Rapport de ZHPDiag v2013.4.13.73 par Nicolas Coolman, Update du 13/04/2013 Run by Géraud at 14/04/2013 11:38:35 State : Version à jour. High Elevated Privileges : OK UAC : Not Found ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox 17.0.1 v17.0.1 GCIE: Google Chrome v26.0.1410.64 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows XP Professional Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ System Protection avast! Free Antivirus v8.0.1483.0 ---\\ System Optimizer CCleaner v3.28 ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader XI Java 7 Update 17 ---\\ System Information ~ Processor: x86 Family 6 Model 14 Stepping 8, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2046 MB (51% free) System Restore: Activé (Enable) System drive C: has 356 GB (76%) free of 466 GB ---\\ Logged in mode ~ Computer Name: DETERSON ~ User Name: Géraud ~ All Users Names: SUPPORT_388945a0, HelpAssistant, Géraud, ASPNET, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\Géraud\Application Data\ ~ %Desktop% : C:\Documents and Settings\Géraud\Bureau\ ~ %Favorites% : C:\Documents and Settings\Géraud\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\Géraud\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\Géraud\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 356 Go of 466 Go) D:\ CD-ROM drive (Not Inserted) E:\ CD-ROM drive (Not Inserted) F:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.48309E1F5ED8E72783EEFBA04898BDA1] - (.Microsoft Corporation - Internet Extensions for Win32.) (.02/03/2013 - 02:55:11.) -- C:\WINDOWS\system32\wininet.dll [916480] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 19:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 19:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/12 ~ Mes musiques (My Musics) : 3/145 ~ Mes Videos (My Videos) : 1/6 ~ Mes Favoris (My Favorites) : 1/12 ~ Mes Documents (My Documents) : 1/22954 ~ Mon Bureau (My Desktop) : 0/7772 ~ Menu demarrer (Programs) : 1/119 ~ Hidden Files: Scanned in 00mn 19s ---\\ Processus lancés [MD5.F96E450937BAD69FE4804D46829AA5C7] - (.Intel Corporation - Intel(R) PROSet/Wireless Event Log.) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [114753] [PID.1484] [MD5.99647323602BE0E77A9737E6EADA65BA] - (.Intel Corporation - Wireless Management Service.) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [540745] [PID.1520] [MD5.E876C33293AA5FFA81A1AA28D594712E] - (.Intel(R) Corporation - WLANKEEPER.) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [262217] [PID.1544] [MD5.41735B82DB57E4EBE9504EC400FD120E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248] [PID.120] [MD5.522215532916836B9CA19EE30658F3C1] - (...) -- C:\WINDOWS\Nhksrv.exe [28672] [PID.1632] [MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1708] [MD5.621022468E8D240B15BF98E5B5E2DAEC] - (.Uniblue Systems Limited - Uniblue DriverScanner Monitor.) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe [26016] [PID.372] [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.436] [MD5.8B4B572753419FE601220526205F9455] - (.http://libusb-win32.sourceforge.net - LibUsb-Win32 - Generic USB Library.) -- C:\WINDOWS\system32\libusbd-nt.exe [18944] [PID.1780] [MD5.143F50273CFB6D970F06A1C2D7FBBF78] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 156.8.) -- C:\WINDOWS\system32\nvsvc32.exe [155716] [PID.1988] [MD5.93AD0B78C7357A05F50E594EC7C22300] - (...) -- ystem32\rundll32.exe [0] [PID.2164] [MD5.543A4EF0923BF70D126625B034EF25AF] - (.Protexis Inc. - PsiService PsiService.) -- c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe [189728] [PID.2612] [MD5.B8C80DCCD4CE7CBF1FE8600B68418536] - (.Intel Corporation - ZeroCfgSvc MFC Application.) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [667718] [PID.2844] [MD5.6210679582240D54CC7FCC6278CA8B04] - (.Intel Corporation - Intel(R) PROSet/Wireless Registry Service.) