Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.4.14.74 par Nicolas Coolman, Update du 13/04/2013
Run by D at 02/09/2013 21:48:43
State : Nouvelle version disponible
High Elevated Privileges : OK
UAC : Deactivate by user
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v29.0.1547.62 (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows Vista Home Premium Edition, 64-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK
---\\ System Protection
AVG 2013 v13.0.3222
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ System Optimizer
CCleaner v3.17
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 17
---\\ System Information
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4093 MB (55% free)
System Restore: Activ� (Enable)
System drive C: has 265 GB (58%) free of 451 GB
---\\ Logged in mode
~ Computer Name: PC-DE-D
~ User Name: D
~ All Users Names: UpdatusUser, D, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\D\AppData\Roaming\
~ %Desktop% : C:\Users\D\Desktop\
~ %Favorites% : C:\Users\D\Favorites\
~ %LocalAppData% : C:\Users\D\AppData\Local\
~ %StartMenu% : C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 265 Go of 451 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 14 Go)
E:\ CD-ROM drive (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.6B08E54A451B3F95E4109DBA7E594270] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 08:10:17.) -- C:\Windows\Explorer.exe [3079168]
[MD5.117EA87DF785CA1B9D821F6F213DCE07] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.21/01/2008 - 03:50:23.) -- C:\Windows\System32\Wininit.exe [123904]
[MD5.CA87556BBA37D1B4F67C331186618673] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/07/2013 - 04:30:49.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.6D0773A3A65D28B663F334C90441D01A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 08:11:08.) -- C:\Windows\System32\Winlogon.exe [405504]
[MD5.C4F6CE6087760AD70960C9EB130E7943] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.03/01/2012 - 15:25:21.) -- C:\Windows\system32\Drivers\AFD.sys [404992]
[MD5.E68D9B3A3905619732F7FE039466A623] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 08:15:00.) -- C:\Windows\system32\Drivers\atapi.sys [20952]
[MD5.B4D787DB8D30793A4D4DF9FEED18F136] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:50:39.) -- C:\Windows\system32\Drivers\Cdfs.sys [90624]
[MD5.C025AA69BE3D0D25C7A2E746EF6F94FC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 06:34:39.) -- C:\Windows\system32\Drivers\Cdrom.sys [79872]
[MD5.8B722BA35205C71E7951CDC4CDBADE19] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 16:14:19.) -- C:\Windows\system32\Drivers\DfsC.sys [97792]
[MD5.F942C5820205F2FB453243EDFEC82A3D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 06:39:41.) -- C:\Windows\system32\Drivers\HDAudBus.sys [948736]
[MD5.CBB597659A2713CE0C9CC20C88C7591F] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:46:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [64000]
[MD5.B7E6212F581EA5F6AB0C3A6CEEEB89BE] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:48:45.) -- C:\Windows\system32\Drivers\IpNat.sys [115712]
[MD5.1485811B320FF8C7EDAD1CAEBB1C6C2B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:39:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [135680]
[MD5.FC2C792EBDDC8E28DF939D6A92C83D61] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 06:42:33.) -- C:\Windows\system32\Drivers\netBT.sys [248320]
[MD5.2ACCAA3C3C55370A32F17B3595E1A217] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.03/03/2013 - 20:13:14.) -- C:\Windows\system32\Drivers\ntfs.sys [1513320]
[MD5.AECD57F94C887F58919F307C35498EA0] - (.Microsoft Corporation - Pilote de port parall�le.) (.02/11/2006 - 10:37:57.) -- C:\Windows\system32\Drivers\Parport.sys [96768]
[MD5.AC7BC4D42A7E558718DFDEC599BBFC2C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/04/2009 - 06:43:38.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.C045D1FB111C28DF0D1BE8D4BDA22C06] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:46:51.) -- C:\Windows\system32\Drivers\rdpdr.sys [314368]
[MD5.290B6F6A0EC4FCDFC90F5CB6D7020473] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 06:42:19.) -- C:\Windows\system32\Drivers\smb.sys [88064]
[MD5.458919C8C42E398DC4802178D5FFEE27] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 06:43:00.) -- C:\Windows\system32\Drivers\tdx.sys [94720]
[MD5.582F710097B46140F5A89A19A6573D4B] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.21/08/2012 - 12:50:57.) -- C:\Windows\system32\Drivers\volsnap.sys [267648]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/1336
~ Mes musiques (My Musics) : 463/4032
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 1/593
~ Mon Bureau (My Desktop) : 1/17
~ Menu demarrer (Programs) : 1/44
~ Hidden Files: Scanned in 00mn 05s
---\\ Processus lanc�s
[MD5.C72FB9CC856ECFF3B6459B27CB674638] - (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\iSlim310\Monitor.exe [323584] [PID.2656]
[MD5.8FEDBE7A5D3E5F91FD4B96DAFA4DD197] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576] [PID.2712]
[MD5.672593A4AAAB8DC8C0A5C4C1AD0A6048] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [18680424] [PID.2720]
[MD5.12F7274EFF53BD6AA89D7608CFE1D678] - (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe [1811880] [PID.2732]
[MD5.65A17BCAF3CEE4C0A771F3B84CB24E30] - (.WIBU-SYSTEMS AG - WkSvMgr.) -- C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe [5724472] [PID.2752]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.3000]
[MD5.CD441BF2F5CFD46B5105891DDFFDFBA2] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1328424] [PID.3060]
[MD5.017335C7AEFA8ED76750DB95A78D6BFA] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640] [PID.3068]
[MD5.F0E2D55BB5C7E106E92DF972C1B277A6] - (.CyberLink Corp. - HP DVDSmart Resident Program.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200] [PID.2092]
[MD5.690A6DF02625A46ABEE250C6151B7FBA] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe [54576] [PID.1188]
[MD5.48BE298F7FD1BEF4D8FBACB04D8D95C4] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576] [PID.2312]
[MD5.0DCAC41EB58A45049BD7FF665C32D5F4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736] [PID.2280]
[MD5.288D8A54FE326AE26AD43F348E646147] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440] [PID.2168]
[MD5.AD8BD96B41C40AC36D803DF267B26EF0] - (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2254768] [PID.2428]
[MD5.48E6868781B4E8BF4B77DBEC7694BCE8] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295072] [PID.2472]
[MD5.A3A82800FF19B26B94D2327A2F11067E] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [821144] [PID.1640]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848] [PID.608]
[MD5.11E8D8272FDBE213ADE3DAD91427CE35] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [11322880] [PID.2324]
[MD5.2337EC951C4AF6E1AF65D10BD9615BEB] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [11314688] [PID.5000]
[MD5.5DFE72B9F1FF669070FC032090B7B982] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507312] [PID.5076]
[MD5.10D3C280F455CAF65756362C4023918C] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [310944] [PID.1948]
[MD5.34C855FF55E59C36647EC9E8748DC3C3] - (.Pas de propri�taire - PVP.net Patcher Kernel.) -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe [1300376] [PID.284]
[MD5.2BD54868285B7E988AEB365A82F07660] - (.Pas de propri�taire - PVP.net Patcher.) -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.177\deploy\LoLLauncher.exe [2693008] [PID.1520]
[MD5.5B93A9C1BB894EFA4D6429EEADA5007C] - (...) -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.38\deploy\LolClient.exe [74752] [PID.4504]
[MD5.050D1C454A49D4DF8EB5222D352B6630] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [917400] [PID.3212]
[MD5.57785A015DED82C287761CA1BD02D532] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.6696]
[MD5.D8425B8D6DC2AA8D871363B0775BCF18] - (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe [1861512] [PID.6404]
[MD5.0B8FAC5A31E7ED0EA42F8BC46EC80F0F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6747136] [PID.7744]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.504]
[MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [63960] [PID.964]
[MD5.3DEBBECF665DCDDE3A95D9B902010817] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55144] [PID.2100]
[MD5.4DB93F4DB7077801D2D82013506AC1D0] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312] [PID.2868]
[MD5.48939D9F350AEF9370F03A1E49A49BE2] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136] [PID.2640]
[MD5.1355EBE184F9DAB1718BC587F8A7E05E] - (.MAGIX AG - Verzeichnis�berwachung und Hilfsaufgaben f�.) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376] [PID.1300]
[MD5.88D586E3D6EE17D5C7B8540F72F49148] - (...) -- C:\Program Files (x86)\RIFT Technologies\InstallClick Connector\installclick.exe [149872] [PID.3196]
[MD5.DFEFF67508D3A9AEB1A85D7B0F513B24] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.3264]
[MD5.3A2BDD76E7D2A5F40A7174793D1BA794] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [75136] [PID.3388]
[MD5.27F1BE4A53441C9F1F48B9ADC145B0A5] - (...) -- C:\Windows\SysWOW64\PnkBstrB.exe [189248] [PID.3456]
[MD5.A0FF419B61AE47E26ADF3BB15DB4F2FE] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608] [PID.3504]
[MD5.EC25ED59540DB3D4797795335409FD64] - (.WIBU-SYSTEMS AG - WibuKey Network server management.) -- C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe [587264] [PID.3832]
[MD5.173F13CDEBF8E067629462E9D6E481CB] - (...) -- C:\Program Files (x86)\RIFT Technologies\InstallClick Connector\installclick-connector.exe [769392] [PID.5824]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\D\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Google Browser: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\q3qikadi.default\prefs.js
M2 - MFEP: prefs.js [D - q3qikadi.default\en-GB@dictionaries.addons.mozilla.org] [] British English Dictionary v1.19.1 (..)
