Ronydor1978
-
Compteur de contenus
53 -
Inscription
-
Dernière visite
Tout ce qui a été posté par Ronydor1978
-
Mise à jour Flash Player suspecte
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Version de la base de données: v2013.06.26.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Ronan :: RONAN-PC [administrateur] 26/06/2013 20:30:27 mbam-log-2013-06-26 (20-30-27).txt Type d'examen: Examen complet (C:\|D:\|F:\|G:\|H:\|I:\|) Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 492573 Temps écoulé: 1 heure(s), 8 minute(s), 43 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Valeur(s) du Registre détectée(s): 0 (Aucun élément nuisible détecté) Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 0 (Aucun élément nuisible détecté) (fin) -
Mise à jour Flash Player suspecte
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
############################## | UsbFix V 7.129 | [suppression] Utilisateur: Ronan (Administrateur) # RONAN-PC Mis à jour le 24/06/2013 par El Desaparecido Lancé à 20:23:09 | 26/06/2013 Site Web: http://sosvirus.net/ Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html Contact: contact@sosvirus.net PC: Gigabyte Technology Co., Ltd. (EP35-DS3R) (x64-based PC) CPU: Intel® Core2 Quad CPU Q6600 @ 2.40GHz (2400) RAM -> [Total : 4094 | Free : 2142] BIOS: Award Modular BIOS v6.00PG BOOT: Normal boot OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 10.0.9200.16618 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: Microsoft Security Essentials [Enabled | Updated] FW: Windows FireWall Service [Enabled] C:\ -> Disque fixe # 98 Go (23 Go libre(s) - 24%) [] # NTFS D:\ -> Disque fixe # 499 Go (191 Go libre(s) - 38%) [] # NTFS E:\ -> CD-ROM F:\ -> Disque fixe # 100 Go (15 Go libre(s) - 15%) [Nouveau nom] # NTFS G:\ -> Disque fixe # 599 Go (221 Go libre(s) - 37%) [Nouveau nom] # NTFS H:\ -> Disque amovible # 7 Go (6 Go libre(s) - 81%) [uSB DISK] # FAT32 I:\ -> Disque amovible # 7 Go (7 Go libre(s) - 99%) [uDISK 2.0] # NTFS ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | RunOnce : [innoSetupRegFile.0000000001] - "C:\Windows\is-0OO81.exe" /REG HKLM\SOFTWARE | RunOnce : [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [innoSetupRegFile.0000000001] - "C:\Windows\is-0OO81.exe" /REG HKLM\SOFTWARE\wow6432Node | RunOnce : [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-1579149833-2764425638-213566465-1000\SOFTWARE | Run : [skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun HKU\S-1-5-21-1579149833-2764425638-213566465-1000\SOFTWARE | Run : [pdiface] - C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow HKU\S-1-5-21-1579149833-2764425638-213566465-1001\SOFTWARE | Run : [sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-18\SOFTWARE | RunOnce : [sPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 ################## | Processus Stoppés | Stoppé! C:\Windows\system32\nvvsvc.exe (792) Stoppé! C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (820) Stoppé! C:\Program Files\Microsoft Security Client\MsMpEng.exe (936) Stoppé! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1400) Stoppé! C:\Windows\system32\nvvsvc.exe (1408) Stoppé! C:\Windows\System32\spoolsv.exe (1520) Stoppé! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1788) Stoppé! C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe (1864) Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1268) Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (1692) Stoppé! C:\Program Files\Microsoft Security Client\NisSrv.exe (2088) Stoppé! C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe (2888) Stoppé! C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe (2916) Stoppé! C:\Windows\system32\SearchIndexer.exe (3016) Stoppé! C:\Windows\system32\taskhost.exe (2688) Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (1592) Stoppé! C:\Program Files\Microsoft Security Client\msseces.exe (2124) Stoppé! C:\Program Files\Windows Sidebar\sidebar.exe (2456) Stoppé! C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (3160) Stoppé! C:\Windows\system32\NOTEPAD.EXE (3812) Stoppé! C:\Windows\system32\DllHost.exe (3976) Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3272) Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (2876) Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4048) Stoppé! C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (2240) Stoppé! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3356) Stoppé! C:\Windows\System32\WUDFHost.exe (3600) Stoppé! C:\Windows\SysWOW64\NOTEPAD.EXE (1580) ################## | Éléments infectieux | (!) Fichiers temporaires supprimés. ################## | Registre | Supprimé! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr ################## | Mountpoints2 | ################## | Listing | [17/09/2012 - 09:20:43 | SHD ] C:\$Recycle.Bin [24/06/2013 - 22:30:52 | N | 1414] C:\AdwCleaner[R1].txt [25/06/2013 - 22:37:40 | N | 1547] C:\AdwCleaner[R2].txt [25/06/2013 - 22:40:56 | N | 373] C:\AdwCleaner[s1].txt [25/06/2013 - 22:42:36 | N | 369] C:\AdwCleaner[s2].txt [20/05/2010 - 23:05:56 | D ] C:\audiograbber [10/06/2009 - 23:42:20 | N | 24] C:\autoexec.bat [25/08/2009 - 17:55:28 | N | 5565632] C:\BdUninstallTool2009.08.25-05.54.06.log [25/08/2009 - 17:55:14 | N | 16777269] C:\BdUninstallTool2009.08.25-05.54.06.log.old [25/08/2009 - 17:55:28 | N | 521485] C:\BdUninstallTool2009.08.25-05.54.06.reg [27/08/2009 - 17:34:53 | N | 5565920] C:\BdUninstallTool2009.08.27-05.33.15.log [27/08/2009 - 17:34:42 | N | 16777264] C:\BdUninstallTool2009.08.27-05.33.15.log.old [27/08/2009 - 17:34:53 | N | 418519] C:\BdUninstallTool2009.08.27-05.33.15.reg [24/02/2011 - 01:26:21 | SHD ] C:\Boot [28/01/2009 - 01:26:32 | N | 216] C:\Boot.BAK [22/10/2009 - 21:11:23 | N | 360] C:\Boot.ini.saved [02/03/2006 - 14:00:00 | N | 4952] C:\Bootfont.bin [20/11/2010 - 14:40:07 | RASH | 383786] C:\bootmgr [14/10/2010 - 12:48:03 | N | 8192] C:\BOOTSECT.BAK [31/03/2009 - 22:29:52 | D ] C:\bureau [25/08/2009 - 12:58:03 | N | 13790] C:\ComboFix.txt [10/06/2009 - 23:42:20 | N | 10] C:\config.sys [14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings [25/10/2009 - 13:15:38 | D ] C:\Downloads [26/06/2013 - 10:02:19 | ASH | 3220037632] C:\hiberfil.sys [26/11/2008 - 15:56:46 | D ] C:\Intel [26/11/2008 - 15:41:18 | N | 0] C:\IO.SYS [26/06/2013 - 19:37:36 | D ] C:\JRT [06/05/2010 - 11:16:24 | N | 127] C:\mbam-error.txt [26/11/2008 - 15:41:18 | N | 0] C:\MSDOS.SYS [07/06/2012 - 22:19:53 | RHD ] C:\MSOCache [02/03/2006 - 14:00:00 | N | 47564] C:\NTDETECT.COM [29/11/2008 - 13:32:00 | N | 252240] C:\ntldr [06/09/2011 - 08:21:51 | D ] C:\NVIDIA [26/06/2013 - 10:02:22 | ASH | 4293386240] C:\pagefile.sys [13/07/2012 - 21:08:27 | D ] C:\PerfLogs [24/06/2013 - 15:59:42 | N | 512] C:\PhysicalDisk0_MBR.bin [02/01/2013 - 21:54:26 | D ] C:\Program Files [26/06/2013 - 20:01:39 | D ] C:\Program Files (x86) [26/06/2013 - 20:01:40 | HD ] C:\ProgramData [17/10/2010 - 13:33:22 | D ] C:\PyGrenouille [25/08/2009 - 12:58:05 | D ] C:\Qoobox [26/11/2008 - 16:02:20 | D ] C:\RaidTool [14/10/2010 - 11:57:58 | SHD ] C:\Recovery [27/08/2009 - 09:12:43 | SHD ] C:\RECYCLER [24/08/2009 - 13:44:52 | D ] C:\rsit [22/10/2009 - 18:53:35 | N | 122] C:\service.log [04/01/2010 - 14:30:44 | D ] C:\Sounds [26/06/2013 - 11:49:02 | SHD ] C:\System Volume Information [09/04/2013 - 11:43:10 | D ] C:\temp [26/06/2013 - 20:24:14 | D ] C:\UsbFix [26/06/2013 - 20:24:27 | A | 8004] C:\UsbFix [Clean 1] RONAN-PC.txt [26/06/2013 - 20:18:08 | N | 6031] C:\UsbFix [scan 1] RONAN-PC.txt [23/07/2011 - 00:53:34 | D ] C:\Users [24/06/2013 - 22:34:39 | D ] C:\Windows [24/06/2013 - 22:15:17 | D ] C:\ZHP [15/10/2010 - 11:24:12 | SHD ] D:\$RECYCLE.BIN [21/07/2009 - 00:34:31 | D ] D:\1aefca834fa513535ce530 [26/10/2012 - 13:21:18 | D ] D:\a remettre sur clef usb EMTEC 8 gb [11/12/2012 - 23:25:42 | N | 48040] D:\annualisationstudio 2012 modifiée le 11 12 2012.xlsx [18/09/2012 - 20:48:31 | N | 325096] D:\cv Patricia ORELLANA 0912.pdf [26/03/2013 - 19:10:02 | D ] D:\Dropbox copie fichiers le 23 02 2013 [06/12/2012 - 20:40:57 | D ] D:\Enregistrement concert contre le Sida le 1er décembre 2012 [23/10/2012 - 08:23:50 | D ] D:\enregistrement concert grouoes studio 20 10 2012 [28/11/2012 - 02:04:14 | D ] D:\enregistrement concert le 24 11 [15/01/2012 - 17:01:34 | D ] D:\enregistrement groupe joaquim le 13 01 [03/02/2012 - 10:22:03 | D ] D:\enregistrement sur la voie du blues 3e édition [09/04/2012 - 19:03:15 | D ] D:\enregitrements MD [28/08/2011 - 12:40:53 | D ] D:\MANUELS [31/10/2009 - 12:48:23 | RHD ] D:\MSOCache [22/10/2009 - 19:44:44 | D ] D:\paty + photos [29/05/2013 - 21:28:51 | D ] D:\PHOTOS [30/11/2008 - 17:08:19 | SHD ] D:\RECYCLER [02/01/2013 - 22:00:23 | D ] D:\RENAN ATELIER HIP-HOP [28/12/2012 - 10:38:24 | N | 256915144] D:\RENAN ATELIER HIP-HOP.zip [01/09/2012 - 09:45:11 | D ] D:\Ronan [03/12/2012 - 14:13:10 | D ] D:\Sauvegarde Samsung note 2 le 2 12 2012 [14/05/2012 - 17:15:01 | D ] D:\sauvegarde WD le 14 05 2012 [07/03/2013 - 20:12:13 | D ] D:\studio [29/11/2008 - 12:23:30 | SHD ] D:\System Volume Information [29/03/2013 - 10:24:05 | D ] D:\vacances hiver 2013 [02/03/2011 - 13:39:35 | D ] D:\video festival sur la voie du blues 1ere édition 2010 [24/06/2011 - 12:09:43 | D ] D:\vieilles charrues cd pour compil [11/04/2011 - 15:29:02 | D ] D:\Volphonics CONCERT JAM FUNK Wav [25/01/2012 - 23:05:00 | D ] D:\yom from mars + wine & cheers_data [17/09/2012 - 09:20:43 | SHD ] F:\$RECYCLE.BIN [11/10/2012 - 19:27:13 | D ] F:\BR0 ancien [27/11/2012 - 23:23:37 | D ] F:\BR0 sauvegarde le 27 11 2012 [06/12/2012 - 20:03:13 | D ] F:\bro sauvegarde du 1er 12 2012 [08/12/2012 - 00:01:59 | D ] F:\Camera Upload appareil photo dechargement dropbox le 7 12 2012 [03/06/2013 - 21:28:17 | D ] F:\Musique [11/06/2013 - 10:53:25 | D ] F:\pod hd [02/12/2008 - 17:12:29 | SHD ] F:\RECYCLER [30/03/2011 - 10:47:21 | D ] F:\REVOK [18/09/2012 - 19:14:59 | D ] F:\Selection mp3 [02/12/2008 - 17:14:21 | SHD ] F:\System Volume Information [01/02/2013 - 14:34:12 | D ] F:\temporaire [03/06/2013 - 21:40:11 | D ] F:\Windows Burn Temp Files [15/10/2010 - 11:24:13 | SHD ] G:\$RECYCLE.BIN [25/04/2010 - 16:36:30 | D ] G:\acta en pdf [27/10/2012 - 11:00:02 | D ] G:\audacity enreigstrements [14/12/2008 - 18:59:48 | D ] G:\autres personnes [24/07/2011 - 22:26:34 | N | 1544771] G:\bagatelles pour un massacre Louis ferdinand Celine.pdf [19/06/2009 - 14:29:33 | N | 141657] G:\charte musique et handicap.pdf [20/11/2009 - 15:48:50 | N | 29184] G:\Copro_1.doc [16/12/2009 - 16:37:19 | N | 56823] G:\devis 144.pdf [15/12/2009 - 19:46:25 | D ] G:\devis mao formations [10/02/2010 - 10:16:18 | D ] G:\ECHO DU LOCAL AFTER 2 [25/10/2009 - 17:54:38 | D ] G:\emission enregistrées sur tv [27/01/2010 - 13:44:14 | D ] G:\FILMS [10/12/2009 - 14:53:56 | N | 24576] G:\Formation technique son module 1 infos.doc [29/03/2011 - 08:30:31 | D ] G:\free download manager [31/10/2009 - 13:32:37 | N | 528] G:\MediaID.bin [31/08/2012 - 14:43:47 | D ] G:\msdownld.tmp [18/05/2009 - 09:20:33 | D ] G:\MUSIQUES [27/09/2012 - 07:38:39 | D ] G:\Musiques gillou suite [12/11/2009 - 02:21:11 | N | 2167296] G:\photo inti concert 5 novembre.doc [03/10/2011 - 09:35:59 | D ] G:\PHOTOS [18/12/2008 - 13:26:02 | D ] G:\projet musique andine [03/12/2008 - 01:56:56 | SHD ] G:\RECYCLER [24/07/2012 - 16:58:46 | D ] G:\sauvegarde carte photo le 16 09 2009 [08/11/2009 - 20:00:21 | SHD ] G:\System Volume Information [08/01/2010 - 10:10:41 | N | 20992] G:\VACANCES de anim jour 2010.xls [24/10/2009 - 12:02:30 | N | 38735] G:\winnipeg article.odt [15/12/2009 - 12:58:24 | N | 1560740] G:\ZhuanFalun_Fr.pdf [18/04/2013 - 11:06:30 | D ] H:\ronan photos tremplin [18/04/2013 - 14:18:50 | D ] H:\video portable tremplin [19/04/2013 - 18:29:02 | HD ] H:\RECYCLER [22/04/2013 - 08:25:40 | D ] H:\Autorun.inf [22/04/2013 - 08:25:34 | SHD ] I:\Autorun.inf [26/06/2013 - 20:24:07 | HD ] I:\RECYCLER ################## | Vaccin | C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) G:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) H:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) I:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) ################## | E.O.F | http://sosvirus.net | -
Mise à jour Flash Player suspecte
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
############################## | UsbFix V 7.129 | [Recherche] Utilisateur: Ronan (Administrateur) # RONAN-PC Mis à jour le 24/06/2013 par El Desaparecido Lancé à 20:16:54 | 26/06/2013 Site Web: http://sosvirus.net/ Upload Malware: http://www.sosvirus.net/upload-malware-pour-analyse-t489.html Contact: contact@sosvirus.net PC: Gigabyte Technology Co., Ltd. (EP35-DS3R) (x64-based PC) CPU: Intel® Core2 Quad CPU Q6600 @ 2.40GHz (2400) RAM -> [Total : 4094 | Free : 2323] BIOS: Award Modular BIOS v6.00PG BOOT: Normal boot OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1 WB: Windows Internet Explorer 10.0.9200.16618 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: Microsoft Security Essentials [Enabled | Updated] FW: Windows FireWall Service [Enabled] C:\ -> Disque fixe # 98 Go (23 Go libre(s) - 24%) [] # NTFS D:\ -> Disque fixe # 499 Go (191 Go libre(s) - 38%) [] # NTFS E:\ -> CD-ROM F:\ -> Disque fixe # 100 Go (15 Go libre(s) - 15%) [Nouveau nom] # NTFS G:\ -> Disque fixe # 599 Go (221 Go libre(s) - 37%) [Nouveau nom] # NTFS H:\ -> Disque amovible # 7 Go (6 Go libre(s) - 81%) [uSB DISK] # FAT32 I:\ -> Disque amovible # 7 Go (7 Go libre(s) - 99%) [uDISK 2.0] # NTFS ################## | Processus Actif | C:\Windows\system32\csrss.exe (436) C:\Windows\system32\wininit.exe (496) C:\Windows\system32\csrss.exe (516) C:\Windows\system32\services.exe (564) C:\Windows\system32\winlogon.exe (588) C:\Windows\system32\lsass.exe (624) C:\Windows\system32\lsm.exe (640) C:\Windows\system32\svchost.exe (736) C:\Windows\system32\nvvsvc.exe (792) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (820) C:\Windows\system32\svchost.exe (864) C:\Program Files\Microsoft Security Client\MsMpEng.exe (936) C:\Windows\System32\svchost.exe (444) C:\Windows\System32\svchost.exe (508) C:\Windows\system32\svchost.exe (628) C:\Windows\system32\svchost.exe (300) C:\Windows\system32\svchost.exe (1204) C:\Windows\system32\svchost.exe (1296) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1400) C:\Windows\system32\nvvsvc.exe (1408) C:\Windows\System32\spoolsv.exe (1520) C:\Windows\system32\svchost.exe (1620) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1788) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe (1864) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1268) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (1692) C:\Program Files\Microsoft Security Client\NisSrv.exe (2088) C:\Windows\system32\wbem\unsecapp.exe (2180) C:\Windows\system32\svchost.exe (2260) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe (2888) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe (2916) C:\Windows\system32\SearchIndexer.exe (3016) C:\Windows\system32\svchost.exe (968) C:\Windows\system32\taskhost.exe (2688) C:\Windows\system32\Dwm.exe (872) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (1592) C:\Program Files\Microsoft Security Client\msseces.exe (2124) C:\Program Files\Windows Sidebar\sidebar.exe (2456) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (3160) C:\Windows\system32\NOTEPAD.EXE (3812) C:\Windows\explorer.exe (220) C:\Windows\system32\DllHost.exe (3976) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3272) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (2876) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4048) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (2240) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3356) C:\UsbFix\Go.exe (856) C:\Windows\system32\wbem\wmiprvse.exe (2912) C:\Windows\system32\taskeng.exe (1348) C:\Windows\explorer.exe (692) C:\Windows\System32\WUDFHost.exe (3600) ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | RunOnce : [innoSetupRegFile.0000000001] - "C:\Windows\is-0OO81.exe" /REG HKLM\SOFTWARE | RunOnce : [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent HKLM\SOFTWARE | RunOnce : [] - HKLM\SOFTWARE\wow6432Node | RunOnce : [innoSetupRegFile.0000000001] - "C:\Windows\is-0OO81.exe" /REG HKLM\SOFTWARE\wow6432Node | RunOnce : [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent HKLM\SOFTWARE\wow6432Node | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-1579149833-2764425638-213566465-1000\SOFTWARE | Run : [skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun HKU\S-1-5-21-1579149833-2764425638-213566465-1000\SOFTWARE | Run : [pdiface] - C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow HKU\S-1-5-21-1579149833-2764425638-213566465-1001\SOFTWARE | Run : [sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-18\SOFTWARE | RunOnce : [sPReview] - "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 ################## | Éléments infectieux | ################## | Registre | Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr ################## | Mountpoints2 | ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné! ################## | E.O.F | http://sosvirus.net | -
Mise à jour Flash Player suspecte
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
Petite question avant de lancer MBAM je souhaiterais savoir s'il faut comme indiquer brancher mes disques amovibles car je sais que j'ai encore ce virus recycler dedans? -
Mise à jour Flash Player suspecte
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
Rapport de SFTGC (Pierre13) du Mercredi 26 Juin 2013 à 19:51:43 version : 2.0.0.50 Mis à jour le 20/06/2013 Outil lancé en Mode normal et En tant qu'administrateur Windows 7 Home Premium Service Pack 1 64 bits Tool start in C:\Users\Ronan\Downloads 176 éléments supprimés => 527.23 Mo libérés. (1 mn 38 s) \Users\Ronan\AppData\Local\Temp\FotoSchauBilder \Users\Ronan\AppData\Local\Temp\WPDNSE \Users\Ronan\AppData\LocalLow\Microsoft\Silverlight \Users\Ronan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Sqm \Users\Ronan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\42QYNCVG \Users\Ronan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FSUKWNQB \Users\Ronan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GZ9UV6C9 \Users\Ronan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HMZ5EZLL \Users\Ronan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M6HD31OA \Users\Ronan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S89R2PPO \Users\Ronynavigation\AppData\Local\Temp\OICE_5ADECE90-B1E6-409D-9F41-EDEEFDFD5248.0\6FA7ABCA. \Users\Ronynavigation\AppData\Local\Temp\Low\OICE_CC8B1C0B-E694-4654-9B76-42589CE822E0.0\75BE56B4. \Users\Ronynavigation\AppData\Local\Temp\Low\OICE_CA52BEF5-428F-44B7-96ED-7FC85A25EC22.0\DCDF5E4C. \Users\Ronynavigation\AppData\Local\Temp\Low\OICE_AEB2BD3C-6B74-42F6-B45F-4EAAF2D1286B.0\1223816A. \Users\Ronynavigation\AppData\Local\Temp\Low\OICE_35F8A261-94BB-4414-B970-97B86E220CE3.0\F90ED606. \Users\Ronynavigation\AppData\Local\Temp\Low\OICE_22B78D3A-1FC6-4F8D-96BF-DC491B9D05E3.0\1CE16316. \Users\Ronynavigation\AppData\Local\Temp\Low\OICE_1EAD294C-3F2C-4868-91B6-057145661987.0\E846079D. \Users\Ronynavigation\AppData\Local\Temp\Low\OICE_11D32763-D2E6-4E26-9F38-C59CABBF6CE3.0\43187EA0. \Users\Ronynavigation\AppData\LocalLow\Microsoft\IME12 \Users\Ronynavigation\AppData\LocalLow\Microsoft\IMJP12 \Users\Ronynavigation\AppData\LocalLow\Microsoft\IMJP8_1 \Users\Ronynavigation\AppData\LocalLow\Microsoft\IMJP9_0 \Users\Ronynavigation\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A3B9D62X \Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\SQM \Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations \Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations C:\Users\Ronan\AppData\Local\Temp\AdwCleaner.jpg C:\Users\Ronan\AppData\Local\Temp\dd_vcredistMSI69F2.txt C:\Users\Ronan\AppData\Local\Temp\dd_vcredistUI69F2.txt C:\Users\Ronan\AppData\Local\Temp\Delete.ico C:\Users\Ronan\AppData\Local\Temp\Donate.ico C:\Users\Ronan\AppData\Local\Temp\JRT.txt C:\Users\Ronan\AppData\Local\Temp\nsis-temp.txt C:\Users\Ronan\AppData\Local\Temp\nsl12E6.tmp C:\Users\Ronan\AppData\Local\Temp\Search.ico C:\Users\Ronan\AppData\Local\Temp\Uninstall.ico C:\Users\Ronan\AppData\Local\Temp\~DFCDBFC55F8C14ADC0.TMP C:\Users\Ronan\AppData\Local\Temp\~DFE162480A2E0CEA89.TMP C:\Users\Ronan\AppData\Local\Temp\~nsu.tmp C:\Users\Ronan\AppData\Local\Temp\~nsu.tmp\Au_.exe C:\Users\Ronan\AppData\Local\Temp\nsl12E6.tmp\RealProgress.dll C:\Windows\TEMP\BA424C896E1603D44A50F1E0E7E8F987-Sigs C:\Windows\TEMP\Low C:\Windows\TEMP\MpCmdRun.log C:\Windows\TEMP\MpSigStub.log C:\Windows\Prefetch\ACRORD32.EXE-56554EBE.pf C:\Windows\Prefetch\ADOBEARM.EXE-F9223367.pf C:\Windows\Prefetch\ADWCLEANER (1).EXE-F9A7C969.pf C:\Windows\Prefetch\ADWCLEANER.EXE-2B26F167.pf C:\Windows\Prefetch\AgAppLaunch.db C:\Windows\Prefetch\AgCx_S1_S-1-5-21-1579149833-2764425638-213566465-1001.snp.db C:\Windows\Prefetch\AgCx_SC1.db C:\Windows\Prefetch\AgCx_SC1.db.trx C:\Windows\Prefetch\AgCx_SC3_66D1F424CEDE5337.db C:\Windows\Prefetch\AgCx_SC4.db C:\Windows\Prefetch\AgGlFaultHistory.db C:\Windows\Prefetch\AgGlFgAppHistory.db C:\Windows\Prefetch\AgGlGlobalHistory.db C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1579149833-2764425638-213566465-1000.db C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1579149833-2764425638-213566465-1001.db C:\Windows\Prefetch\AgGlUAD_S-1-5-21-1579149833-2764425638-213566465-1000.db C:\Windows\Prefetch\AgGlUAD_S-1-5-21-1579149833-2764425638-213566465-1001.db C:\Windows\Prefetch\AgRobust.db C:\Windows\Prefetch\AM_DELTA_PATCH_1.153.470.0.EX-3D9ED831.pf C:\Windows\Prefetch\ATBROKER.EXE-5CD29207.pf C:\Windows\Prefetch\ATELIER PHOTO FNAC.EXE-616312CA.pf C:\Windows\Prefetch\AU_.EXE-063F3200.pf C:\Windows\Prefetch\BUBBLES.SCR-6885EEB6.pf C:\Windows\Prefetch\CALC.EXE-43F37294.pf C:\Windows\Prefetch\CCLEANER64.EXE-4469D777.pf C:\Windows\Prefetch\CHROME.EXE-5349D2D7.pf C:\Windows\Prefetch\CMD.EXE-6D6290C5.pf C:\Windows\Prefetch\CONHOST.EXE-0C6456FB.pf C:\Windows\Prefetch\CONSENT.EXE-40419367.pf C:\Windows\Prefetch\CSCRIPT.EXE-FCD9ABA9.pf C:\Windows\Prefetch\CTFMON.EXE-43603594.pf C:\Windows\Prefetch\CUT.DAT-C05A88A7.pf C:\Windows\Prefetch\DEVICEDISPLAYOBJECTPROVIDER.E-D37241ED.pf C:\Windows\Prefetch\DINOTIFY.EXE-6465574B.pf C:\Windows\Prefetch\DLLHOST.EXE-4B6CB38A.pf C:\Windows\Prefetch\DLLHOST.EXE-4F1B3E7E.pf C:\Windows\Prefetch\DLLHOST.EXE-576CF6B2.pf C:\Windows\Prefetch\DLLHOST.EXE-6389524F.pf C:\Windows\Prefetch\DLLHOST.EXE-63B92852.pf C:\Windows\Prefetch\DLLHOST.EXE-851C5C91.pf C:\Windows\Prefetch\DLLHOST.EXE-960426D8.pf C:\Windows\Prefetch\DLLHOST.EXE-D49D3641.pf C:\Windows\Prefetch\DLLHOST.EXE-D9DCD0F3.pf C:\Windows\Prefetch\DLLHOST.EXE-EE326293.pf C:\Windows\Prefetch\DROPBOX.EXE-5FE58967.pf C:\Windows\Prefetch\DRVINST.EXE-39D9EAC7.pf C:\Windows\Prefetch\DWM.EXE-314E93C5.pf C:\Windows\Prefetch\ERUNT.EXE-2FBA03A0.pf C:\Windows\Prefetch\EXPLORER.EXE-D5E97654.pf C:\Windows\Prefetch\FC.EXE-CE11E8DE.pf C:\Windows\Prefetch\FIND.EXE-66A35B26.pf C:\Windows\Prefetch\FINDSTR.EXE-5986D423.pf C:\Windows\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-0129C0B2.pf C:\Windows\Prefetch\FLASHUTIL64_11_7_700_224_ACTI-433DC67C.pf C:\Windows\Prefetch\FSUTIL.EXE-D55680E4.pf C:\Windows\Prefetch\GOOGLEUPDATE.EXE-0E1E7B82.pf C:\Windows\Prefetch\HELPPANE.EXE-2CB7BD18.pf C:\Windows\Prefetch\IEXPLORE.EXE-058FE8F5.pf C:\Windows\Prefetch\IEXPLORE.EXE-A033F7A0.pf C:\Windows\Prefetch\INSTALL.EXE-C7208F8F.pf C:\Windows\Prefetch\IPCONFIG.EXE-BFEC2AD0.pf C:\Windows\Prefetch\JRT (2).EXE-B66D6DD0.pf C:\Windows\Prefetch\Layout.ini C:\Windows\Prefetch\MA GALERIE PHOTO.EXE-C73BABC7.pf C:\Windows\Prefetch\MAKECAB.EXE-FC3CBE21.pf C:\Windows\Prefetch\MBRCHECK.EXE-BF6906CC.pf C:\Windows\Prefetch\MPCMDRUN.EXE-BA176062.pf C:\Windows\Prefetch\MPSIGSTUB.EXE-5D0450B3.pf C:\Windows\Prefetch\MSCORSVW.EXE-16B291C4.pf C:\Windows\Prefetch\MSCORSVW.EXE-8CE1A322.pf C:\Windows\Prefetch\MSDT.EXE-D579957D.pf C:\Windows\Prefetch\MSIEXEC.EXE-8FFB1633.pf C:\Windows\Prefetch\MSSECES.EXE-46210423.pf C:\Windows\Prefetch\NIRCMD.DAT-181B163C.pf C:\Windows\Prefetch\NOTEPAD.EXE-032BB3D8.pf C:\Windows\Prefetch\NOTEPAD.EXE-C5670914.pf C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf C:\Windows\Prefetch\NVTRAY.EXE-39D19720.pf C:\Windows\Prefetch\PfSvPerfStats.bin C:\Windows\Prefetch\PREVHOST.EXE-7DD93B84.pf C:\Windows\Prefetch\RAVCPL64.EXE-4BB80510.pf C:\Windows\Prefetch\ReadyBoot C:\Windows\Prefetch\REG.EXE-0AC99A87.pf C:\Windows\Prefetch\ROUTE.EXE-121C5018.pf C:\Windows\Prefetch\RUNDLL32.EXE-0D53616E.pf C:\Windows\Prefetch\RUNDLL32.EXE-51CCB287.pf C:\Windows\Prefetch\RUNDLL32.EXE-6FD72002.pf C:\Windows\Prefetch\RUNDLL32.EXE-D2A040D5.pf C:\Windows\Prefetch\RUNDLL32.EXE-F632BF02.pf C:\Windows\Prefetch\RUNDLL32.EXE-F96DD046.pf C:\Windows\Prefetch\SC.EXE-F4E1A8F7.pf C:\Windows\Prefetch\SDIAGNHOST.EXE-B3171AA1.pf C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-44162447.pf C:\Windows\Prefetch\SEARCHINDEXER.EXE-1CF42BC6.pf C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf C:\Windows\Prefetch\SETUP_ATELIER_PHOTO_FNAC.EXE-20452CD4.pf C:\Windows\Prefetch\SETUP_ATELIER_PHOTO_FNAC.EXE-26964A77.pf C:\Windows\Prefetch\SFTGC (1).EXE-8E3B94CC.pf C:\Windows\Prefetch\SHORTCUT.DAT-134C43D7.pf C:\Windows\Prefetch\SIDEBAR.EXE-BA7094F6.pf C:\Windows\Prefetch\SPPSVC.EXE-96070FE0.pf C:\Windows\Prefetch\SVCHOST.EXE-67EC2DA7.pf C:\Windows\Prefetch\SVCHOST.EXE-6A249820.pf C:\Windows\Prefetch\SVCHOST.EXE-6E1A6101.pf C:\Windows\Prefetch\SVCHOST.EXE-EDA5A3D2.pf C:\Windows\Prefetch\TASKENG.EXE-35FA9C06.pf C:\Windows\Prefetch\TASKHOST.EXE-A0F5E092.pf C:\Windows\Prefetch\TASKKILL.EXE-0ECD41EC.pf C:\Windows\Prefetch\TASKLIST.EXE-4641012C.pf C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-766EFF52.pf C:\Windows\Prefetch\UNINSTALL.EXE-26428E04.pf C:\Windows\Prefetch\USERINIT.EXE-5114915C.pf C:\Windows\Prefetch\VCREDIST_X86.EXE-91098F3F.pf C:\Windows\Prefetch\VSSVC.EXE-6C8F0C66.pf C:\Windows\Prefetch\WERFAULT.EXE-155C56CF.pf C:\Windows\Prefetch\WERFAULT.EXE-661188F3.pf C:\Windows\Prefetch\WERMGR.EXE-F439C551.pf C:\Windows\Prefetch\WEVTUTIL.EXE-6ECA815D.pf C:\Windows\Prefetch\WLXPHOTOGALLERY.EXE-23C23094.pf C:\Windows\Prefetch\WMIADAP.EXE-BB21CD77.pf C:\Windows\Prefetch\WMIPRVSE.EXE-E8B8DD29.pf C:\Windows\Prefetch\WMPLAYER.EXE-EBBA463B.pf C:\Windows\Prefetch\WMPNETWK.EXE-F6E20E14.pf C:\Windows\Prefetch\WMPNSCFG.EXE-18FC9E64.pf C:\Windows\Prefetch\WUAUCLT.EXE-5D573F0E.pf C:\Windows\Prefetch\WUDFHOST.EXE-DEBBE5F1.pf C:\Windows\Prefetch\ReadyBoot\Trace1.fx C:\Windows\Prefetch\ReadyBoot\Trace10.fx C:\Windows\Prefetch\ReadyBoot\Trace2.fx C:\Windows\Prefetch\ReadyBoot\Trace3.fx C:\Windows\Prefetch\ReadyBoot\Trace9.fx Corbeille vidée. Fin du rapport. -
