Rapport de ZHPDiag v2013.4.5.28 par Nicolas Coolman, Update du 05/04/2013 Run by Thibaut at 06/04/2013 19:08:23 State : Version à jour. High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v10.0.9200.16519 MFIE: Mozilla Firefox 19.0.2 v19.0.2 (Defaut) GCIE: Google Chrome v26.0.1410.43 ---\\ Windows Product Information ~ Langage: Français Windows 8 Business Edition, 64-bit (Build 9200) Windows Server License Manager Script : OK ~ ion : Windows(R) Operating System, RETAIL channel Windows ID Activation : OK ~ Windows Partial Key : DRPM3 Windows License : OK ~ Windows Remaining Initializations Number : 1000 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Information ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 6054 MB (71% free) System Restore: Activé (Enable) System drive C: has 48 GB (23%) free of 210 GB ---\\ Logged in mode ~ Computer Name: PORTABLETHIBAUT ~ User Name: Thibaut ~ All Users Names: UpdatusUser, Thibaut, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\Thibaut\AppData\Roaming\ ~ %Desktop% : C:\Users\Thibaut\Desktop\ ~ %Favorites% : C:\Users\Thibaut\Favorites\ ~ %LocalAppData% : C:\Users\Thibaut\AppData\Local\ ~ %StartMenu% : C:\Users\Thibaut\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 48 Go of 210 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 10 Go of 221 Go) E:\ CD-ROM drive (Not Inserted) F:\ CD-ROM drive (Not Inserted) G:\ Hard drive, Flash drive, Thumb drive (Free 24 Go of 165 Go) I:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.E13A31D5254C25406A7946BDD9B06364] - (.Microsoft Corporation - Explorateur Windows.) (.11/10/2012 - 08:35:16.) -- C:\Windows\Explorer.exe [2380944] [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608] [MD5.2769AF459DDA7140B73227C31DCE61BD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.04/02/2013 - 23:39:47.) -- C:\Windows\System32\wininet.dll [2246656] [MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120] [MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408] [MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640] [MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840] [MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544] [MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080] [MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784] [MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168] [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640] [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920] [MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688] [MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776] [MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544] [MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984] [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928] [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712] [MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248] [MD5.2FB3CDFD5EAF4CD9D4AFAF96877D13AE] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.26/07/2012 - 05:57:09.) -- C:\Windows\system32\Drivers\volsnap.sys [332016] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/2119 ~ Mes musiques (My Musics) : 4/9653 ~ Mes Videos (My Videos) : 1/2 ~ Mes Favoris (My Favorites) : 1/9 ~ Mes Documents (My Documents) : 1/7436 ~ Mon Bureau (My Desktop) : 4/81 ~ Menu demarrer (Programs) : 1/44 ~ Hidden Files: Scanned in 00mn 05s ---\\ Processus lancés [MD5.DF2B67EBB5DB11B6AC7C5775F2582DD2] - (.Uniblue Systems Ltd - Uniblue SpeedUpMyPC Monitor.) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [26600] [PID.3276] [MD5.DE3B04D5AF8A1578F5430697546EB157] - (.ASUSTeK Computer Inc. - LiveUpdate.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1545856] [PID.3304] [MD5.88155D3D23CA8A1DFB1F45EE3E4C8DF8] - (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe [969104] [PID.4324] [MD5.FD7D691C7D35AA382E89F74BC150CA44] - (.deveject.com - Dev Eject.) -- C:\Program Files (x86)\DevEject\deveject.exe [372736] [PID.4552] [MD5.359DA4C5F1D222A300477D0C81CF263E] - (.Hobbyist Software - VLC Streamer Configuration.) -- C:\Program Files (x86)\VLC Streamer\VLC Streamer Configuration.exe [1656344] [PID.4644] [MD5.308576AF56976E6B5DB2830BFA79B1A2] - (.deveject.com - Crash Reporter.) -- C:\Program Files (x86)\DevEject\crashreporter.exe [73728] [PID.4744] [MD5.5BB1F77C8AF725A15EC9366498D275BB] - (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992] [PID.4840] [MD5.083649EF692A066880C9326020915AFE] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4297136] [PID.4848] [MD5.BF2F2717C13A4BD4FD73F2788534E86B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [917400] [PID.4492] [MD5.7EE22E13DEC8A6D18F4643C1EA34B0F0] - (.Virage Logic Corporation / Sonic Focus - ASUS_MATray.exe.) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400] [PID.164] [MD5.AA6844A5127ED4B20DF6D313467B929D] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.5728] [MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe [1822424] [PID.5804] [MD5.5871EEBE3620F16FFD550CB57723FE5A] - (...) -- C:\Program Files (x86)\GreedyTorrent\GTor.exe [2526661] [PID.6056] [MD5.A423D8E65A1359327EA9B85F88529E0D] - (.RemoteMouse.net - Remote Mouse.) -- C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [66048] [PID.6108] [MD5.6E5876A0BBCD9146A4DB62C68BB99EE6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6493184] [PID.5768] [MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536] [PID.1292] [MD5.7910158929571214A959D5A6D16DD9C0] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896] [PID.1416] [MD5.8FA553E9AE69808D99C164733A0F9590] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808] [PID.1508] [MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1896] [MD5.FC63BF89AEF75788C5F782017426D9CA] - (.Melloware Inc - Intelliservice.) -- C:\Program Files (x86)\Intelliremote\Intelliservice.exe [118784] [PID.1756] [MD5.1ACAA67676E9E7BDA5E0C41B6E0DECAF] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184] [PID.2184] [MD5.E4B976BBA2661E8FCA283FC48F7EFBEE] - (.ASUS - SmartLogon Application.) