Rapport de ZHPDiag v2013.4.21.127 par Nicolas Coolman, Update du 21/04/2013 Run by Jordy at 22/04/2013 15:33:45 State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Deactivate by user ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 15.0.1 GCIE: Google Chrome v26.0.1410.64 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 7QJB7 Windows License : OK ~ Windows Remaining Initializations Number : 2 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Security Client v4.2.0223.1 Windows Defender W7 ---\\ System Optimizer CCleaner v3.23 ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 21 ---\\ System Information ~ Processor: AMD64 Family 18 Model 1 Stepping 0, AuthenticAMD ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3562 MB (39% free) System Restore: Activé (Enable) System drive C: has 277 GB (61%) free of 450 GB ---\\ Logged in mode ~ Computer Name: ACERASPIRE7560G ~ User Name: Jordy ~ All Users Names: Mcx1-ACERASPIRE7560G, Jordy, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\Jordy\AppData\Roaming\ ~ %Desktop% : C:\Users\Jordy\Desktop\ ~ %Favorites% : C:\Users\Jordy\Favorites\ ~ %LocalAppData% : C:\Users\Jordy\AppData\Local\ ~ %StartMenu% : C:\Users\Jordy\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 277 Go of 450 Go) D:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoClose: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.14/07/2011 - 06:30:29.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.FA274190682AA41A46B285208ED46A74] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/02/2013 - 07:47:19.) -- C:\Windows\System32\wininet.dll [1392128] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.21/11/2010 - 04:24:29.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.21/11/2010 - 04:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/07/2011 - 06:33:59.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 04:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.31/08/2012 - 19:19:35.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 04:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 04:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/11/2010 - 04:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/4 ~ Mes musiques (My Musics) : 17/171 ~ Mes Videos (My Videos) : 1/4 ~ Mes Favoris (My Favorites) : 1/19 ~ Mes Documents (My Documents) : 1/34 ~ Mon Bureau (My Desktop) : 1/26210 ~ Menu demarrer (Programs) : 1/48 ~ Hidden Files: Scanned in 00mn 24s ---\\ Processus lancés [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2236] [MD5.D5D8D0D64F410B9F05E2BC00EC92EFC2] - (.CyberLink Corp. - clear.fi Resident Program.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [120104] [PID.3468] [MD5.4611572CFCF1B4EED470582D3FAC88A7] - (.Microsoft Corporation - Microsoft LifeCam Device Application.) -- C:\Windows\vVX1000.exe [762224] [PID.3276] [MD5.61B6FB932CF78CAB7A1EF9F118A1A38E] - (.CyberLink - DMREngine.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [169352] [PID.3592] [MD5.AAB979089E192ACC0FE1E3C018F8B591] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Jordy\AppData\Local\Akamai\netsession_win.exe [4480768] [PID.3956] [MD5.7E4AD8220AF0B281274F9785DD53E25C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024] [PID.4804] [MD5.0D360F06B168A6F37ACA9D9F958245DA] - (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280] [PID.4372] [MD5.D474767D4805CEF801AF6D4AEED1F9E3] - (.CyberLink Corp. - clear.fi Movie Resident Program.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448] [PID.4556] [MD5.AD8BD96B41C40AC36D803DF267B26EF0] - (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2254768] [PID.4196] [MD5.81800928E0F713DF31F3393CC26F4013] - (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952] [PID.4512] [MD5.523AF55BD9280CF296653912EF75DD0B] - (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601976] [PID.5068] [MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.4724] [MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1312720] [PID.4104] [MD5.2D9A1A43307EC9BB267BE9F90B4AF0D5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6936576] [PID.6068] [MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1944] [MD5.D9BD54860A00FE88B660D26E66EB075A] - (.BlueStack Systems, Inc. - BlueStacks Log Rotator Service.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384888] [PID.1368] [MD5.9DD3A22F804697606C2B7FF9E912FF6B] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [353360] [PID.1908] [MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456] [PID.1888] [MD5.93B73DED2BC688F140C6AE2FBAD45789] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376] [PID.1464] [MD5.21ACFD2B4BF6C0F4D9080A437E400E88] - (.Dritek System Inc. - Launch Manager utility process.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe [418896] [PID.2092] [MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2112] [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2132] [MD5.1873214666F6F0A883742DF91FBC48C9] - (.NTI Corporation - Backup Manager Module.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832] [PID.2180] [MD5.6B1B2F8D62D606B200C2072564090104] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [3560288] [PID.2328] [MD5.173BBAE8027339608CBD5C5369BCDDDD] - (.BlueStack Systems, Inc. - BlueStacks Service.) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe [393080] [PID.2684] [MD5.8319754775B1B890189A7EE28F094840] - (.BlueStack Systems - BlueStacks Network Helper Process.) -- C:\Program Files (x86)\BlueStacks\HD-Network.exe [376696] [PID.2492] [MD5.D554334E42962E07D8EE72398FA03368] - (.BlueStack Systems - BlueStacks Block Device Helper Process.) -- C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe [260472] [PID.2964] [MD5.40F10A427CB6F607F8222AF691C87FEB] - (.BlueStack Systems - BlueStacks Shared Folder Helper Process.) -- C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe [366456] [PID.2868] ~ Processes Running: Scanned in 00mn 02s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Jordy\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] None ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Jordy\AppData\Roaming\Mozilla\Firefox\Profiles\hc5yo5kr.default\prefs.js M2 - MFEP: prefs.js [Jordy - hc5yo5kr.default\crossriderapp3847@crossrider.com] [] Color My Facebook v (..) =>PUP.CrossRider M2 - MFEP: prefs.js [Jordy - hc5yo5kr.default\OneClickDownload@OneClickDownload.com] [] OneClickDownloader v1.1 (..) P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll ~ Firefox Browser: 34 Legitimates Filtered in 00mn 01s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 ~ IE Browser: 15 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 42 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Claro LTD Helper Object [64Bits] - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} . (.Montera Technologeis LTD - Pas de description.) -- C:\Program Files (x86)\Claro LTD\claro\1.8.3.10\bh\claro.dll O2 - BHO: CrossriderApp0003847 [64Bits] - {11111111-1111-1111-1111-110011381147} . (.Duval - Color My Facebook BHO.) -- C:\Program Files (x86)\Color My Facebook\Color My Facebook.dll =>PUP.CrossRider O2 - BHO: TBSB04240 [64Bits] - {4F37A8FE-00B3-430F-85AA-F97F12E8B651} . (.Pas de propriétaire - IE Toolbar Engine.) -- C:\Program Files (x86)\Force Download Toolbar\tbunsm6E9C.tmp\tbcore3.dll O2 - BHO: AMD SteadyVideo BHO [64Bits] - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} . (.Advanced Micro Devices - This plugin allows the user to turn AMD Ste.) -- C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll ~ BHO: 10 Legitimates Filtered in 00mn 01s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe (.not file.) O4 - HKLM\..