2 sujets de 1 à 2 (sur un total de 2)
  • Auteur
    Messages
  • Christian.Poyroux
    Participant
    Nombre d'articles : 1

    [spoiler:2ao3avrp]Rapport de ZHPDiag v2014.7.24.108 – Nicolas Coolman (24/07/2014)
    ~ Lancé par Frédérique (19/08/2014 20:24:38)

    MSIE: Internet Explorer v11.0.9600.17239
    MFIE: Mozilla Firefox 31.0 (Defaut)
    GCIE: Google Chrome v36.0.1985.143

    C:UsersFrédériqueAppDataLocalWindowsContactPictures
    O43 – CFD: 22/06/2014 – 18:15:45 – [] R—D C:UsersFrédériqueAppDataRoamingMicrosoftWindowsStart MenuProgramsAccessibility
    O43 – CFD: 22/08/2013 – 17:36:32 – [] R—D C:UsersFrédériqueAppDataRoamingMicrosoftWindowsStart MenuProgramsAccessories
    O43 – CFD: 22/06/2014 – 18:54:44 – [] R—D C:UsersFrédériqueAppDataRoamingMicrosoftWindowsStart MenuProgramsAdministrative Tools
    O43 – CFD: 18/08/2014 – 18:30:31 – [] R—D C:UsersFrédériqueAppDataRoamingMicrosoftWindowsStart MenuProgramsBT Devices
    O43 – CFD: 17/08/2014 – 18:19:28 – [] —-D C:UsersFrédériqueAppDataRoamingMicrosoftWindowsStart MenuProgramsDropbox
    O43 – CFD: 26/10/2013 – 20:20:34 – [0] —-D C:UsersFrédériqueAppDataRoamingMicrosoftWindowsStart MenuProgramsGames
    O43 – CFD: 22/08/2013 – 17:36:32 – [] —-D C:UsersFrédériqueAppDataRoamingMicrosoftWindowsStart MenuProgramsMaintenance
    O43 – CFD: 24/08/2013 – 05:14:25 – [0] —-D C:UsersFrédériqueAppDataRoamingMicrosoftWindowsStart MenuProgramsPhotoFiltre
    O43 – CFD: 22/06/2014 – 18:15:45 – [] —-D C:UsersFrédériqueAppDataRoamingMicrosoftWindowsStart MenuProgramsRevo Uninstaller
    O43 – CFD: 17/08/2014 – 18:20:12 – [] R—D C:UsersFrédériqueAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
    O43 – CFD: 22/06/2014 – 18:15:45 – [] R—D C:UsersFrédériqueAppDataRoamingMicrosoftWindowsStart MenuProgramsSystem Tools
    ~ Program Folder: 169 Scanned in 00mn 00s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.C27B20D9AA9BE41CCBFD512AABB0E6C3] – 06/08/2014 – 23:38:18 —A- . (.Microsoft Corporation – Mise à jour des données de compatibilité de.) — C:WindowsSystem32aepdu.dll [697856]
    O44 – LFC:[MD5.A39C4AB750E0AD4431C7B7F46AB0EBED] – 06/08/2014 – 23:39:55 —A- . (.Microsoft Corporation – Pilote Win32 multi-utilisateurs.) — C:WindowsSystem32win32k.sys [4148224]
    O44 – LFC:[MD5.87CEF71F9D5951C9379D2F956C07C37D] – 07/08/2014 – 03:12:27 —A- . (.Microsoft Corporation – GDI Client DLL.) — C:WindowsSystem32gdi32.dll [1336624]
    O44 – LFC:[MD5.9D9ED48F841EA37AA5310D54B9E5D3C7] – 13/08/2014 – 10:07:01 —A- . (.Malwarebytes Corporation – Malwarebytes Chameleon Protection Driver.) — C:WindowsSystem32Driversmbamchameleon.sys [91352]
    O44 – LFC:[MD5.0664F6335F108F38FE08C3CA747311EE] – 13/08/2014 – 10:07:01 —A- . (.Malwarebytes Corporation – Malwarebytes Web Access Control.) — C:WindowsSystem32Driversmwac.sys [64216]
    O44 – LFC:[MD5.1FBE0C637032A64AB316F18EFED67E89] – 14/08/2014 – 03:18:37 —A- . (.Microsoft Corporation – JScript Proxy Auto-Configuration.) — C:WindowsSystem32jsproxy.dll [51200]
    O44 – LFC:[MD5.B2F436D19A6513345E9F556CE962B84D] – 14/08/2014 – 03:18:40 —A- . (.Microsoft Corporation – DLL de gestion d'utilisateur local et de co.) — C:WindowsSystem32msrating.dll [195584]
    O44 – LFC:[MD5.7871E35AC5640F4296B5C497CCAAA2AF] – 14/08/2014 – 03:18:46 —A- . (.Microsoft Corporation – IOD Version Map.) — C:WindowsSystem32iesetup.dll [66048]
    O44 – LFC:[MD5.6BD4079F6EC3B875674C9E988AA24CDF] – 14/08/2014 – 03:18:46 —A- . (.Microsoft Corporation – Traitement de RunOnce complet avec interfac.) — C:WindowsSystem32iernonce.dll [33792]
    O44 – LFC:[MD5.4F51BFB5DF7249D1CFC37010895E609C] – 14/08/2014 – 03:18:49 —A- . (.Microsoft Corporation – Outil d’installation sans assistance d’IE 7.) — C:WindowsSystem32ieUnatt.exe [139264]
    O44 – LFC:[MD5.E1593B9C098F079DCED37016DC9DF685] – 14/08/2014 – 03:18:52 —A- . (.Microsoft Corporation – IE ETW Collector Proxy Stub Resources.) — C:WindowsSystem32ieetwproxystub.dll [48640]
    O44 – LFC:[MD5.F48C144251B36850B67AB8E6D9E20E92] – 14/08/2014 – 03:18:52 —A- . (.Microsoft Corporation – IE ETW Collector Service.) — C:WindowsSystem32ieetwcollector.exe [111616]
    O44 – LFC:[MD5.C2CB1454F0D6BFDF584395A41C223BDF] – 14/08/2014 – 03:18:52 —A- . (.Microsoft Corporation – Ressources du service Collecteur ETW d’IE.) — C:WindowsSystem32ieetwcollectorres.dll [4096]
    O44 – LFC:[MD5.C56EF94A5E1C20BF4B8AA6698642886F] – 14/08/2014 – 03:18:56 —A- . (.Microsoft Corporation – Microsoft® MSHTML Typelib.) — C:WindowsSystem32mshtml.tlb [2724864]
    O44 – LFC:[MD5.10D8859CF01C1284603582ABD9B0482C] – 14/08/2014 – 03:28:13 —A- . (.Microsoft Corporation – Interface utilisateur de consentement pour.) — C:WindowsSystem32consent.exe [114520]
    O44 – LFC:[MD5.68F887EF33C09CDA957A51ECE871D642] – 14/08/2014 – 03:28:13 —A- . (.Microsoft Corporation – Interface utilisateur d’authentification Wi.) — C:WindowsSystem32authui.dll [2642944]
    O44 – LFC:[MD5.28E0C3AAA68579ABD9A27B92DFD5F119] – 14/08/2014 – 03:28:13 —A- . (.Microsoft Corporation – Windows Installer.) — C:WindowsSystem32msi.dll [2790912]
    O44 – LFC:[MD5.08914C8989AB93F5EC3A452D014E2C8D] – 14/08/2014 – 03:28:13 —A- . (.Microsoft Corporation – Windows® installer.) — C:WindowsSystem32msihnd.dll [356352]
    O44 – LFC:[MD5.F381B380B7B2704EA4C0F8D8C49C1C50] – 14/08/2014 – 03:28:14 —A- . (.Microsoft Corporation – MDMAgent.) — C:WindowsSystem32MDMAgent.exe [623616]
    O44 – LFC:[MD5.00AD15C6BA3C337CB68A476C0AD05338] – 14/08/2014 – 03:28:18 —A- . (.Microsoft Corporation – Microsoft Windows MRM.) — C:WindowsSystem32MrmCoreR.dll [918528]
    O44 – LFC:[MD5.6BC31FB4E24A962C98801D3687A984C0] – 14/08/2014 – 03:28:19 —A- . (.Microsoft Corporation – Bibliothèque de synchronisation Web du cont.) — C:WindowsSystem32WpcWebSync.dll [2861056]
    O44 – LFC:[MD5.E7DE316FEEFC79327CFAD8F527979CC0] – 14/08/2014 – 03:28:20 —A- . (.Microsoft Corporation – Bibliothèque des paramètres WPC.) — C:WindowsSystem32Wpc.dll [3118080]
    O44 – LFC:[MD5.E2F4125BFAC99244088324A1841C0B83] – 14/08/2014 – 03:28:20 —A- . (.Microsoft Corporation – Moniteur du contrôle parental.) — C:WindowsSystem32WpcMon.exe [3048880]
    O44 – LFC:[MD5.2D347489E43FAD4E51FDB51BEEBF13F4] – 14/08/2014 – 03:28:27 —A- . (.Microsoft Corporation – Application Experience Program Inventory Co.) — C:WindowsSystem32aeinv.dll [527360]