Mise à jour Flash Player suspecte
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by Ronan on 26/06/2013 at 19:37:56,00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 26/06/2013 at 19:41:20,20 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -
Mise à jour Flash Player suspecte
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
Rapport de ZHPFix 2013.6.12.3 par Nicolas Coolman, Update du 12/06/2013 Fichier d'export Registre : Run by Ronan at 24/06/2013 22:15:06 High Elevated Privileges : OK Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Corbeille vidée ========== Processus mémoire ========== SUPPRIME Memory Process: C:\Users\Ronan\AppData\Local\Temp\instloffer.exe ========== Clé(s) du Registre ========== SUPPRIME Key: HKCU\Software\iLivid ABSENT Key: HKCU\Software\ilivid ========== Valeur(s) du Registre ========== ABSENT Valeur Standard Profile: FirewallRaz : ABSENT Valeur Domain Profile: FirewallRaz : SUPPRIME FirewallRaz (Domain) : NetPres-In-TCP-NoScope SUPPRIME FirewallRaz (Domain) : NetPres-Out-TCP-NoScope SUPPRIME FirewallRaz (None) : NetPres-WSD-In-UDP SUPPRIME FirewallRaz (None) : NetPres-WSD-Out-UDP SUPPRIME FirewallRaz (Public) : NetPres-In-TCP SUPPRIME FirewallRaz (Public) : NetPres-Out-TCP SUPPRIME FirewallRaz (Public) : TCP Query User{8176C078-5BEF-4F2C-AB91-1D9CEED6A6C1}C:\program files (x86)\winamp\winamp.exe SUPPRIME FirewallRaz (Public) : UDP Query User{5CBE4105-4D0D-473C-8DD0-BD7D2A329A54}C:\program files (x86)\winamp\winamp.exe SUPPRIME FirewallRaz (Public) : {AC34F885-9182-4A09-9C87-6B4D6E444FB4} SUPPRIME FirewallRaz (Public) : {AA80809D-9267-4C13-813F-3334A591873A} SUPPRIME FirewallRaz (Public) : {3DECEB9E-6867-4B4B-B04F-62A78250A4B9} SUPPRIME FirewallRaz (Public) : {7136EABE-986D-4729-A1E9-D2E8D1DCDBE9} ========== Dossier(s) ========== SUPPRIME Temporaires Windows SUPPRIME Flash Cookies ========== Fichier(s) ========== SUPPRIME File: c:\users\ronan\appdata\local\temp\instloffer.exe ABSENT Folder/File: c:\users\ronan\appdata\local\temp\instloffer.exe SUPPRIME File: C:\Users\Ronan\AppData\Local\Temp\square_sweetim.bmp SUPPRIME File: C:\Users\Ronan\AppData\Local\Temp\toolbar_sweetim.bmp SUPPRIME File*: c:\users\ronan\appdata\local\temp\toolbar_sweetim.bmp SUPPRIME File: C:\Users\Ronan\AppData\Local\Temp\square_babylon.bmp SUPPRIME File: C:\Users\Ronan\AppData\Local\Temp\square_babylonv2.bmp SUPPRIME Temporaires Windows SUPPRIME Flash Cookies ========== Autre ========== NON TRAITE Annonce n° : 50691 Offres d'emploi Techniciens date de l'annonce : 24 Juin 2013 NON TRAITE Technicien Supérieur en Biologie Cellulaire/Biochimie transferer cette annoncetransferer cette annonce NON TRAITE Dans le cadre d’un projet de recherche pluridisciplinaire, nous recrutons un assistant ingénieur pour participer à ce projet et contribuer à ses avancées. Notre équipe est implantée au sein de l’Unité de Biologie Fonctionnelle et Adaptative à l’Universit NON TRAITE Nos recherches se focalisent sur les réponses induites par les particules atmosphériques fines et ultrafines sur l’épithélium respiratoire in vitro. NON TRAITE Profil recherché : NON TRAITE Niveau Bac +3 (BTS/DUT et Licence professionnelle filière Biologie) avec une première expérience professionnelle. NON TRAITE Maîtrise des techniques de culture cellulaire et de HPLC, bases de biochimie et biologie moléculaire (purification d’ARN, RT-PCR, gel d’ADN, etc). Maitrise des outils informatiques d’exploitation des données. NON TRAITE Qualités professionnelles souhaitées : NON TRAITE Nous recherchons pour ce poste une personne capable de s’adapter rapidement à des tâches variées. D’une manière générale, vous devrez faire preuve de dynamisme, d’autonomie, d’un bon sens de l’organisation et de rigueur expérimentale. Une tenue rigoureuse NON TRAITE Prise de fonction : NON TRAITE A compter de septembre 2013. NON TRAITE Pour postuler à cette offre, merci d’envoyer CV et lettre de motivation à : NON TRAITE baeza@univ-paris-diderot.fr NON TRAITE Pour en savoir plus sur notre équipe : NON TRAITE http://www.bfa.univ-paris-diderot.fr/spip.php?rubrique51 NON TRAITE Société : NON TRAITE Service : NON TRAITE Adresse : 5 rue Thomas Mann NON TRAITE 75 20 PARIS NON TRAITE Nom : Dr BAEZA NON TRAITE Email : email ========== Récapitulatif ========== 1 : Processus mémoire 2 : Clé(s) du Registre 14 : Valeur(s) du Registre 2 : Dossier(s) 9 : Fichier(s) 21 : Autre End of clean in 00mn 11s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 24/06/2013 22:15:17 [4249] -
Mise à jour Flash Player suspecte
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
Voici la réponse # AdwCleaner v2.303 - Rapport créé le 25/06/2013 à 22:37:27 # Mis à jour le 08/06/2013 par Xplode # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits) # Nom d'utilisateur : Ronan - RONAN-PC # Mode de démarrage : Normal # Exécuté depuis : C:\Users\Ronynavigation\Downloads\adwcleaner.exe # Option [Recherche] ***** [services] ***** ***** [Fichiers / Dossiers] ***** Dossier Présent : C:\Users\Ronynavigation\AppData\Local\Ilivid ***** [Registre] ***** ***** [Navigateurs] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Le registre ne contient aucune entrée illégitime. -\\ Mozilla Firefox v [impossible d'obtenir la version] Fichier : C:\Users\Ronan\AppData\Roaming\Mozilla\Firefox\Profiles\hlgax87y.default\prefs.js [OK] Le fichier ne contient aucune entrée illégitime. Fichier : C:\Users\Ronynavigation\AppData\Roaming\Mozilla\Firefox\Profiles\aw4pv8z0.default\prefs.js [OK] Le fichier ne contient aucune entrée illégitime. -\\ Google Chrome v28.0.1500.52 Fichier : C:\Users\Ronan\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Le fichier ne contient aucune entrée illégitime. Fichier : C:\Users\Ronynavigation\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Le fichier ne contient aucune entrée illégitime. ************************* AdwCleaner[R1].txt - [1414 octets] - [24/06/2013 22:30:44] AdwCleaner[R2].txt - [1420 octets] - [25/06/2013 22:37:27] ########## EOF - \AdwCleaner[R2].txt - [1480 octets] ########## -
Mise à jour Flash Player suspecte
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
merci beaucoup voici donc le lien http://cjoint.com/13jn/CFyrr15J31r.htm -
Mise à jour Flash Player suspecte
Ronydor1978 a posté un sujet dans Analyses et éradication malwares
Bonjour à tous J'ai un petit souci lorsque je surf assez régulièrement une fenêtre s'ouvre et me demande de mettre à jour mon flash player voici l'adresse du lien ou ceci est renvoyé tout celà me semble suspect qu'en pensez vous? Ronan -
Infecté par Recycler.exe
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
Je ne vois que cette hypothèse, et au final j'ai peu de solution si ce n'est de faire intervenir une personne de l'informatique... bon il va falloir tout de même refaire tout le chemin , suivre pas à pas afin de re décontaminer toute ces clés Te remerciant grandement -
Infecté par Recycler.exe
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
Merci Pear C'est là ou je ne comprends pas bien, j'ai bien fait la desinfection comme décrit plus haut;chez moi plus de souci...jusqu'à ce que j'arrive sur le poste de mon travail, j'insere les clés et la directement détection, je rentre chez moi et effectivement tout est réactivé, je ne comprends pas bien peut être faut il que je n'utilise pas ces clés dans mon travail... -
Infecté par Recycler.exe
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
Lorsque je branche ma clé USB sur mon ordinateur au travail il m'indique également la présence de celà LNK_DORKBOT.SMI LNK_DORKBOT.SMI Malware type: Trojan Destructive: No Platform: Windows 2000, Windows XP, Windows Server 2003 Encrypted: No In the wild: Yes Overall Risk Rating: Low Damage Potential: Low Distribution Potential: Low Reported Infection: Low Overview This file is a component of WORM_DORKBOT malware family. It is a shortcut file that executes its malware component using cmd.exe. This Trojan may be dropped by other malware. Technical Details File size: Varies File type: LNK Memory resident: Yes Initial samples received date: 11 Nov 2011 Arrival Details This Trojan may be dropped by other malware. NOTES: This file is a component of WORM_DORKBOT malware family. It is a shortcut file that executes its malware component using CMD.EXE. Solution Minimum scan engine: 9.200 First VSAPI Pattern File: 8.566.11 First VSAPI Pattern Release Date: 11 Nov 2011 VSAPI OPR Pattern Version: 8.567.00 VSAPI OPR Pattern Release Date: 11 Nov 2011 Step 1 For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer. Step 2 Scan your computer with your Trend Micro product to delete files detected as LNK_DORKBOT.SMI. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information. Did this description help? Tell us how we did. Analysis By: Erika Bianca Mendoza -
Infecté par Recycler.exe
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
Elles étéaient bien branchées lors de la désinfection par USBfix , elles ont même été formatées mais ce virus revient toujours... -
Infecté par Recycler.exe
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
je suis bon pour tout reprendre jusqu'à cette étape chez moi...je vous tiens au courant -
Infecté par Recycler.exe
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
Désolé de n'avoir répondu mais là je suis au travail. Je viens d'essayer les clés dans ma machine au travail et rebelottes tous les recyclers sont de retour malgré le nettoyage intensif effectué depuis chez moi. Peut être est ce ici que je me choppes ces fichiers.... -
Infecté par Recycler.exe
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
pjjoint.malekal.com - Submit a file -
Infecté par Recycler.exe
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
C'est votre spécialité ou votre machine a un problème ? En l'occurrence ce n'est pas grave. Poursuivez. ça doit être les deux poursuivons . ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.8.5 (04.17.2013:1) OS: Windows 7 Home Premium x86 Ran by patty on 19/04/2013 at 15:08:17,16 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 19/04/2013 at 15:11:41,34 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -
Infecté par Recycler.exe
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
petite question hier j'ai également branche mon tel Android peut il y avoir également une transmission au tel? J'ai bien fait la suppression avec addzear comme demande ca m'a relance la machine mais je ne trouve pas le rapport. -
Infecté par Recycler.exe
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
# AdwCleaner v2.200 - Rapport créé le 19/04/2013 à 14:27:14 # Mis à jour le 02/04/2013 par Xplode # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (32 bits) # Nom d'utilisateur : patty - PATTY-PC # Mode de démarrage : Normal # Exécuté depuis : C:\Users\patynavigation\Desktop\adwcleaner.exe # Option [Recherche] ***** [services] ***** ***** [Fichiers / Dossiers] ***** Fichier Présent : C:\Users\patty\errorlog.tmp Fichier Présent : C:\Users\patty\scriptjava.html Fichier Présent : C:\Users\patynavigation\errorlog.tmp Fichier Présent : C:\Users\patynavigation\F_ajour.jar Fichier Présent : C:\Users\patynavigation\scriptjava.html ***** [Registre] ***** Clé Présente : HKCU\Software\FissaSearch Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B41306C6-96D0-442A-BCC4-B0F621E82CE9} Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\chat-land.org Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Clé Présente : HKU\S-1-5-21-3998488584-1651764560-2391298529-1000\Software\Microsoft\Internet Explorer\SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} Clé Présente : HKU\S-1-5-21-3998488584-1651764560-2391298529-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B41306C6-96D0-442A-BCC4-B0F621E82CE9} Clé Présente : HKU\S-1-5-21-3998488584-1651764560-2391298529-1003\Software\Microsoft\Internet Explorer\SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} Clé Présente : HKU\S-1-5-21-3998488584-1651764560-2391298529-1003\Software\Microsoft\Internet Explorer\SearchScopes\{B41306C6-96D0-442A-BCC4-B0F621E82CE9} Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.chat-land.org] ***** [Navigateurs] ***** -\\ Internet Explorer v10.0.9200.16537 [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Secondary_Page_URL] = hxxp://www.cherche.us [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page_bak] = hxxp://www.cherche.us [HKCU\Software\Microsoft\Internet Explorer\Main - SearchMigratedDefaultName] = cherche.us [HKCU\Software\Microsoft\Internet Explorer\Main - SearchMigratedDefaultURL] = hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7%3BLC%3A2200cc%3BBGC%3AFFFFFF%3BVLC%3A551a8b%3BGALT%3A008B45%3BFORID%3A10%3BDIV%3A%23FFFFF0%3B&q={searchTerms} [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - SearchAssistant] = hxxp://www.cherche.us -\\ Google Chrome v26.0.1410.64 Fichier : C:\Users\patty\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Le fichier ne contient aucune entrée illégitime. Fichier : C:\Users\patynavigation\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Le fichier ne contient aucune entrée illégitime. ************************* AdwCleaner[R1].txt - [3309 octets] - [19/04/2013 14:27:14] ########## EOF - \AdwCleaner[R1].txt - [3369 octets] ########## -
Infecté par Recycler.exe
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
pjjoint.malekal.com - Submit a file -
Infecté par Recycler.exe
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
effectivement c'est vraiment très long je vais faire tout ca une autre petite question c'est un ordinateur avec peu de port USB il y a donc d'autres clés potentiellement touches. j'imagine que j'effectue les même actions pour les autres? merci -
Infecté par Recycler.exe
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
Rapport de ZHPDiag v2013.4.18.101 par Nicolas Coolman, Update du 18/04/2013 Run by patty at 19/04/2013 13:03:15 State : WhiteList : Disable High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v10.0.9200.16540 (Defaut) GCIE: Google Chrome v26.0.1410.64 ---\\ Windows Product Information ~ Langage: Français Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows® 7, RETAIL channel Windows ID Activation : OK ~ Windows Partial Key : 84BBP Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection Windows Defender W7 ---\\ System Optimizer CCleaner v3.00 ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader 9.5.2 - Français ---\\ System Information ~ Processor: x86 Family 6 Model 14 Stepping 8, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1015 MB (17% free) System Restore: Activé (Enable) System drive C: has 42 GB (40%) free of 104 GB ---\\ Logged in mode ~ Computer Name: PATTY-PC ~ User Name: patty ~ All Users Names: patynavigation, patty, HomeGroupUser$, Administrateur, ~ Unselected Option: O45,O61 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\patty\AppData\Roaming\ ~ %Desktop% : C:\Users\patty\Desktop\ ~ %Favorites% : C:\Users\patty\Favorites\ ~ %LocalAppData% : C:\Users\patty\AppData\Local\ ~ %StartMenu% : C:\Users\patty\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 42 Go of 104 Go) D:\ CD-ROM drive (Not Inserted) E:\ Floppy drive, Flash card reader, USB Key (Free 1 Go of 1 Go) F:\ Floppy drive, Flash card reader, USB Key (Free 6 Go of 7 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.CFE0CEE587F9CEA4C29DEEC6D85FC91C] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/02/2013 - 11:30:16.) -- C:\Windows\System32\wininet.dll [1766912] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.9CDAEBE5160B9AF02AE17C62BDB6C4B5] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/03/2013 - 06:07:36.) -- C:\Windows\system32\Drivers\ntfs.sys [1212264] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 01s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/636 ~ Mes Favoris (My Favorites) : 1/62 ~ Mes Documents (My Documents) : 2/6 ~ Mon Bureau (My Desktop) : 1/2766 ~ Menu demarrer (Programs) : 1/27 ~ Hidden Files: Scanned in 00mn 08s ---\\ Processus lancés [MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.2772] [MD5.CD1102E5D340216138C7F56FA8D26998] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.2784] [MD5.B98FFA8288EFAABC436C30D198608345] - (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe [136600] [PID.2800] [MD5.87A33B074108C21E0FAB9D5C82963B8E] - (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files\Winamp\winampa.exe [74752] [PID.2896] [MD5.E5F1D2C7D51C816437BBE2306828BC4B] - (.Nuance Communications, Inc. - PaperPort Print to Desktop for NT.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984] [PID.3088] [MD5.9F0ACAA725CF5A391AF7E2067AE45746] - (.Nuance Communications, Inc. - PdfCreateHook Application.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe [636192] [PID.3112] [MD5.B63E5C7807334A3A8F731062F15462CC] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008] [PID.3160] [MD5.50FB420DEDF67926910E3B869BB243A1] - (.Brother Industries, Ltd. - ControlCenter Main Process.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe [331776] [PID.3184] [MD5.DDF441F9C40507D582A7D09AB46C6F98] - (.Brother Industries, Ltd. - ControlCenter UX System.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe [1196032] [PID.3432] [MD5.E84DA43E726D043CA2DEE71F01DB261A] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe [228448] [PID.3512] [MD5.E4F6125ED5185F8FA37CC4F449B85526] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [770608] [PID.5528] [MD5.A778E395D5481138169D233AAE92757A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6861312] [PID.3712] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\patty\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [user Data\Default] None G0 - GCSP: Preference [user Data\Default][HomePage] Google G0 - GCSP: Preference [user Data\Default] Google G2 - GCE: Preference [user Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Chrome Web Store v.0.1 () G2 - GCE: Preference [user Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.2 (Activé) G2 - GCE: Preference [user Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] YouTube v.4.2.5 (Activé) G2 - GCE: Preference [user Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Recherche Google v.0.0.0.19 (Activé) G2 - GCE: Preference [user Data\Default] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 (Activé) G2 - GCE: Preference [user Data\Default] [lifbcibllhkdhoafpjfnlhfpfgnpldfl] Skype Click to Call v.6.3.0.11079 (Désactivé) G2 - GCE: Preference [user Data\Default] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Désactivé) G2 - GCE: Preference [user Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activé) ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20125.0.) -- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (.Microsoft Corporation - The plug-in allows you to open and edit files using Microsoft Office a.) -- C:\Program Files\Microsoft Office\Office14\NPSPWRAP.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.5.2".) -- C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll ~ Firefox Browser: 7 Scanned in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Microsoft Corporation R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = CHERCHE | Search Web, Files, Amazon, Shopping, Youtube, Twitter, News R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.5.2".) (No version) -- (.not file.) R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0 ~ IE Browser: 12 Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Clé orpheline O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} . (.Zeon Corporation - PlusIEContextMenu.dll.) -- C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Skype Click to Call for Internet Explorer.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files\Microsoft Office\Office14\URLREDIR.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll ~ BHO: 8 Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] . (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [indexSearch] . (.Nuance Communications, Inc. - PaperPort IndexSearch.) -- C:\Program Files\Nuance\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [PaperPort PTD] . (.Nuance Communications, Inc. - PaperPort Print to Desktop for NT.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [PPort12reminder] . (.Nuance Communications, Inc. - Ereg.) -- C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe O4 - HKLM\..\Run: [PDFHook] . (.Nuance Communications, Inc. - PdfCreateHook Application.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe O4 - HKLM\..\Run: [PDF5 Registry Controller] . (.Nuance Communications, Inc. - PDF Converter Registry Controller.) -- C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe O4 - HKLM\..\Run: [ControlCenter4] . (.Brother Industries, Ltd. - ControlCenter Launcher.) -- C:\Program Files\ControlCenter4\BrCcBoot.exe O4 - HKLM\..