[Résolu] PC enmode ralenti besoin d'aide pour une novice
Posté : mer. 24 avr. 2013 13:55
salut a toulmonde voila sa fait des semaines que mon pc met une éternité a démarrer malgré les scan de mon Antivirus "Orange" qui ne semble rien détecter je doute que mon pc soit infecté par des nouveaux virus cest pour sa que j'ai besoin de votre aide!!!!
" J'ai fait un scan Avec ZHP Diag" comme vous l'aviez expliquez plus haut!!!!!
Rapport de ZHPDiag v2013.4.23.139 par Nicolas Coolman, Update du 23/04/2013
Run by e((zrt at 24/04/2013 15:40:42
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v8.0.7601.17514
MFIE: Mozilla Firefox 10.0 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
Anti-virus firewall
Malwarebytes Anti-Malware version 1.70.0.1100
Windows Defender W7
---\\ System Optimizer
CCleaner v3.01
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.4 MUI
Java 7 Update 17
---\\ System Information
~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2815 MB (41% free)
System Restore: Activé (Enable)
System drive C: has 169 GB (74%) free of 226 GB
---\\ Logged in mode
~ Computer Name: CÉDRIC
~ User Name: e((zrt
~ All Users Names: UpdatusUser, HomeGroupUser$, e((zrt, C-DRIK, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\e((zrt\AppData\Roaming\
~ %Desktop% : C:\Users\e((zrt\Desktop\
~ %Favorites% : C:\Users\e((zrt\Favorites\
~ %LocalAppData% : C:\Users\e((zrt\AppData\Local\
~ %StartMenu% : C:\Users\e((zrt\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 169 Go of 226 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 17 Go of 227 Go)
E:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Security Center Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 10:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 05:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9E7687984107C81B859200C9BD570AFF] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/03/2013 - 09:56:00.) -- C:\Windows\System32\wininet.dll [1188864]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 17:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 17:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 07:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 05:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 03:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 13:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 13:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 14:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 03:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 04:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 06:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 13:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.31/08/2012 - 22:19:35.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 04:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 14:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 04:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 13:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 17:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 19s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/13
~ Mes Favoris (My Favorites) : 1/21
~ Mes Documents (My Documents) : 1/62
~ Mon Bureau (My Desktop) : 1/43
~ Menu demarrer (Programs) : 1/39
~ Hidden Files: Scanned in 00mn 06s
---\\ Processus lancés
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.2924]
[MD5.775DC2AE72F972935703ADA4FFDF3749] - (.Orange - MailNotifier.) -- C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe [888480] [PID.2348]
[MD5.B54921381A950C8215FB363B485C432B] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [270336] [PID.992]
[MD5.FBAF93425D4B5A6C48ABB5B7F81088CD] - (.F-Secure Corporation - F-Secure Settings and Statistics.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSM32.exe [201128] [PID.3128]
[MD5.C637FC4638A96165256B28D38DE7B953] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.3156]
[MD5.F16EEA6CCA9D8A7D1193AE80E43FBBC7] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [168960] [PID.3704]
[MD5.339DFA98DDDA7DDF735CE21C82E6F1DD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [824232] [PID.3976]
[MD5.2DE2B92C4EFEF841CEAA9752FC8FA91F] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [924632] [PID.3320]
[MD5.D414B8313C8BFC99C438E178B35D821C] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [16856] [PID.4804]
[MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe [1822424] [PID.3436]
[MD5.AAE42F24B1510ADF8E7DE92085B8E67F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6971904] [PID.4596]
[MD5.6D9FC1E7EA3C548F4D3455F0C3FEEF8C] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 7.0 (component).) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312] [PID.1428]
[MD5.2346842F07E2AB64D1DC83A67FCCDFA1] - (.F-Secure Corporation - F-Secure Anti-Virus Scanning Service.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe [221608] [PID.1856]
