Répondre à : rapport usbfix 2016-09-08T13:44:47+00:00
Lady os
Participant
Nombre d'articles : 6

ZHPdiag (p2):

—\ Déni du service (Local Security Authority) (O48)
O48 – LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WindowsSystem32msv1_0.dll
O48 – LSA:Local Security Authority Notification Packages . (.Microsoft Corporation – Moteur du client de l’Éditeur de configuration de sécurité Windows.) — C:WindowsSystem32scecli.dll
O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Package de sécurité Kerberos.) — C:WindowsSystem32kerberos.dll
O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WindowsSystem32msv1_0.dll
O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – TLS / SSL Security Provider.) — C:WindowsSystem32schannel.dll
O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Microsoft Digest Access.) — C:WindowsSystem32wdigest.dll
O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Web Service Security Package.) — C:WindowsSystem32tspkg.dll
O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Pku2u Security Package.) — C:WindowsSystem32pku2u.dll
~ LSA: 8 Scanned in 00mn 00s

—\ Contrôle du Safe Boot (CSB) (O49)
O49 – CSB:Control Safe Boot HKLM…CCSMinimalsermouse.sys . (.Microsoft Corporation – Pilote de filtre souris série.) — C:WindowsSystem32Driverssermouse.sys
O49 – CSB:Control Safe Boot HKLM…CCSMinimalvga.sys . (.Microsoft Corporation – VGA/Super VGA Video Driver.) — C:WindowsSystem32Driversvga.sys
O49 – CSB:Control Safe Boot HKLM…CCSMinimalvgasave.sys . (…) — C:WindowsSystem32Driversvgasave.sys (.not file.)
O49 – CSB:Control Safe Boot HKLM…CCSMinimalvolmgr.sys . (.Microsoft Corporation – Volume Manager Driver.) — C:WindowsSystem32Driversvolmgr.sys
O49 – CSB:Control Safe Boot HKLM…CCSMinimalvolmgrx.sys . (.Microsoft Corporation – Pilote d’extension du gestionnaire de volumes.) — C:WindowsSystem32Driversvolmgrx.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworkipnat.sys . (.Microsoft Corporation – IP Network Address Translator.) — C:WindowsSystem32Driversipnat.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworknsiproxy.sys . (.Microsoft Corporation – NSI Proxy.) — C:WindowsSystem32Driversnsiproxy.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworkrdpencdd.sys . (.Microsoft Corporation – RDP Encoder Miniport.) — C:WindowsSystem32Driversrdpencdd.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworksermouse.sys . (.Microsoft Corporation – Pilote de filtre souris série.) — C:WindowsSystem32Driverssermouse.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworkvga.sys . (.Microsoft Corporation – VGA/Super VGA Video Driver.) — C:WindowsSystem32Driversvga.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworkvgasave.sys . (…) — C:WindowsSystem32Driversvgasave.sys (.not file.)