\Run: [brStsMon00] . (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe O4 - HKLM\..\RunOnce: [*WerKernelReporting] . (.Microsoft Corporation - Rapports de problèmes Windows.) -- C:\Windows\System32\WerFault.exe O4 - HKCU\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.exe O4 - HKCU\..\Run: [iSUSPM] . (.Acresso Corporation - Acresso Software Manager.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe O4 - HKCU\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-3998488584-1651764560-2391298529-1003\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - HKUS\S-1-5-21-3998488584-1651764560-2391298529-1003\..\Run: [EPSON Stylus DX4400 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.exe O4 - HKUS\S-1-5-21-3998488584-1651764560-2391298529-1003\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe ~ Application: Scanned in 00mn 01s ---\\ Autres liens utilisateurs (O4) O4 - GS\TaskBar: Skype (2).lnk . (...) -- C:\Windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe (.not file.) O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\patynavigation\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL . (...) -- C:\Users\patynavigation\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL =>Hijacker.ChercheUS O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Microsoft Outlook.lnk . (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - GS\Desktop: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop: Microsoft Excel 2010.lnk . (...) -- C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe O4 - GS\Desktop: Microsoft PowerPoint 2010.lnk . (...) -- C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe O4 - GS\Desktop: Microsoft Word 2010.lnk . (...) -- C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - Global Startup: C:\Users\patty\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL . (...) -- C:\Users\patty\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL =>Hijacker.ChercheUS O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch: PDF Suite.lnk . (...) -- C:\Program Files\PDF Suite 2010\PDF Suite.exe (.not file.) O4 - GS\QuickLaunch: Winamp.lnk . (.Nullsoft, Inc. - Winamp.) -- C:\Program Files\Winamp\winamp.exe O4 - GS\Desktop: Ajuster le volume du système - Raccourci.lnk - Clé orpheline O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe ~ Global Startup: Scanned in 00mn 03s ---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5) O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no ~ IE Control Panel: 1 Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBttnIE.dll O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBTTN~1.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll ~ Winsock: 8 Scanned in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] *.chat-land.org =>Hijacker.ChercheUS ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{5E2CEE82-1EE5-4B8D-9FD9-0D99A8C9710B}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{B935E572-916D-4881-A425-5CDA9077C599}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{D9E80CAC-A051-4ABD-BB7B-C83E8B8F434C}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{B935E572-916D-4881-A425-5CDA9077C599}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\..\{D9E80CAC-A051-4ABD-BB7B-C83E8B8F434C}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{5E2CEE82-1EE5-4B8D-9FD9-0D99A8C9710B}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{B935E572-916D-4881-A425-5CDA9077C599}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{D9E80CAC-A051-4ABD-BB7B-C83E8B8F434C}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{B935E572-916D-4881-A425-5CDA9077C599}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS1\Services\Tcpip\..\{D9E80CAC-A051-4ABD-BB7B-C83E8B8F434C}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{5E2CEE82-1EE5-4B8D-9FD9-0D99A8C9710B}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{B935E572-916D-4881-A425-5CDA9077C599}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{D9E80CAC-A051-4ABD-BB7B-C83E8B8F434C}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{B935E572-916D-4881-A425-5CDA9077C599}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS2\Services\Tcpip\..\{D9E80CAC-A051-4ABD-BB7B-C83E8B8F434C}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ~ SSODL: 1 Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: NLS Service (nlsX86cc) . (.Nalpeiron Ltd. - This service enables products that use the.) - C:\Windows\system32\NLSSRV32.exe O23 - Service: PDFProFiltSrvPP (PDFProFiltSrvPP) . (.Nuance Communications, Inc. - PDFPro IFilter Service.) - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe O23 - Service: Skype C2C Service (Skype C2C Service) . (.Skype Technologies S.A. - Skype C2C Service.) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) . (.Syntek America Inc. - Syntek Hardware Snapshot Launch Application.) - C:\Windows\System32\StkCSrv.exe ~ Services: 6 Scanned in 00mn 05s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Desktop Component: 4 Scanned in 00mn 00s ---\\ BootExecute (O34) O34 - HKLM BootExecute: (autocheck autochk *) - File not found ~ BEX: 1 Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Adobe Flash Player Updater.job [1002] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1050] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1054] [MD5.EA856F4A46320389D1899B2CAA7BF40F] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [253656] [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [136176] [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [136176] [MD5.00000000000000000000000000000000] [APT] [{61E360E6-CA7F-43D2-BEBF-A375C93F375E}] (...) -- C:\Program Files\Alwil Software\Avast4\aswRundll.exe (.not file.) [0] [MD5.497F27E279C0F921E2130BB89C1CB5CA] [APT] [{8CF31AD1-D448-4C35-9026-5F571442B82A}] (.Skype Technologies S.A..) -- C:\Program Files\Skype\Phone\Skype.exe [18705664] [MD5.497F27E279C0F921E2130BB89C1CB5CA] [APT] [{FD66345F-46DB-4996-9902-535064FDEBA3}] (.Skype Technologies S.A..) -- C:\Program Files\Skype\Phone\Skype.exe [18705664] ~ Scheduled Task: 10 Scanned in 00mn 08s ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\Windows\System32\themeui.dll O40 - ASIC: Internet Explorer - {2D46B6DC-2207-486B-B523-A557E6D54B47} . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe O40 - ASIC: Microsoft Windows - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\Windows\System32\msieftp.dll O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll O40 - ASIC: Google Chrome - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\Windows\system32\Macromed\Flash\Flash32_11_6_602_180.ocx ~ Active Setup: 13 Scanned in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys ~ Drivers: 57 Scanned in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D} O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Adobe Reader 9.5.2 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A95000000001} O42 - Logiciel: AuthenTec TrueSuite - (.AuthenTec, Inc..) [HKLM] -- {E6C44758-FF49-47D1-8182-65E3818ACE23} O42 - Logiciel: Brother MFL-Pro Suite DCP-7055 - (.Brother Industries, Ltd..) [HKLM] -- {3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487} O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF} O42 - Logiciel: Détection de l'application Winamp - (.Nullsoft, Inc.) [HKCU] -- Winamp Detect O42 - Logiciel: EPSON Logiciel imprimante - (.SEIKO EPSON Corporation.) [HKLM] -- EPSON Printer and Utilities O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI O42 - Logiciel: Java 6 Update 11 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216011FF} O42 - Logiciel: Logiciel d'archivage WinRAR - (...) [HKLM] -- WinRAR archiver O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71} O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC} O42 - Logiciel: MSXML 4.0 SP3 Parser (KB2721691) - (.Microsoft Corporation.) [HKLM] -- {355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36} O42 - Logiciel: MSXML 4.0 SP3 Parser (KB2758694) - (.Microsoft Corporation.) [HKLM] -- {1D95BA90-F4F8-47EC-A882-441C99D30C1E} O42 - Logiciel: MSXML 4.0 SP3 Parser (KB973685) - (.Microsoft Corporation.) [HKLM] -- {859DFA95-E4A6-48CD-B88E-A3E483E89B44} O42 - Logiciel: MSXML 4.0 SP3 Parser - (.Microsoft Corporation.) [HKLM] -- {196467F1-C11F-4F76-858B-5812ADC83B94} O42 - Logiciel: Microsoft Antimalware Service FR-FR Language Pack - (.Microsoft Corporation.) [HKLM] -- {32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8} O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM] -- {390DD8BB-BB57-4942-A029-2D913E4E9D74} O42 - Logiciel: Microsoft Security Client FR-FR Language Pack - (.Microsoft Corporation.) [HKLM] -- {50779A29-834E-4E36-BBEB-B7CABC67A825} O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM] -- Microsoft Security Client O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} O42 - Logiciel: MyPDFConverter - (.Secure Digital Services.) [HKLM] -- {1D76557F-04F5-4CF9-AB20-6A621B0D52D7} O42 - Logiciel: Nuance PDF Viewer Plus - (.Nuance Communications, Inc.) [HKLM] -- {28656860-4728-433C-8AD4-D1A930437BC8} O42 - Logiciel: Nuance PaperPort 12 - (.Nuance Communications, Inc..) [HKLM] -- {6C0A559F-8583-4B5A-8B50-20BEE15D8E64} O42 - Logiciel: OGA Notifier 2.0.0048.0 - (.Microsoft Corporation.) [HKLM] -- {B2544A03-10D0-4E5E-BA69-0362FFC20D18} O42 - Logiciel: PaperPort Image Printer - (.Nuance Communications, Inc..) [HKLM] -- {6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B} O42 - Logiciel: Skype Click to Call - (.Skype Technologies S.A..) [HKLM] -- {B6CF2967-C81E-40C0-9815-C05774FEF120} O42 - Logiciel: Skype™ 6.1 - (.Skype Technologies S.A..) [HKLM] -- {4E76FF7E-AEBA-4C87-B788-CD47E5425B9D} O42 - Logiciel: USB2.0 350K WebCam - (.Bisont Electrocnics. Inc..) [HKLM] -- {4A57592C-FF92-4083-97A9-92783BD5AFB4} O42 - Logiciel: USB2.0 VGA WebCam - (...) [HKLM] -- USB2.0 VGA WebCam O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM] -- Winamp ~ Logic: 63 Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\ALWIL Software] [HKCU\Software\Adobe] [HKCU\Software\AppDataLow\Software\Yahoo] [HKCU\Software\AppDataLow] [HKCU\Software\Brother] [HKCU\Software\Classes] [HKCU\Software\EPSON] [HKCU\Software\FLEXnet] [HKCU\Software\FissaSearch] [HKCU\Software\Google] [HKCU\Software\Hewlett-Packard] [HKCU\Software\IM Providers] [HKCU\Software\InstallShield] [HKCU\Software\Intel] [HKCU\Software\JavaSoft] [HKCU\Software\Macromedia] [HKCU\Software\MozillaPlugins] [HKCU\Software\Netscape] [HKCU\Software\ODBC] [HKCU\Software\PDF Suite 2010] [HKCU\Software\Piriform] [HKCU\Software\Policies] [HKCU\Software\ScanSoft] [HKCU\Software\Skype] [HKCU\Software\Smart Soft] [HKCU\Software\VB and VBA Program Settings] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\Winamp] [HKCU\Software\YahooPartnerToolbar] [HKCU\Software\Yahoo] [HKCU\Software\ZebHelpProcess Helper] [HKCU\Software\Zeon] [HKLM\Software\ALWIL Software] [HKLM\Software\ATI Technologies] [HKLM\Software\Adobe] [HKLM\Software\AuthenTec] [HKLM\Software\BisonCam] [HKLM\Software\Bisont Electrocnics. Inc.] [HKLM\Software\Brother Industries, Ltd.] [HKLM\Software\Brother] [HKLM\Software\BrowserChoice] [HKLM\Software\CDDB] [HKLM\Software\CUSTPDF Writer] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\EPSON] [HKLM\Software\GPL Ghostscript] [HKLM\Software\Google] [HKLM\Software\Hewlett-Packard] [HKLM\Software\Huawei technologies] [HKLM\Software\ICE] [HKLM\Software\IM Providers] [HKLM\Software\InstallShield] [HKLM\Software\Intel] [HKLM\Software\Investintech.com Inc.] [HKLM\Software\JavaSoft] [HKLM\Software\LG Electronics] [HKLM\Software\Macromedia] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\Nalpeiron] [HKLM\Software\Nuance] [HKLM\Software\Nullsoft] [HKLM\Software\ODBC] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\RegisteredApplications] [HKLM\Software\ScanSoft] [HKLM\Software\SecureDigitalServices] [HKLM\Software\Skype] [HKLM\Software\Sonic] [HKLM\Software\TrueSuite] [HKLM\Software\Visioneer] [HKLM\Software\Volatile] [HKLM\Software\WebCam] [HKLM\Software\WinRAR] [HKLM\Software\Windows] [HKLM\Software\Yahoo] [HKLM\Software\ZEON] [HKLM\Software\mozilla.org] [HKLM\Software\mypdfconverter] ~ Key Software: 110 Scanned in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 11/10/2010 - 06:45:07 - [109,781] ----D C:\Program Files\Adobe O43 - CFD: 31/10/2009 - 23:35:24 - [0] ----D C:\Program Files\Alwil Software O43 - CFD: 05/04/2010 - 11:38:26 - [0,036] ----D C:\Program Files\Banda Ancha Movil O43 - CFD: 02/07/2011 - 16:17:25 - [2,023] ----D C:\Program Files\Brother O43 - CFD: 02/07/2011 - 16:17:47 - [14,317] ----D C:\Program Files\Browny02 O43 - CFD: 08/11/2010 - 14:19:15 - [3,058] ----D C:\Program Files\CCleaner O43 - CFD: 27/02/2013 - 14:36:01 - [360,728] ----D C:\Program Files\Common Files O43 - CFD: 02/07/2011 - 16:17:43 - [61,283] ----D C:\Program Files\ControlCenter4 O43 - CFD: 30/04/2011 - 22:12:22 - [79,371] ----D C:\Program Files\DVD Maker O43 - CFD: 31/10/2009 - 20:33:18 - [0] ----D C:\Program Files\Fichiers communs O43 - CFD: 14/07/2011 - 22:33:15 - [367,397] ----D C:\Program Files\Google O43 - CFD: 26/11/2010 - 23:24:30 - [7,701] ----D C:\Program Files\GPLGS O43 - CFD: 29/08/2010 - 18:16:23 - [9,377] ----D C:\Program Files\HP O43 - CFD: 02/07/2011 - 16:16:27 - [16,410] --H-D C:\Program Files\InstallShield Installation Information O43 - CFD: 11/04/2013 - 07:31:29 - [5,379] ----D C:\Program Files\Internet Explorer O43 - CFD: 05/06/2010 - 00:54:52 - [82,470] ----D C:\Program Files\Java O43 - CFD: 04/05/2010 - 20:18:52 - [0] ----D C:\Program Files\LG Electronics O43 - CFD: 17/08/2010 - 18:50:34 - [38,002] ----D C:\Program Files\Microsoft Analysis Services O43 - CFD: 14/07/2009 - 11:00:58 - [140,966] ----D C:\Program Files\Microsoft Games O43 - CFD: 17/08/2010 - 18:56:47 - [879,132] ----D C:\Program Files\Microsoft Office O43 - CFD: 27/02/2013 - 14:55:11 - [22,263] ----D C:\Program Files\Microsoft Security Client O43 - CFD: 16/03/2013 - 14:32:36 - [40,835] ----D C:\Program Files\Microsoft Silverlight O43 - CFD: 26/08/2010 - 14:22:02 - [7,789] ----D C:\Program Files\Microsoft.NET O43 - CFD: 14/07/2009 - 06:52:30 - [0,025] ----D C:\Program Files\MSBuild O43 - CFD: 04/05/2010 - 18:08:09 - [38,094] ----D C:\Program Files\MSECache O43 - CFD: 02/07/2011 - 16:07:32 - [0,147] ----D C:\Program Files\MSXML 4.0 O43 - CFD: 26/11/2010 - 23:24:21 - [11,266] ----D C:\Program Files\MyPDFConverter O43 - CFD: 02/07/2011 - 16:15:16 - [226,312] ----D C:\Program Files\Nuance O43 - CFD: 14/07/2009 - 06:52:30 - [37,357] ----D C:\Program Files\Reference Assemblies O43 - CFD: 27/02/2013 - 14:36:01 - [38,336] R---D C:\Program Files\Skype O43 - CFD: 06/05/2010 - 11:10:58 - [6,536] ----D C:\Program Files\TrueSuite O43 - CFD: 14/07/2009 - 06:53:23 - [0] --H-D C:\Program Files\Uninstall Information O43 - CFD: 19/12/2010 - 13:45:06 - [36,558] ----D C:\Program Files\Winamp O43 - CFD: 19/12/2010 - 13:40:05 - [0,148] ----D C:\Program Files\Winamp Detect O43 - CFD: 30/04/2011 - 22:12:17 - [2,909] ----D C:\Program Files\Windows Defender O43 - CFD: 12/05/2012 - 20:07:34 - [6,689] ----D C:\Program Files\Windows Journal O43 - CFD: 06/04/2012 - 12:19:27 - [59,478] ----D C:\Program Files\Windows Live O43 - CFD: 30/04/2011 - 22:12:22 - [5,895] ----D C:\Program Files\Windows Mail O43 - CFD: 30/04/2011 - 22:12:21 - [6,298] ----D C:\Program Files\Windows Media Player O43 - CFD: 31/10/2009 - 20:33:18 - [11,632] ----D C:\Program Files\Windows NT O43 - CFD: 30/04/2011 - 22:12:20 - [4,213] ----D C:\Program Files\Windows Photo Viewer O43 - CFD: 30/04/2011 - 22:12:21 - [0,181] ----D C:\Program Files\Windows Portable Devices O43 - CFD: 30/04/2011 - 22:12:22 - [6,374] ----D C:\Program Files\Windows Sidebar O43 - CFD: 05/11/2009 - 10:19:04 - [3,740] ----D C:\Program Files\WinRAR O43 - CFD: 11/08/2010 - 23:53:03 - [0] ----D C:\Program Files\Yahoo! O43 - CFD: 19/04/2013 - 13:03:46 - [16,273] ----D C:\Program Files\ZHPDiag O43 - CFD: 26/01/2012 - 20:44:42 - [6,244] ----D C:\Program Files\Common Files\Adobe O43 - CFD: 17/08/2010 - 18:57:32 - [0,095] ----D C:\Program Files\Common Files\DESIGNER O43 - CFD: 09/08/2010 - 12:08:02 - [0,164] ----D C:\Program Files\Common Files\Hewlett-Packard O43 - CFD: 02/07/2011 - 16:09:03 - [4,799] ----D C:\Program Files\Common Files\InstallShield O43 - CFD: 12/08/2011 - 10:27:32 - [283,817] ----D C:\Program Files\Common Files\microsoft shared O43 - CFD: 19/12/2010 - 13:39:36 - [3,974] ----D C:\Program Files\Common Files\PX Storage Engine O43 - CFD: 02/07/2011 - 16:10:20 - [3,322] ----D C:\Program Files\Common Files\ScanSoft Shared O43 - CFD: 14/07/2009 - 04:37:05 - [0,003] ----D C:\Program Files\Common Files\Services O43 - CFD: 27/02/2013 - 14:36:01 - [2,056] ----D C:\Program Files\Common Files\Skype O43 - CFD: 14/07/2009 - 04:37:05 - [39,200] ----D C:\Program Files\Common Files\SpeechEngines O43 - CFD: 16/11/2012 - 21:35:14 - [17,054] ----D C:\Program Files\Common Files\System O43 - CFD: 14/05/2010 - 20:13:53 - [0] ----D C:\Program Files\Common Files\Windows Live O43 - CFD: 26/01/2012 - 20:44:46 - [231,900] ----D C:\ProgramData\Adobe O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Application Data O43 - CFD: 02/07/2011 - 16:06:02 - [0,043] ----D C:\ProgramData\Brother O43 - CFD: 31/10/2009 - 20:33:17 - [0] --H-D C:\ProgramData\Bureau O43 - CFD: 02/07/2011 - 16:17:43 - [0,000] ----D C:\ProgramData\ControlCenter4 O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Desktop O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Documents O43 - CFD: 06/05/2010 - 11:10:42 - [13,234] ----D C:\ProgramData\Downloaded Installations O43 - CFD: 03/11/2009 - 23:10:09 - [0,461] ----D C:\ProgramData\EPSON O43 - CFD: 31/10/2009 - 20:33:17 - [0] --H-D C:\ProgramData\Favoris O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Favorites O43 - CFD: 02/07/2011 - 16:09:59 - [3,807] ----D C:\ProgramData\FLEXnet O43 - CFD: 29/08/2010 - 18:08:18 - [4,061] ----D C:\ProgramData\HP O43 - CFD: 31/10/2009 - 20:33:17 - [0] --H-D C:\ProgramData\Menu Démarrer O43 - CFD: 26/01/2011 - 19:22:31 - [629,743] -S--D C:\ProgramData\Microsoft O43 - CFD: 10/04/2013 - 23:29:29 - [0,059] ----D C:\ProgramData\Microsoft Help O43 - CFD: 31/10/2009 - 20:33:18 - [0] --H-D C:\ProgramData\Modèles O43 - CFD: 04/01/2010 - 19:59:08 - [0,058] ----D C:\ProgramData\MSScanAppDataDir O43 - CFD: 26/11/2010 - 23:13:51 - [0] ----D C:\ProgramData\Nitro PDF O43 - CFD: 02/07/2011 - 16:29:23 - [6,809] ----D C:\ProgramData\Nuance O43 - CFD: 27/03/2010 - 15:21:03 - [0,001] ----D C:\ProgramData\Office Genuine Advantage O43 - CFD: 02/07/2011 - 16:11:34 - [0,169] ----D C:\ProgramData\ScanSoft O43 - CFD: 27/02/2013 - 14:36:10 - [116,991] ----D C:\ProgramData\Skype O43 - CFD: 26/11/2010 - 23:05:06 - [5,566] ----D C:\ProgramData\Smart Soft O43 - CFD: 14/02/2010 - 16:29:56 - [0,000] ----D C:\ProgramData\SSScanAppDataDir O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Start Menu O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Templates O43 - CFD: 06/05/2010 - 11:11:01 - [0] ----D C:\ProgramData\TrueSuite O43 - CFD: 02/07/2011 - 16:14:06 - [0,045] ----D C:\ProgramData\zeon O43 - CFD: 08/11/2009 - 01:24:51 - [0,218] ----D C:\Users\patty\AppData\Roaming\Adobe O43 - CFD: 20/07/2011 - 14:48:15 - [0,008] ----D C:\Users\patty\AppData\Roaming\ControlCenter4 O43 - CFD: 20/07/2011 - 14:47:48 - [0,001] ----D C:\Users\patty\AppData\Roaming\FLEXnet O43 - CFD: 31/10/2009 - 20:33:50 - [0] ----D C:\Users\patty\AppData\Roaming\Identities O43 - CFD: 09/11/2009 - 19:51:41 - [0] ----D C:\Users\patty\AppData\Roaming\InstallShield O43 - CFD: 23/12/2009 - 16:37:20 - [0] ----D C:\Users\patty\AppData\Roaming\LG Electronics O43 - CFD: 08/11/2009 - 01:24:51 - [0,003] ----D C:\Users\patty\AppData\Roaming\Macromedia O43 - CFD: 14/07/2009 - 11:00:22 - [0] ----D C:\Users\patty\AppData\Roaming\Media Center Programs O43 - CFD: 22/08/2010 - 11:06:07 - [23,871] -S--D C:\Users\patty\AppData\Roaming\Microsoft O43 - CFD: 02/07/2011 - 16:11:37 - [0] ----D C:\Users\patty\AppData\Roaming\Nuance O43 - CFD: 26/11/2010 - 23:43:24 - [0,007] ----D C:\Users\patty\AppData\Roaming\PDF Software O43 - CFD: 16/11/2012 - 15:24:52 - [10,098] ----D C:\Users\patty\AppData\Roaming\Skype O43 - CFD: 16/07/2010 - 14:55:17 - [0,071] ----D C:\Users\patty\AppData\Roaming\skypePM O43 - CFD: 31/03/2011 - 20:20:43 - [0,097] ----D C:\Users\patty\AppData\Roaming\Winamp O43 - CFD: 05/11/2009 - 10:19:40 - [0,000] ----D C:\Users\patty\AppData\Roaming\WinRAR O43 - CFD: 09/08/2010 - 12:12:35 - [0] ----D C:\Users\patty\AppData\Roaming\Yahoo! O43 - CFD: 26/01/2012 - 20:43:48 - [5,702] ----D C:\Users\patty\AppData\Local\Adobe O43 - CFD: 31/10/2009 - 20:33:33 - [0] ----D C:\Users\patty\AppData\Local\Application Data O43 - CFD: 28/03/2010 - 02:00:34 - [0] ----D C:\Users\patty\AppData\Local\Diagnostics O43 - CFD: 08/03/2011 - 19:55:48 - [0,245] ----D C:\Users\patty\AppData\Local\ElevatedDiagnostics O43 - CFD: 19/04/2013 - 12:10:56 - [20,501] ----D C:\Users\patty\AppData\Local\Google O43 - CFD: 31/10/2009 - 20:33:33 - [0] ----D C:\Users\patty\AppData\Local\Historique O43 - CFD: 22/08/2010 - 10:43:35 - [0] ----D C:\Users\patty\AppData\Local\HP O43 - CFD: 14/05/2010 - 20:19:43 - [823,820] ----D C:\Users\patty\AppData\Local\Microsoft O43 - CFD: 26/12/2009 - 00:38:48 - [1,082] ----D C:\Users\patty\AppData\Local\Microsoft Games O43 - CFD: 22/08/2010 - 11:06:06 - [0,069] ----D C:\Users\patty\AppData\Local\Microsoft Help O43 - CFD: 19/04/2013 - 12:59:50 - [112,554] ----D C:\Users\patty\AppData\Local\Temp O43 - CFD: 31/10/2009 - 20:33:33 - [0] ----D C:\Users\patty\AppData\Local\Temporary Internet Files O43 - CFD: 31/10/2009 - 20:33:39 - [0] ----D C:\Users\patty\AppData\Local\VirtualStore O43 - CFD: 25/11/2010 - 18:23:13 - [0] ----D C:\Users\patty\AppData\Local\Windows Live O43 - CFD: 14/07/2009 - 06:42:04 - [0,014] R---D C:\Users\patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 09/09/2012 - 13:58:19 - [0,000] R---D C:\Users\patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 19/12/2010 - 13:40:05 - [0,001] ----D C:\Users\patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Détection de l'application Winamp O43 - CFD: 14/07/2009 - 06:37:42 - [0,001] R---D C:\Users\patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 09/09/2012 - 13:58:19 - [0,000] R---D C:\Users\patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 05/11/2009 - 10:19:04 - [0,003] ----D C:\Users\patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR ~ Program Folder: 123 Scanned in 00mn 22s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.B56F5185CCF3180C3B8C96293670E5E7] - 19/04/2013 - 11:32:26 ---A- . (...) -- C:\Windows\WindowsUpdate.log [2069412] O44 - LFC:[MD5.F9EBC85C2AF484EE2CDF6443992C9D40] - 19/04/2013 - 11:20:04 ---A- . (...) -- C:\Windows\setupact.log [74934] O44 - LFC:[MD5.C225BAED9ECFCB00ED4552D161C83FBB] - 19/04/2013 - 11:20:00 -S-A- . (...) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.61B8F6232020546EE9A392DB8FB8395B] - 19/04/2013 - 11:04:03 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1549936] O44 - LFC:[MD5.22426C0D1833B041609910BC9BCE39DD] - 19/04/2013 - 11:04:03 ---A- . (...) -- C:\Windows\System32\perfc009.dat [106622] O44 - LFC:[MD5.F255EEC1D4015ABDD767DC4086F5FB9B] - 19/04/2013 - 11:04:03 ---A- . (...) -- C:\Windows\System32\perfc00C.dat [130988] O44 - LFC:[MD5.A29E356442B8F357395DC29672802E74] - 19/04/2013 - 11:04:03 ---A- . (...) -- C:\Windows\System32\perfh009.dat [616242] O44 - LFC:[MD5.82E816C52C9681F804BD0A5A7010AB96] - 19/04/2013 - 11:04:03 ---A- . (...) -- C:\Windows\System32\perfh00C.dat [704714] O44 - LFC:[MD5.60F0327DAF56A79288A832FCADA098F4] - 11/04/2013 - 06:33:33 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [409984] O44 - LFC:[MD5.3275F17533CB1599841AAABA3C8D3E8E] - 10/04/2013 - 22:28:15 ---A- . (.Microsoft Corporation - Microsoft® MSHTML Typelib.) -- C:\Windows\System32\mshtml.tlb [2706432] O44 - LFC:[MD5.6EF6B6EACCA13DD6131624E0DD5C14A3] - 10/04/2013 - 22:28:14 ---A- . (.Microsoft Corporation - Microsoft ® JScript.) -- C:\Windows\System32\jscript.dll [690688] O44 - LFC:[MD5.9B59687619B27CDA24638CDC3AF079FB] - 10/04/2013 - 22:28:13 ---A- . (.Microsoft Corporation - Microsoft ® JScript.) -- C:\Windows\System32\jscript9.dll [2877440] O44 - LFC:[MD5.BFDD0C5F3E435596F197F003609989C4] - 10/04/2013 - 22:28:12 ---A- . (.Microsoft Corporation - IOD Version Map.) -- C:\Windows\System32\iesetup.dll [61440] O44 - LFC:[MD5.87B775A458A73BB7381E5B67B5652496] - 10/04/2013 - 22:28:12 ---A- . (.Microsoft Corporation - JScript Proxy Auto-Configuration.) -- C:\Windows\System32\jsproxy.dll [39424] O44 - LFC:[MD5.90F785F7594E3AF23D4392677042BE9A] - 10/04/2013 - 22:28:11 ---A- . (.Microsoft Corporation - Moteur de l’interface utilisateur d’Interne.) -- C:\Windows\System32\ieui.dll [391168] O44 - LFC:[MD5.B5D742C535D37A7DA0649E03B32CAD80] - 10/04/2013 - 22:28:10 ---A- . (.Microsoft Corporation - Microsoft Feeds Manager.) -- C:\Windows\System32\msfeeds.dll [493056] O44 - LFC:[MD5.1B6A7D965462BE6220727721A4CDB247] - 10/04/2013 - 22:28:10 ---A- . (.Microsoft Corporation - Registers custom PKEYs for IE.) -- C:\Windows\System32\RegisterIEPKEYs.exe [71680] O44 - LFC:[MD5.3FA7F736B877B46EDF1EE6BE6051848D] - 10/04/2013 - 22:28:10 ---A- . (.Microsoft Corporation - Traitement de RunOnce complet avec interfac.) -- C:\Windows\System32\iernonce.dll [33280] O44 - LFC:[MD5.F532B056147F251D480F7E5FF0758947] - 10/04/2013 - 22:28:10 ---A- . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Expl.) -- C:\Windows\System32\ie4uinit.exe [42496] O44 - LFC:[MD5.69CB1A65B835EE6ADF9E16ED6D443072] - 10/04/2013 - 22:28:09 ---A- . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll [1129984] O44 - LFC:[MD5.A7CFDA703AF9AD409DAA521487E0CB53] - 10/04/2013 - 22:28:09 ---A- . (.Microsoft Corporation - IE Sysprep Provider.) -- C:\Windows\System32\iesysprep.dll [109056] O44 - LFC:[MD5.B5DEC0D4CBBC333CA99FE10B06D4747E] - 10/04/2013 - 22:28:08 ---A- . (.Microsoft Corporation - Run time utility for Internet Explorer.) -- C:\Windows\System32\iertutil.dll [2046464] O44 - LFC:[MD5.CFE0CEE587F9CEA4C29DEEC6D85FC91C] - 10/04/2013 - 22:28:06 ---A- . (.Microsoft Corporation - Extensions Internet pour Win32.) -- C:\Windows\System32\wininet.dll [1766912] O44 - LFC:[MD5.0B6118058942961D504AAEA04FECB116] - 10/04/2013 - 22:28:02 ---A- . (.Microsoft Corporation - Navigateur Internet.) -- C:\Windows\System32\ieframe.dll [13761024] O44 - LFC:[MD5.D017BF8D92938EEB9B3A1D1C53FDA152] - 10/04/2013 - 22:28:00 ---A- . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll [14323200] O44 - LFC:[MD5.6E4916DC5BA0697C28915DA5261FF250] - 10/04/2013 - 22:24:12 ---A- . (.Microsoft Corporation - Outil de suppression de logiciels malveilla.) -- C:\Windows\System32\MRT.exe [70490256] O44 - LFC:[MD5.6FCC2090F055F5C96236DCD057DD705D] - 10/04/2013 - 17:32:16 ---A- . (.Microsoft Corporation - Pilote Win32 multi-utilisateurs.) -- C:\Windows\System32\win32k.sys [2347008] O44 - LFC:[MD5.E306A24D9694C724FA2491278BF50FDB] - 10/04/2013 - 17:32:13 ---A- . (.Microsoft Corporation - BitLocker Drive Encryption Driver.) -- C:\Windows\System32\Drivers\fvevol.sys [196328] O44 - LFC:[MD5.2DFAB8C3C394E95D262E1325BDA5DFE4] - 10/04/2013 - 17:32:11 ---A- . (.Microsoft Corporation - NT Kernel & System.) -- C:\Windows\System32\ntoskrnl.exe [3913560] O44 - LFC:[MD5.88355CFE81D381F93C74716DAA803587] - 10/04/2013 - 17:32:10 ---A- . (.Microsoft Corporation - NT Kernel & System.) -- C:\Windows\System32\ntkrnlpa.exe [3968856] O44 - LFC:[MD5.DE91DCC7BC55E940979097E98F743205] - 10/04/2013 - 17:32:09 ---A- . (.Microsoft Corporation - Gestionnaire de sessions Windows.) -- C:\Windows\System32\smss.exe [69632] O44 - LFC:[MD5.23AB7E36551C6BA5370EF7F05142F0EB] - 10/04/2013 - 17:32:09 ---A- . (.Microsoft Corporation - Processus d'exécution client-serveur.) -- C:\Windows\System32\csrsrv.dll [38912] O44 - LFC:[MD5.9CDAEBE5160B9AF02AE17C62BDB6C4B5] - 10/04/2013 - 17:31:44 ---A- . (.Microsoft Corporation - Pilote du système de fichiers NT.) -- C:\Windows\System32\Drivers\ntfs.sys [1212264] ~ Files: 33 Scanned in 00mn 18s ---\\ Déni du service (Local Security Authority) (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\livessp.dll ~ LSA: 9 Scanned in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys ~ CSB: 13 Scanned in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{15aacc5f-38f2-11df-b718-001a92792371}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm ~ TDSD: 3 Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\msnmsgr [Key] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O53 - SMSR:HKLM\...\startupreg\Skype [Key] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe ~ SMSR Keys: 2 Scanned in 00mn 00s ---\\ Microsoft Control Security Providers (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll ~ MSCP: 2 Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0 O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Scanned in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=3 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=3 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=0 ~ MWPE Keys: 4 Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 25/04/2011 - C:\Windows\system32\drivers\afd.sys (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\Beep.sys (Beep) .(.Microsoft Corporation - BEEP Driver.) - LEGACY_BEEP O64 - Services: CurCS - 04/07/2012 - C:\Windows\system32\browser.dll (bowser) .(.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) - LEGACY_BOWSER O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\cdfs.sys (cdfs) .(.Microsoft Corporation - CD-ROM File System Driver.) - LEGACY_CDFS O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\clfs.sys (CLFS) .(.Microsoft Corporation - Common Log File System Driver.) - LEGACY_CLFS O64 - Services: CurCS - 24/08/2012 - C:\Windows\System32\Drivers\cng.sys (CNG) .(.Microsoft Corporation - Kernel Cryptography, Next Generation.) - LEGACY_CNG O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\dfsc.sys (DfsC) .(.Microsoft Corporation - DFS Namespace Client Driver.) - LEGACY_DFSC O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\discache.sys (discache) .(.Microsoft Corporation - System Indexer/Cache Driver.) - LEGACY_DISCACHE O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\dxgkrnl.sys (DXGKrnl) .(.Microsoft Corporation - DirectX Graphics Kernel.) - LEGACY_DXGKRNL O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\fastfat.sys (fastfat) .(.Microsoft Corporation - Fast FAT File System Driver.) - LEGACY_FASTFAT O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\fileinfo.sys (FileInfo) .(.Microsoft Corporation - FileInfo Filter Driver.) - LEGACY_FILEINFO O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\fltmgr.sys (FltMgr) .(.Microsoft Corporation - Gestionnaire de filtres de système de fichi.) - LEGACY_FLTMGR O64 - Services: CurCS - 24/01/2013 - C:\Windows\system32\drivers\fvevol.sys (fvevol) .(.Microsoft Corporation - BitLocker Drive Encryption Driver.) - LEGACY_FVEVOL O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\http.sys (HTTP) .(.Microsoft Corporation - HTTP Pile du protocole.) - LEGACY_HTTP O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\hwpolicy.sys (hwpolicy) .(.Microsoft Corporation - Hardware Policy Driver.) - LEGACY_HWPOLICY O64 - Services: CurCS - 02/06/2012 - C:\Windows\System32\Drivers\ksecdd.sys (KSecDD) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECDD O64 - Services: CurCS - 24/08/2012 - C:\Windows\System32\Drivers\ksecpkg.sys (KSecPkg) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECPKG O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\lltdio.sys (lltdio) .(.Microsoft Corporation - Link-Layer Topology Mapper I/O Driver.) - LEGACY_LLTDIO O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\luafv.sys (luafv) .(.Microsoft Corporation - Pilote de filtre de virtualisation de fichi.) - LEGACY_LUAFV O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\mountmgr.sys (mountmgr) .(.Microsoft Corporation - Gestionnaire des points de montage.) - LEGACY_MOUNTMGR O64 - Services: CurCS - 20/01/2013 - C:\Windows\System32\DRIVERS\MpFilter.sys (MpFilter) .(.Microsoft Corporation - Microsoft antimalware file system filter dr.) - LEGACY_MPFILTER O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\FirewallAPI.dll (mpsdrv) .(.Microsoft Corporation - API du Pare-feu Windows.) - LEGACY_MPSDRV O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\webclnt.dll (MRxDAV) .(.Microsoft Corporation - Fichier DLL du service DAV pour le Web.) - LEGACY_MRXDAV O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb10) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB10 O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb20) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB20 O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\msisadrv.sys (msisadrv) .(.Microsoft Corporation - ISA Driver.) - LEGACY_MSISADRV O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\mup.sys (Mup) .(.Microsoft Corporation - Multiple UNC Provider Driver.) - LEGACY_MUP O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\nwifi.sys (NativeWifiP) .(.Microsoft Corporation - Pilote de miniport WiFi natif.) - LEGACY_NATIVEWIFIP O64 - Services: CurCS - 22/08/2012 - C:\Windows\system32\drivers\ndis.sys (NDIS) .(.Microsoft Corporation - Pilote NDIS 6.20.) - LEGACY_NDIS O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\DRIVERS\ndisuio.sys (Ndisuio) .(.Microsoft Corporation - Pilote d’E/S du mode utilisateur NDIS.) - LEGACY_NDISUIO O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\netbios.sys (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\netbt.sys (NetBT) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT O64 - Services: CurCS - 20/01/2013 - C:\Windows\System32\DRIVERS\NisDrvWFP.sys (NisDrv) .(.Microsoft Corporation - Microsoft Network Realtime Inspection Drive.) - LEGACY_NISDRV O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) .(.Microsoft Corporation - NSI Proxy.) - LEGACY_NSIPROXY O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\pcw.sys (pcw) .(.Microsoft Corporation - Performance Counters for Windows Driver.) - LEGACY_PCW O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\peauth.sys (PEAUTH) .(.Microsoft Corporation - Protected Environment Authentication and Au.) - LEGACY_PEAUTH O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\pacer.sys (Psched) .(.Microsoft Corporation - Planificateur de paquets QoS.) - LEGACY_PSCHED O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (rdbss) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_RDBSS O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) .(.Microsoft Corporation - RDP Encoder Miniport.) - LEGACY_RDPENCDD O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) .(.Microsoft Corporation - RDP Reflector Driver Miniport.) - LEGACY_RDPREFMP O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\rspndr.sys (rspndr) .(.Microsoft Corporation - Link-Layer Topology Responder Driver for ND.) - LEGACY_RSPNDR O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\spldr.sys (spldr) .(.Microsoft Corporation - loader for security processor.) - LEGACY_SPLDR O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\srvsvc.dll (srv) .(.Microsoft Corporation - DLL du service Serveur.) - LEGACY_SRV O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\srvsvc.dll (srv2) .(.Microsoft Corporation - DLL du service Serveur.) - LEGACY_SRV2 O64 - Services: CurCS - 29/04/2011 - C:\Windows\System32\DRIVERS\srvnet.sys (srvnet) .(.Microsoft Corporation - Server Network driver.) - LEGACY_SRVNET O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\tcpipcfg.dll (Tcpip) .(.Microsoft Corporation - Objets de configuration du réseau.) - LEGACY_TCPIP O64 - Services: CurCS - 03/10/2012 - C:\Windows\System32\drivers\tcpipreg.sys (tcpipreg) .(.Microsoft Corporation - TCP/IP Registry Compatibility Driver.) - LEGACY_TCPIPREG O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\tcpipcfg.dll (tdx) .(.Microsoft Corporation - Objets de configuration du réseau.) - LEGACY_TDX O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\DRIVERS\udfs.sys (udfs) .(.Microsoft Corporation - UDF File System Driver.) - LEGACY_UDFS O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\vga.sys (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\volmgrx.sys (volmgrx) .(.Microsoft Corporation - Pilote d’extension du gestionnaire de volum.) - LEGACY_VOLMGRX O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\drivers\volsnap.sys (volsnap) .(.Microsoft Corporation - Pilote de cliché instantané du volume.) - LEGACY_VOLSNAP O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\rascfg.dll (Wanarpv6) .(.Microsoft Corporation - Objets de configuration RAS.) - LEGACY_WANARPV6 O64 - Services: CurCS - 26/07/2012 - C:\Windows\System32\drivers\Wdf01000.sys (Wdf01000) .(.Microsoft Corporation - Runtime de l’infrastructure de pilotes en m.) - LEGACY_WDF01000 O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\wfplwf.sys (WfpLwf) .(.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - LEGACY_WFPLWF O64 - Services: CurCS - 26/07/2012 - C:\Windows\System32\drivers\WudfPf.sys (WudfPf) .(.Microsoft Corporation - Windows Driver Foundation - User-mode Drive.) - LEGACY_WUDFPF ~ Legacy: 365 Scanned in 01mn 01s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe ~ FASS Keys: 18 Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (Bing) - Bing O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - Bing O69 - SBI: SearchScopes [HKCU] {557C21FE-7274-410D-853E-9ED4471BF193} - (cherche.us) - http O69 - SBI: SearchScopes [HKCU] {b41306c6-96d0-442a-bcc4-b0f621e82ce9} - (Fissa) - Fissa search ~ Keys: Scanned in 00mn 00s ---\\ Recherche des services démarrés par Svchost (O83) O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\System32\aelupsvc.dll [62464] O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [67584] O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [67584] O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\System32\srvsvc.dll [168960] O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\System32\gpsvc.dll [593408] O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\System32\ikeext.dll [674304] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\System32\Audiosrv.dll [473600] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\System32\rasauto.dll [90624] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d’accès distant.) -- C:\Windows\System32\rasmans.dll [286208] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\System32\mprdim.dll [75264] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\System32\sens.dll [49664] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l’application d’assistance à Microsoft NAT.) -- C:\Windows\System32\ipnathlp.dll [300544] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows.) -- C:\Windows\System32\tapisrv.dll [242176] O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes du serveur hôte de session Burea.) -- C:\Windows\System32\termsrv.dll [521216] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\System32\wuaueng.dll [1933848] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\System32\qmgr.dll [585728] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\System32\shsvcs.dll [328192] O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\System32\iphlpsvc.dll [499712] O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d’ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [21504] O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\System32\appinfo.dll [47104] O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\System32\iscsiexe.dll [114688] O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\System32\mmcss.dll [49664] O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\System32\wercplsupport.dll [61440] O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\System32\eapsvc.dll [98304] O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [164352] O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\System32\schedsvc.dll [750592] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\System32\kmsvc.dll [71168] O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\System32\sessenv.dll [113664] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [168960] O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\System32\browser.dll [102912] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\System32\themeservice.dll [37376] O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\System32\bdesvc.dll [76800] ~ Services: 32 Scanned in 00mn 01s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.2204D65BAD86FF3447EBEDCCE176148A] [sPRF][05/04/2010] (...) -- C:\ProgramData\ezsidmv.dat [56] [MD5.77D31FB654A53DBFB151C7A8E11E3A02] [sPRF][17/07/2009] (.Adobe Systems Incorporated - Adobe® Flash® Player ActiveX Installer.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [1962160] ~ Files: Scanned in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "SNMPTRAP-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Interruption SNMP.) -- C:\Windows\system32\snmptrap.exe O87 - FAEL: "SNMPTRAP-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Interruption SNMP.) -- C:\Windows\system32\snmptrap.exe O87 - FAEL: "WMP-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "WMP-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "WMP-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "WMPNSS-QWave-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-QWave-Out-UDP-NoScope" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-QWave-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-QWave-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-WMP-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "WMPNSS-WMP-Out-UDP-NoScope" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "WMPNSS-WMP-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "WMPNSS-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "WMPNSS-Out-UDP-NoScope" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "WMPNSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "WMPNSS-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "WMPNSS-QWave-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-QWave-Out-UDP" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-QWave-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-QWave-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-SSDPSrv-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-SSDPSrv-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-WMP-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "WMPNSS-WMP-Out-UDP" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "WMPNSS-WMP-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "WMPNSS-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "WMPNSS-Out-UDP" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "WMPNSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "WMPNSS-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "WMPNSS-UPnP-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Collab-P2PHost-In-TCP" | In - None - P6 - TRUE | .(.Microsoft Corporation - Voisinage immédiat.) -- C:\Windows\system32\p2phost.exe O87 - FAEL: "Collab-P2PHost-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Voisinage immédiat.) -- C:\Windows\system32\p2phost.exe O87 - FAEL: "Collab-P2PHost-WSD-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Voisinage immédiat.) -- C:\Windows\system32\p2phost.exe O87 - FAEL: "Collab-P2PHost-WSD-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Voisinage immédiat.) -- C:\Windows\system32\p2phost.exe O87 - FAEL: "Collab-PNRP-In-UDP" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Collab-PNRP-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Collab-PNRP-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Collab-PNRP-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-In-TCP-EdgeScope" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Assistance à distance Windows.) -- C:\Windows\system32\msra.exe O87 - FAEL: "RemoteAssistance-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Assistance à distance Windows.) -- C:\Windows\system32\msra.exe O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-In-EdgeScope" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-OUT" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-RAServer-In-TCP-NoScope-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Serveur COM d’assistance à distance Windows.) -- C:\Windows\system32\raserver.exe O87 - FAEL: "RemoteAssistance-RAServer-Out-TCP-NoScope-Active" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Serveur COM d’assistance à distance Windows.) -- C:\Windows\system32\raserver.exe O87 - FAEL: "RemoteAssistance-DCOM-In-TCP-NoScope-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-In-TCP-EdgeScope-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Assistance à distance Windows.) -- C:\Windows\system32\msra.exe O87 - FAEL: "RemoteAssistance-Out-TCP-Active" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Assistance à distance Windows.) -- C:\Windows\system32\msra.exe O87 - FAEL: "RemoteAssistance-SSDPSrv-In-UDP-Active" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-SSDPSrv-Out-UDP-Active" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-SSDPSrv-In-TCP-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-SSDPSrv-Out-TCP-Active" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-OUT-Active" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe O87 - FAEL: "FPS-SpoolSvc-In-TCP" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe O87 - FAEL: "FPS-LLMNR-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "FPS-LLMNR-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-DHCP-In" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-DHCP-Out" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-DHCPV6-In" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-DHCPV6-Out" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-Teredo-In" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-Teredo-Out" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-IPHTTPS-Out" | Out - None - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-GP-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-DNS-Out-UDP" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Local Security Authority Process.) -- C:\Windows\system32\lsass.exe O87 - FAEL: "NETDIS-SSDPSrv-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-SSDPSrv-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-UPnP-Out-TCP-Active" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDPHOST-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDPHOST-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-LLMNR-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-LLMNR-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDRESPUB-WSD-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDRESPUB-WSD-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-SSDPSrv-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-SSDPSrv-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-UPnP-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDPHOST-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDPHOST-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-LLMNR-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-LLMNR-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDRESPUB-WSD-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDRESPUB-WSD-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MsiScsi-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MsiScsi-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MsiScsi-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MsiScsi-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MSDTC-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Service