11 sujets de 1 à 11 (sur un total de 11)
  • Auteur
    Messages
  • Lady os
    Participant
    Nombre d'articles : 7

    [cannedusbfix][/cannedusbfix]

    :hello: Donc voila, j’ai téléchargé usbfix vu les conseils de nombre de sites pour résoudre le problème des fichiers converti en raccourcis dont je « souffre ». Alors j’ai fait une recherche sur usfix et j’ai eu un rapport que si j’ai bien compris je doit poster sur un forum d’aide et là je serais dirigé(?). Merci d’avance à celui/ceux qui voudrai(en)t voler à mon secours. :bye:
    Voici le dit rapport :

    ############################## | UsbFix V 7.171 | [Recherche]

    Utilisateur: OPERATEUR (Administrateur) # OPERATEUR-PC
    Mis à jour le 18/05/2014 par El Desaparecido – SosVirus
    Lancé à 21:39:11 | 07/06/2014

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : http://www.sosvirus.net/forum-virus-securite.html
    Upload Malware : http://www.sosvirus.net/upload_malware.php
    Contact : http://www.usbfix.net/contact/

    PC: ASUSTeK Computer Inc. (A8V)
    CPU: AMD Athlon(tm) 64 Processor 3500+
    RAM -> [Total : 1023 Mo| Free : 181 Mo]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 32-Bit) Service Pack 1
    WB: Windows Internet Explorer : 9.0.8112.16421
    WB: Google Chrome : 35.0.1916.114
    WB: Mozilla Firefox : 27.0.1

    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]
    AV: avast! Antivirus [Enabled | Updated]
    AS: Windows Defender [Enabled | Updated]
    AS: avast! Antivirus [Enabled | Updated]
    FW: Windows FireWall [(!) Disabled]

    C: (%SystemDrive%) -> Disque fixe # 153 Go (121 Go libre(s) – 79%) [] # NTFS
    D: -> CD-ROM
    E: -> CD-ROM
    F: -> Disque amovible # 15 Go (12 Go libre(s) – 84%) [] # FAT32

    ################## | Processus Actif |

    C:WindowsSystem32smss.exe (ID: 296|ParentID: 4|SYSTEM)
    C:WindowsSystem32wininit.exe (ID: 424|ParentID: 372)
    C:WindowsSystem32services.exe (ID: 484|ParentID: 424)
    C:WindowsSystem32lsass.exe (ID: 500|ParentID: 424)
    C:WindowsSystem32lsm.exe (ID: 508|ParentID: 424)
    C:WindowsSystem32winlogon.exe (ID: 532|ParentID: 416)
    C:WindowsSystem32svchost.exe (ID: 656|ParentID: 484)
    C:WindowsSystem32nvvsvc.exe (ID: 728|ParentID: 484)
    C:WindowsSystem32svchost.exe (ID: 756|ParentID: 484)
    C:WindowsSystem32svchost.exe (ID: 808|ParentID: 484)
    C:WindowsSystem32svchost.exe (ID: 928|ParentID: 484)
    C:WindowsSystem32svchost.exe (ID: 968|ParentID: 484)
    C:WindowsSystem32svchost.exe (ID: 1112|ParentID: 484)
    C:Program FilesNVIDIA CorporationDisplayNvXDSync.exe (ID: 1224|ParentID: 728)
    C:WindowsSystem32svchost.exe (ID: 1332|ParentID: 484)
    C:Program FilesAVAST SoftwareAvastAvastSvc.exe (ID: 1408|ParentID: 484)
    C:WindowsSystem32dwm.exe (ID: 1576|ParentID: 928|OPERATEUR)
    C:Windowsexplorer.exe (ID: 1592|ParentID: 1560|OPERATEUR)
    C:WindowsSystem32spoolsv.exe (ID: 1628|ParentID: 484)
    C:WindowsSystem32taskhost.exe (ID: 1664|ParentID: 484|OPERATEUR)
    C:WindowsSystem32svchost.exe (ID: 1680|ParentID: 484)
    C:Program FilesBonjourmDNSResponder.exe (ID: 1868|ParentID: 484)
    C:WindowsSOUNDMAN.EXE (ID: 1892|ParentID: 1592|OPERATEUR)
    C:Program FilesYahoo!Search ProtectionSearchProtection.exe (ID: 1900|ParentID: 1592|OPERATEUR)
    C:Program FilesHPHP Software Updatehpwuschd2.exe (ID: 1908|ParentID: 1592|OPERATEUR)
    C:Program FilesAVAST SoftwareAvastavastui.exe (ID: 1928|ParentID: 1592|OPERATEUR)
    C:Program FilesVimicro CorporationVMUVCVMonitor.exe (ID: 1952|ParentID: 1592|OPERATEUR)
    C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 1964|ParentID: 1592|OPERATEUR)
    C:Program FilesSuperCopier2SuperCopier2.exe (ID: 1972|ParentID: 1592|OPERATEUR)
    C:Program FilesHPDigital Imagingbinhpqtra08.exe (ID: 1996|ParentID: 1592|OPERATEUR)
    C:WindowsSystem32svchost.exe (ID: 332|ParentID: 484)
    C:Program FilesPANDORA.TVPanServiceKMPService.exe (ID: 1240|ParentID: 484)
    C:WindowsSystem32svchost.exe (ID: 1856|ParentID: 484)
    C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe (ID: 2176|ParentID: 484)
    C:Program FilesAdvantage 9.10Serverads.exe (ID: 2476|ParentID: 484)
    C:WindowsSystem32SearchIndexer.exe (ID: 2960|ParentID: 484)
    C:WindowsSystem32svchost.exe (ID: 3040|ParentID: 484)
    C:WindowsSystem32wbemunsecapp.exe (ID: 3304|ParentID: 656|OPERATEUR)
    C:WindowsSystem32svchost.exe (ID: 3420|ParentID: 484)
    C:Program FilesYahoo!MessengerYmsgr_tray.exe (ID: 3764|ParentID: 1980|OPERATEUR)
    C:Program FilesHPDigital Imagingbinhpqste08.exe (ID: 2856|ParentID: 1996|OPERATEUR)
    C:Program FilesHPDigital Imagingbinhpqbam08.exe (ID: 196|ParentID: 656|OPERATEUR)
    C:Program FilesHPDigital Imagingbinhpqgpc01.exe (ID: 3392|ParentID: 656|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3484|ParentID: 1592|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3988|ParentID: 3484|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 920|ParentID: 3484|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 568|ParentID: 3484|OPERATEUR)
    C:Program FilesPANDORA.TVPanServiceKMPProcess.exe (ID: 2292|ParentID: 1240)
    C:WindowsSystem32svchost.exe (ID: 1772|ParentID: 484)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2912|ParentID: 3484|OPERATEUR)
    C:Program FilesCommon FilesJavaJava Updatejucheck.exe (ID: 4404|ParentID: 1964|OPERATEUR)
    C:WindowsSystem32taskhost.exe (ID: 4240|ParentID: 484|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3300|ParentID: 3484|OPERATEUR)
    C:Program FilesCloverclover.exe (ID: 5280|ParentID: 1592|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 6008|ParentID: 3484|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4340|ParentID: 3484|OPERATEUR)
    C:UsbFixUsbFix.exe (ID: 2184|ParentID: 1592|OPERATEUR)
    C:WindowsSystem32audiodg.exe (ID: 4776|ParentID: 808)

    ################## | Autorun |

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [SuperCopier2.exe] C:Program FilesSuperCopier2SuperCopier2.exe
    04 – HKCU..Run : [Messenger (Yahoo!)] « C:PROGRA~2Yahoo!MessengerYahooMessenger.exe » -quiet
    04 – HKCU..Run : [Search Protection] C:Program FilesYahoo!Search ProtectionSearchProtection.exe
    04 – HKCU..Run : [InternetCalls] « C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe » -nosplash -minimized
    04 – HKCU..Run : [VoipConnect] « C:Program FilesVoipConnect.comVoipConnectVoipConnect.exe » -nosplash -minimized
    04 – HKLM..Run : [SoundMan] SOUNDMAN.EXE
    04 – HKLM..Run : [YSearchProtection] « C:Program FilesYahoo!Search ProtectionSearchProtection.exe »
    04 – HKLM..Run : [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
    04 – HKLM..Run : [AvastUI.exe] « C:Program FilesAVAST SoftwareAvastAvastUI.exe » /nogui
    04 – HKLM..Run : [VMonitorVMUVC] « C:Program FilesVimicro CorporationVMUVCVMonitor.exe » VMUVC
    04 – HKLM..Run : [SunJavaUpdateSched] « C:Program FilesCommon FilesJavaJava Updatejusched.exe »
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-4055012067-1499113417-2862841071-1000..Run : [SuperCopier2.exe] C:Program FilesSuperCopier2SuperCopier2.exe
    04 – HKUS-1-5-21-4055012067-1499113417-2862841071-1000..Run : [Messenger (Yahoo!)] « C:PROGRA~2Yahoo!MessengerYahooMessenger.exe » -quiet
    04 – HKUS-1-5-21-4055012067-1499113417-2862841071-1000..Run : [Search Protection] C:Program FilesYahoo!Search ProtectionSearchProtection.exe
    04 – HKUS-1-5-21-4055012067-1499113417-2862841071-1000..Run : [InternetCalls] « C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe » -nosplash -minimized
    04 – HKUS-1-5-21-4055012067-1499113417-2862841071-1000..Run : [VoipConnect] « C:Program FilesVoipConnect.comVoipConnectVoipConnect.exe » -nosplash -minimized
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | Recherche générique |

    Présent! F:.lnk
    Présent! F:pandora_box___iris___shiawase_no_hako__1_2__by_lutias-d5ynse.lnk
    Présent! F:pandora_box___iris___shiawase_no_hako__2_2__by_lutias-d5ynsp.lnk
    Présent! F:1358697607074224400.lnk
    Présent! F:SURVIVAL.lnk
    Présent! F:les capitales d’amériques du sud.lnk
    Présent! F:Le travail intérimaire et temporaire.lnk
    Présent! F:Bruxelles.lnk
    Présent! F:Doc2.lnk
    Présent! F:brochure eng.lnk
    Présent! F:Le c l o n a g e.lnk
    Présent! F:Images.lnk
    Présent! F:Videos.lnk
    Présent! F:Sounds.lnk
    Présent! F:Other files.lnk
    Présent! F:DCIM.lnk
    Présent! F:.Spotlight-V100.lnk
    Présent! F:.TemporaryItems.lnk
    Présent! F:.fseventsd.lnk
    Présent! F:DOSSIERS.lnk
    Présent! F:ss-Backup-0001.lnk
    Présent! F:BlackBerry.lnk
    Présent! F:databases.lnk
    Présent! F:DOC.lnk
    Présent! F:musiqua.lnk
    Présent! F:Espagnol.lnk
    Présent! F:juin.lnk
    Présent! F:~$Le c l o n a g e.lnk
    Présent! F:FOUND.000.lnk
    Présent! F:.Trashes.lnk

    ################## | Registre |

    Présent! HKLMSoftwareMicrosoftSecurity Center|UacDisableNotify -> 1

    ################## | E.O.F | http://www.sosvirus.net/ | http://www.usbfix.net/ |

    Victor
    Participant
    Nombre d'articles : 551

    Bonsoir Lady os , :hello:

    1)

    • Relance USBFIX
    • Branche toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisis l’option Nettoyage

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse

    2)Ensuite, effectue un diagnostic de ton PC en suivant cette procédure, stp:

    • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
    • Installe le logiciel.
    • Lance ZHPDiag, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clic sur Complet

      Note : Ne pas fermer le programme même si il est indiqué qu’il ne répond plus.

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
    • Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    A te relire
    Victor

    Lady os
    Participant
    Nombre d'articles : 7

    C’est normal que je ne puisse plus avoir accès à la barre d’outils ni voir les raccourcis et ect?

    Voilà le rapport du nettoyage d’Usbfix :

    ############################## | UsbFix V 7.171 | [Nettoyage]

    Utilisateur: OPERATEUR (Administrateur) # OPERATEUR-PC
    Mis à jour le 18/05/2014 par El Desaparecido – SosVirus
    Lancé à 14:27:01 | 09/06/2014

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : http://www.sosvirus.net/forum-virus-securite.html
    Upload Malware : http://www.sosvirus.net/upload_malware.php
    Contact : http://www.usbfix.net/contact/

    PC: ASUSTeK Computer Inc. (A8V)
    CPU: AMD Athlon(tm) 64 Processor 3500+
    RAM -> [Total : 1023 Mo| Free : 94 Mo]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 32-Bit) Service Pack 1
    WB: Windows Internet Explorer : 9.0.8112.16421
    WB: Google Chrome : 35.0.1916.114
    WB: Mozilla Firefox : 27.0.1

    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]
    AV: avast! Antivirus [Enabled | Updated]
    AS: Windows Defender [Enabled | Updated]
    AS: avast! Antivirus [Enabled | Updated]
    FW: Windows FireWall [(!) Disabled]

    C: (%SystemDrive%) -> Disque fixe # 153 Go (125 Go libre(s) – 82%) [] # NTFS
    D: -> CD-ROM
    E: -> CD-ROM
    F: -> Disque amovible # 15 Go (12 Go libre(s) – 84%) [] # FAT32

    ################## | Processus Stoppés |

    C:WindowsSystem32nvvsvc.exe (ID: 732|ParentID: 488)
    C:Program FilesNVIDIA CorporationDisplayNvXDSync.exe (ID: 1272|ParentID: 732)
    C:Windowsexplorer.exe (ID: 1600|ParentID: 1572|OPERATEUR)
    C:WindowsSystem32spoolsv.exe (ID: 1648|ParentID: 488|SYSTEM)
    C:WindowsSystem32taskhost.exe (ID: 1692|ParentID: 488|OPERATEUR)
    C:Program FilesBonjourmDNSResponder.exe (ID: 1856|ParentID: 488|SYSTEM)
    C:WindowsSOUNDMAN.EXE (ID: 1952|ParentID: 1600|OPERATEUR)
    C:Program FilesYahoo!Search ProtectionSearchProtection.exe (ID: 1960|ParentID: 1600|OPERATEUR)
    C:Program FilesHPHP Software Updatehpwuschd2.exe (ID: 1968|ParentID: 1600|OPERATEUR)
    C:Program FilesVimicro CorporationVMUVCVMonitor.exe (ID: 1984|ParentID: 1600|OPERATEUR)
    C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 1992|ParentID: 1600|OPERATEUR)
    C:Program FilesSuperCopier2SuperCopier2.exe (ID: 2000|ParentID: 1600|OPERATEUR)
    C:Program FilesHPDigital Imagingbinhpqtra08.exe (ID: 2024|ParentID: 1600|OPERATEUR)
    C:Program FilesPANDORA.TVPanServiceKMPService.exe (ID: 1176|ParentID: 488|SYSTEM)
    C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe (ID: 2088|ParentID: 488|SYSTEM)
    C:Program FilesPANDORA.TVPanServiceKMPProcess.exe (ID: 2104|ParentID: 1176|SYSTEM)
    C:Program FilesAdvantage 9.10Serverads.exe (ID: 2388|ParentID: 488|SYSTEM)
    C:WindowsSystem32SearchIndexer.exe (ID: 2800|ParentID: 488|SYSTEM)
    C:Program FilesYahoo!MessengerYmsgr_tray.exe (ID: 3084|ParentID: 2008|OPERATEUR)
    C:WindowsSystem32wbemunsecapp.exe (ID: 3648|ParentID: 660|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2012|ParentID: 1600|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3500|ParentID: 2012|OPERATEUR)
    C:Program FilesHPDigital Imagingbinhpqste08.exe (ID: 3972|ParentID: 2024|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4000|ParentID: 2012|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2380|ParentID: 2012|OPERATEUR)
    C:Program FilesHPDigital Imagingbinhpqbam08.exe (ID: 2896|ParentID: 660|OPERATEUR)
    C:Program FilesHPDigital Imagingbinhpqgpc01.exe (ID: 1476|ParentID: 660|OPERATEUR)
    C:Program FilesCommon FilesJavaJava Updatejucheck.exe (ID: 2260|ParentID: 1992|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2648|ParentID: 2012|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2236|ParentID: 2012|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 1144|ParentID: 2012|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3008|ParentID: 2012|OPERATEUR)
    C:WindowsSystem32taskhost.exe (ID: 2292|ParentID: 488|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2284|ParentID: 2012|OPERATEUR)
    C:WindowsSystem32WUDFHost.exe (ID: 4544|ParentID: 932|LOCAL SERVICE)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4668|ParentID: 2012|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 628|ParentID: 2012|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 188|ParentID: 2012|OPERATEUR)
    C:Program FilesCloverclover.exe (ID: 4600|ParentID: 1600|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4108|ParentID: 2012|OPERATEUR)
    C:Program FilesCommon Filesmicrosoft sharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 5484|ParentID: 488|NETWORK SERVICE)

    ################## | Autorun |

    ################## | Recherche générique |

    Lady os
    Participant
    Nombre d'articles : 7

    Ainsi que celui de ZHPdiag (p1) :
    ~ Rapport de ZHPDiag v2014.6.9.87 – Nicolas Coolman (09/06/2014)
    ~ Lancé par OPERATEUR (09/06/2014 14:37:00)
    ~ Adresse du Site Web http://nicolascoolman.fr » onclick= »window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Version à jour.
    ~ Liste blanche : Désactivée par l’utilisateur
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v9.0.8112.16421
    MFIE: Mozilla Firefox 27.0.1
    GCIE: Google Chrome v35.0.1916.114 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : HYRR2
    Windows License : OK
    ~ Windows Remaining Initializations Number : 3
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2018
    Windows Defender W7 (Activate)

    —\ Logiciels d’optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels

    —\ Informations sur le système
    ~ Processor: x86 Family 15 Model 47 Stepping 2, AuthenticAMD
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 1023 MB (10% free)
    System Restore: Activé (Enable)
    System drive C: has 125 GB (81%) free of 153 GB

    —\ Mode de connexion au système
    ~ Computer Name: OPERATEUR-PC
    ~ User Name: OPERATEUR
    ~ All Users Names: OPERATEUR, Guest, Administrator,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersOPERATEURAppDataRoamingZHP
    ~ %AppData% : C:UsersOPERATEURAppDataRoaming
    ~ %Desktop% : C:UsersOPERATEURDesktop
    ~ %Favorites% : C:UsersOPERATEURFavorites
    ~ %LocalAppData% : C:UsersOPERATEURAppDataLocal
    ~ %StartMenu% : C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    A: Floppy drive, Flash card reader, USB Key (Not Inserted)
    C: Hard drive, Flash drive, Thumb drive (Free 125 Go of 153 Go)
    D: CD-ROM drive (Not Inserted)
    E: CD-ROM drive (Not Inserted)
    F: Floppy drive, Flash card reader, USB Key (Free 12 Go of 15 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftSecurity Center] UacDisableNotify: OK
    [HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiSpywareOverride: OK
    [HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiVirusOverride: OK
    [HKLMSOFTWAREMicrosoftSecurity CenterSvc] FirewallOverride: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] EnableLUA: Modified
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN] CheckedValue: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL] CheckedValue: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations] Application: OK
    [HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] Shell: OK
    [HKCUSOFTWAREMicrosoftWindows NTCurrentVersionWindows] Load: OK
    [HKLMSYSTEMCurrentControlSetServicesCOMSysApp] Type: OK
    ~ Security Center: 37 Scanned in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.6EF4D18AD2A63B2070DA79140D163576] – (.Microsoft Corporation – Explorateur Windows.) (.26/11/2012 – 13:26:41.) — C:WindowsExplorer.exe [3491840]
    [MD5.B5C5DCAD3899512020D135600129D665] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:14:45.) — C:WindowsSystem32Wininit.exe [96256]
    [MD5.5553611E2F9EA6F613079177F1233068] – (.Microsoft Corporation – Internet Extensions for Win32.) (.10/10/2012 – 04:31:16.) — C:WindowsSystem32wininet.dll [1129472]
    [MD5.6D13E1406F50C66E2A95D97F22C47560] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 22:29:06.) — C:WindowsSystem32Winlogon.exe [286720]
    [MD5.E3AE23569749DE12D45BA3B489A036AE] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 22:29:24.) — C:WindowsSystem32sppcomapi.dll [193536]
    [MD5.9EBBBA55060F786F0FCAA3893BFA2806] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.10/10/2012 – 04:32:29.) — C:Windowssystem32DriversAFD.sys [338944]
    [MD5.338C86357871C167A96AB976519BF59E] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:26:15.) — C:Windowssystem32Driversatapi.sys [21584]
    [MD5.77EA11B065E0A8AB902D78145CA51E10] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:11:15.) — C:Windowssystem32DriversCdfs.sys [70656]
    [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 22:29:03.) — C:Windowssystem32DriversCdrom.sys [108544]
    [MD5.F024449C97EC1E464AAFFDA18593DB88] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 22:29:07.) — C:Windowssystem32DriversDfsC.sys [78336]
    [MD5.9036377B8A6C15DC2EEC53E489D159B5] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 22:29:03.) — C:Windowssystem32DriversHDAudBus.sys [108544]
    [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:11:24.) — C:Windowssystem32Driversi8042prt.sys [80896]
    [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 00:54:29.) — C:Windowssystem32DriversIpNat.sys [101888]
    [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.10/10/2012 – 04:33:53.) — C:Windowssystem32DriversMRxSmb.sys [123904]
    [MD5.280122DDCF04B378EDD1AD54D71C1E54] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 22:29:08.) — C:Windowssystem32DriversnetBT.sys [187904]
    [MD5.0D87503986BB3DFED58E343FE39DDE13] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.10/10/2012 – 04:41:12.) — C:Windowssystem32Driversntfs.sys [1211760]
    [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 00:45:35.) — C:Windowssystem32DriversParport.sys [79360]
    [MD5.D9F91EAFEC2815365CBE6D167E4E332A] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/07/2009 – 00:54:34.) — C:Windowssystem32DriversRasl2tp.sys [78848]
    [MD5.B973FCFC50DC1434E1970A146F7E3885] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.20/11/2010 – 22:29:49.) — C:Windowssystem32Driversrdpdr.sys [133632]
    [MD5.3E21C083B8A01CB70BA1F09303010FCE] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 00:53:41.) — C:Windowssystem32Driverssmb.sys [71168]
    [MD5.B459575348C20E8121D6039DA063C704] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 22:29:07.) — C:Windowssystem32Driverstdx.sys [74752]
    [MD5.F497F67932C6FA693D7DE2780631CFE7] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 22:29:03.) — C:Windowssystem32Driversvolsnap.sys [245632]
    ~ Generic Processes: Scanned in 00mn 01s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/14
    ~ Mes musiques (My Musics) : 1/13
    ~ Mes Favoris (My Favorites) : 1/3
    ~ Mes Documents (My Documents) : 2/157
    ~ Mon Bureau (My Desktop) : 1/11
    ~ Menu demarrer (Programs) : 1/36
    ~ Hidden Files: Scanned in 00mn 01s

    —\ Processus lancés
    [MD5.5CA0EB9538C6ACEBDC3593FC53527B9D] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastavastui.exe [3890208] [PID.1976]
    [MD5.51138BEEA3E2C21EC44D0932C71762A8] – (…) — ystem32rundll32.exe [0] [PID.6000]
    [MD5.1936C4FB4887DBD02AEBE1F1A62D93B6] – (.EJIE Technology – Clover.) — C:Program FilesCloverclover.exe [891392] [PID.5648]
    [MD5.1620FE36666F4BBC2314B7F360FB1965] – (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe [860488] [PID.1660]
    [MD5.F5546A846F16DB4578DF72F30AACB1FC] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8066560] [PID.4372]
    ~ Processes Running: Scanned in 00mn 01s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultPreferences
    G1 – GCS: Preference [User DataDefault] None
    G2 – GCE: Preference [User DataDefault] [ahfgeienlihckogmohjhadlkjgocpleb] Google Store v.0.2 (Activé)
    G2 – GCE: Preference [User DataDefault] [aohghmighlieiainnegkcijnfilokake] Documents Google v.0.6 (Activé)
    G2 – GCE: Preference [User DataDefault] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
    G2 – GCE: Preference [User DataDefault] [blpcfgokakmgnkcojhhkbfbldkacnbeo] YouTube v.4.2.6 (Activé)
    G2 – GCE: Preference [User DataDefault] [coobgpohoikkiipiblmjeljniedjpjpf] Recherche Google v.0.0.0.20 (Activé)
    G2 – GCE: Preference [User DataDefault] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [ennkphjdgehloodpbhlhldgbnhmacadg] Settings v.0.2 (Activé)
    G2 – GCE: Preference [User DataDefault] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [gighmmpiobklfepjocnamgkkbiglidom] AdBlock v.2.6.37, (Activé)
    G2 – GCE: Preference [User DataDefault] [gomekmidlodglbbmalcneegieacbdmki] avast! Online Security v.9.0.2018.95, (Activé)
    G2 – GCE: Preference [User DataDefault] [kjccbiogefimbmiolonpolpgpcfempll] Savee net v.5.14 (Désactivé) =>PUP.SaveNet
    G2 – GCE: Preference [User DataDefault] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [mgndgikekgjfcpckkfioiadnlibdjbkf] Chrome v.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activé)

