Rapport de ZHPDiag v2013.6.18.25 par Nicolas Coolman, Update du 18/06/2013 Run by Mouton at 19/06/2013 14:52:16 WebSite: http://nicolascoolman.webs.com State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Not Found ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox 21.0 (Defaut) GCIE: Google Chrome v27.0.1453.116 ---\\ Windows Product Information ~ Langage: Français Windows XP Professional Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ System Protection Avira Free Antivirus v13.0.0.3640 COMODO Internet Security v5.10.31649.2253 Malwarebytes Anti-Malware version 1.75.0.1300 Spyware Terminator 2012 v3.0.0.50 ---\\ System Optimizer CCleaner v3.27 =>Piriform Ltd ---\\ Peer To Peer (P2P) eMule Pando Media Booster v2.6.0.7 µTorrent v3.2.2.28595 =>P2P.µTorrent ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 21 ---\\ System Information ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3583 MB (74% free) System Restore: Activé (Enable) System drive C: has 8 GB (5%) free of 146 GB ---\\ Logged in mode ~ Computer Name: MOUTON-07A28FD0 ~ User Name: Mouton ~ All Users Names: UpdatusUser, SUPPORT_388945a0, Mouton, HelpAssistant, Guest, ASPNET, Administrator, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\Mouton\Application Data\ ~ %Desktop% : C:\Documents and Settings\Mouton\Desktop\ ~ %Favorites% : C:\Documents and Settings\Mouton\Favorites\ ~ %LocalAppData% : C:\Documents and Settings\Mouton\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\Mouton\Start Menu\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ DOS/Devices A:\ Floppy drive, Flash card reader, USB Key (Not Inserted) C:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 146 Go) D:\ CD-ROM drive (Not Inserted) E:\ Hard drive, Flash drive, Thumb drive (Free 61 Go of 319 Go) F:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations ~ Security Center: 33 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.12896823FB95BFB3DC9B46BCAEDC9923] - (.Microsoft Corporation - Windows Explorer.) (.14/04/2008 - 01:12:19.) -- C:\WINDOWS\Explorer.exe [1033728] [MD5.CE5BA470204A3176E60721C4B63B8DF3] - (.Microsoft Corporation - Internet Extensions for Win32.) (.07/05/2013 - 23:30:06.) -- C:\WINDOWS\system32\wininet.dll [920064] [MD5.ED0EF0A136DEC83DF69F04118870003E] - (.Microsoft Corporation - Windows NT Logon Application.) (.14/04/2008 - 01:12:39.) -- C:\WINDOWS\system32\Winlogon.exe [507904] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.D45926117EB9FA946A6AF572FBE1CAA3] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/04/2008 - 19:33:28.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44544] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.4A0B06AA8943C1E332520F7440C0AA30] - (.Microsoft Corporation - i8042 Port Driver.) (.13/04/2008 - 21:18:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [52480] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.5575FAF8F97CE5E713D108C2A58D7C7C] - (.Microsoft Corporation - Parallel Port Driver.) (.13/04/2008 - 19:40:10.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80128] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.F828DD7E1419B6653894A8F97A0094C5] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 19:40:27.) -- C:\WINDOWS\system32\Drivers\redbook.sys [57600] [MD5.4C8FCB5CC53AAB716D810740FE59D025] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.13/04/2008 - 19:41:01.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [52352] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/108 ~ Mes musiques (My Musics) : 1/17 ~ Mes Videos (My Videos) : 1/9 ~ Mes Favoris (My Favorites) : 1/16 ~ Mes Documents (My Documents) : 2/2498 ~ Mon Bureau (My Desktop) : 1/3803 ~ Menu demarrer (Programs) : 1/65 ~ Hidden Files: Scanned in 00mn 01s ---\\ Processus lancés [MD5.00E3E885D8C19CAD03BCD05DFEB2C1FE] - (.Comodo Security Solutions Inc. - livePCsupport launcher system service.) -- C:\Program Files\Common Files\COMODO\launcher_service.exe [70344] [PID.992] [MD5.907324001AE25AC5959C91EAA34CABAE] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1983232] [PID.1176] [MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752] [PID.1728] [MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816] [PID.188] [MD5.D8E18021F91AD79CA8491CB5A5DA22D4] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55144] [PID.216] [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.284] [MD5.E9EFCB47B90FD5498695BB7FEFD36CAE] - (.Seiko Epson Corporation - Epson Scanner Service (32bit).) -- C:\WINDOWS\system32\EscSvc.exe [122000] [PID.364] [MD5.CBC7E60715F54D8ABC5E577CCFF6B039] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.exe [142432] [PID.460] [MD5.F96C429788350DB4BA6771C3034DFD88] - (.Teruten - FsUsbDevice.) -- C:\WINDOWS\system32\FsUsbExService.exe [217088] [PID.500] [MD5.AE63D0DB96C07CAE5DC4CDB2B2A719A0] - (.Comodo Security Solutions, Inc. - GeekBuddy Remote Screen Protocol Server.) -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [1851088] [PID.572] [MD5.5739F2821D49975CEDE6BF0153D0CF01] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [181664] [PID.1380] [MD5.414E51CEC052227C581C9EAFE4499C14] - (.VIA Technologies, Inc. - Service binary.) -- C:\WINDOWS\system32\KaraokeSer.exe [88688] [PID.1472] [MD5.7276ED403221A5A8FE54A9DD136E12EF] - (...) -- C:\Program Files\Logitech\Easy Synchronization\servicestub.exe [65536] [PID.1620] [MD5.B88A592C93319B477A36FC9D4D2B1FB2] - (.