Est-ce que mon Windows a été infecté ?

Aide à la désinfection pour supprimer les virus, adwares, ransomwares, trojans.

Modérateurs : Mods Windows, Helper

WaterMan

Est-ce que mon Windows a été infecté ?

par WaterMan »

Bonjour,

A chaque fois que je lance "ccleaner" pour nettoyer l'espace libre (environ une fois tous les 2 mois mais là, ce fut 3 à 4 fois d'affilé pour ce problème), je me retrouve avec un dossier en ".Z" ou ".Z.ZZZZ.ZZ" (ou une autre variante en "Z"), ineffaçable. Ce dossier se trouve à la racine de "C:" (c'est le tout premier dossier).

Inutile de tenter de l'effacer (cela ne sert à rien, quelle que soit la méthode).

J'ai lancé "Malwarebytes" (à jour) sans succès.

Lorsque l'on clique sur ce dossier, il est constitué d'une multitude de sous-dossiers en ".Z" (et c'est exponentiel !).

A tel point qu'après 12 heures (une bonne nuit !) de "ccleaner", celui-ci tourne toujours ...

Tous mes programmes sont à jour (navigateurs y compris).

J'ai lancé l'outil de diagnostique "ZHPDiag" dont voici ci-dessous le document texte :

Je l'enverrai en 2 fois car il est long

Code : Tout sélectionner

Rapport de ZHPDiag v1.31.31 par Nicolas Coolman, Update du 19/10/2012
Run by Administrateur at 29.07.2013 23:14:10
Web site :  http://nicolascoolman.skyrock.com/
State : Version à jour.
UAC : Not Found or deactivate by user


---\\ Web Browser
MSIE: Internet Explorer v9.10.9200.16635
MFIE: Mozilla Firefox 22.0 v22.0 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Unknown Windows Home Premium Edition, 64-bit  (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, OEM_DM channel
Windows ID Activation : OK
~ Windows Partial Key : Q9H36
Windows License : OK
~ Windows Remaining Initializations Number : 1000
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8072 MB (81% free)
System Restore: Activé (Enable)
System drive C: has 546 GB (62%) free of 880 GB

---\\ Logged in mode
~ Computer Name: QUANTIQUE
~ User Name: Administrateur
~ All Users Names: UpdatusUser, Deux, Administrateur, 
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Administrateur\AppData\Roaming\
~ %Desktop% : C:\Users\Administrateur\Desktop\
~ %Favorites% : C:\Users\Administrateur\Favorites\
~ %LocalAppData% : C:\Users\Administrateur\AppData\Local\
~ %StartMenu% : C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 546 Go of 880 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 31 Go of 50 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
~ UAC deactivate by user
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime :  OK
~ Scan Security Center in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Explorateur Windows.) (.01.06.2013 - 12:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26.07.2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.FAF6EC2460AD5FBBD38D8E1AE28B0D77] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12.06.2013 - 00:26:20.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11.10.2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26.07.2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06.11.2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26.07.2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26.07.2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26.07.2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26.07.2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20.09.2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26.07.2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26.07.2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.06.02.2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26.07.2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02.02.2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26.07.2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26.07.2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26.07.2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26.07.2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.01.06.2013 - 12:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Scan Generic Processes in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes Favoris (My Favorites) : 0/0
~ Mes Documents (My Documents) : 1/18
~ Mon Bureau (My Desktop) : 1/7499
~ Menu demarrer (Programs) : 1/21
~ Scan Hidden Files in 00mn 10s



---\\ Processus lancés
[MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [4858968] [PID.3988]
[MD5.C8D28F8B498CADBB9445AC4545BD41B7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe   [920472] [PID.3456]
[MD5.56873D899C0707AA017AA2D74EC190AE] - (...) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [3770368] [PID.2064]
[MD5.81F177C1954453AF407604160BD149CB] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe   [383264] [PID.]
[MD5.55FE970B500F6D2A550B5E80AB8C4EAC] - (.IvoSoft - Classic Shell Service.) -- C:\Program Files\Classic Shell\ClassicShellService.exe   [68608] [PID.]
[MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe   [46808] [PID.]
~ Scan Processes Running in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\n4bbydn7.default\prefs.js
M3 - MFPP: Plugins - [Administrateur] -- C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\n4bbydn7.default\searchplugins\duckduckgo.xml
M2 - MFEP: prefs.js [Administrateur - n4bbydn7.default\[email protected]] [] DoNotTrackMe v2.2.9.618 (.Abine, Inc..)
M2 - MFEP: prefs.js [Administrateur - n4bbydn7.default\[email protected]] [] GoogleSharing v0.24 (.Moxie Marlinspike.)
M2 - MFEP: prefs.js [Administrateur - n4bbydn7.default\{3d7eb24f-2740-49df-8937-200b1cc08f8a}] [] Flashblock v1.5.17 (.The Flashblock Team.)
M2 - MFEP: prefs.js [Administrateur - n4bbydn7.default\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}] [WOT] WOT v20130515 (.WOT Services Oy.)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.6] - (.VideoLAN - VLC media player Web Plugin 2.0.6.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.7] - (.VideoLAN - VLC media player Web Plugin 2.0.6.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll
~ Scan Firefox Browser in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.zonealarm.com
R3 - URLSearchHook: (no name) [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.VideoLAN - VLC media player Web Plugin 2.0.6.) (No version) -- (.not file.)
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Scan Keys in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: (no name) [64Bits] - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} Clé orpheline
O2 - BHO: (no name) [64Bits] - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} Clé orpheline
O2 - BHO: (no name) [64Bits] - {B4F3A835-0E21-4959-BA22-42B3008E02FF} Clé orpheline
O2 - BHO: (no name) [64Bits] - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} Clé orpheline
~ Scan BHO in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (...) --  (.not file.)
O3 - Toolbar: (no name) [64Bits] - [HKLM]{553891B7-A0D5-4526-BE18-D3CE461D6310} . (...) --  (.not file.)
~ Scan Toolbar in 00mn 00s



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe 
~ Scan Application in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\East-Tec Eraser 2013.lnk . (.EAST Technologies.)  -- C:\Program Files (x86)\East-Tec Eraser 2013\eteraser.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\Everything.lnk . (...)  -- C:\Program Files (x86)\Everything\Everything.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\Excel 2013.lnk . (...)  -- C:\Program Files (x86)\Microsoft Office 15\root\office15\EXCEL.EXE (.not file.)
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\IE InPrivate.lnk . (.Microsoft Corporation.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\IZArc.lnk . (...)  -- C:\Program Files (x86)\IZArc\IZArc.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\Kies - Raccourci.lnk . (.Samsung.)  -- C:\Users\Administrateur\Desktop\Kies SamS3 prog. files\Kies\Kies.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\MBRCheck.lnk . (...)  -- C:\Program Files (x86)\ZHPDiag\mbrcheck.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\PowerPoint 2013.lnk . (...)  -- C:\Program Files (x86)\Microsoft Office 15\root\office15\POWERPNT.EXE (.not file.)
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\SumatraPDF.lnk . (.Krzysztof Kowalczyk.)  -- C:\Program Files (x86)\SumatraPDF\SumatraPDF.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\Word 2013.lnk . (...)  -- C:\Program Files (x86)\Microsoft Office 15\root\office15\WINWORD.EXE (.not file.)
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\XnView 2.03.lnk . (.XnView, http://www.xnview.com.)  -- C:\Program Files (x86)\XnView\xnview.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\ZHPDiag.lnk . (...)  -- C:\Program Files (x86)\ZHPDiag\ZHPDiags.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\ZHPFix.lnk . (...)  -- C:\Program Files (x86)\ZHPDiag\ZHPFix.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\East-Tec Eraser 2013.lnk . (.EAST Technologies.)  -- C:\Program Files (x86)\East-Tec Eraser 2013\eteraser.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\Everything.lnk . (...)  -- C:\Program Files (x86)\Everything\Everything.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\Excel 2013.lnk . (...)  -- C:\Program Files (x86)\Microsoft Office 15\root\office15\EXCEL.EXE (.not file.)
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\IE InPrivate.lnk . (.Microsoft Corporation.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\IZArc.lnk . (...)  -- C:\Program Files (x86)\IZArc\IZArc.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\Kies - Raccourci.lnk . (.Samsung.)  -- C:\Users\Administrateur\Desktop\Kies SamS3 prog. files\Kies\Kies.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\MBRCheck.lnk . (...)  -- C:\Program Files (x86)\ZHPDiag\mbrcheck.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\PowerPoint 2013.lnk . (...)  -- C:\Program Files (x86)\Microsoft Office 15\root\office15\POWERPNT.EXE (.not file.)
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\SumatraPDF.lnk . (.Krzysztof Kowalczyk.)  -- C:\Program Files (x86)\SumatraPDF\SumatraPDF.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\Word 2013.lnk . (...)  -- C:\Program Files (x86)\Microsoft Office 15\root\office15\WINWORD.EXE (.not file.)
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\XnView 2.03.lnk . (.XnView, http://www.xnview.com.)  -- C:\Program Files (x86)\XnView\xnview.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\ZHPDiag.lnk . (...)  -- C:\Program Files (x86)\ZHPDiag\ZHPDiags.exe
O4 - Global Startup: C:\Documents And Settings\Administrateur\Desktop\ZHPFix.lnk . (...)  -- C:\Program Files (x86)\ZHPDiag\ZHPFix.exe
~ Scan Global Startup in 00mn 00s



---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5)
O5 - control.ini: [HKLM\..\Control Panel] inetcpl.cpl=no
~ Scan IE Control Panel in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBt
O9 - Extra button: Lync Click to Call [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: Classic IE9 Settings [64Bits] - {56753E59-AF1D-4FBA-9E15-31557124ADA2} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: Classic IE9 Settings [64Bits] - {64964764-1101-4bbd-8891-B56B1A53B9B3} -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: OneNote Lin&ked Notes [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15
~ Scan IE Extra Buttons in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d’affectation de noms de messagerie.) -- C:\WINDOWS\system32\napinsp.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\WINDOWS\system32\pnrpnsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d’espace de noms PNRP.) -- C:\WINDOWS\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\WINDOWS\system32\NLAapi.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
~ Scan Winsock in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{E22977A5-36A3-420C-B0D4-6F4FDC5F8259}: DhcpNameServer = 85.218.0.70 85.218.0.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{E22977A5-36A3-420C-B0D4-6F4FDC5F8259}: DhcpDomain = dclient.lsne.ch
O17 - HKLM\System\CS1\Services\Tcpip\..\{E22977A5-36A3-420C-B0D4-6F4FDC5F8259}: DhcpNameServer = 85.218.0.70 85.218.0.85
O17 - HKLM\System\CS1\Services\Tcpip\..\{E22977A5-36A3-420C-B0D4-6F4FDC5F8259}: DhcpDomain = dclient.lsne.ch
~ Scan Domain in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) -- C:\Windows\System32\inetcomm.dll
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - Extensions OLE32 pour Win32.) -- C:\Windows\System32\urlmon.dll
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) -- C:\Windows\System32\itss.dll
O18 - Handler: osf [64Bits] - {D924BDC6-C83A-4BD5-90D0-095128A113D1} . (.Microsoft Corporation - Microsoft Office 2013 component.) -- C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.dll
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Handler: skype4com [64Bits] - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - Contrôle ActiveX pour le flux vidéo.) -- C:\Windows\System32\msvidctl.dll
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll
~ Scan Protocole Additionnel in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\NVIDIA~1\3DVISI~1\NVSTIN~1.dll (.not file.)
~ Scan AppInit DLL in 00mn 00s