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe [653952] [PID.2976] [MD5.563206BA66F0170735096AA74CA0F682] - (.ASUS - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [166528] [PID.3332] [MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe [2488888] [PID.3428] [MD5.AA11E1368EEB237DD100BAC6AFFE1C57] - (.ASUS - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe [113208] [PID.3440] [MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe [174648] [PID.3456] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Thibaut\AppData\Local\Google\Chrome\User Data\Default\Preferences G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com G0 - GCSP: Preference [User Data\Default] http://www.google.com ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Thibaut\AppData\Roaming\Mozilla\Firefox\Profiles\qjvahjiy.default\prefs.js M3 - MFPP: Plugins - [Thibaut] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\amazon-france.xml M3 - MFPP: Plugins - [Thibaut] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\bing.xml M3 - MFPP: Plugins - [Thibaut] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml M3 - MFPP: Plugins - [Thibaut] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\eBay-france.xml M3 - MFPP: Plugins - [Thibaut] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [Thibaut] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-fr.xml M3 - MFPP: Plugins - [Thibaut] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo-france.xml M0 - MFSP: prefs.js [Thibaut - qjvahjiy.default] about:newtab M2 - MFEP: prefs.js [Thibaut - qjvahjiy.default\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}] [WOT] WOT v20130402 (.WOT Services Oy.) M2 - MFEP: prefs.js [Thibaut - qjvahjiy.default\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}] [dwhelper] DownloadHelper v4.9.14 (.Michel Gutierrez.) M2 - MFEP: prefs.js [Thibaut - qjvahjiy.default\{e001c731-5e37-4538-a5cb-8168736a2360}] [] Bitdefender QuickScan v0.9.9.119 (.Echipa R&D Bitdefender.) P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll P2 - FPN: [HKLM] [@divx.com/DivX VOD Helper,version=1.0.0] - (.DivX, LLC. - DivX VOD Helper Plug-in.) -- C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.10.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\WINDOWS\system32\npDeployJava1.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.10.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.10.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll P2 - FPN: [HKLM] [@ma-config.com/HardwareDetection] - (.Cybelsoft - Plugin NPAPI Ma-Config.com # win64 # 6.5.0.3.) -- C:\Program Files\ma-config.com\x64\nphardwaredetection.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20125.0.) -- C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (.Unity Technologies ApS - Unity Player 4.1.2f1.) -- C:\Users\Thibaut\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll ~ Firefox Browser: Scanned in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (10.00.9200.16384 (win8_rtm.120725-1247)) -- C:\Windows\SysWOW64\ieframe.dll ~ IE Browser: Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 96 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Google Dictionary Compression sdch [64Bits] - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} . (.Google Inc. - Fast Search.) -- C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll ~ BHO: 8 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [StartupDelayer] . (.r2 Studios - Startup Launcher.) -- C:\Program Files\Startup Delayer\Startup Launcher.exe O4 - HKLM\..\Run: [OODefragTray] . (.O&O Software GmbH - O&O Defrag TrayIcon (x64).) -- C:\Program Files\OO Software\Defrag\oodtray.exe O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe O4 - HKCU\..\Run: [DevEject] . (.deveject.com - Dev Eject.) -- C:\Program Files (x86)\DevEject\deveject.exe O4 - HKCU\..\Run: [Hobbyist Software VLC Streamer] . (.Hobbyist Software - VLC Streamer Configuration.) -- C:\Program Files (x86)\VLC Streamer\VLC Streamer Configuration.exe O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKUS\S-1-5-21-3974231373-3658692666-1483637157-1002\..\Run: [uTorrent] . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe O4 - HKUS\S-1-5-21-3974231373-3658692666-1483637157-1002\..\Run: [DevEject] . (.deveject.com - Dev Eject.) -- C:\Program Files (x86)\DevEject\deveject.exe O4 - HKUS\S-1-5-21-3974231373-3658692666-1483637157-1002\..\Run: [Hobbyist Software VLC Streamer] . (.Hobbyist Software - VLC Streamer Configuration.) -- C:\Program Files (x86)\VLC Streamer\VLC Streamer Configuration.