~ Rapport de ZHPDiag v2014.12.17.175 - Nicolas Coolman (2014-12-17) ~ Lancé par Steve et Lyne (2014-12-18 08:51:13) ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ Adresse du Forum http://forum.nicolascoolman.fr ~ Traduit par Nicolas Coolman ~ Etat de la version : Version à jour. ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Activate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.17501 MFIE: Mozilla Firefox 23.0.1 GCIE: Google Chrome v38.0.2125.111 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ---\\ Logiciels de protection du système AVG 2014 v14.0.4235 Windows Defender W7 (Deactivate) ---\\ Logiciels d'optimisation du système ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 12 ActiveX Adobe Reader XI ---\\ Informations sur le système ~ Processor: AMD64 Family 16 Model 2 Stepping 3, AuthenticAMD ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4094 MB (59% free) System Restore: Activé (Enable) System drive C: has 15 GB (3%) free of 466 GB ---\\ Mode de connexion au système ~ Computer Name: STEVEETLYNE-PC ~ User Name: Steve et Lyne ~ All Users Names: UpdatusUser, Steve et Lyne, Lyne Bou, HomeGroupUser$, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Steve et Lyne\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Steve et Lyne\AppData\Roaming\ ~ %Desktop% : C:\Users\Steve et Lyne\Desktop\ ~ %Favorites% : C:\Users\Steve et Lyne\Favorites\ ~ %LocalAppData% : C:\Users\Steve et Lyne\AppData\Local\ ~ %StartMenu% : C:\Users\Steve et Lyne\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques A: Floppy drive, Flash card reader, USB Key (Not Inserted) C: Hard drive, Flash drive, Thumb drive (Free 15 Go of 466 Go) D: CD-ROM drive (Not Inserted) E: CD-ROM drive (Free 0 Go of 3 Go) G: Floppy drive, Flash card reader, USB Key (Free 17 Go of 60 Go) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.2011-02-25 - 01:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2009-07-13 - 20:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.4AF089160FE082E5EA5C4AA72782DCA2] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2014-11-21 - 20:28:21.) -- C:\Windows\System32\wininet.dll [2358272] [MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.2014-07-16 - 21:07:24.) -- C:\Windows\System32\Winlogon.exe [455168] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.2010-11-20 - 08:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2014-05-30 - 01:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-07-13 - 20:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009-07-13 - 18:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010-11-20 - 04:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010-11-20 - 04:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010-11-20 - 05:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.2009-07-13 - 18:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.2009-07-13 - 19:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-26 - 21:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.2010-11-20 - 04:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2014-01-23 - 21:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.2009-07-13 - 19:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2010-11-20 - 05:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.2009-07-13 - 19:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.70988118145F5F10EF24720B97F35F65] - (.Microsoft Corporation - TDI Translation Driver.) (.2014-11-10 - 20:46:26.