~ Rapport de NCDiag v2014.4.18.33 - Copyright ©2014 - Nicolas Coolman, Tous droits réservés ~ Emplacement rapport : C:\Users\CYBERBUROTIK\AppData\Roaming\ZHP\NCDiag.txt ~ Lancé par CYBERBUROTIK (18/04/2014 - 20:14:17) ~ Adresse du Site Web : http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Etat de la version : OK ~ Liste blanche : Désactivée par le programme ~ User Account Control (UAC): Activé par l'utilisateur ~ Elévation des Privilèges : OK ---\\ Navigateurs Internet MSIE: Internet Explorer v9.0.8112.16421 (Default) ---\\ Informations sur les produits Windows ~ Langage: Français Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit Windows Server License Manager Script : OK ~ Windows Operating System - Vista, OEM_SLP channel Windows ID Activation : OK ~ Windows Partial Key : 6CJ97 Windows License : OK Software Protection Service (Protection logicielle) : KO Windows Automatic Updates : OK ---\\ Informations sur le système ~ Operating System: 32 Bits ~ Boot Mode: Normal (Normal boot) System Restore: Activé (Enable) Total RAM: 3065 MB (43% free) ---\\ Mode de connexion au système ~ Nom d'Ordinateur: PC-DE-VANESSA ~ Nom d'utilisateur: CYBERBUROTIK ~ Nom des utilisateurs: CYBERBUROTIK,FORMATION,Invité,Public,VANESSA, ~ Connecté en administrateur ---\\ Enumération des unités disques C: Hard drive, Flash drive, Thumb drive (System) ( Free 57 Go of 142 Go) D: Hard drive, Flash drive, Thumb drive ( Free 122 Go of 142 Go) ---\\ Logiciels de protection du système avast! Free Antivirus v8.0.1489.0 Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Security Client v4.1.0522.0 Ad-Aware v8.3.0 McAfee Security Scan Plus v3.8.141.11 Spybot - Search & Destroy v1.6.2 ---\\ Variables d'environnement ~ %SYSTEMDRIVE% = C: ~ %USERPROFILE% = C:\Users\CYBERBUROTIK ~ %APPDATA% = C:\Users\CYBERBUROTIK\AppData\Roaming ~ %DESKTOP% = C:\Users\CYBERBUROTIK\Desktop ~ %FAVORITES% = C:\Users\CYBERBUROTIK\Favorites ~ %LOCALAPPDATA% = C:\Users\CYBERBUROTIK\AppData\Local ~ %STARTMENU% = C:\Users\CYBERBUROTIK\AppData\Roaming\Microsoft\Windows\Start Menu ~ %WINDIR% = C:\Windows ~ %SYSTEM% = C:\Windows\System32 ~ %PROGRAMFILES% = C:\Program Files ---\\ Etat du Centre de Sécurité Windows |HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System| EnableLUA: OK |HKLM\SOFTWARE\Microsoft\Security Center\svc| AntiSpywareOverride: OK |HKLM\SOFTWARE\Microsoft\Security Center\svc| AntiVirusOverride: OK |HKLM\SOFTWARE\Microsoft\Security Center\svc| FirewallOverride: OK |HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced| Start_ShowHelp: OK |HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced| Start_ShowMyComputer: OK |HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced| Start_ShowMyDocs: OK |HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced| Start_ShowMyMusic: OK |HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced| Start_ShowMyPics: OK |HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced| Start_ShowPrinters: Modified |HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced| Start_ShowSearch: OK |HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced| Start_ShowSetProgramAccessAndDefaults: OK |HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced| Start_ShowControlPanel: OK |HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced| Start_ShowNetConn: OK |HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL| CheckedValue: OK |HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN| CheckedValue: OK |HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations| Application: OK |HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp| Type: OK ---\\ Recherche particulière de fichiers génériques ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - C:\Windows\system32\drivers\afd.sys (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- LEGACY_AFD =>.© Microsoft Corporation O64 - Services: CurCS - aswFsBlk (aswFsBlk) .(...) - LEGACY_ASWFSBLK O64 - Services: CurCS - C:\Windows\system32\drivers\aswMonFlt.sys (aswMonFlt) .(.AVAST Software - avast! File System Minifilter for Windows 2.) -- LEGACY_ASWMONFLT [MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\Explorer.exe [2926592] O64 - Services: CurCS - aswRdr (aswRdr) .(...) - LEGACY_ASWRDR O64 - Services: CurCS - aswRvrt (aswRvrt) .(...) - LEGACY_ASWRVRT O64 - Services: CurCS - aswSnx (aswSnx) .(...) - LEGACY_ASWSNX O64 - Services: CurCS - aswSP (aswSP) .(...) - LEGACY_ASWSP O64 - Services: CurCS - avast! Network Shield Support (aswTdi) .(...) - LEGACY_ASWTDI O64 - Services: CurCS - aswVmm (aswVmm) .(...) - LEGACY_ASWVMM O64 - Services: CurCS - C:\Windows\system32\drivers\atapi.sys (atapi) .(.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- LEGACY_ATAPI =>.© Microsoft Corporation O64 - Services: CurCS - Beep (Beep) .(.Microsoft Corporation - Beep Driver.) -- LEGACY_BEEP =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\DRIVERS\bowser.sys (bowser) .(.Microsoft Corporation - NT Lan Manager Datagram Receiver Driver.) -- LEGACY_BOWSER =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\DRIVERS\cdfs.sys (cdfs) .(.Microsoft Corporation - CD-ROM File System Driver.) -- LEGACY_CDFS =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\CLFS.sys (CLFS) .(.Microsoft Corporation - Common Log File System Driver.) -- LEGACY_CLFS =>.