Rapport de ZHPDiag v2013.4.14.74 par Nicolas Coolman, Update du 13/04/2013 Run by D at 02/09/2013 21:48:43 State : Nouvelle version disponible High Elevated Privileges : OK UAC : Deactivate by user ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 GCIE: Google Chrome v29.0.1547.62 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows Vista Home Premium Edition, 64-bit Service Pack 2 (Build 6002) Windows Server License Manager Script : OK Windows Automatic Updates : OK ---\\ System Protection AVG 2013 v13.0.3222 Malwarebytes Anti-Malware version 1.75.0.1300 ---\\ System Optimizer CCleaner v3.17 ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 17 ---\\ System Information ~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4093 MB (55% free) System Restore: Activé (Enable) System drive C: has 265 GB (58%) free of 451 GB ---\\ Logged in mode ~ Computer Name: PC-DE-D ~ User Name: D ~ All Users Names: UpdatusUser, D, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\D\AppData\Roaming\ ~ %Desktop% : C:\Users\D\Desktop\ ~ %Favorites% : C:\Users\D\Favorites\ ~ %LocalAppData% : C:\Users\D\AppData\Local\ ~ %StartMenu% : C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 265 Go of 451 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 14 Go) E:\ CD-ROM drive (Not Inserted) J:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.6B08E54A451B3F95E4109DBA7E594270] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 08:10:17.) -- C:\Windows\Explorer.exe [3079168] [MD5.117EA87DF785CA1B9D821F6F213DCE07] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:50:23.) -- C:\Windows\System32\Wininit.exe [123904] [MD5.CA87556BBA37D1B4F67C331186618673] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/07/2013 - 04:30:49.) -- C:\Windows\System32\wininet.dll [1392128] [MD5.6D0773A3A65D28B663F334C90441D01A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 08:11:08.) -- C:\Windows\System32\Winlogon.exe [405504] [MD5.C4F6CE6087760AD70960C9EB130E7943] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.03/01/2012 - 15:25:21.) -- C:\Windows\system32\Drivers\AFD.sys [404992] [MD5.E68D9B3A3905619732F7FE039466A623] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 08:15:00.) -- C:\Windows\system32\Drivers\atapi.sys [20952] [MD5.B4D787DB8D30793A4D4DF9FEED18F136] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:50:39.) -- C:\Windows\system32\Drivers\Cdfs.sys [90624] [MD5.C025AA69BE3D0D25C7A2E746EF6F94FC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 06:34:39.) -- C:\Windows\system32\Drivers\Cdrom.sys [79872] [MD5.8B722BA35205C71E7951CDC4CDBADE19] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 16:14:19.) -- C:\Windows\system32\Drivers\DfsC.sys [97792] [MD5.F942C5820205F2FB453243EDFEC82A3D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 06:39:41.) -- C:\Windows\system32\Drivers\HDAudBus.sys [948736] [MD5.CBB597659A2713CE0C9CC20C88C7591F] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:46:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [64000] [MD5.B7E6212F581EA5F6AB0C3A6CEEEB89BE] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:48:45.) -- C:\Windows\system32\Drivers\IpNat.sys [115712] [MD5.1485811B320FF8C7EDAD1CAEBB1C6C2B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:39:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [135680] [MD5.FC2C792EBDDC8E28DF939D6A92C83D61] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 06:42:33.) -- C:\Windows\system32\Drivers\netBT.sys [248320] [MD5.2ACCAA3C3C55370A32F17B3595E1A217] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:13:14.) -- C:\Windows\system32\Drivers\ntfs.sys [1513320] [MD5.AECD57F94C887F58919F307C35498EA0] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 10:37:57.) -- C:\Windows\system32\Drivers\Parport.sys [96768] [MD5.AC7BC4D42A7E558718DFDEC599BBFC2C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/04/2009 - 06:43:38.