cjoint

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.4.5.28 par Nicolas Coolman, Update du 05/04/2013
Run by Thibaut at 06/04/2013 19:08:23
State : Version � jour.
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16519
MFIE: Mozilla Firefox 19.0.2 v19.0.2 (Defaut)
GCIE: Google Chrome v26.0.1410.43

---\\ Windows Product Information
~ Langage: Fran�ais
Windows 8 Business Edition, 64-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : DRPM3
Windows License : OK
~ Windows Remaining Initializations Number : 1000
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6054 MB (71% free)
System Restore: Activ� (Enable)
System drive C: has 48 GB (23%) free of 210 GB

---\\ Logged in mode
~ Computer Name: PORTABLETHIBAUT
~ User Name: Thibaut
~ All Users Names: UpdatusUser, Thibaut, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Thibaut\AppData\Roaming\
~ %Desktop% : C:\Users\Thibaut\Desktop\
~ %Favorites% : C:\Users\Thibaut\Favorites\
~ %LocalAppData% : C:\Users\Thibaut\AppData\Local\
~ %StartMenu% : C:\Users\Thibaut\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 48 Go of 210 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 10 Go of 221 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Not Inserted)
G:\ Hard drive, Flash drive, Thumb drive (Free 24 Go of 165 Go)
I:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.E13A31D5254C25406A7946BDD9B06364] - (.Microsoft Corporation - Explorateur Windows.) (.11/10/2012 - 08:35:16.) -- C:\Windows\Explorer.exe [2380944]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.26/07/2012 - 04:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2769AF459DDA7140B73227C31DCE61BD] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.04/02/2013 - 23:39:47.) -- C:\Windows\System32\wininet.dll [2246656]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.11/10/2012 - 06:46:58.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioth�que de licences.) (.26/07/2012 - 04:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.36D6A3201721558A8AFBCC09C2DA4C2C] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.06/11/2012 - 04:53:44.) -- C:\Windows\system32\Drivers\AFD.sys [560640]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 06:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.26/07/2012 - 03:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.26/07/2012 - 03:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/07/2012 - 03:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 07:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Pilote de port i8042.) (.26/07/2012 - 03:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.26/07/2012 - 03:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.05/02/2013 - 23:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.26/07/2012 - 03:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.02/02/2013 - 11:54:54.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Pilote de port parall�le.) (.26/07/2012 - 03:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.26/07/2012 - 03:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Redirecteur de p�riph�rique de Microsoft RDP.) (.26/07/2012 - 03:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 06:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.2FB3CDFD5EAF4CD9D4AFAF96877D13AE] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.26/07/2012 - 05:57:09.) -- C:\Windows\system32\Drivers\volsnap.sys [332016]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/2119
~ Mes musiques (My Musics) : 4/9653
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/9
~ Mes Documents (My Documents) : 1/7436
~ Mon Bureau (My Desktop) : 4/81
~ Menu demarrer (Programs) : 1/44
~ Hidden Files: Scanned in 00mn 05s



---\\ Processus lanc�s
[MD5.DF2B67EBB5DB11B6AC7C5775F2582DD2] - (.Uniblue Systems Ltd - Uniblue SpeedUpMyPC Monitor.) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [26600] [PID.3276]
[MD5.DE3B04D5AF8A1578F5430697546EB157] - (.ASUSTeK Computer Inc. - LiveUpdate.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [1545856] [PID.3304]
[MD5.88155D3D23CA8A1DFB1F45EE3E4C8DF8] - (.BitTorrent, Inc. - �Torrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe [969104] [PID.4324]
[MD5.FD7D691C7D35AA382E89F74BC150CA44] - (.deveject.com - Dev Eject.) -- C:\Program Files (x86)\DevEject\deveject.exe [372736] [PID.4552]
[MD5.359DA4C5F1D222A300477D0C81CF263E] - (.Hobbyist Software - VLC Streamer Configuration.) -- C:\Program Files (x86)\VLC Streamer\VLC Streamer Configuration.exe [1656344] [PID.4644]
[MD5.308576AF56976E6B5DB2830BFA79B1A2] - (.deveject.com - Crash Reporter.) -- C:\Program Files (x86)\DevEject\crashreporter.exe [73728] [PID.4744]
[MD5.5BB1F77C8AF725A15EC9366498D275BB] - (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992] [PID.4840]
[MD5.083649EF692A066880C9326020915AFE] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4297136] [PID.4848]
[MD5.BF2F2717C13A4BD4FD73F2788534E86B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [917400] [PID.4492]
[MD5.7EE22E13DEC8A6D18F4643C1EA34B0F0] - (.Virage Logic Corporation / Sonic Focus - ASUS_MATray.exe.) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400] [PID.164]
[MD5.AA6844A5127ED4B20DF6D313467B929D] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.5728]
[MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe [1822424] [PID.5804]
[MD5.5871EEBE3620F16FFD550CB57723FE5A] - (...) -- C:\Program Files (x86)\GreedyTorrent\GTor.exe [2526661] [PID.6056]
[MD5.A423D8E65A1359327EA9B85F88529E0D] - (.RemoteMouse.net - Remote Mouse.) -- C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [66048] [PID.6108]
[MD5.6E5876A0BBCD9146A4DB62C68BB99EE6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6493184] [PID.5768]
[MD5.18E5C2F937F9DEB8C282DF66A3761925] - (.ASUS - ASLDR Service.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536] [PID.1292]
[MD5.7910158929571214A959D5A6D16DD9C0] - (.ASUS - GFNEXSrv.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896] [PID.1416]
[MD5.8FA553E9AE69808D99C164733A0F9590] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808] [PID.1508]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1896]
[MD5.FC63BF89AEF75788C5F782017426D9CA] - (.Melloware Inc - Intelliservice.) -- C:\Program Files (x86)\Intelliremote\Intelliservice.exe [118784] [PID.1756]
[MD5.1ACAA67676E9E7BDA5E0C41B6E0DECAF] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184] [PID.2184]
[MD5.E4B976BBA2661E8FCA283FC48F7EFBEE] - (.ASUS - SmartLogon Application.) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe [653952] [PID.2976]
[MD5.563206BA66F0170735096AA74CA0F682] - (.ASUS - HControl.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [166528] [PID.3332]
[MD5.149126216A694E6BA84E92ECA77AAE3B] - (.ASUS - ATKOSD.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe [2488888] [PID.3428]
[MD5.AA11E1368EEB237DD100BAC6AFFE1C57] - (.ASUS - KBFiltr.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe [113208] [PID.3440]
[MD5.4A7C441D99D86704D194E7678873B95D] - (.ASUS - WDC.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe [174648] [PID.3456]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Thibaut\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G0 - GCSP: Preference [User Data\Default] http://www.google.com
~ Google Browser: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Thibaut\AppData\Roaming\Mozilla\Firefox\Profiles\qjvahjiy.default\prefs.js
M3 - MFPP: Plugins - [Thibaut] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [Thibaut] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [Thibaut] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [Thibaut] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [Thibaut] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [Thibaut] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [Thibaut] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo-france.xml
M0 - MFSP: prefs.js [Thibaut - qjvahjiy.default] about:newtab
M2 - MFEP: prefs.js [Thibaut - qjvahjiy.default\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}] [WOT] WOT v20130402 (.WOT Services Oy.)
M2 - MFEP: prefs.js [Thibaut - qjvahjiy.default\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}] [dwhelper] DownloadHelper v4.9.14 (.Michel Gutierrez.)
M2 - MFEP: prefs.js [Thibaut - qjvahjiy.default\{e001c731-5e37-4538-a5cb-8168736a2360}] [] Bitdefender QuickScan v0.9.9.119 (.Echipa R&D Bitdefender.)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll
P2 - FPN: [HKLM] [@divx.com/DivX VOD Helper,version=1.0.0] - (.DivX, LLC. - DivX VOD Helper Plug-in.) -- C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.10.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\WINDOWS\system32\npDeployJava1.dll
P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.10.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.10.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
P2 - FPN: [HKLM] [@ma-config.com/HardwareDetection] - (.Cybelsoft - Plugin NPAPI Ma-Config.com # win64 # 6.5.0.3.) -- C:\Program Files\ma-config.com\x64\nphardwaredetection.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20125.0.) -- C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll
P2 - FPN: [HKCU] [@unity3d.com/UnityPlayer,version=1.0] - (.Unity Technologies ApS - Unity Player 4.1.2f1.) -- C:\Users\Thibaut\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
~ Firefox Browser: Scanned in 00mn 00s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (10.00.9200.16384 (win8_rtm.120725-1247)) -- C:\Windows\SysWOW64\ieframe.dll
~ IE Browser: Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 96



