32driversvga.sys
    ~ Drivers: 76 Scanned in 00mn 00s

    —\ Logiciels installés (O42)
    O42 – Logiciel: Adobe Flash Player 14 ActiveX – (.Adobe Systems Incorporated.) [HKLM] — Adobe Flash Player ActiveX
    O42 – Logiciel: Adobe Flash Player 16 NPAPI – (.Adobe Systems Incorporated.) [HKLM] — Adobe Flash Player NPAPI
    O42 – Logiciel: Adobe Reader X (10.1.9) – Français – (.Adobe Systems Incorporated.) [HKLM] — {AC76BA86-7AD7-1036-7B44-AA1000000001}
    O42 – Logiciel: Adobe Shockwave Player 12.1 – (.Adobe Systems, Inc..) [HKLM] — Adobe Shockwave Player
    O42 – Logiciel: CCleaner – (.Piriform.) [HKLM] — CCleaner
    O42 – Logiciel: CDBurnerXP – (.CDBurnerXP.) [HKLM] — {7E265513-8CDA-4631-B696-F40D983F3B07}_is1
    O42 – Logiciel: Canon MP Navigator 2.0 – (…) [HKLM] — MP Navigator 2.0
    O42 – Logiciel: Canon MP150 – (…) [HKLM] — {CA9A3609-3ECC-4574-8824-A8161A71A603}
    O42 – Logiciel: Digital Video – (…) [HKLM] — {C833C7B6-1140-471D-932B-391B5CA66D7D}
    O42 – Logiciel: Easy-WebPrint – (…) [HKLM] — Easy-WebPrint
    O42 – Logiciel: High Definition Audio Driver Package – KB888111 – (.Microsoft Corporation.) [HKLM] — KB888111WXPSP2
    O42 – Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) – (.Microsoft Corporation.) [HKLM] — KB929399
    O42 – Logiciel: Hotfix for Windows XP (KB915800-v4) – (.Microsoft Corporation.) [HKLM] — KB915800-v4
    O42 – Logiciel: Lecteur Windows Media 11 – (…) [HKLM] — Windows Media Player =>.Microsoft Corporation
    O42 – Logiciel: Malwarebytes Anti-Malware version 2.0.4.1028 – (.Malwarebytes Corporation.) [HKLM] — Malwarebytes Anti-Malware_is1
    O42 – Logiciel: Malwarebytes’ Anti-Malware – (.Malwarebytes Corporation.) [HKLM] — Malwarebytes’ Anti-Malware_is1
    O42 – Logiciel: Microsoft Compression Client Pack 1.0 for Windows XP – (.Microsoft Corporation.) [HKLM] — MSCompPackV1
    O42 – Logiciel: Microsoft Internationalized Domain Names Mitigation APIs – (.Microsoft Corporation.) [HKLM] — IDNMitigationAPIs
    O42 – Logiciel: Microsoft National Language Support Downlevel APIs – (.Microsoft Corporation.) [HKLM] — NLSDownlevelMapping
    O42 – Logiciel: Microsoft Search Enhancement Pack – (.Microsoft Corporation.) [HKLM] — {4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
    O42 – Logiciel: Microsoft Security Client FR-FR Language Pack – (.Microsoft Corporation.) [HKLM] — {50779A29-834E-4E36-BBEB-B7CABC67A825}
    O42 – Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 – (.Microsoft Corporation.) [HKLM] — Wudf01000
    O42 – Logiciel: Mozilla Firefox 34.0.5 (x86 fr) – (.Mozilla.) [HKLM] — Mozilla Firefox 34.0.5 (x86 fr)
    O42 – Logiciel: Mozilla Maintenance Service – (.Mozilla.) [HKLM] — MozillaMaintenanceService
    O42 – Logiciel: NVIDIA Drivers – (…) [HKLM] — NVIDIA Drivers
    O42 – Logiciel: OpenOffice.org 2.0 – (.OpenOffice.org.) [HKLM] — {518E7702-18C9-4CF7-9BC2-EEEA9E252763}
    O42 – Logiciel: PC Cleaners – (.PC Cleaners.) [HKCU] — PC Cleaners =>Rogue.PCCleanerPro
    O42 – Logiciel: Package de base Microsoft de service de chiffrement pour cartes à puce – (.Microsoft Corporation.) [HKLM] — KB909520
    O42 – Logiciel: Realtek High Definition Audio Driver – (.Realtek Semiconductor Corp..) [HKLM] — {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
    O42 – Logiciel: SFR Sécurité – (.F-Secure Corporation.) [HKLM] — {161DC3D8-47F0-47BC-8647-CD6FDCBC9731}
    O42 – Logiciel: Security Update for Windows Search 4 – KB963093 – (.Microsoft Corporation.) [HKLM] — KB963093
    O42 – Logiciel: Shockwave – (…) [HKLM] — Shockwave
    O42 – Logiciel: TomTom HOME – (.Nom de votre société.) [HKLM] — {7A2BB1C8-903D-4585-9F3B-CADD67D07D37}
    O42 – Logiciel: TomTom HOME Visual Studio Merge Modules – (.TomTom International B.V..) [HKLM] — {8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
    O42 – Logiciel: VGA USB Camera – (…) [HKLM] — {F0B2D11F-E4D9-4C17-A195-B8BADEAE9C40}
    O42 – Logiciel: VLC media player – (.VideoLAN.) [HKLM] — VLC media player =>.VideoLAN
    O42 – Logiciel: Visual Studio 2012 x86 Redistributables – (.AVG Technologies CZ, s.r.o..) [HKLM] — {98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}
    O42 – Logiciel: Windows Internet Explorer 8 – (.Microsoft Corporation.) [HKLM] — ie8
    O42 – Logiciel: Windows Media Format 11 runtime – (…) [HKLM] — Windows Media Format Runtime
    O42 – Logiciel: Windows Media Format 11 runtime – (.Microsoft Corporation.) [HKLM] — WMFDist11
    O42 – Logiciel: Windows Media Player 11 – (.Microsoft Corporation.) [HKLM] — wmp11 =>.Microsoft Corporation
    O42 – Logiciel: Windows Search 4.0 – (.Microsoft Corporation.) [HKLM] — KB940157
    O42 – Logiciel: Windows XP Service Pack 3 – (.Microsoft Corporation.) [HKLM] — Windows XP Service
    O42 – Logiciel: XML Paper Specification Shared Components Language Pack 1.0 – (.Microsoft Corporation.) [HKLM] — XPSEPSCLP
    O42 – Logiciel: Yahoo! Install Manager – (…) [HKLM] — YInstHelper
    O42 – Logiciel: Yahoo! Internet Mail – (…) [HKLM] — Yahoo! Mail
    O42 – Logiciel: e-Carte Bleue Banque Populaire – (…) [HKLM] — {B0900CB5-8EC0-43B4-9DAC-A32FE52DC864}
    O42 – Logiciel: swMSM – (.Adobe Systems, Inc.) [HKLM] — {612C34C7-5E90-47D8-9B5C-0F717DD82726}
    ~ Logic: 48 Scanned in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareANI]
    [HKCUSoftwareAVAST Software]
    [HKCUSoftwareAdobe]
    [HKCUSoftwareAhead]
    [HKCUSoftwareAppDataLowSoftwareRealNetworks]
    [HKCUSoftwareAppDataLow]
    [HKCUSoftwareApple Computer, Inc.]
    [HKCUSoftwareApplianTechnologies]
    [HKCUSoftwareArcSoft]
    [HKCUSoftwareAudacity]
    [HKCUSoftwareBinary Noise]
    [HKCUSoftwareBitTorrent] =>P2P.BitTorrent
    [HKCUSoftwareCanneverbe Limited]
    [HKCUSoftwareCanon]
    [HKCUSoftwareClasses]
    [HKCUSoftwareClients]
    [HKCUSoftwareCyberlink]
    [HKCUSoftwareDigital River]
    [HKCUSoftwareDivXNetworks]
    [HKCUSoftwareDownloadManager]
    [HKCUSoftwareF-Secure]
    [HKCUSoftwareGlarysoft]
    [HKCUSoftwareGoogle]
    [HKCUSoftwareIM Providers]
    [HKCUSoftwareIntel]
    [HKCUSoftwareJavaSoft]
    [HKCUSoftwareLake]
    [HKCUSoftwareLicenses]
    [HKCUSoftwareMacromedia]
    [HKCUSoftwareMalwarebytes’ Anti-Malware]
    [HKCUSoftwareMozillaPlugins]
    [HKCUSoftwareMozilla]
    [HKCUSoftwareNVIDIA Corporation]
    [HKCUSoftwareNetscape]
    [HKCUSoftwareOpendisc]
    [HKCUSoftwarePC SOFT]
    [HKCUSoftwarePCCleaners] =>Rogue.PCCleanerPro
    [HKCUSoftwarePartyFrance]
    [HKCUSoftwarePiriform]
    [HKCUSoftwarePolicies]
    [HKCUSoftwareRealNetworks]
    [HKCUSoftwareRealtek]
    [HKCUSoftwareSamsung]
    [HKCUSoftwareScanSoft]
    [HKCUSoftwareSigel]
    [HKCUSoftwareSkype]
    [HKCUSoftwareSoftVTU]
    [HKCUSoftwareSoftware]
    [HKCUSoftwareSun Microsystems]
    [HKCUSoftwareSysinternals]
    [HKCUSoftwareTomTom]
    [HKCUSoftwareTotalidea Software]
    [HKCUSoftwareTrolltech]
    [HKCUSoftwareUsbfix]
    [HKCUSoftwareVSO]
    [HKCUSoftwareWinRAR SFX]
    [HKCUSoftwareXi]
    [HKCUSoftwareYahoo]
    [HKCUSoftwareeMule]
    [HKCUSoftwareej-technologies]
    [HKCUSoftwarekeyhole.com]
    [HKCUSoftwareobj funk showteam]
    [HKCUSoftwarewizzgo]
    [HKLMSoftware685D6D1C-D73A-4F37-B7E5E53660311DDB]
    [HKLMSoftwareANI]
    [HKLMSoftwareASUS]
    [HKLMSoftwareAdobeFlashPlayerUpdate]
    [HKLMSoftwareAdobe]
    [HKLMSoftwareAdwCleaner]
    [HKLMSoftwareAhead]
    [HKLMSoftwareAlice ADSL]
    [HKLMSoftwareAppDataLow]
    [HKLMSoftwareApple Computer, Inc.]
    [HKLMSoftwareArcSoft]
    [HKLMSoftwareAvg Secure Update]
    [HKLMSoftwareAviraSpeedup]
    [HKLMSoftwareBroderbund Software]
    [HKLMSoftwareC07ft5Y]
    [HKLMSoftwareCDDB]
    [HKLMSoftwareCanon]
    [HKLMSoftwareClasses]
    [HKLMSoftwareClients]
    [HKLMSoftwareCommon Toolkit Suite]
    [HKLMSoftwareData Fellows]
    [HKLMSoftwareDivXNetworks]
    [HKLMSoftwareEnigmaSoftwareGroup]
    [HKLMSoftwareF-Secure]
    [HKLMSoftwareGemplus]
    [HKLMSoftwareGoogle]
    [HKLMSoftwareInstallShield]
    [HKLMSoftwareIntel]
    [HKLMSoftwareInterVideo]
    [HKLMSoftwareJavaSoft]
    [HKLMSoftwareJreMetrics]
    [HKLMSoftwareKhronos]
    [HKLMSoftwareLicenses]
    [HKLMSoftwareMacromedia]
    [HKLMSoftwareMalwarebytes’ Anti-Malware]
    [HKLMSoftwareMcAfee.com]
    [HKLMSoftwareMozillaPlugins]
    [HKLMSoftwareMozilla]
    [HKLMSoftwareNVIDIA Corporation]
    [HKLMSoftwareNotepad]
    [HKLMSoftwareODBC]
    [HKLMSoftwareOldTimer Tools]
    [HKLMSoftwareOpenOffice.org]
    [HKLMSoftwarePCCleaners] =>Rogue.PCCleanerPro
    [HKLMSoftwarePiriform]
    [HKLMSoftwarePixArt]
    [HKLMSoftwarePolicies]
    [HKLMSoftwareProgram Groups]
    [HKLMSoftwareRealNetworks]
    [HKLMSoftwareRealtek]
    [HKLMSoftwareRegisteredApplications]
    [HKLMSoftwareRichFX]
    [HKLMSoftwareSAMSUNG]
    [HKLMSoftwareSOSVirus]
    [HKLMSoftwareScanSoft]
    [HKLMSoftwareSchlumberger]
    [HKLMSoftwareSoftShape]
    [HKLMSoftwareSonic]
    [HKLMSoftwareSun Microsystems]
    [HKLMSoftwareSymantec]
    [HKLMSoftwareTomTom]
    [HKLMSoftwareTuneUp]
    [HKLMSoftwareVSO]
    [HKLMSoftwareVideoLAN]
    [HKLMSoftwareWindows 3.1 Migration Status]
    [HKLMSoftwareWow6432Node]
    [HKLMSoftwareXing Technology Corp.]
    [HKLMSoftwareYahoo]
    [HKLMSoftwaree-Carte Bleue Banque Populaire]
    [HKLMSoftwareeMule]
    [HKLMSoftwaremagnet]
    [HKLMSoftwaremozilla.org]
    ~ Key Software: 233 Scanned in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 28/04/2014 – 18:19:26 – [] —-D C:Program FilesAdobe
    O43 – CFD: 03/09/2013 – 19:24:17 – [] —-D C:Program FilesAhead
    O43 – CFD: 12/05/2010 – 13:22:14 – [] —-D C:Program FilesALCATEL PC Suite
    O43 – CFD: 10/07/2007 – 13:48:59 – [] —-D C:Program FilesAlice
    O43 – CFD: 28/03/2012 – 17:20:44 – [] —-D C:Program FilesANI
    O43 – CFD: 14/04/2009 – 18:48:34 – [] —-D C:Program FilesAntipub
    O43 – CFD: 19/09/2009 – 12:36:56 – [] —-D C:Program FilesArcSoft
    O43 – CFD: 03/09/2013 – 18:55:47 – [] —-D C:Program FilesASUS
    O43 – CFD: 26/07/2014 – 13:15:45 – [] —-D C:Program FilesAVAST Software
    O43 – CFD: 26/10/2014 – 18:19:40 – [] —-D C:Program FilesBitDefender
    O43 – CFD: 29/10/2006 – 13:46:32 – [] —-D C:Program FilesBroderbund
    O43 – CFD: 19/08/2006 – 16:32:34 – [] —-D C:Program FilesCanon
    O43 – CFD: 28/10/2014 – 08:37:00 – [] —-D C:Program FilesCCleaner
    O43 – CFD: 18/08/2014 – 19:24:59 – [] —-D C:Program FilesCDBurnerXP
    O43 – CFD: 07/01/2005 – 17:00:23 – [0] —-D C:Program FilesComPlus Applications
    O43 – CFD: 26/07/2014 – 13:15:46 – [0] —-D C:Program FilesCyberLink
    O43 – CFD: 10/07/2007 – 13:39:06 – [] —-D C:Program FilesD-Link
    O43 – CFD: 19/09/2009 – 13:10:24 – [] —-D C:Program FilesDigital Video
    O43 – CFD: 29/09/2009 – 08:44:05 – [] —-D C:Program FilesDivX
    O43 – CFD: 26/10/2009 – 13:27:19 – [] —-D C:Program FilesDofus
    O43 – CFD: 16/07/2008 – 13:52:22 – [] —-D C:Program Filese-Carte Bleue Banque Populaire
    O43 – CFD: 28/04/2010 – 11:52:56 – [] —-D C:Program FileseMule
    O43 – CFD: 29/07/2014 – 08:54:10 – [] —-D C:Program FilesEnigma Software Group
    O43 – CFD: 26/10/2014 – 18:10:45 – [] —-D C:Program FilesFichiers communs
    O43 – CFD: 10/11/2014 – 16:58:34 – [] —-D C:Program FilesGoogle
    O43 – CFD: 13/11/2014 – 09:14:21 – [] –H-D C:Program FilesInstallShield Installation Information
    O43 – CFD: 27/07/2014 – 09:52:49 – [] —-D C:Program FilesInternet Explorer
    O43 – CFD: 12/12/2014 – 14:05:34 – [] —-D C:Program FilesJava
    O43 – CFD: 16/12/2014 – 13:29:47 – [] —-D C:Program FilesMalwarebytes Anti-Malware
    O43 – CFD: 15/12/2014 – 09:30:06 – [] —-D C:Program FilesMalwarebytes’ Anti-Malware
    O43 – CFD: 24/04/2009 – 16:10:02 – [0] —-D C:Program FilesManager Setup Tons
    O43 – CFD: 22/08/2014 – 09:42:01 – [] —-D C:Program FilesMessenger
    O43 – CFD: 03/09/2013 – 18:50:28 – [] —-D C:Program FilesMicro Application
    O43 – CFD: 03/10/2009 – 12:22:15 – [] —-D C:Program FilesMicrosoft
    O43 – CFD: 07/01/2005 – 17:03:09 – [] —-D C:Program Filesmicrosoft frontpage
    O43 – CFD: 22/04/2013 – 14:21:14 – [] —-D C:Program FilesMicrosoft Office
    O43 – CFD: 28/04/2014 – 12:38:20 – [] —-D C:Program FilesMicrosoft Silverlight
    O43 – CFD: 03/10/2009 – 12:24:42 – [] —-D C:Program FilesMicrosoft Sync Framework
    O43 – CFD: 19/05/2013 – 15:00:55 – [] —-D C:Program FilesMicrosoft.NET
    O43 – CFD: 12/08/2010 – 10:02:27 – [] —-D C:Program FilesMovie Maker
    O43 – CFD: 09/12/2014 – 13:47:26 – [] —-D C:Program FilesMozilla Firefox
    O43 – CFD: 10/12/2014 – 12:33:57 – [] —-D C:Program FilesMozilla Maintenance Service
    O43 – CFD: 09/04/2009 – 10:13:23 – [] —-D C:Program FilesMSBuild
    O43 – CFD: 22/04/2013 – 14:20:03 – [] —-D C:Program FilesMSECache
    O43 – CFD: 28/04/2014 – 12:41:30 – [] —-D C:Program FilesMSN
    O43 – CFD: 07/01/2005 – 16:59:43 – [] —-D C:Program FilesMSN Gaming Zone
    O43 – CFD: 07/10/2008 – 19:04:03 – [] —-D C:Program FilesNetMeeting
    O43 – CFD: 15/04/2013 – 13:36:01 – [] —-D C:Program FilesNVIDIA Corporation
    O43 – CFD: 07/01/2005 – 16:59:50 – [] —-D C:Program FilesOnline Services
    O43 – CFD: 17/08/2006 – 13:59:04 – [] —-D C:Program FilesOpenOffice.org 2.0
    O43 – CFD: 24/03/2009 – 19:38:13 – [] —-D C:Program FilesOpera
    O43 – CFD: 21/03/2011 – 15:54:40 – [] —-D C:Program FilesOutlook Express =>.Microsoft Corporation
    O43 – CFD: 19/04/2011 – 19:49:38 – [] —-D C:Program FilesPartyFrance
    O43 – CFD: 06/07/2010 – 18:59:27 – [] —-D C:Program FilesQuickTime
    O43 – CFD: 17/06/2013 – 11:15:32 – [] —-D C:Program FilesReal
    O43 – CFD: 20/08/2014 – 18:14:02 – [] —-D C:Program FilesRealNetworks
    O43 – CFD: 18/11/2008 – 17:02:10 – [] —-D C:Program FilesRealtek
    O43 – CFD: 09/04/2009 – 10:13:08 – [] —-D C:Program FilesReference Assemblies
