Rapport de ZHPDiag v2013.4.23.139 par Nicolas Coolman, Update du 23/04/2013 Run by dominique farault at 24/04/2013 17:35:53 State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Not Found ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox 20.0.1 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows XP Home Edition Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ System Protection Avira Free Antivirus v13.0.0.2678 Malwarebytes Anti-Malware version 1.75.0.1300 ---\\ System Optimizer CCleaner v3.17 ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader XI Java 7 Update 21 ---\\ System Information ~ Processor: x86 Family 15 Model 3 Stepping 4, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2047 MB (69% free) System Restore: Activé (Enable) System drive C: has 68 GB (73%) free of 93 GB ---\\ Logged in mode ~ Computer Name: NOM-Q9SW1VE5MNK ~ User Name: dominique farault ~ All Users Names: SUPPORT_388945a0, HelpAssistant, dominique farault, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\dominique farault\Application Data\ ~ %Desktop% : C:\Documents and Settings\dominique farault\Bureau\ ~ %Favorites% : C:\Documents and Settings\dominique farault\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\dominique farault\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\dominique farault\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ DOS/Devices A:\ Floppy drive, Flash card reader, USB Key (Not Inserted) C:\ Hard drive, Flash drive, Thumb drive (Free 68 Go of 93 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 83 Go of 97 Go) E:\ CD-ROM drive (Not Inserted) F:\ CD-ROM drive (Not Inserted) G:\ Floppy drive, Flash card reader, USB Key (Not Inserted) H:\ Floppy drive, Flash card reader, USB Key (Not Inserted) I:\ Floppy drive, Flash card reader, USB Key (Not Inserted) J:\ Floppy drive, Flash card reader, USB Key (Not Inserted) K:\ Hard drive, Flash drive, Thumb drive (Free 394 Go of 466 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.48309E1F5ED8E72783EEFBA04898BDA1] - (.Microsoft Corporation - Internet Extensions for Win32.) (.02/03/2013 - 02:55:11.) -- C:\WINDOWS\system32\wininet.dll [916480] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.13/04/2008 - 18:57:36.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/69 ~ Mes musiques (My Musics) : 21/280 ~ Mes Favoris (My Favorites) : 1/49 ~ Mes Documents (My Documents) : 1/439 ~ Mon Bureau (My Desktop) : 0/550 ~ Menu demarrer (Programs) : 1/26 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752] [PID.1544] [MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816] [PID.1940] [MD5.A5299D04ED225D64CF07A568A3E1BF8C] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184] [PID.1952] [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.1976] [MD5.BE4D946B5D8745DD7CD4CA9CA04F4989] - (...) -- C:\WINDOWS\system32\dmwu.exe [1013552] [PID.156] [MD5.5739F2821D49975CEDE6BF0153D0CF01] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [181664] [PID.444] [MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.472] [MD5.ED78DFAD8EFCDFBC89500492C4D14645] - (...) -- C:\WINDOWS\System32\PAStiSvc.exe [53248] [PID.1168] [MD5.6B3DD4B1D5D4C239AD84A460E676C6D7] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [79584] [PID.616] [MD5.D6E33DEEF1E72BAB3AD28EC3EC6D1252] - (...) -- C:\WINDOWS\system32\jmdp\stij.exe [20784] [PID.2404] [MD5.03D6F0F9FEBFD63F62E6B266D1B64E31] - (.ATI Technologies, Inc. - ATI Desktop Control Panel.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [335872] [PID.2684] [MD5.BEC5E990E477DDF60AADD8F180EE9F4C] - (.Agere Systems - SoftModem Messaging Applet.) -- C:\WINDOWS\AGRSMMSG.exe [88363] [PID.2696] [MD5.145F404A5D56447157196CB30585708E] - (.Sony Corporation - Do VAIO ???? ???????.) -- C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe [184320] [PID.2724] [MD5.AF7E1118132DAD8105D5EB3A9CD8A1B0] - (.Utimaco Safeware AG - PrivateDisk Service.) -- C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe [40960] [PID.2784] [MD5.5B8E2CA848D2336013D46701CC1DD5F8] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.2864] [MD5.E4401CF27225C1D6E664E86195978562] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [152544] [PID.3000] [MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [253816] [PID.3024] [MD5.2C3239B5355BABF5E575DDC1B3F573F7] - (.Smartbar - Smartbar.) -- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Smartbar\Application\QuickShare.exe [20248] [PID.3232] =>Hijacker.SmartBar [MD5.CC03863D9E05090F9B9C960CB82B13DD] - (.Sony Corporation - VAIO Entertainment Remote Service.) -- C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe [118784] [PID.3240] [MD5.61C615EE47CE5C6F7BB3257B1734EF55] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [217195] [PID.3292] [MD5.E8A39D41474BE42FD8830CED32932D6C] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [553440] [PID.3352] [MD5.6F5386A655598F71BAAB2D6B63A69D6A] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.2836] [MD5.F834B06933E51E2266DC4858A0E9DD98] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.3688] [MD5.AAE42F24B1510ADF8E7DE92085B8E67F] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6971904] [PID.3524] [MD5.5E9A6658A2A69AE7EB195113B7A2E7A9] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.2252] ~ Processes Running: Scanned in 00mn 01s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\prefs.js M2 - MFEP: prefs.js [dominique farault - z4pvtopg.default-1366392980468\{83c4e335-2aca-472d-b6e0-6521bc89de2b}] [] QuickShare Widget v (..) =>PUP.QuickShare ~ Firefox Browser: 15 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: LyricsPal - {A3DAEB01-4C15-4AC6-A689-6406FD954EE0} . (.XingHao Software - LyricsPal.) -- C:\Program Files\XingHaoLyrics\lrcspal.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} . (...) -- C:\Program Files\PricePeep\pricepeep.dll (.not file.) =>Toolbar.PricePeep ~ BHO: 10 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: &Google - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google IE Client Toolbar.) -- c:\program files\google\googletoolbar1.dll O3 - Toolbar: EPSON Web-To-Page - [HKLM]{EE5D279F-081B-4404-994D-C6B60AAEBA6D} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [ATIPTA] . (.ATI Technologies, Inc. - ATI Desktop Control Panel.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AGRSMMSG] . (.Agere Systems - SoftModem Messaging Applet.) -- C:\WINDOWS\AGRSMMSG.exe O4 - HKLM\..