© Microsoft Corporation [MD5.4B555106290BD117334E9A08761C035A] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) -- C:\Windows\System32\rundll32.exe [44544] O64 - Services: CurCS - C:\Windows\system32\drivers\crcdisk.sys (crcdisk) .(.Microsoft Corporation - Disk Block Verification Filter Driver.) -- LEGACY_CRCDISK =>.© Microsoft Corporation [MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) -- C:\Windows\System32\Wininit.exe [96768] [MD5.62077F806BC59CBD5A404338D710D133] - (.Microsoft Corporation - Extensions Internet pour Win32.) -- C:\Windows\System32\wininet.dll [1129472] O64 - Services: CurCS - C:\Windows\system32\drivers\dfsc.sys (DfsC) .(.Microsoft Corporation - DFS Namespace Client Driver.) -- LEGACY_DFSC =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\System32\drivers\dxgkrnl.sys (DXGKrnl) .(.Microsoft Corporation - DirectX Graphics Kernel.) -- LEGACY_DXGKRNL =>.© Microsoft Corporation O64 - Services: CurCS - FAT12/16/32 File System Driver (fastfat) .(...) - LEGACY_FASTFAT =>.© O64 - Services: CurCS - C:\Windows\system32\drivers\fileinfo.sys (FileInfo) .(.Microsoft Corporation - FileInfo Filter Driver.) -- LEGACY_FILEINFO =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\drivers\fltmgr.sys (FltMgr) .(.Microsoft Corporation - Gestionnaire de filtres de système de fichi.) -- LEGACY_FLTMGR =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\drivers\gfibto.sys (gfibto) .(.GFI Software - GFI Boot Time Operations Driver.) -- LEGACY_GFIBTO O64 - Services: CurCS - C:\Windows\system32\drivers\HTTP.sys (HTTP) .(.Microsoft Corporation - HTTP Pile du protocole.) -- LEGACY_HTTP =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\drivers\int15.sys (int15) .(.Acer, Inc. - int15.) -- LEGACY_INT15 O64 - Services: CurCS - C:\Windows\system32\rascfg.dll (IpFilterDriver) .(.Microsoft Corporation - Objets de configuration RAS.) -- LEGACY_IPFILTERDRIVER =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\DRIVERS\ipnat.sys (IPNAT) .(.Microsoft Corporation - IP Network Address Translator.) -- LEGACY_IPNAT =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\DRIVERS\irda.sys (irda) .(.Microsoft Corporation - IRDA Protocol Driver.) -- LEGACY_IRDA =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\Drivers\ksecdd.sys (KSecDD) .(.Microsoft Corporation - Kernel Security Support Provider Interface.) -- LEGACY_KSECDD =>.© Microsoft Corporation O64 - Services: CurCS - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys (Lavasoft Kernexplorer) .(...) - LEGACY_LAVASOFT_KERNEXPLORER O64 - Services: CurCS - C:\Windows\system32\DRIVERS\Lbd.sys (Lbd) .(.Lavasoft AB - Boot Driver.) -- LEGACY_LBD O64 - Services: CurCS - C:\Windows\system32\DRIVERS\lltdio.sys (lltdio) .(.Microsoft Corporation - Link-Layer Topology Mapper I/O Driver.) -- LEGACY_LLTDIO =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\drivers\luafv.sys (luafv) .(.Microsoft Corporation - Pilote de filtre de virtualisation de fichi.) -- LEGACY_LUAFV =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\drivers\mbam.sys (MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- LEGACY_MBAMPROTECTOR =>.© O64 - Services: CurCS - C:\Windows\system32\drivers\mountmgr.sys (MountMgr) .(.Microsoft Corporation - Mount Point Manager.) -- LEGACY_MOUNTMGR =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\DRIVERS\MpFilter.sys (MpFilter) .(.Microsoft Corporation - Microsoft antimalware file system filter dr.) -- LEGACY_MPFILTER =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\drivers\mpsdrv.sys (mpsdrv) .(.Microsoft Corporation - Microsoft Protection Service Driver.) -- LEGACY_MPSDRV =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\drivers\mrxdav.sys (MRxDAV) .(.Microsoft Corporation - Windows NT WebDav Minirdr.) -- LEGACY_MRXDAV =>.© Microsoft Corporation [MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) -- C:\Windows\System32\Winlogon.exe [314368] O64 - Services: CurCS - C:\Windows\system32\DRIVERS\mrxsmb.sys (mrxsmb) .(.Microsoft Corporation - Windows NT SMB Minirdr.) -- LEGACY_MRXSMB =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\DRIVERS\mrxsmb10.sys (mrxsmb10) .(.Microsoft Corporation - Longhorn SMB Downlevel SubRdr.) -- LEGACY_MRXSMB10 =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\DRIVERS\mrxsmb20.sys (mrxsmb20) .(.Microsoft Corporation - Longhorn SMB 2.0 Redirector.) -- LEGACY_MRXSMB20 =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\drivers\msisadrv.sys (msisadrv) .(.Microsoft Corporation - ISA Driver.) -- LEGACY_MSISADRV =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\Drivers\mup.sys (Mup) .(.Microsoft Corporation - Multiple UNC Provider driver.) -- LEGACY_MUP =>.© Microsoft Corporation [MD5.95F5FF73B076576C41740F1A842B9B57] - (.Microsoft Corporation - DLL client de l'API uilisateur de Windows m.) -- C:\Windows\System32\fr-FR\user32.dll.mui [20480] O64 - Services: CurCS - C:\Windows\system32\DRIVERS\nwifi.sys (NativeWifiP) .(.Microsoft Corporation - NativeWiFi Miniport Driver.) -- LEGACY_NATIVEWIFIP =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\drivers\ndis.sys (NDIS) .(.Microsoft Corporation - NDIS 6.0 wrapper driver.) -- LEGACY_NDIS =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\DRIVERS\ndisuio.sys (Ndisuio) .(.Microsoft Corporation - NDIS User mode I/O driver.) -- LEGACY_NDISUIO =>.© Microsoft Corporation [MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) -- C:\Windows\System32\drivers\AFD.sys [273408] O64 - Services: CurCS - C:\Windows\system32\DRIVERS\netbios.sys (NetBIOS) .