Répondre à : Exception non gérée 2016-09-08T13:43:53+00:00
Samuel
Participant
Nombre d'articles : 24

Partie 2/2

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 15/02/2014 – 19:55:18 – [] —-D C:Program FilesAdblock Plus for IE
O43 – CFD: 18/02/2013 – 01:39:31 – [] —-D C:Program FilesAdobe
O43 – CFD: 13/05/2014 – 18:21:09 – [] —-D C:Program FilesAvira
O43 – CFD: 01/06/2014 – 17:01:08 – [] —-D C:Program FilesCCleaner
O43 – CFD: 01/06/2014 – 17:10:49 – [] —-D C:Program FilesCommon Files
O43 – CFD: 01/06/2014 – 17:43:03 – [] —-D C:Program FilesDefraggler
O43 – CFD: 24/04/2014 – 23:13:19 – [] —-D C:Program FilesDIFX
O43 – CFD: 12/04/2011 – 03:45:15 – [] —-D C:Program FilesDVD Maker
O43 – CFD: 05/02/2013 – 13:04:55 – [] -SH-D C:Program FilesFichiers communs
O43 – CFD: 19/04/2014 – 19:07:18 – [] —-D C:Program FilesFileHippo.com
O43 – CFD: 15/05/2014 – 18:39:45 – [] —-D C:Program FilesGoogle
O43 – CFD: 01/05/2014 – 17:36:40 – [0] –H-D C:Program FilesInstallShield Installation Information
O43 – CFD: 16/05/2014 – 21:43:01 – [] —-D C:Program FilesInternet Explorer
O43 – CFD: 07/04/2014 – 13:18:22 – [] —-D C:Program FilesIObit
O43 – CFD: 15/05/2014 – 19:05:49 – [] —-D C:Program FilesJava
O43 – CFD: 09/05/2014 – 18:15:59 – [] —-D C:Program FilesLibreOffice 4
O43 – CFD: 01/04/2014 – 21:46:14 – [] —-D C:Program FilesLogitech
O43 – CFD: 02/04/2014 – 10:39:43 – [] —-D C:Program FilesMicrosoft CAPICOM 2.1.0.2
O43 – CFD: 23/03/2014 – 19:03:54 – [] —-D C:Program FilesMicrosoft LifeCam
O43 – CFD: 21/04/2014 – 23:30:51 – [] —-D C:Program FilesMicrosoft Security Client
O43 – CFD: 16/03/2014 – 00:03:27 – [] —-D C:Program FilesMicrosoft Silverlight
O43 – CFD: 05/05/2014 – 18:24:23 – [] —-D C:Program FilesMicrosoft SQL Server Compact Edition
O43 – CFD: 05/02/2013 – 17:46:55 – [] —-D C:Program FilesMicrosoft.NET
O43 – CFD: 14/07/2009 – 06:52:30 – [] —-D C:Program FilesMSBuild
O43 – CFD: 25/04/2014 – 00:08:44 – [] —-D C:Program FilesMSXML 4.0
O43 – CFD: 25/04/2014 – 00:08:15 – [] —-D C:Program FilesNokia
O43 – CFD: 24/04/2014 – 23:12:07 – [] —-D C:Program FilesPC Connectivity Solution
O43 – CFD: 14/07/2009 – 06:52:30 – [] —-D C:Program FilesReference Assemblies
O43 – CFD: 01/06/2014 – 17:10:49 – [] R—D C:Program FilesSkype
O43 – CFD: 05/02/2013 – 14:46:30 – [] —-D C:Program FilesVideoLAN
O43 – CFD: 06/04/2014 – 11:51:20 – [] —-D C:Program FilesVS Revo Group
O43 – CFD: 21/07/2013 – 20:02:21 – [] —-D C:Program FilesWindows Defender
O43 – CFD: 21/07/2013 – 20:02:23 – [] —-D C:Program FilesWindows Journal
O43 – CFD: 05/05/2014 – 20:06:29 – [] —-D C:Program FilesWindows Live
O43 – CFD: 12/04/2011 – 03:35:39 – [] —-D C:Program FilesWindows Mail =>.Microsoft Corporation
O43 – CFD: 04/01/2014 – 20:18:40 – [] —-D C:Program FilesWindows Media Player =>.Microsoft Corporation
O43 – CFD: 05/02/2013 – 13:04:55 – [] —-D C:Program FilesWindows NT
O43 – CFD: 12/04/2011 – 03:35:39 – [] —-D C:Program FilesWindows Photo Viewer
O43 – CFD: 20/11/2010 – 23:33:48 – [] —-D C:Program FilesWindows Portable Devices
O43 – CFD: 12/04/2011 – 03:35:39 – [] —-D C:Program FilesWindows Sidebar
O43 – CFD: 15/05/2014 – 14:52:50 – [] —-D C:Program FilesWinRAR
O43 – CFD: 07/04/2014 – 22:55:42 – [] —-D C:Program FilesWise
O43 – CFD: 01/06/2014 – 21:10:10 – [] —-D C:Program FilesZHPDiag =>.Nicolas Coolman
O43 – CFD: 18/02/2013 – 01:39:48 – [] —-D C:Program FilesCommon FilesAdobe
O43 – CFD: 08/05/2014 – 19:53:31 – [] —-D C:Program FilesCommon FilesDESIGNER
O43 – CFD: 15/05/2014 – 19:06:26 – [] —-D C:Program FilesCommon FilesJava
O43 – CFD: 01/04/2014 – 21:44:06 – [] —-D C:Program FilesCommon FilesLogiShrd
O43 – CFD: 09/05/2014 – 17:46:11 – [] —-D C:Program FilesCommon Filesmicrosoft shared
O43 – CFD: 25/04/2014 – 00:08:16 – [] —-D C:Program FilesCommon FilesNokia
O43 – CFD: 24/04/2014 – 23:12:40 – [] —-D C:Program FilesCommon FilesPCSuite
O43 – CFD: 14/07/2009 – 04:37:05 – [] —-D C:Program FilesCommon FilesServices
O43 – CFD: 01/06/2014 – 17:10:49 – [] —-D C:Program FilesCommon FilesSkype
O43 – CFD: 14/07/2009 – 04:37:05 – [] —-D C:Program FilesCommon FilesSpeechEngines
O43 – CFD: 05/02/2013 – 15:54:15 – [] —-D C:Program FilesCommon FilesSystem
O43 – CFD: 06/03/2013 – 23:29:04 – [] —-D C:Program FilesCommon FilesWindows Live
O43 – CFD: 27/03/2014 – 17:17:56 – [] —-D C:Program FilesCommon FilesWise Installation Wizard
O43 – CFD: 15/05/2014 – 18:34:46 – [] —-D C:ProgramDataAdobe
O43 – CFD: 14/07/2009 – 06:53:55 – [] -SH-D C:ProgramDataApplication Data
O43 – CFD: 03/04/2014 – 18:06:00 – [] —-D C:ProgramDataAvira
O43 – CFD: 05/02/2013 – 13:04:55 – [] -SH-D C:ProgramDataBureau
