FORUM D’ENTRAIDE INFORMATIQUE (FEI)
Site d’assistance et de sécurité informatique

Aide à la désinfection (pages publicitaires, moteur de recherche remplacé, redirections, virus...).
Règles du forum : Entraide concernant la désinfection et la sécurité informatique : en cas de publicités intempestives, pop-up, redirections, logiciels indésirables, ralentissements suspects, virus, etc.
Une désinfection complète vous sera assurée : désinfection, sécurisation, puis prévention.
Seuls les helpers (personnes qualifiées et formées à la désinfection) ainsi que le staff sont autorisés à apporter leur aide dans cette section.
Merci également de prendre connaissance de la charte générale du forum.
  • Avatar du membre
Avatar du membre
par dav86
#73271
salut,
Rapport de ZHPFix 2013.10.21.17 par Nicolas Coolman, Update du 21/10/2013
Fichier d'export Registre :
Run by Alatte at 05/11/2013 17:47:22
High Elevated Privileges : OK
Windows XP Home Edition Service Pack 2 (Build 2600)

Corbeille vidée (00mn 02s)

========== Autre ==========
NON TRAITÉ ShorcutFix


========== Récapitulatif ==========
1 : Autre


End of clean in 00mn 02s

========== Chemin de fichier rapport ==========
C:\Users\Alatte\AppData\Roaming\ZHP\ZHPFix[R1].txt - 29/10/2013 11:55:24 [2756]
C:\Users\Alatte\AppData\Roaming\ZHP\ZHPFix[R2].txt - 02/11/2013 14:11:25 [540]
C:\Users\Alatte\AppData\Roaming\ZHP\ZHPFix[R3].txt - 05/11/2013 17:47:25 [605]
Avatar du membre
par dav86
#73273
~ Rapport de ZHPDiag v2013.11.1.2 - Nicolas Coolman (02/11/2013)
~ Lancé par Alatte (05/11/2013 17:50:57)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16721
MFIE: Mozilla Firefox 25.0 (Defaut)
GCIE: Google Chrome v30.0.1599.101

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Avira Free Antivirus v13.0.0.4042
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v3.20 =Piriform Ltd

---\\ Logiciels de partage PeerToPeer
Pando Media Booster v2.6.0.8

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 7
Java 7 Update 45

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6135 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 257 GB (55%) free of 459 GB

---\\ Mode de connexion au système
~ Computer Name: ALATTE-PC
~ User Name: Alatte
~ All Users Names: sandrine, Alatte, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Alatte\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Alatte\AppData\Roaming\
~ %Desktop% : C:\Users\Alatte\Desktop\
~ %Favorites% : C:\Users\Alatte\Favorites\
~ %LocalAppData% : C:\Users\Alatte\AppData\Local\
~ %StartMenu% : C:\Users\Alatte\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 257 Go of 459 Go)
D: Hard drive, Flash drive, Thumb drive (Free 458 Go of 459 Go)
E: CD-ROM drive (Free 0 Go of 6 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/09/2013 - 23:55:10.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/09/2013 - 02:10:19.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/7
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/64
~ Mes Documents (My Documents) : 1/700
~ Mon Bureau (My Desktop) : 1/28
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2744]
[MD5.89F7B7CCC82D7E6FF9832FE3D24988C4] - (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552] [PID.252]
[MD5.4458989C34FA84B5A75DD3ABCFBE786A] - (.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624] [PID.1264]
[MD5.F0EA603E7B91046CA48EA4B3593A007D] - (.Micro Application - Pas de description.) -- C:\Program Files (x86)\Micro Application\LauncherMA.exe [485376] [PID.552]
[MD5.27964C4676D0F4B34DB7332AFA2B1474] - (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192] [PID.1032]
[MD5.AD16557CECFB17CF7393D28DC40F6D09] - (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [563744] [PID.2680]
[MD5.80C1D422AAE807CF20A5E353EB8B5661] - (.CyberLink Corp. - Arcade Movie Resident Program.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136] [PID.2920]
[MD5.DB3F7F19F942D3CE4E1A0E8D9FF541FB] - (.Avira Operations GmbH Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192] [PID.2304]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3108]
[MD5.6C695B04E2E29459CDC2E5C0970B883B] - (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512] [PID.3688]
[MD5.EF01D104449CC654FDCF423C92BD8846] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.2840]
[MD5.C5D445474CDE2EA0C01548EEC465EACD] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8164864] [PID.2536]
[MD5.8769E2D1072B62AB071F166F03B3E3DC] - (.Avira Operations GmbH Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024] [PID.1468]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1612]
[MD5.AD1D13E6326E0B8DA2A7BE13B39A8FE0] - (.Avira Operations GmbH Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088] [PID.1652]
[MD5.816FD5A6F3C2F3D600900096632FC60E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [1150496] [PID.1704]
[MD5.EDCCC8C13B1EB882F77BA0ABB84566E7] - (.Pas de propriétaire - Inkjet Printer/Scanner/Fax Extended Survey.) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe [140456] [PID.1764]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1824]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1852]
[MD5.3A2BDD76E7D2A5F40A7174793D1BA794] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [75136] [PID.1892]
[MD5.F12A68ED55053940CADD59CA5E3468DD] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904] [PID.2028]
[MD5.F9EC9ACD504D823D9B9CA98A4F8D3CA2] - (.Acer Group - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232] [PID.736]
[MD5.B5E6C4F280EBF0B16F74A5B415F2E0DF] - (.Pas de propriétaire - USB S3S4 Detection.) -- C:\OEM\USBDECTION\USBS3S4Detection.exe [76320] [PID.2052]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Alatte\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 12 Legitimates Filtered in 00mn 06s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Alatte\AppData\Roaming\Mozilla\Firefox\Profiles\hl5cnu5x.default-1381266156581\prefs.js
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Acrobat Reader 5.0.lnk . (.Adobe Systems Incorporated - Acrobat Reader 5.0.) -- C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
O4 - GS\Desktop [Public]: Canon Quick Menu.lnk . (.CANON INC. - Canon Quick Menu.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.exe
O4 - GS\Desktop [Public]: chrome.exe.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: firefox.exe.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: OpenOffice 4.0.0.lnk . (.Apache Software Foundation - OpenOffice 4.0.0.) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
O4 - GS\Desktop [Public]: Unity.lnk . (.Unity Technologies ApS - Unity Editor.) -- C:\Program Files (x86)\Unity\Editor\Unity.exe
O4 - GS\Program [Public]: Acrobat Reader 5.0.lnk . (.Adobe Systems Incorporated - Acrobat Reader 5.0.) -- C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
O4 - GS\Program [Public]: firefox.exe.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [sandrine]: GameSpy Arcade.lnk . (.GameSpy Industries, Inc. - GameSpy Arcade 1.4.) -- C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
O4 - GS\QuickLaunch [sandrine]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [sandrine]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [sandrine]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [sandrine]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [sandrine]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [sandrine]: GameSpy Arcade.lnk . (.GameSpy Industries, Inc. - GameSpy Arcade 1.4.) -- C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
O4 - GS\Desktop [sandrine]: Ubi Soft Product Registration.lnk . (.Ubi Soft - Pas de description.) -- C:\Program Files (x86)\Ubi Soft\Register\register.exe
O4 - GS\QuickLaunch [Alatte]: chrome.exe.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Alatte]: GameSpy Arcade.lnk . (.GameSpy Industries, Inc. - GameSpy Arcade 1.4.) -- C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
O4 - GS\QuickLaunch [Alatte]: iexplore.exe.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Alatte]: iexplore.exe.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Alatte]: iexplore.exe.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories [Alatte]: iexplore.exe.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo [Alatte]: Xfire Ami(e).lnk . (...) -- C:\Program Files (x86)\Xfire\Xfire.exe (.not file.)
O4 - GS\Desktop [Alatte]: GameSpy Arcade.lnk . (.GameSpy Industries, Inc. - GameSpy Arcade 1.4.) -- C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
O4 - GS\Desktop [Alatte]: iexplore.exe.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Alatte]: OTM - Raccourci.lnk . (.OldTimer Tools - Pas de description.) -- C:\Users\Alatte\Downloads\OTM.exe
O4 - GS\Desktop [Alatte]: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe =.Nicolas Coolman
~ Global Startup: 103 Legitimates Filtered in 00mn 04s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Alatte]: Lanceur.lnk . (.Micro Application - Pas de description.) -- C:\Program Files (x86)\Micro Application\LauncherMA.exe
O4 - GS\Startup [Alatte]: Registration .LNK . (...) -- C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Double Agent\support\Register\Reg.exe (.not file.)
O4 - HKLM\..\Run: [mwlDaemon] . (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =.Realtek Semiconductor Corp
O4 - HKCU\..\Run: [Pando Media Booster] . (.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKLM\..\Wow6432Node\Run: [SuiteTray] . (.Egis Technology Inc. - SuiteTray.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
O4 - HKLM\..\Wow6432Node\Run: [EgisUpdate] . (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [EgisTecPMMUpdate] . (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [Hotkey Utility] . (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Wow6432Node\Run: [MDS_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [ArcadeMovieService] . (.CyberLink Corp. - Arcade Movie Resident Program.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe =.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [CanonQuickMenu] . (.CANON INC. - Canon Quick Menu.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-21-337464992-296471290-3356353711-1000\..\Run: [Pando Media Booster] . (.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
~ Application: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com
O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{77E05783-9DA1-425A-BBC3-9A5C89C94808}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{77E05783-9DA1-425A-BBC3-9A5C89C94808}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{77E05783-9DA1-425A-BBC3-9A5C89C94808}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Go for FilesUpdate] (...) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (.not file.) [0] =P2P.GoforFiles
[MD5.00000000000000000000000000000000] [APT] [{12057A87-6954-4D95-BCF4-1870896417FD}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2479915F-EC78-4E9B-8546-3DA8189B0AC6}] (...) -- C:\Program Files (x86)\Illusion Softworks\Hidden Dangerous 2\hd2.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{68583218-406A-44A9-8521-5D560795A2B7}] (...) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B9361F11-902B-4607-87BB-FC7FDF924331}] (...) -- C:\Program Files\Bohemia Interactive\ArmA\arma.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F31478B2-9672-4546-AB4F-D32E87AB604E}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) [0]
~ Scheduled Task: 26 Legitimates Filtered in 00mn 06s



---\\ Logiciels installés (O42)
O42 - Logiciel: Spec Ops: The Line - (.Yager.) [HKLM][64Bits] -- Steam App 50300
~ Logic: 115 Legitimates Filtered in 00mn 00s



---\\ HKCU HKLM Software Keys
[HKCU\Software\Pando Networks]
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\Pando Networks]
~ Key Software: 274 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/04/2012 - 23:15:41 - [7,234] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 16/07/2012 - 19:09:40 - [0,001] ----D C:\Users\Alatte\AppData\Local\reakktor
~ 1216 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1505 Legitimates Filtered in 00mn 23s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.D39DB3CDBBC6488ED74A5ACC01BA4DCA] - 25/10/2013 - 12:35:11 ---A- . (...) -- C:\Windows\ntbtlog.txt [150616]
O44 - LFC:[MD5.B88F8D738C1B5A1B8F06544DE658ECB9] - 30/10/2013 - 12:41:37 ---A- . (...) -- C:\rapport.txt [413]
O44 - LFC:[MD5.F25E5E8B160F7B1228137F65CF4459E6] - 30/10/2013 - 13:46:32 ---A- . (...) -- C:\Windows\DirectX.log [17551]
~ Files: 17 Legitimates Filtered in 00mn 52s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{0b5ab857-893d-11e0-b816-806e6f6e6963}\AutoRun\command. (...) -- E:\Launcher.exe
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Overwolf [Key] . (.Overwolf - Overwolf.) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
~ SMSR Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.B8B7DF85909DE0E0DA5B8E1BF67EF033] - 06/03/2013 - 20:50:17 ---A- . (.Protect Software GmbH - ProtectDisc Filter Driver x64.) -- C:\Windows\System32\Drivers\acedrv10.sys [276480]
O58 - SDL:[MD5.CE4B6956E4E12492715A53076E58761F] - 09/11/2009 - 00:42:00 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16392]
~ Drivers: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 06/03/2013 - C:\Windows\system32\drivers\acedrv10.sys (acedrv10) .(.Protect Software GmbH - ProtectDisc Filter Driver x64.) - LEGACY_ACEDRV10
~ Legacy: 94 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- searches.com\?utm_source=butm_medium=s32utm_campaign=eXQutm_content=scfrom=s32uid=WDCXWD10EARS-22Y5B1_WD-WCAV5A19477494774ts=1381152335 C:\Program Files\Internet Explorer\iexplore.exe http://www.do =Hijacker.wwwDo
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.6ACBD475647D7A160657CB3E460F0F35] [SPRF][27/01/2010] (...) -- C:\ProgramData\FullRemove.exe [131472]
[MD5.7EFA501C050F35610A750928C8F246BE] [SPRF][07/10/2013] (...) -- C:\Users\Alatte\AppData\Roaming\wklnhst.dat [226]
[MD5.FC05CF5526BA0C9CCDEB02BB61503ED1] [SPRF][29/04/2013] (...) -- C:\Users\Alatte\Desktop\avira_free_antivirus_fr.exe [104833992]
~ Files: 6 Legitimates Filtered in 00mn 01s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "70140BF22CB7C94419A535B0925B0EEF" . (.UE3Redist.) -- C:\Windows\Installer\{2FB04107-7BC2-449C-915A-530B29B5E0FE}\ARPPRODUCTICON.exe
~ Update Products: 155 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.23E107196CB1CB6E66C5689C8EC06C1C] [WIS][02/07/2009] (.Nokia - PC Connectivity Solution.) -- C:\Windows\Installer\1516a1.msi [21368832]
~ WIS: 162 Legitimates Filtered in 00mn 20s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 08/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 24/07/2013 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 10/09/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 10/09/2013 108088 | (AntiVirService) . (.Avira Operations GmbH Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 28/08/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
SS - | Auto 15/12/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 15/12/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 28/03/2012 140456 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SR - | Auto 04/08/2013 2650960 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 30/10/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 01/02/2010 305520 | (MWLService) . (.Egis Technology Inc..) - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
SS - | Demand 22/08/2013 18360 | (OverwolfUpdaterService) . (.Overwolf Ltd.) - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 03/02/2010 244904 | (RichVideo) . (...) - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
SS - | Demand 11/11/2008 620544 | (ServiceLayer) . (.Nokia..) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 03/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 09/10/2013 565672 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 29/01/2010 243232 | (Updater Service) . (.Acer Group.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 09/12/2009 76320 | (USBS3S4Detection) . (...) - C:\OEM\USBDECTION\USBS3S4Detection.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 21s



