~ Rapport de ZHPDiag v2014.4.9.16 - Nicolas Coolman (2014-04-09) ~ Lancé par ASUS (2014-09-10 20:01:07) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/ ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\\ Navigateurs Internet MSIE: Internet Explorer v11.0.9600.17239 (Defaut) GCIE: Google Chrome v27.0.1453.47 ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Professional, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows Operating System - Windows(R) 7, RETAIL channel Windows ID Activation : OK ~ Windows Partial Key : WTK6C Windows License : OK ~ Windows Remaining Initializations Number : 3 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système AVG 2014 v14.0.4765 Trusteer Sécurité des points d'accès v3.5.1403.67 Malwarebytes' Anti-Malware Malwarebytes Anti-Malware version 2.0.2.1012 Microsoft Security Client v4.5.0216.0 Windows Defender W7 ---\\ Logiciels d'optimisation du système CCleaner v3.00 =>.Piriform Ltd ---\\ Logiciels de partage PeerToPeer ---\\ Surveillance de Logiciels Adobe Flash Player 14 ActiveX Adobe Reader XI Java 7 Update 67 ---\\ Informations sur le système ~ Processor: x86 Family 21 Model 16 Stepping 1, AuthenticAMD ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2264 MB (56% free) System Restore: Activé (Enable) System drive C: has 879 GB (94%) free of 931 GB ---\\ Mode de connexion au système ~ Computer Name: BERNARD-PC ~ User Name: ASUS ~ All Users Names: ASUS, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppZHP% : C:\Users\ASUS\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\ASUS\AppData\Roaming\ ~ %Desktop% : C:\Users\ASUS\Desktop\ ~ %Favorites% : C:\Users\ASUS\Favorites\ ~ %LocalAppData% : C:\Users\ASUS\AppData\Local\ ~ %StartMenu% : C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques A: Floppy drive, Flash card reader, USB Key (Not Inserted) C: Hard drive, Flash drive, Thumb drive (Free 879 Go of 931 Go) D: CD-ROM drive (Not Inserted) ---\\ Etat du Centre de Sécurité Windows ~ Security Center: 50 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.2011-02-25 - 00:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2009-07-13 - 20:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.B945BAA81B4805AD6BDDF4D026DCFB47] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2014-07-25 - 05:05:23.) -- C:\Windows\System32\wininet.dll [1792512] [MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.2014-03-04 - 04:17:02.) -- C:\Windows\System32\Winlogon.exe [304128] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.2010-11-20 - 16:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.D0B388DA1D111A34366E04EB4A5DD156] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2014-05-30 - 01:36:07.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009-07-13 - 20:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009-07-13 - 18:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010-11-20 - 16:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010-11-20 - 16:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010-11-20 - 16:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.2009-07-13 - 18:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.2009-07-13 - 18:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-04-26 - 21:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.2010-11-20 - 16:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2014-01-23 - 21:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.2009-07-13 - 18:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2009-07-13 - 18:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2010-11-20 - 16:29:49.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.2009-07-13 - 18:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.2010-11-20 - 16:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2010-11-20 - 16:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 01s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/2 ~ Mes musiques (My Musics) : 1/7 ~ Mes Videos (My Videos) : 1/2 ~ Mes Favoris (My Favorites) : 1/36 ~ Mes Documents (My Documents) : 1/26 ~ Mon Bureau (My Desktop) : 1/40 ~ Menu demarrer (Programs) : 1/113 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.361B0893A5C6741F347568A3232D2822] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe [5188112] [PID.2064] [MD5.1EDDD9562180D2F17385846B7F89490B] - (.IvoSoft - Classic Start Menu.) -- C:\Program Files\Classic Shell\ClassicStartMenu.exe [150208] [PID.2648] [MD5.308F2EE28005510DE616409148CF077B] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896] [PID.2708] [MD5.49FC05738158BC8B6C1957E9D2B55494] - (.IBM Corp. - RapportService.