Infection pas christina anguilare

OK j ai envoyé le rapport

Hello,

Il faut donner le lien à Destrio, sinon il ne pourra pas voir le rapport :-)

++

salut markaz salut Destrio5
met le lien de ton rapport

voici le lien
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20120315_p6v8f8m6c14

Ça va, je ne suis pas seul, il y a d'autres helpers sur la discussion donc si je fais des bêtises... ^^

le rapport.


# AdwCleaner v1.501 - Rapport créé le 15/03/2012 à 10:40:12
# Mis à jour le 04/03/2012 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : EGB - SECRETARIAT
# Exécuté depuis : C:\Documents and Settings\EGB\Bureau\images logiciel\adwcleaner.exe
# Option [Recherche]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Présent : C:\Documents and Settings\EGB\Application Data\GetRightToGo
Dossier Présent : C:\Documents and Settings\EGB\Application Data\PriceGong
Dossier Présent : C:\Documents and Settings\EGB\Local Settings\Application Data\BittorrentBar_FR
Dossier Présent : C:\Documents and Settings\EGB\Local Settings\Application Data\Conduit
Dossier Présent : C:\Program Files\Conduit

***** [H. Navipromo] *****


***** [Registre] *****

[*] Clé Présente : HKLM\SOFTWARE\Classes\Toolbar.CT1757849
Clé Présente : HKCU\Toolbar
Clé Présente : HKCU\Software\BittorrentBar_FR
Clé Présente : HKCU\Software\Conduit
Clé Présente : HKCU\Software\Headlight
Clé Présente : HKCU\Software\PriceGong
Clé Présente : HKLM\SOFTWARE\Conduit
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Clé Présente : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v8.0.1 (fr)

Profil : 7vtfp1h0.default
Fichier : C:\Documents and Settings\EGB\Application Data\Mozilla\Firefox\Profiles\7vtfp1h0.default\prefs.js

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Google Chrome v13.0.782.112

Fichier : C:\Documents and Settings\EGB\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [2047 octets] - [15/03/2012 10:40:12]

########## EOF - C:\AdwCleaner[R1].txt - [2175 octets] ##########

Le rapport


# AdwCleaner v1.501 - Rapport créé le 15/03/2012 à 10:47:20
# Mis à jour le 04/03/2012 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : EGB - SECRETARIAT
# Exécuté depuis : C:\Documents and Settings\EGB\Bureau\images logiciel\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Documents and Settings\EGB\Application Data\GetRightToGo
Dossier Supprimé : C:\Documents and Settings\EGB\Application Data\PriceGong
Dossier Supprimé : C:\Documents and Settings\EGB\Local Settings\Application Data\BittorrentBar_FR
Dossier Supprimé : C:\Documents and Settings\EGB\Local Settings\Application Data\Conduit
Dossier Supprimé : C:\Program Files\Conduit

***** [H. Navipromo] *****


***** [Registre] *****

[*] Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT1757849
Clé Supprimée : HKCU\Toolbar
Clé Supprimée : HKCU\Software\BittorrentBar_FR
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\Headlight
Clé Supprimée : HKCU\Software\PriceGong
Clé Supprimée : HKLM\SOFTWARE\Conduit
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Le registre ne contient aucune entrée illégitime.

-\\ Mozilla Firefox v8.0.1 (fr)

Profil : 7vtfp1h0.default
Fichier : C:\Documents and Settings\EGB\Application Data\Mozilla\Firefox\Profiles\7vtfp1h0.default\prefs.js

C:\Documents and Settings\EGB\Application Data\Mozilla\Firefox\Profiles\7vtfp1h0.default\user.js ... Supprimé !

[OK] Le fichier ne contient aucune entrée illégitime.

-\\ Google Chrome v13.0.782.112

Fichier : C:\Documents and Settings\EGB\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] Le fichier ne contient aucune entrée illégitime.

*************************

AdwCleaner[R1].txt - [2176 octets] - [15/03/2012 10:40:12]
AdwCleaner[S1].txt - [2239 octets] - [15/03/2012 10:47:20]

########## EOF - C:\AdwCleaner[S1].txt - [2367 octets] ##########

2-Rapport de l'analyse Malwarebytes


Malwarebytes Anti-Malware (Essai) 1.60.1.1000
www.malwarebytes.org

Version de la base de données: v2012.03.17.04

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
AJMCI :: AJMCI-BEN [administrateur]

Protection: Activé

17/03/2012 09:51:22
mbam-log-2012-03-17 (09-51-22).txt

Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 504929
Temps écoulé: 1 heure(s), 50 minute(s), 35 seconde(s)

Processus mémoire détecté(s): 1
C:\Windows\System32\config\systemprofile\AppData\Local\NVIDIA Corporation\Update\daemonupd.exe (Trojan.Agent) -> 2040 -> Suppression au redémarrage.

Module(s) mémoire détecté(s): 1
C:\Windows\System32\pwd_2K.dll (RootKit.0Access.H) -> Suppression au redémarrage.

Clé(s) du Registre détectée(s): 2
HKLM\SYSTEM\CurrentControlSet\Services\nvUpdService (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès.
HKLM\SYSTEM\CurrentControlSet\Services\ServerNabs7 (Trojan.Agent) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Init (Spyware.Password) -> Données: "C:\Users\AJMCI\AppData\Roaming\xvy33umsygt3u1xzhjmztuazxzmarx2m2\svcnost.exe" -> Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 5
C:\Windows\System32\pwd_2K.dll (RootKit.0Access.H) -> Suppression au redémarrage.
C:\Users\AJMCI\zop.exe (Trojan.ZADrop.Gen1) -> Mis en quarantaine et supprimé avec succès.
M:\OFFICE 2010\mini-KMS_Activator_v1.052\mini-KMS_Activator_v1.052.exe (Riskware.Keygen) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\System32\drivers\str.sys (Rootkit.Agent) -> Mis en quarantaine et supprimé avec succès.
C:\Windows\System32\config\systemprofile\AppData\Local\NVIDIA Corporation\Update\daemonupd.exe (Trojan.Agent) -> Suppression au redémarrage.

(fin)

Je m'excuse pour le retard avec lequel je poste le rapport. C'est due au faite je n'arrivais pas à installer malwarebutes.

