Rapport de ZHPDiag v2013.6.6.10 par Nicolas Coolman, Update du 06/06/2013 Run by utilisateur at 07/06/2013 16:08:54 WebSite: http://nicolascoolman.webs.com State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v10.0.9200.16576 OBIE: Safari v5.34.57.2 ---\\ Windows Product Information ~ Langage: Français Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 3Q6C9 Windows License : OK ~ Windows Remaining Initializations Number : 2 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection avast! Free Antivirus v6.0.1367.0 Windows Defender W7 ---\\ System Optimizer ---\\ Peer To Peer (P2P) ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 21 ---\\ System Information ~ Processor: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4029 MB (63% free) System Restore: Activé (Enable) System drive C: has 23 GB (5%) free of 443 GB ---\\ Logged in mode ~ Computer Name: JM-PORTABLE ~ User Name: utilisateur ~ All Users Names: utilisateur, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\utilisateur\AppData\Roaming\ ~ %Desktop% : C:\Users\utilisateur\Desktop\ ~ %Favorites% : C:\Users\utilisateur\Favorites\ ~ %LocalAppData% : C:\Users\utilisateur\AppData\Local\ ~ %StartMenu% : C:\Users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 23 Go of 443 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 3 Go of 22 Go) E:\ CD-ROM drive (Not Inserted) F:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 32 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.27A9000C534AA9BADC9EE74940F50C6D] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.05/04/2013 - 07:52:14.) -- C:\Windows\System32\wininet.dll [2242048] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/8324 ~ Mes musiques (My Musics) : 10/4719 ~ Mes Videos (My Videos) : 2/209 ~ Mes Favoris (My Favorites) : 1/66 ~ Mes Documents (My Documents) : 2/4614 ~ Mon Bureau (My Desktop) : 3/191 ~ Menu demarrer (Programs) : 1/43 ~ Hidden Files: Scanned in 00mn 12s ---\\ Processus lancés [MD5.8FA2C363521F1181C32C767F26F0B47E] - (.DigitalPersona, Inc. - DigitalPersona Local Agent.) -- C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe [625416] [PID.3208] [MD5.D5543E09953C8A8B12801A3A7AFEE155] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.280] [MD5.F7226AA410954185160067D5FA82F3F2] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3744552] [PID.4164] [MD5.B7F55E2AE978D3D34F7876EE5D689AAE] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe [136488] [PID.4324] [MD5.A9F9D081518AC03A51C1195986076F42] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.4544] [MD5.4B54D0C57B9E2E13FD416502CEA11CB8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7463936] [PID.4072] [MD5.996E6D052438E8D8DFD501F31560B2E0] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44768] [PID.1608] [MD5.B33CF4DE909A5B30F526D82053A63C8E] - (.ABBYY - ABBYY network license server.) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048] [PID.2212] [MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152] [PID.2268] [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.2288] [MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.2472] [MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.2600] [MD5.5AA89E152634954E15E9DB265C6A8557] - (.Pas de propriétaire - HPWMISVC Application.