Rapport de ZHPDiag v2013.5.11.97 par Nicolas Coolman, Update du 11/05/2013 Run by Ezéchiel at 12/05/2013 13:43:03 State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Deactivate by program ---\\ Web Browser MSIE: Internet Explorer v10.0.9200.16540 (Defaut) MFIE: Mozilla Firefox 20.0.1 GCIE: Google Chrome v26.0.1410.64 ---\\ Windows Product Information ~ Langage: Français Windows 8 Home Premium Edition, 64-bit (Build 9200) Windows Server License Manager Script : OK ~ ion : Windows(R) Operating System, OEM_DM channel Windows ID Activation : OK ~ Windows Partial Key : 6CKVT Windows License : OK ~ Windows Remaining Initializations Number : 1000 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection Malwarebytes Anti-Malware version 1.75.0.1300 Windows Defender W8 ---\\ System Optimizer CCleaner v4.01 =>Piriform Ltd ---\\ Peer To Peer (P2P) Vuze v4.9.0.0 =>P2P.Azureus ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader XI Java 7 Update 17 Java 7 Update 21 ---\\ System Information ~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 8063 MB (75% free) System Restore: Activé (Enable) System drive C: has 1389 GB (75%) free of 1848 GB ---\\ Logged in mode ~ Computer Name: BREUB ~ User Name: Ezéchiel ~ All Users Names: UpdatusUser, HomeGroupUser$, Ezéchiel, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\Ezéchiel\AppData\Roaming\ ~ %Desktop% : C:\Users\Ezéchiel\Desktop\ ~ %Favorites% : C:\Users\Ezéchiel\Favorites\ ~ %LocalAppData% : C:\Users\Ezéchiel\AppData\Local\ ~ %StartMenu% : C:\Users\Ezéchiel\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 1389 Go of 1848 Go) D:\ Floppy drive, Flash card reader, USB Key (Not Inserted) E:\ CD-ROM drive (Not Inserted) F:\ CD-ROM drive (Not Inserted) G:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 27 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.E13A31D5254C25406A7946BDD9B06364] - (.Microsoft Corporation - Explorateur Windows.) (.27/01/2013 - 00:39:03.) -- C:\Windows\Explorer.exe [2380944] [MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de démarrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608] [MD5.753C0848AE7872A3F59663078A517293] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21/02/2013 - 11:15:07.) -- C:\Windows\System32\wininet.dll [2240512] [MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.27/01/2013 - 00:38:57.) -- C:\Windows\System32\Winlogon.exe [517120] [MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Bibliothèque de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408] [MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640] [MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840] [MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544] [MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080] [MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784] [MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.27/01/2013 - 00:38:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168] [MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640] [MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920] [MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688] [MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776] [MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544] [MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parallèle.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984] [MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928] [MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712] [MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248] [MD5.2FB3CDFD5EAF4CD9D4AFAF96877D13AE] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.26/07/2012 - 05:57:09.) -- C:\Windows\system32\Drivers\volsnap.sys [332016] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/35 ~ Mes musiques (My Musics) : 1/2 ~ Mes Favoris (My Favorites) : 1/23 ~ Mes Documents (My Documents) : 1/165770 ~ Mon Bureau (My Desktop) : 2/6553 ~ Menu demarrer (Programs) : 1/41 ~ Hidden Files: Scanned in 00mn 55s ---\\ Processus lancés [MD5.724CB7A116F7E1A67009D751BCF86586] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.5048] [MD5.9388FBA0B9985B18B3693A32B530A16B] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888] [PID.4184] [MD5.7189E14F5DFB0CC7F426FC42F5389335] - (.cyberlink - brs.) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe [76912] [PID.4212] [MD5.872B3D5F6F9F9BDFD6A83EE8AA5824B4] - (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632] [PID.4208] [MD5.76A3A30B58405C2C6D833895253A51A9] - (.Apple Computer, Inc. - Pas de description.) -- C:\Program Files (x86)\QuickTime\qttask.exe [98304] [PID.4124] [MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816] [PID.3844] [MD5.883B2E1341E5BE906A7507308A6636DF] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240] [PID.4312] [MD5.6F5386A655598F71BAAB2D6B63A69D6A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.3008] [MD5.F834B06933E51E2266DC4858A0E9DD98] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.4364] [MD5.D719477489E4EF1B987E5525D608F2A5] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe [1855880] [PID.5000] [MD5.8B3FD7B305F0DFF41C2B4DBCA7D4CE74] - (.SoftThinks - Dell - Dell Backup And Recovery Update Launcher.) -- C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe [492904] [PID.2924] [MD5.6D8A66D551A332DF0A1716272EC4ED50] - (.SoftThinks - Dell - Dell Backup And Recovery Toaster.) -- C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.exe [4047208] [PID.4924] [MD5.C4A0673606F8A4D912646E2778630BDD] - (.Azureus Software, Inc - Pas de description.) -- C:\Program Files (x86)\Vuze\Azureus.exe [316360] [PID.5412] =>P2P.Azureus [MD5.AE5F5021FC66A380FD46B17A3E30E8E8] - (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe [174496] [PID.4392] [MD5.44B23B3FA81CD7E0197D5F1AA3611A8E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7307264] [PID.5728] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Ezéchiel\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [knfjealnimdkfoblidcgfkkmpgifijdn] rcplugin v.0.1 (Désactivé) G2 - GCE: Preference [User Data\Default] [nchpfiddbhbdnagofhkjlaiaejmkdcla] Helper extension v.1.4 (Désactivé) ~ Google Browser: 15 Legitimates Filtered in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Ezéchiel\AppData\Roaming\Mozilla\Firefox\Profiles\7qm5se36.default\prefs.js M2 - MFEP: prefs.js [Ezéchiel - 7qm5se36.default\NPCamfrogWeb@camfrogweb.com] [] Camfrog Web Plugin for Mozilla Firefox v2,0,18,111 (..) M2 - MFEP: prefs.js [Ezéchiel - 7qm5se36.default\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}] [] Flash and Video Download v1.32 (..) P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\mcafee\msc\npMcSnFFPl64.dll ~ Firefox Browser: 16 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 25 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO [64Bits] - {0D929918-C804-4756-B0AC-640EF3F061E9} . (.aa - Pas de description.) -- C:\Program Files (x86)\SmartPopupBlocker\PopupBlockerBHO.dll O2 - BHO: IE AdBlock [64Bits] - {46B37057-5BA8-4014-B28D-6448FD171A3E} . (.CatenaLogic - Internet Explorer Browser Extension to bloc.) -- C:\Program Files (x86)\IE AdBlock\IE AdBlock.dll ~ BHO: 6 Legitimates Filtered in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe O4 - HKCU\..\Run: [ISUSPM Startup] . (.InstallShield Software Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe O4 - HKLM\..\Wow6432Node\Run: [IMSS] . (.Intel Corporation - PIcon startup utility.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe O4 - HKLM\..\Wow6432Node\Run: [CLMLServer_For_P2G8] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe O4 - HKLM\..\Wow6432Node\Run: [CLVirtualDrive] . (.CyberLink Corp. - CyberLink Virtual Drive.) -- C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe O4 - HKLM\..\Wow6432Node\Run: [BDRegion] . (.cyberlink - brs.) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe O4 - HKLM\..\Wow6432Node\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Wow6432Node\Run: [ISUSScheduler] . (.InstallShield Software Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Computer, Inc. - Pas de description.) -- C:\Program Files (x86)\QuickTime\qttask.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop: myCinema.lnk . (...) -- C:\Users\Ezéchiel\Downloads\myCinema_v1.10.4.jar O4 - GS\Desktop: Ordinateur.lnk - Clé orpheline ~ Global Startup: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{0D678C1B-CEF5-4E78-9EBF-81740F0400B6}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{614FD7E0-4E0C-4A61-A860-F2CE87751D22}: DhcpNameServer = 10.72.0.72 10.72.0.73 O17 - HKLM\System\CCS\Services\Tcpip\..\{614FD7E0-4E0C-4A61-A860-F2CE87751D22}: DhcpDomain = lcj.emea.dell.com O17 - HKLM\System\CS1\Services\Tcpip\..