O49 – CSB:Control Safe Boot HKLM…CCSNetworkvolmgr.sys . (.Microsoft Corporation – Volume Manager Driver.) — C:WindowsSystem32Driversvolmgr.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworkvolmgrx.sys . (.Microsoft Corporation – Pilote d’extension du gestionnaire de volumes.) — C:WindowsSystem32Driversvolmgrx.sys
~ CSB: 13 Scanned in 00mn 00s

—\ Recherche d’infection sur les pilotes (HKLM)(TDSD) (O52)
O52 – TDSD: Drivers32″msacm.l3acm”=”C:WindowsSystem32l3codeca.acm” . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WindowsSystem32l3codeca.acm
O52 – TDSD: Drivers32″vidc.cvid”=”iccvid.dll” . (.Radius Inc. – Codec Cinepak®.) — C:WindowsSystem32iccvid.dll
O52 – TDSD: drivers.desc”C:WindowsSystem32l3codeca.acm”=”Fraunhofer IIS MPEG Layer-3 Codec” . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WindowsSystem32l3codeca.acm
~ TDSD: 3 Scanned in 00mn 00s

—\ Enumération des clés de registre SecurityProviders (MCSP) (O54)
O54 – MCSP:[HKLM…CurrentControlSetControl] – (SecurityProviders) – (.Microsoft Corporation – Credential Delegation Security Package.) — C:WindowsSystem32credssp.dll
O54 – MCSP:[HKLM…ControlSet001Control] – (SecurityProviders) – (.Microsoft Corporation – Credential Delegation Security Package.) — C:WindowsSystem32credssp.dll
~ MSCP: 2 Scanned in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “ConsentPromptBehaviorAdmin”=5
O55 – MWPS:[HKLM…PoliciesSystem] – “ConsentPromptBehaviorUser”=3
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableInstallerDetection”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableLUA”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableSecureUIAPaths”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableVirtualization”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “ValidateAdminCodeSignatures”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “dontdisplaylastusername”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “legalnoticecaption”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “legalnoticetext”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “scforceoption”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “shutdownwithoutlogon”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “undockwithoutlogon”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 16 Scanned in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Adaptec, Inc. – Adaptec Windows SAS/SATA Storport Driver.) — C:WindowsSystem32Driversadp94xx.sys [422976]
O58 – SDL:14/07/2009 – 02:26:17 —A- . (.Adaptec, Inc. – Adaptec Windows SATA Storport Driver.) — C:WindowsSystem32Driversadpahci.sys [297552]
O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Adaptec, Inc. – Adaptec StorPort Ultra320 SCSI Driver.) — C:WindowsSystem32Driversadpu320.sys [146512]
O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Acer Laboratories Inc. – ALi mini IDE Driver.) — C:WindowsSystem32Driversaliide.sys [14400]
O58 – SDL:10/10/2012 – 04:41:51 —A- . (.Advanced Micro Devices – AHCI 1.2 Device Driver.) — C:WindowsSystem32Driversamdsata.sys [80256]
O58 – SDL:14/07/2009 – 02:26:15 —A- . (.AMD Technologies Inc. – AMD Technology AHCI Compatible Controller Driver for Windows fa.) — C:WindowsSystem32Driversamdsbs.sys [159312]
O58 – SDL:10/10/2012 – 04:41:51 —A- . (.Advanced Micro Devices – Storage Filter Driver.) — C:WindowsSystem32Driversamdxata.sys [22400]
O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Adaptec, Inc. – Adaptec RAID Storport Driver.) — C:WindowsSystem32Driversarc.sys [76368]