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [217164] [PID.2972] [MD5.DA199948BDF65D2EF9109B60EC4621D0] - (.Intel Corporation - Intel Framework MFC Application.) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [602182] [PID.3060] [MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe [4767304] [PID.3072] [MD5.9F3E7CABE86BBDECA009DE291DB6D9E2] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [3467768] [PID.3320] [MD5.C4C11F8A363B2596A647B1A079B39C89] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe [509816] [PID.3456] [MD5.012844A8E13BE3941C9CAF1F91F47DF2] - (.SigmaTel, Inc. - Sigmatel Audio system tray application.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [405504] [PID.3640] [MD5.8E2A7F1F62467A7DCB8AB2C0642F47CA] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152392] [PID.3856] [MD5.B70EFFF003D51A94FCC4C6C66F5E610F] - (.Alps Electric Co., Ltd. - ApMsgFwd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe [57680] [PID.776] [MD5.DFC8186972EB21F75E5B532194AF4C3A] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver for Windows NT/.) -- C:\Program Files\DellTPad\Apntex.exe [54640] [PID.2128] [MD5.7A42A8E161DC32C5A40C5813ED64DF03] - (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\HidFind.exe [54744] [PID.2448] [MD5.E46B17060D3962A384AE484094614788] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553288] [PID.3468] [MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [252848] [PID.3520] [MD5.755DB0FABD639DE8D9FA6D446BA90D36] - (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [487424] [PID.3100] [MD5.1CC87053C28DCA5CD94CAC36DC56E7B4] - (.Intel Corporation - Intel 802.1x Server.) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe [397381] [PID.3180] [MD5.F99DB28C5D47A940883BCF695DD654B1] - (...) -- C:\Program Files\Free Net\Freenet\freenet.exe [474097] [PID.272] [MD5.F00C92F723D81F1405238432007D7DCC] - (.Tanuki Software, Ltd. - Java Service Wrapper Community Edition 3.3..) -- C:\Program Files\Free Net\Freenet\wrapper\freenetwrapper.exe [241664] [PID.244] [MD5.1307C55F9FF45A1FD18F09C88321021C] - (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe [969104] [PID.4480] [MD5.831347571C0F5006CE3913D32F21AB69] - (.Microsoft Corporation - Contrôle du volume.) -- C:\WINDOWS\system32\SNDVOL32.exe [139264] [PID.7844] [MD5.04F4D7D7B97C616C33DC3EFFD48875E0] - (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\java.exe [174496] [PID.2328] [MD5.4E9592BB2C100E571F82640E59E9ECD5] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [1312720] [PID.1680] [MD5.00E193148E1DC8145CE4219900593705] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6742016] [PID.656] [MD5.67949CC8A865296C1333C96A4E1A2D66] - (.Microsoft Corporation - Serveur de gestion de ressources des cartes.) -- C:\WINDOWS\System32\SCardSvr.exe [100352] [PID.868] [MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.4016] ~ Processes Running: Scanned in 00mn 01s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Documents and Settings\Géraud\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] None ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Documents and Settings\Géraud\Application Data\Mozilla\Firefox\Profiles\vdd5n7wv.default\prefs.js ~ Firefox Browser: 18 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) ~ IE Browser: 9 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com, R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks= R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Browser Helper Objects de navigateur (O2) ~ BHO: 4 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] bthprops.cpl O4 - HKLM\..\Run: [IntelZeroConfig] . (.Intel Corporation - ZeroCfgSvc MFC Application.) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe O4 - HKLM\..\Run: [IntelWireless] . (.Intel Corporation - Intel Framework MFC Application.) