Répondre à : rapport usbfix 2016-09-08T13:44:48+00:00
Lady os
Participant
Nombre d'articles : 7

—\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 10/06/2014 – 17:52:42 – [] —-D C:Program FilesActimath
O43 – CFD: 25/05/2014 – 21:33:34 – [] —-D C:Program FilesAdvantage 9.10
O43 – CFD: 06/03/2014 – 18:14:39 – [] —-D C:Program FilesAiseesoft Studio
O43 – CFD: 06/03/2014 – 17:53:40 – [] —-D C:Program FilesAmbalaGurpreet
O43 – CFD: 06/03/2014 – 18:16:04 – [] —-D C:Program FilesApple Software Update =>.Apple Inc
O43 – CFD: 20/04/2014 – 16:34:46 – [] —-D C:Program FilesAVAST Software
O43 – CFD: 09/06/2014 – 18:12:45 – [] —-D C:Program FilesBarbie(TM)
O43 – CFD: 06/03/2014 – 18:16:42 – [] —-D C:Program FilesBonjour
O43 – CFD: 09/06/2014 – 18:00:57 – [] —-D C:Program FilesCity Interactive
O43 – CFD: 06/03/2014 – 18:07:10 – [] —-D C:Program FilesClover
O43 – CFD: 09/06/2014 – 18:15:44 – [] —-D C:Program FilesCommon Files
O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesDVD Maker
O43 – CFD: 06/03/2014 – 18:29:44 – [] —-D C:Program FilesFoxit Software
O43 – CFD: 06/03/2014 – 21:04:08 – [] —-D C:Program FilesGoogle
O43 – CFD: 20/04/2014 – 17:40:57 – [] —-D C:Program FilesHP
O43 – CFD: 09/06/2014 – 18:15:39 – [] –H-D C:Program FilesInstallShield Installation Information
O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesInternet Explorer
O43 – CFD: 11/05/2014 – 18:56:39 – [] —-D C:Program FilesJava
O43 – CFD: 06/03/2014 – 18:29:32 – [] —-D C:Program FilesK-Lite Codec Pack
O43 – CFD: 08/03/2014 – 10:08:00 – [] —-D C:Program FilesMicrosoft Analysis Services
O43 – CFD: 12/04/2011 – 04:24:27 – [] —-D C:Program FilesMicrosoft Games
O43 – CFD: 08/03/2014 – 10:12:11 – [] —-D C:Program FilesMicrosoft Office
O43 – CFD: 08/03/2014 – 10:13:32 – [] —-D C:Program FilesMicrosoft SQL Server
O43 – CFD: 08/03/2014 – 10:53:58 – [] —-D C:Program FilesMicrosoft.NET
O43 – CFD: 11/05/2014 – 18:57:40 – [] —-D C:Program FilesMozilla Firefox
O43 – CFD: 11/03/2014 – 18:57:28 – [] —-D C:Program FilesMozilla Maintenance Service
O43 – CFD: 14/07/2009 – 06:52:30 – [] —-D C:Program FilesMSBuild
O43 – CFD: 06/03/2014 – 18:24:58 – [] —-D C:Program FilesNVIDIA Corporation
O43 – CFD: 20/04/2014 – 00:56:37 – [] —-D C:Program FilesOpera
O43 – CFD: 06/03/2014 – 18:09:37 – [] —-D C:Program FilesPANDORA.TV
O43 – CFD: 14/07/2009 – 06:52:30 – [] —-D C:Program FilesReference Assemblies
O43 – CFD: 06/03/2014 – 18:14:04 – [] —-D C:Program FilesSuperCopier2
O43 – CFD: 06/03/2014 – 18:09:10 – [] —-D C:Program FilesThe KMPlayer
O43 – CFD: 09/06/2014 – 15:34:29 – [] —-D C:Program FilesUbisoft
O43 – CFD: 14/07/2009 – 06:53:23 – [0] —-D C:Program FilesUninstall Information
O43 – CFD: 06/03/2014 – 18:08:04 – [] —-D C:Program FilesVideoLAN
O43 – CFD: 20/04/2014 – 18:12:09 – [] —-D C:Program FilesVimicro Corporation
O43 – CFD: 06/03/2014 – 18:30:01 – [] —-D C:Program FilesWinDjView
O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesWindows Defender
O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesWindows Journal
O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesWindows Mail =>.Microsoft Corporation
O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesWindows Media Player =>.Microsoft Corporation
O43 – CFD: 14/07/2009 – 06:52:30 – [] —-D C:Program FilesWindows NT
O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesWindows Photo Viewer
O43 – CFD: 20/11/2010 – 23:33:48 – [] —-D C:Program FilesWindows Portable Devices
O43 – CFD: 06/03/2014 – 18:42:28 – [] —-D C:Program FilesWindows Sidebar
O43 – CFD: 06/03/2014 – 18:13:51 – [] —-D C:Program FilesWinRAR
O43 – CFD: 09/06/2014 – 15:40:54 – [] —-D C:Program FilesWMV9_VCM
O43 – CFD: 11/05/2014 – 19:14:22 – [] —-D C:Program FilesXMind
O43 – CFD: 20/04/2014 – 17:41:46 – [] —-D C:Program FilesYahoo!
O43 – CFD: 20/06/2014 – 16:25:08 – [] —-D C:Program FilesZHPDiag =>.Nicolas Coolman
O43 – CFD: 08/03/2014 – 10:14:03 – [] —-D C:Program FilesCommon FilesDESIGNER
O43 – CFD: 09/03/2014 – 22:05:45 – [] —-D C:Program FilesCommon FilesHewlett-Packard
O43 – CFD: 09/03/2014 – 22:06:00 – [] —-D C:Program FilesCommon FilesHP
O43 – CFD: 25/05/2014 – 21:33:57 – [] —-D C:Program FilesCommon FilesInstallShield
O43 – CFD: 11/05/2014 – 18:57:55 – [] —-D C:Program FilesCommon FilesJava
O43 – CFD: 08/03/2014 – 10:56:33 – [] —-D C:Program FilesCommon Filesmicrosoft shared
O43 – CFD: 14/07/2009 – 04:37:05 – [] —-D C:Program FilesCommon FilesServices
O43 – CFD: 14/07/2009 – 04:37:05 – [] —-D C:Program FilesCommon FilesSpeechEngines
O43 – CFD: 09/06/2014 – 18:15:44 – [0] —-D C:Program FilesCommon FilesSWF Studio
O43 – CFD: 08/03/2014 – 10:09:52 – [] —-D C:Program FilesCommon FilesSystem
O43 – CFD: 06/03/2014 – 18:14:39 – [] —-D C:ProgramDataAiseesoft Studio
O43 – CFD: 06/03/2014 – 18:16:03 – [] —-D C:ProgramDataApple
O43 – CFD: 06/03/2014 – 18:17:25 – [] —-D C:ProgramDataApple Computer
O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:ProgramDataApplication Data
O43 – CFD: 20/04/2014 – 16:33:44 – [] —-D C:ProgramDataAVAST Software
O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:ProgramDataDesktop
O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:ProgramDataDocuments
O43 – CFD: 08/05/2014 – 20:36:14 – [] —-D C:ProgramDatae856c62a7ad85c7f
O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:ProgramDataFavorites
O43 – CFD: 09/06/2014 – 18:04:30 – [] —-D C:ProgramDataFugazo
O43 – CFD: 20/04/2014 – 17:40:31 – [] —-D C:ProgramDataHP
O43 – CFD: 20/04/2014 – 17:40:18 – [] —-D C:ProgramDataHP Product Assistant
O43 – CFD: 06/03/2014 – 20:22:45 – [0] —-D C:ProgramDataIDM
O43 – CFD: 08/05/2014 – 20:45:25 – [] —-D C:ProgramDataItsReadyApp