M2 - MFEP: prefs.js [D - q3qikadi.default\firefox@tvunetworks.com] [] TVU Web Player v2,5,3,1 (..)
P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
~ Firefox Browser: 22 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 14 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 4
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe (.not file.)
O4 - HKLM\..\Run: [HP Remote Software] . (.Pas de propri�taire - Core functionality module for HP Remote sof.) -- C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
O4 - HKLM\..\Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (.not file.)
O4 - HKLM\..\Run: [iSlim310_Monitor] . (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\iSlim310\Monitor.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKCU\..\Run: [Megakey] C:\Users\D\AppData\Local\Megamedia\Megakey\Megakey.exe (.not file.)
O4 - HKCU\..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo desktop\1.6.55.1183\Badoo.desktop.exe (.not file.)
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\D\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\D\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe
O4 - HKLM\..\Wow6432Node\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdatePDIRShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [TSMAgent] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer for HP TouchSmart] . (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
O4 - HKLM\..\Wow6432Node\Run: [DVDAgent] . (.CyberLink Corp. - HP DVDSmart Resident Program.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5.5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5.5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Acrobat Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Megakey] C:\Users\D\AppData\Local\Megamedia\Megakey\Megakey.exe (.not file.)
O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo desktop\1.6.55.1183\Badoo.desktop.exe (.not file.)
O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\D\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\D\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: CyberLink DVD Suite Deluxe.lnk . (.CyberLink - PowerStarter.) -- C:\Program Files (x86)\Cyberlink\CyberLink DVD Suite Deluxe\PowerStarter.exe
O4 - GS\QuickLaunch: HP MediaSmart.lnk . (...) -- c:\Windows\Installer\{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}\_BD15A4BF3888028F418EC7.exe
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Spotify.lnk . (.Spotify Ltd - Spotify.) -- C:\Users\D\AppData\Roaming\Spotify\spotify.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: Adobe Master Collection CS5.5 - Raccourci.lnk . (...) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5.5
O4 - GS\QuickLaunch: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\Windows\twain_32\escndv\escndv.exe
O4 - GS\QuickLaunch: Paint.lnk . (.Microsoft Corporation - Paint.) -- C:\Windows\System32\mspaint.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - GS\SendTo: WinSCP (for upload).lnk . (.Martin Prikryl - WinSCP: SFTP, FTP and SCP client.) -- C:\Program Files (x86)\WinSCP\WinSCP.exe
O4 - GS\Desktop: EMPIRES2 - Raccourci.lnk . (.Microsoft Corporation - Age of Empires II.) -- C:\Program Files (x86)\Microsoft Games\Age of Empires II\EMPIRES2.exe
~ Global Startup: Scanned in 00mn 01s
---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 7 Legitimates Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{964FC93A-6602-4C30-A2E5-0659BFCEFE6D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{964FC93A-6602-4C30-A2E5-0659BFCEFE6D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{791B1F78-4353-4B89-A6F6-8AA6BC8B6413}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS3\Services\Tcpip\..\{964FC93A-6602-4C30-A2E5-0659BFCEFE6D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s
---\\ Cl� de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon [64Bits] - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioth�que de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: JumpStart Push-Button Service (jswpbapi) . (.Atheros Communications, Inc. - JumpStart PushButton Service.) - C:\Program Files (x86)\Jumpstart\jswpbapi.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) . (...) - C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (.not file.)
O23 - Service: Norton Internet Security (Norton Internet Security) . (...) - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (.not file.)
O23 - Service: WireHelpSvc (WireHelpSvc) . (...) - C:\Program Files\Common Files\WireHelpSvc.exe
O23 - Service: WibuKey Server (WkSvw32.exe) . (.WIBU-SYSTEMS AG - WibuKey Network server management.) - C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe
~ Services: 21 Legitimates Scanned in 00mn 05s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s
---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
[MD5.C1028CBDF27FCF0AA6D39DF121D0B134] [APT] [RecoveryCD] (...) -- C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [25656]
~ Scheduled Task: 29 Legitimates Scanned in 00mn 02s
---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 11 Legitimates Scanned in 00mn 00s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (AVGIDSDriver) . (...) - C:\Windows\System32\DRIVERS\avgidsdrivera.sys
O41 - Driver: (SRTSP) . (. - .) - C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.sys (.not file.)
O41 - Driver: (SRTSPX) . (. - .) - C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.sys (.not file.)
~ Drivers: 81 Legitimates Scanned in 00mn 03s
---\\ Logiciels install�s (O42)
O42 - Logiciel: BrowseToSave - (...) [HKLM][64Bits] -- {860A009E-B68B-4F95-AD7E-FEA95DE92268}
O42 - Logiciel: Coupish - (...) [HKLM][64Bits] -- Coupish
O42 - Logiciel: DWGSee Pro 2013 - (.AutoDWG.) [HKLM][64Bits] -- {70EB46F3-F900-411A-A10C-A9F612D49430}
O42 - Logiciel: ESL Wire 1.11.1 - (.Turtle Entertainment GmbH.) [HKLM][64Bits] -- ESL Wire_is1
O42 - Logiciel: FBX Plugin 2006.08 for Max 9.0 - (...) [HKLM][64Bits] -- FBX Plugin 2006.08 for Max 9.0
O42 - Logiciel: Pando Media Booster - (.Pando Networks Inc..) [HKLM][64Bits] -- {980A182F-E0A2-4A40-94C1-AE0C1235902E}
O42 - Logiciel: iSlim 310 - (.KYE.) [HKLM][64Bits] -- {BD4B921E-5A26-4AD2-AD04-C1591443573A}
O42 - Logiciel: �Torrent - (.BitTorrent Inc..) [HKLM][64Bits] -- uTorrent
~ Logic: 220 Legitimates Scanned in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Alias]
[HKCU\Software\BitTorrent]
[HKCU\Software\CarbonGames]
[HKCU\Software\Coupish]
[HKCU\Software\ESL Wire]
[HKCU\Software\Pando Networks]
[HKLM\Software\Automobile]
[HKLM\Software\Dog]
[HKLM\Software\Watch]
[HKLM\Software\Wow6432Node\Discreet]
[HKLM\Software\Wow6432Node\KYE]
[HKLM\Software\Wow6432Node\Pando Networks]
[HKLM\Software\Wow6432Node\Valve Lan]
[HKLM\Software\Wow6432Node\WinSte]
~ Key Software: 375 Legitimates Scanned in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/07/2011 - 15:55:52 - [0,949] ----D C:\Program Files (x86)\Coupish
O43 - CFD: 19/05/2013 - 22:02:32 - [0] ----D C:\Program Files (x86)\dumps
O43 - CFD: 20/05/2011 - 22:21:50 - [10,281] ----D C:\Program Files (x86)\islim 310
O43 - CFD: 19/05/2011 - 20:11:45 - [7,186] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 07/05/2013 - 08:01:56 - [0,765] ----D C:\Program Files (x86)\uTorrent
O43 - CFD: 21/01/2012 - 15:12:48 - [0,000] ----D C:\ProgramData\ESL Wire
O43 - CFD: 16/12/2012 - 12:29:35 - [0] ----D C:\Users\D\AppData\Roaming\Carbon
O43 - CFD: 30/07/2011 - 15:41:00 - [0,204] ----D C:\Users\D\AppData\Roaming\Sites
O43 - CFD: 18/05/2013 - 17:15:39 - [9,323] ----D C:\Users\D\AppData\Roaming\uTorrent
O43 - CFD: 23/01/2012 - 18:31:11 - [0,907] ----D C:\Users\D\AppData\Local\ESL Wire Game Client
