Rapport de ZHPDiag v2013.4.9.51 par Nicolas Coolman, Update du 09/04/2013 Run by Bureau at 09/04/2013 18:38:32 State : High Elevated Privileges : OK UAC : Not Found ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 (Defaut) MFIE: Mozilla Firefox 15.0.1 v15.0.1 GCIE: Google Chrome v26.0.1410.43 ---\\ Windows Product Information ~ Langage: Français Windows XP Professional Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ Protection Antivirus : avast! Free Antivirus v7.0.1466.0 ---\\ System Information ~ Processor: x86 Family 16 Model 2 Stepping 3, AuthenticAMD ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3071 MB (61% free) System Restore: Activé (Enable) System drive C: has 92 GB (61%) free of 149 GB ---\\ Logged in mode ~ Computer Name: PROPRIET-2BB9ED ~ User Name: Bureau ~ All Users Names: UpdatusUser, SUPPORT_388945a0, HelpAssistant, Bureau, ASPNET, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\Bureau\Application Data\ ~ %Desktop% : C:\Documents and Settings\Bureau\Bureau\ ~ %Favorites% : C:\Documents and Settings\Bureau\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\Bureau\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\Bureau\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ DOS/Devices A:\ Floppy drive, Flash card reader, USB Key (Not Inserted) C:\ Hard drive, Flash drive, Thumb drive (Free 92 Go of 149 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 61 Go of 149 Go) F:\ CD-ROM drive (Not Inserted) G:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.13/04/2008 - 18:34:04.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.FCDD66EE148885E900285ADE8417E40B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.05/02/2013 - 20:56:42.) -- C:\WINDOWS\system32\wininet.dll [916480] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.13/04/2008 - 18:34:30.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 11:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 10:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.13/04/2008 - 17:57:40.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 08:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.13/04/2008 - 18:00:54.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 10:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 10:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:35.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457856] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 11:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 11:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/04/2008 - 18:09:42.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 11:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 10:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 17:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.13/04/2008 - 17:56:06.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/6655 ~ Mes musiques (My Musics) : 8/548 ~ Mes Videos (My Videos) : 1/20 ~ Mes Favoris (My Favorites) : 0/74 ~ Mes Documents (My Documents) : 2/10161 ~ Mon Bureau (My Desktop) : 0/129 ~ Menu demarrer (Programs) : 1/104 ~ Hidden Files: Scanned in 00mn 11s ---\\ Processus lancés [MD5.A9FF9831AB2BFFB1CCF849BDA19D06FD] - (.IObit - Advanced SystemCare Service.) -- C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [528192] [PID.1864] [MD5.04AC21E821F259845BD7367CEE057290] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808] [PID.1380] [MD5.927754ABF077AEB5504BE4E0F2C60C1B] - (.Logitech Inc. - Logitech User mode UMVPF service.) -- C:\Program Files\Fichiers communs\logishrd\LVMVFM\UMVPFSrv.exe [450848] [PID.1816] [MD5.CD64CE62BE47DF0E9A459FD9002221FE] - (...) -- C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe [77824] [PID.1196] [MD5.7A834424537E13AA5F2D964C9D9FA991] - (.Emsi Software GmbH - Emsisoft Anti-Malware Service.) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe [1935656] [PID.456] [MD5.2C41AE09BB51EA074069135F183DAA9C] - (.Acronis - Acronis Scheduler 2.) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe [660576] [PID.1084] [MD5.829E254AE20147EC9D3C54A5991D298E] - (...) -- C:\WINDOWS\system32\afasrv32.exe [65536] [PID.1420] [MD5.1CC3E547FE3DEC8272780F24F3059519] - (...) -- C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [1518504] [PID.1500] [MD5.8549D4B927C6AE13A118296F2251CC51] - (.APN LLC. - APN Updater.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [169096] [PID.2156] [MD5.8FFCFE3351F51E19B856A2347E19B850] - (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336] [PID.2724] [MD5.12CDB5DC7774298223099D6E41ED5CE7] - (.SEIKO EPSON CORPORATION - EPSON Printer Status Agent.) -- C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe [94208] [PID.2812] [MD5.BAD0D303EF0A519409C625738F3E10A3] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe [4282728] [PID.2864] [MD5.E774F875819DEE4A312A921A88F779FE] - (.Microsoft Corporation - IPoint.exe.) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1821576] [PID.3180] [MD5.CFE4BD7C25A750D71A5BD2390953BEB6] - (.Microsoft Corporation - IType.exe.) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe [1313640] [PID.3188] [MD5.999DB5F88C8E145CCA9D471E33227143] - (.Oracle Corporation - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [170912] [PID.2432] [MD5.258CACA1DAADE43978E2ECC9BDC94E1C] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [73728] [PID.2908] [MD5.1B959A0614D575D0AB3B09095F0A8B83] - (.Microsoft Corporation - SQL Server Windows NT.) -- C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe [9158656] [PID.3088] [MD5.E6FF299C72B5E8A4303A41662D6CF2D7] - (...) -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe [265240] [PID.3736] [MD5.934BB0D23A25C8C136570800A5A149B6] - (.Nero AG - NeroUpdate.) -- C:\Program Files\Nero\Update\NASvc.exe [687400] [PID.948] [MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [252848] [PID.2284] [MD5.87E3D12D74A86D75659FA808E4886D53] - (.Alcor Micro, Corp. - Drive Monitor.) -- C:\WINDOWS\system32\DrvMon.exe [53248] [PID.3696] [MD5.B90E093E7A7250906F1054418B5339C0] - (.Nero AG - Nero BackItUp.) -- C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe [935208] [PID.3944] [MD5.902054D6B4292329F9594FFF24EE02DB] - (...) -- C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe [680984] [PID.4076] [MD5.6B665BDA473E2888A036D0BA5663B5A5] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 306.2.) -- C:\WINDOWS\system32\nvsvc32.exe [164200] [PID.2408] [MD5.DA345DE3B450E9E1691E7B9956D8FFC3] - (...) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112] [PID.3220] [MD5.85A5DB9C8DEFDDE941EC121ADB5B3175] - (.DT Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe [2744960] [PID.1488] [MD5.478D9A1E760F9089DE19925616689F0D] - (.Pinnacle Systems - Media Server Host.) -- C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe [49152] [PID.3556] [MD5.A6A7AD767BF5141665F5C675F671B3E1] - (.Protexis Inc. - PsiService PsiService.) -- C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe [185632] [PID.3112] [MD5.800E8F1DC5F6A200B6DFCA2B3C21365E] - (...) -- C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe [493200] [PID.3828] [MD5.BF2F2717C13A4BD4FD73F2788534E86B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [917400] [PID.1252] [MD5.AA6844A5127ED4B20DF6D313467B929D] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.2488] [MD5.B93499B1D1058C86C1A60C026C334971] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6581760] [PID.3668] [MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2776] ~ Processes Running: Scanned in 00mn 02s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences G0 - GCSP: Preference [User Data\Default] http://www.delta-search.com =>Toolbar.DeltaSearch ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\prefs.js C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\user.js M3 - MFPP: Plugins - [Bureau] -- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\searchplugins\delta.xml M3 - MFPP: Plugins - [Bureau] -- C:\Program Files\Mozilla FireFox\searchplugins\babylon.xml =>Toolbar.Babylon M0 - MFSP: prefs.js [Bureau - ag7l5sqo.default-1360951228890] http://www.delta-search.com =>Toolbar.DeltaSearch M2 - MFEP: prefs.js [Bureau - ag7l5sqo.default-1360951228890\217e8200-a3b3-43df-b951-8ec01d483d7f@b98c6809-1f3f-41a1-bb1c-692cf84781e9.com] [] Services x86 v (.Corporate Inc.) M2 - MFEP: prefs.js [Bureau - ag7l5sqo.default-1360951228890\addon@freecorder.com] [] Freecorder v7.0.0.13 (.freecorder.com.) M2 - MFEP: prefs.js [Bureau - ag7l5sqo.default-1360951228890\ascsurfingprotection@iobit.com] [] Advanced SystemCare Surfing Protection v1.0 (.IObit.) M2 - MFEP: prefs.js [Bureau - ag7l5sqo.default-1360951228890\ffxtlbr@delta.com] [] Delta Toolbar v1.5.0 (.delta-search.com.) =>Toolbar.DeltaSearch P2 - FPN:Firefox Plugin Navigator . (.BitComet - BitCometAgent v1.27 for Firefox.) -- C:\Program Files\Mozilla Firefox\Plugins\npBitCometAgent.dll P2 - FPN:Firefox Plugin Navigator . (.Zylom - Zylom Plugin.) -- C:\Program Files\Mozilla Firefox\Plugins\npzylomgamesplayer.dll P2 - FPN: [HKLM] [@zylom.com/ZylomGamesPlayer] - (.Zylom - Zylom Plugin.) -- C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll ~ Firefox Browser: 43 Legitimates Scanned in 00mn 01s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-search.com =>Toolbar.DeltaSearch R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://www.delta-search.com =>Toolbar.DeltaSearch R3 - URLSearchHook: SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.6.) (No version) -- (.not file.) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.6.) (No version) -- (.not file.) R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 0 R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2 ~ IE Browser: 10 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 4 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: CrossriderApp0027096 - {11111111-1111-1111-1111-110211701196} . (.Corporate Inc - Services x86 BHO.) -- C:\Program Files\Services x86\Services x86.dll =>PUP.CrossRider O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} . (...) -- C:\Documents and Settings\Bureau\Local Settings\Application Data\CT1060933\ldrtbFree.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} . (.BitComet - BitCometBHO.) -- C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll O2 - BHO: Ask Toolbar BHO - {57334934-2D47-006A-76A7-7A786E7484D7} . (...) -- "C:\Program Files\AskPartnerNetwork\Toolbar\W3I4-G\Passport.dll" (.not file.) =>Toolbar.Ask O2 - BHO: Freecorder extension - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} . (.Applian Technologies Inc. - ScriptHost.) -- C:\Program Files\Freecorder extension\ScriptHost.dll O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.10.0\bh\delta.dll =>Toolbar.DeltaSearch ~ BHO: 16 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: WOT - [HKLM]{71576546-354D-41c9-AAE8-31F2EC22BF0D} . (...) -- C:\Program Files\WOT\WOT.dll O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Freecorder Toolbar - [HKLM]{1392b8d2-5c05-419f-a8f6-b9f15a596612} . (...) -- C:\Documents and Settings\Bureau\Local Settings\Application Data\CT1060933\ldrtbFree.dll O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Ask Toolbar - [HKLM]{57334934-2D47-006A-76A7-7A786E7484D7} . (.APN LLC. - Passport.) -- C:\Program Files\AskPartnerNetwork\Toolbar\W3I4-G\Passport.dll =>Toolbar.Ask O3 - Toolbar: Delta Toolbar - [HKLM]{82E1477C-B154-48D3-9891-33D83C26BCD3} . (.Delta-search.com - Pas de description.) -- C:\Program Files\Delta\delta\1.8.10.0\deltaTlbr.dll =>Toolbar.DeltaSearch ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [LWS] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Run: [nwiz] . (...) -- C:\Program Files\NVIDIA Corporation\nview\nwiz.exe O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- c:\Program Files\Microsoft IntelliPoint\ipoint.exe O4 - HKLM\..\Run: [itype] . (.Microsoft Corporation - IType.exe.) -- c:\Program Files\Microsoft IntelliType Pro\itype.exe O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe O4 - HKCU\..