O43 – CFD: 04/03/2014 – 22:09:55 – [] –H-D C:ProgramDataCommon Files
O43 – CFD: 14/07/2009 – 06:53:55 – [] -SH-D C:ProgramDataDesktop
O43 – CFD: 14/07/2009 – 06:53:55 – [] -SH-D C:ProgramDataDocuments
O43 – CFD: 05/02/2013 – 13:04:55 – [] -SH-D C:ProgramDataFavoris
O43 – CFD: 14/07/2009 – 06:53:55 – [] -SH-D C:ProgramDataFavorites
O43 – CFD: 15/02/2014 – 20:44:47 – [] —-D C:ProgramDataGoogle
O43 – CFD: 31/08/2013 – 14:32:21 – [] —-D C:ProgramDataHewlett-Packard
O43 – CFD: 24/04/2014 – 23:50:59 – [] —-D C:ProgramDataInstallations
O43 – CFD: 16/05/2014 – 20:41:05 – [] —-D C:ProgramDataIObit
O43 – CFD: 03/04/2014 – 15:56:39 – [] —-D C:ProgramDataLogiShrd
O43 – CFD: 05/02/2013 – 13:04:55 – [] -SH-D C:ProgramDataMenu Démarrer
O43 – CFD: 18/05/2014 – 12:37:42 – [] -S–D C:ProgramDataMicrosoft
O43 – CFD: 05/02/2013 – 13:04:55 – [] -SH-D C:ProgramDataModèles
O43 – CFD: 15/05/2014 – 18:54:35 – [0] —-D C:ProgramDataOracle
O43 – CFD: 13/05/2014 – 18:21:22 – [] —-D C:ProgramDataPackage Cache
O43 – CFD: 24/04/2014 – 23:52:53 – [] —-D C:ProgramDataPC Suite
O43 – CFD: 01/06/2014 – 17:10:58 – [] —-D C:ProgramDataSkype
O43 – CFD: 14/07/2009 – 06:53:55 – [] -SH-D C:ProgramDataStart Menu
O43 – CFD: 05/02/2013 – 16:00:43 – [] —-D C:ProgramDataSun
O43 – CFD: 20/12/2013 – 23:21:58 – [0] —AD C:ProgramDataTEMP
O43 – CFD: 14/07/2009 – 06:53:55 – [] -SH-D C:ProgramDataTemplates
O43 – CFD: 04/03/2014 – 22:15:52 – [0] -SH-D C:ProgramData{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
O43 – CFD: 18/02/2013 – 01:42:54 – [] —-D C:UserstempAppDataRoamingAdobe
O43 – CFD: 03/04/2014 – 18:14:20 – [] —-D C:UserstempAppDataRoamingAvira
O43 – CFD: 15/05/2014 – 18:20:36 – [] —-D C:UserstempAppDataRoamingInfected Scanner
O43 – CFD: 10/05/2014 – 12:54:06 – [] —-D C:UserstempAppDataRoamingLibreOffice
O43 – CFD: 05/02/2013 – 14:50:46 – [] —-D C:UserstempAppDataRoamingMacromedia
O43 – CFD: 12/04/2011 – 03:44:56 – [0] —-D C:UserstempAppDataRoamingMedia Center Programs
O43 – CFD: 16/05/2014 – 20:41:05 – [] -S–D C:UserstempAppDataRoamingMicrosoft
O43 – CFD: 25/04/2014 – 00:23:14 – [] —-D C:UserstempAppDataRoamingNokia
O43 – CFD: 09/05/2014 – 18:12:02 – [0] —-D C:UserstempAppDataRoamingOpenOffice
O43 – CFD: 01/06/2014 – 18:04:58 – [] —-D C:UserstempAppDataRoamingOpera
O43 – CFD: 15/05/2014 – 18:57:32 – [] —-D C:UserstempAppDataRoamingOracle
O43 – CFD: 24/04/2014 – 23:52:56 – [] —-D C:UserstempAppDataRoamingPC Suite
O43 – CFD: 13/04/2014 – 22:50:01 – [] —-D C:UserstempAppDataRoamingQuickScan
O43 – CFD: 10/05/2014 – 12:47:17 – [0] —-D C:UserstempAppDataRoamingSimilarSites
O43 – CFD: 01/06/2014 – 17:19:52 – [] —-D C:UserstempAppDataRoamingSkype
O43 – CFD: 01/06/2014 – 17:26:23 – [] —-D C:UserstempAppDataRoamingUpdateInfo
O43 – CFD: 01/05/2014 – 18:01:39 – [] —-D C:UserstempAppDataRoamingvlc
O43 – CFD: 06/04/2014 – 13:23:22 – [] —-D C:UserstempAppDataRoamingVSRevoGroup
O43 – CFD: 05/05/2014 – 19:44:03 – [] —-D C:UserstempAppDataRoamingWindows Live Writer
O43 – CFD: 29/04/2014 – 18:01:46 – [] —-D C:UserstempAppDataRoamingWinRAR
O43 – CFD: 06/04/2014 – 13:06:52 – [0] —-D C:UserstempAppDataRoamingWise Care 365
O43 – CFD: 01/06/2014 – 17:46:17 – [] —-D C:UserstempAppDataRoamingWise Disk Cleaner
O43 – CFD: 16/05/2014 – 20:41:05 – [] —-D C:UserstempAppDataRoamingWise Plugin Manager
O43 – CFD: 26/05/2014 – 22:11:30 – [] —-D C:UserstempAppDataRoamingWise Registry Cleaner
O43 – CFD: 16/05/2014 – 20:25:02 – [0] —-D C:UserstempAppDataRoamingWiseUpdate
O43 – CFD: 01/06/2014 – 21:11:39 – [] —-D C:UserstempAppDataRoamingZHP =>.Nicolas Coolman
O43 – CFD: 09/05/2014 – 18:21:29 – [] —-D C:UserstempAppDataLocal.distlib
O43 – CFD: 15/05/2014 – 18:32:07 – [] —-D C:UserstempAppDataLocalAdobe
O43 – CFD: 05/02/2013 – 13:05:06 – [] -SH-D C:UserstempAppDataLocalApplication Data
O43 – CFD: 01/03/2014 – 14:26:58 – [] —-D C:UserstempAppDataLocalApps
O43 – CFD: 15/05/2014 – 18:40:07 – [] —-D C:UserstempAppDataLocalGoogle
O43 – CFD: 05/02/2013 – 13:05:06 – [] -SH-D C:UserstempAppDataLocalHistorique
O43 – CFD: 01/04/2014 – 21:45:08 – [] —-D C:UserstempAppDataLocalLogiShrd
O43 – CFD: 05/02/2013 – 14:50:46 – [] —-D C:UserstempAppDataLocalMacromedia
O43 – CFD: 16/05/2014 – 20:44:49 – [] —-D C:UserstempAppDataLocalMicrosoft
O43 – CFD: 25/04/2014 – 00:08:17 – [] —-D C:UserstempAppDataLocalNokia
O43 – CFD: 01/06/2014 – 18:04:59 – [] —-D C:UserstempAppDataLocalOpera
O43 – CFD: 20/12/2013 – 22:39:08 – [] —-D C:UserstempAppDataLocalPrograms
O43 – CFD: 29/04/2014 – 11:30:40 – [0] —-D C:UserstempAppDataLocalSISContents
O43 – CFD: 19/04/2014 – 22:52:42 – [] —-D C:UserstempAppDataLocalSkype
O43 – CFD: 01/06/2014 – 21:11:38 – [] —-D C:UserstempAppDataLocaltemp