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [755536] [PID.1720] [MD5.500D956B8406A69256DEB9EEB4A7F57C] - (...) -- C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe [53248] [PID.1752] [MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Documents and Settings\Mouton\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.200] [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Documents and Settings\Mouton\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.496] [MD5.D98350792A7CE82E7459A7C36481BEDA] - (.Microsoft Corporation - MsCamSvc.exe.) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe [139632] [PID.1132] [MD5.FD306FBCCE7ADB1077B709742E7148E9] - (...) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096] [PID.1336] [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Documents and Settings\Mouton\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1808] [MD5.E666A28CC51F04C7D972EF8AD4234BBA] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 310.9.) -- C:\WINDOWS\system32\nvsvc32.exe [157112] [PID.1512] [MD5.9D84376931440F3679BEEF2A414FA493] - (.HP - PML Driver.) -- C:\WINDOWS\system32\HPZipm12.exe [69632] [PID.2084] [MD5.205E1B699FD3F2F9B036EEA2EC30C620] - (...) -- C:\WINDOWS\system32\PnkBstrA.exe [76888] [PID.2096] [MD5.7D6D84E523FE830B483A0DCBF1EAEDE0] - (...) -- C:\WINDOWS\system32\PnkBstrB.exe [189072] [PID.2116] [MD5.2CD3EE180EADDE93DF78AADE87B61504] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) -- C:\Program Files\Spyware Terminator\st_rsser.exe [482992] [PID.2288] [MD5.3F08838E262984EF555A50B9D6C8BC34] - (.Vodafone Group - VodafoneConnectorService.) -- C:\Program Files\Vodafone\Via The Phone\VodafoneConnectorService.exe [233472] [PID.2388] [MD5.DD0042F0C3B606A6A8B92D49AFB18AD6] - (.Yahoo! Inc. - AutoUpater Service Module.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [602392] [PID.2452] [MD5.C61F226996B84AB78D481FD69362E72A] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6749512] [PID.3532] [MD5.70F40294A8BF20CF0A5473BC60730BD5] - (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe [1851192] [PID.3552] [MD5.0FA8B91757C93A29FA0A035ACA8B9C4E] - (.VIA Technologies, Inc. - HDeck MFC Application.) -- C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [41122448] [PID.3584] [MD5.037B1E7798960E0420003D05BB577EE6] - (...) -- ystem32\RunDLL32.exe [0] [PID.3608] [MD5.F7C957383CE7E11A8CB3C0E7D80BDB76] - (.SEIKO EPSON CORPORATION - Fax Reception.) -- C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912] [PID.3652] [MD5.91AE51D746D6AC6943849D9465AE40E6] - (.SEIKO EPSON CORPORATION - Fax Transmission.) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360] [PID.3716] [MD5.06EB82143478B8EA270E5BD06EFA1534] - (.Logitech, Inc. - Logitech KHAL Main Process.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe [150328] [PID.3816] [MD5.46D3D19A4745B67DCA6692AFAB0E136D] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912] [PID.3812] [MD5.FD579C25D253A47DF82A76B7EE96ADB5] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.3908] [MD5.AD298BDBF33C10EFD2F9BB2BAE8718D9] - (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [495616] [PID.1140] [MD5.4C4CF9220E628D1378F9807EC5175488] - (.Microsoft Corporation - ActiveSync Connection Manager.) -- C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [1289000] [PID.3508] [MD5.6B3DD4B1D5D4C239AD84A460E676C6D7] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [79584] [PID.3288] [MD5.09301A1FB10CDB3328AB616B5B18C92F] - (.Comodo Security Solutions, Inc. - livePCsupport Component.) -- C:\Program Files\COMODO\GeekBuddy\unit_manager.exe [207560] [PID.3160] [MD5.DCFC84480C76D862D9BFD386EA6E8DE7] - (.Microsoft Corporation - ActiveSync RAPI Manager.) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe [199464] [PID.3452] [MD5.27F7E2A7B7E09FF2F17A97DCA6EE0F1A] - (.Comodo Security Solutions, Inc. - livePCsupport Component.) -- C:\Program Files\COMODO\GeekBuddy\unit.exe [194760] [PID.3116] [MD5.612AF40F6F45DEFC00F68E868B75927A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\Mouton\Desktop\ZHPDiag\ZHPDiag.exe [7518208] [PID.4176] [MD5.8C515081584A38AA007909CD02020B3D] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.4180] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [agbbmachalkmbecmaamehkfbhaggpckk] Webplayer Toolbar v.2.1, (Désactivé) ~ Google Browser: 9 Legitimates Filtered in 00mn 13s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\prefs.js M3 - MFPP: Plugins - [Mouton] -- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\searchplugins\live-search.xml M2 - MFEP: prefs.js [Mouton - bhl22nkz.default\amin.eft_PhProxy@gmail.com] [] PhZilla v4.1.1 (..) M2 - MFEP: prefs.js [Mouton - bhl22nkz.default\foxyproxy@eric.h.jung] [] FoxyProxy Basic v3.2 (..) M2 - MFEP: prefs.js [Mouton - bhl22nkz.default\MouseControl@neocodex.us] [] MouseControl v1.5.1 (..) M2 - MFEP: prefs.js [Mouton - bhl22nkz.default\support@6point7.com] [] Social Video Chat v1.2 (..) M2 - MFEP: prefs.js [Mouton - bhl22nkz.default\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}] [] FoxyTunes v4.3.6 (..) M2 - MFEP: prefs.js [Mouton - bhl22nkz.default\{c850fe9c-684f-4875-9eb2-604eb1996d5c}] [] Webplayer Toolbar v2.2 (..) P2 - FPN: [HKLM] [@qq.com/npqscall] - (...) -- C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll (.not file.) P2 - FPN: [HKLM] [@qq.com/TXSSO] - (...) -- C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll (.not file.) ~ Firefox Browser: 42 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com =>PUP.CertifiedToolbar R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://newtab.certified-toolbar.com =>PUP.CertifiedToolbar ~ IE Browser: 11 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421; R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 22 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} . (.Shareaza Development Team - Shareaza Web Download Hook.) -- C:\Program Files\Shareaza\RazaWebHook32.dll O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Clé orpheline ~ BHO: 8 Legitimates Filtered in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [ISUSPM Startup] . (.Macrovision Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe O4 - HKLM\..\Run: [ISUSScheduler] . (.Macrovision Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe O4 - HKLM\..\Run: [Easy Synchronization] . (...) -- C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] . (.Logitech, Inc. - Logitech KHAL Main Process.) -- C:\WINDOWS\KHALMNPR.exe O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe O4 - HKLM\..\Run: [Launch LCore] . (.Logitech Inc. - Logitech Gaming Framework.) -- C:\Program Files\Logitech Gaming Software\LCore.exe O4 - HKLM\..\Run: [EvtMgr6] . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe O4 - HKLM\..\Run: [HDAudDeck] . (.VIA Technologies, Inc. - HDeck MFC Application.) -- C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMCTray.dll O4 - HKLM\..\Run: [nwiz] . (...) -- C:\Program Files\NVIDIA Corporation\nview\nwiz.exe O4 - HKLM\..\Run: [FUFAXRCV] . (.SEIKO EPSON CORPORATION - Fax Reception.) -- C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe O4 - HKLM\..\Run: [FUFAXSTM] . (.SEIKO EPSON CORPORATION - Fax Transmission.) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe O4 - HKLM\..\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe O4 - HKLM\..\Run: [gbrspcontrol] . (.Comodo Security Solutions, Inc. - GeekBuddy Remote Screen Protocol Server.) -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\RunOnce: [Easy Synchronization] . (...) -- C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadwin PrintScreen] . (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe O4 - HKCU\..\Run: [H/PC Connection Agent] . (.Microsoft Corporation - ActiveSync Connection Manager.) -- C:\Program Files\Microsoft ActiveSync\Wcescomm.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe O4 - HKUS\S-1-5-21-436374069-1788223648-725345543-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-436374069-1788223648-725345543-1003\..\Run: [Gadwin PrintScreen] . (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe O4 - HKUS\S-1-5-21-436374069-1788223648-725345543-1003\..\Run: [H/PC Connection Agent] . (.Microsoft Corporation - ActiveSync Connection Manager.) -- C:\Program Files\Microsoft ActiveSync\Wcescomm.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop: AntiError.lnk . (.Comodo Security Solutions Inc. - livePCsupport launcher application.) -- C:\Program Files\COMODO\GeekBuddy\launcher.exe O4 - GS\Desktop: Avira Control Center.lnk . (.Avira Operations GmbH & Co. KG - Avira Control Center.) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe O4 - GS\Desktop: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>Piriform Ltd O4 - GS\Desktop: Code de la Route.lnk . (.Micro Application - Code de la Route.) -- E:\Logiciel\permis\CDR.exe O4 - GS\Desktop: COMODO Firewall.lnk . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe O4 - GS\Desktop: Diablo III.lnk . (.Blizzard Entertainment - Diablo III Setup.) -- E:\Jeuxinstalés\Diablo3full\Diablo III\Diablo III Launcher.exe O4 - GS\Desktop: GeekBuddy.lnk . (.Comodo Security Solutions Inc. - livePCsupport launcher application.) -- C:\Program Files\COMODO\GeekBuddy\launcher.exe O4 - GS\Desktop: HD ADeck.lnk . (.VIA Technologies, Inc. - HDeck MFC Application.) -- C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe O4 - GS\Desktop: Ma-Config.com - Start the detection.lnk . (.CybelSoft - Ma-Config.com start detection.) -- C:\Program Files\ma-config.com\MCDetection.exe O4 - GS\Desktop: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Documents and Settings\Mouton\Desktop\Malwarebytes' Anti-Malware\mbam.exe O4 - GS\Desktop: MBRCheck.lnk . (...) -- C:\Documents and Settings\Mouton\Desktop\ZHPDiag\mbrcheck.exe O4 - GS\Desktop: Microsoft LifeCam.lnk . (.Microsoft Corporation - LifeCam.exe.) -- C:\Program Files\Microsoft LifeCam\LifeCam.exe O4 - GS\Desktop: mouton.lnk - Clé orpheline O4 - GS\Desktop: Paramètres de la souris et du clavier Logitech.lnk . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - GS\Desktop: VLC media player.lnk . (...) -- C:\Program Files\VideoLAN\VLC\vlc.exe O4 - GS\Desktop: Your Freedom.lnk . (.resolution Reichert Network Solutions GmbH - Your Freedom client software.) -- C:\Program Files\Your Freedom\freedom.exe O4 - GS\Desktop: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Documents and Settings\Mouton\Desktop\ZHPDiag\ZHPhep.exe O4 - GS\Desktop: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Documents and Settings\Mouton\Desktop\ZHPDiag\ZHPFix\ZHPhep.exe O4 - GS\Desktop: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.µTorrent O4 - GS\Desktop: eteindre.lnk . (...) -- C:\Documents and Settings\Mouton\Desktop\outils\off.bat O4 - GS\Desktop: Google Drive.lnk . (...) -- C:\Documents and Settings\Mouton\My Documents\Google Drive O4 - GS\Desktop: Guitar Hero III.lnk . (.Aspyr Media, Inc. - Guitar Hero III.) -- E:\Jeuxinstalés\guitarhero\GH3.exe O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Desktop: Proxifier.lnk . (.Initex - Proxifier Standard Edition v3.15.) -- C:\Program Files\Proxifier\Proxifier.exe O4 - GS\Desktop: Shortcut to Local Disk (E).lnk . (...) -- E:\ O4 - GS\Desktop: Shortcut to PlantsVsZombies.exe.lnk . (...) -- E:\Jeux\Plants_vs._Zombies\PlantsVsZombies.exe O4 - GS\Desktop: Shortcut to TESV.exe.lnk . (.Bethesda Softworks - Skyrim.) -- E:\Jeuxinstalés\The Elder Scrolls V Skyrim\TESV.exe O4 - GS\Desktop: Shortcut to Vie quotidienne.docx.lnk . (...) -- C:\Documents and Settings\Mouton\Local Settings\Temp\Vie quotidienne.docx (.not file.) O4 - GS\Desktop: Sounds and Audio Devices.lnk - Clé orpheline O4 - GS\Desktop: StarCraft II.lnk . (.Blizzard Entertainment - StarCraft II Setup.) -- C:\Program Files\StarCraft II\StarCraft II.exe O4 - GS\Desktop: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files\Steam\Steam.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - ActiveSync Favorite Synchronization.) -- C:\Program Files\MI3AA1~1\INetRepl.dll O9 - Extra button: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -- Clé orpheline O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} -- (.not file.) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000005\Winsock LSP File . (.Pas de propriétaire - Proxifier Namespace Service Provider.) -- C:\WINDOWS\system32\PrxerNsp.dll ~ Winsock: 5 Legitimates Filtered in 00mn 00s ---\\ Piratage de l'Option 'Rétablir les paramètres Web' (O14) O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com" ~ IE Paramètres WEB: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281877548328 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1355378613281 O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{5116D062-B9E3-4FAF-AABC-4063C077E212}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\..\{5116D062-B9E3-4FAF-AABC-4063C077E212}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{5116D062-B9E3-4FAF-AABC-4063C077E212}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS1\Services\Tcpip\..\{5116D062-B9E3-4FAF-AABC-4063C077E212}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{5116D062-B9E3-4FAF-AABC-4063C077E212}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{5116D062-B9E3-4FAF-AABC-4063C077E212}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CS3\Services\Tcpip\..\{5116D062-B9E3-4FAF-AABC-4063C077E212}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Offline Network Agent.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - Secondary Logon Service Notification DLL.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - UPNP Tray Monitor and Folder.) -- C:\WINDOWS\system32\upnpui.dll ~ SSODL: 6 Legitimates Filtered in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Browseui preloader - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Logitech Easy Synchronization (Logitech Easy Synchronization) . (...) - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe O23 - Service: Vodafone Connector Service (VodafoneConnectorService) . (.Vodafone Group - VodafoneConnectorService.) - C:\Program Files\Vodafone\Via The Phone\VodafoneConnectorService.exe ~ Services: 26 Legitimates Filtered in 00mn 09s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop Component 0: My Current Home Page - file:About:Home O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Mouton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Mouton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Install_NSS.job [366] [MD5.00000000000000000000000000000000] [APT] [Install_NSS] (...) -- C:\Program Files\DivX\Symantec\scstubinstaller.exe (.not file.) [0] ~ Scheduled Task: 13 Legitimates Filtered in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (sp_rsdrv2) . (...) - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ~ Drivers: 92 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Barbarian Invasion - (...) [HKLM] -- {FD69C8CB-6964-432C-98AB-A5A09ED50EEA} O42 - Logiciel: LameACM - (...) [HKLM] -- LameACM