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192] [PID.2636] [MD5.6D515466AB8BFE61184092B635AE6EB4] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.4756] [MD5.0955C23C041451FB4E7099D6B2CF1C06] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [988216] [PID.3540] [MD5.0FADD949576A164B4E51E716F46B6C33] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2533400] [PID.5240] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\utilisateur\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [gbmdkmlcnbapgegninelmjbfibaghdmk] OfferMosquito v.0.4 (Activé) =>Toolbar.OfferMosquito ~ Google Browser: 6 Legitimates Filtered in 00mn 07s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\utilisateur\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js (.not file.) ~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: MegaIEMn [64Bits] - {bf00e119-21a3-4fd1-b178-3b8537e75c92} . (.Megaupload Limited - Mega Manager IE Click Catcher.) -- C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll ~ BHO: 8 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline O3 - Toolbar: (no name) [64Bits] - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] . (.Primax Electronics Ltd. - Mouse Suite 98 Daemon.) -- C:\Windows\System32\ICO.exe O4 - HKCU\..\Run: [SSync] . (.Pas de propriétaire - Lua Launcher.) -- C:\Users\utilisateur\AppData\Roaming\SSync\SSync.exe O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [SCheck] . (.Pas de propriétaire - Lua Launcher.) -- C:\Users\utilisateur\AppData\Roaming\SCheck\SCheck.exe O4 - HKCU\..\Run: [Intermediate] . (.Pas de propriétaire - Lua Launcher.) -- C:\Users\utilisateur\AppData\Roaming\Intermediate\Intermediate.exe O4 - HKLM\..\Wow6432Node\Run: [Microsoft Default Manager] . (.Microsoft Corporation - Microsoft Default Manager.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-2460773274-2682451207-3601578017-1003\..\Run: [SSync] . (.Pas de propriétaire - Lua Launcher.) -- C:\Users\utilisateur\AppData\Roaming\SSync\SSync.exe O4 - HKUS\S-1-5-21-2460773274-2682451207-3601578017-1003\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKUS\S-1-5-21-2460773274-2682451207-3601578017-1003\..\Run: [SCheck] . (.Pas de propriétaire - Lua Launcher.) -- C:\Users\utilisateur\AppData\Roaming\SCheck\SCheck.exe O4 - HKUS\S-1-5-21-2460773274-2682451207-3601578017-1003\..\Run: [Intermediate] . (.Pas de propriétaire - Lua Launcher.) -- C:\Users\utilisateur\AppData\Roaming\Intermediate\Intermediate.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\TaskBar: Adobe Reader X.lnk . (...) -- C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AA1000000001}\SC_Reader.ico O4 - GS\TaskBar: Diablo III - Raccourci.lnk . (.Blizzard Entertainment - Diablo III Retail.) -- C:\Program Files (x86)\Diablo III\Diablo III.exe O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\utilisateur\AppData\Local\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar: Guild Wars 2.lnk . (.ArenaNet - Guild Wars 2 Game Client.) -- C:\Program Files (x86)\Guild Wars 2\Gw2.exe O4 - GS\TaskBar: HP MediaSmart.lnk . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (.not file.) O4 - GS\TaskBar: HPAdvisor.lnk . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe O4 - GS\TaskBar: Microsoft Office Excel 2007.lnk . (...) -- C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe O4 - GS\TaskBar: Microsoft Office PowerPoint 2007.lnk . (...) -- C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe O4 - GS\TaskBar: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe O4 - GS\TaskBar: Neverwinter.lnk . (...) -- C:\Users\Public\Games\Cryptic Studios\Neverwinter.exe O4 - GS\TaskBar: PhotoFiltre.lnk . (.Antonio Da Cruz - PhotoFiltre.) -- C:\Program Files (x86)\PhotoFiltre\PhotoFiltre.exe O4 - GS\TaskBar: StarCraft II.lnk . (.Blizzard Entertainment - StarCraft II Setup.) -- C:\Program Files (x86)\StarCraft II\StarCraft II.exe O4 - GS\TaskBar: VLC media player.lnk . (.VideoLAN - VLC media player 2.0.6.) -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Apple Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe O4 - GS\QuickLaunch: e-Carte Bleue Caisse d'Epargne.lnk . (.Orbiscom Ltd. All rights reserved. - ECBL Client.) -- C:\Program Files (x86)\e-Carte Bleue Caisse d'Epargne\ecbl-cnce.