O43 – CFD: 05/02/2013 – 13:05:06 – [] -SH-D C:UserstempAppDataLocalTemporary Internet Files
O43 – CFD: 05/04/2014 – 11:39:35 – [] —-D C:UserstempAppDataLocalVirtualStore
O43 – CFD: 07/05/2014 – 09:05:47 – [] —-D C:UserstempAppDataLocalWindows Live
O43 – CFD: 16/05/2014 – 20:26:56 – [] —-D C:UserstempAppDataLocalWindows Live Writer
O43 – CFD: 18/02/2013 – 01:30:08 – [] —-D C:UserstempAppDataLocalWindowsUpdate
O43 – CFD: 14/07/2009 – 06:42:04 – [] R—D C:UserstempAppDataRoamingMicrosoftWindowsStart MenuProgramsAccessories
O43 – CFD: 15/05/2014 – 19:10:26 – [] R—D C:UserstempAppDataRoamingMicrosoftWindowsStart MenuProgramsAdministrative Tools
O43 – CFD: 07/04/2014 – 14:02:02 – [] —-D C:UserstempAppDataRoamingMicrosoftWindowsStart MenuProgramsCCleaner
O43 – CFD: 14/07/2009 – 06:37:42 – [] R—D C:UserstempAppDataRoamingMicrosoftWindowsStart MenuProgramsMaintenance
O43 – CFD: 25/04/2014 – 00:08:23 – [] —-D C:UserstempAppDataRoamingMicrosoftWindowsStart MenuProgramsNokia
O43 – CFD: 06/04/2014 – 11:51:22 – [] —-D C:UserstempAppDataRoamingMicrosoftWindowsStart MenuProgramsRevo Uninstaller
O43 – CFD: 15/05/2014 – 19:10:26 – [] R—D C:UserstempAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
O43 – CFD: 15/05/2014 – 14:53:13 – [] —-D C:UserstempAppDataRoamingMicrosoftWindowsStart MenuProgramsWinRAR
~ Program Folder: 136 Scanned in 00mn 00s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.234574FC524B274E581CDFA329AE2285] – 01/06/2014 – 16:23:00 —A- . (.Adobe Systems Incorporated – Adobe Flash Player Control Panel Applet.) — C:WindowsSystem32FlashPlayerApp.exe [699056]
O44 – LFC:[MD5.DDFDDF993F32D72F294F7DD71E5883C6] – 01/06/2014 – 16:23:00 —A- . (.Adobe Systems Incorporated – Adobe Flash Player Control Panel Applet.) — C:WindowsSystem32FlashPlayerCPLApp.cpl [71344]
O44 – LFC:[MD5.DD33B80E34EC70B97E122A6E3185F386] – 01/06/2014 – 17:00:49 —A- . (.Oracle Corporation – VirtualBox USB Monitor Driver.) — C:WindowsSystem32DriversVBoxUSBMon.sys [104736]
O44 – LFC:[MD5.25B482E711E9B6FE8B5EDBD6BC2CD662] – 01/06/2014 – 17:01:09 —A- . (.Oracle Corporation – VirtualBox Support Driver.) — C:WindowsSystem32DriversVBoxDrv.sys [204064]
O44 – LFC:[MD5.6D17FB79D17A1D028A2FBF94BCF3950D] – 01/06/2014 – 17:26:52 -S-A- . (…) — C:Windowsbootstat.dat [67584]
O44 – LFC:[MD5.AF49D3A5D827F7FAB13C66C3971D03C0] – 01/06/2014 – 19:52:16 —A- . (…) — C:WindowsSystem32PerfStringBackup.INI [1643916]
O44 – LFC:[MD5.5CF7E9506B43A09517D3500CF7A0D452] – 01/06/2014 – 19:52:16 —A- . (…) — C:WindowsSystem32perfc009.dat [122044]
O44 – LFC:[MD5.0D6AF863D13892DDFEC19ABC1B5671D5] – 01/06/2014 – 19:52:16 —A- . (…) — C:WindowsSystem32perfc00C.dat [150086]
O44 – LFC:[MD5.2C8087C53509C02196D0A0C7757B2C15] – 01/06/2014 – 19:52:16 —A- . (…) — C:WindowsSystem32perfh009.dat [654430]
O44 – LFC:[MD5.B22AB56CF2F22977751F4E08AC1D5498] – 01/06/2014 – 19:52:16 —A- . (…) — C:WindowsSystem32perfh00C.dat [747820]
O44 – LFC:[MD5.F8A742355358A3F375E8A1AA8587BDAB] – 01/06/2014 – 19:57:46 —A- . (…) — C:WindowsWindowsUpdate.log [1459004]
~ Files: 11 Scanned in 01mn 04s

—\ Déni du service (Local Security Authority) (O48)
O48 – LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WindowsSystem32msv1_0.dll
O48 – LSA:Local Security Authority Notification Packages . (.Microsoft Corporation – Moteur du client de l’Éditeur de configuration de sécurité Windows.) — C:WindowsSystem32scecli.dll
O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Package de sécurité Kerberos.) — C:WindowsSystem32kerberos.dll
O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WindowsSystem32msv1_0.dll
O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – TLS / SSL Security Provider.) — C:WindowsSystem32schannel.dll
O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Microsoft Digest Access.) — C:WindowsSystem32wdigest.dll
O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Web Service Security Package.) — C:WindowsSystem32tspkg.dll
O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Pku2u Security Package.) — C:WindowsSystem32pku2u.dll
O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corp. – LiveSSP.) — C:WindowsSystem32livessp.dll
~ LSA: 9 Scanned in 00mn 00s

—\ Contrôle du Safe Boot (CSB) (O49)
O49 – CSB:Control Safe Boot HKLM…CCSMinimalsermouse.sys . (.Microsoft Corporation – Pilote de filtre souris série.) — C:WindowsSystem32Driverssermouse.sys
O49 – CSB:Control Safe Boot HKLM…CCSMinimalvga.sys . (.Microsoft Corporation – VGA/Super VGA Video Driver.) — C:WindowsSystem32Driversvga.sys
O49 – CSB:Control Safe Boot HKLM…CCSMinimalvgasave.sys . (…) — C:WindowsSystem32Driversvgasave.sys (.not file.)