Le rapport


13:12:33.0940 8036 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
13:12:35.0437 8036 ============================================================
13:12:35.0437 8036 Current date / time: 2012/03/17 13:12:35.0437
13:12:35.0437 8036 SystemInfo:
13:12:35.0437 8036
13:12:35.0437 8036 OS Version: 6.1.7600 ServicePack: 0.0
13:12:35.0437 8036 Product type: Workstation
13:12:35.0437 8036 ComputerName: AJMCI-BEN
13:12:35.0437 8036 UserName: AJMCI
13:12:35.0437 8036 Windows directory: C:\Windows
13:12:35.0437 8036 System windows directory: C:\Windows
13:12:35.0437 8036 Processor architecture: Intel x86
13:12:35.0437 8036 Number of processors: 2
13:12:35.0437 8036 Page size: 0x1000
13:12:35.0437 8036 Boot type: Normal boot
13:12:35.0437 8036 ============================================================
13:12:36.0186 8036 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:12:36.0248 8036 Drive \Device\Harddisk6\DR6 - Size: 0x0 (0.00 Gb), SectorSize: 0x200, Cylinders: 0x0, SectorsPerTrack: 0x0, TracksPerCylinder: 0x0, Type 'W'
13:12:36.0248 8036 \Device\Harddisk0\DR0:
13:12:36.0248 8036 MBR used
13:12:36.0248 8036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1FF800
13:12:36.0248 8036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x200000, BlocksNum 0x3C00000
13:12:36.0248 8036 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3E00800, BlocksNum 0xC969000
13:12:36.0280 8036 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1076A000, BlocksNum 0x14620800
13:12:36.0280 8036 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x24D8A800, BlocksNum 0x69F000
13:12:36.0638 8036 Initialize success
13:12:36.0638 8036 ============================================================
13:12:39.0634 3620 ============================================================
13:12:39.0634 3620 Scan started
13:12:39.0634 3620 Mode: Manual;
13:12:39.0634 3620 ============================================================
13:12:40.0663 3620 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
13:12:40.0663 3620 1394ohci - ok
13:12:40.0726 3620 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
13:12:40.0726 3620 ACPI - ok
13:12:40.0772 3620 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
13:12:40.0772 3620 AcpiPmi - ok
13:12:40.0850 3620 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
13:12:40.0850 3620 adp94xx - ok
13:12:40.0928 3620 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
13:12:40.0928 3620 adpahci - ok
13:12:40.0960 3620 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
13:12:40.0960 3620 adpu320 - ok
13:12:41.0069 3620 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
13:12:41.0084 3620 AFD - ok
13:12:41.0116 3620 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
13:12:41.0116 3620 agp440 - ok
13:12:41.0162 3620 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
13:12:41.0162 3620 aic78xx - ok
13:12:41.0209 3620 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
13:12:41.0225 3620 aliide - ok
13:12:41.0256 3620 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
13:12:41.0256 3620 amdagp - ok
13:12:41.0287 3620 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
13:12:41.0287 3620 amdide - ok
13:12:41.0318 3620 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
13:12:41.0318 3620 AmdK8 - ok
13:12:41.0350 3620 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
13:12:41.0350 3620 AmdPPM - ok
13:12:41.0396 3620 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
13:12:41.0396 3620 amdsata - ok
13:12:41.0428 3620 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
13:12:41.0428 3620 amdsbs - ok
13:12:41.0443 3620 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
13:12:41.0443 3620 amdxata - ok
13:12:41.0490 3620 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
13:12:41.0490 3620 AppID - ok
13:12:41.0521 3620 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
13:12:41.0521 3620 arc - ok
13:12:41.0552 3620 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
13:12:41.0552 3620 arcsas - ok
13:12:41.0677 3620 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
13:12:41.0677 3620 AsyncMac - ok
13:12:41.0708 3620 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
13:12:41.0708 3620 atapi - ok
13:12:41.0802 3620 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
13:12:41.0802 3620 b06bdrv - ok
13:12:41.0833 3620 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
13:12:41.0833 3620 b57nd60x - ok
13:12:41.0896 3620 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
13:12:41.0896 3620 Beep - ok
13:12:41.0942 3620 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
13:12:41.0942 3620 blbdrive - ok
13:12:42.0020 3620 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
13:12:42.0020 3620 bowser - ok
13:12:42.0067 3620 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:12:42.0067 3620 BrFiltLo - ok
13:12:42.0098 3620 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:12:42.0098 3620 BrFiltUp - ok
13:12:42.0145 3620 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
13:12:42.0145 3620 Brserid - ok
13:12:42.0176 3620 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
13:12:42.0176 3620 BrSerWdm - ok
13:12:42.0192 3620 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:12:42.0192 3620 BrUsbMdm - ok
13:12:42.0192 3620 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
13:12:42.0208 3620 BrUsbSer - ok
13:12:42.0239 3620 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
13:12:42.0254 3620 BTHMODEM - ok
13:12:42.0379 3620 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
13:12:42.0379 3620 cdfs - ok
13:12:42.0410 3620 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
13:12:42.0410 3620 cdrom - ok
13:12:42.0442 3620 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
13:12:42.0442 3620 circlass - ok
13:12:42.0488 3620 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
13:12:42.0504 3620 CLFS - ok
13:12:42.0551 3620 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
13:12:42.0551 3620 CmBatt - ok
13:12:42.0566 3620 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
13:12:42.0566 3620 cmdide - ok
13:12:42.0613 3620 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
13:12:42.0613 3620 CNG - ok
13:12:42.0644 3620 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
13:12:42.0644 3620 Compbatt - ok
13:12:42.0676 3620 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:12:42.0676 3620 CompositeBus - ok
13:12:42.0722 3620 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
13:12:42.0738 3620 crcdisk - ok
13:12:42.0816 3620 CSC (dcd7e8964e9cdc9abecda03c81f5686d) C:\Windows\system32\drivers\csc.sys
13:12:42.0816 3620 CSC ( Virus.Win32.ZAccess.k ) - infected
13:12:42.0816 3620 CSC - detected Virus.Win32.ZAccess.k (0)
13:12:42.0910 3620 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
13:12:42.0910 3620 DfsC - ok
13:12:42.0956 3620 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
13:12:42.0956 3620 discache - ok
13:12:42.0988 3620 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
13:12:42.0988 3620 Disk - ok
13:12:43.0019 3620 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
13:12:43.0034 3620 drmkaud - ok
13:12:43.0112 3620 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
13:12:43.0128 3620 DXGKrnl - ok
13:12:43.0237 3620 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
13:12:43.0331 3620 ebdrv - ok
13:12:43.0362 3620 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
13:12:43.0378 3620 elxstor - ok
13:12:43.0393 3620 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
13:12:43.0393 3620 ErrDev - ok
13:12:43.0424 3620 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
13:12:43.0440 3620 exfat - ok
13:12:43.0471 3620 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
13:12:43.0487 3620 fastfat - ok
13:12:43.0518 3620 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
13:12:43.0518 3620 fdc - ok
13:12:43.0565 3620 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
13:12:43.0565 3620 FileInfo - ok
13:12:43.0596 3620 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
13:12:43.0596 3620 Filetrace - ok
13:12:43.0643 3620 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
13:12:43.0643 3620 flpydisk - ok
13:12:43.0690 3620 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
13:12:43.0690 3620 FltMgr - ok
13:12:43.0752 3620 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
13:12:43.0752 3620 FsDepends - ok
13:12:43.0799 3620 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
13:12:43.0799 3620 Fs_Rec - ok
13:12:43.0814 3620 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
13:12:43.0830 3620 fvevol - ok
13:12:43.0846 3620 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:12:43.0846 3620 gagp30kx - ok
13:12:43.0877 3620 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
13:12:43.0877 3620 hcw85cir - ok
13:12:43.0908 3620 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
13:12:43.0924 3620 HdAudAddService - ok
13:12:43.0939 3620 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:12:43.0939 3620 HDAudBus - ok
13:12:43.0955 3620 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
13:12:43.0955 3620 HidBatt - ok
13:12:43.0986 3620 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
13:12:43.0986 3620 HidBth - ok
13:12:44.0033 3620 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
13:12:44.0033 3620 HidIr - ok
13:12:44.0064 3620 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
13:12:44.0064 3620 HidUsb - ok
13:12:44.0111 3620 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:12:44.0126 3620 HpSAMD - ok
13:12:44.0158 3620 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
13:12:44.0173 3620 HTTP - ok
13:12:44.0251 3620 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys
13:12:44.0251 3620 hwdatacard - ok
13:12:44.0298 3620 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
13:12:44.0298 3620 hwpolicy - ok
13:12:44.0360 3620 hwusbfake (1d4d6d24256f61e6b08a3cf8184a78b8) C:\Windows\system32\DRIVERS\ewusbfake.sys
13:12:44.0360 3620 hwusbfake - ok
13:12:44.0376 3620 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
13:12:44.0376 3620 i8042prt - ok
13:12:44.0438 3620 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\drivers\iastor.sys
13:12:44.0438 3620 iaStor - ok
13:12:44.0470 3620 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
13:12:44.0470 3620 iaStorV - ok
13:12:44.0610 3620 igfx (a70c995199a47f326eef4f9f5e6267a1) C:\Windows\system32\DRIVERS\igdkmd32.sys
13:12:44.0641 3620 igfx - ok
13:12:44.0750 3620 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
13:12:44.0750 3620 iirsp - ok
13:12:44.0875 3620 IntcAzAudAddService (8ea8cd3e6f5835b0ba85e5b67a1a9bb1) C:\Windows\system32\drivers\RTKVHDA.sys
13:12:44.0891 3620 IntcAzAudAddService - ok
13:12:44.0922 3620 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
13:12:44.0922 3620 intelide - ok
13:12:45.0000 3620 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
13:12:45.0000 3620 intelppm - ok
13:12:45.0047 3620 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:12:45.0047 3620 IpFilterDriver - ok
13:12:45.0078 3620 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:12:45.0078 3620 IPMIDRV - ok
13:12:45.0125 3620 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
13:12:45.0125 3620 IPNAT - ok
13:12:45.0156 3620 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
13:12:45.0156 3620 IRENUM - ok
13:12:45.0172 3620 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
13:12:45.0187 3620 isapnp - ok
13:12:45.0203 3620 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
13:12:45.0203 3620 iScsiPrt - ok
13:12:45.0218 3620 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:12:45.0218 3620 kbdclass - ok
13:12:45.0265 3620 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
13:12:45.0265 3620 kbdhid - ok
13:12:45.0374 3620 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
13:12:45.0374 3620 KL1 - ok
13:12:45.0406 3620 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
13:12:45.0406 3620 kl2 - ok
13:12:45.0499 3620 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
13:12:45.0499 3620 KLIF - ok
13:12:45.0530 3620 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
13:12:45.0530 3620 KLIM6 - ok
13:12:45.0562 3620 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
13:12:45.0562 3620 klmouflt - ok
13:12:45.0608 3620 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
13:12:45.0624 3620 KSecDD - ok
13:12:45.0671 3620 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
13:12:45.0671 3620 KSecPkg - ok
13:12:45.0749 3620 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
13:12:45.0749 3620 lltdio - ok
13:12:45.0780 3620 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:12:45.0780 3620 LSI_FC - ok
13:12:45.0811 3620 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:12:45.0811 3620 LSI_SAS - ok
13:12:45.0842 3620 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:12:45.0842 3620 LSI_SAS2 - ok
13:12:45.0874 3620 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:12:45.0874 3620 LSI_SCSI - ok
13:12:45.0920 3620 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
13:12:45.0920 3620 luafv - ok
13:12:45.0998 3620 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
13:12:45.0998 3620 MBAMProtector - ok
13:12:46.0092 3620 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\Windows\system32\DRIVERS\mdc8021x.sys
13:12:46.0092 3620 MDC8021X - ok
13:12:46.0139 3620 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
13:12:46.0139 3620 megasas - ok
13:12:46.0186 3620 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
13:12:46.0186 3620 MegaSR - ok
13:12:46.0248 3620 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
13:12:46.0248 3620 Modem - ok
13:12:46.0264 3620 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
13:12:46.0264 3620 monitor - ok
13:12:46.0326 3620 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
13:12:46.0326 3620 mouclass - ok
13:12:46.0373 3620 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
13:12:46.0373 3620 mouhid - ok
13:12:46.0404 3620 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
13:12:46.0404 3620 mountmgr - ok
13:12:46.0451 3620 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
13:12:46.0451 3620 mpio - ok
13:12:46.0482 3620 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
13:12:46.0482 3620 mpsdrv - ok
13:12:46.0513 3620 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
13:12:46.0513 3620 MRxDAV - ok
13:12:46.0560 3620 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:12:46.0560 3620 mrxsmb - ok
13:12:46.0591 3620 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:12:46.0591 3620 mrxsmb10 - ok
13:12:46.0622 3620 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:12:46.0622 3620 mrxsmb20 - ok
13:12:46.0654 3620 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
13:12:46.0654 3620 msahci - ok
13:12:46.0685 3620 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
13:12:46.0685 3620 msdsm - ok
13:12:46.0732 3620 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
13:12:46.0732 3620 Msfs - ok
13:12:46.0763 3620 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
13:12:46.0763 3620 mshidkmdf - ok