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop: PhotoFiltre Studio X.lnk . (.PhotoFiltre - PhotoFiltre Studio X.) -- C:\Program Files (x86)\PhotoFiltre Studio X\pfstudiox.exe O4 - Global Startup: C:\Documents And Settings\Thibaut\Desktop\100 Greatest Reggae Artists.URL . (.PhotoFiltre - PhotoFiltre Studio X.) -- C:\Documents And Settings\Thibaut\Desktop\100 Greatest Reggae Artists.URL O4 - GS\Desktop: Baterrylife.lnk . (.Microsoft Corporation - Outil de ligne de commande des paramètres d.) -- C:\Windows\System32\powercfg.exe O4 - Global Startup: C:\Documents And Settings\Thibaut\Desktop\croix du sud- 6p.URL . (.Microsoft Corporation - Outil de ligne de commande des paramètres d.) -- C:\Documents And Settings\Thibaut\Desktop\croix du sud- 6p.URL O4 - GS\Desktop: DragonWar.exe - Raccourci.lnk . (.DragonWar Private Server - Client Cataclysm pour DragonWar.) -- D:\Games\DragonWar.fr-4.0.6a\DragonWar.exe O4 - GS\Desktop: Entertainment.lnk . (.Microsoft Corporation - Outil de ligne de commande des paramètres d.) -- C:\Windows\System32\powercfg.exe O4 - GS\Desktop: High Performance.lnk . (.Microsoft Corporation - Outil de ligne de commande des paramètres d.) -- C:\Windows\System32\powercfg.exe O4 - GS\Desktop: Ma musique - Raccourci.lnk . (...) -- C:\Users\Thibaut\Music O4 - GS\Desktop: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe O4 - GS\Desktop: Options d’alimentation - Raccourci.lnk - Clé orpheline O4 - Global Startup: C:\Documents And Settings\Thibaut\Desktop\Passage dinandiers.URL . (...) -- C:\Documents And Settings\Thibaut\Desktop\Passage dinandiers.URL O4 - GS\Desktop: Quiet Office.lnk . (.Microsoft Corporation - Outil de ligne de commande des paramètres d.) -- C:\Windows\System32\powercfg.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5) ~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~3\Office14\ONBttnIE.dll (.not file.) O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~3\Office14\ONBTTN~1.dll (.not file.) ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) ~ Winsock: 7 Legitimates Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{82001075-F2E5-4D2B-A39E-9AEC71332B2E}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{9CDC11B7-716E-4E9B-93DC-C92D751468AF}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{EA6B6E52-9652-4F1E-8F26-10658391B8A4}: DhcpNameServer = 81.169.62.171 81.169.62.171 O17 - HKLM\System\CCS\Services\Tcpip\..\{82001075-F2E5-4D2B-A39E-9AEC71332B2E}: DhcpDomain = Belkin O17 - HKLM\System\CS1\Services\Tcpip\..\{82001075-F2E5-4D2B-A39E-9AEC71332B2E}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{9CDC11B7-716E-4E9B-93DC-C92D751468AF}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{EA6B6E52-9652-4F1E-8F26-10658391B8A4}: DhcpNameServer = 81.169.62.171 81.169.62.171 O17 - HKLM\System\CS1\Services\Tcpip\..\{82001075-F2E5-4D2B-A39E-9AEC71332B2E}: DhcpDomain = Belkin O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 306.) - C:\Windows\system32\nvinitx.dll ~ AppInit DLL: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) ~ SSODL: 1 Legitimates Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Intelliservice (Intelliservice) . (.Melloware Inc - Intelliservice.) - C:\Program Files (x86)\Intelliremote\Intelliservice.exe O23 - Service: Airytec Switch Off - Task Scheduler (SwOffScheduler) . (.Airytec - Airytec Switch Off.) - C:\Program Files\Switch Off\swoff.exe O23 - Service: Airytec Switch Off - Web Interface (SwOffWeb) . (.Airytec - Airytec Switch Off.) - C:\Program Files\Switch Off\swoff.exe O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) . (.Intel(R) Corporation - Turbo Boost Monitor Service.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (.not file.) ~ Services: 16 Legitimates Scanned in 00mn 19s ---\\ Enumération Active Desktop & MHTML Editor (O24) ~ Desktop Component: 1 Legitimates Scanned in 00mn 00s ---\\ BootExecute (O34) O34 - HKLM BootExecute: (OODBS) (.O&O Software GmbH - O&O BootTimeDefrag (x64).) -- C:\Windows\System32\OODBS.exe ~ BEX: 2 Legitimates Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\spmonitor.job [372] [MD5.DF2B67EBB5DB11B6AC7C5775F2582DD2] [APT] [spmonitor] (.Uniblue Systems Ltd.) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [26600] [MD5.00000000000000000000000000000000] [APT] [{0B66A9A4-A391-4EDA-810E-114049D64956}] (...) -- E:\setup.exe (.not file.) [0] [MD5.0AFF05643FF40DC055A84207AFCFDD3D] [APT] [{51517D0C-7433-4A7E-9895-FC1F16940AAC}] (...) -- C:\Program Files (x86)\Netcom\Uninstal.exe [74981] [MD5.C52089B2F792D191DDB0D71CD00718C5] [APT] [{D0BB5DDC-835F-483B-BEA8-B93B1FA64973}] (.InstallShield Software Corporation.) -- C:\Users\Thibaut\Downloads\Programmes\compteur\SETUP.exe [60416] [MD5.00000000000000000000000000000000] [APT] [{D3F9E288-E18A-43BC-88B0-F9CEC2FACBA2}] (...) -- C:\Users\Thibaut\Downloads\Programmes\CollectionFilm\setup.exe (.not file.) [0] ~ Scheduled Task: 24 Legitimates Scanned in 00mn 06s ---\\ Composants installés (ActiveSetup Installed Components) (O40) ~ Active Setup: 9 Legitimates Scanned in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) ~ Drivers: 44 Legitimates Scanned in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin O42 - Logiciel: Airytec Switch Off - (.Airytec.) [HKLM][64Bits] -- Airytec Switch Off O42 - Logiciel: Ant Renamer - (.Ant Software.) [HKLM][64Bits] -- Ant Renamer 2_is1 O42 - Logiciel: Dev Eject - (.deveject.com.) [HKLM][64Bits] -- {DAFFE086-6A05-46F1-90A3-E5C514AA02D7} O42 - Logiciel: Intelliremote 2.8.4.921 - (.Melloware.) [HKLM][64Bits] -- Intelliremote_2.0 O42 - Logiciel: Java 7 Update 10 (64-bit) - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F86417010FF} O42 - Logiciel: Java 7 Update 9 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217007FF} O42 - Logiciel: NetWorx 5.2.5 - (.Softperfect Research.) [HKLM][64Bits] -- NetWorx_is1 O42 - Logiciel: Split/Second - (.Disney Interactive Studios.) [HKLM][64Bits] -- {28526951-55EF-4901-A0CA-B9AC966D1DD1} O42 - Logiciel: Startup Delayer v3.0 (build 326) - (.r2 Studios.) [HKLM][64Bits] -- Startup Delayer O42 - Logiciel: VLC Amigo Setup - (.HexBeerium.) [HKLM][64Bits] -- {35DB55A3-F491-4902-934A-B32F0035455D} O42 - Logiciel: VLC Setup Helper - (...) [HKLM][64Bits] -- VLC Setup Helper_is1 O42 - Logiciel: VLC Streamer 3.21 - (...) [HKLM][64Bits] -- VLC