O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Adaptec, Inc. – Adaptec SAS RAID WS03 Driver.) — C:WindowsSystem32Driversarcsas.sys [86608]
O58 – SDL:20/04/2014 – 15:35:55 —A- . (…) — C:WindowsSystem32DriversaswHwid.sys [24184] =>.ALWIL Software
O58 – SDL:20/04/2014 – 15:35:55 —A- . (.AVAST Software – avast! File System Minifilter for Windows 2003/Vista.) — C:WindowsSystem32DriversaswMonFlt.sys [67824]
O58 – SDL:20/04/2014 – 15:35:55 —A- . (.AVAST Software – avast! WFP Redirect Driver.) — C:WindowsSystem32DriversaswRdr2.sys [81768]
O58 – SDL:20/04/2014 – 15:35:55 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [49944] =>.ALWIL Software
O58 – SDL:15/05/2014 – 12:36:05 —A- . (.AVAST Software – avast! Virtualization Driver.) — C:WindowsSystem32Driversaswsnx.sys [777488]
O58 – SDL:20/04/2014 – 15:35:55 —A- . (.AVAST Software – avast! Virtualization Driver.) — C:WindowsSystem32Driversaswsnx.sys.1400153765187 [776976]
O58 – SDL:15/05/2014 – 12:36:05 —A- . (.AVAST Software – avast! self protection module.) — C:WindowsSystem32Driversaswsp.sys [411680]
O58 – SDL:20/04/2014 – 15:35:55 —A- . (.AVAST Software – avast! self protection module.) — C:WindowsSystem32Driversaswsp.sys.1400153765187 [411552]
O58 – SDL:15/05/2014 – 12:36:05 —A- . (.AVAST Software – Stream Filter.) — C:WindowsSystem32Driversaswstm.sys [68312]
O58 – SDL:20/04/2014 – 15:35:55 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [180632] =>.ALWIL Software
O58 – SDL:13/07/2009 – 23:02:49 —A- . (.Broadcom Corporation – Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) — C:WindowsSystem32Driversb57nd60x.sys [229888]
O58 – SDL:13/07/2009 – 23:53:28 —A- . (.Brother Industries, Ltd. – Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) — C:WindowsSystem32DriversBrFiltLo.sys [13568]
O58 – SDL:13/07/2009 – 23:53:28 —A- . (.Brother Industries, Ltd. – Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) — C:WindowsSystem32DriversBrFiltUp.sys [5248]
O58 – SDL:14/07/2009 – 01:57:25 —A- . (.Brother Industries Ltd. – Pilote Brother Série I/F (WDM).) — C:WindowsSystem32DriversBrSerId.sys [272128]
O58 – SDL:13/07/2009 – 23:53:32 —A- . (.Brother Industries Ltd. – Brother Serial driver (WDM version).) — C:WindowsSystem32DriversBrSerWdm.sys [62336]
O58 – SDL:13/07/2009 – 23:53:33 —A- . (.Brother Industries Ltd. – Brother USB MDM Driver.) — C:WindowsSystem32DriversBrUsbMdm.sys [12160]
O58 – SDL:13/07/2009 – 23:53:33 —A- . (.Brother Industries Ltd. – Brother USB Serial Driver.) — C:WindowsSystem32DriversBrUsbSer.sys [11904]
O58 – SDL:13/07/2009 – 23:02:48 —A- . (.Broadcom Corporation – Broadcom NetXtreme II GigE VBD.) — C:WindowsSystem32Driversbxvbdx.sys [430080]
O58 – SDL:14/07/2009 – 02:26:21 —A- . (.CMD Technology, Inc. – CMD PCI IDE Bus Driver.) — C:WindowsSystem32Driverscmdide.sys [15952]
O58 – SDL:14/07/2009 – 02:20:28 —A- . (.Adaptec, Inc. – Adaptec Ultra SCSI miniport.) — C:WindowsSystem32Driversdjsvs.sys [70720]
O58 – SDL:14/07/2009 – 02:20:28 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [453712]
O58 – SDL:13/07/2009 – 23:02:48 —A- . (.Broadcom Corporation – Broadcom NetXtreme II 10 GigE VBD.) — C:WindowsSystem32Driversevbdx.sys [3100160]
O58 – SDL:13/07/2009 – 23:54:14 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [26624]
O58 – SDL:14/07/2009 – 02:20:28 —A- . (.Hewlett-Packard Company – Smart Array SAS/SATA Controller Media Driver.) — C:WindowsSystem32DriversHpSAMD.sys [67152]
O58 – SDL:10/10/2012 – 04:41:51 —A- . (.Intel Corporation – Intel Matrix Storage Manager driver – ia32.) — C:WindowsSystem32DriversiaStorV.sys [332160]