13:12:46.0794 3620 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
13:12:46.0794 3620 msisadrv - ok
13:12:46.0810 3620 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
13:12:46.0825 3620 MSKSSRV - ok
13:12:46.0841 3620 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
13:12:46.0841 3620 MSPCLOCK - ok
13:12:46.0888 3620 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
13:12:46.0888 3620 MSPQM - ok
13:12:46.0919 3620 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
13:12:46.0919 3620 MsRPC - ok
13:12:46.0966 3620 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
13:12:46.0966 3620 mssmbios - ok
13:12:46.0981 3620 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
13:12:46.0981 3620 MSTEE - ok
13:12:46.0997 3620 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
13:12:46.0997 3620 MTConfig - ok
13:12:47.0028 3620 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
13:12:47.0028 3620 Mup - ok
13:12:47.0059 3620 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
13:12:47.0059 3620 NativeWifiP - ok
13:12:47.0137 3620 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
13:12:47.0153 3620 NDIS - ok
13:12:47.0168 3620 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
13:12:47.0168 3620 NdisCap - ok
13:12:47.0200 3620 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
13:12:47.0200 3620 NdisTapi - ok
13:12:47.0215 3620 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
13:12:47.0231 3620 Ndisuio - ok
13:12:47.0262 3620 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
13:12:47.0262 3620 NdisWan - ok
13:12:47.0293 3620 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
13:12:47.0293 3620 NDProxy - ok
13:12:47.0387 3620 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
13:12:47.0402 3620 NetBIOS - ok
13:12:47.0449 3620 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
13:12:47.0449 3620 NetBT - ok
13:12:47.0496 3620 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
13:12:47.0496 3620 nfrd960 - ok
13:12:47.0543 3620 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
13:12:47.0543 3620 Npfs - ok
13:12:47.0558 3620 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
13:12:47.0558 3620 nsiproxy - ok
13:12:47.0683 3620 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
13:12:47.0714 3620 Ntfs - ok
13:12:47.0746 3620 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
13:12:47.0746 3620 Null - ok
13:12:47.0777 3620 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
13:12:47.0777 3620 nvraid - ok
13:12:47.0824 3620 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
13:12:47.0824 3620 nvstor - ok
13:12:47.0870 3620 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
13:12:47.0870 3620 nv_agp - ok
13:12:47.0902 3620 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
13:12:47.0902 3620 ohci1394 - ok
13:12:47.0980 3620 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
13:12:47.0995 3620 Parport - ok
13:12:48.0011 3620 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
13:12:48.0026 3620 partmgr - ok
13:12:48.0058 3620 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
13:12:48.0073 3620 Parvdm - ok
13:12:48.0104 3620 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
13:12:48.0104 3620 pci - ok
13:12:48.0120 3620 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
13:12:48.0136 3620 pciide - ok
13:12:48.0167 3620 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
13:12:48.0167 3620 pcmcia - ok
13:12:48.0198 3620 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
13:12:48.0198 3620 pcw - ok
13:12:48.0260 3620 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
13:12:48.0276 3620 PEAUTH - ok
13:12:48.0385 3620 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
13:12:48.0385 3620 PptpMiniport - ok
13:12:48.0416 3620 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
13:12:48.0416 3620 Processor - ok
13:12:48.0463 3620 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
13:12:48.0466 3620 Psched - ok
13:12:48.0559 3620 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
13:12:48.0574 3620 ql2300 - ok
13:12:48.0612 3620 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
13:12:48.0617 3620 ql40xx - ok
13:12:48.0655 3620 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
13:12:48.0656 3620 QWAVEdrv - ok
13:12:48.0673 3620 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
13:12:48.0674 3620 RasAcd - ok
13:12:48.0719 3620 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:12:48.0720 3620 RasAgileVpn - ok
13:12:48.0747 3620 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:12:48.0750 3620 Rasl2tp - ok
13:12:48.0765 3620 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
13:12:48.0766 3620 RasPppoe - ok
13:12:48.0778 3620 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
13:12:48.0781 3620 RasSstp - ok
13:12:48.0797 3620 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
13:12:48.0800 3620 rdbss - ok
13:12:48.0813 3620 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
13:12:48.0814 3620 rdpbus - ok
13:12:48.0836 3620 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:12:48.0837 3620 RDPCDD - ok
13:12:48.0873 3620 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
13:12:48.0875 3620 RDPDR - ok
13:12:48.0891 3620 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
13:12:48.0892 3620 RDPENCDD - ok
13:12:48.0914 3620 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
13:12:48.0915 3620 RDPREFMP - ok
13:12:48.0976 3620 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
13:12:48.0980 3620 RDPWD - ok
13:12:49.0011 3620 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
13:12:49.0015 3620 rdyboost - ok
13:12:49.0117 3620 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
13:12:49.0119 3620 RimUsb - ok
13:12:49.0166 3620 RMCAST (b4090006a82eeb608c358ab5d37de85a) C:\Windows\system32\DRIVERS\RMCAST.sys
13:12:49.0170 3620 RMCAST - ok
13:12:49.0249 3620 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
13:12:49.0253 3620 rspndr - ok
13:12:49.0345 3620 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\Windows\system32\DRIVERS\Rt86win7.sys
13:12:49.0349 3620 RTL8167 - ok
13:12:49.0403 3620 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
13:12:49.0405 3620 s3cap - ok
13:12:49.0439 3620 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
13:12:49.0442 3620 sbp2port - ok
13:12:49.0465 3620 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
13:12:49.0465 3620 scfilter - ok
13:12:49.0512 3620 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:12:49.0512 3620 secdrv - ok
13:12:49.0559 3620 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
13:12:49.0559 3620 Serenum - ok
13:12:49.0606 3620 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
13:12:49.0606 3620 Serial - ok
13:12:49.0637 3620 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
13:12:49.0637 3620 sermouse - ok
13:12:49.0668 3620 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
13:12:49.0684 3620 sffdisk - ok
13:12:49.0699 3620 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:12:49.0699 3620 sffp_mmc - ok
13:12:49.0715 3620 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:12:49.0715 3620 sffp_sd - ok
13:12:49.0762 3620 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
13:12:49.0762 3620 sfloppy - ok
13:12:49.0793 3620 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
13:12:49.0793 3620 sisagp - ok
13:12:49.0824 3620 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:12:49.0824 3620 SiSRaid2 - ok
13:12:49.0871 3620 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
13:12:49.0871 3620 SiSRaid4 - ok
13:12:49.0918 3620 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
13:12:49.0918 3620 Smb - ok
13:12:49.0949 3620 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
13:12:49.0949 3620 spldr - ok
13:12:50.0058 3620 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys
13:12:50.0074 3620 srv - ok
13:12:50.0152 3620 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
13:12:50.0152 3620 srv2 - ok
13:12:50.0214 3620 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys
13:12:50.0214 3620 srvnet - ok
13:12:50.0245 3620 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
13:12:50.0245 3620 stexstor - ok
13:12:50.0292 3620 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
13:12:50.0292 3620 storflt - ok
13:12:50.0355 3620 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
13:12:50.0355 3620 storvsc - ok
13:12:50.0386 3620 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
13:12:50.0386 3620 swenum - ok
13:12:50.0464 3620 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
13:12:50.0464 3620 Tcpip - ok
13:12:50.0511 3620 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
13:12:50.0526 3620 TCPIP6 - ok
13:12:50.0573 3620 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
13:12:50.0573 3620 tcpipreg - ok
13:12:50.0589 3620 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
13:12:50.0589 3620 TDPIPE - ok
13:12:50.0635 3620 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
13:12:50.0635 3620 TDTCP - ok
13:12:50.0667 3620 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
13:12:50.0685 3620 tdx - ok
13:12:50.0731 3620 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
13:12:50.0732 3620 TermDD - ok
13:12:50.0839 3620 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:12:50.0841 3620 tssecsrv - ok
13:12:50.0882 3620 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
13:12:50.0884 3620 tunnel - ok
13:12:50.0909 3620 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
13:12:50.0910 3620 uagp35 - ok
13:12:50.0930 3620 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
13:12:50.0934 3620 udfs - ok
13:12:50.0964 3620 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:12:50.0965 3620 uliagpkx - ok
13:12:50.0985 3620 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
13:12:50.0986 3620 umbus - ok
13:12:51.0001 3620 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
13:12:51.0003 3620 UmPass - ok
13:12:51.0081 3620 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
13:12:51.0086 3620 usbccgp - ok
13:12:51.0116 3620 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
13:12:51.0120 3620 usbcir - ok
13:12:51.0157 3620 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
13:12:51.0159 3620 usbehci - ok
13:12:51.0219 3620 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
13:12:51.0223 3620 usbhub - ok
13:12:51.0255 3620 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
13:12:51.0256 3620 usbohci - ok
13:12:51.0282 3620 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
13:12:51.0284 3620 usbprint - ok
13:12:51.0324 3620 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
13:12:51.0326 3620 usbscan - ok
13:12:51.0347 3620 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:12:51.0349 3620 USBSTOR - ok
13:12:51.0382 3620 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
13:12:51.0383 3620 usbuhci - ok
13:12:51.0435 3620 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:12:51.0436 3620 vdrvroot - ok
13:12:51.0473 3620 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
13:12:51.0474 3620 vga - ok
13:12:51.0510 3620 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
13:12:51.0511 3620 VgaSave - ok
13:12:51.0547 3620 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
13:12:51.0552 3620 vhdmp - ok
13:12:51.0584 3620 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
13:12:51.0586 3620 viaagp - ok
13:12:51.0611 3620 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
13:12:51.0613 3620 ViaC7 - ok
13:12:51.0641 3620 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
13:12:51.0643 3620 viaide - ok
13:12:51.0658 3620 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
13:12:51.0658 3620 vmbus - ok
13:12:51.0689 3620 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
13:12:51.0705 3620 VMBusHID - ok
13:12:51.0752 3620 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
13:12:51.0752 3620 volmgr - ok
13:12:51.0814 3620 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
13:12:51.0814 3620 volmgrx - ok
13:12:51.0892 3620 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
13:12:51.0892 3620 volsnap - ok
13:12:51.0908 3620 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
13:12:51.0923 3620 vsmraid - ok
13:12:51.0939 3620 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
13:12:51.0939 3620 vwifibus - ok
13:12:52.0001 3620 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
13:12:52.0001 3620 WacomPen - ok
13:12:52.0017 3620 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
13:12:52.0033 3620 WANARP - ok
13:12:52.0048 3620 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
13:12:52.0048 3620 Wanarpv6 - ok
13:12:52.0095 3620 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
13:12:52.0095 3620 Wd - ok
13:12:52.0142 3620 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
13:12:52.0142 3620 Wdf01000 - ok
13:12:52.0220 3620 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
13:12:52.0220 3620 WfpLwf - ok
13:12:52.0267 3620 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
13:12:52.0267 3620 WIMMount - ok
13:12:52.0360 3620 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
13:12:52.0360 3620 WinUsb - ok
13:12:52.0407 3620 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:12:52.0407 3620 WmiAcpi - ok
13:12:52.0454 3620 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
13:12:52.0454 3620 ws2ifsl - ok
13:12:52.0501 3620 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
13:12:52.0501 3620 WudfPf - ok
13:12:52.0563 3620 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:12:52.0563 3620 WUDFRd - ok
13:12:52.0641 3620 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:12:52.0699 3620 \Device\Harddisk0\DR0 - ok
13:12:52.0704 3620 Boot (0x1200) (fc0e47bb2a8a2d3f5e0d05763330f579) \Device\Harddisk0\DR0\Partition0
13:12:52.0706 3620 \Device\Harddisk0\DR0\Partition0 - ok
13:12:52.0718 3620 Boot (0x1200) (c2b65c892206b52213104ccfd34f6e25) \Device\Harddisk0\DR0\Partition1
13:12:52.0726 3620 \Device\Harddisk0\DR0\Partition1 - ok
13:12:52.0746 3620 Boot (0x1200) (d418d7676323622b8ac3a9565c233935) \Device\Harddisk0\DR0\Partition2
13:12:52.0748 3620 \Device\Harddisk0\DR0\Partition2 - ok
13:12:52.0771 3620 Boot (0x1200) (4b70266e8f3eb5abd94c88708be581af) \Device\Harddisk0\DR0\Partition3
13:12:52.0776 3620 \Device\Harddisk0\DR0\Partition3 - ok
13:12:52.0814 3620 Boot (0x1200) (f5782afcda915a4e6b2d925afdc840da) \Device\Harddisk0\DR0\Partition4
13:12:52.0816 3620 \Device\Harddisk0\DR0\Partition4 - ok
13:12:52.0817 3620 ============================================================
13:12:52.0817 3620 Scan finished
13:12:52.0817 3620 ============================================================
13:12:52.0831 7144 Detected object count: 1
13:12:52.0831 7144 Actual detected object count: 1
13:13:52.0773 7144 C:\Windows\system32\drivers\csc.sys - copied to quarantine
13:13:52.0789 7144 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\csc.sys) error 1813
13:13:55.0410 7144 Backup copy found, using it..
13:13:55.0425 7144 C:\Windows\system32\drivers\csc.sys - will be cured on reboot
13:13:57.0890 7144 CSC ( Virus.Win32.ZAccess.k ) - User select action: Cure
13:14:01.0946 6060 Deinitialize success