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2010-11-20 - 08:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/2638 ~ Mes musiques (My Musics) : 1/220 ~ Mes Videos (My Videos) : 2/16 ~ Mes Favoris (My Favorites) : 1/25 ~ Mes Documents (My Documents) : 1/305 ~ Mon Bureau (My Desktop) : 2/3421 ~ Menu demarrer (Programs) : 1/74 ~ Hidden Files: Scanned in 00mn 11s ---\\ Processus lancés [MD5.6B08632F7634F344372B25A507DA7C47] - (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1012000] [PID.3924] [MD5.05DD0C6B983F7C2E9B4BF1B91AFC3545] - (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe [1940160] [PID.3860] [MD5.48C3EBD6D5E52AFCB1A0FA9B7F9802FA] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.3312] [MD5.799BCC829F48F19C5689478179060435] - (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.3792] [MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Steve et Lyne\AppData\Local\Google\Update\GoogleUpdate.exe [116648] [PID.3724] [MD5.DAB55357D9CC9A76052F4472EBD5C729] - (.Apple Inc. - Apple IE DAV.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408] [PID.3448] [MD5.08DFA176E4FC0E63ACD8EC854449D2B0] - (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Steve et Lyne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344] [PID.3544] [MD5.3BC680C382FE7CA77AD559EF82E79D50] - (.Sony Computer Entertainment Inc. - Content Manager Assistant.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe [3576440] [PID.3492] [MD5.C038485F5A537A60A19EAC8C15D98161] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112] [PID.1292] [MD5.AD9C4FBBD6BAE0794B71066DF63849CB] - (.Primax Electronics Ltd. - Pas de description.) -- C:\ProgramData\HP Wi-Fi Mobile Mouse Config\PelAstro.exe [65536] [PID.4212] [MD5.76375D7763C9B56C0E96AE30F6160DFF] - (.Druide informatique inc. - AgentAntidote.) -- C:\Druide\Antidote 7\Programmes32\agentantidote.exe [600256] [PID.4248] [MD5.A7D6721D90AB8D3EE1DB118F23FEB653] - (.Pas de propriétaire - VProtect Application.) -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408] [PID.4324] [MD5.D2E3E6D94A9E1CFA1561D9C748136FD0] - (.Apple Inc. - iTunesHelper.) -- C:\iTunes\iTunesHelper.exe [152392] [PID.4332] [MD5.47833576F0BEE0AD7B45109982B769BD] - (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe [59720] [PID.4368] [MD5.2AF39FCC0AF8D14B6A349095033F395E] - (.Sony Computer Entertainment Inc. - Content Manager Assistant.) -- C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe [525448] [PID.2776] [MD5.31D74F51C684B27A24BE0EE08DB998EF] - (.Valve Corporation - Steam Client WebHelper.) -- C:\Program Files (x86)\Steam\bin\steamwebhelper.exe [1519808] [PID.2980] [MD5.6226810F26227F083929AC5584122951] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Steve et Lyne\AppData\Roaming\Dropbox\bin\Dropbox.exe [39207112] [PID.6972] [MD5.A0A6B2F100DD704C419DC0767EA313EB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8141824] [PID.5136] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Steve et Lyne\AppData\Local\Google\Chrome\User Data\Default\Preferences ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 0 Legitimates Filtered in 00mn 09s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Steve et Lyne\AppData\Roaming\Mozilla\Firefox\Profiles\rjhh5z96.default\prefs.js M3 - MFPP: Plugins - [Steve et Lyne] -- C:\Users\Steve et Lyne\AppData\Roaming\Mozilla\Firefox\Profiles\rjhh5z96.default\searchplugins\conduit-search.xml =>Toolbar.Conduit M0 - MFSP: prefs.js [Steve et Lyne - rjhh5z96.default] http://mysearch.avg.com ~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hôte est sain (The hosts file is clean) (21) ~ Hosts File: Scanned in 00mn 00s ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: AVG SafeGuard toolbar [64Bits] - {95B7759C-8C7F-4BF1-B163-73684A933233} . (.AVG Secure Search - toolbar.dll.) -- C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll =>Toolbar.AVGSearch ~ BHO: 3 Legitimates Filtered in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\QuickLaunch [Steve et Lyne]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Steve et Lyne\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\Desktop [Steve et Lyne]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Steve et Lyne\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Global Startup: 2 Legitimates Filtered in 00mn 04s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated O4 - HKCU\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (.not file.) O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Steve et Lyne\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd O4 - HKCU\..