O43 – CFD: 06/03/2014 – 20:05:30 – [] —-D C:ProgramDataMicrosoft
O43 – CFD: 22/04/2014 – 19:32:34 – [] —-D C:ProgramDataMicrosoft Help
O43 – CFD: 06/03/2014 – 18:16:18 – [] —-D C:ProgramDataMozilla
O43 – CFD: 06/03/2014 – 18:25:14 – [] —-D C:ProgramDataNVIDIA
O43 – CFD: 06/03/2014 – 18:23:24 – [] —-D C:ProgramDataNVIDIA Corporation
O43 – CFD: 08/03/2014 – 10:52:23 – [] —-D C:ProgramDataregid.1991-06.com.microsoft
O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:ProgramDataStart Menu
O43 – CFD: 11/05/2014 – 18:57:58 – [] —-D C:ProgramDataSun
O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:ProgramDataTemplates
O43 – CFD: 09/06/2014 – 15:34:29 – [] —-D C:ProgramDataUbisoft
O43 – CFD: 09/03/2014 – 22:10:55 – [] —-D C:ProgramDataWEBREG
O43 – CFD: 07/03/2014 – 18:31:36 – [] —-D C:ProgramDataYahoo!
O43 – CFD: 20/04/2014 – 17:41:41 – [] —-D C:ProgramDataYahoo! Companion
O43 – CFD: 06/03/2014 – 20:22:09 – [] —-D C:UsersOPERATEURAppDataRoamingAdobe
O43 – CFD: 06/03/2014 – 21:10:26 – [] —-D C:UsersOPERATEURAppDataRoamingApple Computer
O43 – CFD: 20/04/2014 – 16:37:15 – [] —-D C:UsersOPERATEURAppDataRoamingAVAST Software
O43 – CFD: 20/04/2014 – 13:26:14 – [0] —-D C:UsersOPERATEURAppDataRoamingDMCache
O43 – CFD: 20/04/2014 – 16:41:39 – [] —-D C:UsersOPERATEURAppDataRoamingDropbox
O43 – CFD: 20/04/2014 – 16:41:37 – [] —-D C:UsersOPERATEURAppDataRoamingDropboxMaster
O43 – CFD: 06/03/2014 – 19:57:06 – [0] —-D C:UsersOPERATEURAppDataRoamingDRPSu
O43 – CFD: 09/05/2014 – 11:01:18 – [] —-D C:UsersOPERATEURAppDataRoamingFoxit Software
O43 – CFD: 20/04/2014 – 17:44:49 – [] —-D C:UsersOPERATEURAppDataRoamingHP
O43 – CFD: 13/06/2014 – 21:22:43 – [] —-D C:UsersOPERATEURAppDataRoamingHpUpdate
O43 – CFD: 06/03/2014 – 17:55:42 – [] —-D C:UsersOPERATEURAppDataRoamingIdentities
O43 – CFD: 20/04/2014 – 18:10:02 – [] —-D C:UsersOPERATEURAppDataRoamingInstallShield
O43 – CFD: 07/03/2014 – 18:41:14 – [] —-D C:UsersOPERATEURAppDataRoamingInternetCalls
O43 – CFD: 06/03/2014 – 20:22:10 – [] —-D C:UsersOPERATEURAppDataRoamingMacromedia
O43 – CFD: 12/04/2011 – 04:24:18 – [0] —-D C:UsersOPERATEURAppDataRoamingMedia Center Programs
O43 – CFD: 06/03/2014 – 20:10:40 – [] —-D C:UsersOPERATEURAppDataRoamingMedia Player Classic
O43 – CFD: 16/06/2014 – 22:45:25 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoft
O43 – CFD: 06/03/2014 – 18:17:06 – [] —-D C:UsersOPERATEURAppDataRoamingMozilla
O43 – CFD: 06/03/2014 – 18:16:22 – [] —-D C:UsersOPERATEURAppDataRoamingOpera Software
O43 – CFD: 06/03/2014 – 18:30:10 – [] —-D C:UsersOPERATEURAppDataRoaminguTorrent =>P2P.µTorrent
O43 – CFD: 10/06/2014 – 17:55:08 – [] —-D C:UsersOPERATEURAppDataRoamingVan In
O43 – CFD: 16/06/2014 – 17:22:18 – [] —-D C:UsersOPERATEURAppDataRoamingvlc
O43 – CFD: 08/03/2014 – 11:18:37 – [] —-D C:UsersOPERATEURAppDataRoamingVoipConnect
O43 – CFD: 08/03/2014 – 10:02:18 – [] —-D C:UsersOPERATEURAppDataRoamingWinRAR
O43 – CFD: 20/04/2014 – 17:41:41 – [] —-D C:UsersOPERATEURAppDataRoamingyahoo!
O43 – CFD: 20/06/2014 – 16:27:00 – [] —-D C:UsersOPERATEURAppDataRoamingZHP =>.Nicolas Coolman
O43 – CFD: 06/03/2014 – 18:16:10 – [] —-D C:UsersOPERATEURAppDataLocalApple
O43 – CFD: 06/03/2014 – 20:39:16 – [] —-D C:UsersOPERATEURAppDataLocalApple Computer
O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:UsersOPERATEURAppDataLocalApplication Data
O43 – CFD: 08/05/2014 – 20:36:13 – [] —-D C:UsersOPERATEURAppDataLocalChromatic Browser
O43 – CFD: 06/03/2014 – 18:07:11 – [] —-D C:UsersOPERATEURAppDataLocalClover
O43 – CFD: 08/05/2014 – 20:36:12 – [] —-D C:UsersOPERATEURAppDataLocalComodo
O43 – CFD: 09/06/2014 – 13:50:38 – [0] —-D C:UsersOPERATEURAppDataLocalElevatedDiagnostics
O43 – CFD: 09/05/2014 – 17:54:29 – [] —-D C:UsersOPERATEURAppDataLocalGoogle
O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:UsersOPERATEURAppDataLocalHistory
O43 – CFD: 20/04/2014 – 17:16:52 – [] —-D C:UsersOPERATEURAppDataLocalHP
O43 – CFD: 24/05/2014 – 22:12:34 – [] —-D C:UsersOPERATEURAppDataLocalMicrosoft
O43 – CFD: 26/05/2014 – 20:54:39 – [] —-D C:UsersOPERATEURAppDataLocalMicrosoft Games
O43 – CFD: 06/03/2014 – 18:26:01 – [0] —-D C:UsersOPERATEURAppDataLocalMicrosoft Help
O43 – CFD: 06/03/2014 – 20:17:03 – [] —-D C:UsersOPERATEURAppDataLocalMozilla
O43 – CFD: 06/03/2014 – 18:16:24 – [] —-D C:UsersOPERATEURAppDataLocalOpera Software
O43 – CFD: 07/03/2014 – 18:37:05 – [] —-D C:UsersOPERATEURAppDataLocalPrograms
O43 – CFD: 20/06/2014 – 16:27:01 – [] —-D C:UsersOPERATEURAppDataLocalTemp
O43 – CFD: 14/07/2009 – 06:53:55 – [0] —-D C:UsersOPERATEURAppDataLocalTemporary Internet Files
O43 – CFD: 20/04/2014 – 00:48:33 – [] —-D C:UsersOPERATEURAppDataLocalTorch
O43 – CFD: 06/03/2014 – 17:55:21 – [0] —-D C:UsersOPERATEURAppDataLocalVirtualStore
O43 – CFD: 14/07/2009 – 06:42:04 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsAccessories
O43 – CFD: 06/03/2014 – 17:55:58 – [] R—D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsAdministrative Tools
O43 – CFD: 20/04/2014 – 16:40:29 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsDropbox
O43 – CFD: 14/07/2009 – 06:37:42 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsMaintenance
O43 – CFD: 05/06/2014 – 12:56:50 – [] R—D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup
O43 – CFD: 06/03/2014 – 18:14:06 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsSuperCopier2
O43 – CFD: 06/03/2014 – 18:09:15 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsThe KMPlayer
O43 – CFD: 06/03/2014 – 18:13:51 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsWinRAR
O43 – CFD: 09/06/2014 – 15:41:01 – [] —-D C:UsersOPERATEURAppDataRoamingMicrosoftWindowsStart MenuProgramsWMV9 VCM
~ Program Folder: 143 Scanned in 00mn 00s