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Google Dictionary Compression sdch [64Bits] - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} . (.Google Inc. - Fast Search.) -- C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
~ BHO: 8 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Cl� orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft � Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartupDelayer] . (.r2 Studios - Startup Launcher.) -- C:\Program Files\Startup Delayer\Startup Launcher.exe
O4 - HKLM\..\Run: [OODefragTray] . (.O&O Software GmbH - O&O Defrag TrayIcon (x64).) -- C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent, Inc. - �Torrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
O4 - HKCU\..\Run: [DevEject] . (.deveject.com - Dev Eject.) -- C:\Program Files (x86)\DevEject\deveject.exe
O4 - HKCU\..\Run: [Hobbyist Software VLC Streamer] . (.Hobbyist Software - VLC Streamer Configuration.) -- C:\Program Files (x86)\VLC Streamer\VLC Streamer Configuration.exe
O4 - HKLM\..\Wow6432Node\Run: [ATKOSD2] . (.ASUS - ATKOSD2.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKUS\S-1-5-21-3974231373-3658692666-1483637157-1002\..\Run: [uTorrent] . (.BitTorrent, Inc. - �Torrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
O4 - HKUS\S-1-5-21-3974231373-3658692666-1483637157-1002\..\Run: [DevEject] . (.deveject.com - Dev Eject.) -- C:\Program Files (x86)\DevEject\deveject.exe
O4 - HKUS\S-1-5-21-3974231373-3658692666-1483637157-1002\..\Run: [Hobbyist Software VLC Streamer] . (.Hobbyist Software - VLC Streamer Configuration.) -- C:\Program Files (x86)\VLC Streamer\VLC Streamer Configuration.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop: PhotoFiltre Studio X.lnk . (.PhotoFiltre - PhotoFiltre Studio X.) -- C:\Program Files (x86)\PhotoFiltre Studio X\pfstudiox.exe
O4 - Global Startup: C:\Documents And Settings\Thibaut\Desktop\100 Greatest Reggae Artists.URL . (.PhotoFiltre - PhotoFiltre Studio X.) -- C:\Documents And Settings\Thibaut\Desktop\100 Greatest Reggae Artists.URL
O4 - GS\Desktop: Baterrylife.lnk . (.Microsoft Corporation - Outil de ligne de commande des param�tres d.) -- C:\Windows\System32\powercfg.exe
O4 - Global Startup: C:\Documents And Settings\Thibaut\Desktop\croix du sud- 6p.URL . (.Microsoft Corporation - Outil de ligne de commande des param�tres d.) -- C:\Documents And Settings\Thibaut\Desktop\croix du sud- 6p.URL
O4 - GS\Desktop: DragonWar.exe - Raccourci.lnk . (.DragonWar Private Server - Client Cataclysm pour DragonWar.) -- D:\Games\DragonWar.fr-4.0.6a\DragonWar.exe
O4 - GS\Desktop: Entertainment.lnk . (.Microsoft Corporation - Outil de ligne de commande des param�tres d.) -- C:\Windows\System32\powercfg.exe
O4 - GS\Desktop: High Performance.lnk . (.Microsoft Corporation - Outil de ligne de commande des param�tres d.) -- C:\Windows\System32\powercfg.exe
O4 - GS\Desktop: Ma musique - Raccourci.lnk . (...) -- C:\Users\Thibaut\Music
O4 - GS\Desktop: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
O4 - GS\Desktop: Options d�alimentation - Raccourci.lnk - Cl� orpheline
O4 - Global Startup: C:\Documents And Settings\Thibaut\Desktop\Passage dinandiers.URL . (...) -- C:\Documents And Settings\Thibaut\Desktop\Passage dinandiers.URL
O4 - GS\Desktop: Quiet Office.lnk . (.Microsoft Corporation - Outil de ligne de commande des param�tres d.) -- C:\Windows\System32\powercfg.exe
~ Global Startup: Scanned in 00mn 00s



---\\ Invisibilit� de l'ic�ne d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer � OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~3\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: Notes &li�es OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~3\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 7 Legitimates Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{82001075-F2E5-4D2B-A39E-9AEC71332B2E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CDC11B7-716E-4E9B-93DC-C92D751468AF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA6B6E52-9652-4F1E-8F26-10658391B8A4}: DhcpNameServer = 81.169.62.171 81.169.62.171
O17 - HKLM\System\CCS\Services\Tcpip\..\{82001075-F2E5-4D2B-A39E-9AEC71332B2E}: DhcpDomain = Belkin
O17 - HKLM\System\CS1\Services\Tcpip\..\{82001075-F2E5-4D2B-A39E-9AEC71332B2E}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{9CDC11B7-716E-4E9B-93DC-C92D751468AF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{EA6B6E52-9652-4F1E-8F26-10658391B8A4}: DhcpNameServer = 81.169.62.171 81.169.62.171
O17 - HKLM\System\CS1\Services\Tcpip\..\{82001075-F2E5-4D2B-A39E-9AEC71332B2E}: DhcpDomain = Belkin
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.NVIDIA Corporation - NVIDIA shim initialization dll, Version 306.) - C:\Windows\system32\nvinitx.dll
~ AppInit DLL: Scanned in 00mn 00s