ComboFix 12-03-16.05 - AJMCI 17/03/2012 15:57:29.1.2 - x86
Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.2013.929 [GMT 0:00]
Lancé depuis: c:\users\AJMCI\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\AJMCI\AppData\Roaming\.#
c:\users\AJMCI\AppData\Roaming\.#\MBX@BE4@1AE2730.###
c:\users\AJMCI\AppData\Roaming\.#\MBX@BE4@1AE2760.###
c:\users\AJMCI\AppData\Roaming\.#\MBX@BF8@19E2730.###
c:\users\AJMCI\AppData\Roaming\.#\MBX@BF8@19E2760.###
c:\users\AJMCI\AppData\Roaming\desktop.ini
c:\users\AJMCI\AppData\Roaming\ntuser.dat
c:\users\AJMCI\Documents\~WRL4009.tmp
c:\users\AJMCI\laocu.exe /W
c:\users\AJMCI\miumuf.exe /G
c:\users\AJMCI\WINDOWS
c:\windows\$NtUninstallKB32445$
c:\windows\$NtUninstallKB32445$\3710108780
c:\windows\$NtUninstallKB32445$\721507772\@
c:\windows\$NtUninstallKB32445$\721507772\cfg.ini
c:\windows\$NtUninstallKB32445$\721507772\Desktop.ini
c:\windows\$NtUninstallKB32445$\721507772\L\xadqgnnk
c:\windows\$NtUninstallKB32445$\721507772\twl.dll
c:\windows\$NtUninstallKB32445$\721507772\U\00000001.@
c:\windows\$NtUninstallKB32445$\721507772\U\00000002.@
c:\windows\$NtUninstallKB32445$\721507772\U\00000004.@
c:\windows\$NtUninstallKB32445$\721507772\U\80000000.@
c:\windows\$NtUninstallKB32445$\721507772\U\80000004.@
c:\windows\$NtUninstallKB32445$\721507772\U\80000032.@
c:\windows\$NtUninstallKB32445$\721507772\version
c:\windows\system32\config\systemprofile\AppData\Local\sLT.exf
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-02-17 au 2012-03-17 ))))))))))))))))))))))))))))))))))))
.
.
2012-03-17 16:10 . 2012-03-17 16:14 -------- d-----w- c:\users\AJMCI\AppData\Local\temp
2012-03-17 16:10 . 2012-03-17 16:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-17 16:10 . 2012-03-17 16:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-17 15:57 . 2012-03-17 15:57 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2012-03-17 13:13 . 2012-03-17 13:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-17 09:45 . 2012-03-17 09:45 -------- d-----w- c:\users\AJMCI\AppData\Roaming\Malwarebytes
2012-03-17 09:45 . 2012-03-17 09:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-17 09:45 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-17 09:31 . 2012-03-17 09:31 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-03-17 09:31 . 2012-03-17 09:31 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-03-17 09:30 . 2012-03-17 09:30 -------- d-----w- c:\program files\Kaspersky Lab
2012-03-13 18:32 . 2012-03-13 19:03 -------- d-----w- c:\programdata\AVAST Software
2012-03-13 18:32 . 2012-03-13 19:03 -------- d-----w- c:\program files\AVAST Software
2012-03-13 18:24 . 2012-03-13 18:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\HP
2012-03-13 13:37 . 2012-03-13 13:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Nero
2012-03-13 13:12 . 2012-03-13 18:49 -------- d-----w- C:\UsbFix
2012-03-13 12:52 . 2012-03-13 12:52 -------- d-----w- C:\kleaner.tmp
2012-03-12 16:26 . 2012-03-12 16:26 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\PDFC
2012-03-12 13:12 . 2012-03-12 13:12 -------- d-----w- c:\program files\ESET
2012-03-12 12:32 . 2012-03-15 11:52 -------- d-----w- c:\users\AJMCI\AppData\Roaming\xvy33umsygt3u1xzhjmztuazxzmarx2m2
2012-03-12 10:59 . 2012-03-12 10:59 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Google
2012-03-12 10:59 . 2012-03-12 10:59 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\NVIDIA Corporation
2012-03-11 17:19 . 2012-03-11 17:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-03-10 18:03 . 2012-03-10 18:32 -------- d-----w- c:\users\AJMCI\AppData\Local\Facebook
2012-03-10 16:09 . 2012-03-10 16:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2012-03-10 16:04 . 2012-03-13 13:43 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2012-03-10 15:05 . 2012-03-10 15:05 -------- d-----w- C:\temp
2012-03-08 13:04 . 2012-03-15 11:52 -------- d-----w- c:\users\AJMCI\AppData\Roaming\xruql2de3ndfxfuxjmbsmkwk1mhohcnb2
2012-03-07 11:56 . 2012-03-07 11:56 -------- d-----w- c:\programdata\HP Product Assistant
2012-03-06 16:39 . 2010-06-29 15:15 286720 ----a-w- c:\windows\system32\HP1006LM.DLL
2012-03-03 17:44 . 2010-06-29 15:15 293888 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HP1006S.DLL
2012-02-18 18:10 . 2012-01-17 04:39 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC93367D-DACC-423D-A427-DFE58F1F05FB}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-17 13:19 . 2009-07-13 23:15 387584 ----a-w- c:\windows\system32\drivers\csc.sys
2012-01-29 05:10 . 2010-10-23 17:13 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-06 12:35 . 2011-05-07 14:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"BIBLauncher"="c:\program files\Business-in-a-Box\BIBLauncher.exe" [2011-03-15 901600]
"Facebook Update"="c:\users\AJMCI\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-10 137536]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-10 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-10 151064]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"SlipStream"="c:\program files\Orange Cote d Ivoire Booster\slipcore.exe" [2010-03-26 323584]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Orange Cote d Ivoire Booster.lnk - c:\program files\Orange Cote d Ivoire Booster\slipgui.exe [2011-9-14 208896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 bzhcpubqltvll;bzhcpubqltvll;c:\windows\TEMP\DATA505.tmp.exe [x]
R2 dugdbeeq;Microsoft Hardware Error Device Support;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-07-15 103040]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 PROCEXP113;PROCEXP113;c:\windows\system32\Drivers\PROCEXP113.SYS [2012-03-17 12568]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
btwdins
co_mon
cwafnotesservice
adiloader
mwssched
cwafreportscheduler
arhidfltr
adminserver
dugdbeeq
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 10:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-07-14 01:14 126464 ----a-w- c:\windows\System32\advpack.dll
.
Contenu du dossier 'Tâches planifiées'
.
2012-03-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3530667064-976285209-3027803733-1000Core.job
- c:\users\AJMCI\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-10 18:03]
.
2012-03-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3530667064-976285209-3027803733-1000UA.job
- c:\users\AJMCI\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-10 18:03]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/?fr=fp-yie9
uDefault_Search_URL = hxxp://www.qlubic.fr/cms/?cx=partner-pub-9329429930782701%3Axk62xs-ypgx&cof=FORID%3A10&ie=ISO-8859-1&q={searchTerms}&sa=Rechercher#1086
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_FR&c=93&bd=all&pf=cmdt
uInternet Settings,ProxyOverride = *.local
IE: &Envoyer à OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Ajouter au fichier PDF existant - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ajouter à l'Anti-bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Convertir en Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Télécharger en utilisant Download &Express - c:\program files\Download Express\Add_Url.htm
LSP: c:\progra~1\ORANGE~1\sliplsp.dll
TCP: DhcpNameServer = 192.168.2.1
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
FF - ProfilePath - c:\users\AJMCI\AppData\Roaming\Mozilla\Firefox\Profiles\cv1phr7e.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
BHO-{F417FF94-6D1C-4D59-DC7B-83B390C768E7} - c:\windows\system32\rlturthu.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-HPADVISOR - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HKCU-Run-logo rapids - G:\logo rapids.exe
HKCU-Run-laocu - c:\users\AJMCI\laocu.exe
HKCU-Run-miumuf - c:\users\AJMCI\miumuf.exe
HKLM-Run-GSISETUP - m:\dsl-20~1.11\DSL-20~1.11\setup.exe
HKLM-Run-BEWINTERNET-RTUSessionManager - c:\program files\Connection Kit\SessionManager\SessionManager.exe
SafeBoot-22432404.sys
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MpsSvc]
"ImagePath"="."
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Yahoo!\Messenger\YahooMessenger.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Heure de fin: 2012-03-17 16:20:18 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-03-17 16:20
.
Avant-CF: 158 982 144 octets libres
Après-CF: 2 280 730 624 octets libres
.
- - End Of File - - 9002F1BC49EE1A478D0D285DF0E15F1E