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
~ Scan SSODL in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + H (AMPPALR3) . (.Intel Corporation - Intel® Centrino® Wireless Bluetooth® + High.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: avast! Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth  (BTHSSecurityMgr) . (.Intel(R) Corporation - Intel(R) BlueTooth(R) HS Security Manager S.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Classic Shell Service (ClassicShellService) . (.IvoSoft - Classic Shell Service.) - C:\Program Files\Classic Shell\ClassicShellService.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) . (.COMODO - COMODO Internet Security.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Event Log Service.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Servic (RegSrvc) . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Registry Service.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) . (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configurat (ZeroConfigService) . (.Intel® Corporation - Intel® PROSet/Wireless Zero Configure Servi.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Scan Services in 00mn 00s



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) -  (.not file.)
~ Scan Desktop Component in 00mn 00s



---\\ BootExecute (O34)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ Scan Keys in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.5CE2C1433B9B634591F0A1C4C1203A0B] [APT] [avast! Emergency Update] (.AVAST Software.) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
[MD5.4999625054FFA2AFFCAFD085C1218307] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe
[MD5.22008307A37E47546BD35FFB43600D68] [APT] [{31DDBD37-5DB7-4030-8064-10B0CAA806C3}] (.COMODO.) -- C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
[MD5.DECF0F8718D118283592E28B3936394A] [APT] [COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}] (.COMODO.) -- C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
[MD5.D5B14BB2FFFCBE8EAD650E11F6615AD8] [APT] [COMODO Welcome {CEB54B45-2B5E-4FF5-9223-6735CD80FE69}] (.COMODO.) -- C:\Program Files\COMODO\COMODO Internet Security\cis.exe
~ Scan Scheduled Task in 00mn 06s



---\\ Composants installés (ActiveSetup Installed Components) (O40)
O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll
O40 - ASIC: Microsoft Windows Media Player 12.0 [64Bits] - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Extension.) -- C:\Windows\SysWOW64\wmpdxm.dll
O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - API Windows Theme.) -- C:\Windows\System32\themeui.dll
O40 - ASIC: Microsoft Windows [64Bits] - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe
O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Extension Shell dossier FTP Microsoft Internet Explorer..) -- C:\Windows\System32\msieftp.dll
O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Ressources du Lecteur Windows Media.) -- C:\Windows\System32\wmploc.dll
O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Explorer par utilisateur.) -- C:\Windows\System32\ie4uinit.exe
O40 - ASIC: (no name) [64Bits] - {89B4C1CD-B018-4511-B0A1-5476DBF70820} . (.Microsoft Corporation - Microsoft .NET IE SECURITY REGISTRATION.) -- C:\Windows\System32\mscories.dll
~ Scan Active Setup in 00mn 00s



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\System32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Pilote WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver:  (aswRdr) . (.AVAST Software - avast! WFP Redirect Driver.) - C:\Windows\system32\Drivers\aswrdr2.sys
O41 - Driver: (BasicDisplay) . (.Microsoft Corporation - Microsoft Basic Display Driver.) - C:\Windows\system32\drivers\BasicDisplay.sys
O41 - Driver: (BasicRender) . (.Microsoft Corporation - Microsoft Basic Render Driver.) - C:\Windows\system32\drivers\BasicRender.sys
O41 - Driver: cdrom.inf (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\system32\drivers\cdrom.sys
O41 - Driver:  (cmderd) . (.COMODO - COMODO Internet Security Eradication Driver.) - C:\Windows\System32\DRIVERS\cmderd.sys
O41 - Driver:  (cmdGuard) . (.COMODO - COMODO Internet Security Sandbox Driver.) - C:\Windows\System32\DRIVERS\cmdguard.sys
O41 - Driver:  (cmdhlp) . (.COMODO - COMODO Internet Security Helper Driver.) - C:\Windows\system32\DRIVERS\cmdhlp.sys
O41 - Driver: C:\Windows\System32\drivers\dam.sys (dam) . (.Microsoft Corporation - DAM Kernel Driver.) - C:\Windows\System32\drivers\dam.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (Dfsc) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\System32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: oem8.inf (inspect) . (.COMODO - COMODO Internet Security Firewall Driver.) - C:\Windows\system32\DRIVERS\inspect.sys
O41 - Driver: mssmbios.inf (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\system32\drivers\mssmbios.sys
O41 - Driver: netnb.inf (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\System32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: npsvctrig.inf (npsvctrig) . (.Microsoft Corporation - Named pipe service triggers.) - C:\Windows\system32\drivers\npsvctrig.sys
O41 - Driver: C:\Windows\System32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\system32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\System32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\System32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\system32\DRIVERS\tdx.sys
O41 - Driver: C:\Windows\System32\drivers\vwififlt.sys (vwififlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\system32\DRIVERS\vwififlt.sys
O41 - Driver: C:\Windows\System32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\system32\DRIVERS\wanarp.sys
~ Scan Drivers in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: BurnAware Free 6.4 - (.Burnaware.) [HKLM][64Bits] -- BurnAware Free_is1
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] -- CCleaner
O42 - Logiciel: COMODO Internet Security Premium - (.COMODO Security Solutions Inc..) [HKLM][64Bits] -- {F1EC4151-805B-4097-B9BB-7D71A417AAF1}
O42 - Logiciel: Canon My Printer - (.Pas de propriétaire.) [HKLM][64Bits] -- CanonMyPrinter
O42 - Logiciel: Canon iP4500 series - (.Pas de propriétaire.) [HKLM][64Bits] -- {1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series
O42 - Logiciel: Classic Shell - (.IvoSoft.) [HKLM][64Bits] -- {FEA1590B-540A-41FC-A95C-664493C82A21}
O42 - Logiciel: Creative Centrale - (.Creative Technology Ltd..) [HKLM][64Bits] -- Creative Centrale
O42 - Logiciel: Creative Centrale - (.Creative Technology Ltd..) [HKLM][64Bits] -- {4442AB48-DEC4-4B39-B067-1F75BF8017E7}
O42 - Logiciel: Creative Software Update - (.Creative Technology Ltd..) [HKLM][64Bits] -- {86604C06-DA30-425E-AECE-47304FE81C45}
O42 - Logiciel: East-Tec Eraser 2013 Version 10.0 - (.EAST Technologies.) [HKLM][64Bits] -- East-Tec Eraser 2013_is1
O42 - Logiciel: Enregistrement utilisateur de Canon iP4500 series - (.Pas de propriétaire.) [HKLM][64Bits] -- Enregistrement utilisateur de Canon iP4500 series
O42 - Logiciel: Everything 1.2.1.371 - (.Pas de propriétaire.) [HKLM][64Bits] -- Everything
O42 - Logiciel: FileASSASSIN - (.Malwarebytes.) [HKLM][64Bits] -- FileASSASSIN
O42 - Logiciel: Guide de l'utilisateur Creative ZEN X-Fi - (.Creative Technology Ltd..) [HKLM][64Bits] -- ZENX-FI
O42 - Logiciel: IZArc 4.1 - (.Ivan Zahariev.) [HKLM][64Bits] -- {97C82B44-D408-4F14-9252-47FC1636D23E}_is1
O42 - Logiciel: Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed - (.Intel Corporation.) [HKLM][64Bits] -- {A94C50AA-21E8-4627-ADD0-E16A07030D7D}
O42 - Logiciel: Intel® PROSet/Wireless WiFi Software - (.Intel Corporation.) [HKLM][64Bits] -- {DEF50764-F1A7-4DD4-B8BA-C81A4807631A}
O42 - Logiciel: Logiciel Intel® PROSet/Wireless - (.Intel Corporation.) [HKLM][64Bits] -- {fad118b4-798f-4755-9e67-a622eec95b62}
O42 - Logiciel: Malwarebytes Anti-Malware version 1.75.0.1300 - (.Malwarebytes Corporation.) [HKLM][64Bits] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Microsoft Office Famille et Etudiant 2013 - fr-fr - (.Microsoft Corporation.) [HKLM][64Bits] -- HomeStudentRetail - fr-fr
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM][64Bits] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F}
O42 - Logiciel: Mises à jour NVIDIA 1.12.12 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update
O42 - Logiciel: Mozilla Firefox 22.0 (x86 fr) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 22.0 (x86 fr)
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM][64Bits] -- MozillaMaintenanceService
O42 - Logiciel: Mp3tag v2.56 - (.Florian Heidenreich.) [HKLM][64Bits] -- Mp3tag
O42 - Logiciel: NVIDIA Logiciel système PhysX 9.12.1031 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX
O42 - Logiciel: NVIDIA PhysX - (.NVIDIA Corporation.) [HKLM][64Bits] -- {8B922CF8-8A6C-41CE-A858-F1755D7F5D29}
O42 - Logiciel: NVIDIA Pilote 3D Vision 314.22 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision
O42 - Logiciel: NVIDIA Pilote graphique 314.22 - (.NVIDIA Corporation.) [HKLM][64Bits] -- {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver
O42 - Logiciel: NVIDIA Stereoscopic 3D Driver - (.NVIDIA Corporation.) [HKLM][64Bits] -- NVIDIAStereo
O42 - Logiciel: Office 15 Click-to-Run Extensibility Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-008C-0000-0000-0000000FF1CE}
O42 - Logiciel: Office 15 Click-to-Run Licensing Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-008F-0000-1000-0000000FF1CE}
O42 - Logiciel: Office 15 Click-to-Run Localization Component - (.Microsoft Corporation.) [HKLM][64Bits] -- {90150000-008C-040C-0000-0000000FF1CE}
O42 - Logiciel: SAMSUNG USB Driver for Mobile Phones - (.SAMSUNG Electronics Co., Ltd..) [HKLM][64Bits] -- {D0795B21-0CDA-4a92-AB9E-6E92D8111E44}
O42 - Logiciel: Samsung Kies - (.Samsung Electronics Co., Ltd..) [HKLM][64Bits] -- InstallShield_{758C8301-2696-4855-AF45-534B1200980A}
O42 - Logiciel: Samsung Kies - (.Samsung Electronics Co., Ltd..) [HKLM][64Bits] -- {758C8301-2696-4855-AF45-534B1200980A}
O42 - Logiciel: Secunia PSI (3.0.0.6005) - (.Secunia.) [HKLM][64Bits] -- Secunia PSI
O42 - Logiciel: Skype™ 6.3 - (.Skype Technologies S.A..) [HKLM][64Bits] -- {4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
O42 - Logiciel: SumatraPDF - (.Krzysztof Kowalczyk.) [HKLM][64Bits] -- SumatraPDF
O42 - Logiciel: System Requirements Lab for Intel - (.Husdawg, LLC.) [HKLM][64Bits] -- {C7CA731B-BF9A-46D9-92CF-8A8737AE9240}
O42 - Logiciel: VLC media player 2.0.7 - (.VideoLAN.) [HKLM][64Bits] -- VLC media player
O42 - Logiciel: XnView 2.03 - (.Gougelet Pierre-e.) [HKLM][64Bits] -- XnView_is1
O42 - Logiciel: avast! Free Antivirus v8.0.1489.0 - (.AVAST Software.) [HKLM][64Bits] -- avast
O42 - Logiciel: swMSM - (.Adobe Systems, Inc.) [HKLM][64Bits] -- {612C34C7-5E90-47D8-9B5C-0F717DD82726}
WaterMan

Re: Mon ordinateur est-il infecté ?

par WaterMan »

Voici la 2ième partie du rapport de "ZHPDiag"