    —\ Liste des dossiers d’extension Google Chrome
    G2 – EXT: C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [Documents Google]
    G2 – EXT: C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [Google Drive]
    G2 – EXT: C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [YouTube]
    G2 – EXT: C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf [Recherche Google]
    G2 – EXT: C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensionsgighmmpiobklfepjocnamgkkbiglidom [AdBlock]
    G2 – EXT: C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensionsgomekmidlodglbbmalcneegieacbdmki [avast! Online Security]
    G2 – EXT: C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensionskjccbiogefimbmiolonpolpgpcfempll [Savee net] =>PUP.SaveNet
    G2 – EXT: C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [Google Wallet]
    G2 – EXT: C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [Gmail]
    ~ Google Lines Browser: 27 Scanned in 00mn 15s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    M0 – MFSP: prefs.js [OPERATEUR – f2ibh1gc.default] http://fr.yahoo.com » onclick= »window.open(this.href);return false;
    M2 – MFEP: prefs.js [OPERATEUR – f2ibh1gc.default{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v2.5.9.20130411104515 (..)
    P2 – FPN:Firefox Plugin Navigator . (.Microsoft Corporation – The plugin allows you to have a better experience with Microsoft Lync.) — C:Program FilesMozilla FirefoxPluginsnpMeetingJoinPluginOC.dll
    P2 – FPN: [HKLM] [@adobe.com/FlashPlayer] – (…) — C:Windowssystem32MacromedFlashNPSWF32.dll
    P2 – FPN: [HKLM] [@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf] – (.Foxit Corporation – Foxit Reader Plug-In For Firefox and Netscape.) — C:Program FilesFoxit SoftwareFoxit ReaderpluginsnpFoxitReaderPlugin.dll
    P2 – FPN: [HKLM] [@java.com/DTPlugin,version=1.6.0_37] – (.Sun Microsystems, Inc. – NPRuntime Script Plug-in Library for Java(TM) Deploy.) — C:Windowssystem32npdeployJava1.dll
    P2 – FPN: [HKLM] [@java.com/JavaPlugin] – (.Sun Microsystems, Inc. – Next Generation Java Plug-in 1.6.0_37 for Mozilla browsers.) — C:Program FilesJavajre6binplugin2npjp2.dll
    P2 – FPN: [HKLM] [@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6] – (.Yahoo! Inc. – Yahoo Application State Plugin version 1.0.0.7.) — C:Program FilesYahoo!SharednpYState.dll
    P2 – FPN: [HKLM] [@microsoft.com/Lync,version=15.0] – (.Microsoft Corporation – The plugin allows you to have a better experience with Microsoft Lync.) — C:Program FilesMozilla Firefoxpluginsnpmeetingjoinpluginoc.dll
    P2 – FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] – (.Microsoft Corporation – The plugin allows you to have a better experience with Microsoft Share.) — C:Program FilesMicrosoft OfficeOffice15NPSPWRAP.dll
    P2 – FPN: [HKLM] [@tools.google.com/Google Update;version=3] – (.Google Inc. – Google Update.) — C:Program FilesGoogleUpdate1.3.24.7npGoogleUpdate3.dll
    P2 – FPN: [HKLM] [@tools.google.com/Google Update;version=9] – (.Google Inc. – Google Update.) — C:Program FilesGoogleUpdate1.3.24.7npGoogleUpdate3.dll
    P2 – FPN: [HKLM] [@videolan.org/vlc,version=2.0.8] – (.VideoLAN – VLC media player Web Plugin 2.1.3.) — C:Program FilesVideoLANVLCnpvlc.dll =>.VideoLAN
    P2 – FPN: [HKLM] [@videolan.org/vlc,version=2.1.3] – (.VideoLAN – VLC media player Web Plugin 2.1.3.) — C:Program FilesVideoLANVLCnpvlc.dll =>.VideoLAN
    ~ Firefox Browser: 15 Scanned in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://fr.yahoo.com » onclick= »window.open(this.href);return false;
    R0 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://fr.yahoo.com » onclick= »window.open(this.href);return false;
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com » onclick= »window.open(this.href);return false;
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com » onclick= »window.open(this.href);return false;
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://fr.yahoo.com » onclick= »window.open(this.href);return false;
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Extensions Off Page = about:noadd-ons
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Security Risk Page = about:securityrisk
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com » onclick= »window.open(this.href);return false;
    R3 – URLSearchHook: Microsoft Url Search Hook – {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.VideoLAN – VLC media player Web Plugin 2.1.3.) (No version) — (.not file.) =>.VideoLAN
    R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.VideoLAN – VLC media player Web Plugin 2.1.3.) (No version) — (.not file.) =>.VideoLAN
    R4 – HKLMSOFTWAREMicrosoftInternet ExplorerPhishingFilter,EnabledV8 = 0
    ~ IE Browser: 11 Scanned in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Browser Helper Objects de navigateur (O2)
    O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} . (.Yahoo! Inc. – Yahoo! Toolbar.) — C:Program FilesYahoo!CompanionInstallscpnyt.dll
    O2 – BHO: HP Print Enhancer – {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. – HP Smart Web Printing add-on for Internet E.) — C:Program FilesHPDigital ImagingSmart Web Printinghpswp_printenhancer.dll
    O2 – BHO: Lync Click to Call BHO – {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation – Microsoft Lync.) — C:Program FilesMicrosoft OfficeOffice15OCHelper.dll
    O2 – BHO: Java(tm) Plug-In SSV Helper – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. – Java(TM) Platform SE binary.) — C:Program FilesJavajre6binssv.dll
    O2 – BHO: avast! Online Security – {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software – IE Webrep plugin.) — C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll
    O2 – BHO: URLRedirectionBHO – {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation – Microsoft Office Document Cache Handler.) — C:Program FilesMicrosoft OfficeOffice15URLREDIR.dll
    O2 – BHO: Microsoft SkyDrive Pro Browser Helper – {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} . (.Microsoft Corporation – Microsoft OneDrive for Business Extensions.) — C:Program FilesMicrosoft OfficeOffice15GROOVEEX.dll =>.Microsoft Corporation
    O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. – Java(TM) Platform SE binary.) — C:Program FilesJavajre6binjp2ssv.dll
    O2 – BHO: TabExplorerHelper – {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} . (.EJIE Technology – Clover Tab Explorer Helper.) — C:Program FilesCloverTabHelper32.dll
    O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} . (.Yahoo! Inc – Yahoo! Single Instance for Mail.) — C:Program FilesYahoo!CompanionInstallscpnYTSingleInstance.dll
    O2 – BHO: HP Smart BHO Class – {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. – HP Smart Web Printing add-on for Internet E.) — C:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll
    ~ BHO: 22 Scanned in 00mn 00s

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: Yahoo! Toolbar – [HKLM]{EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Yahoo! Inc. – Yahoo! Toolbar.) — C:Program FilesYahoo!CompanionInstallscpnyt.dll
    ~ Toolbar: Scanned in 00mn 00s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [SoundMan] . (.Realtek Semiconductor Corp. – Realtek Sound Manager.) — C:WindowsSOUNDMAN.exe
    O4 – HKLM..Run: [YSearchProtection] . (.Yahoo! Inc – Yahoo! Application.) — C:Program FilesYahoo!Search ProtectionSearchProtection.exe
    O4 – HKLM..Run: [HP Software Update] . (.Hewlett-Packard – hpwuSchd Application.) — C:Program FilesHPHP Software UpdateHPWuSchd2.exe =>.Hewlett-Packard Co
    O4 – HKLM..Run: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
    O4 – HKLM..Run: [VMonitorVMUVC] . (.Vimicro Corporation – Monitor SnapShot Button.) — C:Program FilesVimicro CorporationVMUVCVMonitor.exe
    O4 – HKLM..Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKCU..Run: [SuperCopier2.exe] . (.SFX TEAM – SuperCopier 2 (explorer file copy replaceme.) — C:Program FilesSuperCopier2SuperCopier2.exe
    O4 – HKCU..Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. – Yahoo! Messenger.) — C:Program FilesYahoo!MessengerYahooMessenger.exe
    O4 – HKCU..Run: [Search Protection] . (.Yahoo! Inc – Yahoo! Application.) — C:Program FilesYahoo!Search ProtectionSearchProtection.exe
    O4 – HKCU..Run: [InternetCalls] C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe (.not file.)
    O4 – HKCU..Run: [VoipConnect] C:Program FilesVoipConnect.comVoipConnectVoipConnect.exe (.not file.)
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-4055012067-1499113417-2862841071-1000..Run: [SuperCopier2.exe] . (.SFX TEAM – SuperCopier 2 (explorer file copy replaceme.) — C:Program FilesSuperCopier2SuperCopier2.exe
    O4 – HKUSS-1-5-21-4055012067-1499113417-2862841071-1000..Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. – Yahoo! Messenger.) — C:Program FilesYahoo!MessengerYahooMessenger.exe
    O4 – HKUSS-1-5-21-4055012067-1499113417-2862841071-1000..Run: [Search Protection] . (.Yahoo! Inc – Yahoo! Application.) — C:Program FilesYahoo!Search ProtectionSearchProtection.exe
    O4 – HKUSS-1-5-21-4055012067-1499113417-2862841071-1000..Run: [InternetCalls] C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe (.not file.)
    O4 – HKUSS-1-5-21-4055012067-1499113417-2862841071-1000..Run: [VoipConnect] C:Program FilesVoipConnect.comVoipConnectVoipConnect.exe (.not file.)
    ~ Application: Scanned in 00mn 00s

    —\ Invisibilité de l’icône d’options IE dans le panneau de Configuration (O5)
    O5 – control.ini: [HKLM..Control Panel] inetcpl.cpl=no
    ~ IE Control Panel: 1 Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: &Envoyer à OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~2Office15ONBttnIE.dll =>.Microsoft Corporation
    O9 – Extra button: Cliquer pour appeler Lync – {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation – Microsoft Lync.) — C:Program FilesMicrosoft OfficeOffice15lync.exe
    O9 – Extra button: Notes &liées OneNote – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~2Office15ONBTTN~1.dll =>.Microsoft Corporation
    O9 – Extra button: Afficher ou masquer l’HP Smart Web Printing – {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. – HP Smart Web Printing add-on for Internet Explorer.) — C:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Winsock hijacker (Layered Service Provider) (O10)
    O10 – WLSP:00000000001Winsock LSP File . (.Microsoft Corporation – Network Location Awareness 2.) — C:Windowssystem32NLAapi.dll
    O10 – WLSP:00000000002Winsock LSP File . (.Microsoft Corporation – Fournisseur Shim d’affectation de noms de messagerie.) — C:Windowssystem32napinsp.dll
    O10 – WLSP:00000000003Winsock LSP File . (.Microsoft Corporation – Fournisseur d’espace de noms PNRP.) — C:Windowssystem32pnrpnsp.dll
    O10 – WLSP:00000000004Winsock LSP File . (.Microsoft Corporation – Fournisseur d’espace de noms PNRP.) — C:Windowssystem32pnrpnsp.dll
    O10 – WLSP:00000000005Winsock LSP File . (.Microsoft Corporation – Fournisseur de service Sockets 2.0 de Microsoft Windows.) — C:Windowssystem32mswsock.dll =>.Microsoft Corporation
    O10 – WLSP:00000000006Winsock LSP File . (.Microsoft Corporation – LDAP RnR Provider DLL.) — C:Windowssystem32winrnr.dll
    O10 – WLSP:00000000007Winsock LSP File . (.Apple Inc. – Bonjour Namespace Provider.) — C:Program FilesBonjourmdnsNSP.dll
    ~ Winsock: 7 Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{09D9E5A6-7D73-4CF1-A3BB-188E01ED2F4C}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{5A9FDEF4-0968-4ED1-AF8D-736C13504513}: DhcpNameServer = 109.88.203.3 62.197.111.140
    O17 – HKLMSystemCCSServicesTcpip..{9E1D9BA8-8D45-4E44-B5FB-1323A4F5CE1A}: DhcpNameServer = 109.88.203.3 62.197.111.140
    O17 – HKLMSystemCS1ServicesTcpip..{09D9E5A6-7D73-4CF1-A3BB-188E01ED2F4C}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{5A9FDEF4-0968-4ED1-AF8D-736C13504513}: DhcpNameServer = 109.88.203.3 62.197.111.140
    O17 – HKLMSystemCS1ServicesTcpip..{9E1D9BA8-8D45-4E44-B5FB-1323A4F5CE1A}: DhcpNameServer = 109.88.203.3 62.197.111.140
    O17 – HKLMSystemCS2ServicesTcpip..{09D9E5A6-7D73-4CF1-A3BB-188E01ED2F4C}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{5A9FDEF4-0968-4ED1-AF8D-736C13504513}: DhcpNameServer = 109.88.203.3 62.197.111.140
    O17 – HKLMSystemCS2ServicesTcpip..{9E1D9BA8-8D45-4E44-B5FB-1323A4F5CE1A}: DhcpNameServer = 109.88.203.3 62.197.111.140
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: vbscript – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Microsoft (R) HTML Viewer.) — C:WindowsSystem32mshtml.dll
    O18 – Filter: text/xml – {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE15MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
    O21 – SSODL: WebCheck – {E6FB5E20-DE35-11CF-9C87-00AA005127ED} – CLSID or File not found.
    ~ SSODL: 1 Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: Advantage Database Server (Advantage) . (.iAnywhere Solutions, Inc. – Advantage Database Server.) – C:Program FilesAdvantage 9.10ServerADS.exe
    O23 – Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software – avast! Service.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    O23 – Service: Service Bonjour (Bonjour Service) . (.Apple Inc. – Bonjour Service.) – C:Program FilesBonjourmDNSResponder.exe
    O23 – Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. – Programme d’installation de Google.) – C:Program FilesGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O23 – Service: NVIDIA Driver Helper Service (NVSvc) . (.NVIDIA Corporation – NVIDIA Driver Helper Service, Version 270.6.) – C:WindowsSystem32nvvsvc.exe
    O23 – Service: PandoraService (PanService) . (.Pandora.TV – Pandora.TV service file.) – C:Program FilesPANDORA.TVPanServiceKMPService.exe
    ~ Services: 6 Scanned in 00mn 09s

    —\ Enumération Active Desktop & MHTML Editor (O24)
    O24 – Default MHTML Editor: Last – .(…) – (.not file.)
    ~ Desktop Component: 4 Scanned in 00mn 00s

    —\ Enumère les données de BootExecute (BEX) (O34)
    O34 – HKLM BootExecute: (autocheck autochk *) – File not found
    ~ BEX: 1 Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    [MD5.9E76CDD50C3DDDB739150D778EEC0B93] [APT] [avast! Emergency Update] (.AVAST Software.) — C:Program FilesAVAST SoftwareAvastAvastEmUpdate.exe [804304]
    [MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) — C:Program FilesGoogleUpdateGoogleUpdate.exe [116648]
    [MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) — C:Program FilesGoogleUpdateGoogleUpdate.exe [116648]
    [MD5.C155A13687144076286989EF078112C2] [APT] [{744CC284-81A3-4B86-A2A5-886AD3818992}] (.Nicolas Coolman.) — C:Program FilesZHPDiagZHPFixZHPhep.exe [1917440]
    [MD5.34EBD4FF6A24D86BB4716D6AFCC1A89B] [APT] [AppleSoftwareUpdate] (.Apple Inc..) — C:Program FilesApple Software UpdateSoftwareUpdate.exe [561984]
    O39 – APT: GoogleUpdateTaskMachineCore – (.Google Inc..) — C:WindowsTasksGoogleUpdateTaskMachineCore.job [1058]
    O39 – APT: GoogleUpdateTaskMachineCore – (.Google Inc..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1058]
    O39 – APT: GoogleUpdateTaskMachineUA – (.Google Inc..) — C:WindowsTasksGoogleUpdateTaskMachineUA.job [1062]
    O39 – APT: GoogleUpdateTaskMachineUA – (.Google Inc..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1062]
    ~ Scheduled Task: 10 Scanned in 00mn 09s

    —\ Composants installés (ActiveSetup Installed Components) (O40)
    O40 – ASIC: Microsoft Windows Media Player – >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation – Ressources du Lecteur Windows Media.) — C:WindowsSystem32wmploc.dll =>.Microsoft Corporation
    O40 – ASIC: Internet Explorer – >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation – IE Per-User Initialization Utility.) — C:WindowsSystem32ie4uinit.exe
    O40 – ASIC: Browser Customizations – >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation – IEAK branding.) — C:WindowsSystem32iedkcs32.dll
    O40 – ASIC: Java (Sun) – {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. – Java(TM) Platform SE binary.) — C:Program FilesJavajre6binregutils.dll
    O40 – ASIC: Microsoft Windows Media Player 12.0 – {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation – Windows Media Player Extension.) — C:WindowsSystem32wmpdxm.dll =>.Microsoft Corporation
    O40 – ASIC: Themes Setup – {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation – API Windows Theme.) — C:WindowsSystem32themeui.dll
    O40 – ASIC: Microsoft Windows – {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation – Windows Mail.) — C:Program FilesWindows MailWinMail.exe =>.Microsoft Corporation
    O40 – ASIC: Browsing Enhancements – {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation – Extension Shell dossier FTP Microsoft Internet Explorer..) — C:WindowsSystem32msieftp.dll
    O40 – ASIC: Microsoft Windows Media Player – {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation – Ressources du Lecteur Windows Media.) — C:WindowsSystem32wmploc.dll =>.Microsoft Corporation
    O40 – ASIC: Windows Desktop Update – {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation – DLL commune du shell Windows.) — C:WindowsSystem32shell32.dll
    O40 – ASIC: Web Platform Customizations – {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation – IE Per-User Initialization Utility.) — C:WindowsSystem32ie4uinit.exe
    O40 – ASIC: (no name) – {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation – Microsoft .NET IE SECURITY REGISTRATION.) — C:Windowssystem32mscories.dll
    O40 – ASIC: Google Chrome – {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. – Google Chrome Installer.) — C:Program FilesGoogleChromeApplication35.0.1916.114Installerchrmstp.exe
    ~ Active Setup: 13 Scanned in 00mn 01s

    —\ Pilotes lancés au démarrage du système (O41)
    O41 – Driver: C:WindowsSystem32driversafd.sys (AFD) . (.Microsoft Corporation – Ancillary Function Driver for WinSock.) – C:Windowssystem32driversafd.sys
    O41 – Driver: (aswRdr) . (.AVAST Software – avast! WFP Redirect Driver.) – C:Windowssystem32driversaswRdr2.sys
    O41 – Driver: (aswSnx) . (.AVAST Software – avast! Virtualization Driver.) – C:Windowssystem32driversaswSnx.sys
    O41 – Driver: (aswSP) . (.AVAST Software – avast! self protection module.) – C:Windowssystem32driversaswSP.sys
    O41 – Driver: (blbdrive) . (.Microsoft Corporation – BLB Drive Driver.) – C:WindowsSystem32DRIVERSblbdrive.sys
    O41 – Driver: (cdrom) . (.Microsoft Corporation – SCSI CD-ROM Driver.) – C:WindowsSystem32DRIVERScdrom.sys
    O41 – Driver: C:WindowsSystem32cscsvc.dll (CSC) . (.Microsoft Corporation – Windows Client Side Caching Driver.) – C:WindowsSystem32driverscsc.sys
    O41 – Driver: C:WindowsSystem32driversdfsc.sys (DfsC) . (.Microsoft Corporation – DFS Namespace Client Driver.) – C:WindowsSystem32Driversdfsc.sys
    O41 – Driver: C:WindowsSystem32driversdiscache.sys (discache) . (.Microsoft Corporation – System Indexer/Cache Driver.) – C:WindowsSystem32driversdiscache.sys
    O41 – Driver: (mssmbios) . (.Microsoft Corporation – System Management BIOS Driver.) – C:WindowsSystem32DRIVERSmssmbios.sys
    O41 – Driver: (NetBIOS) . (.Microsoft Corporation – NetBIOS interface driver.) – C:WindowsSystem32DRIVERSnetbios.sys
    O41 – Driver: C:WindowsSystem32driversnetbt.sys (NetBT) . (.Microsoft Corporation – MBT Transport driver.) – C:WindowsSystem32DRIVERSnetbt.sys
    O41 – Driver: C:WindowsSystem32driversnsiproxy.sys (nsiproxy) . (.Microsoft Corporation – NSI Proxy.) – C:WindowsSystem32driversnsiproxy.sys
    O41 – Driver: C:WindowsSystem32driverspacer.sys (Psched) . (.Microsoft Corporation – Planificateur de paquets QoS.) – C:WindowsSystem32DRIVERSpacer.sys
    O41 – Driver: C:WindowsSystem32wkssvc.dll (rdbss) . (.Microsoft Corporation – Pilote du sous-système de mise en mémoire t.) – C:WindowsSystem32DRIVERSrdbss.sys
    O41 – Driver: C:WindowsSystem32DRIVERSRDPCDD.sys (RDPCDD) . (.Microsoft Corporation – RDP Miniport.) – C:WindowsSystem32DRIVERSRDPCDD.sys
    O41 – Driver: C:WindowsSystem32driversRDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation – RDP Encoder Miniport.) – C:WindowsSystem32driversrdpencdd.sys
    O41 – Driver: C:WindowsSystem32driversRdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation – RDP Reflector Driver Miniport.) – C:WindowsSystem32driversrdprefmp.sys
    O41 – Driver: (Serial) . (.Microsoft Corporation – Pilote de périphérique série.) – C:WindowsSystem32DRIVERSserial.sys
    O41 – Driver: C:WindowsSystem32tcpipcfg.dll (tdx) . (.Microsoft Corporation – TDI Translation Driver.) – C:WindowsSystem32DRIVERStdx.sys
    O41 – Driver: (TermDD) . (.Microsoft Corporation – Remote Desktop Server Driver.) – C:WindowsSystem32DRIVERStermdd.sys
    O41 – Driver: (VgaSave) . (.Microsoft Corporation – VGA/Super VGA Video Driver.) – C:Windowssystem32driversvga.sys
    O41 – Driver: C:WindowsSystem32rascfg.dll (Wanarpv6) . (.Microsoft Corporation – MS Remote Access and Routing ARP Driver.) – C:WindowsSystem32DRIVERSwanarp.sys
    O41 – Driver: (WfpLwf) . (.Microsoft Corporation – WFP NDIS 6.20 Lightweight Filter Driver.) – C:WindowsSystem32DRIVERSwfplwf.sys
    ~ Drivers: 72 Scanned in 00mn 01s