\Run: [Power Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe O4 - HKLM\..\Run: [VX1000] . (.Microsoft Corporation - Microsoft LifeCam Device Application.) -- C:\Windows\vVX1000.exe O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe O4 - HKLM\..\Run: [RtHDVBg_Dolby] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Jordy\AppData\Local\Akamai\netsession_win.exe O4 - HKCU\..\Run: [Xvid] . (...) -- C:\Program Files (x86)\Xvid\CheckUpdate.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - HKCU\..\Run: [HP Photosmart 7520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Jordy\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [Clownfish] Clé orpheline O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe O4 - HKLM\..\Wow6432Node\Run: [SuiteTray] . (.Egis Technology Inc. - SuiteTray.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe O4 - HKLM\..\Wow6432Node\Run: [ArcadeMovieService] . (.CyberLink Corp. - clear.fi Movie Resident Program.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe O4 - HKLM\..\Wow6432Node\Run: [DivXUpdate] . (.Pas de propriétaire - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe O4 - HKLM\..\Wow6432Node\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exe O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Wow6432Node\Run: [WsmUpdater] . (.Web Solution Mart - Updater.) -- C:\Program Files (x86)\Web Solution Mart\Fake Webcam Codecs Pack\Updater.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe O4 - HKUS\S-1-5-18\..\Run: [TELEPHONESURPCAGENT] C:\Program Files (x86)\Orange\Telephone sur PC\TelephoneSurPCAgent.exe (.not file.) O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\Run: [TELEPHONESURPCAGENT] C:\Program Files (x86)\Orange\Telephone sur PC\TelephoneSurPCAgent.exe (.not file.) O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [TELEPHONESURPCAGENT] C:\Program Files (x86)\Orange\Telephone sur PC\TelephoneSurPCAgent.exe (.not file.) O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe O4 - HKUS\S-1-5-21-2056384228-3841943728-1353220323-1000\..\Run: [AdobeBridge] Clé orpheline O4 - HKUS\S-1-5-21-2056384228-3841943728-1353220323-1000\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Jordy\AppData\Local\Akamai\netsession_win.exe O4 - HKUS\S-1-5-21-2056384228-3841943728-1353220323-1000\..\Run: [Xvid] . (...) -- C:\Program Files (x86)\Xvid\CheckUpdate.exe O4 - HKUS\S-1-5-21-2056384228-3841943728-1353220323-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - HKUS\S-1-5-21-2056384228-3841943728-1353220323-1000\..\Run: [HP Photosmart 7520 series (NET)] . (.Hewlett-Packard Co. - ScanToPCActivationApp.) -- C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe O4 - HKUS\S-1-5-21-2056384228-3841943728-1353220323-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Jordy\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-2056384228-3841943728-1353220323-1000\..\Run: [Clownfish] Clé orpheline ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Microsoft SkyDrive.lnk . (.Microsoft Corporation - Microsoft SkyDrive Setup.) -- C:\Program Files (x86)\Microsoft SkyDrive\SkyDriveSetup.exe O4 - GS\QuickLaunch: Dofus.lnk . (...) -- C:\Program Files (x86)\Dofus\UpLauncher.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\Desktop: Dofus.lnk . (...) -- C:\Program Files (x86)\Dofus\UpLauncher.exe O4 - GS\Desktop: Dofus2.lnk . (...) -- C:\Program Files (x86)\Dofus2.0\app\UpLauncher.exe O4 - GS\Desktop: Dofus2Beta.lnk . (...) -- C:\Program Files (x86)\Dofus2Beta\app\UpLauncher.exe O4 - GS\Desktop: Free AVI to MP4 Converter.lnk . (...) -- C:\Program Files (x86)\DoremiSoft\Free AVI to MP4 Converter\DoremiSoftFreeware.exe (.not file.) O4 - GS\Desktop: PhotoFiltre Studio X.lnk . (.PhotoFiltre - PhotoFiltre Studio X.) -- C:\Program Files (x86)\PhotoFiltre Studio X\pfstudiox.exe O4 - GS\Desktop: SkyFall 2.0.lnk . (...) -- C:\Users\Jordy\Desktop\SkyfullLauncher.exe (.not file.) O4 - GS\TaskBar: ALLCapture Entreprise 3.0.lnk . (.balesio GmbH & Co. KG - ALLCapture Enterprise.) -- C:\Program Files (x86)\ALLCapture Enterprise 3.0\ALLCapture.exe O4 - GS\TaskBar: CamStudio.lnk . (...) -- C:\Program Files (x86)\CamStudio\Recorder.exe O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar: Skype.lnk . (...) -- C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe O4 - GS\TaskBar: TeamSpeak 3 Client.lnk . (...) -- C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win64.exe (.not file.) O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\TaskBar: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Programs: Microsoft SkyDrive.lnk . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Jordy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe O4 - GS\Programs: RuneScape.lnk . (...) -- C:\Users\Jordy\jagexcache\jagexlauncher\bin\JagexLauncher.exe O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Sothink SWF Quicker.lnk . (.SourceTec - Sothink SWF Quicker.) -- C:\Program Files (x86)\SourceTec\Sothink SWF Quicker\SWFQuicker.exe O4 - GS\QuickLaunch: SplitCam.lnk . (.SplitCam Co. - SplitCam Stream Splitter.) -- C:\Program Files (x86)\SplitCam\SplitCam.exe O4 - GS\QuickLaunch: WampServer.lnk . (.Aestan Software - Aestan Tray Menu.) -- C:\wamp\wampmanager.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - GS\Desktop: Adobe After Effects CS6.lnk . (...) -- C:\Program Files (x86)\Adobe\Adobe After Effects CS6\Support Files\AfterFX.exe (.not file.) O4 - GS\Desktop: Adobe Photoshop CS6 (64 Bit).lnk . (...) -- C:\Program Files (x86)\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe (.not file.) O4 - GS\Desktop: ALLCapture Entreprise 3.0.lnk . (.balesio GmbH & Co. KG - ALLCapture Enterprise.) -- C:\Program Files (x86)\ALLCapture Enterprise 3.0\ALLCapture.exe O4 - GS\Desktop: Alliance of Valiant Arms.lnk . (.Aeria Games & Entertainment - Ignite Launcher.) -- C:\AeriaGames\AVA\aeria_launcher.exe O4 - GS\Desktop: Apps.lnk . (...) -- C:\Users\Public\Libraries\Apps.library-ms O4 - GS\Desktop: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) -- C:\Program Files (x86)\Audacity\audacity.exe O4 - GS\Desktop: CamStudio.lnk . (...) -- C:\Program Files (x86)\CamStudio\Recorder.exe O4 - GS\Desktop: Camtasia Studio 7.lnk . (.TechSmith Corporation - Camtasia Studio.) -- C:\Program Files (x86)\TechSmith\Camtasia Studio 7\CamtasiaStudio.exe O4 - GS\Desktop: CCleaner.lnk . (...) -- C:\Program Files (x86)\CCleaner\CCleaner64.exe (.not file.) O4 - GS\Desktop: Cheat Engine.lnk . (...) -- C:\Program Files (x86)\Cheat Engine 6.1\Cheat Engine.exe O4 - GS\Desktop: clear.fi Tutorial.