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Mozilla Thunderbird.lnk . (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe O4 - GS\QuickLaunch: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Program Files (x86)\Google\Picasa3\Picasa3.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - GS\SendTo: Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe O4 - GS\Desktop: e-Carte Bleue Caisse d'Epargne.lnk . (.Orbiscom Ltd. All rights reserved. - ECBL Client.) -- C:\Program Files (x86)\e-Carte Bleue Caisse d'Epargne\ecbl-cnce.exe O4 - GS\Desktop: Mes Documents.lnk . (...) -- C:\Users\utilisateur\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms O4 - GS\Desktop: Mes images - Raccourci.lnk . (...) -- C:\Users\utilisateur\Pictures O4 - GS\Desktop: My Bluetooth.lnk . (.Motorola, Inc. - Bluetooth Shell Extension.) -- C:\Program Files\Motorola\Bluetooth\btmshell.dll O4 - GS\Desktop: Neverwinter.lnk . (...) -- C:\Users\Public\Games\Cryptic Studios\Neverwinter.exe O4 - GS\Desktop: QuickTime Player.lnk . (...) -- C:\Windows\Installer\{B67BAFBA-4C9F-48FA-9496-933E3B255044}\QTPlayer.ico O4 - GS\Desktop: reglementation Arbitrage FFE - Raccourci.lnk . (...) -- C:\Users\utilisateur\Documents\E S C R I M E\FEDERATION - ARBITRAGE\reglementation Arbitrage FFE.pdf O4 - GS\Desktop: REGLEMENT_SPORTIF_2012_2013_version_finalise_ - Raccourci.lnk . (...) -- C:\Users\utilisateur\Documents\E S C R I M E\L I G U E\Commission Epee\REGLEMENT_SPORTIF_2012_2013_version_finalise_.pdf O4 - GS\Desktop: Teamspeak 2 RC2.lnk . (.Dominating Bytes Design - The TeamSpeak 2 client.) -- C:\Program Files (x86)\Teamspeak2_RC2\TeamSpeak.exe O4 - GS\Desktop: TeamSpeak 3 Client.lnk . (...) -- C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win64.exe (.not file.) ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 [64Bits] - {bd707fe6-39f6-4bda-9265-86a76719bdc5} . (...) -- C:\Program Files\Motorola\Bluetooth\bluetooth.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{5DD83FDB-AAC5-4AD2-AF8D-6FF40DDFD737}: DhcpNameServer = 62.201.129.203 62.201.129.201 O17 - HKLM\System\CCS\Services\Tcpip\..\{7EB87C6F-54AB-4B3E-A51B-85788D06FCE1}: DhcpNameServer = 62.201.129.203 62.201.129.201 O17 - HKLM\System\CCS\Services\Tcpip\..\{8E6DB120-8902-4D42-B34B-B1B463B5A263}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{5DD83FDB-AAC5-4AD2-AF8D-6FF40DDFD737}: DhcpNameServer = 62.201.142.101 O17 - HKLM\System\CS1\Services\Tcpip\..\{8E6DB120-8902-4D42-B34B-B1B463B5A263}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{5DD83FDB-AAC5-4AD2-AF8D-6FF40DDFD737}: DhcpNameServer = 62.201.129.203 62.201.129.201 O17 - HKLM\System\CS2\Services\Tcpip\..\{7EB87C6F-54AB-4B3E-A51B-85788D06FCE1}: DhcpNameServer = 62.201.129.203 62.201.129.201 O17 - HKLM\System\CS2\Services\Tcpip\..\{8E6DB120-8902-4D42-B34B-B1B463B5A263}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{5DD83FDB-AAC5-4AD2-AF8D-6FF40DDFD737}: DhcpNameServer = 62.201.129.203 62.201.129.201 O17 - HKLM\System\CS3\Services\Tcpip\..\{7EB87C6F-54AB-4B3E-A51B-85788D06FCE1}: DhcpNameServer = 62.201.129.203 62.201.129.201 O17 - HKLM\System\CS3\Services\Tcpip\..\{8E6DB120-8902-4D42-B34B-B1B463B5A263}: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: HP Wireless Assistant Service (HP Wireless Assistant Service) . (.Hewlett-Packard Company - HPPA_Service.) - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe O23 - Service: Validity VCS Fingerprint Service (vcsFPService) . (.Validity Sensors, Inc. - Validity Sensors Fingerprint Service.) - C:\Windows\system32\vcsFPService.exe ~ Services: 19 Legitimates Filtered in 00mn 11s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [{4494727C-5EEF-45D2-A315-0FCD22A5E5C4}] (...) -- C:\Program Files (x86)\EasyBits For Kids\ezSecShield.