    O43 – CFD: 26/07/2014 – 13:17:30 – [] —-D C:Program FilesResource Kit
    O43 – CFD: 13/11/2014 – 09:14:28 – [0] —-D C:Program FilesSAMSUNG
    O43 – CFD: 19/08/2006 – 16:38:56 – [] —-D C:Program FilesScanSoft
    O43 – CFD: 07/01/2005 – 17:01:40 – [] —-D C:Program FilesServices en ligne
    O43 – CFD: 11/12/2014 – 21:10:49 – [] —-D C:Program FilesSFR Sécurité
    O43 – CFD: 11/12/2010 – 08:26:10 – [] R—D C:Program FilesSkype
    O43 – CFD: 21/06/2014 – 10:00:29 – [] —-D C:Program FilesTomTom HOME 2
    O43 – CFD: 21/06/2014 – 09:55:59 – [] —-D C:Program FilesTomTom International B.V
    O43 – CFD: 09/07/2011 – 08:20:00 – [0] —-D C:Program FilesTradeNetworks
    O43 – CFD: 07/01/2005 – 11:58:42 – [] —-D C:Program FilesTweak-XP Pro 3
    O43 – CFD: 10/10/2006 – 15:24:19 – [] –H-D C:Program FilesUninstall Information
    O43 – CFD: 02/08/2009 – 14:05:07 – [] —-D C:Program FilesVGA USB Camera
    O43 – CFD: 24/03/2009 – 14:52:20 – [] —-D C:Program FilesVideoLAN
    O43 – CFD: 29/10/2014 – 10:42:34 – [0] —-D C:Program FilesVS Revo Group
    O43 – CFD: 19/07/2009 – 14:33:04 – [] —-D C:Program FilesVSO
    O43 – CFD: 11/07/2009 – 13:39:38 – [] —-D C:Program FilesVuze =>P2P.Azureus
    O43 – CFD: 14/11/2013 – 18:28:49 – [0] —-D C:Program FilesWindows Defender
    O43 – CFD: 11/06/2009 – 12:40:34 – [] —-D C:Program FilesWindows Desktop Search
    O43 – CFD: 01/04/2012 – 09:20:51 – [] —-D C:Program FilesWindows Live
    O43 – CFD: 03/10/2009 – 12:21:48 – [] —-D C:Program FilesWindows Live SkyDrive
    O43 – CFD: 06/09/2008 – 15:47:24 – [] —-D C:Program FilesWindows Media Connect 2
    O43 – CFD: 07/10/2008 – 19:04:00 – [] —-D C:Program FilesWindows Media Player =>.Microsoft Corporation
    O43 – CFD: 07/10/2008 – 19:03:59 – [] —-D C:Program FilesWindows NT
    O43 – CFD: 07/01/2005 – 17:01:44 – [0] –H-D C:Program FilesWindowsUpdate
    O43 – CFD: 07/01/2005 – 17:03:10 – [] —-D C:Program Filesxerox
    O43 – CFD: 25/11/2009 – 20:14:15 – [] —-D C:Program FilesXi
    O43 – CFD: 14/08/2014 – 17:44:12 – [] —-D C:Program FilesYahoo!
    O43 – CFD: 15/12/2014 – 09:33:58 – [] —-D C:Program FilesZHPDiag =>.Nicolas Coolman
    O43 – CFD: 28/04/2014 – 18:19:24 – [] —-D C:Program FilesFichiers communsAdobe
    O43 – CFD: 19/09/2009 – 12:38:18 – [] —-D C:Program FilesFichiers communsArcSoft
    O43 – CFD: 26/10/2014 – 18:20:06 – [] —-D C:Program FilesFichiers communsBitDefender
    O43 – CFD: 29/10/2006 – 13:46:32 – [] —-D C:Program FilesFichiers communsBroderbund
    O43 – CFD: 10/12/2008 – 20:13:36 – [] —-D C:Program FilesFichiers communsi4j_jres
    O43 – CFD: 03/09/2013 – 19:26:50 – [] —-D C:Program FilesFichiers communsInstallShield
    O43 – CFD: 17/04/2013 – 20:06:35 – [] —-D C:Program FilesFichiers communsJava
    O43 – CFD: 26/08/2014 – 15:04:52 – [] —-D C:Program FilesFichiers communsMicrosoft Shared
    O43 – CFD: 07/01/2005 – 17:01:01 – [] —-D C:Program FilesFichiers communsMSSoap
    O43 – CFD: 07/01/2005 – 17:53:23 – [] —-D C:Program FilesFichiers communsODBC
    O43 – CFD: 30/10/2008 – 08:46:31 – [] —-D C:Program FilesFichiers communsPC SOFT
    O43 – CFD: 24/04/2009 – 15:54:12 – [] —-D C:Program FilesFichiers communsReal
    O43 – CFD: 01/04/2012 – 09:23:12 – [] —-D C:Program FilesFichiers communsScanSoft Shared
    O43 – CFD: 07/01/2005 – 17:01:04 – [] —-D C:Program FilesFichiers communsServices
    O43 – CFD: 11/12/2010 – 08:26:16 – [0] —-D C:Program FilesFichiers communsSkype
    O43 – CFD: 07/01/2005 – 17:53:20 – [] —-D C:Program FilesFichiers communsSpeechEngines
    O43 – CFD: 07/10/2008 – 19:03:56 – [] —-D C:Program FilesFichiers communsSystem
    O43 – CFD: 09/04/2009 – 11:16:20 – [] —-D C:Program FilesFichiers communsWindows Live
    O43 – CFD: 29/07/2014 – 08:52:22 – [] —-D C:Program FilesFichiers communsWise Installation Wizard
    O43 – CFD: 24/04/2009 – 15:54:20 – [] —-D C:Program FilesFichiers communsxing shared
    O43 – CFD: 12/05/2014 – 13:02:11 – [] —-D C:Documents and SettingsAll UsersApplication DataAdobe
    O43 – CFD: 03/09/2013 – 19:23:53 – [] —-D C:Documents and SettingsAll UsersApplication DataAhead
    O43 – CFD: 11/07/2009 – 13:44:17 – [] —-D C:Documents and SettingsAll UsersApplication DataApple Computer
    O43 – CFD: 19/09/2009 – 12:52:54 – [] —-D C:Documents and SettingsAll UsersApplication DataArcSoft
    O43 – CFD: 10/07/2014 – 08:50:29 – [] —-D C:Documents and SettingsAll UsersApplication DataAVAST Software
    O43 – CFD: 26/07/2014 – 14:28:27 – [] —-D C:Documents and SettingsAll UsersApplication DataAVG
    O43 – CFD: 28/07/2014 – 08:35:50 – [] —-D C:Documents and SettingsAll UsersApplication DataAvg_Update_0614t
    O43 – CFD: 26/10/2014 – 18:22:17 – [] —-D C:Documents and SettingsAll UsersApplication DataBitDefender
    O43 – CFD: 26/10/2014 – 11:24:16 – [] —-D C:Documents and SettingsAll UsersApplication DataCanneverbe Limited
    O43 – CFD: 14/12/2008 – 13:30:59 – [] –H-D C:Documents and SettingsAll UsersApplication DataCanonBJ
    O43 – CFD: 26/07/2014 – 13:59:38 – [] –H-D C:Documents and SettingsAll UsersApplication DataCommon Files
    O43 – CFD: 25/03/2009 – 19:58:43 – [] —-D C:Documents and SettingsAll UsersApplication DataCyberLink
    O43 – CFD: 11/12/2014 – 21:05:00 – [] —-D C:Documents and SettingsAll UsersApplication DataF-Secure
    O43 – CFD: 27/07/2014 – 11:18:33 – [] —-D C:Documents and SettingsAll UsersApplication DataGoogle
    O43 – CFD: 20/10/2009 – 22:04:32 – [] —-D C:Documents and SettingsAll UsersApplication DataGrid Blue Memo Site
    O43 – CFD: 27/10/2014 – 13:53:58 – [] —-D C:Documents and SettingsAll UsersApplication DataMalwarebytes
    O43 – CFD: 01/10/2009 – 11:30:12 – [] —-D C:Documents and SettingsAll UsersApplication DataMcAfee
    O43 – CFD: 26/08/2014 – 14:44:02 – [] —-D C:Documents and SettingsAll UsersApplication DataMFAData
    O43 – CFD: 26/09/2014 – 11:45:37 – [] -S–D C:Documents and SettingsAll UsersApplication DataMicrosoft
    O43 – CFD: 10/05/2013 – 11:47:20 – [] —-D C:Documents and SettingsAll UsersApplication DataMozilla
    O43 – CFD: 20/05/2011 – 12:38:56 – [] —-D C:Documents and SettingsAll UsersApplication DataNOS
    O43 – CFD: 30/09/2011 – 17:22:44 – [0] —-D C:Documents and SettingsAll UsersApplication DatanView_Profiles
    O43 – CFD: 27/10/2014 – 10:27:51 – [] —-D C:Documents and SettingsAll UsersApplication DataOracle
    O43 – CFD: 01/11/2014 – 08:34:48 – [0] —-D C:Documents and SettingsAll UsersApplication DataPackage Cache
    O43 – CFD: 26/10/2014 – 18:03:20 – [] —-D C:Documents and SettingsAll UsersApplication DataPC1Data
    O43 – CFD: 20/08/2014 – 18:10:02 – [] —-D C:Documents and SettingsAll UsersApplication DataReal
    O43 – CFD: 12/11/2014 – 13:54:43 – [] —-D C:Documents and SettingsAll UsersApplication DataSamsung
    O43 – CFD: 08/12/2010 – 13:35:39 – [] —-D C:Documents and SettingsAll UsersApplication DataSkype
    O43 – CFD: 08/04/2010 – 14:49:17 – [] —-D C:Documents and SettingsAll UsersApplication DataSun
    O43 – CFD: 09/12/2008 – 20:23:13 – [0] —AD C:Documents and SettingsAll UsersApplication DataTEMP
    O43 – CFD: 09/09/2011 – 14:11:46 – [] —-D C:Documents and SettingsAll UsersApplication DataTomTom
    O43 – CFD: 09/07/2011 – 08:37:06 – [] —-D C:Documents and SettingsAll UsersApplication DataTradeNetworks
    O43 – CFD: 31/10/2007 – 17:10:26 – [] —-D C:Documents and SettingsAll UsersApplication DataWindows Genuine Advantage
    O43 – CFD: 01/04/2012 – 09:20:10 – [0] —-D C:Documents and SettingsAll UsersApplication DataYahoo!
    O43 – CFD: 26/07/2014 – 14:34:04 – [0] -SH-D C:Documents and SettingsAll UsersApplication Data{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
    O43 – CFD: 04/06/2014 – 08:07:05 – [] —-D C:Documents and SettingsUTILISATEURApplication DataAdobe
    O43 – CFD: 20/09/2009 – 19:06:21 – [] —-D C:Documents and SettingsUTILISATEURApplication DataAhead
    O43 – CFD: 19/11/2008 – 19:06:26 – [] —-D C:Documents and SettingsUTILISATEURApplication DataApple Computer
    O43 – CFD: 26/04/2010 – 12:09:11 – [] —-D C:Documents and SettingsUTILISATEURApplication DataArcSoft
    O43 – CFD: 16/05/2014 – 13:18:56 – [] —-D C:Documents and SettingsUTILISATEURApplication DataAudacity
    O43 – CFD: 26/07/2014 – 14:27:36 – [] —-D C:Documents and SettingsUTILISATEURApplication DataAVG
    O43 – CFD: 20/08/2014 – 11:08:15 – [] —-D C:Documents and SettingsUTILISATEURApplication DataAzureus =>P2P.Azureus
    O43 – CFD: 26/10/2014 – 18:20:58 – [] —-D C:Documents and SettingsUTILISATEURApplication DataBitdefender
    O43 – CFD: 03/09/2013 – 18:57:12 – [] —-D C:Documents and SettingsUTILISATEURApplication DataBitTorrent =>P2P.BitTorrent
    O43 – CFD: 18/08/2014 – 19:24:37 – [] —-D C:Documents and SettingsUTILISATEURApplication DataCanneverbe Limited
    O43 – CFD: 29/11/2014 – 17:56:21 – [] —-D C:Documents and SettingsUTILISATEURApplication DataCanon
    O43 – CFD: 28/01/2007 – 21:43:04 – [] —-D C:Documents and SettingsUTILISATEURApplication DataCyberLink
    O43 – CFD: 13/08/2014 – 08:09:05 – [] —-D C:Documents and SettingsUTILISATEURApplication DataDiskDefrag
    O43 – CFD: 03/10/2010 – 13:18:42 – [0] —-D C:Documents and SettingsUTILISATEURApplication DataDMCache
    O43 – CFD: 24/07/2013 – 19:45:04 – [] —-D C:Documents and SettingsUTILISATEURApplication Datadvdcss
    O43 – CFD: 20/08/2014 – 08:17:22 – [0] —-D C:Documents and SettingsUTILISATEURApplication DataGlarySoft
    O43 – CFD: 04/11/2014 – 09:31:17 – [] —-D C:Documents and SettingsUTILISATEURApplication DataGoogle
    O43 – CFD: 04/09/2006 – 13:11:00 – [0] —-D C:Documents and SettingsUTILISATEURApplication DataHelp
    O43 – CFD: 07/01/2005 – 17:20:15 – [] —-D C:Documents and SettingsUTILISATEURApplication DataIdentities
    O43 – CFD: 02/08/2009 – 14:04:36 – [] —-D C:Documents and SettingsUTILISATEURApplication DataInstallShield
    O43 – CFD: 28/08/2007 – 16:13:50 – [0] —-D C:Documents and SettingsUTILISATEURApplication DataLavasoft
    O43 – CFD: 10/07/2007 – 13:56:25 – [] —-D C:Documents and SettingsUTILISATEURApplication DataMacromedia
    O43 – CFD: 14/04/2009 – 18:50:02 – [] —-D C:Documents and SettingsUTILISATEURApplication DataMalwarebytes
    O43 – CFD: 20/10/2009 – 21:30:37 – [] —-D C:Documents and SettingsUTILISATEURApplication DataManager Setup Tons
    O43 – CFD: 03/08/2011 – 13:37:42 – [0] —-D C:Documents and SettingsUTILISATEURApplication DataMedia Player Classic
    O43 – CFD: 29/07/2014 – 12:40:48 – [] -S–D C:Documents and SettingsUTILISATEURApplication DataMicrosoft
    O43 – CFD: 09/09/2011 – 14:09:50 – [] —-D C:Documents and SettingsUTILISATEURApplication DataMozilla
    O43 – CFD: 19/04/2011 – 19:35:51 – [] —-D C:Documents and SettingsUTILISATEURApplication DataMozilla-Cache
    O43 – CFD: 04/11/2007 – 14:36:47 – [] —-D C:Documents and SettingsUTILISATEURApplication DataMSNInstaller
    O43 – CFD: 07/12/2014 – 14:39:32 – [] —-D C:Documents and SettingsUTILISATEURApplication DataOpenOffice.org2
    O43 – CFD: 24/03/2009 – 19:34:06 – [] —-D C:Documents and SettingsUTILISATEURApplication DataOpera
    O43 – CFD: 19/05/2013 – 16:11:28 – [] —-D C:Documents and SettingsUTILISATEURApplication Dataplayer
    O43 – CFD: 20/08/2014 – 18:11:10 – [] —-D C:Documents and SettingsUTILISATEURApplication DataReal
    O43 – CFD: 13/11/2014 – 09:14:29 – [] —-D C:Documents and SettingsUTILISATEURApplication DataSamsung
    O43 – CFD: 14/11/2013 – 17:51:52 – [0] —-D C:Documents and SettingsUTILISATEURApplication DataShieldApps
    O43 – CFD: 11/12/2010 – 08:26:15 – [] —-D C:Documents and SettingsUTILISATEURApplication DataSkype
    O43 – CFD: 11/12/2010 – 08:07:12 – [] —-D C:Documents and SettingsUTILISATEURApplication DataskypePM
    O43 – CFD: 07/01/2005 – 11:15:55 – [] —-D C:Documents and SettingsUTILISATEURApplication DataSun
    O43 – CFD: 09/09/2011 – 14:09:41 – [] —-D C:Documents and SettingsUTILISATEURApplication DataTomTom
    O43 – CFD: 26/07/2014 – 14:07:30 – [] —-D C:Documents and SettingsUTILISATEURApplication DataTuneUp Software
    O43 – CFD: 12/09/2014 – 18:16:52 – [] —-D C:Documents and SettingsUTILISATEURApplication DatauTorrent =>P2P.µTorrent
    O43 – CFD: 04/07/2014 – 08:08:12 – [] —-D C:Documents and SettingsUTILISATEURApplication Datavlc
    O43 – CFD: 20/08/2014 – 11:08:17 – [0] —-D C:Documents and SettingsUTILISATEURApplication DataVso
    O43 – CFD: 09/04/2009 – 09:58:47 – [] —-D C:Documents and SettingsUTILISATEURApplication DataWindows Desktop Search
    O43 – CFD: 09/04/2009 – 11:53:25 – [] —-D C:Documents and SettingsUTILISATEURApplication DataWindows Search
    O43 – CFD: 14/05/2009 – 11:11:53 – [0] —-D C:Documents and SettingsUTILISATEURApplication DataWinRAR
    O43 – CFD: 25/11/2009 – 20:15:52 – [] —-D C:Documents and SettingsUTILISATEURApplication DataXi
    O43 – CFD: 13/09/2011 – 17:29:32 – [] —-D C:Documents and SettingsUTILISATEURApplication DataYahoo!
    O43 – CFD: 16/12/2014 – 14:09:17 – [] —-D C:Documents and SettingsUTILISATEURApplication DataZHP =>.Nicolas Coolman
    O43 – CFD: 25/10/2014 – 19:42:21 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataAdobe
    O43 – CFD: 15/10/2006 – 12:04:59 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataAhead
    O43 – CFD: 18/11/2008 – 12:45:00 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataApple
    O43 – CFD: 18/11/2008 – 12:47:30 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataApple Computer
    O43 – CFD: 17/09/2014 – 09:14:04 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataApplicationHistory
    O43 – CFD: 19/09/2009 – 12:44:09 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataArcSoft
    O43 – CFD: 26/07/2014 – 14:27:36 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataAVG
    O43 – CFD: 12/11/2014 – 12:52:42 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataDownloaded Installations