\Run: [VZRemoteCommander] . (.Sony Corporation - Do VAIO ???? ???????.) -- C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe O4 - HKLM\..\Run: [PDService.exe] . (.Utimaco Safeware AG - PrivateDisk Service.) -- C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe O4 - HKLM\..\RunOnce: [awfr7zip19662] Clé orpheline O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\System32\CTFMON.exe O4 - HKUS\S-1-5-21-963998012-1072807515-93717607-1006\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Adobe Acrobat Elements 6.0.lnk . (.Adobe Systems Inc. - Adobe Acrobat Elements.) -- C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\Acrobat Elements.exe O4 - GS\Programs: Adobe Photoshop Album 2.0 Edition Découverte.lnk . (.Adobe Systems Incorporated - Adobe Photoshop Album 2.0 Starter Edition.) -- C:\Program Files\Adobe\Photoshop Album Edition Découverte\2.0\Apps\PhotoshopAlbum.exe O4 - GS\Programs: Adobe Photoshop Elements 2.0.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop Elements.) -- C:\Program Files\Adobe\Photoshop Elements 2\PhotoshopElements.exe O4 - GS\Programs: Adobe Premiere Standard.lnk . (.Adobe Systems Inc. - Adobe Premiere Standard.) -- C:\Program Files\Adobe\Premiere Standard\Adobe Premiere Standard.exe O4 - GS\Programs: Adobe Reader XI.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-AB0000000001}\SC_Reader.ico O4 - GS\Programs: Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe O4 - GS\Programs: Installation de Adobe Acrobat Professionnnel.lnk . (...) -- C:\Program Files\Adobe\Adobe Acrobat Professional Installer\AcrobatProfessional.exe O4 - GS\Programs: Installation de Norton Password Manager.lnk . (...) -- C:\Program Files\Sony\NPM\Norton Password.exe O4 - GS\Programs: Lanceur de tâches Microsoft Works.lnk . (.Microsoft® Corporation - Lanceur de tâches Microsoft Works.) -- C:\Program Files\Microsoft Works\msworks.exe O4 - GS\Programs: Mon Centre d'Information.lnk . (.Sony Corporation - My Info Centre.) -- C:\Program Files\Sony\MyInfoCentre\MyInfoCentre.exe O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Programs: MSN Explorer.lnk . (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\msn6.exe O4 - GS\Programs: VAIO Update.lnk . (.Sony Corporation - VAIOUpdt.) -- C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe O4 - GS\Programs: Visionneuse Microsoft Office PowerPoint 2007.lnk . (...) -- C:\WINDOWS\Installer\{95120000-00AF-040C-0000-0000000FF1CE}\ppvwicon.exe O4 - GS\Programs: Windows Messenger.lnk . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe O4 - GS\Programs: Yahoo! Messenger.lnk . (...) -- C:\Program Files\Yahoo! Messenger Installer\YahooMessenger.exe O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] *.sony-europe.com O15 - Trusted Zone: [HKCU\...\Domains] *.sonystyle-europe.com O15 - Trusted Zone: [HKCU\...\Domains] *.vaio-link.com ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1360518556468 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1360523328406 ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{B3A481A3-5F86-4648-A6BA-BEBA93ABBB7F}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS1\Services\Tcpip\..\{B3A481A3-5F86-4648-A6BA-BEBA93ABBB7F}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CS2\Services\Tcpip\..\{B3A481A3-5F86-4648-A6BA-BEBA93ABBB7F}: DhcpNameServer = 212.27.40.240 212.27.40.241 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: (IBUpdaterService) . (...) - C:\WINDOWS\system32\dmwu.exe =>Adware.InstallBrain O23 - Service: (MBAMService) . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: STI Simulator (STI Simulator) . (...) - C:\WINDOWS\System32\PAStiSvc.exe ~ Services: 10 Legitimates Filtered in 00mn 03s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\dominique farault\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\dominique farault\Local Settings\Application Data\Microsoft\Wallpaper1.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\EPUpdater.job [296] O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\LyricsPal Update.job [406] ~ Scheduled Task: 5 Legitimates Filtered in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (PrivateDisk) . (.Utimaco Safeware AG - SafeGuard® PrivateDisk Driver.) - C:\WINDOWS\system32\Drivers\PrivateDiskM.sys ~ Drivers: 75 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Acrobat Elements 6.0 - Français - (.Adobe Systems.) [HKLM] -- {E5E6E687-1036-BA7E-6000-000000000001} O42 - Logiciel: Click to DVD 2.1.10 - (...) [HKLM] -- {7C2F71B2-6C73-11D6-B659-00C04F790F76} O42 - Logiciel: DVgate Plus - (...) [HKLM] -- {685BCC47-B8EC-45EC-BBCE-77DF2451502C} O42 - Logiciel: Delta toolbar - (.Delta.) [HKLM] -- delta O42 - Logiciel: Données de menu Click to DVD 2.0.01 - (...) [HKLM] -- {98A3A654-3AEF-42D9-BA91-DE5815EA5897} O42 - Logiciel: My Info Centre - (.Nom de votre société.) [HKLM] -- InstallShield_{62B715BC-01F5-4CC9-9811-D24ED44C16D4} O42 - Logiciel: PC Camer@ - (.Nom de votre société.) [HKLM] -- InstallShield_{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5} O42 - Logiciel: PictureGear Studio 2.0 - (...) [HKLM] -- {88DA0A52-3372-4803-971A-ADFB961707E8} O42 - Logiciel: PricePeep - (.betwikx LLC.) [HKLM] -- PricePeep =>Toolbar.PricePeep O42 - Logiciel: QuickShare - (.Linkury Inc..) [HKLM] -- {A35C3D8E-5E46-442E-A7DA-A2D7487D40BC} =>PUP.QuickShare O42 - Logiciel: SafeGuard® PrivateDisk 1.00.6 - Try and Buy Version - (.Utimaco Safeware AG.) [HKLM] -- {48E9DE14-39D1-4974-91A6-D4E1836F648D} O42 - Logiciel: SweetIM Bundle by SweetPacks - (.SweetPacks LTD.) [HKLM] -- SweetIM Bundle by SweetPacks =>PUP.SweetIM O42 - Logiciel: SweetIM for Messenger 3.7 - (.SweetIM Technologies Ltd..) [HKLM] -- {A0C9DF2B-89B5-4483-8983-18A68200F1B4} =>PUP.SweetIM O42 - Logiciel: SweetPacks Toolbar For Firefox 1.13.0.0 - (...) [HKLM] -- {EEE6C374-6118-11DC-9C72-001320C79847} =>PUP.SweetIM O42 - Logiciel: SweetPacks Updater - (...) [HKLM] -- WNLT =>PUP.SweetIM O42 - Logiciel: WebAdSystem - (.KalityWeb.) [HKLM] -- {451FCEA0-DF9C-47E0-9CFB-AABA092CEF5C} O42 - Logiciel: WebAdSystem - (.KalityWeb.) [HKLM] -- {9137a76a-8037-44fd-8921-31787ba6a337} ~ Logic: 155 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\BI] [HKCU\Software\DataMngr] =>PUP.Datamngr [HKCU\Software\DataMngr_Toolbar] =>PUP.Datamngr [HKCU\Software\Delta] [HKCU\Software\IncrediMail] [HKCU\Software\SmartbarLog] =>Hijacker.SmartBar [HKCU\Software\WNLT] [HKCU\Software\delta