    O44 – LFC:[MD5.6DBE73C09215E281F4283641144110A5] – 14/08/2014 – 03:28:36 —A- . (.Microsoft Corporation – Windows Presentation Foundation Terminal Se.) — C:WindowsSystem32TsWpfWrp.exe [35480]
    O44 – LFC:[MD5.6ED6DA2A04F8F0C9BDAD647284BAEFB6] – 14/08/2014 – 03:29:50 —A- . (.Microsoft Corporation – Microsoft ® VBScript.) — C:WindowsSystem32vbscript.dll [548352]
    O44 – LFC:[MD5.C02C78DE9BB4E68F6C78B1588ADD6ADC] – 14/08/2014 – 03:29:51 —A- . (.Microsoft Corporation – DAC for Trident DOM.) — C:WindowsSystem32MshtmlDac.dll [83968]
    O44 – LFC:[MD5.19FA60D3AE1804A559306DE931A5B415] – 14/08/2014 – 03:29:51 —A- . (.Microsoft Corporation – JavaScript Performance Collection Agent.) — C:WindowsSystem32JavaScriptCollectionAgent.dll [72704]
    O44 – LFC:[MD5.8E71A5CB5312B8392D4DA4CA37BB5868] – 14/08/2014 – 03:29:52 —A- . (.Microsoft Corporation – Extensions Internet pour Win32.) — C:WindowsSystem32wininet.dll [2266624]
    O44 – LFC:[MD5.52D2151908C2A6388B6561A373488F6F] – 14/08/2014 – 03:29:52 —A- . (.Microsoft Corporation – Utilitaire d'initialisation d'Internet Expl.) — C:WindowsSystem32ie4uinit.exe [692736]
    O44 – LFC:[MD5.38D14F3D0A289050CA9BF8E98F37313F] – 14/08/2014 – 03:29:53 —A- . (.Microsoft Corporation – Personnalisation d’IEAK.) — C:WindowsSystem32iedkcs32.dll [333312]
    O44 – LFC:[MD5.ECA387DCD57F683C52171C766CF400F0] – 14/08/2014 – 03:30:05 —A- . (.Microsoft Corporation – Visionneuse HTML Microsoft (R).) — C:WindowsSystem32mshtml.dll [23645696]
    O44 – LFC:[MD5.BAC44396088ECC1C9021ED3E3345337C] – 14/08/2014 – 03:30:06 —A- . (.Microsoft Corporation – Microsoft SmartScreen Filter.) — C:WindowsSystem32ieapfltr.dll [846336]
    O44 – LFC:[MD5.472C409F9B0FF67C1015F511C73E1889] – 14/08/2014 – 03:30:07 —A- . (.Microsoft Corporation – Microsoft (R) JScript.) — C:WindowsSystem32jscript9.dll [5824512]
    O44 – LFC:[MD5.920F690FC7424DE71888AA2E46E917EA] – 14/08/2014 – 03:30:07 —A- . (.Microsoft Corporation – Microsoft ® JScript Diagnostics.) — C:WindowsSystem32jscript9diag.dll [758272]
    O44 – LFC:[MD5.2639E152D246F2A651F09764807CA153] – 14/08/2014 – 03:30:07 —A- . (.Microsoft Corporation – Microsoft® HTML Editing Component.) — C:WindowsSystem32mshtmled.dll [85504]
    O44 – LFC:[MD5.1B26610C1659EF54ED000233FB96F20C] – 14/08/2014 – 03:30:10 —A- . (.Microsoft Corporation – Navigateur Internet.) — C:WindowsSystem32ieframe.dll [13547008]
    O44 – LFC:[MD5.DB382D89D8004F40BD2C55BAE6A15B30] – 14/08/2014 – 03:30:10 —A- . (.Microsoft Corporation – Utilitaire à l’exécution pour Internet Expl.) — C:WindowsSystem32iertutil.dll [2774528]
    O44 – LFC:[MD5.39A85C005BCDEEF4092646EBBC2526AA] – 14/08/2014 – 03:30:11 —A- . (.Microsoft Corporation – Panneau de configuration Internet.) — C:WindowsSystem32inetcpl.cpl [2087936]
    O44 – LFC:[MD5.FE7D99399F7761AA2695A7B1AD30DAAF] – 14/08/2014 – 03:30:13 —A- . (.Microsoft Corporation – Extensions OLE32 pour Win32.) — C:WindowsSystem32urlmon.dll [1431040]
    O44 – LFC:[MD5.1FD1F16C35946BA28FDEB40F18B7729D] – 14/08/2014 – 03:30:13 —A- . (.Microsoft Corporation – Microsoft Feeds Manager.) — C:WindowsSystem32msfeeds.dll [631808]
    O44 – LFC:[MD5.454978FB3D24DE5C4199162D5F81FBEE] – 14/08/2014 – 03:30:22 —A- . (.Microsoft Corporation – Bibliothèque principale du Gestionnaire de.) — C:WindowsSystem32dwmcore.dll [2133504]
    O44 – LFC:[MD5.59EAFAE3A34B4925990A2E679CA91C5B] – 14/08/2014 – 03:30:22 —A- . (.Microsoft Corporation – DirectX Graphics Infrastructure.) — C:WindowsSystem32dxgi.dll [517528]
    O44 – LFC:[MD5.313DCE665B57000B18CB26C6B6A10DFE] – 14/08/2014 – 03:30:22 —A- . (.Microsoft Corporation – DirectX Graphics Kernel.) — C:WindowsSystem32Driversdxgkrnl.sys [1557848]
    O44 – LFC:[MD5.1BB9CC78C91536CBA7B04B61ED0F85C4] – 14/08/2014 – 03:37:05 —A- . (.Microsoft Corporation – Runtime d’appel de procédure distante.) — C:WindowsSystem32rpcrt4.dll [1273184]
    O44 – LFC:[MD5.858CC713E4D6C931FFA232154BFD1208] – 14/08/2014 – 18:01:46 —A- . (.Microsoft Corporation – Outil de suppression de logiciels malveilla.) — C:WindowsSystem32MRT.exe [99218768]
    O44 – LFC:[MD5.B067A179B41C46D691D0C9EF97A5C9FC] – 14/08/2014 – 18:49:29 —A- . (…) — C:WindowsSystem32FNTCACHE.DAT [360448]
    O44 – LFC:[MD5.A4955BC3696B0FB4C5FF7322B0F67A62] – 17/08/2014 – 17:02:54 —A- . (…) — C:WindowsSystem32PerfStringBackup.INI [1824010]
    O44 – LFC:[MD5.EE5FD8A7EF2BB81C79EA43D4321B8544] – 17/08/2014 – 17:02:54 —A- . (…) — C:WindowsSystem32perfc009.dat [135592]
    O44 – LFC:[MD5.D0DC572A6EB42F21AD0A5619109C7B81] – 17/08/2014 – 17:02:54 —A- . (…) — C:WindowsSystem32perfc00C.dat [159412]
    O44 – LFC:[MD5.910CA7CF9AA06AEC3E8E6034C4CBDA18] – 17/08/2014 – 17:02:54 —A- . (…) — C:WindowsSystem32perfh009.dat [722476]
    O44 – LFC:[MD5.6B1C0F87A3C0A33602875760919DF40F] – 17/08/2014 – 17:02:54 —A- . (…) — C:WindowsSystem32perfh00C.dat [812350]
    O44 – LFC:[MD5.F4CB0A43A8349571E33BFF90CF4CC957] – 18/08/2014 – 17:33:09 —A- . (…) — C:AdwCleaner[R17].txt [3422]
    O44 – LFC:[MD5.9C18BB25D7B9BFE4148528C888BECC13] – 18/08/2014 – 17:34:09 —A- . (…) — C:AdwCleaner[S12].txt [3593]
    O44 – LFC:[MD5.0E41981BF1927B888E81EBCAC465F128] – 18/08/2014 – 18:41:15 —A- . (…) — C:AdwCleaner[R18].txt [3294]
    O44 – LFC:[MD5.029233345AB1CE477642C3388FF06D09] – 18/08/2014 – 18:43:00 —A- . (…) — C:AdwCleaner[S13].txt [3357]
    O44 – LFC:[MD5.8A50D5304E6AE48664CF5838EC32F647] – 19/08/2014 – 17:25:36 —A- . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:WindowsSystem32DriversMBAMSwissArmy.sys [122584]
    O44 – LFC:[MD5.28F791650983A65EF9706440B410928B] – 19/08/2014 – 17:37:29 —A- . (…) — C:AdwCleaner[R19].txt [3416]
    O44 – LFC:[MD5.4010AFB2C81D003D66CE7CA8B9CB2172] – 19/08/2014 – 17:49:54 —A- . (…) — C:WindowsWindowsUpdate.log [1245293]
    O44 – LFC:[MD5.D2112B7981281796BD79DDE729D8DCC6] – 19/08/2014 – 18:36:29 —A- . (…) — C:Windowslgfwup.ini [368]
    O44 – LFC:[MD5.4F82719EFCE0258D4C8EF542CC34F3A7] – 19/08/2014 – 18:36:44 -S-A- . (…) — C:Windowsbootstat.dat [67584]
    O44 – LFC:[MD5.E8A0191F0CCFB9BB6DA543C05088A4ED] – 19/08/2014 – 18:42:24 —A- . (…) — C:PhysicalDisk0_MBR.bin [512]
    ~ Files: 64 Scanned in 01mn 48s