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe [2607384] [PID.2724] [MD5.55B8916A4C1F21AEFC319351B4522023] - (.AVG - AVG PC TuneUp.) -- C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe [1920312] [PID.3356] [MD5.F4651164AA1330735ADEA50AD0A326F2] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8208896] [PID.3244] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\ASUS\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] http://www.google.fr ---\\ Liste des dossiers d'extension Google Chrome ~ Google Lines Browser: 1 Legitimates Filtered in 00mn 01s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\ASUS\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js (.not file.) ~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://affaires.lapresse.ca R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://google.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://google.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://google.com ~ IE Browser: 15 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 2 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} . (.Adblock Plus - Adblock Plus Module.) -- C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll ~ BHO: 16 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: DAP Bar - [HKLM]{62999427-33FC-4baf-9C9C-BCE6BD127F08} . (...) -- (.not file.) O3 - Toolbar: Classic Explorer Bar - [HKLM]{553891B7-A0D5-4526-BE18-D3CE461D6310} . (.IvoSoft - Adds classic Windows Explorer features.) -- C:\Program Files\Classic Shell\ClassicExplorer32.dll O3 - Toolbar: Bing Bar - [HKLM]{8dcb7100-df86-4384-8842-8fa844297b3f} . (.Microsoft Corporation. - Extensions du client Bing.) -- C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll =>Toolbar.Bing ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: AudioWizard.lnk . (.Waves Audio Ltd. - Pas de description.) -- C:\Program Files\Realtek\Audio\HDA\MaxxAudioControl.exe O4 - GS\Desktop [Public]: DriverUpdate.lnk . (...) -- C:\Windows\Installer\{65C92136-6AF0-4E70-88D2-D19E739CE285}\Icon.exe O4 - GS\Desktop [Public]: Encore plus de jeux.lnk - Clé orpheline O4 - GS\Desktop [Public]: Games.lnk . (...) -- C:\Program Files\bfgclient\bfgclient.exe O4 - GS\Desktop [Public]: Jeux.lnk . (...) -- C:\Program Files\bfgclient\bfgclient.exe O4 - GS\Desktop [Public]: Jouer à 10 Jours Sous Les Mers.lnk . (...) -- C:\Program Files\10 Jours Sous Les Mers\LaunchGame.bfg O4 - GS\Desktop [Public]: Jouer à A Girl in the City.lnk . (...) -- C:\Program Files\A Girl in the City\LaunchGame.bfg O4 - GS\Desktop [Public]: Jouer à Amazing Adventures Riddle of the Two Knights.lnk . (...) -- C:\Program Files\Amazing Adventures Riddle of the Two Knights\LaunchGame.bfg O4 - GS\Desktop [Public]: Jouer à Arcanika.lnk . (...) -- C:\Program Files\Arcanika\LaunchGame.bfg O4 - GS\Desktop [Public]: Jouer à Big City Adventure - Paris.lnk . (...) -- C:\Program Files\Big City Adventure - Paris\LaunchGame.bfg O4 - GS\Desktop [Public]: Jouer à Big City Adventure - Tokyo.lnk . (...) -- C:\Program Files\Big City Adventure - Tokyo\LaunchGame.bfg O4 - GS\Desktop [Public]: Jouer à Call of Atlantis.lnk . (...) -- C:\Program Files\Call of Atlantis\LaunchGame.bfg O4 - GS\Desktop [Public]: Jouer à Gem Boy.lnk . (...) -- C:\Program Files\Gem Boy\LaunchGame.bfg O4 - GS\Desktop [Public]: Jouer à Girls with Secrets.lnk . (...) -- C:\Program Files\Girls with Secrets\LaunchGame.bfg O4 - GS\Desktop [Public]: Jouer à Hidden in Time - Miroir Miroir.lnk . (...) -- C:\Program Files\Hidden in Time - Miroir Miroir\LaunchGame.bfg O4 - GS\Desktop [Public]: Jouer à Lost in Reefs 2.lnk . (...) -- C:\Program Files\Lost in Reefs 2\LaunchGame.bfg O4 - GS\Desktop [Public]: Jouer à Margrave Manor 2 - Le Bateau Disparu.lnk . (...) -- C:\Program Files\Margrave Manor 2 - Le Bateau Disparu\LaunchGame.bfg O4 - GS\Desktop [Public]: Jouer à Samantha Swift et la Main de Midas.lnk . (...) -- C:\Program Files\Samantha Swift et la Main de Midas\LaunchGame.bfg O4 - GS\Desktop [Public]: Jouer à Summer SuperSports.lnk . (...) -- C:\Program Files\Summer SuperSports\LaunchGame.bfg O4 - GS\Desktop [Public]: Jouer à The Path of Hercules.lnk . (...) -- C:\Program Files\The Path of Hercules\LaunchGame.bfg O4 - GS\Desktop [Public]: Jouer à The Rise of Atlantis.lnk . (...) -- C:\Program Files\The Rise of Atlantis\LaunchGame.bfg O4 - GS\Desktop [Public]: More Great Games.lnk - Clé orpheline O4 - GS\Desktop [Public]: Play A Pirate's Legend.lnk . (...) -- C:\Program Files\A Pirate's Legend\LaunchGame.bfg O4 - GS\Desktop [Public]: Play Artifacts of Eternity.lnk . (...) -- C:\Program Files\Artifacts of