---\\ Scan Additionnel (O88)
Database Version : 12965 - (02/11/2013)
Clés trouvées (Keys found) : 9
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =Toolbar.Ask
~ Additionnel Scan: 323087 Items scanned in 00mn 14s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blo ... cker-wwwdo =Hijacker.wwwDo
~ http://nicolascoolman.webs.com/apps/blo ... oolbar-ask =Toolbar.Ask
~ MSI: 2 link(s) detected in 00mn 14s



~ 2577 Legitimates filtered by white list
End of the scan (458 lines in 02mn 30s)(0)

voila,et pour le programme zhpdiag je l ai desinstaler et reinstaler comme tu ma dit de faire mais il me dit toujours de telecharger la derniere version ,mais ca fonctionne quand meme ,je trouve juste bizar qu il me demande a chaque fois .
bonne soiree a+
par roro04
#73566
Salut !
  • Fais un clic droit sur ton bureau.
  • Sélectionne "Nouveau" et ensuite "Document texte".
  • Une fenêtre s'ouvre.
  • Copie/colle les lignes ci-dessous dans cette fenêtre :

    HKU\sandrine\...\Run: [Execution Control Services] - C:\Program Files (x86)\Windows Service\csrss32.exe
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b ... 1381152335
    SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    2013-10-16 19:01 - 2013-10-25 12:42 - 00000799 _____ C:\Users\Alatte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iexplore.exe.lnk
    2013-10-25 12:42 - 2013-10-16 19:01 - 00000799 _____ C:\Users\Alatte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iexplore.exe.lnk
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearches.com/?utm_source=b ... 1381152335
  • Clique sur Fichier et ensuite sur Enregistrer-sous.
  • Dans le champs en bas, nom du fichier, mets : fixlist.txt
  • Clique sur Enregistrer - Cela va créer un fichier fixlist.txt sur le bureau.
  • Relance FRST et clique sur le bouton Fix.
  • Un redémarrage est parfois nécessaire (pas obligatoire).
  • Un fichier texte apparaît, copie/colle le contenu de ce fichier dans ta réponse.
Ensuite refais un scan avec ZHPDiag et Farbar.

@+
Avatar du membre
par dav86
#73781
salut
alors j ai bien mis les texte au dessus sur mon bureau pas de probleme par contre quand j'ouvre frst et que je clic sur fix il me dit qu'il n y a pas de fixlist alors j ai fais research et ma ouvert cette fenetre
Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by Alatte at 2013-11-07 15:32:07
Running from C:\Users\Alatte\Downloads
Boot Mode: Normal

================== Search: "fixlist" ===================

====== End Of Search ======
je fait qoi?
a+
par roro04
#74130
Hum tu as bien mis comme nom de fichier fixlist sur ton bureau (et pas une double extension fixlist.txt.txt) ?
Avatar du membre
par dav86
#74319
re j ai reessayer la manipe et voila ce qu il me dit peut etre que ca poura t aider car je suis pas bon en anglais.
la fenetre qui s ouvre apres que j ai cliquer sur fix .
farbar recovery scan tool.

no fixlist .txt found.
the fixlist.txt should be mode and saved in the some directory the tool is located.

voila bonne journee a+
par roro04
#74427
Ok, as-tu bien téléchargé Farbar sur ton bureau ? Car il faut que farbar et le fichier fixlist soient dans le même dossier

Bonne soirée,
@+
Avatar du membre
par dav86
#75576
salut j ai bien ajouter farbar au fichier fixlist mais ca me dit toujour pareil et comme je comprend pas l anglais j y comprend rien lol la je c est pas quoi faire d autre j ai desinstaler frst en 64 bit et j ai retelecharger en 32 bit mais je pouvais,donc la version pour 64 bit est bien la bonne je l ai reinstaler ,mais ca change rien.
bonne journee a+
par roro04
#76057
Salut !

Tu dois avoir dans le même dossier deux choses : Le programme farbar ET le fichier texte (donc créé avec le bloc notes) nommé fixlist

Ensuite tu lances farbar et tu cliques sur Fix.

Est-ce que tu as bien fait comme cela ?

Bonne soirée,
à+
Avatar du membre
par dav86
#76946
salut oui j ai fait comme ca pourtant ,mais rien a faire quand je clic sur fix il se passe rien
bonne journee a+
Avatar du membre
par dav86
#76957
re je t'envoi quand meme les rapport zhpdiag et farbar peut etre que tu vera ce qui ne va pas

~ Rapport de ZHPDiag v2013.11.1.2 - Nicolas Coolman (02/11/2013)
~ Lancé par Alatte (17/11/2013 11:28:02)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16736
MFIE: Mozilla Firefox 25.0 (Defaut)
GCIE: Google Chrome v30.0.1599.101

---\\ Informations sur les produits Windows
~ Langage: Français
Windows Vista Home Premium Edition, 64-bit (Build 6000)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK

---\\ Logiciels de protection du système
Avira Free Antivirus v13.0.0.4042
Malwarebytes Anti-Malware version 1.75.0.1300

---\\ Logiciels d'optimisation du système
CCleaner v3.20 =Piriform Ltd

---\\ Logiciels de partage PeerToPeer
Pando Media Booster v2.6.0.8

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 7
Java 7 Update 45

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6135 MB (67% free)
System Restore: Activé (Enable)
System drive C: has 255 GB (55%) free of 459 GB

---\\ Mode de connexion au système
~ Computer Name: ALATTE-PC
~ User Name: Alatte
~ All Users Names: sandrine, Alatte, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Alatte\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Alatte\AppData\Roaming\
~ %Desktop% : C:\Users\Alatte\Desktop\
~ %Favorites% : C:\Users\Alatte\Favorites\
~ %LocalAppData% : C:\Users\Alatte\AppData\Local\
~ %StartMenu% : C:\Users\Alatte\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 255 Go of 459 Go)
D: Hard drive, Flash drive, Thumb drive (Free 458 Go of 459 Go)
E: CD-ROM drive (Free 0 Go of 4 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9706C99DAEBE3FEAC811B239617E98C4] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/10/2013 - 09:45:20.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/7
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/64
~ Mes Documents (My Documents) : 1/737
~ Mon Bureau (My Desktop) : 1/30
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 00mn 01s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2732]
[MD5.89F7B7CCC82D7E6FF9832FE3D24988C4] - (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552] [PID.2564]
[MD5.F0EA603E7B91046CA48EA4B3593A007D] - (.Micro Application - Pas de description.) -- C:\Program Files (x86)\Micro Application\LauncherMA.exe [485376] [PID.2488]
[MD5.27964C4676D0F4B34DB7332AFA2B1474] - (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192] [PID.2664]
[MD5.AD16557CECFB17CF7393D28DC40F6D09] - (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [563744] [PID.2768]
[MD5.80C1D422AAE807CF20A5E353EB8B5661] - (.CyberLink Corp. - Arcade Movie Resident Program.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136] [PID.2772]
[MD5.DB3F7F19F942D3CE4E1A0E8D9FF541FB] - (.Avira Operations GmbH Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192] [PID.1588]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2428]
[MD5.6C695B04E2E29459CDC2E5C0970B883B] - (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512] [PID.3392]
[MD5.EF01D104449CC654FDCF423C92BD8846] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.5032]
[MD5.2A43A30EF7FCFD1284F8C3318B784A68] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.1508]
[MD5.CEED3CE0035F55A08EEEC34B5804723C] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe [1862536] [PID.3676]
[MD5.C5D445474CDE2EA0C01548EEC465EACD] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8164864] [PID.4444]
[MD5.8769E2D1072B62AB071F166F03B3E3DC] - (.Avira Operations GmbH Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024] [PID.1396]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1632]
[MD5.AD1D13E6326E0B8DA2A7BE13B39A8FE0] - (.Avira Operations GmbH Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088] [PID.1664]
[MD5.816FD5A6F3C2F3D600900096632FC60E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [1150496] [PID.1708]
[MD5.EDCCC8C13B1EB882F77BA0ABB84566E7] - (.Pas de propriétaire - Inkjet Printer/Scanner/Fax Extended Survey.) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe [140456] [PID.1756]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.1820]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1944]
[MD5.3A2BDD76E7D2A5F40A7174793D1BA794] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [75136] [PID.1996]
[MD5.F12A68ED55053940CADD59CA5E3468DD] - (.Pas de propriétaire - RichVideo Module.) -- C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904] [PID.2040]
[MD5.F9EC9ACD504D823D9B9CA98A4F8D3CA2] - (.Acer Group - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232] [PID.1968]
[MD5.B5E6C4F280EBF0B16F74A5B415F2E0DF] - (.Pas de propriétaire - USB S3S4 Detection.) -- C:\OEM\USBDECTION\USBS3S4Detection.exe [76320] [PID.2064]
[MD5.F02A533F517EB38333CB12A9E8963773] - (.Google Inc. - Programme d'installation de Google.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [136176] [PID.4684]
[MD5.1A7C91AC6F14EBB22688704A13DC8D17] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Update\Install\{4FD795B5-3BEA-4F8D-9912-E3D4DEEA434F}\31.0.1650.57_30.0.1599.101_chrome_updater.exe [12598112] [PID.4248]
[MD5.53502C685FE56B5FE25507EF951E0779] - (.Google Inc. - Google Chrome.) -- C:\Windows\TEMP\CR_42E72.tmp\setup.exe [1210320] [PID.3984]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Alatte\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 12 Legitimates Filtered in 00mn 07s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Alatte\AppData\Roaming\Mozilla\Firefox\Profiles\hl5cnu5x.default-1381266156581\prefs.js
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = preserve
~ IE Browser: 16 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Acrobat Reader 5.0.lnk . (.Adobe Systems Incorporated - Acrobat Reader 5.0.) -- C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
O4 - GS\Desktop [Public]: Canon Quick Menu.lnk . (.CANON INC. - Canon Quick Menu.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.exe
O4 - GS\Desktop [Public]: chrome.exe.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: firefox.exe.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Oblivion.lnk . (.Bethesda Softworks - Oblivion Launcher.) -- C:\Program Files (x86)\Bethesda Softworks\Oblivion\OblivionLauncher.exe
O4 - GS\Desktop [Public]: OpenOffice 4.0.0.lnk . (.Apache Software Foundation - OpenOffice 4.0.0.) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
O4 - GS\Desktop [Public]: Unity.lnk . (.Unity Technologies ApS - Unity Editor.) -- C:\Program Files (x86)\Unity\Editor\Unity.exe
O4 - GS\Program [Public]: Acrobat Reader 5.0.lnk . (.Adobe Systems Incorporated - Acrobat Reader 5.0.) -- C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
O4 - GS\Program [Public]: firefox.exe.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [sandrine]: GameSpy Arcade.lnk . (.GameSpy Industries, Inc. - GameSpy Arcade 1.4.) -- C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
O4 - GS\QuickLaunch [sandrine]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [sandrine]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [sandrine]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [sandrine]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [sandrine]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [sandrine]: GameSpy Arcade.lnk . (.GameSpy Industries, Inc. - GameSpy Arcade 1.4.) -- C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
O4 - GS\Desktop [sandrine]: Ubi Soft Product Registration.lnk . (.Ubi Soft - Pas de description.) -- C:\Program Files (x86)\Ubi Soft\Register\register.exe
O4 - GS\QuickLaunch [Alatte]: chrome.exe.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Alatte]: GameSpy Arcade.lnk . (.GameSpy Industries, Inc. - GameSpy Arcade 1.4.) -- C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
O4 - GS\QuickLaunch [Alatte]: iexplore.exe.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Alatte]: iexplore.exe.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Alatte]: iexplore.exe.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories [Alatte]: iexplore.exe.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo [Alatte]: Xfire Ami(e).lnk . (...) -- C:\Program Files (x86)\Xfire\Xfire.exe (.not file.)
O4 - GS\Desktop [Alatte]: FRST64 - Raccourci.lnk . (.Farbar - Pas de description.) -- C:\Users\Alatte\Downloads\FRST64.exe
O4 - GS\Desktop [Alatte]: GameSpy Arcade.lnk . (.GameSpy Industries, Inc. - GameSpy Arcade 1.4.) -- C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
O4 - GS\Desktop [Alatte]: iexplore.exe.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Alatte]: OTM - Raccourci.lnk . (.OldTimer Tools - Pas de description.) -- C:\Users\Alatte\Downloads\OTM.exe
O4 - GS\Desktop [Alatte]: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe =.Nicolas Coolman
~ Global Startup: 105 Legitimates Filtered in 00mn 05s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Alatte]: Lanceur.lnk . (.Micro Application - Pas de description.) -- C:\Program Files (x86)\Micro Application\LauncherMA.exe
O4 - GS\Startup [Alatte]: Registration .LNK . (...) -- C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Double Agent\support\Register\Reg.exe (.not file.)
O4 - HKLM\..\Run: [mwlDaemon] . (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =.Realtek Semiconductor Corp
O4 - HKCU\..\Run: [Pando Media Booster] . (.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKLM\..\Wow6432Node\Run: [SuiteTray] . (.Egis Technology Inc. - SuiteTray.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
O4 - HKLM\..\Wow6432Node\Run: [EgisUpdate] . (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [EgisTecPMMUpdate] . (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [Hotkey Utility] . (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Wow6432Node\Run: [MDS_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [ArcadeMovieService] . (.CyberLink Corp. - Arcade Movie Resident Program.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe =.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [CanonQuickMenu] . (.CANON INC. - Canon Quick Menu.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-21-337464992-296471290-3356353711-1000\..\Run: [Pando Media Booster] . (.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
~ Application: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com
O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{77E05783-9DA1-425A-BBC3-9A5C89C94808}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{77E05783-9DA1-425A-BBC3-9A5C89C94808}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{77E05783-9DA1-425A-BBC3-9A5C89C94808}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Go for FilesUpdate] (...) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (.not file.) [0] =P2P.GoforFiles
[MD5.00000000000000000000000000000000] [APT] [{12057A87-6954-4D95-BCF4-1870896417FD}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2479915F-EC78-4E9B-8546-3DA8189B0AC6}] (...) -- C:\Program Files (x86)\Illusion Softworks\Hidden Dangerous 2\hd2.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{68583218-406A-44A9-8521-5D560795A2B7}] (...) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B9361F11-902B-4607-87BB-FC7FDF924331}] (...) -- C:\Program Files\Bohemia Interactive\ArmA\arma.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F31478B2-9672-4546-AB4F-D32E87AB604E}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) [0]
~ Scheduled Task: 26 Legitimates Filtered in 00mn 09s