    whynot
    Participant
    Nombre d'articles : 16

    La suite

    O43 – CFD: 11/12/2014 – 21:12:46 – [0] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataF-Secure
    O43 – CFD: 31/07/2014 – 12:52:43 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataFLVService
    O43 – CFD: 04/11/2014 – 09:31:17 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataGoogle
    O43 – CFD: 04/09/2006 – 13:11:00 – [0] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataHelp
    O43 – CFD: 10/07/2007 – 15:01:07 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataIdentities
    O43 – CFD: 13/09/2014 – 08:36:07 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataLogMeIn Rescue Applet
    O43 – CFD: 26/07/2014 – 13:59:38 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataMFAData
    O43 – CFD: 28/04/2014 – 12:41:31 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataMicrosoft
    O43 – CFD: 05/09/2008 – 12:31:26 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataMozilla
    O43 – CFD: 24/03/2009 – 19:34:06 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataOpera
    O43 – CFD: 22/11/2009 – 20:18:09 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataPCHealth
    O43 – CFD: 13/11/2014 – 09:11:09 – [0] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataSamsung
    O43 – CFD: 12/04/2013 – 17:38:44 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataSun
    O43 – CFD: 10/07/2014 – 08:03:32 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataTemp
    O43 – CFD: 09/09/2011 – 14:09:41 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataTomTom
    O43 – CFD: 09/07/2011 – 08:25:00 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataTradeNetworks_Ltd
    O43 – CFD: 13/04/2009 – 11:32:33 – [0] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataWMTools Downloaded Files
    O43 – CFD: 10/12/2009 – 14:01:31 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication DataYahoo!
    O43 – CFD: 17/08/2006 – 14:06:55 – [] —-D C:Documents and SettingsUTILISATEURLocal SettingsApplication Data{3248F0A6-6813-11D6-A77B-00B0D0150060}
    O43 – CFD: 01/05/2008 – 07:50:42 – [] R—D C:Documents and SettingsUTILISATEURMenu DémarrerProgrammesAccessoires
    O43 – CFD: 18/09/2013 – 18:00:30 – [0] —-D C:Documents and SettingsUTILISATEURMenu DémarrerProgrammesBitTorrent =>P2P.BitTorrent
    O43 – CFD: 18/08/2014 – 19:17:39 – [] —-D C:Documents and SettingsUTILISATEURMenu DémarrerProgrammesCCleaner
    O43 – CFD: 14/09/2014 – 15:42:39 – [] R—D C:Documents and SettingsUTILISATEURMenu DémarrerProgrammesDémarrage
    O43 – CFD: 19/04/2011 – 19:49:34 – [0] —-D C:Documents and SettingsUTILISATEURMenu DémarrerProgrammesGames
    O43 – CFD: 25/04/2009 – 08:51:25 – [] R—D C:Documents and SettingsUTILISATEURMenu DémarrerProgrammesOutils d’administration
    O43 – CFD: 18/09/2013 – 18:00:31 – [0] —-D C:Documents and SettingsUTILISATEURMenu DémarrerProgrammesTomTom
    ~ Program Folder: 224 Scanned in 00mn 03s

    whynot
    Participant
    Nombre d'articles : 16

    Et la fin

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.4DF37D408396ED5B973DE1561777DC2E] – 07/12/2014 – 13:59:17 —A- . (…) — C:WINDOWSsystem32wpa.dbl [12658]
    O44 – LFC:[MD5.2EB0D3528698E825AC3E31F20FEC5FF7] – 10/12/2014 – 10:52:43 —A- . (.Adobe Systems Incorporated – Adobe Flash Player Control Panel Applet.) — C:WINDOWSsystem32FlashPlayerCPLApp.cpl [71344]
    O44 – LFC:[MD5.2E8EE30A29AD149DD94283AE64C7B6F4] – 10/12/2014 – 10:52:45 —A- . (.Adobe Systems Incorporated – Adobe Flash Player Control Panel Applet.) — C:WINDOWSsystem32FlashPlayerApp.exe [701616]
    O44 – LFC:[MD5.B46DD94B96636132B60BE333B83CF718] – 10/12/2014 – 14:49:12 —A- . (.Microsoft Corporation – Outil de suppression de logiciels malveilla.) — C:WINDOWSsystem32MRT.exe [109818608]
    O44 – LFC:[MD5.A3F4391DFDF2F9E9FE4EAD193265A5AD] – 15/12/2014 – 09:29:59 —A- . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:WINDOWSsystem32Driversmbam.sys [23256]
    O44 – LFC:[MD5.FFB32E70D735146F5630DC7A96B6E1A8] – 15/12/2014 – 09:31:13 —A- . (.Malwarebytes Corporation – Malwarebytes Chameleon Protection Driver.) — C:WINDOWSsystem32Driversmbamchameleon.sys [54360]
    O44 – LFC:[MD5.D1B9540CF911CB55F7A04B40F8AEA026] – 15/12/2014 – 10:31:46 —A- . (…) — C:malware.txt [20215]
    O44 – LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] – 16/12/2014 – 12:25:49 -S-A- . (…) — C:WINDOWSbootstat.dat [2048]
    O44 – LFC:[MD5.3A31273450D18CDF34779EB17B5D26D1] – 16/12/2014 – 12:26:02 —A- . (…) — C:WINDOWSwiaservc.log [50]
    O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 16/12/2014 – 12:26:05 —A- . (…) — C:WINDOWS.log [0]
    O44 – LFC:[MD5.99AD8510A2E31A5BE303533543583016] – 16/12/2014 – 12:26:06 —A- . (…) — C:WINDOWSwiadebug.log [159]
    O44 – LFC:[MD5.04D3193DA13DCBB915BFF018563B43C9] – 16/12/2014 – 12:51:33 —A- . (…) — C:WINDOWSWindowsUpdate.log [1095588]
    O44 – LFC:[MD5.D662EE7A02FC243C748AC6B4C951BB88] – 16/12/2014 – 13:30:01 —A- . (…) — C:WINDOWSSchedLgU.Txt [32498]
    O44 – LFC:[MD5.8E2E9CCD873ABF180F48BCAEEEBE347D] – 16/12/2014 – 13:35:37 —A- . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:WINDOWSsystem32Driversmbamswissarmy.sys [114904]
    ~ Files: 15 Scanned in 00mn 41s

    —\ Opérations et fonctions au démarrage de Windows Explorer (O46)
    O46 – SEH:ShellExecuteHooks – URL Exec Hook – {AEB6717E-7E19-11d0-97EE-00C04FD91972} – shell32.dll
    O46 – SEH:ShellExecuteHooks – Windows Desktop Search Namespace Manager – {56F9679E-7826-4C84-81F3-532071A8BCC5} – C:Program FilesWindows Desktop SearchMSNLNamespaceMgr.dll
    ~ ShellExecuteHooks: Scanned in 00mn 00s

    —\ Export de clé d’application autorisée (O47)
    O47 – AAKE:Key Export SP – “%windir%system32sessmgr.exe” [Enabled] .(.Microsoft Corporation.) — C:WINDOWSsystem32sessmgr.exe
    O47 – AAKE:Key Export SP – “%windir%Network Diagnosticxpnetdiag.exe” [Enabled] .(.Microsoft Corporation.) — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O47 – AAKE:Key Export SP – “C:Program FilesBitTorrentbittorrent.exe” [Enabled] .(…) — C:Program FilesBitTorrentbittorrent.exe (.not file.) =>P2P.BitTorrent
    O47 – AAKE:Key Export SP – “C:Program FilesMessengermsmsgs.exe” [Enabled] .(.Microsoft Corporation.) — C:Program FilesMessengermsmsgs.exe
    O47 – AAKE:Key Export SP – “C:Program FilesVuzeAzureus.exe” [Enabled] .(…) — C:Program FilesVuzeAzureus.exe (.not file.) =>P2P.Azureus
    O47 – AAKE:Key Export SP – “C:Program FilesInternet Exploreriexplore.exe” [Enabled] .(.Microsoft Corporation.) — C:Program FilesInternet Exploreriexplore.exe
    O47 – AAKE:Key Export SP – “C:Program FileseMuleemule.exe” [Enabled] .(.http://www.emule-project.net” onclick=”window.open(this.href);return false;.) — C:Program FileseMuleemule.exe =>P2P.eMule
    O47 – AAKE:Key Export SP – “C:Program FilesSkypePlugin ManagerskypePM.exe” [Enabled] .(…) — C:Program FilesSkypePlugin ManagerskypePM.exe (.not file.)
    O47 – AAKE:Key Export SP – “C:Program FilesAVGAVG PC TuneUpIntegrator.exe” [Enabled] .(…) — C:Program FilesAVGAVG PC TuneUpIntegrator.exe (.not file.)
    O47 – AAKE:Key Export SP – “C:Program FilesMozilla Firefoxfirefox.exe” [Enabled] .(.Mozilla Corporation.) — C:Program FilesMozilla Firefoxfirefox.exe
    O47 – AAKE:Key Export DP – “%windir%system32sessmgr.exe” [Enabled] .(.Microsoft Corporation.) — C:WINDOWSsystem32sessmgr.exe
    O47 – AAKE:Key Export DP – “%windir%Network Diagnosticxpnetdiag.exe” [Enabled] .(.Microsoft Corporation.) — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    ~ Keys Export: 12 Scanned in 00mn 00s