\{0D678C1B-CEF5-4E78-9EBF-81740F0400B6}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{614FD7E0-4E0C-4A61-A860-F2CE87751D22}: DhcpNameServer = 10.72.0.72 10.72.0.73 O17 - HKLM\System\CS1\Services\Tcpip\..\{614FD7E0-4E0C-4A61-A860-F2CE87751D22}: DhcpDomain = lcj.emea.dell.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\NVIDIA~1\3DVISI~1\NVSTIN~1.dll (.not file.) ~ AppInit DLL: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) . (.Dell Products, LP. - Dell Digital Delivery Windows Service.) - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe O23 - Service: ZAtheros Wlan Agent (ZAtheros Wlan Agent) . (.Atheros - Atheros Coex Service Application.) - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe ~ Services: 23 Legitimates Filtered in 00mn 02s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job [286] [MD5.07605ABEB10FC533881C91F19DECF69A] [APT] [AutoKMS] (...) -- C:\windows\AutoKMS\AutoKMS.exe [1923584] [MD5.643A275BF9B51650CABE8BA22E31B3BD] [APT] [PCDEventLauncher] (.PC-Doctor, Inc..) -- C:\Program Files\Dell Support Center\sessionchecker.exe [426600] [MD5.78E8580D5C32E9627D1B69761B76ED72] [APT] [PCDoctorBackgroundMonitorTask] (.PC-Doctor, Inc..) -- C:\Program Files\Dell Support Center\uaclauncher.exe [1186376] ~ Scheduled Task: 13 Legitimates Filtered in 00mn 05s ---\\ Logiciels installés (O42) O42 - Logiciel: Alien Spidy - (...) [HKLM][64Bits] -- Alien Spidy_is1 O42 - Logiciel: De Blob (alleen verwijderen) - (...) [HKLM][64Bits] -- De_Blob_EN O42 - Logiciel: Lollipop - (...) [HKCU][64Bits] -- cpesobq =>Adware.Lollipop O42 - Logiciel: Smart Popup Blocker version 1.20 - (...) [HKLM][64Bits] -- Smart Popup Blocker_is1 O42 - Logiciel: Solace - February 2011 - (.DigiPen Institute of Technology.) [HKLM][64Bits] -- {3DE19DBA-6F79-4E14-AE0B-1833B26DD184}_is1 O42 - Logiciel: The Bridge - (...) [HKLM][64Bits] -- The Bridge_is1 O42 - Logiciel: The Klub 17 - (.Team K17.) [HKCU][64Bits] -- The Klub 17 O42 - Logiciel: Vessel - (...) [HKLM][64Bits] -- Vessel_is1 ~ Logic: 125 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\EMPIRE] [HKCU\Software\ENJMIN] [HKCU\Software\Enigma SP] [HKCU\Software\FANiSO] [HKCU\Software\Grupp 1] [HKCU\Software\Richard E Flanagan] [HKCU\Software\TeamK17] [HKLM\Software\Wow6432Node\smartpopupblocker] ~ Key Software: 230 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 28/03/2013 - 13:14:20 - [1073,318] ----D C:\Program Files (x86)\Alien Spidy O43 - CFD: 05/03/2013 - 06:40:20 - [627,664] ----D C:\Program Files (x86)\Antichamber O43 - CFD: 17/03/2013 - 09:49:46 - [235,664] ----D C:\Program Files (x86)\De Blob O43 - CFD: 22/03/2013 - 00:08:05 - [1040,967] ----D C:\Program Files (x86)\Dr.Kawashima O43 - CFD: 17/03/2013 - 09:21:35 - [333,006] ----D C:\Program Files (x86)\PaperPlane O43 - CFD: 21/02/2013 - 11:05:07 - [0,353] ----D C:\Program Files (x86)\SmartPopupBlocker O43 - CFD: 26/02/2013 - 10:31:28 - [1454,792] ----D C:\Program Files (x86)\Strange Loop Games O43 - CFD: 05/03/2013 - 06:50:49 - [495,640] ----D C:\Program Files (x86)\The Bridge O43 - CFD: 04/04/2013 - 22:51:39 - [0,015] ----D C:\Users\Ezéchiel\AppData\Roaming\com.northwayGames.Incredipede O43 - CFD: 05/03/2013 - 06:51:41 - [0,002] ----D C:\Users\Ezéchiel\AppData\Local\FANiSO O43 - CFD: 17/03/2013 - 13:14:13 - [3,774] ----D C:\Users\Ezéchiel\AppData\Local\Films O43 - CFD: 17/03/2013 - 09:48:50 - [0] ----D C:\Users\Ezéchiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\De Blob (English) O43 - CFD: 22/03/2013 - 00:08:05 - [0,005] ----D C:\Users\Ezéchiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Défi Cérébral du Dr. Kawashima ~ Program Folder: 208 Legitimates Filtered in 00mn 40s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.0F1FFAF9DCAAD24E1820B9681F1F9943] - 12/05/2013 - 11:10:06 ---A- . (...) -- C:\Windows\ODBC.INI [136] ~ Files: 19 Legitimates Filtered in 02mn 06s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Clé orpheline ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 19 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.4F18D4C7EA14F11A7211F60D553C03DB] - 26/07/2012 - 06:00:49 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [106736] O58 - SDL:[MD5.CBBD8F724C6C0B3D05477BB5C982D4B8] - 14/06/2012 - 02:41:10 ----- . (.Qualcomm Atheros Communications, Inc. - Qualcomm Atheros Extensible Wireless LAN device driver.) -- C:\Windows\System32\athw8x.sys [3578368] ~ Drivers: Scanned in 00mn 00s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {B03EC238-16D4-4351-B496-A4628B87CC93} - (Web Search) - http://search.conduit.