---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Intelliservice (Intelliservice) . (.Melloware Inc - Intelliservice.) - C:\Program Files (x86)\Intelliremote\Intelliservice.exe
O23 - Service: Airytec Switch Off - Task Scheduler (SwOffScheduler) . (.Airytec - Airytec Switch Off.) - C:\Program Files\Switch Off\swoff.exe
O23 - Service: Airytec Switch Off - Web Interface (SwOffWeb) . (.Airytec - Airytec Switch Off.) - C:\Program Files\Switch Off\swoff.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) . (.Intel(R) Corporation - Turbo Boost Monitor Service.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (.not file.)
~ Services: 16 Legitimates Scanned in 00mn 19s



---\\ Enum�ration Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ BootExecute (O34)
O34 - HKLM BootExecute: (OODBS) (.O&O Software GmbH - O&O BootTimeDefrag (x64).) -- C:\Windows\System32\OODBS.exe
~ BEX: 2 Legitimates Scanned in 00mn 00s



---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\spmonitor.job [372]
[MD5.DF2B67EBB5DB11B6AC7C5775F2582DD2] [APT] [spmonitor] (.Uniblue Systems Ltd.) -- C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [26600]
[MD5.00000000000000000000000000000000] [APT] [{0B66A9A4-A391-4EDA-810E-114049D64956}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.0AFF05643FF40DC055A84207AFCFDD3D] [APT] [{51517D0C-7433-4A7E-9895-FC1F16940AAC}] (...) -- C:\Program Files (x86)\Netcom\Uninstal.exe [74981]
[MD5.C52089B2F792D191DDB0D71CD00718C5] [APT] [{D0BB5DDC-835F-483B-BEA8-B93B1FA64973}] (.InstallShield Software Corporation.) -- C:\Users\Thibaut\Downloads\Programmes\compteur\SETUP.exe [60416]
[MD5.00000000000000000000000000000000] [APT] [{D3F9E288-E18A-43BC-88B0-F9CEC2FACBA2}] (...) -- C:\Users\Thibaut\Downloads\Programmes\CollectionFilm\setup.exe (.not file.) [0]
~ Scheduled Task: 24 Legitimates Scanned in 00mn 06s



---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 9 Legitimates Scanned in 00mn 00s



---\\ Pilotes lanc�s au d�marrage (O41)
~ Drivers: 44 Legitimates Scanned in 00mn 00s



---\\ Logiciels install�s (O42)
O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Airytec Switch Off - (.Airytec.) [HKLM][64Bits] -- Airytec Switch Off
O42 - Logiciel: Ant Renamer - (.Ant Software.) [HKLM][64Bits] -- Ant Renamer 2_is1
O42 - Logiciel: Dev Eject - (.deveject.com.) [HKLM][64Bits] -- {DAFFE086-6A05-46F1-90A3-E5C514AA02D7}
O42 - Logiciel: Intelliremote 2.8.4.921 - (.Melloware.) [HKLM][64Bits] -- Intelliremote_2.0
O42 - Logiciel: Java 7 Update 10 (64-bit) - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F86417010FF}
O42 - Logiciel: Java 7 Update 9 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83217007FF}
O42 - Logiciel: NetWorx 5.2.5 - (.Softperfect Research.) [HKLM][64Bits] -- NetWorx_is1
O42 - Logiciel: Split/Second - (.Disney Interactive Studios.) [HKLM][64Bits] -- {28526951-55EF-4901-A0CA-B9AC966D1DD1}
O42 - Logiciel: Startup Delayer v3.0 (build 326) - (.r2 Studios.) [HKLM][64Bits] -- Startup Delayer
O42 - Logiciel: VLC Amigo Setup - (.HexBeerium.) [HKLM][64Bits] -- {35DB55A3-F491-4902-934A-B32F0035455D}
O42 - Logiciel: VLC Setup Helper - (...) [HKLM][64Bits] -- VLC Setup Helper_is1
O42 - Logiciel: VLC Streamer 3.21 - (...) [HKLM][64Bits] -- VLC Streamer_is1
O42 - Logiciel: VNC Mirror Driver 1.8.0 - (.RealVNC Ltd..) [HKLM][64Bits] -- VNCMirror_is1
O42 - Logiciel: VNC Printer Driver 1.8.0 - (.RealVNC Ltd..) [HKLM][64Bits] -- VNCPrinter_is1
O42 - Logiciel: VNC Server 5.0.3 - (.RealVNC Ltd.) [HKLM][64Bits] -- RealVNC_is1
O42 - Logiciel: VNC Viewer 5.0.3 - (.RealVNC Ltd.) [HKLM][64Bits] -- RealVNCViewer_is1
O42 - Logiciel: avast! Free Antivirus v7.0.1474.0 - (.AVAST Software.) [HKLM][64Bits] -- avast
O42 - Logiciel: �Torrent - (...) [HKLM][64Bits] -- uTorrent
~ Logic: 161 Legitimates Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Airytec]
[HKCU\Software\BitTorrent]
[HKCU\Software\Bump Technologies, Inc.]
[HKCU\Software\Funduc Software Inc.]
[HKCU\Software\HexBeerium]
[HKCU\Software\Hobbyist Software]
[HKCU\Software\Melloware]
[HKCU\Software\NAIVO]
[HKCU\Software\Netcom]
[HKCU\Software\RBSoft]
[HKCU\Software\RemoteMouse.net]
[HKCU\Software\SteamMover]
[HKCU\Software\XunK Entertainment]
[HKCU\Software\deveject.com]
[HKCU\Software\r2 Studios]
[HKLM\Software\Airytec]
[HKLM\Software\Wow6432Node\HexBeerium]
[HKLM\Software\Wow6432Node\InstallIQ]
[HKLM\Software\Wow6432Node\Luxand]
[HKLM\Software\Wow6432Node\Melloware]
[HKLM\Software\Wow6432Node\Pro-SoftNet]
[HKLM\Software\Wow6432Node\netcom]
[HKLM\Software\Wow6432Node\r2 Studios]
~ Key Software: 282 Legitimates Scanned in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/12/2012 - 12:39:30 - [79,507] ----D C:\Program Files (x86)\ Partition Master
O43 - CFD: 27/08/2012 - 17:58:03 - [2,988] ----D C:\Program Files (x86)\Ant Renamer
O43 - CFD: 06/11/2012 - 00:23:53 - [1,318] ----D C:\Program Files (x86)\Compteur Internet
O43 - CFD: 15/03/2013 - 15:32:41 - [0,959] ----D C:\Program Files (x86)\DevEject
O43 - CFD: 05/12/2012 - 16:50:13 - [68,912] ----D C:\Program Files (x86)\DiskDirector
O43 - CFD: 16/11/2012 - 15:42:23 - [5,281] ----D C:\Program Files (x86)\Intelliremote
O43 - CFD: 06/11/2012 - 00:49:48 - [0,072] ----D C:\Program Files (x86)\Netcom
O43 - CFD: 10/12/2012 - 12:35:10 - [0,924] ----D C:\Program Files (x86)\uTorrent
O43 - CFD: 10/11/2012 - 19:04:20 - [0,972] ----D C:\Program Files (x86)\VLC Amigo Setup
O43 - CFD: 30/03/2013 - 13:47:37 - [58,642] ----D C:\Program Files (x86)\VLC Streamer
O43 - CFD: 29/08/2012 - 12:49:45 - [0,000] ----D C:\ProgramData\Airytec
O43 - CFD: 06/11/2012 - 00:31:07 - [0,002] ----D C:\ProgramData\compteur
O43 - CFD: 27/08/2012 - 09:55:07 - [0,000] ----D C:\ProgramData\KeyLemon
O43 - CFD: 17/12/2012 - 16:56:03 - [1,324] ----D C:\ProgramData\r2 Studios
O43 - CFD: 06/11/2012 - 00:38:00 - [0,645] ----D C:\ProgramData\SoftPerfect
O43 - CFD: 27/08/2012 - 17:59:34 - [0,000] ----D C:\Users\Thibaut\AppData\Roaming\Airytec
O43 - CFD: 26/09/2012 - 17:26:55 - [1,055] ----D C:\Users\Thibaut\AppData\Roaming\Azureus
O43 - CFD: 06/12/2012 - 21:26:50 - [19,826] ----D C:\Users\Thibaut\AppData\Roaming\Bump Technologies, Inc
O43 - CFD: 15/03/2013 - 15:35:13 - [0,998] ----D C:\Users\Thibaut\AppData\Roaming\DevEject
O43 - CFD: 30/03/2013 - 13:48:00 - [208,084] ----D C:\Users\Thibaut\AppData\Roaming\Hobbyist Software
O43 - CFD: 16/11/2012 - 15:43:07 - [2,380] ----D C:\Users\Thibaut\AppData\Roaming\Intelliremote
O43 - CFD: 27/08/2012 - 10:17:51 - [0] ----D C:\Users\Thibaut\AppData\Roaming\Luxand
O43 - CFD: 06/04/2013 - 19:08:52 - [3,080] ----D C:\Users\Thibaut\AppData\Roaming\uTorrent
O43 - CFD: 06/12/2012 - 21:26:55 - [0] ----D C:\Users\Thibaut\AppData\Local\Bump Technologies, Inc
O43 - CFD: 25/11/2012 - 20:37:06 - [3,746] ----D C:\Users\Thibaut\AppData\Local\Films
O43 - CFD: 27/08/2012 - 09:55:08 - [0,217] ----D C:\Users\Thibaut\AppData\Local\KeyLemon
O43 - CFD: 12/02/2013 - 21:47:46 - [0,001] ----D C:\Users\Thibaut\AppData\Local\_
O43 - CFD: 04/12/2012 - 01:41:24 - [0,018] ----D C:\Users\Thibaut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intelliremote
~ 4 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 243 Legitimates Scanned in 00mn 13s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.76257B7D99A81720E8521423A67AFC6F] - 06/04/2013 - 17:55:08 ---A- . (...) -- C:\Windows\SysNative\oodbs.lor [788385]
O44 - LFC:[MD5.76257B7D99A81720E8521423A67AFC6F] - 06/04/2013 - 17:55:08 RSHAD . (...) -- C:\Windows\System32\oodbs.lor [788385]
O44 - LFC:[MD5.6D125569E58DD27C2493E9B491EBB5BC] - 06/04/2013 - 17:53:27 ---A- . (...) -- C:\AdwCleaner[S1].txt [8760]
~ Files: 118 Legitimates Scanned in 00mn 44s