    —\ Déni du service (Local Security Authority) (O48)
    O48 – LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WINDOWSsystem32msv1_0.dll
    O48 – LSA:Local Security Authority Notification Packages . (.Microsoft Corporation – Moteur du client de l’Éditeur de configuration de sécurité Windows.) — C:WINDOWSsystem32scecli.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Kerberos Security Package.) — C:WINDOWSsystem32kerberos.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WINDOWSsystem32msv1_0.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – TLS / SSL Security Provider.) — C:WINDOWSsystem32schannel.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Microsoft Digest Access.) — C:WINDOWSsystem32wdigest.dll
    ~ LSA: 6 Scanned in 00mn 00s

    —\ Contrôle du Safe Boot (CSB) (O49)
    O49 – CSB:Control Safe Boot HKLM…CCSMinimaldmboot.sys . (.Microsoft Corp., Veritas Software – Pilote de démarrage du gestionnaire de disque NT.) — C:WINDOWSsystem32Driversdmboot.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimaldmio.sys . (.Microsoft Corp., Veritas Software – Pilote E/S du Gestionnaire de disques NT.) — C:WINDOWSsystem32Driversdmio.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimaldmload.sys . (.Microsoft Corp., Veritas Software. – NT Disk Manager Startup Driver.) — C:WINDOWSsystem32Driversdmload.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalsermouse.sys . (…) — C:WINDOWSsystem32Driverssermouse.sys (.not file.)
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalsr.sys . (.Microsoft Corporation – Pilote de filtre de système de fichiers pour la restauration du système.) — C:WINDOWSsystem32Driverssr.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvga.sys . (.Microsoft Corporation – VGA/Super VGA Video Driver.) — C:WINDOWSsystem32Driversvga.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvgasave.sys . (…) — C:WINDOWSsystem32Driversvgasave.sys (.not file.)
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkdmboot.sys . (.Microsoft Corp., Veritas Software – Pilote de démarrage du gestionnaire de disque NT.) — C:WINDOWSsystem32Driversdmboot.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkdmio.sys . (.Microsoft Corp., Veritas Software – Pilote E/S du Gestionnaire de disques NT.) — C:WINDOWSsystem32Driversdmio.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkdmload.sys . (.Microsoft Corp., Veritas Software. – NT Disk Manager Startup Driver.) — C:WINDOWSsystem32Driversdmload.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkip6fw.sys . (.Microsoft Corporation – IPv6 Windows Firewall Driver.) — C:WINDOWSsystem32Driversip6fw.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkipnat.sys . (.Microsoft Corporation – IP Network Address Translator.) — C:WINDOWSsystem32Driversipnat.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkrdpcdd.sys . (.Microsoft Corporation – RDP Miniport.) — C:WINDOWSsystem32Driversrdpcdd.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkrdpdd.sys . (…) — C:WINDOWSsystem32Driversrdpdd.sys (.not file.)
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkrdpwd.sys . (.Microsoft Corporation – RDP Terminal Stack Driver (US/Canada Only, Not for Export).) — C:WINDOWSsystem32Driversrdpwd.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworksermouse.sys . (…) — C:WINDOWSsystem32Driverssermouse.sys (.not file.)
    O49 – CSB:Control Safe Boot HKLM…CCSNetworksr.sys . (.Microsoft Corporation – Pilote de filtre de système de fichiers pour la restauration du système.) — C:WINDOWSsystem32Driverssr.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworktdpipe.sys . (.Microsoft Corporation – Named Pipe Transport Driver.) — C:WINDOWSsystem32Driverstdpipe.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworktdtcp.sys . (.Microsoft Corporation – TCP Transport Driver.) — C:WINDOWSsystem32Driverstdtcp.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvga.sys . (.Microsoft Corporation – VGA/Super VGA Video Driver.) — C:WINDOWSsystem32Driversvga.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvgasave.sys . (…) — C:WINDOWSsystem32Driversvgasave.sys (.not file.)
    ~ CSB: 21 Scanned in 00mn 00s

    —\ Image File Execution Options (IFEO) (O50)
    O50 – IFEO:Image File Execution Options – Your Image File Name Here without a path – ntsd -d
    ~ IFEO: Scanned in 00mn 00s

    —\ Recherche d’infection sur les pilotes (HKLM)(TDSD) (O52)
    O52 – TDSD: Drivers32″msacm.trspch”=”tssoft32.acm” . (.DSP GROUP, INC. – Codec audio TrueSpeech(TM) DSP Group pour MSACM V3.50.) — C:WINDOWSsystem32tssoft32.acm
    O52 – TDSD: Drivers32″vidc.cvid”=”iccvid.dll” . (.Radius Inc. – Cinepak® Codec.) — C:WINDOWSsystem32iccvid.dll
    O52 – TDSD: Drivers32″vidc.iv31″=”ir32_32.dll” . (…) — C:WINDOWSsystem32ir32_32.dll
    O52 – TDSD: Drivers32″vidc.iv32″=”ir32_32.dll” . (…) — C:WINDOWSsystem32ir32_32.dll
    O52 – TDSD: Drivers32″vidc.iv41″=”ir41_32.ax” . (.Intel Corporation – Intel Indeo® Video 4.5.) — C:WINDOWSsystem32ir41_32.ax
    O52 – TDSD: Drivers32″msacm.sl_anet”=”sl_anet.acm” . (.Sipro Lab Telecom Inc. – Audio codec for MS ACM.) — C:WINDOWSsystem32sl_anet.acm
    O52 – TDSD: Drivers32″msacm.iac2″=”C:WINDOWSsystem32iac25_32.ax” . (.Intel Corporation – Indeo® audio software.) — C:WINDOWSsystem32iac25_32.ax
    O52 – TDSD: Drivers32″vidc.iv50″=”ir50_32.dll” . (.Intel Corporation – Intel Indeo® video 5.10.) — C:WINDOWSsystem32ir50_32.dll
    O52 – TDSD: Drivers32″msacm.l3acm”=”C:WINDOWSsystem32l3codeca.acm” . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WINDOWSsystem32l3codeca.acm
    O52 – TDSD: Drivers32″VIDC.MJPG”=”mtkjpeg.dll” . (…) — C:WINDOWSsystem32mtkjpeg.dll
    O52 – TDSD: drivers.desc”sl_anet.acm”=”Sipro Lab Telecom Audio Codec” . (.Sipro Lab Telecom Inc. – Audio codec for MS ACM.) — C:WINDOWSsystem32sl_anet.acm
    O52 – TDSD: drivers.desc”C:WINDOWSsystem32iac25_32.ax”=”Indeo® audio software” . (.Intel Corporation – Indeo® audio software.) — C:WINDOWSsystem32iac25_32.ax
    O52 – TDSD: drivers.desc”C:WINDOWSsystem32l3codeca.acm”=”Fraunhofer IIS MPEG Layer-3 Codec” . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WINDOWSsystem32l3codeca.acm
    ~ TDSD: 13 Scanned in 00mn 00s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregANIWZCS2Service [Key] . (.Alpha Networks Inc. – ANIWZCS2 launcher for Windows..) — C:Program FilesANIANIWZCS2 ServiceWZCSLDR2.exe
    O53 – SMSR:HKLM…startupregavgnt [Key] . (…) — C:Program FilesAviraAntiVir Desktopavgnt.exe (.not file.)
    O53 – SMSR:HKLM…startupregTkBellExe [Key] . (…) — C:program filesrealrealplayerupdaterealsched.exe (.not file.)
    O53 – SMSR:HKLM…startupregTomTomHOME.exe [Key] . (.TomTom – System Tray application for TomTom HOME.) — C:Program FilesTomTom HOME 2TomTomHOMERunner.exe
    ~ SMSR Keys: 4 Scanned in 00mn 00s