---\\ HKCU & HKLM Software Keys
[HKCU\Software\AVAST Software]
[HKCU\Software\AppDataLow\Software\MarkAny]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\CanonBJ]
[HKCU\Software\Canon]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\ComodoGroup]
[HKCU\Software\Creative Tech]
[HKCU\Software\DxOLabs]
[HKCU\Software\EAST Technologies]
[HKCU\Software\IM Providers]
[HKCU\Software\IZSoftware]
[HKCU\Software\IvoSoft]
[HKCU\Software\Licenses]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\Mozilla]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RegisteredApplications]
[HKCU\Software\Samsung]
[HKCU\Software\Secunia]
[HKCU\Software\Skype]
[HKCU\Software\Sysinternals]
[HKCU\Software\System Requirements Lab]
[HKCU\Software\Wow6432Node]
[HKCU\Software\XnView]
[HKCU\Software\ZebHelpProcess Helper]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Canon]
[HKLM\Software\CheckPoint]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\ComodoGroup]
[HKLM\Software\IM Providers]
[HKLM\Software\Intel]
[HKLM\Software\IvoSoft]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SAMSUNG]
[HKLM\Software\VideoLAN]
[HKLM\Software\Volatile]
[HKLM\Software\Wow6432Node\AGEIA Technologies]
[HKLM\Software\Wow6432Node\AVAST Software]
[HKLM\Software\Wow6432Node\Adobe]
[HKLM\Software\Wow6432Node\AppDataLow]
[HKLM\Software\Wow6432Node\Canon]
[HKLM\Software\Wow6432Node\Classes]
[HKLM\Software\Wow6432Node\Clients]
[HKLM\Software\Wow6432Node\Creative Tech]
[HKLM\Software\Wow6432Node\EAST Technologies]
[HKLM\Software\Wow6432Node\EAST_Technologies]
[HKLM\Software\Wow6432Node\Florian Heidenreich]
[HKLM\Software\Wow6432Node\Foxit Software]
[HKLM\Software\Wow6432Node\Google]
[HKLM\Software\Wow6432Node\IM Providers]
[HKLM\Software\Wow6432Node\IZSoftware]
[HKLM\Software\Wow6432Node\Intel]
[HKLM\Software\Wow6432Node\Khronos]
[HKLM\Software\Wow6432Node\Macromedia]
[HKLM\Software\Wow6432Node\Malwarebytes' Anti-Malware]
[HKLM\Software\Wow6432Node\MimarSinan]
[HKLM\Software\Wow6432Node\MozillaPlugins]
[HKLM\Software\Wow6432Node\Mozilla]
[HKLM\Software\Wow6432Node\NVIDIA Corporation]
[HKLM\Software\Wow6432Node\ODBC]
[HKLM\Software\Wow6432Node\OldTimer Tools]
[HKLM\Software\Wow6432Node\Policies]
[HKLM\Software\Wow6432Node\RegisteredApplications]
[HKLM\Software\Wow6432Node\Samsung]
[HKLM\Software\Wow6432Node\Secunia]
[HKLM\Software\Wow6432Node\Skype]
[HKLM\Software\Wow6432Node\XnView]
[HKLM\Software\Wow6432Node\Zone Labs]
[HKLM\Software\Wow6432Node\mozilla.org]
[HKLM\Software\Wow6432Node]
~ Scan Softwares in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 20.04.2013 - 12:31:08 - [0] ----D C:\Program Files (x86)\AGEIA Technologies
O43 - CFD: 03.07.2013 - 21:50:51 - [26,649] ----D C:\Program Files (x86)\BurnAware Free
O43 - CFD: 04.06.2013 - 20:47:03 - [0,818] ----D C:\Program Files (x86)\Canon
O43 - CFD: 13.05.2013 - 00:07:48 - [6,785] ----D C:\Program Files (x86)\Cisco
O43 - CFD: 18.05.2013 - 22:24:52 - [49,468] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 15.05.2013 - 10:37:07 - [28,843] ----D C:\Program Files (x86)\Creative
O43 - CFD: 28.07.2013 - 16:43:24 - [21,389] ----D C:\Program Files (x86)\East-Tec Eraser 2013
O43 - CFD: 29.07.2013 - 22:55:42 - [2,072] ----D C:\Program Files (x86)\Everything
O43 - CFD: 29.07.2013 - 22:57:31 - [0,304] ----D C:\Program Files (x86)\FileASSASSIN
O43 - CFD: 16.06.2013 - 19:31:19 - [3,009] ----D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 13.05.2013 - 00:07:48 - [0,098] ----D C:\Program Files (x86)\Intel
O43 - CFD: 11.07.2013 - 20:48:39 - [4,718] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 06.05.2013 - 21:51:27 - [12,461] ----D C:\Program Files (x86)\IZArc
O43 - CFD: 20.04.2013 - 12:24:12 - [13,336] ----D C:\Program Files (x86)\Malwarebytes' Anti-Malware
O43 - CFD: 20.04.2013 - 13:08:40 - [0,262] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 20.04.2013 - 13:37:16 - [5,710] ----D C:\Program Files (x86)\Microsoft SkyDrive
O43 - CFD: 20.04.2013 - 13:36:55 - [7,797] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 16.07.2013 - 21:34:36 - [47,201] ----D C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 26.06.2013 - 18:39:55 - [0,214] ----D C:\Program Files (x86)\Mozilla Maintenance Service
O43 - CFD: 24.06.2013 - 20:10:11 - [6,716] ----D C:\Program Files (x86)\Mp3tag
O43 - CFD: 16.07.2013 - 21:03:33 - [0,025] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 20.04.2013 - 12:31:33 - [100,259] ----D C:\Program Files (x86)\NVIDIA Corporation
O43 - CFD: 16.07.2013 - 21:03:33 - [37,882] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 24.04.2013 - 21:27:54 - [10,498] ----D C:\Program Files (x86)\Secunia
O43 - CFD: 18.05.2013 - 22:24:52 - [18,032] R---D C:\Program Files (x86)\Skype
O43 - CFD: 06.05.2013 - 21:53:05 - [9,139] ----D C:\Program Files (x86)\SumatraPDF
O43 - CFD: 13.05.2013 - 00:01:29 - [1,040] ----D C:\Program Files (x86)\SystemRequirementsLab
O43 - CFD: 21.04.2013 - 00:32:19 - [1,040] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 21.04.2013 - 00:32:20 - [5,987] ----D C:\Program Files (x86)\Windows Mail
O43 - CFD: 21.04.2013 - 00:32:20 - [3,570] ----D C:\Program Files (x86)\Windows Media Player
O43 - CFD: 26.07.2012 - 10:13:01 - [0,209] ----D C:\Program Files (x86)\Windows Multimedia Platform
O43 - CFD: 26.07.2012 - 10:12:59 - [7,409] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 17.06.2013 - 20:03:51 - [5,271] ----D C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 26.07.2012 - 10:13:01 - [0,209] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 26.07.2012 - 10:12:59 - [0] -SH-D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 16.06.2013 - 12:27:59 - [7,628] ----D C:\Program Files (x86)\XnView
O43 - CFD: 29.07.2013 - 23:14:26 - [9,963] ----D C:\Program Files (x86)\ZHPDiag
O43 - CFD: 20.04.2013 - 13:36:58 - [0,013] ----D C:\Program Files (x86)\Common Files\DESIGNER
O43 - CFD: 15.05.2013 - 10:25:21 - [1,840] ----D C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 18.05.2013 - 18:52:09 - [36,009] ----D C:\Program Files (x86)\Common Files\Microsoft Shared
O43 - CFD: 26.07.2012 - 10:13:01 - [0,003] ----D C:\Program Files (x86)\Common Files\Services
O43 - CFD: 18.05.2013 - 22:24:52 - [1,904] ----D C:\Program Files (x86)\Common Files\Skype
O43 - CFD: 21.04.2013 - 00:32:19 - [9,700] ----D C:\Program Files (x86)\Common Files\System
O43 - CFD: 16.05.2013 - 17:04:50 - [0] ----D C:\ProgramData\Adobe
O43 - CFD: 26.07.2012 - 09:22:08 - [0] --H-D C:\ProgramData\Application Data
O43 - CFD: 18.05.2013 - 18:51:50 - [10,264] ----D C:\ProgramData\AVAST Software
O43 - CFD: 04.06.2013 - 20:46:23 - [18,062] --H-D C:\ProgramData\CanonBJ
O43 - CFD: 25.05.2013 - 11:19:42 - [3,375] ----D C:\ProgramData\Comodo
O43 - CFD: 25.05.2013 - 11:19:09 - [56,942] ----D C:\ProgramData\Comodo Downloader
O43 - CFD: 15.05.2013 - 10:37:29 - [0,030] ----D C:\ProgramData\Creative
O43 - CFD: 26.07.2012 - 09:22:08 - [0] --H-D C:\ProgramData\Desktop
O43 - CFD: 26.07.2012 - 09:22:08 - [0] --H-D C:\ProgramData\Documents
O43 - CFD: 27.04.2013 - 16:23:22 - [0] ----D C:\ProgramData\eMule
O43 - CFD: 13.05.2013 - 00:07:48 - [0,002] ----D C:\ProgramData\Intel
O43 - CFD: 20.04.2013 - 17:09:48 - [0,000] ----D C:\ProgramData\Logs
O43 - CFD: 20.04.2013 - 12:24:10 - [6,567] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 06.05.2013 - 21:46:12 - [827,172] -S--D C:\ProgramData\Microsoft
O43 - CFD: 20.04.2013 - 13:37:10 - [0] ----D C:\ProgramData\Microsoft SkyDrive
O43 - CFD: 20.04.2013 - 15:54:17 - [0] ----D C:\ProgramData\Mozilla
O43 - CFD: 29.07.2013 - 23:09:31 - [9,506] ----D C:\ProgramData\NVIDIA
O43 - CFD: 20.04.2013 - 00:06:23 - [3,530] ----D C:\ProgramData\NVIDIA Corporation
O43 - CFD: 13.05.2013 - 00:07:37 - [96,552] ----D C:\ProgramData\Package Cache
O43 - CFD: 20.04.2013 - 12:11:19 - [1,570] ----D C:\ProgramData\PRICache
O43 - CFD: 11.07.2013 - 21:38:04 - [0,004] ----D C:\ProgramData\regid.1991-06.com.microsoft
O43 - CFD: 13.05.2013 - 00:08:25 - [0] ----D C:\ProgramData\Roaming
O43 - CFD: 16.06.2013 - 19:35:11 - [11,160] ----D C:\ProgramData\Samsung
O43 - CFD: 20.06.2013 - 18:51:39 - [0] ----D C:\ProgramData\Shared Space
O43 - CFD: 16.07.2013 - 21:34:59 - [0,887] ----D C:\ProgramData\Skype
O43 - CFD: 26.07.2012 - 09:22:08 - [0] --H-D C:\ProgramData\Start Menu
O43 - CFD: 26.07.2012 - 09:22:08 - [0] --H-D C:\ProgramData\Templates
O43 - CFD: 15.05.2013 - 10:37:11 - [3,249] --H-D C:\ProgramData\{26D901A1-2540-4430-81DC-0317F01BD7BE}
O43 - CFD: 15.05.2013 - 10:25:12 - [0] ----D C:\ProgramData\{4D18D6A0-D216-4470-B464-1F2DC271458B}
O43 - CFD: 15.05.2013 - 10:25:12 - [0] ----D C:\ProgramData\{6608C652-8B5C-4778-BAC8-B59DD368D024}
O43 - CFD: 15.05.2013 - 10:36:37 - [42,652] --H-D C:\ProgramData\{BF1E655E-0210-4F9E-BE22-94A9069BF84B}
O43 - CFD: 15.05.2013 - 10:25:44 - [0] ----D C:\ProgramData\{FC488EFD-EF53-4EB6-A106-329E2816542A}
O43 - CFD: 06.05.2013 - 21:46:12 - [0] ----D C:\Users\Administrateur\AppData\Roaming\Adobe
O43 - CFD: 15.05.2013 - 10:37:52 - [0,605] ----D C:\Users\Administrateur\AppData\Roaming\Creative