(.Microsoft Corporation - NetBIOS interface driver.) -- LEGACY_NETBIOS =>.© Microsoft Corporation [MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) -- C:\Windows\System32\drivers\atapi.sys [19944] O64 - Services: CurCS - C:\Windows\system32\DRIVERS\netbt.sys (netbt) .(.Microsoft Corporation - MBT Transport driver.) -- LEGACY_NETBT =>.© Microsoft Corporation [MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) -- C:\Windows\System32\drivers\Cdfs.sys [70144] O64 - Services: CurCS - C:\Windows\system32\DRIVERS\NisDrvWFP.sys (NisDrv) .(.Microsoft Corporation - Microsoft Network Realtime Inspection Drive.) -- LEGACY_NISDRV =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) .(.Microsoft Corporation - NSI Proxy.) -- LEGACY_NSIPROXY =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\PCTINDIS5.SYS (PCTINDIS5) .(.Smith Micro Inc. - Smith Micro NDIS 5.0 Protocol Driver.) -- LEGACY_PCTINDIS5 =>.© O64 - Services: CurCS - C:\Windows\system32\drivers\peauth.sys (PEAUTH) .(.Microsoft Corporation - Protected Environment Authentication and Au.) -- LEGACY_PEAUTH =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\DRIVERS\pacer.sys (PSched) .(.Microsoft Corporation - Planificateur de paquets QoS.) -- LEGACY_PSCHED =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\DRIVERS\psdfilter.sys (PSDFilter) .(.Egis Incorporated - Acer eDataSecurity Management PSD Filter Dr.) -- LEGACY_PSDFILTER O64 - Services: CurCS - C:\Windows\system32\DRIVERS\PSDNServ.sys (PSDNServ) .(.Egis Incorporated - Acer eDataSecurity Management PSD Named Pip.) -- LEGACY_PSDNSERV O64 - Services: CurCS - C:\Windows\system32\DRIVERS\PSDVdisk.sys (psdvdisk) .(.Egis Incorporated - Acer eDataSecurity Management PSD Virtual D.) -- LEGACY_PSDVDISK O64 - Services: CurCS - C:\Windows\system32\DRIVERS\rasacd.sys (RasAcd) .(.Microsoft Corporation - RAS Automatic Connection Driver.) -- LEGACY_RASACD =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\DRIVERS\rdbss.sys (rdbss) .(.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) -- LEGACY_RDBSS =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) .(.Microsoft Corporation - RDP Miniport.) -- LEGACY_RDPCDD =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\drivers\rdpencdd.sys (RDPENCDD) .(.Microsoft Corporation - RDP Miniport.) -- LEGACY_RDPENCDD =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\DRIVERS\RMCAST.sys (RMCAST) .(.Microsoft Corporation - Reliable Multicast Transport.) -- LEGACY_RMCAST =>.© Microsoft Corporation [MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) -- C:\Windows\System32\drivers\Cdrom.sys [67072] O64 - Services: CurCS - C:\Windows\system32\DRIVERS\rspndr.sys (rspndr) .(.Microsoft Corporation - Link-Layer Topology Responder Driver for ND.) -- LEGACY_RSPNDR =>.© Microsoft Corporation O64 - Services: CurCS - Security Driver (secdrv) .(...) - LEGACY_SECDRV =>.© O64 - Services: CurCS - C:\Windows\system32\DRIVERS\smb.sys (Smb) .(.Microsoft Corporation - SMB Transport driver.) -- LEGACY_SMB =>.© Microsoft Corporation O64 - Services: CurCS - Security Processor Loader Driver (spldr) .(...) - LEGACY_SPLDR =>.© O64 - Services: CurCS - C:\Windows\system32\DRIVERS\srv.sys (srv) .(.Microsoft Corporation - Server driver.) -- LEGACY_SRV =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\DRIVERS\srv2.sys (srv2) .(.Microsoft Corporation - Smb 2.0 Server driver.) -- LEGACY_SRV2 =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\DRIVERS\srvnet.sys (srvnet) .(.Microsoft Corporation - Server Network driver.) -- LEGACY_SRVNET =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\drivers\tcpip.sys (Tcpip) .(.Microsoft Corporation - TCP/IP Driver.) -- LEGACY_TCPIP =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\drivers\tcpipreg.sys (tcpipreg) .(.Microsoft Corporation - TCP/IP Registry Compatibility Driver.) -- LEGACY_TCPIPREG =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\DRIVERS\tdx.sys (tdx) .(.Microsoft Corporation - TDI Translation Driver.) -- LEGACY_TDX =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\DRIVERS\udfs.sys (udfs) .(.Microsoft Corporation - UDF File System Driver.) -- LEGACY_UDFS =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\System32\drivers\vga.sys (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) -- LEGACY_VGASAVE =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\drivers\volmgrx.sys (volmgrx) .(.Microsoft Corporation - Volume Manager Extension Driver.) -- LEGACY_VOLMGRX =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\drivers\volsnap.sys (volsnap) .(.Microsoft Corporation - Pilote de cliché instantané du volume.) -- LEGACY_VOLSNAP =>.© Microsoft Corporation [MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) -- C:\Windows\System32\drivers\DfsC.sys [75264] O64 - Services: CurCS - C:\Windows\system32\DRIVERS\wanarp.sys (Wanarpv6) .(.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) -- LEGACY_WANARPV6 =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\drivers\Wdf01000.sys (Wdf01000) .(.Microsoft Corporation - Runtime de l’infrastructure de pilotes en m.) -- LEGACY_WDF01000 =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\drivers\WudfPf.sys (WudfPf) .(.Microsoft Corporation - Windows Driver Foundation - User-mode Drive.) -- LEGACY_WUDFPF =>.