Microsoft Distributed Transaction Coordinator.) -- C:\Windows\system32\msdtc.exe O87 - FAEL: "MSDTC-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Service Microsoft Distributed Transaction Coordinator.) -- C:\Windows\system32\msdtc.exe O87 - FAEL: "MSDTC-KTMRM-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MSDTC-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MSDTC-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Service Microsoft Distributed Transaction Coordinator.) -- C:\Windows\system32\msdtc.exe O87 - FAEL: "MSDTC-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Service Microsoft Distributed Transaction Coordinator.) -- C:\Windows\system32\msdtc.exe O87 - FAEL: "MSDTC-KTMRM-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MSDTC-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe O87 - FAEL: "RemoteSvcAdmin-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteSvcAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe O87 - FAEL: "RemoteSvcAdmin-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "PerfLogsAlerts-PLASrv-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Performance Logs and Alerts DCOM Server.) -- C:\Windows\system32\plasrv.exe O87 - FAEL: "PerfLogsAlerts-DCOM-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "PerfLogsAlerts-PLASrv-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Performance Logs and Alerts DCOM Server.) -- C:\Windows\system32\plasrv.exe O87 - FAEL: "PerfLogsAlerts-DCOM-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMI-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMI-WINMGMT-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMI-WINMGMT-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMI-ASYNC-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) -- C:\Windows\system32\wbem\unsecapp.exe O87 - FAEL: "WMI-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMI-WINMGMT-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMI-WINMGMT-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMI-ASYNC-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) -- C:\Windows\system32\wbem\unsecapp.exe O87 - FAEL: "PNRPMNRS-PNRP-In-UDP" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "PNRPMNRS-PNRP-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "PNRPMNRS-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "PNRPMNRS-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteEventLogSvc-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteEventLogSvc-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteEventLogSvc-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteEventLogSvc-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteTask-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteTask-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteTask-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteTask-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteFwAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteFwAdmin-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteFwAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteFwAdmin-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RVM-VDS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Service de disque virtuel.) -- C:\Windows\system32\vds.exe O87 - FAEL: "RVM-VDSLDR-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Virtual Disk Service Loader.) -- C:\Windows\system32\vdsldr.exe O87 - FAEL: "RVM-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RVM-VDS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Service de disque virtuel.) -- C:\Windows\system32\vds.exe O87 - FAEL: "RVM-VDSLDR-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Virtual Disk Service Loader.) -- C:\Windows\system32\vdsldr.exe O87 - FAEL: "RVM-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WPDMTP-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes.) -- C:\Windows\system32\wudfhost.exe O87 - FAEL: "WPDMTP-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes.) -- C:\Windows\system32\wudfhost.exe O87 - FAEL: "WPDMTP-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WPDMTP-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WPDMTP-UPnPHost-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WPDMTP-UPnP-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NetPres-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-WSD-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-WSD-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "MCX-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-In-TCP" | In - None - P6 - FALSE | .(.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehshell.exe O87 - FAEL: "MCX-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehshell.exe O87 - FAEL: "MCX-QWave-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-QWave-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-QWave-In-TCP" | In - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-QWave-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehshell.exe O87 - FAEL: "MCX-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehshell.exe O87 - FAEL: "MCX-MCX2SVC-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-Prov-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - MCX2 Provisioning library.) -- C:\Windows\ehome\mcx2prov.exe O87 - FAEL: "MCX-PlayTo-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-McrMgr-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Media Center Extender Manager.) -- C:\Windows\ehome\mcrmgr.exe O87 - FAEL: "MCX-PlayTo-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-FDPHost-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{D76024F3-C0EC-4FB4-9DAA-9150408F5F22}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "{882263EE-F2C2-4902-AEBD-C0293A271425}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "{ACF2E058-B5B5-4B73-9753-9E7814BFBDF5}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "{52D4005A-7C4B-4FF7-946D-9F0533DFFD76}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{DD98561D-E7E8-4C4E-B311-3E53F32F17F7}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "{F702068A-6D06-424F-9A67-5C63E66C41C2}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "{66037E3E-CDA1-49DA-A90A-ECDBBCEA4F5A}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "{C8F12232-A3F8-4DF3-A077-124127673DF8}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "{221B5232-B4E1-4949-A15D-6B2259ED08B0}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "{B3FC7BF0-6458-4580-88E6-404A81192E13}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "{7E1A8053-65C2-4E47-92FA-063A3EDE292A}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "{65A97107-33F0-4FEA-AA8C-F0C43AD0FB9D}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{37AE1B6E-7A59-411F-B0EF-7FD05BA02BFD}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{DBB4B774-3EF6-4548-AED3-CED1E1C4F92B}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{93BF3312-D7BA-4398-96B7-319A6CCDB351}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{11480293-0395-43C6-95A9-CD602D9286B0}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{D1BFB509-1E0C-48AE-A448-579B9664E156}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{37428F18-0FDD-4262-BF31-781878BCE778}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{54DA967A-412F-4A75-A44B-9A26BFC31CA0}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{88C04A54-FA1D-48D9-A16C-FDA6284400C4}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe O87 - FAEL: "{94D408E7-DFAF-4E57-B83B-75AC1B17DC46}" | Out - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{D120A44F-C7AA-4AA0-B040-1FD04C823231}" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "TCP Query User{8FFC9FAF-EB27-4892-9347-B65A9B4C6B5C}C:\program files\internet explorer\iexplore.exe" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Internet Explorer.) -- C:\program files\internet explorer\iexplore.exe O87 - FAEL: "UDP Query User{F6AF6046-1792-4445-AB7D-BC5F661FA385}C:\program files\internet explorer\iexplore.exe" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Internet Explorer.) -- C:\program files\internet explorer\iexplore.exe O87 - FAEL: "{66E7C2A1-FBAC-4212-9B9D-D30BE6D07191}" |In - None - P17 - TRUE | .(...) -- C:\Program Files\HP\hp software update\hpwucli.exe (.not file.) O87 - FAEL: "{0A5E68DB-272A-422D-BB03-E90C2A18CC78}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Microsoft OneNote.) -- C:\Program Files\Microsoft Office\Office14\ONENOTE.exe O87 - FAEL: "{119E4483-CC62-480A-9002-43E6BD3BB408}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Microsoft OneNote.) -- C:\Program Files\Microsoft Office\Office14\ONENOTE.exe O87 - FAEL: "{BC4C22A8-EF50-4135-9040-30C6FD53D93B}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office\Office14\outlook.exe O87 - FAEL: "{8617C7B3-5489-495F-B0D7-FF74BAA2F60B}" | In - None - P17 - TRUE | .(.Microsoft Corporation - Windows Live Communications Platform.) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe O87 - FAEL: "{48B21B12-CA3B-40CD-9AB3-8CB277DE3FC1}" | In - None - P17 - TRUE | .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O87 - FAEL: "{2F5300EF-6CAB-4793-814F-4513AC01EB30}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "RemoteDesktop-UserMode-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "TCP Query User{DAA373F7-76B7-4A0E-AA92-14264FB6AB9E}C:\usbfix\go.exe" | In - Public - P6 - TRUE | .(...) -- C:\usbfix\go.exe O87 - FAEL: "UDP Query User{E8A591CE-C396-47C3-B436-341221903E46}C:\usbfix\go.exe" | In - Public - P17 - TRUE | .(...) -- C:\usbfix\go.exe ~ Firewall: 201 Scanned in 00mn 11s ---\\ Scan Additionnel (O88) Database Version : v2.11580 - (18/04/2013) Clés trouvées (Keys found) : 16 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193}] =>Hijacker.ChercheUS [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}] =>PUP.OfferBox [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B41306C6-96D0-442A-BCC4-B0F621E82CE9}] =>PUP.OfferBox [HKCU\Software\Microsoft\Internet Explorer\MenuExt\recherche avec cherche.us] =>Hijacker.ChercheUS [HKCU\Software\FissaSearch] =>PUP.OfferBox [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow]:*.chat-land.org =>Hijacker.ChercheUS ~ Additionnel: Scanned in 00mn 29s ---\\ Product Upgrade Codes (O90) O90 - PUC: "000021090200C0400000000000F01FEC" . (.Module de compatibilité pour Microsoft Office System 2007.) -- C:\Windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe O90 - PUC: "11F12B5E3396B0E42AC597363E0CD711" . (.Windows Live Messenger.) -- C:\Windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe O90 - PUC: "68AB67CA7DA76301B7449A0500000010" . (.Adobe Reader 9.5.2 - Français.) -- C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-A95000000001}\SC_Reader.ico O90 - PUC: "7692FC6BE18C0C0489510C7547EF1F02" . (.Skype Click to Call.) -- C:\Windows\Installer\{B6CF2967-C81E-40C0-9815-C05774FEF120}\IconUninstallIco O90 - PUC: "85744C6E94FF1D741828563E18A8EC32" . (.AuthenTec TrueSuite.) -- C:\Windows\Installer\{E6C44758-FF49-47D1-8182-65E3818ACE23}\ARPPRODUCTICON.exe O90 - PUC: "BADF2FE6FBF79BA429DC95B4DD6B5AB6" . (.PaperPort Image Printer.) -- C:\Windows\Installer\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}\ARPPRODUCTICON.exe O90 - PUC: "D7314F9862C648A4DB8BE2A5B47BE100" . (.Microsoft Silverlight.) -- c:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ARPIcon O90 - PUC: "E7FF67E4ABEA78C47B88DC745E24B5D9" . (.Skype™ 6.1.) -- C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe O90 - PUC: "F75567D15F409FC4BA02A626B1D0257D" . (.MyPDFConverter.) -- C:\Windows\Installer\{1D76557F-04F5-4CF9-AB20-6A621B0D52D7}\ARPPRODUCTICON.exe O90 - PUC: "F955A0C63858A5B4B80502EB1ED5E846" . (.Nuance PaperPort 12.) -- C:\Windows\Installer\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}\ARPPRODUCTICON.exe ~ Update Products: 60 Scanned in 00mn 00s ---\\ MyComputer Name Space (O92) O92 - MNS: Dossiers Web - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} ~ MNS: 1 Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 25/01/2010 245760 | (BrYNSvc) . (.Brother Industries, Ltd..) - C:\Program Files\Browny02\BrYNSvc.exe SS - | Auto 14/07/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 14/07/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SR - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 20/10/2010 67904 | (nlsX86cc) . (.Nalpeiron Ltd..) - C:\Windows\system32\NLSSRV32.exe SR - | Auto 08/03/2010 144672 | (PDFProFiltSrvPP) . (.Nuance Communications, Inc..) - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe SR - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe SS - | Auto 08/01/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 11/12/2006 24576 | (StkSSrv) . (.Syntek America Inc..) - C:\Windows\System32\StkCSrv.exe SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 04s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Run by patty at 19/04/2013 13:09:39 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys ~ MBR: 8 Scanned in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by patty at 19/04/2013 13:09:41 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s End of the scan (1282 lines in 06mn 25s)(0) Rapport de ZHPDiag v2013.4.18.101 par Nicolas Coolman, Update du 18/04/2013 Run by patty at 19/04/2013 13:03:15 State : WhiteList : Disable High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v10.0.9200.16540 (Defaut) GCIE: Google Chrome v26.0.1410.64 ---\\ Windows Product Information ~ Langage: Français Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows® 7, RETAIL channel Windows ID Activation : OK ~ Windows Partial Key : 84BBP Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection Windows Defender W7 ---\\ System Optimizer CCleaner v3.00 ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader 9.5.2 - Français ---\\ System Information ~ Processor: x86 Family 6 Model 14 Stepping 8, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1015 MB (17% free) System Restore: Activé (Enable) System drive C: has 42 GB (40%) free of 104 GB ---\\ Logged in mode ~ Computer Name: PATTY-PC ~ User Name: patty ~ All Users Names: patynavigation, patty, HomeGroupUser$, Administrateur, ~ Unselected Option: O45,O61 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\patty\AppData\Roaming\ ~ %Desktop% : C:\Users\patty\Desktop\ ~ %Favorites% : C:\Users\patty\Favorites\ ~ %LocalAppData% : C:\Users\patty\AppData\Local\ ~ %StartMenu% : C:\Users\patty\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 42 Go of 104 Go) D:\ CD-ROM drive (Not Inserted) E:\ Floppy drive, Flash card reader, USB Key (Free 1 Go of 1 Go) F:\ Floppy drive, Flash card reader, USB Key (Free 6 Go of 7 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.CFE0CEE587F9CEA4C29DEEC6D85FC91C] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/02/2013 - 11:30:16.) -- C:\Windows\System32\wininet.dll [1766912] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.9CDAEBE5160B9AF02AE17C62BDB6C4B5] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/03/2013 - 06:07:36.) -- C:\Windows\system32\Drivers\ntfs.sys [1212264] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 01s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/636 ~ Mes Favoris (My Favorites) : 1/62 ~ Mes Documents (My Documents) : 2/6 ~ Mon Bureau (My Desktop) : 1/2766 ~ Menu demarrer (Programs) : 1/27 ~ Hidden Files: Scanned in 00mn 08s ---\\ Processus lancés [MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.2772] [MD5.CD1102E5D340216138C7F56FA8D26998] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.2784] [MD5.B98FFA8288EFAABC436C30D198608345] - (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe [136600] [PID.2800] [MD5.87A33B074108C21E0FAB9D5C82963B8E] - (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files\Winamp\winampa.exe [74752] [PID.2896] [MD5.E5F1D2C7D51C816437BBE2306828BC4B] - (.Nuance Communications, Inc. - PaperPort Print to Desktop for NT.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984] [PID.3088] [MD5.9F0ACAA725CF5A391AF7E2067AE45746] - (.Nuance Communications, Inc. - PdfCreateHook Application.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe [636192] [PID.3112] [MD5.B63E5C7807334A3A8F731062F15462CC] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008] [PID.3160] [MD5.50FB420DEDF67926910E3B869BB243A1] - (.Brother Industries, Ltd. - ControlCenter Main Process.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe [331776] [PID.3184] [MD5.DDF441F9C40507D582A7D09AB46C6F98] - (.Brother Industries, Ltd. - ControlCenter UX System.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe [1196032] [PID.3432] [MD5.E84DA43E726D043CA2DEE71F01DB261A] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe [228448] [PID.3512] [MD5.E4F6125ED5185F8FA37CC4F449B85526] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [770608] [PID.5528] [MD5.A778E395D5481138169D233AAE92757A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6861312] [PID.3712] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\patty\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [user Data\Default] None G0 - GCSP: Preference [user Data\Default][HomePage] Google G0 - GCSP: Preference [user Data\Default] Google G2 - GCE: Preference [user Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Chrome Web Store v.0.1 () G2 - GCE: Preference [user Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Drive v.6.2 (Activé) G2 - GCE: Preference [user Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] YouTube v.4.2.5 (Activé) G2 - GCE: Preference [user Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Recherche Google v.0.0.0.19 (Activé) G2 - GCE: Preference [user Data\Default] [eemcgdkfndhakfknompkggombfjjjeno] Bookmark Manager v.0.1 (Activé) G2 - GCE: Preference [user Data\Default] [lifbcibllhkdhoafpjfnlhfpfgnpldfl] Skype Click to Call v.6.3.0.11079 (Désactivé) G2 - GCE: Preference [user Data\Default] [mfehgcgbbipciphmccgaenjidiccnmng] Cloud Print v.0.1 (Désactivé) G2 - GCE: Preference [user Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Gmail v.7 (Activé) ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20125.0.) -- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (.Microsoft Corporation - The plug-in allows you to open and edit files using Microsoft Office a.) -- C:\Program Files\Microsoft Office\Office14\NPSPWRAP.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.5.2".) -- C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll ~ Firefox Browser: 7 Scanned in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.fr - Actualités, magazines people & féminin, Outlook et Hotmail R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Microsoft Corporation R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Microsoft Corporation R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = CHERCHE | Search Web, Files, Amazon, Shopping, Youtube, Twitter, News R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.5.2".) (No version) -- (.not file.) R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0 ~ IE Browser: 12 Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} Clé orpheline O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} . (.Zeon Corporation - PlusIEContextMenu.dll.) -- C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Skype Click to Call for Internet Explorer.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\Program Files\Microsoft Office\Office14\URLREDIR.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll ~ BHO: 8 Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe O4 - HKLM\..\Run: [WinampAgent] . (.Nullsoft, Inc. - Winamp Agent.) -- C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [indexSearch] . (.Nuance Communications, Inc. - PaperPort IndexSearch.) -- C:\Program Files\Nuance\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [PaperPort PTD] . (.Nuance Communications, Inc. - PaperPort Print to Desktop for NT.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [PPort12reminder] . (.Nuance Communications, Inc. - Ereg.) -- C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe O4 - HKLM\..\Run: [PDFHook] . (.Nuance Communications, Inc. - PdfCreateHook Application.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe O4 - HKLM\..\Run: [PDF5 Registry Controller] . (.Nuance Communications, Inc. - PDF Converter Registry Controller.) -- C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe O4 - HKLM\..\Run: [ControlCenter4] . (.Brother Industries, Ltd. - ControlCenter Launcher.) -- C:\Program Files\ControlCenter4\BrCcBoot.exe O4 - HKLM\..\Run: [brStsMon00] . (.Brother Industries, Ltd. - Brother Status Monitor Application.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe O4 - HKLM\..\RunOnce: [*WerKernelReporting] . (.Microsoft Corporation - Rapports de problèmes Windows.) -- C:\Windows\System32\WerFault.exe O4 - HKCU\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.exe O4 - HKCU\..\Run: [iSUSPM] . (.Acresso Corporation - Acresso Software Manager.) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe O4 - HKCU\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-3998488584-1651764560-2391298529-1003\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - HKUS\S-1-5-21-3998488584-1651764560-2391298529-1003\..\Run: [EPSON Stylus DX4400 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.exe O4 - HKUS\S-1-5-21-3998488584-1651764560-2391298529-1003\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe ~ Application: Scanned in 00mn 01s ---\\ Autres liens utilisateurs (O4) O4 - GS\TaskBar: Skype (2).lnk . (...) -- C:\Windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe (.not file.) O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - Global Startup: C:\Users\patynavigation\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL . (...) -- C:\Users\patynavigation\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL =>Hijacker.ChercheUS O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Microsoft Outlook.lnk . (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - GS\Desktop: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop: Microsoft Excel 2010.lnk . (...) -- C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe O4 - GS\Desktop: Microsoft PowerPoint 2010.lnk . (...) -- C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe O4 - GS\Desktop: Microsoft Word 2010.lnk . (...) -- C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - Global Startup: C:\Users\patty\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL . (...) -- C:\Users\patty\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chat-Land site de chat et de rencontre gratuit.URL =>Hijacker.ChercheUS O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch: PDF Suite.lnk . (...) -- C:\Program Files\PDF Suite 2010\PDF Suite.exe (.not file.) O4 - GS\QuickLaunch: Winamp.lnk . (.Nullsoft, Inc. - Winamp.) -- C:\Program Files\Winamp\winamp.exe O4 - GS\Desktop: Ajuster le volume du système - Raccourci.lnk - Clé orpheline O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe ~ Global Startup: Scanned in 00mn 03s ---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5) O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no ~ IE Control Panel: 1 Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBttnIE.dll O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBTTN~1.