\Run: [DrvMon.exe] . (.Alcor Micro, Corp. - Drive Monitor.) -- C:\WINDOWS\system32\DrvMon.exe O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-725345543-1844823847-839522115-1003\..\Run: [DrvMon.exe] . (.Alcor Micro, Corp. - Drive Monitor.) -- C:\WINDOWS\system32\DrvMon.exe O4 - HKUS\S-1-5-21-725345543-1844823847-839522115-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Acrobat.com.lnk . (...) -- C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe O4 - GS\Programs: Adobe Photoshop Album 2.0.lnk . (.Adobe Systems Incorporated - Adobe Photoshop Album 2.0.) -- C:\Photo\Photoshop\Apps\PhotoshopAlbum.exe O4 - GS\Programs: Adobe Reader X.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AA1000000001}\SC_Reader.ico O4 - GS\Programs: Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe O4 - GS\Programs: CometBird.lnk . (.CometNetwork - CometBird.) -- C:\Program Files\CometBird\cometbird.exe O4 - GS\Programs: MioTransfer.lnk . (...) -- D:\MIO\MioTransfer.exe O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Programs: MSN.lnk . (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\msn.exe O4 - GS\Programs: Objectif Tarot.lnk . (...) -- C:\Program Files\Objectif Tarot\Objectif Tarot.exe O4 - GS\Programs: OfferBox.lnk . (.Aedge Performance BCN SL - OfferBox.) -- C:\Program Files\OfferBox\OfferBox.exe =>PUP.OfferBox O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe O4 - GS\Programs: Windows Search.lnk . (.Microsoft Corporation - Windows Search System Tray.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - GS\Programs: WordBiz.lnk . (...) -- C:\Program Files\WordBiz\WordBiz.exe O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Programs: Jouer (EasyBits GO).lnk . (.EasyBits Software AS - Game Organizer.) -- C:\Documents and Settings\All Users\Application Data\Easybits GO\EasyBitsGO.exe O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe O4 - GS\Programs: Secunia PSI.lnk . (.Secunia - Secunia PSI.) -- C:\Program Files\Secunia\PSI\psi.exe O4 - GS\Programs: Webplayer.lnk . (...) -- C:\Documents and Settings\Bureau\Application Data\Microsoft\Installer\{9937E55B-6331-4804-93EF-77E992F204BD}\_3F7CDAE07E1639C4AEA7A8.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\Programs: Lecteur Windows Media.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe ~ Global Startup: Scanned in 00mn 01s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} . (.BitComet - BitCometBHO.) -- C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) ~ Winsock: 3 Legitimates Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} ((no name)) - http://www.myheritage.fr/Genoogle/Components/ActiveX/SearchEngineQuery.dll O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_4_6_0_1.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{62CD5898-7AFC-4D39-832A-08641674003F}: NameServer = 178.33.41.181,46.4.70.20 O17 - HKLM\System\CCS\Services\Tcpip\..\{7DDE2034-E523-4032-B1C8-48D178D3B6DA}: NameServer = 178.33.41.181,46.4.70.20 O17 - HKLM\System\CCS\Services\Tcpip\..\{922284C2-001D-4F25-9F01-FA07EAC406AF}: NameServer = 178.33.41.181,46.4.70.20 O17 - HKLM\System\CCS\Services\Tcpip\..\{7DDE2034-E523-4032-B1C8-48D178D3B6DA}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} . (...) -- C:\Program Files\WOT\WOT.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notifications Windows Genuine Advantage.) -- C:\WINDOWS\system32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (...) - C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll =>Toolbar.Babylon ~ AppInit DLL: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) ~ SSODL: 5 Legitimates Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) . (.Emsi Software GmbH - Emsisoft Anti-Malware Service.) - C:\Program Files\Emsisoft Anti-Malware\a2service.exe O23 - Service: Afa Card Reader Service (AfaService) . (...) - C:\WINDOWS\system32\afasrv32.exe O23 - Service: Ashampoo HDD Control 2 Service (AHDDC2) . (...) - C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe O23 - Service: Service de mise à jour Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe O23 - Service: BOCore (BOCore) . (...) - C:\Utilitaires\BOClean\BOCORE.exe (.not file.) O23 - Service: BrowserProtect (BrowserProtect) . (...) - C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) . (.SEIKO EPSON CORPORATION - EPSON Printer Status Agent.) - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: OfferBox update service (OfferBox update service) . (.Aedge Performance BCN SL - OfferBox.) - C:\Program Files\OfferBox\OfferBoxUpdateService.exe =>PUP.OfferBox O23 - Service: Sony Ericsson OMSI download service (OMSI download service) . (...) - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: PC Speed Up Service (PCSUService) . (...) - C:\Program Files\Accelerer PC\PCSUService.exe O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) . (.Pinnacle Systems - Media Server Host.) - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) . (.Protexis Inc. - PsiService PsiService.) - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) . (...) - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: USBDLM (USBDLM) . (...) - C:\Program Files\USBDLM\USBDLM.exe (.not file.) ~ Services: 25 Legitimates Scanned in 00mn 15s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Bureau\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Bureau\Local Settings\Application Data\Microsoft\Wallpaper1.bmp ~ Desktop Component: 1 Legitimates Scanned in 00mn 00s ---\\ BootExecute (O34) ~ BEX: 1 Legitimates Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\ASC6_PerformanceMonitor.job [270] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\BrowserProtect.job [292] =>Toolbar.Babylon O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job [302] ~ Scheduled Task: 16 Legitimates Scanned in 00mn 00s ---\\ Composants installés (ActiveSetup Installed Components) (O40) ~ Active Setup: 24 Legitimates Scanned in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (a2injectiondriver) . (.Emsi Software GmbH - Emsisoft Anti-Malware Behavior Blocker.) - C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys O41 - Driver: (a2util) . (.Emsi Software GmbH - a-squared Malware-IDS utility driver.) - C:\Program Files\Emsisoft Anti-Malware\a2util32.sys O41 - Driver: (AvgArCln) . (.GRISOFT, s.r.o. - AVG7 Clean Driver.) - C:\WINDOWS\system32\DRIVERS\AvgArCln.sys O41 - Driver: (ElRawDisk) . (.EldoS Corporation - RawDisk Driver. Allows write access to raw.) - C:\WINDOWS\system32\drivers\elrawdsk32bit.sys O41 - Driver: (PCLEPCI) . (.Pinnacle Systems GmbH - PCLEPCI.) - C:\WINDOWS\system32\drivers\pclepci.sys O41 - Driver: (rvsmon) . (.CJSC Returnil Software - Returnil Monitoring Core.) - C:\WINDOWS\system32\DRIVERS\rvsmon.sys O41 - Driver: (rvsmonn) . (.CJSC Returnil Software - Returnil Network Monitoring.) - C:\WINDOWS\system32\DRIVERS\rvsmonn1.sys O41 - Driver: (SAVRKBootTasks) . (.Sophos Plc - Sophos boot tasks for Windows 2000.) - C:\WINDOWS\system32\SAVRKBootTasks.sys ~ Drivers: 32 Legitimates Scanned in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: AVG Anti-Rootkit Free - (.GRISOFT.) [HKLM] -- AVGantiRootkit O42 - Logiciel: Ad-aware 6 Professional - (.Lavasoft Sweden.) [HKLM] -- Ad-aware 6 Professional O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Adobe Reader X (10.1.6) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA1000000001} O42 - Logiciel: Alt CDA to MP3 Converter 7.3 - (.Nesoft Inc..) [HKLM] -- Alt CDA to MP3 Converter 7.3_is1 O42 - Logiciel: Ask Toolbar - (.Ask Partner Network.) [HKLM] -- {57334934-2D47-006A-76A7-A758B70B0801} =>Toolbar.Ask O42 - Logiciel: BitComet 1.29 - (.CometNetwork.) [HKLM] -- BitComet O42 - Logiciel: Boxore Client - (.Boxore OU.) [HKLM] -- {497BCFDD-F589-448D-A1C3-78D1B1809CCC} =>Adware.Boxore O42 - Logiciel: BrowserProtect - (.Bit89 Inc.) [HKLM] -- {15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} =>Toolbar.Babylon O42 - Logiciel: Business Card Printery 3 - (...) [HKLM] -- Business Card Printery 3 O42 - Logiciel: CA eTrust PestPatrol - (.Nom de votre société.) [HKLM] -- {39586F4F-758D-4A92-A5DF-33E9DB9C09D9} O42 - Logiciel: Carom3D - (...) [HKLM] -- Carom3D O42 - Logiciel: CertifiedToolbar 2.1 - (.CertifiedToolbar.) [HKLM] -- {b0439fd3-8f96-400d-9515-eb8122ee1f21}_is1 O42 - Logiciel: CometBird 6.0.2 (x86 en-US) - (.CometNetwork.) [HKLM] -- CometBird 6.0.2 (x86 en-US) O42 - Logiciel: Convertisseur ASCII - (...) [HKLM] -- ST6UNST #1 O42 - Logiciel: CpuBooster v3.8.2. - (.TforTech Company, Inc..) [HKLM] -- {FCB50360-6136-40C8-BF4A-84B9322C1D42}_is1 O42 - Logiciel: DATABACK DriveUtility 6.2 - (.DATABACK.) [HKLM] -- DATABACK DriveUtility 6.2_is1 O42 - Logiciel: DVD de bonus Studio 10 - (...) [HKLM] -- {6A012D9C-2E2E-405A-B87C-E909F5297C3F} O42 - Logiciel: DVD43 v4.3.1 - (...) [HKLM] -- DVD43_is1 O42 - Logiciel: Delta Chrome Toolbar - (.Visual Tools.) [HKLM] -- Delta Chrome Toolbar O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM] -- delta O42 - Logiciel: Dictionnaire Freelang (liste de mots) - (.Freelang.) [HKLM] -- {14B380D6-8205-4F9D-81D8-515235929F2A}_is1 O42 - Logiciel: Dictionnaire Freelang 3.74 beta - (.Freelang.) [HKLM] -- {F53C4192-71DE-4B21-BE03-D6F8CBB5A238}_is1 O42 - Logiciel: FAST Defrag Freeware 2.3 - (.AMS.) [HKLM] -- FAST Defrag Freeware_is1 O42 - Logiciel: Facemoods - (.Secure Digital Services.) [HKLM] -- {D0198889-7766-424B-AB81-F16F8EDDFEF4} =>Adware.Facemoods O42 - Logiciel: Find My Credit Card v2.3 - (.Smart PC Solutions.) [HKLM] -- Find My Credit Card_is1 O42 - Logiciel: Freecorder Toolbar - (.Freecorder.) [HKCU] -- CT1060933 O42 - Logiciel: GO!Suite - (.Oti.) [HKLM] -- {096FE185-BF9B-4DF1-92E5-B370E9FD4840} O42 - Logiciel: GRWU 1.1.0.8 - (.RuntimeWare.com.) [HKLM] -- GRWU_is1 O42 - Logiciel: IP Privacy 3.5 - (.Privacy-Pro.) [HKLM] -- IP Privacy_is1 O42 - Logiciel: Java 7 Update 17 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217017FF} O42 - Logiciel: Kill Process 5.0.0.5 (désinstaller seulement) - (...) [HKLM] -- Kill Process O42 - Logiciel: Language Pack for Ad-aware 6 - (.Lavasoft Sweden.) [HKLM] -- Language Pack for Ad-aware 6 O42 - Logiciel: MioTransfer - (...) [HKLM] -- {2F6DA398-707F-4D52-AE6A-7E812D1662D6} O42 - Logiciel: Objectif Tarot 4 - (.Daniel Bonniot.) [HKLM] -- {078A8C00-412A-45C2-8A44-49DD736D3318}_is1 O42 - Logiciel: PIXresizer 2.0.0 - (.Bluefive software.) [HKLM] -- PIXresizer_is1 O42 - Logiciel: PcCloneEX - (...) [HKLM] -- PcCloneEX O42 - Logiciel: PenWes [5836] - (...) [HKLM] -- Penwes O42 - Logiciel: Pharaon - (...) [HKLM] -- Pharaon O42 - Logiciel: PopUp Killer - (...) [HKLM] -- Product_Name O42 - Logiciel: Process Liquidator - (.12Bytes.) [HKLM] -- {7F3BF5FA-6BD7-4E26-8FEA-C87DD9F7F723}_is1 O42 - Logiciel: Prolific Backup - (.Prolific Technology Inc..) [HKLM] -- {D88A7919-C81E-4F6A-8B77-D1B2E42EE0CD} O42 - Logiciel: Proxomitron v4.5 - (...) [HKLM] -- Proxomitron v4.5 O42 - Logiciel: Returnil Virtual System 2010 - (.CJSC Returnil Software.) [HKLM] -- {8D154382-D968-4C79-A51D-5BE79C2E0100} O42 - Logiciel: SavRestaure - (...) [HKLM] -- SavRestaure O42 - Logiciel: ScanToWeb - (...) [HKLM] -- {EBAE381B-60A6-4863-AA9F-FCAB755BC9E5} O42 - Logiciel: Sentinel 2.0 - (.Runtimeware.) [HKLM] -- Sentinel_is1 O42 - Logiciel: Services x86 - (.Corporate Inc.) [HKLM] -- Services x86 O42 - Logiciel: Sophos Anti-Rootkit 1.5.0 - (.Sophos Plc.) [HKLM] -- Sophos-AntiRootkit O42 - Logiciel: Spybot - Search & Destroy - (.Safer Networking Limited.) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 O42 - Logiciel: USB Video Camera - (. .) [HKLM] -- {8527C3D5-BA1D-46E9-88D2-AF25544311A3} O42 - Logiciel: USB drive letter manager - (.Uwe Sieber.) [HKLM] -- {C256573D-B3CE-4256-BEA2-217C8B211DD5} O42 - Logiciel: USIM Editor 1.0.28.0 - (...) [HKLM] -- Card Reader Driver and USIM Editor Program_is1 O42 - Logiciel: Ultimate IP Changer version 1.1 - (.Olcinium.) [HKLM] -- {4A4472E1-2A39-432D-9455-82AE293CA601}_is1 O42 - Logiciel: Webplayer - (.Kreapixel.) [HKLM] -- {9937E55B-6331-4804-93EF-77E992F204BD} =>Adware.SocialSkinz O42 - Logiciel: WordBiz version 1.8 - (.Internet Scrabble Club.) [HKLM] -- Internet Scrabble Club_is1 O42 - Logiciel: ZipGenius 6 (6.0.3.1130) - (.M.Dev Software.) [HKLM] -- {EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1 O42 - Logiciel: allsearch - (.allsearch.) [HKLM] -- allsearch O42 - Logiciel: avast! Free Antivirus v7.0.1466.0 - (.AVAST Software.) [HKLM] -- avast ~ Logic: 390 Legitimates Scanned in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\536d9dab23abe47] [HKCU\Software\ACP] [HKCU\Software\AMS] [HKCU\Software\AlcorMicro] [HKCU\Software\AppDataLow\Software\ecouter-la-radio] [HKCU\Software\AskPartnerNetwork] [HKCU\Software\Astase] [HKCU\Software\AvantClick] [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\BitComet] [HKCU\Software\BlueFive] [HKCU\Software\BusinessCards] [HKCU\Software\CertifiedToolbar] [HKCU\Software\ComputerAssociates] [HKCU\Software\Cr_Installer] [HKCU\Software\Crossrider] =>PUP.CrossRider [HKCU\Software\DVC150] [HKCU\Software\DVD43] [HKCU\Software\DVDx] [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\Delta] [HKCU\Software\EMCO Malware Destroyer] [HKCU\Software\Ease123] [HKCU\Software\FilerexUpdateChecker] [HKCU\Software\Freecorder extension] [HKCU\Software\Gr] [HKCU\Software\IEPro] [HKCU\Software\InstalledBrowserExtensions] [HKCU\Software\Kristian Koeltzsch] [HKCU\Software\M.Dev Software] [HKCU\Software\NecroSystems] [HKCU\Software\OfferBox] =>PUP.OfferBox [HKCU\Software\Prolific] [HKCU\Software\RG] [HKCU\Software\Rising] [HKCU\Software\Services x86] [HKCU\Software\Smart PC Solutions] [HKCU\Software\SmartBar] =>Hijacker.SmartBar [HKCU\Software\Thirdi Productions] [HKCU\Software\delta LTD] [HKCU\Software\ecouter-la-radio] [HKLM\Software\536d9dab23abe47] [HKLM\Software\APN] [HKLM\Software\Acorn] [HKLM\Software\AskPartnerNetwork] [HKLM\Software\Astase] [HKLM\Software\Babylon] =>Toolbar.Babylon [HKLM\Software\CometNetwork] [HKLM\Software\ComputerAssociates] [HKLM\Software\DVC150] [HKLM\Software\DataMngr] =>PUP.Datamngr [HKLM\Software\Delta] [HKLM\Software\GO!Suite] [HKLM\Software\IPAnonymizer] [HKLM\Software\IPHider] [HKLM\Software\IPPrivacy] [HKLM\Software\InstallIQ] [HKLM\Software\M.Dev Software] [HKLM\Software\MediaCenterPaths] [HKLM\Software\Mio Technology] [HKLM\Software\Mitac] [HKLM\Software\MovieBox USB] [HKLM\Software\NEOACT] [HKLM\Software\Nevron] [HKLM\Software\Oti] [HKLM\Software\Panicware] [HKLM\Software\Returnil] [HKLM\Software\Rising] [HKLM\Software\SCDWinsysMedia] [HKLM\Software\Terragame] [HKLM\Software\UCRDef] [HKLM\Software\USBDCam] [HKLM\Software\WinMPG] [HKLM\Software\babylontoolbar] =>Toolbar.Babylon [HKLM\Software\iWin] [HKLM\Software\mera] ~ Key Software: 517 Legitimates Scanned in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 29/11/2012 - 14:40:14 - [0,066] ----D C:\Program Files\AlcorMicro O43 - CFD: 29/11/2012 - 14:29:56 - [5,747] ----D C:\Program Files\AlcorMicroData O43 - CFD: 25/07/2010 - 10:42:10 - [15,758] ----D C:\Program Files\Alt CDA to MP3 Converter O43 - CFD: 06/04/2013 - 16:01:01 - [0] ----D C:\Program Files\Ask.com O43 - CFD: 06/04/2013 - 16:00:56 - [3,371] ----D C:\Program Files\AskPartnerNetwork O43 - CFD: 08/10/2010 - 11:51:14 - [25,680] ----D C:\Program Files\BitComet O43 - CFD: 27/05/2012 - 23:54:18 - [46,741] ----D C:\Program Files\CometBird O43 - CFD: 01/05/2011 - 14:49:20 - [0,067] ----D C:\Program Files\Convertisseur ASCII O43 - CFD: 17/03/2012 - 18:30:32 - [6,224] ----D C:\Program Files\CpuBooster O43 - CFD: 05/12/2012 - 17:41:22 - [5,439] ----D C:\Program Files\DATABACK DriveUtility O43 - CFD: 07/04/2013 - 17:09:39 - [2,768] ----D C:\Program Files\Delta O43 - CFD: 13/11/2009 - 11:24:42 - [8,603] ----D C:\Program Files\DesignPro O43 - CFD: 10/12/2012 - 12:57:55 - [0,056] ----D C:\Program Files\DriverPack Solution Lite 12.3 O43 - CFD: 19/06/2011 - 19:26:14 - [1,459] ----D C:\Program Files\dvd43 O43 - CFD: 11/02/2013 - 10:36:28 - [3,618] ----D C:\Program Files\Freecorder extension O43 - CFD: 29/11/2012 - 14:31:52 - [44,023] ----D C:\Program Files\GO!Suite O43 - CFD: 12/01/2009 - 10:42:00 - [0,002] ----D C:\Program Files\IEPro O43 - CFD: 10/03/2012 - 00:47:20 - [4,833] ----D C:\Program Files\IP Privacy O43 - CFD: 12/08/2010 - 18:17:38 - [119,899] ----D C:\Program Files\iWin.com Games O43 - CFD: 27/01/2009 - 19:26:09 - [10,766] ----D C:\Program Files\Mio Technology O43 - CFD: 13/03/2010 - 18:06:40 - [1,703] ----D C:\Program Files\Objectif Tarot O43 - CFD: 06/04/2013 - 16:02:51 - [9,224] ----D C:\Program Files\OfferBox =>PUP.OfferBox O43 - CFD: 10/12/2012 - 12:57:54 - [0,013] ----D C:\Program Files\PC Speed Up Extension O43 - CFD: 29/11/2012 - 14:34:29 - [13,046] ----D C:\Program Files\PcCloneEX O43 - CFD: 09/11/2008 - 17:35:07 - [1,889] ----D C:\Program Files\PIXresizer O43 - CFD: 23/01/2010 - 11:24:09 - [0,004] ----D C:\Program Files\Primedius O43 - CFD: 26/03/2009 - 20:20:13 - [1,531] ----D C:\Program Files\Proxomitron Naoko v4.5 O43 - CFD: 29/01/2010 - 21:41:43 - [10,588] ----D C:\Program Files\Returnil O43 - CFD: 10/10/2010 - 10:36:01 - [3,999] ----D C:\Program Files\Runtimeware.com O43 - CFD: 07/04/2013 - 17:08:47 - [7,675] ----D C:\Program Files\Services x86 O43 - CFD: 23/09/2011 - 16:26:40 - [2,751] ----D C:\Program Files\Sophos O43 - CFD: 09/10/2009 - 22:42:55 - [79,331] ----D C:\Program Files\Spybot - Search & Destroy O43 - CFD: 23/01/2010 - 11:27:17 - [0] ----D C:\Program Files\Stealther O43 - CFD: 12/12/2012 - 10:03:37 - [0,901] ----D C:\Program Files\Ultimate IP Changer O43 - CFD: 05/04/2013 - 18:21:06 - [0,258] ----D C:\Program Files\USBDLM O43 - CFD: 29/11/2012 - 14:33:03 - [23,850] ----D C:\Program Files\USIM Editor O43 - CFD: 28/09/2012 - 15:39:41 - [1,940] ----D C:\Program Files\Vidalia Bundle O43 - CFD: 11/02/2013 - 09:32:07 - [0,494] ----D C:\Program Files\WebPlayer O43 - CFD: 22/12/2008 - 19:30:00 - [2,104] ----D C:\Program Files\WordBiz O43 - CFD: 04/10/2008 - 17:52:21 - [18,222] ----D C:\Program Files\ZipGenius 6 O43 - CFD: 07/04/2013 - 17:09:40 - [1,942] ----D C:\Documents and Settings\Bureau\Application Data\BabSolution =>Hijacker.BabSolution O43 - CFD: 07/04/2013 - 17:09:17 - [0,019] ----D C:\Documents and Settings\Bureau\Application Data\Babylon =>Toolbar.Babylon O43 - CFD: 02/03/2013 - 17:56:39 - [0,475] ----D C:\Documents and Settings\Bureau\Application Data\BitComet O43 - CFD: 31/03/2012 - 17:24:51 - [0] ----D C:\Documents and Settings\Bureau\Application Data\Boost Windows O43 - CFD: 08/10/2010 - 11:53:01 - [11,405] ----D C:\Documents and Settings\Bureau\Application Data\CometNetwork O43 - CFD: 07/04/2013 - 17:10:08 - [0,259] ----D C:\Documents and Settings\Bureau\Application Data\Delta O43 - CFD: 06/04/2013 - 16:11:45 - [0,053] ----D C:\Documents and Settings\Bureau\Application Data\Freecorder 7 Video O43 - CFD: 15/01/2009 - 11:32:37 - [0,000] ----D C:\Documents and Settings\Bureau\Application Data\FreshDiagnose O43 - CFD: 08/11/2008 - 09:52:29 - [0,008] ----D C:\Documents and Settings\Bureau\Application Data\IEPro O43 - CFD: 09/11/2008 - 20:16:18 - [0,004] ----D C:\Documents and Settings\Bureau\Application Data\MiniDm O43 - CFD: 13/03/2010 - 18:06:43 - [0,000] ----D C:\Documents and Settings\Bureau\Application Data\Objectif Tarot O43 - CFD: 06/04/2013 - 16:03:12 - [0,452] ----D C:\Documents and Settings\Bureau\Application Data\OfferBox =>PUP.OfferBox O43 - CFD: 22/09/2012 - 08:33:09 - [0] ----D C:\Documents and Settings\Bureau\Application Data\Password Generator Professional O43 - CFD: 29/01/2010 - 21:42:08 - [0,000] ----D C:\Documents and Settings\Bureau\Application Data\Returnil O43 - CFD: 28/09/2012 - 15:39:41 - [8,262] ----D C:\Documents and Settings\Bureau\Application Data\Tor O43 - CFD: 28/09/2012 - 10:31:33 - [0,067] ----D C:\Documents and Settings\Bureau\Application Data\Vidalia O43 - CFD: 29/06/2012 - 18:19:02 - [0] ----D C:\Documents and Settings\Bureau\Application Data\wtxpcom O43 - CFD: 04/10/2008 - 17:52:36 - [0,102] ----D C:\Documents and Settings\Bureau\Application Data\ZipGenius O43 - CFD: 06/04/2013 - 16:01:12 - [0] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\AskPartnerNetwork O43 - CFD: 08/10/2010 - 11:53:01 - [2,424] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\CometNetwork O43 - CFD: 14/12/2012 - 14:41:29 - [13,057] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\CT1060933 O43 - CFD: 06/04/2013 - 16:12:28 - [0] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\Freecorder 7 Video O43 - CFD: 04/10/2008 - 18:19:17 - [7,977] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\JPEG Cam O43 - CFD: 10/12/2012 - 11:49:33 - [0,038] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\PC Speed Up Extension O43 - CFD: 23/02/2009 - 14:21:46 - [0] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\Room Arranger O43 - CFD: 04/04/2012 - 14:30:05 - [0] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\Software O43 - CFD: 28/09/2012 - 15:39:43 - [0,002] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\tuto4pc_fr_4 =>PUP.Eorezo O43 - CFD: 18/12/2009 - 23:15:02 - [0,018] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\TVEnhance O43 - CFD: 10/02/2013 - 22:41:36 - [0,197] ----D C:\Documents and Settings\Bureau\Local Settings\Application Data\Updater21810 O43 - CFD: 07/04/2013 - 17:09:57 - [0,001] ----D C:\Documents and Settings\Bureau\Menu Démarrer\Programmes\BrowserProtect =>Toolbar.Babylon O43 - CFD: 03/04/2011 - 14:16:31 - [0,001] ----D C:\Documents and Settings\Bureau\Menu Démarrer\Programmes\Carom3D O43 - CFD: 07/04/2013 - 19:00:05 - [0] ----D C:\Documents and Settings\Bureau\Menu Démarrer\Programmes\Hasbro Interactive O43 - CFD: 18/12/2009 - 23:45:44 - [0,002] ----D C:\Documents and Settings\Bureau\Menu Démarrer\Programmes\Moovida =>Adware.SPointer O43 - CFD: 16/03/2011 - 11:30:19 - [0,001] ----D C:\Documents and Settings\Bureau\Menu Démarrer\Programmes\Passware O43 - CFD: 26/03/2009 - 20:20:02 - [0,002] ----D C:\Documents and Settings\Bureau\Menu Démarrer\Programmes\Proxomitron v4.5 O43 - CFD: 12/06/2011 - 13:27:02 - [0,001] ----D C:\Documents and Settings\Bureau\Menu Démarrer\Programmes\WinASPI ~ Program Folder: 355 Legitimates Scanned in 01mn 40s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.9C3AA47938405ADF266EC94DD3DCD383] - 09/04/2013 - 17:20:15 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.28B8D013792C7A43CA10D415D590820C] - 09/04/2013 - 17:20:15 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.3D59A64C9355D53E8992341E363F91A3] - 07/04/2013 - 16:33:45 ---A- . (...) -- C:\RstHosts.txt [681] O44 - LFC:[MD5.BEC8A163A7A3AC714B82097270551F50] - 06/04/2013 - 16:27:10 ---A- . (...) -- C:\WINDOWS\system32\package.lst [19] O44 - LFC:[MD5.3C0311459866C5078715AB14358322D3] - 03/04/2013 - 18:40:07 ---A- . (...) -- C:\PhysicalMBR.bin [512] O44 - LFC:[MD5.4B12684ABCD23C36F2D7B69A00B811B3] - 02/04/2013 - 20:41:08 ---A- . (...) -- C:\AdwCleaner[S1].txt [76004] O44 - LFC:[MD5.93C19E13190C0E901649942A63515665] - 29/03/2013 - 19:02:44 ---A- . (...) -- C:\WINDOWS\ntbtlog.txt [190754] O44 - LFC:[MD5.08049A652C67997839FB6312DD4DCCEF] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [12366] O44 - LFC:[MD5.CA89A0154983B998AEEE918CB667869C] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [850] O44 - LFC:[MD5.7376850548762AA282B61EF888218D04] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\comsetup.log [4062] O44 - LFC:[MD5.5F235FF709E9BB8DF17A65BDD8387DFB] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\iis6.log [13282] O44 - LFC:[MD5.9434D9F3D0D8E1B24A95679C4CF4F33D] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\imsins.log [1374] O44 - LFC:[MD5.472B2946531194FBD764C73E21CA7C4F] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\msgsocm.log [606] O44 - LFC:[MD5.44FC1E0C19E46F10C9FDAFAC4DC9AD34] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\netfxocm.log [2166] O44 - LFC:[MD5.4DB7C8789DC61447EA5550D365171050] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [2458] O44 - LFC:[MD5.197B0C8058BF085E0BC1A06017C79036] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\ocgen.log [5912] O44 - LFC:[MD5.C3DDD4B431F550CCC45620791B977EB1] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\ocmsn.log [684] O44 - LFC:[MD5.4A24B7207598182D31EFE9BB676836C8] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\tabletoc.log [622] O44 - LFC:[MD5.D79E81DAC966E5CA5A8CE79585C3F682] - 26/03/2013 - 19:03:54 ---A- . (...) -- C:\WINDOWS\tsoc.log [5642] O44 - LFC:[MD5.AFB712C88AE90C0535CCFB1AE5979FAF] - 26/03/2013 - 19:03:53 ---A- . (...) -- C:\WINDOWS\msmqinst.log [3790] O44 - LFC:[MD5.2E768617F7E382B40AE9B813BCB877BC] - 26/03/2013 - 19:03:43 ---A- . (...) -- C:\WINDOWS\updspapi.log [4526] O44 - LFC:[MD5.1B14BF96116B608B457D328586D47C2B] - 26/03/2013 - 19:03:22 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374] O44 - LFC:[MD5.F15F78D95B41F6F1C646C73E46E75C4F] - 13/03/2013 - 21:52:48 ---A- . (.SafeApp Software, LLC - Computer Up-dater License Manager.) -- C:\WINDOWS\system32\ComputerUpdaterLM.ocx [421888] O44 - LFC:[MD5.1A88CF526A1928929E45CC484E5140E8] - 13/03/2013 - 21:52:48 ---A- . (.SafeApp Software, LLC - Computer Up-dater Update Component.) -- C:\WINDOWS\system32\CUUpdateComponent.ocx [69632] O44 - LFC:[MD5.5E5B6B69F9E18A12CA28FE57D23E45D2] - 13/03/2013 - 21:52:48 ---A- . (.SafeApp Software, LLC - SafeAppRichList.) -- C:\WINDOWS\system32\SafeAppRichList.ocx [131072] ~ Files: 51 Legitimates Scanned in 00mn 17s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.5505B223C24B853C4A482DEC3AFCDCD3] - 02/04/2013 - 20:37:01 ---A- - C:\WINDOWS\Prefetch\UPDATETASK.EXE-154F922C.pf O45 - LFCP:[MD5.69BEC5439A6CC79906E4F347B2ACB619] - 06/04/2013 - 14:58:26 ---A- - C:\WINDOWS\Prefetch\BACKGROUNDHOST.EXE-00AABE3E.pf O45 - LFCP:[MD5.88A21CC372B96957CC92A4415DB79C3A] - 06/04/2013 - 14:58:27 ---A- - C:\WINDOWS\Prefetch\FREECORDER.IE.EXE-2B710A61.pf O45 - LFCP:[MD5.426BF47A2AE30CDA17EE8775B4E14C5D] - 06/04/2013 - 14:58:45 ---A- - C:\WINDOWS\Prefetch\FCCORE.EXE-0AE8DA7E.pf O45 - LFCP:[MD5.84ACF22265F8C0A16EB2DF0D0FAB4495] - 06/04/2013 - 14:59:19 ---A- - C:\WINDOWS\Prefetch\FCMEDIAP.EXE-245BF78E.pf O45 - LFCP:[MD5.4981FC1642BA490477E34B9207822C69] - 06/04/2013 - 14:59:19 ---A- - C:\WINDOWS\Prefetch\FCSCREENP.EXE-05966CDB.pf O45 - LFCP:[MD5.79D94D43E1D9D7621AEB23D5E8A7F671] - 06/04/2013 - 15:00:02 ---A- - C:\WINDOWS\Prefetch\APNSETUP.V6.EXE-0F354162.pf O45 - LFCP:[MD5.23B0353545ED8ABCF61D4A8333A95168] - 06/04/2013 - 15:00:03 ---A- - C:\WINDOWS\Prefetch\APPLIANFLV[1].EXE-045AED94.pf O45 - LFCP:[MD5.D4069CF73A0F3D6B88CC4E59CB2ADEC7] - 06/04/2013 - 15:00:56 ---A- - C:\WINDOWS\Prefetch\APNSETUP.V6.EXE-2458FCD1.pf O45 - LFCP:[MD5.34D99C1A0E5D28E57C4C6BD654A703E5] - 06/04/2013 - 15:01:10 ---A- - C:\WINDOWS\Prefetch\TBNOTIFIER.EXE-2CFF45A3.pf O45 - LFCP:[MD5.D8D450B768463B920757DC59B9DFD510] - 06/04/2013 - 15:02:15 ---A- - C:\WINDOWS\Prefetch\COMPUTERUPDATERSETUPFZ.EXE-0B79F6BB.pf O45 - LFCP:[MD5.030B8412A23AB41FB653929AC69C13BF] - 06/04/2013 - 15:02:16 ---A- - C:\WINDOWS\Prefetch\SMART_PC_CLEANER.TMP-1E415B4D.pf O45 - LFCP:[MD5.736944A61C42FB77E680F8B375D5B9A9] - 06/04/2013 - 15:02:20 ---A- - C:\WINDOWS\Prefetch\SMART_PC_CLEANER.EXE-264C2239.pf O45 - LFCP:[MD5.5F8842C4ADBE7D00E732542B38BBEFBF] - 06/04/2013 - 15:02:35 ---A- - C:\WINDOWS\Prefetch\SYMINSTALLSTUB.EXE-03A2FE45.pf O45 - LFCP:[MD5.96916136B5BC2E0F2DEEF9FCB4EA1E99] - 06/04/2013 - 15:02:37 ---A- - C:\WINDOWS\Prefetch\OFFERBOXSETUP_20111019.EXE-19A57699.pf =>PUP.OfferBox O45 - LFCP:[MD5.C38D9DF15BCC4240211488AC045A0E9B] - 06/04/2013 - 15:02:48 ---A- - C:\WINDOWS\Prefetch\FLV PLAYER 3.1.1.2 SILENT.EXE-2CF5CE1B.pf O45 - LFCP:[MD5.7AF84B4DE93E5190323B099E90C24868] - 06/04/2013 - 15:02:50 ---A- - C:\WINDOWS\Prefetch\OB.EXE-1844C40D.pf O45 - LFCP:[MD5.A0D4F78D97CDC783224E217183D06A69] - 06/04/2013 - 15:03:01 ---A- - C:\WINDOWS\Prefetch\OFFERBOX.EXE-231422E0.pf =>PUP.OfferBox O45 - LFCP:[MD5.E6245876076A93A970A1E20008D5FCCC] - 06/04/2013 - 15:03:01 ---A- - C:\WINDOWS\Prefetch\OFFERBOXHTTPPROXY.EXE-07CB840E.pf =>PUP.OfferBox O45 - LFCP:[MD5.72BF429AEFCD79360DCBE5617FA0BADE] - 06/04/2013 - 15:03:28 ---A- - C:\WINDOWS\Prefetch\CACHE-GEN.EXE-0312508B.pf O45 - LFCP:[MD5.4D9A5F932D46328DA9A1D89742D6738F] - 06/04/2013 - 15:03:31 ---A- - C:\WINDOWS\Prefetch\NS99.TMP-30346C4C.pf O45 - LFCP:[MD5.DB90BBE8C4DD6388FB7A7090FA8EB55D] - 06/04/2013 - 15:13:42 ---A- - C:\WINDOWS\Prefetch\UNLOCKER.EXE-23122D54.pf O45 - LFCP:[MD5.34ABC09DE841FA537FE39ED0B6A4BE45] - 06/04/2013 - 15:15:06 ---A- - C:\WINDOWS\Prefetch\SERVICELOCATOR.EXE-16236344.pf O45 - LFCP:[MD5.46DA554620DDA1E79FBC3D248190875E] - 06/04/2013 - 15:15:06 ---A- - C:\WINDOWS\Prefetch\TOOLBAR.EXE-30242997.pf O45 - LFCP:[MD5.599FE2E029B3EE35C405D3E58193BE76] - 06/04/2013 - 15:19:52 ---A- - C:\WINDOWS\Prefetch\FCAUDIOP.EXE-02BADA19.pf O45 - LFCP:[MD5.5F3005FD876C2481BB0E2CBEBAB8CD35] - 06/04/2013 - 15:22:45 ---A- - C:\WINDOWS\Prefetch\AVSUPDATEMANAGER.EXE-32B7E019.pf O45 - LFCP:[MD5.144188B09755DAB576114A7F7D170014] - 06/04/2013 - 15:22:53 ---A- - C:\WINDOWS\Prefetch\AVSAUDIORECORDER.EXE-2E46A32D.pf O45 - LFCP:[MD5.EE682F68C18AC092240AE43314756BFA] - 06/04/2013 - 15:23:04 ---A- - C:\WINDOWS\Prefetch\AVSAUDIOEDITOR.EXE-0333F910.pf O45 - LFCP:[MD5.D0B0DE2E96EE38C5E94773CFEBB2757A] - 06/04/2013 - 15:46:38 ---A- - C:\WINDOWS\Prefetch\FCTUBEP.EXE-1AFFEFCF.pf O45 - LFCP:[MD5.CE8A3673DED01E3EACE7650CD0040972] - 06/04/2013 - 15:46:43 ---A- - C:\WINDOWS\Prefetch\FCVIDEOP.EXE-015C1943.pf O45 - LFCP:[MD5.EDA0F58AAC24FF1F234421803E774146] - 06/04/2013 - 16:04:35 ---A- - C:\WINDOWS\Prefetch\COMPUTERUP-DATER.EXE-1AC6ECCF.pf O45 - LFCP:[MD5.4BE80D137D7982870BCD30FF3F0A85FF] - 06/04/2013 - 16:04:57 ---A- - C:\WINDOWS\Prefetch\ADVISORLETTERS.EXE-16D4DC31.pf O45 - LFCP:[MD5.E1F749EBE1BAC9178FC33111479BF652] - 06/04/2013 - 16:09:24 ---A- - C:\WINDOWS\Prefetch\UNINST.EXE-0497C827.pf O45 - LFCP:[MD5.EB921D3CC6CC503C6A336A387A9D0F5C] - 06/04/2013 - 16:09:40 ---A- - C:\WINDOWS\Prefetch\STARTER.EXE-1C134304.pf O45 - LFCP:[MD5.2E6FAC8DB01363C0FC6918ACBC0A22CA] - 06/04/2013 - 16:09:43 ---A- - C:\WINDOWS\Prefetch\COMPUTERUP-DATERSERVICE.EXE-3A08FF19.pf O45 - LFCP:[MD5.8B0786D18E1E7B5FE630AF62EEDE4E93] - 06/04/2013 - 16:09:45 ---A- - C:\WINDOWS\Prefetch\COMPUTERUP-DATERUNINSTALLER.E-3683CBC8.pf O45 - LFCP:[MD5.5A9DF5E0A2488446F29392E6E826667C] - 06/04/2013 - 16:12:01 ---A- - C:\WINDOWS\Prefetch\INSTWRAP.EXE-364E4C2C.pf O45 - LFCP:[MD5.70C7B88A1D63E28FCCAB574FC2E7125E] - 06/04/2013 - 16:12:12 ---A- - C:\WINDOWS\Prefetch\SYMBOS.EXE-0D4B8A10.pf O45 - LFCP:[MD5.EF2F92DDA6D465C212D607C9139AE0B4] - 06/04/2013 - 16:12:13 ---A- - C:\WINDOWS\Prefetch\NSS.EXE-2A1CC5E1.pf O45 - LFCP:[MD5.A2B421388A8CB13A964D7337BF90AE38] - 06/04/2013 - 16:12:16 ---A- - C:\WINDOWS\Prefetch\INSTSTUB.EXE-04E4CC32.pf O45 - LFCP:[MD5.C2601A00BADBB2479729EE0120B1CD75] - 06/04/2013 - 16:12:20 ---A- - C:\WINDOWS\Prefetch\{397E31AA-0D78-4649-A01C-339D-39C9959A.pf O45 - LFCP:[MD5.0A512DF2C8150F024DA9222595507633] - 06/04/2013 - 16:27:14 ---A- - C:\WINDOWS\Prefetch\WORDBIZ.EXE-0F1BAC1C.pf O45 - LFCP:[MD5.08B8A7A45975EEAB1203E03D8F030683] - 08/04/2013 - 12:23:02 ---A- - C:\WINDOWS\Prefetch\ITYPE.EXE-00E71BC7.pf O45 - LFCP:[MD5.3D3176DCFAB9164208804513DCC2621E] - 08/04/2013 - 13:52:52 ---A- - C:\WINDOWS\Prefetch\_IU14D2N.TMP-13C55DB9.pf O45 - LFCP:[MD5.8BDF0BCE0513284CA605AE5A1713EAB6] - 08/04/2013 - 13:56:03 ---A- - C:\WINDOWS\Prefetch\SCRABBLEPRO.EXE-17437622.pf O45 - LFCP:[MD5.C3A0BC78E8306790FA5D7155A0B3FF0A] - 09/04/2013 - 17:17:19 ---A- - C:\WINDOWS\Prefetch\ASCSERVICE.EXE-31508EF2.pf O45 - LFCP:[MD5.647F0F86C6F02B1EAF4A8E0A7C493740] - 09/04/2013 - 17:17:19 ---A- - C:\WINDOWS\Prefetch\SERVICES.EXE-2F433351.pf O45 - LFCP:[MD5.4FF3126B37822A09F93B93976E6B4A21] - 09/04/2013 - 17:17:41 ---A- - C:\WINDOWS\Prefetch\EEBSVC.EXE-1DC60FD0.pf O45 - LFCP:[MD5.D8CE922EC219596DB9D5D134130253CC] - 09/04/2013 - 17:18:02 ---A- - C:\WINDOWS\Prefetch\A2SERVICE.EXE-1FA759FF.pf O45 - LFCP:[MD5.B495A4CB7E95CEDB7457901A1CB8585F] - 09/04/2013 - 17:18:06 ---A- - C:\WINDOWS\Prefetch\APNMCP.EXE-350D2EF4.pf O45 - LFCP:[MD5.9BDD41A486D8731038441C7551794057] - 09/04/2013 - 17:18:06 ---A- - C:\WINDOWS\Prefetch\SCHEDUL2.EXE-04C548B3.pf O45 - LFCP:[MD5.4D697193F26C1EEF2AFEA9FDA38F9CFE] - 09/04/2013 - 17:18:30 ---A- - C:\WINDOWS\Prefetch\LWS.EXE-22282C9A.pf O45 - LFCP:[MD5.5FA9C2E6CDABAC06618B426FFE9830AC] - 09/04/2013 - 17:18:32 ---A- - C:\WINDOWS\Prefetch\SAGENT2.EXE-2CFC549C.pf O45 - LFCP:[MD5.E1D3341DD34A326326F409718A3C80BD] - 09/04/2013 - 17:19:04 ---A- - C:\WINDOWS\Prefetch\SQLSERVR.EXE-12F63EFF.pf O45 - LFCP:[MD5.F6C32064A3BFCE4D9CDAA66AD89C4B6E] - 09/04/2013 - 17:19:48 ---A- - C:\WINDOWS\Prefetch\NBSERVICE.EXE-03973CF1.pf O45 - LFCP:[MD5.86A1A0CDD5F2CF2C96AEA58E8788737F] - 09/04/2013 - 17:19:59 ---A- - C:\WINDOWS\Prefetch\OFFERBOXUPDATESERVICE.EXE-13C16835.pf =>PUP.OfferBox O45 - LFCP:[MD5.3EBD5F82A43201218AA62A96CFD39068] - 09/04/2013 - 17:20:04 ---A- - C:\WINDOWS\Prefetch\PMSHOST.EXE-1D4AC9E6.pf O45 - LFCP:[MD5.FAEE63A14681C998D70E5BF1AFE79FD1] - 09/04/2013 - 17:41:02 ---A- - C:\WINDOWS\Prefetch\ADM.EXE-2C658B8A.pf ~ Prefetcher: 130 Legitimates Scanned in 00mn 01s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll O46 - SEH:ShellExecuteHooks - Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\Program Files\Moovida\moovida.exe" [Enabled] .(...) -- C:\Program Files\Moovida\moovida.exe (.not file.) =>Adware.SPointer O47 - AAKE:Key Export SP - "C:\Program Files\Sony\Media Go\MediaGo.exe" [Enabled] .(.Sony Creative Software Inc..) -- C:\Program Files\Sony\Media Go\MediaGo.exe O47 - AAKE:Key Export SP - "C:\Program Files\BitComet\BitComet.exe" [Enabled] .(.www.BitComet.com.) -- C:\Program Files\BitComet\BitComet.exe O47 - AAKE:Key Export SP - "C:\Program Files\Veetle\Player\VeetleNet.exe" [Enabled] .(.Pas de propriétaire.) -- C:\Program Files\Veetle\Player\VeetleNet.exe O47 - AAKE:Key Export SP - "C:\Program Files\IP Privacy\IP Privacy.exe" [Enabled] .(.Privacy-Pro.) -- C:\Program Files\IP Privacy\IP Privacy.exe O47 - AAKE:Key Export SP - "C:\Program Files\1ClickDownload\1ClickDownloader.exe" [Disabled] .(...) -- C:\Program Files\1ClickDownload\1ClickDownloader.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Ashampoo\Ashampoo UnInstaller 4\Uninstaller.exe" [Enabled] .(.ashampoo GmbH & Co. KG.) -- C:\Program Files\Ashampoo\Ashampoo UnInstaller 4\Uninstaller.exe O47 - AAKE:Key Export SP - "C:\Program Files\scrabbleproB1.1\scrabblepro.exe" [Enabled] .(..) -- C:\Program Files\scrabbleproB1.1\scrabblepro.exe O47 - AAKE:Key Export SP - "C:\Program Files\scrabbleproB1.0.8\scrabblepro.exe" [Enabled] .(.Scrabblepro.) -- C:\Program Files\scrabbleproB1.0.8\scrabblepro.exe O47 - AAKE:Key Export SP - "C:\Utilitaires\FrozenWay 1.5.5\FrozenWay 1.5.5\FrozenWay 1.5.5\FrozenWay.exe" [Disabled] .(.Pas de propriétaire.) -- C:\Utilitaires\FrozenWay 1.5.5\FrozenWay 1.5.5\FrozenWay 1.5.5\FrozenWay.exe O47 - AAKE:Key Export DP - "C:\Program Files\Veetle\Player\VeetleNet.exe" [Enabled] .(.Pas de propriétaire.) -- C:\Program Files\Veetle\Player\VeetleNet.exe ~ Keys Export: 29 Legitimates Scanned in 00mn 00s ---\\ Déni du service (Local Security Authority) (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Acronis - Acronis Relogon Authentication Package.) -- C:\WINDOWS\system32\relog_ap.dll ~ LSA: 7 Legitimates Scanned in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) ~ CBS: 23 Legitimates Scanned in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{5525d6fe-5d68-11de-a569-001fc6c0e5c3}\AutoRun\command. (...) -- H:\setup_vmc_lite.exe (.not file.) O51 - MPSK:{98933c59-5e3a-11de-a56b-001fc6c0e5c3}\AutoRun\command. (...) -- G:\setup_vmc_lite.exe (.not file.) O51 - MPSK:{98933c5b-5e3a-11de-a56b-001fc6c0e5c3}\AutoRun\command. (...) -- G:\setup_vmc_lite.exe (.not file.) O51 - MPSK:{d307c848-b064-11df-a0dc-001fc6c0e5c3}\AutoRun\command. (...) -- E:\Startme.exe (.not file.) O51 - MPSK:{fd5e3660-57e9-11de-a567-001fc6c0e5c3}\AutoRun\command. (...) -- G:\setup_vmc_lite.