© Microsoft Corporation O64 - Services: CurCS - C:\Windows\system32\DRIVERS\xaudio.sys (XAudio) .(.Conexant Systems, Inc. - Modem Audio Device Driver.) -- LEGACY_XAUDIO ~ 77 Legacy Keys found in 6 second(s) [MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) -- C:\Windows\System32\drivers\HDAudBus.sys [561152] [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) -- C:\Windows\System32\drivers\i8042prt.sys [54784] [MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) -- C:\Windows\System32\drivers\IpNat.sys [100864] [MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) -- C:\Windows\System32\drivers\MRxSmb.sys [106496] [MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) -- C:\Windows\System32\drivers\netBT.sys [185856] [MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) -- C:\Windows\System32\drivers\ntfs.sys [1082232] [MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) -- C:\Windows\System32\drivers\Parport.sys [79360] [MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) -- C:\Windows\System32\drivers\Rasl2tp.sys [76288] [MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) -- C:\Windows\System32\drivers\rdpdr.sys [248832] [MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) -- C:\Windows\System32\drivers\smb.sys [66560] [MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) -- C:\Windows\System32\drivers\tdx.sys [72192] [MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) -- C:\Windows\System32\drivers\volsnap.sys [224640] ---\\ Processus lancés [MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe [125952] [MD5.3EBFE205F79CA1C5DF01E85436427278] - (.Acer - ProductR Application.) -- C:\Program Files\Acer\WR_PopUp\ProductReg.exe [135168] ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Ob.) -- C:\Windows\system32\eventvwr.exe O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* [MD5.390679F7A217A5E73D756276C40AE887] - (.Safer-Networking Ltd. - System settings protector.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480]PUP.Mocaflix =>PUP.Mocaflix O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (...) -- C:\Windows\System32\regedit.exe O67 - Shell Spawning: <.scr> [HKLM\..\open\Command] (...) -- "%1" /S ~ 10 File Association Shell Spawning scanned in 0 second(s) [MD5.F5BC7BD3D4C08E3B09D346019A04D5DD] - (...) --C:\Program Files\Bamboo Dock\Bamboo Dock\Bamboo Dock.exe [178176] [MD5.35937EAD711207544E219C2A19A78A7D] - (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240] [MD5.F920FBB43C1CDB905044C91B9A3FD516] - (.Skype Technologies S.A. - Skype .) -- C:\Program Files\Skype\Phone\Skype.exe [18643560] ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] . (.Google Inc. - Google Chrome.) -- C:\Users\FORMATION\AppData\Local\Google\Chrome\Application\chrome.exe =>.© Google Inc. O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe =>.© Microsoft O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] . (.Google Inc. - Google Chrome.) -- C:\Users\FORMATION\AppData\Local\Google\Chrome\Application\chrome.exe =>.Google Inc. O68 - StartMenuInternet: [HKLM\..\InstallInfo\ShowIconsCommand] . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Expl.) -- C:\Windows\system32\ie4uinit.exe =>.Microsoft Corporation O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] . (.Google Inc. - Google Chrome.) -- C:\Users\FORMATION\AppData\Local\Google\Chrome\Application\chrome.exe =>.Google Inc. O68 - StartMenuInternet: [HKLM\..\InstallInfo\ReinstallCommand] . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Expl.) -- C:\Windows\system32\ie4uinit.exe =>.Microsoft Corporation [MD5.094F1705ADBCD41E86E2E7F823C933BF] - (.DT Soft Ltd - DAEMON Tools Pro Agent.) -- C:\Program Files\DAEMON Tools Pro\DTAgent.exe [4527424] O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] . (.Google Inc. - Google Chrome.) -- C:\Users\FORMATION\AppData\Local\Google\Chrome\Application\chrome.exe =>.Google Inc. O68 - StartMenuInternet: [HKLM\..\InstallInfo\HideIconsCommand] . (.Microsoft Corporation - Utilitaire d'initialisation d'Internet Expl.) -- C:\Windows\system32\ie4uinit.exe =>.Microsoft Corporation ~ 8 Start Menu Internet found in 0 second(s) ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Search the web (Babylon)) - http://search.babylon.com =>PUP.Babylon [MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {A7C26E26-D30A-4C2D-9D38-42F040F14FC9} [DefaultScope] - (Google) - http://www.google.com ~ 4 Search Browser Infection scanned in 0 second(s) ---\\ Recherche des services démarrés par Svchost (SSS) (O83) O83 - Search Svchost Services: (Irmon) . (.Microsoft Corporation - Moniteur infrarouge.) -- C:\Windows\System32\irmon.dll [17920] ~ 1 Svchost services scanned in 0 second(s) [MD5.5C080C61235C74568C2978FC7E602AE0] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896] [MD5.2F2DF068BED6E62E4C007DF7446B4F19] - (...) --C:\Windows\PLFSetI.exe [200704] ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) Power Management - DMC.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [417792] O87 - FAEL: "TCP Query User{118C9D07-7D94-4803-99B4-269F3FE3E169}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" | In - Private - P6 - TRUE | .(.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\program files\syncables\syncables desktop\jre\bin\javaw.exe =>.© O87 - FAEL: "UDP Query User{E6DD503B-EB06-4AB1-9780-622BB4A9C915}C:\program files\syncables\syncables desktop\jre\bin\javaw.exe" | In - Private - P17 - TRUE | .