O49 – CSB:Control Safe Boot HKLM…CCSMinimalvolmgr.sys . (.Microsoft Corporation – Volume Manager Driver.) — C:WindowsSystem32Driversvolmgr.sys
O49 – CSB:Control Safe Boot HKLM…CCSMinimalvolmgrx.sys . (.Microsoft Corporation – Pilote d’extension du gestionnaire de volumes.) — C:WindowsSystem32Driversvolmgrx.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworkipnat.sys . (.Microsoft Corporation – IP Network Address Translator.) — C:WindowsSystem32Driversipnat.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworknsiproxy.sys . (.Microsoft Corporation – NSI Proxy.) — C:WindowsSystem32Driversnsiproxy.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworkrdpencdd.sys . (.Microsoft Corporation – RDP Encoder Miniport.) — C:WindowsSystem32Driversrdpencdd.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworksermouse.sys . (.Microsoft Corporation – Pilote de filtre souris série.) — C:WindowsSystem32Driverssermouse.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworkvga.sys . (.Microsoft Corporation – VGA/Super VGA Video Driver.) — C:WindowsSystem32Driversvga.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworkvgasave.sys . (…) — C:WindowsSystem32Driversvgasave.sys (.not file.)
O49 – CSB:Control Safe Boot HKLM…CCSNetworkvolmgr.sys . (.Microsoft Corporation – Volume Manager Driver.) — C:WindowsSystem32Driversvolmgr.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworkvolmgrx.sys . (.Microsoft Corporation – Pilote d’extension du gestionnaire de volumes.) — C:WindowsSystem32Driversvolmgrx.sys
~ CSB: 13 Scanned in 00mn 00s

—\ Recherche d’infection sur les pilotes (HKLM)(TDSD) (O52)
O52 – TDSD: Drivers32″msacm.l3acm”=”C:WindowsSystem32l3codeca.acm” . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WindowsSystem32l3codeca.acm
O52 – TDSD: Drivers32″vidc.cvid”=”iccvid.dll” . (.Radius Inc. – Codec Cinepak®.) — C:WindowsSystem32iccvid.dll
O52 – TDSD: Drivers32″VIDC.I420″=”lvcodec2.dll” . (.Logitech Inc. – Video Codec.) — C:WindowsSystem32lvcodec2.dll
O52 – TDSD: drivers.desc”C:WindowsSystem32l3codeca.acm”=”Fraunhofer IIS MPEG Layer-3 Codec” . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WindowsSystem32l3codeca.acm
~ TDSD: 4 Scanned in 00mn 00s

—\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 – SMSR:HKLM…startupregAdobe ARM [Key] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
O53 – SMSR:HKLM…startupregSunJavaUpdateSched [Key] . (.Oracle Corporation – Java Update Scheduler.) — C:Program FilesCommon FilesJavaJava Updatejusched.exe =>.Oracle Corporation
~ SMSR Keys: 2 Scanned in 00mn 00s

—\ Enumération des clés de registre SecurityProviders (MCSP) (O54)
O54 – MCSP:[HKLM…CurrentControlSetControl] – (SecurityProviders) – (.Microsoft Corporation – Credential Delegation Security Package.) — C:WindowsSystem32credssp.dll
O54 – MCSP:[HKLM…ControlSet001Control] – (SecurityProviders) – (.Microsoft Corporation – Credential Delegation Security Package.) — C:WindowsSystem32credssp.dll
~ MSCP: 2 Scanned in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “ConsentPromptBehaviorAdmin”=5
O55 – MWPS:[HKLM…PoliciesSystem] – “ConsentPromptBehaviorUser”=3
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableInstallerDetection”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableLUA”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableSecureUIAPaths”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableVirtualization”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “ValidateAdminCodeSignatures”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “dontdisplaylastusername”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “legalnoticecaption”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “legalnoticetext”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “scforceoption”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “shutdownwithoutlogon”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “undockwithoutlogon”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “DisableRegistryTools”=0
O55 – MWPS:[HKCU…PoliciesSystem] – “DisableRegistryTools”=0
~ MWPS: 18 Scanned in 00mn 00s

—\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 – MWPE:[HKCU…policiesExplorer] – “NoDriveTypeAutoRun”=221
O56 – MWPE:[HKCU…policiesExplorer] – “NoLowDiskSpaceChecks”=1
O56 – MWPE:[HKCU…policiesExplorer] – “NoDrives”=0
O56 – MWPE:[HKLM…policiesExplorer] – “NoDriveTypeAutoRun”=255
O56 – MWPE:[HKLM…policiesExplorer] – “NoDrives”=0
~ MWPE Keys: 5 Scanned in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Adaptec, Inc. – Adaptec Windows SAS/SATA Storport Driver.) — C:WindowsSystem32Driversadp94xx.sys [422976]
O58 – SDL:14/07/2009 – 02:26:17 —A- . (.Adaptec, Inc. – Adaptec Windows SATA Storport Driver.) — C:WindowsSystem32Driversadpahci.sys [297552]
O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Adaptec, Inc. – Adaptec StorPort Ultra320 SCSI Driver.) — C:WindowsSystem32Driversadpu320.sys [146512]
O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Acer Laboratories Inc. – ALi mini IDE Driver.) — C:WindowsSystem32Driversaliide.sys [14400]
O58 – SDL:11/03/2011 – 06:38:37 —A- . (.Advanced Micro Devices – AHCI 1.2 Device Driver.) — C:WindowsSystem32Driversamdsata.sys [80256]