LTD] [HKCU\Software\eMule] [HKLM\Software\5328dd8b735e849] [HKLM\Software\CSI2] [HKLM\Software\DataMngr] =>PUP.Datamngr [HKLM\Software\Delta] [HKLM\Software\Utimaco] ~ Key Software: 186 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 02/03/2013 - 16:51:16 - [0,066] ----D C:\Program Files\PC Camer@ O43 - CFD: 24/04/2013 - 17:32:05 - [0,358] ----D C:\Program Files\SweetIM =>PUP.SweetIM O43 - CFD: 10/02/2013 - 19:10:47 - [1,891] ----D C:\Program Files\TVTV EPG Installer O43 - CFD: 10/02/2013 - 19:10:47 - [0,097] ----D C:\Program Files\TvTvHTML O43 - CFD: 10/02/2013 - 19:11:29 - [4,651] ----D C:\Program Files\Utimaco O43 - CFD: 18/04/2013 - 17:25:49 - [0,079] ----D C:\Documents and Settings\dominique farault\Application Data\SpeedAnalysis2 O43 - CFD: 23/02/2013 - 20:44:50 - [11,308] ----D C:\Documents and Settings\dominique farault\Local Settings\Application Data\IM O43 - CFD: 24/04/2013 - 17:32:03 - [3,624] ----D C:\Documents and Settings\dominique farault\Local Settings\Application Data\Smartbar =>Hijacker.SmartBar ~ Program Folder: 133 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.DC7F0622A144B200137CC3756F3F4C9D] - 24/04/2013 - 15:36:40 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.C7DB860823CCB8A847B2722C72E3A5F1] - 24/04/2013 - 15:36:39 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.188E68005ED62F32248032C65CB4DE96] - 24/04/2013 - 14:52:50 ---A- . (...) -- C:\WINDOWS\system32\Microsoft.VC80.CRT.manifest [1870] O44 - LFC:[MD5.351677F04B3DC84937FBFA20CD6E958D] - 24/04/2013 - 14:52:49 ---A- . (...) -- C:\WINDOWS\system32\ImHttpComm.dll [28160] O44 - LFC:[MD5.BE4D946B5D8745DD7CD4CA9CA04F4989] - 24/04/2013 - 14:52:49 ---A- . (...) -- C:\WINDOWS\system32\dmwu.exe [1013552] O44 - LFC:[MD5.C7837DC101787E3B30A496F0A9277B25] - 19/04/2013 - 20:00:51 ---A- . (...) -- C:\WINDOWS\popcinfo.dat [10] O44 - LFC:[MD5.9021940D0876E10AAE8D8234391467BE] - 18/04/2013 - 19:57:59 ---A- . (...) -- C:\WINDOWS\system32\jupdate-1.7.0_21-b11.log [3974] O44 - LFC:[MD5.F51E3629C83AB51F59E02AF2B07B6676] - 11/04/2013 - 12:59:14 ---A- . (...) -- C:\WINDOWS\system32\tmp07575.FOT [1409] O44 - LFC:[MD5.BEB43AA5A3B5DEDCB38EFF0C798F92D8] - 11/04/2013 - 12:59:14 ---A- . (...) -- C:\WINDOWS\system32\tmp39775.FOT [1409] O44 - LFC:[MD5.FABBFDF07D8A0505B32A14CF2C07C8BC] - 11/04/2013 - 12:59:14 ---A- . (...) -- C:\WINDOWS\system32\tmp8B675.FOT [1409] O44 - LFC:[MD5.C92310BB0F57E2CD0590F72828D02453] - 11/04/2013 - 12:59:13 ---A- . (...) -- C:\WINDOWS\system32\tmp80475.FOT [1409] O44 - LFC:[MD5.EC2C7FA322FC70E64439312BF4475E2C] - 11/04/2013 - 12:59:13 ---A- . (...) -- C:\WINDOWS\system32\tmpC6375.FOT [1409] O44 - LFC:[MD5.21BB081DAEC11EADAACC2B11294F554A] - 11/04/2013 - 05:05:16 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [1008117] O44 - LFC:[MD5.535F4087DA931FF6BF7E96BC61B20011] - 11/04/2013 - 05:05:16 ---A- . (...) -- C:\WINDOWS\comsetup.log [363931] O44 - LFC:[MD5.F04B1A94B673DB0F0EA886C3A06F5A22] - 11/04/2013 - 05:05:16 ---A- . (...) -- C:\WINDOWS\iis6.log [158177] O44 - LFC:[MD5.4A49FFAFE9C950D2934374210E527CC3] - 11/04/2013 - 05:05:16 ---A- . (...) -- C:\WINDOWS\imsins.log [1374] O44 - LFC:[MD5.CC8CC89D7A92B259CAA7D6594B52614E] - 11/04/2013 - 05:05:16 ---A- . (...) -- C:\WINDOWS\msgsocm.log [51137] O44 - LFC:[MD5.96A9852B773AA2A09829718860E1EA1B] - 11/04/2013 - 05:05:16 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [218433] O44 - LFC:[MD5.63E56724AD122281D63F3801E8DB3831] - 11/04/2013 - 05:05:16 ---A- . (...) -- C:\WINDOWS\ocgen.log [508530] O44 - LFC:[MD5.8CEBA9A60B30ACA81D1D6C97D7DE2835] - 11/04/2013 - 05:05:16 ---A- . (...) -- C:\WINDOWS\ocmsn.log [56529] O44 - LFC:[MD5.231F716E319EC3A7588D18AF7707B361] - 11/04/2013 - 05:05:16 ---A- . (...) -- C:\WINDOWS\tsoc.log [398094] O44 - LFC:[MD5.8020B37E739953494CF5C74130CF510D] - 11/04/2013 - 05:05:00 ---A- . (...) -- C:\WINDOWS\updspapi.log [93935] O44 - LFC:[MD5.96C07938639E622A425007E64442CB40] - 11/04/2013 - 05:04:38 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374] O44 - LFC:[MD5.4CC7F5C5CFAE2CF3A9B6757C2083EFFA] - 10/04/2013 - 15:12:40 ---A- . (...) -- C:\WINDOWS\system32\MSINET.oca [29184] O44 - LFC:[MD5.70236CD4EC0616CC768309C13D84ACDC] - 10/04/2013 - 15:12:40 ---A- . (...) -- C:\WINDOWS\system32\comdlg32.oca [35840] O44 - LFC:[MD5.7B5C062F2A488B5B7A95D4EABCE0A42A] - 10/04/2013 - 15:12:40 ---A- . (...) -- C:\WINDOWS\system32\xmlparse.dll [36864] O44 - LFC:[MD5.7C66397352506C58F70B6D1D710EEA42] - 10/04/2013 - 15:12:40 ---A- . (...) -- C:\WINDOWS\system32\xmltok.dll [69632] O44 - LFC:[MD5.183E7505B097D6D65C20E6E0491809D5] - 10/04/2013 - 13:05:16 ---A- . (...) -- C:\WINDOWS\Joueur1.SCB5 [4] O44 - LFC:[MD5.BF7F07166E505D6C8B84675CB81E5EA0] - 10/04/2013 - 13:05:16 ---A- . (...) -- C:\WINDOWS\NAME.SCB5 [100] O44 - LFC:[MD5.E46EECD3AFDAE6FF9EE473D47C7728F2] - 10/04/2013 - 13:05:16 ---A- . (...) -- C:\WINDOWS\SCORES.CB5 [336] ~ Files: 66 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.CDE8B18E353C512116B50C207E0EFF91] - 24/04/2013 - 14:08:15 ---A- - C:\WINDOWS\Prefetch\7ZIPSETUP(3).EXE-0F1CE2D9.pf O45 - LFCP:[MD5.0E51395CEA292DFB02750332E16C083D] - 24/04/2013 - 14:22:16 ---A- - C:\WINDOWS\Prefetch\7ZIPSETUP(4).EXE-03340523.pf O45 - LFCP:[MD5.808CD8AF900827A449657A58D36AF62E] - 24/04/2013 - 14:31:49 ---A- - C:\WINDOWS\Prefetch\7ZIPSETUP(5).EXE-1A49B077.pf O45 - LFCP:[MD5.01504619073F4A1ADF6E979417A551EA] - 24/04/2013 - 14:34:32 ---A- - C:\WINDOWS\Prefetch\7ZIPSETUP(6).EXE-26328E2D.pf O45 - LFCP:[MD5.24C32F9A5F960C03F43F888027C2F317] - 24/04/2013 - 14:51:04 ---A- - C:\WINDOWS\Prefetch\7ZIPSETUP(7).EXE-097F5E24.pf O45 - LFCP:[MD5.D3E23FDDC3ACEB456B4D86AE8A4AA45D] - 24/04/2013 - 14:52:49 ---A- - C:\WINDOWS\Prefetch\THCH.EXE-2DD84F78.pf O45 - LFCP:[MD5.E2A736FAB1CB53D72EB49A6AF4279535] - 24/04/2013 - 14:52:51 ---A- - C:\WINDOWS\Prefetch\SETXPDRIVERSIGNINGPOLICY.EXE-0DEEA790.pf O45 - LFCP:[MD5.C870C41ABADC9BBB7EA5374CE5A729D3] - 24/04/2013 - 14:53:01 ---A- - C:\WINDOWS\Prefetch\DMWU.EXE-2605F690.pf O45 - LFCP:[MD5.1BAF81BB65CB327786D37D1FB868EBFD] - 24/04/2013 - 14:53:17 ---A- - C:\WINDOWS\Prefetch\LYRICSPAL.EXE-1902E109.pf O45 - LFCP:[MD5.31F38C48FCF1A1F0B46B5A5337C999A4] - 24/04/2013 - 14:53:18 ---A- - C:\WINDOWS\Prefetch\PRICEPEEP_90001_0101.EXE-2BEDCE4C.pf =>Toolbar.PricePeep O45 - LFCP:[MD5.5AF90F55FF694A7973C4F735EF3AA0B1] - 24/04/2013 - 14:53:22 ---A- - C:\WINDOWS\Prefetch\OPTIMIZERPRO.TMP-2B07755B.pf =>PUP.OptimizerPro