    —\ Logiciels installés (O42)
    O42 – Logiciel: 32 Bit HP CIO Components Installer – (.Hewlett-Packard.) [HKLM] — {60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}
    O42 – Logiciel: Advantage Database Server for Windows v9.10 – (.iAnywhere, Inc..) [HKLM] — {0DE5137F-581B-448C-AF70-9498EF364E34}
    O42 – Logiciel: Aiseesoft Convertisseur Vidéo Total Platinum 6.3.22 – (…) [HKLM] — {3661F243-518C-4d05-8BDF-7B10CC22689F}_is1
    O42 – Logiciel: Analyzed – (.Marko Mihovilic.) [HKLM] — Analyzed_is1
    O42 – Logiciel: Apple Software Update – (.Apple Inc..) [HKLM] — {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} =>.Apple Inc
    O42 – Logiciel: BOB 50 – (…) [HKLM] — {A88321FF-A50F-4C79-BE65-0BA25317341F}
    O42 – Logiciel: Bonjour – (.Apple Inc..) [HKLM] — {79155F2B-9895-49D7-8612-D92580E0DE5B}
    O42 – Logiciel: Canyon USB2.0 PC Camera – (.Vimicro Corp..) [HKLM] — {71A51A91-E7D3-11DB-A386-005056C00008}
    O42 – Logiciel: Clover 3.0 – (…) [HKLM] — Clover
    O42 – Logiciel: Dropbox – (.Dropbox, Inc..) [HKCU] — Dropbox
    O42 – Logiciel: Foxit Reader – (.Foxit Corporation.) [HKLM] — {BDDF6AEE-7AD7-4CDA-B57F-5BDF9417AD4F}
    O42 – Logiciel: Google Chrome – (.Google Inc..) [HKLM] — Google Chrome
    O42 – Logiciel: Google Update Helper – (.Google Inc..) [HKLM] — {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    O42 – Logiciel: HP Customer Participation Program 14.0 – (.HP.) [HKLM] — HPExtendedCapabilities
    O42 – Logiciel: HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 – (.HP.) [HKLM] — {819CA3BC-2FF8-4811-B42F-421F7BFD3559}
    O42 – Logiciel: HP Imaging Device Functions 14.0 – (.HP.) [HKLM] — HP Imaging Device Functions
    O42 – Logiciel: HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 – (.HP.) [HKLM] — {014E482A-0C27-47E3-BA82-307E9DCA2F47} =>.Hewlett-Packard Co
    O42 – Logiciel: HP Smart Web Printing 4.60 – (.HP.) [HKLM] — HP Smart Web Printing
    O42 – Logiciel: HP Solution Center 14.0 – (.HP.) [HKLM] — HP Solution Center & Imaging Support Tools
    O42 – Logiciel: HP Update – (.Hewlett-Packard.) [HKLM] — {74DC0593-6BC6-4001-AD5F-D810AFB68D86}
    O42 – Logiciel: Java(TM) 6 Update 37 – (.Oracle.) [HKLM] — {26A24AE4-039D-4CA4-87B4-2F83216037FF}
    O42 – Logiciel: K-Lite Codec Pack 8.4.0 (Full) – (…) [HKLM] — KLiteCodecPack_is1
    O42 – Logiciel: KMP Service – (.KMP.) [HKLM] — 4F6D5E84-5826-4394-9F40-3A9A19165651_is1
    O42 – Logiciel: Microsoft Access MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0015-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Access MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0015-040C-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Access Setup Metadata MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0117-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft DCF MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0090-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft DCF MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0090-040C-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Excel MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0016-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Excel MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0016-040C-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Groove MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-00BA-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Groove MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-00BA-040C-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft InfoPath MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0044-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft InfoPath MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0044-040C-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Lync MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-012B-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Lync MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-012B-040C-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft OneNote MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-00A1-0409-0000-0000000FF1CE} =>.Microsoft Corporation
    O42 – Logiciel: Microsoft OneNote MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-00A1-040C-0000-0000000FF1CE} =>.Microsoft Corporation
    O42 – Logiciel: Microsoft Outlook MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-001A-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Outlook MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-001A-040C-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft PowerPoint MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0018-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft PowerPoint MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0018-040C-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Publisher MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0019-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Publisher MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0019-040C-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Word MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-001B-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Word MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-001B-040C-0000-0000000FF1CE}
    O42 – Logiciel: Mozilla Firefox 27.0.1 (x86 fr) – (.Mozilla.) [HKLM] — Mozilla Firefox 27.0.1 (x86 fr)
    O42 – Logiciel: Mozilla Maintenance Service – (.Mozilla.) [HKLM] — MozillaMaintenanceService
    O42 – Logiciel: Realtek AC’97 Audio – (…) [HKLM] — {FB08F381-6533-4108-B7DD-039E11FBC27E}
    O42 – Logiciel: Shop for HP Supplies – (.HP.) [HKLM] — Shop for HP Supplies
    O42 – Logiciel: SuperCopier2 – (…) [HKLM] — SuperCopier2
    O42 – Logiciel: The KMPlayer (remove only) – (.KMP Media co., Ltd.) [HKLM] — The KMPlayer
    O42 – Logiciel: VLC media player 2.1.3 – (.VideoLAN.) [HKLM] — VLC media player =>.VideoLAN
    O42 – Logiciel: WinDjView 1.0.3 – (.Andrew Zhezherun.) [HKLM] — WinDjView
    O42 – Logiciel: WinRAR 4.00 (32-bit) – (.win.rar GmbH.) [HKLM] — WinRAR archiver
    O42 – Logiciel: XMind 2012 (v3.3.1) – (.XMind Ltd..) [HKLM] — XMind_is1
    O42 – Logiciel: Yahoo! Messenger – (.Yahoo! Inc..) [HKLM] — Yahoo! Messenger
    O42 – Logiciel: Yahoo! Search Protection – (…) [HKLM] — Yahoo! Search Defender
    O42 – Logiciel: Yahoo! Software Update – (…) [HKLM] — Yahoo! Software Update
    O42 – Logiciel: Yahoo! Toolbar – (…) [HKLM] — Yahoo! Companion
    O42 – Logiciel: avast! Free Antivirus v9.0.2018 – (.Avast Software.) [HKLM] — Avast
    ~ Logic: 43 Scanned in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareAVAST Software]
    [HKCUSoftwareAdvantage 9.10 Links]
    [HKCUSoftwareAiseesoft Studio]
    [HKCUSoftwareAppDataLowSoftwareYahoo]
    [HKCUSoftwareAppDataLow]
    [HKCUSoftwareApple Inc.]
    [HKCUSoftwareBOB 50]
    [HKCUSoftwareBitTorrent] =>P2P.BitTorrent
    [HKCUSoftwareClasses]
    [HKCUSoftwareClients]
    [HKCUSoftwareClover]
    [HKCUSoftwareDRPSu Updater]
    [HKCUSoftwareFoxit Software]
    [HKCUSoftwareFroggie]
    [HKCUSoftwareGNU]
    [HKCUSoftwareGabest]
    [HKCUSoftwareGoogle]
    [HKCUSoftwareHP]
    [HKCUSoftwareHaali]
    [HKCUSoftwareHewlett-Packard]
    [HKCUSoftwareIM Providers]
    [HKCUSoftwareInternetCalls]
    [HKCUSoftwareJavaSoft]
    [HKCUSoftwareKMPlayer]
    [HKCUSoftwareLAV]
    [HKCUSoftwareLocal AppWizard-Generated Applications]
    [HKCUSoftwareMacromedia]
    [HKCUSoftwareMediaInfo]
    [HKCUSoftwareMozillaPlugins]
    [HKCUSoftwareMozilla]
    [HKCUSoftwareNVIDIA Corporation]
    [HKCUSoftwareNetscape]
    [HKCUSoftwareODBC]
    [HKCUSoftwareOpera Software]
    [HKCUSoftwarePolicies]
    [HKCUSoftwareRealtek]
    [HKCUSoftwareSFX TEAM]
    [HKCUSoftwareSoftonic] =>Toolbar.Conduit
    [HKCUSoftwareTorch]
    [HKCUSoftwareUsbFix]
    [HKCUSoftwareWinRAR SFX]
    [HKCUSoftwareWinRAR]
    [HKCUSoftwareYahoo]
    [HKCUSoftwaredrpsu]
    [HKCUSoftwaremadFlac]
    [HKCUSoftwaremadshi]
    [HKLMSoftwareATI Technologies]
    [HKLMSoftwareAVAST Software]
    [HKLMSoftwareApple Inc.]
    [HKLMSoftwareBOB Software]
    [HKLMSoftwareCBSTEST]
    [HKLMSoftwareClasses]
    [HKLMSoftwareClients]
    [HKLMSoftwareFoxit Software]
    [HKLMSoftwareGNU]
    [HKLMSoftwareGabest]
    [HKLMSoftwareGoogle]
    [HKLMSoftwareHaaliMkx]
    [HKLMSoftwareHewlett-Packard]
    [HKLMSoftwareICE]
    [HKLMSoftwareIM Providers]
    [HKLMSoftwareIntel]
    [HKLMSoftwareInterVideo]
    [HKLMSoftwareInternet Download Manager]
    [HKLMSoftwareJavaSoft]
    [HKLMSoftwareJreMetrics]
    [HKLMSoftwareKLCodecPack]
    [HKLMSoftwareKMPlayer]
    [HKLMSoftwareKhronos]
    [HKLMSoftwareLAV]
    [HKLMSoftwareMacromedia]
    [HKLMSoftwareMozillaPlugins]
    [HKLMSoftwareMozilla]
    [HKLMSoftwareNVIDIA Corporation]
    [HKLMSoftwareODBC]
    [HKLMSoftwarePandora.TV]
    [HKLMSoftwarePolicies]
    [HKLMSoftwareRealtek]
    [HKLMSoftwareRegisteredApplications]
    [HKLMSoftwareSRS Labs]
    [HKLMSoftwareSage]
    [HKLMSoftwareSonic]
    [HKLMSoftwareTorch]
    [HKLMSoftwareVideoLAN]
    [HKLMSoftwareVimicro Corp.]
    [HKLMSoftwareVimicro Corporation]
    [HKLMSoftwareWOW6432Node]
    [HKLMSoftwareWinRAR]
    [HKLMSoftwareXMind Ltd]
    [HKLMSoftwareYahoo]
    [HKLMSoftwaremozilla.org]
    [HKLMSoftwarevimicro]
    ~ Key Software: 198 Scanned in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 25/05/2014 – 21:33:34 – [] —-D C:Program FilesAdvantage 9.10
    O43 – CFD: 06/03/2014 – 18:14:39 – [] —-D C:Program FilesAiseesoft Studio
    O43 – CFD: 06/03/2014 – 17:53:40 – [] —-D C:Program FilesAmbalaGurpreet
    O43 – CFD: 06/03/2014 – 18:16:04 – [] —-D C:Program FilesApple Software Update =>.Apple Inc
    O43 – CFD: 20/04/2014 – 16:34:46 – [] —-D C:Program FilesAVAST Software
    O43 – CFD: 06/03/2014 – 18:16:42 – [] —-D C:Program FilesBonjour
    O43 – CFD: 06/03/2014 – 18:07:10 – [] —-D C:Program FilesClover
    O43 – CFD: 25/05/2014 – 21:33:54 – [] —-D C:Program FilesCommon Files
    O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesDVD Maker
    O43 – CFD: 06/03/2014 – 18:29:44 – [] —-D C:Program FilesFoxit Software
    O43 – CFD: 06/03/2014 – 21:04:08 – [] —-D C:Program FilesGoogle
    O43 – CFD: 20/04/2014 – 17:40:57 – [] —-D C:Program FilesHP
    O43 – CFD: 25/05/2014 – 21:34:00 – [] –H-D C:Program FilesInstallShield Installation Information
    O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesInternet Explorer
    O43 – CFD: 11/05/2014 – 18:56:39 – [] —-D C:Program FilesJava
    O43 – CFD: 06/03/2014 – 18:29:32 – [] —-D C:Program FilesK-Lite Codec Pack
    O43 – CFD: 08/03/2014 – 10:08:00 – [] —-D C:Program FilesMicrosoft Analysis Services
    O43 – CFD: 12/04/2011 – 04:24:27 – [] —-D C:Program FilesMicrosoft Games
    O43 – CFD: 08/03/2014 – 10:12:11 – [] —-D C:Program FilesMicrosoft Office
    O43 – CFD: 08/03/2014 – 10:13:32 – [] —-D C:Program FilesMicrosoft SQL Server
    O43 – CFD: 08/03/2014 – 10:53:58 – [] —-D C:Program FilesMicrosoft.NET
    O43 – CFD: 11/05/2014 – 18:57:40 – [] —-D C:Program FilesMozilla Firefox
    O43 – CFD: 11/03/2014 – 18:57:28 – [] —-D C:Program FilesMozilla Maintenance Service
    O43 – CFD: 14/07/2009 – 06:52:30 – [] —-D C:Program FilesMSBuild
    O43 – CFD: 06/03/2014 – 18:24:58 – [] —-D C:Program FilesNVIDIA Corporation
    O43 – CFD: 20/04/2014 – 00:56:37 – [] —-D C:Program FilesOpera
    O43 – CFD: 06/03/2014 – 18:09:37 – [] —-D C:Program FilesPANDORA.TV
    O43 – CFD: 14/07/2009 – 06:52:30 – [] —-D C:Program FilesReference Assemblies
    O43 – CFD: 06/03/2014 – 18:14:04 – [] —-D C:Program FilesSuperCopier2
    O43 – CFD: 06/03/2014 – 18:09:10 – [] —-D C:Program FilesThe KMPlayer
    O43 – CFD: 14/07/2009 – 06:53:23 – [0] —-D C:Program FilesUninstall Information
    O43 – CFD: 06/03/2014 – 18:08:04 – [] —-D C:Program FilesVideoLAN
    O43 – CFD: 20/04/2014 – 18:12:09 – [] —-D C:Program FilesVimicro Corporation
    O43 – CFD: 06/03/2014 – 18:30:01 – [] —-D C:Program FilesWinDjView
    O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesWindows Defender
    O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesWindows Journal
    O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesWindows Mail =>.Microsoft Corporation
    O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesWindows Media Player =>.Microsoft Corporation
    O43 – CFD: 14/07/2009 – 06:52:30 – [] —-D C:Program FilesWindows NT
    O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesWindows Photo Viewer
    O43 – CFD: 20/11/2010 – 23:33:48 – [] —-D C:Program FilesWindows Portable Devices
    O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesWindows Sidebar
    O43 – CFD: 06/03/2014 – 18:13:51 – [] —-D C:Program FilesWinRAR
    O43 – CFD: 11/05/2014 – 19:14:22 – [] —-D C:Program FilesXMind
    O43 – CFD: 20/04/2014 – 17:41:46 – [] —-D C:Program FilesYahoo!
    O43 – CFD: 09/06/2014 – 14:26:21 – [] —-D C:Program FilesZHPDiag =>.Nicolas Coolman
    O43 – CFD: 08/03/2014 – 10:14:03 – [] —-D C:Program FilesCommon FilesDESIGNER
    O43 – CFD: 09/03/2014 – 22:05:45 – [] —-D C:Program FilesCommon FilesHewlett-Packard
    O43 – CFD: 09/03/2014 – 22:06:00 – [] —-D C:Program FilesCommon FilesHP
    O43 – CFD: 25/05/2014 – 21:33:57 – [] —-D C:Program FilesCommon FilesInstallShield
    O43 – CFD: 11/05/2014 – 18:57:55 – [] —-D C:Program FilesCommon FilesJava
    O43 – CFD: 08/03/2014 – 10:56:33 – [] —-D C:Program FilesCommon Filesmicrosoft shared
    O43 – CFD: 14/07/2009 – 04:37:05 – [] —-D C:Program FilesCommon FilesServices
    O43 – CFD: 14/07/2009 – 04:37:05 – [] —-D C:Program FilesCommon FilesSpeechEngines
    O43 – CFD: 08/03/2014 – 10:09:52 – [] —-D C:Program FilesCommon FilesSystem
    O43 – CFD: 06/03/2014 – 18:14:39 – [] —-D C:ProgramDataAiseesoft Studio
    O43 – CFD: 06/03/2014 – 18:16:03 – [] —-D C:ProgramDataApple
    O43 – CFD: 06/03/2014 – 18:17:25 – [] —-D C:ProgramDataApple Computer
    O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:ProgramDataApplication Data
    O43 – CFD: 20/04/2014 – 16:33:44 – [] —-D C:ProgramDataAVAST Software
    O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:ProgramDataDesktop
    O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:ProgramDataDocuments
    O43 – CFD: 08/05/2014 – 20:36:14 – [] —-D C:ProgramDatae856c62a7ad85c7f
    O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:ProgramDataFavorites
    O43 – CFD: 20/04/2014 – 17:40:31 – [] —-D C:ProgramDataHP
    O43 – CFD: 20/04/2014 – 17:40:18 – [] —-D C:ProgramDataHP Product Assistant
    O43 – CFD: 06/03/2014 – 20:22:45 – [0] —-D C:ProgramDataIDM
    O43 – CFD: 09/05/2014 – 17:54:54 – [] —-D C:ProgramDataInstallMate =>PUP.Tarma
    O43 – CFD: 08/05/2014 – 20:45:25 – [] —-D C:ProgramDataItsReadyApp
    O43 – CFD: 06/03/2014 – 20:05:30 – [] —-D C:ProgramDataMicrosoft
    O43 – CFD: 22/04/2014 – 19:32:34 – [] —-D C:ProgramDataMicrosoft Help
    O43 – CFD: 06/03/2014 – 18:16:18 – [] —-D C:ProgramDataMozilla
    O43 – CFD: 06/03/2014 – 18:25:14 – [] —-D C:ProgramDataNVIDIA
    O43 – CFD: 06/03/2014 – 18:23:24 – [] —-D C:ProgramDataNVIDIA Corporation
    O43 – CFD: 08/03/2014 – 10:52:23 – [] —-D C:ProgramDataregid.1991-06.com.microsoft
    O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:ProgramDataStart Menu
    O43 – CFD: 11/05/2014 – 18:57:58 – [] —-D C:ProgramDataSun
    O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:ProgramDataTemplates
    O43 – CFD: 09/03/2014 – 22:10:55 – [] —-D C:ProgramDataWEBREG
    O43 – CFD: 07/03/2014 – 18:31:36 – [] —-D C:ProgramDataYahoo!
    O43 – CFD: 20/04/2014 – 17:41:41 – [] —-D C:ProgramDataYahoo! Companion
    O43 – CFD: 06/03/2014 – 20:22:09 – [] —-D C:UsersOPERATEURAppDataRoamingAdobe
    O43 – CFD: 06/03/2014 – 21:10:26 – [] —-D C:UsersOPERATEURAppDataRoamingApple Computer
    O43 – CFD: 20/04/2014 – 16:37:15 – [] —-D C:UsersOPERATEURAppDataRoamingAVAST Software
    O43 – CFD: 20/04/2014 – 13:26:14 – [0] —-D C:UsersOPERATEURAppDataRoamingDMCache
    O43 – CFD: 20/04/2014 – 16:41:39 – [] —-D C:UsersOPERATEURAppDataRoamingDropbox
    O43 – CFD: 20/04/2014 – 16:41:37 – [] —-D C:UsersOPERATEURAppDataRoamingDropboxMaster
    O43 – CFD: 06/03/2014 – 19:57:06 – [0] —-D C:UsersOPERATEURAppDataRoamingDRPSu
    O43 – CFD: 09/05/2014 – 11:01:18 – [] —-D C:UsersOPERATEURAppDataRoamingFoxit Software
    O43 – CFD: 20/04/2014 – 17:44:49 – [] —-D C:UsersOPERATEURAppDataRoamingHP
    O43 – CFD: 06/06/2014 – 20:50:18 – [] —-D C:UsersOPERATEURAppDataRoamingHpUpdate
    O43 – CFD: 06/03/2014 – 17:55:42 – [] —-D C:UsersOPERATEURAppDataRoamingIdentities
    O43 – CFD: 20/04/2014 – 18:10:02 – [] —-D C:UsersOPERATEURAppDataRoamingInstallShield
    O43 – CFD: 07/03/2014 – 18:41:14 – [] —-D C:UsersOPERATEURAppDataRoamingInternetCalls
    O43 – CFD: 06/03/2014 – 20:22:10 – [] —-D C:UsersOPERATEURAppDataRoamingMacromedia
    O43 – CFD: 12/04/2011 – 04:24:18 – [0] —-D C:UsersOPERATEURAppDataRoamingMedia Center Programs
    O43 – CFD: 06/03/2014 – 20:10:40 – [] —-D C:UsersOPERATEURAppDataRoamingMedia Player Classic
    O43 – CFD: 19/05/2014 – 20:44:01 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoft
    O43 – CFD: 06/03/2014 – 18:17:06 – [] —-D C:UsersOPERATEURAppDataRoamingMozilla
    O43 – CFD: 06/03/2014 – 18:16:22 – [] —-D C:UsersOPERATEURAppDataRoamingOpera Software
    O43 – CFD: 06/03/2014 – 18:30:10 – [] —-D C:UsersOPERATEURAppDataRoaminguTorrent =>P2P.µTorrent
    O43 – CFD: 06/06/2014 – 23:12:42 – [] —-D C:UsersOPERATEURAppDataRoamingvlc
    O43 – CFD: 08/03/2014 – 11:18:37 – [] —-D C:UsersOPERATEURAppDataRoamingVoipConnect
    O43 – CFD: 08/03/2014 – 10:02:18 – [] —-D C:UsersOPERATEURAppDataRoamingWinRAR
    O43 – CFD: 20/04/2014 – 17:41:41 – [] —-D C:UsersOPERATEURAppDataRoamingyahoo!
    O43 – CFD: 09/06/2014 – 14:38:20 – [] —-D C:UsersOPERATEURAppDataRoamingZHP =>.Nicolas Coolman
    O43 – CFD: 06/03/2014 – 18:16:10 – [] —-D C:UsersOPERATEURAppDataLocalApple
    O43 – CFD: 06/03/2014 – 20:39:16 – [] —-D C:UsersOPERATEURAppDataLocalApple Computer
    O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:UsersOPERATEURAppDataLocalApplication Data
    O43 – CFD: 08/05/2014 – 20:36:13 – [] —-D C:UsersOPERATEURAppDataLocalChromatic Browser
    O43 – CFD: 06/03/2014 – 18:07:11 – [] —-D C:UsersOPERATEURAppDataLocalClover
    O43 – CFD: 08/05/2014 – 20:36:12 – [] —-D C:UsersOPERATEURAppDataLocalComodo
    O43 – CFD: 09/06/2014 – 13:50:38 – [0] —-D C:UsersOPERATEURAppDataLocalElevatedDiagnostics
    O43 – CFD: 09/05/2014 – 17:54:29 – [] —-D C:UsersOPERATEURAppDataLocalGoogle
    O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:UsersOPERATEURAppDataLocalHistory
    O43 – CFD: 20/04/2014 – 17:16:52 – [] —-D C:UsersOPERATEURAppDataLocalHP
    O43 – CFD: 24/05/2014 – 22:12:34 – [] —-D C:UsersOPERATEURAppDataLocalMicrosoft
    O43 – CFD: 26/05/2014 – 20:54:39 – [] —-D C:UsersOPERATEURAppDataLocalMicrosoft Games
    O43 – CFD: 06/03/2014 – 18:26:01 – [0] —-D C:UsersOPERATEURAppDataLocalMicrosoft Help
    O43 – CFD: 06/03/2014 – 20:17:03 – [] —-D C:UsersOPERATEURAppDataLocalMozilla
    O43 – CFD: 06/03/2014 – 18:16:24 – [] —-D C:UsersOPERATEURAppDataLocalOpera Software
    O43 – CFD: 07/03/2014 – 18:37:05 – [] —-D C:UsersOPERATEURAppDataLocalPrograms
    O43 – CFD: 09/06/2014 – 14:37:58 – [] —-D C:UsersOPERATEURAppDataLocalTemp
    O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:UsersOPERATEURAppDataLocalTemporary Internet Files
    O43 – CFD: 20/04/2014 – 00:48:33 – [] —-D C:UsersOPERATEURAppDataLocalTorch
    O43 – CFD: 06/03/2014 – 17:55:21 – [0] —-D C:UsersOPERATEURAppDataLocalVirtualStore
    O43 – CFD: 14/07/2009 – 06:42:04 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsAccessories
    O43 – CFD: 06/03/2014 – 17:55:58 – [] R—D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsAdministrative Tools
    O43 – CFD: 20/04/2014 – 16:40:29 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsDropbox
    O43 – CFD: 14/07/2009 – 06:37:42 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsMaintenance
    O43 – CFD: 05/06/2014 – 12:56:50 – [] R—D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
    O43 – CFD: 06/03/2014 – 18:14:06 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsSuperCopier2
    O43 – CFD: 06/03/2014 – 18:09:15 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsThe KMPlayer
    O43 – CFD: 06/03/2014 – 18:13:51 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsWinRAR
    ~ Program Folder: 134 Scanned in 00mn 00s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.1EC0CC76C1865471CE7FD19D1F66EA7B] – 05/06/2014 – 00:05:39 —A- . (…) — C:WindowsMEMORY.DMP [108023606]
    O44 – LFC:[MD5.D3864B64EEFFE1CA26D9C64EAB49C9E6] – 09/06/2014 – 09:06:53 —A- . (…) — C:Windowssetupact.log [10290]
    O44 – LFC:[MD5.AA055C1B5F8A2FAE4D7E38A25B56367A] – 09/06/2014 – 12:56:28 -S-A- . (…) — C:Windowsbootstat.dat [67584]
    O44 – LFC:[MD5.4A5F7E59DB7C2C4BB8E37222C6B16D2E] – 09/06/2014 – 12:56:33 —A- . (…) — C:WindowsWindowsUpdate.log [568413]
    O44 – LFC:[MD5.EA0C689992D69E24ED9CB63D0B153ED2] – 25/05/2014 – 20:39:06


    . (…) — C:ADS_ERR.adm [2048]
    O44 – LFC:[MD5.8CD2F2121A3787FCB1EA17F40ABC08C5] – 25/05/2014 – 20:44:01


    . (…) — C:ADS_ERR.ADI [3072]
    O44 – LFC:[MD5.F5EF300DFA84171BB51DF1A20964AF9A] – 25/05/2014 – 20:44:01


    . (…) — C:ADS_ERR.ADT [21448]
    ~ Files: 7 Scanned in 00mn 28s

    Lady os
    Participant
    Nombre d'articles : 7

    ZHPdiag (p2):

    —\ Déni du service (Local Security Authority) (O48)
    O48 – LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WindowsSystem32msv1_0.dll
    O48 – LSA:Local Security Authority Notification Packages . (.Microsoft Corporation – Moteur du client de l’Éditeur de configuration de sécurité Windows.) — C:WindowsSystem32scecli.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Package de sécurité Kerberos.) — C:WindowsSystem32kerberos.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WindowsSystem32msv1_0.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – TLS / SSL Security Provider.) — C:WindowsSystem32schannel.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Microsoft Digest Access.) — C:WindowsSystem32wdigest.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Web Service Security Package.) — C:WindowsSystem32tspkg.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Pku2u Security Package.) — C:WindowsSystem32pku2u.dll
    ~ LSA: 8 Scanned in 00mn 00s

    —\ Contrôle du Safe Boot (CSB) (O49)
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalsermouse.sys . (.Microsoft Corporation – Pilote de filtre souris série.) — C:WindowsSystem32Driverssermouse.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvga.sys . (.Microsoft Corporation – VGA/Super VGA Video Driver.) — C:WindowsSystem32Driversvga.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvgasave.sys . (…) — C:WindowsSystem32Driversvgasave.sys (.not file.)
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvolmgr.sys . (.Microsoft Corporation – Volume Manager Driver.) — C:WindowsSystem32Driversvolmgr.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvolmgrx.sys . (.Microsoft Corporation – Pilote d’extension du gestionnaire de volumes.) — C:WindowsSystem32Driversvolmgrx.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkipnat.sys . (.Microsoft Corporation – IP Network Address Translator.) — C:WindowsSystem32Driversipnat.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworknsiproxy.sys . (.Microsoft Corporation – NSI Proxy.) — C:WindowsSystem32Driversnsiproxy.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkrdpencdd.sys . (.Microsoft Corporation – RDP Encoder Miniport.) — C:WindowsSystem32Driversrdpencdd.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworksermouse.sys . (.Microsoft Corporation – Pilote de filtre souris série.) — C:WindowsSystem32Driverssermouse.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvga.sys . (.Microsoft Corporation – VGA/Super VGA Video Driver.) — C:WindowsSystem32Driversvga.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvgasave.sys . (…) — C:WindowsSystem32Driversvgasave.sys (.not file.)
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvolmgr.sys . (.Microsoft Corporation – Volume Manager Driver.) — C:WindowsSystem32Driversvolmgr.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvolmgrx.sys . (.Microsoft Corporation – Pilote d’extension du gestionnaire de volumes.) — C:WindowsSystem32Driversvolmgrx.sys
    ~ CSB: 13 Scanned in 00mn 00s

    —\ Recherche d’infection sur les pilotes (HKLM)(TDSD) (O52)
    O52 – TDSD: Drivers32″msacm.l3acm »= »C:WindowsSystem32l3codeca.acm » . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WindowsSystem32l3codeca.acm
    O52 – TDSD: Drivers32″vidc.cvid »= »iccvid.dll » . (.Radius Inc. – Codec Cinepak®.) — C:WindowsSystem32iccvid.dll
    O52 – TDSD: drivers.desc »C:WindowsSystem32l3codeca.acm »= »Fraunhofer IIS MPEG Layer-3 Codec » . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WindowsSystem32l3codeca.acm
    ~ TDSD: 3 Scanned in 00mn 00s