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Run: [DellTouch] . (.Netropa Corp. - Netropa(tm) Hot Key.) -- C:\WINDOWS\MMKeybd.exe O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\DellTPad\Apoint.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] . (.SigmaTel, Inc. - Sigmatel Audio system tray application.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll O4 - HKLM\..\Run: [nwiz] . (...) -- C:\WINDOWS\system32\nwiz.exe O4 - HKLM\..\Run: [NVHotkey] nvHotkey.dll O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMcTray.dll O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] . (.Pas de propriétaire - Stardock BootSkin!.) -- C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe O4 - HKCU\..\Run: [Gadwin PrintScreen] . (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - HKCU\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files\Google\Drive\googledrivesync.exe O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_E1AB64F4BED446AD887BD7CAAB5C76D5] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-1757981266-329068152-1606980848-1003\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe O4 - HKUS\S-1-5-21-1757981266-329068152-1606980848-1003\..\Run: [Gadwin PrintScreen] . (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe O4 - HKUS\S-1-5-21-1757981266-329068152-1606980848-1003\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - HKUS\S-1-5-21-1757981266-329068152-1606980848-1003\..\Run: [GoogleDriveSync] . (.Google - Google Drive.) -- C:\Program Files\Google\Drive\googledrivesync.exe O4 - HKUS\S-1-5-21-1757981266-329068152-1606980848-1003\..\Run: [GoogleChromeAutoLaunch_E1AB64F4BED446AD887BD7CAAB5C76D5] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Adobe Reader XI.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico O4 - GS\Programs: Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe O4 - GS\Programs: Audacity.lnk . (.The Audacity Team - Audacity®, the Free, Cross-Platform Sound E.) -- C:\Program Files\Audacity\audacity.exe O4 - GS\Programs: GIMP 2.lnk . (.Spencer Kimball, Peter Mattis and the GIMP - GNU Image Manipulation Program.) -- C:\Program Files\GIMP 2\bin\gimp-2.8.exe O4 - GS\Programs: Inkscape.lnk . (.inkscape.org - Inkscape.) -- C:\Program Files\Inkscape\inkscape.exe O4 - GS\Programs: MSN.lnk . (.Microsoft Corporation - Win32 Cabinet Self-Extractor.) -- C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe O4 - GS\Programs: VideoPad - Logiciel de montage vidéo.lnk . (.NCH Software - VideoPad - Logiciel de montage vidéo.) -- C:\Program Files\NCH Software\VideoPad\videopad.exe O4 - GS\Programs: WinDirStat.lnk . (.Seifert - Windows Directory Statistics.) -- C:\Program Files\windirstat\windirstat.exe O4 - GS\Programs: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe O4 - GS\Programs: FireArc Arcade.lnk . (...) -- C:\Documents and Settings\Géraud\Application Data\Microsoft\Installer\{617E8819-16F5-4216-9455-E06EA5743F81}\icon.ico O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) ~ Winsock: 5 Legitimates Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1356913275437 ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{1262D5B4-0C69-40D7-974C-41EAB76C3011}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{1262D5B4-0C69-40D7-974C-41EAB76C3011}: DhcpNameServer = 192.168.1.1 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) ~ SSODL: 5 Legitimates Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Netropa NHK Server (Nhksrv) . (...) - C:\WINDOWS\Nhksrv.exe O23 - Service: Intel(R) PROSet/Wireless Registry Servic (RegSrvc) . (.Intel Corporation - Intel(R) PROSet/Wireless Registry Service.) - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) . (.Intel(R) Corporation - WLANKEEPER.) - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe ~ Services: 15 Legitimates Scanned in 00mn 10s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Géraud\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Géraud\Local