O45 - LFCP:[MD5.376A4E8CA8BDD6D13570D241D580F8E9] - 24/04/2013 - 14:53:23 ---A- - C:\WINDOWS\Prefetch\OPTIMIZERPRO.EXE-1C100625.pf =>PUP.OptimizerPro O45 - LFCP:[MD5.62A099F87D45675FAEF9311CAE30B785] - 24/04/2013 - 14:53:23 ---A- - C:\WINDOWS\Prefetch\OPTIMIZERPRO.EXE-3799E37F.pf =>PUP.OptimizerPro O45 - LFCP:[MD5.B0D4F26994EF7C89F439ADA3EA6418D6] - 24/04/2013 - 14:53:24 ---A- - C:\WINDOWS\Prefetch\OPTPROSTART.EXE-31DD3B68.pf O45 - LFCP:[MD5.815A5AE84732C797FD46CA97FFD323D4] - 24/04/2013 - 14:53:25 ---A- - C:\WINDOWS\Prefetch\OPTIMIZERPRO.EXE-1F07964B.pf =>PUP.OptimizerPro O45 - LFCP:[MD5.AE4251A1E356B2525EC3A8AD23E40F36] - 24/04/2013 - 14:57:08 ---A- - C:\WINDOWS\Prefetch\_IU14D2N.TMP-09B36247.pf O45 - LFCP:[MD5.93DD8C5256AF1A51C7DE2C304342F469] - 24/04/2013 - 15:01:30 ---A- - C:\WINDOWS\Prefetch\7ZIPSETUP(8).EXE-39314A75.pf O45 - LFCP:[MD5.E432AD37319A423C911BEC9DD73AD4D9] - 24/04/2013 - 15:02:36 ---A- - C:\WINDOWS\Prefetch\QUICKSHARE1.EXE-2FC19FDF.pf =>PUP.QuickShare O45 - LFCP:[MD5.632793430C8C205DB69D466377BFDFF5] - 24/04/2013 - 15:02:37 ---A- - C:\WINDOWS\Prefetch\SMARTBAREXEINSTALLER.EXE-256B8197.pf =>Hijacker.SmartBar O45 - LFCP:[MD5.D9EB271AEC34A75F626998AAD35AD5C6] - 24/04/2013 - 15:02:43 ---A- - C:\WINDOWS\Prefetch\TSKILL.EXE-2F6AAB7F.pf O45 - LFCP:[MD5.D4ED0E81C383BB791CB7CEBE9139EA8C] - 24/04/2013 - 15:03:37 ---A- - C:\WINDOWS\Prefetch\DELTATB.EXE-07FA4B63.pf O45 - LFCP:[MD5.4C0E66357C5ECC53A4B852D980686CAC] - 24/04/2013 - 15:03:47 ---A- - C:\WINDOWS\Prefetch\DELTASRV.EXE-1E1EDF45.pf O45 - LFCP:[MD5.1DB4BC32045715CEF28F97B81EB108AB] - 24/04/2013 - 15:03:48 ---A- - C:\WINDOWS\Prefetch\DELTA4FFX.EXE-37C72A88.pf O45 - LFCP:[MD5.9C64177B0540F661A79A8EC810F8BBE7] - 24/04/2013 - 15:03:48 ---A- - C:\WINDOWS\Prefetch\DELTA4IE.EXE-386EF42A.pf O45 - LFCP:[MD5.CD9D3B2044B2AA395C5BFBFE36F0BED5] - 24/04/2013 - 15:03:57 ---A- - C:\WINDOWS\Prefetch\BPROTECT.EXE-0962795B.pf O45 - LFCP:[MD5.3A709AFB8080F8FFC6766844EBCCDBB2] - 24/04/2013 - 15:04:09 ---A- - C:\WINDOWS\Prefetch\BROWSERPROTECT.EXE-01A4E0C5.pf =>Toolbar.Babylon O45 - LFCP:[MD5.CB83343FD9032C44FCDBE80E7ED930F1] - 24/04/2013 - 15:37:57 ---A- - C:\WINDOWS\Prefetch\ADOBE GAMMA LOADER.EXE-0A47CFD1.pf O45 - LFCP:[MD5.FD8A4E45E2D25E977932E1F282F25BB6] - 24/04/2013 - 15:37:57 ---A- - C:\WINDOWS\Prefetch\ATIPRBXX.EXE-28AA41C0.pf O45 - LFCP:[MD5.454B4BD27BBC0069BCE5FFC27503458A] - 24/04/2013 - 15:37:57 ---A- - C:\WINDOWS\Prefetch\ATIPTAXX.EXE-18FE8D8B.pf O45 - LFCP:[MD5.8FE3873C81910547AE04AD2060EC3195] - 24/04/2013 - 15:37:57 ---A- - C:\WINDOWS\Prefetch\AVRMTCTR.EXE-2C0531E1.pf O45 - LFCP:[MD5.10D197F3153A57C8F92BA994956CF9D3] - 24/04/2013 - 15:37:57 ---A- - C:\WINDOWS\Prefetch\QUICKSHARE.EXE-178709A9.pf =>PUP.QuickShare O45 - LFCP:[MD5.999DD6A11DF363AE4B7E3F988731101B] - 24/04/2013 - 15:37:57 ---A- - C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf =>PUP.SweetIM O45 - LFCP:[MD5.B8A1C6325F4307464190A0D1BB696A5A] - 24/04/2013 - 15:37:57 ---A- - C:\WINDOWS\Prefetch\VZRS.EXE-2E420D95.pf O45 - LFCP:[MD5.C868FB885298416406C8FABB4D3361ED] - 24/04/2013 - 16:17:27 ---A- - C:\WINDOWS\Prefetch\7ZIPSETUP(1).EXE-14AC2BC2.pf O45 - LFCP:[MD5.0457BE8B9A11B4ABB751B34232E906FB] - 24/04/2013 - 16:17:34 ---A- - C:\WINDOWS\Prefetch\7Z920.EXE-04D5EAB1.pf ~ Prefetcher: 129 Legitimates Filtered in 00mn 00s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\bin\ImApp.exe" [Enabled] .(...) -- C:\Program Files\IncrediMail\bin\ImApp.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\bin\IncMail.exe" [Enabled] .(...) -- C:\Program Files\IncrediMail\bin\IncMail.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\IncrediMail\bin\ImpCnt.exe" [Enabled] .(...) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe (.not file.) O47 - AAKE:Key Export SP - "K:\uTorrent.exe" [Disabled] .(...) -- K:\uTorrent.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\BitMania\BitMania.exe" [Disabled] .(...) -- C:\Program Files\BitMania\BitMania.exe (.not file.) O47 - AAKE:Key Export SP - "K:\Divers\eMule\emule.exe" [Disabled] .(...) -- K:\Divers\eMule\emule.exe (.not file.) O47 - AAKE:Key Export SP - "C:\WINDOWS\system32\dmwu.exe" [Enabled] .(.Pas de propriétaire.) -- C:\WINDOWS\system32\dmwu.exe ~ Keys Export: 20 Legitimates Filtered in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.11C04B17ED2ABBB4833694BCD644AC90] - 01/04/2002 - 15:15:00 ---A- . (.Andrea Electronics Corporation - Andrea Audio Stub Driver.) -- C:\WINDOWS\system32\Drivers\aeaudio.sys [4816] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 21/04/2013 - 08:19:24 ---A- C:\Documents and Settings\dominique farault\Recent\fidji.lnk [599] O61 - LFC: 21/04/2013 - 08:19:38 ---A- C:\Documents and Settings\dominique farault\Recent\floyd.lnk [599] O61 - LFC: 21/04/2013 - 08:19:57 ---A- C:\Documents and Settings\dominique farault\Recent\378743_4724049861500_1203563230_n.lnk [767] O61 - LFC: 21/04/2013 - 09:26:15 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\bookmarkbackups\bookmarks-2013-04-21.json [25475] O61 - LFC: 21/04/2013 - 17:50:53 ---A- C:\Documents and Settings\dominique farault\Recent\Les.Experts.-.Saison.1.-.Episode.1.-.Equipe.de.nuit-.lnk [437] O61 - LFC: 21/04/2013 - 18:35:50 ---A- C:\Documents and Settings\dominique farault\Recent\Lecteur CD.lnk [195] O61 - LFC: 21/04/2013 - 18:35:50 ---A- C:\Documents and Settings\dominique farault\Recent\Les.Experts.-.Saison.1.-.Episode.2.-.Un.millionnaire-.lnk [440] O61 - LFC: 21/04/2013 - 18:36:47 ---A- C:\Documents and Settings\dominique farault\Application Data\vlc\ml.xspf [304] O61 - LFC: 21/04/2013 - 18:36:47 ---A- C:\Documents and Settings\dominique farault\Application Data\vlc\vlcrc [80069] O61 - LFC: 22/04/2013 - 09:11:24 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\bookmarkbackups\bookmarks-2013-04-22.json [25475] O61 - LFC: 23/04/2013 - 10:34:12 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\bookmarkbackups\bookmarks-2013-04-23.json [25846] O61 - LFC: 23/04/2013 - 19:27:16 ---A- C:\Documents and Settings\dominique farault\Mes documents\Téléchargements\jre-7u21-windows-i586-iftw(1).exe [904104] O61 - LFC: 23/04/2013 - 19:35:52 ---A- C:\Documents and Settings\dominique farault\Mes documents\Téléchargements\mbam-setup-1.75.0.1300(1).exe [10285040] O61 - LFC: 23/04/2013 - 20:55:44 ---A- C:\Documents and Settings\dominique farault\Mes documents\Rapport ccleaner\cc_20130423_215542.reg [14634] O61 - LFC: 23/04/2013 - 20:55:57 ---A- C:\Documents