O58 – SDL:14/07/2009 – 02:20:36 —A- . (.Intel Corp./ICP vortex GmbH – Intel/ICP Raid Storport Driver.) — C:WindowsSystem32Driversiirsp.sys [41040]
O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation – LSI Fusion-MPT FC Driver (StorPort).) — C:WindowsSystem32Driverslsi_fc.sys [95824]
O58 – SDL:14/07/2009 – 02:20:37 —A- . (.LSI Corporation – LSI Fusion-MPT SAS Driver (StorPort).) — C:WindowsSystem32Driverslsi_sas.sys [89168]
O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation – LSI SAS Gen2 Driver (StorPort).) — C:WindowsSystem32Driverslsi_sas2.sys [54864]
O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation – LSI Fusion-MPT SCSI Driver (StorPort).) — C:WindowsSystem32Driverslsi_scsi.sys [96848]
O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation – MEGASAS RAID Controller Driver for Windows 7 for x86.) — C:WindowsSystem32Driversmegasas.sys [30800]
O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation, Inc. – LSI MegaRAID Software RAID Driver.) — C:WindowsSystem32DriversMegaSR.sys [235584]
O58 – SDL:09/10/2007 – 13:43:58 —A- . (.Ralink Technology Corp. – Ralink 802.11 Wireless Adapter Driver.) — C:WindowsSystem32Driversnetr70.sys [291840]
O58 – SDL:14/07/2009 – 02:20:44 —A- . (.IBM Corporation – IBM ServeRAID Controller Driver.) — C:WindowsSystem32Driversnfrd960.sys [44624]
O58 – SDL:10/06/2009 – 22:19:48 —A- . (.NVIDIA Corporation – NVIDIA Windows Kernel Mode Driver, Version 185.93.) — C:WindowsSystem32Driversnvlddmkm.sys [9853248]
O58 – SDL:10/10/2012 – 04:41:51 —A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) RAID Driver.) — C:WindowsSystem32Driversnvraid.sys [117120]
O58 – SDL:10/10/2012 – 04:41:51 —A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) Sata Performance Driver.) — C:WindowsSystem32Driversnvstor.sys [143744]
O58 – SDL:14/07/2009 – 02:19:04 —A- . (.QLogic Corporation – QLogic Fibre Channel Stor Miniport Driver.) — C:WindowsSystem32Driversql2300.sys [1383488]
O58 – SDL:14/07/2009 – 02:19:04 —A- . (.QLogic Corporation – QLogic iSCSI Storport Miniport Driver.) — C:WindowsSystem32Driversql40xx.sys [106064]
O58 – SDL:19/06/2009 – 03:45:02 —A- . (.Realtek Semiconductor Corp. – Realtek AC’97 Audio Driver (WDM).) — C:WindowsSystem32DriversRTKVAC.SYS [4172832]
O58 – SDL:13/07/2009 – 21:50:20 —A- . (.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) — C:WindowsSystem32Driverssecdrv.sys [20480]
O58 – SDL:14/07/2009 – 02:19:04 —A- . (.Silicon Integrated Systems Corp. – SiS RAID Stor Miniport Driver.) — C:WindowsSystem32Driverssisraid2.sys [40016]
O58 – SDL:14/07/2009 – 02:19:04 —A- . (.Silicon Integrated Systems – SiS AHCI Stor-Miniport Driver.) — C:WindowsSystem32Driverssisraid4.sys [77888]
O58 – SDL:14/07/2009 – 02:19:04 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [21072]
O58 – SDL:14/07/2009 – 02:19:10 —A- . (.VIA Technologies, Inc. – VIA Generic PCI IDE Bus Driver.) — C:WindowsSystem32Driversviaide.sys [16976]
O58 – SDL:02/12/2010 – 18:23:24 —A- . (.VIA Technologies Inc.,Ltd – VIA RAID DRIVER FOR X86-32.) — C:WindowsSystem32Driversviamraid.sys [141424]
O58 – SDL:11/02/2010 – 12:59:18 —A- . (.VIA Technologies, Inc. – VIA Generic PCI IDE Bus Driver.) — C:WindowsSystem32DriversvideX32.sys [13976]
O58 – SDL:25/05/2009 – 16:31:32 —A- . (.Vimicro Corporation – Vimicro USB Video Class Camera.) — C:WindowsSystem32DriversVMUVC.sys [252416]
O58 – SDL:14/07/2009 – 02:19:11 —A- . (.VIA Technologies Inc.,Ltd – VIA RAID DRIVER FOR AMD-X86-64.) — C:WindowsSystem32Driversvsmraid.sys [141904]