—\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 – LFC:[MD5.689FF4BE383CF7FE7BF19DD315DED7A1] – 09/06/2014 – 13:40:30 —A- . (…) — C:PhysicalDisk0_MBR.bin [512]
O44 – LFC:[MD5.842DDAC1518081AC64F483013D0E66E0] – 09/06/2014 – 14:54:04 —A- . (…) — C:WindowsDirectX.log [93161]
O44 – LFC:[MD5.BA94FD59605EFEC56F7F4124BC96D907] – 09/06/2014 – 17:15:20 —A- . (…) — C:Windowska.ini [99]
O44 – LFC:[MD5.8CE08D46F055C0454706CD7B0E3F1BF8] – 12/06/2014 – 16:29:04 —A- . (…) — C:ADS_ERR.ADT [23704]
O44 – LFC:[MD5.6153B93BC5CDB7A0420F4A3BDA9F0AAC] – 12/06/2014 – 16:37:51 —A- . (…) — C:ADS_ERR.ADI [3072]
O44 – LFC:[MD5.B71E50E20179613225ED04C674E49263] – 15/06/2014 – 16:12:31 —A- . (…) — C:WindowsMEMORY.DMP [145604406]
O44 – LFC:[MD5.047E2ED9594D72F3613C48780E0E4327] – 20/06/2014 – 07:51:59 —A- . (…) — C:Windowssetupact.log [11522]
O44 – LFC:[MD5.D597ED9F04CF72112C07466D8B294AF3] – 20/06/2014 – 14:36:36 -S-A- . (…) — C:Windowsbootstat.dat [67584]
O44 – LFC:[MD5.2A217CD15B0C99A830CFC38682566286] – 20/06/2014 – 14:36:41 —A- . (…) — C:WindowsWindowsUpdate.log [659135]
~ Files: 9 Scanned in 00mn 25s

—\ Déni du service (Local Security Authority) (O48)
O48 – LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WindowsSystem32msv1_0.dll
O48 – LSA:Local Security Authority Notification Packages . (.Microsoft Corporation – Moteur du client de l’Éditeur de configuration de sécurité Windows.) — C:WindowsSystem32scecli.dll
O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Package de sécurité Kerberos.) — C:WindowsSystem32kerberos.dll
O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Microsoft Authentication Package v1.0.) — C:WindowsSystem32msv1_0.dll
O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – TLS / SSL Security Provider.) — C:WindowsSystem32schannel.dll
O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Microsoft Digest Access.) — C:WindowsSystem32wdigest.dll
O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Web Service Security Package.) — C:WindowsSystem32tspkg.dll
O48 – LSA:Local Security Authority Security Packages . (.Microsoft Corporation – Pku2u Security Package.) — C:WindowsSystem32pku2u.dll
~ LSA: 8 Scanned in 00mn 00s

