Sujet Précédent Sujet Suivant

Mon ordinateur gele toujours

Fermé
lacourda10 - Modifié par lacourda10 le 3/07/2012 à 01:00
juju666 Messages postés 35445 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 5 mai 2017 - 3 juil. 2012 à 00:56
Bonjour,





Mon ordinateur gele 5 minutes apres l'ouverture à chaque fois. J'avais clicker sur un lien Tumblr et la page m'a envoyer un message disant que j'avais attraper un virus. J'ai utiliser ZHPfix et voici le raport.


Rapport de ZHPDiag v1.31.105 par Nicolas Coolman, Update du 25/06/2012
Run by David at 2012-07-02 18:59:03
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Web site : http://nicolascoolman.skyrock.com/
State : Version à jour.


---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v19.0.1084.56 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Premium Edition, 64-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
~ Vista, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : DR9M6
Windows License : OK
Windows Automatic Updates : OK

---\\ System Information
~ Processor: Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4093 MB (50% free)
System Restore: Activé (Enable)
System drive C: has 186 GB (64%) free of 288 GB

---\\ Logged in mode
~ Computer Name: PATRON
~ User Name: David
~ All Users Names: David, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\David\AppData\Roaming\
~ %Desktop% : C:\Users\David\Desktop\
~ %Favorites% : C:\Users\David\Favorites\
~ %LocalAppData% : C:\Users\David\AppData\Local\
~ %StartMenu% : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 186 Go of 288 Go)
E:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Scan Security Center in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.6B08E54A451B3F95E4109DBA7E594270] - (.Microsoft Corporation - Explorateur Windows.) (.2009-04-11 - 02:10:17.) -- C:\Windows\Explorer.exe [3079168]
[MD5.117EA87DF785CA1B9D821F6F213DCE07] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2008-01-20 - 21:50:23.) -- C:\Windows\System32\Wininit.exe [123904]
[MD5.870ECFEBD41C7B8F9C6777748368D51F] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2012-05-17 - 20:59:14.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.6D0773A3A65D28B663F334C90441D01A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.2009-04-11 - 02:11:08.) -- C:\Windows\System32\Winlogon.exe [405504]
[MD5.C4F6CE6087760AD70960C9EB130E7943] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2012-01-03 - 09:25:21.) -- C:\Windows\system32\Drivers\AFD.sys [404992]
[MD5.E68D9B3A3905619732F7FE039466A623] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-04-11 - 02:15:00.) -- C:\Windows\system32\Drivers\atapi.sys [20952]
[MD5.B4D787DB8D30793A4D4DF9FEED18F136] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2008-01-20 - 21:50:39.) -- C:\Windows\system32\Drivers\Cdfs.sys [90624]
[MD5.C025AA69BE3D0D25C7A2E746EF6F94FC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2009-04-11 - 00:34:39.) -- C:\Windows\system32\Drivers\Cdrom.sys [79872]
[MD5.8B722BA35205C71E7951CDC4CDBADE19] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2011-04-14 - 10:14:19.) -- C:\Windows\system32\Drivers\DfsC.sys [97792]
[MD5.F942C5820205F2FB453243EDFEC82A3D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2009-04-11 - 00:39:41.) -- C:\Windows\system32\Drivers\HDAudBus.sys [948736]
[MD5.CBB597659A2713CE0C9CC20C88C7591F] - (.Microsoft Corporation - Pilote de port i8042.) (.2008-01-20 - 21:47:27.) -- C:\Windows\system32\Drivers\i8042prt.sys [64000]
[MD5.B7E6212F581EA5F6AB0C3A6CEEEB89BE] - (.Microsoft Corporation - IP Network Address Translator.) (.2008-01-20 - 21:48:45.) -- C:\Windows\system32\Drivers\IpNat.sys [115712]
[MD5.1485811B320FF8C7EDAD1CAEBB1C6C2B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-29 - 08:39:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [135680]
[MD5.FC2C792EBDDC8E28DF939D6A92C83D61] - (.Microsoft Corporation - MBT Transport driver.) (.2009-04-11 - 00:42:33.) -- C:\Windows\system32\Drivers\netBT.sys [248320]
[MD5.BAC869DFB98E499BA4D9BB1FB43270E1] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2009-04-11 - 02:15:34.) -- C:\Windows\system32\Drivers\ntfs.sys [1515496]
[MD5.AECD57F94C887F58919F307C35498EA0] - (.Microsoft Corporation - Pilote de port parallèle.) (.2006-11-02 - 04:37:57.) -- C:\Windows\system32\Drivers\Parport.sys [96768]
[MD5.AC7BC4D42A7E558718DFDEC599BBFC2C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2009-04-11 - 00:43:38.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.C045D1FB111C28DF0D1BE8D4BDA22C06] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2008-01-20 - 21:46:51.) -- C:\Windows\system32\Drivers\rdpdr.sys [314368]
[MD5.290B6F6A0EC4FCDFC90F5CB6D7020473] - (.Microsoft Corporation - SMB Transport driver.) (.2009-04-11 - 00:42:19.) -- C:\Windows\system32\Drivers\smb.sys [88064]
[MD5.458919C8C42E398DC4802178D5FFEE27] - (.Microsoft Corporation - TDI Translation Driver.) (.2009-04-11 - 00:43:00.) -- C:\Windows\system32\Drivers\tdx.sys [94720]
[MD5.5280AADA24AB36B01A84A6424C475C8D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2009-04-11 - 02:15:45.) -- C:\Windows\system32\Drivers\volsnap.sys [269288]
~ Scan Generic Processes in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 0/2
~ Mes musiques (My Musics) : 0/2
~ Mes Videos (My Video) : 0/2
~ Mes Favoris (My Favorites) : 0/21
~ Mes Documents (My Documents) : 0/3
~ Mon Bureau (My Desktop) : 0/10
~ Menu demarrer (Programs) : 0/30
~ Scan Hidden Files in 00mn 00s