    —\ Déni du service (Local Security Authority) (O48)
    O48 – LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WindowsSystem32msv1_0.dll
    O48 – LSA:Local Security Authority Notification Packages . (.Microsoft Corporation – Moteur du client de l’Éditeur de configuration de sécurité Windows.) — C:WindowsSystem32scecli.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Package de sécurité Kerberos.) — C:WindowsSystem32kerberos.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WindowsSystem32msv1_0.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Fournisseur de sécurité TLS/SSL.) — C:WindowsSystem32schannel.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Microsoft Digest Access.) — C:WindowsSystem32wdigest.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Web Service Security Package.) — C:WindowsSystem32tspkg.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Pku2u Security Package.) — C:WindowsSystem32pku2u.dll
    O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Live Security Package.) — C:WindowsSystem32livessp.dll
    ~ LSA: 9 Scanned in 00mn 00s

    —\ Contrôle du Safe Boot (CSB) (O49)
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalBasicDisplay.sys . (.Microsoft Corporation – Microsoft Basic Display Driver.) — C:WindowsSystem32DriversBasicDisplay.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalBasicRender.sys . (.Microsoft Corporation – Microsoft Basic Render Driver.) — C:WindowsSystem32DriversBasicRender.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimaldxgkrnl.sys . (.Microsoft Corporation – DirectX Graphics Kernel.) — C:WindowsSystem32Driversdxgkrnl.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalFsDepends.sys . (.Microsoft Corporation – File System Dependency Manager Mini Filter Driver.) — C:WindowsSystem32DriversFsDepends.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalsermouse.sys . (.Microsoft Corporation – Pilote de filtre souris série.) — C:WindowsSystem32Driverssermouse.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvolmgr.sys . (.Microsoft Corporation – Volume Manager Driver.) — C:WindowsSystem32Driversvolmgr.sys
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalvolmgrx.sys . (.Microsoft Corporation – Pilote d’extension du gestionnaire de volumes.) — C:WindowsSystem32Driversvolmgrx.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkBasicDisplay.sys . (.Microsoft Corporation – Microsoft Basic Display Driver.) — C:WindowsSystem32DriversBasicDisplay.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkBasicRender.sys . (.Microsoft Corporation – Microsoft Basic Render Driver.) — C:WindowsSystem32DriversBasicRender.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkdxgkrnl.sys . (.Microsoft Corporation – DirectX Graphics Kernel.) — C:WindowsSystem32Driversdxgkrnl.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkFsDepends.sys . (.Microsoft Corporation – File System Dependency Manager Mini Filter Driver.) — C:WindowsSystem32DriversFsDepends.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkipnat.sys . (.Microsoft Corporation – IP Network Address Translator.) — C:WindowsSystem32Driversipnat.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworknsiproxy.sys . (.Microsoft Corporation – NSI Proxy.) — C:WindowsSystem32Driversnsiproxy.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkrdpencdd.sys . (…) — C:WindowsSystem32Driversrdpencdd.sys (.not file.)
    O49 – CSB:Control Safe Boot HKLM…CCSNetworksermouse.sys . (.Microsoft Corporation – Pilote de filtre souris série.) — C:WindowsSystem32Driverssermouse.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvolmgr.sys . (.Microsoft Corporation – Volume Manager Driver.) — C:WindowsSystem32Driversvolmgr.sys
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkvolmgrx.sys . (.Microsoft Corporation – Pilote d’extension du gestionnaire de volumes.) — C:WindowsSystem32Driversvolmgrx.sys
    ~ CSB: 17 Scanned in 00mn 00s