and Settings\dominique farault\Mes documents\Rapport ccleaner\cc_20130423_215555.reg [288] O61 - LFC: 23/04/2013 - 20:56:10 ---A- C:\Documents and Settings\dominique farault\Mes documents\Rapport ccleaner\cc_20130423_215608.reg [180] O61 - LFC: 24/04/2013 - 09:28:11 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\bookmarkbackups\bookmarks-2013-04-24.json [27309] O61 - LFC: 24/04/2013 - 09:28:26 ---A- C:\Documents and Settings\dominique farault\UserData\index.dat [32768] O61 - LFC: 24/04/2013 - 09:29:54 ---A- C:\Documents and Settings\dominique farault\Mes documents\Rapport ccleaner\cc_20130424_102951.reg [456] O61 - LFC: 24/04/2013 - 11:20:47 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\addons.sqlite [524288] O61 - LFC: 24/04/2013 - 11:22:48 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\blocklist.xml [62534] O61 - LFC: 24/04/2013 - 11:56:01 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Microsoft\Wallpaper1.bmp [810054] O61 - LFC: 24/04/2013 - 11:56:01 -SHA- C:\Documents and Settings\dominique farault\Application Data\Microsoft\Internet Explorer\Desktop.htt [2724] O61 - LFC: 24/04/2013 - 11:56:05 ---A- C:\Documents and Settings\dominique farault\Application Data\Microsoft\Windows\Themes\Custom.theme [7888] O61 - LFC: 24/04/2013 - 13:42:52 ---A- C:\Documents and Settings\dominique farault\Recent\553014_120220148173933_918884789_n.lnk [888] O61 - LFC: 24/04/2013 - 13:44:00 ---A- C:\Documents and Settings\dominique farault\Recent\Mes images.lnk [505] O61 - LFC: 24/04/2013 - 13:44:00 ---A- C:\Documents and Settings\dominique farault\Recent\Staff Femelle.lnk [783] O61 - LFC: 24/04/2013 - 13:45:18 ---A- C:\Documents and Settings\dominique farault\Mes documents\Téléchargements\adwcleaner.exe [619461] O61 - LFC: 24/04/2013 - 13:52:06 -SHA- C:\Documents and Settings\dominique farault\IECompatCache\index.dat [65536] O61 - LFC: 24/04/2013 - 13:52:06 -SHA- C:\Documents and Settings\dominique farault\PrivacIE\index.dat [786432] O61 - LFC: 24/04/2013 - 13:53:50 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Microsoft\Internet Explorer\frameiconcache.dat [7136] O61 - LFC: 24/04/2013 - 13:55:35 -SHA- C:\Documents and Settings\dominique farault\IETldCache\index.dat [262144] O61 - LFC: 24/04/2013 - 13:57:07 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\pluginreg.dat [7223] O61 - LFC: 24/04/2013 - 13:59:48 ---A- C:\Documents and Settings\dominique farault\Mes documents\Téléchargements\adwcleaner(1).exe [619461] O61 - LFC: 24/04/2013 - 14:48:30 ---A- C:\Documents and Settings\dominique farault\Bureau\ZHPFixReport.txt [699] O61 - LFC: 24/04/2013 - 14:53:16 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\webapps\webapps-1.json [2] O61 - LFC: 24/04/2013 - 14:55:28 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\safebrowsing\classifier.hashkey [4] O61 - LFC: 24/04/2013 - 15:03:00 R--A- C:\Documents and Settings\dominique farault\Application Data\Microsoft\Installer\{A35C3D8E-5E46-442E-A7DA-A2D7487D40BC}\icon.ico [32038] O61 - LFC: 24/04/2013 - 15:03:10 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\extensions\{83c4e335-2aca-472d-b6e0-6521bc89de2b}\install.rdf [1052] O61 - LFC: 24/04/2013 - 15:55:56 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\permissions.sqlite [65536] O61 - LFC: 24/04/2013 - 15:58:09 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\93d25920ad1aa409f72cbcea55979cad.png [29621] O61 - LFC: 24/04/2013 - 15:58:09 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\bd63d24497fb826695c18acd769d711a.png [29621] O61 - LFC: 24/04/2013 - 15:59:15 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\1174189d2e3138f122b628b11dc6114e.png [33644] O61 - LFC: 24/04/2013 - 16:01:14 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\20d5a4de614c2d0d28a5b69fc3f6a448.png [24935] O61 - LFC: 24/04/2013 - 16:01:58 ---A- C:\Documents and Settings\dominique farault\Recent\ZHPFix[R2].lnk [495] O61 - LFC: 24/04/2013 - 16:04:25 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\77764270eb8cf0d72ebc7bf2f6321175.png [28275] O61 - LFC: 24/04/2013 - 16:04:25 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\cbf82ba820d96ca4e1984a5f91d1fe89.png [28275] O61 - LFC: 24/04/2013 - 16:05:14 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\2dcaf8f80b7d43563f440b8e90188326.png [19940] O61 - LFC: 24/04/2013 - 16:05:18 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\1f3a7c4ba51d6b88771f00da70929e57.png [22782] O61 - LFC: 24/04/2013 - 16:05:18 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\d145a1b425e7e9750e8aa5810a5fe06e.png [22782] O61 - LFC: 24/04/2013 - 16:05:52 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\3e8992e4479612dc36e9f421de6761e3.png [18939] O61 - LFC: 24/04/2013 - 16:05:52 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\843edf1c0f880e1396ba3da727151e6b.png [18939] O61 - LFC: 24/04/2013 - 16:06:19 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\content-prefs.sqlite [229376] O61 - LFC: 24/04/2013 - 16:06:30 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\b9369da8e9c702aa2d49d290d7b0409f.png [7700] O61 - LFC: 24/04/2013 - 16:06:49 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\47ea408275e6e8c34b55b0e8a7423c49.png [45101] O61 - LFC: 24/04/2013 - 16:08:26 ---A- C:\Documents and Settings\dominique farault\Recent\ZHPADSReport.lnk [505] O61 - LFC: 24/04/2013 - 16:08:35 ---A- C:\Documents and Settings\dominique farault\Recent\Log.lnk [454] O61 - LFC: 24/04/2013 - 16:08:35 ---A- C:\Documents and Settings\dominique farault\Recent\ZHP.lnk [356] O61 - LFC: 24/04/2013 - 16:09:04 ---A- C:\Documents and Settings\dominique farault\Recent\ZHPDiag.lnk [511] O61 - LFC: 24/04/2013 - 16:09:19 ---A- C:\Documents and Settings\dominique farault\Recent\AdwCleaner[S1].lnk [449] O61 - LFC: 24/04/2013 - 16:09:23 ---A- C:\Documents and Settings\dominique farault\Recent\AdwCleaner[R3].lnk [449] O61 - LFC: 24/04/2013 - 16:09:27 ---A- C:\Documents and Settings\dominique farault\Recent\AdwCleaner[R2].lnk [449] O61 - LFC: 24/04/2013 - 16:09:32 ---A- C:\Documents and Settings\dominique farault\Recent\AdwCleaner[R1].lnk [449] O61 - LFC: 24/04/2013 - 16:09:32 ---A- C:\Documents and Settings\dominique farault\Recent\VAIO (C).lnk [297] O61 - LFC: 24/04/2013 - 16:10:00 ---A- C:\Documents and Settings\dominique farault\Recent\ZHPFixReport.lnk [538] O61 - LFC: 24/04/2013 - 16:10:47 