---\\ Processus lancés
[MD5.E616A6A6E91B0A86F2F6217CDE835FFE] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856] [PID.]
[MD5.836DC47E6CAD975304D1D3EB2F516A1C] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe [144784] [PID.3076]
[MD5.9C6A7AA17ED99A6693E7F3D26510903F] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4273976] [PID.3144]
[MD5.CF38EBF06AECA9912C6A756AA6CB0421] - (...) -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe [4839936] [PID.3200]
[MD5.F11DD7FFCEA61106480F26B99336AD5B] - (.Google Inc. - Google Chrome.) -- C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe [1239576] [PID.1868]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ysWOW64\rundll32.exe [0] [PID.4768]
[MD5.64AC3F7547F15FF76F6AA60239532BD5] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [981680] [PID.1136]
[MD5.1B82BCF0B8F9228B39F75B0DFA079A21] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [462408] [PID.4560]
[MD5.BE955BAB4EFC2A28BE2692D102FFC85A] - (...) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [3838464] [PID.4476]
[MD5.B31F785751157AA8E2A33EA1CB4DC5BE] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808] [PID.]
[MD5.BA400ED640BCA1EAE5C727AE17C10207] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [654408] [PID.]
~ Scan Processes Running in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G0 - GCSP: Preference [User Data\Default] http://google.com
G1 - GCS: Preference [User Data\Default] None
~ Scan Google Browser in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Users\David\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Users\David\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
~ Scan Firefox Browser in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: (no name) [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Google Inc. - Google Update.) (No version) -- (.not file.)
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Scan Keys in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 20



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: avast! WebRep [64Bits] - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O2 - BHO: Google Toolbar Helper [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
~ Scan BHO in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: avast! WebRep [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
~ Scan Toolbar in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe (.not file.)
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] . (.IDT, Inc. - Sigmatel Audio system tray application.) -- C:\Windows\sttray64.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Wow6432Node\Run: [Camera Assistant Software] . (.Chicony - traybar.) -- C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (...) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Wow6432Node\Run: [Trigger New Acer AlaunchX] . (.Acer Inc. - Acer GAIA AppInRun (Acer Launch Tool Utilit.) -- c:\Acer\Preload\Command\AlaunchX\AppInRun.exe
O4 - HKLM\..\Wow6432Node\Run: [eRecoveryService] Clé orpheline
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Malwarebytes' Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKLM\..\Wow6432Node\RunOnce: [New Acer AlaunchX] . (.Acer Inc. - Acer GAIA LaunchAlaunchX.) -- c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe
O4 - HKLM\..\Wow6432Node\RunOnce: [Malwarebytes Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-3376056813-2666545605-3092990679-1000\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-3376056813-2666545605-3092990679-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-3376056813-2666545605-3092990679-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-3376056813-2666545605-3092990679-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
~ Scan Application in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\David\Desktop\BOUT Evolution.lnk . (...) -- C:\Program Files (x86)\Evolution Games\BOUT Evolution\bots.exe
O4 - Global Startup: C:\Users\David\Desktop\Google Chrome.lnk . (.Google Inc..) -- C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - Global Startup: C:\Users\David\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Scan Global Startup in 00mn 01s



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files (x86)\MICROS~2\Office12\EXCEL.exe
~ Scan IE Menu Contextuel in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
~ Scan Winsock in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{85A3898F-ED11-4C73-A330-CFE1FA5647DD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{85A3898F-ED11-4C73-A330-CFE1FA5647DD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{85A3898F-ED11-4C73-A330-CFE1FA5647DD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{85A3898F-ED11-4C73-A330-CFE1FA5647DD}: DhcpNameServer = 192.168.0.1
~ Scan Domain in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (...) --
O18 - Handler: dvd [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (...) --
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (...) --
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (...) --
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (...) --
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (...) --
O18 - Handler: its [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (...) --
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (...) --
O18 - Handler: livecall [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (...) --
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (...) --
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (...) --
O18 - Handler: mhtml [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (...) --
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (...) --
O18 - Handler: ms-help [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (...) --
O18 - Handler: ms-its [64Bits] - {314111c7-a502-11d2-bbca-00c04f8ec294} . (...) --
O18 - Handler: ms-itss [64Bits] - {0A9007C0-4076-11D3-8789-0000F8105754} . (...) --
O18 - Handler: msnim [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (...) --
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (...) --
O18 - Handler: skype4com [64Bits] - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (...) --
O18 - Handler: tv [64Bits] - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (...) --
O18 - Handler: vbscript [64Bits] - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (...) --
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Scan Protocole Additionnel in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ Scan SSODL in 00mn 00s