O43 - CFD: 25/12/2012 - 15:24:13 - [0,303] ----D C:\Users\D\AppData\Local\GS-LW-Temp
O43 - CFD: 28/03/2013 - 21:27:04 - [0] --HAD C:\Users\D\AppData\Local\noNYHC1PQiJt
O43 - CFD: 06/09/2011 - 21:58:26 - [0] ----D C:\Users\D\AppData\Local\uTorrent
~ Program Folder: 280 Legitimates Scanned in 01mn 48s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.745C70A8A794B559E2BC9679818498AE] - 02/09/2013 - 20:44:57 ---A- . (...) -- C:\RstHosts.txt [680]
O44 - LFC:[MD5.6C20D8881C550A4F7394047D80621156] - 02/09/2013 - 11:54:03 ---A- . (...) -- C:\log2.txt [115]
O44 - LFC:[MD5.2D8BF125A8C7C7F9C539D72C0D32597C] - 29/08/2013 - 17:41:08 ---A- . (...) -- C:\UsbFix [Clean 4] PC-DE-D.txt [23134]
O44 - LFC:[MD5.5BC3E10273210D934FA68E1E8B042264] - 28/08/2013 - 12:45:31 ----- . (...) -- C:\UsbFix [Scan 5] PC-DE-D.txt [16787]
O44 - LFC:[MD5.754F1C0FC39AA5AE6F8B2AA82501DE34] - 25/08/2013 - 15:18:35 ----- . (...) -- C:\UsbFix [Clean 3] PC-DE-D.txt [47912]
O44 - LFC:[MD5.CD4947A4CFD9205D010B91F0DD29D1E2] - 25/08/2013 - 15:13:08 ----- . (...) -- C:\UsbFix [Scan 4] PC-DE-D.txt [16200]
O44 - LFC:[MD5.731D3D7F2414CAD3BE52AAC5067E532A] - 07/08/2013 - 22:32:03 ----- . (...) -- C:\UsbFix [Clean 2] PC-DE-D.txt [47383]
O44 - LFC:[MD5.C4DFED004EACA831DA7975D2E8E1484D] - 07/08/2013 - 22:30:05 ----- . (...) -- C:\UsbFix [Scan 3] PC-DE-D.txt [16035]
O44 - LFC:[MD5.FFB012AD70C6A298D340BD37408D4A07] - 05/08/2013 - 15:10:57 ----- . (...) -- C:\UsbFix [Clean 1] PC-DE-D.txt [23595]
O44 - LFC:[MD5.7124A435EDC9B24B4D87ADAA5C7CB838] - 05/08/2013 - 15:00:23 ----- . (...) -- C:\UsbFix [Scan 2] PC-DE-D.txt [17585]
~ Files: 87 Legitimates Scanned in 00mn 05s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.4611589D3C0869BD7547EAD0E6C034B5] - 02/09/2013 - 11:56:40 ---A- - C:\Windows\Prefetch\RICHVI~1.EXE-4ABD8B87.pf
O45 - LFCP:[MD5.E347D9262AA05A3E11E774CE759183FF] - 02/09/2013 - 12:49:09 ---A- - C:\Windows\Prefetch\HPHC_SCHEDULER.EXE-9CA193C9.pf
O45 - LFCP:[MD5.A6942BEA21010B123370D8E39CA0B967] - 02/09/2013 - 16:46:13 ---A- - C:\Windows\Prefetch\PMB.EXE-C5A7F854.pf
O45 - LFCP:[MD5.E43853E21A95A34E51A27DA6279A22E1] - 02/09/2013 - 17:13:55 ---A- - C:\Windows\Prefetch\SC2SWITCHER.EXE-72371F9A.pf
O45 - LFCP:[MD5.BEDB24F2FF10185952FDEF7FC8C5DBEB] - 02/09/2013 - 17:13:56 ---A- - C:\Windows\Prefetch\SC2.EXE-2B6AD48D.pf
O45 - LFCP:[MD5.9ED4161630954602F8793F8E615977F7] - 02/09/2013 - 20:44:54 ---A- - C:\Windows\Prefetch\RSTHOSTS.EXE-FC264D40.pf
~ Prefetcher: 99 Legitimates Scanned in 00mn 00s
---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 7 Legitimates Scanned in 00mn 00s
---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{0f6d2ea1-0ef0-11e3-93e2-00ff01000001}\AutoRun\command. (...) -- G:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 4 Legitimates Scanned in 00mn 00s
---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 18 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 8 Legitimates Scanned in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.F14215E37CF124104575073F782111D2] - 21/01/2008 - 03:46:53 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [486456]
O58 - SDL:[MD5.1E6438D4EA6E1174A3B3B1EDC4DE660B] - 18/03/2009 - 16:35:42 --HA- . (.LogMeIn, Inc. - Hamachi Virtual Network Interface Driver.) -- C:\Windows\System32\hamachi.sys [33856]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 01/09/2013 - 11:53:34 ---A- C:\Users\D\AppData\Roaming\Media Player Classic\default.mpcpl [77]
O61 - LFC: 02/09/2013 - 12:46:50 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [268187]
O61 - LFC: 02/09/2013 - 16:46:04 ---A- C:\Users\D\AppData\Local\PMB Files\cert\secmod.db [16384]
O61 - LFC: 02/09/2013 - 17:16:06 ---A- C:\Users\D\AppData\Local\PMB Files\pando.save [851]
O61 - LFC: 02/09/2013 - 17:16:07 ---A- C:\Users\D\AppData\Local\PMB Files\cert\cert8.db [65536]
O61 - LFC: 02/09/2013 - 17:16:07 ---A- C:\Users\D\AppData\Local\PMB Files\cert\key3.db [16384]
O61 - LFC: 02/09/2013 - 20:46:39 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\Local State [41941]
O61 - LFC: 02/09/2013 - 20:46:39 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_pnacl_json [379]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtbeginS_o [2432]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o [2008]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o [2120]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtendS_o [1343]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o [1342]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe [2221512]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a [6416]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a [46812]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_eh_a [234888]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a [167354]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a [1710]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe [8944040]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\manifest.fingerprint [66]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\manifest.json [575]
O61 - LFC: 30/08/2013 - 15:03:35 ---A- C:\Users\D\CV Thomas VINCE.doc [413696]
O61 - LFC: 31/08/2013 - 14:06:10 ---A- C:\Users\D\Downloads\ZHPDiag2(1).exe [5074768]
~ 1 Fichiers temporaires (Temporary files)
~ Files: 262 Legitimates Scanned in 00mn 17s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - SosVirus.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 28/11/2011 - C:\Windows\system32\drivers\ESLWireACD.sys (ESLWireAC) .(. - EslWireACD.) - LEGACY_ESLWIREAC
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (SRTSP) .(...) - LEGACY_SRTSP
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (SRTSPX) .(...) - LEGACY_SRTSPX
~ Legacy: 84 Legitimates Scanned in 00mn 01s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 21 Legitimates Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {37C5A1D9-DC2B-4C82-A911-64F4C83E0F96} - (Yahoo!) - http://fr.search.yahoo.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 31 Legitimates Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.262BB712BB373AA91888FBD36BC101A9] [SPRF][08/08/2012] (...) -- C:\ProgramData\nvModes.dat [56499]
[MD5.01145E4C20F362FCED9078B0B7DAEB6C] [SPRF][12/02/2013] (...) -- C:\Users\D\AppData\Local\d3d9caps.dat [680]
[MD5.02A2128B3D3575C8050CA3EF3CC7E2A7] [SPRF][21/04/2013] (...) -- C:\Users\D\AppData\Roaming\wklnhst.dat [848]
[MD5.F7AF924D0D951FF8F7B05AD2E4FF50D3] [SPRF][01/09/2013] (...) -- C:\Users\D\Desktop\adwcleaner.exe [994642]
[MD5.A77C1DCDE677571807CEBFDC3357EA87] [SPRF][01/09/2013] (.Thisisu - Junkware Removal Tool.) -- C:\Users\D\Desktop\JRT.exe [1027511]
[MD5.0A170D9B50B29C5209248D95417C16DA] [SPRF][02/09/2013] (...) -- C:\Users\D\Desktop\rsthosts.exe [353632]
[MD5.E79F77AB73F46E9760C199C2DE8FCB5C] [SPRF][05/08/2013] (.El Desaparecido - SosVirus.net - UsbFix - Remove malware from yours drive!.) -- C:\Users\D\Desktop\usbfix.exe [1030081]
[MD5.3317698F2090DD811F0AA93190E13C82] [SPRF][05/03/2005] (.Microsoft Corporation - Microsoft GDI+.) -- C:\Windows\Downloaded Program Files\gdiplus.dll [1706800]
[MD5.55A78B0E5AE741DDE96E2D9345602F5F] [SPRF][05/03/2005] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\Windows\Downloaded Program Files\IDropENU.dll [114848]
~ Files: Scanned in 00mn 00s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{98272926-B5E0-4FB3-9423-0A23D23D1872}" | In - None - P17 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "TCP Query User{2E78396A-9E35-46C9-8E99-95B7F0D7CC9F}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe (.not file.)
O87 - FAEL: "UDP Query User{94973952-4977-49FE-979E-CFBF270729E5}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe (.not file.)