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - GS\Desktop: clear.fi.lnk . (.Acer Incorporated - clear.fi.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe O4 - GS\Desktop: Clownfish.lnk . (.Bogdan Sharkov - Clownfish for Skype.) -- C:\Program Files (x86)\Clownfish\Clownfish.exe O4 - GS\Desktop: CommView.lnk . (.TamoSoft - CommView Packet Analyzer.) -- C:\Program Files (x86)\CommView\cv.exe O4 - GS\Desktop: CyberGhost VPN.lnk . (...) -- C:\Program Files (x86)\CyberGhost VPN\CyberGhost.exe (.not file.) O4 - GS\Desktop: Defraggler.lnk . (...) -- C:\Program Files (x86)\Defraggler\Defraggler64.exe (.not file.) O4 - GS\Desktop: DivX Movies.lnk . (...) -- C:\Users\Jordy\Videos\DivX Movies O4 - GS\Desktop: DivX Plus Converter.lnk . (.DivX, Inc. - DivX Converter.) -- C:\Program Files (x86)\DivX\DivX Plus Converter\DivXConverterLauncher.exe O4 - GS\Desktop: DivX Plus Player.lnk . (...) -- C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe O4 - GS\Desktop: Démarrer la détection.lnk . (...) -- C:\Program Files (x86)\ma-config.com\x64\MCDetection.exe (.not file.) O4 - GS\Desktop: EasyScan.lnk . (.Micromega Software System - Logiciel d'acquisition d'images par scanner.) -- C:\Program Files (x86)\EasyScan\EasyScan.exe O4 - GS\Desktop: Elsword.lnk . (...) -- C:\Program Files (x86)\Gameforge4D\Elsword_FR\elsword.exe O4 - GS\Desktop: Fake Webcam 7.3.lnk . (.Web Solution Mart - Pas de description.) -- C:\Program Files (x86)\Fake Webcam 7.3\7.3.0.0\FakeWebcam.exe O4 - GS\Desktop: Fraps.lnk . (.Beepa P/L - Fraps.) -- C:\Fraps\fraps.exe O4 - GS\Desktop: Game Booster 3.lnk . (.IObit - Game Booster.) -- C:\Program Files (x86)\IObit\Game Booster 3\GameBooster.exe O4 - GS\Desktop: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\Desktop: HP Photosmart 7520 series.lnk . (...) -- C:\Program Files (x86)\HP\HP Photosmart 7520 series\Bin\HP Photosmart 7520 series.exe (.not file.) O4 - GS\Desktop: Jouer à League of Legends.lnk . (...) -- C:\Riot Games\League of Legends\lol.launcher.exe O4 - GS\Desktop: LogMeIn Hamachi.lnk . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe O4 - GS\Desktop: MappyPlus.lnk . (...) -- C:\Windows\Installer\{A62CDADB-9A49-47F5-9ECE-2B2F0C5608DE}\app_icon.ico O4 - GS\Desktop: MBRCheck.lnk . (...) -- C:\Program Files (x86)\ZHPDiag\mbrcheck.exe O4 - GS\Desktop: Metin2.lnk . (...) -- C:\Program Files (x86)\Metin2\metin2.exe O4 - GS\Desktop: MouseServer.lnk . (.wifimouse.necta.us - MouseServer.) -- C:\Program Files (x86)\MouseServer\MouseServer.exe O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Desktop: Mumble.lnk . (.Thorvald Natvig - Mumble - Low-latency VoIP client.) -- C:\Program Files (x86)\Mumble\mumble.exe O4 - GS\Desktop: Musique XBOX.lnk . (...) -- C:\Users\Jordy\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms O4 - GS\Desktop: My Radiomatisme.lnk . (...) -- C:\Program Files (x86)\My Radiomatisme\My Radiomatisme.exe (.not file.) O4 - GS\Desktop: Navicat Lite.lnk . (.PremiumSoft CyberTech Ltd. - Navicat.) -- C:\Program Files (x86)\PremiumSoft\Navicat Lite 8.2\navicat.exe O4 - GS\Desktop: OpenOffice.org 3.4.1.lnk . (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe O4 - GS\Desktop: Ordinateur.lnk - Clé orpheline O4 - GS\Desktop: PhotoFiltre 7.lnk . (.Antonio Da Cruz - PhotoFiltre.) -- C:\Program Files (x86)\PhotoFiltre 7\PhotoFiltre7.exe O4 - GS\Desktop: Pinnacle Studio 15.lnk . (.Pinnacle Systems - Studio program file.) -- C:\Program Files (x86)\Pinnacle\Studio 15\Programs\Studio.exe O4 - GS\Desktop: Rappelz.lnk . (...) -- C:\Program Files (x86)\gPotato.eu\Rappelz\Launcher.exe (.not file.) O4 - GS\Desktop: Razer Game Booster.lnk . (.Razer USA Ltd - Game Booster.) -- C:\Program Files (x86)\Razer\Razer Game Booster\GameBooster.exe O4 - GS\Desktop: Recuva.lnk . (.Piriform Ltd - Recuva.) -- C:\Program Files\Recuva\recuva64.exe O4 - GS\Desktop: Skype.lnk . (...) -- C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe O4 - GS\Desktop: Sothink SWF Quicker.lnk . (.SourceTec - Sothink SWF Quicker.) -- C:\Program Files (x86)\SourceTec\Sothink SWF Quicker\SWFQuicker.exe O4 - GS\Desktop: SplitCam.lnk . (.SplitCam Co. - SplitCam Stream Splitter.) -- C:\Program Files (x86)\SplitCam\SplitCam.exe O4 - GS\Desktop: Start BlueStacks.lnk . (.BlueStack Systems, Inc. - BlueStacks StartLauncher.) -- C:\Program Files (x86)\BlueStacks\HD-StartLauncher.exe O4 - GS\Desktop: TeamSpeak 3 Client.lnk . (...) -- C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win64.exe (.not file.) O4 - GS\Desktop: TeamViewer 8.lnk . (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe O4 - GS\Desktop: Vegas Pro 12.0 (64-bit).lnk . (...) -- C:\Program Files (x86)\Sony\Vegas Pro 12.0\vegas120.exe (.not file.) O4 - GS\Desktop: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe O4 - GS\Desktop: Windows Live Messenger.lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe O4 - GS\Desktop: Windows Movie Maker 2.6.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Windows\Installer\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}\MOVIEMK.exe O4 - GS\Desktop: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe ~ Global Startup: Scanned in 00mn 06s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.) O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.) ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{FC9E2CEB-2AB1-427E-8806-1C52A6173464}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\..\{FC9E2CEB-2AB1-427E-8806-1C52A6173464}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{FC9E2CEB-2AB1-427E-8806-1C52A6173464}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{FC9E2CEB-2AB1-427E-8806-1C52A6173464}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{FC9E2CEB-2AB1-427E-8806-1C52A6173464}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{FC9E2CEB-2AB1-427E-8806-1C52A6173464}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: video/x-flv [64Bits] - {20C75730-7C25-476B-95DC-C65810F9E489} . (.Advanced Micro Devices - MIME Video Detector for IE.) -- C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GBoxUpdaterTask{4E9524AB-C047-4054-A5D2-CA79C00C72E6}.job [358] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\One-Click Tweak.job [524] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\OptimizerPro1UpdaterTask{1F0EA5D9-D02F-450C-BA5E-07F84C65F384}.job [412] =>PUP.OptimizerPro O39 - APT:Automatic Planified Task - C:\Windows\Tasks\WxDFastUpdaterTask{74A7DEB5-815C-4ABB-BA98-A87BF66B1848}.job [376] [MD5.00000000000000000000000000000000] [APT] [GBoxUpdaterTask{4E9524AB-C047-4054-A5D2-CA79C00C72E6}] (...) -- C:\ProgramData\Premium\GBox\GBox.