ComboFix 12-03-16.05 - AJMCI 19/03/2012 13:55:58.2.2 - x86
Microsoft Windows 7 Professionnel 6.1.7600.0.1252.33.1036.18.2013.784 [GMT 0:00]
Lancé depuis: c:\users\AJMCI\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\AJMCI\Desktop\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\AJMCI\AppData\Roaming\xruql2de3ndfxfuxjmbsmkwk1mhohcnb2
c:\users\AJMCI\AppData\Roaming\xvy33umsygt3u1xzhjmztuazxzmarx2m2
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_bzhcpubqltvll
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-02-19 au 2012-03-19 ))))))))))))))))))))))))))))))))))))
.
.
2012-03-19 14:07 . 2012-03-19 14:07 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-19 14:07 . 2012-03-19 14:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-19 10:22 . 2012-03-19 10:22 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC93367D-DACC-423D-A427-DFE58F1F05FB}\offreg.dll
2012-03-17 16:10 . 2012-03-19 14:10 -------- d-----w- c:\users\AJMCI\AppData\Local\temp
2012-03-17 13:13 . 2012-03-17 13:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-17 09:45 . 2012-03-17 09:45 -------- d-----w- c:\users\AJMCI\AppData\Roaming\Malwarebytes
2012-03-17 09:45 . 2012-03-17 09:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-17 09:45 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-17 09:31 . 2012-03-17 09:31 97961 ----a-w- c:\windows\system32\drivers\klick.dat
2012-03-17 09:31 . 2012-03-17 09:31 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2012-03-17 09:30 . 2012-03-17 09:30 -------- d-----w- c:\program files\Kaspersky Lab
2012-03-13 18:32 . 2012-03-13 19:03 -------- d-----w- c:\programdata\AVAST Software
2012-03-13 18:32 . 2012-03-13 19:03 -------- d-----w- c:\program files\AVAST Software
2012-03-13 18:24 . 2012-03-13 18:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\HP
2012-03-13 13:37 . 2012-03-13 13:38 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Nero
2012-03-13 13:12 . 2012-03-13 18:49 -------- d-----w- C:\UsbFix
2012-03-13 12:52 . 2012-03-13 12:52 -------- d-----w- C:\kleaner.tmp
2012-03-12 16:26 . 2012-03-12 16:26 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\PDFC
2012-03-12 13:12 . 2012-03-12 13:12 -------- d-----w- c:\program files\ESET
2012-03-12 10:59 . 2012-03-12 10:59 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Google
2012-03-12 10:59 . 2012-03-12 10:59 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\NVIDIA Corporation
2012-03-11 17:19 . 2012-03-11 17:19 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-03-10 18:03 . 2012-03-10 18:32 -------- d-----w- c:\users\AJMCI\AppData\Local\Facebook
2012-03-10 16:09 . 2012-03-10 16:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2012-03-10 16:04 . 2012-03-13 13:43 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2012-03-10 15:05 . 2012-03-10 15:05 -------- d-----w- C:\temp
2012-03-07 11:56 . 2012-03-07 11:56 -------- d-----w- c:\programdata\HP Product Assistant
2012-03-06 16:39 . 2010-06-29 15:15 286720 ----a-w- c:\windows\system32\HP1006LM.DLL
2012-03-03 17:44 . 2010-06-29 15:15 293888 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HP1006S.DLL
2012-02-18 18:10 . 2012-01-17 04:39 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC93367D-DACC-423D-A427-DFE58F1F05FB}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-17 13:19 . 2009-07-13 23:15 387584 ----a-w- c:\windows\system32\drivers\csc.sys
2012-01-29 05:10 . 2010-10-23 17:13 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-06 12:35 . 2011-05-07 14:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"BIBLauncher"="c:\program files\Business-in-a-Box\BIBLauncher.exe" [2011-03-15 901600]
"Facebook Update"="c:\users\AJMCI\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-03-10 137536]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-10 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-10 151064]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"SlipStream"="c:\program files\Orange Cote d Ivoire Booster\slipcore.exe" [2010-03-26 323584]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Orange Cote d Ivoire Booster.lnk - c:\program files\Orange Cote d Ivoire Booster\slipgui.exe [2011-9-14 208896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 dugdbeeq;Microsoft Hardware Error Device Support;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-07-15 103040]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
btwdins
co_mon
cwafnotesservice
adiloader
mwssched
cwafreportscheduler
arhidfltr
adminserver
dugdbeeq
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 10:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-07-14 01:14 126464 ----a-w- c:\windows\System32\advpack.dll
.
Contenu du dossier 'Tâches planifiées'
.
2012-03-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3530667064-976285209-3027803733-1000Core.job
- c:\users\AJMCI\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-10 18:03]
.
2012-03-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3530667064-976285209-3027803733-1000UA.job
- c:\users\AJMCI\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-10 18:03]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://fr.yahoo.com/?fr=fp-yie9
uDefault_Search_URL = hxxp://www.qlubic.fr/cms/?cx=partner-pub-9329429930782701%3Axk62xs-ypgx&cof=FORID%3A10&ie=ISO-8859-1&q={searchTerms}&sa=Rechercher#1086
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_FR&c=93&bd=all&pf=cmdt
uInternet Settings,ProxyOverride = *.local
IE: &Envoyer à OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Ajouter au fichier PDF existant - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ajouter à l'Anti-bannière - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Convertir en Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - d:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Télécharger en utilisant Download &Express - c:\program files\Download Express\Add_Url.htm
LSP: c:\progra~1\ORANGE~1\sliplsp.dll
TCP: DhcpNameServer = 192.168.2.1
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
FF - ProfilePath - c:\users\AJMCI\AppData\Roaming\Mozilla\Firefox\Profiles\cv1phr7e.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MpsSvc]
"ImagePath"="."
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(4340)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\taskhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\system32\sppsvc.exe
c:\program files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Heure de fin: 2012-03-19 14:16:11 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-03-19 14:16
ComboFix2.txt 2012-03-17 16:20
.
Avant-CF: 2 240 958 464 octets libres
Après-CF: 1 941 864 448 octets libres
.
- - End Of File - - B607058B89122150ACA0294DDFFC39C3