—\ Contrôle du Safe Boot (CSB) (O49)
O49 – CSB:Control Safe Boot HKLM…CCSMinimalsermouse.sys . (.Microsoft Corporation – Pilote de filtre souris série.) — C:WindowsSystem32Driverssermouse.sys
O49 – CSB:Control Safe Boot HKLM…CCSMinimalvga.sys . (.Microsoft Corporation – VGA/Super VGA Video Driver.) — C:WindowsSystem32Driversvga.sys
O49 – CSB:Control Safe Boot HKLM…CCSMinimalvgasave.sys . (…) — C:WindowsSystem32Driversvgasave.sys (.not file.)
O49 – CSB:Control Safe Boot HKLM…CCSMinimalvolmgr.sys . (.Microsoft Corporation – Volume Manager Driver.) — C:WindowsSystem32Driversvolmgr.sys
O49 – CSB:Control Safe Boot HKLM…CCSMinimalvolmgrx.sys . (.Microsoft Corporation – Pilote d’extension du gestionnaire de volumes.) — C:WindowsSystem32Driversvolmgrx.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworkipnat.sys . (.Microsoft Corporation – IP Network Address Translator.) — C:WindowsSystem32Driversipnat.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworknsiproxy.sys . (.Microsoft Corporation – NSI Proxy.) — C:WindowsSystem32Driversnsiproxy.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworkrdpencdd.sys . (.Microsoft Corporation – RDP Encoder Miniport.) — C:WindowsSystem32Driversrdpencdd.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworksermouse.sys . (.Microsoft Corporation – Pilote de filtre souris série.) — C:WindowsSystem32Driverssermouse.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworkvga.sys . (.Microsoft Corporation – VGA/Super VGA Video Driver.) — C:WindowsSystem32Driversvga.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworkvgasave.sys . (…) — C:WindowsSystem32Driversvgasave.sys (.not file.)
O49 – CSB:Control Safe Boot HKLM…CCSNetworkvolmgr.sys . (.Microsoft Corporation – Volume Manager Driver.) — C:WindowsSystem32Driversvolmgr.sys
O49 – CSB:Control Safe Boot HKLM…CCSNetworkvolmgrx.sys . (.Microsoft Corporation – Pilote d’extension du gestionnaire de volumes.) — C:WindowsSystem32Driversvolmgrx.sys
~ CSB: 13 Scanned in 00mn 00s

—\ Recherche d’infection sur les pilotes (HKLM)(TDSD) (O52)
O52 – TDSD: Drivers32″msacm.l3acm”=”C:WindowsSystem32l3codeca.acm” . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WindowsSystem32l3codeca.acm
O52 – TDSD: Drivers32″vidc.cvid”=”iccvid.dll” . (.Radius Inc. – Codec Cinepak®.) — C:WindowsSystem32iccvid.dll
O52 – TDSD: drivers.desc”C:WindowsSystem32l3codeca.acm”=”Fraunhofer IIS MPEG Layer-3 Codec” . (.Fraunhofer Institut Integrierte Schaltungen – MPEG Layer-3 Audio Codec for MSACM.) — C:WindowsSystem32l3codeca.acm
~ TDSD: 3 Scanned in 00mn 00s

—\ Enumération des clés de registre SecurityProviders (MCSP) (O54)
O54 – MCSP:[HKLM…CurrentControlSetControl] – (SecurityProviders) – (.Microsoft Corporation – Credential Delegation Security Package.) — C:WindowsSystem32credssp.dll
O54 – MCSP:[HKLM…ControlSet001Control] – (SecurityProviders) – (.Microsoft Corporation – Credential Delegation Security Package.) — C:WindowsSystem32credssp.dll
~ MSCP: 2 Scanned in 00mn 00s

—\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 – MWPS:[HKLM…PoliciesSystem] – “ConsentPromptBehaviorAdmin”=5
O55 – MWPS:[HKLM…PoliciesSystem] – “ConsentPromptBehaviorUser”=3
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableInstallerDetection”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableLUA”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableSecureUIAPaths”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “EnableVirtualization”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “PromptOnSecureDesktop”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “ValidateAdminCodeSignatures”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “dontdisplaylastusername”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “legalnoticecaption”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “legalnoticetext”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “scforceoption”=0
O55 – MWPS:[HKLM…PoliciesSystem] – “shutdownwithoutlogon”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “undockwithoutlogon”=1
O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
~ MWPS: 16 Scanned in 00mn 00s