O58 – SDL:14/07/2009 – 02:26:15 —A- . (.AMD Technologies Inc. – AMD Technology AHCI Compatible Controller Driver for Windows fa.) — C:WindowsSystem32Driversamdsbs.sys [159312]
O58 – SDL:11/03/2011 – 06:38:37 —A- . (.Advanced Micro Devices – Storage Filter Driver.) — C:WindowsSystem32Driversamdxata.sys [22400]
O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Adaptec, Inc. – Adaptec RAID Storport Driver.) — C:WindowsSystem32Driversarc.sys [76368]
O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Adaptec, Inc. – Adaptec SAS RAID WS03 Driver.) — C:WindowsSystem32Driversarcsas.sys [86608]
O58 – SDL:25/02/2014 – 14:04:58 —A- . (.Avira Operations GmbH & Co. KG – Avira Minifilter Driver.) — C:WindowsSystem32Driversavgntflt.sys [90400] =>.Avira Operations GmbH
O58 – SDL:25/02/2014 – 14:04:58 —A- . (.Avira Operations GmbH & Co. KG – Avira Driver for Security Enhancement.) — C:WindowsSystem32Driversavipbb.sys [135648] =>.Avira Operations GmbH
O58 – SDL:25/02/2014 – 14:04:58 —A- . (.Avira Operations GmbH & Co. KG – Avira Manager Driver.) — C:WindowsSystem32Driversavkmgr.sys [37352] =>.Avira Operations GmbH
O58 – SDL:03/04/2014 – 23:09:09 —A- . (.Avira Operations GmbH & Co. KG – Avira WFP Network Driver.) — C:WindowsSystem32Driversavnetflt.sys [69240] =>.Avira Operations GmbH
O58 – SDL:13/07/2009 – 23:02:49 —A- . (.Broadcom Corporation – Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) — C:WindowsSystem32Driversb57nd60x.sys [229888]
O58 – SDL:13/07/2009 – 23:53:28 —A- . (.Brother Industries, Ltd. – Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) — C:WindowsSystem32DriversBrFiltLo.sys [13568]
O58 – SDL:13/07/2009 – 23:53:28 —A- . (.Brother Industries, Ltd. – Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) — C:WindowsSystem32DriversBrFiltUp.sys [5248]
O58 – SDL:14/07/2009 – 01:57:25 —A- . (.Brother Industries Ltd. – Pilote Brother Série I/F (WDM).) — C:WindowsSystem32DriversBrSerId.sys [272128]
O58 – SDL:13/07/2009 – 23:53:32 —A- . (.Brother Industries Ltd. – Brother Serial driver (WDM version).) — C:WindowsSystem32DriversBrSerWdm.sys [62336]
O58 – SDL:13/07/2009 – 23:53:33 —A- . (.Brother Industries Ltd. – Brother USB MDM Driver.) — C:WindowsSystem32DriversBrUsbMdm.sys [12160]
O58 – SDL:13/07/2009 – 23:53:33 —A- . (.Brother Industries Ltd. – Brother USB Serial Driver.) — C:WindowsSystem32DriversBrUsbSer.sys [11904]
O58 – SDL:13/07/2009 – 23:02:48 —A- . (.Broadcom Corporation – Broadcom NetXtreme II GigE VBD.) — C:WindowsSystem32Driversbxvbdx.sys [430080]
O58 – SDL:09/01/2012 – 16:28:20 —A- . (.Nokia – Nokia USB Phone Bus Driver.) — C:WindowsSystem32Driversccdcmb.sys [18176]
O58 – SDL:09/01/2012 – 16:28:20 —A- . (.Nokia – Nokia USB Phone Bus Driver.) — C:WindowsSystem32Driversccdcmbo.sys [23168]
O58 – SDL:14/07/2009 – 02:26:21 —A- . (.CMD Technology, Inc. – CMD PCI IDE Bus Driver.) — C:WindowsSystem32Driverscmdide.sys [15952]
O58 – SDL:14/07/2009 – 02:20:28 —A- . (.Adaptec, Inc. – Adaptec Ultra SCSI miniport.) — C:WindowsSystem32Driversdjsvs.sys [70720]
O58 – SDL:14/07/2009 – 02:20:28 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [453712]
O58 – SDL:13/07/2009 – 23:02:48 —A- . (.Broadcom Corporation – Broadcom NetXtreme II 10 GigE VBD.) — C:WindowsSystem32Driversevbdx.sys [3100160]
O58 – SDL:13/07/2009 – 23:54:14 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [26624]
O58 – SDL:14/07/2009 – 02:20:28 —A- . (.Hewlett-Packard Company – Smart Array SAS/SATA Controller Media Driver.) — C:WindowsSystem32DriversHpSAMD.sys [67152]
O58 – SDL:11/03/2011 – 06:38:51 —A- . (.Intel Corporation – Intel Matrix Storage Manager driver – ia32.) — C:WindowsSystem32DriversiaStorV.sys [332160]
O58 – SDL:23/09/2009 – 19:18:14 —A- . (.Intel Corporation – Intel Graphics Kernel Mode Driver.) — C:WindowsSystem32Driversigdkmd32.sys [4808192]
O58 – SDL:14/07/2009 – 02:20:36 —A- . (.Intel Corp./ICP vortex GmbH – Intel/ICP Raid Storport Driver.) — C:WindowsSystem32Driversiirsp.sys [41040]
O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation – LSI Fusion-MPT FC Driver (StorPort).) — C:WindowsSystem32Driverslsi_fc.sys [95824]
O58 – SDL:14/07/2009 – 02:20:37 —A- . (.LSI Corporation – LSI Fusion-MPT SAS Driver (StorPort).) — C:WindowsSystem32Driverslsi_sas.sys [89168]
O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation – LSI SAS Gen2 Driver (StorPort).) — C:WindowsSystem32Driverslsi_sas2.sys [54864]
O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation – LSI Fusion-MPT SCSI Driver (StorPort).) — C:WindowsSystem32Driverslsi_scsi.sys [96848]
O58 – SDL:07/10/2009 – 00:46:36 —A- . (…) — C:WindowsSystem32DriversLVPr2Mon.sys [25752]
O58 – SDL:07/10/2009 – 09:47:54 —A- . (.Logitech Inc. – Logitech Kernel Audio Improvement Filter Driver.) — C:WindowsSystem32Driverslvrs.sys [266008]
O58 – SDL:07/10/2009 – 09:49:38 —A- . (.Logitech Inc. – Logitech USB Video Class Driver.) — C:WindowsSystem32Driverslvuvc.sys [6756632]
O58 – SDL:01/05/2014 – 16:01:02 —A- . (.Malwarebytes Corporation – Malwarebytes Anti-Malware.) — C:WindowsSystem32DriversMBAMSwissArmy.sys [107736]
O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation – MEGASAS RAID Controller Driver for Windows 7 for x86.) — C:WindowsSystem32Driversmegasas.sys [30800]