Settings\Application Data\Microsoft\Wallpaper1.bmp ~ Desktop Component: 1 Legitimates Scanned in 00mn 00s ---\\ BootExecute (O34) ~ BEX: 1 Legitimates Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\videopadShakeIcon.job [282] [MD5.0BC5E597995EF53F6EE777D5B254208D] [APT] [videopadShakeIcon] (.NCH Software.) -- C:\Program Files\NCH Software\VideoPad\videopad.exe [3419140] ~ Scheduled Task: 15 Legitimates Scanned in 00mn 00s ---\\ Composants installés (ActiveSetup Installed Components) (O40) ~ Active Setup: 21 Legitimates Scanned in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) ~ Drivers: 66 Legitimates Scanned in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Algodoo v2.0.1 - (.Algoryx.) [HKLM] -- Algodoo_is1 O42 - Logiciel: Automap 4.6 - (.Focusrite Audio Engineering Ltd..) [HKLM] -- Automap Universal_is1 O42 - Logiciel: BootSkin - (...) [HKLM] -- BootSkin O42 - Logiciel: ChrisPC Free Anonymous Proxy 3.50 - (.Chris P.C. srl.) [HKLM] -- {6006089C-84B5-4F18-8113-D96792AED0DE}_is1 O42 - Logiciel: ClipConverter - (.Lunaweb.) [HKLM] -- {86134348-6422-4486-AB6A-0E01DBA39DE6} O42 - Logiciel: Defcon v1.6 - (.Introversion Software Ltd.) [HKLM] -- Defcon_is1 O42 - Logiciel: FireArc Arcade - (.FireArc.com.) [HKLM] -- {617E8819-16F5-4216-9455-E06EA5743F81} O42 - Logiciel: Freenet - (...) [HKCU] -- Freenet O42 - Logiciel: FunnyGames - Happy Wheels - (.FunnyGames.) [HKCU] -- FunnyGames - happy_wheels O42 - Logiciel: Gymnast v1.0 - (.Walaber.) [HKLM] -- Gymnast_is1 O42 - Logiciel: Mario Sokoban 1.0 - (.Le Site du Zér0.) [HKLM] -- Mario Sokoban_is1 O42 - Logiciel: Max 5.1.8 - (.Cycling '74.) [HKLM] -- {261FDE14-0B8C-4B7A-8E37-A6F70FE5CEEA} O42 - Logiciel: Novation USB Audio Driver 2.3 - (.Novation DMS Ltd..) [HKLM] -- Novation USB Audio Driver_is1 O42 - Logiciel: SPlayer - (...) [HKLM] -- SPlayer O42 - Logiciel: TouchCopy 12 - (.Wide Angle Software.) [HKLM] -- {391A94D9-20EC-44FF-9E20-3F3166FF68E4} O42 - Logiciel: Unique Demo - (.Sugar Bytes.) [HKLM] -- Unique Demo O42 - Logiciel: Uplink (remove only) - (...) [HKLM] -- Uplink O42 - Logiciel: Viper 3.0.04 - (.Kerigwa.) [HKLM] -- Viper O42 - Logiciel: Wise JetSearch 1.24 - (.WiseCleaner.com, Inc..) [HKLM] -- Wise JetSearch_is1 O42 - Logiciel: XILS 3 - (.XILS-lab.) [HKLM] -- XILS 3 DEMO_is1 O42 - Logiciel: YAMAHA Musicsoft Downloader 5 - (...) [HKLM] -- {6D3C6846-CDB6-418F-8FDB-DA21FE064F86} O42 - Logiciel: Yamaha USB-MIDI Driver - (.Nom de votre société.) [HKLM] -- {271A659B-A7D3-405E-AE31-3086133BE0B7} O42 - Logiciel: You Have to Win the Game - (...) [HKLM] -- TheGame O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKLM] -- uTorrent ~ Logic: 180 Legitimates Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Algodoo] [HKCU\Software\Artichoke] [HKCU\Software\BitTorrent] [HKCU\Software\Bossa Studios] [HKCU\Software\Data Realms] [HKCU\Software\FileWall] [HKCU\Software\FunnyGames] [HKCU\Software\GoforFiles] [HKCU\Software\Lunaweb] [HKCU\Software\Netropa] [HKCU\Software\Novation] [HKCU\Software\RightMark] [HKCU\Software\SPlayer] [HKCU\Software\allen] [HKLM\Software\Cycling '74] [HKLM\Software\GoforFiles] [HKLM\Software\Lenovo] [HKLM\Software\Novation] [HKLM\Software\TheGame"] [HKLM\Software\Toribash] [HKLM\Software\XILS-lab] [HKLM\Software\YAMAHA] ~ Key Software: 270 Legitimates Scanned in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 10/02/2013 - 19:16:43 - [88,145] ----D C:\Program Files\Algodoo O43 - CFD: 09/02/2013 - 01:44:49 - [11,500] ----D C:\Program Files\ChrisPC Free Anonymous Proxy O43 - CFD: 19/01/2013 - 16:15:22 - [2,332] ----D C:\Program Files\CPU Rightmark Clock Utility O43 - CFD: 10/03/2013 - 16:54:51 - [268,055] ----D C:\Program Files\Cycling '74 O43 - CFD: 30/03/2013 - 23:07:52 - [95,395] ----D C:\Program Files\Data Realms O43 - CFD: 17/03/2013 - 20:27:44 - [59,373] ----D C:\Program Files\Defcon O43 - CFD: 