O58 – SDL:01/07/2008 – 10:12:32 —A- . (.Vimicro Corporation – Filter Prototype.) — C:WindowsSystem32DriversvvftUVC.sys [398720]
O58 – SDL:13/07/2009 – 23:02:53 —A- . (.Marvell – Pilote Miniport pour contrôleur Ethernet Marvell Yukon..) — C:WindowsSystem32Driversyk62x86.sys [311296]
O58 – SDL:13/07/2009 – 22:40:41 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
O58 – SDL:13/07/2009 – 22:40:44 —A- . (…) — C:WindowsSystem32country.sys [27097]
O58 – SDL:13/07/2009 – 22:40:40 —A- . (…) — C:WindowsSystem32HIMEM.SYS [4768]
O58 – SDL:13/07/2009 – 22:40:43 —A- . (…) — C:WindowsSystem32KEY01.SYS [42809]
O58 – SDL:13/07/2009 – 22:40:43 —A- . (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
O58 – SDL:13/07/2009 – 22:40:23 —A- . (…) — C:WindowsSystem32NTDOS.SYS [27866]
O58 – SDL:13/07/2009 – 22:40:31 —A- . (…) — C:WindowsSystem32NTDOS404.SYS [29146]
O58 – SDL:13/07/2009 – 22:40:35 —A- . (…) — C:WindowsSystem32NTDOS411.SYS [29370]
O58 – SDL:13/07/2009 – 22:40:39 —A- . (…) — C:WindowsSystem32NTDOS412.SYS [29274]
O58 – SDL:13/07/2009 – 22:40:27 —A- . (…) — C:WindowsSystem32NTDOS804.SYS [29146]
O58 – SDL:13/07/2009 – 22:40:11 —A- . (…) — C:WindowsSystem32NTIO.SYS [33952]
O58 – SDL:13/07/2009 – 22:40:15 —A- . (…) — C:WindowsSystem32NTIO404.SYS [34672]
O58 – SDL:13/07/2009 – 22:40:17 —A- . (…) — C:WindowsSystem32NTIO411.SYS [35776]
O58 – SDL:13/07/2009 – 22:40:19 —A- . (…) — C:WindowsSystem32NTIO412.SYS [35536]
O58 – SDL:13/07/2009 – 22:40:13 —A- . (…) — C:WindowsSystem32NTIO804.SYS [34672]
~ Drivers: 75 Scanned in 00mn 06s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 05/06/2014 – 14:39:15 —A- . (…) — C:UsersOPERATEURAppDataRoamingMicrosoftUProofCMAdj.12.bin [120]
O61 – LFC: 07/06/2014 – 14:39:17 —A- . (.El Desaparecido – SosVirus.net – UsbFix.net.) — C:UsersOPERATEURDownloadsUsbFix.exe [3085908]
O61 – LFC: 09/06/2014 – 14:39:17 —A- . (.Nicolas Coolman.) — C:UsersOPERATEURDownloadsZHPDiag2.exe [6854712] =>.Nicolas Coolman
~ 59 Fichiers temporaires (Temporary files)
~ 4 Fichiers cookies (Cookies files)
~ Files: 3 Scanned in 00mn 12s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Liste les services legacy du registre (LALS) (O64)
O64 – Services: CurCS – 20/04/2014 – C:Windowssystem32driversaswHwid.sys (aswHwid) .(…) – LEGACY_ASWHWID
O64 – Services: CurCS – 20/04/2014 – C:Windowssystem32driversaswMonFlt.sys (aswMonFlt) .(.AVAST Software – avast! File System Minifilter for Windows 2.) – LEGACY_ASWMONFLT
O64 – Services: CurCS – 20/04/2014 – C:Windowssystem32driversaswRdr2.sys (aswRdr) .(.AVAST Software – avast! WFP Redirect Driver.) – LEGACY_ASWRDR
O64 – Services: CurCS – 20/04/2014 – C:WindowsSystem32DriversaswRvrt.sys (aswRvrt) .(…) – LEGACY_ASWRVRT
O64 – Services: CurCS – 15/05/2014 – C:Windowssystem32driversaswSnx.sys (aswSnx) .(.AVAST Software – avast! Virtualization Driver.) – LEGACY_ASWSNX
O64 – Services: CurCS – 15/05/2014 – C:Windowssystem32driversaswSP.sys (aswSP) .(.AVAST Software – avast! self protection module.) – LEGACY_ASWSP
O64 – Services: CurCS – 15/05/2014 – C:Windowssystem32driversaswStm.sys (aswStm) .(.AVAST Software – Stream Filter.) – LEGACY_ASWSTM
O64 – Services: CurCS – 20/04/2014 – C:WindowsSystem32DriversaswVmm.sys (aswVmm) .(…) – LEGACY_ASWVMM
O64 – Services: CurCS – 13/07/2009 – C:WindowsSystem32Driverssecdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) – LEGACY_SECDRV
O64 – Services: CurCS – 14/07/2009 – C:WindowsSystem32driversviaide.sys (viaide) .(.VIA Technologies, Inc. – VIA Generic PCI IDE Bus Driver.) – LEGACY_VIAIDE