    —\ Clé de registre Shell MountPoints2 (MPKS) (O51)
    O51 – MPSK:{ebb2847a-fb4e-11e2-bea0-2016d83e865e}AutoRuncommand. (…) — E:LGAutoRun.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les pilotes (HKLM)(TDSD) (O52)
    O52 – TDSD: Drivers32″msacm.l3acm »= »C:WindowsSystem32l3codeca.acm » . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WindowsSystem32l3codeca.acm
    O52 – TDSD: drivers.desc »C:WindowsSystem32l3codeca.acm »= »Fraunhofer IIS MPEG Layer-3 Codec » . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WindowsSystem32l3codeca.acm
    ~ TDSD: 2 Scanned in 00mn 00s

    —\ Enumération des clés de registre SecurityProviders (MCSP) (O54)
    O54 – MCSP:[HKLM…CurrentControlSetControl] – (SecurityProviders) – (.Microsoft Corporation – Credential Delegation Security Package.) — C:WindowsSystem32credssp.dll
    O54 – MCSP:[HKLM…ControlSet001Control] – (SecurityProviders) – (.Microsoft Corporation – Credential Delegation Security Package.) — C:WindowsSystem32credssp.dll
    ~ MSCP: 2 Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableVirtualization »=1
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableInstallerDetection »=1
    O55 – MWPS:[HKLM…PoliciesSystem] – « PromptOnSecureDesktop »=1
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableLUA »=1
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableSecureUIAPaths »=1
    O55 – MWPS:[HKLM…PoliciesSystem] – « ConsentPromptBehaviorAdmin »=5
    O55 – MWPS:[HKLM…PoliciesSystem] – « ValidateAdminCodeSignatures »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableUIADesktopToggle »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « EnableCursorSuppression »=1
    O55 – MWPS:[HKLM…PoliciesSystem] – « dontdisplaylastusername »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « legalnoticecaption »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « legalnoticetext »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « scforceoption »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « shutdownwithoutlogon »=1
    O55 – MWPS:[HKLM…PoliciesSystem] – « undockwithoutlogon »=1
    O55 – MWPS:[HKLM…PoliciesSystem] – « FilterAdministratorToken »=0
    O55 – MWPS:[HKLM…PoliciesSystem] – « ConsentPromptBehaviorUser »=1
    ~ MWPS: 17 Scanned in 00mn 00s