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"msacm.scg726"="scg726.acm" . (.SHARP Corporation - SHARP G.726 ACM Audio Decoder.) -- C:\WINDOWS\system32\scg726.acm O52 - TDSD: \Drivers32\"vidc.xvid"="xvid.dll" . (...) -- C:\WINDOWS\system32\xvid.dll O52 - TDSD: \Drivers32\"VIDC.MJPG"="Pvmjpg30.dll" . (.Pegasus Imaging Corporation - PICVideo M-JPEG 3 codec.) -- C:\WINDOWS\system32\Pvmjpg30.dll O52 - TDSD: \Drivers32\"msacm.alf2cd"="alf2cd.acm" . (.NCT Company - NCT ALF2CD Audio CODEC.) -- C:\WINDOWS\system32\alf2cd.acm O52 - TDSD: \Drivers32\"vidc.dvsd"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\WINDOWS\system32\mcdvd_32.dll O52 - TDSD: \drivers.desc\"xvid.dll"="XviD codec (Neodivx Version)" . (...) -- C:\WINDOWS\system32\xvid.dll O52 - TDSD: \drivers.desc\"pvmjpg30.dll"="PICVideo 3 M-JPEG VfW Codec" . (.Pegasus Imaging Corporation - PICVideo M-JPEG 3 codec.) -- C:\WINDOWS\system32\pvmjpg30.dll O52 - TDSD: \drivers.desc\"alf2cd.acm"="alf2cd.acm" . (.NCT Company - NCT ALF2CD Audio CODEC.) -- C:\WINDOWS\system32\alf2cd.acm O52 - TDSD: \drivers.desc\"mcdvd_32.dll"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\WINDOWS\system32\mcdvd_32.dll ~ TDSD: 29 Legitimates Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\Acronis Scheduler2 Service [Key] . (.Acronis - Acronis Scheduler Helper.) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe O53 - SMSR:HKLM\...\startupreg\AcronisTimounterMonitor [Key] . (.Acronis - Monitor for Acronis True Image Backup Archi.) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O53 - SMSR:HKLM\...\startupreg\adm_tray.exe [Key] . (.Acronis - ADM System Tray Application.) -- C:\Program Files\Acronis\DriveMonitor\adm_tray.exe O53 - SMSR:HKLM\...\startupreg\ApnTBMon [Key] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask O53 - SMSR:HKLM\...\startupreg\Ashampoo Core Tuner 2 [Key] . (...) -- C:\Program Files\Ashampoo\Ashampoo Core Tuner 2\ACT2.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Ashampoo HDD-Control 2 Guard [Key] . (.Ashampoo Development GmbH & Co. KG - Ashampoo HDDControl Guard.) -- C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Guard.exe O53 - SMSR:HKLM\...\startupreg\CloneCDTray [Key] . (.SlySoft, Inc. - CloneCD Tray.) -- C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe O53 - SMSR:HKLM\...\startupreg\Computer Updater [Key] . (...) -- C:\Program Files\Computer Updater\ComputerUp-dater.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\dvd43 [Key] . (...) -- C:\Program Files\dvd43\dvd43_tray.exe O53 - SMSR:HKLM\...\startupreg\eTrustPPAP [Key] . (.Computer Associates - eTrust PestPatrol background protection app.) -- C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe O53 - SMSR:HKLM\...\startupreg\FileREX Update Checker [Key] . (...) -- C:\DOCUME~1\Bureau\LOCALS~1\Temp\ZGTemp\rar\Application Files\FileREX_2_0_0_0\FileREX.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Freecorder FLV Service [Key] . (.Applian Technologies, Inc. - FLV Service for Freecorder.) -- C:\Program Files\Freecorder\FLVSrvc.exe O53 - SMSR:HKLM\...\startupreg\OMEA [Key] . (.Ours Technology Inc. - Oti Motherboard Embedded Agent.) -- C:\Program Files\GO!Suite\Deployment\Functions\{AA58F999-6D97-42c2-A69F-8CC04D18D944}\OMEA.exe O53 - SMSR:HKLM\...\startupreg\PCSpeedUp [Key] . (...) -- C:\Program Files\Accelerer PC\PCSpeedUp.lnk O53 - SMSR:HKLM\...\startupreg\PopUpKiller [Key] . (.xFX JumpStart - Pas de description.) -- C:\Utilitaires\PopUp Killer\PopUpKiller.exe O53 - SMSR:HKLM\...\startupreg\Prolific_OneButton [Key] . (.Prolific Technology Inc. - One Button Launch Application for PL2x7x.) -- C:\Program Files\Prolific Technology Inc.\Prolific Backup\OneBtn.exe O53 - SMSR:HKLM\...\startupreg\RUSB3MON [Key] . (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe O53 - SMSR:HKLM\...\startupreg\Service Planificateur2 Acronis [Key] . (.Acronis - Acronis Scheduler Helper.) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe O53 - SMSR:HKLM\...\startupreg\SlimDrivers [Key] . (.SlimWare Utilities, Inc. - SlimDrivers.) -- C:\Program Files\SlimDrivers\SlimDrivers.exe O53 - SMSR:HKLM\...\startupreg\Smart PC Cleaner [Key] . (...) -- C:\Program Files\Smart PC Cleaner\SPCLauncher.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\SuperCopier2.exe [Key] . (.SFX TEAM - SuperCopier 2 (explorer file copy replaceme.) -- C:\Program Files\SuperCopier2\SuperCopier2.exe O53 - SMSR:HKLM\...\startupreg\TrueImageMonitor.exe [Key] . (.Acronis - Acronis True Image Monitor.) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O53 - SMSR:HKLM\...\startupreg\UIWatcher [Key] . (.ashampoo GmbH & Co. KG - ashampoo UnInstaller Watcher.) -- C:\Program Files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe O53 - SMSR:HKLM\...\startupreg\USBestCR [Key] . (.Pas de propriétaire - IconCS card reader Application.) -- C:\Program Files\USIM Editor\iconcs1347578.exe O53 - SMSR:HKLM\...\startupreg\VirtualDrive [Key] . (...) -- C:\Program Files\FarStone\VDPBS\VDP\vdtask.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\WahOO [Key] . (.Kow Media - WahOO.) -- C:\Documents and Settings\Bureau\Local Settings\Application Data\WahOO\WahOO.exe ~ SMSR Keys: 48 Legitimates Scanned in 00mn 02s ---\\ Microsoft Control Security Providers (O54) ~ MSCP: 3 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "verbosestatus"=0 ~ MWPS: 6 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoViewOnDrive"=0 ~ MWPE Keys: 8 Legitimates Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.0352A73CD6B1782EA3ED7A03A8268F55] - 21/08/2012 - 11:13:13 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\Drivers\aavmker4.sys [25256] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 05/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 06/04/2013 - 11:54:57 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll [18432] O61 - LFC: 06/04/2013 - 12:02:28 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\bookmarkbackups\bookmarks-2013-04-06.json [3407] O61 - LFC: 06/04/2013 - 12:14:25 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\4566a52590b1e825e22f8895d1921471.png [8527] O61 - LFC: 06/04/2013 - 13:10:04 ---A- C:\Documents and Settings\Bureau\Recent\RKreport[1]_S_06042013_140450.lnk [541] O61 - LFC: 06/04/2013 - 13:10:04 ---A- C:\Documents and Settings\Bureau\Recent\autres.lnk [377] O61 - LFC: 06/04/2013 - 15:01:01 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\prefs.js.bak [5441] O61 - LFC: 06/04/2013 - 15:01:06 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\extensions\toolbar_W3I4-G@apn.ask.com.xpi [438844] O61 - LFC: 06/04/2013 - 15:01:06 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\prefs.js.new [5652] O61 - LFC: 06/04/2013 - 15:01:16 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\AskPartnerNetwork\Toolbar\W3I4-G\APNStorage.stg [0] O61 - LFC: 06/04/2013 - 15:02:03 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{DAE8C445-9C3E-4313-A23A-6530E23B81A9}.ico [1150] O61 - LFC: 06/04/2013 - 15:02:56 ---A- C:\Documents and Settings\Bureau\Application Data\OfferBox\http_app.offerbox.com\profile.sxe [4969] =>PUP.OfferBox O61 - LFC: 06/04/2013 - 15:02:56 ---A- C:\Documents and Settings\Bureau\Application Data\OfferBox\http_app.offerbox.com\update.sxe [1207] =>PUP.OfferBox O61 - LFC: 06/04/2013 - 15:02:56 ---A- C:\Documents and Settings\Bureau\Application Data\OfferBox\http_app.offerbox.com\update.xml [412] =>PUP.OfferBox O61 - LFC: 06/04/2013 - 15:02:57 ---A- C:\Documents and Settings\Bureau\Application Data\OfferBox\http_app.offerbox.com\country.sxe [434780] =>PUP.OfferBox O61 - LFC: 06/04/2013 - 15:03:20 ---A- C:\Documents and Settings\Bureau\Application Data\OfferBox\http_app.offerbox.com\extracountry.sxe [2061] =>PUP.OfferBox O61 - LFC: 06/04/2013 - 15:04:33 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Microsoft\Internet Explorer\frameiconcache.dat [7976] O61 - LFC: 06/04/2013 - 15:05:13 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\pluginreg.dat [18921] O61 - LFC: 06/04/2013 - 15:06:59 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\FLVService\YouTube.bin [3158625] O61 - LFC: 06/04/2013 - 15:08:43 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Jaksta_Technologies_Pty_L\fcaudiop.exe_StrongName_trcokj1ymnuk5jj2upvplr22excaoenx\5.0.0.48\user.config [2333] O61 - LFC: 06/04/2013 - 15:10:37 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\FLVService\YouTube(2).bin [3158625] O61 - LFC: 06/04/2013 - 15:12:30 ---A- C:\Documents and Settings\Bureau\Recent\Audio.lnk [453] O61 - LFC: 06/04/2013 - 15:14:56 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\CT1060933\LoggerConfig.xml [1289] O61 - LFC: 06/04/2013 - 15:16:28 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\FLVService\YouTube(3).bin [3158625] O61 - LFC: 06/04/2013 - 15:23:11 ---A- C:\Documents and Settings\Bureau\Application Data\AVS4YOU\AVSAudioEditor\AEEffect_presets.xml [43284] O61 - LFC: 06/04/2013 - 15:23:40 ---A- C:\Documents and Settings\Bureau\Recent\Francky Vincent - Fruit de la passion - YouTube (2).lnk [787] O61 - LFC: 06/04/2013 - 15:27:54 ---A- C:\Documents and Settings\Bureau\Recent\Francky Vincent - Fruit de la passion - YouTube.lnk [811] O61 - LFC: 06/04/2013 - 15:34:38 ---A- C:\Documents and Settings\Bureau\Application Data\vlc\ml.xspf [304] O61 - LFC: 06/04/2013 - 15:35:05 ---A- C:\Documents and Settings\Bureau\Recent\Converted.lnk [469] O61 - LFC: 06/04/2013 - 15:35:05 ---A- C:\Documents and Settings\Bureau\Recent\Francky Vincent - Fruit de la passion - YouTube (1).lnk [823] O61 - LFC: 06/04/2013 - 15:35:33 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\FLVService\YouTube(4).bin [3158625] O61 - LFC: 06/04/2013 - 15:46:38 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Jaksta_Technologies_Pty_L\fctubep.exe_Url_mddhybykknqckapiqox3xaseysplelqu\5.0.0.48\user.config [850] O61 - LFC: 06/04/2013 - 15:48:24 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Jaksta_Technologies_Pty_L\fcvideop.exe_StrongName_jkhunzr53fq30jehtiyeatz1sogsrgkj\5.0.0.48\user.config [5185] O61 - LFC: 06/04/2013 - 15:49:19 ---A- C:\Documents and Settings\Bureau\Recent\Hymne Corse Dio Vi Salvi Regina - YouTube.lnk [769] O61 - LFC: 06/04/2013 - 15:49:19 ---A- C:\Documents and Settings\Bureau\Recent\Video.lnk [453] O61 - LFC: 06/04/2013 - 15:58:55 ---A- C:\Documents and Settings\Bureau\Application Data\AVS4YOU\AVSAudioEditor\RecentFiles.txt [589] O61 - LFC: 06/04/2013 - 15:59:05 ---A- C:\Documents and Settings\Bureau\Application Data\OfferBox\http_app.offerbox.com\history.db [27648] =>PUP.OfferBox O61 - LFC: 06/04/2013 - 16:34:41 ---A- C:\Documents and Settings\Bureau\Bureau\RK_Quarantine\NewStartPanel_{20D04FE0-0.reg [408] O61 - LFC: 06/04/2013 - 16:55:47 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Crash Reports\LastCrash [10] O61 - LFC: 07/04/2013 - 10:30:24 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\bookmarkbackups\bookmarks-2013-04-07.json [3407] O61 - LFC: 07/04/2013 - 10:36:29 ---A- C:\Documents and Settings\Bureau\Bureau\RK_Quarantine\Eula.txt [3769] O61 - LFC: 07/04/2013 - 10:42:36 ---A- C:\Documents and Settings\Bureau\Bureau\RK_Quarantine\Internet Settings_ProxyServe0.reg [312] O61 - LFC: 07/04/2013 - 10:50:04 ---A- C:\Documents and Settings\Bureau\Bureau\RK_Quarantine\PhysicalDrive0_User.dat [512] O61 - LFC: 07/04/2013 - 10:50:04 ---A- C:\Documents and Settings\Bureau\Bureau\RK_Quarantine\PhysicalDrive1_User.dat [512] O61 - LFC: 07/04/2013 - 10:50:04 ---A- C:\Documents and Settings\Bureau\Bureau\RK_Quarantine\QuarantineReport.txt [558] O61 - LFC: 07/04/2013 - 10:50:16 ---A- C:\Documents and Settings\Bureau\Recent\RKreport[4]_S_07042013_115004.lnk [592] O61 - LFC: 07/04/2013 - 11:04:46 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Microsoft\Internet