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{B59AA4E5-64BE-49C5-A17A-2C01A221684A}] (...) -- C:\Program Files (x86)\EasyBits For Kids\ezSecShield.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{C895C42C-D683-410C-AC42-E67DA3CCB6CD}] (...) -- C:\Program Files (x86)\EasyBits For Kids\ezSecShield.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{FA888133-72CF-486E-BBF2-F3956A80F379}] (...) -- C:\Program Files (x86)\EasyBits For Kids\ezSecShield.exe (.not file.) [0] ~ Scheduled Task: 28 Legitimates Filtered in 00mn 07s ---\\ Logiciels installés (O42) O42 - Logiciel: Popims Animator - (...) [HKLM][64Bits] -- Popims Animator O42 - Logiciel: Wow Cartographe 1.20 - (...) [HKLM][64Bits] -- Wow Cartographe ~ Logic: 185 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\EngardePr] [HKCU\Software\Gems] [HKCU\Software\Kinovea] [HKCU\Software\OfferMosquito] =>Toolbar.OfferMosquito [HKCU\Software\Protector] [HKCU\Software\UPM] [HKLM\Software\Wow6432Node\Home] [HKLM\Software\Wow6432Node\Hybrid Synthesizers] ~ Key Software: 258 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 24/04/2011 - 19:56:13 - [19,470] ----D C:\Program Files (x86)\Kinovea O43 - CFD: 01/07/2012 - 13:22:15 - [5,955] ----D C:\Program Files (x86)\Popims O43 - CFD: 13/04/2011 - 00:01:26 - [7,799] ----D C:\Program Files (x86)\WowCartographe O43 - CFD: 21/07/2010 - 17:44:33 - [33,718] ----D C:\ProgramData\{8D274659-3D84-4410-A197-C170D180BC76} O43 - CFD: 23/08/2011 - 16:59:46 - [45,266] ----D C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837} O43 - CFD: 18/04/2011 - 20:12:22 - [0,000] ----D C:\Users\utilisateur\AppData\Roaming\BellePoule O43 - CFD: 07/06/2013 - 15:13:27 - [0] ----D C:\Users\utilisateur\AppData\Roaming\FBDownloader O43 - CFD: 11/05/2013 - 23:24:51 - [0,000] ----D C:\Users\utilisateur\AppData\Roaming\IE Addon O43 - CFD: 24/04/2011 - 19:56:20 - [0,002] ----D C:\Users\utilisateur\AppData\Roaming\Kinovea O43 - CFD: 23/05/2012 - 02:04:22 - [0,670] ----D C:\Users\utilisateur\AppData\Roaming\StreamTorrent O43 - CFD: 24/04/2011 - 19:56:39 - [0,002] ----D C:\Users\utilisateur\AppData\Local\Kinovea O43 - CFD: 01/07/2012 - 13:22:21 - [0] ----D C:\Users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popims Animator O43 - CFD: 12/04/2011 - 23:57:24 - [0] ----D C:\Users\utilisateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wow Cartographe ~ Program Folder: 250 Legitimates Filtered in 00mn 22s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.4F1D284FEFA801AB204A922BD1F98555] - 07/06/2013 - 14:10:28 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [357] ~ Files: 19 Legitimates Filtered in 00mn 17s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.6B5671A604F7BB7D893863C6D2EF2575] - 07/06/2013 - 12:02:56 ---A- - C:\Windows\Prefetch\CATCHME.EXE-D42DE047.pf O45 - LFCP:[MD5.F4623053D09BBE1E2A9C562566EF42F1] - 07/06/2013 - 12:19:05 ---A- - C:\Windows\Prefetch\EREPORTER.EXE-044CC358.pf O45 - LFCP:[MD5.95165039F439FE3416257926B4FDE3DE] - 07/06/2013 - 12:19:05 ---A- - C:\Windows\Prefetch\ICLOUD.EXE-E736F098.pf O45 - LFCP:[MD5.C2B584BB4782A1876266838AFAEB9CA3] - 07/06/2013 - 12:30:14 ---A- - C:\Windows\Prefetch\SETUPADMIN.EXE-C275AF10.pf O45 - LFCP:[MD5.A7FB78759A30B49D3AE8923EF9F86891] - 07/06/2013 - 12:36:31 ---A- - C:\Windows\Prefetch\SETUPADMIN.EXE-88A58D72.pf O45 - LFCP:[MD5.8BB9E2B52F2EA14D8FF023F21E0AF8B3] - 07/06/2013 - 12:36:59 ---A- - C:\Windows\Prefetch\MEGAMANAGER.EXE-31ABC97A.pf