(.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\program files\syncables\syncables desktop\jre\bin\javaw.exe =>.© [MD5.15A33EF5C43C5ADBABECA6B216D839B5] - (.Egis Incorporated - Acer eDataSecurity Management Loader.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896] ~ 2 Firewall Active Exception Files found in 1.39784e+009 second(s) [MD5.E43A851F7B12DE589424D6C656155CFC] - (.Adobe Systems Incorporated - Adobe CS4 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712] [MD5.B41D1BDB8673873AB25B7540E9B433F1] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664] [MD5.048EA4B978851788E9F5E8E4F081DF7A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904] [MD5.690D62ECBEFE0F82236E4B7CF9CD9664] - (.Bouygues - Internet 3G+ Bouygues Telecom.) -- C:\Program Files\Bouygues Telecom\Internet 3G+\Bouygues.exe [330272] [MD5.1BEFB1336B2304482FFC7EF24CF3E074] - (.syncables, LLC - Syncables.) -- C:\Program Files\syncables\syncables desktop\syncables.exe [370480] [MD5.BD9E8C3FEE6C44442D577125F3A9AFB2] - (...) --C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [357800] [MD5.5447AF432CDA61159ADDE218C468FFD9] - (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208] [MD5.F577910A133A592234EBAAD3F3AFA258] - (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096] [MD5.D5B783DACE1BBDD382A63C894BAB8E1E] - (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992] [MD5.7E1B0C85B7347D9391FE60F6DADFDDF0] - (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe [947176] [MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968] [MD5.DF7AEEC25E5C006EEC61206476F48629] - (.Lavasoft - Ad-Aware Browsing Protection and Anti-Phish.) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542104] [MD5.67BD916F01424DEB8AB8CD9E0096F277] - (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520] [MD5.A7810B302294793DE88542AAE177D1B1] - (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424] [MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152] [MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808] [MD5.09E6AFFAE6C0E9158BF05C7D08D0107A] - (.NewTech Infosystems, Inc. - NTI Backup Now 5 Agent service..) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384] [MD5.1A05E1AF359D8E961279F1EEA30A91EE] - (...) - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048] [MD5.E87213F37A13E2B54391E40934F071D0] - (.Microsoft Corporation - .NET Runtime Optimization Service.) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [105144] [MD5.B1F2503E23425B386DF0F3413B2596F3] - (.Egis Incorporated - Acer eDataSecurity Management Service.) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [500784] [MD5.F25247D0E011A643EE60052CE23BE05E] - (...) - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576] [MD5.61323B88EFE90F6B144A3611B3ED1D7D] - (.Lavasoft Limited - Ad-Aware Service Application .) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [1737728] [MD5.793FF718477345CD5D232C50BED1E452] - (...) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440] [MD5.1E1A308F4229FAB0011A0745EE8377AE] - (...) - C:\Acer\Mobility Center\MobilityService.exe [110592] [MD5.E077FCA2A7E79FB9BF67D3E30B5CE593] - (.Microsoft Corporation - Antimalware Service Executable.) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe [20472] [MD5.A2B6583A5652A385DFF5E4F49AD48761] - (.NewTech InfoSystems, Inc. - NTI Backup Now 5 BackupSvc Application.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056] [MD5.40B87FE8A1A9A5AC9E5A91D96F212BCD] - (...) - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072] [MD5.3DFD9B00AAF472042E6D4FA8CCB74EFD] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 179.2.) -- C:\Windows\system32\nvvsvc.exe [203296] [MD5.875B04A71869D34A415CC8B4D4673EC4] - (.Skype Technologies - Skype Updater Service.) -- C:\Program Files\Skype\Updater\Updater.exe [161384] [MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [MD5.099AEE120CAC4A43CE307A828998392F] - (.Wacom Technology, Corp. - Tablet Service for consumer driver.) -- C:\Windows\system32\Pen_Tablet.exe [4497704] [MD5.77A3988CF9B5848BCBC9FB6A79508A56] - (.Wacom Technology, Corp. - Touch Service.) -- C:\Program Files\WTouch\WTouchService.exe [113448] [MD5.15A317674A08DF26BE65164D959E9203] - (.Conexant Systems, Inc. - Modem Audio Service.) -- C:\Windows\system32\DRIVERS\xaudio.exe [386560] ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ 3 Internet Explorer Management found in 0 second(s) ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\CYBERBUROTIK\AppData\Local\Google\Chrome\User Data\Default\Preferences G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com G1 - GCS: Preference [User Data\Default] None G2 - GCE: Preference [User Data\Default] [icmlaeflemplmjndnaapfdbbnpncnbda] avast! WebRep v.6.0.1203 ( Activé ) =>.