O87 - FAEL: "TCP Query User{5E6CDFEF-48EC-46A6-9403-2CE8B1945AA6}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe (.not file.)
O87 - FAEL: "UDP Query User{0403306C-1167-414C-9EFC-BFEEF9705ECE}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe (.not file.)
O87 - FAEL: "TCP Query User{2E1753EC-5D96-43E1-9D9E-8E6B39185A9A}C:\program files (x86)\mirc\mirc.exe" | In - Private - P6 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\program files (x86)\mirc\mirc.exe
O87 - FAEL: "UDP Query User{A1DB468A-BE58-48F4-8EA6-B9D0DD3E1A11}C:\program files (x86)\mirc\mirc.exe" | In - Private - P17 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\program files (x86)\mirc\mirc.exe
O87 - FAEL: "TCP Query User{6A3544EA-8CA3-420E-96C0-E004AA326361}C:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe (.not file.)
O87 - FAEL: "UDP Query User{0E2529BC-08E9-45DC-94E7-79B11BC82C75}C:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe (.not file.)
O87 - FAEL: "TCP Query User{04DA2681-EFBC-4AE3-8FAC-8F21943D6E94}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe (.not file.)
O87 - FAEL: "UDP Query User{C670AA7D-7B99-4CE5-9B35-F2D731438FEF}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe (.not file.)
O87 - FAEL: "{78C6898F-1852-40B7-A8CC-006749527044}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - �Torrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
O87 - FAEL: "{D3192925-2025-4070-8032-E36593085328}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - �Torrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
O87 - FAEL: "{629A238F-634F-41F7-8458-3DFA4B4FB432}" | In - None - P17 - TRUE | .(.Turtle Entertainment GmbH - ESL Wire Gaming Client.) -- C:\Program Files\EslWire\wire.exe
O87 - FAEL: "{37939B3F-6453-4B1A-B8C8-4AF89CBC54EE}" | Out - None - P17 - TRUE | .(.Turtle Entertainment GmbH - ESL Wire Gaming Client.) -- C:\Program Files\EslWire\wire.exe
O87 - FAEL: "TCP Query User{3B9E7C94-DDDA-4F8F-9E57-B63B8DF73752}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe (.not file.)
O87 - FAEL: "UDP Query User{118E53A6-7C7B-4A05-9F90-C462B2869805}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe (.not file.)
O87 - FAEL: "TCP Query User{09C7D4D9-C447-4BBE-B194-7ABBF50A0078}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe (.not file.)
O87 - FAEL: "UDP Query User{98463F92-4FD7-48A8-9AFE-7E958D5FD769}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe (.not file.)
O87 - FAEL: "{8EFE2B77-C63D-454F-ABEA-FA3AE282D046}" | In - Domain - P6 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{72EFD6A1-945A-4C41-A704-D4A25E7F1A62}" | In - Domain - P17 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{62B00723-4738-450E-8B37-56EFB3AE86C1}" | In - Private - P6 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{3353028A-33B7-4F4F-A7CE-921D520E3AE2}" | In - Private - P17 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{D114F259-9600-4D51-B4E8-717444546EC9}" | In - None - P17 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "TCP Query User{14F9EBEB-B00A-472B-8C31-25BEBC97202E}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe (.not file.)
O87 - FAEL: "UDP Query User{BC90C3C2-C7F8-4604-B86B-1E9FB359BAAA}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe (.not file.)
O87 - FAEL: "TCP Query User{23B94E98-7C62-4AED-998E-E22042B28719}C:\program files (x86)\mirc\mirc.exe" | In - Public - P6 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\program files (x86)\mirc\mirc.exe
O87 - FAEL: "UDP Query User{CD09A114-312F-4A8B-B4D8-766BB9706ED8}C:\program files (x86)\mirc\mirc.exe" | In - Public - P17 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\program files (x86)\mirc\mirc.exe
O87 - FAEL: "{9BE0ECB0-1AC4-46FA-A2A1-6F2FD4E5EFF4}" | In - Public - P6 - FALSE | .(.Graphisoft R&D - ArchiCAD 14.0.0 Component.) -- C:\Program Files (x86)\Graphisoft\ArchiCAD 14\ArchiCAD.exe
O87 - FAEL: "{9E5152BB-1409-40D8-90F0-9F6E37A1B3FC}" | In - Public - P17 - FALSE | .(.Graphisoft R&D - ArchiCAD 14.0.0 Component.) -- C:\Program Files (x86)\Graphisoft\ArchiCAD 14\ArchiCAD.exe
O87 - FAEL: "TCP Query User{7F6FD333-0C6E-4080-BDD8-CA3C680898BA}C:\program files (x86)\graphisoft\archicad 14\archicad.exe" | In - Private - P6 - TRUE | .(.Graphisoft R&D.) -- C:\program files (x86)\graphisoft\archicad 14\archicad.exe
O87 - FAEL: "UDP Query User{AECB15CD-41C1-4FE3-A4AC-0E81AFB2E5AE}C:\program files (x86)\graphisoft\archicad 14\archicad.exe" | In - Private - P17 - TRUE | .(.Graphisoft R&D.) -- C:\program files (x86)\graphisoft\archicad 14\archicad.exe
O87 - FAEL: "TCP Query User{03A580E0-4792-499F-A476-792BF4D12855}C:\program files (x86)\relevantknowledge\rlvknlg.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\relevantknowledge\rlvknlg.exe (.not file.)
O87 - FAEL: "UDP Query User{87EE7EB1-94BD-4CD7-BD44-460B3A3CF993}C:\program files (x86)\relevantknowledge\rlvknlg.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\relevantknowledge\rlvknlg.exe (.not file.)
~ Firewall: 367 Legitimates Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : v2.11523 - (13/04/2013)
Cl�s trouv�es (Keys found) : 0
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0
~ Additionnel: Scanned in 00mn 32s
---\\ Product Upgrade Codes (O90)
~ Update Products: 112 Legitimates Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 19/07/2011 72704 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
SR - | Auto 27/07/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 24/08/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 24/10/2011 55144 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 04/07/2013 4939312 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
SR - | Auto 23/07/2013 283136 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SR - | Auto 27/08/2009 1253376 | (Fabs) . (.MAGIX AG.) - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
SS - | Demand 07/08/2008 3276800 | (FirebirdServerMAGIXInstance) . (.MAGIX�.) - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
SS - | Demand 09/12/2008 242424 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SS - | Auto 05/05/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 05/05/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 10/12/2012 2465712 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SS - | Auto 04/12/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 149872 | (InstallClick) . (...) - C:\Program Files (x86)\RIFT Technologies\InstallClick Connector\installclick.exe
SR - | Demand 16/01/2012 934760 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 01/04/2009 265216 | (jswpbapi) . (.Atheros Communications, Inc..) - C:\Program Files (x86)\Jumpstart\jswpbapi.exe
SS - | Demand 01/04/2009 954368 | (jswpsapi) . (.Atheros Communications, Inc..) - C:\Program Files (x86)\Jumpstart\jswpsapi.exe
SR - | Auto 17/03/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Auto 0 | (mi-raysat_3dsmax9_32) . (...) - C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
SS - | Demand 01/09/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 0 | (Norton Internet Security) . (...) - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
SR - | Auto 18/01/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 03/12/2012 1259880 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 0 | (PnkBstrB) . (...) - C:\Windows\system32\PnkBstrB.exe
SR - | Auto 38608 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 16/03/2011 407336 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Auto 21/01/2008 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 168864 | (WireHelpSvc) . (...) - C:\Program Files\Common Files\WireHelpSvc.exe
SR - | Auto 03/12/2009 587264 | (WkSvw32.exe) . (.WIBU-SYSTEMS AG.) - C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe
SS - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by D at 02/09/2013 21:54:55
device: opened successfully
user: error reading MBR
Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR
~ MBR: 9 Legitimates Scanned in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by D at 02/09/2013 21:54:57
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 1953 Legitimates filtered by white list
End of the scan (689 lines in 06mn 14s)(0)
Run by D at 02/09/2013 21:48:43
State : Nouvelle version disponible
High Elevated Privileges : OK
UAC : Deactivate by user
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v29.0.1547.62 (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows Vista Home Premium Edition, 64-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK
---\\ System Protection
AVG 2013 v13.0.3222
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ System Optimizer
CCleaner v3.17
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 17
---\\ System Information
~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4093 MB (55% free)
System Restore: Activ� (Enable)
System drive C: has 265 GB (58%) free of 451 GB
---\\ Logged in mode
~ Computer Name: PC-DE-D
~ User Name: D
~ All Users Names: UpdatusUser, D, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\D\AppData\Roaming\
~ %Desktop% : C:\Users\D\Desktop\