---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.A9F8995F95248A1285ABB1F861393F58] - 01/04/2013 - 14:04:08 ---A- - C:\Windows\Prefetch\DRAGONWAR.EXE-D09B3099.pf
O45 - LFCP:[MD5.65EF5A2635D53E5BEF6FB9A8BA17F329] - 02/04/2013 - 11:13:15 ---A- - C:\Windows\Prefetch\UNLOCKER.EXE-5D284AA7.pf
O45 - LFCP:[MD5.EA1BBA04A9618D352C07D819214DEA79] - 03/04/2013 - 16:20:41 ---A- - C:\Windows\Prefetch\LIFEFRAME.EXE-7364DEFD.pf
O45 - LFCP:[MD5.8A716A5939F6E999EBFB4225B4AEA4A5] - 04/04/2013 - 00:32:40 ---A- - C:\Windows\Prefetch\SWOFF.EXE-428B90D3.pf
O45 - LFCP:[MD5.E48EFCEA53CD5DE63D52425EB1A6BF69] - 04/04/2013 - 00:39:16 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.F8777E8B73BEEE5F19C7D5B40CF8B115] - 04/04/2013 - 08:40:58 ---A- - C:\Windows\Prefetch\DEVEJECT.EXE-A6930678.pf
O45 - LFCP:[MD5.DCFD6ED4AA0026E97AAE5A83FA511189] - 04/04/2013 - 14:33:07 ---A- - C:\Windows\Prefetch\SMARTLOGON.EXE-3AB1E568.pf
O45 - LFCP:[MD5.7A6CB91371C03A722BB8F33DA3F236BB] - 05/04/2013 - 10:08:15 ---A- - C:\Windows\Prefetch\PDFREADER.EXE-652254A5.pf
O45 - LFCP:[MD5.C0AB184BFCB0B0A89FB82AAC1464361A] - 06/04/2013 - 12:30:36 ---A- - C:\Windows\Prefetch\7ZG.EXE-2A7D43BC.pf
O45 - LFCP:[MD5.2B1554CEC014CEED2C523720F3F3DF71] - 06/04/2013 - 17:31:22 ---A- - C:\Windows\Prefetch\LAUNCHTM.EXE-280DF42F.pf
O45 - LFCP:[MD5.D2A3466AE1531A1151C6DDDD71B739AF] - 06/04/2013 - 17:56:55 ---A- - C:\Windows\Prefetch\VLC STREAMER CONFIGURATION.EX-CC78E5B4.pf
O45 - LFCP:[MD5.EA0784B67F6A59D1F6225DD65656478A] - 06/04/2013 - 17:57:26 ---A- - C:\Windows\Prefetch\SYNASUSACPI.EXE-A1220D68.pf
O45 - LFCP:[MD5.161BA5E3C6913D7295B085439D613DD4] - 06/04/2013 - 17:57:37 ---A- - C:\Windows\Prefetch\SONICFOCUSTRAY.EXE-3ABEA5CC.pf
O45 - LFCP:[MD5.95A985DE7FA4919A079650FF56446D4C] - 06/04/2013 - 17:58:52 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-EE6839DA.pf
O45 - LFCP:[MD5.C2066B3CF698C42644CEE71C161F20B8] - 06/04/2013 - 17:59:03 ---A- - C:\Windows\Prefetch\GTOR.EXE-13CF978E.pf
O45 - LFCP:[MD5.E3340C325BE7DA9B6A35DC22AC8765A8] - 06/04/2013 - 17:59:04 ---A- - C:\Windows\Prefetch\REMOTEMOUSE.EXE-1933E516.pf
O45 - LFCP:[MD5.977B4A93747552ECD19077CEA8D28561] - 07/03/2013 - 14:14:58 ---A- - C:\Windows\Prefetch\TORCHEAPP.EXE-8B0E058B.pf
O45 - LFCP:[MD5.FB4B4EF2864E7334ACE12031C5B87F72] - 08/03/2013 - 14:49:37 ---A- - C:\Windows\Prefetch\CRAZYEIGHTS.EXE-8E0F5B3A.pf
O45 - LFCP:[MD5.F60C157449E4EF85DB230181EB46FC30] - 09/03/2013 - 19:14:26 ---A- - C:\Windows\Prefetch\YTD.EXE-766EFEBD.pf
O45 - LFCP:[MD5.DD847B9EC8CB1698181ECC603B6B235F] - 10/03/2013 - 17:36:05 ---A- - C:\Windows\Prefetch\OUTLOOKCONNECTOR.EXE-704DC471.pf
O45 - LFCP:[MD5.A1ED32148C41C6B8EAAACC570FEF3937] - 11/03/2013 - 14:51:53 ---A- - C:\Windows\Prefetch\AUTHHOST.EXE-B8924303.pf
O45 - LFCP:[MD5.24389D043A13B96803366B8028B43A85] - 21/03/2013 - 12:58:55 ---A- - C:\Windows\Prefetch\NVCPLUI.EXE-617E0F11.pf
O45 - LFCP:[MD5.01F953CF70C0500C03EC1365509AFBD3] - 21/03/2013 - 14:16:16 ---A- - C:\Windows\Prefetch\PFSTUDIOX.EXE-D855ED62.pf
O45 - LFCP:[MD5.247968438F042AA53AAE99254905DC25] - 25/03/2013 - 14:33:52 ---A- - C:\Windows\Prefetch\AEFMETRO.EXE-D381E818.pf
O45 - LFCP:[MD5.4EA9616DC7F22B4843941270C01D784D] - 26/03/2013 - 18:38:46 ---A- - C:\Windows\Prefetch\SC2EDITOR.EXE-92979FB4.pf
O45 - LFCP:[MD5.94D439CA9DB729C2EAE6EBA8209BA18F] - 26/03/2013 - 18:40:29 ---A- - C:\Windows\Prefetch\FLT-SC2HOTS.EXE-15DD2DA1.pf
O45 - LFCP:[MD5.0384DEC6780F4666C429B37CCEDFD1AE] - 28/03/2013 - 13:57:51 ---A- - C:\Windows\Prefetch\UNITYWEBPLAYER.EXE-5848D8A0.pf
O45 - LFCP:[MD5.4E3BB6EA7AF626E261DB025B8C29C24F] - 29/03/2013 - 10:58:33 ---A- - C:\Windows\Prefetch\RTLWINDOWS8.EXE-9521BA36.pf
O45 - LFCP:[MD5.5872461ECBDB809DC9F63488ADA27E86] - 29/03/2013 - 11:25:57 ---A- - C:\Windows\Prefetch\WORLD_POPULATION_CLOCK_METRO.-466AC170.pf
O45 - LFCP:[MD5.307706517C910F71910E949DDCFA4A32] - 30/03/2013 - 12:47:20 ---A- - C:\Windows\Prefetch\VLCSTREAMERSETUP_3.21.TMP-482433AA.pf
O45 - LFCP:[MD5.1ED78FDACC0837788AC28EB4B78EBF6F] - 30/03/2013 - 12:47:21 ---A- - C:\Windows\Prefetch\VLCSTREAMERSETUP_3.21.TMP-C76C6796.pf
O45 - LFCP:[MD5.A593A95098B5B7A28F7A5074AC2606F3] - 31/03/2013 - 14:49:15 ---A- - C:\Windows\Prefetch\RENAMER.EXE-8BC912B7.pf
O45 - LFCP:[MD5.6ABDB876EF116054B2D9DE717D10C954] - 31/03/2013 - 18:26:09 ---A- - C:\Windows\Prefetch\SUMP.EXE-695C0780.pf
O45 - LFCP:[MD5.84617E80087DDD8A3C5AA9129A74ED36] - 31/03/2013 - 18:27:28 ---A- - C:\Windows\Prefetch\SPNOTIFIER.EXE-54085D26.pf
O45 - LFCP:[MD5.F92E081CED140A7B327B9FFCE7D147E6] - 31/03/2013 - 23:03:58 ---A- - C:\Windows\Prefetch\7ZFM.EXE-7C92DCA0.pf
~ Prefetcher: 190 Legitimates Scanned in 00mn 02s