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.dll ~ Winsock: 8 Scanned in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] *.chat-land.org =>Hijacker.ChercheUS ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{5E2CEE82-1EE5-4B8D-9FD9-0D99A8C9710B}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{B935E572-916D-4881-A425-5CDA9077C599}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{D9E80CAC-A051-4ABD-BB7B-C83E8B8F434C}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{B935E572-916D-4881-A425-5CDA9077C599}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\..\{D9E80CAC-A051-4ABD-BB7B-C83E8B8F434C}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{5E2CEE82-1EE5-4B8D-9FD9-0D99A8C9710B}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{B935E572-916D-4881-A425-5CDA9077C599}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{D9E80CAC-A051-4ABD-BB7B-C83E8B8F434C}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{B935E572-916D-4881-A425-5CDA9077C599}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS1\Services\Tcpip\..\{D9E80CAC-A051-4ABD-BB7B-C83E8B8F434C}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{5E2CEE82-1EE5-4B8D-9FD9-0D99A8C9710B}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{B935E572-916D-4881-A425-5CDA9077C599}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{D9E80CAC-A051-4ABD-BB7B-C83E8B8F434C}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{e29ac6c2-7037-11de-816d-806e6f6e6963}: NameServer = 46.4.11.10,8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{B935E572-916D-4881-A425-5CDA9077C599}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS2\Services\Tcpip\..\{D9E80CAC-A051-4ABD-BB7B-C83E8B8F434C}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. ~ SSODL: 1 Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: NLS Service (nlsX86cc) . (.Nalpeiron Ltd. - This service enables products that use the.) - C:\Windows\system32\NLSSRV32.exe O23 - Service: PDFProFiltSrvPP (PDFProFiltSrvPP) . (.Nuance Communications, Inc. - PDFPro IFilter Service.) - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe O23 - Service: Skype C2C Service (Skype C2C Service) . (.Skype Technologies S.A. - Skype C2C Service.) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) . (.Syntek America Inc. - Syntek Hardware Snapshot Launch Application.) - C:\Windows\System32\StkCSrv.exe ~ Services: 6 Scanned in 00mn 05s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Default MHTML Editor: Last - .(...) - (.not file.) ~ Desktop Component: 4 Scanned in 00mn 00s ---\\ BootExecute (O34) O34 - HKLM BootExecute: (autocheck autochk *) - File not found ~ BEX: 1 Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Adobe Flash Player Updater.job [1002] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1050] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1054] [MD5.EA856F4A46320389D1899B2CAA7BF40F] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [253656] [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [136176] [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe [136176] [MD5.00000000000000000000000000000000] [APT] [{61E360E6-CA7F-43D2-BEBF-A375C93F375E}] (...) -- C:\Program Files\Alwil Software\Avast4\aswRundll.exe (.not file.) [0] [MD5.497F27E279C0F921E2130BB89C1CB5CA] [APT] [{8CF31AD1-D448-4C35-9026-5F571442B82A}] (.Skype Technologies S.A..) -- C:\Program Files\Skype\Phone\Skype.exe [18705664] [MD5.497F27E279C0F921E2130BB89C1CB5CA] [APT] [{FD66345F-46DB-4996-9902-535064FDEBA3}] (.Skype Technologies S.A..) -- C:\Program Files\Skype\Phone\Skype.exe [18705664] ~ Scheduled Task: 10 Scanned in 00mn 08s ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Microsoft Windows Media Player - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll O40 - ASIC: Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\regutils.dll O40 - ASIC: Microsoft Windows Media Player 12.0 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\System32\wmpdxm.dll O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\Windows\System32\themeui.dll O40 - ASIC: Internet Explorer - {2D46B6DC-2207-486B-B523-A557E6D54B47} . (.Microsoft Corporation - Interpréteur de commandes Windows.) -- C:\Windows\system32\cmd.exe O40 - ASIC: Microsoft Windows - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\Windows\System32\msieftp.dll O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll O40 - ASIC: Windows Desktop Update - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll O40 - ASIC: Web Platform Customizations - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\system32\mscories.dll O40 - ASIC: Google Chrome - {8A69D345-D564-463c-AFF1-A69D9E530F96} . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11CF-96B8-444553540000} . (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\Windows\system32\Macromed\Flash\Flash32_11_6_602_180.ocx ~ Active Setup: 13 Scanned in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys O41 - Driver: C:\Windows\System32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys O41 - Driver: C:\Windows\System32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys O41 - Driver: C:\Windows\System32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys O41 - Driver: C:\Windows\System32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\system32\drivers\termdd.sys O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys ~ Drivers: 57 Scanned in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: 32 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D} O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Adobe Reader 9.5.2 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A95000000001} O42 - Logiciel: AuthenTec TrueSuite - (.AuthenTec, Inc..) [HKLM] -- {E6C44758-FF49-47D1-8182-65E3818ACE23} O42 - Logiciel: Brother MFL-Pro Suite DCP-7055 - (.Brother Industries, Ltd..) [HKLM] -- {3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487} O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF} O42 - Logiciel: Détection de l'application Winamp - (.Nullsoft, Inc.) [HKCU] -- Winamp Detect O42 - Logiciel: EPSON Logiciel imprimante - (.SEIKO EPSON Corporation.) [HKLM] -- EPSON Printer and Utilities O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] -- Google Chrome O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} O42 - Logiciel: Intel® Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI O42 - Logiciel: Java 6 Update 11 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216011FF} O42 - Logiciel: Logiciel d'archivage WinRAR - (...) [HKLM] -- WinRAR archiver O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71} O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC} O42 - Logiciel: MSXML 4.0 SP3 Parser (KB2721691) - (.Microsoft Corporation.) [HKLM] -- {355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36} O42 - Logiciel: MSXML 4.0 SP3 Parser (KB2758694) - (.Microsoft Corporation.) [HKLM] -- {1D95BA90-F4F8-47EC-A882-441C99D30C1E} O42 - Logiciel: MSXML 4.0 SP3 Parser (KB973685) - (.Microsoft Corporation.) [HKLM] -- {859DFA95-E4A6-48CD-B88E-A3E483E89B44} O42 - Logiciel: MSXML 4.0 SP3 Parser - (.Microsoft Corporation.) [HKLM] -- {196467F1-C11F-4F76-858B-5812ADC83B94} O42 - Logiciel: Microsoft Antimalware Service FR-FR Language Pack - (.Microsoft Corporation.) [HKLM] -- {32E9C1A5-0FDA-4483-987D-DBABF9CC1DD8} O42 - Logiciel: Microsoft Security Client - (.Microsoft Corporation.) [HKLM] -- {390DD8BB-BB57-4942-A029-2D913E4E9D74} O42 - Logiciel: Microsoft Security Client FR-FR Language Pack - (.Microsoft Corporation.) [HKLM] -- {50779A29-834E-4E36-BBEB-B7CABC67A825} O42 - Logiciel: Microsoft Security Essentials - (.Microsoft Corporation.) [HKLM] -- Microsoft Security Client O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} O42 - Logiciel: MyPDFConverter - (.Secure Digital Services.) [HKLM] -- {1D76557F-04F5-4CF9-AB20-6A621B0D52D7} O42 - Logiciel: Nuance PDF Viewer Plus - (.Nuance Communications, Inc.) [HKLM] -- {28656860-4728-433C-8AD4-D1A930437BC8} O42 - Logiciel: Nuance PaperPort 12 - (.Nuance Communications, Inc..) [HKLM] -- {6C0A559F-8583-4B5A-8B50-20BEE15D8E64} O42 - Logiciel: OGA Notifier 2.0.0048.0 - (.Microsoft Corporation.) [HKLM] -- {B2544A03-10D0-4E5E-BA69-0362FFC20D18} O42 - Logiciel: PaperPort Image Printer - (.Nuance Communications, Inc..) [HKLM] -- {6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B} O42 - Logiciel: Skype Click to Call - (.Skype Technologies S.A..) [HKLM] -- {B6CF2967-C81E-40C0-9815-C05774FEF120} O42 - Logiciel: Skype™ 6.1 - (.Skype Technologies S.A..) [HKLM] -- {4E76FF7E-AEBA-4C87-B788-CD47E5425B9D} O42 - Logiciel: USB2.0 350K WebCam - (.Bisont Electrocnics. Inc..) [HKLM] -- {4A57592C-FF92-4083-97A9-92783BD5AFB4} O42 - Logiciel: USB2.0 VGA WebCam - (...) [HKLM] -- USB2.0 VGA WebCam O42 - Logiciel: Winamp - (.Nullsoft, Inc.) [HKLM] -- Winamp ~ Logic: 63 Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\ALWIL Software] [HKCU\Software\Adobe] [HKCU\Software\AppDataLow\Software\Yahoo] [HKCU\Software\AppDataLow] [HKCU\Software\Brother] [HKCU\Software\Classes] [HKCU\Software\EPSON] [HKCU\Software\FLEXnet] [HKCU\Software\FissaSearch] [HKCU\Software\Google] [HKCU\Software\Hewlett-Packard] [HKCU\Software\IM Providers] [HKCU\Software\InstallShield] [HKCU\Software\Intel] [HKCU\Software\JavaSoft] [HKCU\Software\Macromedia] [HKCU\Software\MozillaPlugins] [HKCU\Software\Netscape] [HKCU\Software\ODBC] [HKCU\Software\PDF Suite 2010] [HKCU\Software\Piriform] [HKCU\Software\Policies] [HKCU\Software\ScanSoft] [HKCU\Software\Skype] [HKCU\Software\Smart Soft] [HKCU\Software\VB and VBA Program Settings] [HKCU\Software\WinRAR SFX] [HKCU\Software\WinRAR] [HKCU\Software\Winamp] [HKCU\Software\YahooPartnerToolbar] [HKCU\Software\Yahoo] [HKCU\Software\ZebHelpProcess Helper] [HKCU\Software\Zeon] [HKLM\Software\ALWIL Software] [HKLM\Software\ATI Technologies] [HKLM\Software\Adobe] [HKLM\Software\AuthenTec] [HKLM\Software\BisonCam] [HKLM\Software\Bisont Electrocnics. Inc.] [HKLM\Software\Brother Industries, Ltd.] [HKLM\Software\Brother] [HKLM\Software\BrowserChoice] [HKLM\Software\CDDB] [HKLM\Software\CUSTPDF Writer] [HKLM\Software\Classes] [HKLM\Software\Clients] [HKLM\Software\EPSON] [HKLM\Software\GPL Ghostscript] [HKLM\Software\Google] [HKLM\Software\Hewlett-Packard] [HKLM\Software\Huawei technologies] [HKLM\Software\ICE] [HKLM\Software\IM Providers] [HKLM\Software\InstallShield] [HKLM\Software\Intel] [HKLM\Software\Investintech.com Inc.] [HKLM\Software\JavaSoft] [HKLM\Software\LG Electronics] [HKLM\Software\Macromedia] [HKLM\Software\MozillaPlugins] [HKLM\Software\Mozilla] [HKLM\Software\Nalpeiron] [HKLM\Software\Nuance] [HKLM\Software\Nullsoft] [HKLM\Software\ODBC] [HKLM\Software\Piriform] [HKLM\Software\Policies] [HKLM\Software\RegisteredApplications] [HKLM\Software\ScanSoft] [HKLM\Software\SecureDigitalServices] [HKLM\Software\Skype] [HKLM\Software\Sonic] [HKLM\Software\TrueSuite] [HKLM\Software\Visioneer] [HKLM\Software\Volatile] [HKLM\Software\WebCam] [HKLM\Software\WinRAR] [HKLM\Software\Windows] [HKLM\Software\Yahoo] [HKLM\Software\ZEON] [HKLM\Software\mozilla.org] [HKLM\Software\mypdfconverter] ~ Key Software: 110 Scanned in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 11/10/2010 - 06:45:07 - [109,781] ----D C:\Program Files\Adobe O43 - CFD: 31/10/2009 - 23:35:24 - [0] ----D C:\Program Files\Alwil Software O43 - CFD: 05/04/2010 - 11:38:26 - [0,036] ----D C:\Program Files\Banda Ancha Movil O43 - CFD: 02/07/2011 - 16:17:25 - [2,023] ----D C:\Program Files\Brother O43 - CFD: 02/07/2011 - 16:17:47 - [14,317] ----D C:\Program Files\Browny02 O43 - CFD: 08/11/2010 - 14:19:15 - [3,058] ----D C:\Program Files\CCleaner O43 - CFD: 27/02/2013 - 14:36:01 - [360,728] ----D C:\Program Files\Common Files O43 - CFD: 02/07/2011 - 16:17:43 - [61,283] ----D C:\Program Files\ControlCenter4 O43 - CFD: 30/04/2011 - 22:12:22 - [79,371] ----D C:\Program Files\DVD Maker O43 - CFD: 31/10/2009 - 20:33:18 - [0] ----D C:\Program Files\Fichiers communs O43 - CFD: 14/07/2011 - 22:33:15 - [367,397] ----D C:\Program Files\Google O43 - CFD: 26/11/2010 - 23:24:30 - [7,701] ----D C:\Program Files\GPLGS O43 - CFD: 29/08/2010 - 18:16:23 - [9,377] ----D C:\Program Files\HP O43 - CFD: 02/07/2011 - 16:16:27 - [16,410] --H-D C:\Program Files\InstallShield Installation Information O43 - CFD: 11/04/2013 - 07:31:29 - [5,379] ----D C:\Program Files\Internet Explorer O43 - CFD: 05/06/2010 - 00:54:52 - [82,470] ----D C:\Program Files\Java O43 - CFD: 04/05/2010 - 20:18:52 - [0] ----D C:\Program Files\LG Electronics O43 - CFD: 17/08/2010 - 18:50:34 - [38,002] ----D C:\Program Files\Microsoft Analysis Services O43 - CFD: 14/07/2009 - 11:00:58 - [140,966] ----D C:\Program Files\Microsoft Games O43 - CFD: 17/08/2010 - 18:56:47 - [879,132] ----D C:\Program Files\Microsoft Office O43 - CFD: 27/02/2013 - 14:55:11 - [22,263] ----D C:\Program Files\Microsoft Security Client O43 - CFD: 16/03/2013 - 14:32:36 - [40,835] ----D C:\Program Files\Microsoft Silverlight O43 - CFD: 26/08/2010 - 14:22:02 - [7,789] ----D C:\Program Files\Microsoft.NET O43 - CFD: 14/07/2009 - 06:52:30 - [0,025] ----D C:\Program Files\MSBuild O43 - CFD: 04/05/2010 - 18:08:09 - [38,094] ----D C:\Program Files\MSECache O43 - CFD: 02/07/2011 - 16:07:32 - [0,147] ----D C:\Program Files\MSXML 4.0 O43 - CFD: 26/11/2010 - 23:24:21 - [11,266] ----D C:\Program Files\MyPDFConverter O43 - CFD: 02/07/2011 - 16:15:16 - [226,312] ----D C:\Program Files\Nuance O43 - CFD: 14/07/2009 - 06:52:30 - [37,357] ----D C:\Program Files\Reference Assemblies O43 - CFD: 27/02/2013 - 14:36:01 - [38,336] R---D C:\Program Files\Skype O43 - CFD: 06/05/2010 - 11:10:58 - [6,536] ----D C:\Program Files\TrueSuite O43 - CFD: 14/07/2009 - 06:53:23 - [0] --H-D C:\Program Files\Uninstall Information O43 - CFD: 19/12/2010 - 13:45:06 - [36,558] ----D C:\Program Files\Winamp O43 - CFD: 19/12/2010 - 13:40:05 - [0,148] ----D C:\Program Files\Winamp Detect O43 - CFD: 30/04/2011 - 22:12:17 - [2,909] ----D C:\Program Files\Windows Defender O43 - CFD: 12/05/2012 - 20:07:34 - [6,689] ----D C:\Program Files\Windows Journal O43 - CFD: 06/04/2012 - 12:19:27 - [59,478] ----D C:\Program Files\Windows Live O43 - CFD: 30/04/2011 - 22:12:22 - [5,895] ----D C:\Program Files\Windows Mail O43 - CFD: 30/04/2011 - 22:12:21 - [6,298] ----D C:\Program Files\Windows Media Player O43 - CFD: 31/10/2009 - 20:33:18 - [11,632] ----D C:\Program Files\Windows NT O43 - CFD: 30/04/2011 - 22:12:20 - [4,213] ----D C:\Program Files\Windows Photo Viewer O43 - CFD: 30/04/2011 - 22:12:21 - [0,181] ----D C:\Program Files\Windows Portable Devices O43 - CFD: 30/04/2011 - 22:12:22 - [6,374] ----D C:\Program Files\Windows Sidebar O43 - CFD: 05/11/2009 - 10:19:04 - [3,740] ----D C:\Program Files\WinRAR O43 - CFD: 11/08/2010 - 23:53:03 - [0] ----D C:\Program Files\Yahoo! O43 - CFD: 19/04/2013 - 13:03:46 - [16,273] ----D C:\Program Files\ZHPDiag O43 - CFD: 26/01/2012 - 20:44:42 - [6,244] ----D C:\Program Files\Common Files\Adobe O43 - CFD: 17/08/2010 - 18:57:32 - [0,095] ----D C:\Program Files\Common Files\DESIGNER O43 - CFD: 09/08/2010 - 12:08:02 - [0,164] ----D C:\Program Files\Common Files\Hewlett-Packard O43 - CFD: 02/07/2011 - 16:09:03 - [4,799] ----D C:\Program Files\Common Files\InstallShield O43 - CFD: 12/08/2011 - 10:27:32 - [283,817] ----D C:\Program Files\Common Files\microsoft shared O43 - CFD: 19/12/2010 - 13:39:36 - [3,974] ----D C:\Program Files\Common Files\PX Storage Engine O43 - CFD: 02/07/2011 - 16:10:20 - [3,322] ----D C:\Program Files\Common Files\ScanSoft Shared O43 - CFD: 14/07/2009 - 04:37:05 - [0,003] ----D C:\Program Files\Common Files\Services O43 - CFD: 27/02/2013 - 14:36:01 - [2,056] ----D C:\Program Files\Common Files\Skype O43 - CFD: 14/07/2009 - 04:37:05 - [39,200] ----D C:\Program Files\Common Files\SpeechEngines O43 - CFD: 16/11/2012 - 21:35:14 - [17,054] ----D C:\Program Files\Common Files\System O43 - CFD: 14/05/2010 - 20:13:53 - [0] ----D C:\Program Files\Common Files\Windows Live O43 - CFD: 26/01/2012 - 20:44:46 - [231,900] ----D C:\ProgramData\Adobe O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Application Data O43 - CFD: 02/07/2011 - 16:06:02 - [0,043] ----D C:\ProgramData\Brother O43 - CFD: 31/10/2009 - 20:33:17 - [0] --H-D C:\ProgramData\Bureau O43 - CFD: 02/07/2011 - 16:17:43 - [0,000] ----D C:\ProgramData\ControlCenter4 O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Desktop O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Documents O43 - CFD: 06/05/2010 - 11:10:42 - [13,234] ----D C:\ProgramData\Downloaded Installations O43 - CFD: 03/11/2009 - 23:10:09 - [0,461] ----D C:\ProgramData\EPSON O43 - CFD: 31/10/2009 - 20:33:17 - [0] --H-D C:\ProgramData\Favoris O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Favorites O43 - CFD: 02/07/2011 - 16:09:59 - [3,807] ----D C:\ProgramData\FLEXnet O43 - CFD: 29/08/2010 - 18:08:18 - [4,061] ----D C:\ProgramData\HP O43 - CFD: 31/10/2009 - 20:33:17 - [0] --H-D C:\ProgramData\Menu Démarrer O43 - CFD: 26/01/2011 - 19:22:31 - [629,743] -S--D C:\ProgramData\Microsoft O43 - CFD: 10/04/2013 - 23:29:29 - [0,059] ----D C:\ProgramData\Microsoft Help O43 - CFD: 31/10/2009 - 20:33:18 - [0] --H-D C:\ProgramData\Modèles O43 - CFD: 04/01/2010 - 19:59:08 - [0,058] ----D C:\ProgramData\MSScanAppDataDir O43 - CFD: 26/11/2010 - 23:13:51 - [0] ----D C:\ProgramData\Nitro PDF O43 - CFD: 02/07/2011 - 16:29:23 - [6,809] ----D C:\ProgramData\Nuance O43 - CFD: 27/03/2010 - 15:21:03 - [0,001] ----D C:\ProgramData\Office Genuine Advantage O43 - CFD: 02/07/2011 - 16:11:34 - [0,169] ----D C:\ProgramData\ScanSoft O43 - CFD: 27/02/2013 - 14:36:10 - [116,991] ----D C:\ProgramData\Skype O43 - CFD: 26/11/2010 - 23:05:06 - [5,566] ----D C:\ProgramData\Smart Soft O43 - CFD: 14/02/2010 - 16:29:56 - [0,000] ----D C:\ProgramData\SSScanAppDataDir O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Start Menu O43 - CFD: 14/07/2009 - 06:53:55 - [0] --H-D C:\ProgramData\Templates O43 - CFD: 06/05/2010 - 11:11:01 - [0] ----D C:\ProgramData\TrueSuite O43 - CFD: 02/07/2011 - 16:14:06 - [0,045] ----D C:\ProgramData\zeon O43 - CFD: 08/11/2009 - 01:24:51 - [0,218] ----D C:\Users\patty\AppData\Roaming\Adobe O43 - CFD: 20/07/2011 - 14:48:15 - [0,008] ----D C:\Users\patty\AppData\Roaming\ControlCenter4 O43 - CFD: 20/07/2011 - 14:47:48 - [0,001] ----D C:\Users\patty\AppData\Roaming\FLEXnet O43 - CFD: 31/10/2009 - 20:33:50 - [0] ----D C:\Users\patty\AppData\Roaming\Identities O43 - CFD: 09/11/2009 - 19:51:41 - [0] ----D C:\Users\patty\AppData\Roaming\InstallShield O43 - CFD: 23/12/2009 - 16:37:20 - [0] ----D C:\Users\patty\AppData\Roaming\LG Electronics O43 - CFD: 08/11/2009 - 01:24:51 - [0,003] ----D C:\Users\patty\AppData\Roaming\Macromedia O43 - CFD: 14/07/2009 - 11:00:22 - [0] ----D C:\Users\patty\AppData\Roaming\Media Center Programs O43 - CFD: 22/08/2010 - 11:06:07 - [23,871] -S--D C:\Users\patty\AppData\Roaming\Microsoft O43 - CFD: 02/07/2011 - 16:11:37 - [0] ----D C:\Users\patty\AppData\Roaming\Nuance O43 - CFD: 26/11/2010 - 23:43:24 - [0,007] ----D C:\Users\patty\AppData\Roaming\PDF Software O43 - CFD: 16/11/2012 - 15:24:52 - [10,098] ----D C:\Users\patty\AppData\Roaming\Skype O43 - CFD: 16/07/2010 - 14:55:17 - [0,071] ----D C:\Users\patty\AppData\Roaming\skypePM O43 - CFD: 31/03/2011 - 20:20:43 - [0,097] ----D C:\Users\patty\AppData\Roaming\Winamp O43 - CFD: 05/11/2009 - 10:19:40 - [0,000] ----D C:\Users\patty\AppData\Roaming\WinRAR O43 - CFD: 09/08/2010 - 12:12:35 - [0] ----D C:\Users\patty\AppData\Roaming\Yahoo! O43 - CFD: 26/01/2012 - 20:43:48 - [5,702] ----D C:\Users\patty\AppData\Local\Adobe O43 - CFD: 31/10/2009 - 20:33:33 - [0] ----D C:\Users\patty\AppData\Local\Application Data O43 - CFD: 28/03/2010 - 02:00:34 - [0] ----D C:\Users\patty\AppData\Local\Diagnostics O43 - CFD: 08/03/2011 - 19:55:48 - [0,245] ----D C:\Users\patty\AppData\Local\ElevatedDiagnostics O43 - CFD: 19/04/2013 - 12:10:56 - [20,501] ----D C:\Users\patty\AppData\Local\Google O43 - CFD: 31/10/2009 - 20:33:33 - [0] ----D C:\Users\patty\AppData\Local\Historique O43 - CFD: 22/08/2010 - 10:43:35 - [0] ----D C:\Users\patty\AppData\Local\HP O43 - CFD: 14/05/2010 - 20:19:43 - [823,820] ----D C:\Users\patty\AppData\Local\Microsoft O43 - CFD: 26/12/2009 - 00:38:48 - [1,082] ----D C:\Users\patty\AppData\Local\Microsoft Games O43 - CFD: 22/08/2010 - 11:06:06 - [0,069] ----D C:\Users\patty\AppData\Local\Microsoft Help O43 - CFD: 19/04/2013 - 12:59:50 - [112,554] ----D C:\Users\patty\AppData\Local\Temp O43 - CFD: 31/10/2009 - 20:33:33 - [0] ----D C:\Users\patty\AppData\Local\Temporary Internet Files O43 - CFD: 31/10/2009 - 20:33:39 - [0] ----D C:\Users\patty\AppData\Local\VirtualStore O43 - CFD: 25/11/2010 - 18:23:13 - [0] ----D C:\Users\patty\AppData\Local\Windows Live O43 - CFD: 14/07/2009 - 06:42:04 - [0,014] R---D C:\Users\patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories O43 - CFD: 09/09/2012 - 13:58:19 - [0,000] R---D C:\Users\patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools O43 - CFD: 19/12/2010 - 13:40:05 - [0,001] ----D C:\Users\patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Détection de l'application Winamp O43 - CFD: 14/07/2009 - 06:37:42 - [0,001] R---D C:\Users\patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance O43 - CFD: 09/09/2012 - 13:58:19 - [0,000] R---D C:\Users\patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup O43 - CFD: 05/11/2009 - 10:19:04 - [0,003] ----D C:\Users\patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR ~ Program Folder: 123 Scanned in 00mn 22s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.B56F5185CCF3180C3B8C96293670E5E7] - 19/04/2013 - 11:32:26 ---A- . (...) -- C:\Windows\WindowsUpdate.log [2069412] O44 - LFC:[MD5.F9EBC85C2AF484EE2CDF6443992C9D40] - 19/04/2013 - 11:20:04 ---A- . (...) -- C:\Windows\setupact.log [74934] O44 - LFC:[MD5.C225BAED9ECFCB00ED4552D161C83FBB] - 19/04/2013 - 11:20:00 -S-A- . (...) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.61B8F6232020546EE9A392DB8FB8395B] - 19/04/2013 - 11:04:03 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1549936] O44 - LFC:[MD5.22426C0D1833B041609910BC9BCE39DD] - 19/04/2013 - 11:04:03 ---A- . (...) -- C:\Windows\System32\perfc009.dat [106622] O44 - LFC:[MD5.F255EEC1D4015ABDD767DC4086F5FB9B] - 19/04/2013 - 11:04:03 ---A- . (...) -- C:\Windows\System32\perfc00C.dat [130988] O44 - LFC:[MD5.A29E356442B8F357395DC29672802E74] - 19/04/2013 - 11:04:03 ---A- . (...) -- C:\Windows\System32\perfh009.dat [616242] O44 - LFC:[MD5.82E816C52C9681F804BD0A5A7010AB96] - 19/04/2013 - 11:04:03 ---A- . (...) -- C:\Windows\System32\perfh00C.dat [704714] O44 - LFC:[MD5.60F0327DAF56A79288A832FCADA098F4] - 11/04/2013 - 06:33:33 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [409984] O44 - LFC:[MD5.3275F17533CB1599841AAABA3C8D3E8E] - 10/04/2013 - 22:28:15 ---A- . (.Microsoft Corporation - Microsoft® MSHTML Typelib.) -- C:\Windows\System32\mshtml.tlb [2706432] O44 - LFC:[MD5.6EF6B6EACCA13DD6131624E0DD5C14A3] - 10/04/2013 - 22:28:14 ---A- . (.Microsoft Corporation - Microsoft ® JScript.) -- C:\Windows\System32\jscript.dll [690688] O44 - LFC:[MD5.9B59687619B27CDA24638CDC3AF079FB] - 10/04/2013 - 22:28:13 ---A- . (.Microsoft Corporation - Microsoft ® JScript.) -- C:\Windows\System32\jscript9.dll [2877440] O44 - LFC:[MD5.BFDD0C5F3E435596F197F003609989C4] - 10/04/2013 - 22:28:12 ---A- . (.Microsoft Corporation - IOD Version Map.) -- C:\Windows\System32\iesetup.dll [61440] O44 - LFC:[MD5.87B775A458A73BB7381E5B67B5652496] - 10/04/2013 - 22:28:12 ---A- . (.Microsoft Corporation - JScript Proxy Auto-Configuration.) -- C:\Windows\System32\jsproxy.dll [39424] O44 - LFC:[MD5.90F785F7594E3AF23D4392677042BE9A] - 10/04/2013 - 22:28:11 ---A- . (.Microsoft Corporation - Moteur de l’interface utilisateur d’Interne.) -- C:\Windows\System32\ieui.dll [391168] O44 - LFC:[MD5.B5D742C535D37A7DA0649E03B32CAD80] - 10/04/2013 - 22:28:10 ---A- . (.Microsoft Corporation - Microsoft Feeds Manager.) -- C:\Windows\System32\msfeeds.dll [493056] O44 - LFC:[MD5.1B6A7D965462BE6220727721A4CDB247] - 10/04/2013 - 22:28:10 ---A- . (.Microsoft Corporation - Registers custom PKEYs for IE.) -- C:\Windows\System32\RegisterIEPKEYs.exe [71680] O44 - LFC:[MD5.3FA7F736B877B46EDF1EE6BE6051848D] - 10/04/2013 - 22:28:10 ---A- . (.Microsoft Corporation - Traitement de RunOnce complet avec interfac.) -- C:\Windows\System32\iernonce.dll [33280] O44 - LFC:[MD5.F532B056147F251D480F7E5FF0758947] - 10/04/2013 - 22:28:10 ---A- . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Expl.) -- C:\Windows\System32\ie4uinit.exe [42496] O44 - LFC:[MD5.69CB1A65B835EE6ADF9E16ED6D443072] - 10/04/2013 - 22:28:09 ---A- . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll [1129984] O44 - LFC:[MD5.A7CFDA703AF9AD409DAA521487E0CB53] - 10/04/2013 - 22:28:09 ---A- . (.Microsoft Corporation - IE Sysprep Provider.) -- C:\Windows\System32\iesysprep.dll [109056] O44 - LFC:[MD5.B5DEC0D4CBBC333CA99FE10B06D4747E] - 10/04/2013 - 22:28:08 ---A- . (.Microsoft Corporation - Run time utility for Internet Explorer.) -- C:\Windows\System32\iertutil.dll [2046464] O44 - LFC:[MD5.CFE0CEE587F9CEA4C29DEEC6D85FC91C] - 10/04/2013 - 22:28:06 ---A- . (.Microsoft Corporation - Extensions Internet pour Win32.) -- C:\Windows\System32\wininet.dll [1766912] O44 - LFC:[MD5.0B6118058942961D504AAEA04FECB116] - 10/04/2013 - 22:28:02 ---A- . (.Microsoft Corporation - Navigateur Internet.) -- C:\Windows\System32\ieframe.dll [13761024] O44 - LFC:[MD5.D017BF8D92938EEB9B3A1D1C53FDA152] - 10/04/2013 - 22:28:00 ---A- . (.Microsoft Corporation - Visionneuse HTML Microsoft ®.) -- C:\Windows\System32\mshtml.dll [14323200] O44 - LFC:[MD5.6E4916DC5BA0697C28915DA5261FF250] - 10/04/2013 - 22:24:12 ---A- . (.Microsoft Corporation - Outil de suppression de logiciels malveilla.) -- C:\Windows\System32\MRT.exe [70490256] O44 - LFC:[MD5.6FCC2090F055F5C96236DCD057DD705D] - 10/04/2013 - 17:32:16 ---A- . (.Microsoft Corporation - Pilote Win32 multi-utilisateurs.) -- C:\Windows\System32\win32k.sys [2347008] O44 - LFC:[MD5.E306A24D9694C724FA2491278BF50FDB] - 10/04/2013 - 17:32:13 ---A- . (.Microsoft Corporation - BitLocker Drive Encryption Driver.) -- C:\Windows\System32\Drivers\fvevol.sys [196328] O44 - LFC:[MD5.2DFAB8C3C394E95D262E1325BDA5DFE4] - 10/04/2013 - 17:32:11 ---A- . (.Microsoft Corporation - NT Kernel & System.) -- C:\Windows\System32\ntoskrnl.exe [3913560] O44 - LFC:[MD5.88355CFE81D381F93C74716DAA803587] - 10/04/2013 - 17:32:10 ---A- . (.Microsoft Corporation - NT Kernel & System.) -- C:\Windows\System32\ntkrnlpa.exe [3968856] O44 - LFC:[MD5.DE91DCC7BC55E940979097E98F743205] - 10/04/2013 - 17:32:09 ---A- . (.Microsoft Corporation - Gestionnaire de sessions Windows.) -- C:\Windows\System32\smss.exe [69632] O44 - LFC:[MD5.23AB7E36551C6BA5370EF7F05142F0EB] - 10/04/2013 - 17:32:09 ---A- . (.Microsoft Corporation - Processus d'exécution client-serveur.) -- C:\Windows\System32\csrsrv.dll [38912] O44 - LFC:[MD5.9CDAEBE5160B9AF02AE17C62BDB6C4B5] - 10/04/2013 - 17:31:44 ---A- . (.Microsoft Corporation - Pilote du système de fichiers NT.) -- C:\Windows\System32\Drivers\ntfs.sys [1212264] ~ Files: 33 Scanned in 00mn 18s ---\\ Déni du service (Local Security Authority) (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - TLS / SSL Security Provider.) -- C:\Windows\System32\schannel.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corp. - LiveSSP.) -- C:\Windows\System32\livessp.dll ~ LSA: 9 Scanned in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (.Microsoft Corporation - RDP Encoder Miniport.) -- C:\Windows\System32\Drivers\rdpencdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys . (.Microsoft Corporation - VGA/Super VGA Video Driver.) -- C:\Windows\System32\Drivers\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys . (...) -- C:\Windows\System32\Drivers\vgasave.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys ~ CSB: 13 Scanned in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{15aacc5f-38f2-11df-b718-001a92792371}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \Drivers32\"vidc.cvid"="iccvid.dll" . (.Radius Inc. - Codec Cinepak®.) -- C:\Windows\System32\iccvid.dll O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm ~ TDSD: 3 Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\msnmsgr [Key] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O53 - SMSR:HKLM\...\startupreg\Skype [Key] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe ~ SMSR Keys: 2 Scanned in 00mn 00s ---\\ Microsoft Control Security Providers (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll ~ MSCP: 2 Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0 O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Scanned in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=3 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=3 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=0 ~ MWPE Keys: 4 Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 25/04/2011 - C:\Windows\system32\drivers\afd.sys (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\Beep.sys (Beep) .(.Microsoft Corporation - BEEP Driver.) - LEGACY_BEEP O64 - Services: CurCS - 04/07/2012 - C:\Windows\system32\browser.dll (bowser) .(.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) - LEGACY_BOWSER O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\cdfs.sys (cdfs) .(.Microsoft Corporation - CD-ROM File System Driver.) - LEGACY_CDFS O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\clfs.sys (CLFS) .(.Microsoft Corporation - Common Log File System Driver.) - LEGACY_CLFS O64 - Services: CurCS - 24/08/2012 - C:\Windows\System32\Drivers\cng.sys (CNG) .(.Microsoft Corporation - Kernel Cryptography, Next Generation.) - LEGACY_CNG O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\dfsc.sys (DfsC) .(.Microsoft Corporation - DFS Namespace Client Driver.) - LEGACY_DFSC O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\discache.sys (discache) .(.Microsoft Corporation - System Indexer/Cache Driver.) - LEGACY_DISCACHE O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\dxgkrnl.sys (DXGKrnl) .(.Microsoft Corporation - DirectX Graphics Kernel.) - LEGACY_DXGKRNL O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\fastfat.sys (fastfat) .(.Microsoft Corporation - Fast FAT File System Driver.) - LEGACY_FASTFAT O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\fileinfo.sys (FileInfo) .(.Microsoft Corporation - FileInfo Filter Driver.) - LEGACY_FILEINFO O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\fltmgr.sys (FltMgr) .(.Microsoft Corporation - Gestionnaire de filtres de système de fichi.) - LEGACY_FLTMGR O64 - Services: CurCS - 24/01/2013 - C:\Windows\system32\drivers\fvevol.sys (fvevol) .(.Microsoft Corporation - BitLocker Drive Encryption Driver.) - LEGACY_FVEVOL O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\http.sys (HTTP) .(.Microsoft Corporation - HTTP Pile du protocole.) - LEGACY_HTTP O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\hwpolicy.sys (hwpolicy) .(.Microsoft Corporation - Hardware Policy Driver.) - LEGACY_HWPOLICY O64 - Services: CurCS - 02/06/2012 - C:\Windows\System32\Drivers\ksecdd.sys (KSecDD) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECDD O64 - Services: CurCS - 24/08/2012 - C:\Windows\System32\Drivers\ksecpkg.sys (KSecPkg) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) - LEGACY_KSECPKG O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\lltdio.sys (lltdio) .(.Microsoft Corporation - Link-Layer Topology Mapper I/O Driver.) - LEGACY_LLTDIO O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\luafv.sys (luafv) .(.Microsoft Corporation - Pilote de filtre de virtualisation de fichi.) - LEGACY_LUAFV O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\mountmgr.sys (mountmgr) .(.Microsoft Corporation - Gestionnaire des points de montage.) - LEGACY_MOUNTMGR O64 - Services: CurCS - 20/01/2013 - C:\Windows\System32\DRIVERS\MpFilter.sys (MpFilter) .(.Microsoft Corporation - Microsoft antimalware file system filter dr.) - LEGACY_MPFILTER O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\FirewallAPI.dll (mpsdrv) .(.Microsoft Corporation - API du Pare-feu Windows.) - LEGACY_MPSDRV O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\webclnt.dll (MRxDAV) .(.Microsoft Corporation - Fichier DLL du service DAV pour le Web.) - LEGACY_MRXDAV O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb10) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB10 O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb20) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_MRXSMB20 O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\msisadrv.sys (msisadrv) .(.Microsoft Corporation - ISA Driver.) - LEGACY_MSISADRV O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\mup.sys (Mup) .(.Microsoft Corporation - Multiple UNC Provider Driver.) - LEGACY_MUP O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\nwifi.sys (NativeWifiP) .(.Microsoft Corporation - Pilote de miniport WiFi natif.) - LEGACY_NATIVEWIFIP O64 - Services: CurCS - 22/08/2012 - C:\Windows\system32\drivers\ndis.sys (NDIS) .(.Microsoft Corporation - Pilote NDIS 6.20.) - LEGACY_NDIS O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\DRIVERS\ndisuio.sys (Ndisuio) .(.Microsoft Corporation - Pilote d’E/S du mode utilisateur NDIS.) - LEGACY_NDISUIO O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\netbios.sys (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) - LEGACY_NETBIOS O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\netbt.sys (NetBT) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT O64 - Services: CurCS - 20/01/2013 - C:\Windows\System32\DRIVERS\NisDrvWFP.sys (NisDrv) .(.Microsoft Corporation - Microsoft Network Realtime Inspection Drive.) - LEGACY_NISDRV O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) .(.Microsoft Corporation - NSI Proxy.) - LEGACY_NSIPROXY O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\pcw.sys (pcw) .(.Microsoft Corporation - Performance Counters for Windows Driver.) - LEGACY_PCW O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\peauth.sys (PEAUTH) .(.Microsoft Corporation - Protected Environment Authentication and Au.) - LEGACY_PEAUTH O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\drivers\pacer.sys (Psched) .(.Microsoft Corporation - Planificateur de paquets QoS.) - LEGACY_PSCHED O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (rdbss) .(.Microsoft Corporation - DLL du service Station de travail.) - LEGACY_RDBSS O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) - LEGACY_RDPCDD O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) .(.Microsoft Corporation - RDP Encoder Miniport.) - LEGACY_RDPENCDD O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) .(.Microsoft Corporation - RDP Reflector Driver Miniport.) - LEGACY_RDPREFMP O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\rspndr.sys (rspndr) .(.Microsoft Corporation - Link-Layer Topology Responder Driver for ND.) - LEGACY_RSPNDR O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\Drivers\spldr.sys (spldr) .(.Microsoft Corporation - loader for security processor.) - LEGACY_SPLDR O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\srvsvc.dll (srv) .(.Microsoft Corporation - DLL du service Serveur.) - LEGACY_SRV O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\srvsvc.dll (srv2) .(.Microsoft Corporation - DLL du service Serveur.) - LEGACY_SRV2 O64 - Services: CurCS - 29/04/2011 - C:\Windows\System32\DRIVERS\srvnet.sys (srvnet) .(.Microsoft Corporation - Server Network driver.) - LEGACY_SRVNET O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\tcpipcfg.dll (Tcpip) .(.Microsoft Corporation - Objets de configuration du réseau.) - LEGACY_TCPIP O64 - Services: CurCS - 03/10/2012 - C:\Windows\System32\drivers\tcpipreg.sys (tcpipreg) .(.Microsoft Corporation - TCP/IP Registry Compatibility Driver.) - LEGACY_TCPIPREG O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\tcpipcfg.dll (tdx) .(.Microsoft Corporation - Objets de configuration du réseau.) - LEGACY_TDX O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\DRIVERS\udfs.sys (udfs) .(.Microsoft Corporation - UDF File System Driver.) - LEGACY_UDFS O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\vga.sys (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\drivers\volmgrx.sys (volmgrx) .(.Microsoft Corporation - Pilote d’extension du gestionnaire de volum.) - LEGACY_VOLMGRX O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\drivers\volsnap.sys (volsnap) .(.Microsoft Corporation - Pilote de cliché instantané du volume.) - LEGACY_VOLSNAP O64 - Services: CurCS - 14/07/2009 - C:\Windows\system32\rascfg.dll (Wanarpv6) .(.Microsoft Corporation - Objets de configuration RAS.) - LEGACY_WANARPV6 O64 - Services: CurCS - 26/07/2012 - C:\Windows\System32\drivers\Wdf01000.sys (Wdf01000) .(.Microsoft Corporation - Runtime de l’infrastructure de pilotes en m.) - LEGACY_WDF01000 O64 - Services: CurCS - 14/07/2009 - C:\Windows\System32\DRIVERS\wfplwf.sys (WfpLwf) .(.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - LEGACY_WFPLWF O64 - Services: CurCS - 26/07/2012 - C:\Windows\System32\drivers\WudfPf.sys (WudfPf) .(.Microsoft Corporation - Windows Driver Foundation - User-mode Drive.) - LEGACY_WUDFPF ~ Legacy: 365 Scanned in 01mn 01s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe ~ FASS Keys: 18 Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (Bing) - Bing O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - Bing O69 - SBI: SearchScopes [HKCU] {557C21FE-7274-410D-853E-9ED4471BF193} - (cherche.us) - http O69 - SBI: SearchScopes [HKCU] {b41306c6-96d0-442a-bcc4-b0f621e82ce9} - (Fissa) - Fissa search ~ Keys: Scanned in 00mn 00s ---\\ Recherche des services démarrés par Svchost (O83) O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\System32\aelupsvc.dll [62464] O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [67584] O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [67584] O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\System32\srvsvc.dll [168960] O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\System32\gpsvc.dll [593408] O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\System32\ikeext.dll [674304] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Service Audio Windows.) -- C:\Windows\System32\Audiosrv.dll [473600] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\System32\rasauto.dll [90624] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire de connexions d’accès distant.) -- C:\Windows\System32\rasmans.dll [286208] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\System32\mprdim.dll [75264] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\System32\sens.dll [49664] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l’application d’assistance à Microsoft NAT.) -- C:\Windows\System32\ipnathlp.dll [300544] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows.) -- C:\Windows\System32\tapisrv.dll [242176] O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Gestionnaire des connexions distantes du serveur hôte de session Burea.) -- C:\Windows\System32\termsrv.dll [521216] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\Windows\System32\wuaueng.dll [1933848] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\System32\qmgr.dll [585728] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\System32\shsvcs.dll [328192] O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\System32\iphlpsvc.dll [499712] O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d’ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [21504] O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\System32\appinfo.dll [47104] O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\System32\iscsiexe.dll [114688] O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\System32\mmcss.dll [49664] O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\System32\wercplsupport.dll [61440] O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\System32\eapsvc.dll [98304] O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [164352] O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\System32\schedsvc.dll [750592] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\System32\kmsvc.dll [71168] O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\System32\sessenv.dll [113664] O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [168960] O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\System32\browser.dll [102912] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\System32\themeservice.dll [37376] O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\System32\bdesvc.dll [76800] ~ Services: 32 Scanned in 00mn 01s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.2204D65BAD86FF3447EBEDCCE176148A] [sPRF][05/04/2010] (...) -- C:\ProgramData\ezsidmv.dat [56] [MD5.77D31FB654A53DBFB151C7A8E11E3A02] [sPRF][17/07/2009] (.Adobe Systems Incorporated - Adobe® Flash® Player ActiveX Installer.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [1962160] ~ Files: Scanned in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "SNMPTRAP-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Interruption SNMP.) -- C:\Windows\system32\snmptrap.exe O87 - FAEL: "SNMPTRAP-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Interruption SNMP.) -- C:\Windows\system32\snmptrap.exe O87 - FAEL: "WMP-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "WMP-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "WMP-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "WMPNSS-QWave-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-QWave-Out-UDP-NoScope" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-QWave-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-QWave-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-WMP-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "WMPNSS-WMP-Out-UDP-NoScope" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "WMPNSS-WMP-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "WMPNSS-In-UDP-NoScope" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "WMPNSS-Out-UDP-NoScope" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "WMPNSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "WMPNSS-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "WMPNSS-QWave-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-QWave-Out-UDP" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-QWave-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-QWave-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-SSDPSrv-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-SSDPSrv-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMPNSS-WMP-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "WMPNSS-WMP-Out-UDP" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "WMPNSS-WMP-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "WMPNSS-In-UDP" | In - Public - P17 - FALSE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "WMPNSS-Out-UDP" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "WMPNSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "WMPNSS-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "WMPNSS-UPnP-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-In" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-TCP3587-Out" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-In" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Microsoft-Windows-HomeGroup-ProvSvc-UDP3540-Out" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Collab-P2PHost-In-TCP" | In - None - P6 - TRUE | .(.Microsoft Corporation - Voisinage immédiat.) -- C:\Windows\system32\p2phost.exe O87 - FAEL: "Collab-P2PHost-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Voisinage immédiat.) -- C:\Windows\system32\p2phost.exe O87 - FAEL: "Collab-P2PHost-WSD-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Voisinage immédiat.) -- C:\Windows\system32\p2phost.exe O87 - FAEL: "Collab-P2PHost-WSD-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Voisinage immédiat.) -- C:\Windows\system32\p2phost.exe O87 - FAEL: "Collab-PNRP-In-UDP" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Collab-PNRP-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Collab-PNRP-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "Collab-PNRP-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-In-TCP-EdgeScope" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Assistance à distance Windows.) -- C:\Windows\system32\msra.exe O87 - FAEL: "RemoteAssistance-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Assistance à distance Windows.) -- C:\Windows\system32\msra.exe O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-In-EdgeScope" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-OUT" | Out - Public - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-RAServer-In-TCP-NoScope-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Serveur COM d’assistance à distance Windows.) -- C:\Windows\system32\raserver.exe O87 - FAEL: "RemoteAssistance-RAServer-Out-TCP-NoScope-Active" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Serveur COM d’assistance à distance Windows.) -- C:\Windows\system32\raserver.exe O87 - FAEL: "RemoteAssistance-DCOM-In-TCP-NoScope-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-In-TCP-EdgeScope-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Assistance à distance Windows.) -- C:\Windows\system32\msra.exe O87 - FAEL: "RemoteAssistance-Out-TCP-Active" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Assistance à distance Windows.) -- C:\Windows\system32\msra.exe O87 - FAEL: "RemoteAssistance-SSDPSrv-In-UDP-Active" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-SSDPSrv-Out-UDP-Active" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-SSDPSrv-In-TCP-Active" | In - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-SSDPSrv-Out-TCP-Active" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active" | In - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteAssistance-PnrpSvc-UDP-OUT-Active" | Out - Domain - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "FPS-SpoolSvc-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe O87 - FAEL: "FPS-SpoolSvc-In-TCP" | In - Public - P6 - TRUE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe O87 - FAEL: "FPS-LLMNR-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "FPS-LLMNR-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-DHCP-In" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-DHCP-Out" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-DHCPV6-In" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-DHCPV6-Out" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-Teredo-In" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-Teredo-Out" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-IPHTTPS-Out" | Out - None - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-GP-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-DNS-Out-UDP" | Out - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "CoreNet-GP-LSASS-Out-TCP" | Out - Domain - P6 - TRUE | .