© ~ 4 Google Chrome Management found in 1 second(s) ---\\ Liste des dossiers d'extension Google Chrome G2 - EXT: C:\Users\CYBERBUROTIK\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\icmlaeflemplmjndnaapfdbbnpncnbda [avast! WebRep] ~ 1 Google Chrome Extension Folfers found in 0 second(s) ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (Adobe® Flash® Player Plugin) -- C:\Windows\system32\Macromed\Flash\NPSWF32.dll P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (Adobe Shockwave Player) -- C:\Windows\system32\Adobe\Director\np32dsw.dll P2 - FPN: [HKLM] [@mcafee.com/McAfeeMssPlugin] - () -- C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (Ag Player) -- C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization) -- C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.3] - (Microsoft Office Live Plug-in for Firefox) -- C:\Program Files\Microsoft\Office Live\npOLW.dll P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.5] - (Microsoft Office Live Plug-in for Firefox) -- C:\Program Files\Microsoft\Office Live\npOLW.dll P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) -- C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (Windows Live Photo Gallery) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3508.1109] - (Windows Live Photo Gallery) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3538.0513] - (Windows Live Photo Gallery) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (Windows Presentation Foundation) -- C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll P2 - FPN: [HKLM] [@wacom.com/wacom-plugin,version=1.1.0.3] - (WebTablet Netscape Plugin) -- C:\Program Files\TabletPlugins\npwacom.dll P2 - FPN: [HKLM] [Adobe Acrobat] - (Adobe Acrobat Plugin for Firefox) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll P2 - FPN: [HKLM] [Adobe Reader] - (Adobe Reader Plugin for Firefox) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll ~ 15 Mozilla Firefox Preference found in 0 second(s) ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr =>.© Google Inc. R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com =>.© Microsoft Corp. R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com =>.© Microsoft Corp. R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com =>.© Google Inc. R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com =>.© Google Inc. R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) - C:\Windows\system32\ieframe.dll R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0 R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV9 = 1 R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0 ~ 15 Internet Explorer Management found in 0 second(s) ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 ~ 4 Proxy Management found in 0 second(s) ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File Scanned in 0 seconds ~ Nombre de lignes malwares (Malware Number Lines) : 0/12919 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} . (.McAfee, Inc. - Quick Browser Identifier for MSS+ Tool.) -- C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} . (.Microsoft Corporation - Microsoft Office Document Cache Handler.) -- C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask.com - Ask.com Toolbar.) -- C:\Program Files\Ask.com\GenericAskToolbar.dll =>Toolbar.Ask O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll ~ 6 Browser Helper Objects found in 0 second(s) ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 13/10/2013-11:59:53 113152 || ArcSoft Connect Daemon (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe SR - | Auto 10/03/2014-12:17:10 65432 || Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 23/10/2012-10:15:48 257928 || Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 09/05/2013-10:58:30 46808 || avast! Antivirus (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe SR - | Auto 20/11/2008-02:34:51 16384 || NTI Backup Now 5 Agent Service (BUNAgentSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe SS - | Demand 01/09/2010-14:58:53 124184 || T-Mobile Con App Svc (CATmobile) . (.SmithMicro Inc..) - C:\Program Files\Bouygues Telecom\Internet 3G+\conappssvc.exe SR - | Auto 23/07/2010-22:08:05 75048 || CLHNService (CLHNService) . (...) - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe SS - | Demand 06/07/2009-12:50:20 2092544 || @dfsrres.dll,-101 (DFSR) . (.Microsoft Corporation.) - C:\Windows\system32\DFSR.exe SR - | Auto 18/12/2008-04:57:56 500784 || eDataSecurity Service (eDataSecurity Service) . (.Egis Incorporated.) - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe SR - | Auto 18/12/2008-04:55:38 24576 || Empowering Technology Service (ETService) . (...) - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe SS - | Demand 16/07/2009-09:18:01 655624 || FLEXnet Licensing Service (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe SS - | Demand 03/08/2011-10:02:57 1492840 || Windows Live Family Safety Service (fsssvc) . (.Microsoft Corporation.) - C:\Program Files\Windows Live\Family Safety\fsssvc.exe SS - | Demand 21/01/2008-04:23:22 200704 || (HSFHWAZL) . (.Conexant Systems, Inc..) - C:\Windows\system32\DRIVERS\VSTAZL3.SYS SS - | Demand 20/09/2009-10:03:14 69632 || InstallDriver Table Manager (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe SR - | Auto 20/09/2012-09:08:21 1737728 || Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) . (.Lavasoft Limited .) - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe SR - | Auto 20/11/2008-02:34:30 61440 || LightScribeService Direct Disc Labeling Service (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe SR - | Auto 11/03/2014-10:07:49 418376 || (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 11/03/2014-10:07:48 701512 || (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SS - | Demand 10/03/2014-12:05:36 235696 || McAfee Security Scan Component Host Service (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe SR - | Auto 20/11/2008-02:52:05 110592 || MobilityService (MobilityService) . (...) - C:\Acer\Mobility Center\MobilityService.exe SS - | Demand 06/07/2009-12:49:38 73216 || Windows Installer (MSIServer) . (.Microsoft Corporation.) - C:\Windows\system32\msiexec.exe SR - | Auto 20/11/2008-02:34:50 45056 || NTI Backup Now 5 Backup Service (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe SR - | Auto 20/11/2008-02:34:50 131072 || NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) . (...) - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe SR - | Auto 04/03/2010-00:33:30 203296 || NVIDIA Display Driver Service (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SS - | Demand 01/09/2010-14:58:54 32408 || PCTINDIS5 NDIS Protocol Driver (PCTINDIS5) . (.Smith Micro Inc..) - C:\Windows\system32\PCTINDIS5.SYS SR - | Demand 20/11/2008-02:16:17 61952 || Realtek USB 2.0 Card Reader (RTSTOR) . (.Realtek Semiconductor Corp..) - C:\Windows\system32\drivers\RTSTOR.SYS SS - | Auto 03/06/2013-14:29:11 161384 || Skype Updater (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 06/07/2009-12:50:52 3408896 || @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) . (.Microsoft Corporation.) - C:\Windows\system32\SLsvc.exe SS - | Demand 05/11/2011-14:59:54 517096 || (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe SR - | Auto 22/07/2010-20:20:38 4497704 || TabletServicePen (TabletServicePen) . (.Wacom Technology, Corp..) - C:\Windows\system32\Pen_Tablet.exe SS - | Demand 01/09/2010-14:58:53 120088 || T-Mobile RcApp Svc (TMobileRcAppSvc) . (.SmithMicro Inc..) - C:\Program Files\Bouygues Telecom\Internet 3G+\RcAppSvc.exe SS - | Demand 23/06/2011-14:54:29 20549 || wampapache (wampapache) . (.Apache Software Foundation.) - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe SS - | Demand 23/06/2011-14:54:33 8133120 || wampmysqld (wampmysqld) . (...) - c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe SS - | Demand 19/06/2348-02:32:52 0 || WisINT15 (WisINT15) . (...) - C:\Elements\1stboot\WisINT15.SYS (.not file.) SR - | Auto 22/07/2010-20:23:45 113448 || WTouch Service (WTouchService) . (.Wacom Technology, Corp..) - C:\Program Files\WTouch\WTouchService.exe SR - | Auto 20/11/2008-10:23:21 386560 || XAudioService (XAudioService) . (.Conexant Systems, Inc..) - C:\Windows\system32\DRIVERS\xaudio.exe ~ 36 Services scanned in 2 second(s) ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "000021090200C0400000000000F01FEC" . (.Module de compatibilité pour Microsoft Office System 2007.) -- C:\Windows\Installer\{90120000-0020-040C-0000-0000000FF1CE}\O12ConvIcon.exe =>.© Microsoft O90 - PUC: "074A36B543391D44FA16C62EBD65A59E" . (.Orion.) -- C:\Windows\Installer\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}\_6FEFF9B68218417F98F549.exe O90 - PUC: "076CFAAAB965F2A4284B2449E5D03EFE" . (.Windows Live Writer.) -- C:\Windows\Installer\{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}\ApplicationIcon.ico O90 - PUC: "11F12B5E3396B0E42AC597363E0CD711" . (.Windows Live Messenger.) -- C:\Windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe O90 - PUC: "121E2D80A6F7BE3479DF26B944094330" . (.Microsoft_VC90_CRT_x86.) -- C:\Windows\Installer\{08D2E121-7F6A-43EB-97FD-629B44903403}\ARPPRODUCTICON.exe =>.© Microsoft O90 - PUC: "1C4235E6CF4867F4A9A36CE5708FE06E" . (.Complément Messenger.) -- C:\Windows\Installer\{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}\CompanionIcon O90 - PUC: "1D034B0FAA6BD374B960AAD30DF10D8B" . (.Microsoft SQL Server 2005 Compact Edition [ENU].) -- C:\Windows\Installer\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}\ProductIcon =>.© Microsoft O90 - PUC: "20B91A1DE71869244AB57058F37DD475" . (.Microsoft_VC80_MFC_x86.) -- C:\Windows\Installer\{D1A19B02-817E-4296-A45B-07853FD74D57}\ARPPRODUCTICON.exe =>.© Microsoft O90 - PUC: "218A12BEB17680D49B47A243F7D0F807" . (.HP Photosmart Essential.) -- C:\Windows\Installer\{EB21A812-671B-4D08-B974-2A347F0D8F70}\ARPPRODUCTICON.exe O90 - PUC: "2563365A59739284BBB046F420972E97" . (.Acer eDataSecurity Management.) -- C:\Windows\Installer\{A5633652-3795-4829-BB0B-644F0279E279}\ARPPRODUCTICON.exe O90 - PUC: "25BBB29DFF28DE24A8C3E460F249A47B" . (.Microsoft_VC80_MFCLOC_x86.) -- C:\Windows\Installer\{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}\ARPPRODUCTICON.exe =>.© Microsoft O90 - PUC: "2DAEED307B3FFB5409602AD510F5002D" . (.Adobe Flash Player 10 Plugin.) -- C:\Windows\Installer\{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}\ARPPRODUCTICON.exe =>.© O90 - PUC: "4A1AFE21B3CAC344183432E7ED674030" . (.NTI Backup Now Standard.) -- C:\Windows\Installer\{12EFA1A4-AC3B-443C-8143-237EDE760403}\ARPPRODUCTICON.exe O90 - PUC: "5B769D51EB4AEA24E94846DC60B252AA" . (.eSobi v2.) -- C:\Windows\Installer\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\ARPPRODUCTICON.exe O90 - PUC: "5DF77CCFE4679C04891AB1A5B4F6081D" . (.Internet 3G+ Bouygues Telecom .) -- C:\Windows\Installer\{FCC77FD5-764E-40C9-98A1-1B5A4B6F80D1}\ARPPRODUCTICON.exe =>.© O90 - PUC: "61F61FCBE0CAEBA49AFE14C24F48AB15" . (.Windows Live Family Safety.) -- C:\Windows\Installer\{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}\fssicon.ico O90 - PUC: "658AC349B492A484CBBF8AAA45D292F7" . (.syncables desktop.) -- C:\Windows\Installer\{943CA856-294B-484A-BCFB-A8AA542D297F}\ARPPRODUCTICON.exe O90 - PUC: "6719DF85FB71A9D47837E5AC92743D19" . (.Microsoft SQL Server Compact 3.5 SP1 - Français.) -- C:\Windows\Installer\{58FD9176-17BF-4D9A-8773-5ECA2947D391}\ProductIcon =>.