O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation, Inc. – LSI MegaRAID Software RAID Driver.) — C:WindowsSystem32DriversMegaSR.sys [235584]
O58 – SDL:14/07/2009 – 02:20:44 —A- . (.IBM Corporation – IBM ServeRAID Controller Driver.) — C:WindowsSystem32Driversnfrd960.sys [44624]
O58 – SDL:11/03/2011 – 06:39:00 —A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) RAID Driver.) — C:WindowsSystem32Driversnvraid.sys [117120]
O58 – SDL:11/03/2011 – 06:39:00 —A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) Sata Performance Driver.) — C:WindowsSystem32Driversnvstor.sys [143744]
O58 – SDL:11/06/2012 – 10:33:46 —A- . (.Nokia – PCCS Mode Change Filter Driver.) — C:WindowsSystem32Driverspccsmcfd.sys [19072]
O58 – SDL:14/07/2009 – 02:19:04 —A- . (.QLogic Corporation – QLogic Fibre Channel Stor Miniport Driver.) — C:WindowsSystem32Driversql2300.sys [1383488]
O58 – SDL:14/07/2009 – 02:19:04 —A- . (.QLogic Corporation – QLogic iSCSI Storport Miniport Driver.) — C:WindowsSystem32Driversql40xx.sys [106064]
O58 – SDL:13/07/2009 – 21:50:20 —A- . (.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) — C:WindowsSystem32Driverssecdrv.sys [20480]
O58 – SDL:14/07/2009 – 02:19:04 —A- . (.Silicon Integrated Systems Corp. – SiS RAID Stor Miniport Driver.) — C:WindowsSystem32Driverssisraid2.sys [40016]
O58 – SDL:14/07/2009 – 02:19:04 —A- . (.Silicon Integrated Systems – SiS AHCI Stor-Miniport Driver.) — C:WindowsSystem32Driverssisraid4.sys [77888]
O58 – SDL:29/11/2005 – 21:30:24 —A- . (.Analog Devices, Inc. – SoundMAX Integrated Digital Audio.) — C:WindowsSystem32Driverssmwdm.sys [260224]
O58 – SDL:25/02/2014 – 14:05:01 —A- . (.Avira GmbH – AVIRA SnapShot Driver.) — C:WindowsSystem32Driversssmdrv.sys [28520]
O58 – SDL:14/07/2009 – 02:19:04 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [21072]
O58 – SDL:09/01/2012 – 16:28:20 —A- . (.Nokia – Filter Driver for Nokia USB Phone Bus Driver.) — C:WindowsSystem32Driversusbser_lowerflt.sys [8192]
O58 – SDL:09/01/2012 – 16:28:20 —A- . (.Nokia – Filter Driver for Nokia USB Phone Bus Driver.) — C:WindowsSystem32Driversusbser_lowerfltj.sys [8192]
O58 – SDL:16/05/2014 – 14:25:48 —A- . (.Oracle Corporation – VirtualBox Support Driver.) — C:WindowsSystem32DriversVBoxDrv.sys [204064]
O58 – SDL:16/05/2014 – 14:24:56 —A- . (.Oracle Corporation – VirtualBox Host-Only Network Adapter Driver.) — C:WindowsSystem32DriversVBoxNetAdp.sys [116512]
O58 – SDL:16/05/2014 – 14:24:54 —A- . (.Oracle Corporation – VirtualBox USB Monitor Driver.) — C:WindowsSystem32DriversVBoxUSBMon.sys [104736]
O58 – SDL:14/07/2009 – 02:19:10 —A- . (.VIA Technologies, Inc. – VIA Generic PCI IDE Bus Driver.) — C:WindowsSystem32Driversviaide.sys [16976]
O58 – SDL:14/07/2009 – 02:19:11 —A- . (.VIA Technologies Inc.,Ltd – VIA RAID DRIVER FOR AMD-X86-64.) — C:WindowsSystem32Driversvsmraid.sys [141904]
O58 – SDL:13/07/2009 – 22:40:41 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
O58 – SDL:13/07/2009 – 22:40:44 —A- . (…) — C:WindowsSystem32country.sys [27097]
O58 – SDL:03/04/1996 – 20:33:26 —A- . (…) — C:WindowsSystem32giveio.sys [5248]
O58 – SDL:13/07/2009 – 22:40:40 —A- . (…) — C:WindowsSystem32HIMEM.SYS [4768]
O58 – SDL:13/07/2009 – 22:40:43 —A- . (…) — C:WindowsSystem32KEY01.SYS [42809]
O58 – SDL:13/07/2009 – 22:40:43 —A- . (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
O58 – SDL:13/07/2009 – 22:40:23 —A- . (…) — C:WindowsSystem32NTDOS.SYS [27866]
O58 – SDL:13/07/2009 – 22:40:31 —A- . (…) — C:WindowsSystem32NTDOS404.SYS [29146]
O58 – SDL:13/07/2009 – 22:40:35 —A- . (…) — C:WindowsSystem32NTDOS411.SYS [29370]
O58 – SDL:13/07/2009 – 22:40:39 —A- . (…) — C:WindowsSystem32NTDOS412.SYS [29274]
O58 – SDL:13/07/2009 – 22:40:27 —A- . (…) — C:WindowsSystem32NTDOS804.SYS [29146]
O58 – SDL:13/07/2009 – 22:40:11 —A- . (…) — C:WindowsSystem32NTIO.SYS [33952]
O58 – SDL:13/07/2009 – 22:40:15 —A- . (…) — C:WindowsSystem32NTIO404.SYS [34672]
O58 – SDL:13/07/2009 – 22:40:17 —A- . (…) — C:WindowsSystem32NTIO411.SYS [35776]
O58 – SDL:13/07/2009 – 22:40:19 —A- . (…) — C:WindowsSystem32NTIO412.SYS [35536]
O58 – SDL:13/07/2009 – 22:40:13 —A- . (…) — C:WindowsSystem32NTIO804.SYS [34672]
O58 – SDL:29/12/2012 – 21:59:38 —A- . (.Almico Software – SpeedFan x32 Driver.) — C:WindowsSystem32speedfan.sys [24184]
~ Drivers: 78 Scanned in 00mn 03s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 01/06/2014 – 21:12:56 —A- . (…) — C:UserstempAnti-viradwcleaner_3.211.exe [1327971]
O61 – LFC: 01/06/2014 – 21:12:58 —A- . (…) — C:UserstempAnti-virfixall_1.2.exe [1119744]
O61 – LFC: 01/06/2014 – 21:12:58 —A- . (…) — C:UserstempAppDataLocalAdobeAcrobat11.0UserCache.bin [98831]
O61 – LFC: 01/06/2014 – 21:13:05 —A- . (.Nicolas Coolman.) — C:UserstempDownloadsZHPDiag2.exe [6816801] =>.Nicolas Coolman
~ 18 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 4 Scanned in 00mn 08s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Liste les services legacy du registre (LALS) (O64)
O64 – Services: CurCS – 25/02/2014 – C:WindowsSystem32DRIVERSavgntflt.sys (avgntflt) .(.Avira Operations GmbH & Co. KG – Avira Minifilter Driver.) – LEGACY_AVGNTFLT
O64 – Services: CurCS – 25/02/2014 – C:WindowsSystem32DRIVERSavipbb.sys (avipbb) .(.Avira Operations GmbH & Co. KG – Avira Driver for Security Enhancement.) – LEGACY_AVIPBB