16/03/2013 - 19:06:15 - [25,526] ----D C:\Program Files\Dwarf Fortress O43 - CFD: 26/02/2013 - 20:17:24 - [2,194] ----D C:\Program Files\EX096 O43 - CFD: 07/04/2013 - 16:21:20 - [156,429] ----D C:\Program Files\Faster Than Light O43 - CFD: 03/04/2013 - 18:33:44 - [0,935] ----D C:\Program Files\FileWall O43 - CFD: 17/02/2013 - 23:34:52 - [37,821] ----D C:\Program Files\FireArc Arcade O43 - CFD: 03/04/2013 - 18:33:07 - [586,834] ----D C:\Program Files\Free Net O43 - CFD: 28/03/2013 - 22:30:09 - [4,612] ----D C:\Program Files\FunnyGames O43 - CFD: 30/03/2013 - 23:13:40 - [51,463] ----D C:\Program Files\Garage Games O43 - CFD: 30/03/2013 - 20:26:43 - [30,036] ----D C:\Program Files\Gymnast O43 - CFD: 14/04/2013 - 11:27:53 - [93,241] ----D C:\Program Files\Hacker Evolution O43 - CFD: 13/04/2013 - 22:18:38 - [0] ----D C:\Program Files\Hacker Evolution Untold O43 - CFD: 28/02/2013 - 15:59:46 - [177,981] ----D C:\Program Files\Ib O43 - CFD: 03/04/2013 - 18:51:49 - [2,390] ----D C:\Program Files\Kerigwa O43 - CFD: 21/01/2013 - 14:55:48 - [55,064] ----D C:\Program Files\Mad Father O43 - CFD: 29/03/2013 - 03:26:55 - [1,771] ----D C:\Program Files\Mario Sokoban O43 - CFD: 31/03/2013 - 03:03:41 - [5,739] ----D C:\Program Files\Noctis O43 - CFD: 02/01/2013 - 15:50:37 - [505,006] ----D C:\Program Files\Novation O43 - CFD: 21/03/2013 - 19:47:59 - [81,793] ----D C:\Program Files\Prison Architect (Alpha 5) O43 - CFD: 21/03/2013 - 23:37:06 - [89,111] ----D C:\Program Files\Prison Architect (Alpha 7) O43 - CFD: 07/04/2013 - 19:08:50 - [0,029] ----D C:\Program Files\REAPER O43 - CFD: 10/04/2013 - 16:32:12 - [3,562] ----D C:\Program Files\SDL O43 - CFD: 31/03/2013 - 18:45:06 - [19,862] ----D C:\Program Files\Slender2D O43 - CFD: 30/03/2013 - 20:09:10 - [22,194] ----D C:\Program Files\Spewer O43 - CFD: 13/04/2013 - 22:20:02 - [20,396] ----D C:\Program Files\SPlayer O43 - CFD: 24/03/2013 - 18:47:38 - [4,676] ----D C:\Program Files\Sumotori Dreams O43 - CFD: 29/01/2013 - 21:50:09 - [73,201] ----D C:\Program Files\Surgeon Simulator 2013 O43 - CFD: 31/03/2013 - 03:14:21 - [2,181] ----D C:\Program Files\TestPilot O43 - CFD: 12/04/2013 - 00:12:10 - [62,290] ----D C:\Program Files\Uplink O43 - CFD: 11/04/2013 - 00:09:18 - [18,201] ----D C:\Program Files\uplink backup O43 - CFD: 13/01/2013 - 15:26:27 - [0,924] ----D C:\Program Files\uTorrent O43 - CFD: 07/02/2013 - 14:44:16 - [8,132] ----D C:\Program Files\VSTHost O43 - CFD: 26/01/2013 - 18:03:37 - [69,672] ----D C:\Program Files\WorldOfGoo O43 - CFD: 29/01/2013 - 18:27:29 - [6,599] ----D C:\Program Files\YAMAHA O43 - CFD: 20/03/2013 - 17:01:50 - [4,188] ----D C:\Program Files\You Have to Win the Game O43 - CFD: 31/03/2013 - 02:52:59 - [0,055] ----D C:\Documents and Settings\Géraud\Application Data\Broken Rules O43 - CFD: 10/03/2013 - 17:50:09 - [0,003] ----D C:\Documents and Settings\Géraud\Application Data\Cycling '74 O43 - CFD: 28/03/2013 - 22:30:09 - [0,024] ----D C:\Documents and Settings\Géraud\Application Data\FunnyGames O43 - CFD: 03/04/2013 - 18:31:19 - [0,017] ----D C:\Documents and Settings\Géraud\Application Data\hideip_firefox_plugin O43 - CFD: 26/02/2013 - 22:47:59 - [70,448] ----D C:\Documents and Settings\Géraud\Application Data\Lunaweb O43 - CFD: 07/04/2013 - 19:07:04 - [14,343] ----D C:\Documents and Settings\Géraud\Application Data\REAPER O43 - CFD: 13/04/2013 - 22:20:02 - [0,011] ----D C:\Documents and Settings\Géraud\Application Data\SPlayer O43 - CFD: 26/01/2013 - 15:40:39 - [0] ----D C:\Documents and Settings\Géraud\Application Data\Toribash O43 - CFD: 14/04/2013 - 11:38:34 - [2,970] ----D C:\Documents and Settings\Géraud\Application Data\uTorrent O43 - CFD: 02/01/2013 - 16:14:06 - [0,001] ----D C:\Documents and Settings\Géraud\Local Settings\Application Data\Focusrite_Audio_Engineeri O43 - CFD: 19/03/2013 - 02:21:07 - [19,480] ----D C:\Documents and Settings\Géraud\Local