---\\ HKCU HKLM Software Keys
[HKCU\Software\Pando Networks]
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\Pando Networks]
~ Key Software: 276 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/04/2012 - 23:15:41 - [7,234] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 16/07/2012 - 19:09:40 - [0,001] ----D C:\Users\Alatte\AppData\Local\reakktor
~ 1216 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1506 Legitimates Filtered in 00mn 53s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.6AE4CC76C5A7FDB989F6430A9E1CF80D] - 08/11/2013 - 17:45:40 ---A- . (...) -- C:\Windows\DirectX.log [28547]
O44 - LFC:[MD5.7F319E86085C6D5F50A48C3F4A1772AB] - 15/11/2013 - 20:26:47 ---A- . (...) -- C:\Windows\BlendSettings.ini [23]
~ Files: 85 Legitimates Filtered in 00mn 57s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{0b5ab857-893d-11e0-b816-806e6f6e6963}\AutoRun\command. (.Bethesda Softworks - Oblivion Launcher.) -- E:\OblivionLauncher.exe
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Overwolf [Key] . (.Overwolf - Overwolf.) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
~ SMSR Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.B8B7DF85909DE0E0DA5B8E1BF67EF033] - 06/03/2013 - 20:50:17 ---A- . (.Protect Software GmbH - ProtectDisc Filter Driver x64.) -- C:\Windows\System32\Drivers\acedrv10.sys [276480]
O58 - SDL:[MD5.CE4B6956E4E12492715A53076E58761F] - 09/11/2009 - 00:42:00 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16392]
~ Drivers: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 06/03/2013 - C:\Windows\system32\drivers\acedrv10.sys (acedrv10) .(.Protect Software GmbH - ProtectDisc Filter Driver x64.) - LEGACY_ACEDRV10
~ Legacy: 94 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- searches.com\?utm_source=butm_medium=s32utm_campaign=eXQutm_content=scfrom=s32uid=WDCXWD10EARS-22Y5B1_WD-WCAV5A19477494774ts=1381152335 C:\Program Files\Internet Explorer\iexplore.exe http://www.do =Hijacker.wwwDo
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.6ACBD475647D7A160657CB3E460F0F35] [SPRF][27/01/2010] (...) -- C:\ProgramData\FullRemove.exe [131472]
[MD5.7EFA501C050F35610A750928C8F246BE] [SPRF][07/10/2013] (...) -- C:\Users\Alatte\AppData\Roaming\wklnhst.dat [226]
[MD5.FC05CF5526BA0C9CCDEB02BB61503ED1] [SPRF][29/04/2013] (...) -- C:\Users\Alatte\Desktop\avira_free_antivirus_fr.exe [104833992]
~ Files: 6 Legitimates Filtered in 00mn 02s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "70140BF22CB7C94419A535B0925B0EEF" . (.UE3Redist.) -- C:\Windows\Installer\{2FB04107-7BC2-449C-915A-530B29B5E0FE}\ARPPRODUCTICON.exe
~ Update Products: 155 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.23E107196CB1CB6E66C5689C8EC06C1C] [WIS][02/07/2009] (.Nokia - PC Connectivity Solution.) -- C:\Windows\Installer\1516a1.msi [21368832]
~ WIS: 162 Legitimates Filtered in 00mn 24s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 14/11/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 24/07/2013 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 10/09/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 10/09/2013 108088 | (AntiVirService) . (.Avira Operations GmbH Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 28/08/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
SR - | Auto 15/12/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 15/12/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 28/03/2012 140456 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SR - | Auto 04/08/2013 2650960 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 30/10/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 01/02/2010 305520 | (MWLService) . (.Egis Technology Inc..) - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
SS - | Demand 22/08/2013 18360 | (OverwolfUpdaterService) . (.Overwolf Ltd.) - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 03/02/2010 244904 | (RichVideo) . (...) - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
SS - | Demand 11/11/2008 620544 | (ServiceLayer) . (.Nokia..) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 03/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 09/10/2013 565672 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 29/01/2010 243232 | (Updater Service) . (.Acer Group.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 09/12/2009 76320 | (USBS3S4Detection) . (...) - C:\OEM\USBDECTION\USBS3S4Detection.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 25s



---\\ Scan Additionnel (O88)
Database Version : 12965 - (02/11/2013)
Clés trouvées (Keys found) : 11
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar] =Toolbar.AskTBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce] =Adware.OpenCandy
~ Additionnel Scan: 320949 Items scanned in 00mn 33s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blo ... cker-wwwdo =Hijacker.wwwDo
~ http://nicolascoolman.webs.com/apps/blo ... oolbar-ask =Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blo ... -opencandy =Adware.OpenCandy
~ MSI: 3 link(s) detected in 00mn 33s



~ 2646 Legitimates filtered by white list
End of the scan (457 lines in 03mn 44s)(0)
Avatar du membre
par dav86
#76962
frst rapport
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2013
Ran by Alatte (administrator) on ALATTE-PC on 17-11-2013 11:37:57
Running from C:\Users\Alatte\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: French Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Avira Operations GmbH Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
() C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
(CybelSoft) C:\Program Files\ma-config.com\MaConfigAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Micro Application) C:\Program Files (x86)\Micro Application\LauncherMA.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
(Avira Operations GmbH Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9955872 2010-01-12] (Realtek Semiconductor)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-17] ()
MountPoints2: {0b5ab857-893d-11e0-b816-806e6f6e6963} - E:\OblivionLauncher.exe
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-25] (Egis Technology Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [563744 2010-03-26] ()
HKLM-x32\...\Run: [MDS_Menu] - C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [124136 2010-02-05] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-10] (Avira Operations GmbH Co. KG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-07-23] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-01-15] ()
HKU\sandrine\...\Run: [swg] - "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\sandrine\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\sandrine\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-01-17] ()
HKU\sandrine\...\Run: [Execution Control Services] - C:\Program Files (x86)\Windows Service\csrss32.exe
HKU\sandrine\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19604072 2013-06-03] (Skype Technologies S.A.)
Startup: C:\Users\Alatte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lanceur.lnk
ShortcutTarget: Lanceur.lnk - C:\Program Files (x86)\Micro Application\LauncherMA.exe (Micro Application)
Startup: C:\Users\Alatte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration .LNK
ShortcutTarget: Registration .LNK - C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Double Agent\support\Register\Reg.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearches.com/?utm_source=b ... 1381152335
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b ... 1381152335
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://search.chatzum.com/?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 212.27.40.241 212.27.40.240

FireFox:
========
FF ProfilePath: C:\Users\Alatte\AppData\Roaming\Mozilla\Firefox\Profiles\hl5cnu5x.default-1381266156581
FF Homepage: https://www.google.fr/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.7.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Alatte\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

Chrome
=======
CHR Extension: (Google Docs) - C:\Users\Alatte\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Alatte\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Alatte\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\Users\Alatte\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Chrome In-App Payments service) - C:\Users\Alatte\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (Gmail) - C:\Users\Alatte\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2
CHR HKLM-x32\...\Chrome\Extension: [injgpjnjaabcegnbloghlbboneidnjjl] - C:\Program Files (x86)\Windows Service\injgpjnjaabcegnbloghlbboneidnjjl.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-10] (Avira Operations GmbH Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-10] (Avira Operations GmbH Co. KG)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2650960 2013-08-04] (CybelSoft)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2013-09-04] ()
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-02-03] ()
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()