\Run: [AppleIEDAV] . (.Apple Inc. - Apple IE DAV.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe O4 - HKCU\..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\Steve et Lyne\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe (.not file.) =>Toolbar.AVGSearch O4 - HKCU\..\Run: [RGSC] . (.Take-Two Interactive Software, Inc. - RGSCLauncher.) -- C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe O4 - HKCU\..\Run: [AVG-Secure-Search-Update_0214c] C:\Users\Steve et Lyne\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe (.not file.) =>Toolbar.AVGSearch O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_F772E7EE57E9C767E902E5E2894F6E69] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.exe =>.Epson Seiko Corporation O4 - HKCU\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\Steve et Lyne\AppData\Roaming\Spotify\Spotify.exe O4 - HKCU\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Steve et Lyne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1418907480 O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5.5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5.5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe O4 - HKLM\..\Wow6432Node\Run: [PelAstro] . (.Primax Electronics Ltd. - Pas de description.) -- C:\ProgramData\HP Wi-Fi Mobile Mouse Config\PelAstro.exe O4 - HKLM\..\Wow6432Node\Run: [HPMonitor] . (.Hewlett-Packard - HP Mouse and Keyboard Suite Monitor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Wi-Fi Mobile Mouse\hpMonitor23.exe O4 - HKLM\..\Wow6432Node\Run: [agentantidote.exe] . (.Druide informatique inc. - AgentAntidote.) -- C:\Druide\Antidote 7\Programmes32\agentantidote.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [vProt] . (.Pas de propriétaire - VProtect Application.) -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-389638890-100705227-403248912-1000\..\Run: [Steam] . (.Valve Corporation - Steam Client Bootstrapper.) -- C:\Program Files (x86)\Steam\Steam.exe O4 - HKUS\S-1-5-21-389638890-100705227-403248912-1000\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKUS\S-1-5-21-389638890-100705227-403248912-1000\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKUS\S-1-5-21-389638890-100705227-403248912-1000\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (.not file.) O4 - HKUS\S-1-5-21-389638890-100705227-403248912-1000\..\Run: [Google Update] . (.Google Inc. - Programme d'installation de Google.) -- C:\Users\Steve et Lyne\AppData\Local\Google\Update\GoogleUpdate.exe =>.Google Inc O4 - HKUS\S-1-5-21-389638890-100705227-403248912-1000\..\Run: [AdobeBridge] Clé orpheline O4 - HKUS\S-1-5-21-389638890-100705227-403248912-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd O4 - HKUS\S-1-5-21-389638890-100705227-403248912-1000\..\Run: [AppleIEDAV] . (.Apple Inc. - Apple IE DAV.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe O4 - HKUS\S-1-5-21-389638890-100705227-403248912-1000\..\Run: [AVG-Secure-Search-Update_1213b] C:\Users\Steve et Lyne\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe (.not file.) =>Toolbar.AVGSearch O4 - HKUS\S-1-5-21-389638890-100705227-403248912-1000\..