    —\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
    O56 – MWPE:[HKLM…policiesExplorer] – « ForceActiveDesktopOn »=0
    O56 – MWPE:[HKLM…policiesExplorer] – « NoActiveDesktopChanges »=1
    O56 – MWPE:[HKLM…policiesExplorer] – « NoActiveDesktop »=1
    ~ MWPE Keys: 3 Scanned in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:22/08/2013 – 13:43:41 —A- . (.LSI – LSI 3ware SCSI Storport Driver.) — C:WindowsSystem32Drivers3ware.sys [108896]
    O58 – SDL:22/08/2013 – 13:43:41 —A- . (.PMC-Sierra – PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller.) — C:WindowsSystem32Driversadp80xx.sys [782176]
    O58 – SDL:22/08/2013 – 13:43:41 —A- . (.Advanced Micro Devices – AHCI 1.3 Device Driver.) — C:WindowsSystem32Driversamdsata.sys [79200]
    O58 – SDL:22/08/2013 – 13:43:41 —A- . (.AMD Technologies Inc. – AMD Technology AHCI Compatible Controller Driver for Windows -.) — C:WindowsSystem32Driversamdsbs.sys [259424]
    O58 – SDL:22/08/2013 – 13:43:40 —A- . (.Advanced Micro Devices – Storage Filter Driver.) — C:WindowsSystem32Driversamdxata.sys [25952]
    O58 – SDL:22/08/2013 – 13:43:41 —A- . (.PMC-Sierra, Inc. – Adaptec SAS RAID WS03 Driver.) — C:WindowsSystem32Driversarcsas.sys [114016]
    O58 – SDL:18/06/2013 – 15:45:02 —A- . (.Qualcomm Atheros Communications, Inc. – Qualcomm Atheros Extensible Wireless LAN device driver.) — C:WindowsSystem32Driversathw8x.sys [3680256]
    O58 – SDL:15/07/2014 – 06:05:34 —A- . (.Avira Operations GmbH & Co. KG – Avira Minifilter Driver.) — C:WindowsSystem32Driversavgntflt.sys [117712] =>.Avira Operations GmbH
    O58 – SDL:03/06/2014 – 20:12:38 —A- . (.Avira Operations GmbH & Co. KG – Avira Driver for Security Enhancement.) — C:WindowsSystem32Driversavipbb.sys [130584] =>.Avira Operations GmbH
    O58 – SDL:10/12/2013 – 19:39:59 —A- . (.Avira Operations GmbH & Co. KG – Avira Manager Driver.) — C:WindowsSystem32Driversavkmgr.sys [28600] =>.Avira Operations GmbH
    O58 – SDL:15/07/2014 – 06:05:34 —A- . (.Avira Operations GmbH & Co. KG – Avira WFP Network Driver.) — C:WindowsSystem32Driversavnetflt.sys [42040] =>.Avira Operations GmbH
    O58 – SDL:13/08/2013 – 00:25:46 —A- . (.Windows (R) Win 7 DDK provider – BCM Function 2 Device Driver.) — C:WindowsSystem32Driversbcmfn2.sys [17624]
    O58 – SDL:10/08/2012 – 10:09:40 —A- . (.Qualcomm Atheros – Qualcomm Atheros A2DP driver.) — C:WindowsSystem32Driversbtath_a2dp.sys [344216]
    O58 – SDL:10/08/2012 – 10:09:40 —A- . (.Qualcomm Atheros – Qualcomm Atheros Bluetooth AVDT driver.) — C:WindowsSystem32Driversbtath_avdt.sys [114840]
    O58 – SDL:10/08/2012 – 10:09:40 —A- . (.Qualcomm Atheros – Qualcomm Atheros BUS driver.) — C:WindowsSystem32Driversbtath_bus.sys [33944]
    O58 – SDL:10/08/2012 – 10:09:42 —A- . (.Qualcomm Atheros – Qualcomm Atheros FILTER driver.) — C:WindowsSystem32Driversbtath_flt.sys [88728]
    O58 – SDL:10/08/2012 – 10:09:42 —A- . (.Qualcomm Atheros – Qualcomm Atheros HCRP driver.) — C:WindowsSystem32Driversbtath_hcrp.sys [178840]
    O58 – SDL:10/08/2012 – 10:09:42 —A- . (.Qualcomm Atheros – Qualcomm Atheros FILTER driver.) — C:WindowsSystem32Driversbtath_lwflt.sys [76952]
    O58 – SDL:10/08/2012 – 10:09:44 —A- . (.Qualcomm Atheros – Qualcomm Atheros AVRCP driver.) — C:WindowsSystem32Driversbtath_rcp.sys [135832]
    O58 – SDL:28/04/2014 – 05:33:30 —A- . (.Qualcomm Atheros – Qualcomm Atheros BtFilter Driver.) — C:WindowsSystem32Driversbtfilter.sys [599240]
    O58 – SDL:22/08/2013 – 13:43:41 —A- . (.Broadcom Corporation – Broadcom NetXtreme II GigE VBD.) — C:WindowsSystem32Driversbxvbda.sys [531296]
    O58 – SDL:25/06/2012 – 02:24:50 —A- . (.CyberLink – It is a virtual device driver which could create multiple virtu.) — C:WindowsSystem32DriversCLVirtualDrive.sys [92536]
    O58 – SDL:06/08/2012 – 03:41:28 —A- . (.ELAN Microelectronics Corp. – ETD Kernel Center.) — C:WindowsSystem32DriversETD.sys [313712]
    O58 – SDL:22/08/2013 – 13:43:45 —A- . (.Broadcom Corporation – Broadcom NetXtreme II 10 GigE VBD.) — C:WindowsSystem32Driversevbda.sys [3357024]
    O58 – SDL:21/08/2012 – 13:01:20 —A- . (.GEAR Software Inc. – CD DVD Filter.) — C:WindowsSystem32DriversGEARAspiWDM.sys [33240]
    O58 – SDL:03/07/2012 – 00:16:02 —A- . (.Intel Corporation – Intel(R) Management Engine Interface.) — C:WindowsSystem32DriversHECIx64.sys [62784]
    O58 – SDL:22/08/2013 – 13:43:45 —A- . (.Hewlett-Packard Company – Smart Array SAS/SATA Controller Media Driver.) — C:WindowsSystem32DriversHpSAMD.sys [64352]
    O58 – SDL:30/07/2013 – 19:47:35 —A- . (.Intel Corporation – Intel(R) Serial IO GPIO Controller Driver.) — C:WindowsSystem32DriversiaLPSSi_GPIO.sys [24568]
    O58 – SDL:25/07/2013 – 20:05:39 —A- . (.Intel Corporation – Intel(R) Serial IO I2C Controller Driver.) — C:WindowsSystem32DriversiaLPSSi_I2C.sys [99320]
    O58 – SDL:31/07/2012 – 03:22:00 —A- . (.Intel Corporation – Intel Rapid Storage Technology driver – x64.) — C:WindowsSystem32DriversiaStorA.sys [645952]
    O58 – SDL:10/08/2013 – 01:39:30 —A- . (.Intel Corporation – Intel Rapid Storage Technology driver (inbox) – x64.) — C:WindowsSystem32DriversiaStorAV.sys [651248]
    O58 – SDL:22/08/2013 – 13:43:45 —A- . (.Intel Corporation – Intel Matrix Storage Manager driver – x64.) — C:WindowsSystem32DriversiaStorV.sys [412000]
    O58 – SDL:29/01/2014 – 22:02:28 —A- . (.Intel Corporation – Intel Graphics Kernel Mode Driver.) — C:WindowsSystem32Driversigdkmd64.sys [5363200]
    O58 – SDL:19/06/2012 – 00:40:50 —A- . (.Intel(R) Corporation – Intel(R) Display Audio Driver.) — C:WindowsSystem32DriversIntcDAud.sys [342528]
    O58 – SDL:18/04/2013 – 15:14:12 —A- . (.LG Electronics Inc. – LGE AndroidNet Driver.) — C:WindowsSystem32Driverslgandnetdiag64.sys [29184]
    O58 – SDL:28/06/2013 – 10:45:00 —A- . (.LG Electronics Inc. – LGE AndroidNet Driver.) — C:WindowsSystem32Driverslgandnetmodem64.sys [36352]
    O58 – SDL:22/08/2013 – 13:43:44 —A- . (.LSI Corporation – LSI Fusion-MPT SAS Driver (StorPort).) — C:WindowsSystem32Driverslsi_sas.sys [109408]
    O58 – SDL:22/08/2013 – 13:43:45 —A- . (.LSI Corporation – LSI SAS Gen2 Driver (StorPort).) — C:WindowsSystem32Driverslsi_sas2.sys [93536]
    O58 – SDL:22/08/2013 – 13:43:44 —A- . (.LSI Corporation – LSI SAS Gen3 Driver (StorPort).) — C:WindowsSystem32Driverslsi_sas3.sys [81760]
    O58 – SDL:22/08/2013 – 13:43:45 —A- . (.LSI Corporation – LSI SSS PCIe/Flash Driver (StorPort).) — C:WindowsSystem32Driverslsi_sss.sys [82784]
    O58 – SDL:12/05/2014 – 06:25:56 —A- . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:WindowsSystem32Driversmbam.sys [25816]
    O58 – SDL:12/05/2014 – 06:26:00 —A- . (.Malwarebytes Corporation – Malwarebytes Chameleon Protection Driver.) — C:WindowsSystem32Driversmbamchameleon.sys [91352]
    O58 – SDL:19/08/2014 – 17:25:36 —A- . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:WindowsSystem32DriversMBAMSwissArmy.sys [122584]
    O58 – SDL:22/08/2013 – 13:43:45 —A- . (.LSI Corporation – MEGASAS RAID Controller Driver for Windows.) — C:WindowsSystem32Driversmegasas.sys [56672]
    O58 – SDL:22/08/2013 – 13:43:45 —A- . (.LSI Corporation, Inc. – LSI MegaRAID Software RAID Driver.) — C:WindowsSystem32Driversmegasr.sys [575840]
    O58 – SDL:22/08/2013 – 13:43:49 —A- . (.Marvell Semiconductor, Inc. – Marvell Flash Controller Driver.) — C:WindowsSystem32Driversmvumis.sys [63840]
    O58 – SDL:12/05/2014 – 06:26:14 —A- . (.Malwarebytes Corporation – Malwarebytes Web Access Control.) — C:WindowsSystem32Driversmwac.sys [64216]
    O58 – SDL:05/09/2013 – 01:36:46 —A- . (.NVIDIA Corporation – NVIDIA Windows Kernel Mode Driver, Version 327.02.) — C:WindowsSystem32Driversnvlddmkm.sys [11273504]
    O58 – SDL:05/09/2013 – 01:37:00 —A- . (.NVIDIA Corporation – NVIDIA Windows Kernel Mode Driver, Version 327.02.) — C:WindowsSystem32Driversnvpciflt.sys [30496]
    O58 – SDL:22/08/2013 – 13:43:31 —A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) RAID Driver.) — C:WindowsSystem32Driversnvraid.sys [150368]
    O58 – SDL:22/08/2013 – 13:43:32 —A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) Sata Performance Driver.) — C:WindowsSystem32Driversnvstor.sys [168288]
    O58 – SDL:27/07/2012 – 13:00:03 —A- . (.Windows (R) Win 7 DDK provider – HID Radio Switch mini driver for USB Fx2 Device.) — C:WindowsSystem32DriversRadioHIDMini.sys [23408]
    O58 – SDL:18/06/2013 – 15:46:17 —A- . (.Realtek – Realtek 8101E/8168/8169 NDIS 6.30 64-bit Driver.) — C:WindowsSystem32DriversRt630x64.sys [591360]
    O58 – SDL:07/08/2012 – 10:51:52 —A- . (.Realtek Semiconductor Corp. – Realtek(r) High Definition Audio Function Driver.) — C:WindowsSystem32DriversRTKVHD64.sys [4102928]
    O58 – SDL:22/08/2013 – 16:35:09 —A- . (.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) — C:WindowsSystem32Driverssecdrv.sys [23040]
    O58 – SDL:22/08/2013 – 13:43:31 —A- . (.Silicon Integrated Systems Corp. – SiS RAID Stor Miniport Driver.) — C:WindowsSystem32Driverssisraid2.sys [44896]
    O58 – SDL:22/08/2013 – 13:43:32 —A- . (.Silicon Integrated Systems – SiS AHCI Stor-Miniport Driver.) — C:WindowsSystem32Driverssisraid4.sys [81760]
    O58 – SDL:22/08/2013 – 13:43:32 —A- . (.Promise Technology, Inc. – Promise SuperTrak EX Series Driver for Windows x64.) — C:WindowsSystem32Driversstexstor.sys [31072]
    O58 – SDL:19/06/2013 – 18:02:12 —A- . (.Symantec Corporation – Symantec Event Library.) — C:WindowsSystem32DriversSYMEVENT64x86.SYS [177312]
    O58 – SDL:22/08/2013 – 13:43:34 —A- . (.VIA Technologies, Inc. – VIA Generic PCI IDE Bus Driver.) — C:WindowsSystem32Driversviaide.sys [19808]
    O58 – SDL:22/08/2013 – 13:43:34 —A- . (.VIA Technologies Inc.,Ltd – VIA RAID DRIVER FOR AMD-X86-64.) — C:WindowsSystem32Driversvsmraid.sys [168800]
    O58 – SDL:22/08/2013 – 13:43:34 —A- . (.VIA Corporation – VIA StorX RAID Controller Driver.) — C:WindowsSystem32DriversVSTXRAID.SYS [305504]