    —\ Enumération des clés de registre SecurityProviders (MCSP) (O54)
    O54 – MCSP:[HKLM…CurrentControlSetControl] – (SecurityProviders) – (.Microsoft Corporation – Credential Delegation Security Package.) — C:WindowsSystem32credssp.dll
    O54 – MCSP:[HKLM…ControlSet001Control] – (SecurityProviders) – (.Microsoft Corporation – Credential Delegation Security Package.) — C:WindowsSystem32credssp.dll
    ~ MSCP: 2 Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – « ConsentPromptBehaviorAdmin »=5
    O55 – MWPS:[HKLM…PoliciesSystem] – « ConsentPromptBehaviorUser »=3
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableInstallerDetection »=1
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableLUA »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableSecureUIAPaths »=1
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableUIADesktopToggle »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableVirtualization »=1
    O55 – MWPS:[HKLM…PoliciesSystem] – « PromptOnSecureDesktop »=1
    O55 – MWPS:[HKLM…PoliciesSystem] – « ValidateAdminCodeSignatures »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « dontdisplaylastusername »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « legalnoticecaption »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « legalnoticetext »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « scforceoption »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « shutdownwithoutlogon »=1
    O55 – MWPS:[HKLM…PoliciesSystem] – « undockwithoutlogon »=1
    O55 – MWPS:[HKLM…PoliciesSystem] – « FilterAdministratorToken »=0
    ~ MWPS: 16 Scanned in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Adaptec, Inc. – Adaptec Windows SAS/SATA Storport Driver.) — C:WindowsSystem32Driversadp94xx.sys [422976]
    O58 – SDL:14/07/2009 – 02:26:17 —A- . (.Adaptec, Inc. – Adaptec Windows SATA Storport Driver.) — C:WindowsSystem32Driversadpahci.sys [297552]
    O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Adaptec, Inc. – Adaptec StorPort Ultra320 SCSI Driver.) — C:WindowsSystem32Driversadpu320.sys [146512]
    O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Acer Laboratories Inc. – ALi mini IDE Driver.) — C:WindowsSystem32Driversaliide.sys [14400]
    O58 – SDL:10/10/2012 – 04:41:51 —A- . (.Advanced Micro Devices – AHCI 1.2 Device Driver.) — C:WindowsSystem32Driversamdsata.sys [80256]
    O58 – SDL:14/07/2009 – 02:26:15 —A- . (.AMD Technologies Inc. – AMD Technology AHCI Compatible Controller Driver for Windows fa.) — C:WindowsSystem32Driversamdsbs.sys [159312]
    O58 – SDL:10/10/2012 – 04:41:51 —A- . (.Advanced Micro Devices – Storage Filter Driver.) — C:WindowsSystem32Driversamdxata.sys [22400]
    O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Adaptec, Inc. – Adaptec RAID Storport Driver.) — C:WindowsSystem32Driversarc.sys [76368]
    O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Adaptec, Inc. – Adaptec SAS RAID WS03 Driver.) — C:WindowsSystem32Driversarcsas.sys [86608]
    O58 – SDL:20/04/2014 – 15:35:55 —A- . (…) — C:WindowsSystem32DriversaswHwid.sys [24184] =>.ALWIL Software
    O58 – SDL:20/04/2014 – 15:35:55 —A- . (.AVAST Software – avast! File System Minifilter for Windows 2003/Vista.) — C:WindowsSystem32DriversaswMonFlt.sys [67824]
    O58 – SDL:20/04/2014 – 15:35:55 —A- . (.AVAST Software – avast! WFP Redirect Driver.) — C:WindowsSystem32DriversaswRdr2.sys [81768]
    O58 – SDL:20/04/2014 – 15:35:55 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [49944] =>.ALWIL Software
    O58 – SDL:15/05/2014 – 12:36:05 —A- . (.AVAST Software – avast! Virtualization Driver.) — C:WindowsSystem32Driversaswsnx.sys [777488]
    O58 – SDL:20/04/2014 – 15:35:55 —A- . (.AVAST Software – avast! Virtualization Driver.) — C:WindowsSystem32Driversaswsnx.sys.1400153765187 [776976]
    O58 – SDL:15/05/2014 – 12:36:05 —A- . (.AVAST Software – avast! self protection module.) — C:WindowsSystem32Driversaswsp.sys [411680]
    O58 – SDL:20/04/2014 – 15:35:55 —A- . (.AVAST Software – avast! self protection module.) — C:WindowsSystem32Driversaswsp.sys.1400153765187 [411552]
    O58 – SDL:15/05/2014 – 12:36:05 —A- . (.AVAST Software – Stream Filter.) — C:WindowsSystem32Driversaswstm.sys [68312]
    O58 – SDL:20/04/2014 – 15:35:55 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [180632] =>.ALWIL Software
    O58 – SDL:13/07/2009 – 23:02:49 —A- . (.Broadcom Corporation – Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) — C:WindowsSystem32Driversb57nd60x.sys [229888]
    O58 – SDL:13/07/2009 – 23:53:28 —A- . (.Brother Industries, Ltd. – Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) — C:WindowsSystem32DriversBrFiltLo.sys [13568]
    O58 – SDL:13/07/2009 – 23:53:28 —A- . (.Brother Industries, Ltd. – Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) — C:WindowsSystem32DriversBrFiltUp.sys [5248]
    O58 – SDL:14/07/2009 – 01:57:25 —A- . (.Brother Industries Ltd. – Pilote Brother Série I/F (WDM).) — C:WindowsSystem32DriversBrSerId.sys [272128]
    O58 – SDL:13/07/2009 – 23:53:32 —A- . (.Brother Industries Ltd. – Brother Serial driver (WDM version).) — C:WindowsSystem32DriversBrSerWdm.sys [62336]
    O58 – SDL:13/07/2009 – 23:53:33 —A- . (.Brother Industries Ltd. – Brother USB MDM Driver.) — C:WindowsSystem32DriversBrUsbMdm.sys [12160]
    O58 – SDL:13/07/2009 – 23:53:33 —A- . (.Brother Industries Ltd. – Brother USB Serial Driver.) — C:WindowsSystem32DriversBrUsbSer.sys [11904]
    O58 – SDL:13/07/2009 – 23:02:48 —A- . (.Broadcom Corporation – Broadcom NetXtreme II GigE VBD.) — C:WindowsSystem32Driversbxvbdx.sys [430080]
    O58 – SDL:14/07/2009 – 02:26:21 —A- . (.CMD Technology, Inc. – CMD PCI IDE Bus Driver.) — C:WindowsSystem32Driverscmdide.sys [15952]
    O58 – SDL:14/07/2009 – 02:20:28 —A- . (.Adaptec, Inc. – Adaptec Ultra SCSI miniport.) — C:WindowsSystem32Driversdjsvs.sys [70720]
    O58 – SDL:14/07/2009 – 02:20:28 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [453712]
    O58 – SDL:13/07/2009 – 23:02:48 —A- . (.Broadcom Corporation – Broadcom NetXtreme II 10 GigE VBD.) — C:WindowsSystem32Driversevbdx.sys [3100160]
    O58 – SDL:13/07/2009 – 23:54:14 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [26624]
    O58 – SDL:14/07/2009 – 02:20:28 —A- . (.Hewlett-Packard Company – Smart Array SAS/SATA Controller Media Driver.) — C:WindowsSystem32DriversHpSAMD.sys [67152]
    O58 – SDL:10/10/2012 – 04:41:51 —A- . (.Intel Corporation – Intel Matrix Storage Manager driver – ia32.) — C:WindowsSystem32DriversiaStorV.sys [332160]
    O58 – SDL:14/07/2009 – 02:20:36 —A- . (.Intel Corp./ICP vortex GmbH – Intel/ICP Raid Storport Driver.) — C:WindowsSystem32Driversiirsp.sys [41040]
    O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation – LSI Fusion-MPT FC Driver (StorPort).) — C:WindowsSystem32Driverslsi_fc.sys [95824]
    O58 – SDL:14/07/2009 – 02:20:37 —A- . (.LSI Corporation – LSI Fusion-MPT SAS Driver (StorPort).) — C:WindowsSystem32Driverslsi_sas.sys [89168]
    O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation – LSI SAS Gen2 Driver (StorPort).) — C:WindowsSystem32Driverslsi_sas2.sys [54864]
    O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation – LSI Fusion-MPT SCSI Driver (StorPort).) — C:WindowsSystem32Driverslsi_scsi.sys [96848]
    O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation – MEGASAS RAID Controller Driver for Windows 7 for x86.) — C:WindowsSystem32Driversmegasas.sys [30800]
    O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation, Inc. – LSI MegaRAID Software RAID Driver.) — C:WindowsSystem32DriversMegaSR.sys [235584]
    O58 – SDL:09/10/2007 – 13:43:58 —A- . (.Ralink Technology Corp. – Ralink 802.11 Wireless Adapter Driver.) — C:WindowsSystem32Driversnetr70.sys [291840]
    O58 – SDL:14/07/2009 – 02:20:44 —A- . (.IBM Corporation – IBM ServeRAID Controller Driver.) — C:WindowsSystem32Driversnfrd960.sys [44624]
    O58 – SDL:10/06/2009 – 22:19:48 —A- . (.NVIDIA Corporation – NVIDIA Windows Kernel Mode Driver, Version 185.93.) — C:WindowsSystem32Driversnvlddmkm.sys [9853248]
    O58 – SDL:10/10/2012 – 04:41:51 —A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) RAID Driver.) — C:WindowsSystem32Driversnvraid.sys [117120]
    O58 – SDL:10/10/2012 – 04:41:51 —A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) Sata Performance Driver.) — C:WindowsSystem32Driversnvstor.sys [143744]
    O58 – SDL:14/07/2009 – 02:19:04 —A- . (.QLogic Corporation – QLogic Fibre Channel Stor Miniport Driver.) — C:WindowsSystem32Driversql2300.sys [1383488]
    O58 – SDL:14/07/2009 – 02:19:04 —A- . (.QLogic Corporation – QLogic iSCSI Storport Miniport Driver.) — C:WindowsSystem32Driversql40xx.sys [106064]
    O58 – SDL:19/06/2009 – 03:45:02 —A- . (.Realtek Semiconductor Corp. – Realtek AC’97 Audio Driver (WDM).) — C:WindowsSystem32DriversRTKVAC.SYS [4172832]
    O58 – SDL:13/07/2009 – 21:50:20 —A- . (.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) — C:WindowsSystem32Driverssecdrv.sys [20480]
    O58 – SDL:14/07/2009 – 02:19:04 —A- . (.Silicon Integrated Systems Corp. – SiS RAID Stor Miniport Driver.) — C:WindowsSystem32Driverssisraid2.sys [40016]
    O58 – SDL:14/07/2009 – 02:19:04 —A- . (.Silicon Integrated Systems – SiS AHCI Stor-Miniport Driver.) — C:WindowsSystem32Driverssisraid4.sys [77888]
    O58 – SDL:14/07/2009 – 02:19:04 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [21072]
    O58 – SDL:14/07/2009 – 02:19:10 —A- . (.VIA Technologies, Inc. – VIA Generic PCI IDE Bus Driver.) — C:WindowsSystem32Driversviaide.sys [16976]
    O58 – SDL:02/12/2010 – 18:23:24 —A- . (.VIA Technologies Inc.,Ltd – VIA RAID DRIVER FOR X86-32.) — C:WindowsSystem32Driversviamraid.sys [141424]
    O58 – SDL:11/02/2010 – 12:59:18 —A- . (.VIA Technologies, Inc. – VIA Generic PCI IDE Bus Driver.) — C:WindowsSystem32DriversvideX32.sys [13976]
    O58 – SDL:25/05/2009 – 16:31:32 —A- . (.Vimicro Corporation – Vimicro USB Video Class Camera.) — C:WindowsSystem32DriversVMUVC.sys [252416]
    O58 – SDL:14/07/2009 – 02:19:11 —A- . (.VIA Technologies Inc.,Ltd – VIA RAID DRIVER FOR AMD-X86-64.) — C:WindowsSystem32Driversvsmraid.sys [141904]
    O58 – SDL:01/07/2008 – 10:12:32 —A- . (.Vimicro Corporation – Filter Prototype.) — C:WindowsSystem32DriversvvftUVC.sys [398720]
    O58 – SDL:13/07/2009 – 23:02:53 —A- . (.Marvell – Pilote Miniport pour contrôleur Ethernet Marvell Yukon..) — C:WindowsSystem32Driversyk62x86.sys [311296]
    O58 – SDL:13/07/2009 – 22:40:41 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
    O58 – SDL:13/07/2009 – 22:40:44 —A- . (…) — C:WindowsSystem32country.sys [27097]
    O58 – SDL:13/07/2009 – 22:40:40 —A- . (…) — C:WindowsSystem32HIMEM.SYS [4768]
    O58 – SDL:13/07/2009 – 22:40:43 —A- . (…) — C:WindowsSystem32KEY01.SYS [42809]
    O58 – SDL:13/07/2009 – 22:40:43 —A- . (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
    O58 – SDL:13/07/2009 – 22:40:23 —A- . (…) — C:WindowsSystem32NTDOS.SYS [27866]
    O58 – SDL:13/07/2009 – 22:40:31 —A- . (…) — C:WindowsSystem32NTDOS404.SYS [29146]
    O58 – SDL:13/07/2009 – 22:40:35 —A- . (…) — C:WindowsSystem32NTDOS411.SYS [29370]
    O58 – SDL:13/07/2009 – 22:40:39 —A- . (…) — C:WindowsSystem32NTDOS412.SYS [29274]
    O58 – SDL:13/07/2009 – 22:40:27 —A- . (…) — C:WindowsSystem32NTDOS804.SYS [29146]
    O58 – SDL:13/07/2009 – 22:40:11 —A- . (…) — C:WindowsSystem32NTIO.SYS [33952]
    O58 – SDL:13/07/2009 – 22:40:15 —A- . (…) — C:WindowsSystem32NTIO404.SYS [34672]
    O58 – SDL:13/07/2009 – 22:40:17 —A- . (…) — C:WindowsSystem32NTIO411.SYS [35776]
    O58 – SDL:13/07/2009 – 22:40:19 —A- . (…) — C:WindowsSystem32NTIO412.SYS [35536]
    O58 – SDL:13/07/2009 – 22:40:13 —A- . (…) — C:WindowsSystem32NTIO804.SYS [34672]
    ~ Drivers: 75 Scanned in 00mn 06s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 05/06/2014 – 14:39:15 —A- . (…) — C:UsersOPERATEURAppDataRoamingMicrosoftUProofCMAdj.12.bin [120]
    O61 – LFC: 07/06/2014 – 14:39:17 —A- . (.El Desaparecido – SosVirus.net – UsbFix.net.) — C:UsersOPERATEURDownloadsUsbFix.exe [3085908]
    O61 – LFC: 09/06/2014 – 14:39:17 —A- . (.Nicolas Coolman.) — C:UsersOPERATEURDownloadsZHPDiag2.exe [6854712] =>.Nicolas Coolman
    ~ 59 Fichiers temporaires (Temporary files)
    ~ 4 Fichiers cookies (Cookies files)
    ~ Files: 3 Scanned in 00mn 12s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 20/04/2014 – C:Windowssystem32driversaswHwid.sys (aswHwid) .(…) – LEGACY_ASWHWID
    O64 – Services: CurCS – 20/04/2014 – C:Windowssystem32driversaswMonFlt.sys (aswMonFlt) .(.AVAST Software – avast! File System Minifilter for Windows 2.) – LEGACY_ASWMONFLT
    O64 – Services: CurCS – 20/04/2014 – C:Windowssystem32driversaswRdr2.sys (aswRdr) .(.AVAST Software – avast! WFP Redirect Driver.) – LEGACY_ASWRDR
    O64 – Services: CurCS – 20/04/2014 – C:WindowsSystem32DriversaswRvrt.sys (aswRvrt) .(…) – LEGACY_ASWRVRT
    O64 – Services: CurCS – 15/05/2014 – C:Windowssystem32driversaswSnx.sys (aswSnx) .(.AVAST Software – avast! Virtualization Driver.) – LEGACY_ASWSNX
    O64 – Services: CurCS – 15/05/2014 – C:Windowssystem32driversaswSP.sys (aswSP) .(.AVAST Software – avast! self protection module.) – LEGACY_ASWSP
    O64 – Services: CurCS – 15/05/2014 – C:Windowssystem32driversaswStm.sys (aswStm) .(.AVAST Software – Stream Filter.) – LEGACY_ASWSTM
    O64 – Services: CurCS – 20/04/2014 – C:WindowsSystem32DriversaswVmm.sys (aswVmm) .(…) – LEGACY_ASWVMM
    O64 – Services: CurCS – 13/07/2009 – C:WindowsSystem32Driverssecdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) – LEGACY_SECDRV
    O64 – Services: CurCS – 14/07/2009 – C:WindowsSystem32driversviaide.sys (viaide) .(.VIA Technologies, Inc. – VIA Generic PCI IDE Bus Driver.) – LEGACY_VIAIDE
    O64 – Services: CurCS – 14/07/2009 – C:WindowsSystem32driversvsmraid.sys (vsmraid) .(.VIA Technologies Inc.,Ltd – VIA RAID DRIVER FOR AMD-X86-64.) – LEGACY_VSMRAID
    ~ Legacy: 76 Scanned in 00mn 01s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKLM..openCommand] (…) — « %1 » %*
    O67 – Shell Spawning: [HKLM..cplopenCommand] (.Microsoft Corporation – Windows Control Panel.) — C:WindowsSystem32control.exe =>.Microsoft Corporation
    O67 – Shell Spawning: [HKLM..openCommand] (…) — « %1 » %*
    O67 – Shell Spawning: [HKLM..openCommand] (…) — « %1 » %*
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Lanceur du composant logiciel enfichable Observateur d’événements.) — C:WindowsSystem32eventvwr.exe
    O67 – Shell Spawning: [HKLM..openCommand] (…) — « %1 » %*
    O67 – Shell Spawning: [HKLM..openCommand] (.Not Key.)
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32WScript.exe
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Éditeur du Registre.) — C:Windowsregedit.exe
    O67 – Shell Spawning: [HKLM..openCommand] (…) — « %1 » /S
    O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 11 Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Not Key.)
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} [DefaultScope] – (Yahoo!) – http://fr.search.yahoo.com » onclick= »window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les service demarrés par Svchost (SSS) (O83)
    O83 – Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation – Service Expérience d’application.) — C:WindowsSystem32aelupsvc.dll [62464]
    O83 – Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation – Service de propagation de certificats de cartes à puce Microsoft.) — C:WindowsSystem32certprop.dll [67584]
    O83 – Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation – Service de propagation de certificats de cartes à puce Microsoft.) — C:WindowsSystem32certprop.dll [67584]
    O83 – Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation – DLL du service Serveur.) — C:WindowsSystem32srvsvc.dll [168960]
    O83 – Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation – Client de stratégie de groupe.) — C:WindowsSystem32gpsvc.dll [593408]
    O83 – Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation – Extension IKE.) — C:WindowsSystem32ikeext.dll [674304]
    O83 – Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation – Service Audio Windows.) — C:WindowsSystem32Audiosrv.dll [473600]
    O83 – Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation – Gestionnaire de numérotation automatique d’accès distant.) — C:WindowsSystem32rasauto.dll [90624]
    O83 – Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation – Gestionnaire de connexions d’accès distant.) — C:WindowsSystem32rasmans.dll [286208]
    O83 – Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation – Gestionnaire d’interface dynamique.) — C:WindowsSystem32mprdim.dll [75264]
    O83 – Search Svchost Services: SENS (SENS) . (.Microsoft Corporation – Service de notification d’événements système (SENS).) — C:WindowsSystem32sens.dll [49664]
    O83 – Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation – Composants de l’application d’assistance à Microsoft NAT.) — C:WindowsSystem32ipnathlp.dll [300544]
    O83 – Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation – Serveur de téléphonie Microsoft® Windows(TM).) — C:WindowsSystem32tapisrv.dll [242176]
    O83 – Search Svchost Services: TermService (TermService) . (.Microsoft Corporation – Gestionnaire des connexions distantes du serveur hôte de session Burea.) — C:WindowsSystem32termsrv.dll [521216]
    O83 – Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation – Agent de mise à jour automatique Windows Update.) — C:WindowsSystem32wuaueng.dll [1914368]
    O83 – Search Svchost Services: BITS (BITS) . (.Microsoft Corporation – Service de transfert intelligent en arrière-plan.) — C:WindowsSystem32qmgr.dll [585728]
    O83 – Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation – Dll des services Windows Shell.) — C:WindowsSystem32shsvcs.dll [328192]
    O83 – Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation – Service offrant une connectivité IPv6 sur un réseau IPv4..) — C:WindowsSystem32iphlpsvc.dll [499712]
    O83 – Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation – DLL de service d’ouverture de session secondaire.) — C:Windowssystem32seclogon.dll [21504]
    O83 – Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation – Service Informations d’application.) — C:WindowsSystem32appinfo.dll [47104]
    O83 – Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation – Service de découverte iSCSI.) — C:WindowsSystem32iscsiexe.dll [114688]
    O83 – Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation – Service Planificateur de classes multimédias.) — C:WindowsSystem32mmcss.dll [49664]
    O83 – Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation – Rapports et solutions aux problèmes.) — C:WindowsSystem32wercplsupport.dll [61440]
    O83 – Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation – Service EAPHost Microsoft.) — C:WindowsSystem32eapsvc.dll [98304]
    O83 – Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation – ProfSvc.) — C:WindowsSystem32profsvc.dll [164352]
    O83 – Search Svchost Services: schedule (schedule) . (.Microsoft Corporation – Service du Planificateur de tâches.) — C:WindowsSystem32schedsvc.dll [750592]
    O83 – Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation – Service Gestion des clés.) — C:WindowsSystem32kmsvc.dll [71168]
    O83 – Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation – Service Configuration des services Bureau à distance.) — C:WindowsSystem32sessenv.dll [113664]
    O83 – Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation – WMI.) — C:WindowsSystem32wbemWMIsvc.dll [168960]
    O83 – Search Svchost Services: browser (browser) . (.Microsoft Corporation – DLL du service Explorateur d’ordinateurs.) — C:WindowsSystem32browser.dll [102912]
    O83 – Search Svchost Services: Themes (Themes) . (.Microsoft Corporation – DLL du service des thèmes Windows Shell.) — C:WindowsSystem32themeservice.dll [37376]
    O83 – Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation – Service BDE.) — C:WindowsSystem32bdesvc.dll [76800]
    O83 – Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation – Service Installation de logiciels.) — C:WindowsSystem32appmgmts.dll [149504]
    ~ Services: 33 Scanned in 00mn 01s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.CC443280C82E1D97D40E4099F822E04E] [SPRF][08/03/2010] (.Macrovision Corporation – Setup.exe.) — C:UsersOPERATEURDesktopCNR-WCAM_7670_Drv_W73264.exe [22869884]
    [MD5.385455AA390F93B7B6B4BBE63905CEE9] [SPRF][11/05/2014] (.XMind Ltd. – XMind 2012 (v3.3.1) Installer.) — C:UsersOPERATEURDesktopxmind-windows-3-3-1-201212250029.exe [34767909]
    ~ Files: 2 Scanned in 00mn 01s

    —\ Recherche de clés de registre Tracing (O100)
    HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_xmind_RASAPI32 =>Toolbar.Conduit
    HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_xmind_RASMANCS =>Toolbar.Conduit
    HKLMSOFTWAREMicrosoftTracingutorrent_RASAPI32 =>P2P.µTorrent
    HKLMSOFTWAREMicrosoftTracingutorrent_RASMANCS =>P2P.µTorrent
    ~ BTK: 141 Scanned in 00mn 00s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Auto 14/11/2008 2932736 | (Advantage) . (.iAnywhere Solutions, Inc..) – C:Program FilesAdvantage 9.10ServerADS.exe
    SS – | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SS – | Auto 06/03/2014 116648 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 06/03/2014 116648 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 11/03/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
    SS – | Auto 14/07/2009 20992 | C:Windowssystem32HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
    SS – | Auto 08/07/2013 1922600 | (PanService) . (.Pandora.TV.) – C:Program FilesPANDORA.TVPanServiceKMPService.exe
    SS – | Auto 14/07/2009 20992 | C:Windowssystem32HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
    SS – | Auto 09/11/2008 602392 | (YahooAUService) . (.Yahoo! Inc..) – C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
    SR – | Auto 20/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    SR – | Demand 14/07/2009 20992 | C:Program FilesHPDigital Imagingbinhpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
    SR – | Auto 14/07/2009 20992 | C:Program FilesHPDigital Imagingbinhpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
    SR – | Auto 14/07/2009 20992 | C:Program FilesHPDigital ImagingbinHPSLPSVC32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
    SR – | Auto 07/04/2011 612456 | (NVSvc) . (.NVIDIA Corporation.) – C:WindowsSystem32nvvsvc.exe
    SR – | Auto 14/07/2009 20992 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 14/07/2009 20992 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 25s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net » onclick= »window.open(this.href);return false;
    ~ MBR: 1 Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13026 – (09/06/2014)
    Clés trouvées (Keys found) : 10
    Valeurs trouvées (Values found) : 2
    Dossiers trouvés (Folders found) : 3
    Fichiers trouvés (Files found) : 1

    [HKLMSoftwareGoogleChromeExtensionskjccbiogefimbmiolonpolpgpcfempll] =>PUP.SaveNet^
    [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{DECA3892-BA8F-44b8-A993-A466AD694AE4}] =>Adware.Bandoo
    [HKCUSoftwareSoftonic] =>Toolbar.Conduit
    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
    [HKLMSoftwareClassesCLSID{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallYahoo! Companion] =>Toolbar.Yahoo
    [HKLMSoftwareClassesCLSID{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
    [HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks]:{EF99BD32-C1FB-11D2-892F-0090271D4F88} =>Toolbar.Yahoo
    [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{EF99BD32-C1FB-11D2-892F-0090271D4F88} =>Toolbar.Yahoo
    C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensionskjccbiogefimbmiolonpolpgpcfempll =>PUP.SaveNet^
    C:ProgramDataInstallMate =>PUP.Tarma^
    C:UsersOPERATEURAppDataRoaminguTorrent =>P2P.µTorrent^
    [HKCUSoftwareBitTorrent] =>P2P.BitTorrent^
    ~ Additionnel Scan: 239730 Items scanned in 00mn 38s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/g2-google-chrome-extensions/ » onclick= »window.open(this.href);return false; =>.Google Chrome, Extensions (G2)
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ » onclick= »window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ » onclick= »window.open(this.href);return false; =>.Browser Helper Objects de navigateur s (O2)
    ~ AMI: 3 Scanned in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.fr/toolbar-conduit » onclick= »window.open(this.href);return false; =>Toolbar.Conduit
    http://nicolascoolman.fr/pup-tarma » onclick= »window.open(this.href);return false; =>PUP.Tarma
    http://nicolascoolman.fr/adware-bandoo » onclick= »window.open(this.href);return false; =>Adware.Bandoo
    ~ MSI: 3 link(s) detected in 00mn 00s

    End of the scan (1070 lines in 04mn 12s)(0)

    Victor
    Participant
    Nombre d'articles : 551

    Bonjour

    Héberge les rapports usbfix et ainsi que tout les rapports sur http://upload.sosvirus.net/ » onclick= »window.open(this.href);return false;
    Clique sur le bouton « parcouri »
    Recherche le fichier shortcut_module sur ton bureau
    clique sur « envoyer »
    Donne un titre à ton message et clique sur « envoi complet »
    copie/colle le lien donné sous la rubrique « lien à copier »
    Colle ce lien dans ton prochain message

    Pour la barre d’outils et raccourcis, fais un clic droit en haut de la page internet, puis coche les cases « barre des menus » et « volet des favoris »

    On poursuit la procédure de désinfection:
    Il y a quelques restes de l’infection que nous allons enlever.

    • Copie les lignes ci dessous : (clique sur « tout sélectionner » et fait un clic droit sur la zone mise en bleu puis sélectionne « copier »
      script zhpfix
      G2 - GCE: Preference [User DataDefault] [kjccbiogefimbmiolonpolpgpcfempll] Savee net v.5.14 (Désactivé)
      G2 - EXT: C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensions kjccbiogefimbmiolonpolpgpcfempll [Savee net]
      O43 - CFD: 09/05/2014 - 17:54:54 - [] ----D C:ProgramDataInstallMate
      [HKLMSoftwareGoogleChromeExtensionskjccbiogefimbmiolonpolpgpcfempll]
      [HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{DECA3892-BA8F-44b8-A993-A466AD694AE4}]
      C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensions kjccbiogefimbmiolonpolpgpcfempll
      C:ProgramDataInstallMate
      HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_xmind_RASAPI32
      HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_xmind_RASMANCS
      [HKCUSoftwareSoftonic]

      IFEOFIX
      firewallraz
      Shortcutfix
      emptytemp
      emptyflash
      emptyclsid
      emptyprefetch

    • Lance ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      1. Clique sur Importer
      2. Puis Clic sur « GO« 

    • Confirme les nettoyages des données en cliquant sur « Oui« 
    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.

    Ensuite, tu me refais une analyse zhpdiag, stp.

    Cordialement
    Victor

    Lady os
    Participant
    Nombre d'articles : 7

    Donc voila le lien du ZHPfixReport : rapport-usbfix-t82226.html

    Et le rapport de l’analyse :
    Rapport de ZHPDiag v2014.6.19.94 – Nicolas Coolman (19/06/2014)
    ~ Lancé par OPERATEUR (20/06/2014 16:26:04)
    ~ Adresse du Site Web http://nicolascoolman.fr » onclick= »window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Version à jour.
    ~ Liste blanche : Désactivée par l’utilisateur
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Deactivate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v9.0.8112.16421
    MFIE: Mozilla Firefox 27.0.1
    GCIE: Google Chrome v35.0.1916.153 (Defaut)

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Windows(R) 7, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : HYRR2
    Windows License : OK
    ~ Windows Remaining Initializations Number : 3
    Software Protection Service (Protection logicielle) : OK
    Windows Automatic Updates : OK
    Windows Activation Technologies : OK

    —\ Logiciels de protection du système
    avast! Free Antivirus v9.0.2018
    Windows Defender W7 (Activate)

    —\ Logiciels d’optimisation du système

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels

    —\ Informations sur le système
    ~ Processor: x86 Family 15 Model 47 Stepping 2, AuthenticAMD
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 1023 MB (16% free)
    System Restore: Activé (Enable)
    System drive C: has 120 GB (78%) free of 153 GB

    —\ Mode de connexion au système
    ~ Computer Name: OPERATEUR-PC
    ~ User Name: OPERATEUR
    ~ All Users Names: OPERATEUR, Guest, Administrator,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d’environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UsersOPERATEURAppDataRoamingZHP
    ~ %AppData% : C:UsersOPERATEURAppDataRoaming
    ~ %Desktop% : C:UsersOPERATEURDesktop
    ~ %Favorites% : C:UsersOPERATEURFavorites
    ~ %LocalAppData% : C:UsersOPERATEURAppDataLocal
    ~ %StartMenu% : C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    A: Floppy drive, Flash card reader, USB Key (Not Inserted)
    C: Hard drive, Flash drive, Thumb drive (Free 120 Go of 153 Go)
    D: CD-ROM drive (Not Inserted)
    E: CD-ROM drive (Not Inserted)
    F: Floppy drive, Flash card reader, USB Key (Free 13 Go of 15 Go)