—\ Liste des pilotes du système (SDL) (O58)
O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Adaptec, Inc. – Adaptec Windows SAS/SATA Storport Driver.) — C:WindowsSystem32Driversadp94xx.sys [422976]
O58 – SDL:14/07/2009 – 02:26:17 —A- . (.Adaptec, Inc. – Adaptec Windows SATA Storport Driver.) — C:WindowsSystem32Driversadpahci.sys [297552]
O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Adaptec, Inc. – Adaptec StorPort Ultra320 SCSI Driver.) — C:WindowsSystem32Driversadpu320.sys [146512]
O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Acer Laboratories Inc. – ALi mini IDE Driver.) — C:WindowsSystem32Driversaliide.sys [14400]
O58 – SDL:10/10/2012 – 04:41:51 —A- . (.Advanced Micro Devices – AHCI 1.2 Device Driver.) — C:WindowsSystem32Driversamdsata.sys [80256]
O58 – SDL:14/07/2009 – 02:26:15 —A- . (.AMD Technologies Inc. – AMD Technology AHCI Compatible Controller Driver for Windows fa.) — C:WindowsSystem32Driversamdsbs.sys [159312]
O58 – SDL:10/10/2012 – 04:41:51 —A- . (.Advanced Micro Devices – Storage Filter Driver.) — C:WindowsSystem32Driversamdxata.sys [22400]
O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Adaptec, Inc. – Adaptec RAID Storport Driver.) — C:WindowsSystem32Driversarc.sys [76368]
O58 – SDL:14/07/2009 – 02:26:15 —A- . (.Adaptec, Inc. – Adaptec SAS RAID WS03 Driver.) — C:WindowsSystem32Driversarcsas.sys [86608]
O58 – SDL:20/04/2014 – 15:35:55 —A- . (…) — C:WindowsSystem32DriversaswHwid.sys [24184] =>.ALWIL Software
O58 – SDL:20/04/2014 – 15:35:55 —A- . (.AVAST Software – avast! File System Minifilter for Windows 2003/Vista.) — C:WindowsSystem32DriversaswMonFlt.sys [67824]
O58 – SDL:20/04/2014 – 15:35:55 —A- . (.AVAST Software – avast! WFP Redirect Driver.) — C:WindowsSystem32DriversaswRdr2.sys [81768]
O58 – SDL:20/04/2014 – 15:35:55 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [49944] =>.ALWIL Software
O58 – SDL:15/05/2014 – 12:36:05 —A- . (.AVAST Software – avast! Virtualization Driver.) — C:WindowsSystem32Driversaswsnx.sys [777488]
O58 – SDL:20/04/2014 – 15:35:55 —A- . (.AVAST Software – avast! Virtualization Driver.) — C:WindowsSystem32Driversaswsnx.sys.1400153765187 [776976]
O58 – SDL:15/05/2014 – 12:36:05 —A- . (.AVAST Software – avast! self protection module.) — C:WindowsSystem32Driversaswsp.sys [411680]
O58 – SDL:20/04/2014 – 15:35:55 —A- . (.AVAST Software – avast! self protection module.) — C:WindowsSystem32Driversaswsp.sys.1400153765187 [411552]
O58 – SDL:15/05/2014 – 12:36:05 —A- . (.AVAST Software – Stream Filter.) — C:WindowsSystem32Driversaswstm.sys [68312]
O58 – SDL:20/04/2014 – 15:35:55 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [180632] =>.ALWIL Software
O58 – SDL:13/07/2009 – 23:02:49 —A- . (.Broadcom Corporation – Pilote unifié NDIS6.x Broadcom NetXtreme Gigabit Ethernet..) — C:WindowsSystem32Driversb57nd60x.sys [229888]
O58 – SDL:13/07/2009 – 23:53:28 —A- . (.Brother Industries, Ltd. – Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) — C:WindowsSystem32DriversBrFiltLo.sys [13568]
O58 – SDL:13/07/2009 – 23:53:28 —A- . (.Brother Industries, Ltd. – Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) — C:WindowsSystem32DriversBrFiltUp.sys [5248]
O58 – SDL:14/07/2009 – 01:57:25 —A- . (.Brother Industries Ltd. – Pilote Brother Série I/F (WDM).) — C:WindowsSystem32DriversBrSerId.sys [272128]
O58 – SDL:13/07/2009 – 23:53:32 —A- . (.Brother Industries Ltd. – Brother Serial driver (WDM version).) — C:WindowsSystem32DriversBrSerWdm.sys [62336]
O58 – SDL:13/07/2009 – 23:53:33 —A- . (.Brother Industries Ltd. – Brother USB MDM Driver.) — C:WindowsSystem32DriversBrUsbMdm.sys [12160]
O58 – SDL:13/07/2009 – 23:53:33 —A- . (.Brother Industries Ltd. – Brother USB Serial Driver.) — C:WindowsSystem32DriversBrUsbSer.sys [11904]
O58 – SDL:13/07/2009 – 23:02:48 —A- . (.Broadcom Corporation – Broadcom NetXtreme II GigE VBD.) — C:WindowsSystem32Driversbxvbdx.sys [430080]
O58 – SDL:14/07/2009 – 02:26:21 —A- . (.CMD Technology, Inc. – CMD PCI IDE Bus Driver.) — C:WindowsSystem32Driverscmdide.sys [15952]
O58 – SDL:14/07/2009 – 02:20:28 —A- . (.Adaptec, Inc. – Adaptec Ultra SCSI miniport.) — C:WindowsSystem32Driversdjsvs.sys [70720]
O58 – SDL:14/07/2009 – 02:20:28 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [453712]
O58 – SDL:13/07/2009 – 23:02:48 —A- . (.Broadcom Corporation – Broadcom NetXtreme II 10 GigE VBD.) — C:WindowsSystem32Driversevbdx.sys [3100160]
O58 – SDL:13/07/2009 – 23:54:14 —A- . (.Hauppauge Computer Works, Inc. – Hauppauge WinTV 885 Consumer IR Driver for eHome.) — C:WindowsSystem32Drivershcw85cir.sys [26624]
O58 – SDL:14/07/2009 – 02:20:28 —A- . (.Hewlett-Packard Company – Smart Array SAS/SATA Controller Media Driver.) — C:WindowsSystem32DriversHpSAMD.sys [67152]
O58 – SDL:10/10/2012 – 04:41:51 —A- . (.Intel Corporation – Intel Matrix Storage Manager driver – ia32.) — C:WindowsSystem32DriversiaStorV.sys [332160]
O58 – SDL:14/07/2009 – 02:20:36 —A- . (.Intel Corp./ICP vortex GmbH – Intel/ICP Raid Storport Driver.) — C:WindowsSystem32Driversiirsp.sys [41040]
O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation – LSI Fusion-MPT FC Driver (StorPort).) — C:WindowsSystem32Driverslsi_fc.sys [95824]
O58 – SDL:14/07/2009 – 02:20:37 —A- . (.LSI Corporation – LSI Fusion-MPT SAS Driver (StorPort).) — C:WindowsSystem32Driverslsi_sas.sys [89168]
O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation – LSI SAS Gen2 Driver (StorPort).) — C:WindowsSystem32Driverslsi_sas2.sys [54864]
O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation – LSI Fusion-MPT SCSI Driver (StorPort).) — C:WindowsSystem32Driverslsi_scsi.sys [96848]
O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation – MEGASAS RAID Controller Driver for Windows 7 for x86.) — C:WindowsSystem32Driversmegasas.sys [30800]
O58 – SDL:14/07/2009 – 02:20:36 —A- . (.LSI Corporation, Inc. – LSI MegaRAID Software RAID Driver.) — C:WindowsSystem32DriversMegaSR.sys [235584]
O58 – SDL:09/10/2007 – 13:43:58 —A- . (.Ralink Technology Corp. – Ralink 802.11 Wireless Adapter Driver.) — C:WindowsSystem32Driversnetr70.sys [291840]
O58 – SDL:14/07/2009 – 02:20:44 —A- . (.IBM Corporation – IBM ServeRAID Controller Driver.) — C:WindowsSystem32Driversnfrd960.sys [44624]
O58 – SDL:10/06/2009 – 22:19:48 —A- . (.NVIDIA Corporation – NVIDIA Windows Kernel Mode Driver, Version 185.93.) — C:WindowsSystem32Driversnvlddmkm.sys [9853248]
O58 – SDL:10/10/2012 – 04:41:51 —A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) RAID Driver.) — C:WindowsSystem32Driversnvraid.sys [117120]
O58 – SDL:10/10/2012 – 04:41:51 —A- . (.NVIDIA Corporation – NVIDIA® nForce(TM) Sata Performance Driver.) — C:WindowsSystem32Driversnvstor.sys [143744]
O58 – SDL:14/07/2009 – 02:19:04 —A- . (.QLogic Corporation – QLogic Fibre Channel Stor Miniport Driver.) — C:WindowsSystem32Driversql2300.sys [1383488]
O58 – SDL:14/07/2009 – 02:19:04 —A- . (.QLogic Corporation – QLogic iSCSI Storport Miniport Driver.) — C:WindowsSystem32Driversql40xx.sys [106064]
O58 – SDL:19/06/2009 – 03:45:02 —A- . (.Realtek Semiconductor Corp. – Realtek AC’97 Audio Driver (WDM).) — C:WindowsSystem32DriversRTKVAC.SYS [4172832]
O58 – SDL:13/07/2009 – 21:50:20 —A- . (.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) — C:WindowsSystem32Driverssecdrv.sys [20480]
O58 – SDL:14/07/2009 – 02:19:04 —A- . (.Silicon Integrated Systems Corp. – SiS RAID Stor Miniport Driver.) — C:WindowsSystem32Driverssisraid2.sys [40016]
O58 – SDL:14/07/2009 – 02:19:04 —A- . (.Silicon Integrated Systems – SiS AHCI Stor-Miniport Driver.) — C:WindowsSystem32Driverssisraid4.sys [77888]
O58 – SDL:14/07/2009 – 02:19:04 —A- . (.Promise Technology – Promise SuperTrak EX Series Driver for Windows.) — C:WindowsSystem32Driversstexstor.sys [21072]
O58 – SDL:14/07/2009 – 02:19:10 —A- . (.VIA Technologies, Inc. – VIA Generic PCI IDE Bus Driver.) — C:WindowsSystem32Driversviaide.sys [16976]
O58 – SDL:02/12/2010 – 18:23:24 —A- . (.VIA Technologies Inc.,Ltd – VIA RAID DRIVER FOR X86-32.) — C:WindowsSystem32Driversviamraid.sys [141424]
O58 – SDL:11/02/2010 – 12:59:18 —A- . (.VIA Technologies, Inc. – VIA Generic PCI IDE Bus Driver.) — C:WindowsSystem32DriversvideX32.sys [13976]
O58 – SDL:25/05/2009 – 16:31:32 —A- . (.Vimicro Corporation – Vimicro USB Video Class Camera.) — C:WindowsSystem32DriversVMUVC.sys [252416]
O58 – SDL:14/07/2009 – 02:19:11 —A- . (.VIA Technologies Inc.,Ltd – VIA RAID DRIVER FOR AMD-X86-64.) — C:WindowsSystem32Driversvsmraid.sys [141904]
O58 – SDL:01/07/2008 – 10:12:32 —A- . (.Vimicro Corporation – Filter Prototype.) — C:WindowsSystem32DriversvvftUVC.sys [398720]
O58 – SDL:13/07/2009 – 23:02:53 —A- . (.Marvell – Pilote Miniport pour contrôleur Ethernet Marvell Yukon..) — C:WindowsSystem32Driversyk62x86.sys [311296]
O58 – SDL:13/07/2009 – 22:40:41