==================== Drivers (Whitelisted) ====================

R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [276480 2013-03-06] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [246360 2013-03-06] (Protect Software GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-10] (Avira Operations GmbH Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-10] (Avira Operations GmbH Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-04-29] (Avira Operations GmbH Co. KG)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-02-04] (Devguru Co., Ltd)
S3 driverhardwarev2x64; C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys [16640 2011-07-21] (CybelSoft)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [128000 2010-01-20] (MCCI Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys == MD5 is legit
C:\Windows\system32\drivers\acedrv10.sys B8B7DF85909DE0E0DA5B8E1BF67EF033
C:\Windows\system32\drivers\acehlp10.sys E84DE7CD4CBCE0D9A03BD095AD1480B1
C:\Windows\System32\drivers\ACPI.sys == MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys == MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys == MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys == MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys == MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys == MD5 is legit
C:\Windows\system32\drivers\aliide.sys == MD5 is legit
C:\Windows\system32\drivers\amdide.sys == MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys == MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys D87900C55B1199E533C80A05C94C098F
C:\Windows\System32\DRIVERS\atikmpag.sys 817E188279A3FFB2A1C8CEDDC744E4F2
C:\Windows\system32\DRIVERS\amdppm.sys == MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys == MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys == MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys == MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys == MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys == MD5 is legit
C:\Windows\System32\drivers\atapi.sys == MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 37CB595C0AB20ECBFA5170D3185690DB
C:\Windows\System32\drivers\AtiHdmi.sys 77C149E6D702737B2E372DEE166FAEF8
C:\Windows\System32\DRIVERS\avgntflt.sys 0D5C96FD25D6455D97A5C4D7706DFAB1
C:\Windows\System32\DRIVERS\avipbb.sys E26B3C8E9C3DDE047B32C5719955D715
C:\Windows\System32\DRIVERS\avkmgr.sys 490FA25161BF3E51993EB724ECF0ACEB
C:\Windows\system32\DRIVERS\bxvbda.sys == MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys == MD5 is legit
C:\Windows\System32\Drivers\Beep.sys == MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys == MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys == MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys == MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys == MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys == MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys == MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys == MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys == MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys == MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys == MD5 is legit
C:\Windows\system32\drivers\cdrom.sys == MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys == MD5 is legit
C:\Windows\System32\CLFS.sys == MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys == MD5 is legit
C:\Windows\system32\drivers\cmdide.sys == MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\DRIVERS\compbatt.sys == MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys == MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys == MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys == MD5 is legit
C:\Windows\System32\drivers\dgderdrv.sys 316C47F51F7D7EC67651802470CF3F6B
C:\Windows\System32\drivers\discache.sys == MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys == MD5 is legit
C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys B28C853770C995552B9F5760D8245F44
C:\Windows\System32\drivers\drmkaud.sys == MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys == MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys == MD5 is legit
C:\Windows\system32\drivers\errdev.sys == MD5 is legit
C:\Windows\System32\Drivers\exfat.sys == MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys == MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys == MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys == MD5 is legit
C:\Windows\System32\drivers\filetrace.sys == MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys == MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys == MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys == MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys == MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys == MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys == MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys == MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys == MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys == MD5 is legit
C:\Windows\system32\drivers\hidusb.sys == MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys == MD5 is legit
C:\Windows\System32\drivers\HTTP.sys == MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys == MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys == MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys BF5442DC14608D18949DC83DE37E667A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys == MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 6FECEB88CBB6E761E9194F5711F02102
C:\Windows\system32\drivers\intelide.sys == MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys == MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys == MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys == MD5 is legit
C:\Windows\System32\drivers\ipnat.sys == MD5 is legit
C:\Windows\System32\drivers\irenum.sys == MD5 is legit
C:\Windows\system32\drivers\isapnp.sys == MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys == MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys == MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys == MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys == MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys == MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys == MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys == MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys == MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys == MD5 is legit
C:\Windows\system32\drivers\luafv.sys == MD5 is legit
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\DRIVERS\megasas.sys == MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys == MD5 is legit
C:\Windows\System32\drivers\modem.sys == MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys == MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys == MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys == MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys == MD5 is legit
C:\Windows\system32\drivers\mpio.sys == MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys == MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys == MD5 is legit
C:\Windows\system32\drivers\msdsm.sys == MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys == MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys == MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys == MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys == MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys == MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys == MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys == MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys == MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys == MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys == MD5 is legit
C:\Windows\System32\Drivers\mup.sys == MD5 is legit
C:\Windows\System32\DRIVERS\mwlPSDFilter.sys 6FFECC25B39DC7652A0CEC0ADA9DB589
C:\Windows\System32\DRIVERS\mwlPSDNServ.sys 0BEFE32CA56D6EE89D58175725596A85
C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys D43BC633B8660463E446E28E14A51262
C:\Windows\System32\DRIVERS\nwifi.sys == MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys == MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys == MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys == MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys == MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys == MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys == MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys == MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys == MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys == MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys == MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys == MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys == MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys == MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys == MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys == MD5 is legit
C:\Windows\system32\drivers\pciide.sys == MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys == MD5 is legit
C:\Windows\System32\drivers\pcw.sys == MD5 is legit
C:\Windows\System32\drivers\peauth.sys == MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys == MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys == MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys == MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys == MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys == MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys == MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys == MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys == MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys == MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys == MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys == MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys == MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys == MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys == MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys == MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys == MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys == MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys == MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A
C:\Windows\system32\drivers\sbp2port.sys == MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys == MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys == MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys == MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys == MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys == MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys == MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys == MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys == MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys == MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys == MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys == MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys == MD5 is legit
C:\Windows\System32\Drivers\spldr.sys == MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ss_bbus.sys EF806D212D34B0E173BAEB3564D53E37
C:\Windows\System32\DRIVERS\ss_bmdfl.sys 08B1B34ABEBEB6AC2DEA06900C56411E
C:\Windows\System32\DRIVERS\ss_bmdm.sys 71A9DA6BEAA4CB54DFB827FB78600A5D
C:\Windows\System32\DRIVERS\ss_bserd.sys 677CDC98F8363ACCAAE783FDE1599C2A
C:\Windows\system32\DRIVERS\stexstor.sys == MD5 is legit
C:\Windows\system32\drivers\swenum.sys == MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys == MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys == MD5 is legit
C:\Windows\system32\drivers\termdd.sys == MD5 is legit
C:\Windows\System32\Drivers\TFsExDisk.sys CE4B6956E4E12492715A53076E58761F
C:\Windows\SysWow64\Drivers\TFsExDisk.sys CE4B6956E4E12492715A53076E58761F
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\System32\DRIVERS\tunnel.sys == MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys == MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys == MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys == MD5 is legit
C:\Windows\system32\drivers\umbus.sys == MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys == MD5 is legit
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 311C1DD1088E55BEAE15954D17F50646
C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F
C:\Windows\system32\drivers\usbohci.sys 9406D801042FAF859CF81B2C886413DC
C:\Windows\System32\DRIVERS\usbprint.sys == MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471
C:\Windows\system32\drivers\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\drivers\vdrvroot.sys == MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys == MD5 is legit
C:\Windows\System32\drivers\vga.sys == MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys == MD5 is legit
C:\Windows\system32\drivers\viaide.sys == MD5 is legit
C:\Windows\System32\drivers\volmgr.sys == MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys == MD5 is legit
C:\Windows\System32\drivers\volsnap.sys == MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys == MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys == MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys == MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys == MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys == MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys == MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys == MD5 is legit
C:\Windows\System32\drivers\wimmount.sys == MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys == MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys == MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys == MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-17 11:31 - 2013-11-17 11:31 - 00034672 _____ C:\Users\Alatte\Desktop\ZHPDiag.txt
2013-11-17 11:24 - 2013-11-17 11:24 - 00001144 _____ C:\Users\Alatte\Desktop\FRST64 - Raccourci.lnk
2013-11-17 11:18 - 2013-11-17 11:19 - 01958236 _____ (Farbar) C:\Users\Alatte\Downloads\FRST64.exe
2013-11-17 10:59 - 2013-11-17 10:59 - 00029841 _____ C:\Users\Alatte\Downloads\fixlist1.txt
2013-11-15 17:30 - 2013-11-15 17:30 - 442319352 _____ C:\Windows\MEMORY.DMP
2013-11-15 17:30 - 2013-11-15 17:30 - 00262144 _____ C:\Windows\Minidump\111513-23696-01.dmp
2013-11-15 17:30 - 2013-11-15 17:30 - 00000000 ____D C:\Windows\Minidump
2013-11-15 16:59 - 2013-11-15 16:59 - 104401821 _____ C:\Windows\SysWOW64\︈憫‹
2013-11-15 02:45 - 2013-11-15 02:46 - 00384336 _____ C:\Users\Alatte\Downloads\rdv cap emploi.htm
2013-11-15 02:45 - 2013-11-15 02:46 - 00000000 ____D C:\Users\Alatte\Downloads\rdv cap emploi_fichiers
2013-11-14 18:40 - 2013-11-14 18:40 - 05033795 _____ C:\Users\Alatte\Downloads\Oblivion_v1.2.0416French.exe
2013-11-13 22:03 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 22:03 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 22:03 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 22:03 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 22:03 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 22:03 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 22:03 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 22:03 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 22:03 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 22:03 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 22:03 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 22:03 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 22:03 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 22:03 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 22:03 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 22:03 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 22:03 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 22:03 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 22:03 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 22:03 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 22:03 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 22:03 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 22:03 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 22:03 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 22:03 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 22:03 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 22:03 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 22:03 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 22:03 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 22:03 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 22:03 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 12:00 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 12:00 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 12:00 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 12:00 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 12:00 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 12:00 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 12:00 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 12:00 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 12:00 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 12:00 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 12:00 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 12:00 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 12:00 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 12:00 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 12:00 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 12:00 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 12:00 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 12:00 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 12:00 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 12:00 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 12:00 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 12:00 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 12:00 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 12:00 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 12:00 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 12:00 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 12:00 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 12:00 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 12:00 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 12:00 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-09 11:15 - 2013-11-17 11:10 - 00030434 _____ C:\Users\Alatte\Desktop\fixlist.txt
2013-11-08 17:50 - 2013-11-08 17:50 - 00002168 _____ C:\Users\Public\Desktop\Oblivion.lnk
2013-11-08 17:45 - 2013-11-08 17:45 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2013-11-08 17:44 - 2013-11-08 17:45 - 00028547 _____ C:\Windows\DirectX.log
2013-11-08 17:24 - 2013-11-17 10:41 - 00001344 _____ C:\Windows\setupact.log
2013-11-08 17:24 - 2013-11-08 17:24 - 00000000 _____ C:\Windows\setuperr.log
2013-11-07 15:32 - 2013-11-12 13:29 - 00000242 _____ C:\Users\Alatte\Downloads\Search.txt
2013-11-07 00:46 - 2013-11-07 00:46 - 00000000 ____D C:\Users\Alatte\Documents\IAmAlive
2013-11-06 16:11 - 2013-11-17 11:38 - 00031936 _____ C:\Users\Alatte\Downloads\FRST.txt
2013-11-06 16:10 - 2013-11-06 16:11 - 00029841 _____ C:\Users\Alatte\Downloads\Addition.txt
2013-11-06 16:08 - 2013-11-06 16:08 - 00000000 ____D C:\FRST
2013-11-05 17:17 - 2013-11-05 17:17 - 105048247 _____ C:\Windows\SysWOW64\ᚄ䬼“
2013-11-02 14:44 - 2013-11-02 14:44 - 00001991 _____ C:\Users\Alatte\Desktop\ZHPFix.lnk
2013-11-02 14:44 - 2013-11-02 14:44 - 00001864 _____ C:\Users\Alatte\Desktop\ZHPDiag.lnk
2013-11-02 14:41 - 2013-11-02 14:41 - 06846290 _____ (Nicolas Coolman ) C:\Users\Alatte\Downloads\ZHPDiag2(2).exe
2013-11-02 14:27 - 2013-11-02 14:27 - 06846290 _____ (Nicolas Coolman ) C:\Users\Alatte\Downloads\ZHPDiag2(1).exe
2013-11-02 00:55 - 2013-11-02 00:55 - 01603739 _____ C:\Users\Alatte\Documents\insulte ak47 bgo.odt
2013-11-01 19:28 - 2013-11-01 19:35 - 00010367 _____ C:\Users\Alatte\Documents\mon objectif david 2.odt
2013-11-01 15:40 - 2013-11-01 15:40 - 00000000 ____D C:\Users\Alatte\AppData\Roaming\Apple Computer
2013-11-01 15:40 - 2013-11-01 15:40 - 00000000 ____D C:\Users\Alatte\AppData\Local\Apple Computer
2013-11-01 15:40 - 2013-11-01 15:40 - 00000000 ____D C:\ProgramData\Unity
2013-11-01 15:35 - 2013-11-01 15:35 - 00001124 _____ C:\Users\Public\Desktop\Unity.lnk
2013-11-01 15:35 - 2013-11-01 15:35 - 00000000 ____D C:\Users\Public\Documents\Unity Projects
2013-11-01 15:31 - 2013-11-01 15:36 - 00000000 ____D C:\Program Files (x86)\Unity
2013-10-31 15:22 - 2013-10-31 15:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Alatte\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-10-30 12:41 - 2013-10-30 12:41 - 00000413 _____ C:\rapport.txt
2013-10-30 12:41 - 2013-10-30 12:41 - 00000000 ____D C:\Shortcut_Module
2013-10-30 12:40 - 2013-10-30 12:40 - 00488305 _____ C:\Users\Alatte\Downloads\Shortcut_Module.exe
2013-10-30 12:22 - 2013-10-30 12:22 - 00000000 ____D C:\_OTM
2013-10-30 12:21 - 2013-10-30 12:21 - 00001109 _____ C:\Users\Alatte\Desktop\OTM - Raccourci.lnk
2013-10-30 11:59 - 2013-10-30 11:59 - 00522240 _____ (OldTimer Tools) C:\Users\Alatte\Downloads\OTM.exe
2013-10-29 19:40 - 2013-10-29 20:37 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2013-10-29 19:39 - 2013-10-29 19:39 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-10-29 11:55 - 2013-11-05 17:47 - 00000685 _____ C:\Users\Alatte\Desktop\ZHPFixReport.txt
2013-10-28 19:23 - 2013-11-01 19:20 - 01732305 _____ C:\Users\Alatte\Documents\mon objectif david.odt
2013-10-25 18:21 - 2013-10-25 19:14 - 00014888 _____ C:\Users\Alatte\Documents\planing boulo sandrine.ods
2013-10-25 12:54 - 2013-10-25 12:54 - 00002966 _____ C:\Windows\System32\Tasks\{F220AC26-E100-4496-A061-1E0AF60B060C}
2013-10-19 01:27 - 2013-10-19 01:26 - 00648160 _____ (Unity Technologies ApS) C:\Users\Alatte\Downloads\UnityWebPlayer(3).exe
2013-10-19 01:15 - 2013-10-19 01:15 - 00648160 _____ (Unity Technologies ApS) C:\Users\Alatte\Downloads\UnityWebPlayer(2).exe
2013-10-18 21:28 - 2013-10-18 21:28 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-18 21:28 - 2013-10-18 21:28 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-18 21:28 - 2013-10-18 21:28 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-18 21:28 - 2013-10-18 21:28 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-18 21:28 - 2013-10-18 21:28 - 00000000 ____D C:\ProgramData\Oracle
2013-10-18 21:28 - 2013-10-18 21:28 - 00000000 ____D C:\Program Files (x86)\Java