O45 - LFCP:[MD5.34E24AD7D709811BF193370D82EF84A1] - 07/06/2013 - 12:38:36 ---A- - C:\Windows\Prefetch\DIFXINST64.EXE-7636E2E8.pf O45 - LFCP:[MD5.15928750CA6F4AAE353980518073E716] - 07/06/2013 - 12:42:36 ---A- - C:\Windows\Prefetch\ICO.EXE-2EB5A5F7.pf O45 - LFCP:[MD5.3B82768F6C86ADC4640ED80102CACE1E] - 07/06/2013 - 13:30:47 ---A- - C:\Windows\Prefetch\ECBL-CNCE.EXE-13BF457C.pf O45 - LFCP:[MD5.1D147CB9E4C146502FECF950BBBC903A] - 07/06/2013 - 14:12:36 ---A- - C:\Windows\Prefetch\PELMICED.EXE-CFE00207.pf O45 - LFCP:[MD5.4F57F5938A26951FE81B2E51F4494BBE] - 07/06/2013 - 14:13:28 ---A- - C:\Windows\Prefetch\LUA.EXE-DAC58DA7.pf O45 - LFCP:[MD5.AC480F2E8C17B5F9820121CE4EBE9F6D] - 07/06/2013 - 14:13:28 ---A- - C:\Windows\Prefetch\SCHECK.EXE-66477836.pf O45 - LFCP:[MD5.E15293C6B55902BC1A03189CEBBDEEFD] - 07/06/2013 - 14:13:30 ---A- - C:\Windows\Prefetch\UPDATE_INSTALLER.EXE-EB7E0573.pf ~ Prefetcher: 140 Legitimates Filtered in 00mn 01s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\MobileDocuments [Key] . (...) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (.not file.) ~ SMSR Keys: 22 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 21 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.1CFFE9C06E66A57DAE1452E449A58240] - 08/07/2009 - 11:48:50 ---A- . (.Hewlett-Packard - HP Accelerometer.) -- C:\Windows\System32\Drivers\Accelerometer.sys [41272] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 04/06/2013 - 16:55:53 ---A- C:\Users\utilisateur\Documents\ESCRIME\Escrime_traditions\Escrime _ Traditions.zip [5250799] O61 - LFC: 05/06/2013 - 13:24:30 ---A- C:\Users\utilisateur\Documents\E S C R I M E\C O L L E G E S\Jean Jaurès\College_Jean-Jaures_Liste_participants_2012_2013.xlsx [21213] O61 - LFC: 05/06/2013 - 13:38:14 ---A- C:\Users\utilisateur\Documents\E S C R I M E\C O L L E G E S\Jean Jaurès\College_Jean-Jaures_Liste_participants_2012_2013_2.xlsx [25318] O61 - LFC: 06/06/2013 - 10:03:20 ---A- C:\Users\utilisateur\Documents\E S C R I M E\R A M O N V I L L E\2013\STAGES\CLUB ETE\Demande piscine.pdf [209902] O61 - LFC: 06/06/2013 - 10:04:48 ---A- C:\Users\utilisateur\Documents\E S C R I M E\R A M O N V I L L E\2013\STAGES\CLUB ETE\Demande piscine.doc [59904] O61 - LFC: 06/06/2013 - 10:06:28 ---A- C:\Users\utilisateur\Documents\E S C R I M E\R A M O N V I L L E\2013\STAGES\CLUB ETE\Dossiers inscriptions 2013\theo alfontes.pdf [712878] O61 - LFC: 06/06/2013 - 10:51:59 ---A- C:\Users\utilisateur\AppData\Roaming\Megaupload\Mega Manager\MegaManager.dat [233472] O61 - LFC: 06/06/2013 - 10:51:59 ---A- C:\Users\utilisateur\AppData\Roaming\Megaupload\Mega Manager\UIHistory.dat [180224] O61 - LFC: 07/06/2013 - 11:13:44 ---A- C:\Users\utilisateur\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [268840] O61 - LFC: 07/06/2013 - 12:18:57 ---A- C:\Users\utilisateur\Links\Flux de photos.lnk [154] O61 - LFC: 07/06/2013 - 13:15:52 ---A- C:\Users\utilisateur\AppData\Roaming\Intermediate\main.bin [6707] O61 - LFC: 07/06/2013 - 13:15:52 ---A- C:\Users\utilisateur\AppData\Roaming\Intermediate\version.txt [2] O61 - LFC: 07/06/2013 - 13:15:52 ---A- C:\Users\utilisateur\AppData\Roaming\SCheck\main.bin [19239] O61 - LFC: 07/06/2013 - 15:08:45 ---A- C:\Users\utilisateur\AppData\Local\Google\Chrome\User Data\Local State [33387] O61 - LFC: 07/06/2013 - 15:08:45 ---A- C:\Users\utilisateur\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4] ~ 1 Fichiers temporaires (Temporary files) ~ 2 Fichiers cookies (Cookies files) ~ Files: 559 Legitimates Filtered in 06mn 44s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 O63 - Logiciel: ZHPFix 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPFix_is1 ~ ADS: Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\utilisateur\AppData\Local\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files (x86)\Safari\Safari.