Streamer_is1 O42 - Logiciel: VNC Mirror Driver 1.8.0 - (.RealVNC Ltd..) [HKLM][64Bits] -- VNCMirror_is1 O42 - Logiciel: VNC Printer Driver 1.8.0 - (.RealVNC Ltd..) [HKLM][64Bits] -- VNCPrinter_is1 O42 - Logiciel: VNC Server 5.0.3 - (.RealVNC Ltd.) [HKLM][64Bits] -- RealVNC_is1 O42 - Logiciel: VNC Viewer 5.0.3 - (.RealVNC Ltd.) [HKLM][64Bits] -- RealVNCViewer_is1 O42 - Logiciel: avast! Free Antivirus v7.0.1474.0 - (.AVAST Software.) [HKLM][64Bits] -- avast O42 - Logiciel: µTorrent - (...) [HKLM][64Bits] -- uTorrent ~ Logic: 161 Legitimates Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Airytec] [HKCU\Software\BitTorrent] [HKCU\Software\Bump Technologies, Inc.] [HKCU\Software\Funduc Software Inc.] [HKCU\Software\HexBeerium] [HKCU\Software\Hobbyist Software] [HKCU\Software\Melloware] [HKCU\Software\NAIVO] [HKCU\Software\Netcom] [HKCU\Software\RBSoft] [HKCU\Software\RemoteMouse.net] [HKCU\Software\SteamMover] [HKCU\Software\XunK Entertainment] [HKCU\Software\deveject.com] [HKCU\Software\r2 Studios] [HKLM\Software\Airytec] [HKLM\Software\Wow6432Node\HexBeerium] [HKLM\Software\Wow6432Node\InstallIQ] [HKLM\Software\Wow6432Node\Luxand] [HKLM\Software\Wow6432Node\Melloware] [HKLM\Software\Wow6432Node\Pro-SoftNet] [HKLM\Software\Wow6432Node\netcom] [HKLM\Software\Wow6432Node\r2 Studios] ~ Key Software: 282 Legitimates Scanned in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 03/12/2012 - 12:39:30 - [79,507] ----D C:\Program Files (x86)\ Partition Master O43 - CFD: 27/08/2012 - 17:58:03 - [2,988] ----D C:\Program Files (x86)\Ant Renamer O43 - CFD: 06/11/2012 - 00:23:53 - [1,318] ----D C:\Program Files (x86)\Compteur Internet O43 - CFD: 15/03/2013 - 15:32:41 - [0,959] ----D C:\Program Files (x86)\DevEject O43 - CFD: 05/12/2012 - 16:50:13 - [68,912] ----D C:\Program Files (x86)\DiskDirector O43 - CFD: 16/11/2012 - 15:42:23 - [5,281] ----D C:\Program Files (x86)\Intelliremote O43 - CFD: 06/11/2012 - 00:49:48 - [0,072] ----D C:\Program Files (x86)\Netcom O43 - CFD: 10/12/2012 - 12:35:10 - [0,924] ----D C:\Program Files (x86)\uTorrent O43 - CFD: 10/11/2012 - 19:04:20 - [0,972] ----D C:\Program Files (x86)\VLC Amigo Setup O43 - CFD: 30/03/2013 - 13:47:37 - [58,642] ----D C:\Program Files (x86)\VLC Streamer O43 - CFD: 29/08/2012 - 12:49:45 - [0,000] ----D C:\ProgramData\Airytec O43 - CFD: 06/11/2012 - 00:31:07 - [0,002] ----D C:\ProgramData\compteur O43 - CFD: 27/08/2012 - 09:55:07 - [0,000] ----D C:\ProgramData\KeyLemon O43 - CFD: 17/12/2012 - 16:56:03 - [1,324] ----D C:\ProgramData\r2 Studios O43 - CFD: 06/11/2012 - 00:38:00 - [0,645] ----D C:\ProgramData\SoftPerfect O43 - CFD: 27/08/2012 - 17:59:34 - [0,000] ----D C:\Users\Thibaut\AppData\Roaming\Airytec O43 - CFD: 26/09/2012 - 17:26:55 - [1,055] ----D C:\Users\Thibaut\AppData\Roaming\Azureus O43 - CFD: 06/12/2012 - 21:26:50 - [19,826] ----D C:\Users\Thibaut\AppData\Roaming\Bump Technologies, Inc O43 - CFD: 15/03/2013 - 15:35:13 - [0,998] ----D C:\Users\Thibaut\AppData\Roaming\DevEject O43 - CFD: 30/03/2013 - 13:48:00 - [208,084] ----D C:\Users\Thibaut\AppData\Roaming\Hobbyist Software O43 - CFD: 16/11/2012 - 15:43:07 - [2,380] ----D C:\Users\Thibaut\AppData\Roaming\Intelliremote O43 - CFD: 27/08/2012 - 10:17:51 - [0] ----D C:\Users\Thibaut\AppData\Roaming\Luxand O43 - CFD: 06/04/2013 - 19:08:52 - [3,080] ----D C:\Users\Thibaut\AppData\Roaming\uTorrent O43 - CFD: 06/12/2012 - 21:26:55 - [0] ----D C:\Users\Thibaut\AppData\Local\Bump Technologies, Inc O43 - CFD: 25/11/2012 - 20:37:06 - [3,746] ----D C:\Users\Thibaut\AppData\Local\Films O43 - CFD: 27/08/2012 - 09:55:08 - [0,217] ----D C:\Users\Thibaut\AppData\Local\KeyLemon O43 - CFD: 12/02/2013 - 21:47:46 - [0,001] ----D C:\Users\Thibaut\AppData\Local\_ O43 - CFD: 04/12/2012 - 01:41:24 - [0,018] ----D C:\Users\Thibaut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intelliremote ~ 4 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 243 Legitimates Scanned in 00mn 13s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.76257B7D99A81720E8521423A67AFC6F] - 06/04/2013 - 17:55:08 ---A- . (...) -- C:\Windows\SysNative\oodbs.lor [788385] O44 - LFC:[MD5.76257B7D99A81720E8521423A67AFC6F] - 06/04/2013 - 17:55:08 RSHAD . (...) -- C:\Windows\System32\oodbs.lor [788385] O44 - LFC:[MD5.6D125569E58DD27C2493E9B491EBB5BC] - 06/04/2013 - 17:53:27 ---A- . (...) -- C:\AdwCleaner[S1].txt [8760] ~ Files: 118 Legitimates Scanned in 00mn 44s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.A9F8995F95248A1285ABB1F861393F58] - 01/04/2013 - 14:04:08 ---A- - C:\Windows\Prefetch\DRAGONWAR.EXE-D09B3099.pf O45 - LFCP:[MD5.65EF5A2635D53E5BEF6FB9A8BA17F329] - 02/04/2013 - 11:13:15 ---A- - C:\Windows\Prefetch\UNLOCKER.EXE-5D284AA7.pf O45 - LFCP:[MD5.EA1BBA04A9618D352C07D819214DEA79] - 03/04/2013 - 16:20:41 ---A- - C:\Windows\Prefetch\LIFEFRAME.EXE-7364DEFD.pf O45 - LFCP:[MD5.8A716A5939F6E999EBFB4225B4AEA4A5] - 04/04/2013 - 00:32:40 ---A- - C:\Windows\Prefetch\SWOFF.EXE-428B90D3.pf O45 - LFCP:[MD5.E48EFCEA53CD5DE63D52425EB1A6BF69] - 04/04/2013 - 00:39:16 ---A- - C:\Windows\Prefetch\dynreservedpri.db O45 - LFCP:[MD5.F8777E8B73BEEE5F19C7D5B40CF8B115] - 04/04/2013 - 08:40:58 ---A- - C:\Windows\Prefetch\DEVEJECT.EXE-A6930678.pf O45 - LFCP:[MD5.DCFD6ED4AA0026E97AAE5A83FA511189] - 04/04/2013 - 14:33:07 ---A- - C:\Windows\Prefetch\SMARTLOGON.EXE-3AB1E568.pf O45 - LFCP:[MD5.7A6CB91371C03A722BB8F33DA3F236BB] - 05/04/2013 - 10:08:15 ---A- - C:\Windows\Prefetch\PDFREADER.EXE-652254A5.pf O45 - LFCP:[MD5.C0AB184BFCB0B0A89FB82AAC1464361A] - 06/04/2013 - 12:30:36 ---A- - C:\Windows\Prefetch\7ZG.EXE-2A7D43BC.pf O45 - LFCP:[MD5.2B1554CEC014CEED2C523720F3F3DF71] - 