    O58 – SDL:18/09/2012 – 23:15:20 —A- . (.Qualcomm Atheros Communications, Inc. – Qualcomm Atheros Extensible Wireless LAN device driver.) — C:WindowsSystem32athw8x.sys [3653632]
    O58 – SDL:06/12/2012 – 08:45:04 —A- . (.Windows (R) 2003 DDK 3790 provider – Generic Port I/O for Win64.) — C:WindowsSysWOW64driversrtport.sys [15144]
    ~ Drivers: 64 Scanned in 00mn 02s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 15/08/2014 – 20:27:52 —A- . (.Dropbox, Inc..) — C:UsersFrédériqueAppDataRoamingDropboxbinDropbox.exe [36414752] =>.Dropbox
    O61 – LFC: 15/08/2014 – 20:27:53 —A- . (…) — C:UsersFrédériqueAppDataRoamingDropboxbinwxmsw28uh_vc.dll [3610624] =>.Dropbox
    O61 – LFC: 15/08/2014 – 20:27:53 —A- . (.Dropbox, Inc..) — C:UsersFrédériqueAppDataRoamingDropboxbinDropboxUninstaller.exe [262160] =>.Dropbox
    O61 – LFC: 15/08/2014 – 20:27:53 —A- . (.Dropbox, Inc..) — C:UsersFrédériqueAppDataRoamingDropboxbinDropboxUpdateHelper.exe [225224] =>.Dropbox
    O61 – LFC: 19/08/2014 – 20:27:52 —A- . (…) — C:UsersFrédériqueAppDataLocalTempdropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpiy7q1u.dll [43008]
    O61 – LFC: 19/08/2014 – 20:27:55 —A- . (…) — C:UsersFrédériqueDesktopZHPDiagunins000.exe [694736] =>.Nicolas Coolman
    ~ 21 Fichiers temporaires (Temporary files)
    ~ 1 Fichiers cookies (Cookies files)
    ~ Files: 6 Scanned in 00mn 24s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: < .bat> [HKLM..openCommand] (…) — « %1 » %*
    O67 – Shell Spawning: < .cpl> [HKLM..cplopenCommand] (.Microsoft Corporation – Windows Control Panel.) — C:WindowsSystem32control.exe =>.Microsoft Corporation
    O67 – Shell Spawning: < .cmd> [HKLM..openCommand] (…) — « %1 » %*
    O67 – Shell Spawning: < .com> [HKLM..openCommand] (…) — « %1 » %*
    O67 – Shell Spawning: < .evt> [HKLM..openCommand] (.Microsoft Corporation – Lanceur du composant logiciel enfichable Observateur d’événements.) — C:WindowsSystem32eventvwr.exe
    O67 – Shell Spawning: < .exe> [HKLM..openCommand] (…) — « %1 » %*
    O67 – Shell Spawning: < .html> [HKLM..openCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet ExplorerIEXPLORE.exe
    O67 – Shell Spawning: < .js> [HKLM..openCommand] (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32WScript.exe
    O67 – Shell Spawning: < .reg> [HKLM..openCommand] (.Microsoft Corporation – Éditeur du Registre.) — C:Windowsregedit.exe
    O67 – Shell Spawning: < .scr> [HKLM..openCommand] (…) — « %1 » /S
    O67 – Shell Spawning: < .html> [HKCU..openCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    ~ FASS Keys: 11 Scanned in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program Files (x86)Mozilla Firefoxfirefox.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program Files (x86)GoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} – (Bing) – http://www.bing.com » onclick= »window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {1E955F86-A4C8-A794-4CAE-7FC114E4B966} – (Google) – http://www.google.com » onclick= »window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Enumère les service demarrés par Svchost (SSS) (O83)
    O83 – Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation – Service Expérience d’application.) — C:WindowsSystem32aelupsvc.dll [208896]
    O83 – Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation – Service de propagation de certificats de cartes à puce Microsoft.) — C:WindowsSystem32certprop.dll [155136]
    O83 – Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation – Service de propagation de certificats de cartes à puce Microsoft.) — C:WindowsSystem32certprop.dll [155136]
    O83 – Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation – DLL du service Serveur.) — C:WindowsSystem32srvsvc.dll [323072]
    O83 – Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation – Client de stratégie de groupe.) — C:WindowsSystem32gpsvc.dll [1308160]
    O83 – Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation – Extension IKE.) — C:WindowsSystem32ikeext.dll [1063424]
    O83 – Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation – Service offrant une connectivité IPv6 sur un réseau IPv4..) — C:WindowsSystem32iphlpsvc.dll [903168]
    O83 – Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation – DLL de service d’ouverture de session secondaire.) — C:Windowssystem32seclogon.dll [30720]
    O83 – Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation – Service Informations d’application.) — C:WindowsSystem32appinfo.dll [109568]
    O83 – Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation – Service de découverte iSCSI.) — C:WindowsSystem32iscsiexe.dll [150528]
    O83 – Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation – Service EAPHost Microsoft.) — C:WindowsSystem32eapsvc.dll [107008]
    O83 – Search Svchost Services: schedule (schedule) . (.Microsoft Corporation – Service du Planificateur de tâches.) — C:WindowsSystem32schedsvc.dll [1214976]
    O83 – Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation – WMI.) — C:WindowsSystem32wbemWMIsvc.dll [220672]
    O83 – Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation – Service Planificateur de classes multimédias.) — C:WindowsSystem32mmcss.dll [70656]
    O83 – Search Svchost Services: browser (browser) . (.Microsoft Corporation – DLL du service Explorateur d’ordinateurs.) — C:WindowsSystem32browser.dll [134144]
    O83 – Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation – ProfSvc.) — C:WindowsSystem32profsvc.dll [220160]
    O83 – Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation – Service Configuration des services Bureau à distance.) — C:WindowsSystem32sessenv.dll [324096]
    O83 – Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation – Rapports et solutions aux problèmes.) — C:WindowsSystem32wercplsupport.dll [81408]
    O83 – Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation – Service Gestion des clés.) — C:WindowsSystem32kmsvc.dll [97792]
    O83 – Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation – Service BDE.) — C:WindowsSystem32bdesvc.dll [339456]
    O83 – Search Svchost Services: lfsvc (lfsvc) . (.Microsoft Corporation – Service d’infrastructure de localisation Windows.) — C:WindowsSystem32GeofenceMonitorService.dll [491520]
    O83 – Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation – Service de compte Microsoft®.) — C:WindowsSystem32wlidsvc.dll [1576960]
    O83 – Search Svchost Services: Themes (Themes) . (.Microsoft Corporation – DLL du service des thèmes Windows Shell.) — C:WindowsSystem32themeservice.dll [50688]
    O83 – Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation – Gestionnaire d’installation de périphérique.) — C:WindowsSystem32DeviceSetupManager.dll [201728]
    O83 – Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation – Service Assistant Connectivité réseau Microsoft.) — C:WindowsSystem32ncasvc.dll [164352]
    O83 – Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation – Gestionnaire de numérotation automatique d’accès distant.) — C:WindowsSystem32rasauto.dll [101376]
    O83 – Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation – Gestionnaire des connexions d’accès à distance.) — C:WindowsSystem32rasmans.dll [534528]
    O83 – Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation – Gestionnaire d’interface dynamique.) — C:WindowsSystem32mprdim.dll [223744]
    O83 – Search Svchost Services: SENS (SENS) . (.Microsoft Corporation – Service de notification d’événements système (SENS).) — C:WindowsSystem32sens.dll [71680]
    O83 – Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation – Composants de l’application d’assistance à Microsoft NAT.) — C:WindowsSystem32ipnathlp.dll [433664]
    O83 – Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation – Serveur de téléphonie Microsoft® Windows(TM).) — C:WindowsSystem32tapisrv.dll [306688]
    O83 – Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation – Agent de mise à jour automatique Windows Update.) — C:WindowsSystem32wuaueng.dll [3463680]
    O83 – Search Svchost Services: BITS (BITS) . (.Microsoft Corporation – Service de transfert intelligent en arrière-plan.) — C:WindowsSystem32qmgr.dll [1017856]
    O83 – Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation – Dll des services Windows Shell.) — C:WindowsSystem32shsvcs.dll [629760]
    ~ Services: 34 Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.6EBA4DF7D38DA6FCD75D8FCF8F0FA99B] [SPRF][21/02/2013] (.Samsung Electronics – Samsung Marker.) — C:ProgramDataMakeMarkerFile.exe [2063240]
    [MD5.96030AE285C32ECCD1C599F1C5DD2BEF] [SPRF][25/03/2014] (…) — C:UsersFrédériqueDesktopadwcleaner-1.606-en.exe [581957]
    [MD5.96030AE285C32ECCD1C599F1C5DD2BEF] [SPRF][06/10/2013] (…) — C:UsersFrédériqueDesktopAdwCleaner_1.606_En.exe [581957]
    [MD5.11F005506E608DBE15A8BDB01CB1E5C8] [SPRF][18/03/2013] (.Microsoft Corporation – Mail Migration.) — C:WindowsDownloaded Program FilesMailMigrationTool.dll [741120]
    [MD5.363FC829F22D636E0957835691BC14D5] [SPRF][18/03/2013] (.Microsoft Corporation – Mail Migration Broker.) — C:WindowsDownloaded Program Filesmmbroker.exe [28416]
    [MD5.9C4F53B933665042A2B49A28C90FCDE2] [SPRF][18/03/2013] (.Microsoft Corporation – Mail Migration wlcomm Proxy.) — C:WindowsDownloaded Program FilesWlcommProxy.exe [358144]
    ~ Files: 6 Scanned in 00mn 00s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: « 098CCE33084C42149BB5AB630E521B02 » . (.FrameFox Extensions 1.0.7.0.) — C:windowsInstaller{33ECC890-C480-4124-B95B-BA36E025B120}FrameFox.ico =>PUP.FrameFox
    O90 – PUC: « FD1DD379D15DBB646BCA5D66711D331C » . (.Iminent.) — C:windowsInstaller{973DD1DF-D51D-46BB-B6AC-D56617D133C1}imbooster.ico =>Adware.IMBooster
    ~ Update Products: 2 Scanned in 00mn 00s