---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 9 Legitimates Scanned in 00mn 00s



---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 17 Legitimates Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{afa35422-f0e3-11e1-8e2a-5404a6161ff1}\AutoRun\command. (...) -- F:\setup.exe (.not file.)
O51 - MPSK:{afa3542d-f0e3-11e1-8e2a-5404a6161ff1}\AutoRun\command. (...) -- I:\setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 2 Legitimates Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Airytec Switch Off [Key] . (.Airytec - Airytec Switch Off.) -- C:\Program Files\Switch Off\swoff.exe
O53 - SMSR:HKLM\...\startupreg\IntelPAN [Key] . (...) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\Netcom [Key] . (...) -- C:\Program Files (x86)\Netcom\Netcom.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\NetWorx [Key] . (.SoftPerfect Research - NetWorx Application (64-bit).) -- C:\Program Files\NetWorx\networx.exe
O53 - SMSR:HKLM\...\startupreg\Syncables [Key] . (.syncables, LLC - Syncables.) -- C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
O53 - SMSR:HKLM\...\startupreg\Trend Micro Titanium [Key] . (...) -- C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (.not file.)
~ SMSR Keys: 29 Legitimates Scanned in 00mn 01s



---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
~ MWPE Keys: 3 Legitimates Scanned in 00mn 00s