    —\ Enumération des clés de registre SecurityProviders (MCSP) (O54)
    O54 – MCSP:[HKLM…CurrentControlSetControl] – (SecurityProviders) – (.Microsoft Corporation – Client DPA pour plate-forme 32 bit.) — C:WINDOWSsystem32msapsspc.dll
    O54 – MCSP:[HKLM…CurrentControlSetControl] – (SecurityProviders) – (.Microsoft Corporation – TLS / SSL Security Provider.) — C:WINDOWSsystem32schannel.dll
    O54 – MCSP:[HKLM…CurrentControlSetControl] – (SecurityProviders) – (.Microsoft Corporation – Package d’authentification Digest SSPI.) — C:WINDOWSsystem32digest.dll
    O54 – MCSP:[HKLM…ControlSet001Control] – (SecurityProviders) – (.Microsoft Corporation – Client DPA pour plate-forme 32 bit.) — C:WINDOWSsystem32msapsspc.dll
    O54 – MCSP:[HKLM…ControlSet001Control] – (SecurityProviders) – (.Microsoft Corporation – TLS / SSL Security Provider.) — C:WINDOWSsystem32schannel.dll
    O54 – MCSP:[HKLM…ControlSet001Control] – (SecurityProviders) – (.Microsoft Corporation – Package d’authentification Digest SSPI.) — C:WINDOWSsystem32digest.dll
    ~ MSCP: 6 Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “dontdisplaylastusername”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “legalnoticecaption”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “legalnoticetext”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “shutdownwithoutlogon”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “undockwithoutlogon”=1
    ~ MWPS: 5 Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKCU…policiesExplorer] – “NoDriveTypeAutoRun”=0
    O56 – MWPE:[HKCU…policiesExplorer] – “NoDriveAutoRun”=0
    O56 – MWPE:[HKCU…policiesExplorer] – “NoInstrumentation”=1
    O56 – MWPE:[HKLM…policiesExplorer] – “HonorAutoRunSetting”=1
    O56 – MWPE:[HKLM…policiesExplorer] – “NoCDBurning”=0
    O56 – MWPE:[HKLM…policiesExplorer] – “NoDriveAutoRun”=0
    O56 – MWPE:[HKLM…policiesExplorer] – “NoDriveTypeAutoRun”=0
    ~ MWPE Keys: 7 Scanned in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:10/11/2006 – 14:05:00 —A- . (.Arcsoft, Inc. – Arcsoft(R) ASPI Shell.) — C:WINDOWSsystem32Driversafc.sys [18688]
    O58 – SDL:29/03/2000 – 15:17:42 —A- . (…) — C:WINDOWSsystem32DriversASUSHWIO.SYS [5824]
    O58 – SDL:04/08/2004 – 00:38:44 —A- . (.ATI Technologies Inc. – Pilote de miniport ATI RAGE 128.) — C:WINDOWSsystem32Driversati2mtag.sys [701440]
    O58 – SDL:02/06/2008 – 15:16:08 —A- . (.BitDefender SRL – BitDefender Firewall NDIS Filter Driver.) — C:WINDOWSsystem32Driversbdfndisf.sys [86792]
    O58 – SDL:07/01/2008 – 17:41:34 —A- . (.BitDefender S.R.L. Bucharest, ROMANIA – BitDefender AntiVirus FS filter driver.) — C:WINDOWSsystem32Driversbdfsfltr.sys [196368]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.RAVISENT Technologies Inc. – Pilote principal CineMaster C 1.2 WDM.) — C:WINDOWSsystem32Driverscinemst2.sys [262528]
    O58 – SDL:22/01/2004 – 11:41:16 —A- . (.FotoNation Ltd. – USB Driver for Digital Camera.) — C:WINDOWSsystem32DriversCoachUsb.sys [46944]
    O58 – SDL:03/11/2003 – 16:31:14 —A- . (.Accapella Ltd. – Video Capture Minidriver for Digital Camera.) — C:WINDOWSsystem32DriversCoachVc.sys [44256]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.Compaq Computer Corporation – Compaq PA-1 Player Driver.) — C:WINDOWSsystem32Driverscpqdap01.sys [11776]
    O58 – SDL:23/01/2014 – 18:31:06 —A- . (.Devguru Co., Ltd – Device Error Recovery SDK(x86).) — C:WINDOWSsystem32Driversdgderdrv.sys [20032]
    O58 – SDL:14/04/2008 – 03:05:07 —A- . (.Microsoft Corp., Veritas Software – Pilote de démarrage du gestionnaire de disque NT.) — C:WINDOWSsystem32Driversdmboot.sys [800256]
    O58 – SDL:14/04/2008 – 03:05:12 —A- . (.Microsoft Corp., Veritas Software – Pilote E/S du Gestionnaire de disques NT.) — C:WINDOWSsystem32Driversdmio.sys [154496]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.Microsoft Corp., Veritas Software. – NT Disk Manager Startup Driver.) — C:WINDOWSsystem32Driversdmload.sys [5888]
    O58 – SDL:03/11/2005 – 19:39:02 —A- . (.Ralink Technology, Corp. – Ralink 802.11 USB Wireless Adapter Driver.) — C:WINDOWSsystem32DriversDr71WU.sys [245504]
    O58 – SDL:13/04/2008 – 17:36:06 —A- . (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) — C:WINDOWSsystem32Drivershdaudbus.sys [144384]
    O58 – SDL:21/11/2014 – 06:14:06 —A- . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:WINDOWSsystem32Driversmbam.sys [23256]
    O58 – SDL:21/11/2014 – 06:14:14 —A- . (.Malwarebytes Corporation – Malwarebytes Chameleon Protection Driver.) — C:WINDOWSsystem32Driversmbamchameleon.sys [54360]
    O58 – SDL:16/12/2014 – 13:35:37 —A- . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:WINDOWSsystem32Driversmbamswissarmy.sys [114904]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.S3/Diamond Multimedia Systems – NikeDrv Usb Driver.) — C:WINDOWSsystem32Driversnikedrv.sys [12032]
    O58 – SDL:08/02/2013 – 04:02:44 —A- . (.NVIDIA Corporation – NVIDIA Windows XP Miniport Driver, Version 307.83.) — C:WINDOWSsystem32Driversnv4_mini.sys [12648960]
    O58 – SDL:03/06/2004 – 03:40:46 R–A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) IDE Performance Driver.) — C:WINDOWSsystem32Driversnvatabus.sys [79360]
    O58 – SDL:29/07/2005 – 10:11:02 R–A- . (.NVIDIA Corporation – NVIDIA Networking Function Driver..) — C:WINDOWSsystem32DriversNVENETFD.sys [34048]
    O58 – SDL:29/07/2005 – 10:11:04 R–A- . (.NVIDIA Corporation – NVIDIA Networking Bus Driver..) — C:WINDOWSsystem32Driversnvnetbus.sys [12928]
    O58 – SDL:29/07/2005 – 10:10:46 R–A- . (.NVIDIA Corporation – NVIDIA Network Resource Manager..) — C:WINDOWSsystem32Driversnvnrm.sys [301312]
    O58 – SDL:29/07/2005 – 10:10:32 R–A- . (.NVIDIA Corporation – NVIDIA Networking Soft-NPU Driver..) — C:WINDOWSsystem32Driversnvsnpu.sys [221824]
    O58 – SDL:29/07/2005 – 10:10:54 R–A- . (.NVIDIA Corporation – NVIDIA Networking Protocol Driver..) — C:WINDOWSsystem32Driversnvtcp.sys [100480]
    O58 – SDL:29/10/2003 – 06:02:00 R–A- . (.NVIDIA Corporation – NVIDIA nForce AGP Filter.) — C:WINDOWSsystem32Driversnv_agp.SYS [21120]
    O58 – SDL:14/06/2007 – 14:29:08 —A- . (.PixArt Imaging Inc. – PAC7302.) — C:WINDOWSsystem32DriversPAC7302.SYS [457856]
    O58 – SDL:19/07/2009 – 11:59:24 —A- . (.VSO Software – low level access layer for CD/DVD/BD devices.) — C:WINDOWSsystem32Driverspcouffin.sys [47360]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.Parallel Technologies, Inc. – Parallel Technologies DirectParallel IO Library.) — C:WINDOWSsystem32Driversptilink.sys [17792]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.S3/Diamond Multimedia Systems – Rio8Drv.sys Usb Driver.) — C:WINDOWSsystem32Driversrio8drv.sys [12032]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.S3/Diamond Multimedia Systems – RioDrv Usb Driver.) — C:WINDOWSsystem32Driversriodrv.sys [12032]
    O58 – SDL:17/04/2006 – 09:31:26 R—- . (.Realtek Semiconductor Corp. – Realtek(r) High Definition Audio Function Driver.) — C:WINDOWSsystem32DriversRtkHDAud.Sys [4262912]
    O58 – SDL:03/08/2004 – 21:31:34 —A- . (.Realtek Semiconductor Corporation – Realtek RTL8139 NDIS 5.0 Driver.) — C:WINDOWSsystem32DriversRTL8139.sys [20992]
    O58 – SDL:13/11/2007 – 11:25:54 —A- . (.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) — C:WINDOWSsystem32Driverssecdrv.sys [20480]
    O58 – SDL:25/08/2013 – 10:30:48 —A- . (…) — C:WINDOWSsystem32DriversStarOpen.sys [13120]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.Toshiba Corporation – WDM Toshiba Tecra Video Capture Driver.) — C:WINDOWSsystem32Driverstsbvcap.sys [21376]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.RAVISENT Technologies Inc. – CineMaster C WDM DVD Minidriver.) — C:WINDOWSsystem32Driversvdmindvd.sys [58112]
    O58 – SDL:09/11/2005 – 14:44:48 —A- . (.Alpha Networks Inc. – ANIO (NT5) Driver.) — C:WINDOWSsystem32ANIO.sys [24288]
    O58 – SDL:14/10/2004 – 09:29:16 —A- . (.ANI – ANIO (NDIS4) Driver.) — C:WINDOWSsystem32anio4.sys [11904]
    O58 – SDL:10/11/2005 – 06:13:00 —A- . (.Alpha Networks Inc. – ANIO (NT5) Driver.) — C:WINDOWSsystem32ANIO64.sys [50176]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ansi.sys [9037]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32country.sys [27097]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32himem.sys [4912]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32key01.sys [42809]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32keyboard.sys [42537]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos.sys [27916]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos404.sys [29146]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos411.sys [29370]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos412.sys [29274]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos804.sys [29146]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio.sys [34000]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio404.sys [34560]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio411.sys [35648]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio412.sys [35424]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio804.sys [34560]
    ~ Drivers: 56 Scanned in 00mn 02s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 09/12/2014 – 14:11:18 —A- . (.F-Secure Corporation.) — C:Documents and SettingsUTILISATEURMes documentsTéléchargementsSFR-Securite.exe [836648]
    O61 – LFC: 11/12/2014 – 14:11:18 —A- . (.F-Secure Corporation.) — C:Documents and SettingsUTILISATEURMes documentsTéléchargementsSFR-Securite(1).exe [836648]
    O61 – LFC: 14/12/2014 – 14:11:18 —A- . (.El Desaparecido – SosVirus.net – UsbFix.net.) — C:Documents and SettingsUTILISATEURMes documentsTéléchargementsUsbFix.exe [3989160]
    O61 – LFC: 14/12/2014 – 14:11:18 —A- . (.OldTimer Tools.) — C:Documents and SettingsUTILISATEURMes documentsTéléchargementsOTL.exe [602112]
    O61 – LFC: 15/12/2014 – 14:11:17 —A- . (…) — C:Documents and SettingsUTILISATEURMes documentsTéléchargementsAdwCleaner-4.1.0.5.exe [2166272]
    O61 – LFC: 15/12/2014 – 14:11:19 —A- . (.Nicolas Coolman.) — C:Documents and SettingsUTILISATEURMes documentsTéléchargementsZHPDiag2.exe [6860008] =>.Nicolas Coolman
    O61 – LFC: 16/12/2014 – 14:11:18 —A- . (.Malwarebytes Corporation.) — C:Documents and SettingsUTILISATEURMes documentsTéléchargementsmbam-setup-2.0.4.1028.exe [20447072]
    ~ 69 Fichiers temporaires (Temporary files)
    ~ 16 Fichiers cookies (Cookies files)
    ~ Files: 7 Scanned in 00mn 59s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 22/02/2008 – C:Program FilesFichiers communsArcSoftConnection ServiceBinACService.exe (ACDaemon) .(.ArcSoft Inc. – ArcSoft Connect Service.) – LEGACY_ACDAEMON
    O64 – Services: CurCS – 09/11/2005 – C:windowssystem32ANIO.sys (ANIO) .(.Alpha Networks Inc. – ANIO (NT5) Driver.) – LEGACY_ANIO
    O64 – Services: CurCS – 06/10/2014 – C:Program FilesSFR Sécuritéfshoster32.exe (fshoster) .(.F-Secure Corporation – F-Secure Host Process.) – LEGACY_FSHOSTER
    O64 – Services: CurCS – 16/12/2014 – C:windowssystem32driversMBAMSwissArmy.sys (MBAMSwissArmy) .(.Malwarebytes Corporation – Malwarebytes Anti-Malware.) – LEGACY_MBAMSWISSARMY
    O64 – Services: CurCS – 03/06/2004 – C:WINDOWSsystem32DRIVERSnvatabus.sys (nvatabus) .(.NVIDIA Corporation – NVIDIA® nForce(TM) IDE Performance Driver.) – LEGACY_NVATABUS
    O64 – Services: CurCS – 29/10/2003 – C:WINDOWSsystem32DRIVERSnv_agp.sys (nv_agp) .(.NVIDIA Corporation – NVIDIA nForce AGP Filter.) – LEGACY_NV_AGP
    O64 – Services: CurCS – 05/06/2014 – C:Program FilesTomTom HOME 2TomTomHOMEService.exe (TomTomHOMEService) .(.TomTom – Windows Service for TomTom HOME.) – LEGACY_TOMTOMHOMESERVICE
    ~ Legacy: 915 Scanned in 00mn 02s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..cplopenCommand] (.Microsoft Corporation – DLL commune du shell Windows.) — C:WINDOWSsystem32shell32.dll
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet ExplorerIEXPLORE.exe
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Microsoft (R) Windows Based Script Host.) — C:WINDOWSsystem32WScript.exe
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Éditeur du Registre.) — C:WINDOWSregedit.exe
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” /S
    O67 – Shell Spawning: [HKCU..openCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    ~ FASS Keys: 10 Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {0939AB17-9F6C-4CD5-862D-A667486E9E29} – (Yahoo!) – http://fr.search.yahoo.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {9CB96984-43C3-4D44-90EF-01466EFCF7BB} – (Yahoo! (Avast)) – http://fr.search.yahoo.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les service demarrés par Svchost (SSS) (O83)
    O83 – Search Svchost Services: AppMgmt (AppMgmt) . (…) — C:WINDOWSsystem32appmgmts.dll [0]
    O83 – Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation – Windows Audio Service.) — C:WINDOWSsystem32audiosrv.dll [42496]
    O83 – Search Svchost Services: Browser (Browser) . (.Microsoft Corporation – Computer Browser Service DLL.) — C:WINDOWSsystem32browser.dll [78336]
    O83 – Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation – Cryptographic Services.) — C:WINDOWSsystem32cryptsvc.dll [62464]
    O83 – Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. – DLL Service gestionnaire de disque logique.) — C:WINDOWSsystem32dmserver.dll [24576]
    O83 – Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation – Service client DHCP.) — C:WINDOWSsystem32dhcpcsvc.dll [127488]
    O83 – Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation – Windows Error Reporting Service.) — C:WINDOWSsystem32ersvc.dll [23040]
    O83 – Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation – Pas de description.) — C:WINDOWSsystem32es.dll [253952]
    O83 – Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation – Dll des services Windows Shell.) — C:WINDOWSsystem32shsvcs.dll [135680]
    O83 – Search Svchost Services: HidServ (HidServ) . (.Microsoft Corporation – HID Audio Service.) — C:WINDOWSsystem32hidserv.dll [21504]
    O83 – Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation – Moniteur infrarouge.) — C:WINDOWSsystem32irmon.dll [29184]
    O83 – Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation – Server Service DLL.) — C:WINDOWSsystem32srvsvc.dll [99840]
    O83 – Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation – Workstation Service DLL.) — C:WINDOWSsystem32wkssvc.dll [132096]
    O83 – Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation – NT Messenger Service.) — C:WINDOWSsystem32msgsvc.dll [33792]
    O83 – Search Svchost Services: Netman (Netman) . (.Microsoft Corporation – Gestionnaire de connexions réseau.) — C:WINDOWSsystem32netman.dll [198144]
    O83 – Search Svchost Services: Nla (Nla) . (.Microsoft Corporation – Fournisseur de service Sockets 2.0 de Microsoft Windows.) — C:WINDOWSsystem32mswsock.dll [247808] =>.Microsoft Corporation
    O83 – Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation – Gestionnaire de stockage amovible.) — C:WINDOWSsystem32ntmssvc.dll [438272]
    O83 – Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation – Remote Access AutoDial Manager.) — C:WINDOWSsystem32rasauto.dll [88576]
    O83 – Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation – Remote Access Connection Manager.) — C:WINDOWSsystem32rasmans.dll [186368]
    O83 – Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation – Dynamic Interface Manager.) — C:WINDOWSsystem32mprdim.dll [53248]
    O83 – Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation – Moteur du Planificateur de tâches.) — C:WINDOWSsystem32schedsvc.dll [194560]
    O83 – Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation – DLL de service d’ouverture de session secondaire.) — C:WINDOWSsystem32seclogon.dll [18944]
    O83 – Search Svchost Services: SENS (SENS) . (.Microsoft Corporation – System Event Notification Service (SENS).) — C:WINDOWSsystem32sens.dll [39424]
    O83 – Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation – Composants de l’application d’assistance à Microsoft NAT.) — C:WINDOWSsystem32ipnathlp.dll [332800]
    O83 – Search Svchost Services: SRService (SRService) . (.Microsoft Corporation – Service de restauration du système.) — C:WINDOWSsystem32srsvc.dll [171520]
    O83 – Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation – Serveur de téléphonie Microsoft® Windows(TM).) — C:WINDOWSsystem32tapisrv.dll [249856]
    O83 – Search Svchost Services: Themes (Themes) . (.Microsoft Corporation – Dll des services Windows Shell.) — C:WINDOWSsystem32shsvcs.dll [135680]
    O83 – Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation – Distributed Link Tracking Client.) — C:WINDOWSsystem32trkwks.dll [90112]
    O83 – Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation – Service de temps Windows.) — C:WINDOWSsystem32w32time.dll [178176]
    O83 – Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation – Service configuration automatique sans fil.) — C:WINDOWSsystem32wzcsvc.dll [483840]
    O83 – Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation – WMI.) — C:WINDOWSsystem32wbemWMIsvc.dll [145408]
    O83 – Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation – Windows Security Center Service.) — C:WINDOWSsystem32wscsvc.dll [80896]
    O83 – Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation – Network Provisioning Service.) — C:WINDOWSsystem32xmlprov.dll [129024]
    O83 – Search Svchost Services: BITS (BITS) . (.Microsoft Corporation – Service de transfert intelligent en arrière-plan.) — C:WINDOWSsystem32qmgr.dll [409088]
    O83 – Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation – Windows Update AutoUpdate Service.) — C:windowssystem32wuauserv.dll [6656]
    O83 – Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation – Dll des services Windows Shell.) — C:WINDOWSsystem32shsvcs.dll [135680]
    O83 – Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation – Microsoft PCHealth Service Holder.) — C:WINDOWSPCHealthHelpCtrBinariespchsvc.dll [38400]
    O83 – Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation – Microsoft Media Device Service Provider.) — C:WINDOWSsystem32MsPMSNSv.dll [27136]
    O83 – Search Svchost Services: napagent (napagent) . (.Microsoft Corporation – Exécution du service Agent de quarantaine.) — C:WINDOWSsystem32qagentrt.dll [293376]
    O83 – Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation – Service Gestion des clés.) — C:WINDOWSsystem32kmsvc.dll [61440]
    ~ Services: 40 Scanned in 00mn 01s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.C439F625386EB58FA373A4EC101786BD] [SPRF][16/09/2014] (.PC Cleaners – PC Cleaner Pro.) — C:Documents and SettingsAll UsersApplication Datapclunst.exe [9414952] =>Rogue.PCCleanerPro
    [MD5.254FBCA565E049648B0CCE2CEADF05D2] [SPRF][19/07/2009] (…) — C:Documents and SettingsUTILISATEURApplication Datainst.exe [87608]
    [MD5.5B6C11DE7E839C05248CED8825470FEF] [SPRF][19/07/2009] (.VSO Software – low level access layer for CD/DVD/BD devices.) — C:Documents and SettingsUTILISATEURApplication Datapcouffin.sys [47360]
    [MD5.ADD5959782B53F5DF504D4D867151A3D] [SPRF][30/08/2010] (.Microsoft Corporation – Client Full Install Package.) — C:Documents and SettingsUTILISATEURBureaumssefullinstall-x86fre-fr-fr-xp.exe [11899464]
    [MD5.89871C1498F2A471290F0A2C088987A6] [SPRF][25/03/2009] (.RealNetworks, Inc. – RealNetworks Installer.) — C:Documents and SettingsUTILISATEURBureauRealPlayer11GOLD_fr.exe [476696]
    [MD5.17C995AA808CEE87A0E49A4B02E423E6] [SPRF][02/09/2010] (…) — C:Documents and SettingsUTILISATEURBureaurevosetup.exe [2406288]
    ~ Files: 6 Scanned in 00mn 06s

    —\ Recherche de clés de registre CLSID (O101)
    [HKCRCLSID{C11CBDA9-6702-469E-9CE1-64E3971A6B44}] (PC Antivirus Pro Web Protection BHO) =>PUP.WebProtect
    ~ BCK: 3497 Scanned in 00mn 10s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 10/12/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:windowssystem32MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 19/10/2005 49152 | (ANIWZCSdService) . (.Alpha Networks Inc..) – C:Program FilesANIANIWZCS2 ServiceANIWZCSdS.exe
    SS – | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) – C:WINDOWSsystem32dmadmin.exe
    SS – | Disabled 13/09/2014 3079488 | (LMIRescue_24882919-0c02-4d63-8f5d-3c864251866e) . (.LogMeIn, Inc..) – C:Documents and SettingsUTILISATEURLocal SettingsApplication DataLogMeIn Rescue AppletLMIR0001.tmpLMI_Rescue_srv.exe
    SS – | Demand 09/12/2014 114800 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
    SS – | Auto 10/10/2005 131139 | (NVSvc) . (.NVIDIA Corporation.) – C:WINDOWSsystem32nvsvc32.exe
    SS – | Demand 19/05/2009 240512 | (SeaPort) . (.Microsoft Corporation.) – C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
    SR – | Auto 22/02/2008 104960 | (ACDaemon) . (.ArcSoft Inc..) – C:Program FilesFichiers communsArcSoftConnection ServiceBinACService.exe
    SR – | Auto 06/10/2014 187432 | (fshoster) . (.F-Secure Corporation.) – C:Program FilesSFR Sécuritéfshoster32.exe
    SR – | Auto 05/06/2014 93040 | (TomTomHOMEService) . (.TomTom.) – C:Program FilesTomTom HOME 2TomTomHOMEService.exe
    ~ Services: Scanned in 00mn 11s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
    Run by UTILISATEUR at 16/12/2014 14:14:01
    device: opened successfully
    user: MBR read successfully
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    1 ntkrnlpa!IofCallDriver[0x804EE1A0] >> DeviceHarddisk0DR0[0x85178AB8]
    3 CLASSPNP[0xF75F6FD7] >> ntkrnlpa!IofCallDriver[0x804EE1A0] >> Device0000065[0x8517CF18]
    5 ACPI[0xF748C620] >> ntkrnlpa!IofCallDriver[0x804EE1A0] >> DeviceIdeIdeDeviceP2T0L0-5[0x8517B8E8]
    kernel: MBR read successfully
    user & kernel MBR OK
    ~ MBR: 13 Scanned in 00mn 02s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by UTILISATEUR at 16/12/2014 14:14:03
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 04s