O42 - Logiciel: Shareaza 2.6.0.0 - (.Shareaza Development Team.) [HKLM] -- Shareaza_is1 O42 - Logiciel: SplitCam - (.SplitCam Co.) [HKLM] -- SplitCam O42 - Logiciel: System.Data.SQLite v1.0.76.0 - (.System.Data.SQLite Team.) [HKLM] -- {02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1 O42 - Logiciel: Webplayer Toolbar 2.1 - (.Webplayer Toolbar.) [HKLM] -- {b0439fd3-8f96-400d-9515-eb8122ee1f21}_is1 ~ Logic: 446 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Malfador Machinations] [HKCU\Software\Nival Interactive] [HKCU\Software\Shareaza] [HKCU\Software\SplitCam] [HKCU\Software\WebplayerToolbar] [HKCU\Software\“V‘R‘fÞ] [HKLM\Software\Shareaza] [HKLM\Software\Sirius] [HKLM\Software\Trymedia Systems] =>Adware.Trymedia ~ Key Software: 327 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 26/06/2011 - 05:15:23 - [0,000] ----D C:\Program Files\Camersoft O43 - CFD: 11/09/2011 - 20:05:44 - [1908,344] ----D C:\Program Files\Huyustus O43 - CFD: 20/07/2012 - 22:19:46 - [42,574] ----D C:\Program Files\ICQ7.5 O43 - CFD: 29/12/2010 - 17:41:34 - [0,073] ----D C:\Program Files\LameACM O43 - CFD: 04/12/2012 - 02:00:56 - [28,721] ----D C:\Program Files\Shareaza O43 - CFD: 18/05/2013 - 21:21:30 - [5,617] ----D C:\Program Files\Space Empires V O43 - CFD: 29/12/2011 - 08:16:17 - [189,677] ----D C:\Program Files\SplitCam O43 - CFD: 04/11/2011 - 03:48:31 - [7,223] ----D C:\Program Files\System.Data.SQLite O43 - CFD: 03/12/2011 - 02:29:49 - [9,467] ----D C:\Program Files\Zygocam O43 - CFD: 14/03/2013 - 20:43:10 - [0,003] ----D C:\Documents and Settings\Mouton\Application Data\.oit O43 - CFD: 05/08/2011 - 18:08:06 - [0,061] ----D C:\Documents and Settings\Mouton\Application Data\AtomZombieDemoData O43 - CFD: 16/10/2009 - 19:52:23 - [0,390] ----D C:\Documents and Settings\Mouton\Application Data\Shareaza O43 - CFD: 13/09/2011 - 01:26:57 - [0] ----D C:\Documents and Settings\Mouton\Local Settings\Application Data\28050 O43 - CFD: 03/11/2011 - 09:05:43 - [935,188] ----D C:\Documents and Settings\Mouton\Local Settings\Application Data\MooExt O43 - CFD: 16/10/2009 - 19:52:23 - [620,516] ----D C:\Documents and Settings\Mouton\Local Settings\Application Data\Shareaza O43 - CFD: 08/10/2009 - 21:23:39 - [0,001] ----D C:\Documents and Settings\Mouton\Start Menu\Programs\“V‘R‘fÞ ~ Program Folder: 264 Legitimates Filtered in 00mn 02s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.65D7FAAD87FBC25BF170789AA4BE6CB8] - 19/06/2013 - 12:47:02 ---A- . (...) -- C:\WINDOWS\popcinfot.dat [25] O44 - LFC:[MD5.BCE65D5198DE2875917B4C326B0372A2] - 19/06/2013 - 09:54:26 ---A- . (...) -- C:\WINDOWS\wiadebug.log [157] O44 - LFC:[MD5.E431037D6565AB75DCE6B521138CF179] - 19/06/2013 - 09:54:25 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.FA579938B0733B87066546AFE951082C] - 18/06/2013 - 23:37:21 ---A- . (...) -- C:\Boot.bak [211] O44 - LFC:[MD5.48C65662EC81FBCAA110509F50C51497] - 18/06/2013 - 23:37:19 RSHA- . (...) -- C:\cmldr [263488] O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 18/06/2013 - 23:32:38 ---A- . (...) -- C:\WINDOWS\MBR.exe [208896] O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 18/06/2013 - 23:32:38 ---A- . (...) -- C:\WINDOWS\PEV.exe [256000] O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 18/06/2013 - 23:32:38 ---A- . (...) -- C:\WINDOWS\grep.exe [80412] O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 18/06/2013 - 23:32:38 ---A- . (...) -- C:\WINDOWS\sed.exe [98816] O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 18/06/2013 - 23:32:38 ---A- . (...) -- C:\WINDOWS\zip.exe [68096] O44 - LFC:[MD5.81A0357693E251098AB0267BE6971280] - 18/06/2013 - 17:04:07 ---A- . (...) -- C:\DelFix.txt [339] O44 - LFC:[MD5.9CB1D4C44092E93833D05E773E431261] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [117471] O44 - LFC:[MD5.7E75775E345CE1F50B1C06B3F5081D45] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [8075] O44 - LFC:[MD5.62FDC39E35E3C96C454B47C0F8D2C85A] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\comsetup.log [38884] O44 - LFC:[MD5.140D2A2608B7F22866CF1551E83F3E96] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\iis6.log [125492] O44 - LFC:[MD5.AA5D5F6881145474885C6155927065BE] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\imsins.log [1374] O44 - LFC:[MD5.8F01524AB411F85867F0A2C97F0ED537] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\msgsocm.log [5871] O44 - LFC:[MD5.6CC6944060C9A8F1DE2566539A10F6B2] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\msmqinst.log [35380] O44 - LFC:[MD5.61A8042D41BA86E8B940F1D6C140A6F0] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\netfxocm.log [20577] O44 - LFC:[MD5.CD00E695FCECBCFA63757D22E9574921] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [23568] O44 - LFC:[MD5.714AB9F75653A983B11A6CB676F66F65] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\ocgen.log [56164] O44 - LFC:[MD5.DB7B1ED64ABC69E0DA7DB9506DC0E040] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\ocmsn.log [6498] O44 - LFC:[MD5.C775D6419F27F87B46E5E4438E7113CD] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\tabletoc.log [5909] O44 - LFC:[MD5.DE0606B1C16AE8F1D13B9AC4C61BEEAA] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\tsoc.log [53601] O44 - LFC:[MD5.0D52B8F64719D67A6DA09BAB3C24136C] - 15/06/2013 - 03:21:47 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374] O44 - LFC:[MD5.3C22A34DB7F632A3C0A850E05ED29A7D] - 15/06/2013 - 03:21:38 ---A- . (...) -- C:\WINDOWS\updspapi.log [13490] O44 - LFC:[MD5.EE52541150655ACC9B9B23F23C45FA04] - 08/06/2013 - 15:25:58 ---A- . (...) -- C:\img2-001.raw [230424] ~ Files: 44 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.B7C17B84D7D15C540DD2B931E0250330] - 12/06/2013 - 01:22:41 ---A- - C:\WINDOWS\Prefetch\WORDVIEW.EXE-08BD9A01.pf O45 - LFCP:[MD5.D476CD41D47E78778C2937698A9669F2] - 14/06/2013 - 01:54:37 ---A- - C:\WINDOWS\Prefetch\HEROES3.EXE-3770266B.pf O45 - LFCP:[MD5.3751322C9377717EBEF4C0F859190DEC] - 14/06/2013 - 18:00:23 ---A- - C:\WINDOWS\Prefetch\GH3.EXE-25F165C0.pf O45 - LFCP:[MD5.1C4115661DB61789085D642FC3C079E0] - 15/06/2013 - 02:43:41 ---A- - C:\WINDOWS\Prefetch\DXDLLREG.EXE-39C012FF.pf O45 - LFCP:[MD5.6E889FAA473C5E604C9A71B2702BD1D2] - 15/06/2013 - 02:44:15 ---A- - C:\WINDOWS\Prefetch\DXDLLREG.EXE-338FC561.pf O45 - LFCP:[MD5.B3B9BB484EB803B4DCC4423831128442] - 15/06/2013 - 23:35:11 ---A- - C:\WINDOWS\Prefetch\WLXQUICKTIMECONTROLHOST.EXE-271639BF.pf O45 - LFCP:[MD5.99B8F349B39EE06A46BA58F8563CE314] - 16/06/2013 - 01:41:28 ---A- - C:\WINDOWS\Prefetch\ROBOTCLIC.EXE-108028E2.pf O45 - LFCP:[MD5.8FCDDDE789CC052BC32E1A22CB3C6078] - 16/06/2013 - 02:18:11 ---A- - C:\WINDOWS\Prefetch\LIFEENC2.EXE-2B883052.pf O45 - LFCP:[MD5.D89F82B4E1D474C7FD299DFDD5755F8B] - 16/06/2013 - 02:18:16 ---A- - C:\WINDOWS\Prefetch\LIFETRAY.EXE-36181759.pf O45 - LFCP:[MD5.064EC63AE5F1527A1CC6177ECA8F3941] - 16/06/2013 - 18:01:33 ---A- - C:\WINDOWS\Prefetch\RELICCOH2.EXE-03CD7BD9.pf O45 - LFCP:[MD5.007D7B60727D0EFA0E0BEA7DD6B22D5D] - 17/06/2013 - 17:12:19 ---A- - C:\WINDOWS\Prefetch\CACAOWEB.EXE-022A14F5.pf =>PUP.CacaoWeb O45 - LFCP:[MD5.CFB470929909D95B1FC6F1C002F5B1E5] - 19/06/2013 - 09:55:15 ---A- - C:\WINDOWS\Prefetch\HDECK.EXE-00161107.pf O45 - LFCP:[MD5.CF76FFFB6FB7C1ED63D956E89ED78295] - 19/06/2013 - 09:55:15 ---A- - C:\WINDOWS\Prefetch\LOGITECHEASYSYNC.EXE-1F3F5E19.pf O45 - LFCP:[MD5.35462FB18894F1E43F9F7DCC9FCC45D0] - 19/06/2013 - 09:55:16 ---A- - C:\WINDOWS\Prefetch\CFP.EXE-1E7EB3AA.pf O45 - LFCP:[MD5.903FBD3623B9199AC530CB2DCE4CC64E] - 19/06/2013 - 09:55:16 ---A- - C:\WINDOWS\Prefetch\FUFAXRCV.EXE-068C1C00.pf O45 - LFCP:[MD5.1AB2EB68AEC297BBA446A1B41D304FF4] - 19/06/2013 - 09:55:16 ---A- - C:\WINDOWS\Prefetch\FUFAXSTM.EXE-285BC6E9.pf O45 - LFCP:[MD5.037483F6C21C2533FC671043B3D0DB84] - 19/06/2013 - 09:55:16 ---A- - C:\WINDOWS\Prefetch\SETPOINT.EXE-015059E8.pf O45 - LFCP:[MD5.E3E99DB9A7B930842C0BB6299C483206] - 19/06/2013 - 09:55:16 ---A- - C:\WINDOWS\Prefetch\SETPOINT.EXE-1A5FD1F0.pf O45 - LFCP:[MD5.5CE6D06B37769B926BD8C37BC5057D30] - 19/06/2013 - 09:55:16 ---A- - C:\WINDOWS\Prefetch\WCESCOMM.EXE-062FDF7F.pf O45 - LFCP:[MD5.59B586C4455416803A5CED1686AAA669] - 19/06/2013 - 09:55:18 ---A- - C:\WINDOWS\Prefetch\RAPIMGR.EXE-105F1493.pf O45 - LFCP:[MD5.85EE1D28D7BDB1D50218867099D444CC] - 19/06/2013 - 09:55:19 ---A- - C:\WINDOWS\Prefetch\UNIT_MANAGER.EXE-307FD43E.pf O45 - LFCP:[MD5.759E3549A465FFA7189A450471247F4F] - 19/06/2013 - 12:05:42 ---A- - C:\WINDOWS\Prefetch\POPCAPGAME1.EXE-069DFA3F.pf O45 - LFCP:[MD5.83415DE4261105C6C7C41EB793CF8944] - 19/06/2013 - 12:05:47 ---A- - C:\WINDOWS\Prefetch\PLANTSVSZOMBIES.EXE-3771D1B9.pf ~ Prefetcher: 130 Legitimates Filtered in 00mn 00s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll O46 - SEH:ShellExecuteHooks - ShellExecuteHook class - {FE24CD78-7C63-465D-8787-4EDF7FC79895} - C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\Program Files\Your Freedom\freedom.exe" [Enabled] .(.resolution Reichert Network Solutions GmbH.) -- C:\Program Files\Your Freedom\freedom.exe O47 - AAKE:Key Export SP - "C:\Documents and Settings\Mouton\Local Settings\Application Data\Akamai\netsession_win.exe" [Enabled] .(...) -- C:\Documents and Settings\Mouton\Local Settings\Application Data\Akamai\netsession_win.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.976\Agent.exe" [Enabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.976\Agent.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\StarCraft II 2012 Beta\StarCraft II Beta.exe" [Enabled] .(...) -- C:\Program Files\StarCraft II 2012 Beta\StarCraft II Beta.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.998\Agent.exe" [Enabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.998\Agent.exe (.not file.) O47 - AAKE:Key Export SP - "E:\Jeux\DDOinst\dndclient.exe" [Enabled] .(...) -- E:\Jeux\DDOinst\dndclient.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\StarCraft II\Versions\Base21029\SC2.exe" [Enabled] .(...) -- C:\Program Files\StarCraft II\Versions\Base21029\SC2.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Tencent\QQIntl\Bin\QQ.exe" [Enabled] .(...) -- C:\Program Files\Tencent\QQIntl\Bin\QQ.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Tencent\QQIntl\Bin\auclt.exe" [Enabled] .