---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon [64Bits] - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ Scan STS/SSO in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (Ati External Event Utility) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\Windows\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Empowering Technology Service (ETService) . (.Pas de propriétaire - Acer Empowering Technology Framework Servic.) - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: XAudioService (XAudioService) . (.Conexant Systems, Inc. - Modem Audio Service.) - C:\Windows\System32\DRIVERS\xaudio64.exe
~ Scan Services in 00mn 00s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s



---\\ BootExecute (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ Scan Keys in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3376056813-2666545605-3092990679-1000Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3376056813-2666545605-3092990679-1000UA.job
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-3376056813-2666545605-3092990679-1000Core] (.Google Inc..) -- C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskUserS-1-5-21-3376056813-2666545605-3092990679-1000UA] (.Google Inc..) -- C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
[MD5.F11DD7FFCEA61106480F26B99336AD5B] [APT] [{355CAE0A-88F5-4F6D-B6FC-4AC9563EF6A7}] (.Google Inc..) -- c:\users\David\appdata\local\google\chrome\application\chrome.exe
~ Scan Scheduled Task in 00mn 01s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll
O40 - ASIC: Internet Explorer [64Bits] - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\system32\ie4uinit.exe
O40 - ASIC: Browser Customizations [64Bits] - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - Personnalisation d'IEAK.) -- C:\Windows\system32\iedkcs32.dll
O40 - ASIC: Microsoft Windows Media Player 11.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll
O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Microsoft Windows Mail 7 [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe
O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll
O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll
~ Scan Active Setup in 00mn 00s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre clavier HID.) - C:\Windows\System32\DRIVERS\kbdhid.sys
O41 - Driver: (mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\System32\DRIVERS\smb.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
~ Scan Drivers in 00mn 01s



---\\ Logiciels installés (O42)
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome
O42 - Logiciel: HDAUDIO Soft Data Fax Modem with SmartCP - (.Conexant Systems.) [HKLM] -- CNXT_MODEM_HDA_HSF
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Office Office 64-bit Components 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002A-0000-1000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared 64-bit MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002A-040C-1000-0000000FF1CE}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {071c9b48-7c32-4621-a0ac-3f809523288f}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics.) [HKLM] -- SynTPDeinstKey