[MD5.8A556A81E9FF95BD9EB7207783E8FCF4] - (.F-Secure Corporation - F-Secure Management Agent.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSMA32.exe [188840] [PID.1900]
[MD5.94168C3B6DF5B0241C0D1AF62C0A239D] - (.F-Secure Corporation - F-Secure Gatekeeper Handler 32-bit.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\FSGK32.exe [621504] [PID.1944]
[MD5.816FD5A6F3C2F3D600900096632FC60E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496] [PID.1992]
[MD5.86E8C2EA0BAA47BE919072251DE6489F] - (.F-Secure Corporation - F-Secure DLL Hosting Plugin.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSHDLL32.exe [90536] [PID.2028]
[MD5.70DDE3A86DBEB1D6C3C30AD687B1877A] - (.Acer - Acer Update Service.) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160] [PID.2128]
[MD5.42AEF6A385354ACA65FC210CE7CE4D7C] - (.F-Secure Corporation - F-Secure ORSP Service.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe [61088] [PID.3488]
[MD5.3FA17D48E90BDF99A91713CD763CBBAA] - (.F-Secure Corporation - F-Secure Scanner Manager 32-bit.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe [1035200] [PID.3548]
[MD5.8A9FACCB684500829F7D0BCC67B386CC] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [559104] [PID.916]
[MD5.3970F0746068ADF25C4FB7E1642C7FD0] - (.F-Secure Corporation - FSAV Handler.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe [494648] [PID.4144]
[MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.4440]
[MD5.A3A25E0509F67473B960DAF214828BE3] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1259296] [PID.2440]
~ Processes Running: Scanned in 00mn 32s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\e((zrt\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G0 - GCSP: Preference [User Data\Default] http://www.google.com
G1 - GCS: Preference [User Data\Default] None
~ Google Browser: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\e((zrt\AppData\Roaming\Mozilla\Firefox\Profiles\1sb6cl69.default\prefs.js
~ Firefox Browser: 12 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://r.orange.fr
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com
R3 - URLSearchHook: (no name) [64Bits] - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (. Microsoft Corporation - 5.1.20125.0.) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MailNotifier] . (.Orange - MailNotifier.) -- C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKCU\..\RunOnce: [Report] . (...) -- \AdwCleaner[S1].txt
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [F-Secure Manager] . (.F-Secure Corporation - F-Secure Settings and Statistics.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSM32.exe
O4 - HKLM\..\Wow6432Node\Run: [F-Secure TNB] . (.F-Secure Corporation - TNBUtil.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3402707560-2354951294-1778958202-1004\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-3402707560-2354951294-1778958202-1004\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3402707560-2354951294-1778958202-1004\..\RunOnce: [ScrSav] . (.Pas de propriétaire - run_NB Application.) -- C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Welcome Center.lnk . (.Acer Incorporated - Welcome Center.) -- C:\Program Files (x86)\Packard Bell\Welcome Center\OEMWelcomeCenter.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Jouer (EasyBits GO).lnk . (.EasyBits Software AS - Game Organizer.) -- C:\ProgramData\Easybits GO\EasyBitsGO.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - GS\Desktop: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\Desktop: Jouer (EasyBits GO).lnk . (.EasyBits Software AS - Game Organizer.) -- C:\ProgramData\Easybits GO\EasyBitsGO.exe
O4 - GS\Desktop: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.) -- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
O4 - GS\Desktop: Soulseek.lnk . (...) -- C:\Program Files (x86)\SoulseekNS\slsk.exe
O4 - GS\Desktop: Code de la Route Pratic.lnk . (.Micro Application - Code de la Route.) -- C:\Program Files (x86)\Micro Application\Code de la Route Pratic\CDR.exe
~ Global Startup: Scanned in 00mn 03s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7C91FF9-AA9E-49A1-8591-06217EE8703C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D7C91FF9-AA9E-49A1-8591-06217EE8703C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D7C91FF9-AA9E-49A1-8591-06217EE8703C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{21D3CCD5-A779-4890-9E7E-4B5FA7D6636D}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{883E8C44-759B-4503-885F-C4D0A86AB278}] (...) -- C:\Users\e((zrt\Desktop\start.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FAC1CF4A-5A5D-4420-8D58-AEF71016C59D}] (...) -- E:\Livebox.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FF5BDFB9-08F1-441B-AADE-59C4D1FA59AF}] (...) -- C:\Users\e((zrt\AppData\Roaming\FissaSearch\FissaUninstaller.exe (.not file.) [0]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 33s