---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.4F18D4C7EA14F11A7211F60D553C03DB] - 26/07/2012 - 06:00:49 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [106736]
O58 - SDL:[MD5.9EAFB3B3B60B8AD958985152A9309ACA] - 29/07/2011 - 13:54:56 ---A- . (...) -- C:\Windows\System32\epmntdrv.sys [16776]
O58 - SDL:[MD5.16E18CED459B1824234890386EE66CD5] - 21/09/2012 - 17:50:26 ---A- . (.http://libusb-win32.sourceforge.net - LibUSB-Win32 - Kernel Driver.) -- C:\Windows\SysWOW64\drivers\libusb0.sys [52832]
O58 - SDL:[MD5.539CA34FBC74EC366A0D751028C32A08] - 29/07/2011 - 13:54:56 ---A- . (...) -- C:\Windows\SysWOW64\epmntdrv.sys [14216]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 03/04/2013 - 11:20:37 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\dlimagecache\22D569481717AB9D99185EA203860D2EFA04E29F [16980]
O61 - LFC: 04/04/2013 - 00:48:06 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\dht.dat [111]
O61 - LFC: 04/04/2013 - 00:48:06 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\rss.dat [99]
O61 - LFC: 04/04/2013 - 09:31:17 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\dlimagecache\5001BA4455AEAF2A438BEF2EFCE04F6C1E060A35 [26026]
O61 - LFC: 04/04/2013 - 14:49:34 ---A- C:\Users\Thibaut\AppData\Roaming\ASUS WebStorage\Logs\AWS-PickerHost.txt [0]
O61 - LFC: 05/04/2013 - 10:16:48 ---A- C:\Users\Thibaut\AppData\Roaming\Nuance\PDF6\SPServers.dat [12]
O61 - LFC: 05/04/2013 - 18:03:21 -SHA- C:\Users\Thibaut\Documents\Ecole\Thumbs.db [37376]
O61 - LFC: 06/04/2013 - 12:07:50 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\dlimagecache\AE4B4BE47B5AFFB903B66C263041FC8B770CB965 [14513]
O61 - LFC: 06/04/2013 - 12:09:34 ---A- C:\Users\Thibaut\AppData\Roaming\dvdcss\CACHEDIR.TAG [203]
O61 - LFC: 06/04/2013 - 17:52:46 ---A- C:\Users\Thibaut\Downloads\Programmes\AdwCleaner.exe [613083]
O61 - LFC: 06/04/2013 - 17:53:07 ---A- C:\Users\Thibaut\AppData\Roaming\DevEject\settings.dat [33003]
O61 - LFC: 06/04/2013 - 17:56:36 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\settings.dat.old [204483]
O61 - LFC: 06/04/2013 - 17:57:08 ---A- C:\Users\Thibaut\AppData\Roaming\Hobbyist Software\VLC Streamer\settings.json [750]
O61 - LFC: 06/04/2013 - 17:57:16 ---A- C:\Users\Thibaut\AppData\Roaming\Hobbyist Software\VLC Streamer\Root\log.txt [2155]
O61 - LFC: 06/04/2013 - 17:58:52 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\settings.dat [204483]
O61 - LFC: 06/04/2013 - 18:06:46 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\dht_feed.dat.old [2]
O61 - LFC: 06/04/2013 - 18:10:52 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\resume.dat.old [109786]
O61 - LFC: 06/04/2013 - 18:11:48 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\dht_feed.dat [2]
O61 - LFC: 06/04/2013 - 18:12:53 ---A- C:\Users\Thibaut\AppData\Roaming\uTorrent\resume.dat [109912]
O61 - LFC: 29/01/2002 - 12:09:44 ---A- C:\Users\Thibaut\Downloads\Programmes\compteur\_INST32I.EX_ [291594]
~ 14 Fichiers temporaires (Temporary files)
~ 1 Fichiers cookies (Cookies files)
~ Files: 367 Legitimates Scanned in 10mn 28s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
~ FASS Keys: 19 Legitimates Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [Thibaut - qjvahjiy.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
~ Keys: Scanned in 00mn 00s



---\\ Crack & Keygen Files (O82)
C:\Users\Thibaut\Documents\Set up's\O&O Defrag Professional 15.0.107 (32-64Bits)+keygen\Keygen by zwt\keygen.exe
C:\Users\Thibaut\Documents\Set up's\O&O Defrag Professional 15.0.107 (32-64Bits)+keygen\X64-setup.exe
C:\Users\Thibaut\Documents\Set up's\O&O Defrag Professional 15.0.107 (32-64Bits)+keygen\X86-setup.exe
C:\Users\Thibaut\Documents\Set up's\O&O Defrag Professional 15.0.107 (32-64Bits)+keygen\Keygen by zwt\keygen.exe
C:\Users\Thibaut\Documents\Set up's\O&O Defrag Professional 15.0.107 (32-64Bits)+keygen\X64-setup.exe
C:\Users\Thibaut\Documents\Set up's\O&O Defrag Professional 15.0.107 (32-64Bits)+keygen\X86-setup.exe
D:\T�l�chargement\Programmes\PhotoFiltre.Studio.X.10.7.0\Keygen\keygen.exe
~ Files: Scanned in 03mn 49s



---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 35 Legitimates Scanned in 00mn 01s