\Run: [RGSC] . (.Take-Two Interactive Software, Inc. - RGSCLauncher.) -- C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe O4 - HKUS\S-1-5-21-389638890-100705227-403248912-1000\..\Run: [AVG-Secure-Search-Update_0214c] C:\Users\Steve et Lyne\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe (.not file.) =>Toolbar.AVGSearch O4 - HKUS\S-1-5-21-389638890-100705227-403248912-1000\..\Run: [GoogleChromeAutoLaunch_F772E7EE57E9C767E902E5E2894F6E69] . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - HKUS\S-1-5-21-389638890-100705227-403248912-1000\..\Run: [EPLTarget\P0000000000000000] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIUE.exe =>.Epson Seiko Corporation O4 - HKUS\S-1-5-21-389638890-100705227-403248912-1000\..\Run: [Spotify] . (.Spotify Ltd - Spotify.) -- C:\Users\Steve et Lyne\AppData\Roaming\Spotify\Spotify.exe O4 - HKUS\S-1-5-21-389638890-100705227-403248912-1000\..\Run: [Spotify Web Helper] . (.Spotify Ltd - SpotifyWebHelper.) -- C:\Users\Steve et Lyne\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe O4 - HKUS\S-1-5-21-389638890-100705227-403248912-1000\..\RunOnce: [Adobe Speed Launcher] 1418907480 ~ Application: Scanned in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{36725189-BE18-4D37-9422-6B70A5C2B559}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\..\{36725189-BE18-4D37-9422-6B70A5C2B559}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{36725189-BE18-4D37-9422-6B70A5C2B559}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{36725189-BE18-4D37-9422-6B70A5C2B559}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{36725189-BE18-4D37-9422-6B70A5C2B559}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS2\Services\Tcpip\..\{36725189-BE18-4D37-9422-6B70A5C2B559}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: viprotocol [64Bits] - {B658800C-F66E-4EF3-AB85-6C0C227862A9} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: AstroS (AstroS) . (...) - C:\ProgramData\HP Wi-Fi Mobile Mouse Config\AstroS.exe O23 - Service: VideoCnv (fa6789c5) . (...) - c:\Program Files (x86)\VideoCnv\Zet.dll =>Adware.VideoCnv O23 - Service: ForceWare Intelligent Application Manager (IAM) (ForceWare Intelligent Application Manager (IAM)) . (.Pas de propriétaire - app_filter Module.) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: (Update service) . (.Company - Updater.) - C:\Program Files (x86)\Popcorn Time\Updater.exe O23 - Service: (vToolbarUpdater18.1.9) . (.AVG Secure Search - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe =>Toolbar.AVGSearch ~ Services: 22 Legitimates Filtered in 00mn 05s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [{1F045563-37FA-4DFC-8CA8-7C63B583E6D0}] (...) -- D:\SETUP.exe (.not file.) [0] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-389638890-100705227-403248912-1000Core [1058] O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-389638890-100705227-403248912-1000UA [1110] ~ Scheduled Task: 13 Legitimates Filtered in 00mn 03s ---\\ Logiciels installés (O42) O42 - Logiciel: ClipCnv - (.Software Publisher.) [HKLM][64Bits] -- {12DA0E6F-5543-440C-BAA2-28BF01070AFA}{5e9aae86} O42 - Logiciel: Ethan: Meteor Hunter - (.Seaven Studio.) [HKLM][64Bits] -- Steam App 266330 O42 - Logiciel: Information - Radio-Canada.ca - (.Radio-Canada.) [HKLM][64Bits] -- Widget.13BC082BABA5407D3C98AC73F5DE7F4088D231BF.1 O42 - Logiciel: Information - Radio-Canada.ca - (.Radio-Canada.) [HKLM][64Bits] -- {4CB17967-6E62-A2FE-A790-45074599D5CC} O42 - Logiciel: Loadout - (.Edge of Reality.) [HKLM][64Bits] -- Steam App 208090 O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars O42 - Logiciel: Popcorn Time - (.Popcorn Time.) [HKLM][64Bits] -- Popcorn Time_is1 O42 - Logiciel: RESCUE 2013 - (.rondomedia GmbH.) [HKCU][64Bits] -- RESCUE 2013 O42 - Logiciel: Serena - (.Senscape.) [HKLM][64Bits] -- Steam App 272060 O42 - Logiciel: Smooth Operators - Indie Gala Edition - (.Heydeck Games.) [HKCU][64Bits] -- 6b0b0d2561055daf O42 - Logiciel: The Wolf Among Us - (...) [HKLM][64Bits] -- VGhlV29sZkFtb25nVXM=_is1 O42 - Logiciel: VideoCnv - (.Software Publisher.) [HKLM][64Bits] -- {12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fa6789c5} =>Adware.VideoCnv O42 - Logiciel: Virtual Pool 3 DL - (.Celeris.) [HKLM][64Bits] -- {7B4873B0-71FF-4BAA-8072-1DEE154C54E4} O42 - Logiciel: beautydeals - (."".) [HKLM][64Bits] -- {AED1B7A5-67A5-84A5-B646-E3541CE0BB5F} O42 - Logiciel: browse2buy - (."".) [HKLM][64Bits] -- {D11ED002-6B5F-0D8B-FFCE-C72742F2ABA3} O42 - Logiciel: crazydeal - (.crazydeal.) [HKLM][64Bits] -- {37476589-E48E-439E-A706-56189E2ED4C4}_is1 O42 - Logiciel: funshopper - (."".) [HKLM][64Bits] -- {68FAFA66-8B9D-79B4-814C-A744C8AC991D} ~ Logic: 31 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Celeris] [HKCU\Software\Ludosity] [HKCU\Software\Necrophone Games] [HKCU\Software\Popcorn Time] [HKCU\Software\The Fullbright Company] [HKCU\Software\Voxler] [HKLM\Software\Wow6432Node\FarSight Studios] [HKLM\Software\Wow6432Node\id] ~ Key Software: 401 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 2013-11-19 - 07:43:17 - [] ----D C:\Program Files (x86)\BFG O43 - CFD: 2014-05-15 - 19:25:57 - [] ----D C:\Program Files (x86)\Celeris O43 - CFD: 2014-02-08 - 12:59:27 - [] ----D C:\Program Files (x86)\Contrast O43 - CFD: 2014-12-13 - 10:53:57 - [] ----D C:\Program Files (x86)\FarSight Studios O43 - CFD: 2013-09-23 - 13:37:01 - [] ----D C:\Program Files (x86)\Hello Games O43 - CFD: 2014-04-03 - 06:01:53 - [] ----D C:\Program Files (x86)\iPixSoft O43 - CFD: 2013-09-15 - 10:16:54 - [] ----D C:\Program Files (x86)\PokerStars O43 - CFD: 2014-10-17 - 02:18:44 - [] ----D C:\Program Files (x86)\Popcorn Time O43 - CFD: 2014-04-03 - 06:35:50 - [] ----D C:\Program Files (x86)\Radio-Canada O43 - CFD: 2013-12-26 - 12:22:11 - [] ----D C:\Program Files (x86)\Rescue2013 O43 - CFD: 2014-10-27 - 19:00:32 - [] ----D C:\Program Files (x86)\VideoCnv =>Adware.VideoCnv O43 - CFD: 2014-12-07 - 13:31:18 - [0] ----D C:\Program Files (x86)\VoxlerGames O43 - CFD: 2014-12-14 - 10:42:37 - [] ----D C:\ProgramData\beautydeals O43 - CFD: 2014-12-14 - 10:42:36 - [] ----D C:\ProgramData\browse2buy O43 - CFD: 2014-12-11 - 20:26:31 - [] ----D C:\ProgramData\crazydeal O43 - CFD: 2014-12-11 - 20:26:19 - [] ----D C:\ProgramData\dca4acf3394b8683 O43 - CFD: 2014-11-25 - 18:33:41 - [] ----D C:\ProgramData\funshopper O43 - CFD: 2014-11-25 - 18:33:50 - [] ----D C:\ProgramData\gifton O43 - CFD: 2014-11-01 - 20:41:52 - [] ----D C:\ProgramData\takegif O43 - CFD: 2013-11-19 - 07:31:29 - [] ----D C:\ProgramData\Trymedia =>Adware.Trymedia O43 - CFD: 2014-12-13 - 10:47:57 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FarSight Studios O43 - CFD: 2014-04-05 - 07:35:16 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud O43 - CFD: 2014-04-03 - 06:02:02 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPixSoft O43 - CFD: 2014-10-16 - 02:51:44 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time O43 - CFD: 2014-04-03 - 06:35:51 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radio-Canada O43 - CFD: 2009-07-14 - 10:35:05 - [0] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC O43 - CFD: 2014-05-15 - 19:26:06 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Pool 3 DL O43 - CFD: 2014-01-22 - 10:16:54 - [] ----D C:\Users\Steve et Lyne\AppData\Roaming\Allgraf O43 - CFD: 2014-12-13 - 10:46:08 - [] ----D C:\Users\Steve et Lyne\AppData\Roaming\FarSight Studios O43 - CFD: 2014-08-22 - 22:51:34 - [] ----D C:\Users\Steve et Lyne\AppData\Roaming\Popcorn Time O43 - CFD: 2014-08-27 - 21:16:59 - [] ----D C:\Users\Steve et Lyne\AppData\Roaming\PopcornTime