Oui à part un ficher d'Adobe que je vais mettre à jour après.

Voici le rapport


Malwarebytes Anti-Malware (Essai) 1.60.1.1000
www.malwarebytes.org

Version de la base de données: v2012.03.19.03

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
AJMCI :: AJMCI-BEN [administrateur]

Protection: Activé

20/03/2012 07:41:05
mbam-log-2012-03-20 (07-41-05).txt

Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 491385
Temps écoulé: 1 heure(s), 5 minute(s), 22 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)

Ok, je lance l'analyse à nouveau

Voici le rapport

Rapport de ZHPDiag v1.28.34 par Nicolas Coolman, Update du 06/03/2012
Run by AJMCI at 22/03/2012 16:05:26
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Web site : http://nicolascoolman.skyrock.com/
State : Nouvelle version disponible


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
MFIE: Mozilla Firefox 8.0.1 v8.0.1
GCIE: Google Chrome v15.0.874.121

---\\ Windows Product Information
~ Langage: Français
Windows 7 Business Edition, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 6P6GT
Windows License : OK
~ Windows Remaining Initializations Number : 2
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2013 MB (34% free)
System Restore: Activé (Enable)
System drive C: has 2 GB (6%) free of 30 GB

---\\ Logged in mode
~ Computer Name: AJMCI-BEN
~ User Name: AJMCI
~ All Users Names: ASPNET, AJMCI, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\AJMCI\AppData\Roaming\
~ %Desktop% : C:\Users\AJMCI\Desktop\
~ %Favorites% : C:\Users\AJMCI\Favorites\
~ %LocalAppData% : C:\Users\AJMCI\AppData\Local\
~ %StartMenu% : C:\Users\AJMCI\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\system32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 30 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 96 Go of 101 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 3 Go)
F:\ CD-ROM drive (Free 0 Go of 0 Go)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
L:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
M:\ Hard drive, Flash drive, Thumb drive (Free 61 Go of 163 Go)
N:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoStartMenuSubFolder: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoClose: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoDispScrSavPage: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services] wscsvc : OK
~ Scan Security Center in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.15BC38A7492BEFE831966ADB477CF76F] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2009 - 01:14:20.) -- C:\Windows\Explorer.exe [2613248]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) (.14/07/2009 - 01:14:31.) -- C:\Windows\system32\rundll32.exe [44544]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\system32\Wininit.exe [96256]
[MD5.A1236375B74EA63C75657D564890C436] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/06/2011 - 10:56:53.) -- C:\Windows\system32\wininet.dll [1126912]
[MD5.8EC6A4AB12B8F3759E21F8E3A388F2CF] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.14/07/2009 - 01:14:45.) -- C:\Windows\system32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 01:16:15.) -- C:\Windows\system32\sppcomapi.dll [193024]
[MD5.D8714A5FB3141F8226D16861F20C5AC4] - (.Microsoft Corporation - DLL client de l'API uilisateur de Windows multi-utilisateurs.) (.22/10/2010 - 03:19:18.) -- C:\Windows\system32\fr-FR\user32.dll.mui [19968]
[MD5.DDC040FDB01EF1712A6B13E52AFB104C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/07/2009 - 23:12:38.) -- C:\Windows\system32\drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 01:26:15.) -- C:\Windows\system32\drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 23:11:15.) -- C:\Windows\system32\drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 23:11:26.) -- C:\Windows\system32\drivers\Cdrom.sys [108544]
[MD5.8E09E52EE2E3CEB199EF3DD99CF9E3FB] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.13/07/2009 - 23:14:17.) -- C:\Windows\system32\drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 23:50:56.) -- C:\Windows\system32\drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/07/2009 - 23:11:24.) -- C:\Windows\system32\drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 23:54:29.) -- C:\Windows\system32\drivers\IpNat.sys [101888]
[MD5.F4A054BE78AF7F410129C4B64B07DC9B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2009 - 23:14:26.) -- C:\Windows\system32\drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 23:12:21.) -- C:\Windows\system32\drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 01:20:44.) -- C:\Windows\system32\drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/07/2009 - 23:45:35.) -- C:\Windows\system32\drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 23:54:34.) -- C:\Windows\system32\drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 00:02:58.) -- C:\Windows\system32\drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 23:53:41.) -- C:\Windows\system32\drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 23:12:11.) -- C:\Windows\system32\drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 01:19:10.) -- C:\Windows\system32\drivers\volsnap.sys [245328]
~ Scan Generic Processes in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/33
~ Mes musiques (My Musics) : 1/45
~ Mes Favoris (My Favorites) : Non accessible (Not found)
~ Mes Documents (My Documents) : 97/1444
~ Mon Bureau (My Desktop) : 11/18
~ Menu demarrer (Programs) : 7/38
~ Scan Hidden Files in 00mn 01s