06/04/2013 - 17:31:22 ---A- - C:\Windows\Prefetch\LAUNCHTM.EXE-280DF42F.pf O45 - LFCP:[MD5.D2A3466AE1531A1151C6DDDD71B739AF] - 06/04/2013 - 17:56:55 ---A- - C:\Windows\Prefetch\VLC STREAMER CONFIGURATION.EX-CC78E5B4.pf O45 - LFCP:[MD5.EA0784B67F6A59D1F6225DD65656478A] - 06/04/2013 - 17:57:26 ---A- - C:\Windows\Prefetch\SYNASUSACPI.EXE-A1220D68.pf O45 - LFCP:[MD5.161BA5E3C6913D7295B085439D613DD4] - 06/04/2013 - 17:57:37 ---A- - C:\Windows\Prefetch\SONICFOCUSTRAY.EXE-3ABEA5CC.pf O45 - LFCP:[MD5.95A985DE7FA4919A079650FF56446D4C] - 06/04/2013 - 17:58:52 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-EE6839DA.pf O45 - LFCP:[MD5.C2066B3CF698C42644CEE71C161F20B8] - 06/04/2013 - 17:59:03 ---A- - C:\Windows\Prefetch\GTOR.EXE-13CF978E.pf O45 - LFCP:[MD5.E3340C325BE7DA9B6A35DC22AC8765A8] - 06/04/2013 - 17:59:04 ---A- - C:\Windows\Prefetch\REMOTEMOUSE.EXE-1933E516.pf O45 - LFCP:[MD5.977B4A93747552ECD19077CEA8D28561] - 07/03/2013 - 14:14:58 ---A- - C:\Windows\Prefetch\TORCHEAPP.EXE-8B0E058B.pf O45 - LFCP:[MD5.FB4B4EF2864E7334ACE12031C5B87F72] - 08/03/2013 - 14:49:37 ---A- - C:\Windows\Prefetch\CRAZYEIGHTS.EXE-8E0F5B3A.pf O45 - LFCP:[MD5.F60C157449E4EF85DB230181EB46FC30] - 09/03/2013 - 19:14:26 ---A- - C:\Windows\Prefetch\YTD.EXE-766EFEBD.pf O45 - LFCP:[MD5.DD847B9EC8CB1698181ECC603B6B235F] - 10/03/2013 - 17:36:05 ---A- - C:\Windows\Prefetch\OUTLOOKCONNECTOR.EXE-704DC471.pf O45 - LFCP:[MD5.A1ED32148C41C6B8EAAACC570FEF3937] - 11/03/2013 - 14:51:53 ---A- - C:\Windows\Prefetch\AUTHHOST.EXE-B8924303.pf O45 - LFCP:[MD5.24389D043A13B96803366B8028B43A85] - 21/03/2013 - 12:58:55 ---A- - C:\Windows\Prefetch\NVCPLUI.EXE-617E0F11.pf O45 - LFCP:[MD5.01F953CF70C0500C03EC1365509AFBD3] - 21/03/2013 - 14:16:16 ---A- - C:\Windows\Prefetch\PFSTUDIOX.EXE-D855ED62.pf O45 - LFCP:[MD5.247968438F042AA53AAE99254905DC25] - 25/03/2013 - 14:33:52 ---A- - C:\Windows\Prefetch\AEFMETRO.EXE-D381E818.pf O45 - LFCP:[MD5.4EA9616DC7F22B4843941270C01D784D] - 26/03/2013 - 18:38:46 ---A- - C:\Windows\Prefetch\SC2EDITOR.EXE-92979FB4.pf O45 - LFCP:[MD5.94D439CA9DB729C2EAE6EBA8209BA18F] - 26/03/2013 - 18:40:29 ---A- - C:\Windows\Prefetch\FLT-SC2HOTS.EXE-15DD2DA1.pf O45 - LFCP:[MD5.0384DEC6780F4666C429B37CCEDFD1AE] - 28/03/2013 - 13:57:51 ---A- - C:\Windows\Prefetch\UNITYWEBPLAYER.EXE-5848D8A0.pf O45 - LFCP:[MD5.4E3BB6EA7AF626E261DB025B8C29C24F] - 29/03/2013 - 10:58:33 ---A- - C:\Windows\Prefetch\RTLWINDOWS8.EXE-9521BA36.pf O45 - LFCP:[MD5.5872461ECBDB809DC9F63488ADA27E86] - 29/03/2013 - 11:25:57 ---A- - C:\Windows\Prefetch\WORLD_POPULATION_CLOCK_METRO.-466AC170.pf O45 - LFCP:[MD5.307706517C910F71910E949DDCFA4A32] - 30/03/2013 - 12:47:20 ---A- - C:\Windows\Prefetch\VLCSTREAMERSETUP_3.21.TMP-482433AA.pf O45 - LFCP:[MD5.1ED78FDACC0837788AC28EB4B78EBF6F] - 30/03/2013 - 12:47:21 ---A- - C:\Windows\Prefetch\VLCSTREAMERSETUP_3.21.TMP-C76C6796.pf O45 - LFCP:[MD5.A593A95098B5B7A28F7A5074AC2606F3] - 31/03/2013 - 14:49:15 ---A- - C:\Windows\Prefetch\RENAMER.EXE-8BC912B7.pf O45 - LFCP:[MD5.6ABDB876EF116054B2D9DE717D10C954] - 31/03/2013 - 18:26:09 ---A- - C:\Windows\Prefetch\SUMP.EXE-695C0780.pf O45 - LFCP:[MD5.84617E80087DDD8A3C5AA9129A74ED36] - 31/03/2013 - 18:27:28 ---A- - C:\Windows\Prefetch\SPNOTIFIER.EXE-54085D26.pf O45 - LFCP:[MD5.F92E081CED140A7B327B9FFCE7D147E6] - 31/03/2013 - 23:03:58 ---A- - C:\Windows\Prefetch\7ZFM.EXE-7C92DCA0.pf ~ Prefetcher: 190 Legitimates Scanned in 00mn 02s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Déni du service (Local Security Authority) (O48) ~ LSA: 9 Legitimates Scanned in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) ~ CBS: 17 Legitimates Scanned in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{afa35422-f0e3-11e1-8e2a-5404a6161ff1}\AutoRun\command. (...) -- F:\setup.exe (.not file.) O51 - MPSK:{afa3542d-f0e3-11e1-8e2a-5404a6161ff1}\AutoRun\command. (...) -- I:\setup.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) ~ TDSD: 2 Legitimates Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\Airytec Switch Off [Key] . (.Airytec - Airytec Switch Off.) -- C:\Program Files\Switch Off\swoff.exe O53 - SMSR:HKLM\...\startupreg\IntelPAN [Key] . (...) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Netcom [Key] . (...) -- C:\Program Files (x86)\Netcom\Netcom.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\NetWorx [Key] . (.SoftPerfect Research - NetWorx Application (64-bit).) -- C:\Program Files\NetWorx\networx.exe O53 - SMSR:HKLM\...\startupreg\Syncables [Key] . (.syncables, LLC - Syncables.) -- C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe O53 - SMSR:HKLM\...\startupreg\Trend Micro Titanium [Key] . (...) -- C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (.not file.) ~ SMSR Keys: 29 Legitimates Scanned in 00mn 01s ---\\ Microsoft Control Security Providers (O54) ~ MSCP: 2 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 17 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1 ~ MWPE Keys: 3 Legitimates Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.4F18D4C7EA14F11A7211F60D553C03DB] - 26/07/2012 - 06:00:49 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [106736] O58 - SDL:[MD5.9EAFB3B3B60B8AD958985152A9309ACA] - 29/07/2011 - 13:54:56 ---A- . (...) -- C:\Windows\System32\epmntdrv.sys [16776] O58 - SDL:[MD5.16E18CED459B1824234890386EE66CD5] - 21/09/2012 - 17:50:26 ---A- . (.http://libusb-win32.sourceforge.net - LibUSB-Win32 - Kernel Driver.) -- C:\Windows\SysWOW64\drivers\libusb0.sys [52832] O58 - SDL:[MD5.539CA34FBC74EC366A0D751028C32A08] - 29/07/2011 - 13:54:56 ---A- . (...) -- C:\Windows\SysWOW64\epmntdrv.sys [14216] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 