    —\ Enumère les données de la clé NameSpace (MNS) (O92)
    O92 – MNS: – {1CF1260C-4DD0-4ebb-811F-33C572699FDE}
    O92 – MNS: – {374DE290-123F-4565-9164-39C4925E467B}
    O92 – MNS: – {3ADD1653-EB32-4cb0-BBD7-DFA0ABB5ACCA}
    O92 – MNS: – {A0953C92-50DC-43bf-BE83-3742FED03C9C}
    O92 – MNS: – {A8CDFF1C-4878-43be-B5FD-F8091C1C60D0}
    O92 – MNS: – {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
    O92 – MNS: Photos iCloud – {F0D63F85-37EC-4097-B30D-61B4A8917118}
    ~ MNS: 7 Scanned in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.5FF2B0F7835519063800D9F2DB535131] [WIS][23/08/2013] (.QwertyBox Team – FrameFox Extensions 1.0.7.0 Setup.) — C:WindowsInstaller5454a36c.msi [417792] =>PUP.FrameFox
    ~ WIS: 1 Scanned in 00mn 05s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 13/08/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe
    SS – | Disabled 15/07/2014 1030224 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) – C:Program Files (x86)AviraAntiVir Desktopavwebg7.exe
    SS – | Demand 29/01/2014 279000 | (cphs) . (.Intel Corporation.) – C:WindowsSysWow64IntelCpHeciSvc.exe
    SS – | Auto 11/08/2014 116648 | (gupdate) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 11/08/2014 116648 | (gupdatem) . (.Google Inc..) – C:Program Files (x86)GoogleUpdateGoogleUpdate.exe
    SS – | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) – C:Program FilesMcAfee Security Scan3.8.150McCHSvc.exe
    SS – | Demand 17/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe
    SS – | Auto 26/10/2010 517416 | (NeroMediaHomeService.4) . (.Nero AG.) – C:Program Files (x86)NeroNero MediaHome 4NMMediaServerService.exe
    SS – | Demand 22/08/2013 37768 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe
    SR – | Auto 15/07/2014 430160 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) – C:Program Files (x86)AviraAntiVir Desktopsched.exe
    SR – | Auto 15/07/2014 430160 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) – C:Program Files (x86)AviraAntiVir Desktopavguard.exe
    SR – | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) – C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 10/08/2012 211584 | (AtherosSvc) . (.Qualcomm Atheros Commnucations.) – C:Program Files (x86)Bluetooth Suiteadminservice.exe
    SR – | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Auto 05/09/2012 1593976 | (Easy Launcher) . (.Samsung Electronics CO., LTD..) – C:Program Files (x86)SamsungSettingsCmdServerEasyLauncher.exe
    SR – | Auto 20/04/2012 635104 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) – C:Program FilesInteliCLS ClientHeciServer.exe
    SR – | Auto 18/07/2012 128896 | (Intel(R) ME Service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsFWServiceIntelMeFWService.exe
    SR – | Demand 26/05/2014 641352 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 18/07/2012 165760 | (jhi_service) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsDALjhi_service.exe
    SR – | Auto 18/07/2012 276864 | (LMS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsLMSLMS.exe
    SR – | Auto 16/10/2009 29184 | (lxduCATSCustConnectService) . (.Lexmark International, Inc..) – C:windowssystem32spoolDRIVERSx643lxduserv.exe
    SR – | Auto 12/05/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamscheduler.exe
    SR – | Auto 12/05/2014 860472 | (MBAMService) . (.Malwarebytes Corporation.) – C:Program Files (x86)Malwarebytes Anti-Malwarembamservice.exe
    SR – | Auto 21/05/2013 144368 | (NIS) . (.Symantec Corporation.) – C:Program Files (x86)Norton Internet SecurityEngine20.5.0.28ccSvcHst.exe
    SR – | Auto 11/07/2012 3939008 | (NOBU) . (.Symantec Corporation.) – C:Program Files (x86)SymantecNorton Online BackupNOBuAgent.exe =>.Symantec Corporation
    SR – | Auto 29/08/2013 920864 | (nvsvc) . (.NVIDIA Corporation.) – C:WINDOWSsystem32nvvsvc.exe
    SR – | Auto 05/09/2013 1364256 | (nvUpdatusService) . (.NVIDIA Corporation.) – C:Program Files (x86)NVIDIA CorporationNVIDIA Update Coredaemonu.exe
    SR – | Auto 21/08/2012 794272 | (PCToolsSSDMonitorSvc) . (.PC Tools.) – C:Program Files (x86)Common FilesPC ToolssMonitorStartManSvc.exe
    SR – | Auto 21/10/2013 3018800 | (SWUpdateService) . (.Samsung Electronics CO., LTD..) – C:ProgramDataSamsungSW Update ServiceSWMAgent.exe
    SR – | Auto 18/07/2012 364416 | (UNS) . (.Intel Corporation.) – C:Program Files (x86)IntelIntel(R) Management Engine ComponentsUNSUNS.exe
    SR – | Demand 10/07/1658 0 | (WdNisSvc) . (…) – C:Program Files (x86)Windows DefenderNisSrv.exe
    SR – | Demand 10/07/1658 0 | (WinDefend) . (…) – C:Program Files (x86)Windows DefenderMsMpEng.exe
    SR – | Auto 26/06/2008 167936 | (WlanWpsSvc) . (…) – C:Program FilesTRENDnetTEW-649UBWlanWpsSvc.exe
    SR – | Auto 10/07/1658 0 | (WMPNetworkSvc) . (…) – C:Program Files (x86)Windows Media Playerwmpnetwk.exe =>.Microsoft Corporation
    SR – | Auto 10/08/2012 323584 | (ZAtheros Bt&Wlan Coex Agent) . (.Atheros.) – C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe
    ~ Services: Scanned in 00mn 17s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Run by Frédérique at 19/08/2014 20:32:54
    ~ OS 64 not supported by MBR tool
    ~ MBR: 0 Scanned in 00mn 00s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog » onclick= »window.open(this.href);return false;
    Run by Frédérique at 19/08/2014 20:32:56
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 02s