---\\ Logiciels installés (O42)
O42 - Logiciel: SoulSeek 157 NS 13e - (...) [HKLM][64Bits] -- Soulseek2
~ Logic: 122 Legitimates Filtered in 00mn 01s
---\\ HKCU HKLM Software Keys
[HKCU\Software\AppDataLow\Software\Softonic_France_FF]
[HKCU\Software\SoftEther Corporation]
[HKCU\Software\SoulSeek]
[HKCU\Software\Soulseek2]
[HKLM\Software\Wow6432Node\SoftEther Corporation]
~ Key Software: 224 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 06/02/2011 - 00:57:34 - [8,682] ----D C:\Program Files (x86)\PacketiX VPN Client English
O43 - CFD: 09/09/2010 - 11:31:38 - [3,591] ----D C:\Program Files (x86)\SoulseekNS
O43 - CFD: 23/05/2011 - 12:57:18 - [61,534] ----D C:\Program Files (x86)\Sweex
O43 - CFD: 09/09/2010 - 11:32:37 - [0] ----D C:\ProgramData\Soulseek
O43 - CFD: 09/09/2010 - 11:31:38 - [0] ----D C:\Users\e((zrt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soulseek NS
~ 268 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 488 Legitimates Filtered in 01mn 11s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.CC4A2FEB5F31F8C57BDA2A8E2C2043BE] - 24/04/2013 - 15:46:47 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [18736]
O44 - LFC:[MD5.CC4A2FEB5F31F8C57BDA2A8E2C2043BE] - 24/04/2013 - 15:46:47 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [18736]
O44 - LFC:[MD5.CC4A2FEB5F31F8C57BDA2A8E2C2043BE] - 24/04/2013 - 15:46:47 RSHAD . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [18736]
O44 - LFC:[MD5.CC4A2FEB5F31F8C57BDA2A8E2C2043BE] - 24/04/2013 - 15:46:47 RSHAD . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [18736]
O44 - LFC:[MD5.0B9AF8477C6E5E0E6054429161883F42] - 24/04/2013 - 13:59:44 --HA- . (...) -- C:\~$wCleaner[R1].txt [162]
~ Files: 60 Legitimates Filtered in 00mn 25s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableStatusMessages"=0
~ MWPS: 22 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 05:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.CA0318D3FA86C173533685C2171C55AB] - 22/12/2006 - 21:05:52 R--A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\SysWOW64\drivers\athrxusb.sys [559104]
~ Drivers: Scanned in 00mn 03s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: RSIT - (.random/random.)
~ ADS: Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {7EC750B2-BD44-45E0-93D1-AF1E316B9BDF} - (Ask Search) - http://websearch.ask.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.76AF267617234BC09E298967330EC8A5] [SPRF][19/05/2011] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][24/08/2009] (...) -- C:\ProgramData\FullRemove.exe [131368]
[MD5.C6AA274F69EBDD86F75B7E3E4FA58AF4] [SPRF][31/01/2013] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\e((zrt\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe [915376]
[MD5.5CC163324A11091C975B686EF4C52C73] [SPRF][16/02/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\e((zrt\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe [897448]
[MD5.A620A735458E04AE0CF471319B6D6E7D] [SPRF][02/03/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\e((zrt\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe [897448]
[MD5.33F63221D444F5E651580D409B7DCD73] [SPRF][20/05/2011] (...) -- C:\Users\e((zrt\AppData\Roaming\wklnhst.dat [548]
~ Files: Scanned in 00mn 01s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{E3864060-811A-4752-B6BB-C82E95A1CD09}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (.not file.)
O87 - FAEL: "{7FE9333A-5863-448B-91BD-CFEB49DE3F10}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (.not file.)
O87 - FAEL: "{F64E5D4C-EBA5-45CD-81FB-E5673D471810}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (.not file.)
O87 - FAEL: "{56D1A1E6-EB0F-4E99-89CB-C3A1E4BC6A08}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (.not file.)
O87 - FAEL: "{D6750A1B-0013-4D88-A9B2-FD83D4BC665A}" |In - Private - P6 - TRUE | .(...) -- C:\Users\e((zrt\AppData\Local\Temp\7zS706E.tmp\SymNRT.exe (.not file.)
O87 - FAEL: "{10A7EEC7-CF1D-4413-8920-F26EEA7113F5}" |In - Private - P17 - TRUE | .(...) -- C:\Users\e((zrt\AppData\Local\Temp\7zS706E.tmp\SymNRT.exe (.not file.)
O87 - FAEL: "TCP Query User{FCF7347C-E790-46EA-8C17-968150394222}C:\program files (x86)\soulseekns\slsk.exe" | In - Private - P6 - TRUE | .(.Pas de propriétaire - SoulSeek.) -- C:\program files (x86)\soulseekns\slsk.exe
O87 - FAEL: "UDP Query User{DE7490FE-1492-4AFA-908B-7A54D613586A}C:\program files (x86)\soulseekns\slsk.exe" | In - Private - P17 - TRUE | .(.Pas de propriétaire - SoulSeek.) -- C:\program files (x86)\soulseekns\slsk.exe
O87 - FAEL: "TCP Query User{DF065D6E-7B9A-49B8-9079-F6520B9B29A1}C:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\avp.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\avp.exe (.not file.)
O87 - FAEL: "UDP Query User{3DBBFF0A-FAB7-4563-B622-C95C19975F8E}C:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\avp.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\avp.exe (.not file.)