    —\ Liste des émulateurs de CD/DVD (MBR Hook)
    O58 – SDL:19/07/2009 – 11:59:24 —A- . (.VSO Software – low level access layer for CD/DVD/BD devices.) — C:WINDOWSsystem32Driverspcouffin.sys [47360]
    ~ Emulateurs: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 13026 – (28/08/2014)
    Clés trouvées (Keys found) : 4
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 5
    Fichiers trouvés (Files found) : 5

    [HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallPC Cleaners] =>Rogue.PCCleanerPro^
    [HKCUSoftwarePartyFrance] =>Casino.OnlineGames
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{280B5D37-4A76-467A-B3D6-942FCA90ACDE}] =>Worm.Vispat
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{280B5D37-4A76-467A-B3D6-942FCA90ACDE}] =>Worm.Vispat
    C:Program FilesVuze =>P2P.Azureus^
    C:Documents and SettingsUTILISATEURApplication DataAzureus =>P2P.Azureus^
    C:Documents and SettingsUTILISATEURApplication DataBitTorrent =>P2P.BitTorrent^
    C:Documents and SettingsUTILISATEURApplication DatauTorrent =>P2P.µTorrent^
    C:Documents and SettingsUTILISATEURMenu DémarrerProgrammesBitTorrent =>P2P.BitTorrent^
    [HKCUSoftwareBitTorrent] =>P2P.BitTorrent^
    [HKCUSoftwarePCCleaners] =>Rogue.PCCleanerPro^
    [HKLMSoftwarePCCleaners] =>Rogue.PCCleanerPro^
    C:Documents and SettingsAll UsersApplication Datapclunst.exe =>Rogue.PCCleanerPro^
    [HKCRCLSID{C11CBDA9-6702-469E-9CE1-64E3971A6B44}] (PC Antivirus Pro Web Protection BHO) =>PUP.WebProtect^
    ~ Additionnel Scan: 186437 Items scanned in 00mn 35s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/” onclick=”window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/” onclick=”window.open(this.href);return false; =>.Browser Helper Objects de navigateur (O2)
    ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/” onclick=”window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
    ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/” onclick=”window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
    ~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/” onclick=”window.open(this.href);return false; =>.Image File Execution Options (IFEO) (O50)
    ~ AMI: 5 Scanned in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ MSI: 0 link(s) detected in 00mn 00s

    End of the scan (1226 lines in 05mn 50s)(0)

    Evasion60Evasion60
    Participant
    Nombre d'articles : 1559

    :hello: Re

    Je ne peux pas travailler avec un rapport saucissonné !
    Héberge le sur => https://antimalware.top/” onclick=”window.open(this.href);return false;

    A ce soir, ou demain matin

    :(

    whynot
    Participant
    Nombre d'articles : 16

    Décidemment je suis pas douée j’espère que là j’ai réussie

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.4DF37D408396ED5B973DE1561777DC2E] – 07/12/2014 – 13:59:17 —A- . (…) — C:WINDOWSsystem32wpa.dbl [12658]
    O44 – LFC:[MD5.2EB0D3528698E825AC3E31F20FEC5FF7] – 10/12/2014 – 10:52:43 —A- . (.Adobe Systems Incorporated – Adobe Flash Player Control Panel Applet.) — C:WINDOWSsystem32FlashPlayerCPLApp.cpl [71344]
    O44 – LFC:[MD5.2E8EE30A29AD149DD94283AE64C7B6F4] – 10/12/2014 – 10:52:45 —A- . (.Adobe Systems Incorporated – Adobe Flash Player Control Panel Applet.) — C:WINDOWSsystem32FlashPlayerApp.exe [701616]
    O44 – LFC:[MD5.B46DD94B96636132B60BE333B83CF718] – 10/12/2014 – 14:49:12 —A- . (.Microsoft Corporation – Outil de suppression de logiciels malveilla.) — C:WINDOWSsystem32MRT.exe [109818608]
    O44 – LFC:[MD5.A3F4391DFDF2F9E9FE4EAD193265A5AD] – 15/12/2014 – 09:29:59 —A- . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:WINDOWSsystem32Driversmbam.sys [23256]
    O44 – LFC:[MD5.FFB32E70D735146F5630DC7A96B6E1A8] – 15/12/2014 – 09:31:13 —A- . (.Malwarebytes Corporation – Malwarebytes Chameleon Protection Driver.) — C:WINDOWSsystem32Driversmbamchameleon.sys [54360]
    O44 – LFC:[MD5.D1B9540CF911CB55F7A04B40F8AEA026] – 15/12/2014 – 10:31:46 —A- . (…) — C:malware.txt [20215]
    O44 – LFC:[MD5.6A2CB42966136854F4464516FBB4AE72] – 16/12/2014 – 12:25:49 -S-A- . (…) — C:WINDOWSbootstat.dat [2048]
    O44 – LFC:[MD5.3A31273450D18CDF34779EB17B5D26D1] – 16/12/2014 – 12:26:02 —A- . (…) — C:WINDOWSwiaservc.log [50]
    O44 – LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] – 16/12/2014 – 12:26:05 —A- . (…) — C:WINDOWS.log [0]
    O44 – LFC:[MD5.99AD8510A2E31A5BE303533543583016] – 16/12/2014 – 12:26:06 —A- . (…) — C:WINDOWSwiadebug.log [159]
    O44 – LFC:[MD5.04D3193DA13DCBB915BFF018563B43C9] – 16/12/2014 – 12:51:33 —A- . (…) — C:WINDOWSWindowsUpdate.log [1095588]
    O44 – LFC:[MD5.D662EE7A02FC243C748AC6B4C951BB88] – 16/12/2014 – 13:30:01 —A- . (…) — C:WINDOWSSchedLgU.Txt [32498]
    O44 – LFC:[MD5.8E2E9CCD873ABF180F48BCAEEEBE347D] – 16/12/2014 – 13:35:37 —A- . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:WINDOWSsystem32Driversmbamswissarmy.sys [114904]
    ~ Files: 15 Scanned in 00mn 41s

    —\ Opérations et fonctions au démarrage de Windows Explorer (O46)
    O46 – SEH:ShellExecuteHooks – URL Exec Hook – {AEB6717E-7E19-11d0-97EE-00C04FD91972} – shell32.dll
    O46 – SEH:ShellExecuteHooks – Windows Desktop Search Namespace Manager – {56F9679E-7826-4C84-81F3-532071A8BCC5} – C:Program FilesWindows Desktop SearchMSNLNamespaceMgr.dll
    ~ ShellExecuteHooks: Scanned in 00mn 00s

    —\ Export de clé d’application autorisée (O47)
    O47 – AAKE:Key Export SP – “%windir%system32sessmgr.exe” [Enabled] .(.Microsoft Corporation.) — C:WINDOWSsystem32sessmgr.exe
    O47 – AAKE:Key Export SP – “%windir%Network Diagnosticxpnetdiag.exe” [Enabled] .(.Microsoft Corporation.) — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    O47 – AAKE:Key Export SP – “C:Program FilesBitTorrentbittorrent.exe” [Enabled] .(…) — C:Program FilesBitTorrentbittorrent.exe (.not file.) =>P2P.BitTorrent
    O47 – AAKE:Key Export SP – “C:Program FilesMessengermsmsgs.exe” [Enabled] .(.Microsoft Corporation.) — C:Program FilesMessengermsmsgs.exe
    O47 – AAKE:Key Export SP – “C:Program FilesVuzeAzureus.exe” [Enabled] .(…) — C:Program FilesVuzeAzureus.exe (.not file.) =>P2P.Azureus
    O47 – AAKE:Key Export SP – “C:Program FilesInternet Exploreriexplore.exe” [Enabled] .(.Microsoft Corporation.) — C:Program FilesInternet Exploreriexplore.exe
    O47 – AAKE:Key Export SP – “C:Program FileseMuleemule.exe” [Enabled] .(.http://www.emule-project.net” onclick=”window.open(this.href);return false;.) — C:Program FileseMuleemule.exe =>P2P.eMule
    O47 – AAKE:Key Export SP – “C:Program FilesSkypePlugin ManagerskypePM.exe” [Enabled] .(…) — C:Program FilesSkypePlugin ManagerskypePM.exe (.not file.)
    O47 – AAKE:Key Export SP – “C:Program FilesAVGAVG PC TuneUpIntegrator.exe” [Enabled] .(…) — C:Program FilesAVGAVG PC TuneUpIntegrator.exe (.not file.)
    O47 – AAKE:Key Export SP – “C:Program FilesMozilla Firefoxfirefox.exe” [Enabled] .(.Mozilla Corporation.) — C:Program FilesMozilla Firefoxfirefox.exe
    O47 – AAKE:Key Export DP – “%windir%system32sessmgr.exe” [Enabled] .(.Microsoft Corporation.) — C:WINDOWSsystem32sessmgr.exe
    O47 – AAKE:Key Export DP – “%windir%Network Diagnosticxpnetdiag.exe” [Enabled] .(.Microsoft Corporation.) — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
    ~ Keys Export: 12 Scanned in 00mn 00s

    —\ Déni du service (Local Security Authority) (O48)
    O48 – LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WINDOWSsystem32msv1_0.dll
    O48 – LSA:Local Security Authority Notification Packages . (.Microsoft Corporation – Moteur du client de l’Éditeur de configuration de sécurité Windows.) — C:WINDOWSsystem32scecli.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Kerberos Security Package.) — C:WINDOWSsystem32kerberos.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WINDOWSsystem32msv1_0.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – TLS / SSL Security Provider.) — C:WINDOWSsystem32schannel.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Microsoft Digest Access.) — C:WINDOWSsystem32wdigest.dll
    ~ LSA: 6 Scanned in 00mn 00s

    —\ Contrôle du Safe Boot (CSB) (O49)
    O49 – CSB:Control Safe Boot HKLM…CCSMinimaldmboot.sys . (.Microsoft Corp., Veritas Software – Pilote de démarrage du gestionnaire de disque NT.) — C:WINDOWSsystem32Driversdmboot.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimaldmio.sys . (.Microsoft Corp., Veritas Software – Pilote E/S du Gestionnaire de disques NT.) — C:WINDOWSsystem32Driversdmio.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimaldmload.sys . (.Microsoft Corp., Veritas Software. – NT Disk Manager Startup Driver.) — C:WINDOWSsystem32Driversdmload.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalsermouse.sys . (…) — C:WINDOWSsystem32Driverssermouse.sys (.not file.)
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalsr.sys . (.Microsoft Corporation – Pilote de filtre de système de fichiers pour la restauration du système.) — C:WINDOWSsystem32Driverssr.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvga.sys . (.Microsoft Corporation – VGA/Super VGA Video Driver.) — C:WINDOWSsystem32Driversvga.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvgasave.sys . (…) — C:WINDOWSsystem32Driversvgasave.sys (.not file.)
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkdmboot.sys . (.Microsoft Corp., Veritas Software – Pilote de démarrage du gestionnaire de disque NT.) — C:WINDOWSsystem32Driversdmboot.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkdmio.sys . (.Microsoft Corp., Veritas Software – Pilote E/S du Gestionnaire de disques NT.) — C:WINDOWSsystem32Driversdmio.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkdmload.sys . (.Microsoft Corp., Veritas Software. – NT Disk Manager Startup Driver.) — C:WINDOWSsystem32Driversdmload.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkip6fw.sys . (.Microsoft Corporation – IPv6 Windows Firewall Driver.) — C:WINDOWSsystem32Driversip6fw.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkipnat.sys . (.Microsoft Corporation – IP Network Address Translator.) — C:WINDOWSsystem32Driversipnat.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkrdpcdd.sys . (.Microsoft Corporation – RDP Miniport.) — C:WINDOWSsystem32Driversrdpcdd.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkrdpdd.sys . (…) — C:WINDOWSsystem32Driversrdpdd.sys (.not file.)
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkrdpwd.sys . (.Microsoft Corporation – RDP Terminal Stack Driver (US/Canada Only, Not for Export).) — C:WINDOWSsystem32Driversrdpwd.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworksermouse.sys . (…) — C:WINDOWSsystem32Driverssermouse.sys (.not file.)
    O49 – CSB:Control Safe Boot HKLM…CCSNetworksr.sys . (.Microsoft Corporation – Pilote de filtre de système de fichiers pour la restauration du système.) — C:WINDOWSsystem32Driverssr.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworktdpipe.sys . (.Microsoft Corporation – Named Pipe Transport Driver.) — C:WINDOWSsystem32Driverstdpipe.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworktdtcp.sys . (.Microsoft Corporation – TCP Transport Driver.) — C:WINDOWSsystem32Driverstdtcp.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvga.sys . (.Microsoft Corporation – VGA/Super VGA Video Driver.) — C:WINDOWSsystem32Driversvga.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvgasave.sys . (…) — C:WINDOWSsystem32Driversvgasave.sys (.not file.)
    ~ CSB: 21 Scanned in 00mn 00s

    —\ Image File Execution Options (IFEO) (O50)
    O50 – IFEO:Image File Execution Options – Your Image File Name Here without a path – ntsd -d
    ~ IFEO: Scanned in 00mn 00s