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928] [MD5.C045D1FB111C28DF0D1BE8D4BDA22C06] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:46:51.) -- C:\Windows\system32\Drivers\rdpdr.sys [314368] [MD5.290B6F6A0EC4FCDFC90F5CB6D7020473] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 06:42:19.) -- C:\Windows\system32\Drivers\smb.sys [88064] [MD5.458919C8C42E398DC4802178D5FFEE27] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 06:43:00.) -- C:\Windows\system32\Drivers\tdx.sys [94720] [MD5.582F710097B46140F5A89A19A6573D4B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:50:57.) -- C:\Windows\system32\Drivers\volsnap.sys [267648] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/1336 ~ Mes musiques (My Musics) : 463/4032 ~ Mes Favoris (My Favorites) : 1/25 ~ Mes Documents (My Documents) : 1/593 ~ Mon Bureau (My Desktop) : 1/17 ~ Menu demarrer (Programs) : 1/44 ~ Hidden Files: Scanned in 00mn 05s ---\\ Processus lancés [MD5.C72FB9CC856ECFF3B6459B27CB674638] - (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\iSlim310\Monitor.exe [323584] [PID.2656] [MD5.8FEDBE7A5D3E5F91FD4B96DAFA4DD197] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576] [PID.2712] [MD5.672593A4AAAB8DC8C0A5C4C1AD0A6048] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [18680424] [PID.2720] [MD5.12F7274EFF53BD6AA89D7608CFE1D678] - (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe [1811880] [PID.2732] [MD5.65A17BCAF3CEE4C0A771F3B84CB24E30] - (.WIBU-SYSTEMS AG - WkSvMgr.) -- C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe [5724472] [PID.2752] [MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.3000] [MD5.CD441BF2F5CFD46B5105891DDFFDFBA2] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1328424] [PID.3060] [MD5.017335C7AEFA8ED76750DB95A78D6BFA] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640] [PID.3068] [MD5.F0E2D55BB5C7E106E92DF972C1B277A6] - (.CyberLink Corp. - HP DVDSmart Resident Program.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200] [PID.2092] [MD5.690A6DF02625A46ABEE250C6151B7FBA] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe [54576] [PID.1188] [MD5.48BE298F7FD1BEF4D8FBACB04D8D95C4] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576] [PID.2312] [MD5.0DCAC41EB58A45049BD7FF665C32D5F4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736] [PID.2280] [MD5.288D8A54FE326AE26AD43F348E646147] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440] [PID.2168] [MD5.AD8BD96B41C40AC36D803DF267B26EF0] - (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2254768] [PID.2428] [MD5.48E6868781B4E8BF4B77DBEC7694BCE8] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295072] [PID.2472] [MD5.A3A82800FF19B26B94D2327A2F11067E] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [821144] [PID.1640] [MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848] [PID.608] [MD5.11E8D8272FDBE213ADE3DAD91427CE35] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [11322880] [PID.2324] [MD5.2337EC951C4AF6E1AF65D10BD9615BEB] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [11314688] [PID.5000] [MD5.5DFE72B9F1FF669070FC032090B7B982] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507312] [PID.5076] [MD5.10D3C280F455CAF65756362C4023918C] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [310944] [PID.1948] [MD5.34C855FF55E59C36647EC9E8748DC3C3] - (.Pas de propriétaire - PVP.net Patcher Kernel.) -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe [1300376] [PID.284] [MD5.2BD54868285B7E988AEB365A82F07660] - (.Pas de propriétaire - PVP.net Patcher.) -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.177\deploy\LoLLauncher.exe [2693008] [PID.1520] [MD5.5B93A9C1BB894EFA4D6429EEADA5007C] - (...) -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.38\deploy\LolClient.exe [74752] [PID.4504] [MD5.050D1C454A49D4DF8EB5222D352B6630] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [917400] [PID.3212] [MD5.57785A015DED82C287761CA1BD02D532] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.6696] [MD5.D8425B8D6DC2AA8D871363B0775BCF18] - (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe [1861512] [PID.6404] [MD5.0B8FAC5A31E7ED0EA42F8BC46EC80F0F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6747136] [PID.7744] [MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.504] [MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [63960] [PID.964] [MD5.3DEBBECF665DCDDE3A95D9B902010817] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55144] [PID.2100] [MD5.4DB93F4DB7077801D2D82013506AC1D0] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312] [PID.2868] [MD5.48939D9F350AEF9370F03A1E49A49BE2] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136] [PID.2640] [MD5.1355EBE184F9DAB1718BC587F8A7E05E] - (.MAGIX AG - Verzeichnisüberwachung und Hilfsaufgaben fü.) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376] [PID.1300] [MD5.88D586E3D6EE17D5C7B8540F72F49148] - (...) -- C:\Program Files (x86)\RIFT Technologies\InstallClick Connector\installclick.exe [149872] [PID.3196] [MD5.DFEFF67508D3A9AEB1A85D7B0F513B24] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.3264] [MD5.3A2BDD76E7D2A5F40A7174793D1BA794] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [75136] [PID.3388] [MD5.27F1BE4A53441C9F1F48B9ADC145B0A5] - (...) -- C:\Windows\SysWOW64\PnkBstrB.exe [189248] [PID.3456] [MD5.A0FF419B61AE47E26ADF3BB15DB4F2FE] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608] [PID.3504] [MD5.EC25ED59540DB3D4797795335409FD64] - (.WIBU-SYSTEMS AG - WibuKey Network server management.) -- C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe [587264] [PID.3832] [MD5.173F13CDEBF8E067629462E9D6E481CB] - (...) -- C:\Program Files (x86)\RIFT Technologies\InstallClick Connector\installclick-connector.exe [769392] [PID.5824] ~ Processes Running: Scanned in 00mn 02s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\D\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] None ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\q3qikadi.default\prefs.js M2 - MFEP: prefs.js [D - q3qikadi.default\en-GB@dictionaries.addons.mozilla.org] [] British English Dictionary v1.19.1 (..) M2 - MFEP: prefs.js [D - q3qikadi.default\firefox@tvunetworks.com] [] TVU Web Player v2,5,3,1 (..) P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll ~ Firefox Browser: 22 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1 ~ IE Browser: 14 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 4 ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe (.not file.) O4 - HKLM\..\Run: [HP Remote Software] . (.Pas de propriétaire - Core functionality module for HP Remote sof.) -- C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe O4 - HKLM\..\Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (.not file.) O4 - HKLM\..\Run: [iSlim310_Monitor] . (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\iSlim310\Monitor.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe O4 - HKCU\..\Run: [Megakey] C:\Users\D\AppData\Local\Megamedia\Megakey\Megakey.exe (.not file.) O4 - HKCU\..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo desktop\1.6.55.1183\Badoo.desktop.exe (.not file.) O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\D\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\D\AppData\Local\Google\Update\GoogleUpdate.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe O4 - HKLM\..\Wow6432Node\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe O4 - HKLM\..\Wow6432Node\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [UpdatePDIRShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe O4 - HKLM\..\Wow6432Node\Run: [TSMAgent] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe O4 - HKLM\..\Wow6432Node\Run: [CLMLServer for HP TouchSmart] . (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe O4 - HKLM\..\Wow6432Node\Run: [DVDAgent] . (.CyberLink Corp. - HP DVDSmart Resident Program.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5.5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5.5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe Acrobat Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Megakey] C:\Users\D\AppData\Local\Megamedia\Megakey\Megakey.exe (.not file.) O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo desktop\1.6.55.1183\Badoo.desktop.exe (.not file.) O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\D\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\D\AppData\Local\Google\Update\GoogleUpdate.exe O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: CyberLink DVD Suite Deluxe.lnk . (.CyberLink - PowerStarter.) -- C:\Program Files (x86)\Cyberlink\CyberLink DVD Suite Deluxe\PowerStarter.exe O4 - GS\QuickLaunch: HP MediaSmart.lnk . (...) -- c:\Windows\Installer\{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}\_BD15A4BF3888028F418EC7.exe O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Programs: Spotify.lnk . (.Spotify Ltd - Spotify.) -- C:\Users\D\AppData\Roaming\Spotify\spotify.exe O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - GS\QuickLaunch: Adobe Master Collection CS5.5 - Raccourci.lnk . (...) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5.5 O4 - GS\QuickLaunch: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\Windows\twain_32\escndv\escndv.exe O4 - GS\QuickLaunch: Paint.lnk . (.Microsoft Corporation - Paint.) -- C:\Windows\System32\mspaint.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - GS\SendTo: WinSCP (for upload).lnk . (.Martin Prikryl - WinSCP: SFTP, FTP and SCP client.) -- C:\Program Files (x86)\WinSCP\WinSCP.exe O4 - GS\Desktop: EMPIRES2 - Raccourci.lnk . (.Microsoft Corporation - Age of Empires II.) -- C:\Program Files (x86)\Microsoft Games\Age of Empires II\EMPIRES2.exe ~ Global Startup: Scanned in 00mn 01s ---\\ Winsock hijacker (Layered Service Provider) (O10) ~ Winsock: 7 Legitimates Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{964FC93A-6602-4C30-A2E5-0659BFCEFE6D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{964FC93A-6602-4C30-A2E5-0659BFCEFE6D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{791B1F78-4353-4B89-A6F6-8AA6BC8B6413}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS3\Services\Tcpip\..\{964FC93A-6602-4C30-A2E5-0659BFCEFE6D}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) ~ SSODL: 1 Legitimates Scanned in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon [64Bits] - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: JumpStart Push-Button Service (jswpbapi) . (.Atheros Communications, Inc. - JumpStart PushButton Service.) - C:\Program Files (x86)\Jumpstart\jswpbapi.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) . (...) - C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (.not file.) O23 - Service: Norton Internet Security (Norton Internet Security) . (...) - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (.not file.) O23 - Service: WireHelpSvc (WireHelpSvc) . (...) - C:\Program Files\Common Files\WireHelpSvc.exe O23 - Service: WibuKey Server (WkSvw32.exe) . (.WIBU-SYSTEMS AG - WibuKey Network server management.) - C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe ~ Services: 21 Legitimates Scanned in 00mn 05s ---\\ Enumération Active Desktop & MHTML Editor (O24) ~ Desktop Component: 1 Legitimates Scanned in 00mn 00s ---\\ BootExecute (O34) ~ BEX: 1 Legitimates Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) [MD5.C1028CBDF27FCF0AA6D39DF121D0B134] [APT] [RecoveryCD] (...) -- C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [25656] ~ Scheduled Task: 29 Legitimates Scanned in 00mn 02s ---\\ Composants installés (ActiveSetup Installed Components) (O40) ~ Active Setup: 11 Legitimates Scanned in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (AVGIDSDriver) . (...) - C:\Windows\System32\DRIVERS\avgidsdrivera.sys O41 - Driver: (SRTSP) . (. - .) - C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.sys (.not file.) O41 - Driver: (SRTSPX) . (. - .) - C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.sys (.not file.) ~ Drivers: 81 Legitimates Scanned in 00mn 03s ---\\ Logiciels installés (O42) O42 - Logiciel: BrowseToSave - (...) [HKLM][64Bits] -- {860A009E-B68B-4F95-AD7E-FEA95DE92268} O42 - Logiciel: Coupish - (...) [HKLM][64Bits] -- Coupish O42 - Logiciel: DWGSee Pro 2013 - (.AutoDWG.) [HKLM][64Bits] -- {70EB46F3-F900-411A-A10C-A9F612D49430} O42 - Logiciel: ESL Wire 1.11.1 - (.Turtle Entertainment GmbH.) [HKLM][64Bits] -- ESL Wire_is1 O42 - Logiciel: FBX Plugin 2006.08 for Max 9.0 - (...) [HKLM][64Bits] -- FBX Plugin 2006.08 for Max 9.0 O42 - Logiciel: Pando Media Booster - (.Pando Networks Inc..) [HKLM][64Bits] -- {980A182F-E0A2-4A40-94C1-AE0C1235902E} O42 - Logiciel: iSlim 310 - (.KYE.) [HKLM][64Bits] -- {BD4B921E-5A26-4AD2-AD04-C1591443573A} O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKLM][64Bits] -- uTorrent ~ Logic: 220 Legitimates Scanned in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Alias] [HKCU\Software\BitTorrent] [HKCU\Software\CarbonGames] [HKCU\Software\Coupish] [HKCU\Software\ESL Wire] [HKCU\Software\Pando Networks] [HKLM\Software\Automobile] [HKLM\Software\Dog] [HKLM\Software\Watch] [HKLM\Software\Wow6432Node\Discreet] [HKLM\Software\Wow6432Node\KYE] [HKLM\Software\Wow6432Node\Pando Networks] [HKLM\Software\Wow6432Node\Valve Lan] [HKLM\Software\Wow6432Node\WinSte] ~ Key Software: 375 Legitimates