---\\ HKCU & HKLM Software Keys
[HKCU\Software\ATI Technologies Inc.]
[HKCU\Software\ATI]
[HKCU\Software\AcerUtil]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Google]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Avast Software]
[HKCU\Software\Battle.net]
[HKCU\Software\BigFix]
[HKCU\Software\Blizzard Entertainment]
[HKCU\Software\CEC_CM_SW]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Conduit]
[HKCU\Software\ESET]
[HKCU\Software\Google]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\JavaSoft]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Policies]
[HKCU\Software\Skype]
[HKCU\Software\Synaptics]
[HKCU\Software\Wow6432Node]
[HKCU\Software\yahooinstall]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Acer]
[HKLM\Software\Agere]
[HKLM\Software\CXT]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Conexant Systems]
[HKLM\Software\Conexant]
[HKLM\Software\Gateway]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\NetZero, Inc.]
[HKLM\Software\ODBC]
[HKLM\Software\OemSetup]
[HKLM\Software\Policies]
[HKLM\Software\RTLSetup]
[HKLM\Software\Realtek USB 2.0 Card Reader]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\Sigmatel]
[HKLM\Software\Sonic]
[HKLM\Software\Symantec]
[HKLM\Software\Synaptics]
[HKLM\Software\WildTangent]
[HKLM\Software\Wow6432Node]
~ Scan Softwares in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2008-09-03 - 21:49:36 - [200,171] ----D C:\Program Files (x86)\Adobe
O43 - CFD: 2012-05-21 - 14:11:31 - [72,793] ----D C:\Program Files (x86)\ATI Technologies
O43 - CFD: 2012-06-06 - 20:40:21 - [575,980] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 2012-05-21 - 14:29:13 - [134,527] ----D C:\Program Files (x86)\CyberLink
O43 - CFD: 2012-06-02 - 14:53:52 - [1935,885] ----D C:\Program Files (x86)\Diablo II
O43 - CFD: 2012-07-02 - 17:49:10 - [135,482] ----D C:\Program Files (x86)\ESET
O43 - CFD: 2012-06-25 - 13:06:52 - [851,649] ----D C:\Program Files (x86)\Evolution Games
O43 - CFD: 2008-09-03 - 21:42:59 - [716,342] ----D C:\Program Files (x86)\Gateway Games
O43 - CFD: 2012-06-29 - 22:10:21 - [22,515] ----D C:\Program Files (x86)\Google
O43 - CFD: 2012-06-02 - 15:33:13 - [7,380] ----D C:\Program Files (x86)\Hero Editor
O43 - CFD: 2012-05-21 - 14:13:33 - [24,185] ----D C:\Program Files (x86)\IDT
O43 - CFD: 2012-07-01 - 17:20:14 - [41,186] --H-D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 2008-09-03 - 21:17:32 - [0,062] ----D C:\Program Files (x86)\Intel
O43 - CFD: 2012-06-14 - 21:32:54 - [5,296] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 2012-07-01 - 19:44:12 - [121,009] ----D C:\Program Files (x86)\Java
O43 - CFD: 2012-07-02 - 18:46:45 - [11,554] ----D C:\Program Files (x86)\Malwarebytes' Anti-Malware
O43 - CFD: 2008-09-03 - 21:31:15 - [58,123] ----D C:\Program Files (x86)\Microsoft Money 2007
O43 - CFD: 2012-06-09 - 21:48:19 - [362,629] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 2008-09-03 - 21:58:47 - [7,431] ----D C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
O43 - CFD: 2012-06-09 - 21:49:18 - [40,838] ----D C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 2012-06-07 - 21:29:43 - [138,926] ----D C:\Program Files (x86)\Microsoft Works
O43 - CFD: 2008-09-03 - 21:54:44 - [7,774] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 2006-11-02 - 11:07:27 - [0,025] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 2008-09-03 - 21:46:57 - [28,634] ----D C:\Program Files (x86)\MSN Messenger
O43 - CFD: 2008-09-03 - 21:44:43 - [5,947] ----D C:\Program Files (x86)\Napster
O43 - CFD: 2008-09-03 - 21:29:03 - [0,787] ----D C:\Program Files (x86)\Realtek
O43 - CFD: 2006-11-02 - 11:07:27 - [36,902] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 2012-06-06 - 20:40:21 - [16,793] R---D C:\Program Files (x86)\Skype
O43 - CFD: 2006-11-02 - 11:36:07 - [0] --H-D C:\Program Files (x86)\Uninstall Information
O43 - CFD: 2012-05-27 - 15:56:29 - [0,970] ----D C:\Program Files (x86)\Windows Calendar
O43 - CFD: 2008-01-20 - 23:09:47 - [0,051] ----D C:\Program Files (x86)\Windows Collaboration
O43 - CFD: 2008-01-20 - 23:09:41 - [0,481] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 2012-06-10 - 02:45:44 - [8,522] ----D C:\Program Files (x86)\Windows Mail
O43 - CFD: 2012-06-10 - 02:45:52 - [2,874] ----D C:\Program Files (x86)\Windows Media Player
O43 - CFD: 2006-11-02 - 11:07:27 - [7,589] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 2012-05-27 - 15:56:29 - [12,902] ----D C:\Program Files (x86)\Windows Photo Gallery
O43 - CFD: 2012-06-10 - 02:45:52 - [0,128] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 2012-05-27 - 15:56:29 - [6,225] ----D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 2012-06-15 - 19:15:20 - [-290,434] ----D C:\Program Files (x86)\World of Warcraft
O43 - CFD: 2012-07-02 - 18:59:18 - [12,879] ----D C:\Program Files (x86)\ZHPDiag
O43 - CFD: 2008-09-03 - 21:48:23 - [3,630] ----D C:\Program Files (x86)\Common Files\Adobe
O43 - CFD: 2008-09-03 - 21:48:56 - [24,260] ----D C:\Program Files (x86)\Common Files\Adobe AIR