O43 - CFD: 2014-03-08 - 18:13:21 - [] ----D C:\Users\Steve et Lyne\AppData\Roaming\Post Master O43 - CFD: 2014-04-03 - 06:37:34 - [] ----D C:\Users\Steve et Lyne\AppData\Roaming\Widget O43 - CFD: 2014-04-03 - 06:35:53 - [] ----D C:\Users\Steve et Lyne\AppData\Roaming\Widget.13BC082BABA5407D3C98AC73F5DE7F4088D231BF.1 O43 - CFD: 2013-09-27 - 23:43:23 - [] --H-D C:\Users\Steve et Lyne\AppData\Local\5kmFgT9pDLY O43 - CFD: 2014-08-10 - 13:15:12 - [] ----D C:\Users\Steve et Lyne\AppData\Local\EdgeOfReality O43 - CFD: 2013-09-27 - 23:43:23 - [] --H-D C:\Users\Steve et Lyne\AppData\Local\OVbtadGF2 O43 - CFD: 2013-09-15 - 10:17:04 - [] ----D C:\Users\Steve et Lyne\AppData\Local\PokerStars O43 - CFD: 2014-08-22 - 22:43:00 - [] ----D C:\Users\Steve et Lyne\AppData\Local\Popcorn-Time O43 - CFD: 2013-09-09 - 09:25:59 - [] ----D C:\Users\Steve et Lyne\AppData\Local\Screwfly_Studios O43 - CFD: 2013-11-23 - 18:36:33 - [] ----D C:\Users\Steve et Lyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heydeck Games O43 - CFD: 2013-09-15 - 10:16:44 - [] ----D C:\Users\Steve et Lyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars O43 - CFD: 2013-12-26 - 12:21:17 - [] ----D C:\Users\Steve et Lyne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RESCUE 2013 – Héros du quotidien ~ Program Folder: 319 Legitimates Filtered in 00mn 02s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.70B16EC67F6B1D9E88E9FD85FFC7B8ED] - 2014-12-13 - 11:34:43 ---A- . (...) -- C:\Windows\DirectX.log [469257] ~ Files: 59 Legitimates Filtered in 00mn 09s ---\\ Clé de registre Shell MountPoints2 (MPSK) (O51) O51 - MPSK:{0d506f0d-237a-11e3-a198-00248c1def67}\AutoRun\command. (.FarSight Studios - The Pinball Arcade..) -- E:\Setup.exe O51 - MPSK:{51356aa7-3e39-11e3-bddd-00248c1def67}\AutoRun\command. (.FarSight Studios - The Pinball Arcade..) -- E:\setup.exe O51 - MPSK:{ae6ec823-836c-11e3-a303-00248c1def67}\AutoRun\command. (...) -- F:\drivers\setup.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:2005-03-29 - 00:30:38 ---A- . (.Pas de propriétaire - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [8192] O58 - SDL:2009-07-13 - 20:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:2009-06-10 - 15:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:2009-07-13 - 20:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] O58 - SDL:2012-12-13 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784] ~ Drivers: 63 Legitimates Filtered in 00mn 03s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 2009-06-10 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV ~ Legacy: 74 Legitimates Filtered in 00mn 00s ---\\ Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} - (Conduit Search) - http://search.conduit.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {95B7759C-8C7F-4BF1-B163-73684A933233} - (AVG Secure Search) - http://mysearch.avg.com =>Toolbar.AVGSearch ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.1036E3DDDC89A4E68D8A33F3823A180E] [SPRF][2014-12-11] (...) -- C:\Users\Steve et Lyne\AppData\Roaming\appdataFr2.bin [4] ~ Files: 1 Legitimates Filtered in 00mn 00s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{85F84BC3-0F0D-4260-ABD5-7D106EF25A30}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Steve et Lyne\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{ACB2EF15-46AB-4A20-9761-7D202A741CCA}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Steve et Lyne\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{B5DD71F2-391A-4CCF-9827-0A134C41CD0D}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Steve et Lyne\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent O87 - FAEL: "{A093C580-A1D3-4376-90E3-2D78DE605A2C}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Steve et