. (…) — C:WindowsSystem32ANSI.SYS [9029]
O58 – SDL:13/07/2009 – 22:40:44


. (…) — C:WindowsSystem32country.sys [27097]
O58 – SDL:13/07/2009 – 22:40:40


. (…) — C:WindowsSystem32HIMEM.SYS [4768]
O58 – SDL:13/07/2009 – 22:40:43


. (…) — C:WindowsSystem32KEY01.SYS [42809]
O58 – SDL:13/07/2009 – 22:40:43


. (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
O58 – SDL:13/07/2009 – 22:40:23


. (…) — C:WindowsSystem32NTDOS.SYS [27866]
O58 – SDL:13/07/2009 – 22:40:31


. (…) — C:WindowsSystem32NTDOS404.SYS [29146]
O58 – SDL:13/07/2009 – 22:40:35


. (…) — C:WindowsSystem32NTDOS411.SYS [29370]
O58 – SDL:13/07/2009 – 22:40:39


. (…) — C:WindowsSystem32NTDOS412.SYS [29274]
O58 – SDL:13/07/2009 – 22:40:27


. (…) — C:WindowsSystem32NTDOS804.SYS [29146]
O58 – SDL:13/07/2009 – 22:40:11


. (…) — C:WindowsSystem32NTIO.SYS [33952]
O58 – SDL:13/07/2009 – 22:40:15


. (…) — C:WindowsSystem32NTIO404.SYS [34672]
O58 – SDL:13/07/2009 – 22:40:17


. (…) — C:WindowsSystem32NTIO411.SYS [35776]
O58 – SDL:13/07/2009 – 22:40:19


. (…) — C:WindowsSystem32NTIO412.SYS [35536]
O58 – SDL:13/07/2009 – 22:40:13


. (…) — C:WindowsSystem32NTIO804.SYS [34672]
~ Drivers: 75 Scanned in 00mn 06s

—\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 16/06/2014 – 16:27:51 —A- . (…) — C:UsersOPERATEURAppDataRoamingMicrosoftUProofCMAdj.12.bin [326]
O61 – LFC: 20/06/2014 – 16:27:53 —A- . (.Nicolas Coolman.) — C:UsersOPERATEURDownloadsZHPDiag2 (1).exe [6854914] =>.Nicolas Coolman
~ 3 Fichiers temporaires (Temporary files)
~ 9 Fichiers cookies (Cookies files)
~ Files: 2 Scanned in 00mn 13s