O64 – Services: CurCS – 14/07/2009 – C:WindowsSystem32driversvsmraid.sys (vsmraid) .(.VIA Technologies Inc.,Ltd – VIA RAID DRIVER FOR AMD-X86-64.) – LEGACY_VSMRAID
~ Legacy: 76 Scanned in 00mn 01s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
O67 – Shell Spawning: [HKLM..cplopenCommand] (.Microsoft Corporation – Windows Control Panel.) — C:WindowsSystem32control.exe =>.Microsoft Corporation
O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Lanceur du composant logiciel enfichable Observateur d’événements.) — C:WindowsSystem32eventvwr.exe
O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
O67 – Shell Spawning: [HKLM..openCommand] (.Not Key.)
O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32WScript.exe
O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Éditeur du Registre.) — C:Windowsregedit.exe
O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” /S
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 11 Scanned in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Not Key.)
~ Keys: Scanned in 00mn 00s

—\ Recherche d’infection sur les navigateurs internet (SBI) (O69)
O69 – SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} [DefaultScope] – (Yahoo!) – http://fr.search.yahoo.com” onclick=”window.open(this.href);return false;
~ Keys: Scanned in 00mn 00s

—\ Enumère les service demarrés par Svchost (SSS) (O83)
O83 – Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation – Service Expérience d’application.) — C:WindowsSystem32aelupsvc.dll [62464]
O83 – Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation – Service de propagation de certificats de cartes à puce Microsoft.) — C:WindowsSystem32certprop.dll [67584]
O83 – Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation – Service de propagation de certificats de cartes à puce Microsoft.) — C:WindowsSystem32certprop.dll [67584]
O83 – Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation – DLL du service Serveur.) — C:WindowsSystem32srvsvc.dll [168960]
O83 – Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation – Client de stratégie de groupe.) — C:WindowsSystem32gpsvc.dll [593408]
O83 – Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation – Extension IKE.) — C:WindowsSystem32ikeext.dll [674304]
O83 – Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation – Service Audio Windows.) — C:WindowsSystem32Audiosrv.dll [473600]
O83 – Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation – Gestionnaire de numérotation automatique d’accès distant.) — C:WindowsSystem32rasauto.dll [90624]
O83 – Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation – Gestionnaire de connexions d’accès distant.) — C:WindowsSystem32rasmans.dll [286208]
O83 – Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation – Gestionnaire d’interface dynamique.) — C:WindowsSystem32mprdim.dll [75264]
O83 – Search Svchost Services: SENS (SENS) . (.Microsoft Corporation – Service de notification d’événements système (SENS).) — C:WindowsSystem32sens.dll [49664]
O83 – Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation – Composants de l’application d’assistance à Microsoft NAT.) — C:WindowsSystem32ipnathlp.dll [300544]
O83 – Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation – Serveur de téléphonie Microsoft® Windows(TM).) — C:WindowsSystem32tapisrv.dll [242176]
O83 – Search Svchost Services: TermService (TermService) . (.Microsoft Corporation – Gestionnaire des connexions distantes du serveur hôte de session Burea.) — C:WindowsSystem32termsrv.dll [521216]
O83 – Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation – Agent de mise à jour automatique Windows Update.) — C:WindowsSystem32wuaueng.dll [1914368]