O43 - CFD: 28.07.2013 - 16:43:24 - [3,987] ----D C:\Users\Administrateur\AppData\Roaming\EAST Technologies
O43 - CFD: 13.05.2013 - 00:08:36 - [0,001] ----D C:\Users\Administrateur\AppData\Roaming\Intel
O43 - CFD: 29.07.2013 - 23:07:51 - [0] ----D C:\Users\Administrateur\AppData\Roaming\Macromedia
O43 - CFD: 07.05.2013 - 21:15:08 - [0] ----D C:\Users\Administrateur\AppData\Roaming\Malwarebytes
O43 - CFD: 16.06.2013 - 11:48:17 - [42,093] -S--D C:\Users\Administrateur\AppData\Roaming\Microsoft
O43 - CFD: 07.05.2013 - 17:56:20 - [34,621] ----D C:\Users\Administrateur\AppData\Roaming\Mozilla
O43 - CFD: 16.07.2013 - 21:35:20 - [0,063] ----D C:\Users\Administrateur\AppData\Roaming\Mp3tag
O43 - CFD: 16.06.2013 - 19:37:28 - [1,260] ----D C:\Users\Administrateur\AppData\Roaming\Samsung
O43 - CFD: 16.07.2013 - 21:35:00 - [3,681] ----D C:\Users\Administrateur\AppData\Roaming\Skype
O43 - CFD: 22.05.2013 - 20:10:59 - [0,001] ----D C:\Users\Administrateur\AppData\Roaming\SumatraPDF
O43 - CFD: 28.07.2013 - 16:40:34 - [0,077] ----D C:\Users\Administrateur\AppData\Roaming\vlc
O43 - CFD: 16.07.2013 - 21:35:02 - [0,012] ----D C:\Users\Administrateur\AppData\Roaming\XnView
O43 - CFD: 19.07.2013 - 21:21:04 - [0] ----D C:\Users\Administrateur\AppData\Local\Adobe
O43 - CFD: 06.05.2013 - 21:44:45 - [0] ----D C:\Users\Administrateur\AppData\Local\Application Data
O43 - CFD: 13.05.2013 - 00:37:11 - [0] ----D C:\Users\Administrateur\AppData\Local\Apps
O43 - CFD: 16.07.2013 - 21:35:32 - [0] ----D C:\Users\Administrateur\AppData\Local\Downloaded Installations
O43 - CFD: 06.05.2013 - 21:44:45 - [0] ----D C:\Users\Administrateur\AppData\Local\Historique
O43 - CFD: 07.05.2013 - 17:59:54 - [0] ----D C:\Users\Administrateur\AppData\Local\Macromedia
O43 - CFD: 16.07.2013 - 21:11:27 - [98,391] ----D C:\Users\Administrateur\AppData\Local\Microsoft
O43 - CFD: 07.05.2013 - 17:53:36 - [1,199] ----D C:\Users\Administrateur\AppData\Local\Mozilla
O43 - CFD: 06.05.2013 - 22:35:56 - [1,590] ----D C:\Users\Administrateur\AppData\Local\Packages
O43 - CFD: 09.05.2013 - 16:42:43 - [0] ----D C:\Users\Administrateur\AppData\Local\Programs
O43 - CFD: 16.06.2013 - 19:37:48 - [0,011] ----D C:\Users\Administrateur\AppData\Local\Samsung
O43 - CFD: 13.05.2013 - 20:14:17 - [0] ----D C:\Users\Administrateur\AppData\Local\Secunia PSI
O43 - CFD: 29.07.2013 - 23:12:21 - [1,249] ----D C:\Users\Administrateur\AppData\Local\Temp
O43 - CFD: 06.05.2013 - 21:44:45 - [0] ----D C:\Users\Administrateur\AppData\Local\Temporary Internet Files
O43 - CFD: 12.05.2013 - 22:02:23 - [0,001] ----D C:\Users\Administrateur\AppData\Local\WiFi Guard
O43 - CFD: 26.07.2012 - 10:13:00 - [0,004] R---D C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
O43 - CFD: 26.07.2012 - 10:13:00 - [0,001] R---D C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 16.05.2013 - 18:16:29 - [0,000] R---D C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 26.07.2012 - 10:13:00 - [0,000] ----D C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 16.05.2013 - 18:16:29 - [0,000] R---D C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 20.04.2013 - 11:58:11 - [0,005] R---D C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
O43 - CFD: 20.04.2013 - 12:31:08 - [0] ----D C:\Program Files (x86)\AGEIA Technologies
O43 - CFD: 03.07.2013 - 21:50:51 - [26,649] ----D C:\Program Files (x86)\BurnAware Free
O43 - CFD: 04.06.2013 - 20:47:03 - [0,818] ----D C:\Program Files (x86)\Canon
O43 - CFD: 13.05.2013 - 00:07:48 - [6,785] ----D C:\Program Files (x86)\Cisco
O43 - CFD: 18.05.2013 - 22:24:52 - [49,468] ----D C:\Program Files (x86)\Common Files
O43 - CFD: 15.05.2013 - 10:37:07 - [28,843] ----D C:\Program Files (x86)\Creative
O43 - CFD: 28.07.2013 - 16:43:24 - [21,389] ----D C:\Program Files (x86)\East-Tec Eraser 2013
O43 - CFD: 29.07.2013 - 22:55:42 - [2,072] ----D C:\Program Files (x86)\Everything
O43 - CFD: 29.07.2013 - 22:57:31 - [0,304] ----D C:\Program Files (x86)\FileASSASSIN
O43 - CFD: 16.06.2013 - 19:31:19 - [3,009] ----D C:\Program Files (x86)\InstallShield Installation Information
O43 - CFD: 13.05.2013 - 00:07:48 - [0,098] ----D C:\Program Files (x86)\Intel
O43 - CFD: 11.07.2013 - 20:48:39 - [4,718] ----D C:\Program Files (x86)\Internet Explorer
O43 - CFD: 06.05.2013 - 21:51:27 - [12,461] ----D C:\Program Files (x86)\IZArc
O43 - CFD: 20.04.2013 - 12:24:12 - [13,336] ----D C:\Program Files (x86)\Malwarebytes' Anti-Malware
O43 - CFD: 20.04.2013 - 13:08:40 - [0,262] ----D C:\Program Files (x86)\Microsoft Office
O43 - CFD: 20.04.2013 - 13:37:16 - [5,710] ----D C:\Program Files (x86)\Microsoft SkyDrive
O43 - CFD: 20.04.2013 - 13:36:55 - [7,797] ----D C:\Program Files (x86)\Microsoft.NET
O43 - CFD: 16.07.2013 - 21:34:36 - [47,201] ----D C:\Program Files (x86)\Mozilla Firefox
O43 - CFD: 26.06.2013 - 18:39:55 - [0,214] ----D C:\Program Files (x86)\Mozilla Maintenance Service
O43 - CFD: 24.06.2013 - 20:10:11 - [6,716] ----D C:\Program Files (x86)\Mp3tag
O43 - CFD: 16.07.2013 - 21:03:33 - [0,025] ----D C:\Program Files (x86)\MSBuild
O43 - CFD: 20.04.2013 - 12:31:33 - [100,259] ----D C:\Program Files (x86)\NVIDIA Corporation
O43 - CFD: 16.07.2013 - 21:03:33 - [37,882] ----D C:\Program Files (x86)\Reference Assemblies
O43 - CFD: 24.04.2013 - 21:27:54 - [10,498] ----D C:\Program Files (x86)\Secunia
O43 - CFD: 18.05.2013 - 22:24:52 - [18,032] R---D C:\Program Files (x86)\Skype
O43 - CFD: 06.05.2013 - 21:53:05 - [9,139] ----D C:\Program Files (x86)\SumatraPDF
O43 - CFD: 13.05.2013 - 00:01:29 - [1,040] ----D C:\Program Files (x86)\SystemRequirementsLab
O43 - CFD: 21.04.2013 - 00:32:19 - [1,040] ----D C:\Program Files (x86)\Windows Defender
O43 - CFD: 21.04.2013 - 00:32:20 - [5,987] ----D C:\Program Files (x86)\Windows Mail
O43 - CFD: 21.04.2013 - 00:32:20 - [3,570] ----D C:\Program Files (x86)\Windows Media Player
O43 - CFD: 26.07.2012 - 10:13:01 - [0,209] ----D C:\Program Files (x86)\Windows Multimedia Platform
O43 - CFD: 26.07.2012 - 10:12:59 - [7,409] ----D C:\Program Files (x86)\Windows NT
O43 - CFD: 17.06.2013 - 20:03:51 - [5,271] ----D C:\Program Files (x86)\Windows Photo Viewer
O43 - CFD: 26.07.2012 - 10:13:01 - [0,209] ----D C:\Program Files (x86)\Windows Portable Devices
O43 - CFD: 26.07.2012 - 10:12:59 - [0] -SH-D C:\Program Files (x86)\Windows Sidebar
O43 - CFD: 16.06.2013 - 12:27:59 - [7,628] ----D C:\Program Files (x86)\XnView
O43 - CFD: 29.07.2013 - 23:14:26 - [9,963] ----D C:\Program Files (x86)\ZHPDiag
O43 - CFD: 20.04.2013 - 13:36:58 - [0,013] ----D C:\Program Files (x86)\Common Files\DESIGNER
O43 - CFD: 15.05.2013 - 10:25:21 - [1,840] ----D C:\Program Files (x86)\Common Files\InstallShield
O43 - CFD: 18.05.2013 - 18:52:09 - [36,009] ----D C:\Program Files (x86)\Common Files\Microsoft Shared
O43 - CFD: 26.07.2012 - 10:13:01 - [0,003] ----D C:\Program Files (x86)\Common Files\Services
O43 - CFD: 18.05.2013 - 22:24:52 - [1,904] ----D C:\Program Files (x86)\Common Files\Skype
O43 - CFD: 21.04.2013 - 00:32:19 - [9,700] ----D C:\Program Files (x86)\Common Files\System
~ Scan Program Folder in 00mn 03s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.1B57C570AF1988ED2E7AE8CC99947B7B] - 29.07.2013 - 22:11:51 ---A- . (...) -- C:\Windows\WindowsUpdate.log [16374]
O44 - LFC:[MD5.A48107A4A322C2658D8BCF646FF4C79A] - 29.07.2013 - 22:11:30 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.B374EAD8766BD0144986B15E609204B9] - 27.07.2013 - 19:46:33 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [2730058]
O44 - LFC:[MD5.68AEF84B62A17296E0C874EB635EC99C] - 27.07.2013 - 19:46:33 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [132614]
O44 - LFC:[MD5.EF89ED6BE2A2B2BC004915F5F48E44EE] - 27.07.2013 - 19:46:33 ---A- . (...) -- C:\Windows\SysNative\perfc00C.dat [155650]
O44 - LFC:[MD5.8583281D466AAF140877A8E4712EB3E1] - 27.07.2013 - 19:46:33 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [710244]
O44 - LFC:[MD5.E2DE67C489420FEF93FD95F617CC3407] - 27.07.2013 - 19:46:33 ---A- . (...) -- C:\Windows\SysNative\perfh00C.dat [800978]
O44 - LFC:[MD5.5CD2DE3F60D851D28322E047B33245D2] - 27.07.2013 - 19:46:33 ---A- . (...) -- C:\Windows\SysNative\prfc0816.dat [159974]
O44 - LFC:[MD5.DF493F1BE33A2BCEC3E59BE0ED73139A] - 27.07.2013 - 19:46:33 ---A- . (...) -- C:\Windows\SysNative\prfh0816.dat [776694]
O44 - LFC:[MD5.FEA080CB126CB6C357528D96D1FFB263] - 11.07.2013 - 21:56:17 ---A- . (...) -- C:\Windows\SysNative\FNTCACHE.DAT [316288]
O44 - LFC:[MD5.F87F4AAAF6664906248D11D5E579A53B] - 01.06.2013 - 10:19:58 . (...) -- C:\Windows\System32\DeviceSetupManager.dll []]]
O44 - LFC:[MD5.599B3F685A263A114FFAF3BE29C49C75] - 01.06.2013 - 10:19:42 . (...) -- C:\Windows\System32\audiosrv.dll []]
O44 - LFC:[MD5.287C948178B5E52E02C679C5257B26ED] - 20.05.2013 - 01:08:47 . (...) -- C:\Windows\System32\ApnDatabase.xml []
O44 - LFC:[MD5.287C948178B5E52E02C679C5257B26ED] - 20.05.2013 - 01:08:47 ---A- . (...) -- C:\Windows\SysNative\ApnDatabase.xml [386642]
~ Scan Files in 00mn 41s