03/04/2013 - 11:20:37 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\dlimagecache\22D569481717AB9D99185EA203860D2EFA04E29F [16980] O61 - LFC: 04/04/2013 - 00:48:06 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\dht.dat [111] O61 - LFC: 04/04/2013 - 00:48:06 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\rss.dat [99] O61 - LFC: 04/04/2013 - 09:31:17 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\dlimagecache\5001BA4455AEAF2A438BEF2EFCE04F6C1E060A35 [26026] O61 - LFC: 04/04/2013 - 14:49:34 ---A- C:\Users\Thibaut\AppData\Roaming\ASUS WebStorage\Logs\AWS-PickerHost.txt [0] O61 - LFC: 05/04/2013 - 10:16:48 ---A- C:\Users\Thibaut\AppData\Roaming\Nuance\PDF6\SPServers.dat [12] O61 - LFC: 05/04/2013 - 18:03:21 -SHA- C:\Users\Thibaut\Documents\Ecole\Thumbs.db [37376] O61 - LFC: 06/04/2013 - 12:07:50 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\dlimagecache\AE4B4BE47B5AFFB903B66C263041FC8B770CB965 [14513] O61 - LFC: 06/04/2013 - 12:09:34 ---A- C:\Users\Thibaut\AppData\Roaming\dvdcss\CACHEDIR.TAG [203] O61 - LFC: 06/04/2013 - 17:52:46 ---A- C:\Users\Thibaut\Downloads\Programmes\AdwCleaner.exe [613083] O61 - LFC: 06/04/2013 - 17:53:07 ---A- C:\Users\Thibaut\AppData\Roaming\DevEject\settings.dat [33003] O61 - LFC: 06/04/2013 - 17:56:36 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\settings.dat.old [204483] O61 - LFC: 06/04/2013 - 17:57:08 ---A- C:\Users\Thibaut\AppData\Roaming\Hobbyist Software\VLC Streamer\settings.json [750] O61 - LFC: 06/04/2013 - 17:57:16 ---A- C:\Users\Thibaut\AppData\Roaming\Hobbyist Software\VLC Streamer\Root\log.txt [2155] O61 - LFC: 06/04/2013 - 17:58:52 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\settings.dat [204483] O61 - LFC: 06/04/2013 - 18:06:46 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\dht_feed.dat.old [2] O61 - LFC: 06/04/2013 - 18:10:52 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\resume.dat.old [109786] O61 - LFC: 06/04/2013 - 18:11:48 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\dht_feed.dat [2] O61 - LFC: 06/04/2013 - 18:12:53 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\resume.dat [109912] O61 - LFC: 29/01/2002 - 12:09:44 ---A- C:\Users\Thibaut\Downloads\Programmes\compteur\_INST32I.EX_ [291594] ~ 14 Fichiers temporaires (Temporary files) ~ 1 Fichiers cookies (Cookies files) ~ Files: 367 Legitimates Scanned in 10mn 28s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) ~ FASS Keys: 19 Legitimates Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: prefs.js [Thibaut - qjvahjiy.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search"); ~ Keys: Scanned in 00mn 00s ---\\ Crack & Keygen Files (O82) C:\Users\Thibaut\Documents\Set up's\O&O Defrag Professional 15.0.107 (32-64Bits)+keygen\Keygen by zwt\keygen.exe C:\Users\Thibaut\Documents\Set up's\O&O Defrag Professional 15.0.107 (32-64Bits)+keygen\X64-setup.exe C:\Users\Thibaut\Documents\Set up's\O&O Defrag Professional 15.0.107 (32-64Bits)+keygen\X86-setup.exe C:\Users\Thibaut\Documents\Set up's\O&O Defrag Professional 15.0.107 (32-64Bits)+keygen\Keygen by zwt\keygen.exe C:\Users\Thibaut\Documents\Set up's\O&O Defrag Professional 15.0.107 (32-64Bits)+keygen\X64-setup.exe C:\Users\Thibaut\Documents\Set up's\O&O Defrag Professional 15.0.107 (32-64Bits)+keygen\X86-setup.exe D:\Téléchargement\Programmes\PhotoFiltre.Studio.X.10.7.0\Keygen\keygen.exe ~ Files: Scanned in 03mn 49s ---\\ Recherche des services démarrés par Svchost (O83) ~ Services: 35 Legitimates Scanned in 00mn 01s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.90E1D86D979B92738A47D7072CB22DA8] [SPRF][07/07/2010] (...) -- C:\ProgramData\FullRemove.exe [131472] [MD5.B28C334C03CEE7C5E829C43AE75DAE5A] [SPRF][28/01/2013] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\Thibaut\AppData\Local\Temp\AskSLib.dll [248008] [MD5.1624D43077BD715855F171F0C5045018] [SPRF][28/03/2013] (.Unity Technologies ApS - Unity Web Player Installer.) -- C:\Users\Thibaut\AppData\Local\Temp\UnityWebPlayer7429992054370323005.exe [643520] [MD5.2A6A01AB881E5BCBFB9709C536BF6518] [SPRF][11/02/2013] (...) -- C:\Users\Thibaut\AppData\Local\Temp\__PDFCORE_FMP.dat [169426] [MD5.56940B50AB0E5923822F47B0E4463885] [SPRF][26/06/2012] (.Bitdefender LLC - Bitdefender QuickScan.) -- C:\Windows\Downloaded Program Files\qsax.dll [731688] ~ Files: Scanned in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "UDP Query User{AAA802BE-1A04-4533-841C-E48542980A12}C:\program files (x86)\remote mouse\remotemouse.exe" | In - Public - P17 - TRUE | .(.RemoteMouse.net - Remote Mouse.) -- C:\program files (x86)\remote mouse\remotemouse.exe O87 - FAEL: "TCP Query User{DE29E0DE-BA62-4CA0-909D-682D66C551EB}C:\program files (x86)\remote mouse\remotemouse.exe" | In - Public - P6 - TRUE | .(.RemoteMouse.net - Remote Mouse.) -- C:\program files (x86)\remote mouse\remotemouse.exe O87 - FAEL: "{FAAC9DDC-11F4-49E4-ABCD-9F7D9D2F1333}" | In - Private - P17 - TRUE | .(.Melloware Inc - Intelliremote remote control replacement application.) -- C:\Program Files (x86)\Intelliremote\Intelliremote.exe O87 - FAEL: "{0B8A9E7F-C8DC-4C4E-B22D-CEEA70710061}" | In - Private - P6 - TRUE | .(.Melloware Inc - Intelliremote remote control replacement application.) -- C:\Program Files (x86)\Intelliremote\Intelliremote.exe O87 - FAEL: "{37EBC2CA-C2C9-4561-A63A-78E21C79F674}" |In - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\Remote Access Host\RemoteSoundServ.exe (.not file.) O87 - FAEL: "{2614A20C-0436-48AA-911A-CED27484F274}" |In - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\Remote Access Host\RemoteAH.exe (.not file.) O87 - FAEL: "{C3CFFF55-931E-468D-BDEF-02E578D381C7}" | In - Private - P17 - TRUE | .