© Microsoft O90 - PUC: "68AB67CA3301004F7706000000000040" . (.Adobe Acrobat 9 Pro - English, Français, Deutsch.) -- C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000004}\_SC_Acrobat.exe =>.© O90 - PUC: "68AB67CA7DA76301B744AA0100000010" . (.Adobe Reader X (10.1.9) - Français.) -- C:\Windows\Installer\{AC76BA86-7AD7-1036-7B44-AA1000000001}\SC_Reader.ico =>.© O90 - PUC: "743C7362DAD96D11E92A0050D5C07A16" . (.PowerCinema.) -- C:\Windows\Installer\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\ARPPRODUCTICON.exe O90 - PUC: "789B078FCB81CF54B98E530CD2DC1AF0" . (.Broadcom Gigabit Integrated Controller.) -- C:\Windows\Installer\{F870B987-18BC-45FC-9BE8-35C02DCDA10F}\ARPPRODUCTICON.exe O90 - PUC: "7CEBB04F4A2C00A4B942A750A5C22526" . (.Microsoft Office Live Add-in 1.5.) -- C:\Windows\Installer\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}\ProductIcon =>.© Microsoft O90 - PUC: "8B45D5D892D34BA4D88A8186AD9F148D" . (.OpenOffice 4.0.1.) -- C:\Windows\Installer\{8D5D54B8-3D29-4AB4-8DA8-1868DAF941D8}\soffice.ico O90 - PUC: "8F7463F0D15ECCF48826A9D8C0A5FC52" . (.Microsoft_VC80_ATL_x86.) -- C:\Windows\Installer\{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}\ARPPRODUCTICON.exe =>.© Microsoft O90 - PUC: "91785D291CBB3CC40AB8659C8E48CCC2" . (.Microsoft_VC80_CRT_x86.) -- C:\Windows\Installer\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}\ARPPRODUCTICON.exe =>.© Microsoft O90 - PUC: "9B8BD42DC6BB43346991ABC156E0313D" . (.Microsoft Primary Interoperability Assemblies 2005.) -- C:\Windows\Installer\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}\[SystemFolder]msiexec.exe =>.© Microsoft O90 - PUC: "A28B4D68DEBAA244EB686953B7074FEF" . (.Nero Toolbar.) -- C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe =>.© O90 - PUC: "B5DEF536D6C2EB94786EA7F6DC22CBA5" . (.Microsoft_VC90_MFC_x86.) -- C:\Windows\Installer\{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}\ARPPRODUCTICON.exe =>.© Microsoft O90 - PUC: "C039314290386A74CB16E52FA72422CB" . (.NTI Media Maker 8.) -- C:\Windows\Installer\{2413930C-8309-47A6-BC61-5EF27A4222BC}\ARPPRODUCTICON.exe O90 - PUC: "C040820900063D11C8EF00054038389C" . (.Microsoft Office XP Professional avec FrontPage.) -- C:\Windows\Installer\{9028040C-6000-11D3-8CFE-0050048383C9}\misc.exe,6 =>.© Microsoft O90 - PUC: "C4E4AFE2F5B77F841A0CA18A287B9A3C" . (.HP Update.) -- C:\Windows\Installer\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}\ARPPRODUCTICON.exe O90 - PUC: "D366E3D3E7E477545A06E7DCDD5445A8" . (.PVSonyDll.) -- C:\Windows\Installer\{3D3E663D-4E7E-4577-A560-7ECDDD45548A}\ARPPRODUCTICON.exe =>.© O90 - PUC: "D7314F9862C648A4DB8BE2A5B47BE100" . (.Microsoft Silverlight.) -- C:\Windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ARPIcon =>.© Microsoft O90 - PUC: "D83BC1B64E2E03a439D3FEEDAB67DAC9" . (.Microsoft Works.) -- c:\Windows\Installer\{6B1CB38D-E2E4-4a30-933D-EFDEBA76AD9C}\Win2Kico.exe =>.© Microsoft O90 - PUC: "E7FF67E4ABEA78C47B88DC745E24B5D9" . (.Skype™ 6.3.) -- C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe =>.© O90 - PUC: "E873E3303DA65DA4DBBEBC6DB91340C6" . (.Microsoft_VC90_ATL_x86.) -- C:\Windows\Installer\{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}\ARPPRODUCTICON.exe =>.© Microsoft ~ 37 Product Upgrade Codes Files found in 0 second(s) ---\\ Enumère les données de la clé NameSpace (MNS) (O92) O92 - MNS: Dossiers Web - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} ~ 1 MyComputer Name Space scanned in 0 second(s) ---\\ Recherche de clés de registre CLSID (O101) [HKCR\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] (Groove GFS Browser Helper) =>Trojan.FindFDSearch [HKCR\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}] (babylonToolbar.com) =>PUP.Babylon ~ 2 Search CLSID Keys scanned in 5 second(s) ---\\ Scan Additionnel (O88 ) Database Version : 13036 (30/03/2014) Clés trouvées (Keys found) : 7 Dossiers trouvés (Folders found) : 6 Fichiers trouvés (Files found) : 2 HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} =>Toolbar.Ask HKLM\SOFTWARE\adawaretb =>Toolbar.Adaware HKLM\SOFTWARE\Babylon =>PUP.Babylon HKLM\SOFTWARE\Toolbar Cleaner =>Adware.ToolbarCleaner HKCU\Software\AskToolbar =>Toolbar.Ask HKCU\Software\Softonic =>Toolbar.Conduit HKCU\Software\AppDataLow\Software\AskToolbar =>Toolbar.Ask C:\Program Files\adawaretb =>Toolbar.Adaware C:\Program Files\BabylonToolbar =>PUP.Babylon C:\Program Files\Convesoft =>PUP.Convesoft C:\Program Files\Toolbar Cleaner =>Adware.ToolbarCleaner C:\ProgramData\Babylon =>PUP.Babylon C:\Users\CYBERBUROTIK\AppData\Local\Babylon =>PUP.Babylon C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe =>PUP.Mocaflix C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe =>PUP.Mocaflix ~ Additionnal Scan: 7392 Items scanned in 0 seconds ---\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ http://nicolascoolman.webs.com/apps/blog/show/28486577-pup-mocaflix =>PUP.MocaFlix ~ http://nicolascoolman.webs.com/apps/blog/show/31039710-pup-convesoft =>PUP.Convesoft ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/33105275-adware-toolbarcleaner =>Adware.ToolbarCleaner ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/34817643-trojan-findfdsearch =>Trojan.FindFDSearch ~ MSI: 7 link(s) detected ~ End of the scan (0/1620 lines) in 57 seconds)