    —\ Recherche d’infection sur les pilotes (HKLM)(TDSD) (O52)
    O52 – TDSD: Drivers32″msacm.trspch”=”tssoft32.acm” . (.DSP GROUP, INC. – Codec audio TrueSpeech(TM) DSP Group pour MSACM V3.50.) — C:WINDOWSsystem32tssoft32.acm
    O52 – TDSD: Drivers32″vidc.cvid”=”iccvid.dll” . (.Radius Inc. – Cinepak® Codec.) — C:WINDOWSsystem32iccvid.dll
    O52 – TDSD: Drivers32″vidc.iv31″=”ir32_32.dll” . (…) — C:WINDOWSsystem32ir32_32.dll
    O52 – TDSD: Drivers32″vidc.iv32″=”ir32_32.dll” . (…) — C:WINDOWSsystem32ir32_32.dll
    O52 – TDSD: Drivers32″vidc.iv41″=”ir41_32.ax” . (.Intel Corporation – Intel Indeo® Video 4.5.) — C:WINDOWSsystem32ir41_32.ax
    O52 – TDSD: Drivers32″msacm.sl_anet”=”sl_anet.acm” . (.Sipro Lab Telecom Inc. – Audio codec for MS ACM.) — C:WINDOWSsystem32sl_anet.acm
    O52 – TDSD: Drivers32″msacm.iac2″=”C:WINDOWSsystem32iac25_32.ax” . (.Intel Corporation – Indeo® audio software.) — C:WINDOWSsystem32iac25_32.ax
    O52 – TDSD: Drivers32″vidc.iv50″=”ir50_32.dll” . (.Intel Corporation – Intel Indeo® video 5.10.) — C:WINDOWSsystem32ir50_32.dll
    O52 – TDSD: Drivers32″msacm.l3acm”=”C:WINDOWSsystem32l3codeca.acm” . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WINDOWSsystem32l3codeca.acm
    O52 – TDSD: Drivers32″VIDC.MJPG”=”mtkjpeg.dll” . (…) — C:WINDOWSsystem32mtkjpeg.dll
    O52 – TDSD: drivers.desc”sl_anet.acm”=”Sipro Lab Telecom Audio Codec” . (.Sipro Lab Telecom Inc. – Audio codec for MS ACM.) — C:WINDOWSsystem32sl_anet.acm
    O52 – TDSD: drivers.desc”C:WINDOWSsystem32iac25_32.ax”=”Indeo® audio software” . (.Intel Corporation – Indeo® audio software.) — C:WINDOWSsystem32iac25_32.ax
    O52 – TDSD: drivers.desc”C:WINDOWSsystem32l3codeca.acm”=”Fraunhofer IIS MPEG Layer-3 Codec” . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WINDOWSsystem32l3codeca.acm
    ~ TDSD: 13 Scanned in 00mn 00s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregANIWZCS2Service [Key] . (.Alpha Networks Inc. – ANIWZCS2 launcher for Windows..) — C:Program FilesANIANIWZCS2 ServiceWZCSLDR2.exe
    O53 – SMSR:HKLM…startupregavgnt [Key] . (…) — C:Program FilesAviraAntiVir Desktopavgnt.exe (.not file.)
    O53 – SMSR:HKLM…startupregTkBellExe [Key] . (…) — C:program filesrealrealplayerupdaterealsched.exe (.not file.)
    O53 – SMSR:HKLM…startupregTomTomHOME.exe [Key] . (.TomTom – System Tray application for TomTom HOME.) — C:Program FilesTomTom HOME 2TomTomHOMERunner.exe
    ~ SMSR Keys: 4 Scanned in 00mn 00s

    —\ Enumération des clés de registre SecurityProviders (MCSP) (O54)
    O54 – MCSP:[HKLM…CurrentControlSetControl] – (SecurityProviders) – (.Microsoft Corporation – Client DPA pour plate-forme 32 bit.) — C:WINDOWSsystem32msapsspc.dll
    O54 – MCSP:[HKLM…CurrentControlSetControl] – (SecurityProviders) – (.Microsoft Corporation – TLS / SSL Security Provider.) — C:WINDOWSsystem32schannel.dll
    O54 – MCSP:[HKLM…CurrentControlSetControl] – (SecurityProviders) – (.Microsoft Corporation – Package d’authentification Digest SSPI.) — C:WINDOWSsystem32digest.dll
    O54 – MCSP:[HKLM…ControlSet001Control] – (SecurityProviders) – (.Microsoft Corporation – Client DPA pour plate-forme 32 bit.) — C:WINDOWSsystem32msapsspc.dll
    O54 – MCSP:[HKLM…ControlSet001Control] – (SecurityProviders) – (.Microsoft Corporation – TLS / SSL Security Provider.) — C:WINDOWSsystem32schannel.dll
    O54 – MCSP:[HKLM…ControlSet001Control] – (SecurityProviders) – (.Microsoft Corporation – Package d’authentification Digest SSPI.) — C:WINDOWSsystem32digest.dll
    ~ MSCP: 6 Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “dontdisplaylastusername”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “legalnoticecaption”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “legalnoticetext”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “shutdownwithoutlogon”=1
    O55 – MWPS:[HKLM…PoliciesSystem] – “undockwithoutlogon”=1
    ~ MWPS: 5 Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKCU…policiesExplorer] – “NoDriveTypeAutoRun”=0
    O56 – MWPE:[HKCU…policiesExplorer] – “NoDriveAutoRun”=0
    O56 – MWPE:[HKCU…policiesExplorer] – “NoInstrumentation”=1
    O56 – MWPE:[HKLM…policiesExplorer] – “HonorAutoRunSetting”=1
    O56 – MWPE:[HKLM…policiesExplorer] – “NoCDBurning”=0
    O56 – MWPE:[HKLM…policiesExplorer] – “NoDriveAutoRun”=0
    O56 – MWPE:[HKLM…policiesExplorer] – “NoDriveTypeAutoRun”=0
    ~ MWPE Keys: 7 Scanned in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:10/11/2006 – 14:05:00 —A- . (.Arcsoft, Inc. – Arcsoft(R) ASPI Shell.) — C:WINDOWSsystem32Driversafc.sys [18688]
    O58 – SDL:29/03/2000 – 15:17:42 —A- . (…) — C:WINDOWSsystem32DriversASUSHWIO.SYS [5824]
    O58 – SDL:04/08/2004 – 00:38:44 —A- . (.ATI Technologies Inc. – Pilote de miniport ATI RAGE 128.) — C:WINDOWSsystem32Driversati2mtag.sys [701440]
    O58 – SDL:02/06/2008 – 15:16:08 —A- . (.BitDefender SRL – BitDefender Firewall NDIS Filter Driver.) — C:WINDOWSsystem32Driversbdfndisf.sys [86792]
    O58 – SDL:07/01/2008 – 17:41:34 —A- . (.BitDefender S.R.L. Bucharest, ROMANIA – BitDefender AntiVirus FS filter driver.) — C:WINDOWSsystem32Driversbdfsfltr.sys [196368]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.RAVISENT Technologies Inc. – Pilote principal CineMaster C 1.2 WDM.) — C:WINDOWSsystem32Driverscinemst2.sys [262528]
    O58 – SDL:22/01/2004 – 11:41:16 —A- . (.FotoNation Ltd. – USB Driver for Digital Camera.) — C:WINDOWSsystem32DriversCoachUsb.sys [46944]
    O58 – SDL:03/11/2003 – 16:31:14 —A- . (.Accapella Ltd. – Video Capture Minidriver for Digital Camera.) — C:WINDOWSsystem32DriversCoachVc.sys [44256]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.Compaq Computer Corporation – Compaq PA-1 Player Driver.) — C:WINDOWSsystem32Driverscpqdap01.sys [11776]
    O58 – SDL:23/01/2014 – 18:31:06 —A- . (.Devguru Co., Ltd – Device Error Recovery SDK(x86).) — C:WINDOWSsystem32Driversdgderdrv.sys [20032]
    O58 – SDL:14/04/2008 – 03:05:07 —A- . (.Microsoft Corp., Veritas Software – Pilote de démarrage du gestionnaire de disque NT.) — C:WINDOWSsystem32Driversdmboot.sys [800256]
    O58 – SDL:14/04/2008 – 03:05:12 —A- . (.Microsoft Corp., Veritas Software – Pilote E/S du Gestionnaire de disques NT.) — C:WINDOWSsystem32Driversdmio.sys [154496]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.Microsoft Corp., Veritas Software. – NT Disk Manager Startup Driver.) — C:WINDOWSsystem32Driversdmload.sys [5888]
    O58 – SDL:03/11/2005 – 19:39:02 —A- . (.Ralink Technology, Corp. – Ralink 802.11 USB Wireless Adapter Driver.) — C:WINDOWSsystem32DriversDr71WU.sys [245504]
    O58 – SDL:13/04/2008 – 17:36:06 —A- . (.Windows (R) Server 2003 DDK provider – High Definition Audio Bus Driver v1.0a.) — C:WINDOWSsystem32Drivershdaudbus.sys [144384]
    O58 – SDL:21/11/2014 – 06:14:06 —A- . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:WINDOWSsystem32Driversmbam.sys [23256]
    O58 – SDL:21/11/2014 – 06:14:14 —A- . (.Malwarebytes Corporation – Malwarebytes Chameleon Protection Driver.) — C:WINDOWSsystem32Driversmbamchameleon.sys [54360]
    O58 – SDL:16/12/2014 – 13:35:37 —A- . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:WINDOWSsystem32Driversmbamswissarmy.sys [114904]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.S3/Diamond Multimedia Systems – NikeDrv Usb Driver.) — C:WINDOWSsystem32Driversnikedrv.sys [12032]
    O58 – SDL:08/02/2013 – 04:02:44 —A- . (.NVIDIA Corporation – NVIDIA Windows XP Miniport Driver, Version 307.83.) — C:WINDOWSsystem32Driversnv4_mini.sys [12648960]
    O58 – SDL:03/06/2004 – 03:40:46 R–A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) IDE Performance Driver.) — C:WINDOWSsystem32Driversnvatabus.sys [79360]
    O58 – SDL:29/07/2005 – 10:11:02 R–A- . (.NVIDIA Corporation – NVIDIA Networking Function Driver..) — C:WINDOWSsystem32DriversNVENETFD.sys [34048]
    O58 – SDL:29/07/2005 – 10:11:04 R–A- . (.NVIDIA Corporation – NVIDIA Networking Bus Driver..) — C:WINDOWSsystem32Driversnvnetbus.sys [12928]
    O58 – SDL:29/07/2005 – 10:10:46 R–A- . (.NVIDIA Corporation – NVIDIA Network Resource Manager..) — C:WINDOWSsystem32Driversnvnrm.sys [301312]
    O58 – SDL:29/07/2005 – 10:10:32 R–A- . (.NVIDIA Corporation – NVIDIA Networking Soft-NPU Driver..) — C:WINDOWSsystem32Driversnvsnpu.sys [221824]
    O58 – SDL:29/07/2005 – 10:10:54 R–A- . (.NVIDIA Corporation – NVIDIA Networking Protocol Driver..) — C:WINDOWSsystem32Driversnvtcp.sys [100480]
    O58 – SDL:29/10/2003 – 06:02:00 R–A- . (.NVIDIA Corporation – NVIDIA nForce AGP Filter.) — C:WINDOWSsystem32Driversnv_agp.SYS [21120]
    O58 – SDL:14/06/2007 – 14:29:08 —A- . (.PixArt Imaging Inc. – PAC7302.) — C:WINDOWSsystem32DriversPAC7302.SYS [457856]
    O58 – SDL:19/07/2009 – 11:59:24 —A- . (.VSO Software – low level access layer for CD/DVD/BD devices.) — C:WINDOWSsystem32Driverspcouffin.sys [47360]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.Parallel Technologies, Inc. – Parallel Technologies DirectParallel IO Library.) — C:WINDOWSsystem32Driversptilink.sys [17792]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.S3/Diamond Multimedia Systems – Rio8Drv.sys Usb Driver.) — C:WINDOWSsystem32Driversrio8drv.sys [12032]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.S3/Diamond Multimedia Systems – RioDrv Usb Driver.) — C:WINDOWSsystem32Driversriodrv.sys [12032]
    O58 – SDL:17/04/2006 – 09:31:26 R—- . (.Realtek Semiconductor Corp. – Realtek(r) High Definition Audio Function Driver.) — C:WINDOWSsystem32DriversRtkHDAud.Sys [4262912]
    O58 – SDL:03/08/2004 – 21:31:34 —A- . (.Realtek Semiconductor Corporation – Realtek RTL8139 NDIS 5.0 Driver.) — C:WINDOWSsystem32DriversRTL8139.sys [20992]
    O58 – SDL:13/11/2007 – 11:25:54 —A- . (.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) — C:WINDOWSsystem32Driverssecdrv.sys [20480]
    O58 – SDL:25/08/2013 – 10:30:48 —A- . (…) — C:WINDOWSsystem32DriversStarOpen.sys [13120]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.Toshiba Corporation – WDM Toshiba Tecra Video Capture Driver.) — C:WINDOWSsystem32Driverstsbvcap.sys [21376]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (.RAVISENT Technologies Inc. – CineMaster C WDM DVD Minidriver.) — C:WINDOWSsystem32Driversvdmindvd.sys [58112]
    O58 – SDL:09/11/2005 – 14:44:48 —A- . (.Alpha Networks Inc. – ANIO (NT5) Driver.) — C:WINDOWSsystem32ANIO.sys [24288]
    O58 – SDL:14/10/2004 – 09:29:16 —A- . (.ANI – ANIO (NDIS4) Driver.) — C:WINDOWSsystem32anio4.sys [11904]
    O58 – SDL:10/11/2005 – 06:13:00 —A- . (.Alpha Networks Inc. – ANIO (NT5) Driver.) — C:WINDOWSsystem32ANIO64.sys [50176]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ansi.sys [9037]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32country.sys [27097]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32himem.sys [4912]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32key01.sys [42809]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32keyboard.sys [42537]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos.sys [27916]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos404.sys [29146]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos411.sys [29370]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos412.sys [29274]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntdos804.sys [29146]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio.sys [34000]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio404.sys [34560]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio411.sys [35648]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio412.sys [35424]
    O58 – SDL:05/08/2004 – 13:00:00 —A- . (…) — C:WINDOWSsystem32ntio804.sys [34560]
    ~ Drivers: 56 Scanned in 00mn 02s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 09/12/2014 – 14:11:18 —A- . (.F-Secure Corporation.) — C:Documents and SettingsUTILISATEURMes documentsTéléchargementsSFR-Securite.exe [836648]
    O61 – LFC: 11/12/2014 – 14:11:18 —A- . (.F-Secure Corporation.) — C:Documents and SettingsUTILISATEURMes documentsTéléchargementsSFR-Securite(1).exe [836648]
    O61 – LFC: 14/12/2014 – 14:11:18 —A- . (.El Desaparecido – SosVirus.net – UsbFix.net.) — C:Documents and SettingsUTILISATEURMes documentsTéléchargementsUsbFix.exe [3989160]
    O61 – LFC: 14/12/2014 – 14:11:18 —A- . (.OldTimer Tools.) — C:Documents and SettingsUTILISATEURMes documentsTéléchargementsOTL.exe [602112]
    O61 – LFC: 15/12/2014 – 14:11:17 —A- . (…) — C:Documents and SettingsUTILISATEURMes documentsTéléchargementsAdwCleaner-4.1.0.5.exe [2166272]
    O61 – LFC: 15/12/2014 – 14:11:19 —A- . (.Nicolas Coolman.) — C:Documents and SettingsUTILISATEURMes documentsTéléchargementsZHPDiag2.exe [6860008] =>.Nicolas Coolman
    O61 – LFC: 16/12/2014 – 14:11:18 —A- . (.Malwarebytes Corporation.) — C:Documents and SettingsUTILISATEURMes documentsTéléchargementsmbam-setup-2.0.4.1028.exe [20447072]
    ~ 69 Fichiers temporaires (Temporary files)
    ~ 16 Fichiers cookies (Cookies files)
    ~ Files: 7 Scanned in 00mn 59s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 22/02/2008 – C:Program FilesFichiers communsArcSoftConnection ServiceBinACService.exe (ACDaemon) .(.ArcSoft Inc. – ArcSoft Connect Service.) – LEGACY_ACDAEMON
    O64 – Services: CurCS – 09/11/2005 – C:windowssystem32ANIO.sys (ANIO) .(.Alpha Networks Inc. – ANIO (NT5) Driver.) – LEGACY_ANIO
    O64 – Services: CurCS – 06/10/2014 – C:Program FilesSFR Sécuritéfshoster32.exe (fshoster) .(.F-Secure Corporation – F-Secure Host Process.) – LEGACY_FSHOSTER
    O64 – Services: CurCS – 16/12/2014 – C:windowssystem32driversMBAMSwissArmy.sys (MBAMSwissArmy) .(.Malwarebytes Corporation – Malwarebytes Anti-Malware.) – LEGACY_MBAMSWISSARMY
    O64 – Services: CurCS – 03/06/2004 – C:WINDOWSsystem32DRIVERSnvatabus.sys (nvatabus) .(.NVIDIA Corporation – NVIDIA® nForce(TM) IDE Performance Driver.) – LEGACY_NVATABUS
    O64 – Services: CurCS – 29/10/2003 – C:WINDOWSsystem32DRIVERSnv_agp.sys (nv_agp) .(.NVIDIA Corporation – NVIDIA nForce AGP Filter.) – LEGACY_NV_AGP
    O64 – Services: CurCS – 05/06/2014 – C:Program FilesTomTom HOME 2TomTomHOMEService.exe (TomTomHOMEService) .(.TomTom – Windows Service for TomTom HOME.) – LEGACY_TOMTOMHOMESERVICE
    ~ Legacy: 915 Scanned in 00mn 02s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..cplopenCommand] (.Microsoft Corporation – DLL commune du shell Windows.) — C:WINDOWSsystem32shell32.dll
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet ExplorerIEXPLORE.exe
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Microsoft (R) Windows Based Script Host.) — C:WINDOWSsystem32WScript.exe
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Éditeur du Registre.) — C:WINDOWSregedit.exe
    O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” /S
    O67 – Shell Spawning: [HKCU..openCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    ~ FASS Keys: 10 Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {0939AB17-9F6C-4CD5-862D-A667486E9E29} – (Yahoo!) – http://fr.search.yahoo.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {9CB96984-43C3-4D44-90EF-01466EFCF7BB} – (Yahoo! (Avast)) – http://fr.search.yahoo.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les service demarrés par Svchost (SSS) (O83)
    O83 – Search Svchost Services: AppMgmt (AppMgmt) . (…) — C:WINDOWSsystem32appmgmts.dll [0]
    O83 – Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation – Windows Audio Service.) — C:WINDOWSsystem32audiosrv.dll [42496]
    O83 – Search Svchost Services: Browser (Browser) . (.Microsoft Corporation – Computer Browser Service DLL.) — C:WINDOWSsystem32browser.dll [78336]
    O83 – Search Svchost Services: CryptSvc (CryptSvc) . (.Microsoft Corporation – Cryptographic Services.) — C:WINDOWSsystem32cryptsvc.dll [62464]
    O83 – Search Svchost Services: DMServer (DMServer) . (.Microsoft Corp. – DLL Service gestionnaire de disque logique.) — C:WINDOWSsystem32dmserver.dll [24576]
    O83 – Search Svchost Services: DHCP (DHCP) . (.Microsoft Corporation – Service client DHCP.) — C:WINDOWSsystem32dhcpcsvc.dll [127488]
    O83 – Search Svchost Services: ERSvc (ERSvc) . (.Microsoft Corporation – Windows Error Reporting Service.) — C:WINDOWSsystem32ersvc.dll [23040]
    O83 – Search Svchost Services: EventSystem (EventSystem) . (.Microsoft Corporation – Pas de description.) — C:WINDOWSsystem32es.dll [253952]
    O83 – Search Svchost Services: FastUserSwitchingCompatibility (FastUserSwitchingCompatibility) . (.Microsoft Corporation – Dll des services Windows Shell.) — C:WINDOWSsystem32shsvcs.dll [135680]
    O83 – Search Svchost Services: HidServ (HidServ) . (.Microsoft Corporation – HID Audio Service.) — C:WINDOWSsystem32hidserv.dll [21504]
    O83 – Search Svchost Services: Irmon (Irmon) . (.Microsoft Corporation – Moniteur infrarouge.) — C:WINDOWSsystem32irmon.dll [29184]
    O83 – Search Svchost Services: LanmanServer (LanmanServer) . (.Microsoft Corporation – Server Service DLL.) — C:WINDOWSsystem32srvsvc.dll [99840]
    O83 – Search Svchost Services: LanmanWorkstation (LanmanWorkstation) . (.Microsoft Corporation – Workstation Service DLL.) — C:WINDOWSsystem32wkssvc.dll [132096]
    O83 – Search Svchost Services: Messenger (Messenger) . (.Microsoft Corporation – NT Messenger Service.) — C:WINDOWSsystem32msgsvc.dll [33792]
    O83 – Search Svchost Services: Netman (Netman) . (.Microsoft Corporation – Gestionnaire de connexions réseau.) — C:WINDOWSsystem32netman.dll [198144]
    O83 – Search Svchost Services: Nla (Nla) . (.Microsoft Corporation – Fournisseur de service Sockets 2.0 de Microsoft Windows.) — C:WINDOWSsystem32mswsock.dll [247808] =>.Microsoft Corporation
    O83 – Search Svchost Services: Ntmssvc (Ntmssvc) . (.Microsoft Corporation – Gestionnaire de stockage amovible.) — C:WINDOWSsystem32ntmssvc.dll [438272]
    O83 – Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation – Remote Access AutoDial Manager.) — C:WINDOWSsystem32rasauto.dll [88576]
    O83 – Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation – Remote Access Connection Manager.) — C:WINDOWSsystem32rasmans.dll [186368]
    O83 – Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation – Dynamic Interface Manager.) — C:WINDOWSsystem32mprdim.dll [53248]
    O83 – Search Svchost Services: Schedule (Schedule) . (.Microsoft Corporation – Moteur du Planificateur de tâches.) — C:WINDOWSsystem32schedsvc.dll [194560]
    O83 – Search Svchost Services: Seclogon (Seclogon) . (.Microsoft Corporation – DLL de service d’ouverture de session secondaire.) — C:WINDOWSsystem32seclogon.dll [18944]
    O83 – Search Svchost Services: SENS (SENS) . (.Microsoft Corporation – System Event Notification Service (SENS).) — C:WINDOWSsystem32sens.dll [39424]
    O83 – Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation – Composants de l’application d’assistance à Microsoft NAT.) — C:WINDOWSsystem32ipnathlp.dll [332800]
    O83 – Search Svchost Services: SRService (SRService) . (.Microsoft Corporation – Service de restauration du système.) — C:WINDOWSsystem32srsvc.dll [171520]
    O83 – Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation – Serveur de téléphonie Microsoft® Windows(TM).) — C:WINDOWSsystem32tapisrv.dll [249856]
    O83 – Search Svchost Services: Themes (Themes) . (.Microsoft Corporation – Dll des services Windows Shell.) — C:WINDOWSsystem32shsvcs.dll [135680]
    O83 – Search Svchost Services: TrkWks (TrkWks) . (.Microsoft Corporation – Distributed Link Tracking Client.) — C:WINDOWSsystem32trkwks.dll [90112]
    O83 – Search Svchost Services: W32Time (W32Time) . (.Microsoft Corporation – Service de temps Windows.) — C:WINDOWSsystem32w32time.dll [178176]
    O83 – Search Svchost Services: WZCSVC (WZCSVC) . (.Microsoft Corporation – Service configuration automatique sans fil.) — C:WINDOWSsystem32wzcsvc.dll [483840]
    O83 – Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation – WMI.) — C:WINDOWSsystem32wbemWMIsvc.dll [145408]
    O83 – Search Svchost Services: wscsvc (wscsvc) . (.Microsoft Corporation – Windows Security Center Service.) — C:WINDOWSsystem32wscsvc.dll [80896]
    O83 – Search Svchost Services: xmlprov (xmlprov) . (.Microsoft Corporation – Network Provisioning Service.) — C:WINDOWSsystem32xmlprov.dll [129024]
    O83 – Search Svchost Services: BITS (BITS) . (.Microsoft Corporation – Service de transfert intelligent en arrière-plan.) — C:WINDOWSsystem32qmgr.dll [409088]
    O83 – Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation – Windows Update AutoUpdate Service.) — C:windowssystem32wuauserv.dll [6656]
    O83 – Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation – Dll des services Windows Shell.) — C:WINDOWSsystem32shsvcs.dll [135680]
    O83 – Search Svchost Services: helpsvc (helpsvc) . (.Microsoft Corporation – Microsoft PCHealth Service Holder.) — C:WINDOWSPCHealthHelpCtrBinariespchsvc.dll [38400]
    O83 – Search Svchost Services: WmdmPmSN (WmdmPmSN) . (.Microsoft Corporation – Microsoft Media Device Service Provider.) — C:WINDOWSsystem32MsPMSNSv.dll [27136]
    O83 – Search Svchost Services: napagent (napagent) . (.Microsoft Corporation – Exécution du service Agent de quarantaine.) — C:WINDOWSsystem32qagentrt.dll [293376]
    O83 – Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation – Service Gestion des clés.) — C:WINDOWSsystem32kmsvc.dll [61440]
    ~ Services: 40 Scanned in 00mn 01s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.C439F625386EB58FA373A4EC101786BD] [SPRF][16/09/2014] (.PC Cleaners – PC Cleaner Pro.) — C:Documents and SettingsAll UsersApplication Datapclunst.exe [9414952] =>Rogue.PCCleanerPro
    [MD5.254FBCA565E049648B0CCE2CEADF05D2] [SPRF][19/07/2009] (…) — C:Documents and SettingsUTILISATEURApplication Datainst.exe [87608]
    [MD5.5B6C11DE7E839C05248CED8825470FEF] [SPRF][19/07/2009] (.VSO Software – low level access layer for CD/DVD/BD devices.) — C:Documents and SettingsUTILISATEURApplication Datapcouffin.sys [47360]
    [MD5.ADD5959782B53F5DF504D4D867151A3D] [SPRF][30/08/2010] (.Microsoft Corporation – Client Full Install Package.) — C:Documents and SettingsUTILISATEURBureaumssefullinstall-x86fre-fr-fr-xp.exe [11899464]
    [MD5.89871C1498F2A471290F0A2C088987A6] [SPRF][25/03/2009] (.RealNetworks, Inc. – RealNetworks Installer.) — C:Documents and SettingsUTILISATEURBureauRealPlayer11GOLD_fr.exe [476696]
    [MD5.17C995AA808CEE87A0E49A4B02E423E6] [SPRF][02/09/2010] (…) — C:Documents and SettingsUTILISATEURBureaurevosetup.exe [2406288]
    ~ Files: 6 Scanned in 00mn 06s