O87 - FAEL: "{811AB0C6-0B2A-41FB-9F9F-B42398647980}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpnclient.exe (.not file.)
O87 - FAEL: "{28334112-A2BE-4FB0-AC3A-D4B4DCFDD2AE}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpnclient.exe (.not file.)
O87 - FAEL: "{4F5C787C-1899-440C-BC8C-36EB45A4388B}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpncmgr.exe (.not file.)
O87 - FAEL: "{87CF2B5B-A7B3-4282-8E5B-2F2E980B8720}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpncmgr.exe (.not file.)
O87 - FAEL: "{32337F36-A823-4049-B1D9-24C32268903F}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpncmd.exe (.not file.)
O87 - FAEL: "{34AB308B-5CE4-4E60-81CB-771B42244564}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpncmd.exe (.not file.)
O87 - FAEL: "{AFFF7B2D-F3E4-4137-B760-8BF9CCE21182}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpncmgr.exe (.not file.)
O87 - FAEL: "{FDB72607-69B9-47C2-A8DD-1E60695242BF}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpncmd.exe (.not file.)
O87 - FAEL: "{8510CE15-98C1-4C69-BBA1-20026424053F}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpnclient.exe (.not file.)
O87 - FAEL: "{1ABBD44D-3B97-44BF-9370-8328EB8F4AE7}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpncmgr.exe (.not file.)
O87 - FAEL: "{73DCEB47-72E1-4255-BAA3-358EAEAF2326}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpncmd.exe (.not file.)
O87 - FAEL: "{D4A1C09D-4B43-47B3-8425-39F92678F8B3}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpnclient.exe (.not file.)
O87 - FAEL: "TCP Query User{DBEF8040-5BDD-44DA-B35E-C152EB006926}C:\program files (x86)\soulseekns\slsk.exe" | In - Public - P6 - TRUE | .(.Pas de propriétaire - SoulSeek.) -- C:\program files (x86)\soulseekns\slsk.exe
O87 - FAEL: "UDP Query User{52D2D1A6-12DE-4537-AB2C-886F210B497F}C:\program files (x86)\soulseekns\slsk.exe" | In - Public - P17 - TRUE | .(.Pas de propriétaire - SoulSeek.) -- C:\program files (x86)\soulseekns\slsk.exe
~ Firewall: 232 Legitimates Filtered in 00mn 03s
---\\ Scan Additionnel (O88)
Database Version : v2.11668 - (23/04/2013)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =Toolbar.Skype
[HKCU\Software\AppDataLow\Software\Softonic_France_FF] =Toolbar.Conduit
C:\Users\e((zrt\AppData\LocalLow\Softonic_France_FF =Toolbar.Conduit
~ Additionnel Scan: 250218 Items scanned in 00mn 38s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 08/12/2008 169312 | (AdobeActiveFileMonitor7.0) . (.Adobe Systems Incorporated.) - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
SS - | Demand 17/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 18/11/2009 221608 | (F-Secure Gatekeeper Handler Starter) . (.F-Secure Corporation.) - C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe
SS - | Demand 12/03/2010 651720 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Demand 18/11/2009 846248 | (FSDFWD) . (.F-Secure Corporation.) - C:\Program Files (x86)\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe
SR - | Auto 18/11/2009 188840 | (FSMA) . (.F-Secure Corporation.) - C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSMA32.exe
SR - | Demand 25/10/2011 61088 | (FSORSPClient) . (.F-Secure Corporation.) - C:\Program Files (x86)\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe
SR - | Auto 28/08/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
SS - | Auto 08/09/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08/09/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/09/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SS - | Demand 25/08/2009 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 31/01/2013 878368 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 19/02/2013 1259296 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Demand 44312 | (OberonGameConsoleService) . (...) - C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
SS - | Auto 18/09/2012 1082016 | (Orange update Core Service) . (.France Telecom SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 04/07/2009 240160 | (Updater Service) . (.Acer.) - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s
~ 1507 Legitimates filtered by white list
End of the scan (461 lines in 10mn 13s)(0)
" J'ai fait un scan Avec ZHP Diag" comme vous l'aviez expliquez plus haut!!!!!