(.Microsoft Corporation - Local Security Authority Process.) -- C:\Windows\system32\lsass.exe O87 - FAEL: "NETDIS-SSDPSrv-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-SSDPSrv-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-UPnP-Out-TCP-Active" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDPHOST-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDPHOST-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-LLMNR-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-LLMNR-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDRESPUB-WSD-In-UDP-Active" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDRESPUB-WSD-Out-UDP-Active" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-SSDPSrv-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-SSDPSrv-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-UPnP-Out-TCP" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDPHOST-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDPHOST-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-LLMNR-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-LLMNR-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDRESPUB-WSD-In-UDP" | In - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NETDIS-FDRESPUB-WSD-Out-UDP" | Out - Domain - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MsiScsi-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MsiScsi-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MsiScsi-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MsiScsi-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MSDTC-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Service Microsoft Distributed Transaction Coordinator.) -- C:\Windows\system32\msdtc.exe O87 - FAEL: "MSDTC-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Service Microsoft Distributed Transaction Coordinator.) -- C:\Windows\system32\msdtc.exe O87 - FAEL: "MSDTC-KTMRM-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MSDTC-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MSDTC-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Service Microsoft Distributed Transaction Coordinator.) -- C:\Windows\system32\msdtc.exe O87 - FAEL: "MSDTC-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Service Microsoft Distributed Transaction Coordinator.) -- C:\Windows\system32\msdtc.exe O87 - FAEL: "MSDTC-KTMRM-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MSDTC-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteSvcAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe O87 - FAEL: "RemoteSvcAdmin-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteSvcAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Applications Services et Contrôleur.) -- C:\Windows\system32\services.exe O87 - FAEL: "RemoteSvcAdmin-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "PerfLogsAlerts-PLASrv-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Performance Logs and Alerts DCOM Server.) -- C:\Windows\system32\plasrv.exe O87 - FAEL: "PerfLogsAlerts-DCOM-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "PerfLogsAlerts-PLASrv-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Performance Logs and Alerts DCOM Server.) -- C:\Windows\system32\plasrv.exe O87 - FAEL: "PerfLogsAlerts-DCOM-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMI-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMI-WINMGMT-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMI-WINMGMT-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMI-ASYNC-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) -- C:\Windows\system32\wbem\unsecapp.exe O87 - FAEL: "WMI-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMI-WINMGMT-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMI-WINMGMT-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WMI-ASYNC-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) -- C:\Windows\system32\wbem\unsecapp.exe O87 - FAEL: "PNRPMNRS-PNRP-In-UDP" | In - None - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "PNRPMNRS-PNRP-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "PNRPMNRS-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "PNRPMNRS-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteEventLogSvc-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteEventLogSvc-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteEventLogSvc-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteEventLogSvc-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteTask-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteTask-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteTask-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteTask-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteFwAdmin-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteFwAdmin-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteFwAdmin-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RemoteFwAdmin-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RVM-VDS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Service de disque virtuel.) -- C:\Windows\system32\vds.exe O87 - FAEL: "RVM-VDSLDR-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Virtual Disk Service Loader.) -- C:\Windows\system32\vdsldr.exe O87 - FAEL: "RVM-RPCSS-In-TCP-NoScope" | In - Domain - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "RVM-VDS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Service de disque virtuel.) -- C:\Windows\system32\vds.exe O87 - FAEL: "RVM-VDSLDR-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Virtual Disk Service Loader.) -- C:\Windows\system32\vdsldr.exe O87 - FAEL: "RVM-RPCSS-In-TCP" | In - Public - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WPDMTP-Out-TCP-NoScope" | Out - Domain - P6 - FALSE | .(.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes.) -- C:\Windows\system32\wudfhost.exe O87 - FAEL: "WPDMTP-Out-TCP" | Out - Public - P6 - FALSE | .(.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes.) -- C:\Windows\system32\wudfhost.exe O87 - FAEL: "WPDMTP-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WPDMTP-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WPDMTP-UPnPHost-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "WPDMTP-UPnP-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "NetPres-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-WSD-In-UDP" |In - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-WSD-Out-UDP" |Out - None - P17 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "NetPres-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Windows\system32\netproj.exe (.not file.) O87 - FAEL: "MCX-SSDPSrv-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-SSDPSrv-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-In-TCP" | In - None - P6 - FALSE | .(.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehshell.exe O87 - FAEL: "MCX-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehshell.exe O87 - FAEL: "MCX-QWave-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-QWave-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-QWave-In-TCP" | In - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-QWave-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehshell.exe O87 - FAEL: "MCX-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehshell.exe O87 - FAEL: "MCX-MCX2SVC-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-Prov-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - MCX2 Provisioning library.) -- C:\Windows\ehome\mcx2prov.exe O87 - FAEL: "MCX-PlayTo-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-McrMgr-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Media Center Extender Manager.) -- C:\Windows\ehome\mcrmgr.exe O87 - FAEL: "MCX-PlayTo-Out-UDP" | Out - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "MCX-FDPHost-Out-TCP" | Out - None - P6 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{D76024F3-C0EC-4FB4-9DAA-9150408F5F22}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "{882263EE-F2C2-4902-AEBD-C0293A271425}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "{ACF2E058-B5B5-4B73-9753-9E7814BFBDF5}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "{52D4005A-7C4B-4FF7-946D-9F0533DFFD76}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{DD98561D-E7E8-4C4E-B311-3E53F32F17F7}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "{F702068A-6D06-424F-9A67-5C63E66C41C2}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "{66037E3E-CDA1-49DA-A90A-ECDBBCEA4F5A}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "{C8F12232-A3F8-4DF3-A077-124127673DF8}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmpnetwk.exe O87 - FAEL: "{221B5232-B4E1-4949-A15D-6B2259ED08B0}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "{B3FC7BF0-6458-4580-88E6-404A81192E13}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "{7E1A8053-65C2-4E47-92FA-063A3EDE292A}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O87 - FAEL: "{65A97107-33F0-4FEA-AA8C-F0C43AD0FB9D}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{37AE1B6E-7A59-411F-B0EF-7FD05BA02BFD}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{DBB4B774-3EF6-4548-AED3-CED1E1C4F92B}" | Out - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{93BF3312-D7BA-4398-96B7-319A6CCDB351}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{11480293-0395-43C6-95A9-CD602D9286B0}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{D1BFB509-1E0C-48AE-A448-579B9664E156}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{37428F18-0FDD-4262-BF31-781878BCE778}" | Out - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{54DA967A-412F-4A75-A44B-9A26BFC31CA0}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{88C04A54-FA1D-48D9-A16C-FDA6284400C4}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Application sous-système spouleur.) -- C:\Windows\system32\spoolsv.exe O87 - FAEL: "{94D408E7-DFAF-4E57-B83B-75AC1B17DC46}" | Out - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "{D120A44F-C7AA-4AA0-B040-1FD04C823231}" | In - Public - P17 - TRUE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "TCP Query User{8FFC9FAF-EB27-4892-9347-B65A9B4C6B5C}C:\program files\internet explorer\iexplore.exe" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Internet Explorer.) -- C:\program files\internet explorer\iexplore.exe O87 - FAEL: "UDP Query User{F6AF6046-1792-4445-AB7D-BC5F661FA385}C:\program files\internet explorer\iexplore.exe" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Internet Explorer.) -- C:\program files\internet explorer\iexplore.exe O87 - FAEL: "{66E7C2A1-FBAC-4212-9B9D-D30BE6D07191}" |In - None - P17 - TRUE | .(...) -- C:\Program Files\HP\hp software update\hpwucli.exe (.not file.) O87 - FAEL: "{0A5E68DB-272A-422D-BB03-E90C2A18CC78}" | In - Private - P6 - TRUE | .(.Microsoft Corporation - Microsoft OneNote.) -- C:\Program Files\Microsoft Office\Office14\ONENOTE.exe O87 - FAEL: "{119E4483-CC62-480A-9002-43E6BD3BB408}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Microsoft OneNote.) -- C:\Program Files\Microsoft Office\Office14\ONENOTE.exe O87 - FAEL: "{BC4C22A8-EF50-4135-9040-30C6FD53D93B}" | In - Private - P17 - TRUE | .(.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office\Office14\outlook.exe O87 - FAEL: "{8617C7B3-5489-495F-B0D7-FF74BAA2F60B}" | In - None - P17 - TRUE | .(.Microsoft Corporation - Windows Live Communications Platform.) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe O87 - FAEL: "{48B21B12-CA3B-40CD-9AB3-8CB277DE3FC1}" | In - None - P17 - TRUE | .(.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O87 - FAEL: "{2F5300EF-6CAB-4793-814F-4513AC01EB30}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O87 - FAEL: "RemoteDesktop-UserMode-In-UDP" | In - None - P17 - FALSE | .(.Microsoft Corporation - Processus hôte pour les services Windows.) -- C:\Windows\system32\svchost.exe O87 - FAEL: "TCP Query User{DAA373F7-76B7-4A0E-AA92-14264FB6AB9E}C:\usbfix\go.exe" | In - Public - P6 - TRUE | .(...) -- C:\usbfix\go.exe O87 - FAEL: "UDP Query User{E8A591CE-C396-47C3-B436-341221903E46}C:\usbfix\go.exe" | In - Public - P17 - TRUE | .(...) -- C:\usbfix\go.exe ~ Firewall: 201 Scanned in 00mn 11s ---\\ Scan Additionnel (O88) Database Version : v2.11580 - (18/04/2013) Clés trouvées (Keys found) : 16 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193}] =>Hijacker.ChercheUS [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}] =>PUP.OfferBox [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B41306C6-96D0-442A-BCC4-B0F621E82CE9}] =>PUP.OfferBox [HKCU\Software\Microsoft\Internet Explorer\MenuExt\recherche avec cherche.us] =>Hijacker.ChercheUS [HKCU\Software\FissaSearch] =>PUP.OfferBox [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] =>Toolbar.Yahoo [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow]:*.chat-land.org =>Hijacker.ChercheUS ~ Additionnel: Scanned in 00mn 29s ---\\ Product Upgrade Codes (O90) O90 - PUC: "000021090200C0400000000000F01FEC" . (.Module de compatibilité pour Microsoft Office System 2007.) -- C:\Windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe O90 - PUC: "11F12B5E3396B0E42AC597363E0CD711" . (.Windows Live Messenger.) -- C:\Windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe O90 - PUC: "68AB67CA7DA76301B7449A0500000010" . (.Adobe Reader 9.5.2 - Français.) -- C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-A95000000001}\SC_Reader.ico O90 - PUC: "7692FC6BE18C0C0489510C7547EF1F02" . (.Skype Click to Call.) -- C:\Windows\Installer\{B6CF2967-C81E-40C0-9815-C05774FEF120}\IconUninstallIco O90 - PUC: "85744C6E94FF1D741828563E18A8EC32" . (.AuthenTec TrueSuite.) -- C:\Windows\Installer\{E6C44758-FF49-47D1-8182-65E3818ACE23}\ARPPRODUCTICON.exe O90 - PUC: "BADF2FE6FBF79BA429DC95B4DD6B5AB6" . (.PaperPort Image Printer.) -- C:\Windows\Installer\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}\ARPPRODUCTICON.exe O90 - PUC: "D7314F9862C648A4DB8BE2A5B47BE100" . (.Microsoft Silverlight.) -- c:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ARPIcon O90 - PUC: "E7FF67E4ABEA78C47B88DC745E24B5D9" . (.Skype™ 6.1.) -- C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe O90 - PUC: "F75567D15F409FC4BA02A626B1D0257D" . (.MyPDFConverter.) -- C:\Windows\Installer\{1D76557F-04F5-4CF9-AB20-6A621B0D52D7}\ARPPRODUCTICON.exe O90 - PUC: "F955A0C63858A5B4B80502EB1ED5E846" . (.Nuance PaperPort 12.) -- C:\Windows\Installer\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}\ARPPRODUCTICON.exe ~ Update Products: 60 Scanned in 00mn 00s ---\\ MyComputer Name Space (O92) O92 - MNS: Dossiers Web - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} ~ MNS: 1 Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 25/01/2010 245760 | (BrYNSvc) . (.Brother Industries, Ltd..) - C:\Program Files\Browny02\BrYNSvc.exe SS - | Auto 14/07/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 14/07/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SR - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 20/10/2010 67904 | (nlsX86cc) . (.Nalpeiron Ltd..) - C:\Windows\system32\NLSSRV32.exe SR - | Auto 08/03/2010 144672 | (PDFProFiltSrvPP) . (.Nuance Communications, Inc..) - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe SR - | Auto 14/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 02/10/2012 3064000 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe SS - | Auto 08/01/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 11/12/2006 24576 | (StkSSrv) . (.Syntek America Inc..) - C:\Windows\System32\StkCSrv.exe SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 04s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Run by patty at 19/04/2013 13:09:39 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys ~ MBR: 8 Scanned in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by patty at 19/04/2013 13:09:41 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s End of the scan (1282 lines in 06mn 25s)(0) -
Infecté par Recycler.exe
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
Petit souci je ne trouve pas le fichier rapport zhpdiag sur mon bureau ou se trouve t'il afin aue je puisse le poster merci -
Infecté par Recycler.exe
Ronydor1978 a répondu à un(e) sujet de Ronydor1978 dans Analyses et éradication malwares
merci je viens de faire suppression petit problème le logiciel m'a demande de couper le par feu ce que j'ai fait je suis tombe sur la page paypal et au redémarrage pas mal d'icone sur le bureau avaient disparus... le rapport de suppression ############################## | UsbFix V 7.122 | [suppression] Utilisateur: patty (Administrateur) # PATTY-PC Mis à jour le 16/04/2013 par El Desaparecido Lancé à 12:07:41 | 19/04/2013 Site Web: http://sosvirus.org/ Upload Malware: http://upload.sosvirus.org/ Contact: contact@sosvirus.org PC: Packard Bell BV (EasyNote_BU45) (X86-based PC) CPU: Genuine Intel® CPU T2250 @ 1.73GHz (1729) RAM -> [Total : 1015 | Free : 223] BIOS: Default System BIOS BOOT: Normal boot OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 32-Bit) # Service Pack 1 WB: Windows Internet Explorer 10.0.9200.16540 SC: Security Center Service [Enabled] WU: Windows Update Service [Enabled] AV: Microsoft Security Essentials [(!) Disabled | Updated] FW: Windows FireWall Service [Enabled] C:\ -> Disque fixe # 104 Go (42 Go libre(s) - 41%) [HDD] # NTFS D:\ -> CD-ROM E:\ -> Disque amovible # 961 Mo (961 Mo libre(s) - 100%) [sTORE'N'GO] # FAT F:\ -> Disque amovible # 7 Go (6 Go libre(s) - 81%) [uSB DISK] # FAT32 ################## | El Desaparecido Section | HKLM\SOFTWARE | Run : [] - HKLM\SOFTWARE | Run : [igfxTray] - C:\Windows\system32\igfxtray.exe HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe HKLM\SOFTWARE | Run : [sunJavaUpdateSched] - "C:\Program Files\Java\jre6\bin\jusched.exe" HKLM\SOFTWARE | Run : [WinampAgent] - "C:\Program Files\Winamp\winampa.exe" HKLM\SOFTWARE | Run : [indexSearch] - "C:\Program Files\Nuance\PaperPort\IndexSearch.exe" HKLM\SOFTWARE | Run : [PaperPort PTD] - "C:\Program Files\Nuance\PaperPort\pptd40nt.exe" HKLM\SOFTWARE | Run : [PPort12reminder] - "C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini" HKLM\SOFTWARE | Run : [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe HKLM\SOFTWARE | Run : [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe HKLM\SOFTWARE | Run : [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe /autorun HKLM\SOFTWARE | Run : [brStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN HKLM\SOFTWARE | Run : [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" HKLM\SOFTWARE | Run : [MSC] - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey HKLM\SOFTWARE | RunOnce : [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq HKLM\SOFTWARE | RunOnce : [] - HKU\S-1-5-19\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\SOFTWARE | Run : [sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-3998488584-1651764560-2391298529-1000\SOFTWARE | Run : [sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\S-1-5-21-3998488584-1651764560-2391298529-1000\SOFTWARE | Run : [EPSON Stylus DX4400 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_SD082.tmp" /EF "HKCU" HKU\S-1-5-21-3998488584-1651764560-2391298529-1000\SOFTWARE | Run : [iSUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler HKU\S-1-5-21-3998488584-1651764560-2391298529-1000\SOFTWARE | Run : [skype] - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun HKU\S-1-5-21-3998488584-1651764560-2391298529-1003\SOFTWARE | Run : [msnmsgr] - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background HKU\S-1-5-21-3998488584-1651764560-2391298529-1003\SOFTWARE | Run : [EPSON Stylus DX4400 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_SD082.tmp" /EF "HKCU" HKU\S-1-5-21-3998488584-1651764560-2391298529-1003\SOFTWARE | Run : [sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe ################## | Processus Stoppés | Stoppé! c:\Program Files\Microsoft Security Client\MsMpEng.exe (772) Stoppé! C:\Windows\System32\spoolsv.exe (1456) Stoppé! C:\Windows\system32\NLSSRV32.EXE (1676) Stoppé! C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (1708) Stoppé! C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (1780) Stoppé! C:\Windows\System32\StkCSrv.exe (1896) Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1960) Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (1076) Stoppé! C:\Windows\system32\taskhost.exe (2508) Stoppé! C:\Windows\Explorer.EXE (2668) Stoppé! C:\Windows\System32\hkcmd.exe (2904) Stoppé! C:\Windows\System32\igfxpers.exe (2912) Stoppé! C:\Program Files\Java\jre6\bin\jusched.exe (2960) Stoppé! C:\Windows\system32\igfxsrvc.exe (2988) Stoppé! C:\Program Files\Winamp\winampa.exe (3088) Stoppé! C:\Program Files\Nuance\PaperPort\pptd40nt.exe (3104) Stoppé! C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (3124) Stoppé! C:\Program Files\ControlCenter4\BrCtrlCntr.exe (3212) Stoppé! C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (3272) Stoppé! C:\Program Files\Microsoft Security Client\msseces.exe (3280) Stoppé! C:\Program Files\Windows Live\Messenger\msnmsgr.exe (3292) Stoppé! C:\Program Files\Windows Sidebar\sidebar.exe (3340) Stoppé! C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (3360) Stoppé! C:\Windows\system32\SearchIndexer.exe (3492) Stoppé! C:\Program Files\ControlCenter4\BrCcUxSys.exe (3500) Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (2872) Stoppé! C:\Windows\System32\WUDFHost.exe (3300) Stoppé! C:\Program Files\Internet Explorer\iexplore.exe (1956) Stoppé! C:\Program Files\Internet Explorer\iexplore.exe (2288) Stoppé! C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe (3004) Stoppé! C:\Windows\System32\MsSpellCheckingFacility.exe (3192) ################## | Éléments infectieux | Supprimé! C:\Users\patty\AppData\Roaming\FissaSearch\setDefaults.js Supprimé! C:\Users\patty\AppData\Roaming\FissaSearch Supprimé! F:\Recycler\0xFFD12566.exe (!) Fichiers temporaires supprimés. ################## | Registre | ################## | Mountpoints2 | Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\E Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{15aacc50-38f2-11df-b718-001a92792371} Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{8b9cf464-fab1-11de-a36e-001a92792371} ################## | Listing | [16/09/2008 - 22:56:16 | D ] C:\$AVG8.VAULT$ [19/01/2010 - 15:00:01 | SHD ] C:\$Recycle.Bin [03/11/2009 - 10:30:37 | D ] C:\250426581b3c39c5c474ac46d724 [01/11/2009 - 16:48:44 | D ] C:\3b7739dae053d5da5d44db93 [24/08/2009 - 00:28:48 | D ] C:\602cb17ca61b1b338d [15/04/2011 - 18:52:55 | D ] C:\997e1a9f6e11800fb311 [08/03/2007 - 13:14:49 | D ] C:\Apps [25/03/2007 - 10:21:23 | D ] C:\Archivos de programa [10/06/2009 - 23:42:20 | N | 24] C:\autoexec.bat [30/04/2011 - 22:18:45 | SHD ] C:\Boot [20/11/2010 - 14:40:07 | RASH | 383786] C:\bootmgr [31/10/2009 - 19:48:37 | N | 8192] C:\BOOTSECT.BAK [02/07/2011 - 16:17:51 | D ] C:\Brother [24/06/2008 - 23:01:03 | N | 2830] C:\cleannavi.txt [10/06/2009 - 23:42:20 | N | 10] C:\config.sys [10/08/2011 - 15:17:09 | D ] C:\df4bb662057f4d8c388f043cab286f01 [14/07/2009 - 06:53:55 | SHD ] C:\Documents and Settings [09/11/2009 - 19:51:18 | D ] C:\Drivers [05/10/2008 - 22:17:42 | N | 2498] C:\fixnavi.txt [19/04/2013 - 10:01:02 | ASH | 798466048] C:\hiberfil.sys [08/03/2007 - 12:38:10 | D ] C:\Intel [08/03/2007 - 13:17:42 | N | 0] C:\IO.SYS [25/06/2008 - 00:48:59 | N | 1051] C:\mbam-log-6-25-2008 (00-45-47).txt [08/03/2007 - 13:17:42 | N | 0] C:\MSDOS.SYS [28/03/2007 - 03:31:04 | RHD ] C:\MSOCache [08/03/2007 - 22:26:41 | D ] C:\oem [19/04/2013 - 10:01:09 | ASH | 1073741824] C:\pagefile.sys [05/12/2009 - 14:18:48 | D ] C:\PerfLogs [17/02/2013 - 14:14:15 | D ] C:\Program Files [02/07/2011 - 16:17:43 | HD ] C:\ProgramData [31/10/2009 - 20:33:18 | SHD ] C:\Recovery [18/04/2013 - 11:03:51 | SHD ] C:\System Volume Information [19/04/2013 - 12:08:39 | D ] C:\UsbFix [19/04/2013 - 12:08:58 | A | 8380] C:\UsbFix [Clean 1] PATTY-PC.txt [19/04/2013 - 12:04:34 | N | 7646] C:\UsbFix [scan 1] PATTY-PC.txt [19/01/2010 - 14:59:52 | D ] C:\Users [16/04/2013 - 16:24:56 | D ] C:\Windows [22/08/2007 - 00:24:59 | N | 156] C:\YServer.txt [18/04/2013 - 11:06:30 | D ] F:\ronan photos tremplin [18/04/2013 - 14:18:50 | D ] F:\video portable tremplin [18/04/2013 - 18:05:48 | HD ] F:\RECYCLER ################## | Vaccin | C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) F:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido) ################## | E.O.F | http://sosvirus.org |