---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Moteur du client de l’Éditeur de configuration de sécurité Windows.) -- C:\Windows\System32\scecli.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Package de sécurité Kerberos.) -- C:\Windows\System32\kerberos.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Fournisseur de sécurité TLS/SSL.) -- C:\Windows\System32\schannel.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Digest Access.) -- C:\Windows\System32\wdigest.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Web Service Security Package.) -- C:\Windows\System32\tspkg.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Pku2u Security Package.) -- C:\Windows\System32\pku2u.dll
O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Live Security Package.) -- C:\Windows\System32\livessp.dll
~ Scan Keys in 00mn 00s



---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\BasicDisplay.sys . (.Microsoft Corporation - Microsoft Basic Display Driver.) -- C:\Windows\System32\Drivers\BasicDisplay.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\BasicRender.sys . (.Microsoft Corporation - Microsoft Basic Render Driver.) -- C:\Windows\System32\Drivers\BasicRender.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dxgkrnl.sys . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\FsDepends.sys . (.Microsoft Corporation - File System Dependency Manager Mini Filter Driver.) -- C:\Windows\System32\Drivers\FsDepends.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\BasicDisplay.sys . (.Microsoft Corporation - Microsoft Basic Display Driver.) -- C:\Windows\System32\Drivers\BasicDisplay.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\BasicRender.sys . (.Microsoft Corporation - Microsoft Basic Render Driver.) -- C:\Windows\System32\Drivers\BasicRender.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dxgkrnl.sys . (.Microsoft Corporation - DirectX Graphics Kernel.) -- C:\Windows\System32\Drivers\dxgkrnl.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\FsDepends.sys . (.Microsoft Corporation - File System Dependency Manager Mini Filter Driver.) -- C:\Windows\System32\Drivers\FsDepends.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys . (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\Drivers\ipnat.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\nsiproxy.sys . (.Microsoft Corporation - NSI Proxy.) -- C:\Windows\System32\Drivers\nsiproxy.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpencdd.sys . (...) -- C:\Windows\System32\Drivers\rdpencdd.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Pilote de filtre souris série.) -- C:\Windows\System32\Drivers\sermouse.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgr.sys . (.Microsoft Corporation - Volume Manager Driver.) -- C:\Windows\System32\Drivers\volmgr.sys
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\volmgrx.sys . (.Microsoft Corporation - Pilote d’extension du gestionnaire de volumes.) -- C:\Windows\System32\Drivers\volmgrx.sys
~ Scan CSB in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{fc130bba-a933-11e2-be66-806e6f6e6963}\AutoRun\command. (...) -- E:\Msetup4.exe (.not file.)
~ Scan Keys in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm
~ Scan Keys in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53) (None)

---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=0
O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableCursorSuppression"=1
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0
O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0
O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ Scan Keys in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=145
O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
~ Scan Keys in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.4F18D4C7EA14F11A7211F60D553C03DB] - 26.07.2012 - 06:00:49 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [106736]
~ Scan Drivers in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe
O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.evt> <evtfile>[HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe
O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] (...) -- "%1" %*
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe
O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe
~ Scan Keys in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ShowIconsCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\ReinstallCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\InstallInfo\HideIconsCommand] (...) -- C:\Windows\System32\ie4uinit.exe (.not file.)
~ Scan Keys in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Scan Keys in 00mn 00s



---\\ Recherche des services démarrés par Svchost (O83)
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Service Expérience d’application.) -- C:\Windows\System32\aelupsvc.dll [190976]
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [149504]
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Service de propagation de certificats de cartes à puce Microsoft.) -- C:\Windows\System32\certprop.dll [149504]
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - DLL du service Serveur.) -- C:\Windows\System32\srvsvc.dll [309248]
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Client de stratégie de groupe.) -- C:\Windows\System32\gpsvc.dll [1366016]
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - Extension IKE.) -- C:\Windows\System32\ikeext.dll [1071104]
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Gestionnaire de numérotation automatique d’accès distant.) -- C:\Windows\System32\rasauto.dll [99840]
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Gestionnaire des connexions d’accès à distance.) -- C:\Windows\System32\rasmans.dll [358400]
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Gestionnaire d’interface dynamique.) -- C:\Windows\System32\mprdim.dll [107520]
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - Service de notification d’événements système (SENS).) -- C:\Windows\System32\sens.dll [62976]
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Composants de l’application d’assistance à Microsoft NAT.) -- C:\Windows\System32\ipnathlp.dll [438784]
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Serveur de téléphonie Microsoft® Windows(TM).) -- C:\Windows\System32\tapisrv.dll [305664]
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Agent de mise à jour automatique Windows Update.) -- C:\WINDOWS\system32\wuaueng.dll [3241472]
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Service de transfert intelligent en arrière-plan.) -- C:\Windows\System32\qmgr.dll [826368]
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Dll des services Windows Shell.) -- C:\Windows\System32\shsvcs.dll [565760]
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service offrant une connectivité IPv6 sur un réseau IPv4..) -- C:\Windows\System32\iphlpsvc.dll [894464]
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - DLL de service d’ouverture de session secondaire.) -- C:\Windows\system32\seclogon.dll [30720]
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Service Informations d’application.) -- C:\Windows\System32\appinfo.dll [70144]
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - Service de découverte iSCSI.) -- C:\Windows\System32\iscsiexe.dll [151552]
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Service EAPHost Microsoft.) -- C:\Windows\System32\eapsvc.dll [105472]
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Service du Planificateur de tâches.) -- C:\Windows\System32\schedsvc.dll [1285632]
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) -- C:\Windows\System32\wbem\WMIsvc.dll [219648]
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Service Planificateur de classes multimédias.) -- C:\Windows\System32\mmcss.dll [80896]
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - DLL du service Explorateur d’ordinateurs.) -- C:\Windows\System32\browser.dll [134144]
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) -- C:\Windows\System32\profsvc.dll [209920]
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Service Configuration des services Bureau à distance.) -- C:\Windows\System32\sessenv.dll [291328]
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Rapports et solutions aux problèmes.) -- C:\Windows\System32\wercplsupport.dll [84992]
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Service Gestion des clés.) -- C:\Windows\System32\kmsvc.dll [97792]
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - Service BDE.) -- C:\Windows\System32\bdesvc.dll [190976]
O83 - Search Svchost Services: wlidsvc (wlidsvc) . (.Microsoft Corporation - Service de compte Microsoft®.) -- C:\Windows\System32\wlidsvc.dll [1964544]
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - DLL du service des thèmes Windows Shell.) -- C:\Windows\System32\themeservice.dll [47104]
O83 - Search Svchost Services: DsmSvc (DsmSvc) . (.Microsoft Corporation - Gestionnaire d’installation de périphérique.) -- C:\Windows\System32\DeviceSetupManager.dll [207872]
O83 - Search Svchost Services: NcaSvc (NcaSvc) . (.Microsoft Corporation - Service Assistant Connectivité réseau Microsoft.) -- C:\Windows\System32\ncasvc.dll [161792]
O83 - Search Svchost Services: SystemEventsBroker (SystemEventsBroker) . (.Microsoft Corporation - Service Broker pour les événements système.) -- C:\Windows\System32\SystemEventsBrokerServer.dll [180224]
~ Scan Services in 00mn 00s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.6D9E5361414A404F62DC249F2AADC327] [SPRF][31.01.2008] (.Pas de propriétaire - 7-zip32.) -- C:\Users\Administrateur\AppData\Local\Temp\7-zip32.dll [506880]
[MD5.2D94CA69DF0E0819CD6447460A0C03E4] [SPRF][31.05.2013] (.Sysinternals - www.sysinternals.com - Autostart program viewer.) -- C:\Users\Administrateur\Desktop\autoruns.exe [658624]
[MD5.AE326A97F634217CAC29739D376DF934] [SPRF][15.08.2011] (...) -- C:\Users\Administrateur\Desktop\ZHP_uninstall.exe [344187]
~ Scan Files in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "WMPNSS-In-UDP-NoScope" |In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-Out-UDP-NoScope" |Out - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-In-TCP-NoScope" |In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-Out-TCP-NoScope" |Out - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-In-UDP" |In - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-Out-UDP" |Out - Public - P17 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-In-TCP" |In - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "WMPNSS-Out-TCP" |Out - Public - P6 - FALSE | .(...) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (.not file.)
O87 - FAEL: "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" |Out - Domain - P6 - TRUE | .(...) -- 0|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Publicndows\WinStore\resources.pri?ms-resource:\\WinStore\resources\DisplayName}|Platform
O87 - FAEL: "{E7985E1D-C36F-4787-80A8-6350D07E9266}" |In - Domain - P6 - TRUE | .(...) -- 0|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Privatendows\WinStore\resources.pri?ms-resource:\\WinStore\resources\DisplayName}|Platform=2:6:2|Platform2=
O87 - FAEL: "{A92C0FD8-FEAC-4D5B-B94B-63082DA85E70}" | In - Private - P6 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O87 - FAEL: "{5DF4CCE4-6768-46F7-8B8D-8AFD7BF25D7B}" | In - Private - P17 - FALSE | .(.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O87 - FAEL: "{3D93792B-06D7-4FA8-B0FC-1098E0E2D8D8}" | In - None - P17 - TRUE | .(.Pas de propriétaire - Wireless PAN DHCP and DNS Server.) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O87 - FAEL: "{FBD76B34-1BFC-4691-B1F1-A21C195A6896}" | In - None - P17 - TRUE | .(.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
~ Scan Firewall in 00mn 00s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 13.02.2013 770528 | (AMPPALR3) . (.Intel Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
SR - | Auto 09.05.2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 12.09.2012 135984 | (BTHSSecurityMgr) . (.Intel(R) Corporation.) - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
SR - | Auto 29.06.2013 68608 | (ClassicShellService) . (.IvoSoft.) - C:\Program Files\Classic Shell\ClassicShellService.exe
SR - | Auto 08.07.2013 6199520 | (cmdAgent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
SS - | Demand 18.06.2013 158936 | (cmdvirth) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
SS - | Disabled 02.04.2007 61440 | (CTDevice_Srv) . (.Creative Technology Ltd.) - C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
SS - | Disabled 21.05.2008 64000 | (CTUPnPSv) . (.Creative Technology Ltd.) - C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe
SR - | Auto 08.02.2013 621296 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SS - | Demand 25.06.2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 273136 | (MyWiFiDHCPDNS) . (...) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
SS - | Disabled 15.03.2013 877856 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SS - | Auto 15.03.2013 1266464 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 08.02.2013 149744 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SS - | Disabled 07.02.2013 1223704 | (Secunia PSI Agent) . (.Secunia.) - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
SS - | Disabled 07.02.2013 660504 | (Secunia Update Agent) . (.Secunia.) - C:\Program Files (x86)\Secunia\PSI\sua.exe
SS - | Disabled 28.02.2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 14.03.2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SS - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 20.09.2012 29696 | C:\WINDOWS\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08.02.2013 3386608 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Scan Services in 00mn 01s



End of the scan (928 lines in 01mn 18s)(0)

-------------------------------------------------------------------------------------------------
WaterMan

Re: Mon ordinateur est-il infecté ?

par WaterMan »

Et en 2ième lieu, j'ai fait une diagnostic avec "ComboFix" :