~ %Favorites% : C:\Users\D\Favorites\
~ %LocalAppData% : C:\Users\D\AppData\Local\
~ %StartMenu% : C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 265 Go of 451 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 14 Go)
E:\ CD-ROM drive (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.6B08E54A451B3F95E4109DBA7E594270] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 08:10:17.) -- C:\Windows\Explorer.exe [3079168]
[MD5.117EA87DF785CA1B9D821F6F213DCE07] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.21/01/2008 - 03:50:23.) -- C:\Windows\System32\Wininit.exe [123904]
[MD5.CA87556BBA37D1B4F67C331186618673] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.25/07/2013 - 04:30:49.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.6D0773A3A65D28B663F334C90441D01A] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 08:11:08.) -- C:\Windows\System32\Winlogon.exe [405504]
[MD5.C4F6CE6087760AD70960C9EB130E7943] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.03/01/2012 - 15:25:21.) -- C:\Windows\system32\Drivers\AFD.sys [404992]
[MD5.E68D9B3A3905619732F7FE039466A623] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 08:15:00.) -- C:\Windows\system32\Drivers\atapi.sys [20952]
[MD5.B4D787DB8D30793A4D4DF9FEED18F136] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:50:39.) -- C:\Windows\system32\Drivers\Cdfs.sys [90624]
[MD5.C025AA69BE3D0D25C7A2E746EF6F94FC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 06:34:39.) -- C:\Windows\system32\Drivers\Cdrom.sys [79872]
[MD5.8B722BA35205C71E7951CDC4CDBADE19] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 16:14:19.) -- C:\Windows\system32\Drivers\DfsC.sys [97792]
[MD5.F942C5820205F2FB453243EDFEC82A3D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 06:39:41.) -- C:\Windows\system32\Drivers\HDAudBus.sys [948736]
[MD5.CBB597659A2713CE0C9CC20C88C7591F] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:46:59.) -- C:\Windows\system32\Drivers\i8042prt.sys [64000]
[MD5.B7E6212F581EA5F6AB0C3A6CEEEB89BE] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:48:45.) -- C:\Windows\system32\Drivers\IpNat.sys [115712]
[MD5.1485811B320FF8C7EDAD1CAEBB1C6C2B] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:39:34.) -- C:\Windows\system32\Drivers\MRxSmb.sys [135680]
[MD5.FC2C792EBDDC8E28DF939D6A92C83D61] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 06:42:33.) -- C:\Windows\system32\Drivers\netBT.sys [248320]
[MD5.2ACCAA3C3C55370A32F17B3595E1A217] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.03/03/2013 - 20:13:14.) -- C:\Windows\system32\Drivers\ntfs.sys [1513320]
[MD5.AECD57F94C887F58919F307C35498EA0] - (.Microsoft Corporation - Pilote de port parall�le.) (.02/11/2006 - 10:37:57.) -- C:\Windows\system32\Drivers\Parport.sys [96768]
[MD5.AC7BC4D42A7E558718DFDEC599BBFC2C] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/04/2009 - 06:43:38.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.C045D1FB111C28DF0D1BE8D4BDA22C06] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:46:51.) -- C:\Windows\system32\Drivers\rdpdr.sys [314368]
[MD5.290B6F6A0EC4FCDFC90F5CB6D7020473] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 06:42:19.) -- C:\Windows\system32\Drivers\smb.sys [88064]
[MD5.458919C8C42E398DC4802178D5FFEE27] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 06:43:00.) -- C:\Windows\system32\Drivers\tdx.sys [94720]
[MD5.582F710097B46140F5A89A19A6573D4B] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.21/08/2012 - 12:50:57.) -- C:\Windows\system32\Drivers\volsnap.sys [267648]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/1336
~ Mes musiques (My Musics) : 463/4032
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 1/593
~ Mon Bureau (My Desktop) : 1/17
~ Menu demarrer (Programs) : 1/44
~ Hidden Files: Scanned in 00mn 05s
---\\ Processus lanc�s
[MD5.C72FB9CC856ECFF3B6459B27CB674638] - (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\iSlim310\Monitor.exe [323584] [PID.2656]
[MD5.8FEDBE7A5D3E5F91FD4B96DAFA4DD197] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1199576] [PID.2712]
[MD5.672593A4AAAB8DC8C0A5C4C1AD0A6048] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [18680424] [PID.2720]
[MD5.12F7274EFF53BD6AA89D7608CFE1D678] - (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe [1811880] [PID.2732]
[MD5.65A17BCAF3CEE4C0A771F3B84CB24E30] - (.WIBU-SYSTEMS AG - WkSvMgr.) -- C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe [5724472] [PID.2752]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.3000]
[MD5.CD441BF2F5CFD46B5105891DDFFDFBA2] - (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1328424] [PID.3060]
[MD5.017335C7AEFA8ED76750DB95A78D6BFA] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [185640] [PID.3068]
[MD5.F0E2D55BB5C7E106E92DF972C1B277A6] - (.CyberLink Corp. - HP DVDSmart Resident Program.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200] [PID.2092]
[MD5.690A6DF02625A46ABEE250C6151B7FBA] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe [54576] [PID.1188]
[MD5.48BE298F7FD1BEF4D8FBACB04D8D95C4] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576] [PID.2312]
[MD5.0DCAC41EB58A45049BD7FF665C32D5F4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [421736] [PID.2280]
[MD5.288D8A54FE326AE26AD43F348E646147] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440] [PID.2168]
[MD5.AD8BD96B41C40AC36D803DF267B26EF0] - (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2254768] [PID.2428]
[MD5.48E6868781B4E8BF4B77DBEC7694BCE8] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295072] [PID.2472]
[MD5.A3A82800FF19B26B94D2327A2F11067E] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [821144] [PID.1640]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848] [PID.608]
[MD5.11E8D8272FDBE213ADE3DAD91427CE35] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [11322880] [PID.2324]
[MD5.2337EC951C4AF6E1AF65D10BD9615BEB] - (.OpenOffice.org - OpenOffice.org 3.3.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [11314688] [PID.5000]
[MD5.5DFE72B9F1FF669070FC032090B7B982] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507312] [PID.5076]
[MD5.10D3C280F455CAF65756362C4023918C] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [310944] [PID.1948]
[MD5.34C855FF55E59C36647EC9E8748DC3C3] - (.Pas de propri�taire - PVP.net Patcher Kernel.) -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe [1300376] [PID.284]
[MD5.2BD54868285B7E988AEB365A82F07660] - (.Pas de propri�taire - PVP.net Patcher.) -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.177\deploy\LoLLauncher.exe [2693008] [PID.1520]
[MD5.5B93A9C1BB894EFA4D6429EEADA5007C] - (...) -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.38\deploy\LolClient.exe [74752] [PID.4504]
[MD5.050D1C454A49D4DF8EB5222D352B6630] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [917400] [PID.3212]
[MD5.57785A015DED82C287761CA1BD02D532] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.6696]
[MD5.D8425B8D6DC2AA8D871363B0775BCF18] - (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe [1861512] [PID.6404]
[MD5.0B8FAC5A31E7ED0EA42F8BC46EC80F0F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6747136] [PID.7744]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.504]
[MD5.D19C4EE2AC7C47B8F5F84FFF1A789D8A] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [63960] [PID.964]
[MD5.3DEBBECF665DCDDE3A95D9B902010817] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55144] [PID.2100]
[MD5.4DB93F4DB7077801D2D82013506AC1D0] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312] [PID.2868]
[MD5.48939D9F350AEF9370F03A1E49A49BE2] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136] [PID.2640]
[MD5.1355EBE184F9DAB1718BC587F8A7E05E] - (.MAGIX AG - Verzeichnis�berwachung und Hilfsaufgaben f�.) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376] [PID.1300]
[MD5.88D586E3D6EE17D5C7B8540F72F49148] - (...) -- C:\Program Files (x86)\RIFT Technologies\InstallClick Connector\installclick.exe [149872] [PID.3196]
[MD5.DFEFF67508D3A9AEB1A85D7B0F513B24] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.3264]
[MD5.3A2BDD76E7D2A5F40A7174793D1BA794] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [75136] [PID.3388]
[MD5.27F1BE4A53441C9F1F48B9ADC145B0A5] - (...) -- C:\Windows\SysWOW64\PnkBstrB.exe [189248] [PID.3456]
[MD5.A0FF419B61AE47E26ADF3BB15DB4F2FE] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608] [PID.3504]
[MD5.EC25ED59540DB3D4797795335409FD64] - (.WIBU-SYSTEMS AG - WibuKey Network server management.) -- C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe [587264] [PID.3832]
[MD5.173F13CDEBF8E067629462E9D6E481CB] - (...) -- C:\Program Files (x86)\RIFT Technologies\InstallClick Connector\installclick-connector.exe [769392] [PID.5824]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\D\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Google Browser: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\D\AppData\Roaming\Mozilla\Firefox\Profiles\q3qikadi.default\prefs.js
M2 - MFEP: prefs.js [D - q3qikadi.default\en-GB@dictionaries.addons.mozilla.org] [] British English Dictionary v1.19.1 (..)