    —\ Scan Additionnel (O88)
    Database Version : 13026 – (24/07/2014)
    Clés trouvées (Keys found) : 4
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 1
    Fichiers trouvés (Files found) : 2

    [HKLMSoftwareMicrosoftWindowsCurrentVersionUninstall{FFD64ABC-6A4B-4865-8323-44089793C57A}] =>PUP.QuickShare^
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUserDataS-1-5-18Components238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
    [HKLMSoftwareMicrosoftWindowsCurrentVersionInstallerUpgradeCodesF1057DD419AED0B468AD8888429E139A] =>Adware.IMBooster
    C:Program Files (x86)AskPartnerNetwork =>Toolbar.Ask
    C:WindowsTasksRMSchedule.job =>Hijacker.iHaveNet^
    C:WindowsInstaller5454a36c.msi =>PUP.FrameFox^
    ~ Additionnel Scan: 378081 Items scanned in 00mn 50s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/g2-google-chrome-extensions/ » onclick= »window.open(this.href);return false; =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ » onclick= »window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ » onclick= »window.open(this.href);return false; =>.Browser Helper Objects de navigateur (O2)
    ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ » onclick= »window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
    ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ » onclick= »window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
    ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ » onclick= »window.open(this.href);return false; =>.Clé de registre Shell MountPoints2 (MPKS) (O51)
    ~ AMI: 6 Scanned in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.fr/hijacker-ihavenet » onclick= »window.open(this.href);return false; =>Hijacker.iHaveNet
    http://nicolascoolman.fr/pup-quickshare » onclick= »window.open(this.href);return false; =>PUP.QuickShare
    http://nicolascoolman.fr/pup-framefox » onclick= »window.open(this.href);return false; =>PUP.FrameFox
    http://nicolascoolman.fr/adware-imbooster » onclick= »window.open(this.href);return false; =>Adware.IMBooster
    http://nicolascoolman.fr/pup-tarma » onclick= »window.open(this.href);return false; =>PUP.Tarma
    http://nicolascoolman.fr/toolbar-ask » onclick= »window.open(this.href);return false; =>Toolbar.Ask
    ~ MSI: 6 link(s) detected in 00mn 00s

    End of the scan (1304 lines in 09mn 14s)(0)[/spoiler:2ao3avrp]
    Merci pour votre aide bien cordialement Christian

    buckhulk
    Participant
    Nombre d'articles : 2398

    Bonjour et Bienvenue sur SOSVirus,

    • Rend toi sur ce site technicland
    • Clique sur Scan une fois le scan terminé
    • Clique sur « Fix« 
    • Puis clique sur « Oui« 

    @+

2 sujets de 1 à 2 (sur un total de 2)

Vous devez être connecté pour répondre à ce sujet.