Lyne\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent ~ Firewall: 4 Legitimates Filtered in 00mn 03s ---\\ Recherche de clés de registre Tracing (O100) HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent ~ BTK: 88 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 2013-08-16 476936 | (BRSptSvc) . (.BitRaider, LLC.) - C:\ProgramData\BitRaider\BRSptSvc.exe SS - | Auto 2011-12-11 135824 | (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\Windows\system32\EscSvc64.exe SS - | Auto 2013-08-16 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 2013-08-16 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 2013-08-14 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 2013-10-23 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 2010-02-19 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe SS - | Demand 2009-07-13 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 2014-12-03 81088 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 2014-02-12 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 2010-12-01 172032 | (AstroS) . (...) - C:\ProgramData\HP Wi-Fi Mobile Mouse Config\AstroS.exe SR - | Auto 2014-11-07 3247120 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe SR - | Auto 2014-11-07 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe SR - | Auto 2011-08-30 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 2012-02-27 151648 | (EPSON_PM_RPCV4_05) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.exe SR - | Auto 2014-10-27 3752448 | (fa6789c5) . (...) - c:\Program Files (x86)\VideoCnv\Zet.dll =>Adware.VideoCnv SR - | Auto 2009-04-19 625184 | (ForceWare Intelligent Application Manager (IAM)) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe SR - | Demand 2014-05-26 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 2010-04-14 1052328 | (lxeb_device) . (...) - C:\Windows\system32\lxebcoms.exe SR - | Auto 2013-08-04 2650960 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe SR - | Auto 2009-04-19 207904 | (nSvcIp) . (...) - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe SR - | Auto 2013-06-21 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 2013-05-16 1826592 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 2011-10-06 97560 | (ozwpansvc) . (.Ozmo Inc.) - C:\Program Files\WPAN Driver\WPAN Driver\ozwpansvc.exe SR - | Auto 1658-07-10 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe SR - | Demand 2014-11-18 833728 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe SR - | Auto 2013-06-21 413472 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SR - | Auto 2014-10-09 179200 | (Update service) . (.Company.) - C:\Program Files (x86)\Popcorn Time\Updater.exe SR - | Auto 2014-08-12 1820184 | (vToolbarUpdater18.1.9) . (.AVG Secure Search.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe =>Toolbar.AVGSearch SR - | Auto 1658-07-10 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 2009-07-13 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 10s ---\\ Scan Additionnel (O88) Database Version : 13026 - (2014-12-17) Clés trouvées (Keys found) : 34 Valeurs trouvées (Values found) : 3 Dossiers trouvés (Folders found) : 7 Fichiers trouvés (Files found) : 23 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] =>Toolbar.AVGSearch^ [HKLM\SYSTEM\CurrentControlSet\Services\fa6789c5] =>Adware.VideoCnv^ [HKLM\SYSTEM\CurrentControlSet\Services\vToolbarUpdater18.1.9] =>Toolbar.AVGSearch^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{fa6789c5}] =>Adware.VideoCnv^ [HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}] =>Toolbar.AVGSearch [HKLM\Software\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}] =>Toolbar.AVGSearch [HKLM\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}] =>Toolbar.AVGSearch [HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits [HKLM\Software\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}] =>PUP.ToparcadeHits [HKLM\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}] =>Toolbar.AVGSearch [HKLM\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}] =>Toolbar.Conduit [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] =>Toolbar.AVGSearch [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}] =>Toolbar.AVGSearch [HKLM\Software\Classes\S] =>Toolbar.Agent [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi] =>Toolbar.AVGSearch [HKLM\Software\Classes\ScriptHelper.ScriptHelperApi.1] =>Toolbar.AVGSearch [HKLM\Software\Classes\ViProtocol.ViProtocolOLE] =>Toolbar.AVGSearch [HKLM\Software\Classes\ViProtocol.ViProtocolOLE.1] =>Toolbar.AVGSearch [HKLM\Software\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}] =>Adware.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard [HKCU\Software\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard [HKLM\Software\Wow6432Node\AVG SafeGuard toolbar] =>Toolbar.AVGSafeGuard [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:AVG-Secure-Search-Update_1213b =>Toolbar.AVGSearch^ C:\Program Files (x86)\VideoCnv =>Adware.VideoCnv^ C:\ProgramData\Trymedia =>Adware.Trymedia^ C:\Program Files (x86)\AVG Security Toolbar =>Toolbar.AVGSearch C:\Program Files (x86)\Common Files\AVG Secure Search =>Toolbar.AVGSearch C:\ProgramData\AVG Secure Search =>Toolbar.AVGSearch C:\ProgramData\AVG Security Toolbar =>Toolbar.AVGSearch C:\Users\Steve et Lyne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof =>Toolbar.AVGSearch C:\Users\Steve et Lyne\AppData\Local\Temp\wajam_download.exe =>PUP.Wajam C:\Users\Steve et Lyne\AppData\Local\Temp\nsb7137.exe =>Toolbar.Conduit C:\Users\Steve et Lyne\AppData\Local\Temp\nse229.tmp =>Adware.MegaSearch C:\Users\Steve et Lyne\AppData\Local\Temp\nsfB6F4.exe =>Toolbar.Conduit C:\Users\Steve et Lyne\AppData\Local\Temp\nsj98DF.tmp =>Adware.MegaSearch C:\Users\Steve et Lyne\AppData\Local\Temp\nsoD552.tmp =>Adware.MegaSearch C:\Users\Steve et Lyne\AppData\Local\Temp\nsr242E.exe =>Toolbar.Conduit C:\Users\Steve et Lyne\AppData\Local\Temp\nsw222A.exe =>Toolbar.Conduit C:\Users\Steve et Lyne\AppData\Local\Temp\nsw2622.exe =>Toolbar.Conduit C:\Users\Steve et Lyne\AppData\Local\Temp\nsw6F43.exe =>Toolbar.Conduit C:\Users\Steve et Lyne\AppData\Local\Temp\nsw733B.exe =>Toolbar.Conduit C:\Users\Steve et Lyne\AppData\Local\Temp\uttE75B.tmp.exe =>Toolbar.Conduit ~ Additionnel Scan: 446502 Items scanned in 01mn 31s ---\\ Informations complémentaires sur les modules ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Proxy Management (R5) ~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects de navigateur (O2) ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/ =>.Applications lancées au démarrage du système (O4) ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/ =>.Clé de registre Shell MountPoints2 (MPSK) (O51) ~ AMI: 4 Legitimates Filtered in 00mn 00s ---\\ Récapitulatif des détections trouvées sur votre station http://nicolascoolman.fr/toolbar-conduit =>Toolbar.Conduit http://www.nicolascoolman.fr/blog/ =>Adware.VideoCnv http://nicolascoolman.fr/adware-trymedia =>Adware.Trymedia http://nicolascoolman.fr/pup-toparcadehits =>PUP.ToparcadeHits http://www.nicolascoolman.fr/blog/ =>Toolbar.Agent http://www.nicolascoolman.fr/blog/ =>Adware.Agent http://www.nicolascoolman.fr/blog/ =>Toolbar.AVGSafeGuard http://nicolascoolman.fr/adware-imbooster =>Adware.IMBooster http://nicolascoolman.fr/pup-wajam =>PUP.Wajam http://nicolascoolman.fr/adware-megasearch =>Adware.MegaSearch ~ MSI: 10 link(s) detected in 00mn 00s ~ 1011 Legitimates filtered by white list End of the scan (595 lines in 03mn 01s)(0)