Settings\Application Data\Introversion O43 - CFD: 02/01/2013 - 16:11:26 - [0,000] ----D C:\Documents and Settings\Géraud\Local Settings\Application Data\Novation O43 - CFD: 26/02/2013 - 22:47:38 - [0,001] ----D C:\Documents and Settings\Géraud\Menu Démarrer\Programmes\ClipConverter O43 - CFD: 30/03/2013 - 23:09:24 - [0,002] ----D C:\Documents and Settings\Géraud\Menu Démarrer\Programmes\Cortex Command O43 - CFD: 28/03/2013 - 22:30:09 - [0,003] ----D C:\Documents and Settings\Géraud\Menu Démarrer\Programmes\FunnyGames O43 - CFD: 22/03/2013 - 01:29:41 - [0,004] ----D C:\Documents and Settings\Géraud\Menu Démarrer\Programmes\Uplink O43 - CFD: 03/04/2013 - 18:51:50 - [0,002] ----D C:\Documents and Settings\Géraud\Menu Démarrer\Programmes\Viper O43 - CFD: 29/03/2013 - 00:17:49 - [0,035] ----D C:\Documents and Settings\Géraud\Menu Démarrer\Programmes\WinCustomize O43 - CFD: 20/03/2013 - 17:01:51 - [0,003] ----D C:\Documents and Settings\Géraud\Menu Démarrer\Programmes\You Have to Win the Game ~ Program Folder: 247 Legitimates Scanned in 00mn 10s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.EE9053E94DA66F1E02B73BB5E4D0FDD2] - 14/04/2013 - 10:25:29 ---A- . (...) -- C:\WINDOWS\system32\nvModes.001 [67110] O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 13/04/2013 - 16:12:36 ---A- . (...) -- C:\WINDOWS\system.ini [227] O44 - LFC:[MD5.F5C397BEFBE878EBBAA17055D06359C7] - 13/04/2013 - 16:12:36 ---A- . (...) -- C:\WINDOWS\win.ini [507] O44 - LFC:[MD5.B02570293375AA95365D75732A8E2C95] - 12/04/2013 - 17:45:57 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [30914] O44 - LFC:[MD5.FDE700EA64FA7A9E699D1B7D080D11A7] - 12/04/2013 - 17:45:57 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [2125] O44 - LFC:[MD5.BF8D5F83B2AF0309BEADD8C02E8CF433] - 12/04/2013 - 17:45:57 ---A- . (...) -- C:\WINDOWS\comsetup.log [10282] O44 - LFC:[MD5.82CCEE539EFF0BBC97932B9D0287EA58] - 12/04/2013 - 17:45:57 ---A- . (...) -- C:\WINDOWS\iis6.log [33549] O44 - LFC:[MD5.E975C66CE1DDD4BADE931D3F2C5FE737] - 12/04/2013 - 17:45:57 ---A- . (...) -- C:\WINDOWS\imsins.log [1374] O44 - LFC:[MD5.0EC3AB5F636CCDDECC22E2686CA3B4C1] - 12/04/2013 - 17:45:57 ---A- . (...) -- C:\WINDOWS\msgsocm.log [1545] O44 - LFC:[MD5.EE354BB7E011917BBABCF5F53AD6CEEC] - 12/04/2013 - 17:45:57 ---A- . (...) -- C:\WINDOWS\netfxocm.log [5415] O44 - LFC:[MD5.A3E61E78E4191CF77A9CCD93BA6474DE] - 12/04/2013 - 17:45:57 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [6217] O44 - LFC:[MD5.1D15BE62BC1EEF5266D0184224E1E7EB] - 12/04/2013 - 17:45:57 ---A- . (...) -- C:\WINDOWS\ocgen.log [14780] O44 - LFC:[MD5.2B321CD9E9DBCD6E76A5A0756C4A8A30] - 12/04/2013 - 17:45:57 ---A- . (...) -- C:\WINDOWS\ocmsn.log [1710] O44 - LFC:[MD5.1969E4A55C53CFC6BB3AD3B241D2091B] - 12/04/2013 - 17:45:57 ---A- . (...) -- C:\WINDOWS\tabletoc.log [1555] O44 - LFC:[MD5.AEF8E0B36067981B273C057BBAA2AA85] - 12/04/2013 - 17:45:57 ---A- . (...) -- C:\WINDOWS\tsoc.log [14108] O44 - LFC:[MD5.3FAFE30155667F931EB6E52F40B4CFF5] - 12/04/2013 - 17:45:56 ---A- . (...) -- C:\WINDOWS\msmqinst.log [9586] O44 - LFC:[MD5.F1C24D6857046DB8BECFC37384FE358D] - 12/04/2013 - 17:45:44 ---A- . (...) -- C:\WINDOWS\updspapi.log [3651] O44 - LFC:[MD5.E0C10E92BC558CF8D55519ED91D2C5A0] - 12/04/2013 - 17:45:06 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374] O44 - LFC:[MD5.EE9053E94DA66F1E02B73BB5E4D0FDD2] - 11/04/2013 - 23:47:32 ---A- . (...) -- C:\WINDOWS\system32\nvModes.dat [67110] O44 - LFC:[MD5.C358E930AEEFECDCF9CA0496D2A29D58] - 07/04/2013 - 22:45:49 ---A- . (...) -- C:\WINDOWS\wiadebug.log [411] O44 - LFC:[MD5.8FE95BC008DB041A5EE896379B621F39] - 07/04/2013 - 22:42:29 ---A- . (...) -- C:\WINDOWS\system32\Drivers\vidstub.sys [163712] O44 - LFC:[MD5.D4233FEF1C96033912AD54DA285C6DC8] - 07/04/2013 - 21:15:48 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 07/04/2013 - 16:36:49 