Scanned in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 13/07/2011 - 15:55:52 - [0,949] ----D C:\Program Files (x86)\Coupish O43 - CFD: 19/05/2013 - 22:02:32 - [0] ----D C:\Program Files (x86)\dumps O43 - CFD: 20/05/2011 - 22:21:50 - [10,281] ----D C:\Program Files (x86)\islim 310 O43 - CFD: 19/05/2011 - 20:11:45 - [7,186] ----D C:\Program Files (x86)\Pando Networks O43 - CFD: 07/05/2013 - 08:01:56 - [0,765] ----D C:\Program Files (x86)\uTorrent O43 - CFD: 21/01/2012 - 15:12:48 - [0,000] ----D C:\ProgramData\ESL Wire O43 - CFD: 16/12/2012 - 12:29:35 - [0] ----D C:\Users\D\AppData\Roaming\Carbon O43 - CFD: 30/07/2011 - 15:41:00 - [0,204] ----D C:\Users\D\AppData\Roaming\Sites O43 - CFD: 18/05/2013 - 17:15:39 - [9,323] ----D C:\Users\D\AppData\Roaming\uTorrent O43 - CFD: 23/01/2012 - 18:31:11 - [0,907] ----D C:\Users\D\AppData\Local\ESL Wire Game Client O43 - CFD: 25/12/2012 - 15:24:13 - [0,303] ----D C:\Users\D\AppData\Local\GS-LW-Temp O43 - CFD: 28/03/2013 - 21:27:04 - [0] --HAD C:\Users\D\AppData\Local\noNYHC1PQiJt O43 - CFD: 06/09/2011 - 21:58:26 - [0] ----D C:\Users\D\AppData\Local\uTorrent ~ Program Folder: 280 Legitimates Scanned in 01mn 48s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.745C70A8A794B559E2BC9679818498AE] - 02/09/2013 - 20:44:57 ---A- . (...) -- C:\RstHosts.txt [680] O44 - LFC:[MD5.6C20D8881C550A4F7394047D80621156] - 02/09/2013 - 11:54:03 ---A- . (...) -- C:\log2.txt [115] O44 - LFC:[MD5.2D8BF125A8C7C7F9C539D72C0D32597C] - 29/08/2013 - 17:41:08 ---A- . (...) -- C:\UsbFix [Clean 4] PC-DE-D.txt [23134] O44 - LFC:[MD5.5BC3E10273210D934FA68E1E8B042264] - 28/08/2013 - 12:45:31 ----- . (...) -- C:\UsbFix [Scan 5] PC-DE-D.txt [16787] O44 - LFC:[MD5.754F1C0FC39AA5AE6F8B2AA82501DE34] - 25/08/2013 - 15:18:35 ----- . (...) -- C:\UsbFix [Clean 3] PC-DE-D.txt [47912] O44 - LFC:[MD5.CD4947A4CFD9205D010B91F0DD29D1E2] - 25/08/2013 - 15:13:08 ----- . (...) -- C:\UsbFix [Scan 4] PC-DE-D.txt [16200] O44 - LFC:[MD5.731D3D7F2414CAD3BE52AAC5067E532A] - 07/08/2013 - 22:32:03 ----- . (...) -- C:\UsbFix [Clean 2] PC-DE-D.txt [47383] O44 - LFC:[MD5.C4DFED004EACA831DA7975D2E8E1484D] - 07/08/2013 - 22:30:05 ----- . (...) -- C:\UsbFix [Scan 3] PC-DE-D.txt [16035] O44 - LFC:[MD5.FFB012AD70C6A298D340BD37408D4A07] - 05/08/2013 - 15:10:57 ----- . (...) -- C:\UsbFix [Clean 1] PC-DE-D.txt [23595] O44 - LFC:[MD5.7124A435EDC9B24B4D87ADAA5C7CB838] - 05/08/2013 - 15:00:23 ----- . (...) -- C:\UsbFix [Scan 2] PC-DE-D.txt [17585] ~ Files: 87 Legitimates Scanned in 00mn 05s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.4611589D3C0869BD7547EAD0E6C034B5] - 02/09/2013 - 11:56:40 ---A- - C:\Windows\Prefetch\RICHVI~1.EXE-4ABD8B87.pf O45 - LFCP:[MD5.E347D9262AA05A3E11E774CE759183FF] - 02/09/2013 - 12:49:09 ---A- - C:\Windows\Prefetch\HPHC_SCHEDULER.EXE-9CA193C9.pf O45 - LFCP:[MD5.A6942BEA21010B123370D8E39CA0B967] - 02/09/2013 - 16:46:13 ---A- - C:\Windows\Prefetch\PMB.EXE-C5A7F854.pf O45 - LFCP:[MD5.E43853E21A95A34E51A27DA6279A22E1] - 02/09/2013 - 17:13:55 ---A- - C:\Windows\Prefetch\SC2SWITCHER.EXE-72371F9A.pf O45 - LFCP:[MD5.BEDB24F2FF10185952FDEF7FC8C5DBEB] - 02/09/2013 - 17:13:56 ---A- - C:\Windows\Prefetch\SC2.EXE-2B6AD48D.pf O45 - LFCP:[MD5.9ED4161630954602F8793F8E615977F7] - 02/09/2013 - 20:44:54 ---A- - C:\Windows\Prefetch\RSTHOSTS.EXE-FC264D40.pf ~ Prefetcher: 99 Legitimates Scanned in 00mn 00s ---\\ Déni du service (Local Security Authority) (O48) ~ LSA: 7 Legitimates Scanned in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) ~ CBS: 13 Legitimates Scanned in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{0f6d2ea1-0ef0-11e3-93e2-00ff01000001}\AutoRun\command. (...) -- G:\autorun.