ComboFix 13-07-27.01 - Administrateur 29.07.2013 23:26:47.1.8 - x64
Microsoft Windows 8 6.2.9200.0.1252.41.1036.18.8073.6442 [GMT 2:00]
Lancé depuis: c:\users\Administrateur\Desktop\TÚlÚcharg. Adm\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-06-28 au 2013-07-29 ))))))))))))))))))))))))))))))))))))
.
.
2013-07-29 21:31 . 2013-07-29 21:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-29 21:31 . 2013-07-29 21:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-29 21:31 . 2013-07-29 21:31 -------- d-----w- c:\users\Administrateur\AppData\Local\temp
2013-07-29 21:13 . 2013-07-29 21:15 -------- d-----w- C:\ZHP
2013-07-29 21:13 . 2013-07-29 21:14 -------- d-----w- c:\program files (x86)\ZHPDiag
2013-07-29 20:57 . 2013-07-29 20:57 -------- d-----w- c:\program files (x86)\FileASSASSIN
2013-07-29 18:26 . 2013-07-29 18:30 -------- d-----w- c:\users\Deux
2013-07-28 14:43 . 2013-07-28 14:43 -------- d-----w- c:\program files (x86)\East-Tec Eraser 2013
2013-07-27 14:35 . 2013-07-27 14:35 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2013-07-21 15:55 . 2013-07-21 15:55 -------- d-----w- c:\program files\CCleaner
2013-07-19 19:15 . 2013-06-01 09:22 523264 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-07-16 19:03 . 2013-07-16 19:03 -------- d-----w- c:\program files (x86)\Reference Assemblies
2013-07-16 19:03 . 2013-07-16 19:03 -------- d-----w- c:\program files (x86)\MSBuild
2013-07-16 19:02 . 2013-07-16 19:02 -------- d-----w- c:\windows\SysWow64\XPSViewer
2013-07-16 19:02 . 2013-07-16 19:02 -------- d-----w- c:\program files\Reference Assemblies
2013-07-16 19:02 . 2013-07-16 19:02 -------- d-----w- c:\program files\MSBuild
2013-07-16 18:57 . 2012-07-06 02:02 778856 ----a-w- c:\windows\SysWow64\PresentationNative_v0300.dll
2013-07-16 18:57 . 2012-07-06 02:02 35400 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2013-07-16 18:57 . 2012-07-06 02:02 102528 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-07-16 18:57 . 2012-07-06 02:02 35400 ----a-w- c:\windows\system32\TsWpfWrp.exe
2013-07-16 18:57 . 2012-07-06 02:02 124040 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-16 18:57 . 2012-07-06 02:02 1166440 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2013-07-16 18:27 . 2013-07-28 14:43 -------- d-----w- c:\users\Administrateur\AppData\Roaming\EAST Technologies
2013-07-11 10:22 . 2013-04-10 22:35 1617920 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-11 10:22 . 2013-04-10 22:35 2035200 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2013-07-11 10:22 . 2013-04-10 22:35 1306112 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 10:22 . 2013-04-10 22:35 1272320 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 10:22 . 2013-04-11 04:12 1029632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\journal.dll
2013-07-11 10:22 . 2013-04-11 04:12 1413632 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Ink\InkObj.dll
2013-07-11 10:22 . 2013-04-10 22:35 1318912 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 10:21 . 2013-05-30 23:14 4036096 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 10:21 . 2013-06-01 09:21 595968 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 10:21 . 2013-06-01 09:25 496640 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-11 10:21 . 2013-06-21 05:04 19187712 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-11 10:21 . 2013-06-21 04:46 18523648 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-07-11 10:21 . 2013-04-11 22:30 1421312 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-11 10:21 . 2013-04-11 22:22 1838080 ----a-w- c:\windows\system32\DWrite.dll
2013-07-11 10:19 . 2013-05-04 06:59 2842112 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 10:19 . 2013-05-04 04:57 2620928 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-03 19:50 . 2013-07-03 19:50 -------- d-----w- c:\program files (x86)\BurnAware Free
2013-07-03 18:00 . 2013-07-03 18:00 -------- d-----w- c:\program files\Classic Shell
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 19:18 . 2013-04-20 11:15 564432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-07-11 10:27 . 2013-04-20 02:04 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-07-08 20:59 . 2013-04-15 16:38 713776 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2013-06-27 22:04 . 2013-04-20 10:08 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04 . 2013-04-20 10:08 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-26 15:36 . 2013-04-20 09:41 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-06-18 15:16 . 2013-04-25 09:05 118400 ----a-w- c:\windows\system32\drivers\inspect.sys
2013-06-18 15:16 . 2013-04-15 16:38 37560 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2013-06-18 15:16 . 2013-04-15 16:38 23168 ----a-w- c:\windows\system32\drivers\cmderd.sys
2013-06-18 15:15 . 2013-04-15 16:38 43216 ----a-w- c:\windows\system32\cmdcsr.dll
2013-06-18 15:15 . 2013-04-23 13:04 348584 ----a-w- c:\windows\SysWow64\guard32.dll
2013-06-18 15:15 . 2013-04-23 13:04 437688 ----a-w- c:\windows\system32\guard64.dll
2013-06-18 15:15 . 2013-04-15 16:38 45784 ----a-w- c:\windows\system32\cmdkbd64.dll
2013-06-18 15:15 . 2013-04-15 16:38 344792 ----a-w- c:\windows\system32\cmdvrt64.dll
2013-06-18 15:15 . 2013-04-15 16:38 278232 ----a-w- c:\windows\SysWow64\cmdvrt32.dll
2013-06-18 15:15 . 2013-04-15 16:38 40664 ----a-w- c:\windows\SysWow64\cmdkbd32.dll
2013-05-30 23:24 . 2013-06-16 10:05 1257472 ----a-w- c:\windows\system32\kernel32.dll
2013-05-23 23:01 . 2013-06-16 10:05 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-05-23 22:27 . 2013-06-16 10:05 1022464 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-05-15 22:37 . 2013-06-12 17:47 44032 ----a-w- c:\windows\SysWow64\UXInit.dll
2013-05-15 22:35 . 2013-06-12 17:47 53760 ----a-w- c:\windows\system32\UXInit.dll
2013-05-15 22:35 . 2013-06-16 10:05 144384 ----a-w- c:\windows\system32\tssdisai.dll
2013-05-15 02:25 . 2013-06-16 10:05 888320 ----a-w- c:\windows\system32\autochk.exe
2013-05-15 02:25 . 2013-06-16 10:05 542208 ----a-w- c:\windows\system32\untfs.dll
2013-05-15 02:24 . 2013-06-16 10:05 793088 ----a-w- c:\windows\SysWow64\autochk.exe
2013-05-15 02:24 . 2013-06-16 10:05 482816 ----a-w- c:\windows\SysWow64\untfs.dll
2013-05-14 13:14 . 2013-06-12 17:47 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-14 09:23 . 2013-06-12 17:47 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-09 08:59 . 2013-05-18 16:52 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2013-05-18 16:52 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-05-18 16:52 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-05-18 16:52 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-05-18 16:52 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2013-05-18 16:52 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2013-05-18 16:52 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-05-18 16:52 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-05-18 16:51 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-04-20 01:43 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-09 00:02 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-04 07:58 . 2013-06-16 13:53 120736 ----a-w- c:\windows\system32\AuthHost.exe
2013-05-04 07:34 . 2013-06-16 13:53 446720 ----a-w- c:\windows\system32\drivers\USBHUB3.SYS
2013-05-04 07:34 . 2013-06-16 13:53 284416 ----a-w- c:\windows\system32\drivers\spaceport.sys
2013-05-04 07:30 . 2013-06-16 13:53 58312 ----a-w- c:\windows\system32\wuauclt.exe
2013-05-04 06:59 . 2013-06-16 13:53 39424 ----a-w- c:\windows\system32\wuapp.exe
2013-05-04 06:59 . 2013-06-16 13:53 1483776 ----a-w- c:\windows\system32\VSSVC.exe
2013-05-04 06:59 . 2013-06-16 13:53 812544 ----a-w- c:\windows\system32\Magnify.exe
2013-05-04 06:59 . 2013-06-16 13:53 251904 ----a-w- c:\windows\system32\WUSettingsProvider.dll
2013-05-04 06:59 . 2013-06-16 13:53 141824 ----a-w- c:\windows\system32\wuwebv.dll
2013-05-04 06:59 . 2013-06-16 13:53 98304 ----a-w- c:\windows\system32\wudriver.dll
2013-05-04 06:59 . 2013-06-16 13:53 1619968 ----a-w- c:\windows\system32\wucltux.dll
2013-05-04 06:59 . 2013-06-16 13:53 3241472 ----a-w- c:\windows\system32\wuaueng.dll
2013-05-04 06:59 . 2013-06-16 13:53 760320 ----a-w- c:\windows\system32\wuapi.dll
2013-05-04 06:59 . 2013-06-16 13:53 13644288 ----a-w- c:\windows\system32\Windows.UI.Xaml.dll
2013-05-04 06:58 . 2013-06-16 13:53 328192 ----a-w- c:\windows\system32\ubpm.dll
2013-05-04 06:58 . 2013-06-16 13:53 10116096 ----a-w- c:\windows\system32\twinui.dll
2013-05-04 06:58 . 2013-06-16 13:53 1332736 ----a-w- c:\windows\system32\sysmain.dll
2013-05-04 06:58 . 2013-06-16 13:53 173568 ----a-w- c:\windows\system32\storewuauth.dll
2013-05-04 06:58 . 2013-06-16 13:53 330240 ----a-w- c:\windows\system32\stobject.dll
2013-05-04 06:58 . 2013-06-16 13:53 93696 ----a-w- c:\windows\system32\psmsrv.dll
2013-05-04 06:58 . 2013-06-16 13:53 470528 ----a-w- c:\windows\system32\netprofmsvc.dll
2013-05-04 06:58 . 2013-06-16 13:53 151552 ----a-w- c:\windows\system32\netprofm.dll
2013-05-04 06:58 . 2013-06-16 13:53 169984 ----a-w- c:\windows\system32\netplwiz.dll
2013-05-04 06:57 . 2013-06-16 13:53 17408 ----a-w- c:\windows\system32\muifontsetup.dll
2013-05-04 06:57 . 2013-06-16 13:53 560640 ----a-w- c:\windows\system32\mfmp4srcsnk.dll
2013-05-04 06:57 . 2013-06-16 13:53 501760 ----a-w- c:\windows\system32\DevicePairing.dll
2013-05-04 06:57 . 2013-06-16 13:53 179712 ----a-w- c:\windows\system32\bisrv.dll
2013-05-04 06:57 . 2013-06-16 13:53 122368 ----a-w- c:\windows\system32\biwinrt.dll
2013-05-04 06:57 . 2013-06-16 13:53 389120 ----a-w- c:\windows\system32\BCP47Langs.dll
2013-05-04 06:57 . 2013-06-16 13:53 2305024 ----a-w- c:\windows\system32\authui.dll
2013-05-04 06:57 . 2013-06-16 13:53 1131520 ----a-w- c:\windows\system32\AppXDeploymentServer.dll
2013-05-04 06:57 . 2013-06-16 13:53 708096 ----a-w- c:\windows\system32\AppXDeploymentExtensions.dll
2013-05-04 06:56 . 2013-06-16 13:53 419840 ----a-w- c:\windows\system32\intl.cpl
2013-05-04 04:58 . 2013-06-16 13:55 34304 ----a-w- c:\windows\SysWow64\wuapp.exe