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0] O44 - LFC:[MD5.87DFD728C430F7833ECD52863CCC9596] - 07/04/2013 - 01:15:20 ---A- . (...) -- C:\WINDOWS\unins000.dat [69333] O44 - LFC:[MD5.BE3CF4CE7959756AA5D65B04768559C0] - 07/04/2013 - 01:14:49 ---A- . (.Pas de propriétaire - Setup/Uninstall.) -- C:\WINDOWS\unins000.exe [714939] O44 - LFC:[MD5.4965107D112666D3835308A831A29274] - 03/04/2013 - 17:48:26 ---A- . (.Pas de propriétaire - zlib data compression library.) -- C:\WINDOWS\system32\zlib.dll [53248] O44 - LFC:[MD5.55BA61592748E42A0795AB87E08FF1B0] - 03/04/2013 - 17:33:42 ---A- . (.HummerStudio - FileWall Driver for x86.) -- C:\WINDOWS\system32\Drivers\FileWall.sys [177544] O44 - LFC:[MD5.9E36A07658685B0F18A35394F58A0CBA] - 01/04/2013 - 14:19:06 ---A- . (.http://libusb-win32.sourceforge.net - LibUsb-Win32 - Generic USB Library.) -- C:\WINDOWS\system32\libusbd-9x.exe [19456] O44 - LFC:[MD5.8B4B572753419FE601220526205F9455] - 01/04/2013 - 14:19:06 ---A- . (.http://libusb-win32.sourceforge.net - LibUsb-Win32 - Generic USB Library.) -- C:\WINDOWS\system32\libusbd-nt.exe [18944] O44 - LFC:[MD5.0950D588F816CE8079928FB9DA4FB9E2] - 01/04/2013 - 14:16:48 ---A- . (.Logicool Co. Ltd. - Logicool Force Feedback Driver.) -- C:\WINDOWS\system32\MijFrc.dll [255496] O44 - LFC:[MD5.7229688F8B55E80D340F3897942FD5A0] - 31/03/2013 - 01:52:46 ---A- . (...) -- C:\WINDOWS\d3dx.dat [4096] O44 - LFC:[MD5.814DED6A705FEFBCDD8A50E7B449463F] - 28/03/2013 - 22:59:01 ---A- . (.RealVNC Ltd. - VNC Mirror Driver.) -- C:\WINDOWS\system32\vncmirror.dll [20992] O44 - LFC:[MD5.3B8F222B23917C041E4DA29CCC57E7D0] - 28/03/2013 - 22:59:01 ---A- . (.RealVNC Ltd. - VNC Mirror Miniport.) -- C:\WINDOWS\system32\Drivers\vncmirror.sys [4608] O44 - LFC:[MD5.5319BF20F48884E594F84097A600424B] - 09/07/2004 - 04:26:40 ---A- . (...) -- C:\WINDOWS\system32\psisdecd.dll [354816] O44 - LFC:[MD5.E93D7D262A33D14AEF13398AB83FE08B] - 09/07/2004 - 04:26:40 ---A- . (...) -- C:\WINDOWS\system32\psisrndr.ax [30208] O44 - LFC:[MD5.DDB9B5C1CE074274D74B8A7910C97208] - 09/07/2004 - 04:26:38 ---A- . (...) -- C:\WINDOWS\system32\msdvbnp.ax [52224] ~ Files: 89 Legitimates Scanned in 00mn 04s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\Program Files\Novation\Automap\AutomapServer.exe" [Enabled] .(.Focusrite Audio Engineering Ltd..) -- C:\Program Files\Novation\Automap\AutomapServer.exe O47 - AAKE:Key Export SP - "C:\Program Files\uTorrent\uTorrent.exe" [Enabled] .(.BitTorrent, Inc..) -- C:\Program Files\uTorrent\uTorrent.exe O47 - AAKE:Key Export SP - "C:\Program Files\Terraria\TerrariaServer.exe" [Enabled] .(.Re-Logic.) -- C:\Program Files\Terraria\TerrariaServer.exe O47 - AAKE:Key Export SP - "C:\Program Files\Defcon\defcon.exe" [Enabled] .(.Introversion Software.) -- C:\Program Files\Defcon\defcon.exe O47 - AAKE:Key Export SP - "C:\Program Files\You Have to Win the Game\TheGame.exe" [Enabled] .(.Pas de propriétaire.) -- C:\Program Files\You Have to Win the Game\TheGame.exe ~ Keys Export: 20 Legitimates Scanned in 00mn 00s ---\\ Déni du service (Local Security Authority) (O48) ~ LSA: 6 Legitimates Scanned in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) ~ CBS: 23 Legitimates Scanned in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"midi7"="xgusb.cpl" . (.Yamaha Corporation - USB-MIDI Driver Control Panel.) -- C:\WINDOWS\system32\xgusb.cpl O52 - TDSD: \drivers.desc\"xgusb.cpl"="Yamaha Corporation USB MIDI Driver" . (.Yamaha Corporation - USB-MIDI Driver Control Panel.) -- C:\WINDOWS\system32\xgusb.cpl ~ TDSD: 20 Legitimates Scanned in 00mn 00s ---\\ Microsoft Control Security Providers (O54) ~ MSCP: 6 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) ~ MWPS: 5 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1 ~ MWPE Keys: 2 Legitimates Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.91F3DF93F40A74D222CD166FE95DB633] - 28/12/2012 - 22:43:58 ---A- . (.Meetinghouse Data Communications - IEEE 802.1X Protocol Driver.) -- C:\WINDOWS\system32\Drivers\AegisP.sys [21275] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] ~ Drivers: Scanned in 00mn 00s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 30/08/2011 - C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE O64 - Services: CurCS - 07/04/2013 - Pas de propriétaire (BootScreen) .