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) ~ TDSD: 4 Legitimates Scanned in 00mn 00s ---\\ Microsoft Control Security Providers (O54) ~ MSCP: 2 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 ~ MWPS: 18 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 8 Legitimates Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.F14215E37CF124104575073F782111D2] - 21/01/2008 - 03:46:53 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [486456] O58 - SDL:[MD5.1E6438D4EA6E1174A3B3B1EDC4DE660B] - 18/03/2009 - 16:35:42 --HA- . (.LogMeIn, Inc. - Hamachi Virtual Network Interface Driver.) -- C:\Windows\System32\hamachi.sys [33856] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 01/09/2013 - 11:53:34 ---A- C:\Users\D\AppData\Roaming\Media Player Classic\default.mpcpl [77] O61 - LFC: 02/09/2013 - 12:46:50 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [268187] O61 - LFC: 02/09/2013 - 16:46:04 ---A- C:\Users\D\AppData\Local\PMB Files\cert\secmod.db [16384] O61 - LFC: 02/09/2013 - 17:16:06 ---A- C:\Users\D\AppData\Local\PMB Files\pando.save [851] O61 - LFC: 02/09/2013 - 17:16:07 ---A- C:\Users\D\AppData\Local\PMB Files\cert\cert8.db [65536] O61 - LFC: 02/09/2013 - 17:16:07 ---A- C:\Users\D\AppData\Local\PMB Files\cert\key3.db [16384] O61 - LFC: 02/09/2013 - 20:46:39 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\Local State [41941] O61 - LFC: 02/09/2013 - 20:46:39 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4] O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_pnacl_json [379] O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtbeginS_o [2432] O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o [2008] O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o [2120] O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtendS_o [1343] O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o [1342] O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe [2221512] O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a [6416] O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a [46812] O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_eh_a [234888] O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a [167354] O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a [1710] O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe [8944040] O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\manifest.fingerprint [66] O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\manifest.json [575] O61 - LFC: 30/08/2013 - 15:03:35 ---A- C:\Users\D\CV Thomas VINCE.doc [413696] O61 - LFC: 31/08/2013 - 14:06:10 ---A- C:\Users\D\Downloads\ZHPDiag2(1).exe [5074768] ~ 1 Fichiers temporaires (Temporary files) ~ Files: 262 Legitimates Scanned in 00mn 17s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - SosVirus.net.) [HKLM] -- Usbfix O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 28/11/2011 - C:\Windows\system32\drivers\ESLWireACD.sys (ESLWireAC) .(. - EslWireACD.) - LEGACY_ESLWIREAC O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (SRTSP) .(...) - LEGACY_SRTSP O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (SRTSPX) .(...) - LEGACY_SRTSPX ~ Legacy: 84 Legitimates Scanned in 00mn 01s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.) ~ FASS Keys: 21 Legitimates Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com O69 - SBI: SearchScopes [HKCU] {37C5A1D9-DC2B-4C82-A911-64F4C83E0F96} - (Yahoo!) - http://fr.search.yahoo.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche des services démarrés par Svchost (O83) ~ Services: 31 Legitimates Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.262BB712BB373AA91888FBD36BC101A9] [SPRF][08/08/2012] (...) -- C:\ProgramData\nvModes.dat [56499] [MD5.01145E4C20F362FCED9078B0B7DAEB6C] [SPRF][12/02/2013] (...) -- C:\Users\D\AppData\Local\d3d9caps.dat [680] [MD5.02A2128B3D3575C8050CA3EF3CC7E2A7] [SPRF][21/04/2013] (...) -- C:\Users\D\AppData\Roaming\wklnhst.dat [848] [MD5.F7AF924D0D951FF8F7B05AD2E4FF50D3] [SPRF][01/09/2013] (...) -- C:\Users\D\Desktop\adwcleaner.exe [994642] [MD5.A77C1DCDE677571807CEBFDC3357EA87] [SPRF][01/09/2013] (.Thisisu - Junkware Removal Tool.) -- C:\Users\D\Desktop\JRT.exe [1027511] [MD5.0A170D9B50B29C5209248D95417C16DA] [SPRF][02/09/2013] (...) -- C:\Users\D\Desktop\rsthosts.exe [353632] [MD5.E79F77AB73F46E9760C199C2DE8FCB5C] [SPRF][05/08/2013] (.El Desaparecido - SosVirus.net - UsbFix - Remove malware from yours drive!.) -- C:\Users\D\Desktop\usbfix.exe [1030081] [MD5.3317698F2090DD811F0AA93190E13C82] [SPRF][05/03/2005] (.Microsoft Corporation - Microsoft GDI+.) -- C:\Windows\Downloaded Program Files\gdiplus.dll [1706800] [MD5.55A78B0E5AE741DDE96E2D9345602F5F] [SPRF][05/03/2005] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\Windows\Downloaded Program Files\IDropENU.dll [114848] ~ Files: Scanned in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{98272926-B5E0-4FB3-9423-0A23D23D1872}" | In - None - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "TCP Query User{2E78396A-9E35-46C9-8E99-95B7F0D7CC9F}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe (.not file.) O87 - FAEL: "UDP Query User{94973952-4977-49FE-979E-CFBF270729E5}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe (.not file.) O87 - FAEL: "TCP Query User{5E6CDFEF-48EC-46A6-9403-2CE8B1945AA6}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe (.not file.) O87 - FAEL: "UDP Query User{0403306C-1167-414C-9EFC-BFEEF9705ECE}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe (.not file.) O87 - FAEL: "TCP Query User{2E1753EC-5D96-43E1-9D9E-8E6B39185A9A}C:\program files (x86)\mirc\mirc.exe" | In - Private - P6 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\program files (x86)\mirc\mirc.exe O87 - FAEL: "UDP Query User{A1DB468A-BE58-48F4-8EA6-B9D0DD3E1A11}C:\program files (x86)\mirc\mirc.exe" | In - Private - P17 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\program files (x86)\mirc\mirc.exe O87 - FAEL: "TCP Query User{6A3544EA-8CA3-420E-96C0-E004AA326361}C:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe (.not file.) O87 - FAEL: "UDP Query User{0E2529BC-08E9-45DC-94E7-79B11BC82C75}C:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe (.not file.) O87 - FAEL: "TCP Query User{04DA2681-EFBC-4AE3-8FAC-8F21943D6E94}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe (.not file.) O87 - FAEL: "UDP Query User{C670AA7D-7B99-4CE5-9B35-F2D731438FEF}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe (.not file.) O87 - FAEL: "{78C6898F-1852-40B7-A8CC-006749527044}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe O87 - FAEL: "{D3192925-2025-4070-8032-E36593085328}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe O87 - FAEL: "{629A238F-634F-41F7-8458-3DFA4B4FB432}" | In - None - P17 - TRUE | .(.Turtle Entertainment GmbH - ESL Wire Gaming Client.) -- C:\Program Files\EslWire\wire.exe O87 - FAEL: "{37939B3F-6453-4B1A-B8C8-4AF89CBC54EE}" | Out - None - P17 - TRUE | .(.Turtle Entertainment GmbH - ESL Wire Gaming Client.) -- C:\Program Files\EslWire\wire.exe O87 - FAEL: "TCP Query User{3B9E7C94-DDDA-4F8F-9E57-B63B8DF73752}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe (.not file.) O87 - FAEL: "UDP Query User{118E53A6-7C7B-4A05-9F90-C462B2869805}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe (.not file.) O87 - FAEL: "TCP Query User{09C7D4D9-C447-4BBE-B194-7ABBF50A0078}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe (.not file.) O87 - FAEL: "UDP Query User{98463F92-4FD7-48A8-9AFE-7E958D5FD769}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe (.not file.) O87 - FAEL: "{8EFE2B77-C63D-454F-ABEA-FA3AE282D046}" | In - Domain - P6 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "{72EFD6A1-945A-4C41-A704-D4A25E7F1A62}" | In - Domain - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "{62B00723-4738-450E-8B37-56EFB3AE86C1}" | In - Private - P6 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "{3353028A-33B7-4F4F-A7CE-921D520E3AE2}" | In - Private - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "{D114F259-9600-4D51-B4E8-717444546EC9}" | In - None - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "TCP Query User{14F9EBEB-B00A-472B-8C31-25BEBC97202E}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe (.not file.) O87 - FAEL: "UDP Query User{BC90C3C2-C7F8-4604-B86B-1E9FB359BAAA}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe (.not file.) O87 - FAEL: "TCP Query User{23B94E98-7C62-4AED-998E-E22042B28719}C:\program files (x86)\mirc\mirc.exe" | In - Public - P6 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\program files (x86)\mirc\mirc.exe O87 - FAEL: "UDP Query User{CD09A114-312F-4A8B-B4D8-766BB9706ED8}C:\program files (x86)\mirc\mirc.exe" | In - Public - P17 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\program files (x86)\mirc\mirc.exe O87 - FAEL: "{9BE0ECB0-1AC4-46FA-A2A1-6F2FD4E5EFF4}" | In - Public - P6 - FALSE | .(.Graphisoft R&D - ArchiCAD 14.0.0 Component.) -- C:\Program Files (x86)\Graphisoft\ArchiCAD 14\ArchiCAD.exe O87 - FAEL: "{9E5152BB-1409-40D8-90F0-9F6E37A1B3FC}" | In - Public - P17 - FALSE | .(.Graphisoft R&D - ArchiCAD 14.0.0 Component.) -- C:\Program Files (x86)\Graphisoft\ArchiCAD 14\ArchiCAD.exe O87 - FAEL: "TCP Query User{7F6FD333-0C6E-4080-BDD8-CA3C680898BA}C:\program files (x86)\graphisoft\archicad 14\archicad.exe" | In - Private - P6 - TRUE | .