---\\ Processus lancés
[MD5.3EC400117D91574D1EBD18B9389D1FB0] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.3080]
[MD5.89F238836312BACF691D0066F9EA5D9D] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [174104] [PID.1328]
[MD5.ADC1259CB47D07C69D260049A5A09D7B] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [151064] [PID.1204]
[MD5.16A4702906C57DD1487EEEE5763BDEF3] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.1960]
[MD5.4D042B1F1375CF371AFBE0E0276BA627] - (.Adobe Systems Inc. - AcroTray.) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [624248] [PID.1988]
[MD5.CB873CE488AB7D78BA21D3E358CF6D13] - (.SlipStream Data Inc. - Accelerator Core Services.) -- C:\Program Files\Orange Cote d Ivoire Booster\slipcore.exe [323584] [PID.3804]
[MD5.21293443961A4E2597453EE7A9347F22] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54840] [PID.4052]
[MD5.2718DC27571BD1E37813F5759D2DC118] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [202296] [PID.]
[MD5.60D0647A2DC2D397B84D0AFB0808F85D] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [460872] [PID.2292]
[MD5.4A9295C9BE22739D030AB072E9A0B169] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392] [PID.3840]
[MD5.817F3DB00337569001B7DC9814F121B5] - (.Pas de propriétaire - Business-in-a-Box Launcher Application.) -- C:\Program Files\Business-in-a-Box\BIBLauncher.exe [901600] [PID.]
[MD5.B54921381A950C8215FB363B485C432B] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [270336] [PID.1484]
[MD5.97A82D969808125BA6D23424C34422FA] - (.SlipStream Data Inc. - Accelerator User Interface.) -- C:\Program Files\Orange Cote d Ivoire Booster\slipgui.exe [208896] [PID.1200]
[MD5.F16EEA6CCA9D8A7D1193AE80E43FBBC7] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [168960] [PID.2128]
[MD5.8A9FACCB684500829F7D0BCC67B386CC] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe [559104] [PID.4036]
[MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.3592]
[MD5.5C3F2845926655E66BCCE56DD015F6CA] - (.Hewlett-Packard Development Co. L.P. - HP Message Manager.) -- C:\Program Files\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe [544768] [PID.1480]
[MD5.D03EE270D6D1A47C06845F04A80A413D] - (.Yahoo! Inc. - Yahoo! Messenger Tray.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe [79160] [PID.6088]
[MD5.46AE705AC463F50AC714C8084A09A2A3] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [2211328] [PID.1708]
~ Scan Processes Running in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\AJMCI\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
G0 - GCSP: Preference [User Data\Default][HomePage] https://www.google.com/?gws_rd=ssl
G2 - GCE: Preference [User Data\Default] [jagncdcchgajhfhijbbhecadmaiegcmh] Clavier virtuel v.12.0.0.374 (Activé)
~ Scan Google Browser in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\AJMCI\AppData\Roaming\Mozilla\Firefox\Profiles\cv1phr7e.default\prefs.js
M3 - MFPP: Plugins - [AJMCI] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [AJMCI] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [AJMCI] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [AJMCI] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [AJMCI] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [AJMCI] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [AJMCI] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6] - (.Yahoo! Inc. - Yahoo Application State Plugin version 1.0.0.7.) -- C:\Program Files\Yahoo!\Shared\npYState.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll
P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (.Microsoft Corporation - The plug-in allows you to open and edit files using Microsoft Office a.) -- C:\Program Files\Microsoft Office\Office14\NPSPWRAP.dll
P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\AJMCI\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
P2 - FPN: [HKCU] [@yahoo.com/BrowserPlus,version=2.9.8] - (.Yahoo! Inc. - BrowserPlus -- Improve your browser! -- https://fr.yahoo.com/?p=us -- C:\Users\AJMCI\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
~ Scan Firefox Browser in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qlubic.fr
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=17DBE7D168544FA98200E890A8051984
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\System32\ieframe.dll
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} . (.Yahoo! Inc. - Yahoo! Toolbar Nav Assistant plugin.) (2011, 1, 21, 01) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerformance.exe
~ Scan Keys in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} . (.Yahoo! Inc. - Yahoo! Toolbar.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} . (.Adobe Systems Incorporated. - Contribute IE Plugin.) -- D:\Program Files\Adobe\\Adobe Contribute CS3\contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} . (...) -- C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} . (.Kaspersky Lab ZAO - IE Virtual Keyboard.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} . (.Microsoft Corporation - Microsoft SharePoint Workspace Extensions.) -- C:\Program Files\Microsoft Office\Office14\GROOVEEX.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} . (.SlipStream Data Inc. - Imaging Component.) -- C:\Program Files\Orange Cote d Ivoire Booster\components\NOWImaging.dll
O2 - BHO: Prefetch - {A66AA08A-9BF0-4e87-99E6-6972731D6B99} . (.SlipStream Data Inc. - Prefetch Dynamic Link Library.) -- C:\Program Files\Orange Cote d Ivoire Booster\Prefetch.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files\Microsoft Office\Office14\URLREDIR.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} . (.Kaspersky Lab ZAO - WebToolBar component.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} . (.Yahoo! Inc - Yahoo! Single Instance for Mail.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll
~ Scan BHO in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} . (.Yahoo! Inc. - Yahoo! Toolbar.) -- C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} . (.Adobe Systems Incorporated. - Contribute IE Plugin.) -- D:\Program Files\Adobe\\Adobe Contribute CS3\contributeieplugin.dll
O3 - Toolbar: Orange Cote d Ivoire Booster - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} . (.SlipStream Data Inc. - Accelerator ToolBand Browser Helper Object.) -- C:\Program Files\Orange Cote d Ivoire Booster\Toolband.dll
~ Scan Toolbar in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] . (.PDF Complete Inc - Sentry for PDF.) -- C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
O4 - HKLM\..\Run: [SlipStream] . (.SlipStream Data Inc. - Accelerator Core Services.) -- C:\Program Files\Orange Cote d Ivoire Booster\slipcore.exe
O4 - HKLM\..\Run: [HPUsageTracking] . (...) -- C:\Program Files\HP\HP UT\bin\hppusg.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O4 - HKCU\..\Run: [BIBLauncher] . (.Pas de propriétaire - Business-in-a-Box Launcher Application.) -- C:\Program Files\Business-in-a-Box\BIBLauncher.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\AJMCI\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3530667064-976285209-3027803733-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-3530667064-976285209-3027803733-1000\..\Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O4 - HKUS\S-1-5-21-3530667064-976285209-3027803733-1000\..\Run: [BIBLauncher] . (.Pas de propriétaire - Business-in-a-Box Launcher Application.) -- C:\Program Files\Business-in-a-Box\BIBLauncher.exe
O4 - HKUS\S-1-5-21-3530667064-976285209-3027803733-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\AJMCI\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-3530667064-976285209-3027803733-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Scan Application in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\AJMCI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\AJMCI\Desktop\Dreamweaver.lnk . (.Adobe Systems, Inc..) -- D:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
O4 - Global Startup: C:\Users\AJMCI\Desktop\Photoshop.lnk . (.Adobe Systems, Incorporated.) -- D:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
O4 - Global Startup: C:\Users\AJMCI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Business-in-a-Box.lnk . (...) -- C:\Program Files\Business-in-a-Box\BIB.exe
O4 - Global Startup: C:\Users\AJMCI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\AJMCI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk . (.Microsoft Corporation.) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
O4 - Global Startup: C:\Users\AJMCI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk . (.Yahoo! Inc..) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
~ Scan Global Startup in 00mn 00s



---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ Scan IE Control Panel in 00mn 00s



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: &Envoyer à OneNote . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll
O8 - Extra context menu item: Ajouter au fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Ajouter à l'Anti-bannière . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: Convertir en Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir la sélection en Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir les liens sélectionnés en Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Excel.) -- C:\Program Files\MICROS~1\Office14\EXCEL.exe
O8 - Extra context menu item: Télécharger en utilisant Download &Express . (...) -- C:\Program Files\Download Express\add_url.htm
~ Scan IE Menu Contextuel in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll
O9 - Extra button: &Envoyer à OneNote - {4248FE82-7FCB-46AC-B270-339F08212110} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\kbrd.ico
O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll
O9 - Extra button: Notes &liées OneNote - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\logo.ico
O9 - Extra button: Notes &liées OneNote - {DDE87865-83C5-48c4-8357-2F5B1AA84522} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet Explorer.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
~ Scan IE Extra Buttons in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\System32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\System32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\System32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\System32\NapiNSP.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\System32\pnrpnsp.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Apple Computer, Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll
~ Scan Winsock in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3965ADEE-76EB-4AAD-9BC3-31480B55EDA2}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3965ADEE-76EB-4AAD-9BC3-31480B55EDA2}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3965ADEE-76EB-4AAD-9BC3-31480B55EDA2}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{3965ADEE-76EB-4AAD-9BC3-31480B55EDA2}: DhcpNameServer = 192.168.2.1
~ Scan Domain in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} . (...) -- C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} . (.Microsoft Corporation - Microsoft® Help Data Services Module.) -- C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\MSVidCtl.dll
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.dll
~ Scan Protocole Additionnel in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\system32\igfxdev.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\W

Trop grand pour passer entièrement, utilise ce site : http://pjjoint.malekal.com/

Je l'ai déjà fait.

Voici le lien pour accéder au document:
https://pjjoint.malekal.com/files.php?id=ZHPDiag_20120322_m6z11l14m15t6

C'est Kaspersky qui l'antivirus. Les autres ont été désinstallés. Je ne sais pas pourquoi il y a encore des traces.