Rapport de ZHPDiag v2013.4.23.139 par Nicolas Coolman, Update du 23/04/2013
Run by e((zrt at 24/04/2013 15:40:42
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v8.0.7601.17514
MFIE: Mozilla Firefox 10.0 (Defaut)
---\\ Windows Product Information
~ Langage: Français
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
Anti-virus firewall
Malwarebytes Anti-Malware version 1.70.0.1100
Windows Defender W7
---\\ System Optimizer
CCleaner v3.01
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.4 MUI
Java 7 Update 17
---\\ System Information
~ Processor: AMD64 Family 16 Model 6 Stepping 2, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2815 MB (41% free)
System Restore: Activé (Enable)
System drive C: has 169 GB (74%) free of 226 GB
---\\ Logged in mode
~ Computer Name: CÉDRIC
~ User Name: e((zrt
~ All Users Names: UpdatusUser, HomeGroupUser$, e((zrt, C-DRIK, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\e((zrt\AppData\Roaming\
~ %Desktop% : C:\Users\e((zrt\Desktop\
~ %Favorites% : C:\Users\e((zrt\Favorites\
~ %LocalAppData% : C:\Users\e((zrt\AppData\Local\
~ %StartMenu% : C:\Users\e((zrt\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 169 Go of 226 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 17 Go of 227 Go)
E:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Security Center Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 10:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 05:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9E7687984107C81B859200C9BD570AFF] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/03/2013 - 09:56:00.) -- C:\Windows\System32\wininet.dll [1188864]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 17:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 17:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 07:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 05:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 03:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 13:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 13:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 14:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 03:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 04:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 06:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 13:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.31/08/2012 - 22:19:35.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 04:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 14:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 04:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 13:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 17:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 19s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/13
~ Mes Favoris (My Favorites) : 1/21
~ Mes Documents (My Documents) : 1/62
~ Mon Bureau (My Desktop) : 1/43
~ Menu demarrer (Programs) : 1/39
~ Hidden Files: Scanned in 00mn 06s
---\\ Processus lancés
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408] [PID.2924]
[MD5.775DC2AE72F972935703ADA4FFDF3749] - (.Orange - MailNotifier.) -- C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe [888480] [PID.2348]
[MD5.B54921381A950C8215FB363B485C432B] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [270336] [PID.992]
[MD5.FBAF93425D4B5A6C48ABB5B7F81088CD] - (.F-Secure Corporation - F-Secure Settings and Statistics.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSM32.exe [201128] [PID.3128]
[MD5.C637FC4638A96165256B28D38DE7B953] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.3156]
[MD5.F16EEA6CCA9D8A7D1193AE80E43FBBC7] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [168960] [PID.3704]
[MD5.339DFA98DDDA7DDF735CE21C82E6F1DD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [824232] [PID.3976]
[MD5.2DE2B92C4EFEF841CEAA9752FC8FA91F] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [924632] [PID.3320]
[MD5.D414B8313C8BFC99C438E178B35D821C] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [16856] [PID.4804]
[MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe [1822424] [PID.3436]
[MD5.AAE42F24B1510ADF8E7DE92085B8E67F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [6971904] [PID.4596]
[MD5.6D9FC1E7EA3C548F4D3455F0C3FEEF8C] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 7.0 (component).) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312] [PID.1428]
[MD5.2346842F07E2AB64D1DC83A67FCCDFA1] - (.F-Secure Corporation - F-Secure Anti-Virus Scanning Service.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe [221608] [PID.1856]
[MD5.8A556A81E9FF95BD9EB7207783E8FCF4] - (.F-Secure Corporation - F-Secure Management Agent.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSMA32.exe [188840] [PID.1900]
[MD5.94168C3B6DF5B0241C0D1AF62C0A239D] - (.F-Secure Corporation - F-Secure Gatekeeper Handler 32-bit.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\FSGK32.exe [621504] [PID.1944]
[MD5.816FD5A6F3C2F3D600900096632FC60E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496] [PID.1992]
[MD5.86E8C2EA0BAA47BE919072251DE6489F] - (.F-Secure Corporation - F-Secure DLL Hosting Plugin.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSHDLL32.exe [90536] [PID.2028]
[MD5.70DDE3A86DBEB1D6C3C30AD687B1877A] - (.Acer - Acer Update Service.) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160] [PID.2128]
[MD5.42AEF6A385354ACA65FC210CE7CE4D7C] - (.F-Secure Corporation - F-Secure ORSP Service.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe [61088] [PID.3488]
[MD5.3FA17D48E90BDF99A91713CD763CBBAA] - (.F-Secure Corporation - F-Secure Scanner Manager 32-bit.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fssm32.exe [1035200] [PID.3548]
[MD5.8A9FACCB684500829F7D0BCC67B386CC] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [559104] [PID.916]
[MD5.3970F0746068ADF25C4FB7E1642C7FD0] - (.F-Secure Corporation - FSAV Handler.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsav32.exe [494648] [PID.4144]
[MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.4440]
[MD5.A3A25E0509F67473B960DAF214828BE3] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1259296] [PID.2440]
~ Processes Running: Scanned in 00mn 32s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\e((zrt\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
G0 - GCSP: Preference [User Data\Default] http://www.google.com
G1 - GCS: Preference [User Data\Default] None
~ Google Browser: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\e((zrt\AppData\Roaming\Mozilla\Firefox\Profiles\1sb6cl69.default\prefs.js
~ Firefox Browser: 12 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://r.orange.fr
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com
R3 - URLSearchHook: (no name) [64Bits] - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (. Microsoft Corporation - 5.1.20125.0.) (No version) -- (.not file.)