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [One-Click Tweak] (...) -- C:\Program Files (x86)\Advanced PC Tweaker\OneClick.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [OptimizerPro1UpdaterTask{1F0EA5D9-D02F-450C-BA5E-07F84C65F384}] (...) -- C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe (.not file.) [0] =>PUP.OptimizerPro [MD5.2D83CA7E5653054832FCCB3C5D43563C] [APT] [Updater3847.exe] (.Duval.) -- C:\Users\Jordy\AppData\Local\Updater3847\Updater3847.exe [208472] [MD5.00000000000000000000000000000000] [APT] [WxDFastUpdaterTask{74A7DEB5-815C-4ABB-BA98-A87BF66B1848}] (...) -- C:\ProgramData\Premium\WxDFast\WxDFast.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [YourFile Update] (...) -- C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{1EC6949D-9778-4D1C-A494-EAE52C6D6C42}] (...) -- C:\Program Files (x86)\Shiva-Rappelz\Shiva-Rappelz.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{325D22FD-CCF4-4762-ACE7-A57427EDEC4F}] (...) -- C:\Program Files (x86)\Shiva-Rappelz\Shiva-Rappelz.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{4A5998E1-D795-4616-9905-F076C117E409}] (...) -- D:\Driver\PCLEUSBHardwareInstall.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{4D22294F-D148-4EAB-9594-16B66598BF25}] (...) -- C:\Users\Jordy\Desktop\Dofus\Uninstall.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{550D729F-14D1-4E13-B9E9-97B4FB25FBCF}] (...) -- C:\Program Files (x86)\Shiva-Rappelz\Shiva-Rappelz.exe (.not file.) [0] [MD5.97B8D8E32C82A4F1D6456F3CAA408870] [APT] [{74312921-F594-4B7F-AD54-AD1A1F7E96D4}] (...) -- C:\Program Files (x86)\Dofus\Dofus.exe [415232] [MD5.00000000000000000000000000000000] [APT] [{AE61C994-5A6E-4A2F-83D1-27722D204469}] (...) -- C:\Users\Jordy\Desktop\Drivers\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{C5D68805-61AE-47F5-A697-CAC0DB54ECE7}] (...) -- C:\Users\Jordy\Desktop\Dofus\Uninstall.exe (.not file.) [0] [MD5.97B8D8E32C82A4F1D6456F3CAA408870] [APT] [{C7B854B1-DE89-4ABE-BC18-881642FD15BF}] (...) -- C:\Program Files (x86)\Dofus\Dofus.exe [415232] [MD5.00000000000000000000000000000000] [APT] [{CA495056-FD1D-4EED-A4CA-9933B9B75968}] (...) -- D:\Driver\PCLEBendPCI.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{CE396EE6-9D41-47F2-BF4F-630A151EA02B}] (...) -- C:\Users\Jordy\Desktop\Drivers\Nouveau dossier\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{CF16B676-A2AA-4C41-A77E-4E202AB8053C}] (...) -- D:\Driver\DC10plusHardwareInstall_East.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{CF8E9130-0280-40DD-BC8E-6BD7284AF09D}] (...) -- C:\Users\Jordy\Desktop\Installateur.exe (.not file.) [0] ~ Scheduled Task: 45 Legitimates Filtered in 00mn 08s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (TsVp) . (.TamoSoft - CommView Pid Driver for Vista/2008/W7 x64.) - C:\Windows\System32\DRIVERS\tsvp.sys ~ Drivers: 72 Legitimates Filtered in 00mn 01s ---\\ Logiciels installés (O42) O42 - Logiciel: 3.4.0.9271.1 - (...) [HKLM][64Bits] -- Adobe flex sdk redistributed by sothink_is1 O42 - Logiciel: ActivePerl 5.16.1 Build 1601 (64-bit) - (.ActiveState.) [HKLM][64Bits] -- {653D48F0-098C-45C1-8267-86EA7B9D0EDB} O42 - Logiciel: Akamai NetSession Interface - (.Akamai Technologies, Inc.) [HKCU][64Bits] -- Akamai O42 - Logiciel: Alliance of Valiant Arms - (...) [HKLM][64Bits] -- Alliance of Valiant Arms O42 - Logiciel: Antares Autotune Evo VST RTAS v6.0.9 - (...) [HKLM][64Bits] -- Antares Autotune Evo VST RTAS_is1 O42 - Logiciel: Claro LTD toolbar - (.Claro LTD.) [HKLM][64Bits] -- claro O42 - Logiciel: CommView - (.TamoSoft.) [HKLM][64Bits] -- {70C4E840-DAB4-11DF-5F90-014727066952} O42 - Logiciel: Ecstazy version 1.29 - (.Ecstazy, Inc..) [HKLM][64Bits] -- {DDE34C48-60D7-4FF3-8803-EE251978B961}_is1 O42 - Logiciel: Elsword_FR - (...) [HKLM][64Bits] -- Elsword_FR_is1 O42 - Logiciel: Force Download Toolbar - (.Force Download.) [HKLM][64Bits] -- Force Download Toolbar O42 - Logiciel: Livestream for Producers - (.Livestream.) [HKLM][64Bits] -- {A5BB86DF-EE99-41EB-9446-B4623A725E2A} O42 - Logiciel: MouseServer version 1.3.0.0 - (.Necta Co..) [HKLM][64Bits] -- {E13018F5-FFC7-4729-9C1B-1A85807D03E6}_is1 O42 - Logiciel: My Radiomatisme 1.0.0.25 - (.My Progsoft.) [HKLM][64Bits] -- {EE0B037B-D2F2-4893-AF15-7FA3DF10E856}_is1 O42 - Logiciel: Pando Media Booster - (.Pando Networks Inc..) [HKLM][64Bits] -- {980A182F-E0A2-4A40-94C1-AE0C1235902E} O42 - Logiciel: SplitCam - (.SplitCam Co.) [HKLM][64Bits] -- SplitCam O42 - Logiciel: UwAmp (Uninstall) - (...) [HKLM][64Bits] -- UwAmp O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKLM][64Bits] -- uTorrent ~ Logic: 228 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\BitTorrent] [HKCU\Software\Chris PC-Lock] [HKCU\Software\Claro LTD] [HKCU\Software\CommView] [HKCU\Software\CursorFX Theme Editor] [HKCU\Software\Datel X360 Explorer] [HKCU\Software\IncrediMail] [HKCU\Software\InstallCore] =>PUP.InstallCore [HKCU\Software\RuneScape] [HKCU\Software\SplitCam] [HKCU\Software\SweetIM] =>PUP.SweetIM [HKCU\Software\UwAmp] [HKLM\Software\ActiveState] [HKLM\Software\Perl] [HKLM\Software\TamoSoft] [HKLM\Software\Wow6432Node\AedgePerformanceBCN] [HKLM\Software\Wow6432Node\Claro LTD] [HKLM\Software\Wow6432Node\SimplyGen] [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\YourFileDownloader] ~ Key Software: 376 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 24/10/2012 - 14:47:22 - [7,874] ----D C:\Program Files (x86)\Antares Audio Technologies O43 - CFD: 21/10/2012 - 00:16:26 - [2,167] ----D C:\Program Files (x86)\Claro LTD O43 - CFD: 23/03/2013 - 23:25:00 - [13,276] ----D C:\Program Files (x86)\CommView O43 - CFD: 11/04/2013 - 13:10:30 - [405,454] ----D C:\Program Files (x86)\Cracked Steam O43 - CFD: 15/10/2012 - 22:44:53 - [7,473] ----D C:\Program Files (x86)\Force Download Toolbar O43 - CFD: 20/02/2013 - 15:01:30 - [49,904] ----D C:\Program Files (x86)\Livestream for Producers O43 - CFD: 07/11/2012 - 19:45:20 - [1009,262] ----D C:\Program Files (x86)\Metin2 O43 - CFD: 14/03/2013 - 00:28:03 - [1,010] ----D C:\Program Files (x86)\MouseServer O43 - CFD: 13/04/2013 - 22:29:25 - [0] ----D C:\Program Files (x86)\rkfree O43 - CFD: 21/10/2012 - 00:16:20 - [187,882] ----D C:\Program Files (x86)\SplitCam O43 - CFD: 13/04/2013 - 12:16:56 - [0,765] ----D C:\Program Files (x86)\uTorrent O43 - CFD: 08/04/2013 - 18:07:06 - [14,831] ----D C:\Program Files (x86)\XZONE REACTOR Application O43 - CFD: 14/11/2012 - 20:29:59 - [0] ----D C:\Program Files (x86)\YourFileDownloader O43 - CFD: 08/09/2012 - 21:58:43 - [0,000] ----D C:\ProgramData\IM O43 - CFD: 08/09/2012 - 21:57:29 - [0,012] ----D C:\ProgramData\IncrediMail O43 - CFD: 04/10/2012 - 07:05:25 - [0,033] ---AD C:\ProgramData\rkfree O43 - CFD: 06/12/2012 - 21:22:31 - [0,000] ----D C:\ProgramData\TamoSoft O43 - CFD: 24/10/2012 - 14:47:22 - [0,001] ----D C:\Users\Jordy\AppData\Roaming\Antares O43 - CFD: 25/09/2012 - 13:15:50 - [0,003] ----D