Explorer\tabiconcache.dat [17258] O61 - LFC: 07/04/2013 - 16:03:53 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\webappsstore.sqlite [360448] O61 - LFC: 07/04/2013 - 16:06:23 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\07c153ec0f9ce5708a912448f3676788.png [22533] O61 - LFC: 07/04/2013 - 16:08:33 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db [7168] O61 - LFC: 07/04/2013 - 16:09:18 ---A- C:\Documents and Settings\Bureau\Menu Démarrer\Programmes\Webplayer.lnk [1978] O61 - LFC: 07/04/2013 - 16:09:19 R--A- C:\Documents and Settings\Bureau\Application Data\Microsoft\Installer\{9937E55B-6331-4804-93EF-77E992F204BD}\_3F7CDAE07E1639C4AEA7A8.exe [230547] O61 - LFC: 07/04/2013 - 16:09:19 R--A- C:\Documents and Settings\Bureau\Application Data\Microsoft\Installer\{9937E55B-6331-4804-93EF-77E992F204BD}\_481820CA410C366184E158.exe [230547] O61 - LFC: 07/04/2013 - 16:09:22 ---A- C:\Documents and Settings\Bureau\Bureau\Webplayer.lnk [2323] O61 - LFC: 07/04/2013 - 16:09:52 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\bProtector_prefs.js [16396] O61 - LFC: 07/04/2013 - 16:09:52 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data [83968] O61 - LFC: 07/04/2013 - 16:09:54 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\bProtector_extensions.sqlite [458752] O61 - LFC: 07/04/2013 - 16:09:55 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\background.html [95] O61 - LFC: 07/04/2013 - 16:09:55 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\background.js [1827] O61 - LFC: 07/04/2013 - 16:09:55 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\manifest.json [571] O61 - LFC: 07/04/2013 - 16:09:55 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\spext.dll [72704] O61 - LFC: 07/04/2013 - 16:09:57 ---A- C:\Documents and Settings\Bureau\Menu Démarrer\Programmes\BrowserProtect\Uninstall BrowserProtect.lnk [1424] =>Toolbar.Babylon O61 - LFC: 07/04/2013 - 16:18:15 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cnmdgidklhhnmppphpohildcefnaaflp\1.23.36_0\crossriderManifest.json [476] =>PUP.CrossRider O61 - LFC: 07/04/2013 - 16:18:15 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_cnmdgidklhhnmppphpohildcefnaaflp_0\5 [7168] O61 - LFC: 07/04/2013 - 16:18:49 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies [10240] O61 - LFC: 07/04/2013 - 16:18:59 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [12526] O61 - LFC: 07/04/2013 - 16:18:59 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data [83968] O61 - LFC: 07/04/2013 - 16:18:59 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtectorPreferences [14106] O61 - LFC: 07/04/2013 - 16:19:01 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage [3072] O61 - LFC: 07/04/2013 - 16:19:14 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\searchplugins\delta.xml [1294] O61 - LFC: 07/04/2013 - 16:19:14 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\user.js [984] O61 - LFC: 07/04/2013 - 16:19:19 ---A- C:\Documents and Settings\Bureau\Application Data\Babylon\log_file.txt [19518] =>Toolbar.Babylon O61 - LFC: 07/04/2013 - 17:48:10 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\c0e4733ded36f823dfaf44cbce5a09f6.png [53820] O61 - LFC: 08/04/2013 - 06:44:11 ---A- C:\Documents and Settings\Bureau\Recent\roguekiller_1.lnk [633] O61 - LFC: 08/04/2013 - 06:44:12 ---A- C:\Documents and Settings\Bureau\Recent\forum sécurité.lnk [405] O61 - LFC: 08/04/2013 - 06:44:18 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\bookmarkbackups\bookmarks-2013-04-08.json [3407] O61 - LFC: 08/04/2013 - 07:18:20 ---A- C:\Documents and Settings\Bureau\Recent\DSC00850 (1632 x 1224).lnk [755] O61 - LFC: 08/04/2013 - 07:18:20 ---A- C:\Documents and Settings\Bureau\Recent\Media Go.lnk [490] O61 - LFC: 08/04/2013 - 07:19:52 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\content-prefs.sqlite [229376] O61 - LFC: 08/04/2013 - 13:01:25 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\extensions.sqlite [458752] O61 - LFC: 08/04/2013 - 13:15:13 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\bbb6c8a316ae45fc0d3bd1d0f59bba74.png [79292] O61 - LFC: 08/04/2013 - 13:19:39 -SHA- C:\Documents and Settings\Bureau\PrivacIE\index.dat [16187392] O61 - LFC: 08/04/2013 - 13:54:21 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\startupCache\startupCache.4.little [1581097] O61 - LFC: 09/04/2013 - 17:17:13 -SHA- C:\Documents and Settings\Bureau\Application Data\Microsoft\Credentials\S-1-5-21-725345543-1844823847-839522115-1003\Credentials [812] O61 - LFC: 09/04/2013 - 17:24:01 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\a016aae29c24a1867e6b7952bfcadf7e.png [25065] O61 - LFC: 09/04/2013 - 17:24:55 ---A- C:\Documents and Settings\Bureau\Application Data\OfferBox\config.xml [2616] =>PUP.OfferBox O61 - LFC: 09/04/2013 - 17:26:48 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\goog-malware-shavar.sbstore [1634832] O61 - LFC: 09/04/2013 - 17:26:49 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\goog-malware-shavar.cache [12] O61 - LFC: 09/04/2013 - 17:26:49 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\goog-malware-shavar.pset [837698] O61 - LFC: 09/04/2013 - 17:31:18 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\addons.sqlite [524288] O61 - LFC: 09/04/2013 - 17:32:45 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\bookmarkbackups\bookmarks-2013-04-09.json [3407] O61 - LFC: 09/04/2013 - 17:32:45 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\sessionstore.bak [8995] O61 - LFC: 09/04/2013 - 17:32:49 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\parent.lock [0] O61 - LFC: 09/04/2013 - 17:32:50 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\webapps\webapps.json [2] O61 - LFC: 09/04/2013 - 17:32:51 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\search.json [17222] O61 - LFC: 09/04/2013 - 17:32:53 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\urlclassifierkey3.txt [154] O61 - LFC: 09/04/2013 - 17:32:53 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\test-malware-simple.sbstore [232] O61 - LFC: 09/04/2013 - 17:32:54 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\test-malware-simple.cache [44] O61 - LFC: 09/04/2013 - 17:32:54 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\test-malware-simple.pset [16] O61 - LFC: 09/04/2013 - 17:32:54 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\test-phish-simple.cache [44] O61 - LFC: 09/04/2013 - 17:32:54 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\test-phish-simple.pset [16] O61 - LFC: 09/04/2013 - 17:32:54 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\test-phish-simple.sbstore [232] O61 - LFC: 09/04/2013 - 17:33:02 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\formhistory.sqlite [294912] O61 - LFC: 09/04/2013 - 17:34:39 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\835d6e2f8f0b4e8439b69b8a85701cba.png [39742] O61 - LFC: 09/04/2013 - 17:34:39 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\ceb0971599272d9df79be4f0f937b368.png [39742] O61 - LFC: 09/04/2013 - 17:34:51 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\blocklist.xml [58746] O61 - LFC: 09/04/2013 - 17:35:07 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\f71820c946bbd4b8f983ecc7e64577ca.png [51293] O61 - LFC: 09/04/2013 - 17:36:08 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\downloads.sqlite [98304] O61 - LFC: 09/04/2013 - 17:36:50 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\9d7f6e23bfbdb4b68f639e6e01c1857e.png [15618] O61 - LFC: 09/04/2013 - 17:36:50 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\ab9e3dc4e10e5726a37d0de82985b926.png [15618] O61 - LFC: 09/04/2013 - 17:36:51 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\thumbnails\24c49b63f9f3f90fa20fedc189f91bfe.png [33252] O61 - LFC: 09/04/2013 - 17:37:08 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\goog-phish-shavar.cache [12] O61 - LFC: 09/04/2013 - 17:37:08 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\goog-phish-shavar.pset [643912] O61 - LFC: 09/04/2013 - 17:37:08 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\safebrowsing\goog-phish-shavar.sbstore [559939] O61 - LFC: 09/04/2013 - 17:39:55 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\sessionstore.js [171361] O61 - LFC: 09/04/2013 - 17:39:56 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\cert8.db [131072] O61 - LFC: 09/04/2013 - 17:39:56 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\cookies.sqlite [2097152] O61 - LFC: 09/04/2013 - 17:39:56 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\key3.db [16384] O61 - LFC: 09/04/2013 - 17:39:56 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\localstore.rdf [2338] O61 - LFC: 09/04/2013 - 17:39:56 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\places.sqlite [10485760] O61 - LFC: 09/04/2013 - 17:39:56 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\prefs.js [832270] O61 - LFC: 09/04/2013 - 17:39:56 ---A- C:\Documents and Settings\Bureau\Local Settings\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\_CACHE_CLEAN_ [1] O61 - LFC: 09/04/2013 - 17:39:57 ---A- C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\permissions.sqlite [1867776] O61 - LFC: 09/04/2013 - 17:41:35 -SHA- C:\Documents and Settings\Bureau\IETldCache\index.dat [262144] ~ 75 Fichiers temporaires (Temporary files) ~ 22 Fichiers cookies (Cookies files) ~ Files: 960 Legitimates Scanned in 01mn 54s ---\\ Alternate Data Stream File (O62) O62 - ADS:Alternate Data Stream File - C:\WINDOWS\system32\Drivers\tap0901.sys:Zone.Identifier ~ ADS: Scanned in 00mn 01s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - SosVirus.org.) [HKLM] -- Usbfix O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 25/08/2010 - C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys (a2acc) .(.Emsi Software GmbH - Emsisoft Anti-Malware File Guard.) - LEGACY_A2ACC O64 - Services: CurCS - 25/08/2010 - C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys (a2injectiondriver) .(.Emsi Software GmbH - Emsisoft Anti-Malware Behavior Blocker.) - LEGACY_A2INJECTIONDRIVER O64 - Services: CurCS - 05/05/2010 - C:\Program Files\Emsisoft Anti-Malware\a2util32.sys (a2util) .(.Emsi Software GmbH - a-squared Malware-IDS utility driver.) - LEGACY_A2UTIL O64 - Services: CurCS - 13/08/2010 - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe (AcrSch2Svc) .(.Acronis - Acronis Scheduler 2.) - LEGACY_ACRSCH2SVC O64 - Services: CurCS - 25/02/2013 - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe (AdvancedSystemCareService6) .(.IObit - Advanced SystemCare Service.) - LEGACY_ADVANCEDSYSTEMCARESERVICE6 O64 - Services: CurCS - 29/11/2012 - Pas de propriétaire (AfaService) .(...) - LEGACY_AFASERVICE O64 - Services: CurCS - 30/07/2012 - Pas de propriétaire (AHDDC2) .(...) - LEGACY_AHDDC2 O64 - Services: CurCS - 03/04/2013 - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (APNMCP) .(.APN LLC. - APN Updater.) - LEGACY_APNMCP O64 - Services: CurCS - 10/09/1999 - C:\WINDOWS\system32\DRIVERS\ASPI32.sys (ASPI) .(.Adaptec - ASPI for WIN32 Kernel Driver.) - LEGACY_ASPI O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (AVFSFilter) .(...) - LEGACY_AVFSFILTER O64 - Services: CurCS - 18/01/2007 - C:\WINDOWS\system32\DRIVERS\AvgArCln.sys (AvgArCln) .(.GRISOFT, s.r.o. - AVG7 Clean Driver.) - LEGACY_AVGARCLN O64 - Services: CurCS - 31/01/2007 - C:\WINDOWS\system32\DRIVERS\avgarkt.sys (AVG Anti-Rootkit) .(.GRISOFT, s.r.o. - AVG Anti-Rootkit Driver.) - LEGACY_AVG_ANTI-ROOTKIT O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (BOCDRIVE) .(...) - LEGACY_BOCDRIVE O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (BOCore) .(...) - LEGACY_BOCORE O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (BVCSPBIRU) .(...) - LEGACY_BVCSPBIRU O64 - Services: CurCS - 24/08/2009 - C:\Program Files\Ashampoo\Ashampoo HDD Control 2\DfSdkS.exe (DfSdkS) .