—\ Liste des outils de désinfection (LATC) (O63)
O63 – Logiciel: UsbFix – (.El Desaparecido – http://www.usbfix.nethttp://www.sosvirus.net.) [HKLM] — Usbfix
O63 – Logiciel: ZHPDiag 2014 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

—\ Liste les services legacy du registre (LALS) (O64)
O64 – Services: CurCS – 20/04/2014 – C:Windowssystem32driversaswHwid.sys (aswHwid) .(…) – LEGACY_ASWHWID
O64 – Services: CurCS – 20/04/2014 – C:Windowssystem32driversaswMonFlt.sys (aswMonFlt) .(.AVAST Software – avast! File System Minifilter for Windows 2.) – LEGACY_ASWMONFLT
O64 – Services: CurCS – 20/04/2014 – C:Windowssystem32driversaswRdr2.sys (aswRdr) .(.AVAST Software – avast! WFP Redirect Driver.) – LEGACY_ASWRDR
O64 – Services: CurCS – 20/04/2014 – C:WindowsSystem32DriversaswRvrt.sys (aswRvrt) .(…) – LEGACY_ASWRVRT
O64 – Services: CurCS – 15/05/2014 – C:Windowssystem32driversaswSnx.sys (aswSnx) .(.AVAST Software – avast! Virtualization Driver.) – LEGACY_ASWSNX
O64 – Services: CurCS – 15/05/2014 – C:Windowssystem32driversaswSP.sys (aswSP) .(.AVAST Software – avast! self protection module.) – LEGACY_ASWSP
O64 – Services: CurCS – 15/05/2014 – C:Windowssystem32driversaswStm.sys (aswStm) .(.AVAST Software – Stream Filter.) – LEGACY_ASWSTM
O64 – Services: CurCS – 20/04/2014 – C:WindowsSystem32DriversaswVmm.sys (aswVmm) .(…) – LEGACY_ASWVMM
O64 – Services: CurCS – 13/07/2009 – C:WindowsSystem32Driverssecdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe – Macrovision SECURITY Driver.) – LEGACY_SECDRV
O64 – Services: CurCS – 14/07/2009 – C:WindowsSystem32driversviaide.sys (viaide) .(.VIA Technologies, Inc. – VIA Generic PCI IDE Bus Driver.) – LEGACY_VIAIDE
O64 – Services: CurCS – 14/07/2009 – C:WindowsSystem32driversvsmraid.sys (vsmraid) .(.VIA Technologies Inc.,Ltd – VIA RAID DRIVER FOR AMD-X86-64.) – LEGACY_VSMRAID
~ Legacy: 77 Scanned in 00mn 01s

—\ Associations Shell Spawning (O67)
O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
O67 – Shell Spawning: [HKLM..cplopenCommand] (.Microsoft Corporation – Windows Control Panel.) — C:WindowsSystem32control.exe =>.Microsoft Corporation
O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Lanceur du composant logiciel enfichable Observateur d’événements.) — C:WindowsSystem32eventvwr.exe
O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” %*
O67 – Shell Spawning: [HKLM..openCommand] (.Not Key.)
O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Microsoft ® Windows Based Script Host.) — C:WindowsSystem32WScript.exe
O67 – Shell Spawning: [HKLM..openCommand] (.Microsoft Corporation – Éditeur du Registre.) — C:Windowsregedit.exe
O67 – Shell Spawning: [HKLM..openCommand] (…) — “%1” /S
O67 – Shell Spawning: [HKCU..openCommand] (.Not Key.)
~ FASS Keys: 11 Scanned in 00mn 00s

—\ Menu de démarrage Internet (SMI) (O68)
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Mozilla Corporation – Firefox.) — C:Program FilesMozilla Firefoxfirefox.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Not Key.)
~ Keys: Scanned in 00mn 00s

—\ Enumère les service demarrés par Svchost (SSS) (O83)
O83 – Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation – Service Expérience d’application.) — C:WindowsSystem32aelupsvc.dll [62464]
O83 – Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation – Service de propagation de certificats de cartes à puce Microsoft.) — C:WindowsSystem32certprop.dll [67584]
O83 – Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation – Service de propagation de certificats de cartes à puce Microsoft.) — C:WindowsSystem32certprop.dll [67584]
O83 – Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation – DLL du service Serveur.) — C:WindowsSystem32srvsvc.dll [168960]
O83 – Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation – Client de stratégie de groupe.) — C:WindowsSystem32gpsvc.dll [593408]
O83 – Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation – Extension IKE.) — C:WindowsSystem32ikeext.dll [674304]
O83 – Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation – Service Audio Windows.) — C:WindowsSystem32Audiosrv.dll [473600]
O83 – Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation – Gestionnaire de numérotation automatique d’accès distant.) — C:WindowsSystem32rasauto.dll [90624]
O83 – Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation – Gestionnaire de connexions d’accès distant.) — C:WindowsSystem32rasmans.dll [286208]
O83 – Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation – Gestionnaire d’interface dynamique.) — C:WindowsSystem32mprdim.dll [75264]
O83 – Search Svchost Services: SENS (SENS) . (.Microsoft Corporation – Service de notification d’événements système (SENS).) — C:WindowsSystem32sens.dll [49664]
O83 – Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation – Composants de l’application d’assistance à Microsoft NAT.) — C:WindowsSystem32ipnathlp.dll [300544]
O83 – Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation – Serveur de téléphonie Microsoft® Windows(TM).) — C:WindowsSystem32tapisrv.dll [242176]
O83 – Search Svchost Services: TermService (TermService) . (.Microsoft Corporation – Gestionnaire des connexions distantes du serveur hôte de session Burea.) — C:WindowsSystem32termsrv.dll [521216]
O83 – Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation – Agent de mise à jour automatique Windows Update.) — C:WindowsSystem32wuaueng.dll [1914368]
O83 – Search Svchost Services: BITS (BITS) . (.Microsoft Corporation – Service de transfert intelligent en arrière-plan.) — C:WindowsSystem32qmgr.dll [585728]
O83 – Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation – Dll des services Windows Shell.) — C:WindowsSystem32shsvcs.dll [328192]
O83 – Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation – Service offrant une connectivité IPv6 sur un réseau IPv4..) — C:WindowsSystem32iphlpsvc.dll [499712]
O83 – Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation – DLL de service d’ouverture de session secondaire.) — C:Windowssystem32seclogon.dll [21504]
O83 – Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation – Service Informations d’application.) — C:WindowsSystem32appinfo.dll [47104]
O83 – Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation – Service de découverte iSCSI.) — C:WindowsSystem32iscsiexe.dll [114688]
O83 – Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation – Service Planificateur de classes multimédias.) — C:WindowsSystem32mmcss.dll [49664]
O83 – Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation – Rapports et solutions aux problèmes.) — C:WindowsSystem32wercplsupport.dll [61440]
O83 – Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation – Service EAPHost Microsoft.) — C:WindowsSystem32eapsvc.dll [98304]
O83 – Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation – ProfSvc.) — C:WindowsSystem32profsvc.dll [164352]
O83 – Search Svchost Services: schedule (schedule) . (.Microsoft Corporation – Service du Planificateur de tâches.) — C:WindowsSystem32schedsvc.dll [750592]
O83 – Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation – Service Gestion des clés.) — C:WindowsSystem32kmsvc.dll [71168]
O83 – Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation – Service Configuration des services Bureau à distance.) — C:WindowsSystem32sessenv.dll [113664]
O83 – Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation – WMI.) — C:WindowsSystem32wbemWMIsvc.dll [168960]
O83 – Search Svchost Services: browser (browser) . (.Microsoft Corporation – DLL du service Explorateur d’ordinateurs.) — C:WindowsSystem32browser.dll [102912]
O83 – Search Svchost Services: Themes (Themes) . (.Microsoft Corporation – DLL du service des thèmes Windows Shell.) — C:WindowsSystem32themeservice.dll [37376]
O83 – Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation – Service BDE.) — C:WindowsSystem32bdesvc.dll [76800]
O83 – Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation – Service Installation de logiciels.) — C:WindowsSystem32appmgmts.dll [149504]
~ Services: 33 Scanned in 00mn 02s