==================== One Month Modified Files and Folders =======

2013-11-17 11:38 - 2013-11-06 16:11 - 00031936 _____ C:\Users\Alatte\Downloads\FRST.txt
2013-11-17 11:36 - 2011-12-15 19:30 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-17 11:33 - 2013-10-13 13:58 - 00000000 ____D C:\Users\Alatte\AppData\Roaming\ZHP
2013-11-17 11:33 - 2009-07-14 05:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-17 11:33 - 2009-07-14 05:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-17 11:31 - 2013-11-17 11:31 - 00034672 _____ C:\Users\Alatte\Desktop\ZHPDiag.txt
2013-11-17 11:27 - 2013-10-13 13:58 - 00000000 ____D C:\Program Files (x86)\ZHPDiag
2013-11-17 11:27 - 2012-04-11 23:15 - 00000000 ____D C:\Users\Alatte\AppData\Local\PMB Files
2013-11-17 11:24 - 2013-11-17 11:24 - 00001144 _____ C:\Users\Alatte\Desktop\FRST64 - Raccourci.lnk
2013-11-17 11:19 - 2013-11-17 11:18 - 01958236 _____ (Farbar) C:\Users\Alatte\Downloads\FRST64.exe
2013-11-17 11:19 - 2013-10-01 01:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 11:10 - 2013-11-09 11:15 - 00030434 _____ C:\Users\Alatte\Desktop\fixlist.txt
2013-11-17 10:59 - 2013-11-17 10:59 - 00029841 _____ C:\Users\Alatte\Downloads\fixlist1.txt
2013-11-17 10:52 - 2013-03-17 21:49 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-17 10:46 - 2013-08-18 21:41 - 01090719 _____ C:\Windows\WindowsUpdate.log
2013-11-17 10:41 - 2013-11-08 17:24 - 00001344 _____ C:\Windows\setupact.log
2013-11-17 10:41 - 2012-11-08 15:57 - 00000095 _____ C:\Users\Alatte\.accessibility.properties
2013-11-17 10:41 - 2011-12-15 19:30 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-17 10:41 - 2011-05-20 08:14 - 00000000 ____D C:\Users\Alatte
2013-11-17 10:41 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-16 22:22 - 2013-02-24 20:07 - 00000000 ____D C:\Users\sandrine\AppData\Local\PMB Files
2013-11-15 20:26 - 2013-03-22 19:40 - 00000023 _____ C:\Windows\BlendSettings.ini
2013-11-15 17:30 - 2013-11-15 17:30 - 442319352 _____ C:\Windows\MEMORY.DMP
2013-11-15 17:30 - 2013-11-15 17:30 - 00262144 _____ C:\Windows\Minidump\111513-23696-01.dmp
2013-11-15 17:30 - 2013-11-15 17:30 - 00000000 ____D C:\Windows\Minidump
2013-11-15 16:59 - 2013-11-15 16:59 - 104401821 _____ C:\Windows\SysWOW64\︈憫‹
2013-11-15 02:46 - 2013-11-15 02:45 - 00384336 _____ C:\Users\Alatte\Downloads\rdv cap emploi.htm
2013-11-15 02:46 - 2013-11-15 02:45 - 00000000 ____D C:\Users\Alatte\Downloads\rdv cap emploi_fichiers
2013-11-15 02:44 - 2013-09-10 15:16 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-11-14 18:42 - 2011-06-02 15:45 - 00000000 ____D C:\Users\Alatte\AppData\Local\Adobe
2013-11-14 18:40 - 2013-11-14 18:40 - 05033795 _____ C:\Users\Alatte\Downloads\Oblivion_v1.2.0416French.exe
2013-11-14 18:33 - 2013-03-17 21:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-14 18:33 - 2013-03-17 21:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-14 18:33 - 2013-03-17 21:49 - 00003940 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-13 23:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 22:14 - 2010-03-20 00:43 - 00000000 ____D C:\Windows\Panther
2013-11-13 22:03 - 2010-03-20 00:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 22:02 - 2013-08-15 14:10 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 22:00 - 2011-05-20 09:30 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-12 13:29 - 2013-11-07 15:32 - 00000242 _____ C:\Users\Alatte\Downloads\Search.txt
2013-11-08 18:11 - 2010-03-19 23:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-08 18:08 - 2013-03-21 14:33 - 00000000 ____D C:\Users\Alatte\AppData\Local\Oblivion
2013-11-08 17:50 - 2013-11-08 17:50 - 00002168 _____ C:\Users\Public\Desktop\Oblivion.lnk
2013-11-08 17:45 - 2013-11-08 17:45 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2013-11-08 17:45 - 2013-11-08 17:44 - 00028547 _____ C:\Windows\DirectX.log
2013-11-08 17:34 - 2011-05-29 02:32 - 00000000 ____D C:\Users\Alatte\Documents\My Games
2013-11-08 17:33 - 2011-06-20 23:24 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2013-11-08 17:24 - 2013-11-08 17:24 - 00000000 _____ C:\Windows\setuperr.log
2013-11-07 00:46 - 2013-11-07 00:46 - 00000000 ____D C:\Users\Alatte\Documents\IAmAlive
2013-11-06 16:31 - 2011-05-29 00:45 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-06 16:11 - 2013-11-06 16:10 - 00029841 _____ C:\Users\Alatte\Downloads\Addition.txt
2013-11-06 16:08 - 2013-11-06 16:08 - 00000000 ____D C:\FRST
2013-11-05 17:47 - 2013-10-29 11:55 - 00000685 _____ C:\Users\Alatte\Desktop\ZHPFixReport.txt
2013-11-05 17:17 - 2013-11-05 17:17 - 105048247 _____ C:\Windows\SysWOW64\ᚄ䬼“
2013-11-03 21:53 - 2011-05-20 17:57 - 00749116 _____ C:\Windows\system32\perfh00C.dat
2013-11-03 21:53 - 2011-05-20 17:57 - 00151640 _____ C:\Windows\system32\perfc00C.dat
2013-11-03 21:53 - 2009-07-14 06:13 - 01674240 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-03 00:32 - 2009-07-14 06:08 - 00032482 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-02 14:44 - 2013-11-02 14:44 - 00001991 _____ C:\Users\Alatte\Desktop\ZHPFix.lnk
2013-11-02 14:44 - 2013-11-02 14:44 - 00001864 _____ C:\Users\Alatte\Desktop\ZHPDiag.lnk
2013-11-02 14:41 - 2013-11-02 14:41 - 06846290 _____ (Nicolas Coolman ) C:\Users\Alatte\Downloads\ZHPDiag2(2).exe
2013-11-02 14:27 - 2013-11-02 14:27 - 06846290 _____ (Nicolas Coolman ) C:\Users\Alatte\Downloads\ZHPDiag2(1).exe
2013-11-02 14:23 - 2013-01-19 01:50 - 00000000 ____D C:\Fraps
2013-11-02 00:55 - 2013-11-02 00:55 - 01603739 _____ C:\Users\Alatte\Documents\insulte ak47 bgo.odt
2013-11-01 19:35 - 2013-11-01 19:28 - 00010367 _____ C:\Users\Alatte\Documents\mon objectif david 2.odt
2013-11-01 19:20 - 2013-10-28 19:23 - 01732305 _____ C:\Users\Alatte\Documents\mon objectif david.odt
2013-11-01 15:40 - 2013-11-01 15:40 - 00000000 ____D C:\Users\Alatte\AppData\Roaming\Apple Computer
2013-11-01 15:40 - 2013-11-01 15:40 - 00000000 ____D C:\Users\Alatte\AppData\Local\Apple Computer
2013-11-01 15:40 - 2013-11-01 15:40 - 00000000 ____D C:\ProgramData\Unity
2013-11-01 15:40 - 2012-02-08 08:16 - 00000000 ____D C:\Users\Alatte\AppData\Local\Unity
2013-11-01 15:36 - 2013-11-01 15:31 - 00000000 ____D C:\Program Files (x86)\Unity
2013-11-01 15:35 - 2013-11-01 15:35 - 00001124 _____ C:\Users\Public\Desktop\Unity.lnk
2013-11-01 15:35 - 2013-11-01 15:35 - 00000000 ____D C:\Users\Public\Documents\Unity Projects
2013-10-31 16:36 - 2013-10-14 16:34 - 00004670 _____ C:\Users\Alatte\Desktop\malwarebytes.txt
2013-10-31 15:24 - 2013-10-14 15:15 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-31 15:24 - 2013-10-14 15:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-31 15:22 - 2013-10-31 15:22 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Alatte\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-10-30 17:04 - 2012-11-23 01:04 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-30 12:41 - 2013-10-30 12:41 - 00000413 _____ C:\rapport.txt
2013-10-30 12:41 - 2013-10-30 12:41 - 00000000 ____D C:\Shortcut_Module
2013-10-30 12:40 - 2013-10-30 12:40 - 00488305 _____ C:\Users\Alatte\Downloads\Shortcut_Module.exe
2013-10-30 12:22 - 2013-10-30 12:22 - 00000000 ____D C:\_OTM
2013-10-30 12:21 - 2013-10-30 12:21 - 00001109 _____ C:\Users\Alatte\Desktop\OTM - Raccourci.lnk
2013-10-30 11:59 - 2013-10-30 11:59 - 00522240 _____ (OldTimer Tools) C:\Users\Alatte\Downloads\OTM.exe
2013-10-29 20:37 - 2013-10-29 19:40 - 00000000 ___HD C:\ProgramData\CanonIJMIG
2013-10-29 19:51 - 2013-09-24 15:57 - 00000000 ____D C:\Games
2013-10-29 19:39 - 2013-10-29 19:39 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-10-29 19:39 - 2013-09-10 15:15 - 00000000 ____D C:\Users\Alatte\AppData\Roaming\Canon
2013-10-25 19:14 - 2013-10-25 18:21 - 00014888 _____ C:\Users\Alatte\Documents\planing boulo sandrine.ods
2013-10-25 12:54 - 2013-10-25 12:54 - 00002966 _____ C:\Windows\System32\Tasks\{F220AC26-E100-4496-A061-1E0AF60B060C}
2013-10-25 12:42 - 2013-10-16 19:01 - 00001152 _____ C:\Users\Public\Desktop\chrome.exe.lnk
2013-10-25 12:42 - 2013-10-16 19:01 - 00000992 _____ C:\Users\Alatte\Desktop\iexplore.exe.lnk
2013-10-25 12:42 - 2013-10-16 19:01 - 00000975 _____ C:\Users\Public\Desktop\firefox.exe.lnk
2013-10-25 12:42 - 2013-10-16 19:01 - 00000799 _____ C:\Users\Alatte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iexplore.exe.lnk
2013-10-19 01:26 - 2013-10-19 01:27 - 00648160 _____ (Unity Technologies ApS) C:\Users\Alatte\Downloads\UnityWebPlayer(3).exe
2013-10-19 01:15 - 2013-10-19 01:15 - 00648160 _____ (Unity Technologies ApS) C:\Users\Alatte\Downloads\UnityWebPlayer(2).exe
2013-10-18 21:28 - 2013-10-18 21:28 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-18 21:28 - 2013-10-18 21:28 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-18 21:28 - 2013-10-18 21:28 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-18 21:28 - 2013-10-18 21:28 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-18 21:28 - 2013-10-18 21:28 - 00000000 ____D C:\ProgramData\Oracle
2013-10-18 21:28 - 2013-10-18 21:28 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-18 14:37 - 2012-03-15 15:26 - 00000000 ____D C:\Users\sandrine\AppData\Local\Mozilla

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.764.dll


==================== Bamital volsnap Check =================

C:\Windows\System32\winlogon.exe = MD5 is legit
C:\Windows\System32\wininit.exe = MD5 is legit
C:\Windows\SysWOW64\wininit.exe = MD5 is legit
C:\Windows\explorer.exe = MD5 is legit
C:\Windows\SysWOW64\explorer.exe = MD5 is legit
C:\Windows\System32\svchost.exe = MD5 is legit
C:\Windows\SysWOW64\svchost.exe = MD5 is legit
C:\Windows\System32\services.exe = MD5 is legit
C:\Windows\System32\User32.dll = MD5 is legit
C:\Windows\SysWOW64\User32.dll = MD5 is legit
C:\Windows\System32\userinit.exe = MD5 is legit
C:\Windows\SysWOW64\userinit.exe = MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys = MD5 is legit

==================== BCD ================================

Gestionnaire de d‚marrage Windows
---------------------------------
identificateur {bootmgr}
device partition=\Device\HarddiskVolume2
description Windows Boot Manager
locale fr-FR
inherit {globalsettings}
default {current}
resumeobject {2689c5d4-8301-11e0-9c6e-c8d60a84e938}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Chargeur de d‚marrage Windows
-----------------------------
identificateur {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale fr-FR
inherit {bootloadersettings}
recoverysequence {2689c5d6-8301-11e0-9c6e-c8d60a84e938}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {2689c5d4-8301-11e0-9c6e-c8d60a84e938}
nx OptIn

Chargeur de d‚marrage Windows
-----------------------------
identificateur {2689c5d6-8301-11e0-9c6e-c8d60a84e938}
device ramdisk=[C:]\Recovery\2689c5d6-8301-11e0-9c6e-c8d60a84e938\Winre.wim,{2689c5d7-8301-11e0-9c6e-c8d60a84e938}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\2689c5d6-8301-11e0-9c6e-c8d60a84e938\Winre.wim,{2689c5d7-8301-11e0-9c6e-c8d60a84e938}
systemroot \windows
nx OptIn
winpe Yes

Reprendre … partir de la mise en veille prolong‚e
-------------------------------------------------
identificateur {2689c5d4-8301-11e0-9c6e-c8d60a84e938}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale fr-FR
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Testeur de m‚moire Windows
--------------------------
identificateur {memdiag}
device partition=\Device\HarddiskVolume2
path \boot\memtest.exe
description Windows Memory Diagnostic
locale fr-FR
inherit {globalsettings}
badmemoryaccess Yes

ParamŠtres EMS
--------------
identificateur {emssettings}
bootems Yes

ParamŠtres du d‚bogueur
-----------------------
identificateur {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

Erreurs de m‚moire RAM
----------------------
identificateur {badmemory}

ParamŠtres globaux
------------------
identificateur {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

ParamŠtres du chargeur de d‚marrage
-----------------------------------
identificateur {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