C:\Users\Jordy\AppData\Roaming\Datel O43 - CFD: 25/09/2012 - 11:45:04 - [0,010] ----D C:\Users\Jordy\AppData\Roaming\dfs 2.3 O43 - CFD: 26/09/2012 - 23:19:33 - [0,000] ----D C:\Users\Jordy\AppData\Roaming\SmartBot O43 - CFD: 20/03/2013 - 20:47:37 - [0,003] ----D C:\Users\Jordy\AppData\Roaming\Telephone sur PC O43 - CFD: 22/04/2013 - 14:52:42 - [1,620] ----D C:\Users\Jordy\AppData\Roaming\uTorrent O43 - CFD: 14/11/2012 - 20:29:31 - [0] ----D C:\Users\Jordy\AppData\Roaming\YourFileDownloader O43 - CFD: 18/03/2013 - 18:06:42 - [42,760] ----D C:\Users\Jordy\AppData\Local\Akamai O43 - CFD: 08/09/2012 - 22:01:55 - [17,381] ----D C:\Users\Jordy\AppData\Local\IM O43 - CFD: 26/12/2012 - 16:49:44 - [0,001] ----D C:\Users\Jordy\AppData\Local\PatakTools O43 - CFD: 20/02/2013 - 15:02:57 - [0,243] ----D C:\Users\Jordy\AppData\Local\Producer O43 - CFD: 24/01/2013 - 15:59:20 - [0,199] ----D C:\Users\Jordy\AppData\Local\Updater3847 O43 - CFD: 11/11/2012 - 20:43:20 - [0,001] ----D C:\Users\Jordy\AppData\Local\xKickAss O43 - CFD: 05/03/2013 - 02:16:20 - [0,003] ----D C:\Users\Jordy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape O43 - CFD: 21/10/2012 - 00:16:18 - [0,003] ----D C:\Users\Jordy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SplitCam O43 - CFD: 20/10/2012 - 22:22:47 - [0] ----D C:\Users\Jordy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UwAmp ~ 3 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 360 Legitimates Filtered in 02mn 21s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.6BEEA36145ADB71EB7362C2757887EBE] - 13/04/2013 - 00:15:05 ---A- . (...) -- C:\Windows\SplitCam.INI [1431] O44 - LFC:[MD5.EE6407670B4CA47CCC9AF5ED41A19150] - 12/04/2013 - 23:00:23 ---A- . (.Pas de propriétaire - Lagarith.) -- C:\Windows\SysNative\LAGARITH.DLL [148992] O44 - LFC:[MD5.EE6407670B4CA47CCC9AF5ED41A19150] - 12/04/2013 - 23:00:23 RSHAD . (.Pas de propriétaire - Lagarith.) -- C:\Windows\System32\LAGARITH.DLL [148992] O44 - LFC:[MD5.0021736A3EF29F98A22765A4430B1029] - 08/04/2013 - 20:25:05 ---A- . (...) -- C:\Windows\WPE PRO - modified.INI [318] ~ Files: 21 Legitimates Filtered in 00mn 14s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.65AB580D43549F6D8C188D865B2DEA93] - 19/04/2013 - 23:21:50 ---A- - C:\Windows\Prefetch\CAMTASIASTUDIO.EXE-D52CBE48.pf O45 - LFCP:[MD5.0A8C5574495F3A9F5BFAAB8E62EBD985] - 19/04/2013 - 23:25:51 ---A- - C:\Windows\Prefetch\CAMRECORDER.EXE-4401A56C.pf O45 - LFCP:[MD5.B49C6C3279C831A757DC0BE9FE4BD4EF] - 19/04/2013 - 23:52:47 ---A- - C:\Windows\Prefetch\HD-QUIT.EXE-F99C030F.pf O45 - LFCP:[MD5.E18F3E7C21F5095FB2257CB46FEFB951] - 19/04/2013 - 23:52:51 ---A- - C:\Windows\Prefetch\HD-RESTART.EXE-F65371A1.pf O45 - LFCP:[MD5.C6AFAB8245DB24897261DCF906D7E64E] - 19/04/2013 - 23:53:18 ---A- - C:\Windows\Prefetch\HD-SERVICE.EXE-06E74E75.pf O45 - LFCP:[MD5.7EFAF7C09A781468588B39C41089C0E4] - 19/04/2013 - 23:53:19 ---A- - C:\Windows\Prefetch\HD-BLOCKDEVICE.EXE-2BA47AC7.pf O45 - LFCP:[MD5.2446E68ABD4B89DCB7FF5EB94147663D] - 19/04/2013 - 23:53:19 ---A- - C:\Windows\Prefetch\HD-NETWORK.EXE-97DB19B2.pf O45 - LFCP:[MD5.FEED3E3BED7D3607B7139B7351BBFB75] - 19/04/2013 - 23:53:19 ---A- - C:\Windows\Prefetch\HD-SHAREDFOLDER.EXE-D8C6ABAF.pf O45 - LFCP:[MD5.F0F7D2763618F10DABC32EC5E6CCE378] - 22/04/2013 - 00:00:31 ---A- - C:\Windows\Prefetch\ALLCAPTURE.EXE-6A7345CA.pf O45 - LFCP:[MD5.49C91ACB0AC25F5C9BB9CDD0A9B6965D] - 22/04/2013 - 12:30:26 ---A- - C:\Windows\Prefetch\HD-RUNAPP.EXE-7DC2AC8E.pf O45 - LFCP:[MD5.2FB9F0DF58103B1E83CE0B6B2986BA07] - 22/04/2013 - 12:30:32 ---A- - C:\Windows\Prefetch\HD-FRONTEND.EXE-7EB64AE8.pf O45 - LFCP:[MD5.D03012A1200C89E5898A555CA9520337] - 22/04/2013 - 12:30:44 ---A- - C:\Windows\Prefetch\HD-ADB.EXE-0FB674E3.pf O45 - LFCP:[MD5.3E565AEB40D4ACA5267BCD2AB7C74BC2] - 22/04/2013 - 13:06:56 ---A- - C:\Windows\Prefetch\PHOTOFILTRE7.EXE-051F9F5C.pf O45 - LFCP:[MD5.BF7347F25ABF28EEF6E10D763BB89605] - 22/04/2013 - 14:02:13 ---A- - C:\Windows\Prefetch\PMB.EXE-B9083A8E.pf O45 - LFCP:[MD5.F392A236609EAB6ED6A6182126AFB0DF] - 22/04/2013 - 14:27:03 ---A- - C:\Windows\Prefetch\RAVBG64.EXE-7CC661DA.pf O45 - LFCP:[MD5.5663615E86FCDAD4DF293E502C7B96B0] - 22/04/2013 - 14:27:03 ---A- - C:\Windows\Prefetch\UPDATERSTARTUPUTILITY.EXE-68AA7E20.pf O45 - LFCP:[MD5.D279E36789E296C2B4A643FE706EB7E0] - 22/04/2013 - 14:27:34 ---A- - C:\Windows\Prefetch\MMLOADDRVPXDISCRETE.EXE-AE9DDA34.pf ~ Prefetcher: 141 Legitimates Filtered in 00mn 03s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\Users\Jordy\AppData\Local\Temp\vbc.exe" [Enabled] .(...) -- C:\Users\Jordy\AppData\Local\Temp\vbc.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Users\Jordy\AppData\Roaming\svchost.exe" [Enabled] .(...) -- C:\Users\Jordy\AppData\Roaming\svchost.exe (.not file.) ~ Keys Export: 3 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 19 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoChangeStartMenu"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoClose"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLogOff"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088] O58 - SDL:[MD5.1E6438D4EA6E1174A3B3B1EDC4DE660B] - 18/03/2009 - 16:35:42 --HA- . (.LogMeIn, Inc. - Hamachi Virtual Network Interface Driver.) -- C:\Windows\System32\hamachi.sys [33856] O58 - SDL:[MD5.F2B3785D7282BAC66D4B644FC88749F0] - 13/06/2002 - 14:08:46 ----- . (.Padus, Inc. - Padus(R) ASPI Shell.) -- C:\Windows\SysWOW64\drivers\pfc.sys [14604] O58 - SDL:[MD5.BBC47A2E02BE7DEAA8ED514AAB4F1FAF] - 01/02/2012 - 20:50:44 ---A- . (.INCA Internet Co., Ltd. - nProtect NPSC Kernel Mode Driver for NT.) -- C:\Windows\SysWOW64\npptNT2.sys [4774] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 22/04/2013 - 00:13:23 ---A- C:\Users\Jordy\AppData\Roaming\ALLCapture\ALLCENT30.cfg [114] O61 - LFC: 22/04/2013 - 00:13:23 ---A- C:\Users\Jordy\AppData\Roaming\ALLCapture\ALLCapture.xml [2088] O61 - LFC: 22/04/2013 - 12:30:57 ---A- C:\Users\Jordy\AppData\Roaming\D2Info0 [125] O61 - LFC: 22/04/2013 - 12:31:06 ---A- C:\Users\Jordy\AppData\Roaming\app\Jerakine_lang.dat [4859] O61 - LFC: 22/04/2013 - 12:32:37 ---A- C:\Users\Jordy\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [268770] O61 - LFC: 22/04/2013 - 14:14:53 ---A- C:\Users\Jordy\AppData\Local\PMB Files\cert\secmod.db [16384] O61 - LFC: 22/04/2013 - 14:15:25 ---A- C:\Users\Jordy\AppData\Local\PMB Files\pando.save [918] O61 - LFC: 22/04/2013 - 14:15:37 ---A- C:\Users\Jordy\AppData\Local\PMB Files\cert\cert8.db [65536] O61 - LFC: 22/04/2013 - 14:15:37 ---A- C:\Users\Jordy\AppData\Local\PMB Files\cert\key3.db [16384] O61 - LFC: 22/04/2013 - 14:37:47 ---A- C:\Users\Jordy\AppData\Local\Google\Chrome\User Data\Local State [28069] ~ 6 Fichiers temporaires (Temporary files) ~ Files: 521 Legitimates Filtered in 04mn 11s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 25/09/2012 - C:\Windows\System32\DRIVERS\cv2k1.sys (CV2K1) .