O43 - CFD: 2012-06-02 - 14:49:05 - [2,591] ----D C:\Program Files (x86)\Common Files\Blizzard Entertainment
O43 - CFD: 2008-09-03 - 21:54:53 - [0,089] ----D C:\Program Files (x86)\Common Files\DESIGNER
O43 - CFD: 2008-09-03 - 21:46:35 - [8,755] ----D C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 2008-09-03 - 21:45:39 - [33,423] ----D C:\Program Files (x86)\Common Files\Java
O43 - CFD: 2012-06-09 - 21:39:24 - [416,091] ----D C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 2008-09-03 - 21:44:25 - [3,429] ----D C:\Program Files (x86)\Common Files\Napster Shared
O43 - CFD: 2008-09-03 - 21:44:25 - [0,418] ----D C:\Program Files (x86)\Common Files\PX Storage Engine
O43 - CFD: 2008-09-03 - 21:44:25 - [0,205] ----D C:\Program Files (x86)\Common Files\Roxio Shared
O43 - CFD: 2006-11-02 - 09:33:53 - [0,003] ----D C:\Program Files (x86)\Common Files\Services
O43 - CFD: 2012-06-06 - 20:40:21 - [2,056] ----D C:\Program Files (x86)\Common Files\Skype
O43 - CFD: 2008-09-03 - 21:44:25 - [0,585] ----D C:\Program Files (x86)\Common Files\Sonic Shared
O43 - CFD: 2006-11-02 - 09:33:53 - [39,198] ----D C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 2012-05-21 - 14:43:22 - [0,476] ----D C:\Program Files (x86)\Common Files\Symantec Shared
O43 - CFD: 2012-05-27 - 21:39:58 - [40,772] ----D C:\Program Files (x86)\Common Files\System
O43 - CFD: 2008-09-03 - 21:48:46 - [0,001] ----D C:\ProgramData\Adobe
O43 - CFD: 2012-05-21 - 14:23:10 - [-974,913] --H-D C:\ProgramData\Application Data
O43 - CFD: 2012-05-21 - 14:24:04 - [0,000] ----D C:\ProgramData\ATI
O43 - CFD: 2012-05-21 - 15:38:30 - [21,195] ----D C:\ProgramData\AVAST Software
O43 - CFD: 2012-06-15 - 19:15:33 - [0,083] ----D C:\ProgramData\Blizzard Entertainment
O43 - CFD: 2012-05-21 - 14:18:13 - [0] --H-D C:\ProgramData\Bureau
O43 - CFD: 2006-11-02 - 11:42:17 - [0] --H-D C:\ProgramData\Desktop
O43 - CFD: 2006-11-02 - 11:42:17 - [0] --H-D C:\ProgramData\Documents
O43 - CFD: 2012-05-21 - 14:18:13 - [0] --H-D C:\ProgramData\Favoris
O43 - CFD: 2006-11-02 - 11:42:17 - [0] --H-D C:\ProgramData\Favorites
O43 - CFD: 2012-05-21 - 14:37:02 - [0,498] ----D C:\ProgramData\Google
O43 - CFD: 2012-05-25 - 19:40:11 - [0,078] ----D C:\ProgramData\Hewlett-Packard
O43 - CFD: 2012-05-25 - 19:39:54 - [0,033] ----D C:\ProgramData\HP
O43 - CFD: 2012-07-02 - 18:46:37 - [7,053] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 2012-05-21 - 14:18:13 - [0] --H-D C:\ProgramData\Menu Démarrer
O43 - CFD: 2012-06-09 - 21:49:51 - [208,675] -S--D C:\ProgramData\Microsoft
O43 - CFD: 2012-06-09 - 21:48:34 - [0,055] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 2012-05-21 - 14:18:13 - [0] --H-D C:\ProgramData\Modèles
O43 - CFD: 2008-09-03 - 21:43:51 - [0,008] ----D C:\ProgramData\Napster
O43 - CFD: 2012-06-06 - 20:40:16 - [18,781] ----D C:\ProgramData\Skype
O43 - CFD: 2006-11-02 - 11:42:17 - [0] --H-D C:\ProgramData\Start Menu
O43 - CFD: 2006-11-02 - 11:42:17 - [0] --H-D C:\ProgramData\Templates
O43 - CFD: 2008-09-03 - 21:43:10 - [19,112] ----D C:\ProgramData\WildTangent
O43 - CFD: 2012-05-27 - 21:12:33 - [4,224] ----D C:\Users\David\AppData\Roaming\Adobe
O43 - CFD: 2012-05-21 - 14:24:04 - [0] ----D C:\Users\David\AppData\Roaming\ATI
O43 - CFD: 2012-05-21 - 14:37:23 - [0,000] ----D C:\Users\David\AppData\Roaming\Google
O43 - CFD: 2012-05-21 - 14:23:34 - [0] ----D C:\Users\David\AppData\Roaming\Identities
O43 - CFD: 2012-05-21 - 15:25:58 - [0,002] ----D C:\Users\David\AppData\Roaming\Macromedia
O43 - CFD: 2012-07-02 - 18:53:44 - [0] ----D C:\Users\David\AppData\Roaming\Malwarebytes
O43 - CFD: 2006-11-02 - 11:07:25 - [0] ----D C:\Users\David\AppData\Roaming\Media Center Programs
O43 - CFD: 2012-06-21 - 20:20:42 - [2,097] -S--D C:\Users\David\AppData\Roaming\Microsoft
O43 - CFD: 2012-07-02 - 18:57:10 - [5,115] ----D C:\Users\David\AppData\Roaming\Skype
O43 - CFD: 2012-05-21 - 14:24:03 - [0] ----D C:\Users\David\AppData\Roaming\Symantec
O43 - CFD: 2012-06-21 - 20:20:45 - [0,009] ----D C:\Users\David\AppData\Roaming\Template
O43 - CFD: 2012-05-27 - 21:12:51 - [2,805] ----D C:\Users\David\AppData\Local\Adobe
O43 - CFD: 2012-05-21 - 14:21:48 - [0] ----D C:\Users\David\AppData\Local\Application Data
O43 - CFD: 2012-05-21 - 14:37:48 - [1,507] ----D C:\Users\David\AppData\Local\Apps
O43 - CFD: 2012-05-21 - 14:24:04 - [0,038] ----D C:\Users\David\AppData\Local\ATI
O43 - CFD: 2012-05-21 - 15:36:32 - [0,874] ----D C:\Users\David\AppData\Local\CRE
O43 - CFD: 2012-05-21 - 14:38:21 - [0] ----D C:\Users\David\AppData\Local\Deployment
O43 - CFD: 2012-06-30 - 21:32:23 - [358,427] ----D C:\Users\David\AppData\Local\Google
O43 - CFD: 2012-05-21 - 14:21:48 - [0] ----D C:\Users\David\AppData\Local\Historique
O43 - CFD: 2012-06-21 - 20:20:41 - [46,987] ----D C:\Users\David\AppData\Local\Microsoft
O43 - CFD: 2012-06-09 - 21:40:19 - [0] ----D C:\Users\David\AppData\Local\Microsoft Help
O43 - CFD: 2012-07-02 - 18:58:59 - [1164,274] ----D C:\Users\David\AppData\Local\Temp
O43 - CFD: 2012-05-21 - 14:21:48 - [0] ----D C:\Users\David\AppData\Local\Temporary Internet Files
O43 - CFD: 2012-06-02 - 15:16:18 - [0,136] ----D C:\Users\David\AppData\Local\VirtualStore