    —\ Etat du Centre de Sécurité Windows
    [HKLMSOFTWAREMicrosoftSecurity Center] UacDisableNotify: OK
    [HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiSpywareOverride: OK
    [HKLMSOFTWAREMicrosoftSecurity CenterSvc] AntiVirusOverride: OK
    [HKLMSOFTWAREMicrosoftSecurity CenterSvc] FirewallOverride: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem] EnableLUA: Modified
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenNOHIDDEN] CheckedValue: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAdvancedFolderHiddenSHOWALL] CheckedValue: OK
    [HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerAssociations] Application: OK
    [HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] Shell: OK
    [HKCUSOFTWAREMicrosoftWindows NTCurrentVersionWindows] Load: OK
    [HKLMSYSTEMCurrentControlSetServicesCOMSysApp] Type: OK
    ~ Security Center: 37 Scanned in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.6EF4D18AD2A63B2070DA79140D163576] – (.Microsoft Corporation – Explorateur Windows.) (.26/11/2012 – 13:26:41.) — C:WindowsExplorer.exe [3491840]
    [MD5.B5C5DCAD3899512020D135600129D665] – (.Microsoft Corporation – Application de démarrage de Windows.) (.14/07/2009 – 02:14:45.) — C:WindowsSystem32Wininit.exe [96256]
    [MD5.5553611E2F9EA6F613079177F1233068] – (.Microsoft Corporation – Internet Extensions for Win32.) (.10/10/2012 – 04:31:16.) — C:WindowsSystem32wininet.dll [1129472]
    [MD5.6D13E1406F50C66E2A95D97F22C47560] – (.Microsoft Corporation – Application d’ouverture de session Windows.) (.20/11/2010 – 22:29:06.) — C:WindowsSystem32Winlogon.exe [286720]
    [MD5.E3AE23569749DE12D45BA3B489A036AE] – (.Microsoft Corporation – Bibliothèque de licences.) (.20/11/2010 – 22:29:24.) — C:WindowsSystem32sppcomapi.dll [193536]
    [MD5.9EBBBA55060F786F0FCAA3893BFA2806] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.10/10/2012 – 04:32:29.) — C:Windowssystem32DriversAFD.sys [338944]
    [MD5.338C86357871C167A96AB976519BF59E] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.14/07/2009 – 02:26:15.) — C:Windowssystem32Driversatapi.sys [21584]
    [MD5.77EA11B065E0A8AB902D78145CA51E10] – (.Microsoft Corporation – CD-ROM File System Driver.) (.14/07/2009 – 00:11:15.) — C:Windowssystem32DriversCdfs.sys [70656]
    [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.20/11/2010 – 22:29:03.) — C:Windowssystem32DriversCdrom.sys [108544]
    [MD5.F024449C97EC1E464AAFFDA18593DB88] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.20/11/2010 – 22:29:07.) — C:Windowssystem32DriversDfsC.sys [78336]
    [MD5.9036377B8A6C15DC2EEC53E489D159B5] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.20/11/2010 – 22:29:03.) — C:Windowssystem32DriversHDAudBus.sys [108544]
    [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] – (.Microsoft Corporation – Pilote de port i8042.) (.14/07/2009 – 00:11:24.) — C:Windowssystem32Driversi8042prt.sys [80896]
    [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] – (.Microsoft Corporation – IP Network Address Translator.) (.14/07/2009 – 00:54:29.) — C:Windowssystem32DriversIpNat.sys [101888]
    [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.10/10/2012 – 04:33:53.) — C:Windowssystem32DriversMRxSmb.sys [123904]
    [MD5.280122DDCF04B378EDD1AD54D71C1E54] – (.Microsoft Corporation – MBT Transport driver.) (.20/11/2010 – 22:29:08.) — C:Windowssystem32DriversnetBT.sys [187904]
    [MD5.0D87503986BB3DFED58E343FE39DDE13] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.10/10/2012 – 04:41:12.) — C:Windowssystem32Driversntfs.sys [1211760]
    [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] – (.Microsoft Corporation – Pilote de port parallèle.) (.14/07/2009 – 00:45:35.) — C:Windowssystem32DriversParport.sys [79360]
    [MD5.D9F91EAFEC2815365CBE6D167E4E332A] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.14/07/2009 – 00:54:34.) — C:Windowssystem32DriversRasl2tp.sys [78848]
    [MD5.B973FCFC50DC1434E1970A146F7E3885] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.20/11/2010 – 22:29:49.) — C:Windowssystem32Driversrdpdr.sys [133632]
    [MD5.3E21C083B8A01CB70BA1F09303010FCE] – (.Microsoft Corporation – SMB Transport driver.) (.14/07/2009 – 00:53:41.) — C:Windowssystem32Driverssmb.sys [71168]
    [MD5.B459575348C20E8121D6039DA063C704] – (.Microsoft Corporation – TDI Translation Driver.) (.20/11/2010 – 22:29:07.) — C:Windowssystem32Driverstdx.sys [74752]
    [MD5.F497F67932C6FA693D7DE2780631CFE7] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.20/11/2010 – 22:29:03.) — C:Windowssystem32Driversvolsnap.sys [245632]
    ~ Generic Processes: Scanned in 00mn 08s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 1/17
    ~ Mes musiques (My Musics) : 1/14
    ~ Mes Favoris (My Favorites) : 1/3
    ~ Mes Documents (My Documents) : 2/187
    ~ Mon Bureau (My Desktop) : 1/12
    ~ Menu demarrer (Programs) : 1/39
    ~ Hidden Files: Scanned in 00mn 01s

    —\ Processus lancés
    [MD5.B70BCC55743C5A5BD7C7C6D6A02BB6F9] – (.Realtek Semiconductor Corp. – Realtek Sound Manager.) — C:WindowsSOUNDMAN.exe [604704] [PID.1024]
    [MD5.70189D91A5347F5E34039D06C7E58419] – (.Yahoo! Inc – Yahoo! Application.) — C:Program FilesYahoo!Search ProtectionSearchProtection.exe [111856] [PID.1164]
    [MD5.5516C26A6AF8EB4E2CAB48EC98A74398] – (.Hewlett-Packard – hpwuSchd Application.) — C:Program FilesHPHP Software Updatehpwuschd2.exe [54576] [PID.1196]
    [MD5.5CA0EB9538C6ACEBDC3593FC53527B9D] – (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastavastui.exe [3890208] [PID.1212]
    [MD5.9CC83F60C71DAEAFF79971E5D94C11E1] – (.Vimicro Corporation – Monitor SnapShot Button.) — C:Program FilesVimicro CorporationVMUVCVMonitor.exe [143360] [PID.1244]
    [MD5.B77081F8221968C7DAB794B0BA55C43E] – (.Sun Microsystems, Inc. – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe [254896] [PID.1216]
    [MD5.F6987FF6C6D683F79FDCE707B071A997] – (.SFX TEAM – SuperCopier 2 (explorer file copy replaceme.) — C:Program FilesSuperCopier2SuperCopier2.exe [955392] [PID.1308]
    [MD5.EAA666E9DD8DCDA6E075087091CB85EE] – (.Hewlett-Packard Co. – HP Digital Imaging Monitor.) — C:Program FilesHPDigital Imagingbinhpqtra08.exe [275072] [PID.1368]
    [MD5.027D0500A592CAED765B9E450129D89E] – (.Yahoo! Inc. – Yahoo! Messenger Tray.) — C:Program FilesYahoo!Messengerymsgr_tray.exe [79192] [PID.3120]
    [MD5.4DB8C3E9A5D6EB99F21B199C28EDE8D1] – (.Hewlett-Packard Co. – HP CUE Status Root.) — C:Program FilesHPDigital ImagingbinhpqSTE08.exe [173696] [PID.2960]
    [MD5.469533CC7F16566BE9D3436860E12013] – (.Hewlett-Packard Co. – HP CUE Alert Popup Window Objects.) — C:Program FilesHPDigital Imagingbinhpqbam08.exe [563840] [PID.3112]
    [MD5.66BB5B07696219FA334452D6F51FD648] – (.Hewlett-Packard – GPCore COM object.) — C:Program FilesHPDigital Imagingbinhpqgpc01.exe [366720] [PID.1400]
    [MD5.A6430C0A0E1AAE273AA8F1BD1F341A36] – (.Sun Microsystems, Inc. – Java(TM) Update Checker.) — C:Program FilesCommon FilesJavaJava Updatejucheck.exe [508336] [PID.1108]
    [MD5.1936C4FB4887DBD02AEBE1F1A62D93B6] – (.EJIE Technology – Clover.) — C:Program FilesCloverclover.exe [891392] [PID.4724]
    [MD5.A131FF6AF7E2B2492566FB57683CE6CB] – (.Nicolas Coolman – ZHPFix.) — C:Program FilesZHPDiagZHPFixZHPFix.exe [3054592] [PID.5024]
    [MD5.A5FCD42334CCC682DA1882A54338686C] – (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe [860488] [PID.3764]
    [MD5.6101A08505E45E1230A67FB8E32A707F] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8070656] [PID.2636]
    ~ Processes Running: Scanned in 00mn 03s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultPreferences
    G1 – GCS: Preference [User DataDefault] None
    G2 – GCE: Preference [User DataDefault] [ahfgeienlihckogmohjhadlkjgocpleb] Google Store v.0.2 (Activé)
    G2 – GCE: Preference [User DataDefault] [aohghmighlieiainnegkcijnfilokake] Documents Google v.0.6 (Activé)
    G2 – GCE: Preference [User DataDefault] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.3 (Activé)
    G2 – GCE: Preference [User DataDefault] [blpcfgokakmgnkcojhhkbfbldkacnbeo] YouTube v.4.2.6 (Activé)
    G2 – GCE: Preference [User DataDefault] [coobgpohoikkiipiblmjeljniedjpjpf] Recherche Google v.0.0.0.20 (Activé)
    G2 – GCE: Preference [User DataDefault] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [ennkphjdgehloodpbhlhldgbnhmacadg] Settings v.0.2 (Activé)
    G2 – GCE: Preference [User DataDefault] [gfdkimpbcpahaombhbimeihdjnejgicl] Feedback v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [gomekmidlodglbbmalcneegieacbdmki] avast! Online Security v.9.0.2018.95, (Désactivé)
    G2 – GCE: Preference [User DataDefault] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [mgndgikekgjfcpckkfioiadnlibdjbkf] Chrome v.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nkeimhogjdpnpccoofpliimaahmaaome] Google+ Hangouts v.1.0 (Activé)
    G2 – GCE: Preference [User DataDefault] [nmmhkkegccagdldgiimedpiccmgmieda] Google Wallet v.0.0.6.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
    G2 – GCE: Preference [User DataDefault] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activé)

    —\ Liste des dossiers d’extension Google Chrome
    G2 – EXT: C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [Documents Google]
    G2 – EXT: C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [Google Drive]
    G2 – EXT: C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [YouTube]
    G2 – EXT: C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf [Recherche Google]
    G2 – EXT: C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensionsgomekmidlodglbbmalcneegieacbdmki [avast! Online Security]
    G2 – EXT: C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [Google Wallet]
    G2 – EXT: C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [Gmail]
    ~ Google Lines Browser: 24 Scanned in 00mn 01s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    M0 – MFSP: prefs.js [OPERATEUR – f2ibh1gc.default] http://fr.yahoo.com » onclick= »window.open(this.href);return false;
    M2 – MFEP: prefs.js [OPERATEUR – f2ibh1gc.default{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v2.5.9.20130411104515 (..)
    P2 – FPN:Firefox Plugin Navigator . (.Microsoft Corporation – The plugin allows you to have a better experience with Microsoft Lync.) — C:Program FilesMozilla FirefoxPluginsnpMeetingJoinPluginOC.dll
    P2 – FPN: [HKLM] [@adobe.com/FlashPlayer] – (…) — C:Windowssystem32MacromedFlashNPSWF32.dll
    P2 – FPN: [HKLM] [@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf] – (.Foxit Corporation – Foxit Reader Plug-In For Firefox and Netscape.) — C:Program FilesFoxit SoftwareFoxit ReaderpluginsnpFoxitReaderPlugin.dll
    P2 – FPN: [HKLM] [@java.com/DTPlugin,version=1.6.0_37] – (.Sun Microsystems, Inc. – NPRuntime Script Plug-in Library for Java(TM) Deploy.) — C:Windowssystem32npdeployJava1.dll
    P2 – FPN: [HKLM] [@java.com/JavaPlugin] – (.Sun Microsystems, Inc. – Next Generation Java Plug-in 1.6.0_37 for Mozilla browsers.) — C:Program FilesJavajre6binplugin2npjp2.dll
    P2 – FPN: [HKLM] [@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6] – (.Yahoo! Inc. – Yahoo Application State Plugin version 1.0.0.7.) — C:Program FilesYahoo!SharednpYState.dll
    P2 – FPN: [HKLM] [@microsoft.com/Lync,version=15.0] – (.Microsoft Corporation – The plugin allows you to have a better experience with Microsoft Lync.) — C:Program FilesMozilla Firefoxpluginsnpmeetingjoinpluginoc.dll
    P2 – FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] – (.Microsoft Corporation – The plugin allows you to have a better experience with Microsoft Share.) — C:Program FilesMicrosoft OfficeOffice15NPSPWRAP.dll
    P2 – FPN: [HKLM] [@tools.google.com/Google Update;version=3] – (.Google Inc. – Google Update.) — C:Program FilesGoogleUpdate1.3.24.7npGoogleUpdate3.dll
    P2 – FPN: [HKLM] [@tools.google.com/Google Update;version=9] – (.Google Inc. – Google Update.) — C:Program FilesGoogleUpdate1.3.24.7npGoogleUpdate3.dll
    P2 – FPN: [HKLM] [@videolan.org/vlc,version=2.0.8] – (.VideoLAN – VLC media player Web Plugin 2.1.3.) — C:Program FilesVideoLANVLCnpvlc.dll =>.VideoLAN
    P2 – FPN: [HKLM] [@videolan.org/vlc,version=2.1.3] – (.VideoLAN – VLC media player Web Plugin 2.1.3.) — C:Program FilesVideoLANVLCnpvlc.dll =>.VideoLAN
    ~ Firefox Browser: 15 Scanned in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://fr.yahoo.com » onclick= »window.open(this.href);return false;
    R0 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://fr.yahoo.com » onclick= »window.open(this.href);return false;
    R1 – HKCUSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com » onclick= »window.open(this.href);return false;
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com » onclick= »window.open(this.href);return false;
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://fr.yahoo.com » onclick= »window.open(this.href);return false;
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Extensions Off Page = about:noadd-ons
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Security Risk Page = about:securityrisk
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com » onclick= »window.open(this.href);return false;
    R3 – URLSearchHook: Microsoft Url Search Hook – {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.VideoLAN – VLC media player Web Plugin 2.1.3.) (No version) — (.not file.) =>.VideoLAN
    R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.VideoLAN – VLC media player Web Plugin 2.1.3.) (No version) — (.not file.) =>.VideoLAN
    R4 – HKLMSOFTWAREMicrosoftInternet ExplorerPhishingFilter,EnabledV8 = 0
    ~ IE Browser: 11 Scanned in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=C:WindowsSystem32SystemPropertiesPerformance.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hosts est sain (The hosts file is clean).
    ~ Hosts File: Scanned in 00mn 00s
    ~ Nombre de lignes (Lines number): 21

    —\ Browser Helper Objects de navigateur (O2)
    O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} . (.Yahoo! Inc. – Yahoo! Toolbar.) — C:Program FilesYahoo!CompanionInstallscpnyt.dll
    O2 – BHO: HP Print Enhancer – {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. – HP Smart Web Printing add-on for Internet E.) — C:Program FilesHPDigital ImagingSmart Web Printinghpswp_printenhancer.dll
    O2 – BHO: Lync Click to Call BHO – {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation – Microsoft Lync.) — C:Program FilesMicrosoft OfficeOffice15OCHelper.dll
    O2 – BHO: Java(tm) Plug-In SSV Helper – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. – Java(TM) Platform SE binary.) — C:Program FilesJavajre6binssv.dll
    O2 – BHO: avast! Online Security – {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software – IE Webrep plugin.) — C:Program FilesAVAST SoftwareAvastaswWebRepIE.dll
    O2 – BHO: URLRedirectionBHO – {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation – Microsoft Office Document Cache Handler.) — C:Program FilesMicrosoft OfficeOffice15URLREDIR.dll
    O2 – BHO: Microsoft SkyDrive Pro Browser Helper – {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} . (.Microsoft Corporation – Microsoft OneDrive for Business Extensions.) — C:Program FilesMicrosoft OfficeOffice15GROOVEEX.dll =>.Microsoft Corporation
    O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. – Java(TM) Platform SE binary.) — C:Program FilesJavajre6binjp2ssv.dll
    O2 – BHO: TabExplorerHelper – {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} . (.EJIE Technology – Clover Tab Explorer Helper.) — C:Program FilesCloverTabHelper32.dll
    O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} . (.Yahoo! Inc – Yahoo! Single Instance for Mail.) — C:Program FilesYahoo!CompanionInstallscpnYTSingleInstance.dll
    O2 – BHO: HP Smart BHO Class – {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. – HP Smart Web Printing add-on for Internet E.) — C:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll
    ~ BHO: 22 Scanned in 00mn 00s

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: Yahoo! Toolbar – [HKLM]{EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Yahoo! Inc. – Yahoo! Toolbar.) — C:Program FilesYahoo!CompanionInstallscpnyt.dll
    ~ Toolbar: Scanned in 00mn 00s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [SoundMan] . (.Realtek Semiconductor Corp. – Realtek Sound Manager.) — C:WindowsSOUNDMAN.exe
    O4 – HKLM..Run: [YSearchProtection] . (.Yahoo! Inc – Yahoo! Application.) — C:Program FilesYahoo!Search ProtectionSearchProtection.exe
    O4 – HKLM..Run: [HP Software Update] . (.Hewlett-Packard – hpwuSchd Application.) — C:Program FilesHPHP Software UpdateHPWuSchd2.exe =>.Hewlett-Packard Co
    O4 – HKLM..Run: [AvastUI.exe] . (.AVAST Software – avast! Antivirus.) — C:Program FilesAVAST SoftwareAvastAvastUI.exe
    O4 – HKLM..Run: [VMonitorVMUVC] . (.Vimicro Corporation – Monitor SnapShot Button.) — C:Program FilesVimicro CorporationVMUVCVMonitor.exe
    O4 – HKLM..Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. – Java(TM) Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe =>.Oracle Corporation
    O4 – HKCU..Run: [SuperCopier2.exe] . (.SFX TEAM – SuperCopier 2 (explorer file copy replaceme.) — C:Program FilesSuperCopier2SuperCopier2.exe
    O4 – HKCU..Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. – Yahoo! Messenger.) — C:Program FilesYahoo!MessengerYahooMessenger.exe
    O4 – HKCU..Run: [Search Protection] . (.Yahoo! Inc – Yahoo! Application.) — C:Program FilesYahoo!Search ProtectionSearchProtection.exe
    O4 – HKCU..Run: [InternetCalls] C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe (.not file.)
    O4 – HKCU..Run: [VoipConnect] C:Program FilesVoipConnect.comVoipConnectVoipConnect.exe (.not file.)
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Gadgets du Bureau Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..RunOnce: [mctadmin] . (.Microsoft Corporation – MCTAdmin.) — C:WindowsSystem32mctadmin.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-21-4055012067-1499113417-2862841071-1000..Run: [SuperCopier2.exe] . (.SFX TEAM – SuperCopier 2 (explorer file copy replaceme.) — C:Program FilesSuperCopier2SuperCopier2.exe
    O4 – HKUSS-1-5-21-4055012067-1499113417-2862841071-1000..Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. – Yahoo! Messenger.) — C:Program FilesYahoo!MessengerYahooMessenger.exe
    O4 – HKUSS-1-5-21-4055012067-1499113417-2862841071-1000..Run: [Search Protection] . (.Yahoo! Inc – Yahoo! Application.) — C:Program FilesYahoo!Search ProtectionSearchProtection.exe
    O4 – HKUSS-1-5-21-4055012067-1499113417-2862841071-1000..Run: [InternetCalls] C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe (.not file.)
    O4 – HKUSS-1-5-21-4055012067-1499113417-2862841071-1000..Run: [VoipConnect] C:Program FilesVoipConnect.comVoipConnectVoipConnect.exe (.not file.)
    ~ Application: Scanned in 00mn 00s

    —\ Invisibilité de l’icône d’options IE dans le panneau de Configuration (O5)
    O5 – control.ini: [HKLM..Control Panel] inetcpl.cpl=no
    ~ IE Control Panel: 1 Scanned in 00mn 00s

    —\ Boutons situés sur la barre d’outils principale d’Internet Explorer (O9)
    O9 – Extra button: &Envoyer à OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~2Office15ONBttnIE.dll =>.Microsoft Corporation
    O9 – Extra button: Cliquer pour appeler Lync – {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation – Microsoft Lync.) — C:Program FilesMicrosoft OfficeOffice15lync.exe
    O9 – Extra button: Notes &liées OneNote – {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation – Microsoft OneNote Internet Explorer Add-in.) — C:Program FilesMICROS~2Office15ONBTTN~1.dll =>.Microsoft Corporation
    O9 – Extra button: Afficher ou masquer l’HP Smart Web Printing – {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. – HP Smart Web Printing add-on for Internet Explorer.) — C:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Winsock hijacker (Layered Service Provider) (O10)
    O10 – WLSP:00000000001Winsock LSP File . (.Microsoft Corporation – Network Location Awareness 2.) — C:Windowssystem32NLAapi.dll
    O10 – WLSP:00000000002Winsock LSP File . (.Microsoft Corporation – Fournisseur Shim d’affectation de noms de messagerie.) — C:Windowssystem32napinsp.dll
    O10 – WLSP:00000000003Winsock LSP File . (.Microsoft Corporation – Fournisseur d’espace de noms PNRP.) — C:Windowssystem32pnrpnsp.dll
    O10 – WLSP:00000000004Winsock LSP File . (.Microsoft Corporation – Fournisseur d’espace de noms PNRP.) — C:Windowssystem32pnrpnsp.dll
    O10 – WLSP:00000000005Winsock LSP File . (.Microsoft Corporation – Fournisseur de service Sockets 2.0 de Microsoft Windows.) — C:Windowssystem32mswsock.dll =>.Microsoft Corporation
    O10 – WLSP:00000000006Winsock LSP File . (.Microsoft Corporation – LDAP RnR Provider DLL.) — C:Windowssystem32winrnr.dll
    O10 – WLSP:00000000007Winsock LSP File . (.Apple Inc. – Bonjour Namespace Provider.) — C:Program FilesBonjourmdnsNSP.dll
    ~ Winsock: 7 Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{09D9E5A6-7D73-4CF1-A3BB-188E01ED2F4C}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpip..{5A9FDEF4-0968-4ED1-AF8D-736C13504513}: DhcpNameServer = 109.88.203.3 62.197.111.140
    O17 – HKLMSystemCCSServicesTcpip..{9E1D9BA8-8D45-4E44-B5FB-1323A4F5CE1A}: DhcpNameServer = 109.88.203.3 62.197.111.140
    O17 – HKLMSystemCS1ServicesTcpip..{09D9E5A6-7D73-4CF1-A3BB-188E01ED2F4C}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{5A9FDEF4-0968-4ED1-AF8D-736C13504513}: DhcpNameServer = 109.88.203.3 62.197.111.140
    O17 – HKLMSystemCS1ServicesTcpip..{9E1D9BA8-8D45-4E44-B5FB-1323A4F5CE1A}: DhcpNameServer = 109.88.203.3 62.197.111.140
    O17 – HKLMSystemCS2ServicesTcpip..{09D9E5A6-7D73-4CF1-A3BB-188E01ED2F4C}: DhcpNameServer = 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{5A9FDEF4-0968-4ED1-AF8D-736C13504513}: DhcpNameServer = 109.88.203.3 62.197.111.140
    O17 – HKLMSystemCS2ServicesTcpip..{9E1D9BA8-8D45-4E44-B5FB-1323A4F5CE1A}: DhcpNameServer = 109.88.203.3 62.197.111.140
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: vbscript – {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation – Microsoft (R) HTML Viewer.) — C:WindowsSystem32mshtml.dll
    O18 – Filter: text/xml – {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation – Microsoft Office XML MIME Filter.) — C:Program FilesCommon FilesMicrosoft SharedOFFICE15MSOXMLMF.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
    O21 – SSODL: WebCheck – {E6FB5E20-DE35-11CF-9C87-00AA005127ED} – CLSID or File not found.
    ~ SSODL: 1 Scanned in 00mn 00s

    —\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 – Service: Advantage Database Server (Advantage) . (.iAnywhere Solutions, Inc. – Advantage Database Server.) – C:Program FilesAdvantage 9.10ServerADS.exe
    O23 – Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software – avast! Service.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    O23 – Service: Service Bonjour (Bonjour Service) . (.Apple Inc. – Bonjour Service.) – C:Program FilesBonjourmDNSResponder.exe
    O23 – Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. – Programme d’installation de Google.) – C:Program FilesGoogleUpdateGoogleUpdate.exe =>.Google Inc
    O23 – Service: NVIDIA Driver Helper Service (NVSvc) . (.NVIDIA Corporation – NVIDIA Driver Helper Service, Version 270.6.) – C:WindowsSystem32nvvsvc.exe
    O23 – Service: PandoraService (PanService) . (.Pandora.TV – Pandora.TV service file.) – C:Program FilesPANDORA.TVPanServiceKMPService.exe
    ~ Services: 6 Scanned in 00mn 08s

    —\ Enumération Active Desktop & MHTML Editor (O24)
    O24 – Default MHTML Editor: Last – .(…) – (.not file.)
    ~ Desktop Component: 4 Scanned in 00mn 00s

    —\ Enumère les données de BootExecute (BEX) (O34)
    O34 – HKLM BootExecute: (autocheck autochk *) – File not found
    ~ BEX: 1 Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    [MD5.9E76CDD50C3DDDB739150D778EEC0B93] [APT] [avast! Emergency Update] (.AVAST Software.) — C:Program FilesAVAST SoftwareAvastAvastEmUpdate.exe [804304]
    [MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) — C:Program FilesGoogleUpdateGoogleUpdate.exe [116648]
    [MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) — C:Program FilesGoogleUpdateGoogleUpdate.exe [116648]
    [MD5.A8B6CC225CE6F337813EAFDD91F4AD11] [APT] [{06CFB78D-F6DF-4480-A1D8-9DBF579CC4AD}] (.Nicolas Coolman.) — C:UsersOPERATEURDownloadsZHPDiag2 (1).exe [6854914]
    [MD5.C155A13687144076286989EF078112C2] [APT] [{744CC284-81A3-4B86-A2A5-886AD3818992}] (.Nicolas Coolman.) — C:Program FilesZHPDiagZHPFixZHPhep.exe [1917440]
    [MD5.34EBD4FF6A24D86BB4716D6AFCC1A89B] [APT] [AppleSoftwareUpdate] (.Apple Inc..) — C:Program FilesApple Software UpdateSoftwareUpdate.exe [561984]
    O39 – APT: GoogleUpdateTaskMachineCore – (.Google Inc..) — C:WindowsTasksGoogleUpdateTaskMachineCore.job [1058]
    O39 – APT: GoogleUpdateTaskMachineCore – (.Google Inc..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1058]
    O39 – APT: GoogleUpdateTaskMachineUA – (.Google Inc..) — C:WindowsTasksGoogleUpdateTaskMachineUA.job [1062]
    O39 – APT: GoogleUpdateTaskMachineUA – (.Google Inc..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1062]
    ~ Scheduled Task: 11 Scanned in 00mn 07s

    —\ Composants installés (ActiveSetup Installed Components) (O40)
    O40 – ASIC: Microsoft Windows Media Player – >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation – Ressources du Lecteur Windows Media.) — C:WindowsSystem32wmploc.dll =>.Microsoft Corporation
    O40 – ASIC: Internet Explorer – >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation – IE Per-User Initialization Utility.) — C:WindowsSystem32ie4uinit.exe
    O40 – ASIC: Browser Customizations – >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation – IEAK branding.) — C:WindowsSystem32iedkcs32.dll
    O40 – ASIC: Java (Sun) – {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. – Java(TM) Platform SE binary.) — C:Program FilesJavajre6binregutils.dll
    O40 – ASIC: Microsoft Windows Media Player 12.0 – {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation – Windows Media Player Extension.) — C:WindowsSystem32wmpdxm.dll =>.Microsoft Corporation
    O40 – ASIC: Themes Setup – {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation – API Windows Theme.) — C:WindowsSystem32themeui.dll
    O40 – ASIC: Microsoft Windows – {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation – Windows Mail.) — C:Program FilesWindows MailWinMail.exe =>.Microsoft Corporation
    O40 – ASIC: Browsing Enhancements – {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation – Extension Shell dossier FTP Microsoft Internet Explorer..) — C:WindowsSystem32msieftp.dll
    O40 – ASIC: Microsoft Windows Media Player – {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation – Ressources du Lecteur Windows Media.) — C:WindowsSystem32wmploc.dll =>.Microsoft Corporation
    O40 – ASIC: Windows Desktop Update – {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation – DLL commune du shell Windows.) — C:WindowsSystem32shell32.dll
    O40 – ASIC: Web Platform Customizations – {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation – IE Per-User Initialization Utility.) — C:WindowsSystem32ie4uinit.exe
    O40 – ASIC: (no name) – {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation – Microsoft .NET IE SECURITY REGISTRATION.) — C:Windowssystem32mscories.dll
    O40 – ASIC: Google Chrome – {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. – Google Chrome Installer.) — C:Program FilesGoogleChromeApplication35.0.1916.153Installerchrmstp.exe
    ~ Active Setup: 13 Scanned in 00mn 00s