M2 - MFEP: prefs.js [D - q3qikadi.default\firefox@tvunetworks.com] [] TVU Web Player v2,5,3,1 (..)
P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
~ Firefox Browser: 22 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1
~ IE Browser: 14 Legitimates Scanned in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 4
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe (.not file.)
O4 - HKLM\..\Run: [HP Remote Software] . (.Pas de propri�taire - Core functionality module for HP Remote sof.) -- C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
O4 - HKLM\..\Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (.not file.)
O4 - HKLM\..\Run: [iSlim310_Monitor] . (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\iSlim310\Monitor.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKCU\..\Run: [Megakey] C:\Users\D\AppData\Local\Megamedia\Megakey\Megakey.exe (.not file.)
O4 - HKCU\..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo desktop\1.6.55.1183\Badoo.desktop.exe (.not file.)
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\D\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\D\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe
O4 - HKLM\..\Wow6432Node\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Health Check Scheduler] . (.Hewlett-Packard - HP Health Check Scheduler.) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdateP2GoShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdateLBPShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdatePDIRShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [UpdatePSTShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [TSMAgent] . (.CyberLink Corp. - CyberLink PowerCinema Resident Program.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer for HP TouchSmart] . (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
O4 - HKLM\..\Wow6432Node\Run: [DVDAgent] . (.CyberLink Corp. - HP DVDSmart Resident Program.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5.5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5.5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe Acrobat Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Megakey] C:\Users\D\AppData\Local\Megamedia\Megakey\Megakey.exe (.not file.)
O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Badoo Desktop] C:\ProgramData\Badoo\Badoo desktop\1.6.55.1183\Badoo.desktop.exe (.not file.)
O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\D\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\D\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-580538878-1438628777-1681904725-1000\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files (x86)\Steam\Steam.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: CyberLink DVD Suite Deluxe.lnk . (.CyberLink - PowerStarter.) -- C:\Program Files (x86)\Cyberlink\CyberLink DVD Suite Deluxe\PowerStarter.exe
O4 - GS\QuickLaunch: HP MediaSmart.lnk . (...) -- c:\Windows\Installer\{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}\_BD15A4BF3888028F418EC7.exe
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Spotify.lnk . (.Spotify Ltd - Spotify.) -- C:\Users\D\AppData\Roaming\Spotify\spotify.exe
O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\QuickLaunch: Adobe Master Collection CS5.5 - Raccourci.lnk . (...) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5.5
O4 - GS\QuickLaunch: EPSON Scan.lnk . (.SEIKO EPSON CORP. - EPSON Scan.) -- C:\Windows\twain_32\escndv\escndv.exe
O4 - GS\QuickLaunch: Paint.lnk . (.Microsoft Corporation - Paint.) -- C:\Windows\System32\mspaint.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - GS\SendTo: WinSCP (for upload).lnk . (.Martin Prikryl - WinSCP: SFTP, FTP and SCP client.) -- C:\Program Files (x86)\WinSCP\WinSCP.exe
O4 - GS\Desktop: EMPIRES2 - Raccourci.lnk . (.Microsoft Corporation - Age of Empires II.) -- C:\Program Files (x86)\Microsoft Games\Age of Empires II\EMPIRES2.exe
~ Global Startup: Scanned in 00mn 01s
---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 7 Legitimates Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{964FC93A-6602-4C30-A2E5-0659BFCEFE6D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{964FC93A-6602-4C30-A2E5-0659BFCEFE6D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{791B1F78-4353-4B89-A6F6-8AA6BC8B6413}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS3\Services\Tcpip\..\{964FC93A-6602-4C30-A2E5-0659BFCEFE6D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\system32\mshtml.dll
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s
---\\ Cl� de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon [64Bits] - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioth�que de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: JumpStart Push-Button Service (jswpbapi) . (.Atheros Communications, Inc. - JumpStart PushButton Service.) - C:\Program Files (x86)\Jumpstart\jswpbapi.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) . (...) - C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (.not file.)
O23 - Service: Norton Internet Security (Norton Internet Security) . (...) - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (.not file.)
O23 - Service: WireHelpSvc (WireHelpSvc) . (...) - C:\Program Files\Common Files\WireHelpSvc.exe
O23 - Service: WibuKey Server (WkSvw32.exe) . (.WIBU-SYSTEMS AG - WibuKey Network server management.) - C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe
~ Services: 21 Legitimates Scanned in 00mn 05s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s
---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
[MD5.C1028CBDF27FCF0AA6D39DF121D0B134] [APT] [RecoveryCD] (...) -- C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe [25656]
~ Scheduled Task: 29 Legitimates Scanned in 00mn 02s
---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 11 Legitimates Scanned in 00mn 00s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (AVGIDSDriver) . (...) - C:\Windows\System32\DRIVERS\avgidsdrivera.sys
O41 - Driver: (SRTSP) . (. - .) - C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.sys (.not file.)
O41 - Driver: (SRTSPX) . (. - .) - C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.sys (.not file.)
~ Drivers: 81 Legitimates Scanned in 00mn 03s
---\\ Logiciels install�s (O42)
O42 - Logiciel: BrowseToSave - (...) [HKLM][64Bits] -- {860A009E-B68B-4F95-AD7E-FEA95DE92268}
O42 - Logiciel: Coupish - (...) [HKLM][64Bits] -- Coupish
O42 - Logiciel: DWGSee Pro 2013 - (.AutoDWG.) [HKLM][64Bits] -- {70EB46F3-F900-411A-A10C-A9F612D49430}
O42 - Logiciel: ESL Wire 1.11.1 - (.Turtle Entertainment GmbH.) [HKLM][64Bits] -- ESL Wire_is1
O42 - Logiciel: FBX Plugin 2006.08 for Max 9.0 - (...) [HKLM][64Bits] -- FBX Plugin 2006.08 for Max 9.0
O42 - Logiciel: Pando Media Booster - (.Pando Networks Inc..) [HKLM][64Bits] -- {980A182F-E0A2-4A40-94C1-AE0C1235902E}
O42 - Logiciel: iSlim 310 - (.KYE.) [HKLM][64Bits] -- {BD4B921E-5A26-4AD2-AD04-C1591443573A}
O42 - Logiciel: �Torrent - (.BitTorrent Inc..) [HKLM][64Bits] -- uTorrent
~ Logic: 220 Legitimates Scanned in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Alias]
[HKCU\Software\BitTorrent]
[HKCU\Software\CarbonGames]
[HKCU\Software\Coupish]
[HKCU\Software\ESL Wire]
[HKCU\Software\Pando Networks]
[HKLM\Software\Automobile]
[HKLM\Software\Dog]
[HKLM\Software\Watch]
[HKLM\Software\Wow6432Node\Discreet]
[HKLM\Software\Wow6432Node\KYE]
[HKLM\Software\Wow6432Node\Pando Networks]
[HKLM\Software\Wow6432Node\Valve Lan]
[HKLM\Software\Wow6432Node\WinSte]
~ Key Software: 375 Legitimates Scanned in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 13/07/2011 - 15:55:52 - [0,949] ----D C:\Program Files (x86)\Coupish
O43 - CFD: 19/05/2013 - 22:02:32 - [0] ----D C:\Program Files (x86)\dumps
O43 - CFD: 20/05/2011 - 22:21:50 - [10,281] ----D C:\Program Files (x86)\islim 310
O43 - CFD: 19/05/2011 - 20:11:45 - [7,186] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 07/05/2013 - 08:01:56 - [0,765] ----D C:\Program Files (x86)\uTorrent
O43 - CFD: 21/01/2012 - 15:12:48 - [0,000] ----D C:\ProgramData\ESL Wire