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1
~ IE Browser: 16 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications démarrées par registre par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MailNotifier] . (.Orange - MailNotifier.) -- C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - HKCU\..\RunOnce: [Report] . (...) -- \AdwCleaner[S1].txt
O4 - HKLM\..\Wow6432Node\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
O4 - HKLM\..\Wow6432Node\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Wow6432Node\Run: [F-Secure Manager] . (.F-Secure Corporation - F-Secure Settings and Statistics.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSM32.exe
O4 - HKLM\..\Wow6432Node\Run: [F-Secure TNB] . (.F-Secure Corporation - TNBUtil.) -- C:\Program Files (x86)\Orange\Antivirus Firewall\FSGUI\TNBUtil.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3402707560-2354951294-1778958202-1004\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-3402707560-2354951294-1778958202-1004\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-21-3402707560-2354951294-1778958202-1004\..\RunOnce: [ScrSav] . (.Pas de propriétaire - run_NB Application.) -- C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar: Welcome Center.lnk . (.Acer Incorporated - Welcome Center.) -- C:\Program Files (x86)\Packard Bell\Welcome Center\OEMWelcomeCenter.exe
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Programs: Jouer (EasyBits GO).lnk . (.EasyBits Software AS - Game Organizer.) -- C:\ProgramData\Easybits GO\EasyBitsGO.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SendTo: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe
O4 - GS\Desktop: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
O4 - GS\Desktop: Jouer (EasyBits GO).lnk . (.EasyBits Software AS - Game Organizer.) -- C:\ProgramData\Easybits GO\EasyBitsGO.exe
O4 - GS\Desktop: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.) -- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
O4 - GS\Desktop: Soulseek.lnk . (...) -- C:\Program Files (x86)\SoulseekNS\slsk.exe
O4 - GS\Desktop: Code de la Route Pratic.lnk . (.Micro Application - Code de la Route.) -- C:\Program Files (x86)\Micro Application\Code de la Route Pratic\CDR.exe
~ Global Startup: Scanned in 00mn 03s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7C91FF9-AA9E-49A1-8591-06217EE8703C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D7C91FF9-AA9E-49A1-8591-06217EE8703C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D7C91FF9-AA9E-49A1-8591-06217EE8703C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{21D3CCD5-A779-4890-9E7E-4B5FA7D6636D}] (...) -- E:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{883E8C44-759B-4503-885F-C4D0A86AB278}] (...) -- C:\Users\e((zrt\Desktop\start.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FAC1CF4A-5A5D-4420-8D58-AEF71016C59D}] (...) -- E:\Livebox.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{FF5BDFB9-08F1-441B-AADE-59C4D1FA59AF}] (...) -- C:\Users\e((zrt\AppData\Roaming\FissaSearch\FissaUninstaller.exe (.not file.) [0]
~ Scheduled Task: 12 Legitimates Filtered in 00mn 33s
---\\ Logiciels installés (O42)
O42 - Logiciel: SoulSeek 157 NS 13e - (...) [HKLM][64Bits] -- Soulseek2
~ Logic: 122 Legitimates Filtered in 00mn 01s
---\\ HKCU HKLM Software Keys
[HKCU\Software\AppDataLow\Software\Softonic_France_FF]
[HKCU\Software\SoftEther Corporation]
[HKCU\Software\SoulSeek]
[HKCU\Software\Soulseek2]
[HKLM\Software\Wow6432Node\SoftEther Corporation]
~ Key Software: 224 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 06/02/2011 - 00:57:34 - [8,682] ----D C:\Program Files (x86)\PacketiX VPN Client English
O43 - CFD: 09/09/2010 - 11:31:38 - [3,591] ----D C:\Program Files (x86)\SoulseekNS
O43 - CFD: 23/05/2011 - 12:57:18 - [61,534] ----D C:\Program Files (x86)\Sweex
O43 - CFD: 09/09/2010 - 11:32:37 - [0] ----D C:\ProgramData\Soulseek
O43 - CFD: 09/09/2010 - 11:31:38 - [0] ----D C:\Users\e((zrt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soulseek NS