(.Graphisoft R&D.) -- C:\program files (x86)\graphisoft\archicad 14\archicad.exe O87 - FAEL: "UDP Query User{AECB15CD-41C1-4FE3-A4AC-0E81AFB2E5AE}C:\program files (x86)\graphisoft\archicad 14\archicad.exe" | In - Private - P17 - TRUE | .(.Graphisoft R&D.) -- C:\program files (x86)\graphisoft\archicad 14\archicad.exe O87 - FAEL: "TCP Query User{03A580E0-4792-499F-A476-792BF4D12855}C:\program files (x86)\relevantknowledge\rlvknlg.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\relevantknowledge\rlvknlg.exe (.not file.) O87 - FAEL: "UDP Query User{87EE7EB1-94BD-4CD7-BD44-460B3A3CF993}C:\program files (x86)\relevantknowledge\rlvknlg.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\relevantknowledge\rlvknlg.exe (.not file.) ~ Firewall: 367 Legitimates Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : v2.11523 - (13/04/2013) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 ~ Additionnel: Scanned in 00mn 32s ---\\ Product Upgrade Codes (O90) ~ Update Products: 112 Legitimates Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 19/07/2011 72704 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe SR - | Auto 27/07/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 24/08/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 24/10/2011 55144 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 04/07/2013 4939312 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe SR - | Auto 23/07/2013 283136 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 21/01/2008 27648 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe SR - | Auto 27/08/2009 1253376 | (Fabs) . (.MAGIX AG.) - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe SS - | Demand 07/08/2008 3276800 | (FirebirdServerMAGIXInstance) . (.MAGIX®.) - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe SS - | Demand 09/12/2008 242424 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe SS - | Auto 05/05/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 05/05/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 10/12/2012 2465712 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe SS - | Auto 04/12/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe SR - | Auto 149872 | (InstallClick) . (...) - C:\Program Files (x86)\RIFT Technologies\InstallClick Connector\installclick.exe SR - | Demand 16/01/2012 934760 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 01/04/2009 265216 | (jswpbapi) . (.Atheros Communications, Inc..) - C:\Program Files (x86)\Jumpstart\jswpbapi.exe SS - | Demand 01/04/2009 954368 | (jswpsapi) . (.Atheros Communications, Inc..) - C:\Program Files (x86)\Jumpstart\jswpsapi.exe SR - | Auto 17/03/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe SS - | Auto 0 | (mi-raysat_3dsmax9_32) . (...) - C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe SS - | Demand 01/09/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 0 | (Norton Internet Security) . (...) - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe SR - | Auto 18/01/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SS - | Auto 03/12/2012 1259880 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe SR - | Auto 0 | (PnkBstrB) . (...) - C:\Windows\system32\PnkBstrB.exe SR - | Auto 38608 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 16/03/2011 407336 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe SS - | Auto 21/01/2008 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 168864 | (WireHelpSvc) . (...) - C:\Program Files\Common Files\WireHelpSvc.exe SR - | Auto 03/12/2009 587264 | (WkSvw32.exe) . (.WIBU-SYSTEMS AG.) - C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe SS - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Auto 21/01/2008 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 01s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by D at 02/09/2013 21:54:55 device: opened successfully user: error reading MBR Disk trace: error: Read Descripteur non valide kernel: error reading MBR ~ MBR: 9 Legitimates Scanned in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by D at 02/09/2013 21:54:57 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 1953 Legitimates filtered by white list End of the scan (689 lines in 06mn 14s)(0)