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\545304cdcca900f0af87cf207a493747.png [16951] O61 - LFC: 24/04/2013 - 16:10:47 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\7e94957d00c2c87a4d9c20b106db07a4.png [16951] O61 - LFC: 24/04/2013 - 16:12:17 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\23c94d92927d56a6a9c85f4e63f69d8e.png [19858] O61 - LFC: 24/04/2013 - 16:12:24 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\90b0846ccec3b11c09dcec44492fddc6.png [21225] O61 - LFC: 24/04/2013 - 16:12:24 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\bb6de0fce4080612ab9f18fb98932688.png [21225] O61 - LFC: 24/04/2013 - 16:12:50 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\2a2200234087a165f031d4d0b96c96ec.png [20720] O61 - LFC: 24/04/2013 - 16:12:52 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\077f3e1899f7ad87a9a97599fcce4a83.png [21923] O61 - LFC: 24/04/2013 - 16:12:52 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\81b8b219e8571bc6fd085bf6edb3c0ad.png [21923] O61 - LFC: 24/04/2013 - 16:14:17 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\a8875ca720a6a1e2369a9c6767c5edbc.png [19858] O61 - LFC: 24/04/2013 - 16:14:29 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\9fff35a118f645d48af657e576b16884.png [21225] O61 - LFC: 24/04/2013 - 16:14:29 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\c624f33dce7b3adbd4a4f01b537a8e30.png [21225] O61 - LFC: 24/04/2013 - 16:15:02 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\56cdec5a40e22acd7048a38140dea4f8.png [19858] O61 - LFC: 24/04/2013 - 16:15:29 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\8d2b609cad7e86090e500a236d1df727.png [30240] O61 - LFC: 24/04/2013 - 16:15:29 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\974e0bdb7ed4a6c1b77f35d9272a3cdf.png [30240] O61 - LFC: 24/04/2013 - 16:18:52 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\ab9e3dc4e10e5726a37d0de82985b926.png [11235] O61 - LFC: 24/04/2013 - 16:18:52 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\ff90821feeb2b02a33a6f9fc8e5f3fcd.png [11235] O61 - LFC: 24/04/2013 - 16:19:17 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\formhistory.sqlite [196608] O61 - LFC: 24/04/2013 - 16:19:24 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\bbc2ba057fd15e0e37d6c6c39f256dfd.png [39250] O61 - LFC: 24/04/2013 - 16:23:01 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\safebrowsing\goog-phish-shavar.cache [12] O61 - LFC: 24/04/2013 - 16:23:01 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\safebrowsing\goog-phish-shavar.pset [605334] O61 - LFC: 24/04/2013 - 16:23:01 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\safebrowsing\goog-phish-shavar.sbstore [530069] O61 - LFC: 24/04/2013 - 16:23:42 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\0a066d458fe9dbf310c87ea0124fd7de.png [42367] O61 - LFC: 24/04/2013 - 16:24:53 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\bd5eff1cd12670b1164a51f362d13911.png [42431] O61 - LFC: 24/04/2013 - 16:25:21 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\de0c516829e04d0bc20b4decb3ba0aaf.png [41574] O61 - LFC: 24/04/2013 - 16:26:18 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\c3a58bceb2df34c20b4c890bb70d7af7.png [35123] O61 - LFC: 24/04/2013 - 16:27:43 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\08a18951263448bee6dd81d978a5e2f3.png [19654] O61 - LFC: 24/04/2013 - 16:27:43 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\1a5635e615e7ad29794034371c3068b1.png [19654] O61 - LFC: 24/04/2013 - 16:28:03 ---A- C:\Documents and Settings\dominique farault\Mes documents\Téléchargements\VuuPC_setup.exe [1174112] O61 - LFC: 24/04/2013 - 16:28:19 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\1368614c740bbc515d4ad8592c238fe2.png [27749] O61 - LFC: 24/04/2013 - 16:29:00 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\safebrowsing\goog-malware-shavar.cache [140] O61 - LFC: 24/04/2013 - 16:29:00 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\safebrowsing\goog-malware-shavar.pset [832720] O61 - LFC: 24/04/2013 - 16:29:00 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\safebrowsing\goog-malware-shavar.sbstore [1659254] O61 - LFC: 24/04/2013 - 16:30:22 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\07a03dc6bb99c94efcde6fd0f0cbe780.png [24918] O61 - LFC: 24/04/2013 - 16:30:22 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\691c8166471c4e30fd7c6512ae818f8a.png [24918] O61 - LFC: 24/04/2013 - 16:30:42 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\store-pp.db [327680] O61 - LFC: 24/04/2013 - 16:30:47 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\46b5b7a454eceb0aeaff80c841eacd3e.png [21544] O61 - LFC: 24/04/2013 - 16:30:50 ---A- C:\Documents and Settings\dominique farault\Mes documents\Téléchargements\JRT.exe [535764] O61 - LFC: 24/04/2013 - 16:31:06 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails-old\778b31e509f5f4a794c8d8f76cad5381.png [40860] O61 - LFC: 24/04/2013 - 16:31:22 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\downloads.sqlite [98304] O61 - LFC: 24/04/2013 - 16:31:22 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\sessionstore.bak [118619] O61 - LFC: 24/04/2013 - 16:31:23 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\cert8.db [131072] O61 - LFC: 24/04/2013 - 16:31:23 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\key3.db [16384] O61 - LFC: 24/04/2013 - 16:31:23 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\localstore.rdf [5678] O61 - LFC: 24/04/2013 - 16:31:23 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\webappsstore.sqlite [262144] O61 - LFC: 24/04/2013 - 16:34:59 ---A- C:\Documents and Settings\dominique farault\Bureau\JRT.txt [10934] O61 - LFC: 24/04/2013 - 16:35:05 ---A- C:\Documents and Settings\dominique farault\Recent\JRT.lnk [487] O61 - LFC: 24/04/2013 - 16:35:12 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\extensions.sqlite [458752] O61 - LFC: 24/04/2013 - 16:35:12 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\extensions.sqlite-journal [229944] O61 - LFC: 24/04/2013 - 16:35:12 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\mimeTypes.rdf [3772] O61 - LFC: 24/04/2013 - 16:35:12 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\places.sqlite-shm [32768] O61 - LFC: 24/04/2013 - 16:35:13 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\search.json [10826] O61 - LFC: 24/04/2013 - 16:35:13 