2013-05-04 04:58 . 2013-06-16 13:55 758784 ----a-w- c:\windows\SysWow64\Magnify.exe
2013-05-04 04:58 . 2013-06-16 13:55 83968 ----a-w- c:\windows\SysWow64\wudriver.dll
2013-05-04 04:58 . 2013-06-16 13:55 125952 ----a-w- c:\windows\SysWow64\wuwebv.dll
2013-05-04 04:58 . 2013-06-16 13:55 621056 ----a-w- c:\windows\SysWow64\wuapi.dll
2013-05-04 04:57 . 2013-06-16 13:55 10788864 ----a-w- c:\windows\SysWow64\Windows.UI.Xaml.dll
2013-05-04 04:57 . 2013-06-16 13:55 247296 ----a-w- c:\windows\SysWow64\ubpm.dll
2013-05-04 04:57 . 2013-06-16 13:55 8857088 ----a-w- c:\windows\SysWow64\twinui.dll
2013-05-04 04:57 . 2013-06-16 13:55 303616 ----a-w- c:\windows\SysWow64\stobject.dll
2013-05-04 04:57 . 2013-06-16 13:55 18432 ----a-w- c:\windows\SysWow64\npmproxy.dll
2013-05-04 04:57 . 2013-06-16 13:55 151040 ----a-w- c:\windows\SysWow64\netplwiz.dll
2013-05-04 04:57 . 2013-06-16 13:55 115712 ----a-w- c:\windows\SysWow64\netprofm.dll
2013-05-04 04:57 . 2013-06-16 13:55 14336 ----a-w- c:\windows\SysWow64\muifontsetup.dll
2013-05-04 04:56 . 2013-06-16 13:55 411136 ----a-w- c:\windows\SysWow64\mfmp4srcsnk.dll
2013-05-04 04:56 . 2013-06-16 13:55 449536 ----a-w- c:\windows\SysWow64\DevicePairing.dll
2013-05-04 04:56 . 2013-06-16 13:55 92160 ----a-w- c:\windows\SysWow64\biwinrt.dll
2013-05-04 04:56 . 2013-06-16 13:55 309760 ----a-w- c:\windows\SysWow64\BCP47Langs.dll
2013-05-04 04:56 . 2013-06-16 13:55 2035712 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-04 04:55 . 2013-06-16 13:55 389632 ----a-w- c:\windows\SysWow64\intl.cpl
2013-05-04 04:51 . 2013-06-16 13:53 14848 ----a-w- c:\windows\system32\rars.rs
2013-05-04 04:47 . 2013-06-16 13:53 427520 ----a-w- c:\windows\system32\drivers\rdbss.sys
2013-05-04 04:10 . 2013-06-16 13:55 14848 ----a-w- c:\windows\SysWow64\rars.rs
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 08:49 594432 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R3 AMPPALP;Protocole Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 cmdvirth;COMODO Virtual Service Manager;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe;c:\program files\COMODO\COMODO Internet Security\cmdvirth.exe [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R4 CTUPnPSv;Creative Centrale Media Server;c:\program files (x86)\Creative\Creative Centrale\CTUPnPSv.exe;c:\program files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [x]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdhlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 OfficeSvc;Service Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AMPPAL;Carte réseau virtuelle Intel® Centrino® Wireless Bluetooth® + High Speed;c:\windows\System32\drivers\AMPPAL.sys;c:\windows\SYSNATIVE\drivers\AMPPAL.sys [x]
S3 NETwNe64;@oem10.inf,___ %NIC_Service_DispName_WIN8_64%;___ Pilote de carte de la série Intel(R) Wireless WiFi Link 5000 pour Windows 8 64 bits ;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]
S3 RTL8168;Pilote Realtek 8168 NT;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-07-11 19:26 2328264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-07-11 19:26 2328264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-07-11 19:26 2328264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2013-06-29 08:50 724992 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\n4bbydn7.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
.
- - - - ORPHELINS SUPPRIMES - - - -
.
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,3b,1b,44,3a,44,
95,1a,f8,d3,05,b6,26,9a,3f,04,ca,cf,1b
"{553891B7-A0D5-4526-BE18-D3CE461D6310}"=hex:51,66,7a,6c,4c,1d,3b,1b,a7,8d,22,
4e,e2,f5,4a,08,a4,13,98,8e,42,5e,21,0d
"{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}"=hex:51,66,7a,6c,4c,1d,3b,1b,6b,3e,90,
2a,a8,0b,d1,08,93,92,34,cf,14,89,0e,e8
"{449D0D6E-2412-4E61-B68F-1CB625CD9E52}"=hex:51,66,7a,6c,4c,1d,3b,1b,7e,11,87,
5f,25,71,0d,03,ac,84,57,f6,21,8e,dc,4f
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b4,e9,
af,16,5b,35,04,a0,29,09,f3,04,cd,40,e2
"{EA801577-E6AD-4BD5-8F71-4BE0154331A4}"=hex:51,66,7a,6c,4c,1d,3b,1b,67,09,9a,
f1,9a,b3,b9,06,95,7a,00,a0,11,00,73,b9
"{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}"=hex:51,66,7a,6c,4c,1d,3b,1b,b0,87,ca,
2a,c2,47,a2,01,a4,81,62,63,e3,25,47,c7
"{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}"=hex:51,66,7a,6c,4c,1d,3b,1b,1a,92,53,
cb,80,10,c2,0f,b3,a1,e0,e4,67,98,91,a2
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:06,e5,63,84,76,6a,ce,01
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,3d,56,36,7a,de,87,4e,a3,63,8b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,3d,56,36,7a,de,87,4e,a3,63,8b,\
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Hash"="k4vA5e398KY="
"ProgId"="VLC.3g2"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3ga\UserChoice]
@Denied: (2) (Administrator)
"Hash"="9za7oqr6qBc="
"ProgId"="VLC.3ga"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="DvogSM/Vwkg="
"ProgId"="VLC.3gp"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Hash"="k+GuG9kW30E="
"ProgId"="VLC.3gp2"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="qlD+nGzFeX4="
"ProgId"="VLC.3gpp"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.669\UserChoice]
@Denied: (2) (Administrator)
"Hash"="BlRZ0Nlk0Qk="
"ProgId"="VLC.669"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.a52\UserChoice]
@Denied: (2) (Administrator)
"Hash"="lGyRSbuQtzU="
"ProgId"="VLC.a52"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (Administrator)
"Hash"="6cnmWnpNQnI="
"ProgId"="VLC.aac"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]
@Denied: (2) (Administrator)
"Hash"="ELeoErszhfU="
"ProgId"="VLC.ac3"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Zk2+LNtbzd0="
"ProgId"="VLC.adt"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice]
@Denied: (2) (Administrator)
"Hash"="XgXqQur0yHU="
"ProgId"="VLC.adts"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AIF\UserChoice]
@Denied: (2) (Administrator)
"Hash"="OfHZZxh3lyU="
"ProgId"="VLC.aif"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AIFC\UserChoice]
@Denied: (2) (Administrator)
"Hash"="LGdhZJEF8Aw="
"ProgId"="VLC.aifc"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AIFF\UserChoice]
@Denied: (2) (Administrator)
"Hash"="KrpON+fXzyw="
"ProgId"="VLC.aiff"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Tl6dMVfc1zY="
"ProgId"="VLC.amr"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amv\UserChoice]
@Denied: (2) (Administrator)
"Hash"="FFsNw7ikxCE="
"ProgId"="VLC.amv"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aob\UserChoice]
@Denied: (2) (Administrator)
"Hash"="MkU7JVVnb88="
"ProgId"="VLC.aob"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice]
@Denied: (2) (Administrator)
"Hash"="xc+274uSvF0="
"ProgId"="VLC.ape"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF\UserChoice]
@Denied: (2) (Administrator)
"Hash"="hGux3e0lqTs="
"ProgId"="VLC.asf"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASX\UserChoice]
@Denied: (2) (Administrator)
"Hash"="dW11h1ivesI="
"ProgId"="VLC.asx"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AU\UserChoice]
@Denied: (2) (Administrator)
"Hash"="iZ6CunhXQtw="
"ProgId"="VLC.au"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Hash"="ZOC2/3cLy7I="
"ProgId"="VLC.avi"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.b4s\UserChoice]
@Denied: (2) (Administrator)
"Hash"="dxLIXXCQpdI="
"ProgId"="VLC.b4s"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bin\UserChoice]
@Denied: (2) (Administrator)
"Hash"="q/JFxHD7GT0="
"ProgId"="VLC.bin"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="1Q8nrD2d+wo="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]
@Denied: (2) (Administrator)
"Hash"="FkA075tZwng="
"ProgId"="VLC.caf"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Hash"="48WlinGuNnY="
"ProgId"="VLC.cda"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue\UserChoice]
@Denied: (2) (Administrator)
"Hash"="h5wl5CiPLYs="
"ProgId"="VLC.cue"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (Administrator)
"Hash"="grZRoirKdng="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Hash"="3fUglzxidhY="
"ProgId"="VLC.divx"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.drc\UserChoice]
@Denied: (2) (Administrator)
"Hash"="3cWSieQGVr8="
"ProgId"="VLC.drc"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dts\UserChoice]
@Denied: (2) (Administrator)
"Hash"="17QQvz+WAMk="
"ProgId"="VLC.dts"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv\UserChoice]
@Denied: (2) (Administrator)
"Hash"="lHSEsNZnJwE="
"ProgId"="VLC.dv"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.f4v\UserChoice]
@Denied: (2) (Administrator)
"Hash"="1rU1+UZmXEw="
"ProgId"="VLC.f4v"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (Administrator)
"Hash"="DMZxJ0H24T0="
"ProgId"="VLC.flac"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Dz4TYrNrPDg="
"ProgId"="VLC.flv"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Hash"="0Q+ptUha0Ck="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gxf\UserChoice]
@Denied: (2) (Administrator)
"Hash"="a5JZH/WSMKw="
"ProgId"="VLC.gxf"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ifo\UserChoice]
@Denied: (2) (Administrator)
"Hash"="9ZLCdCJaCUs="
"ProgId"="VLC.ifo"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.it\UserChoice]
@Denied: (2) (Administrator)
"Hash"="sQ5hJw3gMVo="
"ProgId"="VLC.it"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (Administrator)
"Hash"="B6PU5yEfl/E="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (Administrator)
"Hash"="EyZwc39vyng="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="C/ubINt5cN0="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="zmRhCoi3kJ4="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M1V\UserChoice]
@Denied: (2) (Administrator)
"Hash"="yBeipYw4DAs="
"ProgId"="VLC.m1v"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Hash"="y1t57gMXoE0="
"ProgId"="VLC.m2t"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Hash"="j1E8hrpz1Us="
"ProgId"="VLC.m2ts"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Hash"="rH11K0KxgN4="
"ProgId"="VLC.m2v"
.
WaterMan