(.TamoSoft - CommView Driver for Windows XP/2003/Vista/2.) - LEGACY_CV2K1 O64 - Services: CurCS - 27/06/2012 - C:\Windows\System32\DRIVERS\tsvp.sys (TsVp) .(.TamoSoft - CommView Pid Driver for Vista/2008/W7 x64.) - LEGACY_TSVP O64 - Services: CurCS - 13/11/2012 - C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys (WinRing0_1_2_0) .(.OpenLibSys.org - WinRing0.) - LEGACY_WINRING0_1_2_0 ~ Legacy: 98 Legitimates Filtered in 00mn 28s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 19 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: prefs.js [Jordy - hc5yo5kr.default] user_pref("extensions.claro.admin", false); O69 - SBI: prefs.js [Jordy - hc5yo5kr.default] user_pref("extensions.claro.aflt", "babsst"); O69 - SBI: prefs.js [Jordy - hc5yo5kr.default] user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}"); O69 - SBI: prefs.js [Jordy - hc5yo5kr.default] user_pref("extensions.claro.dfltLng", "en"); O69 - SBI: prefs.js [Jordy - hc5yo5kr.default] user_pref("extensions.claro.excTlbr", false); O69 - SBI: prefs.js [Jordy - hc5yo5kr.default] user_pref("extensions.claro.id", "68b709d900000000000000ffb7549b44"); O69 - SBI: prefs.js [Jordy - hc5yo5kr.default] user_pref("extensions.claro.instlDay", "15633"); O69 - SBI: prefs.js [Jordy - hc5yo5kr.default] user_pref("extensions.claro.instlRef", "sst"); O69 - SBI: prefs.js [Jordy - hc5yo5kr.default] user_pref("extensions.claro.prdct", "claro"); O69 - SBI: prefs.js [Jordy - hc5yo5kr.default] user_pref("extensions.claro.prtnrId", "claro"); O69 - SBI: prefs.js [Jordy - hc5yo5kr.default] user_pref("extensions.claro.tlbrId", "claro"); O69 - SBI: prefs.js [Jordy - hc5yo5kr.default] user_pref("extensions.claro.tlbrSrchUrl", ""); O69 - SBI: prefs.js [Jordy - hc5yo5kr.default] user_pref("extensions.claro.vrsn", "1.8.3.10"); O69 - SBI: prefs.js [Jordy - hc5yo5kr.default] user_pref("extensions.claro.vrsni", "1.8.3.10"); O69 - SBI: prefs.js [Jordy - hc5yo5kr.default] user_pref("extensions.claro_i.smplGrp", "none"); O69 - SBI: prefs.js [Jordy - hc5yo5kr.default] user_pref("extensions.claro_i.vrsnTs", "1.8.3.100:16:21"); O69 - SBI: prefs.js [Jordy - hc5yo5kr.default] user_pref("extensions.crossrider.bic", "13cef662e0357676ecd22ac4ec6c4e4f"); =>PUP.CrossRider O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com ~ Keys: Scanned in 00mn 00s ---\\ Crack & Keygen Files (O82) C:\Program Files (x86)\Cracked Steam\package\backup_win32.zip.3de7cf3678ee4dcd4cdf2013bdb5c3b83ed48514 C:\Program Files (x86)\Cracked Steam\package\backup_win32.zip.a7a47bc2aa37fef85056018b24d461374c37e2ab C:\Program Files (x86)\Cracked Steam\package\bins_win32.zip.086559f166faa8808302a3e760fa183d25765e13 C:\Program Files (x86)\Cracked Steam\package\bins_win32.zip.cb478c50c889146a950f830117c1a7ed1e5ad4e6 C:\Program Files (x86)\Cracked Steam\package\bins_win32.zip.e1e28b1b4a9f4ad7f925996b7451d0b999d726e6 C:\Program Files (x86)\Cracked Steam\package\bins_win32.zip.ebb6e9c55a183f5e67b251637298deee56b034fe C:\Program Files (x86)\Cracked Steam\package\gamesforwindows_win32.zip.1265d4943aabef17ab0cf4996830338752a908f7 C:\Program Files (x86)\Cracked Steam\package\gamesforwindows_win32.zip.897d4d1c38f55dd339d7080e843cb9ad94b655a0 C:\Program Files (x86)\Cracked Steam\package\public_all.zip.30727a91414913927a469afacf7b6fd9c708ae61 C:\Program Files (x86)\Cracked Steam\package\public_all.zip.3dc79942d8ee21b673eb3c22d236fd767167673f C:\Program Files (x86)\Cracked Steam\package\public_all.zip.963cb362c56a64303fab0323720293eb69271110 C:\Program Files (x86)\Cracked Steam\package\public_all.zip.a61e1581168fe690e645833272ba77ea6ded6159 C:\Program Files (x86)\Cracked Steam\package\resources_all.zip.40bbc2287237e5abfeab08c5c967e492969d9c88 C:\Program Files (x86)\Cracked Steam\package\resources_all.zip.5bd34cb3fc94fb27e80964ce601636763457cf47 C:\Program Files (x86)\Cracked Steam\package\resources_all.zip.7ad672422490098819d39d10a4bc494d3d28fc7f C:\Program Files (x86)\Cracked Steam\package\resources_all.zip.cf2a9e5a1c7888bb9b9beb03609caf32ad744ab6 C:\Program Files (x86)\Cracked Steam\package\steam_win32.zip.2427bb03f1611ae2ef5e94f7602a3a8c9f20fced C:\Program Files (x86)\Cracked Steam\package\steam_win32.zip.9cf7557cffb934f44964c166c63571ed6f0e6fef C:\Program Files (x86)\Cracked Steam\package\steam_win32.zip.b6dca0793fbddfbc2f251fcfe1051b01497ea567 C:\Program Files (x86)\Cracked Steam\package\steam_win32.zip.fe7939706cc005c95a2a8294bf404bd6c0f4a851 C:\Program Files (x86)\Cracked Steam\package\strings_all.zip.1abcde991a48c3785cbca04dc92d39f912d92407 C:\Program Files (x86)\Cracked Steam\package\strings_all.zip.206bcb1903995ed8863d7d2ba5b31f632ce3c1b4 C:\Program Files (x86)\Cracked Steam\package\tenfoot_all.zip.5ca104ca2fc7c33d74288a0cac87dde0aa0d6ac9 C:\Program Files (x86)\Cracked Steam\package\tenfoot_all.zip.65fb2265ba6e6b1f211aa2cc70cbf036bbf367b0 C:\Program Files (x86)\Cracked Steam\package\tenfoot_all.zip.bb8c17b4b60387a3a3c47cdcfe55029c4d880e47 C:\Program Files (x86)\Cracked Steam\package\tenfoot_ambientsounds_all.zip.ac31503c42f094976f64844d8ff54705cadc7dd3 C:\Program Files (x86)\Cracked Steam\package\tenfoot_fonts_all.zip.06551e23c14845665e7671feb9453b3ca1052939 C:\Program Files (x86)\Cracked Steam\package\tenfoot_images_all.zip.b4b49c07ae879243999e3ce550be262075c18fe6 C:\Program Files (x86)\Cracked Steam\package\tenfoot_sounds_all.zip.e8cce9ed600fc09e4a3f510fc3595d515bba6cd6 C:\Program Files (x86)\Cracked Steam\package\tmp\resource\sourceinit.dat C:\Program Files (x86)\Cracked Steam\package\tmp\resource\sourceinit_macos.dat C:\Program Files (x86)\Cracked Steam\package\webkit_win32.zip.8777005db0723e32d9dd82ac999ab862fb8eca92 C:\Program Files (x86)\Cracked Steam\package\webkit_win32.zip.cb4296438d5bfac487d4b9fa77ca7cbd8e69cfd5 C:\Program Files (x86)\Cracked Steam\package\webkit_win32.zip.d9dc878c54ad15ef1f4b095ceea82b0080d1767c C:\Users\Jordy\Desktop\Dofus\Officiel\Bots\Redox\Cracked by Lovercraft & THB\Le bot\Redox 1.1.2.1.exe C:\Users\Jordy\Desktop\Dofus\Officiel\Bots\SmartBotCracked\Bot.exe C:\Users\Jordy\Desktop\Dofus\Officiel\Bots\SmartBotCracked\Trajets Smartbot\Trajets Smartbot.rar C:\Users\Jordy\Desktop\Dofus\Officiel\Bots\SmartBotCracked\werliveinafreeworld.rar C:\Program Files (x86)\Cracked Steam\package\backup_win32.zip.3de7cf3678ee4dcd4cdf2013bdb5c3b83ed48514 C:\Program Files (x86)\Cracked Steam\package\backup_win32.zip.a7a47bc2aa37fef85056018b24d461374c37e2ab C:\Program Files (x86)\Cracked Steam\package\bins_win32.zip.086559f166faa8808302a3e760fa183d25765e13 C:\Program Files (x86)\Cracked Steam\package\bins_win32.zip.cb478c50c889146a950f830117c1a7ed1e5ad4e6 C:\Program Files (x86)\Cracked Steam\package\bins_win32.zip.e1e28b1b4a9f4ad7f925996b7451d0b999d726e6 C:\Program Files (x86)\Cracked Steam\package\bins_win32.zip.ebb6e9c55a183f5e67b251637298deee56b034fe C:\Program Files (x86)\Cracked Steam\package\gamesforwindows_win32.zip.1265d4943aabef17ab0cf4996830338752a908f7 C:\Program Files (x86)\Cracked Steam\package\gamesforwindows_win32.zip.897d4d1c38f55dd339d7080e843cb9ad94b655a0 