O43 - CFD: 2008-01-20 - 23:20:45 - [0,015] R---D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 2012-05-21 - 14:23:45 - [0,000] R---D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 2012-06-25 - 13:10:07 - [0,002] ----D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BOUT Evolution
O43 - CFD: 2008-09-03 - 21:46:45 - [0,006] ----D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint
O43 - CFD: 2012-05-21 - 14:39:40 - [0,002] ----D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 2012-06-02 - 15:33:09 - [0] ----D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hero Editor
O43 - CFD: 2008-01-20 - 23:20:45 - [0,001] R---D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 2012-07-02 - 18:44:34 - [0] R---D C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 2008-09-03 - 21:49:36 - [200,171] ----D C:\Program Files (x86)\Adobe
O43 - CFD: 2012-05-21 - 14:11:31 - [72,793] ----D C:\Program Files (x86)\ATI Technologies
O43 - CFD: 2012-06-06 - 20:40:21 - [575,980] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 2012-05-21 - 14:29:13 - [134,527] ----D C:\Program Files (x86)\CyberLink
O43 - CFD: 2012-06-02 - 14:53:52 - [1935,885] ----D C:\Program Files (x86)\Diablo II
O43 - CFD: 2012-07-02 - 17:49:10 - [135,482] ----D C:\Program Files (x86)\ESET
O43 - CFD: 2012-06-25 - 13:06:52 - [851,649] ----D C:\Program Files (x86)\Evolution Games
O43 - CFD: 2008-09-03 - 21:42:59 - [716,342] ----D C:\Program Files (x86)\Gateway Games
O43 - CFD: 2012-06-29 - 22:10:21 - [22,515] ----D C:\Program Files (x86)\Google
O43 - CFD: 2012-06-02 - 15:33:13 - [7,380] ----D C:\Program Files (x86)\Hero Editor
O43 - CFD: 2012-05-21 - 14:13:33 - [24,185] ----D C:\Program Files (x86)\IDT
O43 - CFD: 2012-07-01 - 17:20:14 - [41,186] --H-D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 2008-09-03 - 21:17:32 - [0,062] ----D C:\Program Files (x86)\Intel
O43 - CFD: 2012-06-14 - 21:32:54 - [5,296] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 2012-07-01 - 19:44:12 - [121,009] ----D C:\Program Files (x86)\Java
O43 - CFD: 2012-07-02 - 18:46:45 - [11,554] ----D C:\Program Files (x86)\Malwarebytes' Anti-Malware
O43 - CFD: 2008-09-03 - 21:31:15 - [58,123] ----D C:\Program Files (x86)\Microsoft Money 2007
O43 - CFD: 2012-06-09 - 21:48:19 - [362,629] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 2008-09-03 - 21:58:47 - [7,431] ----D C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
O43 - CFD: 2012-06-09 - 21:49:18 - [40,838] ----D C:\Program Files (x86)\Microsoft Silverlight
O43 - CFD: 2012-06-07 - 21:29:43 - [138,926] ----D C:\Program Files (x86)\Microsoft Works
O43 - CFD: 2008-09-03 - 21:54:44 - [7,774] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 2006-11-02 - 11:07:27 - [0,025] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 2008-09-03 - 21:46:57 - [28,634] ----D C:\Program Files (x86)\MSN Messenger
O43 - CFD: 2008-09-03 - 21:44:43 - [5,947] ----D C:\Program Files (x86)\Napster
O43 - CFD: 2008-09-03 - 21:29:03 - [0,787] ----D C:\Program Files (x86)\Realtek
O43 - CFD: 2006-11-02 - 11:07:27 - [36,902] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 2012-06-06 - 20:40:21 - [16,793] R---D C:\Program Files (x86)\Skype
O43 - CFD: 2006-11-02 - 11:36:07 - [0] --H-D C:\Program Files (x86)\Uninstall Information
O43 - CFD: 2012-05-27 - 15:56:29 - [0,970] ----D C:\Program Files (x86)\Windows Calendar
O43 - CFD: 2008-01-20 - 23:09:47 - [0,051] ----D C:\Program Files (x86)\Windows Collaboration
O43 - CFD: 2008-01-20 - 23:09:41 - [0,481] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 2012-06-10 - 02:45:44 - [8,522] ----D C:\Program Files (x86)\Windows Mail
O43 - CFD: 2012-06-10 - 02:45:52 - [2,874] ----D C:\Program Files (x86)\Windows Media Player
O43 - CFD: 2006-11-02 - 11:07:27 - [7,589] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 2012-05-27 - 15:56:29 - [12,902] ----D C:\Program Files (x86)\Windows Photo Gallery
O43 - CFD: 2012-06-10 - 02:45:52 - [0,128] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 2012-05-27 - 15:56:29 - [6,225] ----D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 2012-06-15 - 19:15:20 - [-290,434] ----D C:\Program Files (x86)\World of Warcraft
O43 - CFD: 2012-07-02 - 18:59:18 - [12,879] ----D C:\Program Files (x86)\ZHPDiag
O43 - CFD: 2008-09-03 - 21:48:23 - [3,630] ----D C:\Program Files (x86)\Common Files\Adobe
O43 - CFD: 2008-09-03 - 21:48:56 - [24,260] ----D C:\Program Files (x86)\Common Files\Adobe AIR
O43 - CFD: 2012-06-02 - 14:49:05 - [2,591] ----D C:\Program Files (x86)\Common Files\Blizzard Entertainment
O43 - CFD: 2008-09-03 - 21:54:53 - [0,089] ----D C:\Program Files (x86)\Common Files\DESIGNER
O43 - CFD: 2008-09-03 - 21:46:35 - [8,755] ----D C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 2008-09-03 - 21:45:39 - [33,423] ----D C:\Program Files (x86)\Common Files\Java
O43 - CFD: 2012-06-09 - 21:39:24 - [416,091] ----D C:\Program Files (x86)\Common Files\microsoft shared
O43 - CFD: 2008-09-03 - 21:44:25 - [3,429] ----D C:\Program Files (x86)\Common Files\Napster Shared