(.RemoteMouse.net - Remote Mouse.) -- C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe O87 - FAEL: "{8AB7AEB8-8D75-484B-9D91-80A8ACF9F936}" | In - Private - P6 - TRUE | .(.RemoteMouse.net - Remote Mouse.) -- C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe O87 - FAEL: "{D99290BB-3BD3-4DE8-8C60-0D51AC9D48EC}" | In - Private - P17 - TRUE | .(.RealVNC Ltd - VNC® Server.) -- C:\Program Files\RealVNC\VNC Server\vncserver.exe O87 - FAEL: "{98F80C95-51FD-4ED6-9D1C-5DFB62E2965D}" | In - Private - P6 - TRUE | .(.RealVNC Ltd - VNC® Server.) -- C:\Program Files\RealVNC\VNC Server\vncserver.exe O87 - FAEL: "{09E9D2C8-26DC-4817-994F-8215DAD4C8EC}" | In - None - P6 - TRUE | .(.Hobbyist Software - VLC Setup Helper.) -- C:\Program Files (x86)\VLC\VLC Setup Helper\VLC Setup Helper.exe O87 - FAEL: "UDP Query User{D8DC0AF5-47C5-47DC-A82F-B1DCB636EE31}C:\program files (x86)\compteur\compteurserveur.exe" |In - Private - P17 - FALSE | .(...) -- C:\program files (x86)\compteur\compteurserveur.exe (.not file.) O87 - FAEL: "TCP Query User{B5A88E66-CF0F-41DB-9C3B-C637F023BD1C}C:\program files (x86)\compteur\compteurserveur.exe" |In - Private - P6 - FALSE | .(...) -- C:\program files (x86)\compteur\compteurserveur.exe (.not file.) O87 - FAEL: "UDP Query User{0BB7A8E6-05BA-4142-AAEC-AD27C10585C7}D:\windows\games\fifa 13\game\fifa13.exe" |In - Private - P17 - TRUE | .(...) -- D:\windows\games\fifa 13\game\fifa13.exe (.not file.) O87 - FAEL: "TCP Query User{11435864-661F-4620-BB6D-3549DB4C147B}D:\windows\games\fifa 13\game\fifa13.exe" |In - Private - P6 - TRUE | .(...) -- D:\windows\games\fifa 13\game\fifa13.exe (.not file.) O87 - FAEL: "UDP Query User{345D1397-E5C8-4F35-9A05-7D329B29A1E8}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe O87 - FAEL: "TCP Query User{DAC5EEE5-BAC3-4FF0-BB53-ADAD0DDE04C8}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\program files (x86)\utorrent\utorrent.exe O87 - FAEL: "{196C0505-0AEE-4B3C-9A86-C863B283B9C6}" |In - Public - P17 - FALSE | .(...) -- D:\Games\FIFA 13\Game\fifa13.exe (.not file.) O87 - FAEL: "{56FA41B1-BF47-4112-AE1F-966D188F3E34}" |In - Public - P6 - FALSE | .(...) -- D:\Games\FIFA 13\Game\fifa13.exe (.not file.) O87 - FAEL: "{23E73A07-A9A7-495B-A473-7C22BA1E9D32}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Vuze\Azureus.exe (.not file.) O87 - FAEL: "{26299A3A-55E1-4975-A050-A408CB07CEC9}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Vuze\Azureus.exe (.not file.) O87 - FAEL: "UDP Query User{08DB4911-6FC6-4E50-BCBC-668F67E17EF8}D:\games\fifa 12\game\fifa.exe" |In - Private - P17 - TRUE | .(...) -- D:\games\fifa 12\game\fifa.exe (.not file.) O87 - FAEL: "TCP Query User{60D93063-4092-4260-ABF8-F3BAF904E980}D:\games\fifa 12\game\fifa.exe" |In - Private - P6 - TRUE | .(...) -- D:\games\fifa 12\game\fifa.exe (.not file.) O87 - FAEL: "{B3C7D012-2226-4907-8327-294DE43F522A}" |In - Private - P17 - FALSE | .(...) -- D:\Games\SplitSecond\SplitSecond.exe (.not file.) O87 - FAEL: "{AE562B89-8764-4E38-ABB2-CC426789E5EC}" |In - Private - P6 - FALSE | .(...) -- D:\Games\SplitSecond\SplitSecond.exe (.not file.) O87 - FAEL: "UDP Query User{201F5E89-4182-4D3E-A01D-91EFBCC63975}D:\games\crysis2\bin32\crysis2.exe" |In - Private - P17 - TRUE | .(...) -- D:\games\crysis2\bin32\crysis2.exe (.not file.) O87 - FAEL: "TCP Query User{7BB49467-9E13-4373-99BE-180BA5E15AA4}D:\games\crysis2\bin32\crysis2.exe" |In - Private - P6 - TRUE | .(...) -- D:\games\crysis2\bin32\crysis2.exe (.not file.) O87 - FAEL: "UDP Query User{2DD5400C-03B4-44C4-8B4A-7D2BCD17BB65}D:\games\mass effect 3\binaries\win32\masseffect3.exe" |In - Public - P17 - TRUE | .(...) -- D:\games\mass effect 3\binaries\win32\masseffect3.exe (.not file.) O87 - FAEL: "TCP Query User{13C38BF8-8A8B-440A-BCC5-02ADAB6E3B11}D:\games\mass effect 3\binaries\win32\masseffect3.exe" |In - Public - P6 - TRUE | .(...) -- D:\games\mass effect 3\binaries\win32\masseffect3.exe (.not file.) O87 - FAEL: "UDP Query User{9749EA3D-4593-4A1A-8FFB-9629B293AFE8}C:\windows\kmsemulator.exe" | In - Private - P17 - TRUE | .(...) -- C:\windows\kmsemulator.exe O87 - FAEL: "TCP Query User{83DB4406-A33F-4AAD-A60F-54861922A744}C:\windows\kmsemulator.exe" | In - Private - P6 - TRUE | .(...) -- C:\windows\kmsemulator.exe O87 - FAEL: "{D79A89ED-68D3-4573-AF54-DA75A56260BF}" |In - Domain - P17 - FALSE | .(...) -- D:\Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.94\deploy\LoLLauncher.exe (.not file.) O87 - FAEL: "{DBE0ED66-00D4-4BE6-A838-1CBA5F44F268}" |In - Domain - P6 - FALSE | .(...) -- D:\Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.94\deploy\LoLLauncher.exe (.not file.) O87 - FAEL: "{AE18FCCE-C145-4568-A85F-DC061F1B6D07}" |In - Private - P17 - TRUE | .(...) -- D:\Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.94\deploy\LoLLauncher.exe (.not file.) O87 - FAEL: "{FD91F085-95E2-42BF-9415-63C3B67A750D}" |In - Private - P6 - TRUE | .(...) -- D:\Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.94\deploy\LoLLauncher.exe (.not file.) O87 - FAEL: "{2D6F0D33-7919-4DD9-8F89-E4AAB67C09A8}" | In - Domain - P17 - FALSE | .(...) -- D:\Games\League of Legends\lol.launcher.admin.exe O87 - FAEL: "{89CB58A7-376C-435C-A584-66F512381E53}" | In - Domain - P6 - FALSE | .(...) -- D:\Games\League of Legends\lol.launcher.admin.exe O87 - FAEL: "{B9342210-413B-40CF-8FF7-039C7A569A50}" | In - Private - P17 - TRUE | .(...) -- D:\Games\League of Legends\lol.launcher.admin.exe O87 - FAEL: "{6EDC4874-A9FF-49D6-B6DE-8CBAD22FB77C}" | In - Private - P6 - TRUE | .