Eternity\LaunchGame.bfg O4 - GS\Desktop [Public]: Play Big City Adventure - Rio de Janeiro.lnk . (...) -- C:\Program Files\Big City Adventure - Rio de Janeiro\LaunchGame.bfg O4 - GS\Desktop [Public]: Play BVS Solitaire Collection.lnk . (...) -- C:\Program Files\BVS Solitaire Collection\LaunchGame.bfg O4 - GS\Desktop [Public]: Play Call of Atlantis - Treasures of Poseidon.lnk . (...) -- C:\Program Files\Call of Atlantis - Treasures of Poseidon\LaunchGame.bfg O4 - GS\Desktop [Public]: Play Call of the Ages.lnk . (...) -- C:\Program Files\Call of the Ages\LaunchGame.bfg O4 - GS\Desktop [Public]: Play Imperial Island 2 - The Search for New Land.lnk . (...) -- C:\Program Files\Imperial Island 2 - The Search for New Land\LaunchGame.bfg O4 - GS\Desktop [Public]: Play Vegas Penny Slots.lnk . (...) -- C:\Program Files\Vegas Penny Slots\LaunchGame.bfg O4 - GS\Desktop [Public]: Registry Repair.lnk . (.Glarysoft Ltd - Glarysoft RegistryCleaner.) -- C:\Program Files\Glarysoft\Registry Repair 5\RegistryCleaner.exe O4 - GS\Desktop [Public]: Speccy.lnk . (.Piriform Ltd - Speccy.) -- C:\Program Files\Speccy\Speccy.exe O4 - GS\Program [Public]: AudioWizard.lnk . (.Waves Audio Ltd. - Pas de description.) -- C:\Program Files\Realtek\Audio\HDA\MaxxAudioControl.exe O4 - GS\Program [Public]: Linksys Connect.lnk . (.Belkin International, Inc. - Linksys Software.) -- C:\Program Files\Linksys\Linksys Connect\Linksys Connect.exe O4 - GS\Program [Public]: More Great Games.lnk - Clé orpheline O4 - GS\Program [Public]: Registry Repair.lnk . (.Glarysoft Ltd - Glarysoft RegistryCleaner.) -- C:\Program Files\Glarysoft\Registry Repair 5\RegistryCleaner.exe O4 - GS\QuickLaunch [ASUS]: Alien Shooter.lnk . (.Sigma Team - AlienShooter Application.) -- C:\Program Files\Sigma Team\Alien Shooter\AlienShooter.exe O4 - GS\QuickLaunch [ASUS]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch [ASUS]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [ASUS]: Mortimer Beckett and the Secrets of Spooky Manor.lnk . (...) -- C:\Program Files\MyPlayCity.com\Mortimer Beckett and the Secrets of Spooky Manor\Mortimer Beckett and the Secrets of Spooky Manor.exe O4 - GS\QuickLaunch [ASUS]: Mortimer Beckett And The Time Paradox.lnk . (...) -- C:\Program Files\MyPlayCity.com\Mortimer Beckett And The Time Paradox\Mortimer Beckett And The Time Paradox.exe O4 - GS\QuickLaunch [ASUS]: Pearl Harbor - Fire on the Water.lnk . (...) -- C:\Program Files\MyPlayCity.com\Pearl Harbor - Fire on the Water\Pearl Harbor - Fire on the Water.exe O4 - GS\QuickLaunch [ASUS]: Pirate's Solitaire.lnk . (...) -- C:\Program Files\MyPlayCity.com\Pirate's Solitaire\Pirate's Solitaire.exe O4 - GS\QuickLaunch [ASUS]: Robin's Island Adventure.lnk . (...) -- C:\Program Files\MyPlayCity.com\Robin's Island Adventure\Robin's Island Adventure.exe O4 - GS\QuickLaunch [ASUS]: Superbike Racers.lnk . (...) -- C:\Program Files\GamesGoFree.com\Superbike Racers\Superbike Racers.exe O4 - GS\TaskBar [ASUS]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Program [ASUS]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SystemTools [ASUS]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SendTo [ASUS]: Unlocker.lnk . (...) -- C:\Program Files\Unlocker\Unlocker.exe O4 - GS\Desktop [ASUS]: Alien Shooter.lnk . (.Sigma Team - AlienShooter Application.) -- C:\Program Files\Sigma Team\Alien Shooter\AlienShooter.exe O4 - GS\Desktop [ASUS]: Auslogics DiskDefrag.lnk . (.Auslogics - Disk Defrag.) -- C:\Program Files\Auslogics\DiskDefrag\DiskDefrag.exe O4 - GS\Desktop [ASUS]: BigCityAdventureNY (2).exe - Raccourci.lnk . (.Jolly Bear Games - Big City Adventure: New York City.) -- C:\Program Files\Big City Adventure - New York City\BigCityAdventureNY (2).exe O4 - GS\Desktop [ASUS]: bigcityadventuresydney.exe - Raccourci.lnk . (.Jolly Bear Games - Big City Adventure: Sydney.) -- C:\Program Files\Big City Adventure - Sydney Australia\bigcityadventuresydney.exe O4 - GS\Desktop [ASUS]: BigCityAdventureVan.exe - Raccourci.lnk . (.Jolly Bear Games - Big City Adventure: Vancouver.) -- C:\Program Files\Big City Adventure - Vancouver\BigCityAdventureVan.exe O4 - GS\Desktop [ASUS]: Crazy Browser.lnk . (.www.CrazyBrowser.com - Crazy Browser.) -- C:\Program Files\Crazy Browser\Crazy Browser.exe O4 - GS\Desktop [ASUS]: EchoLink.lnk . (.Synergenics, LLC - EchoLink.) -- C:\Program Files\K1RFD\EchoLink\EchoLink.exe O4 - GS\Desktop [ASUS]: engine.exe - Raccourci.lnk . (...) -- C:\Program Files\MyPlayCity.com\Robin's Island Adventure\engine.exe O4 - GS\Desktop [ASUS]: FileKiddo Download Manager.lnk . (.FreeDownloadManager.ORG - FileKiddo Download