O43 - CFD: 2008-09-03 - 21:44:25 - [0,418] ----D C:\Program Files (x86)\Common Files\PX Storage Engine
O43 - CFD: 2008-09-03 - 21:44:25 - [0,205] ----D C:\Program Files (x86)\Common Files\Roxio Shared
O43 - CFD: 2006-11-02 - 09:33:53 - [0,003] ----D C:\Program Files (x86)\Common Files\Services
O43 - CFD: 2012-06-06 - 20:40:21 - [2,056] ----D C:\Program Files (x86)\Common Files\Skype
O43 - CFD: 2008-09-03 - 21:44:25 - [0,585] ----D C:\Program Files (x86)\Common Files\Sonic Shared
O43 - CFD: 2006-11-02 - 09:33:53 - [39,198] ----D C:\Program Files (x86)\Common Files\SpeechEngines
O43 - CFD: 2012-05-21 - 14:43:22 - [0,476] ----D C:\Program Files (x86)\Common Files\Symantec Shared
O43 - CFD: 2012-05-27 - 21:39:58 - [40,772] ----D C:\Program Files (x86)\Common Files\System
~ Scan Program Folder in 00mn 06s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.B2EDF82825D979928AE07CBE9C7A2160] - 2009-07-16 - 12:30:03 ---A- . (...) -- C:\Windows\SysNative\WsmTxt.xsl [2426]
O44 - LFC:[MD5.3C436603213561E2E7DD3D4459DBB7D4] - 2009-07-16 - 12:30:03 ---A- . (...) -- C:\Windows\SysNative\wsmanconfig_schema.xml [4675]
O44 - LFC:[MD5.B2EDF82825D979928AE07CBE9C7A2160] - 2009-07-16 - 12:30:03 ---A- . (...) -- C:\Windows\System32\WsmTxt.xsl [2426]
O44 - LFC:[MD5.3C436603213561E2E7DD3D4459DBB7D4] - 2009-07-16 - 12:30:03 ---A- . (...) -- C:\Windows\System32\wsmanconfig_schema.xml [4675]
O44 - LFC:[MD5.F6D48AE1F578493D2E19DD644B153976] - 2009-08-01 - 01:27:37 ---A- . (...) -- C:\Windows\SysNative\winrm.vbs [201184]
O44 - LFC:[MD5.F6D48AE1F578493D2E19DD644B153976] - 2009-08-01 - 01:27:37 ---A- . (...) -- C:\Windows\System32\winrm.vbs [201184]
O44 - LFC:[MD5.AC3204E522A0026A50E0EB5CE3D46CEF] - 2012-06-07 - 20:30:46 ---A- . (...) -- C:\Windows\dd_vcredistMSI2C61.txt [468288]
O44 - LFC:[MD5.E763AFC59DCDE573C3594F5129CF90A8] - 2012-06-07 - 20:30:46 ---A- . (...) -- C:\Windows\dd_vcredistUI2C61.txt [11638]
O44 - LFC:[MD5.5587F43C82181792C7A2482DE250B671] - 2012-06-09 - 20:31:23 ---A- . (.Microsoft - Legacy GDF resource DLL.) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll [4240384]
O44 - LFC:[MD5.5587F43C82181792C7A2482DE250B671] - 2012-06-09 - 20:31:23 ---A- . (.Microsoft - Legacy GDF resource DLL.) -- C:\Windows\System32\GameUXLegacyGDFs.dll [4240384]
O44 - LFC:[MD5.BE1C5BD1CA7ED015BC6FA1AE67E592C8] - 2012-06-09 - 20:33:07 . (.AVAST Software - avast! start-up scanner.) -- C:\Windows\System32\FntCache.dll [285328]]]]
O44 - LFC:[MD5.7B520434A88C20D2E9670A27E0E0CF60] - 2012-06-09 - 20:52:58 . (.AVAST Software - avast! start-up scanner.) -- C:\Windows\System32\BthMtpContextHandler.dll [285328]]
O44 - LFC:[MD5.D44083ABF89328BC8B12A2E1A0765E7D] - 2012-06-14 - 20:35:28 . (.AVAST Software - avast! start-up scanner.) -- C:\Windows\System32\FNTCACHE.DAT [285328]]]
O44 - LFC:[MD5.D44083ABF89328BC8B12A2E1A0765E7D] - 2012-06-14 - 20:35:28 ---A- . (...) -- C:\Windows\SysNative\FNTCACHE.DAT [304792]
O44 - LFC:[MD5.26F4E577F4D53C68B94225178F6F002E] - 2012-06-26 - 17:06:06 ---A- . (...) -- C:\Windows\setupact.log [138608]
O44 - LFC:[MD5.FDDE0913339F3A0B649827B9D52CF093] - 2012-06-27 - 09:55:43 ---A- . (...) -- C:\Windows\SysNative\spsys.log [1576]
O44 - LFC:[MD5.84BA30FE31F12600FE279E10524F9BAE] - 2012-06-28 - 07:51:33 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\Windows\SysNative\aswBoot.exe [285328]
O44 - LFC:[MD5.84BA30FE31F12600FE279E10524F9BAE] - 2012-06-28 - 07:51:33 ---A- . (.AVAST Software - avast! start-up scanner.) -- C:\Windows\System32\aswBoot.exe [285328]
O44 - LFC:[MD5.0A1BC37515EF1F50794DCC057A4B99D2] - 2012-06-28 - 07:52:20 ---A- . (.AVAST Software - avast! Screen Saver stub.) -- C:\Windows\avastSS.scr [41224]
O44 - LFC:[MD5.785B84D3EB571E14CC68367A8C22759F] - 2012-06-29 - 21:12:11 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [1470810]
O44 - LFC:[MD5.AC789AFEE7701169E019FD4E5B828651] - 2012-06-29 - 21:12:11 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [101250]
O44 - LFC:[MD5.5CFE5DF549CB1E2FA903330F3D451071] - 2012-06-29 - 21:12:11 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat [123556]
O44 - LFC:[MD5.BD291D264FB5629A863F2CF226663776] - 2012-06-29 - 21:12:11 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [587178]
O44 - LFC:[MD5.E36E67198DA400FE55CA13821F79229D] - 2012-06-29 - 21:12:11 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat [669566]
O44 - LFC:[MD5.F6F5146977C4833BF105098E4D1AF1BD] - 2012-06-30 - 20:35:23 ---A- . (...) -- C:\Windows\PFRO.log [61342]
O44 - LFC:[MD5.141C74C4A7E76ABCD63A1CC2D4B323E5] - 2012-07-02 - 16:34:34 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2012-07-02 - 16:34:52 ---A- . (...) -- C:\Windows\SysNative\LogConfigTemp.xml [0]
O44 - LFC:[MD5.B52EAE3B2C1CB9080ED45125BE59AB04] - 2012-07-02 - 16:38:03 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1192326]
~ Scan Files in 00mn 03s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l'Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
~ Scan Keys in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Volume Manager Extension Driver.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ Scan CSB in 00mn 00s