---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.90E1D86D979B92738A47D7072CB22DA8] [SPRF][07/07/2010] (...) -- C:\ProgramData\FullRemove.exe [131472]
[MD5.B28C334C03CEE7C5E829C43AE75DAE5A] [SPRF][28/01/2013] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\Thibaut\AppData\Local\Temp\AskSLib.dll [248008]
[MD5.1624D43077BD715855F171F0C5045018] [SPRF][28/03/2013] (.Unity Technologies ApS - Unity Web Player Installer.) -- C:\Users\Thibaut\AppData\Local\Temp\UnityWebPlayer7429992054370323005.exe [643520]
[MD5.2A6A01AB881E5BCBFB9709C536BF6518] [SPRF][11/02/2013] (...) -- C:\Users\Thibaut\AppData\Local\Temp\__PDFCORE_FMP.dat [169426]
[MD5.56940B50AB0E5923822F47B0E4463885] [SPRF][26/06/2012] (.Bitdefender LLC - Bitdefender QuickScan.) -- C:\Windows\Downloaded Program Files\qsax.dll [731688]
~ Files: Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "UDP Query User{AAA802BE-1A04-4533-841C-E48542980A12}C:\program files (x86)\remote mouse\remotemouse.exe" | In - Public - P17 - TRUE | .(.RemoteMouse.net - Remote Mouse.) -- C:\program files (x86)\remote mouse\remotemouse.exe
O87 - FAEL: "TCP Query User{DE29E0DE-BA62-4CA0-909D-682D66C551EB}C:\program files (x86)\remote mouse\remotemouse.exe" | In - Public - P6 - TRUE | .(.RemoteMouse.net - Remote Mouse.) -- C:\program files (x86)\remote mouse\remotemouse.exe
O87 - FAEL: "{FAAC9DDC-11F4-49E4-ABCD-9F7D9D2F1333}" | In - Private - P17 - TRUE | .(.Melloware Inc - Intelliremote remote control replacement application.) -- C:\Program Files (x86)\Intelliremote\Intelliremote.exe
O87 - FAEL: "{0B8A9E7F-C8DC-4C4E-B22D-CEEA70710061}" | In - Private - P6 - TRUE | .(.Melloware Inc - Intelliremote remote control replacement application.) -- C:\Program Files (x86)\Intelliremote\Intelliremote.exe
O87 - FAEL: "{37EBC2CA-C2C9-4561-A63A-78E21C79F674}" |In - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\Remote Access Host\RemoteSoundServ.exe (.not file.)
O87 - FAEL: "{2614A20C-0436-48AA-911A-CED27484F274}" |In - None - P6 - TRUE | .(...) -- C:\Program Files (x86)\Remote Access Host\RemoteAH.exe (.not file.)
O87 - FAEL: "{C3CFFF55-931E-468D-BDEF-02E578D381C7}" | In - Private - P17 - TRUE | .(.RemoteMouse.net - Remote Mouse.) -- C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
O87 - FAEL: "{8AB7AEB8-8D75-484B-9D91-80A8ACF9F936}" | In - Private - P6 - TRUE | .(.RemoteMouse.net - Remote Mouse.) -- C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
O87 - FAEL: "{D99290BB-3BD3-4DE8-8C60-0D51AC9D48EC}" | In - Private - P17 - TRUE | .(.RealVNC Ltd - VNC� Server.) -- C:\Program Files\RealVNC\VNC Server\vncserver.exe
O87 - FAEL: "{98F80C95-51FD-4ED6-9D1C-5DFB62E2965D}" | In - Private - P6 - TRUE | .(.RealVNC Ltd - VNC� Server.) -- C:\Program Files\RealVNC\VNC Server\vncserver.exe
O87 - FAEL: "{09E9D2C8-26DC-4817-994F-8215DAD4C8EC}" | In - None - P6 - TRUE | .(.Hobbyist Software - VLC Setup Helper.) -- C:\Program Files (x86)\VLC\VLC Setup Helper\VLC Setup Helper.exe
O87 - FAEL: "UDP Query User{D8DC0AF5-47C5-47DC-A82F-B1DCB636EE31}C:\program files (x86)\compteur\compteurserveur.exe" |In - Private - P17 - FALSE | .(...) -- C:\program files (x86)\compteur\compteurserveur.exe (.not file.)
O87 - FAEL: "TCP Query User{B5A88E66-CF0F-41DB-9C3B-C637F023BD1C}C:\program files (x86)\compteur\compteurserveur.exe" |In - Private - P6 - FALSE | .(...) -- C:\program files (x86)\compteur\compteurserveur.exe (.not file.)
O87 - FAEL: "UDP Query User{0BB7A8E6-05BA-4142-AAEC-AD27C10585C7}D:\windows\games\fifa 13\game\fifa13.exe" |In - Private - P17 - TRUE | .(...) -- D:\windows\games\fifa 13\game\fifa13.exe (.not file.)
O87 - FAEL: "TCP Query User{11435864-661F-4620-BB6D-3549DB4C147B}D:\windows\games\fifa 13\game\fifa13.exe" |In - Private - P6 - TRUE | .(...) -- D:\windows\games\fifa 13\game\fifa13.exe (.not file.)
O87 - FAEL: "UDP Query User{345D1397-E5C8-4F35-9A05-7D329B29A1E8}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- C:\program files (x86)\utorrent\utorrent.exe
O87 - FAEL: "TCP Query User{DAC5EEE5-BAC3-4FF0-BB53-ADAD0DDE04C8}C:\program files (x86)\utorrent\utorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- C:\program files (x86)\utorrent\utorrent.exe
O87 - FAEL: "{196C0505-0AEE-4B3C-9A86-C863B283B9C6}" |In - Public - P17 - FALSE | .(...) -- D:\Games\FIFA 13\Game\fifa13.exe (.not file.)
O87 - FAEL: "{56FA41B1-BF47-4112-AE1F-966D188F3E34}" |In - Public - P6 - FALSE | .(...) -- D:\Games\FIFA 13\Game\fifa13.exe (.not file.)
O87 - FAEL: "{23E73A07-A9A7-495B-A473-7C22BA1E9D32}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\Vuze\Azureus.exe (.not file.)
O87 - FAEL: "{26299A3A-55E1-4975-A050-A408CB07CEC9}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\Vuze\Azureus.exe (.not file.)
O87 - FAEL: "UDP Query User{08DB4911-6FC6-4E50-BCBC-668F67E17EF8}D:\games\fifa 12\game\fifa.exe" |In - Private - P17 - TRUE | .(...) -- D:\games\fifa 12\game\fifa.exe (.not file.)
O87 - FAEL: "TCP Query User{60D93063-4092-4260-ABF8-F3BAF904E980}D:\games\fifa 12\game\fifa.exe" |In - Private - P6 - TRUE | .(...) -- D:\games\fifa 12\game\fifa.exe (.not file.)
O87 - FAEL: "{B3C7D012-2226-4907-8327-294DE43F522A}" |In - Private - P17 - FALSE | .(...) -- D:\Games\SplitSecond\SplitSecond.exe (.not file.)
O87 - FAEL: "{AE562B89-8764-4E38-ABB2-CC426789E5EC}" |In - Private - P6 - FALSE | .(...) -- D:\Games\SplitSecond\SplitSecond.exe (.not file.)
O87 - FAEL: "UDP Query User{201F5E89-4182-4D3E-A01D-91EFBCC63975}D:\games\crysis2\bin32\crysis2.exe" |In - Private - P17 - TRUE | .(...) -- D:\games\crysis2\bin32\crysis2.exe (.not file.)
O87 - FAEL: "TCP Query User{7BB49467-9E13-4373-99BE-180BA5E15AA4}D:\games\crysis2\bin32\crysis2.exe" |In - Private - P6 - TRUE | .(...) -- D:\games\crysis2\bin32\crysis2.exe (.not file.)
O87 - FAEL: "UDP Query User{2DD5400C-03B4-44C4-8B4A-7D2BCD17BB65}D:\games\mass effect 3\binaries\win32\masseffect3.exe" |In - Public - P17 - TRUE | .(...) -- D:\games\mass effect 3\binaries\win32\masseffect3.exe (.not file.)
O87 - FAEL: "TCP Query User{13C38BF8-8A8B-440A-BCC5-02ADAB6E3B11}D:\games\mass effect 3\binaries\win32\masseffect3.exe" |In - Public - P6 - TRUE | .(...) -- D:\games\mass effect 3\binaries\win32\masseffect3.exe (.not file.)
O87 - FAEL: "UDP Query User{9749EA3D-4593-4A1A-8FFB-9629B293AFE8}C:\windows\kmsemulator.exe" | In - Private - P17 - TRUE | .(...) -- C:\windows\kmsemulator.exe
O87 - FAEL: "TCP Query User{83DB4406-A33F-4AAD-A60F-54861922A744}C:\windows\kmsemulator.exe" | In - Private - P6 - TRUE | .(...) -- C:\windows\kmsemulator.exe
O87 - FAEL: "{D79A89ED-68D3-4573-AF54-DA75A56260BF}" |In - Domain - P17 - FALSE | .(...) -- D:\Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.94\deploy\LoLLauncher.exe (.not file.)
O87 - FAEL: "{DBE0ED66-00D4-4BE6-A838-1CBA5F44F268}" |In - Domain - P6 - FALSE | .(...) -- D:\Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.94\deploy\LoLLauncher.exe (.not file.)
O87 - FAEL: "{AE18FCCE-C145-4568-A85F-DC061F1B6D07}" |In - Private - P17 - TRUE | .(...) -- D:\Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.94\deploy\LoLLauncher.exe (.not file.)
O87 - FAEL: "{FD91F085-95E2-42BF-9415-63C3B67A750D}" |In - Private - P6 - TRUE | .(...) -- D:\Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.94\deploy\LoLLauncher.exe (.not file.)
O87 - FAEL: "{2D6F0D33-7919-4DD9-8F89-E4AAB67C09A8}" | In - Domain - P17 - FALSE | .(...) -- D:\Games\League of Legends\lol.launcher.admin.exe
O87 - FAEL: "{89CB58A7-376C-435C-A584-66F512381E53}" | In - Domain - P6 - FALSE | .(...) -- D:\Games\League of Legends\lol.launcher.admin.exe
O87 - FAEL: "{B9342210-413B-40CF-8FF7-039C7A569A50}" | In - Private - P17 - TRUE | .(...) -- D:\Games\League of Legends\lol.launcher.admin.exe
O87 - FAEL: "{6EDC4874-A9FF-49D6-B6DE-8CBAD22FB77C}" | In - Private - P6 - TRUE | .(...) -- D:\Games\League of Legends\lol.launcher.admin.exe
O87 - FAEL: "{9CE8DF06-0385-41FE-A08E-EC7728CEFE18}" | In - Domain - P17 - FALSE | .(...) -- D:\Games\League of Legends\lol.launcher.exe
O87 - FAEL: "{98AC0C28-5981-4FB7-B302-DBA87E0ADFF4}" | In - Domain - P6 - FALSE | .(...) -- D:\Games\League of Legends\lol.launcher.exe
O87 - FAEL: "{DEE65CE2-C9E5-4261-9E90-D73664C16328}" | In - Private - P17 - TRUE | .(...) -- D:\Games\League of Legends\lol.launcher.exe
O87 - FAEL: "{68DD03B1-1AD5-4942-BC45-9BA04C5A5E80}" | In - Private - P6 - TRUE | .(...) -- D:\Games\League of Legends\lol.launcher.exe
O87 - FAEL: "{B0791DB1-3108-4A24-A5CA-E907FD17837D}" | In - None - P17 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- C:\Users\Thibaut\Documents\Set up's\uTorrent.exe
O87 - FAEL: "{4F721CA4-CB1E-43A7-A2F2-2CCE5CFF0433}" | In - None - P6 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- C:\Users\Thibaut\Documents\Set up's\uTorrent.exe
O87 - FAEL: "UDP Query User{637C4E98-D8DE-45C2-94FB-4B18431A9E2B}C:\users\thibaut\documents\set up's\utorrent.exe" | In - Private - P17 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- C:\users\thibaut\documents\set up's\utorrent.exe
O87 - FAEL: "TCP Query User{AC31F2D7-A356-4FB1-8448-3BB5A2B089CD}C:\users\thibaut\documents\set up's\utorrent.exe" | In - Private - P6 - TRUE | .(.BitTorrent, Inc. - �Torrent.) -- C:\users\thibaut\documents\set up's\utorrent.exe
O87 - FAEL: "{9CC0DA2F-0639-47DA-9E8F-1A0035B46F1D}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\NetXfer\NetTransport.exe (.not file.)
O87 - FAEL: "{1DA71494-33E7-4540-898D-59C71CE8F9E2}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\NetXfer\NetTransport.exe (.not file.)
O87 - FAEL: "{B2D14429-8725-45F7-935F-5EDF311DA4DC}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\NetXfer\FTPTransport.exe (.not file.)
O87 - FAEL: "{5E0790E5-146A-44A0-B214-33111951EAEC}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\NetXfer\FTPTransport.exe (.not file.)
O87 - FAEL: "TCP Query User{183F2B1F-0A67-42B0-93FB-7F16D0B1A27F}C:\program files (x86)\greedytorrent\gtor.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\greedytorrent\gtor.exe
O87 - FAEL: "UDP Query User{5EDC52FE-440D-4E9B-87A6-00394985BEE9}C:\program files (x86)\greedytorrent\gtor.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\greedytorrent\gtor.exe
O87 - FAEL: "{20FBF847-15E2-4EC7-9424-C3CD2030E840}" | In - None - P17 - TRUE | .(.Hobbyist Software - VLC Streamer Configuration.) -- C:\Program Files (x86)\VLC Streamer\VLC Streamer Configuration.exe
~ Firewall: 329 Legitimates Scanned in 00mn 06s