O43 - CFD: 16/12/2012 - 12:29:35 - [0] ----D C:\Users\D\AppData\Roaming\Carbon
O43 - CFD: 30/07/2011 - 15:41:00 - [0,204] ----D C:\Users\D\AppData\Roaming\Sites
O43 - CFD: 18/05/2013 - 17:15:39 - [9,323] ----D C:\Users\D\AppData\Roaming\uTorrent
O43 - CFD: 23/01/2012 - 18:31:11 - [0,907] ----D C:\Users\D\AppData\Local\ESL Wire Game Client
O43 - CFD: 25/12/2012 - 15:24:13 - [0,303] ----D C:\Users\D\AppData\Local\GS-LW-Temp
O43 - CFD: 28/03/2013 - 21:27:04 - [0] --HAD C:\Users\D\AppData\Local\noNYHC1PQiJt
O43 - CFD: 06/09/2011 - 21:58:26 - [0] ----D C:\Users\D\AppData\Local\uTorrent
~ Program Folder: 280 Legitimates Scanned in 01mn 48s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.745C70A8A794B559E2BC9679818498AE] - 02/09/2013 - 20:44:57 ---A- . (...) -- C:\RstHosts.txt [680]
O44 - LFC:[MD5.6C20D8881C550A4F7394047D80621156] - 02/09/2013 - 11:54:03 ---A- . (...) -- C:\log2.txt [115]
O44 - LFC:[MD5.2D8BF125A8C7C7F9C539D72C0D32597C] - 29/08/2013 - 17:41:08 ---A- . (...) -- C:\UsbFix [Clean 4] PC-DE-D.txt [23134]
O44 - LFC:[MD5.5BC3E10273210D934FA68E1E8B042264] - 28/08/2013 - 12:45:31 ----- . (...) -- C:\UsbFix [Scan 5] PC-DE-D.txt [16787]
O44 - LFC:[MD5.754F1C0FC39AA5AE6F8B2AA82501DE34] - 25/08/2013 - 15:18:35 ----- . (...) -- C:\UsbFix [Clean 3] PC-DE-D.txt [47912]
O44 - LFC:[MD5.CD4947A4CFD9205D010B91F0DD29D1E2] - 25/08/2013 - 15:13:08 ----- . (...) -- C:\UsbFix [Scan 4] PC-DE-D.txt [16200]
O44 - LFC:[MD5.731D3D7F2414CAD3BE52AAC5067E532A] - 07/08/2013 - 22:32:03 ----- . (...) -- C:\UsbFix [Clean 2] PC-DE-D.txt [47383]
O44 - LFC:[MD5.C4DFED004EACA831DA7975D2E8E1484D] - 07/08/2013 - 22:30:05 ----- . (...) -- C:\UsbFix [Scan 3] PC-DE-D.txt [16035]
O44 - LFC:[MD5.FFB012AD70C6A298D340BD37408D4A07] - 05/08/2013 - 15:10:57 ----- . (...) -- C:\UsbFix [Clean 1] PC-DE-D.txt [23595]
O44 - LFC:[MD5.7124A435EDC9B24B4D87ADAA5C7CB838] - 05/08/2013 - 15:00:23 ----- . (...) -- C:\UsbFix [Scan 2] PC-DE-D.txt [17585]
~ Files: 87 Legitimates Scanned in 00mn 05s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.4611589D3C0869BD7547EAD0E6C034B5] - 02/09/2013 - 11:56:40 ---A- - C:\Windows\Prefetch\RICHVI~1.EXE-4ABD8B87.pf
O45 - LFCP:[MD5.E347D9262AA05A3E11E774CE759183FF] - 02/09/2013 - 12:49:09 ---A- - C:\Windows\Prefetch\HPHC_SCHEDULER.EXE-9CA193C9.pf
O45 - LFCP:[MD5.A6942BEA21010B123370D8E39CA0B967] - 02/09/2013 - 16:46:13 ---A- - C:\Windows\Prefetch\PMB.EXE-C5A7F854.pf
O45 - LFCP:[MD5.E43853E21A95A34E51A27DA6279A22E1] - 02/09/2013 - 17:13:55 ---A- - C:\Windows\Prefetch\SC2SWITCHER.EXE-72371F9A.pf
O45 - LFCP:[MD5.BEDB24F2FF10185952FDEF7FC8C5DBEB] - 02/09/2013 - 17:13:56 ---A- - C:\Windows\Prefetch\SC2.EXE-2B6AD48D.pf
O45 - LFCP:[MD5.9ED4161630954602F8793F8E615977F7] - 02/09/2013 - 20:44:54 ---A- - C:\Windows\Prefetch\RSTHOSTS.EXE-FC264D40.pf
~ Prefetcher: 99 Legitimates Scanned in 00mn 00s
---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 7 Legitimates Scanned in 00mn 00s
---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 13 Legitimates Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{0f6d2ea1-0ef0-11e3-93e2-00ff01000001}\AutoRun\command. (...) -- G:\autorun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 4 Legitimates Scanned in 00mn 00s
---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 18 Legitimates Scanned in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 8 Legitimates Scanned in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.F14215E37CF124104575073F782111D2] - 21/01/2008 - 03:46:53 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [486456]
O58 - SDL:[MD5.1E6438D4EA6E1174A3B3B1EDC4DE660B] - 18/03/2009 - 16:35:42 --HA- . (.LogMeIn, Inc. - Hamachi Virtual Network Interface Driver.) -- C:\Windows\System32\hamachi.sys [33856]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 01/09/2013 - 11:53:34 ---A- C:\Users\D\AppData\Roaming\Media Player Classic\default.mpcpl [77]
O61 - LFC: 02/09/2013 - 12:46:50 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [268187]
O61 - LFC: 02/09/2013 - 16:46:04 ---A- C:\Users\D\AppData\Local\PMB Files\cert\secmod.db [16384]
O61 - LFC: 02/09/2013 - 17:16:06 ---A- C:\Users\D\AppData\Local\PMB Files\pando.save [851]
O61 - LFC: 02/09/2013 - 17:16:07 ---A- C:\Users\D\AppData\Local\PMB Files\cert\cert8.db [65536]
O61 - LFC: 02/09/2013 - 17:16:07 ---A- C:\Users\D\AppData\Local\PMB Files\cert\key3.db [16384]
O61 - LFC: 02/09/2013 - 20:46:39 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\Local State [41941]
O61 - LFC: 02/09/2013 - 20:46:39 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_pnacl_json [379]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtbeginS_o [2432]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o [2008]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o [2120]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtendS_o [1343]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o [1342]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_ld_nexe [2221512]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a [6416]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a [46812]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_eh_a [234888]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a [167354]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a [1710]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe [8944040]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\manifest.fingerprint [66]
O61 - LFC: 30/08/2013 - 12:31:44 ---A- C:\Users\D\AppData\Local\Google\Chrome\User Data\pnacl\0.1.0.11755\manifest.json [575]
O61 - LFC: 30/08/2013 - 15:03:35 ---A- C:\Users\D\CV Thomas VINCE.doc [413696]
O61 - LFC: 31/08/2013 - 14:06:10 ---A- C:\Users\D\Downloads\ZHPDiag2(1).exe [5074768]
~ 1 Fichiers temporaires (Temporary files)
~ Files: 262 Legitimates Scanned in 00mn 17s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - SosVirus.net.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 28/11/2011 - C:\Windows\system32\drivers\ESLWireACD.sys (ESLWireAC) .(.
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (SRTSP) .(...) - LEGACY_SRTSP
O64 - Services: CurCS - ??\??\???? - Pas de propri�taire (SRTSPX) .(...) - LEGACY_SRTSPX
~ Legacy: 84 Legitimates Scanned in 00mn 01s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 21 Legitimates Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {37C5A1D9-DC2B-4C82-A911-64F4C83E0F96} - (Yahoo!) - http://fr.search.yahoo.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 31 Legitimates Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.262BB712BB373AA91888FBD36BC101A9] [SPRF][08/08/2012] (...) -- C:\ProgramData\nvModes.dat [56499]
[MD5.01145E4C20F362FCED9078B0B7DAEB6C] [SPRF][12/02/2013] (...) -- C:\Users\D\AppData\Local\d3d9caps.dat [680]
[MD5.02A2128B3D3575C8050CA3EF3CC7E2A7] [SPRF][21/04/2013] (...) -- C:\Users\D\AppData\Roaming\wklnhst.dat [848]
[MD5.F7AF924D0D951FF8F7B05AD2E4FF50D3] [SPRF][01/09/2013] (...) -- C:\Users\D\Desktop\adwcleaner.exe [994642]
[MD5.A77C1DCDE677571807CEBFDC3357EA87] [SPRF][01/09/2013] (.Thisisu - Junkware Removal Tool.) -- C:\Users\D\Desktop\JRT.exe [1027511]
[MD5.0A170D9B50B29C5209248D95417C16DA] [SPRF][02/09/2013] (...) -- C:\Users\D\Desktop\rsthosts.exe [353632]
[MD5.E79F77AB73F46E9760C199C2DE8FCB5C] [SPRF][05/08/2013] (.El Desaparecido - SosVirus.net - UsbFix - Remove malware from yours drive!.) -- C:\Users\D\Desktop\usbfix.exe [1030081]
[MD5.3317698F2090DD811F0AA93190E13C82] [SPRF][05/03/2005] (.Microsoft Corporation - Microsoft GDI+.) -- C:\Windows\Downloaded Program Files\gdiplus.dll [1706800]
[MD5.55A78B0E5AE741DDE96E2D9345602F5F] [SPRF][05/03/2005] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\Windows\Downloaded Program Files\IDropENU.dll [114848]
~ Files: Scanned in 00mn 00s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{98272926-B5E0-4FB3-9423-0A23D23D1872}" | In - None - P17 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "TCP Query User{2E78396A-9E35-46C9-8E99-95B7F0D7CC9F}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe (.not file.)