    —\ Pilotes lancés au démarrage du système (O41)
    O41 – Driver: C:WindowsSystem32driversafd.sys (AFD) . (.Microsoft Corporation – Ancillary Function Driver for WinSock.) – C:Windowssystem32driversafd.sys
    O41 – Driver: (aswRdr) . (.AVAST Software – avast! WFP Redirect Driver.) – C:Windowssystem32driversaswRdr2.sys
    O41 – Driver: (aswSnx) . (.AVAST Software – avast! Virtualization Driver.) – C:Windowssystem32driversaswSnx.sys
    O41 – Driver: (aswSP) . (.AVAST Software – avast! self protection module.) – C:Windowssystem32driversaswSP.sys
    O41 – Driver: (blbdrive) . (.Microsoft Corporation – BLB Drive Driver.) – C:WindowsSystem32DRIVERSblbdrive.sys
    O41 – Driver: (cdrom) . (.Microsoft Corporation – SCSI CD-ROM Driver.) – C:WindowsSystem32DRIVERScdrom.sys
    O41 – Driver: C:WindowsSystem32cscsvc.dll (CSC) . (.Microsoft Corporation – Windows Client Side Caching Driver.) – C:WindowsSystem32driverscsc.sys
    O41 – Driver: C:WindowsSystem32driversdfsc.sys (DfsC) . (.Microsoft Corporation – DFS Namespace Client Driver.) – C:WindowsSystem32Driversdfsc.sys
    O41 – Driver: C:WindowsSystem32driversdiscache.sys (discache) . (.Microsoft Corporation – System Indexer/Cache Driver.) – C:WindowsSystem32driversdiscache.sys
    O41 – Driver: (mssmbios) . (.Microsoft Corporation – System Management BIOS Driver.) – C:WindowsSystem32DRIVERSmssmbios.sys
    O41 – Driver: (NetBIOS) . (.Microsoft Corporation – NetBIOS interface driver.) – C:WindowsSystem32DRIVERSnetbios.sys
    O41 – Driver: C:WindowsSystem32driversnetbt.sys (NetBT) . (.Microsoft Corporation – MBT Transport driver.) – C:WindowsSystem32DRIVERSnetbt.sys
    O41 – Driver: C:WindowsSystem32driversnsiproxy.sys (nsiproxy) . (.Microsoft Corporation – NSI Proxy.) – C:WindowsSystem32driversnsiproxy.sys
    O41 – Driver: C:WindowsSystem32driverspacer.sys (Psched) . (.Microsoft Corporation – Planificateur de paquets QoS.) – C:WindowsSystem32DRIVERSpacer.sys
    O41 – Driver: C:WindowsSystem32wkssvc.dll (rdbss) . (.Microsoft Corporation – Pilote du sous-système de mise en mémoire t.) – C:WindowsSystem32DRIVERSrdbss.sys
    O41 – Driver: C:WindowsSystem32DRIVERSRDPCDD.sys (RDPCDD) . (.Microsoft Corporation – RDP Miniport.) – C:WindowsSystem32DRIVERSRDPCDD.sys
    O41 – Driver: C:WindowsSystem32driversRDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation – RDP Encoder Miniport.) – C:WindowsSystem32driversrdpencdd.sys
    O41 – Driver: C:WindowsSystem32driversRdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation – RDP Reflector Driver Miniport.) – C:WindowsSystem32driversrdprefmp.sys
    O41 – Driver: (Serial) . (.Microsoft Corporation – Pilote de périphérique série.) – C:WindowsSystem32DRIVERSserial.sys
    O41 – Driver: C:WindowsSystem32tcpipcfg.dll (tdx) . (.Microsoft Corporation – TDI Translation Driver.) – C:WindowsSystem32DRIVERStdx.sys
    O41 – Driver: (TermDD) . (.Microsoft Corporation – Remote Desktop Server Driver.) – C:WindowsSystem32DRIVERStermdd.sys
    O41 – Driver: (VgaSave) . (.Microsoft Corporation – VGA/Super VGA Video Driver.) – C:Windowssystem32driversvga.sys
    O41 – Driver: C:WindowsSystem32rascfg.dll (Wanarpv6) . (.Microsoft Corporation – MS Remote Access and Routing ARP Driver.) – C:WindowsSystem32DRIVERSwanarp.sys
    O41 – Driver: (WfpLwf) . (.Microsoft Corporation – WFP NDIS 6.20 Lightweight Filter Driver.) – C:WindowsSystem32DRIVERSwfplwf.sys
    ~ Drivers: 72 Scanned in 00mn 01s

    —\ Logiciels installés (O42)
    O42 – Logiciel: 32 Bit HP CIO Components Installer – (.Hewlett-Packard.) [HKLM] — {60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}
    O42 – Logiciel: Advantage Database Server for Windows v9.10 – (.iAnywhere, Inc..) [HKLM] — {0DE5137F-581B-448C-AF70-9498EF364E34}
    O42 – Logiciel: Aiseesoft Convertisseur Vidéo Total Platinum 6.3.22 – (…) [HKLM] — {3661F243-518C-4d05-8BDF-7B10CC22689F}_is1
    O42 – Logiciel: Analyzed – (.Marko Mihovilic.) [HKLM] — Analyzed_is1
    O42 – Logiciel: Apple Software Update – (.Apple Inc..) [HKLM] — {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} =>.Apple Inc
    O42 – Logiciel: BOB 50 – (…) [HKLM] — {A88321FF-A50F-4C79-BE65-0BA25317341F}
    O42 – Logiciel: Barbie(TM) Aventurière – (…) [HKLM] — {BAA7291A-6D13-4156-9E4B-62EC5F7E03E1}
    O42 – Logiciel: Bonjour – (.Apple Inc..) [HKLM] — {79155F2B-9895-49D7-8612-D92580E0DE5B}
    O42 – Logiciel: Canyon USB2.0 PC Camera – (.Vimicro Corp..) [HKLM] — {71A51A91-E7D3-11DB-A386-005056C00008}
    O42 – Logiciel: Chap_6 – (.Van In.) [HKLM] — {D825ADCF-A37F-4FAE-B7A5-37951EC942DC}
    O42 – Logiciel: Clover 3.0 – (…) [HKLM] — Clover
    O42 – Logiciel: Cooking Academy 2: Cuisine du Monde – (.City Interactive.) [HKLM] — Cooking Academy 2/FR/NL-French_is1
    O42 – Logiciel: Dropbox – (.Dropbox, Inc..) [HKCU] — Dropbox
    O42 – Logiciel: Foxit Reader – (.Foxit Corporation.) [HKLM] — {BDDF6AEE-7AD7-4CDA-B57F-5BDF9417AD4F}
    O42 – Logiciel: Google Chrome – (.Google Inc..) [HKLM] — Google Chrome
    O42 – Logiciel: Google Update Helper – (.Google Inc..) [HKLM] — {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    O42 – Logiciel: HP Customer Participation Program 14.0 – (.HP.) [HKLM] — HPExtendedCapabilities
    O42 – Logiciel: HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 – (.HP.) [HKLM] — {819CA3BC-2FF8-4811-B42F-421F7BFD3559}
    O42 – Logiciel: HP Imaging Device Functions 14.0 – (.HP.) [HKLM] — HP Imaging Device Functions
    O42 – Logiciel: HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 – (.HP.) [HKLM] — {014E482A-0C27-47E3-BA82-307E9DCA2F47} =>.Hewlett-Packard Co
    O42 – Logiciel: HP Smart Web Printing 4.60 – (.HP.) [HKLM] — HP Smart Web Printing
    O42 – Logiciel: HP Solution Center 14.0 – (.HP.) [HKLM] — HP Solution Center & Imaging Support Tools
    O42 – Logiciel: HP Update – (.Hewlett-Packard.) [HKLM] — {74DC0593-6BC6-4001-AD5F-D810AFB68D86}
    O42 – Logiciel: Java(TM) 6 Update 37 – (.Oracle.) [HKLM] — {26A24AE4-039D-4CA4-87B4-2F83216037FF}
    O42 – Logiciel: K-Lite Codec Pack 8.4.0 (Full) – (…) [HKLM] — KLiteCodecPack_is1
    O42 – Logiciel: KMP Service – (.KMP.) [HKLM] — 4F6D5E84-5826-4394-9F40-3A9A19165651_is1
    O42 – Logiciel: Microsoft Access MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0015-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Access MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0015-040C-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Access Setup Metadata MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0117-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft DCF MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0090-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft DCF MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0090-040C-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Excel MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0016-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Excel MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0016-040C-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Groove MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-00BA-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Groove MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-00BA-040C-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft InfoPath MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0044-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft InfoPath MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0044-040C-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Lync MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-012B-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Lync MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-012B-040C-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft OneNote MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-00A1-0409-0000-0000000FF1CE} =>.Microsoft Corporation
    O42 – Logiciel: Microsoft OneNote MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-00A1-040C-0000-0000000FF1CE} =>.Microsoft Corporation
    O42 – Logiciel: Microsoft Outlook MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-001A-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Outlook MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-001A-040C-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft PowerPoint MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0018-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft PowerPoint MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0018-040C-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Publisher MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0019-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Publisher MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-0019-040C-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Windows Media Video 9 VCM – (…) [HKLM] — WMV9_VCM
    O42 – Logiciel: Microsoft Word MUI (English) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-001B-0409-0000-0000000FF1CE}
    O42 – Logiciel: Microsoft Word MUI (French) 2013 – (.Microsoft Corporation.) [HKLM] — {90150000-001B-040C-0000-0000000FF1CE}
    O42 – Logiciel: Mozilla Firefox 27.0.1 (x86 fr) – (.Mozilla.) [HKLM] — Mozilla Firefox 27.0.1 (x86 fr)
    O42 – Logiciel: Mozilla Maintenance Service – (.Mozilla.) [HKLM] — MozillaMaintenanceService
    O42 – Logiciel: NPR1_demo – (.Van In.) [HKLM] — {BD42F26E-CD2E-4A5E-9D4A-2029B2BF88F8}
    O42 – Logiciel: Realtek AC’97 Audio – (…) [HKLM] — {FB08F381-6533-4108-B7DD-039E11FBC27E}
    O42 – Logiciel: Shop for HP Supplies – (.HP.) [HKLM] — Shop for HP Supplies
    O42 – Logiciel: SuperCopier2 – (…) [HKLM] — SuperCopier2
    O42 – Logiciel: The KMPlayer (remove only) – (.KMP Media co., Ltd.) [HKLM] — The KMPlayer
    O42 – Logiciel: Totally Spies! Totally Party – (…) [HKLM] — Totally Party
    O42 – Logiciel: VLC media player 2.1.3 – (.VideoLAN.) [HKLM] — VLC media player =>.VideoLAN
    O42 – Logiciel: WinDjView 1.0.3 – (.Andrew Zhezherun.) [HKLM] — WinDjView
    O42 – Logiciel: WinRAR 4.00 (32-bit) – (.win.rar GmbH.) [HKLM] — WinRAR archiver
    O42 – Logiciel: XMind 2012 (v3.3.1) – (.XMind Ltd..) [HKLM] — XMind_is1
    O42 – Logiciel: Yahoo! Messenger – (.Yahoo! Inc..) [HKLM] — Yahoo! Messenger
    O42 – Logiciel: Yahoo! Search Protection – (…) [HKLM] — Yahoo! Search Defender
    O42 – Logiciel: Yahoo! Software Update – (…) [HKLM] — Yahoo! Software Update
    O42 – Logiciel: Yahoo! Toolbar – (…) [HKLM] — Yahoo! Companion
    O42 – Logiciel: avast! Free Antivirus v9.0.2018 – (.Avast Software.) [HKLM] — Avast
    ~ Logic: 46 Scanned in 00mn 00s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareAVAST Software]
    [HKCUSoftwareAdvantage 9.10 Links]
    [HKCUSoftwareAiseesoft Studio]
    [HKCUSoftwareAppDataLowSoftwareYahoo]
    [HKCUSoftwareAppDataLow]
    [HKCUSoftwareApple Inc.]
    [HKCUSoftwareBOB 50]
    [HKCUSoftwareBitTorrent] =>P2P.BitTorrent
    [HKCUSoftwareBordboekPlus]
    [HKCUSoftwareClasses]
    [HKCUSoftwareClients]
    [HKCUSoftwareClover]
    [HKCUSoftwareDRPSu Updater]
    [HKCUSoftwareFoxit Software]
    [HKCUSoftwareFroggie]
    [HKCUSoftwareFugazo]
    [HKCUSoftwareGNU]
    [HKCUSoftwareGabest]
    [HKCUSoftwareGoogle]
    [HKCUSoftwareHP]
    [HKCUSoftwareHaali]
    [HKCUSoftwareHewlett-Packard]
    [HKCUSoftwareIM Providers]
    [HKCUSoftwareInternetCalls]
    [HKCUSoftwareJavaSoft]
    [HKCUSoftwareKMPlayer]
    [HKCUSoftwareLAV]
    [HKCUSoftwareLocal AppWizard-Generated Applications]
    [HKCUSoftwareMacromedia]
    [HKCUSoftwareMediaInfo]
    [HKCUSoftwareMozillaPlugins]
    [HKCUSoftwareMozilla]
    [HKCUSoftwareNVIDIA Corporation]
    [HKCUSoftwareNetscape]
    [HKCUSoftwareODBC]
    [HKCUSoftwareOpera Software]
    [HKCUSoftwarePolicies]
    [HKCUSoftwareRealtek]
    [HKCUSoftwareSFX TEAM]
    [HKCUSoftwareTorch]
    [HKCUSoftwareUsbFix]
    [HKCUSoftwareWinRAR SFX]
    [HKCUSoftwareWinRAR]
    [HKCUSoftwareYahoo]
    [HKCUSoftwaredrpsu]
    [HKCUSoftwaremadFlac]
    [HKCUSoftwaremadshi]
    [HKLMSoftwareATI Technologies]
    [HKLMSoftwareAVAST Software]
    [HKLMSoftwareApple Inc.]
    [HKLMSoftwareBOB Software]
    [HKLMSoftwareCBSTEST]
    [HKLMSoftwareCity Interactive]
    [HKLMSoftwareClasses]
    [HKLMSoftwareClients]
    [HKLMSoftwareFoxit Software]
    [HKLMSoftwareGNU]
    [HKLMSoftwareGabest]
    [HKLMSoftwareGoogle]
    [HKLMSoftwareHaaliMkx]
    [HKLMSoftwareHewlett-Packard]
    [HKLMSoftwareICE]
    [HKLMSoftwareIM Providers]
    [HKLMSoftwareIntel]
    [HKLMSoftwareInterVideo]
    [HKLMSoftwareInternet Download Manager]
    [HKLMSoftwareJavaSoft]
    [HKLMSoftwareJreMetrics]
    [HKLMSoftwareKLCodecPack]
    [HKLMSoftwareKMPlayer]
    [HKLMSoftwareKhronos]
    [HKLMSoftwareLAV]
    [HKLMSoftwareMacromedia]
    [HKLMSoftwareMozillaPlugins]
    [HKLMSoftwareMozilla]
    [HKLMSoftwareNVIDIA Corporation]
    [HKLMSoftwareODBC]
    [HKLMSoftwarePandora.TV]
    [HKLMSoftwarePolicies]
    [HKLMSoftwareRealtek]
    [HKLMSoftwareRegisteredApplications]
    [HKLMSoftwareSRS Labs]
    [HKLMSoftwareSage]
    [HKLMSoftwareSonic]
    [HKLMSoftwareTorch]
    [HKLMSoftwareUbisoft]
    [HKLMSoftwareVideoLAN]
    [HKLMSoftwareVimicro Corp.]
    [HKLMSoftwareVimicro Corporation]
    [HKLMSoftwareVivendi Universal]
    [HKLMSoftwareWOW6432Node]
    [HKLMSoftwareWinRAR]
    [HKLMSoftwareXMind Ltd]
    [HKLMSoftwareYahoo]
    [HKLMSoftwaremozilla.org]
    [HKLMSoftwarevimicro]
    ~ Key Software: 211 Scanned in 00mn 00s

    Lady os
    Participant
    Nombre d'articles : 7

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 10/06/2014 – 17:52:42 – [] —-D C:Program FilesActimath
    O43 – CFD: 25/05/2014 – 21:33:34 – [] —-D C:Program FilesAdvantage 9.10
    O43 – CFD: 06/03/2014 – 18:14:39 – [] —-D C:Program FilesAiseesoft Studio
    O43 – CFD: 06/03/2014 – 17:53:40 – [] —-D C:Program FilesAmbalaGurpreet
    O43 – CFD: 06/03/2014 – 18:16:04 – [] —-D C:Program FilesApple Software Update =>.Apple Inc
    O43 – CFD: 20/04/2014 – 16:34:46 – [] —-D C:Program FilesAVAST Software
    O43 – CFD: 09/06/2014 – 18:12:45 – [] —-D C:Program FilesBarbie(TM)
    O43 – CFD: 06/03/2014 – 18:16:42 – [] —-D C:Program FilesBonjour
    O43 – CFD: 09/06/2014 – 18:00:57 – [] —-D C:Program FilesCity Interactive
    O43 – CFD: 06/03/2014 – 18:07:10 – [] —-D C:Program FilesClover
    O43 – CFD: 09/06/2014 – 18:15:44 – [] —-D C:Program FilesCommon Files
    O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesDVD Maker
    O43 – CFD: 06/03/2014 – 18:29:44 – [] —-D C:Program FilesFoxit Software
    O43 – CFD: 06/03/2014 – 21:04:08 – [] —-D C:Program FilesGoogle
    O43 – CFD: 20/04/2014 – 17:40:57 – [] —-D C:Program FilesHP
    O43 – CFD: 09/06/2014 – 18:15:39 – [] –H-D C:Program FilesInstallShield Installation Information
    O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesInternet Explorer
    O43 – CFD: 11/05/2014 – 18:56:39 – [] —-D C:Program FilesJava
    O43 – CFD: 06/03/2014 – 18:29:32 – [] —-D C:Program FilesK-Lite Codec Pack
    O43 – CFD: 08/03/2014 – 10:08:00 – [] —-D C:Program FilesMicrosoft Analysis Services
    O43 – CFD: 12/04/2011 – 04:24:27 – [] —-D C:Program FilesMicrosoft Games
    O43 – CFD: 08/03/2014 – 10:12:11 – [] —-D C:Program FilesMicrosoft Office
    O43 – CFD: 08/03/2014 – 10:13:32 – [] —-D C:Program FilesMicrosoft SQL Server
    O43 – CFD: 08/03/2014 – 10:53:58 – [] —-D C:Program FilesMicrosoft.NET
    O43 – CFD: 11/05/2014 – 18:57:40 – [] —-D C:Program FilesMozilla Firefox
    O43 – CFD: 11/03/2014 – 18:57:28 – [] —-D C:Program FilesMozilla Maintenance Service
    O43 – CFD: 14/07/2009 – 06:52:30 – [] —-D C:Program FilesMSBuild
    O43 – CFD: 06/03/2014 – 18:24:58 – [] —-D C:Program FilesNVIDIA Corporation
    O43 – CFD: 20/04/2014 – 00:56:37 – [] —-D C:Program FilesOpera
    O43 – CFD: 06/03/2014 – 18:09:37 – [] —-D C:Program FilesPANDORA.TV
    O43 – CFD: 14/07/2009 – 06:52:30 – [] —-D C:Program FilesReference Assemblies
    O43 – CFD: 06/03/2014 – 18:14:04 – [] —-D C:Program FilesSuperCopier2
    O43 – CFD: 06/03/2014 – 18:09:10 – [] —-D C:Program FilesThe KMPlayer
    O43 – CFD: 09/06/2014 – 15:34:29 – [] —-D C:Program FilesUbisoft
    O43 – CFD: 14/07/2009 – 06:53:23 – [0] —-D C:Program FilesUninstall Information
    O43 – CFD: 06/03/2014 – 18:08:04 – [] —-D C:Program FilesVideoLAN
    O43 – CFD: 20/04/2014 – 18:12:09 – [] —-D C:Program FilesVimicro Corporation
    O43 – CFD: 06/03/2014 – 18:30:01 – [] —-D C:Program FilesWinDjView
    O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesWindows Defender
    O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesWindows Journal
    O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesWindows Mail =>.Microsoft Corporation
    O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesWindows Media Player =>.Microsoft Corporation
    O43 – CFD: 14/07/2009 – 06:52:30 – [] —-D C:Program FilesWindows NT
    O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesWindows Photo Viewer
    O43 – CFD: 20/11/2010 – 23:33:48 – [] —-D C:Program FilesWindows Portable Devices
    O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesWindows Sidebar
    O43 – CFD: 06/03/2014 – 18:13:51 – [] —-D C:Program FilesWinRAR
    O43 – CFD: 09/06/2014 – 15:40:54 – [] —-D C:Program FilesWMV9_VCM
    O43 – CFD: 11/05/2014 – 19:14:22 – [] —-D C:Program FilesXMind
    O43 – CFD: 20/04/2014 – 17:41:46 – [] —-D C:Program FilesYahoo!
    O43 – CFD: 20/06/2014 – 16:25:08 – [] —-D C:Program FilesZHPDiag =>.Nicolas Coolman
    O43 – CFD: 08/03/2014 – 10:14:03 – [] —-D C:Program FilesCommon FilesDESIGNER
    O43 – CFD: 09/03/2014 – 22:05:45 – [] —-D C:Program FilesCommon FilesHewlett-Packard
    O43 – CFD: 09/03/2014 – 22:06:00 – [] —-D C:Program FilesCommon FilesHP
    O43 – CFD: 25/05/2014 – 21:33:57 – [] —-D C:Program FilesCommon FilesInstallShield
    O43 – CFD: 11/05/2014 – 18:57:55 – [] —-D C:Program FilesCommon FilesJava
    O43 – CFD: 08/03/2014 – 10:56:33 – [] —-D C:Program FilesCommon Filesmicrosoft shared
    O43 – CFD: 14/07/2009 – 04:37:05 – [] —-D C:Program FilesCommon FilesServices
    O43 – CFD: 14/07/2009 – 04:37:05 – [] —-D C:Program FilesCommon FilesSpeechEngines
    O43 – CFD: 09/06/2014 – 18:15:44 – [0] —-D C:Program FilesCommon FilesSWF Studio
    O43 – CFD: 08/03/2014 – 10:09:52 – [] —-D C:Program FilesCommon FilesSystem
    O43 – CFD: 06/03/2014 – 18:14:39 – [] —-D C:ProgramDataAiseesoft Studio
    O43 – CFD: 06/03/2014 – 18:16:03 – [] —-D C:ProgramDataApple
    O43 – CFD: 06/03/2014 – 18:17:25 – [] —-D C:ProgramDataApple Computer
    O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:ProgramDataApplication Data
    O43 – CFD: 20/04/2014 – 16:33:44 – [] —-D C:ProgramDataAVAST Software
    O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:ProgramDataDesktop
    O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:ProgramDataDocuments
    O43 – CFD: 08/05/2014 – 20:36:14 – [] —-D C:ProgramDatae856c62a7ad85c7f
    O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:ProgramDataFavorites
    O43 – CFD: 09/06/2014 – 18:04:30 – [] —-D C:ProgramDataFugazo
    O43 – CFD: 20/04/2014 – 17:40:31 – [] —-D C:ProgramDataHP
    O43 – CFD: 20/04/2014 – 17:40:18 – [] —-D C:ProgramDataHP Product Assistant
    O43 – CFD: 06/03/2014 – 20:22:45 – [0] —-D C:ProgramDataIDM
    O43 – CFD: 08/05/2014 – 20:45:25 – [] —-D C:ProgramDataItsReadyApp
    O43 – CFD: 06/03/2014 – 20:05:30 – [] —-D C:ProgramDataMicrosoft
    O43 – CFD: 22/04/2014 – 19:32:34 – [] —-D C:ProgramDataMicrosoft Help
    O43 – CFD: 06/03/2014 – 18:16:18 – [] —-D C:ProgramDataMozilla
    O43 – CFD: 06/03/2014 – 18:25:14 – [] —-D C:ProgramDataNVIDIA
    O43 – CFD: 06/03/2014 – 18:23:24 – [] —-D C:ProgramDataNVIDIA Corporation
    O43 – CFD: 08/03/2014 – 10:52:23 – [] —-D C:ProgramDataregid.1991-06.com.microsoft
    O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:ProgramDataStart Menu
    O43 – CFD: 11/05/2014 – 18:57:58 – [] —-D C:ProgramDataSun
    O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:ProgramDataTemplates
    O43 – CFD: 09/06/2014 – 15:34:29 – [] —-D C:ProgramDataUbisoft
    O43 – CFD: 09/03/2014 – 22:10:55 – [] —-D C:ProgramDataWEBREG
    O43 – CFD: 07/03/2014 – 18:31:36 – [] —-D C:ProgramDataYahoo!
    O43 – CFD: 20/04/2014 – 17:41:41 – [] —-D C:ProgramDataYahoo! Companion
    O43 – CFD: 06/03/2014 – 20:22:09 – [] —-D C:UsersOPERATEURAppDataRoamingAdobe
    O43 – CFD: 06/03/2014 – 21:10:26 – [] —-D C:UsersOPERATEURAppDataRoamingApple Computer
    O43 – CFD: 20/04/2014 – 16:37:15 – [] —-D C:UsersOPERATEURAppDataRoamingAVAST Software
    O43 – CFD: 20/04/2014 – 13:26:14 – [0] —-D C:UsersOPERATEURAppDataRoamingDMCache
    O43 – CFD: 20/04/2014 – 16:41:39 – [] —-D C:UsersOPERATEURAppDataRoamingDropbox
    O43 – CFD: 20/04/2014 – 16:41:37 – [] —-D C:UsersOPERATEURAppDataRoamingDropboxMaster
    O43 – CFD: 06/03/2014 – 19:57:06 – [0] —-D C:UsersOPERATEURAppDataRoamingDRPSu
    O43 – CFD: 09/05/2014 – 11:01:18 – [] —-D C:UsersOPERATEURAppDataRoamingFoxit Software
    O43 – CFD: 20/04/2014 – 17:44:49 – [] —-D C:UsersOPERATEURAppDataRoamingHP
    O43 – CFD: 13/06/2014 – 21:22:43 – [] —-D C:UsersOPERATEURAppDataRoamingHpUpdate
    O43 – CFD: 06/03/2014 – 17:55:42 – [] —-D C:UsersOPERATEURAppDataRoamingIdentities
    O43 – CFD: 20/04/2014 – 18:10:02 – [] —-D C:UsersOPERATEURAppDataRoamingInstallShield
    O43 – CFD: 07/03/2014 – 18:41:14 – [] —-D C:UsersOPERATEURAppDataRoamingInternetCalls
    O43 – CFD: 06/03/2014 – 20:22:10 – [] —-D C:UsersOPERATEURAppDataRoamingMacromedia
    O43 – CFD: 12/04/2011 – 04:24:18 – [0] —-D C:UsersOPERATEURAppDataRoamingMedia Center Programs
    O43 – CFD: 06/03/2014 – 20:10:40 – [] —-D C:UsersOPERATEURAppDataRoamingMedia Player Classic
    O43 – CFD: 16/06/2014 – 22:45:25 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoft
    O43 – CFD: 06/03/2014 – 18:17:06 – [] —-D C:UsersOPERATEURAppDataRoamingMozilla
    O43 – CFD: 06/03/2014 – 18:16:22 – [] —-D C:UsersOPERATEURAppDataRoamingOpera Software
    O43 – CFD: 06/03/2014 – 18:30:10 – [] —-D C:UsersOPERATEURAppDataRoaminguTorrent =>P2P.µTorrent
    O43 – CFD: 10/06/2014 – 17:55:08 – [] —-D C:UsersOPERATEURAppDataRoamingVan In
    O43 – CFD: 16/06/2014 – 17:22:18 – [] —-D C:UsersOPERATEURAppDataRoamingvlc
    O43 – CFD: 08/03/2014 – 11:18:37 – [] —-D C:UsersOPERATEURAppDataRoamingVoipConnect
    O43 – CFD: 08/03/2014 – 10:02:18 – [] —-D C:UsersOPERATEURAppDataRoamingWinRAR
    O43 – CFD: 20/04/2014 – 17:41:41 – [] —-D C:UsersOPERATEURAppDataRoamingyahoo!
    O43 – CFD: 20/06/2014 – 16:27:00 – [] —-D C:UsersOPERATEURAppDataRoamingZHP =>.Nicolas Coolman
    O43 – CFD: 06/03/2014 – 18:16:10 – [] —-D C:UsersOPERATEURAppDataLocalApple
    O43 – CFD: 06/03/2014 – 20:39:16 – [] —-D C:UsersOPERATEURAppDataLocalApple Computer
    O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:UsersOPERATEURAppDataLocalApplication Data
    O43 – CFD: 08/05/2014 – 20:36:13 – [] —-D C:UsersOPERATEURAppDataLocalChromatic Browser
    O43 – CFD: 06/03/2014 – 18:07:11 – [] —-D C:UsersOPERATEURAppDataLocalClover
    O43 – CFD: 08/05/2014 – 20:36:12 – [] —-D C:UsersOPERATEURAppDataLocalComodo
    O43 – CFD: 09/06/2014 – 13:50:38 – [0] —-D C:UsersOPERATEURAppDataLocalElevatedDiagnostics
    O43 – CFD: 09/05/2014 – 17:54:29 – [] —-D C:UsersOPERATEURAppDataLocalGoogle
    O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:UsersOPERATEURAppDataLocalHistory
    O43 – CFD: 20/04/2014 – 17:16:52 – [] —-D C:UsersOPERATEURAppDataLocalHP
    O43 – CFD: 24/05/2014 – 22:12:34 – [] —-D C:UsersOPERATEURAppDataLocalMicrosoft
    O43 – CFD: 26/05/2014 – 20:54:39 – [] —-D C:UsersOPERATEURAppDataLocalMicrosoft Games
    O43 – CFD: 06/03/2014 – 18:26:01 – [0] —-D C:UsersOPERATEURAppDataLocalMicrosoft Help
    O43 – CFD: 06/03/2014 – 20:17:03 – [] —-D C:UsersOPERATEURAppDataLocalMozilla
    O43 – CFD: 06/03/2014 – 18:16:24 – [] —-D C:UsersOPERATEURAppDataLocalOpera Software
    O43 – CFD: 07/03/2014 – 18:37:05 – [] —-D C:UsersOPERATEURAppDataLocalPrograms
    O43 – CFD: 20/06/2014 – 16:27:01 – [] —-D C:UsersOPERATEURAppDataLocalTemp
    O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:UsersOPERATEURAppDataLocalTemporary Internet Files
    O43 – CFD: 20/04/2014 – 00:48:33 – [] —-D C:UsersOPERATEURAppDataLocalTorch
    O43 – CFD: 06/03/2014 – 17:55:21 – [0] —-D C:UsersOPERATEURAppDataLocalVirtualStore
    O43 – CFD: 14/07/2009 – 06:42:04 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsAccessories
    O43 – CFD: 06/03/2014 – 17:55:58 – [] R—D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsAdministrative Tools
    O43 – CFD: 20/04/2014 – 16:40:29 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsDropbox
    O43 – CFD: 14/07/2009 – 06:37:42 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsMaintenance
    O43 – CFD: 05/06/2014 – 12:56:50 – [] R—D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
    O43 – CFD: 06/03/2014 – 18:14:06 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsSuperCopier2
    O43 – CFD: 06/03/2014 – 18:09:15 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsThe KMPlayer
    O43 – CFD: 06/03/2014 – 18:13:51 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsWinRAR
    O43 – CFD: 09/06/2014 – 15:41:01 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsWMV9 VCM
    ~ Program Folder: 143 Scanned in 00mn 00s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.689FF4BE383CF7FE7BF19DD315DED7A1] – 09/06/2014 – 13:40:30 —A- . (…) — C:PhysicalDisk0_MBR.bin [512]
    O44 – LFC:[MD5.842DDAC1518081AC64F483013D0E66E0] – 09/06/2014 – 14:54:04 —A- . (…) — C:WindowsDirectX.log [93161]
    O44 – LFC:[MD5.BA94FD59605EFEC56F7F4124BC96D907] – 09/06/2014 – 17:15:20 —A- . (…) — C:Windowska.ini [99]
    O44 – LFC:[MD5.8CE08D46F055C0454706CD7B0E3F1BF8] – 12/06/2014 – 16:29:04 —A- . (…) — C:ADS_ERR.ADT [23704]
    O44 – LFC:[MD5.6153B93BC5CDB7A0420F4A3BDA9F0AAC] – 12/06/2014 – 16:37:51 —A- . (…) — C:ADS_ERR.ADI [3072]
    O44 – LFC:[MD5.B71E50E20179613225ED04C674E49263] – 15/06/2014 – 16:12:31 —A- . (…) — C:WindowsMEMORY.DMP [145604406]
    O44 – LFC:[MD5.047E2ED9594D72F3613C48780E0E4327] – 20/06/2014 – 07:51:59 —A- . (…) — C:Windowssetupact.log [11522]
    O44 – LFC:[MD5.D597ED9F04CF72112C07466D8B294AF3] – 20/06/2014 – 14:36:36 -S-A- . (…) — C:Windowsbootstat.dat [67584]
    O44 – LFC:[MD5.2A217CD15B0C99A830CFC38682566286] – 20/06/2014 – 14:36:41 —A- . (…) — C:WindowsWindowsUpdate.log [659135]
    ~ Files: 9 Scanned in 00mn 25s