---\\ Scan Additionnel (O88)
Database Version : v2.11459 - (05/04/2013)
Cl�s trouv�es (Keys found) : 4
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 2
Fichiers trouv�s (Files found) : 1

[HKLM\Software\Wow6432Node\InstallIQ] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
C:\Program Files (x86)\YouTube Downloader =>PUP.Dealio
C:\ProgramData\YouTube Downloader =>PUP.Dealio
C:\Windows\KMSEmulator.exe =>Hijacker.Windows
~ Additionnel: Scanned in 00mn 15s



---\\ Product Upgrade Codes (O90)
O90 - PUC: "680EFFAD50A61F64093A5E5C41AA207D" . (.Dev Eject.) -- C:\WINDOWS\Installer\{DAFFE086-6A05-46F1-90A3-E5C514AA02D7}\deveject.ico
~ Update Products: 275 Legitimates Scanned in 00mn 00s



---\\ MyComputer Name Space (O92)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s



---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 13/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 04/03/2011 379520 | (AFBAgent) . (.ASUSTeK Computer Inc..) - C:\Windows\system32\FBAgent.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 16/06/2009 84536 | (ASLDRService) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
SR - | Auto 15/12/2009 96896 | (ATKGFNEXSrv) . (.ASUS.) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
SR - | Auto 30/10/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SS - | Demand 10/10/2012 277024 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 13/04/2011 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/04/2011 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/04/2011 182768 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Auto 19/02/2011 118784 | (Intelliservice) . (.Melloware Inc.) - C:\Program Files (x86)\Intelliremote\Intelliservice.exe
SR - | Demand 20/02/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 28/10/2012 427976 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\x64\maconfservice.exe
SR - | Auto 14/12/2012 398184 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SS - | Auto 14/12/2012 682344 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 08/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Disabled 02/10/2012 891240 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SS - | Auto 30/08/2012 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 17/11/2011 3273552 | (OODefragAgent) . (.O&O Software GmbH.) - C:\Program Files\OO Software\Defrag\oodag.exe
SS - | Auto 2159352 | (OS Selector) . (...) - C:\Program Files (x86)\DiskDirector\OSS\reinstall_svc.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Auto 31/10/2010 179712 | (SwOffScheduler) . (.Airytec.) - C:\Program Files\Switch Off\swoff.exe
SS - | Auto 31/10/2010 179712 | (SwOffWeb) . (.Airytec.) - C:\Program Files\Switch Off\swoff.exe
SR - | Auto 17/04/2010 134928 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SS - | Demand 02/10/2012 4773768 | (vncserver) . (.RealVNC Ltd.) - C:\Program Files\RealVNC\VNC Server\vncserver.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 03s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Thibaut at 06/04/2013 19:25:04

device: opened successfully
user: error reading MBR

Disk trace:
error: Read Descripteur non valide
kernel: error reading MBR
~ MBR: 9 Legitimates Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Thibaut at 06/04/2013 19:25:06

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



~ 2060 Legitimates filtered by white list
End of the scan (791 lines in 16mn 42s)(7)

Publicité

Soutenons La Quadrature du Net ! Soutenons La Quadrature du Net !

Signaler le contenu de ce document

Publicité

Soutenons La Quadrature du Net !