~ 268 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 488 Legitimates Filtered in 01mn 11s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.CC4A2FEB5F31F8C57BDA2A8E2C2043BE] - 24/04/2013 - 15:46:47 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [18736]
O44 - LFC:[MD5.CC4A2FEB5F31F8C57BDA2A8E2C2043BE] - 24/04/2013 - 15:46:47 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [18736]
O44 - LFC:[MD5.CC4A2FEB5F31F8C57BDA2A8E2C2043BE] - 24/04/2013 - 15:46:47 RSHAD . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [18736]
O44 - LFC:[MD5.CC4A2FEB5F31F8C57BDA2A8E2C2043BE] - 24/04/2013 - 15:46:47 RSHAD . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [18736]
O44 - LFC:[MD5.0B9AF8477C6E5E0E6054429161883F42] - 24/04/2013 - 13:59:44 --HA- . (...) -- C:\~$wCleaner[R1].txt [162]
~ Files: 60 Legitimates Filtered in 00mn 25s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "DisableStatusMessages"=0
~ MWPS: 22 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 05:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088]
O58 - SDL:[MD5.CA0318D3FA86C173533685C2171C55AB] - 22/12/2006 - 21:05:52 R--A- . (.Atheros Communications, Inc. - Atheros Extensible Wireless LAN device driver.) -- C:\Windows\SysWOW64\drivers\athrxusb.sys [559104]
~ Drivers: Scanned in 00mn 03s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: RSIT - (.random/random.)
~ ADS: Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {67A2568C-7A0A-4EED-AECC-B5405DE63B64} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {7EC750B2-BD44-45E0-93D1-AF1E316B9BDF} - (Ask Search) - http://websearch.ask.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.76AF267617234BC09E298967330EC8A5] [SPRF][19/05/2011] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][24/08/2009] (...) -- C:\ProgramData\FullRemove.exe [131368]
[MD5.C6AA274F69EBDD86F75B7E3E4FA58AF4] [SPRF][31/01/2013] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\e((zrt\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe [915376]
[MD5.5CC163324A11091C975B686EF4C52C73] [SPRF][16/02/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\e((zrt\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe [897448]
[MD5.A620A735458E04AE0CF471319B6D6E7D] [SPRF][02/03/2013] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\e((zrt\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe [897448]
[MD5.33F63221D444F5E651580D409B7DCD73] [SPRF][20/05/2011] (...) -- C:\Users\e((zrt\AppData\Roaming\wklnhst.dat [548]
~ Files: Scanned in 00mn 01s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{E3864060-811A-4752-B6BB-C82E95A1CD09}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (.not file.)
O87 - FAEL: "{7FE9333A-5863-448B-91BD-CFEB49DE3F10}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (.not file.)
O87 - FAEL: "{F64E5D4C-EBA5-45CD-81FB-E5673D471810}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (.not file.)
O87 - FAEL: "{56D1A1E6-EB0F-4E99-89CB-C3A1E4BC6A08}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (.not file.)
O87 - FAEL: "{D6750A1B-0013-4D88-A9B2-FD83D4BC665A}" |In - Private - P6 - TRUE | .(...) -- C:\Users\e((zrt\AppData\Local\Temp\7zS706E.tmp\SymNRT.exe (.not file.)
O87 - FAEL: "{10A7EEC7-CF1D-4413-8920-F26EEA7113F5}" |In - Private - P17 - TRUE | .(...) -- C:\Users\e((zrt\AppData\Local\Temp\7zS706E.tmp\SymNRT.exe (.not file.)
O87 - FAEL: "TCP Query User{FCF7347C-E790-46EA-8C17-968150394222}C:\program files (x86)\soulseekns\slsk.exe" | In - Private - P6 - TRUE | .(.Pas de propriétaire - SoulSeek.) -- C:\program files (x86)\soulseekns\slsk.exe
O87 - FAEL: "UDP Query User{DE7490FE-1492-4AFA-908B-7A54D613586A}C:\program files (x86)\soulseekns\slsk.exe" | In - Private - P17 - TRUE | .(.Pas de propriétaire - SoulSeek.) -- C:\program files (x86)\soulseekns\slsk.exe
O87 - FAEL: "TCP Query User{DF065D6E-7B9A-49B8-9079-F6520B9B29A1}C:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\avp.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\avp.exe (.not file.)