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Goo) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {7EE20EA3-7F3C-4076-A72E-7CC9C5729AC6} - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Crack & Keygen Files (O82) C:\Users\utilisateur\Documents\Diablo II LOD\Diablo II LOD\Diablo II\Mods\cracked_d2maphack_v7.0\EasyCrack.exe C:\Users\utilisateur\Documents\Diablo II LOD\Diablo II LOD\Diablo II\Mods\cracked_d2maphack_v7.0\EasyCrack.exe ~ Files: Scanned in 03mn 22s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.5A432A042DAE460ABE7199B758E8606C] [SPRF][28/10/2006] (.Microsoft Corporation - Office Source Engine.) -- C:\Users\utilisateur\AppData\Local\Temp\ose00000.exe [145184] [MD5.D2D7AD244F109B757CD4F9F44A75CB9F] [SPRF][02/06/2008] (.Macrovision Corporation - Setup.exe.) -- C:\Users\utilisateur\AppData\Local\Temp\_is1D18.exe [459400] [MD5.D2D7AD244F109B757CD4F9F44A75CB9F] [SPRF][02/06/2008] (.Macrovision Corporation - Setup.exe.) -- C:\Users\utilisateur\AppData\Local\Temp\_isD32D.exe [459400] [MD5.8FF9F7EDDC56CACD57B88CFB02382E97] [SPRF][07/06/2013] (...) -- C:\Users\utilisateur\Desktop\adwcleaner.exe [640135] ~ Files: Scanned in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "TCP Query User{EC5C294D-543A-4DEB-99BD-A40F51D5DD9C}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe (.not file.) O87 - FAEL: "UDP Query User{ABA31552-3B73-4155-9EA3-7512B4022F7A}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe (.not file.) O87 - FAEL: "TCP Query User{C579A1E6-11BF-40EA-B2D8-21F09145C535}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe (.not file.) O87 - FAEL: "UDP Query User{13D4BF17-F6C1-4FB1-8712-98B615BCC52B}C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\streamtorrent 1.0\streamtorrent.exe (.not file.) O87 - FAEL: "TCP Query User{476C59D7-CADC-4098-8C6E-6622F209D10A}C:\users\utilisateur\appdata\local\temp\gw2.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\utilisateur\appdata\local\temp\gw2.exe (.not file.) O87 - FAEL: "UDP Query User{35DB9BF7-EEEE-4C3A-A833-98A0E7A56393}C:\users\utilisateur\appdata\local\temp\gw2.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\utilisateur\appdata\local\temp\gw2.exe (.not file.) O87 - FAEL: "TCP Query User{9B56B977-F82C-4EB6-989E-DAAA924B469E}C:\users\utilisateur\downloads\neverwinter_nw.1.20130416a.6.exe" | In - Public - P6 - TRUE | .(...) -- C:\users\utilisateur\downloads\neverwinter_nw.1.20130416a.6.exe O87 - FAEL: "UDP Query User{910D4EC6-5D24-4F9D-B77C-F9831FFE8CD2}C:\users\utilisateur\downloads\neverwinter_nw.1.20130416a.6.exe" | In - Public - P17 - TRUE | .(...) -- C:\users\utilisateur\downloads\neverwinter_nw.1.20130416a.6.exe O87 - FAEL: "TCP Query User{851B5E67-D3CF-471E-8B6C-8A6EDD42A09C}C:\program files (x86)\1clickdownload\1clickdownloader.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\1clickdownload\1clickdownloader.exe (.not file.) =>PUP.1ClickDownloader O87 - FAEL: "UDP Query User{7E0C2789-698D-46F3-9595-ABC62F0C9E7C}C:\program files (x86)\1clickdownload\1clickdownloader.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\1clickdownload\1clickdownloader.exe (.not file.) =>PUP.1ClickDownloader O87 - FAEL: "TCP Query User{4A8D4CA9-913C-41B9-BFC7-1F451FF0606B}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" | In - Public - P6 - TRUE | .(...) -- C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe O87 - FAEL: "UDP Query User{F1FEA388-B1AE-4DEC-83F6-A6ADEA2B41E3}C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe" | In - Public - P17 - TRUE | .