---\\ MountPoints2 Shell Key (O51) (None)

---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ Scan Keys in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53) (None)

---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - TS Single Sign On Security Package.) -- C:\Windows\System32\credssp.dll
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=2
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "BindDirectlyToPropertySetStorage"=0
~ Scan Keys in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.F14215E37CF124104575073F782111D2] - 2008-01-20 - 21:46:53 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [486456]
O58 - SDL:[MD5.C6E5276C00EBDEB096BB5EF4B797D1B6] - 2008-06-11 - 10:13:24 ---A- . (.Acer, Inc. - int15.) -- C:\Windows\SysWOW64\drivers\int15.sys [15392]
~ Scan Drivers in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command
A voir également:

1 réponse

Réponse 1 / 1
juju666 Messages postés 35445 Date d'inscription jeudi 18 décembre 2008 Statut Contributeur sécurité Dernière intervention 5 mai 2017 4 795
3 juil. 2012 à 00:56
salut tu fais n'importe quoi avec ZHPFix ...

Attention : cet outil peut etre détecté à tort comme virus

tous les processus "non vitaux de windows" vont être coupés , enregistre ton travail.

Désactive toutes tes protections si possible , antivirus , sandbox , etc....

telecharge et enregistre Pre_Scan sur ton bureau :

http://forums-fec.be/gen-hackman/Pre_Scan.exe
http://general-changelog-team.fr/fr/downloads/viewdownload/41-outils-de-gen-hackman/52-pre-scan

Avertissement :Il y aura une extinction du bureau pendant le scan --> pas de panique.

une fois telechargé lance-le , laisse faire le scan jusqu'à l'apparition de "Pre_scan_la_date_et_l'heure.txt" sur le bureau.

si l'outil est relancé plusieurs fois , il te proposera un menu et qu'aucune option n'est demandée, lance l'option "Kill"

si l'outil est bloqué par l'infection utilise cette version avec extension .pif :

http://forums-fec.be/gen-hackman/Pre_Scan.pif

si l'outil detecte un proxy et que tu n'en as pas installé clique sur "supprimer le proxy"

Il se peut qu'une multitude de fenêtres noires clignotent , laisse-le travailler

Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra sur le bureau en fin de scan


NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)

Heberge le rapport sur http://pjjoint.malekal.com puis donne le lien obtenu en echange sur le forum où tu te fais aider

Si possible , confirme ou infirme l'utilisation de Defogger par Pre_Scan
0

Discussions similaires

Où est la touche SHIFT sur mon clavier d'ordi ?
joe! -
fernando-_ytb -

18 réponses