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.0E771375445E13429E68CAE720A48B72] [SPRF][11/05/2013] (...) -- C:\Users\Ezéchiel\AppData\Local\Temp\i4jdel0.exe [35224] [MD5.87985DD2DF21D17B8247CAC3896E2DD4] [SPRF][27/01/2013] (.Pas de propriétaire - Danceonmoon.) -- C:\Users\Ezéchiel\AppData\Local\Temp\msyozov.com [849213] [MD5.82A2D4C1C3E2C19996EC5002E77029A2] [SPRF][07/05/2013] (.Macromedia, Inc. - Macromedia Flash Player 7.0 r14.) -- C:\Users\Ezéchiel\AppData\Roaming\secret fantaisy dream 2.exe [35380382] [MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576] [MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608] [MD5.A7226E3C773911C7687299B3E2284CAB] [SPRF][13/04/2004] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [307200] ~ Files: Scanned in 00mn 00s ---\\ Scan Additionnel (O88) Database Version : v2.12078 - (11/05/2013) Clés trouvées (Keys found) : 3 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7E685771E24E83F4381D1DB5A45F7B41] =>Toolbar.DeltaSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5C8B5FB7CB5DD447A0BAAAF637FBD77] =>PUP.ClaroSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF96568971BEAC14B8815883832BD484] =>PUP.ClaroSearch ~ Additionnel Scan: 292746 Items scanned in 00mn 16s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 19/04/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 18/11/2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe SS - | Auto 13/07/2012 236144 | (CLKMSVC10_38F51D56) . (.CyberLink.) - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe SS - | Demand 06/10/2012 277024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe SR - | Auto 13/03/2013 187912 | (DellDigitalDelivery) . (.Dell Products, LP..) - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe SS - | Auto 05/02/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 05/02/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SR - | Auto 01/09/2012 14904 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 19/06/2012 634632 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - c:\Program Files\Intel\iCLS Client\HeciServer.exe SR - | Auto 19/07/2012 166720 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe SR - | Auto 19/07/2012 277824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SS - | Demand 26/01/2012 332080 | (McAWFwk) . (.McAfee, Inc..) - C:\Program Files\mcafee\msc\McAWFwk.exe SR - | Auto 31/08/2012 201304 | (mcmscsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe SR - | Auto 31/08/2012 201304 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe SR - | Auto 31/08/2012 201304 | (McNASvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe SS - | Demand 05/02/2013 384048 | (McODS) . (.McAfee, Inc..) - C:\Program Files\mcafee\VirusScan\mcods.exe SS - | Disabled 31/08/2012 201304 | (McOobeSv) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe SR - | Auto 31/08/2012 201304 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe SR - | Auto 19/02/2013 241456 | (McShield) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe SR - | Auto 19/02/2013 218760 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe SR - | Auto 19/02/2013 182752 | (mfevtp) . (.McAfee, Inc..) - C:\Windows\system32\mfevtps.exe SS - | Demand 12/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 15/03/2013 877856 | (nvsvc) . (.NVIDIA Corporation.) - C:\windows\system32\nvvsvc.exe SR - | Auto 15/03/2013 1266464 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 254512 | (RichVideo) . (...) - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe SR - | Auto 26/11/2012 1914728 | (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe SR - | Auto 14/03/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 19/07/2012 365376 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SS - | Demand 27/01/2013 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 19/06/2012 77824 | (ZAtheros Wlan Agent) . (.Atheros.) - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe ~ Services: Scanned in 00mn 02s ~ 1049 Legitimates filtered by white list End of the scan (424 lines in 04mn 23s)(0)