O83 – Search Svchost Services: BITS (BITS) . (.Microsoft Corporation – Service de transfert intelligent en arrière-plan.) — C:WindowsSystem32qmgr.dll [585728]
O83 – Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation – Dll des services Windows Shell.) — C:WindowsSystem32shsvcs.dll [328192]
O83 – Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation – Service offrant une connectivité IPv6 sur un réseau IPv4..) — C:WindowsSystem32iphlpsvc.dll [499712]
O83 – Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation – DLL de service d’ouverture de session secondaire.) — C:Windowssystem32seclogon.dll [21504]
O83 – Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation – Service Informations d’application.) — C:WindowsSystem32appinfo.dll [47104]
O83 – Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation – Service de découverte iSCSI.) — C:WindowsSystem32iscsiexe.dll [114688]
O83 – Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation – Service Planificateur de classes multimédias.) — C:WindowsSystem32mmcss.dll [49664]
O83 – Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation – Rapports et solutions aux problèmes.) — C:WindowsSystem32wercplsupport.dll [61440]
O83 – Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation – Service EAPHost Microsoft.) — C:WindowsSystem32eapsvc.dll [98304]
O83 – Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation – ProfSvc.) — C:WindowsSystem32profsvc.dll [164352]
O83 – Search Svchost Services: schedule (schedule) . (.Microsoft Corporation – Service du Planificateur de tâches.) — C:WindowsSystem32schedsvc.dll [750592]
O83 – Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation – Service Gestion des clés.) — C:WindowsSystem32kmsvc.dll [71168]
O83 – Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation – Service Configuration des services Bureau à distance.) — C:WindowsSystem32sessenv.dll [113664]
O83 – Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation – WMI.) — C:WindowsSystem32wbemWMIsvc.dll [168960]
O83 – Search Svchost Services: browser (browser) . (.Microsoft Corporation – DLL du service Explorateur d’ordinateurs.) — C:WindowsSystem32browser.dll [102912]
O83 – Search Svchost Services: Themes (Themes) . (.Microsoft Corporation – DLL du service des thèmes Windows Shell.) — C:WindowsSystem32themeservice.dll [37376]
O83 – Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation – Service BDE.) — C:WindowsSystem32bdesvc.dll [76800]
O83 – Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation – Service Installation de logiciels.) — C:WindowsSystem32appmgmts.dll [149504]
~ Services: 33 Scanned in 00mn 01s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.CC443280C82E1D97D40E4099F822E04E] [SPRF][08/03/2010] (.Macrovision Corporation – Setup.exe.) — C:UsersOPERATEURDesktopCNR-WCAM_7670_Drv_W73264.exe [22869884]
[MD5.385455AA390F93B7B6B4BBE63905CEE9] [SPRF][11/05/2014] (.XMind Ltd. – XMind 2012 (v3.3.1) Installer.) — C:UsersOPERATEURDesktopxmind-windows-3-3-1-201212250029.exe [34767909]
~ Files: 2 Scanned in 00mn 01s

—\ Recherche de clés de registre Tracing (O100)
HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_xmind_RASAPI32 =>Toolbar.Conduit
HKLMSOFTWAREMicrosoftTracingSoftonicDownloader_pour_xmind_RASMANCS =>Toolbar.Conduit
HKLMSOFTWAREMicrosoftTracingutorrent_RASAPI32 =>P2P.µTorrent
HKLMSOFTWAREMicrosoftTracingutorrent_RASMANCS =>P2P.µTorrent
~ BTK: 141 Scanned in 00mn 00s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Auto 14/11/2008 2932736 | (Advantage) . (.iAnywhere Solutions, Inc..) – C:Program FilesAdvantage 9.10ServerADS.exe