(.mst software GmbH, Germany - mst Defrag SDK Service.) - LEGACY_DFSDKS O64 - Services: CurCS - 01/11/2008 - Pas de propriétaire (dkjhirkhjopo) .(...) - LEGACY_DKJHIRKHJOPO O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (EAGEAVP) .(...) - LEGACY_EAGEAVP O64 - Services: CurCS - 26/07/2008 - C:\WINDOWS\system32\drivers\elrawdsk32bit.sys (ElRawDisk) .(.EldoS Corporation - RawDisk Driver. Allows write access to raw.) - LEGACY_ELRAWDISK O64 - Services: CurCS - 29/01/2002 - Pas de propriétaire (EpsonBidirectionalService) .(...) - LEGACY_EPSONBIDIRECTIONALSERVICE O64 - Services: CurCS - 17/07/2002 - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe (EPSONStatusAgent2) .(.SEIKO EPSON CORPORATION - EPSON Printer Status Agent.) - LEGACY_EPSONSTATUSAGENT2 O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (FQEOH) .(...) - LEGACY_FQEOH O64 - Services: CurCS - 02/03/2007 - C:\WINDOWS\system32\DRIVERS\fvxscsi.sys (FVXSCSI) .(.FarStone Inc. - FarStone SCSI Miniport.) - LEGACY_FVXSCSI O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (IB) .(...) - LEGACY_IB O64 - Services: CurCS - 06/03/2013 - C:\Program Files\Java\jre7\bin\jqs.exe (JavaQuickStarterService) .(.Oracle Corporation - Java(TM) Quick Starter Service.) - LEGACY_JAVAQUICKSTARTERSERVICE O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (LOW) .(...) - LEGACY_LOW O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (MEMSWEEP2) .(...) - LEGACY_MEMSWEEP2 O64 - Services: CurCS - 17/04/2009 - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe (Nero BackItUp Scheduler 4.0) .(.Nero AG - Nero BackItUp.) - LEGACY_NERO_BACKITUP_SCHEDULER_4.0 O64 - Services: CurCS - 15/12/2012 - C:\Program Files\OfferBox\OfferBoxUpdateService.exe (OfferBox update service) .(.Aedge Performance BCN SL - OfferBox.) - LEGACY_OFFERBOX_UPDATE_SERVICE =>PUP.OfferBox O64 - Services: CurCS - 30/04/2009 - Pas de propriétaire (OMSI download service) .(...) - LEGACY_OMSI_DOWNLOAD_SERVICE O64 - Services: CurCS - 09/02/2005 - C:\WINDOWS\system32\drivers\pclepci.sys (PCLEPCI) .(.Pinnacle Systems GmbH - PCLEPCI.) - LEGACY_PCLEPCI O64 - Services: CurCS - 20/07/2011 - Pas de propriétaire (PCSUService) .(...) - LEGACY_PCSUSERVICE O64 - Services: CurCS - 19/01/2006 - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe (PinnacleSys.MediaServer) .(.Pinnacle Systems - Media Server Host.) - LEGACY_PINNACLESYS.MEDIASERVER O64 - Services: CurCS - 24/07/2007 - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe (PSI_SVC_2) .(.Protexis Inc. - PsiService PsiService.) - LEGACY_PSI_SVC_2 O64 - Services: CurCS - 13/01/2010 - C:\WINDOWS\system32\DRIVERS\rvsmon.sys (rvsmon) .(.CJSC Returnil Software - Returnil Monitoring Core.) - LEGACY_RVSMON O64 - Services: CurCS - 22/01/2010 - C:\WINDOWS\system32\Returnil\RVS3\rvsmon.exe (RVSMONBL) .(.CJSC Returnil Software - Returnil Virtual System Core Service.) - LEGACY_RVSMONBL O64 - Services: CurCS - 13/01/2010 - C:\WINDOWS\system32\DRIVERS\rvsmonf.sys (rvsmonf) .(.CJSC Returnil Software - Returnil File Monitoring.) - LEGACY_RVSMONF O64 - Services: CurCS - 13/01/2010 - C:\WINDOWS\system32\DRIVERS\rvsmonn1.sys (rvsmonn) .(.CJSC Returnil Software - Returnil Network Monitoring.) - LEGACY_RVSMONN O64 - Services: CurCS - 29/01/2010 - C:\WINDOWS\system32\Drivers\RVsystem.sys (RVSystem) .(.CJSC Returnil Software - Returnil Virtualization Engine.) - LEGACY_RVSYSTEM O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (RXANXWYEV) .(...) - LEGACY_RXANXWYEV O64 - Services: CurCS - 18/06/2009 - C:\WINDOWS\system32\SAVRKBootTasks.sys (SAVRKBootTasks) .(.Sophos Plc - Sophos boot tasks for Windows 2000.) - LEGACY_SAVRKBOOTTASKS O64 - Services: CurCS - 13/07/2001 - Pas de propriétaire (SBKUPNT) .(...) - LEGACY_SBKUPNT O64 - Services: CurCS - 08/10/2007 - Pas de propriétaire (TryAndDecideService) .(...) - LEGACY_TRYANDDECIDESERVICE O64 - Services: CurCS - 19/08/2011 - C:\Program Files\Fichiers communs\logishrd\LVMVFM\UMVPFSrv.exe (UMVPFSrv) .(.Logitech Inc. - Logitech User mode UMVPF service.) - LEGACY_UMVPFSRV O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (USBDLM) .(...) - LEGACY_USBDLM O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (VG) .(...) - LEGACY_VG O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (vToolbarUpdater12.2.6) .(...) - LEGACY_VTOOLBARUPDATER12.2.6 O64 - Services: CurCS - 13/04/2008 - C:\WINDOWS\system32\svchost.exe (WZCSVC) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WZCSVC ~ Legacy: 227 Legitimates Scanned in 00mn 01s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) ~ FASS Keys: 17 Legitimates Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.CometNetwork - CometBird.) -- C:\Program Files\CometBird\cometbird.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\MSN.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.crossrider.bic", "13de50c0a4d417c968ad94f6f26e32fb"); =>PUP.CrossRider O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.admin", false); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.aflt", "babsst srcExt=def"); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}"); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.autoRvrt", "false"); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.bbDpng", "9"); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.cntry", "FR"); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.dfltLng", "en"); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.excTlbr", false); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.hdrMd5", "A6588B48F92D3BF987876B940E29BC35"); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.id", "807366b6000000000000001fc6c0e5c3"); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.instlDay", "15802"); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.instlRef", "sst"); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.lastVrsnTs", "1.8.10.017:19:08"); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.newTab", false); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.prdct", "delta"); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.prtnrId", "delta"); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.rvrt", "false"); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.sg", "azb"); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.smplGrp", "azb"); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.tlbrId", "base"); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.tlbrSrchUrl", ""); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.vrsn", "1.8.10.0"); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.vrsnTs", "1.8.10.017:19:08"); O69 - SBI: prefs.js [Bureau - ag7l5sqo.default-1360951228890] user_pref("extensions.delta.vrsni", "1.8.10.0"); O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} - (Delta Search) - http://www.delta-search.com =>Toolbar.DeltaSearch O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {DAE8C445-9C3E-4313-A23A-6530E23B81A9} [DefaultScope] - (Ask Search) - http://asksearch.ask.com O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Web Search) - http://search.certified-toolbar.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche des services démarrés par Svchost (O83) O83 - Search Svchost Services: ezGOSvc (ezGOSvc) . (...) -- C:\WINDOWS\system32\ezGOSvc.dll [73600] ~ Services: 41 Legitimates Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.BADFED2AB252A4047E41454C789C4E44] [SPRF][27/12/2009] (...) -- C:\Documents and Settings\All Users\Application Data\9BBE0A4CF5.sys [88] [MD5.CBF470B77B2DB2F25C56E05CE391F18A] [SPRF][28/08/2010] (.Avanquest Software - IElevator Class Container.) -- C:\Documents and Settings\All Users\Application Data\hpeDA.dll [148736] [MD5.C3CABF08701421F3CF8C9C6112EAE9BF] [SPRF][27/12/2009] (...) -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2828] [MD5.8CE7705CB43B03BB7970B04087C7758F] [SPRF][30/06/2006] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [29616] [MD5.01E2ECA759056F23C73A035FDABB2D6D] [SPRF][30/06/2006] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [201648] [MD5.DD3975246D8928C04549B31B6B49434F] [SPRF][24/03/2008] (.Adobe Systems Incorporated - Adobe® Flash® Player ActiveX Installer.) -- C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [1527056] [MD5.A54F3D88767BB8C7DC18D8263385DED2] [SPRF][16/05/2007] (.Macrovision Corporation - Macrovision Software Manager Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [483328] ~ Files: Scanned in 00mn 00s ---\\ Scan Additionnel (O88) Database Version : v2.11496 - (09/04/2013) Clés trouvées (Keys found) : 143 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 9 Fichiers trouvés (Files found) : 3 [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] =>Toolbar.Babylon [HKLM\Software\Classes\CLSID\{0EE02110-967B-4256-ACA6-BC8AC7CB7E61}] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0EE02110-967B-4256-ACA6-BC8AC7CB7E61}] =>Toolbar.Agent [HKCU\Software\delta LTD] =>Toolbar.DeltaSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}] =>Toolbar.Conduit [HKLM\Software\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}] =>Toolbar.Conduit [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] =>Toolbar.Conduit [HKLM\Software\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] =>Toolbar.Conduit [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{4f7d1b07-6203-41f0-947b-a29cc9ecd9b0}] =>Adware.BHO [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F1C03FD-025E-4786-AF80-C2EF5C979115}] =>Toolbar.Deenero [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5F1C03FD-025E-4786-AF80-C2EF5C979115}] =>Toolbar.Deenero [HKLM\Software\Classes\Interface\{8216BD4A-4DC2-4DCE-9AFF-C86C5ACC6757}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\TypeLib\{8ABB9FA2-0740-4AD9-8F54-1192254B3CF4}] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Services x86] =>PUP.CrossRider [HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon [HKCU\{C5C31551-23FC-4895-B1C7-E209163DECA5}] =>Toolbar.Agent [HKLM\Software\Classes\Interface\{D4D390BE-98E6-4633-AD1B-B18B54BE5E76}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escort.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escortapp.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\escorteng.dll] =>Toolbar.Babylon [HKLM\Software\Classes\AppID\esrv.EXE] =>Toolbar.Babylon [HKLM\Software\Classes\escort.escortIEPane] =>PUP.Funmoods [HKLM\Software\Classes\escort.escortIEPane.1] =>PUP.Funmoods [HKLM\Software\Classes\OfferBoxUI.TheBoxCtrl] =>PUP.OfferBox [HKLM\Software\Classes\OfferBoxUI.TheBoxCtrl.1] =>PUP.OfferBox [HKLM\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph] =>PUP.SpecialSavings [HKLM\Software\APN] =>Toolbar.Ask [HKCU\Software\BabylonToolbar] =>Toolbar.Babylon [HKLM\Software\BabylonToolbar] =>Toolbar.Babylon [HKCU\Software\Cr_Installer] =>Adware.VidSaver [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\iwin] =>Adware.BHO [HKCU\Software\OfferBox] =>PUP.OfferBox [HKLM\Software\OfferBox] =>PUP.OfferBox [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Smart PC Cleaner] =>Rogue.Multiple [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}] =>Toolbar.