O87 - FAEL: "UDP Query User{94973952-4977-49FE-979E-CFBF270729E5}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe (.not file.)
O87 - FAEL: "TCP Query User{5E6CDFEF-48EC-46A6-9403-2CE8B1945AA6}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe (.not file.)
O87 - FAEL: "UDP Query User{0403306C-1167-414C-9EFC-BFEEF9705ECE}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe (.not file.)
O87 - FAEL: "TCP Query User{2E1753EC-5D96-43E1-9D9E-8E6B39185A9A}C:\program files (x86)\mirc\mirc.exe" | In - Private - P6 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\program files (x86)\mirc\mirc.exe
O87 - FAEL: "UDP Query User{A1DB468A-BE58-48F4-8EA6-B9D0DD3E1A11}C:\program files (x86)\mirc\mirc.exe" | In - Private - P17 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\program files (x86)\mirc\mirc.exe
O87 - FAEL: "TCP Query User{6A3544EA-8CA3-420E-96C0-E004AA326361}C:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe (.not file.)
O87 - FAEL: "UDP Query User{0E2529BC-08E9-45DC-94E7-79B11BC82C75}C:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\konami\pro evolution soccer 2010\pes2010.exe (.not file.)
O87 - FAEL: "TCP Query User{04DA2681-EFBC-4AE3-8FAC-8F21943D6E94}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe (.not file.)
O87 - FAEL: "UDP Query User{C670AA7D-7B99-4CE5-9B35-F2D731438FEF}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe (.not file.)
O87 - FAEL: "{78C6898F-1852-40B7-A8CC-006749527044}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - �Torrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
O87 - FAEL: "{D3192925-2025-4070-8032-E36593085328}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - �Torrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
O87 - FAEL: "{629A238F-634F-41F7-8458-3DFA4B4FB432}" | In - None - P17 - TRUE | .(.Turtle Entertainment GmbH - ESL Wire Gaming Client.) -- C:\Program Files\EslWire\wire.exe
O87 - FAEL: "{37939B3F-6453-4B1A-B8C8-4AF89CBC54EE}" | Out - None - P17 - TRUE | .(.Turtle Entertainment GmbH - ESL Wire Gaming Client.) -- C:\Program Files\EslWire\wire.exe
O87 - FAEL: "TCP Query User{3B9E7C94-DDDA-4F8F-9E57-B63B8DF73752}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe (.not file.)
O87 - FAEL: "UDP Query User{118E53A6-7C7B-4A05-9F90-C462B2869805}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe (.not file.)
O87 - FAEL: "TCP Query User{09C7D4D9-C447-4BBE-B194-7ABBF50A0078}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe (.not file.)
O87 - FAEL: "UDP Query User{98463F92-4FD7-48A8-9AFE-7E958D5FD769}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe (.not file.)
O87 - FAEL: "{8EFE2B77-C63D-454F-ABEA-FA3AE282D046}" | In - Domain - P6 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{72EFD6A1-945A-4C41-A704-D4A25E7F1A62}" | In - Domain - P17 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{62B00723-4738-450E-8B37-56EFB3AE86C1}" | In - Private - P6 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{3353028A-33B7-4F4F-A7CE-921D520E3AE2}" | In - Private - P17 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{D114F259-9600-4D51-B4E8-717444546EC9}" | In - None - P17 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "TCP Query User{14F9EBEB-B00A-472B-8C31-25BEBC97202E}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe (.not file.)
O87 - FAEL: "UDP Query User{BC90C3C2-C7F8-4604-B86B-1E9FB359BAAA}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe (.not file.)
O87 - FAEL: "TCP Query User{23B94E98-7C62-4AED-998E-E22042B28719}C:\program files (x86)\mirc\mirc.exe" | In - Public - P6 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\program files (x86)\mirc\mirc.exe
O87 - FAEL: "UDP Query User{CD09A114-312F-4A8B-B4D8-766BB9706ED8}C:\program files (x86)\mirc\mirc.exe" | In - Public - P17 - TRUE | .(.mIRC Co. Ltd. - mIRC.) -- C:\program files (x86)\mirc\mirc.exe
O87 - FAEL: "{9BE0ECB0-1AC4-46FA-A2A1-6F2FD4E5EFF4}" | In - Public - P6 - FALSE | .(.Graphisoft R&D - ArchiCAD 14.0.0 Component.) -- C:\Program Files (x86)\Graphisoft\ArchiCAD 14\ArchiCAD.exe
O87 - FAEL: "{9E5152BB-1409-40D8-90F0-9F6E37A1B3FC}" | In - Public - P17 - FALSE | .(.Graphisoft R&D - ArchiCAD 14.0.0 Component.) -- C:\Program Files (x86)\Graphisoft\ArchiCAD 14\ArchiCAD.exe
O87 - FAEL: "TCP Query User{7F6FD333-0C6E-4080-BDD8-CA3C680898BA}C:\program files (x86)\graphisoft\archicad 14\archicad.exe" | In - Private - P6 - TRUE | .(.Graphisoft R&D.) -- C:\program files (x86)\graphisoft\archicad 14\archicad.exe
O87 - FAEL: "UDP Query User{AECB15CD-41C1-4FE3-A4AC-0E81AFB2E5AE}C:\program files (x86)\graphisoft\archicad 14\archicad.exe" | In - Private - P17 - TRUE | .(.Graphisoft R&D.) -- C:\program files (x86)\graphisoft\archicad 14\archicad.exe
O87 - FAEL: "TCP Query User{03A580E0-4792-499F-A476-792BF4D12855}C:\program files (x86)\relevantknowledge\rlvknlg.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\relevantknowledge\rlvknlg.exe (.not file.)
O87 - FAEL: "UDP Query User{87EE7EB1-94BD-4CD7-BD44-460B3A3CF993}C:\program files (x86)\relevantknowledge\rlvknlg.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\relevantknowledge\rlvknlg.exe (.not file.)
~ Firewall: 367 Legitimates Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : v2.11523 - (13/04/2013)
Cl�s trouv�es (Keys found) : 0
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0
~ Additionnel: Scanned in 00mn 32s
---\\ Product Upgrade Codes (O90)
~ Update Products: 112 Legitimates Scanned in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 19/07/2011 72704 | (Adobe LM Service) . (.Adobe Systems.) - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
SR - | Auto 27/07/2012 63960 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 24/08/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 24/10/2011 55144 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 04/07/2013 4939312 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
SR - | Auto 23/07/2013 283136 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe
SR - | Auto 27/08/2009 1253376 | (Fabs) . (.MAGIX AG.) - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
SS - | Demand 07/08/2008 3276800 | (FirebirdServerMAGIXInstance) . (.MAGIX�.) - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
SS - | Demand 09/12/2008 242424 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SS - | Auto 05/05/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 05/05/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 10/12/2012 2465712 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SS - | Auto 04/12/2008 94208 | (HP Health Check Service) . (.Hewlett-Packard.) - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 149872 | (InstallClick) . (...) - C:\Program Files (x86)\RIFT Technologies\InstallClick Connector\installclick.exe
SR - | Demand 16/01/2012 934760 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 01/04/2009 265216 | (jswpbapi) . (.Atheros Communications, Inc..) - C:\Program Files (x86)\Jumpstart\jswpbapi.exe
SS - | Demand 01/04/2009 954368 | (jswpsapi) . (.Atheros Communications, Inc..) - C:\Program Files (x86)\Jumpstart\jswpsapi.exe
SR - | Auto 17/03/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SS - | Auto 0 | (mi-raysat_3dsmax9_32) . (...) - C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
SS - | Demand 01/09/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 0 | (Norton Internet Security) . (...) - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
SR - | Auto 18/01/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SS - | Auto 03/12/2012 1259880 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 0 | (PnkBstrB) . (...) - C:\Windows\system32\PnkBstrB.exe
SR - | Auto 38608 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 16/03/2011 407336 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Auto 21/01/2008 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 168864 | (WireHelpSvc) . (...) - C:\Program Files\Common Files\WireHelpSvc.exe
SR - | Auto 03/12/2009 587264 | (WkSvw32.exe) . (.WIBU-SYSTEMS AG.) - C:\Program Files (x86)\WIBUKEY\Server\WkSvw32.exe
SS - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 21/01/2008 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by D at 02/09/2013 21:54:55
device: opened successfully
user: error reading MBR
Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR
~ MBR: 9 Legitimates Scanned in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by D at 02/09/2013 21:54:57
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 1953 Legitimates filtered by white list
End of the scan (689 lines in 06mn 14s)(0)