Manager.) -- C:\Program Files\FileKiddo Download Manager\fdm.exe O4 - GS\Desktop [ASUS]: game.exe - Raccourci.lnk . (...) -- C:\Program Files\MyPlayCity.com\Pearl Harbor - Fire on the Water\game.exe O4 - GS\Desktop [ASUS]: GamesGoFree Games.lnk . (...) -- C:\Program Files\GamesGoFree.com\Superbike Racers\gamesgofree.url O4 - GS\Desktop [ASUS]: gotchacelebritysecrets.exe - Raccourci.lnk . (...) -- C:\Program Files\Gotcha - Celebrity Secrets\gotchacelebritysecrets.exe O4 - GS\Desktop [ASUS]: Highway Pursuit.lnk . (.adamdawes.com/Retrospec - Highway Pursuit.) -- C:\Program Files\HighwayPursuit\HighwayPursuit.exe O4 - GS\Desktop [ASUS]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop [ASUS]: LostInReefs.exe - Raccourci.lnk . (.Rumbic Studio - Lost In Reefs.) -- C:\Program Files\Lost in Reefs\LostInReefs.exe O4 - GS\Desktop [ASUS]: Margrave Manor 2 (2).exe - Raccourci.lnk . (.Inertia Software - Margrave Manor 2.exe.) -- C:\Program Files\Margrave Manor 2 - The Lost Ship\Margrave Manor 2 (2).exe O4 - GS\Desktop [ASUS]: maxjongg.exe - Raccourci.lnk . (...) -- C:\Program Files\MaxJongg\maxjongg.exe O4 - GS\Desktop [ASUS]: mirror mysteries.exe - Raccourci (2).lnk . (...) -- C:\Program Files\The Mirror Mysteries\mirror mysteries.exe O4 - GS\Desktop [ASUS]: Mortimer Beckett and the Secrets of Spooky Manor.lnk . (...) -- C:\Program Files\MyPlayCity.com\Mortimer Beckett and the Secrets of Spooky Manor\Mortimer Beckett and the Secrets of Spooky Manor.exe O4 - GS\Desktop [ASUS]: Mortimer Beckett And The Time Paradox.lnk . (...) -- C:\Program Files\MyPlayCity.com\Mortimer Beckett And The Time Paradox\Mortimer Beckett And The Time Paradox.exe O4 - GS\Desktop [ASUS]: MysteryPILosAngeles (2).exe - Raccourci.lnk . (.SpinTop Games - Mystery P.I. - Lost in LA.) -- C:\Program Files\Mystery P.I. - Lost in Los Angeles\MysteryPILosAngeles (2).exe O4 - GS\Desktop [ASUS]: MysteryPINewEngland (2).exe - Raccourci.lnk . (.SpinTop Games - Mystery P.I. - The Curious Case of Counterf.) -- C:\Program Files\Mystery P.I. - The Curious Case of Counterfeit Cove\MysteryPINewEngland (2).exe O4 - GS\Desktop [ASUS]: Mystika2.exe - Raccourci.lnk . (.UnikGame - Mystika II.) -- C:\Program Files\Mystika 2 - Le Sanctuaire\Mystika2.exe O4 - GS\Desktop [ASUS]: Pirate's Solitaire.lnk . (...) -- C:\Program Files\MyPlayCity.com\Pirate's Solitaire\Pirate's Solitaire.exe O4 - GS\Desktop [ASUS]: RRBoston (2).exe - Raccourci.lnk . (...) -- C:\Program Files\Renovate & Relocate - Boston\RRBoston (2).exe O4 - GS\Desktop [ASUS]: Samantha Swift and the Mystery from Atlantis.exe - Raccourci.lnk . (...) -- C:\Program Files\Samantha Swift - Mystery From Atlantis\Samantha Swift and the Mystery from Atlantis.exe O4 - GS\Desktop [ASUS]: SlingoCasinoPak.exe - Raccourci.lnk . (.SLINGO, Inc. - SLINGO CASINO PAK.) -- C:\Program Files\Slingo Casino Pak\SlingoCasinoPak.exe O4 - GS\Desktop [ASUS]: SlingoQuest.exe - Raccourci.lnk . (.Funkitron, Inc. - Slingo Quest.) -- C:\Program Files\Slingo Quest\SlingoQuest.exe O4 - GS\Desktop [ASUS]: Superbike Racers.lnk . (...) -- C:\Program Files\GamesGoFree.com\Superbike Racers\Superbike Racers.exe O4 - GS\Desktop [ASUS]: three_days.exe - Raccourci.lnk . (...) -- C:\Program Files\3 Days - Amulet Secret\three_days.exe O4 - GS\Desktop [ASUS]: Titanic (2).exe - Raccourci ().lnk . (...) -- C:\Program Files\1912 - Titanic Mystery\Titanic (2).exe ~ Global Startup: 143 Legitimates Filtered in 00mn 25s ---\\ Applications lancées au démarrage du système (O4) O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2014\avgui.exe O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe O4 - HKLM\..\Run: [RtHDVBg] . (.Realtek Semiconductor - HD Audio Background Process.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe O4 - HKLM\..\Run: [Classic Start Menu] . (.IvoSoft - Classic Start Menu.) -- C:\Program Files\Classic Shell\ClassicStartMenu.exe O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Run: [NeroFilterCheck] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKCU\..\Run: [Screenseven News] . (.Intenium - Tray Client.) -- C:\Program Files\OXXOGames\VIVAGPlayer\GameCenterNotifier.exe O4 - HKCU\..\Run: [GUDelayStartup] . (.Glarysoft Ltd - Glary Utilities StartupManager.) -- C:\Program Files\Glary Utilities 5\StartupManager.exe O4 - HKUS\S-1-5-21-1402159502-2150757134-1109879191-1000\..\Run: [Screenseven News] . (.Intenium - Tray Client.) -- C:\Program Files\OXXOGames\VIVAGPlayer\GameCenterNotifier.exe O4 - HKUS\S-1-5-21-1402159502-2150757134-1109879191-1000\..