(...) - LEGACY_BOOTSCREEN O64 - Services: CurCS - 11/12/2011 - C:\WINDOWS\system32\drivers\FileWall.sys (FileWall) .(.HummerStudio - FileWall Driver for x86.) - LEGACY_FILEWALL O64 - Services: CurCS - 14/12/2012 - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (Hamachi2Svc) .(.LogMeIn Inc. - Hamachi Client Tunneling Engine.) - LEGACY_HAMACHI2SVC O64 - Services: CurCS - 29/12/2012 - Pas de propriétaire (Nhksrv) .(...) - LEGACY_NHKSRV O64 - Services: CurCS - 10/03/2010 - c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe (PSI_SVC_2) .(.Protexis Inc. - PsiService PsiService.) - LEGACY_PSI_SVC_2 O64 - Services: CurCS - 25/05/2005 - Pas de propriétaire (RTCore32) .(...) - LEGACY_RTCORE32 O64 - Services: CurCS - 17/07/2012 - C:\Program Files\Wise\Wise Care 365\BootTime.exe (WiseBootAssistant) .(.WiseCleaner.com - Wise BootTime Service.) - LEGACY_WISEBOOTASSISTANT O64 - Services: CurCS - 01/05/2006 - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (WLANKEEPER) .(.Intel(R) Corporation - WLANKEEPER.) - LEGACY_WLANKEEPER ~ Legacy: 141 Legitimates Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 17 Legitimates Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {CFEFE5CF-DF18-4978-B754-CB1BC1161070} [DefaultScope] - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche des services démarrés par Svchost (O83) ~ Services: 40 Legitimates Scanned in 00mn 00s ---\\ Scan Additionnel (O88) Database Version : v2.11523 - (13/04/2013) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 ~ Additionnel: Scanned in 00mn 29s ---\\ Product Upgrade Codes (O90) O90 - PUC: "9D49A193CE02FF44E902F31366FF864E" . (.TouchCopy 12.) -- C:\WINDOWS\Installer\{391A94D9-20EC-44FF-9E20-3F3166FF68E4}\_853F67D554F05449430E7E.exe ~ Update Products: 68 Legitimates Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 06/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SR - | Auto 01/05/2006 114753 | (EvtEng) . (.Intel Corporation.) - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe SS - | Auto 28/12/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 28/12/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Disabled 14/12/2012 1436160 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe SR - | Demand 20/02/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 10/04/2013 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe SR - | Auto ??\??\???? 0 | C:\WINDOWS\system32\libusbd-nt.exe (libusbd) . (.http://libusb-win32.sourceforge.net.) - c:\system32\libusbd-nt.exe SS - | Demand 28/10/2012 312264 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe SR - | Auto 28672 | (Nhksrv) . (...) - C:\WINDOWS\Nhksrv.exe SR - | Auto 17/11/2007 155716 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe SR - | Auto 01/05/2006 217164 | (RegSrvc) . (.Intel Corporation.) - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe SR - | Auto 01/05/2006 540745 | (S24EventMonitor) . (.Intel Corporation.) - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe SS - | Auto 08/01/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 14/12/2012 3467768 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe SS - | Auto 17/07/2012 580648 | (WiseBootAssistant) . (.WiseCleaner.com.) - C:\Program Files\Wise\Wise Care 365\BootTime.exe SR - | Auto 01/05/2006 262217 | (WLANKEEPER) . (.Intel(R) Corporation.) - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe ~ Services: Scanned in 00mn 00s ~ 1105 Legitimates filtered by white list End of the scan (664 lines in 01mn 24s)(0)