Re: Mon ordinateur est-il infecté ?

par WaterMan »

Et voici la 2ième partie de "ComboFix" :

[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Hash"="AoQGf5znq5U="
"ProgId"="VLC.m3u"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Hash"="jrwpLqGw7JE="
"ProgId"="VLC.m3u8"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Hash"="RgEfr4vLZlI="
"ProgId"="VLC.m4a"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Hash"="YMzBZPnyBMg="
"ProgId"="VLC.m4p"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Hash"="X51ds4BxQbs="
"ProgId"="VLC.m4v"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MID\UserChoice]
@Denied: (2) (Administrator)
"Hash"="IlmMI0xKJaM="
"ProgId"="VLC.mid"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice]
@Denied: (2) (Administrator)
"Hash"="EZDkRt8ZBeU="
"ProgId"="VLC.mka"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Hash"="6tCOtklrpqk="
"ProgId"="VLC.mkv"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mlp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="IKSWaPpf88M="
"ProgId"="VLC.mlp"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Qoe4lDopCPo="
"ProgId"="VLC.mod"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Hash"="kFMCZ9uPfNc="
"ProgId"="VLC.mov"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp1\UserChoice]
@Denied: (2) (Administrator)
"Hash"="KNAeTzkENQU="
"ProgId"="VLC.mp1"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2\UserChoice]
@Denied: (2) (Administrator)
"Hash"="vcvC84jh3sw="
"ProgId"="VLC.mp2"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP2V\UserChoice]
@Denied: (2) (Administrator)
"Hash"="m9I4H0gTVWc="
"ProgId"="VLC.mp2v"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Hash"="8pBxwb0QLHc="
"ProgId"="VLC.mp3"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Hash"="dFZdXaWRfO4="
"ProgId"="VLC.mp4"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Hash"="/NgCp1/IeZ0="
"ProgId"="VLC.mp4v"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Hash"="pKTbXifayaE="
"ProgId"="VLC.mpa"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpc\UserChoice]
@Denied: (2) (Administrator)
"Hash"="TjkFwKvA65I="
"ProgId"="VLC.mpc"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPE\UserChoice]
@Denied: (2) (Administrator)
"Hash"="qKiFuAI9spA="
"ProgId"="VLC.mpe"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="6wqtSi0eEOw="
"ProgId"="VLC.mpeg"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg1\UserChoice]
@Denied: (2) (Administrator)
"Hash"="lh/b1LUALLk="
"ProgId"="VLC.mpeg1"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg2\UserChoice]
@Denied: (2) (Administrator)
"Hash"="/yyFeTIFPlI="
"ProgId"="VLC.mpeg2"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg4\UserChoice]
@Denied: (2) (Administrator)
"Hash"="J+y6rX0N4GE="
"ProgId"="VLC.mpeg4"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="c3hcLgQYWtY="
"ProgId"="VLC.mpg"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Hash"="byQnED1VkfU="
"ProgId"="VLC.mpv2"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Hash"="GxsEDvtbnhQ="
"ProgId"="VLC.mts"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mtv\UserChoice]
@Denied: (2) (Administrator)
"Hash"="Cks1HHPQ96s="
"ProgId"="VLC.mtv"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mxf\UserChoice]
@Denied: (2) (Administrator)
"Hash"="ZS3saDDTZiw="
"ProgId"="VLC.mxf"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nsv\UserChoice]
@Denied: (2) (Administrator)
"Hash"="tDNXty4TwWg="
"ProgId"="VLC.nsv"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nuv\UserChoice]
@Denied: (2) (Administrator)
"Hash"="1+RHe63hNy0="
"ProgId"="VLC.nuv"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\UserChoice]
@Denied: (2) (Administrator)
"Hash"="+ka3bWW71e8="
"ProgId"="VLC.oga"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (Administrator)
"Hash"="AXZw3TqzNZI="
"ProgId"="VLC.ogg"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
@Denied: (2) (Administrator)
"Hash"="MYBoukqcSG0="
"ProgId"="VLC.ogm"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv\UserChoice]
@Denied: (2) (Administrator)
"Hash"="rGnOyWb7ss4="
"ProgId"="VLC.ogv"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogx\UserChoice]
@Denied: (2) (Administrator)
"Hash"="QYd4QO4JVZk="
"ProgId"="VLC.ogx"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oma\UserChoice]
@Denied: (2) (Administrator)
"Hash"="gPtMyswCIx0="
"ProgId"="VLC.oma"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.opus\UserChoice]
@Denied: (2) (Administrator)
"Hash"="uSuyjo26v/s="
"ProgId"="VLC.opus"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oxps\UserChoice]
@Denied: (2) (Administrator)
"Hash"="K7uJ0B8orrY="
"ProgId"="AppX86746z2101ayy2ygv3g96e4eqdf8r99j"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
@Denied: (2) (Administrator)
"Hash"="nLlWa2qSLNE="
"ProgId"="AppX86746z2101ayy2ygv3g96e4eqdf8r99j"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Hash"="PEoAgkthuKI="
"ProgId"="VLC.pls"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Hash"="u2aPsEsAguA="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="QJHXwXeOJro="
"ProgId"="VLC.qcp"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice]
@Denied: (2) (Administrator)
"Hash"="vZZVy5S/z3s="
"ProgId"="VLC.ram"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rec\UserChoice]
@Denied: (2) (Administrator)
"Hash"="tbihOHDzyDs="
"ProgId"="VLC.rec"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
@Denied: (2) (Administrator)
"Hash"="ATLaUh9upXU="
"ProgId"="VLC.rm"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RMI\UserChoice]
@Denied: (2) (Administrator)
"Hash"="oNfM7qK9/MY="
"ProgId"="VLC.rmi"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]
@Denied: (2) (Administrator)
"Hash"="oz1eDXIv2L4="
"ProgId"="VLC.rmvb"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.s3m\UserChoice]
@Denied: (2) (Administrator)
"Hash"="6v3iEv/gfsE="
"ProgId"="VLC.s3m"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="nv8kgjOMhBk="
"ProgId"="VLC.sdp"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SND\UserChoice]
@Denied: (2) (Administrator)
"Hash"="ERqjdFYxz/4="
"ProgId"="VLC.snd"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (Administrator)
"Hash"="WsW1/QGWKwg="
"ProgId"="VLC.spx"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Hash"="LNOCNf25xXA="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (Administrator)
"Hash"="sLF0u6Faygk="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tod\UserChoice]
@Denied: (2) (Administrator)
"Hash"="9r/E24t2WDg="
"ProgId"="VLC.tod"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Hash"="1V5rp7d3CtU="
"ProgId"="VLC.ts"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice]
@Denied: (2) (Administrator)
"Hash"="VdAUmf7xuzU="
"ProgId"="VLC.tta"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Hash"="k/pxSRzfO3I="
"ProgId"="VLC.tts"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vlc\UserChoice]
@Denied: (2) (Administrator)
"Hash"="WAHF+oWNlFU="
"ProgId"="VLC.vlc"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
@Denied: (2) (Administrator)
"Hash"="3k5u0ACF1Z8="
"ProgId"="VLC.vob"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.voc\UserChoice]
@Denied: (2) (Administrator)
"Hash"="N5h41tMeVr4="
"ProgId"="VLC.voc"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vqf\UserChoice]
@Denied: (2) (Administrator)
"Hash"="pLqI47b/NCs="
"ProgId"="VLC.vqf"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vro\UserChoice]
@Denied: (2) (Administrator)
"Hash"="IW7tB/9Y1MA="
"ProgId"="VLC.vro"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.w64\UserChoice]
@Denied: (2) (Administrator)
"Hash"="gUna1z1S+rE="
"ProgId"="VLC.w64"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Hash"="oe1nwBGLXMQ="
"ProgId"="VLC.wav"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice]
@Denied: (2) (Administrator)
"Hash"="vth/xN0A0xY="
"ProgId"="AppX9vdwcvrwnbettpahnt26jswq0n8hgyah"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice]
@Denied: (2) (Administrator)
"Hash"="UuboBzKdrz8="
"ProgId"="VLC.webm"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Hash"="9wid+DhRht4="
"ProgId"="AppXhjhjmgrfm2d7rd026az898dy2p1pcsyt"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Hash"="3Z5pOrno8dY="
"ProgId"="VLC.wma"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Hash"="0kpysz3PHd0="
"ProgId"="VLC.wmv"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WPL\UserChoice]
@Denied: (2) (Administrator)
"Hash"="UCVY/t36vDQ="
"ProgId"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv\UserChoice]
@Denied: (2) (Administrator)
"Hash"="/wDJphszZrA="
"ProgId"="VLC.wv"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xa\UserChoice]
@Denied: (2) (Administrator)
"Hash"="gco0iz14ao8="
"ProgId"="VLC.xa"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xm\UserChoice]
@Denied: (2) (Administrator)
"Hash"="6XbPpbvcJ68="
"ProgId"="VLC.xm"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xps\UserChoice]
@Denied: (2) (Administrator)
"Hash"="f5QTGlQob60="
"ProgId"="AppX86746z2101ayy2ygv3g96e4eqdf8r99j"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xspf\UserChoice]
@Denied: (2) (Administrator)
"Hash"="50GMJDxhgso="
"ProgId"="VLC.xspf"
.
[HKEY_USERS\S-1-5-21-2820630609-4071064511-995940322-500CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\UserChoice]
@Denied: (2) (Administrator)
"Hash"="b4iP0kh/u78="
"ProgId"="IZArcZIP"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Heure de fin: 2013-07-29 23:34:26
ComboFix-quarantined-files.txt 2013-07-29 21:34
.
Avant-CF: 585 960 128 512 octets libres
Après-CF: 585 834 799 104 octets libres
.
- - End Of File - - 351962419ABA1B0231E985120DB9AF02
D41D8CD98F00B204E9800998ECF8427E

--------------------------------------------------------------------------------------------------
WaterMan

Re: Mon ordinateur est-il infecté ?

par WaterMan »

Merci d'ores et déjà de votre aide précieuse.

J'ai conscience que les rapports sont longs, c'est la manière la plus simple que j'ai trouvée pour vous les donner.

Bonne journée à vous ou bonne nuit.

A bientôt
WaterMan

Re: Mon ordinateur est-il infecté ?

par WaterMan »

Ahhhhhhhhhhhhhhh, j'oubliais.

J'utilise "Avast Antivirus" (à jour) mais il n'a rien trouvé non plus.

(j'espère que je n'ai rien oublié)
Malekal_morte
Messages : 112148
Inscription : 10 sept. 2005 13:57

Re: Mon ordinateur est-il infecté ?

par Malekal_morte »

Salut,

Les rapports sont OK.
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
WaterMan

Re: Mon ordinateur est-il infecté ?

par WaterMan »

Bonjour,

Quelqu'un aurait une solution ? Pour mon problème ? Si je dois mettre ce problème dans une autre rubrique, je m'exécuterai.

Mon ordi n'est pas infecté, bien. Mais si je pouvais supprimer ce fichier, j'apprécierais (ou est-ce tout simplement normal ?).

Un grand merci pour votre aide.
Malekal_morte
Messages : 112148
Inscription : 10 sept. 2005 13:57

Re: Mon ordinateur est-il infecté ?

par Malekal_morte »

Tu as essayé de le virer en mode sans échec ou avec unlocker ?
Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
WaterMan

Re: Mon ordinateur est-il infecté ?

par WaterMan »

Bonjour,

J'ai essayé d'utiliser "ccleaner" en mode sans échec, cela conduit exactement à la même chose ("ccleaner" en nettoyage de l'espace libre tournerait sans doute à l'infini, et l'ordi avec, si je ne l'avais pas arrêter... ; et je me permets d'ajouter que j'avais choisi le nettoyage de l'espace libre le plus simple et le plus rapide ...).

Il suffit d'arrêter "ccleaner" et le dossier (le ".z") disparait de lui-meme. Mais cela ne règle pas le problème.

Je pense qu'il s'agit d'une incompatibilité "ccleaner" + "windows 8" (ou tout simplement d'un nettoyage impossible de l'espace libre sous "windows 8").

J'ai même essayer de supprimer plusieurs de mes sessions (j'en avais une en mode "administrateur" et 3 autres en mode "accès limité"). Après avoir supprimé les 3 sessions "accès limité", j'ai pensé que je pourrais faire ce nettoyage ... Et bien que neni, toujours impossible.

Mais je ne desespère pas.

Si vous avez une idée, je suis preneur (autre que tout réinstaller le système, mais j'y ai pensé ...).

A bientôt
WaterMan

Re: Mon ordinateur est-il infecté ?

par WaterMan »

Bonsoir,

Je viens de me rendre compte que je n'ai peut-être pas été assez clair.

Le dossier ".Z" est ineffaçable (avec ces sous-dossiers en ".ZZZZ.ZZZ.Z" et autres "ZZ.ZZZZZZZ.ZZZ"), car quelque chose construit sans cesse des sous-dossiers ...). Cela est valable tout pendant que "ccleaner" est en cours d'exécution. Pour info, tous les sous-dossiers font 1 ko ou 1 mo.

Il suffit d'arrêter "ccleaner" et le dossier disparaît de lui-même (sans que j'aie à l'effacer, c'est ce que je trouve bizarre). Que je sois en mode sans échec ou non !

Voilà. J'espère que cela est un peu plus clair.

Mais, me direz-vous, il suffit de ne pas utiliser "ccleaner" ! Oui, certes, mais cela ne résout pas mon problème car je souhaite toujours nettoyer l'espace libre.

Allez, bonne nuit ou bonne journée
Malekal_morte
Messages : 112148
Inscription : 10 sept. 2005 13:57

Re: Mon ordinateur est-il infecté ?

par Malekal_morte »

Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus
Windows 11 : Compatibilité, Configuration minimale requise, télécharger ISO et installer Windows 11

Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.
  • Sujets similaires
    Réponses
    Vues
    Dernier message

Revenir à « Supprimer/Desinfecter les virus (Trojan, Adwares, Ransomwares, Backdoor, Spywares) »