ParamŠtres de l'hyperviseur
-------------------
identificateur {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

ParamŠtres du chargeur de reprise
---------------------------------
identificateur {resumeloadersettings}
inherit {globalsettings}

Options de p‚riph‚rique
-----------------------
identificateur {2689c5d7-8301-11e0-9c6e-c8d60a84e938}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\2689c5d6-8301-11e0-9c6e-c8d60a84e938\boot.sdi



LastRegBack: 2013-11-10 21:53

==================== End Of Log ============================
Avatar du membre
par dav86
#76964
et je te met aussi fichier addition de frst
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2013
Ran by Alatte at 2013-11-17 11:38:57
Running from C:\Users\Alatte\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (x32)
Acer Arcade Deluxe (x32 Version: 4.1.7405)
Acer Arcade Movie (x32 Version: 9.0.6205)
Acer eRecovery Management (x32 Version: 4.05.3007)
Acer GameZone Console (x32 Version: 6.1.0.2)
Acer Registration (x32 Version: 1.02.3006)
Acer ScreenSaver (x32 Version: 1.1.0318.2010)
Acer Updater (x32 Version: 1.02.3001)
Acrobat.com (x32 Version: 1.6.65)
Adobe Acrobat 5.0 (x32 Version: 5.0)
Adobe AIR (x32 Version: 3.7.0.1530)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Reader XI (11.0.05) - Français (x32 Version: 11.0.05)
AirRivals (x32)
AMD Accelerated Video Transcoding (Version: 13.20.100.30723)
AMD Catalyst Control Center (x32 Version: 2013.0723.1944.33607)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.80723.2017)
AMD Wireless Display v3.0 (Version: 1.0.0.13)
Assassin's Creed(R) III v1.05 (x32 Version: 1.05)
ATI AVIVO64 Codecs (Version: 10.12.0.00225)
Avira Free Antivirus (x32 Version: 13.0.0.4042)
Canon Easy-WebPrint EX (x32 Version: 1.3.5.0)
Canon IJ Scan Utility (x32)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32 Version: 4.0.0)
Canon MP230 series MP Drivers (Version: 1.00)
Canon MP230 series On-screen Manual (x32 Version: 7.5.0)
Canon My Image Garden (x32 Version: 1.0.0)
Canon My Image Garden Design Files (x32 Version: 1.0.0)
Canon My Printer (x32 Version: 3.0.0)
Canon Quick Menu (x32 Version: 2.0.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0723.1944.33607)
Catalyst Control Center InstallProxy (x32 Version: 2010.0225.1742.31671)
Catalyst Control Center InstallProxy (x32 Version: 2013.0723.1944.33607)
Catalyst Control Center Localization All (x32 Version: 2013.0723.1944.33607)
CCC Help Chinese Standard (x32 Version: 2013.0723.1943.33607)
CCC Help Chinese Traditional (x32 Version: 2013.0723.1943.33607)
CCC Help Czech (x32 Version: 2013.0723.1943.33607)
CCC Help Danish (x32 Version: 2013.0723.1943.33607)
CCC Help Dutch (x32 Version: 2013.0723.1943.33607)
CCC Help English (x32 Version: 2013.0723.1943.33607)
CCC Help Finnish (x32 Version: 2013.0723.1943.33607)
CCC Help French (x32 Version: 2013.0723.1943.33607)
CCC Help German (x32 Version: 2013.0723.1943.33607)
CCC Help Greek (x32 Version: 2013.0723.1943.33607)
CCC Help Hungarian (x32 Version: 2013.0723.1943.33607)
CCC Help Italian (x32 Version: 2013.0723.1943.33607)
CCC Help Japanese (x32 Version: 2013.0723.1943.33607)
CCC Help Korean (x32 Version: 2013.0723.1943.33607)
CCC Help Norwegian (x32 Version: 2013.0723.1943.33607)
CCC Help Polish (x32 Version: 2013.0723.1943.33607)
CCC Help Portuguese (x32 Version: 2013.0723.1943.33607)
CCC Help Russian (x32 Version: 2013.0723.1943.33607)
CCC Help Spanish (x32 Version: 2013.0723.1943.33607)
CCC Help Swedish (x32 Version: 2013.0723.1943.33607)
CCC Help Thai (x32 Version: 2013.0723.1943.33607)
CCC Help Turkish (x32 Version: 2013.0723.1943.33607)
ccc-utility64 (Version: 2013.0723.1944.33607)
CCleaner (Version: 3.20)
D3DX10 (x32 Version: 15.4.2368.0902)
EAX4 Unified Redist (x32 Version: 4.001)
Enregistrement utilisateur de Canon MP230 series (x32)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
GameSpy Arcade (x32)
Ghost Recon Online (EU) (HKCU Version: 1.34.1166.2)
Google Chrome (x32 Version: 31.0.1650.57)
Hotkey Utility (x32 Version: 2.05.3003)
Identity Card (x32 Version: 1.00.3003)
ImagXpress (x32 Version: 7.0.74.0)
Java 7 Update 45 (x32 Version: 7.0.450)
Java 7 Update 7 (64-bit) (Version: 7.0.70)
Java Auto Updater (x32 Version: 2.1.9.8)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
LauncherMA (x32 Version: 1.00.0000)
Ma-Config.com (64 bits) (Version: 7.0.149)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MediaShow Espresso (x32 Version: 5.5.1403_23691)
Microsoft .NET Framework 4 Client Profile FRA Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Language Pack 2007 - French/Français (x32 Version: 12.0.6612.1000)
Microsoft Office O MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (French) (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Arabic) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Dutch) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (French) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32)
Microsoft Office SharePoint Designer MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office X MUI (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Works (x32 Version: 9.7.0621)
Mise à jour Microsoft Office Excel 2007 Help (KB963678) (x32)
Mise à jour Microsoft Office Outlook 2007 Help (KB963677) (x32)
Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Mise à jour Microsoft Office Word 2007 Help (KB963665) (x32)
Module de compatibilité pour Microsoft Office System 2007 (x32 Version: 12.0.6612.1000)
Module linguistique Microsoft .NET Framework 4 Client Profile FRA (Version: 4.0.30320)
Mozilla Firefox 25.0 (x86 fr) (x32 Version: 25.0)
Mozilla Maintenance Service (x32 Version: 25.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT Redists (x32 Version: 1.0)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyTomTom 3.2.0.802 (x32 Version: 3.2.0.802)
MyWinLocker (x32 Version: 3.1.206.0)
MyWinLocker Suite (x32 Version: 3.1.206.0)
neroxml (x32 Version: 1.0.0)
NVIDIA Drivers
NVIDIA PhysX (x32 Version: 9.10.0513)
Oblivion - Horse Armor Pack (x32 Version: 1.00.0000)
Oblivion - Mehrunes Razor (x32 Version: 1.00.0000)
Oblivion - Orrery (x32 Version: 1.00.0000)
Oblivion - Spell Tomes (x32 Version: 1.00.0000)
Oblivion - Thieves Den (x32 Version: 1.00.0000)
Oblivion - Vile Lair (x32 Version: 1.00.0000)
Oblivion - Wizard's Tower (x32 Version: 1.00.0000)
Oblivion (x32 Version: 1.00.0000)
OpenOffice 4.0.0 (x32 Version: 4.00.9702)
Origin (x32 Version: 9.2.1.4399)
Overwolf (x32 Version: 0.44.256)
Paint.NET v3.5.10 (Version: 3.60.0)
Pando Media Booster (x32 Version: 2.6.0.8)
PC Connectivity Solution (x32 Version: 8.47.7.0)
ProtectDisc Helper Driver 10 (x32 Version: 10.0.0.1)
PunkBuster Services (x32 Version: 0.991)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.17.304.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6024)
Shredder (Version: 2.0.5.0)
Shredder (x32 Version: 2.0.5.0)
Skype™ 6.5 (x32 Version: 6.5.158)
Star Conflict (x32)
Star Trek Online (x32)
Steam (x32 Version: 1.0.0.0)
swMSM (x32 Version: 12.0.0.1)
TeamSpeak 3 Client (x32 Version: 3.0.13)
UE3Redist (x32 Version: 1.00.0000)
Unity (x32 Version: )
Unity Web Player (HKCU Version: )
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Uplay (x32 Version: 2.0)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0)
Welcome Center (x32 Version: 1.00.3013)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live (x32 Version: 15.4.3555.0308)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live FolderShare (x32 Version: 14.0.8089.726)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
ZHPDiag 2013 (x32 Version: 2013)

==================== Restore Points =========================

06-11-2013 19:37:02 Installé I Am Alive
08-11-2013 16:32:27 Supprimé I Am Alive
08-11-2013 16:44:56 Installé Oblivion
08-11-2013 16:44:56 DirectX 9.0 installé
08-11-2013 16:58:46 Installed Oblivion - Knights of the Nine
08-11-2013 17:00:31 Installed Oblivion - Orrery
08-11-2013 17:01:24 Installed Oblivion - Wizard's Tower
08-11-2013 17:02:35 Installed Oblivion - Vile Lair
08-11-2013 17:03:44 Installed Oblivion - Horse Armor Pack
08-11-2013 17:04:52 Installed Oblivion - Thieves Den
08-11-2013 17:06:02 Installed Oblivion - Mehrunes Razor
08-11-2013 17:07:04 Installed Oblivion - Spell Tomes
08-11-2013 17:10:59 Removed Oblivion - Knights of the Nine
13-11-2013 21:00:16 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02917B35-A72F-4FED-9810-6A2C50A38B2F} - System32\Tasks\{C13DEF5B-0869-494B-9603-EEDEFBE1AA2C} = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe [2013-09-05] (Adobe Systems Incorporated)
Task: {1EAB7580-F1FD-4DC0-ACD0-6B32BCA445ED} - System32\Tasks\{B9361F11-902B-4607-87BB-FC7FDF924331} = C:\Program Files\Bohemia Interactive\ArmA\arma.exe
Task: {24C981E2-EAC6-4C9A-811A-E7145BBBC2E4} - System32\Tasks\{4E730866-B207-49A2-AF30-C7913C086B25} = C:\Program Files (x86)\Windows Media Player\mplayer2.exe [1998-09-02] (Microsoft Corporation)
Task: {26CB3446-F8DD-45E0-ADCA-870B26775127} - System32\Tasks\GoogleUpdateTaskMachineCore = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-15] (Google Inc.)
Task: {3874FDEE-9B9D-4B36-92B7-E0147F03ACCD} - System32\Tasks\{2479915F-EC78-4E9B-8546-3DA8189B0AC6} = C:\Program Files (x86)\Illusion Softworks\Hidden Dangerous 2\hd2.exe
Task: {466E3F91-63BB-451E-8939-F1518737CEBF} - System32\Tasks\{F31478B2-9672-4546-AB4F-D32E87AB604E} = C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Task: {51C7357F-FF72-4E5F-9EBD-80C758390C13} - System32\Tasks\{34AD21EB-D4A6-4612-A472-A8DECAFC1E4A} = C:\Program Files (x86)\Microsoft Works\MSWorks.exe [2007-06-20] (Microsoft® Corporation)
Task: {557946CC-EA26-459F-8C83-525858EEA8A6} - System32\Tasks\{DD4B8DD6-0BBE-4A29-8CAB-6106A53812BF} = Firefox.exe
Task: {55EC76E9-FBB9-496B-A8DA-E71CE0173678} - System32\Tasks\{12057A87-6954-4D95-BCF4-1870896417FD} = C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Task: {60561600-7022-483B-81A8-E5EE10CD061B} - System32\Tasks\{F220AC26-E100-4496-A061-1E0AF60B060C} = C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe [2013-07-19] (Nicolas Coolman)
Task: {685F2EA0-8A18-41F5-91D5-F267EDDD898A} - System32\Tasks\GoogleUpdateTaskMachineUA = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-15] (Google Inc.)
Task: {A94A4371-40F3-4E8E-B39F-D2C2644A4C9B} - \Dealply No Task File
Task: {AE056608-2D90-4268-BFFC-D9EC180023CC} - System32\Tasks\Adobe Flash Player Updater = C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-14] (Adobe Systems Incorporated)
Task: {B23B9E9A-C43A-4641-9AE8-B21AFB4A0ED5} - System32\Tasks\{88983BD0-9723-40FB-BB39-B1CACDF7EC1A} = Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/fr/a ... e=tsPlugin
Task: {B80D1678-D4E2-4AA0-8F6A-192423389FD6} - System32\Tasks\CreateChoiceProcessTask = C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {C93E9032-CDB8-4400-A9DD-5AF2944332FD} - System32\Tasks\Go for FilesUpdate = C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
Task: {F23BC544-C4E2-4C77-807E-6CCB248F3445} - System32\Tasks\{68583218-406A-44A9-8521-5D560795A2B7} = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
Task: {F3377C86-C179-4756-A70E-8B2071D13743} - \Scheduled Update for Ask Toolbar No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job = C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-29 22:19 - 2012-12-18 13:34 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2010-03-26 03:29 - 2010-03-26 03:29 - 00154144 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2013-10-01 01:09 - 2013-10-30 13:28 - 03368048 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-11-14 18:33 - 2013-11-14 18:33 - 16237448 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:93EB7685

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Clavier standard PS/2
Description: Clavier standard PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Claviers standard)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Souris Microsoft PS/2
Description: Souris Microsoft PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/16/2013 03:59:52 AM) (Source: Application Hang) (User: )
Description: Le programme Oblivion.exe version 1.2.0.416 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus : 160

Heure de début : 01cee241c89893e4

Heure de fin : 161

Chemin d’accès de l’application : C:\Program Files (x86)\Bethesda Softworks\Oblivion\Oblivion.exe

ID de rapport :

Error: (11/14/2013 09:34:08 PM) (Source: ESENT) (User: )
Description: taskhost (3396) Une tentative d'ouverture du fichier "C:\Users\sandrine\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" pour accès en lecture seule a échoué en indiquant l'erreur système 32 (0x00000020) : "Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus. ". L'opération d'ouverture de fichier échouera en indiquant l'erreur -1032 (0xfffffbf8).