    —\ Déni du service (Local Security Authority) (O48)
    O48 – LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WindowsSystem32msv1_0.dll
    O48 – LSA:Local Security Authority Notification Packages . (.Microsoft Corporation – Moteur du client de l’Éditeur de configuration de sécurité Windows.) — C:WindowsSystem32scecli.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Package de sécurité Kerberos.) — C:WindowsSystem32kerberos.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WindowsSystem32msv1_0.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – TLS / SSL Security Provider.) — C:WindowsSystem32schannel.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Microsoft Digest Access.) — C:WindowsSystem32wdigest.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Web Service Security Package.) — C:WindowsSystem32tspkg.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Pku2u Security Package.) — C:WindowsSystem32pku2u.dll
    ~ LSA: 8 Scanned in 00mn 00s

    —\ Contrôle du Safe Boot (CSB) (O49)
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalsermouse.sys . (.Microsoft Corporation – Pilote de filtre souris série.) — C:WindowsSystem32Driverssermouse.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvga.sys . (.Microsoft Corporation – VGA/Super VGA Video Driver.) — C:WindowsSystem32Driversvga.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvgasave.sys . (…) — C:WindowsSystem32Driversvgasave.sys (.not file.)
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvolmgr.sys . (.Microsoft Corporation – Volume Manager Driver.) — C:WindowsSystem32Driversvolmgr.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvolmgrx.sys . (.Microsoft Corporation – Pilote d’extension du gestionnaire de volumes.) — C:WindowsSystem32Driversvolmgrx.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkipnat.sys . (.Microsoft Corporation – IP Network Address Translator.) — C:WindowsSystem32Driversipnat.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworknsiproxy.sys . (.Microsoft Corporation – NSI Proxy.) — C:WindowsSystem32Driversnsiproxy.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkrdpencdd.sys . (.Microsoft Corporation – RDP Encoder Miniport.) — C:WindowsSystem32Driversrdpencdd.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworksermouse.sys . (.Microsoft Corporation – Pilote de filtre souris série.) — C:WindowsSystem32Driverssermouse.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvga.sys . (.Microsoft Corporation – VGA/Super VGA Video Driver.) — C:WindowsSystem32Driversvga.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvgasave.sys . (…) — C:WindowsSystem32Driversvgasave.sys (.not file.)
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvolmgr.sys . (.Microsoft Corporation – Volume Manager Driver.) — C:WindowsSystem32Driversvolmgr.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvolmgrx.sys . (.Microsoft Corporation – Pilote d’extension du gestionnaire de volumes.) — C:WindowsSystem32Driversvolmgrx.sys
    ~ CSB: 13 Scanned in 00mn 00s

    —\ Recherche d’infection sur les pilotes (HKLM)(TDSD) (O52)
    O52 – TDSD: Drivers32″msacm.l3acm »= »C:WindowsSystem32l3codeca.acm » . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WindowsSystem32l3codeca.acm
    O52 – TDSD: Drivers32″vidc.cvid »= »iccvid.dll » . (.Radius Inc. – Codec Cinepak®.) — C:WindowsSystem32iccvid.dll
    O52 – TDSD: drivers.desc »C:WindowsSystem32l3codeca.acm »= »Fraunhofer IIS MPEG Layer-3 Codec » . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WindowsSystem32l3codeca.acm
    ~ TDSD: 3 Scanned in 00mn 00s

    —\ Enumération des clés de registre SecurityProviders (MCSP) (O54)
    O54 – MCSP:[HKLM…CurrentControlSetControl] – (SecurityProviders) – (.Microsoft Corporation – Credential Delegation Security Package.) — C:WindowsSystem32credssp.dll
    O54 – MCSP:[HKLM…ControlSet001Control] – (SecurityProviders) – (.Microsoft Corporation – Credential Delegation Security Package.) — C:WindowsSystem32credssp.dll
    ~ MSCP: 2 Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – « ConsentPromptBehaviorAdmin »=5
    O55 – MWPS:[HKLM…PoliciesSystem] – « ConsentPromptBehaviorUser »=3
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableInstallerDetection »=1
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableLUA »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableSecureUIAPaths »=1
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableUIADesktopToggle »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableVirtualization »=1
    O55 – MWPS:[HKLM…PoliciesSystem] – « PromptOnSecureDesktop »=1
    O55 – MWPS:[HKLM…PoliciesSystem] – « ValidateAdminCodeSignatures »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « dontdisplaylastusername »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « legalnoticecaption »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « legalnoticetext »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « scforceoption »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « shutdownwithoutlogon »=1
    O55 – MWPS:[HKLM…PoliciesSystem] – « undockwithoutlogon »=1
    O55 – MWPS:[HKLM…PoliciesSystem] – « FilterAdministratorToken »=0
    ~ MWPS: 16 Scanned in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Adaptec, Inc. – Adaptec Windows SAS/SATA Storport Driver.) — C:WindowsSystem32Driversadp94xx.sys [422976]
    O58 – SDL:14/07/2009 – 02:26:17 —A- . (.Adaptec, Inc. – Adaptec Windows SATA Storport Driver.) — C:WindowsSystem32Driversadpahci.sys [297552]
    O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Adaptec, Inc. – Adaptec StorPort Ultra320 SCSI Driver.) — C:WindowsSystem32Driversadpu320.sys [146512]
    O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Acer Laboratories Inc. – ALi mini IDE Driver.) — C:WindowsSystem32Driversaliide.sys [14400]
    O58 – SDL:10/10/2012 – 04:41:51 —A- . (.Advanced Micro Devices – AHCI 1.2 Device Driver.) — C:WindowsSystem32Driversamdsata.sys [80256]
    O58 – SDL:14/07/2009 – 02:26:15 —A- . (.AMD Technologies Inc. – AMD Technology AHCI Compatible Controller Driver for Windows fa.) — C:WindowsSystem32Driversamdsbs.sys [159312]
    O58 – SDL:10/10/2012 – 04:41:51 —A- . (.Advanced Micro Devices – Storage Filter Driver.) — C:WindowsSystem32Driversamdxata.sys [22400]
    O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Adaptec, Inc. – Adaptec RAID Storport Driver.) — C:WindowsSystem32Driversarc.sys [76368]
    O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Adaptec, Inc. – Adaptec SAS RAID WS03 Driver.) — C:WindowsSystem32Driversarcsas.sys [86608]
    O58 – SDL:20/04/2014 – 15:35:55 —A- . (…) — C:WindowsSystem32DriversaswHwid.sys [24184] =>.ALWIL Software
    O58 – SDL:20/04/2014 – 15:35:55 —A- . (.AVAST Software – avast! File System Minifilter for Windows 2003/Vista.) — C:WindowsSystem32DriversaswMonFlt.sys [67824]
    O58 – SDL:20/04/2014 – 15:35:55 —A- . (.AVAST Software – avast! WFP Redirect Driver.) — C:WindowsSystem32DriversaswRdr2.sys [81768]
    O58 – SDL:20/04/2014 – 15:35:55 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [49944] =>.ALWIL Software
    O58 – SDL:15/05/2014 – 12:36:05 —A- . (.AVAST Software – avast! Virtualization Driver.) — C:WindowsSystem32Driversaswsnx.sys [777488]
    O58 – SDL:20/04/2014 – 15:35:55 —A- . (.AVAST Software – avast! Virtualization Driver.) — C:WindowsSystem32Driversaswsnx.sys.1400153765187 [776976]
    O58 – SDL:15/05/2014 – 12:36:05 —A- . (.AVAST Software – avast! self protection module.) — C:WindowsSystem32Driversaswsp.sys [411680]
    O58 – SDL:20/04/2014 – 15:35:55 —A- . (.AVAST Software – avast! self protection module.) — C:WindowsSystem32Driversaswsp.sys.1400153765187 [411552]
    O58 – SDL:15/05/2014 – 12:36:05 —A- . (.AVAST Software – Stream Filter.) — C:WindowsSystem32Driversaswstm.sys [68312]
    O58 – SDL:20/04/2014 – 15:35:55 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [180632] =>.ALWIL Software
    O58 – SDL:13/07/2009 – 23:02:49 —A- . (.Broadcom Corporation – Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) — C:WindowsSystem32Driversb57nd60x.sys [229888]
    O58 – SDL:13/07/2009 – 23:53:28 —A- . (.Brother Industries, Ltd. – Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) — C:WindowsSystem32DriversBrFiltLo.sys [13568]
    O58 – SDL:13/07/2009 – 23:53:28 —A- . (.Brother Industries, Ltd. – Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) — C:WindowsSystem32DriversBrFiltUp.sys [5248]
    O58 – SDL:14/07/2009 – 01:57:25 —A- . (.Brother Industries Ltd. – Pilote Brother Série I/F (WDM).) — C:WindowsSystem32DriversBrSerId.sys [272128]
    O58 – SDL:13/07/2009 – 23:53:32 —A- . (.Brother Industries Ltd. – Brother Serial driver (WDM version).) — C:WindowsSystem32DriversBrSerWdm.sys [62336]
    O58 – SDL:13/07/2009 – 23:53:33 —A- . (.Brother Industries Ltd. – Brother USB MDM Driver.) — C:WindowsSystem32DriversBrUsbMdm.sys [12160]
    O58 – SDL:13/07/2009 – 23:53:33 —A- . (.Brother Industries Ltd. – Brother USB Serial Driver.) — C:WindowsSystem32DriversBrUsbSer.sys [11904]
    O58 – SDL:13/07/2009 – 23:02:48 —A- . (.Broadcom Corporation – Broadcom NetXtreme II GigE VBD.) — C:WindowsSystem32Driversbxvbdx.sys [430080]
    O58 – SDL:14/07/2009 – 02:26:21 —A- . (.CMD Technology, Inc. – CMD PCI IDE Bus Driver.) — C:WindowsSystem32Driverscmdide.sys [15952]
    O58 – SDL:14/07/2009 – 02:20:28 —A- . (.Adaptec, Inc. – Adaptec Ultra SCSI miniport.) — C:WindowsSystem32Driversdjsvs.sys [70720]
    O58 – SDL:14/07/2009 – 02:20:28 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [453712]
    O58 – SDL:13/07/2009 – 23:02:48 —A- . (.Broadcom Corporation – Broadcom NetXtreme II 10 GigE VBD.) — C:WindowsSystem32Driversevbdx.sys [3100160]
    O58 – SDL:13/07/2009 – 23:54:14 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [26624]
    O58 – SDL:14/07/2009 – 02:20:28 —A- . (.Hewlett-Packard Company – Smart Array SAS/SATA Controller Media Driver.) — C:WindowsSystem32DriversHpSAMD.sys [67152]
    O58 – SDL:10/10/2012 – 04:41:51 —A- . (.Intel Corporation – Intel Matrix Storage Manager driver – ia32.) — C:WindowsSystem32DriversiaStorV.sys [332160]
    O58 – SDL:14/07/2009 – 02:20:36 —A- . (.Intel Corp./ICP vortex GmbH – Intel/ICP Raid Storport Driver.) — C:WindowsSystem32Driversiirsp.sys [41040]
    O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation – LSI Fusion-MPT FC Driver (StorPort).) — C:WindowsSystem32Driverslsi_fc.sys [95824]
    O58 – SDL:14/07/2009 – 02:20:37 —A- . (.LSI Corporation – LSI Fusion-MPT SAS Driver (StorPort).) — C:WindowsSystem32Driverslsi_sas.sys [89168]
    O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation – LSI SAS Gen2 Driver (StorPort).) — C:WindowsSystem32Driverslsi_sas2.sys [54864]
    O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation – LSI Fusion-MPT SCSI Driver (StorPort).) — C:WindowsSystem32Driverslsi_scsi.sys [96848]
    O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation – MEGASAS RAID Controller Driver for Windows 7 for x86.) — C:WindowsSystem32Driversmegasas.sys [30800]
    O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation, Inc. – LSI MegaRAID Software RAID Driver.) — C:WindowsSystem32DriversMegaSR.sys [235584]
    O58 – SDL:09/10/2007 – 13:43:58 —A- . (.Ralink Technology Corp. – Ralink 802.11 Wireless Adapter Driver.) — C:WindowsSystem32Driversnetr70.sys [291840]
    O58 – SDL:14/07/2009 – 02:20:44 —A- . (.IBM Corporation – IBM ServeRAID Controller Driver.) — C:WindowsSystem32Driversnfrd960.sys [44624]
    O58 – SDL:10/06/2009 – 22:19:48 —A- . (.NVIDIA Corporation – NVIDIA Windows Kernel Mode Driver, Version 185.93.) — C:WindowsSystem32Driversnvlddmkm.sys [9853248]
    O58 – SDL:10/10/2012 – 04:41:51 —A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) RAID Driver.) — C:WindowsSystem32Driversnvraid.sys [117120]
    O58 – SDL:10/10/2012 – 04:41:51 —A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) Sata Performance Driver.) — C:WindowsSystem32Driversnvstor.sys [143744]
    O58 – SDL:14/07/2009 – 02:19:04 —A- . (.QLogic Corporation – QLogic Fibre Channel Stor Miniport Driver.) — C:WindowsSystem32Driversql2300.sys [1383488]
    O58 – SDL:14/07/2009 – 02:19:04 —A- . (.QLogic Corporation – QLogic iSCSI Storport Miniport Driver.) — C:WindowsSystem32Driversql40xx.sys [106064]
    O58 – SDL:19/06/2009 – 03:45:02 —A- . (.Realtek Semiconductor Corp. – Realtek AC’97 Audio Driver (WDM).) — C:WindowsSystem32DriversRTKVAC.SYS [4172832]
    O58 – SDL:13/07/2009 – 21:50:20 —A- . (.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) — C:WindowsSystem32Driverssecdrv.sys [20480]
    O58 – SDL:14/07/2009 – 02:19:04 —A- . (.Silicon Integrated Systems Corp. – SiS RAID Stor Miniport Driver.) — C:WindowsSystem32Driverssisraid2.sys [40016]
    O58 – SDL:14/07/2009 – 02:19:04 —A- . (.Silicon Integrated Systems – SiS AHCI Stor-Miniport Driver.) — C:WindowsSystem32Driverssisraid4.sys [77888]
    O58 – SDL:14/07/2009 – 02:19:04 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [21072]
    O58 – SDL:14/07/2009 – 02:19:10 —A- . (.VIA Technologies, Inc. – VIA Generic PCI IDE Bus Driver.) — C:WindowsSystem32Driversviaide.sys [16976]
    O58 – SDL:02/12/2010 – 18:23:24 —A- . (.VIA Technologies Inc.,Ltd – VIA RAID DRIVER FOR X86-32.) — C:WindowsSystem32Driversviamraid.sys [141424]
    O58 – SDL:11/02/2010 – 12:59:18 —A- . (.VIA Technologies, Inc. – VIA Generic PCI IDE Bus Driver.) — C:WindowsSystem32DriversvideX32.sys [13976]
    O58 – SDL:25/05/2009 – 16:31:32 —A- . (.Vimicro Corporation – Vimicro USB Video Class Camera.) — C:WindowsSystem32DriversVMUVC.sys [252416]
    O58 – SDL:14/07/2009 – 02:19:11 —A- . (.VIA Technologies Inc.,Ltd – VIA RAID DRIVER FOR AMD-X86-64.) — C:WindowsSystem32Driversvsmraid.sys [141904]
    O58 – SDL:01/07/2008 – 10:12:32 —A- . (.Vimicro Corporation – Filter Prototype.) — C:WindowsSystem32DriversvvftUVC.sys [398720]
    O58 – SDL:13/07/2009 – 23:02:53 —A- . (.Marvell – Pilote Miniport pour contrôleur Ethernet Marvell Yukon..) — C:WindowsSystem32Driversyk62x86.sys [311296]
    O58 – SDL:13/07/2009 – 22:40:41


    . (…) — C:WindowsSystem32ANSI.SYS [9029]
    O58 – SDL:13/07/2009 – 22:40:44


    . (…) — C:WindowsSystem32country.sys [27097]
    O58 – SDL:13/07/2009 – 22:40:40


    . (…) — C:WindowsSystem32HIMEM.SYS [4768]
    O58 – SDL:13/07/2009 – 22:40:43


    . (…) — C:WindowsSystem32KEY01.SYS [42809]
    O58 – SDL:13/07/2009 – 22:40:43


    . (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
    O58 – SDL:13/07/2009 – 22:40:23


    . (…) — C:WindowsSystem32NTDOS.SYS [27866]
    O58 – SDL:13/07/2009 – 22:40:31


    . (…) — C:WindowsSystem32NTDOS404.SYS [29146]
    O58 – SDL:13/07/2009 – 22:40:35


    . (…) — C:WindowsSystem32NTDOS411.SYS [29370]
    O58 – SDL:13/07/2009 – 22:40:39


    . (…) — C:WindowsSystem32NTDOS412.SYS [29274]
    O58 – SDL:13/07/2009 – 22:40:27


    . (…) — C:WindowsSystem32NTDOS804.SYS [29146]
    O58 – SDL:13/07/2009 – 22:40:11


    . (…) — C:WindowsSystem32NTIO.SYS [33952]
    O58 – SDL:13/07/2009 – 22:40:15


    . (…) — C:WindowsSystem32NTIO404.SYS [34672]
    O58 – SDL:13/07/2009 – 22:40:17


    . (…) — C:WindowsSystem32NTIO411.SYS [35776]
    O58 – SDL:13/07/2009 – 22:40:19


    . (…) — C:WindowsSystem32NTIO412.SYS [35536]
    O58 – SDL:13/07/2009 – 22:40:13


    . (…) — C:WindowsSystem32NTIO804.SYS [34672]
    ~ Drivers: 75 Scanned in 00mn 06s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 16/06/2014 – 16:27:51 —A- . (…) — C:UsersOPERATEURAppDataRoamingMicrosoftUProofCMAdj.12.bin [326]
    O61 – LFC: 20/06/2014 – 16:27:53 —A- . (.Nicolas Coolman.) — C:UsersOPERATEURDownloadsZHPDiag2 (1).exe [6854914] =>.Nicolas Coolman
    ~ 3 Fichiers temporaires (Temporary files)
    ~ 9 Fichiers cookies (Cookies files)
    ~ Files: 2 Scanned in 00mn 13s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.) [HKLM] — Usbfix
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 20/04/2014 – C:Windowssystem32driversaswHwid.sys (aswHwid) .(…) – LEGACY_ASWHWID
    O64 – Services: CurCS – 20/04/2014 – C:Windowssystem32driversaswMonFlt.sys (aswMonFlt) .(.AVAST Software – avast! File System Minifilter for Windows 2.) – LEGACY_ASWMONFLT
    O64 – Services: CurCS – 20/04/2014 – C:Windowssystem32driversaswRdr2.sys (aswRdr) .(.AVAST Software – avast! WFP Redirect Driver.) – LEGACY_ASWRDR
    O64 – Services: CurCS – 20/04/2014 – C:WindowsSystem32DriversaswRvrt.sys (aswRvrt) .(…) – LEGACY_ASWRVRT
    O64 – Services: CurCS – 15/05/2014 – C:Windowssystem32driversaswSnx.sys (aswSnx) .(.AVAST Software – avast! Virtualization Driver.) – LEGACY_ASWSNX
    O64 – Services: CurCS – 15/05/2014 – C:Windowssystem32driversaswSP.sys (aswSP) .(.AVAST Software – avast! self protection module.) – LEGACY_ASWSP
    O64 – Services: CurCS – 15/05/2014 – C:Windowssystem32driversaswStm.sys (aswStm) .(.AVAST Software – Stream Filter.) – LEGACY_ASWSTM
    O64 – Services: CurCS – 20/04/2014 – C:WindowsSystem32DriversaswVmm.sys (aswVmm) .(…) – LEGACY_ASWVMM
    O64 – Services: CurCS – 13/07/2009 – C:WindowsSystem32Driverssecdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) – LEGACY_SECDRV
    O64 – Services: CurCS – 14/07/2009 – C:WindowsSystem32driversviaide.sys (viaide) .(.VIA Technologies, Inc. – VIA Generic PCI IDE Bus Driver.) – LEGACY_VIAIDE
    O64 – Services: CurCS – 14/07/2009 – C:WindowsSystem32driversvsmraid.sys (vsmraid) .(.VIA Technologies Inc.,Ltd – VIA RAID DRIVER FOR AMD-X86-64.) – LEGACY_VSMRAID
    ~ Legacy: 77 Scanned in 00mn 01s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: [HKLM..openCommand] (…) — « %1 » %*
    O67 – Shell Spawning: [HKLM..cplopenCommand] (.Microsoft Corporation – Windows Control Panel.) — C:WindowsSystem32control.exe =>.Microsoft Corporation
    O67 – Shell Spawning: [HKLM..openCommand] (…) — « %1 » %*
    O67 – Shell Spawning: [HKLM..openCommand] (…) — « %1 » %*
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Lanceur du composant logiciel enfichable Observateur d’événements.) — C:WindowsSystem32eventvwr.exe
    O67 – Shell Spawning: [HKLM..openCommand] (…) — « %1 » %*
    O67 – Shell Spawning: [HKLM..openCommand] (.Not Key.)
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32WScript.exe
    O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Éditeur du Registre.) — C:Windowsregedit.exe
    O67 – Shell Spawning: [HKLM..openCommand] (…) — « %1 » /S
    O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 11 Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Not Key.)
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les service demarrés par Svchost (SSS) (O83)
    O83 – Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation – Service Expérience d’application.) — C:WindowsSystem32aelupsvc.dll [62464]
    O83 – Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation – Service de propagation de certificats de cartes à puce Microsoft.) — C:WindowsSystem32certprop.dll [67584]
    O83 – Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation – Service de propagation de certificats de cartes à puce Microsoft.) — C:WindowsSystem32certprop.dll [67584]
    O83 – Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation – DLL du service Serveur.) — C:WindowsSystem32srvsvc.dll [168960]
    O83 – Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation – Client de stratégie de groupe.) — C:WindowsSystem32gpsvc.dll [593408]
    O83 – Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation – Extension IKE.) — C:WindowsSystem32ikeext.dll [674304]
    O83 – Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation – Service Audio Windows.) — C:WindowsSystem32Audiosrv.dll [473600]
    O83 – Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation – Gestionnaire de numérotation automatique d’accès distant.) — C:WindowsSystem32rasauto.dll [90624]
    O83 – Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation – Gestionnaire de connexions d’accès distant.) — C:WindowsSystem32rasmans.dll [286208]
    O83 – Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation – Gestionnaire d’interface dynamique.) — C:WindowsSystem32mprdim.dll [75264]
    O83 – Search Svchost Services: SENS (SENS) . (.Microsoft Corporation – Service de notification d’événements système (SENS).) — C:WindowsSystem32sens.dll [49664]
    O83 – Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation – Composants de l’application d’assistance à Microsoft NAT.) — C:WindowsSystem32ipnathlp.dll [300544]
    O83 – Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation – Serveur de téléphonie Microsoft® Windows(TM).) — C:WindowsSystem32tapisrv.dll [242176]
    O83 – Search Svchost Services: TermService (TermService) . (.Microsoft Corporation – Gestionnaire des connexions distantes du serveur hôte de session Burea.) — C:WindowsSystem32termsrv.dll [521216]
    O83 – Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation – Agent de mise à jour automatique Windows Update.) — C:WindowsSystem32wuaueng.dll [1914368]
    O83 – Search Svchost Services: BITS (BITS) . (.Microsoft Corporation – Service de transfert intelligent en arrière-plan.) — C:WindowsSystem32qmgr.dll [585728]
    O83 – Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation – Dll des services Windows Shell.) — C:WindowsSystem32shsvcs.dll [328192]
    O83 – Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation – Service offrant une connectivité IPv6 sur un réseau IPv4..) — C:WindowsSystem32iphlpsvc.dll [499712]
    O83 – Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation – DLL de service d’ouverture de session secondaire.) — C:Windowssystem32seclogon.dll [21504]
    O83 – Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation – Service Informations d’application.) — C:WindowsSystem32appinfo.dll [47104]
    O83 – Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation – Service de découverte iSCSI.) — C:WindowsSystem32iscsiexe.dll [114688]
    O83 – Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation – Service Planificateur de classes multimédias.) — C:WindowsSystem32mmcss.dll [49664]
    O83 – Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation – Rapports et solutions aux problèmes.) — C:WindowsSystem32wercplsupport.dll [61440]
    O83 – Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation – Service EAPHost Microsoft.) — C:WindowsSystem32eapsvc.dll [98304]
    O83 – Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation – ProfSvc.) — C:WindowsSystem32profsvc.dll [164352]
    O83 – Search Svchost Services: schedule (schedule) . (.Microsoft Corporation – Service du Planificateur de tâches.) — C:WindowsSystem32schedsvc.dll [750592]
    O83 – Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation – Service Gestion des clés.) — C:WindowsSystem32kmsvc.dll [71168]
    O83 – Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation – Service Configuration des services Bureau à distance.) — C:WindowsSystem32sessenv.dll [113664]
    O83 – Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation – WMI.) — C:WindowsSystem32wbemWMIsvc.dll [168960]
    O83 – Search Svchost Services: browser (browser) . (.Microsoft Corporation – DLL du service Explorateur d’ordinateurs.) — C:WindowsSystem32browser.dll [102912]
    O83 – Search Svchost Services: Themes (Themes) . (.Microsoft Corporation – DLL du service des thèmes Windows Shell.) — C:WindowsSystem32themeservice.dll [37376]
    O83 – Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation – Service BDE.) — C:WindowsSystem32bdesvc.dll [76800]
    O83 – Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation – Service Installation de logiciels.) — C:WindowsSystem32appmgmts.dll [149504]
    ~ Services: 33 Scanned in 00mn 02s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.CC443280C82E1D97D40E4099F822E04E] [SPRF][08/03/2010] (.Macrovision Corporation – Setup.exe.) — C:UsersOPERATEURDesktopCNR-WCAM_7670_Drv_W73264.exe [22869884]
    [MD5.385455AA390F93B7B6B4BBE63905CEE9] [SPRF][11/05/2014] (.XMind Ltd. – XMind 2012 (v3.3.1) Installer.) — C:UsersOPERATEURDesktopxmind-windows-3-3-1-201212250029.exe [34767909]
    ~ Files: 2 Scanned in 00mn 01s