\Run: [GUDelayStartup] . (.Glarysoft Ltd - Glary Utilities StartupManager.) -- C:\Program Files\Glary Utilities 5\StartupManager.exe ~ Application: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll =>.Microsoft Corporation O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll =>.Microsoft Corporation ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{C0D90873-FF00-45B4-BB0A-7621CE20D51C}: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{C0D90873-FF00-45B4-BB0A-7621CE20D51C}: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{C0D90873-FF00-45B4-BB0A-7621CE20D51C}: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} . (.Advanced Micro Devices - MIME Video Detector for IE.) -- C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Enumère les données de BootExecute (BEX) (O34) O34 - HKLM BootExecute: (autocheck autochk * ) - File not found O34 - HKLM BootExecute: (BootDefrag.exe) - File not found ~ BEX: 2 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) [MD5.AB4CDB10226BC2CD7CBB9066D1B6B056] [APT] [{15F4F86A-3B7B-4381-B2A1-E4D960E946A1}] (...) -- C:\Program Files\Mary Kay Andrews - The Fixer Upper\TheFixerUpper (2).exe [1794048] [MD5.AB4CDB10226BC2CD7CBB9066D1B6B056] [APT] [{2BF8B51E-9D66-4190-8798-E0D832E82C78}] (...) -- C:\Program Files\Mary Kay Andrews - The Fixer Upper\TheFixerUpper (2).exe [1794048] [MD5.AB4CDB10226BC2CD7CBB9066D1B6B056] [APT] [{5EB0C881-5898-456B-82D0-C99B5FB18BB2}] (...) -- C:\Program Files\Mary Kay Andrews - The Fixer Upper\TheFixerUpper (2).exe [1794048] [MD5.BD97547DB555DAA1123E8FC3ABD68527] [APT] [{EB929B0B-B326-4DC3-A78B-AE4567202E3D}] (...) -- C:\Downloads\Software\Dr.FelixBigFishGames.exe [557920] ~ Scheduled Task: 22 Legitimates Filtered in 00mn 06s ---\\ Logiciels installés (O42) O42 - Logiciel: 3 Days - Amulet Secret - (...) [HKLM] -- BFG-3 Days - Amulet Secret O42 - Logiciel: A Girl in the City - (...) [HKLM] -- BFG-A Girl in the City O42 - Logiciel: A Pirate's Legend - (...) [HKLM] -- BFG-A Pirate's Legend O42 - Logiciel: Alien Shooter - (...) [HKLM] -- Alien Shooter O42 - Logiciel: Alien Shooter v 1.2 - (.Sigma Team.) [HKLM] -- Alien Shooter_is1 O42 - Logiciel: Arcanika - (...) [HKLM] -- BFG-Arcanika O42 - Logiciel: Artifacts of Eternity - (...) [HKLM] -- BFG-Artifacts of Eternity O42 - Logiciel: Big City Adventure: New York City - (...) [HKLM] -- BFG-Big City Adventure - New York City O42 - Logiciel: Big City Adventure: Paris - (...) [HKLM] -- BFG-Big City Adventure - Paris O42 - Logiciel: Big City Adventure: Rio de Janeiro - (...) [HKLM] -- BFG-Big City Adventure - Rio de Janeiro O42 - Logiciel: Big City Adventure: Sydney, Australia - (...) [HKLM] -- BFG-Big City Adventure - Sydney Australia O42 - Logiciel: Big City Adventure: Tokyo - (...) [HKLM] -- BFG-Big City Adventure - Tokyo O42 - Logiciel: Big City Adventure: Vancouver - (...) [HKLM] -- BFG-Big City Adventure - Vancouver O42 - Logiciel: Call of the Ages - (...) [HKLM] -- BFG-Call of the Ages O42 - Logiciel: EchoLink - (.Synergenics, LLC.) [HKLM] -- {DC33421C-0E1C-470A-BE37-7B7C82677812} O42 - Logiciel: Gem Boy - (...) [HKLM] -- BFG-Gem Boy O42 - Logiciel: Girls with Secrets - (...) [HKLM] -- BFG-Girls with Secrets O42 - Logiciel: Gotcha: Celebrity Secrets - (...) [HKLM] -- BFG-Gotcha - Celebrity Secrets O42 - Logiciel: Imperial Island 2: The Search for New Land - (...) [HKLM] -- BFG-Imperial Island 2 - The Search for New Land O42 - Logiciel: Lost in Reefs - (...) [HKLM] -- BFG-Lost in Reefs O42 - Logiciel: Lost in Reefs 2 - (...) [HKLM] -- BFG-Lost in Reefs 2 O42 - Logiciel: Mary Kay Andrews: The Fixer Upper - (...) [HKLM] -- BFG-Mary Kay Andrews - The Fixer Upper O42 - Logiciel: MaxJongg - (...) [HKLM] -- BFG-MaxJongg O42 - Logiciel: MaxJongg - (...) [HKLM] -- MaxJongg_is1 O42 - Logiciel: Mystika 2: Le Sanctuaire - (...) [HKLM] -- BFG-Mystika 2 - Le Sanctuaire O42 - Logiciel: Renovate & Relocate: Boston - (...) [HKLM] -- BFG-Renovate & Relocate - Boston O42 - Logiciel: Summer SuperSports - (...) [HKLM] -- BFG-Summer SuperSports O42 - Logiciel: Superbike Racers - (.GamesGoFree.com.) [HKLM] -- Superbike Racers_is1 O42 - Logiciel: Vegas Penny Slots - (...) [HKLM] -- BFG-Vegas Penny Slots ~ Logic: 37 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\ETeam] [HKCU\Software\K1RFD] [HKCU\Software\Ocean Range 3] [HKCU\Software\OceanMedia] [HKCU\Software\Perseus] [HKCU\Software\Triangle Studios] [HKLM\Software\ETeam] [HKLM\Software\Filseclab] [HKLM\Software\Gromada] [HKLM\Software\SmartDNS] ~ Key Software: 348 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 2013-10-27 - 11:02:14 - [317,024] ----D C:\Program Files\3 Days - Amulet Secret O43 - CFD: 2013-10-20 - 14:33:24 - [101,017] ----D C:\Program Files\A Girl