Error: (11/14/2013 03:02:59 AM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante Oblivion.exe, version : 1.1.0.511, horodatage : 0x44637362
Nom du module défaillant : Oblivion.exe, version : 1.1.0.511, horodatage : 0x44637362
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000c3a74
ID du processus défaillant : 0x1300
Heure de début de l’application défaillante : 0xOblivion.exe0
Chemin d’accès de l’application défaillante : Oblivion.exe1
Chemin d’accès du module défaillant: Oblivion.exe2
ID de rapport : Oblivion.exe3

Error: (11/13/2013 04:17:14 AM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante Oblivion.exe, version : 1.1.0.511, horodatage : 0x44637362
Nom du module défaillant : Oblivion.exe, version : 1.1.0.511, horodatage : 0x44637362
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000c3a74
ID du processus défaillant : 0xf30
Heure de début de l’application défaillante : 0xOblivion.exe0
Chemin d’accès de l’application défaillante : Oblivion.exe1
Chemin d’accès du module défaillant: Oblivion.exe2
ID de rapport : Oblivion.exe3

Error: (11/12/2013 05:12:13 AM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante Oblivion.exe, version : 1.1.0.511, horodatage : 0x44637362
Nom du module défaillant : Oblivion.exe, version : 1.1.0.511, horodatage : 0x44637362
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000c3a74
ID du processus défaillant : 0x11e4
Heure de début de l’application défaillante : 0xOblivion.exe0
Chemin d’accès de l’application défaillante : Oblivion.exe1
Chemin d’accès du module défaillant: Oblivion.exe2
ID de rapport : Oblivion.exe3

Error: (11/11/2013 00:58:18 PM) (Source: Application Hang) (User: )
Description: Le programme Oblivion.exe version 1.1.0.511 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus : bb0

Heure de début : 01ceded49d164b27

Heure de fin : 129

Chemin d’accès de l’application : C:\Program Files (x86)\Bethesda Softworks\Oblivion\Oblivion.exe

ID de rapport :

Error: (11/11/2013 05:46:56 AM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante Oblivion.exe, version : 1.1.0.511, horodatage : 0x44637362
Nom du module défaillant : Oblivion.exe, version : 1.1.0.511, horodatage : 0x44637362
Code d’exception : 0xc0000005
Décalage d’erreur : 0x000c3a74
ID du processus défaillant : 0x99c
Heure de début de l’application défaillante : 0xOblivion.exe0
Chemin d’accès de l’application défaillante : Oblivion.exe1
Chemin d’accès du module défaillant: Oblivion.exe2
ID de rapport : Oblivion.exe3

Error: (11/10/2013 07:00:01 PM) (Source: Windows Backup) (User: )
Description: La sauvegarde a échoué en raison d’une erreur d’écriture dans l’emplacement de sauvegarde, H:\. Erreur : Emplacement de sauvegarde introuvable ou incorrect. Vérifiez vos paramètres de sauvegarde, ainsi que l’emplacement de sauvegarde. (0x81000006).

Error: (11/09/2013 04:31:06 PM) (Source: Application Error) (User: )
Description: Nom de l’application défaillante Oblivion.exe, version : 1.1.0.511, horodatage : 0x44637362
Nom du module défaillant : Oblivion.exe, version : 1.1.0.511, horodatage : 0x44637362
Code d’exception : 0xc0000005
Décalage d’erreur : 0x0021cc22
ID du processus défaillant : 0xe08
Heure de début de l’application défaillante : 0xOblivion.exe0
Chemin d’accès de l’application défaillante : Oblivion.exe1
Chemin d’accès du module défaillant: Oblivion.exe2
ID de rapport : Oblivion.exe3

Error: (11/06/2013 08:29:32 PM) (Source: Application Hang) (User: )
Description: Le programme Explorer.EXE version 6.1.7601.17567 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID de processus : bc0

Heure de début : 01cedb013cc9d424

Heure de fin : 32

Chemin d’accès de l’application : C:\Windows\Explorer.EXE

ID de rapport : b58dd0f8-4719-11e3-8957-90fba687d251


System errors:
=============
Error: (11/15/2013 05:30:27 PM) (Source: BugCheck) (User: )
Description: 0x000000d1 (0x0000000000000000, 0x0000000000000002, 0x0000000000000001, 0xfffff88002f965bf)C:\Windows\MEMORY.DMP111513-23696-01

Error: (11/15/2013 05:30:16 PM) (Source: EventLog) (User: )
Description: L’arrêt système précédant à 17:26:25 le ‎15/‎11/‎2013 n’était pas prévu.

Error: (11/05/2013 05:24:33 PM) (Source: EventLog) (User: )
Description: L’arrêt système précédant à 17:21:44 le ‎05/‎11/‎2013 n’était pas prévu.

Error: (11/03/2013 11:10:51 PM) (Source: EventLog) (User: )
Description: L’arrêt système précédant à 23:09:43 le ‎03/‎11/‎2013 n’était pas prévu.

Error: (10/30/2013 01:19:42 PM) (Source: Service Control Manager) (User: )
Description: Le service Steam Client Service n’a pas pu démarrer en raison de l’erreur :
%%1053

Error: (10/30/2013 01:19:42 PM) (Source: Service Control Manager) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Steam Client Service.

Error: (10/26/2013 09:14:55 PM) (Source: Service Control Manager) (User: )
Description: Le service Avira Protection temps réel s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 0 millisecondes : Redémarrer le service.

Error: (10/26/2013 09:14:55 PM) (Source: Service Control Manager) (User: )
Description: L’appel ScRegSetValueExW a échoué pour FailureActions avec l’erreur :
%%5

Error: (10/26/2013 09:14:54 PM) (Source: Service Control Manager) (User: )
Description: L’appel ScRegSetValueExW a échoué pour FailureActions avec l’erreur :
%%5

Error: (10/25/2013 00:44:32 PM) (Source: Service Control Manager) (User: )
Description: Le service Explorateur d’ordinateurs dépend du service Serveur qui n’a pas pu démarrer en raison de l’erreur :
%%1068


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 6135.11 MB
Available physical RAM: 4393.25 MB
Total Pagefile: 12268.4 MB
Available Pagefile: 10038.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:458.87 GB) (Free:255.39 GB) NTFS
Drive d: (Data) (Fixed) (Total:458.87 GB) (Free:458.16 GB) NTFS
Drive e: (Oblivion) (CDROM) (Total:4.05 GB) (Free:0 GB) UDF

==================== MBR Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: A95C0492)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=459 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=459 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Avatar du membre
par dav86
#77260
~ Rapport de ZHPDiag v2013.11.1.2 - Nicolas Coolman (02/11/2013)
~ Lancé par Alatte (18/11/2013 14:07:49)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Forums gratuits d'Assistance à la désinfection : http://nicolascoolman.webs.com/apps/links/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16736
MFIE: Mozilla Firefox 25.0.1 (Defaut)
GCIE: Google Chrome v31.0.1650.57

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Avira Free Antivirus v13.0.0.4042
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v3.20 =Piriform Ltd

---\\ Logiciels de partage PeerToPeer
Pando Media Booster v2.6.0.8

---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 7
Java 7 Update 45

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6135 MB (72% free)
System Restore: Activé (Enable)
System drive C: has 256 GB (55%) free of 459 GB

---\\ Mode de connexion au système
~ Computer Name: ALATTE-PC
~ User Name: Alatte
~ All Users Names: sandrine, Alatte, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\Alatte\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Alatte\AppData\Roaming\
~ %Desktop% : C:\Users\Alatte\Desktop\
~ %Favorites% : C:\Users\Alatte\Favorites\
~ %LocalAppData% : C:\Users\Alatte\AppData\Local\
~ %StartMenu% : C:\Users\Alatte\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 256 Go of 459 Go)
D: Hard drive, Flash drive, Thumb drive (Free 458 Go of 459 Go)
E: CD-ROM drive (Free 0 Go of 4 Go)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9706C99DAEBE3FEAC811B239617E98C4] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/10/2013 - 09:45:20.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/7
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/64
~ Mes Documents (My Documents) : 1/741
~ Mon Bureau (My Desktop) : 1/30
~ Menu demarrer (Programs) : 1/50
~ Hidden Files: Scanned in 00mn 00s



---\\ Processus lancés
[MD5.DB3F7F19F942D3CE4E1A0E8D9FF541FB] - (.Avira Operations GmbH Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192] [PID.3100]
[MD5.077D59BA0FD4007E841B6C670862B065] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.2708]
[MD5.E0B173F23D873286169995D66B9E3CDF] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [18544] [PID.3752]
[MD5.CEED3CE0035F55A08EEEC34B5804723C] - (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe [1862536] [PID.3708]
[MD5.C5D445474CDE2EA0C01548EEC465EACD] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8164864] [PID.3908]
[MD5.8769E2D1072B62AB071F166F03B3E3DC] - (.Avira Operations GmbH Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024] [PID.1396]
[MD5.AD1D13E6326E0B8DA2A7BE13B39A8FE0] - (.Avira Operations GmbH Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088] [PID.1672]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.1956]
~ Processes Running: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Alatte\AppData\Roaming\Mozilla\Firefox\Profiles\hl5cnu5x.default-1381266156581\prefs.js
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: Acrobat Reader 5.0.lnk . (.Adobe Systems Incorporated - Acrobat Reader 5.0.) -- C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
O4 - GS\Desktop [Public]: Canon Quick Menu.lnk . (.CANON INC. - Canon Quick Menu.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.exe
O4 - GS\Desktop [Public]: chrome.exe.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: firefox.exe.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Oblivion.lnk . (.Bethesda Softworks - Oblivion Launcher.) -- C:\Program Files (x86)\Bethesda Softworks\Oblivion\OblivionLauncher.exe
O4 - GS\Desktop [Public]: OpenOffice 4.0.0.lnk . (.Apache Software Foundation - OpenOffice 4.0.0.) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
O4 - GS\Desktop [Public]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
O4 - GS\Desktop [Public]: Unity.lnk . (.Unity Technologies ApS - Unity Editor.) -- C:\Program Files (x86)\Unity\Editor\Unity.exe
O4 - GS\Program [Public]: Acrobat Reader 5.0.lnk . (.Adobe Systems Incorporated - Acrobat Reader 5.0.) -- C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
O4 - GS\Program [Public]: firefox.exe.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [sandrine]: GameSpy Arcade.lnk . (.GameSpy Industries, Inc. - GameSpy Arcade 1.4.) -- C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
O4 - GS\QuickLaunch [sandrine]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [sandrine]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [sandrine]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [sandrine]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [sandrine]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [sandrine]: GameSpy Arcade.lnk . (.GameSpy Industries, Inc. - GameSpy Arcade 1.4.) -- C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
O4 - GS\Desktop [sandrine]: Ubi Soft Product Registration.lnk . (.Ubi Soft - Pas de description.) -- C:\Program Files (x86)\Ubi Soft\Register\register.exe
O4 - GS\QuickLaunch [Alatte]: chrome.exe.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Alatte]: GameSpy Arcade.lnk . (.GameSpy Industries, Inc. - GameSpy Arcade 1.4.) -- C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
O4 - GS\QuickLaunch [Alatte]: iexplore.exe.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Alatte]: iexplore.exe.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Program [Alatte]: iexplore.exe.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories [Alatte]: iexplore.exe.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SendTo [Alatte]: Xfire Ami(e).lnk . (...) -- C:\Program Files (x86)\Xfire\Xfire.exe (.not file.)
O4 - GS\Desktop [Alatte]: FRST64 - Raccourci.lnk . (.Farbar - Pas de description.) -- C:\Users\Alatte\Downloads\FRST64.exe
O4 - GS\Desktop [Alatte]: GameSpy Arcade.lnk . (.GameSpy Industries, Inc. - GameSpy Arcade 1.4.) -- C:\Program Files (x86)\GameSpy Arcade\Aphex.exe
O4 - GS\Desktop [Alatte]: iexplore.exe.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Alatte]: OTM - Raccourci.lnk . (.OldTimer Tools - Pas de description.) -- C:\Users\Alatte\Downloads\OTM.exe
O4 - GS\Desktop [Alatte]: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe =.Nicolas Coolman
~ Global Startup: 105 Legitimates Filtered in 00mn 04s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Alatte]: Lanceur.lnk . (.Micro Application - Pas de description.) -- C:\Program Files (x86)\Micro Application\LauncherMA.exe
O4 - GS\Startup [Alatte]: Registration .LNK . (...) -- C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Double Agent\support\Register\Reg.exe (.not file.)
O4 - HKLM\..\Run: [mwlDaemon] . (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =.Realtek Semiconductor Corp
O4 - HKCU\..\Run: [Pando Media Booster] . (.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKLM\..\Wow6432Node\Run: [SuiteTray] . (.Egis Technology Inc. - SuiteTray.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
O4 - HKLM\..\Wow6432Node\Run: [EgisUpdate] . (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [EgisTecPMMUpdate] . (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
O4 - HKLM\..\Wow6432Node\Run: [Hotkey Utility] . (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Wow6432Node\Run: [MDS_Menu] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe
O4 - HKLM\..\Wow6432Node\Run: [ArcadeMovieService] . (.CyberLink Corp. - Arcade Movie Resident Program.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe =.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [CanonQuickMenu] . (.CANON INC. - Canon Quick Menu.) -- C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =.Microsoft Corporation
O4 - HKUS\S-1-5-21-337464992-296471290-3356353711-1000\..\Run: [Pando Media Booster] . (.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
~ Application: Scanned in 00mn 00s