(...) -- D:\Games\League of Legends\lol.launcher.admin.exe O87 - FAEL: "{9CE8DF06-0385-41FE-A08E-EC7728CEFE18}" | In - Domain - P17 - FALSE | .(...) -- D:\Games\League of Legends\lol.launcher.exe O87 - FAEL: "{98AC0C28-5981-4FB7-B302-DBA87E0ADFF4}" | In - Domain - P6 - FALSE | .(...) -- D:\Games\League of Legends\lol.launcher.exe O87 - FAEL: "{DEE65CE2-C9E5-4261-9E90-D73664C16328}" | In - Private - P17 - TRUE | .(...) -- D:\Games\League of Legends\lol.launcher.exe O87 - FAEL: "{68DD03B1-1AD5-4942-BC45-9BA04C5A5E80}" | In - Private - P6 - TRUE | .(...) -- D:\Games\League of Legends\lol.launcher.exe O87 - FAEL: "{B0791DB1-3108-4A24-A5CA-E907FD17837D}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Users\Thibaut\Documents\Set up's\uTorrent.exe O87 - FAEL: "{4F721CA4-CB1E-43A7-A2F2-2CCE5CFF0433}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\Users\Thibaut\Documents\Set up's\uTorrent.exe O87 - FAEL: "UDP Query User{637C4E98-D8DE-45C2-94FB-4B18431A9E2B}C:\users\thibaut\documents\set up's\utorrent.exe" | In - Private - P17 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\users\thibaut\documents\set up's\utorrent.exe O87 - FAEL: "TCP Query User{AC31F2D7-A356-4FB1-8448-3BB5A2B089CD}C:\users\thibaut\documents\set up's\utorrent.exe" | In - Private - P6 - TRUE | .(.BitTorrent, Inc. - µTorrent.) -- C:\users\thibaut\documents\set up's\utorrent.exe O87 - FAEL: "{9CC0DA2F-0639-47DA-9E8F-1A0035B46F1D}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\NetXfer\NetTransport.exe (.not file.) O87 - FAEL: "{1DA71494-33E7-4540-898D-59C71CE8F9E2}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\NetXfer\NetTransport.exe (.not file.) O87 - FAEL: "{B2D14429-8725-45F7-935F-5EDF311DA4DC}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\NetXfer\FTPTransport.exe (.not file.) O87 - FAEL: "{5E0790E5-146A-44A0-B214-33111951EAEC}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\NetXfer\FTPTransport.exe (.not file.) O87 - FAEL: "TCP Query User{183F2B1F-0A67-42B0-93FB-7F16D0B1A27F}C:\program files (x86)\greedytorrent\gtor.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\greedytorrent\gtor.exe O87 - FAEL: "UDP Query User{5EDC52FE-440D-4E9B-87A6-00394985BEE9}C:\program files (x86)\greedytorrent\gtor.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\greedytorrent\gtor.exe O87 - FAEL: "{20FBF847-15E2-4EC7-9424-C3CD2030E840}" | In - None - P17 - TRUE | .(.Hobbyist Software - VLC Streamer Configuration.) -- C:\Program Files (x86)\VLC Streamer\VLC Streamer Configuration.exe ~ Firewall: 329 Legitimates Scanned in 00mn 06s ---\\ Scan Additionnel (O88) Database Version : v2.11459 - (05/04/2013) Clés trouvées (Keys found) : 4 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 1 [HKLM\Software\Wow6432Node\InstallIQ] =>Toolbar.Agent [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing C:\Program Files (x86)\YouTube Downloader =>PUP.Dealio C:\ProgramData\YouTube Downloader =>PUP.Dealio C:\Windows\KMSEmulator.exe =>Hijacker.Windows ~ Additionnel: Scanned in 00mn 15s ---\\ Product Upgrade Codes (O90) O90 - PUC: "680EFFAD50A61F64093A5E5C41AA207D" . (.Dev Eject.) -- C:\WINDOWS\Installer\{DAFFE086-6A05-46F1-90A3-E5C514AA02D7}\deveject.ico ~ Update Products: 275 Legitimates Scanned in 00mn 00s ---\\ MyComputer Name Space (O92) ~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 04/03/2011 379520 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe SR - | Auto 15/12/2009 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe SR - | Auto 30/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SS - | Demand 10/10/2012 277024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SS - | Auto 13/04/2011 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 13/04/2011 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 13/04/2011 182768 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 19/02/2011 118784 | (Intelliservice) . (.Melloware Inc.) - C:\Program Files (x86)\Intelliremote\Intelliservice.exe SR - | Demand 20/02/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 28/10/2012 427976 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe SR - | Auto 14/12/2012 398184 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe SS - | Auto 14/12/2012 682344 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe SS - | Demand 08/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Disabled 02/10/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe SS - | Auto 30/08/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 17/11/2011 3273552 | (OODefragAgent) . (.O&O Software GmbH.) - C:\Program Files\OO Software\Defrag\oodag.exe SS - | Auto 2159352 | (OS Selector) . (...) - C:\Program Files (x86)\DiskDirector\OSS\reinstall_svc.exe SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe SS - | Auto 31/10/2010 179712 | (SwOffScheduler) . (.Airytec.) - C:\Program Files\Switch Off\swoff.exe SS - | Auto 31/10/2010 179712 | (SwOffWeb) . (.Airytec.) - C:\Program Files\Switch Off\swoff.exe SR - | Auto 17/04/2010 134928 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe SS - | Demand 02/10/2012 4773768 | (vncserver) . (.RealVNC Ltd.) - C:\Program Files\RealVNC\VNC Server\vncserver.exe SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 03s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by Thibaut at 06/04/2013 19:25:04 device: opened successfully user: error reading MBR Disk trace: error: Read Descripteur non valide kernel: error reading MBR ~ MBR: 9 Legitimates Scanned in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Thibaut at 06/04/2013 19:25:06 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 2060 Legitimates filtered by white list End of the scan (791 lines in 16mn 42s)(7)