    —\ Recherche de clés de registre Tracing (O100)
    HKLMSOFTWAREMicrosoftTracingutorrent_RASAPI32 =>P2P.µTorrent
    HKLMSOFTWAREMicrosoftTracingutorrent_RASMANCS =>P2P.µTorrent
    ~ BTK: 145 Scanned in 00mn 00s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Auto 06/03/2014 116648 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 06/03/2014 116648 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 11/03/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
    SS – | Auto 14/07/2009 20992 | C:Windowssystem32HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
    SS – | Auto 14/07/2009 20992 | C:Windowssystem32HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
    SR – | Auto 14/11/2008 2932736 | (Advantage) . (.iAnywhere Solutions, Inc..) – C:Program FilesAdvantage 9.10ServerADS.exe
    SR – | Auto 20/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
    SR – | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Demand 14/07/2009 20992 | C:Program FilesHPDigital Imagingbinhpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
    SR – | Auto 14/07/2009 20992 | C:Program FilesHPDigital Imagingbinhpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
    SR – | Auto 14/07/2009 20992 | C:Program FilesHPDigital ImagingbinHPSLPSVC32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
    SR – | Auto 07/04/2011 612456 | (NVSvc) . (.NVIDIA Corporation.) – C:WindowsSystem32nvvsvc.exe
    SR – | Auto 08/07/2013 1922600 | (PanService) . (.Pandora.TV.) – C:Program FilesPANDORA.TVPanServiceKMPService.exe
    SR – | Auto 14/07/2009 20992 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 14/07/2009 20992 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 09/11/2008 602392 | (YahooAUService) . (.Yahoo! Inc..) – C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
    ~ Services: Scanned in 00mn 33s

    —\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net » onclick= »window.open(this.href);return false;
    Run by OPERATEUR at 20/06/2014 16:29:20
    device: opened successfully
    ~ MBR: 4 Scanned in 00mn 02s

    —\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog » onclick= »window.open(this.href);return false;
    Run by OPERATEUR at 20/06/2014 16:29:23
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 04s

    —\ Scan Additionnel (O88)
    Database Version : 13026 – (19/06/2014)
    Clés trouvées (Keys found) : 7
    Valeurs trouvées (Values found) : 2
    Dossiers trouvés (Folders found) : 1
    Fichiers trouvés (Files found) : 1

    [HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
    [HKLMSoftwareClassesCLSID{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallYahoo! Companion] =>Toolbar.Yahoo
    [HKLMSoftwareClassesCLSID{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
    [HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
    [HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks]:{EF99BD32-C1FB-11D2-892F-0090271D4F88} =>Toolbar.Yahoo
    [HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{EF99BD32-C1FB-11D2-892F-0090271D4F88} =>Toolbar.Yahoo
    C:UsersOPERATEURAppDataRoaminguTorrent =>P2P.µTorrent^
    [HKCUSoftwareBitTorrent] =>P2P.BitTorrent^
    ~ Additionnel Scan: 239556 Items scanned in 00mn 43s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/g2-google-chrome-extensions/ » onclick= »window.open(this.href);return false; =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ » onclick= »window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ » onclick= »window.open(this.href);return false; =>.Browser Helper Objects de navigateur (O2)
    ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ » onclick= »window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
    ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ » onclick= »window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
    ~ AMI: 5 Scanned in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    ~ MSI: 0 link(s) detected in 00mn 00s

    End of the scan (1097 lines in 04mn 05s)(0)

    Victor
    Participant
    Nombre d'articles : 551

    Bonsoir Lady os ,

    Le rapport du nettoyage d’Usbfix n’est pas complet, il manque une partie. :|

    Ton Pc ne présente plus de risque d’infection. Avant de passer à l’étape suivante, comment se comporte t-il ?

    A te relire
    Victor

    Lady os
    Participant
    Nombre d'articles : 7

    Bonjour!
    Alors il s’agirait de ce rapport-ci:
    Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
    Fichier d’export Registre :
    Run by OPERATEUR at 20/06/2014 16:09:07
    High Elevated Privileges : OK
    Windows Vista Ultimate Edition, 32-bit (Build 6000)

    Corbeille vidée (00mn 07s)
    Dossier Prefetcher vidé
    Réparation des raccourcis navigateur

    ========== Clés du Registre ==========
    SUPPRIMÉ: HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{DECA3892-BA8F-44b8-A993-A466AD694AE4}
    SUPPRIMÉ: HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_xmind_RASAPI32
    SUPPRIMÉ: HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_xmind_RASMANCS
    SUPPRIMÉ: HKCUSoftwareSoftonic
    Branche de Base de Registres IFEO non infectée !

    ========== Valeurs du Registre ==========
    Aucune Valeur Standard Profile: FirewallRaz :
    Aucune Valeur Domain Profile: FirewallRaz :
    SUPPRIMÉ: FirewallRaz (Public) : {7BD558FA-AA11-4355-83EA-7AEEF666FD52}
    SUPPRIMÉ: FirewallRaz (Public) : {A828BE37-E65F-4AB9-8285-BBAF668379A3}
    SUPPRIMÉ: FirewallRaz (None) : {F0BC35CB-EA97-4F47-A4DE-7F9D76919780}
    SUPPRIMÉ: FirewallRaz (Public) : {990167ED-FB31-4CB6-AE49-9245B1A7AACD}
    SUPPRIMÉ: FirewallRaz (Public) : {D7D62EC6-1879-4944-BF78-FF8A04E4EF5E}
    SUPPRIMÉ: FirewallRaz (None) : {89D538B0-936D-4AE4-AD00-7B252345B7B8}

    ========== Préférences navigateur ==========
    SUPPRIMÉ Folder Chrome: C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensionskjccbiogefimbmiolonpolpgpcfempll

    ========== Dossiers ==========
    Aucun dossiers CLSID Local utilisateur vide

    ========== Fichiers ==========
    SUPPRIMÉ: c:usersoperateurappdatalocalgooglechromeuser datadefaultpreferences
    SUPPRIMÉS Temporaires Windows (149) (7 804 087 octets)
    SUPPRIMÉS Flash Cookies (0) (0 octets)

    ========== Récapitulatif ==========
    5 : Clés du Registre
    8 : Valeurs du Registre
    1 : Dossiers
    3 : Fichiers
    1 : Préférences navigateur

    End of clean in 00mn 22s

    ========== Chemin de fichier rapport ==========
    C:UsersOPERATEURAppDataRoamingZHPZHPFix[R1].txt – 20/06/2014 16:09:15 [1994]

    ou de celui-là(?) :

    ############################## | UsbFix V 7.171 | [Nettoyage]

    Utilisateur: OPERATEUR (Administrateur) # OPERATEUR-PC
    Mis à jour le 18/05/2014 par El Desaparecido – SosVirus
    Lancé à 14:27:01 | 09/06/2014

    Site Web : http://www.usbfix.net/
    Changelog : http://www.usbfix.net/maj/
    Assistance : http://www.sosvirus.net/forum-virus-securite.html
    Upload Malware : http://www.sosvirus.net/upload_malware.php
    Contact : http://www.usbfix.net/contact/

    PC: ASUSTeK Computer Inc. (A8V)
    CPU: AMD Athlon(tm) 64 Processor 3500+
    RAM -> [Total : 1023 Mo| Free : 94 Mo]
    Bios: American Megatrends Inc.
    Boot: Normal boot

    OS: Microsoft Windows 7 Édition Intégrale (6.1.7601 32-Bit) Service Pack 1
    WB: Windows Internet Explorer : 9.0.8112.16421
    WB: Google Chrome : 35.0.1916.114
    WB: Mozilla Firefox : 27.0.1

    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]
    AV: avast! Antivirus [Enabled | Updated]
    AS: Windows Defender [Enabled | Updated]
    AS: avast! Antivirus [Enabled | Updated]
    FW: Windows FireWall [(!) Disabled]

    C: (%SystemDrive%) -> Disque fixe # 153 Go (125 Go libre(s) – 82%) [] # NTFS
    D: -> CD-ROM
    E: -> CD-ROM
    F: -> Disque amovible # 15 Go (12 Go libre(s) – 84%) [] # FAT32

    ################## | Processus Stoppés |

    C:WindowsSystem32nvvsvc.exe (ID: 732|ParentID: 488)
    C:Program FilesNVIDIA CorporationDisplayNvXDSync.exe (ID: 1272|ParentID: 732)
    C:Windowsexplorer.exe (ID: 1600|ParentID: 1572|OPERATEUR)
    C:WindowsSystem32spoolsv.exe (ID: 1648|ParentID: 488|SYSTEM)
    C:WindowsSystem32taskhost.exe (ID: 1692|ParentID: 488|OPERATEUR)
    C:Program FilesBonjourmDNSResponder.exe (ID: 1856|ParentID: 488|SYSTEM)
    C:WindowsSOUNDMAN.EXE (ID: 1952|ParentID: 1600|OPERATEUR)
    C:Program FilesYahoo!Search ProtectionSearchProtection.exe (ID: 1960|ParentID: 1600|OPERATEUR)
    C:Program FilesHPHP Software Updatehpwuschd2.exe (ID: 1968|ParentID: 1600|OPERATEUR)
    C:Program FilesVimicro CorporationVMUVCVMonitor.exe (ID: 1984|ParentID: 1600|OPERATEUR)
    C:Program FilesCommon FilesJavaJava Updatejusched.exe (ID: 1992|ParentID: 1600|OPERATEUR)
    C:Program FilesSuperCopier2SuperCopier2.exe (ID: 2000|ParentID: 1600|OPERATEUR)
    C:Program FilesHPDigital Imagingbinhpqtra08.exe (ID: 2024|ParentID: 1600|OPERATEUR)
    C:Program FilesPANDORA.TVPanServiceKMPService.exe (ID: 1176|ParentID: 488|SYSTEM)
    C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe (ID: 2088|ParentID: 488|SYSTEM)
    C:Program FilesPANDORA.TVPanServiceKMPProcess.exe (ID: 2104|ParentID: 1176|SYSTEM)
    C:Program FilesAdvantage 9.10Serverads.exe (ID: 2388|ParentID: 488|SYSTEM)
    C:WindowsSystem32SearchIndexer.exe (ID: 2800|ParentID: 488|SYSTEM)
    C:Program FilesYahoo!MessengerYmsgr_tray.exe (ID: 3084|ParentID: 2008|OPERATEUR)
    C:WindowsSystem32wbemunsecapp.exe (ID: 3648|ParentID: 660|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2012|ParentID: 1600|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3500|ParentID: 2012|OPERATEUR)
    C:Program FilesHPDigital Imagingbinhpqste08.exe (ID: 3972|ParentID: 2024|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4000|ParentID: 2012|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2380|ParentID: 2012|OPERATEUR)
    C:Program FilesHPDigital Imagingbinhpqbam08.exe (ID: 2896|ParentID: 660|OPERATEUR)
    C:Program FilesHPDigital Imagingbinhpqgpc01.exe (ID: 1476|ParentID: 660|OPERATEUR)
    C:Program FilesCommon FilesJavaJava Updatejucheck.exe (ID: 2260|ParentID: 1992|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2648|ParentID: 2012|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2236|ParentID: 2012|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 1144|ParentID: 2012|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 3008|ParentID: 2012|OPERATEUR)
    C:WindowsSystem32taskhost.exe (ID: 2292|ParentID: 488|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 2284|ParentID: 2012|OPERATEUR)
    C:WindowsSystem32WUDFHost.exe (ID: 4544|ParentID: 932|LOCAL SERVICE)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4668|ParentID: 2012|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 628|ParentID: 2012|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 188|ParentID: 2012|OPERATEUR)
    C:Program FilesCloverclover.exe (ID: 4600|ParentID: 1600|OPERATEUR)
    C:Program FilesGoogleChromeApplicationchrome.exe (ID: 4108|ParentID: 2012|OPERATEUR)
    C:Program FilesCommon Filesmicrosoft sharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE (ID: 5484|ParentID: 488|NETWORK SERVICE)

    ################## | Autorun |

    ################## | Recherche générique |

    Supprimé! F:.lnk
    Supprimé! F:pandora_box___iris___shiawase_no_hako__1_2__by_lutias-d5ynse.lnk
    Supprimé! F:pandora_box___iris___shiawase_no_hako__2_2__by_lutias-d5ynsp.lnk
    Supprimé! F:1358697607074224400.lnk
    Supprimé! F:SURVIVAL.lnk
    Supprimé! F:les capitales d’amériques du sud.lnk
    Supprimé! F:Le travail intérimaire et temporaire.lnk
    Supprimé! F:Bruxelles.lnk
    Supprimé! F:Doc2.lnk
    Supprimé! F:brochure eng.lnk
    Supprimé! F:Le c l o n a g e.lnk
    Supprimé! F:Images.lnk
    Supprimé! F:Videos.lnk
    Supprimé! F:Sounds.lnk
    Supprimé! F:Other files.lnk
    Supprimé! F:DCIM.lnk
    Supprimé! F:.Spotlight-V100.lnk
    Supprimé! F:.TemporaryItems.lnk
    Supprimé! F:.fseventsd.lnk
    Supprimé! F:DOSSIERS.lnk
    Supprimé! F:ss-Backup-0001.lnk
    Supprimé! F:BlackBerry.lnk
    Supprimé! F:databases.lnk
    Supprimé! F:DOC.lnk
    Supprimé! F:musiqua.lnk
    Supprimé! F:Espagnol.lnk
    Supprimé! F:juin.lnk
    Supprimé! F:~$Le c l o n a g e.lnk
    Supprimé! F:FOUND.000.lnk
    Supprimé! F:.Trashes.lnk

    (!) Fichiers temporaires supprimés.

    ################## | Registre |

    Réparé ! HKLMSoftwareMicrosoftSecurity Center|UacDisableNotify -> 0
    Supprimé! HKUS-1-5-21-4055012067-1499113417-2862841071-1000Software….Mountpoints2{9cfd12ca-e9db-11e3-af68-0015f2d00d23}

    ################## | Regedit Run |

    F2 – HKLM..Winlogon : [Shell] explorer.exe
    F2 – HKLM..Winlogon : [Userinit] C:Windowssystem32userinit.exe,
    04 – HKCU..Run : [SuperCopier2.exe] C:Program FilesSuperCopier2SuperCopier2.exe
    04 – HKCU..Run : [Messenger (Yahoo!)] « C:PROGRA~2Yahoo!MessengerYahooMessenger.exe » -quiet
    04 – HKCU..Run : [Search Protection] C:Program FilesYahoo!Search ProtectionSearchProtection.exe
    04 – HKCU..Run : [InternetCalls] « C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe » -nosplash -minimized
    04 – HKCU..Run : [VoipConnect] « C:Program FilesVoipConnect.comVoipConnectVoipConnect.exe » -nosplash -minimized
    04 – HKLM..Run : [SoundMan] SOUNDMAN.EXE
    04 – HKLM..Run : [YSearchProtection] « C:Program FilesYahoo!Search ProtectionSearchProtection.exe »
    04 – HKLM..Run : [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
    04 – HKLM..Run : [AvastUI.exe] « C:Program FilesAVAST SoftwareAvastAvastUI.exe » /nogui
    04 – HKLM..Run : [VMonitorVMUVC] « C:Program FilesVimicro CorporationVMUVCVMonitor.exe » VMUVC
    04 – HKLM..Run : [SunJavaUpdateSched] « C:Program FilesCommon FilesJavaJava Updatejusched.exe »
    04 – HKUS-1-5-19..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-20..Run : [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun
    04 – HKUS-1-5-21-4055012067-1499113417-2862841071-1000..Run : [SuperCopier2.exe] C:Program FilesSuperCopier2SuperCopier2.exe
    04 – HKUS-1-5-21-4055012067-1499113417-2862841071-1000..Run : [Messenger (Yahoo!)] « C:PROGRA~2Yahoo!MessengerYahooMessenger.exe » -quiet
    04 – HKUS-1-5-21-4055012067-1499113417-2862841071-1000..Run : [Search Protection] C:Program FilesYahoo!Search ProtectionSearchProtection.exe
    04 – HKUS-1-5-21-4055012067-1499113417-2862841071-1000..Run : [InternetCalls] « C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe » -nosplash -minimized
    04 – HKUS-1-5-21-4055012067-1499113417-2862841071-1000..Run : [VoipConnect] « C:Program FilesVoipConnect.comVoipConnectVoipConnect.exe » -nosplash -minimized
    04 – HKUS-1-5-19..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe
    04 – HKUS-1-5-20..RunOnce : [mctadmin] C:WindowsSystem32mctadmin.exe

    ################## | C: %SystemDrive% – Disque Fixe (NTFS) |

    [18/12/2012 – 13:32:18 | T | 0 Ko] – C:WIMA8D1.tmp
    [18/12/2012 – 13:32:18 | T | 0 Ko] – C:WIMA9CB.tmp
    [10/06/2009 – 23:42:20 | N | 0 Ko] – C:config.sys
    [09/06/2014 – 10:06:46 | ASH | 785896 Ko] – C:hiberfil.sys
    [09/06/2014 – 14:27:51 | ASH | 2145280 Ko] – C:pagefile.sys
    [25/05/2014 – 21:33:50 | D] – C:Config.Msi
    [06/03/2014 – 17:55:34 | D] – C:$Recycle.Bin
    [10/06/2009 – 23:42:20 | A | 0 Ko] – C:autoexec.bat
    [25/05/2014 – 21:44:01 | N | 21 Ko] – C:ADS_ERR.ADT
    [25/05/2014 – 21:39:06 | N | 2 Ko] – C:ADS_ERR.adm
    [25/05/2014 – 21:44:01 | N | 3 Ko] – C:ADS_ERR.ADI
    [14/07/2009 – 04:37:05 | D] – C:PerfLogs
    [14/07/2009 – 06:53:55 | D] – C:Documents and Settings
    [06/03/2014 – 17:52:17 | SHD] – C:Recovery
    [06/03/2014 – 20:04:49 | RHD] – C:MSOCache
    [09/05/2014 – 17:54:33 | D] – C:Users
    [11/05/2014 – 18:57:58 | D] – C:ProgramData
    [25/05/2014 – 21:39:33 | D] – C:bobschool50
    [05/06/2014 – 01:05:39 | D] – C:Windows
    [07/06/2014 – 20:45:44 | D] – C:UsbFix
    [09/06/2014 – 13:51:35 | SHD] – C:System Volume Information
    [09/06/2014 – 14:26:14 | D] – C:Program Files

    ################## | F: – Disque USB (FAT32) |

    [07/04/2014 – 19:44:08 | N | 306624 Ko] – F:.HPIMAGE.VFS
    [11/10/2013 – 13:48:42 | SHD] – F:.Trashes
    [11/10/2013 – 13:48:42 | SH | 4 Ko] – F:._.Trashes
    [14/10/2013 – 14:28:04 | SHD] – F:.TemporaryItems
    [14/10/2013 – 14:28:04 | SH | 4 Ko] – F:._.TemporaryItems
    [11/10/2013 – 13:48:44 | SHD] – F:.Spotlight-V100
    [26/05/2014 – 10:36:10 | N | 1000 Ko] – F:Le c l o n a g e.pptx
    [06/04/2014 – 19:29:10 | N | 406 Ko] – F:pandora_box___iris___shiawase_no_hako__1_2__by_lutias-d5ynse.jpg
    [07/04/2014 – 15:46:10 | N | 750 Ko] – F:pandora_box___iris___shiawase_no_hako__2_2__by_lutias-d5ynsp.jpg
    [07/04/2014 – 15:57:22 | N | 846 Ko] – F:1358697607074224400.jpg
    [07/02/2014 – 11:15:32 | SHD] – F:.fseventsd
    [15/11/2013 – 12:05:38 | N | 4 Ko] – F:._Affiche du film et photos des acteurs principaux et du réalisateur et sa biographie.docx
    [17/03/2014 – 15:32:10 | N | 47 Ko] – F:les capitales d’amériques du sud.docx
    [17/03/2014 – 16:04:18 | N | 55 Ko] – F:Le travail intérimaire et temporaire.docx
    [17/03/2014 – 16:19:50 | N | 72 Ko] – F:Bruxelles.docx
    [24/04/2014 – 22:33:08 | N | 303 Ko] – F:Doc2.docx
    [24/04/2014 – 22:33:18 | N | 370 Ko] – F:brochure eng.docx
    [05/06/2014 – 12:51:24 | D] – F:FOUND.000
    [09/10/2013 – 16:14:20 | D] – F:Videos
    [09/10/2013 – 16:14:20 | D] – F:Sounds
    [09/10/2013 – 16:14:20 | D] – F:Images
    [14/10/2013 – 14:28:32 | D] – F:DOSSIERS
    [19/10/2013 – 23:38:00 | D] – F:DCIM
    [21/12/2013 – 20:36:00 | D] – F:ss-Backup-0001
    [20/01/2014 – 17:16:04 | D] – F:Other files
    [07/02/2014 – 20:27:42 | D] – F:databases
    [07/02/2014 – 20:27:42 | D] – F:BlackBerry
    [16/02/2014 – 13:29:38 | D] – F:DOC
    [16/02/2014 – 13:30:12 | D] – F:nihongo
    [16/02/2014 – 13:31:26 | D] – F:Nouveau dossier
    [16/02/2014 – 13:32:26 | D] – F:musiqua
    [17/03/2014 – 15:09:04 | D] – F:Nouveau porte-documents
    [31/05/2014 – 21:15:26 | D] – F:Espagnol
    [01/06/2014 – 16:09:46 | D] – F:juin

    ################## | Vaccin |

    F:Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.sosvirus.net/ | http://www.usbfix.net/ |

    Mais bon merci Victor/Héraclès

    Victor
    Participant
    Nombre d'articles : 551

    Bonsoir Lady os, :hello:

    :super: Ok pour le rapport USBFIX et ZHPFIX.

    Tu ne dispose plus de 16% de mémoire utilisable, on effectue une optimisation pour récupérer un peu de celle-ci:

    On poursuit la procédure:

    • Copie les lignes ci dessous : (clique sur « tout sélectionner » et fait un clic droit sur la zone mise en bleu puis sélectionne « copier »
      script zhpfix
      OPT:O4 - HKCU..Run: [VoipConnect] C:Program FilesVoipConnect.comVoipConnectVoipConnect.exe (.not file.)
      OPT:O4 - HKUSS-1-5-21-4055012067-1499113417-2862841071-1000..Run: [VoipConnect] C:Program FilesVoipConnect.comVoipConnectVoipConnect.exe (.not file.)
      OPT:O4 - HKCU..Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:Program FilesYahoo!MessengerYahooMessenger.exe
      OPT:O4 - HKCU..Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:Program FilesSuperCopier2SuperCopier2.exe
      OPT:O4 - HKUSS-1-5-21-4055012067-1499113417-2862841071-1000..Run: [SuperCopier2.exe] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:Program FilesSuperCopier2SuperCopier2.exe
      OPT:O4 - HKUSS-1-5-21-4055012067-1499113417-2862841071-1000..Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:Program FilesYahoo!MessengerYahooMessenger.exe
      O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:WindowsTasksGoogleUpdateTaskMachineCore.job [1058]
      O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) -- C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1058]
      O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:WindowsTasksGoogleUpdateTaskMachineUA.job [1062]
      O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) -- C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1062]

    • Lance ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      1. Clique sur Importer
      2. Puis Clic sur « GO« 

    • Confirme les nettoyages des données en cliquant sur « Oui« 
    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.

    Après, tu poursuit sur cela:

    • Désactive ton antivirus sinon l’outil ne pourra pas travailler convenablement.
    • Télécharge Shortcut_Module sur ton bureau.

      Note : Enregistrer votre travail avant de continuer !

    • Lance Shortcut_Module,
    • Clic sur Nettoyer

      Note : Patiente le temps du scan

    • Laisse travailler l’outil même s’il te parait bloqué
    • Si l’outil détecte un proxy que tu ne connais pas clic sur : « Supprimer le proxy« 
    • Héberge le rapport C:Shortcut_Module_date_heure.txt sur http://upload.sosvirus.net/ » onclick= »window.open(this.href);return false; puis donne le lien obtenu

    Cordialement
    Victor

11 sujets de 1 à 11 (sur un total de 11)

Vous devez être connecté pour répondre à ce sujet.