---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] http.ma-config.com
O15 - Trusted Zone: [HKCU\...\Domains] http.touslesdrivers.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{77E05783-9DA1-425A-BBC3-9A5C89C94808}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{77E05783-9DA1-425A-BBC3-9A5C89C94808}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{77E05783-9DA1-425A-BBC3-9A5C89C94808}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Go for FilesUpdate] (...) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (.not file.) [0] =P2P.GoforFiles
[MD5.00000000000000000000000000000000] [APT] [{12057A87-6954-4D95-BCF4-1870896417FD}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2479915F-EC78-4E9B-8546-3DA8189B0AC6}] (...) -- C:\Program Files (x86)\Illusion Softworks\Hidden Dangerous 2\hd2.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{68583218-406A-44A9-8521-5D560795A2B7}] (...) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B9361F11-902B-4607-87BB-FC7FDF924331}] (...) -- C:\Program Files\Bohemia Interactive\ArmA\arma.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F31478B2-9672-4546-AB4F-D32E87AB604E}] (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) [0]
~ Scheduled Task: 26 Legitimates Filtered in 00mn 06s



---\\ HKCU HKLM Software Keys
[HKCU\Software\Pando Networks]
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\Pando Networks]
~ Key Software: 275 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/04/2012 - 23:15:41 - [7,234] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 16/07/2012 - 19:09:40 - [0,001] ----D C:\Users\Alatte\AppData\Local\reakktor
~ 1216 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 1505 Legitimates Filtered in 00mn 28s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.6AE4CC76C5A7FDB989F6430A9E1CF80D] - 08/11/2013 - 17:45:40 ---A- . (...) -- C:\Windows\DirectX.log [28547]
O44 - LFC:[MD5.7F319E86085C6D5F50A48C3F4A1772AB] - 18/11/2013 - 03:51:58 ---A- . (...) -- C:\Windows\BlendSettings.ini [23]
O44 - LFC:[MD5.55665D1D966B804C4CDB2CFAAFF47B91] - 18/11/2013 - 13:36:48 ---A- . (...) -- C:\Shortcut_Module_18_11_2013_13_36_48.txt [5724]
O44 - LFC:[MD5.99F1EB2BC3A676141F6C7FF8C8B0773A] - 18/11/2013 - 13:55:39 ---A- . (...) -- C:\rapport.txt [1079]
~ Files: 87 Legitimates Filtered in 00mn 53s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{0b5ab857-893d-11e0-b816-806e6f6e6963}\AutoRun\command. (.Bethesda Softworks - Oblivion Launcher.) -- E:\OblivionLauncher.exe
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\Overwolf [Key] . (.Overwolf - Overwolf.) -- C:\Program Files (x86)\Overwolf\Overwolf.exe
~ SMSR Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.B8B7DF85909DE0E0DA5B8E1BF67EF033] - 06/03/2013 - 20:50:17 ---A- . (.Protect Software GmbH - ProtectDisc Filter Driver x64.) -- C:\Windows\System32\Drivers\acedrv10.sys [276480]
O58 - SDL:[MD5.CE4B6956E4E12492715A53076E58761F] - 09/11/2009 - 00:42:00 ---A- . (.Teruten Inc - File System Mini Filter Drvier.) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys [16392]
~ Drivers: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 06/03/2013 - C:\Windows\system32\drivers\acedrv10.sys (acedrv10) .(.Protect Software GmbH - ProtectDisc Filter Driver x64.) - LEGACY_ACEDRV10
~ Legacy: 94 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.6ACBD475647D7A160657CB3E460F0F35] [SPRF][27/01/2010] (...) -- C:\ProgramData\FullRemove.exe [131472]
[MD5.7EFA501C050F35610A750928C8F246BE] [SPRF][07/10/2013] (...) -- C:\Users\Alatte\AppData\Roaming\wklnhst.dat [226]
[MD5.FC05CF5526BA0C9CCDEB02BB61503ED1] [SPRF][29/04/2013] (...) -- C:\Users\Alatte\Desktop\avira_free_antivirus_fr.exe [104833992]
~ Files: 6 Legitimates Filtered in 00mn 01s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "70140BF22CB7C94419A535B0925B0EEF" . (.UE3Redist.) -- C:\Windows\Installer\{2FB04107-7BC2-449C-915A-530B29B5E0FE}\ARPPRODUCTICON.exe
~ Update Products: 155 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.23E107196CB1CB6E66C5689C8EC06C1C] [WIS][02/07/2009] (.Nokia - PC Connectivity Solution.) -- C:\Windows\Installer\1516a1.msi [21368832]
~ WIS: 162 Legitimates Filtered in 00mn 23s



---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 14/11/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 24/07/2013 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 10/09/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 10/09/2013 108088 | (AntiVirService) . (.Avira Operations GmbH Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SS - | Auto 28/08/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
SS - | Auto 15/12/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 15/12/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Auto 28/03/2012 140456 | (IJPLMSVC) . (...) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.exe
SR - | Auto 04/08/2013 2650960 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SS - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 17/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 01/02/2010 305520 | (MWLService) . (.Egis Technology Inc..) - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
SS - | Demand 22/08/2013 18360 | (OverwolfUpdaterService) . (.Overwolf Ltd.) - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe
SS - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SS - | Auto 03/02/2010 244904 | (RichVideo) . (...) - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
SS - | Demand 11/11/2008 620544 | (ServiceLayer) . (.Nokia..) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 03/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 09/10/2013 565672 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SS - | Auto 29/01/2010 243232 | (Updater Service) . (.Acer Group.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SS - | Auto 09/12/2009 76320 | (USBS3S4Detection) . (...) - C:\OEM\USBDECTION\USBS3S4Detection.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 24s



---\\ Scan Additionnel (O88)
Database Version : 12965 - (02/11/2013)
Clés trouvées (Keys found) : 9
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =Toolbar.Ask
~ Additionnel Scan: 319770 Items scanned in 00mn 13s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blo ... oolbar-ask =Toolbar.Ask
~ MSI: 1 link(s) detected in 00mn 13s



~ 2647 Legitimates filtered by white list
End of the scan (426 lines in 02mn 33s)(0)
voila a+ bonne soiree
Avatar du membre
par dav86
#77710
salut voila le rapport delfix
# DelFix v10.6 - Rapport créé le 20/11/2013 à 14:39:06
# Mis à jour le 11/11/2013 par Xplode
# Nom d'utilisateur : Alatte - ALATTE-PC
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activation de l'UAC ... OK

~ Suppression des outils de désinfection ...

Supprimé : C:\_OTM
Supprimé : C:\FRST
Supprimé : C:\Shortcut_Module
Supprimé : C:\AdwCleaner
Supprimé : C:\Users\Alatte\AppData\Roaming\ZHP
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Supprimé : C:\Program Files (x86)\ZHPDiag
Supprimé : C:\PhysicalDisk0_MBR.bin
Supprimé : C:\rapport.txt
Supprimé : C:\Users\Alatte\Desktop\FRST64 - Raccourci.lnk
Supprimé : C:\Users\Alatte\Desktop\ZHPDiag.lnk
Supprimé : C:\Users\Alatte\Desktop\ZHPDiag.txt
Supprimé : C:\Users\Alatte\Desktop\ZHPFix.lnk
Supprimé : C:\Users\Alatte\Desktop\ZHPFixReport.txt
Supprimé : C:\Users\Alatte\Downloads\Addition.txt
Supprimé : C:\Users\Alatte\Downloads\Additionfrst.txt
Supprimé : C:\Users\Alatte\Downloads\adwcleaner(1).exe
Supprimé : C:\Users\Alatte\Downloads\adwcleaner(2).exe
Supprimé : C:\Users\Alatte\Downloads\adwcleaner(3).exe
Supprimé : C:\Users\Alatte\Downloads\adwcleaner.exe
Supprimé : C:\Users\Alatte\Downloads\FRST.txt
Supprimé : C:\Users\Alatte\Downloads\FRST64.exe
Supprimé : C:\Users\Alatte\Downloads\FRSTn°1.txt
Supprimé : C:\Users\Alatte\Downloads\OTM.exe
Supprimé : C:\Users\Alatte\Downloads\Search.txt
Supprimé : C:\Users\Alatte\Downloads\ZHPDiag2(1).exe
Supprimé : C:\Users\Alatte\Downloads\ZHPDiag2(2).exe
Supprimé : C:\Users\Alatte\Downloads\ZHPDiag2.exe
Supprimée : HKLM\SOFTWARE\OldTimer Tools
Supprimée : HKLM\SOFTWARE\AdwCleaner
Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Sauvegarde de la base de registre ... OK

~ Purge de la restauration système ...

Supprimé : RP #1192 [Supprimé I Am Alive | 11/08/2013 16:32:27]
Supprimé : RP #1193 [Installé Oblivion | 11/08/2013 16:44:56]
Supprimé : RP #1194 [DirectX 9.0 installé | 11/08/2013 16:44:56]
Supprimé : RP #1195 [Installed Oblivion - Knights of the Nine | 11/08/2013 16:58:46]
Supprimé : RP #1196 [Installed Oblivion - Orrery | 11/08/2013 17:00:31]
Supprimé : RP #1197 [Installed Oblivion - Wizard's Tower | 11/08/2013 17:01:24]
Supprimé : RP #1198 [Installed Oblivion - Vile Lair | 11/08/2013 17:02:35]
Supprimé : RP #1199 [Installed Oblivion - Horse Armor Pack | 11/08/2013 17:03:44]
Supprimé : RP #1200 [Installed Oblivion - Thieves Den | 11/08/2013 17:04:52]
Supprimé : RP #1201 [Installed Oblivion - Mehrunes Razor | 11/08/2013 17:06:02]
Supprimé : RP #1202 [Installed Oblivion - Spell Tomes | 11/08/2013 17:07:04]
Supprimé : RP #1203 [Removed Oblivion - Knights of the Nine | 11/08/2013 17:10:59]
Supprimé : RP #1204 [Windows Update | 11/13/2013 21:00:16]
Supprimé : RP #1206 [Paint.NET v3.5.11 | 11/20/2013 13:16:35]
Supprimé : RP #1207 [Windows Live Essentials | 11/20/2013 13:25:01]
Supprimé : RP #1208 [DirectX est installé | 11/20/2013 13:26:11]
Supprimé : RP #1209 [DirectX est installé | 11/20/2013 13:27:05]
Supprimé : RP #1210 [DirectX est installé | 11/20/2013 13:27:48]
Supprimé : RP #1211 [WLSetup | 11/20/2013 13:29:40]

Nouveau point de restauration créé !

~ Réinitialisation des paramètres système ... OK

########## - EOF - ##########
Avatar du membre
par dav86
#77757
re et voila le dernier rapport de security check
Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 45
Adobe Flash Player 11.9.900.152
Adobe Reader XI
Mozilla Firefox (25.0.1)
Google Chrome 30.0.1599.101
Google Chrome 31.0.1650.57
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: =
````````````````````End of Log``````````````````````

voila fini et pour repondre a ta question je n ai plus de probleme sur l ordi merci pour tout et surtout de ta patience encore merci a bientot bonne soiree
par roro04
#78002
Parfait ! Pense à mettre à jour Internet Explorer via Windows Update même si tu ne l'utilises pas.

Puis-je passer le sujet en Résolu ? C'est tout OK ?
Avatar du membre
par dav86
#79416
salut ok je mettrai a jour internet explorer ,une fois par mois c est bon ,et oui si pour toi c est ok aussi tu peut mettre en resolu pour moi c est ok merci encore
bonne journee a+
par roro04
#79461
Image Bonjour,

Le sujet est à présent résolu, nous nous chargeons donc de le mettre en résolu et nous le verrouillons.
Vous pouvez si vous le souhaitez, mettre en valeur les messages ayant résolu votre problème comme ceci : http://www.forum-entraide-informatique. ... onse-utile

Cela permettra une meilleure visibilité du sujet pour les autres utilisateurs ayant le même souci.

Si le forum vous a aider dans la résolution de votre problème et que vous souhaitez le remercier, vous avez la possibilité de faire un don afin de l'encourager dans ses démarches en cliquant sur le bouton suivant :

Image


Vous pouvez aussi suivre FEI sur Facebook en cliquant sur J'aime ci-dessous :



Merci d'avance,
À bientôt sur FEI !
Bug PC

Bonsoir Nicouille04 Oui, une restauration &agra[…]

Une partie de mon problème a ét&eacu[…]

désinstaller sophos

:bonjour: tu remets frst et addition je t'ai de[…]

Hello!

Nice to meet you, guys! Opportunities like schola[…]