O87 - FAEL: "UDP Query User{3DBBFF0A-FAB7-4563-B622-C95C19975F8E}C:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\avp.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\kaspersky lab\kaspersky anti-virus 2010\avp.exe (.not file.)
O87 - FAEL: "{811AB0C6-0B2A-41FB-9F9F-B42398647980}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpnclient.exe (.not file.)
O87 - FAEL: "{28334112-A2BE-4FB0-AC3A-D4B4DCFDD2AE}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpnclient.exe (.not file.)
O87 - FAEL: "{4F5C787C-1899-440C-BC8C-36EB45A4388B}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpncmgr.exe (.not file.)
O87 - FAEL: "{87CF2B5B-A7B3-4282-8E5B-2F2E980B8720}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpncmgr.exe (.not file.)
O87 - FAEL: "{32337F36-A823-4049-B1D9-24C32268903F}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpncmd.exe (.not file.)
O87 - FAEL: "{34AB308B-5CE4-4E60-81CB-771B42244564}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpncmd.exe (.not file.)
O87 - FAEL: "{AFFF7B2D-F3E4-4137-B760-8BF9CCE21182}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpncmgr.exe (.not file.)
O87 - FAEL: "{FDB72607-69B9-47C2-A8DD-1E60695242BF}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpncmd.exe (.not file.)
O87 - FAEL: "{8510CE15-98C1-4C69-BBA1-20026424053F}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpnclient.exe (.not file.)
O87 - FAEL: "{1ABBD44D-3B97-44BF-9370-8328EB8F4AE7}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpncmgr.exe (.not file.)
O87 - FAEL: "{73DCEB47-72E1-4255-BAA3-358EAEAF2326}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpncmd.exe (.not file.)
O87 - FAEL: "{D4A1C09D-4B43-47B3-8425-39F92678F8B3}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\PacketiX VPN Client English\vpnclient.exe (.not file.)
O87 - FAEL: "TCP Query User{DBEF8040-5BDD-44DA-B35E-C152EB006926}C:\program files (x86)\soulseekns\slsk.exe" | In - Public - P6 - TRUE | .(.Pas de propriétaire - SoulSeek.) -- C:\program files (x86)\soulseekns\slsk.exe
O87 - FAEL: "UDP Query User{52D2D1A6-12DE-4537-AB2C-886F210B497F}C:\program files (x86)\soulseekns\slsk.exe" | In - Public - P17 - TRUE | .(.Pas de propriétaire - SoulSeek.) -- C:\program files (x86)\soulseekns\slsk.exe
~ Firewall: 232 Legitimates Filtered in 00mn 03s
---\\ Scan Additionnel (O88)
Database Version : v2.11668 - (23/04/2013)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =Toolbar.Skype
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =Toolbar.Skype
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =Toolbar.Skype
[HKCU\Software\AppDataLow\Software\Softonic_France_FF] =Toolbar.Conduit
C:\Users\e((zrt\AppData\LocalLow\Softonic_France_FF =Toolbar.Conduit
~ Additionnel Scan: 250218 Items scanned in 00mn 38s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 08/12/2008 169312 | (AdobeActiveFileMonitor7.0) . (.Adobe Systems Incorporated.) - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
SS - | Demand 17/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 18/11/2009 221608 | (F-Secure Gatekeeper Handler Starter) . (.F-Secure Corporation.) - C:\Program Files (x86)\Orange\Antivirus Firewall\Anti-Virus\fsgk32st.exe
SS - | Demand 12/03/2010 651720 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Demand 18/11/2009 846248 | (FSDFWD) . (.F-Secure Corporation.) - C:\Program Files (x86)\Orange\Antivirus Firewall\FWES\Program\fsdfwd.exe
SR - | Auto 18/11/2009 188840 | (FSMA) . (.F-Secure Corporation.) - C:\Program Files (x86)\Orange\Antivirus Firewall\Common\FSMA32.exe
SR - | Demand 25/10/2011 61088 | (FSORSPClient) . (.F-Secure Corporation.) - C:\Program Files (x86)\Orange\Antivirus Firewall\ORSP Client\fsorsp.exe
SR - | Auto 28/08/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
SS - | Auto 08/09/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 08/09/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/09/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SR - | Demand 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SS - | Demand 25/08/2009 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 31/01/2013 878368 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 19/02/2013 1259296 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Demand 44312 | (OberonGameConsoleService) . (...) - C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
SS - | Auto 18/09/2012 1082016 | (Orange update Core Service) . (.France Telecom SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 04/07/2009 240160 | (Updater Service) . (.Acer.) - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s
~ 1507 Legitimates filtered by white list
End of the scan (461 lines in 10mn 13s)(0)