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{b0439fd3-8f96-400d-9515-eb8122ee1f21}_is1] =>Toolbar.Agent [HKCU\Software\Services x86] =>PUP.CrossRider [HKLM\Software\Services x86] =>PUP.CrossRider [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\OfferBox] =>PUP.OfferBox [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Penwes] =>PUP.Penwes [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\Prod.cap] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings] =>PUP.BProtector [HKLM\Software\InstallIQ] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\DD88652BF1EEEB64B992F3561AF84F13] =>PUP.OfferBox [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09540C6B8D1C56740B0E1E1861657AE0] =>Toolbar.Kiwee [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15333F6466A3A1646B590E204B1C8794] =>Toolbar.Kiwee [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1B812BD0725DF36459D5BA985C9193C4] =>Toolbar.Kiwee [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2514EB7147619DA498D025C07B3421DD] =>Toolbar.Kiwee [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5FEF7DA1D0B6BAF4BA3AE8699FE83E55] =>PUP.OfferBox [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\73962F57F2FA32C43A431C9C05459330] =>PUP.OfferBox [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B63FC54A3B9D36449AD536B3C29D2A97] =>PUP.OfferBox [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C512D8DDA7F6553429ACE05EC3197DAB] =>PUP.OfferBox [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8D24CD0A6EC784AA4C95D1CE0898C8] =>Toolbar.Kiwee [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E3B47C0B22C8D004B86CB646D46C357E] =>Toolbar.Kiwee [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods [HKLM\Software\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0] =>PUP.SweetIM [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}] =>PUP.BProtector [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\delta.deltaappCore] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltaappCore.1] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltadskBnd] =>PUP.Funmoods [HKLM\Software\Classes\delta.deltadskBnd.1] =>PUP.Funmoods [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9937E55B-6331-4804-93EF-77E992F204BD}] =>Adware.SocialSkinz [HKLM\Software\Classes\AppID\ESRV.EXE] =>Adware.Facemoods [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder extension] =>Toolbar.Freecorder [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}] =>Riskware.Movly [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}] =>Riskware.Movly [HKLM\Software\Classes\CLSID\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}] =>Riskware.Movly [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}] =>Riskware.Movly [HKLM\Software\Classes\ScriptHost.Tool.1] =>Toolbar.Agent [HKLM\Software\Classes\ScriptHost.Tool] =>Toolbar.Agent [HKLM\Software\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}] =>Toolbar.Freecorder [HKLM\Software\Classes\AppID\AddonsFramework.DLL] =>Toolbar.Freecorder [HKLM\Software\Classes\AppID\ButtonSite.DLL] =>Toolbar.Freecorder [HKLM\Software\Classes\AppID\RegistryHelper.DLL] =>Toolbar.Freecorder [HKLM\Software\Classes\AppID\ScriptHost.DLL] =>Toolbar.Freecorder [HKLM\Software\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}] =>Toolbar.Freecorder [HKLM\Software\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}] =>Toolbar.Freecorder [HKLM\Software\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}] =>Toolbar.Freecorder [HKLM\Software\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}] =>Toolbar.Freecorder [HKLM\Software\Classes\CLSID\{1917AB4C-E2E9-42ae-A51E-B5750F160BFB}] =>Toolbar.Freecorder [HKLM\Software\Classes\CLSID\{6C65F1F0-8088-414B-828C-813207ADE75A}] =>Toolbar.Freecorder [HKLM\Software\Classes\CLSID\{A4341726-E922-47bb-86A6-23F4F4F67342}] =>Toolbar.Freecorder [HKLM\Software\Classes\CLSID\{C9B4F046-2A8C-46BD-B1A1-CF0EAE5EA521}] =>Toolbar.Freecorder [HKLM\Software\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}] =>Toolbar.Freecorder [HKLM\Software\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}] =>Toolbar.Freecorder [HKLM\Software\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}] =>Toolbar.Freecorder [HKLM\Software\Classes\CrossriderApp0027096.BHO] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0027096.BHO.1] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0027096.Sandbox] =>PUP.CrossRider [HKLM\Software\Classes\CrossriderApp0027096.Sandbox.1] =>PUP.CrossRider [HKLM\Software\Classes\delta.deltaHlpr] =>toolbar.DeltaSearch [HKLM\Software\Classes\delta.deltaHlpr.1] =>toolbar.DeltaSearch [HKLM\Software\Classes\esrv.deltaESrvc] =>toolbar.DeltaSearch [HKLM\Software\Classes\esrv.deltaESrvc.1] =>toolbar.DeltaSearch [HKLM\Software\Classes\AppID\escort.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escortApp.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escortEng.DLL] =>PUP.Funmoods [HKLM\Software\Classes\AppID\escorTlbr.DLL] =>PUP.Funmoods [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^ [HKCU\Software\Mozilla\Firefox\Extensions]:{0F827075-B026-42F3-885D-98981EE7B1AE} =>Toolbar.Babylon C:\Program Files\Ask.com =>Toolbar.AskBar C:\Program Files\OfferBox =>PUP.OfferBox C:\Program Files\Services x86 =>PUP.CrossRider C:\Documents and Settings\Bureau\Application Data\Babylon =>Toolbar.Babylon C:\Documents and Settings\Bureau\Application Data\OfferBox =>PUP.OfferBox C:\Documents and Settings\Bureau\Application Data\BabSolution =>Hijacker.BabSolution C:\Documents and Settings\Bureau\Local Settings\Application Data\Software =>Adware.Boxore C:\Documents and Settings\Bureau\Local Settings\Application Data\\Updater21810 =>PUP.CrossRider^ C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\Extensions\ffxtlbr@delta.com =>PUP.Funmoods C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\bprotector_extensions.sqlite =>PUP.BProtector C:\Documents and Settings\Bureau\Application Data\Mozilla\Firefox\Profiles\ag7l5sqo.default-1360951228890\bprotector_prefs.js =>PUP.BProtector C:\Documents and Settings\Bureau\Bureau\eBay.lnk =>Toolbar.eBay ~ Additionnel: Scanned in 00mn 23s ---\\ Product Upgrade Codes (O90) O90 - PUC: "283451D8869D97C45AD1B57EC9E21000" . (.Returnil Virtual System 2010.) -- C:\WINDOWS\Installer\{8D154382-D968-4C79-A51D-5BE79C2E0100}\ArpIcon.ico O90 - PUC: "4394337574D2A600677A7A857BB08010" . (.Ask Toolbar.) -- C:\WINDOWS\Installer\{57334934-2D47-006A-76A7-A758B70B0801}\ToolbarIcon.exe =>Toolbar.Ask O90 - PUC: "8DD9566B7A0042A4BBBF1C6F89E2D566" . (.PlayStation(R)Network Downloader.) -- C:\WINDOWS\Installer\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}\ARPPRODUCTICON.exe O90 - PUC: "9888910D6677B424BA181FF6E8DDEF4F" . (.Facemoods.) -- C:\WINDOWS\Installer\{D0198889-7766-424B-AB81-F16F8EDDFEF4}\ARPPRODUCTICON.exe =>Adware.Facemoods O90 - PUC: "AE4F430E762F1DD48BBE7C2B08D50004" . (.MioMap v3 Updater for Mio C320 C520.) -- C:\WINDOWS\Installer\{E034F4EA-F267-4DD1-B8EB-C7B2805D0040}\_294823.exe O90 - PUC: "D2C3F77ACC0592A41ABFE110B84ECD2A" . (.DiscAPI (Studio 10).) -- C:\WINDOWS\Installer\{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}\ARPPRODUCTICON.exe O90 - PUC: "D375652CEC3B6524EB2A12C7B812D15D" . (.USB drive letter manager.) -- C:\WINDOWS\Installer\{C256573D-B3CE-4256-BEA2-217C8B211DD5}\VRTE8.exe ~ Update Products: 138 Legitimates Scanned in 00mn 00s ---\\ Random Export Key (O91) [HKCU\Software\536d9dab23abe47] =>Toolbar.Babylon^ [HKCU\Software\536d9dab23abe47]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKCU\Software\536d9dab23abe47]:version="2.6.1125.80" [HKLM\Software\536d9dab23abe47] =>Toolbar.Babylon^ [HKLM\Software\536d9dab23abe47]:GUID="{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}" [HKLM\Software\536d9dab23abe47]:version="2.6.1125.80" ~ Export Key Software: Scanned in 00mn 00s ---\\ MyComputer Name Space (O92) ~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 28/07/2010 1935656 | (a2AntiMalware) . (.Emsi Software GmbH.) - C:\Program Files\Emsisoft Anti-Malware\a2service.exe SR - | Auto 13/08/2010 660576 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe SS - | Demand 26/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 25/02/2013 528192 | (AdvancedSystemCareService6) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe SR - | Auto 65536 | (AfaService) . (...) - C:\WINDOWS\system32\afasrv32.exe SR - | Auto 1518504 | (AHDDC2) . (...) - C:\Program Files\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe SR - | Auto 03/04/2013 169096 | (APNMCP) . (.APN LLC..) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe SR - | Auto 21/08/2012 44808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SS - | Auto 0 | (BOCore) . (...) - C:\Utilitaires\BOClean\BOCORE.exe SS - | Auto 2569168 | (BrowserProtect) . (...) - C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe =>Toolbar.Babylon SS - | Demand 0 | (BVCSPBIRU) . (...) - C:\DOCUME~1\Bureau\LOCALS~1\Temp\BVCSPBIRU.exe SS - | Demand 24/08/2009 406016 | (DfSdkS) . (.mst software GmbH, Germany.) - C:\Program Files\Ashampoo\Ashampoo HDD Control 2\DfSdkS.exe SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SS - | Demand 0 | (EAGEAVP) . (...) - C:\DOCUME~1\Bureau\LOCALS~1\Temp\EAGEAVP.exe SR - | Auto 77824 | (EpsonBidirectionalService) . (...) - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe SR - | Auto 17/07/2002 94208 | (EPSONStatusAgent2) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe SS - | Demand 0 | (FQEOH) . (...) - C:\DOCUME~1\Bureau\LOCALS~1\Temp\FQEOH.exe SS - | Auto 08/10/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 08/10/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 30/09/2012 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 0 | (IB) . (...) - C:\DOCUME~1\Bureau\LOCALS~1\Temp\IB.exe SR - | Auto 06/03/2013 170912 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe SR - | Auto 15/11/2005 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe SS - | Demand 0 | (LOW) . (...) - C:\DOCUME~1\Bureau\LOCALS~1\Temp\LOW.exe SS - | Demand 12/09/2010 251248 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe SS - | Demand 0 | (MEMSWEEP2) . (...) - C:\WINDOWS\system32\13.tmp SS - | Demand 08/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 25/11/2011 687400 | (NAUpdate) . (.Nero AG.) - C:\Program Files\Nero\Update\NASvc.exe SR - | Auto 17/04/2009 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe SR - | Auto 30/08/2012 164200 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe SS - | Auto 01/01/2000 1258856 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SS - | Auto 15/12/2012 336856 | (OfferBox update service) . (.Aedge Performance BCN SL.) - C:\Program Files\OfferBox\OfferBoxUpdateService.exe =>PUP.OfferBox SR - | Auto 90112 | (OMSI download service) . (...) - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe SS - | Auto 206336 | (PCSUService) . (...) - C:\Program Files\Accelerer PC\PCSUService.exe SR - | Auto 19/01/2006 49152 | (PinnacleSys.MediaServer) . (.Pinnacle Systems.) - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe SR - | Auto 24/07/2007 185632 | (PSI_SVC_2) . (.Protexis Inc..) - C:\Program Files\Fichiers communs\Protexis\License Service\PsiService_2.exe SS - | Demand 22/01/2010 1246560 | (RVSMONBL) . (.CJSC Returnil Software.) - C:\WINDOWS\system32\Returnil\RVS3\rvsmon.exe SS - | Demand 0 | (RXANXWYEV) . (...) - C:\DOCUME~1\Bureau\LOCALS~1\Temp\RXANXWYEV.exe SS - | Auto 0 | (Skype C2C Service) . (...) - C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 493200 | (TryAndDecideService) . (...) - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe SR - | Auto 19/08/2011 450848 | (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files\Fichiers communs\logishrd\LVMVFM\UMVPFSrv.exe SS - | Auto 0 | (USBDLM) . (...) - C:\Program Files\USBDLM\USBDLM.exe SS - | Demand 0 | (VG) . (...) - C:\DOCUME~1\Bureau\LOCALS~1\Temp\VG.exe SS - | Disabled 0 | (vToolbarUpdater12.2.6) . (...) - C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe =>Toolbar.AVGSearch ~ Services: Scanned in 00mn 00s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by Bureau at 09/04/2013 18:45:51 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys amdide.sys PCIIDEX.SYS C:\WINDOWS\system32\drivers\sfsync02.sys Protection Technology StarForce Protection System C:\WINDOWS\system32\drivers\amdide.sys Advanced Micro Devices AMD PCI SATA/IDE Bus Driver 1 ntkrnlpa!IofCallDriver[0x804EF1F0] >> \Device\Harddisk0\DR0[0x8BB5EAB8] kernel: MBR read successfully user != kernel MBR !!! sectors 312581748 (+3): user != kernel ~ MBR: 16 Legitimates Scanned in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Bureau at 09/04/2013 18:45:53 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 2772 Legitimates filtered by white list End of the scan (1380 lines in 07mn 20s)(0)