Le rapport


Rapport de ZHPFix 1.12.3381 par Nicolas Coolman, Update du 08/02/2011
Fichier d'export Registre :
Run by AJMCI at 24/03/2012 11:00:57
Windows 7 Business Edition, 32-bit (Build 7600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/

========== Clé(s) du Registre ==========
SUPPRIME Key: HKCU\Software\ESET
SUPPRIME Key: HKLM\Software\Ozvrrxnr
SUPPRIME Key: HKLM\Software\AVAST Software
SUPPRIME Key: SearchScopes :{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
SUPPRIME Key: SearchScopes :{4FC1B895-E129-4345-B101-CF4EF5EF80C8}
SUPPRIME Key: Services Svchost: btwdins
SUPPRIME Key: Services Svchost: co_mon
SUPPRIME Key: Services Svchost: cwafnotesservice
SUPPRIME Key: Services Svchost: adiloader
SUPPRIME Key: Services Svchost: mwssched
SUPPRIME Key: Services Svchost: cwafreportscheduler
SUPPRIME Key: Services Svchost: arhidfltr
SUPPRIME Key: Services Svchost: adminserver
SUPPRIME Key: Services Svchost: dugdbeeq
ABSENT Key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
SUPPRIME Key: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

========== Valeur(s) du Registre ==========
ABSENT Valeur Standard Profile: FirewallRaz :
ABSENT Valeur Domain Profile: FirewallRaz :
SUPPRIME FirewallRaz (Public) : {8292940B-5D68-4BA9-B760-31B5BA3C4A89}
SUPPRIME FirewallRaz (Public) : {25784D3A-3008-4396-82C8-1DA6E7F7C18A}
SUPPRIME FirewallRaz (Public) : {CA8C799A-8921-4FD9-9284-5554FAD5CCEA}
SUPPRIME FirewallRaz (Public) : {DCE72174-880D-4EF3-8271-030A0B2B2C9D}
SUPPRIME FirewallRaz (Public) : {FD16049E-BEF6-434C-BA51-56242BAAC0A9}
SUPPRIME FirewallRaz (Public) : {B6522B69-ADC6-45C0-B490-C1FF4E52865C}
SUPPRIME FirewallRaz (Public) : {9ECEE1D2-973D-42A5-A82E-C5D45199AD9C}
SUPPRIME FirewallRaz (Public) : {9430592F-06C7-4166-8B96-C9530303C1AA}
SUPPRIME FirewallRaz (Public) : {011B17B5-37D9-456F-BA60-5210F3DEFF33}
SUPPRIME FirewallRaz (Public) : {4E993078-D08B-4389-BF01-31F509CAB772}
SUPPRIME FirewallRaz (Public) : {508ED272-A418-49E1-8A24-BF538246F8F1}
SUPPRIME FirewallRaz (Public) : {6D3EF045-061D-4194-A4E1-E4F9A275FE92}
SUPPRIME FirewallRaz (Public) : {40582252-8733-4236-8A2A-E7557D7314CD}
SUPPRIME FirewallRaz (Public) : {2FC5239D-94B6-4910-BAC6-B16AE35A3A92}
SUPPRIME FirewallRaz (Public) : {A1AE84BB-1B73-41A7-8655-0DC9E242F685}
SUPPRIME FirewallRaz (Public) : {12557AF4-A66E-47C6-B6EE-5B046EE72705}

========== Elément(s) de donnée du Registre ==========
SUPPRIME R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL

========== Dossier(s) ==========
SUPPRIME Folder: C:\Program Files\ESET
SUPPRIME Folder: C:\ProgramData\AVAST Software
SUPPRIME Folder: C:\ProgramData\ESET
SUPPRIME Folder: C:\Users\AJMCI\AppData\Local\ESET
SUPPRIME Flash Cookies: 59
SUPPRIME Temporaires Windows: : 7

========== Fichier(s) ==========
ABSENT File: c:\windows\system32\l8042pr2.dll
ABSENT File: c:\windows\system32\pwd_2k.dll
ABSENT File: c:\windows\system32\patrolagent.dll
ABSENT File: c:\windows\system32\onecaremp.dll
ABSENT File: c:\windows\system32\mcods.dll
ABSENT File: c:\windows\system32\flexbios.dll
ABSENT File: c:\windows\system32\smtpsvc.dll
ABSENT File: c:\windows\system32\scan.dll
ABSENT File: c:\windows\system32\rlturthu.dll
ABSENT Folder/File: c:\windows\tasks\at1.job
ABSENT Folder/File: c:\windows\tasks\at2.job
ABSENT Folder/File: c:\windows\tasks\at3.job
ABSENT Folder/File: c:\windows\tasks\at4.job
SUPPRIME Flash Cookies: 34
SUPPRIME Temporaires Windows: : 156

========== Tache planifiée ==========
SUPPRIME Task: {05B6FA98-2BD7-46F9-AD1C-44F1DB25FEE3}
SUPPRIME Task: {0B0EFD89-A4F5-4CE1-B791-D70A5DA8F353}
SUPPRIME Task: {31DAFBC3-F3ED-4FF1-8146-BE1235CE8988}
SUPPRIME Task: {4E25BFAF-2F23-45C9-8CDF-99CC430A6D3C}
SUPPRIME Task: {9F764D94-1EB0-42F1-9528-D5B0F2500AD6}
SUPPRIME Task: {B3D10624-AFA7-4E28-835F-394E4B5D02F7}
SUPPRIME Task: {BE603B74-C05A-4969-9D5F-49045D91BB73}

========== Restauration Système ==========
Point de restauration non crée


========== Récapitulatif ==========
16 : Clé(s) du Registre
18 : Valeur(s) du Registre
1 : Elément(s) de donnée du Registre
6 : Dossier(s)
15 : Fichier(s)
7 : Tache planifiée
1 : Restauration Système


End of clean in 01mn 08s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 24/03/2012 11:00:57 [4401]

Oui le PC fonctionne depuis un moment correctement.

Rapport de DelFix


# DelFix v8.8 - Rapport créé le 24/03/2012 à 11:25:46
# Mis à jour le 12/02/12 par Xplode
# Système d'exploitation : Windows 7 Professional (32 bits)
# Nom d'utilisateur : AJMCI - AJMCI-BEN (Administrateur)
# Exécuté depuis : C:\Users\AJMCI\Desktop\delfix.exe
# Option [Suppression]


~~~~~~ Dossiers(s) ~~~~~~

Supprimé : C:\Qoobox
Supprimé : C:\USBFix
Supprimé : C:\ZHP
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Supprimé : C:\Program Files\ZHPDiag

~~~~~~ Fichier(s) ~~~~~~

Supprimé : C:\ComboFix.txt
Supprimé : C:\TDSSKiller.2.7.20.0_17.03.2012_13.12.33_log.txt
Supprimé : C:\TDSSKiller.2.7.20.0_17.03.2012_13.14.07_log.txt
Supprimé : C:\TDSSKiller.2.7.22.0_23.03.2012_17.54.52_log.txt
Supprimé : C:\UsbFix.txt
Supprimé : C:\Users\AJMCI\Desktop\ComboFix.exe
Supprimé : C:\Users\AJMCI\Desktop\ZHPDiag.txt
Supprimé : C:\Users\AJMCI\Desktop\ZHPDiag2.exe
Supprimé : C:\Users\AJMCI\Desktop\ZHPFixReport.txt
Supprimé : C:\Users\AJMCI\Downloads\avgremover.log
Supprimé : C:\Users\AJMCI\Downloads\avg_remover_stf_x86_2012_1796.exe
Supprimé : C:\Users\AJMCI\Downloads\HiJackThis.exe
Supprimé : C:\Users\AJMCI\Downloads\kavremover.exe
Supprimé : C:\Users\AJMCI\Downloads\tdsskiller.exe
Supprimé : C:\Users\AJMCI\Downloads\UsbFix.exe
Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk
Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk
Supprimé : C:\Users\Public\Desktop\MBRCheck.lnk
Supprimé : C:\Windows\grep.exe
Supprimé : C:\Windows\PEV.exe
Supprimé : C:\Windows\NIRCMD.exe
Supprimé : C:\Windows\MBR.exe
Supprimé : C:\Windows\SED.exe
Supprimé : C:\Windows\SWREG.exe
Supprimé : C:\Windows\SWSC.exe
Supprimé : C:\Windows\SWXCACLS.exe
Supprimé : C:\Windows\Zip.exe

~~~~~~ Registre ~~~~~~

Clé Supprimée : HKCU\Software\USBFix
Clé Supprimée : HKLM\SOFTWARE\Swearware
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USBFix
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~~~~~~ Autres ~~~~~~

-> Prefetch Vidé

*************************

DelFix[S1].txt - [2158 octets] - [24/03/2012 11:25:46]

########## EOF - C:\DelFix[S1].txt - [2282 octets] ##########

C'est OK pour DelFix.

C'est fait nettoyage CCleaner et suppression point de restauration.
Et merci pour les liens sur la sécurité

Bonne journée à toi et fais attention avec les cracks.

Grand merci à toi Destrio5 pour ton aide et d'avoir partager pendant ces jours ma galère.