O64 – Services: CurCS – 25/02/2014 – C:WindowsSystem32DRIVERSavkmgr.sys (avkmgr) .(.Avira Operations GmbH & Co. KG – Avira Manager Driver.) – LEGACY_AVKMGR
O64 – Services: CurCS – 07/10/2009 – C:WindowsSystem32DRIVERSLVPr2Mon.sys (LVPr2Mon) .(…) – LEGACY_LVPR2MON
O64 – Services: CurCS – 12/04/1744 – C:UserstempAppDataLocalTemppgtdrpob.sys (pgtdrpob) .(…) – LEGACY_PGTDRPOB
O64 – Services: CurCS – 13/07/2009 – C:WindowsSystem32Driverssecdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) – LEGACY_SECDRV
O64 – Services: CurCS – 25/02/2014 – C:WindowsSystem32DRIVERSssmdrv.sys (ssmdrv) .(.Avira GmbH – AVIRA SnapShot Driver.) – LEGACY_SSMDRV
~ Legacy: 145 Scanned in 00mn 00s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
O67 – Shell Spawning: [HKLM..cplopenCommand] (.Microsoft Corporation – Windows Control Panel.) — C:WindowsSystem32control.exe =>.Microsoft Corporation
O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Lanceur du composant logiciel enfichable Observateur d’événements.) — C:WindowsSystem32eventvwr.exe
O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
O67 – Shell Spawning: [HKLM..openCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32WScript.exe
O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Éditeur du Registre.) — C:Windowsregedit.exe
O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” /S
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 11 Scanned in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Not Key.)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Enumère les service demarrés par Svchost (SSS) (O83)
O83 – Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation – Service Expérience d’application.) — C:WindowsSystem32aelupsvc.dll [62464]
O83 – Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation – Service de propagation de certificats de cartes à puce Microsoft.) — C:WindowsSystem32certprop.dll [67584]
O83 – Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation – Service de propagation de certificats de cartes à puce Microsoft.) — C:WindowsSystem32certprop.dll [67584]
O83 – Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation – DLL du service Serveur.) — C:WindowsSystem32srvsvc.dll [168960]
O83 – Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation – Client de stratégie de groupe.) — C:WindowsSystem32gpsvc.dll [593408]
O83 – Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation – Extension IKE.) — C:WindowsSystem32ikeext.dll [679424]
O83 – Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation – Service Audio Windows.) — C:WindowsSystem32Audiosrv.dll [473600]
O83 – Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation – Gestionnaire de numérotation automatique d’accès distant.) — C:WindowsSystem32rasauto.dll [90624]
O83 – Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation – Gestionnaire de connexions d’accès distant.) — C:WindowsSystem32rasmans.dll [286208]
O83 – Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation – Gestionnaire d’interface dynamique.) — C:WindowsSystem32mprdim.dll [75264]
O83 – Search Svchost Services: SENS (SENS) . (.Microsoft Corporation – Service de notification d’événements système (SENS).) — C:WindowsSystem32sens.dll [49664]
O83 – Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation – Composants de l’application d’assistance à Microsoft NAT.) — C:WindowsSystem32ipnathlp.dll [300544]
O83 – Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation – Serveur de téléphonie Microsoft® Windows(TM).) — C:WindowsSystem32tapisrv.dll [242176]
O83 – Search Svchost Services: TermService (TermService) . (.Microsoft Corporation – Gestionnaire des connexions distantes du serveur hôte de session Burea.) — C:WindowsSystem32termsrv.dll [521216]
O83 – Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation – Agent de mise à jour automatique Windows Update.) — C:WindowsSystem32wuaueng.dll [1933848]
O83 – Search Svchost Services: BITS (BITS) . (.Microsoft Corporation – Service de transfert intelligent en arrière-plan.) — C:WindowsSystem32qmgr.dll [585728]
O83 – Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation – Dll des services Windows Shell.) — C:WindowsSystem32shsvcs.dll [328192]
O83 – Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation – Service offrant une connectivité IPv6 sur un réseau IPv4..) — C:WindowsSystem32iphlpsvc.dll [499712]
O83 – Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation – DLL de service d’ouverture de session secondaire.) — C:Windowssystem32seclogon.dll [21504]
O83 – Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation – Service Informations d’application.) — C:WindowsSystem32appinfo.dll [47104]
O83 – Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation – Service de découverte iSCSI.) — C:WindowsSystem32iscsiexe.dll [114688]
O83 – Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation – Service Planificateur de classes multimédias.) — C:WindowsSystem32mmcss.dll [49664]
O83 – Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation – Rapports et solutions aux problèmes.) — C:WindowsSystem32wercplsupport.dll [61440]
O83 – Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation – Service EAPHost Microsoft.) — C:WindowsSystem32eapsvc.dll [98304]