SS – | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SS – | Auto 06/03/2014 116648 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 06/03/2014 116648 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 11/03/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
SS – | Auto 14/07/2009 20992 | C:Windowssystem32HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
SS – | Auto 08/07/2013 1922600 | (PanService) . (.Pandora.TV.) – C:Program FilesPANDORA.TVPanServiceKMPService.exe
SS – | Auto 14/07/2009 20992 | C:Windowssystem32HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
SS – | Auto 09/11/2008 602392 | (YahooAUService) . (.Yahoo! Inc..) – C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
SR – | Auto 20/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
SR – | Demand 14/07/2009 20992 | C:Program FilesHPDigital Imagingbinhpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
SR – | Auto 14/07/2009 20992 | C:Program FilesHPDigital Imagingbinhpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
SR – | Auto 14/07/2009 20992 | C:Program FilesHPDigital ImagingbinHPSLPSVC32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
SR – | Auto 07/04/2011 612456 | (NVSvc) . (.NVIDIA Corporation.) – C:WindowsSystem32nvvsvc.exe
SR – | Auto 14/07/2009 20992 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 14/07/2009 20992 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
~ Services: Scanned in 00mn 25s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
~ MBR: 1 Scanned in 00mn 02s

—\ Scan Additionnel (O88)
Database Version : 13026 – (09/06/2014)
Clés trouvées (Keys found) : 10
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 1

[HKLMSoftwareGoogleChromeExtensionskjccbiogefimbmiolonpolpgpcfempll] =>PUP.SaveNet^
[HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{DECA3892-BA8F-44b8-A993-A466AD694AE4}] =>Adware.Bandoo
[HKCUSoftwareSoftonic] =>Toolbar.Conduit
[HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLMSoftwareClassesCLSID{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallYahoo! Companion] =>Toolbar.Yahoo
[HKLMSoftwareClassesCLSID{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks]:{EF99BD32-C1FB-11D2-892F-0090271D4F88} =>Toolbar.Yahoo
[HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{EF99BD32-C1FB-11D2-892F-0090271D4F88} =>Toolbar.Yahoo
C:UsersOPERATEURAppDataLocalGoogleChromeUser DataDefaultExtensionskjccbiogefimbmiolonpolpgpcfempll =>PUP.SaveNet^
C:ProgramDataInstallMate =>PUP.Tarma^
C:UsersOPERATEURAppDataRoaminguTorrent =>P2P.µTorrent^
[HKCUSoftwareBitTorrent] =>P2P.BitTorrent^
~ Additionnel Scan: 239730 Items scanned in 00mn 38s

—\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/” onclick=”window.open(this.href);return false; =>.Google Chrome, Extensions (G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/” onclick=”window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/” onclick=”window.open(this.href);return false; =>.Browser Helper Objects de navigateur s (O2)
~ AMI: 3 Scanned in 00mn 00s

—\ Récapitulatif des détections trouvées sur votre station
http://nicolascoolman.fr/toolbar-conduit” onclick=”window.open(this.href);return false; =>Toolbar.Conduit
http://nicolascoolman.fr/pup-tarma” onclick=”window.open(this.href);return false; =>PUP.Tarma
http://nicolascoolman.fr/adware-bandoo” onclick=”window.open(this.href);return false; =>Adware.Bandoo
~ MSI: 3 link(s) detected in 00mn 00s

End of the scan (1070 lines in 04mn 12s)(0)