(...) -- C:\users\public\games\cryptic studios\neverwinter\live\gameclient.exe ~ Firewall: 372 Legitimates Filtered in 00mn 03s ---\\ Scan Additionnel (O88) Database Version : v2.12397 - (06/06/2013) Clés trouvées (Keys found) : 2 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKCU\Software\Protector] =>PUP.AdvancedSystemProtector [HKCU\Software\OfferMosquito] =>Toolbar.OfferMosquito ~ Additionnel Scan: 462946 Items scanned in 00mn 38s ---\\ Product Upgrade Codes (O90) O90 - PUC: "E17A8F77515323848B2BF2E1BD2D0E1F" . (.Bing Bar.) -- C:\Windows\Installer\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}\icon_installer_ico ~ Update Products: 184 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 14/05/2009 759048 | (ABBYY.Licensing.FineReader.Sprint.9.0) . (.ABBYY.) - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe SR - | Auto 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 17/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 03/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\AESTSr64.exe SR - | Auto 22/06/2010 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 28/11/2011 44768 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SS - | Demand 28/02/2011 183560 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.exe SR - | Demand 29/06/2010 4181256 | (Bluetooth Device Manager) . (.Motorola, Inc..) - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe SS - | Demand 20/05/2010 1096968 | (Bluetooth Media Service) . (.Motorola, Inc..) - C:\Program Files\Motorola\Bluetooth\audiosrv.exe SR - | Auto 20/05/2010 677128 | (Bluetooth OBEX Service) . (.Motorola, Inc..) - C:\Program Files\Motorola\Bluetooth\obexsrv.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 23/04/2010 445192 | (DpHost) . (.DigitalPersona, Inc..) - C:\Program Files\DigitalPersona\Bin\DpHostW.exe SR - | Auto ??\??\???? 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe SS - | Demand 16/09/2010 647680 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe SR - | Demand 16/09/2010 1028096 | (FLEXnet Licensing Service 64) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe SS - | Disabled 09/05/2011 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 18/06/2010 103992 | (HP Wireless Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe SR - | Demand 05/07/2011 988216 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe SR - | Auto 08/07/2009 30520 | (hpsrv) . (.Hewlett-Packard.) - C:\Windows\System32\Hpservice.exe SR - | Auto 27192 | (HPWMISVC) . (...) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe SR - | Demand 31/05/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Disabled 16/06/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe SR - | Auto 01/05/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 82872 | (NMSAccess64) . (...) - C:\Windows\SysWOW64\NMSAccess64.exe SR - | Auto 14/05/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SR - | Auto 18/06/2010 258048 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe SR - | Auto 01/05/2010 2533400 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Auto 23/02/2010 2192176 | (vcsFPService) . (.Validity Sensors, Inc..) - C:\Windows\system32\vcsFPService.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 04s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by utilisateur at 07/06/2013 16:22:21 device: opened successfully user: error reading MBR Disk trace: error: Read Descripteur non valide kernel: error reading MBR ~ MBR: 9 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by utilisateur at 07/06/2013 16:22:23 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 2211 Legitimates filtered by white list End of the scan (558 lines in 13mn 29s)(2)