O83 – Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation – ProfSvc.) — C:WindowsSystem32profsvc.dll [164352]
O83 – Search Svchost Services: schedule (schedule) . (.Microsoft Corporation – Service du Planificateur de tâches.) — C:WindowsSystem32schedsvc.dll [750592]
O83 – Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation – Service Gestion des clés.) — C:WindowsSystem32kmsvc.dll [71168]
O83 – Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation – Service Configuration des services Bureau à distance.) — C:WindowsSystem32sessenv.dll [113664]
O83 – Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation – WMI.) — C:WindowsSystem32wbemWMIsvc.dll [168960]
O83 – Search Svchost Services: browser (browser) . (.Microsoft Corporation – DLL du service Explorateur d’ordinateurs.) — C:WindowsSystem32browser.dll [102912]
O83 – Search Svchost Services: Themes (Themes) . (.Microsoft Corporation – DLL du service des thèmes Windows Shell.) — C:WindowsSystem32themeservice.dll [37376]
O83 – Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation – Service BDE.) — C:WindowsSystem32bdesvc.dll [76800]
O83 – Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation – Service Installation de logiciels.) — C:WindowsSystem32appmgmts.dll [149504]
~ Services: 33 Scanned in 00mn 00s

—\ Enumère les données de la clé NameSpace (MNS) (O92)
O92 – MNS: Nokia Phone Browser – {416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}
~ MNS: 1 Scanned in 00mn 00s

—\ Recherche de clés de registre Tracing (O100)
HKLMSOFTWAREMicrosoftTracingAllTubeDownloader_RASAPI32 =>PUP.SoftwareEngine
HKLMSOFTWAREMicrosoftTracingAllTubeDownloader_RASMANCS =>PUP.SoftwareEngine
HKLMSOFTWAREMicrosoftTracingFileCure_RASAPI32 =>PUP.FileCure
HKLMSOFTWAREMicrosoftTracingFileCure_RASMANCS =>PUP.FileCure
HKLMSOFTWAREMicrosoftTracingGoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLMSOFTWAREMicrosoftTracingLollipopInstaller_amonetize_14633_RASAPI32 =>Adware.Lollipop
HKLMSOFTWAREMicrosoftTracingLollipopInstaller_amonetize_14633_RASMANCS =>Adware.Lollipop
HKLMSOFTWAREMicrosoftTracingSecondOffer2_RASAPI32 =>PUP.Linkular
HKLMSOFTWAREMicrosoftTracingSecondOffer2_RASMANCS =>PUP.Linkular
HKLMSOFTWAREMicrosoftTracingSmartbarExeInstaller_v2_RASAPI32 =>Hijacker.SmartBar
HKLMSOFTWAREMicrosoftTracingSmartbarExeInstaller_v2_RASMANCS =>Hijacker.SmartBar
~ BTK: 151 Scanned in 00mn 00s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) – C:Program FilesCommon FilesAdobeARM1.0armsvc.exe
SS – | Disabled 25/02/2014 1017424 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopavwebg7.exe
SS – | Auto 15/05/2014 116648 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 15/05/2014 116648 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Auto 07/10/2009 154136 | (LVPrcSrv) . (.Logitech Inc..) – C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
SS – | Demand 11/06/2012 724376 | (ServiceLayer) . (.Nokia.) – C:Program FilesPC Connectivity SolutionServiceLayer.exe
SS – | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) – C:Program FilesSkypeUpdaterUpdater.exe
SS – | Demand 14/07/2009 20992 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 25/02/2014 440400 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopsched.exe
SR – | Auto 25/02/2014 440400 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraAntiVir Desktopavguard.exe
SR – | Auto 05/05/2014 124496 | (Avira.OE.ServiceHost) . (.Avira Operations GmbH & Co. KG.) – C:Program FilesAviraMy AviraAvira.OE.ServiceHost.exe
SR – | Auto 11/03/2014 22216 | (MsMpSvc) . (.Microsoft Corporation.) – C:Program FilesMicrosoft Security ClientMsMpEng.exe
SR – | Auto 14/07/2009 20992 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 18s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
Run by temp at 01/06/2014 21:13:56
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
1 ntkrnlpa!IofCallDriver[0x82C47BBA] >> DeviceHarddisk0DR0[0x85C25948]
3 CLASSPNP[0x88DCD59E] >> ntkrnlpa!IofCallDriver[0x82C47BBA] >> DeviceIdeIdeDeviceP1T0L0-1[0x85B49030]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 12 Scanned in 00mn 02s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by temp at 01/06/2014 21:13:58
********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s

—\ Scan Additionnel (O88)
Database Version : 13026 – (01/06/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1

[HKCUSoftwareSoftonic] =>Toolbar.Conduit
C:UserstempAppDataRoamingSimilarSites =>Adware.SimilarSites
[HKCUSoftwareUpToDown] =>PUP.UpToDown^
~ Additionnel Scan: 211453 Items scanned in 00mn 42s

—\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
http://nicolascoolman.fr/pup-softwareengine” onclick=”window.open(this.href);return false; =>PUP.SoftwareEngine
http://nicolascoolman.fr/28493995-pup-filecure” onclick=”window.open(this.href);return false; =>PUP.FileCure
http://nicolascoolman.fr/adware-lollipop” onclick=”window.open(this.href);return false; =>Adware.Lollipop
http://nicolascoolman.fr/hijacker-smartbar” onclick=”window.open(this.href);return false; =>Hijacker.SmartBar
http://nicolascoolman.fr/adware-similarsites” onclick=”window.open(this.href);return false; =>Adware.SimilarSites
~ MSI: 6 link(s) detected in 00mn 00s

End of the scan (1057 lines in 03mn 57s)(0)