C:\Program Files (x86)\Cracked Steam\package\public_all.zip.30727a91414913927a469afacf7b6fd9c708ae61 C:\Program Files (x86)\Cracked Steam\package\public_all.zip.3dc79942d8ee21b673eb3c22d236fd767167673f C:\Program Files (x86)\Cracked Steam\package\public_all.zip.963cb362c56a64303fab0323720293eb69271110 C:\Program Files (x86)\Cracked Steam\package\public_all.zip.a61e1581168fe690e645833272ba77ea6ded6159 C:\Program Files (x86)\Cracked Steam\package\resources_all.zip.40bbc2287237e5abfeab08c5c967e492969d9c88 C:\Program Files (x86)\Cracked Steam\package\resources_all.zip.5bd34cb3fc94fb27e80964ce601636763457cf47 C:\Program Files (x86)\Cracked Steam\package\resources_all.zip.7ad672422490098819d39d10a4bc494d3d28fc7f C:\Program Files (x86)\Cracked Steam\package\resources_all.zip.cf2a9e5a1c7888bb9b9beb03609caf32ad744ab6 C:\Program Files (x86)\Cracked Steam\package\steam_win32.zip.2427bb03f1611ae2ef5e94f7602a3a8c9f20fced C:\Program Files (x86)\Cracked Steam\package\steam_win32.zip.9cf7557cffb934f44964c166c63571ed6f0e6fef C:\Program Files (x86)\Cracked Steam\package\steam_win32.zip.b6dca0793fbddfbc2f251fcfe1051b01497ea567 C:\Program Files (x86)\Cracked Steam\package\steam_win32.zip.fe7939706cc005c95a2a8294bf404bd6c0f4a851 C:\Program Files (x86)\Cracked Steam\package\strings_all.zip.1abcde991a48c3785cbca04dc92d39f912d92407 C:\Program Files (x86)\Cracked Steam\package\strings_all.zip.206bcb1903995ed8863d7d2ba5b31f632ce3c1b4 C:\Program Files (x86)\Cracked Steam\package\tenfoot_all.zip.5ca104ca2fc7c33d74288a0cac87dde0aa0d6ac9 C:\Program Files (x86)\Cracked Steam\package\tenfoot_all.zip.65fb2265ba6e6b1f211aa2cc70cbf036bbf367b0 C:\Program Files (x86)\Cracked Steam\package\tenfoot_all.zip.bb8c17b4b60387a3a3c47cdcfe55029c4d880e47 C:\Program Files (x86)\Cracked Steam\package\tenfoot_ambientsounds_all.zip.ac31503c42f094976f64844d8ff54705cadc7dd3 C:\Program Files (x86)\Cracked Steam\package\tenfoot_fonts_all.zip.06551e23c14845665e7671feb9453b3ca1052939 C:\Program Files (x86)\Cracked Steam\package\tenfoot_images_all.zip.b4b49c07ae879243999e3ce550be262075c18fe6 C:\Program Files (x86)\Cracked Steam\package\tenfoot_sounds_all.zip.e8cce9ed600fc09e4a3f510fc3595d515bba6cd6 C:\Program Files (x86)\Cracked Steam\package\tmp\resource\sourceinit.dat C:\Program Files (x86)\Cracked Steam\package\tmp\resource\sourceinit_macos.dat C:\Program Files (x86)\Cracked Steam\package\webkit_win32.zip.8777005db0723e32d9dd82ac999ab862fb8eca92 C:\Program Files (x86)\Cracked Steam\package\webkit_win32.zip.cb4296438d5bfac487d4b9fa77ca7cbd8e69cfd5 C:\Program Files (x86)\Cracked Steam\package\webkit_win32.zip.d9dc878c54ad15ef1f4b095ceea82b0080d1767c C:\Users\Jordy\Desktop\Dofus\Officiel\Bots\Redox\Cracked by Lovercraft & THB\Le bot\Redox 1.1.2.1.exe C:\Users\Jordy\Desktop\Dofus\Officiel\Bots\SmartBotCracked\Bot.exe C:\Users\Jordy\Desktop\Dofus\Officiel\Bots\SmartBotCracked\Trajets Smartbot\Trajets Smartbot.rar C:\Users\Jordy\Desktop\Dofus\Officiel\Bots\SmartBotCracked\werliveinafreeworld.rar ~ Files: Scanned in 02mn 22s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.61DFA7D3A349A75FDBD72CC22D9AA99A] [SPRF][12/04/2013] (.Web Solution Mart - Fake Webcam Codecs Pack Setup.) -- C:\Users\Jordy\AppData\Local\Temp\FH68B8.tmp.exe [12444400] [MD5.85D06A2F6EE0490731069C5EEDA3EF14] [SPRF][12/04/2013] (.Web Solution Mart - Fake Webcam Effects and Overlays Pack Setup.) -- C:\Users\Jordy\AppData\Local\Temp\FH8D48.tmp.exe [8719040] [MD5.28BACDF86D2558E1248A5C4C658CAB2B] [SPRF][13/11/2012] (...) -- C:\Users\Jordy\AppData\Local\Temp\gbinit.exe [1036696] [MD5.FE3EBAF3B285433A2566AEF82738D554] [SPRF][05/03/2013] (...) -- C:\Users\Jordy\AppData\Local\Temp\ICReinstall_Minecraft.exe [667016] [MD5.6C137D2BEF3CDD43F3AE2FD6705B9FED] [SPRF][05/04/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\Jordy\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe [904104] [MD5.95E5725507E83429DE4F16C80155AC4B] [SPRF][10/10/2012] (.Pas de propriétaire - Pipix v2.7.exe.) -- C:\Users\Jordy\Desktop\Pipix_v2.7.exe [766585] ~ Files: Scanned in 00mn 03s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{912C1961-D768-4623-9B41-77AF8556F15E}" | In - Domain - P6 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "{4556E17F-57D7-4495-A0B2-9BD5162AC45F}" | In - Domain - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "{6F216A51-401E-41E3-8699-0BB8469F7545}" | In - Private - P6 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "{DD0600F0-B74F-4D2B-B3E4-072AB1C8DD80}" | In - Private - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "{1360827B-05C3-44B8-930F-650467CD33FD}" | In - None - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "TCP Query User{41340FD0-ACF9-427C-913D-759E09C8D888}C:\program files (x86)\metin2\metin2client.bin" | In - Private - P6 - TRUE | .(.Ymir Entertainment - Metin2Client.) -- C:\program files (x86)\metin2\metin2client.bin O87 - FAEL: "UDP Query User{F52579D8-9295-4D2B-B319-C8854720D0B7}C:\program files (x86)\metin2\metin2client.bin" | In - Private - P17 - TRUE | .(.Ymir Entertainment - Metin2Client.) -- C:\program files (x86)\metin2\metin2client.bin O87 - FAEL: "{632B7541-3EBF-4ACF-AD21-FE798E8B3BDE}" | In - Public - P17 - TRUE | .(.Ymir Entertainment - Metin2Client.) -- C:\program files (x86)\metin2\metin2client.bin O87 - FAEL: "{AFFA42E1-5A42-4173-9C28-A660C7990DEB}" | In - Public - P6 - TRUE | .(.Ymir Entertainment - Metin2Client.) -- C:\program files (x86)\metin2\metin2client.bin O87 - FAEL: "{C0913A9C-295A-4885-BD87-F1382CE955A6}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe O87 - FAEL: "{67058D15-9E98-43B5-99F7-C04442DCE697}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe O87 - FAEL: "TCP Query User{22907DDC-31C9-4A62-B445-BD627914A3AD}C:\program files (x86)\mouseserver\mouseserver.exe" | In - Private - P6 - TRUE | .(.wifimouse.necta.us - MouseServer.) -- C:\program files (x86)\mouseserver\mouseserver.exe O87 - FAEL: "UDP Query User{5ACE4F8C-B570-463A-90A7-F079853D9F1D}C:\program files (x86)\mouseserver\mouseserver.exe" | In - Private - P17 - TRUE | .(.wifimouse.necta.us - MouseServer.) -- C:\program files (x86)\mouseserver\mouseserver.exe O87 - FAEL: "{19C58643-06A2-43EA-8B9D-EDCA05B54054}" | In - Public - P17 - TRUE | .(.wifimouse.necta.us - MouseServer.) -- C:\program files (x86)\mouseserver\mouseserver.exe O87 - FAEL: "{9313813D-EC8E-4592-AD55-CA0620F5B017}" | In - Public - P6 - TRUE | .(.wifimouse.necta.us - MouseServer.) -- C:\program files (x86)\mouseserver\mouseserver.exe ~ Firewall: 295 Legitimates Filtered in 00mn 13s ---\\ Scan Additionnel (O88) Database Version : v2.11631 - (21/04/2013) Clés trouvées (Keys found) : 83 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 7 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}] =>Hijacker.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}] =>Hijacker.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}] =>Hijacker.