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\webapps\webapps.json [2] O61 - LFC: 24/04/2013 - 16:35:14 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\cookies.sqlite-shm [32768] O61 - LFC: 24/04/2013 - 16:35:15 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\webappsstore.sqlite-shm [32768] O61 - LFC: 24/04/2013 - 16:35:16 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\safebrowsing\test-malware-simple.cache [44] O61 - LFC: 24/04/2013 - 16:35:16 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\safebrowsing\test-malware-simple.pset [16] O61 - LFC: 24/04/2013 - 16:35:16 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\safebrowsing\test-malware-simple.sbstore [232] O61 - LFC: 24/04/2013 - 16:35:16 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\safebrowsing\test-phish-simple.cache [44] O61 - LFC: 24/04/2013 - 16:35:16 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\safebrowsing\test-phish-simple.pset [16] O61 - LFC: 24/04/2013 - 16:35:16 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\safebrowsing\test-phish-simple.sbstore [232] O61 - LFC: 24/04/2013 - 16:35:17 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\cookies.sqlite-wal [590288] O61 - LFC: 24/04/2013 - 16:35:17 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\urlclassifierkey3.txt [154] O61 - LFC: 24/04/2013 - 16:35:17 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails\138a11824677e2ea962c9a9b077f6340.png [56890] O61 - LFC: 24/04/2013 - 16:35:17 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails\ac59bde315df33b0fc6d1bdbf782f9f0.png [56890] O61 - LFC: 24/04/2013 - 16:35:26 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\places.sqlite [10485760] O61 - LFC: 24/04/2013 - 16:35:26 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\places.sqlite-wal [655872] O61 - LFC: 24/04/2013 - 16:35:26 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\webappsstore.sqlite-wal [196784] O61 - LFC: 24/04/2013 - 16:35:30 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\cookies.sqlite [524288] O61 - LFC: 24/04/2013 - 16:35:32 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\sessionstore.js [120943] O61 - LFC: 24/04/2013 - 16:35:32 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\thumbnails\bd5eff1cd12670b1164a51f362d13911.png [41495] O61 - LFC: 24/04/2013 - 16:35:34 ---A- C:\Documents and Settings\dominique farault\Local Settings\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\_CACHE_CLEAN_ [1] O61 - LFC: 24/04/2013 - 16:35:44 ---A- C:\Documents and Settings\dominique farault\Application Data\Mozilla\Firefox\Profiles\z4pvtopg.default-1366392980468\prefs.js [4048] ~ 69 Fichiers temporaires (Temporary files) ~ 16 Fichiers cookies (Cookies files) ~ Files: 457 Legitimates Filtered in 00mn 02s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 30/08/2011 - C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE O64 - Services: CurCS - 27/02/2013 - Pas de propriétaire (IBUpdaterService) .(...) - LEGACY_IBUPDATERSERVICE =>Adware.InstallBrain O64 - Services: CurCS - 06/07/2004 - C:\WINDOWS\system32\Drivers\PrivateDiskM.sys (PrivateDisk) .(.Utimaco Safeware AG - SafeGuard® PrivateDisk Driver.) - LEGACY_PRIVATEDISK O64 - Services: CurCS - 08/07/2004 - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe (VAIO Entertainment Aggregation and Control Service) .(.Sony Corporation - VAIO Entertainment Remote Service.) - LEGACY_VAIO_ENTERTAINMENT_AGGREGATION_AND_CONTROL_SERVICE ~ Legacy: 134 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - msn.) -- C:\Program Files\MSN\MSNCoreFiles\MSN6.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: prefs.js [dominique farault - z4pvtopg.default-1366392980468] user_pref("extensions.helperbar.Country", "France"); O69 - SBI: prefs.js [dominique farault - z4pvtopg.default-1366392980468] user_pref("extensions.helperbar.DockingPositionDown", false); O69 - SBI: prefs.js [dominique farault - z4pvtopg.default-1366392980468] user_pref("extensions.helperbar.SmartbarDisabled", false); =>Hijacker.SmartBar O69 - SBI: prefs.js [dominique farault - z4pvtopg.default-1366392980468] user_pref("extensions.helperbar.SmartbarStateMinimaized", false); =>Hijacker.SmartBar O69 - SBI: prefs.js [dominique farault - z4pvtopg.default-1366392980468] user_pref("extensions.helperbar.UserID", "83c4e335-2aca-472d-b6e0-6521bc89de2b"); O69 - SBI: prefs.js [dominique farault - z4pvtopg.default-1366392980468] user_pref("extensions.helperbar.Visibility", false); O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - http://search.live.com O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - () - http://search.live.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [24576] [MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [196608] [MD5.0C78701C6F42345DFF2B2B6C3C3D01EF] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [172032] ~ Files: Scanned in 00mn 00s ---\\ Scan Additionnel (O88) Database Version : v2.11668 - (23/04/2013) Clés trouvées (Keys found) : 104 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 4 Fichiers trouvés (Files found) : 2 [HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}] =>Toolbar.Babylon [HKCU\Software\delta LTD] =>Toolbar.DeltaSearch [HKLM\Software\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}] =>Toolbar.PricePeep [HKLM\Software\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}] =>Toolbar.Agent [HKLM\Software\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}] =>Toolbar.PricePeep [HKLM\Software\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}] =>Toolbar.PricePeep [HKLM\Software\Classes\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}] =>PUP.SweetIM [HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] =>Toolbar.Babylon [HKLM\Software\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}] =>Hijacker.SmartBar [HKLM\Software\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}] =>Hijacker.SmartBar [HKLM\Software\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}] =>Hijacker.SmartBar [HKLM\Software\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}] =>Hijacker.SmartBar [HKLM\Software\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}] =>Toolbar.PricePeep [HKLM\Software\Classes\CLSID\{82ac53b4-164c-4b07-a016-437a8388b81a}] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}] =>PUP.SweetIM [HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}] =>Toolbar.Babylon [HKLM\Software\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}] =>PUP.SweetIM [HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}] =>Toolbar.Babylon [HKLM\Software\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}] =>Hijacker.SmartBar [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D6533F74-218B-41BE-9D91-5BD471FECFFD}] =>Toolbar.Conduit [HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Toolbar.PricePeep [HKLM\Software\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Toolbar.PricePeep [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}] =>Toolbar.PricePeep [HKLM\Software\Google\Chrome\Extensions\paoponfhfdfnjgddpnpjkambkcgdaaib] =>Toolbar.Conduit [HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService] =>Adware.IncrediBar [HKCU\Software\DataMngr] =>Adware.Bandoo [HKLM\Software\DataMngr] =>Adware.Bandoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\FilesFrog Update Checker] =>Adware.Agent [HKCU\Software\SmartbarLog] =>Hijacker.SmartBar [HKCU\Software\WNLT] =>Adware.IncrediBar [HKLM\Software\WNLT] =>Adware.IncrediBar [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep] =>Toolbar.PricePeep [HKLM\Software\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WNLT] =>Adware.IncrediBar [HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B] =>PUP.SweetIM [HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B] =>PUP.SweetIM [HKLM\Software\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432] =>PUP.SweetIM [HKLM\Software\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller] =>Adware.MegaSearch [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}] =>Toolbar.DeltaSearch [HKLM\Software\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}] =>Toolbar.DeltaSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5C8B5FB7CB5DD447A0BAAAF637FBD77] =>PUP.ClaroSearch [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF96568971BEAC14B8815883832BD484] =>PUP.ClaroSearch [HKLM\Software\Classes\CLSID\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}] =>Adware.ShopperReports [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}] =>Adware.ShopperReports [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetIM Bundle by SweetPacks] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^ C:\Program Files\SweetIM =>PUP.SweetIM C:\Program Files\XingHaoLyrics =>Adware.ShopperReports C:\Documents and Settings\dominique farault\Local Settings\Application Data\Smartbar =>Hijacker.SmartBar C:\Documents and Settings\dominique farault\Local Settings\Application Data\Bundled software uninstaller =>Adware.MegaSearch C:\WINDOWS\Tasks\EPUpdater.job =>Hijacker.BabSolution C:\WINDOWS\Tasks\LyricsPal Update.job =>Adware.ShopperReports ~ Additionnel Scan: 201840 Items scanned in 00mn 17s ---\\ Product Upgrade Codes (O90) O90 - PUC: "48F3C63CB40E3E44D9B7BACB6CEB495F" . (.PC Camer@.) -- C:\WINDOWS\Installer\{C36C3F84-E04B-44E3-9D7B-ABBCC6BE94F5}\ARPPRODUCTICON.exe O90 - PUC: "6DB1B8663954959479E042A9FF6E3FC5" . (.VOR.) -- C:\WINDOWS\Installer\{668B1BD6-4593-4959-970E-249AFFE6F35C}\ARPPRODUCTICON.exe O90 - PUC: "786E6E5E6301E7AB0600000000000010" . (.Acrobat Elements 6.0 - Français.) -- C:\WINDOWS\Installer\{E5E6E687-1036-BA7E-6000-000000000001}\ARPPRODUCTICON.exe O90 - PUC: "CB517B265F109CC489112DE44DC4614D" . (.My Info Centre.) -- C:\WINDOWS\Installer\{62B715BC-01F5-4CC9-9811-D24ED44C16D4}\ARPPRODUCTICON.exe ~ Update Products: 46 Legitimates Filtered in 00mn 00s ---\\ Random Export Key (O91) [HKLM\Software\5328dd8b735e849] => Clé orpheline ~ Export Key Software: Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 18/04/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 27/03/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe SR - | Auto 27/03/2013 110816 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe SR - | Auto 11/08/2012 55184 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SR - | Auto 1013552 | (IBUpdaterService) . (...) - C:\WINDOWS\system32\dmwu.exe =>Adware.InstallBrain SR - | Demand 12/12/2012 553440 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 23/04/2013 181664 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe SS - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SS - | Demand 12/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 07/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 53248 | (STI Simulator) . (...) - C:\WINDOWS\System32\PAStiSvc.exe SR - | Demand 08/07/2004 118784 | (VAIO Entertainment Aggregation and Control Service) . (.Sony Corporation.) - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe SS - | Demand 08/07/2004 118877 | (VAIO Entertainment File Import Service) . (.Sony Corporation.) - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe SS - | Demand 28/07/2004 401408 | (VAIO Entertainment Task Scheduler) . (.Sony Corporation.) - C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe SS - | Demand 08/07/2004 69632 | (VAIO Entertainment TV Device Arbitration Service) . (.Sony Corporation.) - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe SS - | Demand 08/07/2004 278528 | (VAIO Entertainment UPnP Client Adapter) . (.Sony Corporation.) - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe SS - | Demand 09/07/2004 1826816 | (VAIOMediaPlatform-IntegratedServer-AppServer) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe SS - | Demand 16/06/2004 57344 | (VAIOMediaPlatform-IntegratedServer-HTTP) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe SS - | Demand 22/06/2004 733184 | (VAIOMediaPlatform-IntegratedServer-UPnP) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe SS - | Demand 16/06/2004 188416 | (VAIOMediaPlatform-Mobile-Gateway) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe SS - | Demand 26/10/2012 957056 | (VUAgent) . (.Sony Corporation.) - C:\Program Files\Sony\VAIO Update\VUAgent.exe ~ Services: Scanned in 00mn 00s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by dominique farault at 24/04/2013 17:37:10 device: opened successfully user: MBR read successfully Disk trace: called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 1 nt!IofCallDriver[0x804E13B9] >> \Device\Harddisk0\DR0[0x89B7EAB8] kernel: MBR read successfully user & kernel MBR OK ~ MBR: 13 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by dominique farault at 24/04/2013 17:37:12 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 1453 Legitimates filtered by white list End of the scan (866 lines in 01mn 19s)(0)