—\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.CC443280C82E1D97D40E4099F822E04E] [SPRF][08/03/2010] (.Macrovision Corporation – Setup.exe.) — C:UsersOPERATEURDesktopCNR-WCAM_7670_Drv_W73264.exe [22869884]
[MD5.385455AA390F93B7B6B4BBE63905CEE9] [SPRF][11/05/2014] (.XMind Ltd. – XMind 2012 (v3.3.1) Installer.) — C:UsersOPERATEURDesktopxmind-windows-3-3-1-201212250029.exe [34767909]
~ Files: 2 Scanned in 00mn 01s

—\ Recherche de clés de registre Tracing (O100)
HKLMSOFTWAREMicrosoftTracingutorrent_RASAPI32 =>P2P.µTorrent
HKLMSOFTWAREMicrosoftTracingutorrent_RASMANCS =>P2P.µTorrent
~ BTK: 145 Scanned in 00mn 00s

—\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS – | Auto 06/03/2014 116648 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 06/03/2014 116648 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
SS – | Demand 11/03/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) – C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
SS – | Auto 14/07/2009 20992 | C:Windowssystem32HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
SS – | Auto 14/07/2009 20992 | C:Windowssystem32HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) – C:WindowsSystem32svchost.exe
SR – | Auto 14/11/2008 2932736 | (Advantage) . (.iAnywhere Solutions, Inc..) – C:Program FilesAdvantage 9.10ServerADS.exe
SR – | Auto 20/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) – C:Program FilesAVAST SoftwareAvastAvastSvc.exe
SR – | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
SR – | Demand 14/07/2009 20992 | C:Program FilesHPDigital Imagingbinhpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
SR – | Auto 14/07/2009 20992 | C:Program FilesHPDigital Imagingbinhpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
SR – | Auto 14/07/2009 20992 | C:Program FilesHPDigital ImagingbinHPSLPSVC32.dll (HPSLPSVC) . (.Hewlett-Packard Co..) – C:WindowsSystem32svchost.exe
SR – | Auto 07/04/2011 612456 | (NVSvc) . (.NVIDIA Corporation.) – C:WindowsSystem32nvvsvc.exe
SR – | Auto 08/07/2013 1922600 | (PanService) . (.Pandora.TV.) – C:Program FilesPANDORA.TVPanServiceKMPService.exe
SR – | Auto 14/07/2009 20992 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 14/07/2009 20992 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
SR – | Auto 09/11/2008 602392 | (YahooAUService) . (.Yahoo! Inc..) – C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe
~ Services: Scanned in 00mn 33s

—\ Recherche d’infection sur le Master Boot Record (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
Run by OPERATEUR at 20/06/2014 16:29:20
device: opened successfully
~ MBR: 4 Scanned in 00mn 02s

—\ Recherche d’infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
Run by OPERATEUR at 20/06/2014 16:29:23
********* Dump file Name *********
C:PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s

—\ Scan Additionnel (O88)
Database Version : 13026 – (19/06/2014)
Clés trouvées (Keys found) : 7
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1

[HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLMSoftwareClassesCLSID{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallYahoo! Companion] =>Toolbar.Yahoo
[HKLMSoftwareClassesCLSID{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKLMSoftwareMicrosoftWindowsCurrentVersionExtPreApproved{EF99BD32-C1FB-11D2-892F-0090271D4F88}] =>Toolbar.Yahoo
[HKCUSoftwareMicrosoftInternet ExplorerURLSearchHooks]:{EF99BD32-C1FB-11D2-892F-0090271D4F88} =>Toolbar.Yahoo
[HKLMSoftwareMicrosoftInternet ExplorerToolbar]:{EF99BD32-C1FB-11D2-892F-0090271D4F88} =>Toolbar.Yahoo
C:UsersOPERATEURAppDataRoaminguTorrent =>P2P.µTorrent^
[HKCUSoftwareBitTorrent] =>P2P.BitTorrent^
~ Additionnel Scan: 239556 Items scanned in 00mn 43s

—\ Informations complémentaires sur les modules
~ http://nicolascoolman.fr/g2-google-chrome-extensions/” onclick=”window.open(this.href);return false; =>.Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/” onclick=”window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/” onclick=”window.open(this.href);return false; =>.Browser Helper Objects de navigateur (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/” onclick=”window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/” onclick=”window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
~ AMI: 5 Scanned in 00mn 00s

—\ Récapitulatif des détections trouvées sur votre station
~ MSI: 0 link(s) detected in 00mn 00s

End of the scan (1097 lines in 04mn 05s)(0)