    —\ Recherche de clés de registre CLSID (O101)
    [HKCRCLSID{C11CBDA9-6702-469E-9CE1-64E3971A6B44}] (PC Antivirus Pro Web Protection BHO) =>PUP.WebProtect
    ~ BCK: 3497 Scanned in 00mn 10s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 10/12/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:windowssystem32MacromedFlashFlashPlayerUpdateService.exe
    SS – | Demand 19/10/2005 49152 | (ANIWZCSdService) . (.Alpha Networks Inc..) – C:Program FilesANIANIWZCS2 ServiceANIWZCSdS.exe
    SS – | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) – C:WINDOWSsystem32dmadmin.exe
    SS – | Disabled 13/09/2014 3079488 | (LMIRescue_24882919-0c02-4d63-8f5d-3c864251866e) . (.LogMeIn, Inc..) – C:Documents and SettingsUTILISATEURLocal SettingsApplication DataLogMeIn Rescue AppletLMIR0001.tmpLMI_Rescue_srv.exe
    SS – | Demand 09/12/2014 114800 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
    SS – | Auto 10/10/2005 131139 | (NVSvc) . (.NVIDIA Corporation.) – C:WINDOWSsystem32nvsvc32.exe
    SS – | Demand 19/05/2009 240512 | (SeaPort) . (.Microsoft Corporation.) – C:Program FilesMicrosoftSearch Enhancement PackSeaPortSeaPort.exe
    SR – | Auto 22/02/2008 104960 | (ACDaemon) . (.ArcSoft Inc..) – C:Program FilesFichiers communsArcSoftConnection ServiceBinACService.exe
    SR – | Auto 06/10/2014 187432 | (fshoster) . (.F-Secure Corporation.) – C:Program FilesSFR Sécuritéfshoster32.exe
    SR – | Auto 05/06/2014 93040 | (TomTomHOMEService) . (.TomTom.) – C:Program FilesTomTom HOME 2TomTomHOMEService.exe
    ~ Services: Scanned in 00mn 11s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
    Run by UTILISATEUR at 16/12/2014 14:14:01
    device: opened successfully
    user: MBR read successfully
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    1 ntkrnlpa!IofCallDriver[0x804EE1A0] >> DeviceHarddisk0DR0[0x85178AB8]
    3 CLASSPNP[0xF75F6FD7] >> ntkrnlpa!IofCallDriver[0x804EE1A0] >> Device0000065[0x8517CF18]
    5 ACPI[0xF748C620] >> ntkrnlpa!IofCallDriver[0x804EE1A0] >> DeviceIdeIdeDeviceP2T0L0-5[0x8517B8E8]
    kernel: MBR read successfully
    user & kernel MBR OK
    ~ MBR: 13 Scanned in 00mn 02s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by UTILISATEUR at 16/12/2014 14:14:03
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 04s

    —\ Liste des émulateurs de CD/DVD (MBR Hook)
    O58 – SDL:19/07/2009 – 11:59:24 —A- . (.VSO Software – low level access layer for CD/DVD/BD devices.) — C:WINDOWSsystem32Driverspcouffin.sys [47360]
    ~ Emulateurs: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 13026 – (28/08/2014)
    Clés trouvées (Keys found) : 4
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 5
    Fichiers trouvés (Files found) : 5

    [HKCUSoftwareMicrosoftWindowsCurrentVersionUninstallPC Cleaners] =>Rogue.PCCleanerPro^
    [HKCUSoftwarePartyFrance] =>Casino.OnlineGames
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{280B5D37-4A76-467A-B3D6-942FCA90ACDE}] =>Worm.Vispat
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{280B5D37-4A76-467A-B3D6-942FCA90ACDE}] =>Worm.Vispat
    C:Program FilesVuze =>P2P.Azureus^
    C:Documents and SettingsUTILISATEURApplication DataAzureus =>P2P.Azureus^
    C:Documents and SettingsUTILISATEURApplication DataBitTorrent =>P2P.BitTorrent^
    C:Documents and SettingsUTILISATEURApplication DatauTorrent =>P2P.µTorrent^
    C:Documents and SettingsUTILISATEURMenu DémarrerProgrammesBitTorrent =>P2P.BitTorrent^
    [HKCUSoftwareBitTorrent] =>P2P.BitTorrent^
    [HKCUSoftwarePCCleaners] =>Rogue.PCCleanerPro^
    [HKLMSoftwarePCCleaners] =>Rogue.PCCleanerPro^
    C:Documents and SettingsAll UsersApplication Datapclunst.exe =>Rogue.PCCleanerPro^
    [HKCRCLSID{C11CBDA9-6702-469E-9CE1-64E3971A6B44}] (PC Antivirus Pro Web Protection BHO) =>PUP.WebProtect^
    ~ Additionnel Scan: 186437 Items scanned in 00mn 35s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/” onclick=”window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/” onclick=”window.open(this.href);return false; =>.Browser Helper Objects de navigateur (O2)
    ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/” onclick=”window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
    ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/” onclick=”window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
    ~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/” onclick=”window.open(this.href);return false; =>.Image File Execution Options (IFEO) (O50)
    ~ AMI: 5 Scanned in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ MSI: 0 link(s) detected in 00mn 00s

    End of the scan (1226 lines in 05mn 50s)(0)

    Evasion60Evasion60
    Participant
    Nombre d'articles : 1559

    :hello: Bonjour

    /! Je ne peux pas travailler avec un rapport coupé en plusieurs parties
    Merci de l’héberger sur http://www.Cjoint.com
    Coche 21 jours en lecture

    :(

15 sujets de 1 à 15 (sur un total de 25)
  • Vous devez être connecté pour répondre à ce sujet.