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F37A8FE-00B3-430F-85AA-F97F12E8B651}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F37A8FE-00B3-430F-85AA-F97F12E8B651}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F37A8FE-00B3-430F-85AA-F97F12E8B651}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}] =>PUP.ClaroSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}] =>Hijacker.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}] =>Hijacker.Agent [HKLM\Software\Classes\AppID\Complitly.DLL] =>Adware.PredictAd [HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFile_RASAPI32] =>PUP.YourFileDownloader [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing [HKCU\Software\{EBC7E151-8AF5-4026-B48E-0A8642BE4FDE}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco] =>PUP.1ClickDownloader [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] =>Toolbar.Agent [HKCU\Software\1ClickDownload] =>PUP.1ClickDownloader [HKLM\Software\Wow6432Node\AedgePerformanceBCN] =>Adware.SPointer [HKCU\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\SweetIM] =>PUP.SweetIM [HKLM\Software\Wow6432Node\SimplyGen] =>Adware.PredictAd [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASAPI32] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\MyBabylontb_RASMANCS] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\claro] =>PUP.ClaroSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37D4F18B-902D-4794-807B-D6C5314B4FF7}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37D4F18B-902D-4794-807B-D6C5314B4FF7}] =>Toolbar.Conduit [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASAPI32] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Microsoft\Tracing\offerbox_RASMANCS] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASAPI32] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Microsoft\Tracing\OfferBoxHTTPProxy_RASMANCS] =>PUP.OfferBox [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing [HKCU\Software\InstallCore] =>Adware.InstallCore [HKLM\Software\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}] =>PUP.ClaroSearch [HKLM\Software\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}] =>PUP.ClaroSearch [HKLM\Software\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}] =>PUP.ClaroSearch [HKLM\Software\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}] =>PUP.ClaroSearch [HKLM\Software\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}] =>PUP.ClaroSearch [HKLM\Software\Classes\esrv.claroESrvc.1] =>PUP.ClaroSearch [HKLM\Software\Classes\esrv.claroESrvc] =>PUP.ClaroSearch [HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASAPI32] =>Adware.Boxore [HKLM\Software\Wow6432Node\Microsoft\Tracing\boxore_RASMANCS] =>Adware.Boxore [HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASAPI32] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Tracing\ConduitInstaller_RASMANCS] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011381147}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011381147}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022382247}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011381147}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011381147}] =>PUP.CrossRider [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011381147}] =>PUP.CrossRider [HKLM\Software\Classes\claro.claroappCore] =>PUP.ClaroSearch^ [HKLM\Software\Classes\claro.claroappCore.1] =>PUP.ClaroSearch^ [HKLM\Software\Classes\claro.clarodskBnd] =>PUP.ClaroSearch^ [HKLM\Software\Classes\claro.clarodskBnd.1] =>PUP.ClaroSearch^ [HKLM\Software\Classes\claro.claroHlpr] =>PUP.ClaroSearch^ [HKLM\Software\Classes\claro.claroHlpr.1] =>PUP.ClaroSearch^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^ [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{9E131A93-EED7-4BEB-B015-A0ADB30B5646} =>PUP.ClaroSearch C:\Program Files (x86)\yourfiledownloader =>PUP.YourFileDownloader C:\Program Files (x86)\Claro LTD =>PUP.ClaroSearch C:\Program Files (x86)\Force Download Toolbar =>Toolbar.Conduit C:\Program Files (x86)\rkfree =>Keylogger.Logixoft C:\ProgramData\rkfree =>Keylogger.Logixoft C:\Users\Jordy\AppData\Roaming\yourfiledownloader =>PUP.YourFileDownloader C:\Users\Jordy\AppData\Local\\Updater3847 =>PUP.CrossRider^ ~ Additionnel Scan: 348481 Items scanned in 00mn 41s ---\\ Product Upgrade Codes (O90) O90 - PUC: "79407899D9A1CF9449F9CE4F89A6ABF1" . (.ForceDownload.) -- C:\Windows\Installer\{99870497-1A9D-49FC-949F-ECF4986ABA1F}\ARPPRODUCTICON.exe ~ Update Products: 410 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 12/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 19/12/2012 240640 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 19/12/2012 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe SR - | Auto 15/02/2013 393080 | (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-Service.exe SR - | Auto 15/02/2013 384888 | (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe SS - | Demand 26/04/2012 2438696 | (CGVPNCliSrvc) . (.mobile concepts GmbH.) - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe SR - | Auto 01/07/2011 353360 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe SS - | Demand 21/06/2011 173424 | (EgisTec Ticket Service) . (.Egis Technology Inc..) - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe SR - | Auto 02/08/2011 872552 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe SS - | Demand 29/06/2012 655624 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe SR - | Auto 30/05/2011 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe SS - | Auto 19/02/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 19/02/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SR - | Auto 10/12/2012 2465712 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe SR - | Auto 05/04/2012 255376 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe SS - | Demand 05/02/2013 428928 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe SS - | Demand 06/09/2012 114144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand ??\??\???? 0 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des SR - | Auto 24/04/2011 256832 | (NTI IScheduleSvc) . (.NTI Corporation.) - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe SR - | Auto 06/03/2013 3560288 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe SS - | Demand 26/09/2011 18432 | (wampapache) . (.Apache Software Foundation.) - c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe SS - | Demand 8176640 | (wampmysqld) . (...) - c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 10s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by Jordy at 22/04/2013 15:46:25 device: opened successfully user: error reading MBR Disk trace: error: Read Descripteur non valide kernel: error reading MBR ~ MBR: 9 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Jordy at 22/04/2013 15:46:27 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 2565 Legitimates filtered by white list End of the scan (915 lines in 12mn 41s)(76)