in the City O43 - CFD: 2013-11-24 - 14:55:34 - [23,374] ----D C:\Program Files\A Pirate's Legend O43 - CFD: 2014-07-11 - 16:33:18 - [76,948] ----D C:\Program Files\Arcanika O43 - CFD: 2014-07-15 - 20:46:46 - [125,470] ----D C:\Program Files\Artifacts of Eternity O43 - CFD: 2013-10-14 - 14:54:49 - [54,015] ----D C:\Program Files\Big City Adventure - New York City O43 - CFD: 2013-09-30 - 14:10:56 - [61,931] ----D C:\Program Files\Big City Adventure - Paris O43 - CFD: 2014-07-27 - 17:17:16 - [70,246] ----D C:\Program Files\Big City Adventure - Rio de Janeiro O43 - CFD: 2013-12-01 - 16:44:29 - [35,099] ----D C:\Program Files\Big City Adventure - Sydney Australia O43 - CFD: 2013-09-30 - 14:09:30 - [69,856] ----D C:\Program Files\Big City Adventure - Tokyo O43 - CFD: 2014-07-28 - 14:34:18 - [60,334] ----D C:\Program Files\Big City Adventure - Vancouver O43 - CFD: 2014-03-16 - 15:33:52 - [205,764] ----D C:\Program Files\Call of the Ages O43 - CFD: 2014-03-28 - 13:17:07 - [33,962] ----D C:\Program Files\DriverUpdate O43 - CFD: 2014-07-07 - 16:42:25 - [9,171] ----D C:\Program Files\Free FreeCell Solitaire O43 - CFD: 2013-10-23 - 14:05:37 - [103,241] ----D C:\Program Files\GamesGoFree.com O43 - CFD: 2013-09-30 - 14:07:43 - [26,504] ----D C:\Program Files\Gem Boy O43 - CFD: 2013-09-30 - 14:06:51 - [141,687] ----D C:\Program Files\Girls with Secrets O43 - CFD: 2013-10-11 - 15:07:55 - [161,277] ----D C:\Program Files\Gotcha - Celebrity Secrets O43 - CFD: 2014-09-06 - 14:54:40 - [190,872] ----D C:\Program Files\Imperial Island 2 - The Search for New Land O43 - CFD: 2014-01-22 - 12:35:20 - [3,093] ----D C:\Program Files\K1RFD O43 - CFD: 2013-11-17 - 15:19:09 - [42,071] ----D C:\Program Files\Lost in Reefs O43 - CFD: 2013-11-17 - 15:25:31 - [76,490] ----D C:\Program Files\Lost in Reefs 2 O43 - CFD: 2013-10-15 - 14:37:16 - [104,811] ----D C:\Program Files\Mary Kay Andrews - The Fixer Upper O43 - CFD: 2014-04-23 - 14:14:23 - [13,679] ----D C:\Program Files\MaxJongg O43 - CFD: 2014-09-06 - 14:22:10 - [55,879] ----D C:\Program Files\Mystika 2 - Le Sanctuaire O43 - CFD: 2013-10-14 - 14:24:32 - [166,117] ----D C:\Program Files\Renovate & Relocate - Boston O43 - CFD: 2013-10-11 - 16:03:00 - [36,099] ----D C:\Program Files\Sigma Team O43 - CFD: 2013-09-30 - 13:54:40 - [238,303] ----D C:\Program Files\Summer SuperSports O43 - CFD: 2013-09-28 - 14:37:35 - [121,404] ----D C:\Program Files\Vegas Penny Slots O43 - CFD: 2014-04-15 - 13:04:47 - [0,012] ----D C:\ProgramData\ClassicShell O43 - CFD: 2014-05-13 - 11:21:38 - [7,138] ----D C:\ProgramData\Discovering Nature O43 - CFD: 2014-05-11 - 11:41:24 - [5,107] ----D C:\ProgramData\Perseus O43 - CFD: 2013-10-03 - 10:36:37 - [0] ----D C:\ProgramData\SpeedBit O43 - CFD: 2014-07-12 - 14:45:15 - [0,181] ----D C:\Users\ASUS\AppData\Roaming\Arcanika O43 - CFD: 2014-09-10 - 17:34:46 - [2,629] ----D C:\Users\ASUS\AppData\Roaming\ClassicShell O43 - CFD: 2014-07-25 - 14:43:38 - [75,580] ----D C:\Users\ASUS\AppData\Roaming\DarkManor O43 - CFD: 2013-11-18 - 17:08:46 - [0,069] ----D C:\Users\ASUS\AppData\Roaming\GirlsWithSecrets O43 - CFD: 2014-07-30 - 14:40:50 - [0,001] ----D C:\Users\ASUS\AppData\Roaming\Juliette's Fashion Empire O43 - CFD: 2014-07-20 - 14:04:49 - [0,001] ----D C:\Users\ASUS\AppData\Roaming\Laruaville O43 - CFD: 2014-06-29 - 14:43:07 - [0] ----D C:\Users\ASUS\AppData\Roaming\library_dir O43 - CFD: 2014-05-04 - 13:41:09 - [0,444] ----D C:\Users\ASUS\AppData\Roaming\MP3Rocket O43 - CFD: 2013-10-23 - 16:31:08 - [0] ----D C:\Users\ASUS\AppData\Roaming\Tape_Worm O43 - CFD: 2014-07-20 - 13:16:29 - [0,027] ----D C:\Users\ASUS\AppData\Roaming\ToyDefenseFantasy O43 - CFD: 2014-05-06 - 13:50:34 - [0] -SH-D C:\Users\ASUS\AppData\Local\EmieSiteList O43 - CFD: 2014-05-06 - 13:50:34 - [0] -SH-D C:\Users\ASUS\AppData\Local\EmieUserList O43 - CFD: 2013-09-27 - 14:47:00 - [0] R---D C:\Users\ASUS\AppData\Local\Nouveau porte-documents O43 - CFD: 2013-10-27 - 11:00:30 - [0,003] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\3 Days - Amulet Secret O43 - CFD: 2013-10-20 - 13:43:54 - [0,003] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A Girl in the City O43 - CFD: 2014-07-11 - 16:31:27 - [0,003] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Arcanika O43 - CFD: 2014-07-15 - 20:46:13 - [0,003] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Artifacts of Eternity O43 - CFD: 2013-10-06 - 13:02:45 - [0,004] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Big City Adventure - New York City O43 - CFD: 2013-09-30 - 14:10:35 - [0,003] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Big City Adventure - Paris O43 - CFD: 2014-07-27 - 17:16:58 - [0,004] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Big City Adventure - Rio de Janeiro O43 - CFD: 2013-09-30 - 14:09:09 - [0,003] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Big City Adventure - Tokyo O43 - CFD: 2014-07-28 - 14:33:48 - [0,003] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Big City Adventure - Vancouver O43 - CFD: 2014-03-16 - 15:32:34 - [0,003] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Call of the Ages O43 - CFD: 2014-01-22 - 12:35:22 - [0,009] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EchoLink O43 - CFD: 2013-09-30 - 14:07:32 - [0,003] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gem Boy O43 - CFD: 2013-09-30 - 14:02:05 - [0,003] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Girls with Secrets O43 - CFD: 2013-10-11 - 15:00:16 - [0,003] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gotcha - Celebrity Secrets O43 - CFD: 2014-09-06 - 14:54:03 - [0,004] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperial Island 2 - The Search for New Land O43 - CFD: 2013-09-30 - 13:56:46 - [0,003] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lost in Reefs 2 O43 - CFD: 2013-10-15 - 14:33:28 - [0,004] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mary Kay Andrews - The Fixer Upper O43 - CFD: 2014-09-06 - 14:21:44 - [0,003] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystika 2 - Le Sanctuaire O43 - CFD: 2013-10-14 - 14:21:56 - [0,003] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Renovate & Relocate - Boston O43 - CFD: 2013-09-30 - 13:54:13 - [0,003] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Summer SuperSports O43 - CFD: 2013-09-28 - 14:37:04 - [0,003] ----D C:\Users\ASUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vegas Penny Slots ~ Program Folder: 352 Legitimates Filtered in 00mn 52s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.72C72A89F7EF664DBAC2A430E8BE1335] - 2014-09-06 - 11:22:39 ---A- . (...) -- C:\Windows\ntbtlog.txt [350568] O44 - LFC:[MD5.FCD6BCB56C1689FCEF28B57C22475BAD] - 2014-09-10 - 16:35:10 ---A- . (...) -- C:\Windows\System32\spu_storage.bin [65536] ~ Files: 15 Legitimates Filtered in 00mn 08s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 19 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1 ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 2009-07-13 - 20:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712] O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 2009-07-13 - 17:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624] O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 2009-07-13 - 20:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072] O58 - SDL:[MD5.6A3F24667A4E13851D7CA7B610015430] - 2014-07-08 - 14:57:20 ---A- . (...) -- C:\Windows\System32\Drivers\SWDUMon.sys [13464] O58 - SDL:[MD5.BD45CEB3EBB6832AE7997FA29468ACE1] - 2014-07-10 - 18:50:02 ---A- . (...) -- C:\Windows\System32\Drivers\TrueSight.sys [29160] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2009-07-13 - 16:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 2009-07-13 - 16:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097] O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 2009-07-13 - 16:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768] O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 2009-07-13 - 16:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809] O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 2009-07-13 - 16:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537] O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 2009-07-13 - 16:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866] O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 2009-07-13 - 16:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146] O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 2009-07-13 - 16:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370] O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 2009-07-13 - 16:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274] O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 2009-07-13 - 16:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146] O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 2009-07-13 - 16:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952] O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 2009-07-13 - 16:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672] O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 2009-07-13 - 16:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776] O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 2009-07-13 - 16:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536] O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 2009-07-13 - 16:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672] ~ Drivers: 19 Legitimates Filtered in 00mn 06s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Not Key.) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\users\asus\appdata\local\google\chrome\application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} - (Yahoo! Search) - http://ca.search.yahoo.com O69 - SBI: SearchScopes [HKUS\S-1-5-19] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - http://www.google.com O69 - SBI: SearchScopes [HKUS\S-1-5-20] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - http://www.google.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.3264FC05C2A51D34D14BAE0C9ADE43E4] [SPRF][2014-08-16] (.Pas de propriétaire - Adblock Plus for IE.) -- C:\Users\ASUS\Desktop\adblockplusie-1.1.exe [4741136] ~ Files: 3 Legitimates Filtered in 00mn 00s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "5923976166327F040A543A4EA21863E5" . (.Bing Bar.) -- C:\Windows\Installer\{16793295-2366-40F7-A045-A3E42A81365E}\icon_installer_ico =>Toolbar.Bing O90 - PUC: "63129C560FA607E4882D1DE937C92E58" . (.DriverUpdate.) -- C:\Windows\Installer\{65C92136-6AF0-4E70-88D2-D19E739CE285}\Icon.exe ~ Update Products: 102 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.8B3BB443B8519A17F275D8149B6315F8] [WIS][2014-01-22] (.Synergenics, LLC - EchoLink.) -- C:\Windows\Installer\24516d.msi [2581504] [MD5.4941092D70B5C9ABA6512AAAE7A1615A] [WIS][2013-10-25] (.AVG - AVG PC TuneUp 2014 (fr-FR).) -- C:\Windows\Installer\4eeb4f.msi [2560000] [MD5.170504C5F7C959106404BBBA14843881] [WIS][2013-10-25] (.AVG - AVG PC TuneUp 2014.) -- C:\Windows\Installer\4eeb53.msi [34947072] ~ WIS: 106 Legitimates Filtered in 00mn 12s ---\\ Recherche de clés de registre CLSID (O101) [HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing [HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing ~ BCK: 6807 Legitimates Filtered in 00mn 06s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Disabled 2013-12-21 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 2014-08-13 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Disabled 2013-09-07 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SS - | Auto 2012-02-13 193816 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.exe =>Toolbar.Bing SS - | Disabled 2011-08-30 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SS - | Disabled 2013-09-17 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 2006-11-10 774144 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe SS - | Disabled 2014-03-27 581568 | (ogmservice) . (.RealNetworks, Inc..) - C:\Program Files\Online Games Manager\ogmservice.exe SS - | Disabled 2013-10-23 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Demand 2009-07-13 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 2014-04-17 208896 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 2014-04-17 276992 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe SR - | Auto 2014-08-25 3242000 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgidsagent.exe SR - | Auto 2014-08-25 289328 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2014\avgwdsvc.exe SR - | Demand 2012-02-13 240408 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.exe =>Toolbar.Bing SR - | Auto 2014-03-11 22216 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe SR - | Auto 2014-08-21 1919256 | (RapportMgmtService) . (.IBM Corp..) - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe SR - | Auto 2014-07-14 1858360 | (TuneUp.UtilitiesSvc) . (.AVG.) - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe SR - | Auto 2009-07-13 20992 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.AVG.) - C:\Windows\System32\svchost.exe SR - | Auto 2009-07-13 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 08s ---\\ Scan Additionnel (O88) Database Version : 13044 - (2014-04-09) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 2 [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{8dcb7100-df86-4384-8842-8fa844297b3f} =>Toolbar.Bing^ [HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}] (Bing Bar) =>Toolbar.Bing^ [HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}] (Bing Bar Helper) =>Toolbar.Bing^ ~ Additionnel Scan: 371050 Items scanned in 00mn 26s ---\\ Récapitulatif des détections trouvées sur votre station ~ MSI: 0 link(s) detected in 00mn 00s ~ 1579 Legitimates filtered by white list End of the scan (612 lines in 03mn 24s)(0)