(...) -- C:\Program Files\Tencent\QQIntl\Bin\auclt.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Tencent\QQIntl\Bin\txupd.exe" [Enabled] .(...) -- C:\Program Files\Tencent\QQIntl\Bin\txupd.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1040\Agent.exe" [Enabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1040\Agent.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\StarCraft II\sc2-x.x.x.x-1.5.0.22342-enUS-Downloader.exe" [Enabled] .(...) -- C:\Program Files\StarCraft II\sc2-x.x.x.x-1.5.0.22342-enUS-Downloader.exe (.not file.) O47 - AAKE:Key Export SP - "C:\Program Files\Shareaza\Shareaza.exe" [Enabled] .(.Shareaza Development Team.) -- C:\Program Files\Shareaza\Shareaza.exe O47 - AAKE:Key Export SP - "C:\Program Files\cacaoweb\cacaoweb.exe" [Enabled] .(...) -- C:\Program Files\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb ~ Keys Export: 44 Legitimates Filtered in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \drivers.desc\"mciqtz32.dll"="mciqtz32.dll" . (...) -- C:\WINDOWS\system32\mciqtz32.dll ~ TDSD: 24 Legitimates Filtered in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\Badoo Desktop [Key] . (...) -- C:\Documents and Settings\All Users\Application Data\Badoo\Badoo desktop\1.6.30.1009\Badoo.desktop.exe (.not file.) ~ SMSR Keys: 6 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.95B4FB835E28AA1336CEEB07FD5B9398] - 13/04/2008 - 19:36:39 ----- . (.Advanced Micro Devices, Inc. - AMD Win2000 AGP Filter.) -- C:\WINDOWS\system32\Drivers\amdagp.sys [43008] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 04/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 16/06/2013 - 00:54:18 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\bookmarkbackups\bookmarks-2013-06-16.json [26075] O61 - LFC: 16/06/2013 - 02:17:38 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\000304.sst [159] O61 - LFC: 16/06/2013 - 03:04:46 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Microsoft\LifeEnC2.exe_StrongName_rfxtevkrx4mwctk21ysagzokh3nchq2z\3.22.270.0\user.config [1092] O61 - LFC: 16/06/2013 - 13:33:14 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG.old [145] O61 - LFC: 16/06/2013 - 13:34:04 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Last Tabs [4338] O61 - LFC: 16/06/2013 - 13:34:04 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\000307.sst [159] O61 - LFC: 16/06/2013 - 13:34:06 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Last Session [5825] O61 - LFC: 16/06/2013 - 13:34:06 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG.old [359] O61 - LFC: 16/06/2013 - 13:39:18 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Certificate Revocation Lists [270879] O61 - LFC: 16/06/2013 - 13:43:50 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG.old [148] O61 - LFC: 16/06/2013 - 14:34:22 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\search-metadata.json [180] O61 - LFC: 16/06/2013 - 16:49:22 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\chrome.manifest [2681] O61 - LFC: 16/06/2013 - 16:49:22 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\chrome\flagfox\content.jar [802816] O61 - LFC: 16/06/2013 - 16:49:22 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\chrome\flagfox\modules\flagfox.jsm [71632] O61 - LFC: 16/06/2013 - 16:49:22 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\chrome\flagfox\modules\ipdb.jsm [9327] O61 - LFC: 16/06/2013 - 16:49:22 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\defaults\preferences\defaultpreferences.js [4823] O61 - LFC: 16/06/2013 - 16:49:22 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\install.rdf [1814] O61 - LFC: 16/06/2013 - 16:49:22 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\ipdb\ip4.db [489672] O61 - LFC: 16/06/2013 - 16:49:22 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\ipdb\ip6.db [235816] O61 - LFC: 16/06/2013 - 16:49:22 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\ipdb\metadata.js [120] O61 - LFC: 16/06/2013 - 21:51:29 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT [16] O61 - LFC: 16/06/2013 - 21:51:29 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000058 [248] O61 - LFC: 16/06/2013 - 21:51:30 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG [145] O61 - LFC: 16/06/2013 - 21:51:34 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\CURRENT [16] O61 - LFC: 16/06/2013 - 21:51:34 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000261 [436] O61 - LFC: 16/06/2013 - 21:51:39 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Managed Mode Settings [8] O61 - LFC: 16/06/2013 - 21:51:40 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session [4573] O61 - LFC: 16/06/2013 - 21:51:40 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Tabs [4338] O61 - LFC: 16/06/2013 - 21:51:41 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\000310.sst [159] O61 - LFC: 16/06/2013 - 21:51:41 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\CURRENT [16] O61 - LFC: 16/06/2013 - 21:51:41 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000309 [4438] O61 - LFC: 16/06/2013 - 21:51:42 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2013-06 [36864] O61 - LFC: 16/06/2013 - 21:51:42 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2013-06-journal [16384] O61 - LFC: 16/06/2013 - 21:51:42 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG [359] O61 - LFC: 16/06/2013 - 21:52:01 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies [228352] O61 - LFC: 16/06/2013 - 21:52:01 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal [16384] O61 - LFC: 16/06/2013 - 21:53:24 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download [678084] O61 - LFC: 16/06/2013 - 21:53:26 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom [9202312] O61 - LFC: 16/06/2013 - 21:53:26 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set [1746656] O61 - LFC: 16/06/2013 - 21:53:26 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Csd Whitelist [135072] O61 - LFC: 16/06/2013 - 21:53:26 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download Whitelist [19616] O61 - LFC: 16/06/2013 - 21:53:26 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Extension Blacklist [5268] O61 - LFC: 16/06/2013 - 21:53:50 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG [148] O61 - LFC: 16/06/2013 - 21:53:50 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\History [2330624] O61 - LFC: 16/06/2013 - 21:53:50 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\History Provider Cache [1625] O61 - LFC: 16/06/2013 - 21:53:50 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal [16384] O61 - LFC: 16/06/2013 - 21:53:50 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Local State [36007] O61 - LFC: 16/06/2013 - 21:53:50 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies [6144] O61 - LFC: 16/06/2013 - 21:53:50 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies-journal [4640] O61 - LFC: 16/06/2013 - 21:53:51 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\chrome_shutdown_ms.txt [4] O61 - LFC: 17/06/2013 - 12:09:28 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\bookmarkbackups\bookmarks-2013-06-17.json [26075] O61 - LFC: 18/06/2013 - 03:00:16 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\bookmarkbackups\bookmarks-2013-06-18.json [26075] O61 - LFC: 18/06/2013 - 15:44:54 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\healthreport\lastpayload.json [23555] O61 - LFC: 18/06/2013 - 16:51:43 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\search.json [14031] O61 - LFC: 18/06/2013 - 16:52:00 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\pluginreg.dat [13224] O61 - LFC: 18/06/2013 - 16:55:24 ---A- C:\Documents and Settings\Mouton\Recent\AdwCleaner[S1].txt.lnk [523] O61 - LFC: 18/06/2013 - 17:05:34 ---A- C:\Documents and Settings\Mouton\Recent\DelFix.txt.lnk [481] O61 - LFC: 18/06/2013 - 17:11:23 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\saved-telemetry-pings\2e2308ef-03a1-46a2-89c5-f8026949d949 [74839] O61 - LFC: 18/06/2013 - 17:12:08 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\saved-telemetry-pings\acfd765f-ed2b-45fd-86bd-c8225e41f2c6 [50234] O61 - LFC: 18/06/2013 - 17:12:42 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [80949] O61 - LFC: 18/06/2013 - 17:16:46 ---A- C:\Documents and Settings\Mouton\Recent\AdwCleaner[S2].txt.lnk [523] O61 - LFC: 18/06/2013 - 17:17:54 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\blocklist.xml [65991] O61 - LFC: 18/06/2013 - 17:19:57 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\addons.sqlite [589824] O61 - LFC: 18/06/2013 - 17:19:59 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\extensions.sqlite [524288] O61 - LFC: 18/06/2013 - 18:06:27 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\saved-telemetry-pings\0ecb6971-f1f4-4437-a075-abb5134397fd [80675] O61 - LFC: 18/06/2013 - 22:42:43 ---A- C:\Documents and Settings\Mouton\Recent\mbam-log-2013-06-18 (18-21-49).txt.lnk [603] O61 - LFC: 18/06/2013 - 22:45:47 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\content-prefs.sqlite [28672] O61 - LFC: 18/06/2013 - 22:45:47 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\saved-telemetry-pings\ada6bbff-ad3f-47ad-8a76-c3a5f8092a06 [66056] O61 - LFC: 18/06/2013 - 23:02:13 ---A- C:\Documents and Settings\Mouton\Recent\ZHPDiag.txt.lnk [486] O61 - LFC: 18/06/2013 - 23:17:09 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\saved-telemetry-pings\52254e49-45fd-45a1-b0b2-704969246fa0 [74809] O61 - LFC: 18/06/2013 - 23:17:10 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\bookmarkbackups\bookmarks-2013-06-19.json [26075] O61 - LFC: 18/06/2013 - 23:32:02 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\saved-telemetry-pings\2006241a-1960-4494-b2e6-bbd3f1a8494d [55167] O61 - LFC: 18/06/2013 - 23:56:18 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\saved-telemetry-pings\68e871ec-c88a-41e5-a41e-0f84765ffdc5 [54807] O61 - LFC: 19/06/2013 - 00:06:46 ---A- C:\Documents and Settings\Mouton\Recent\New Text Document.txt.lnk [538] O61 - LFC: 19/06/2013 - 00:21:16 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\saved-telemetry-pings\cc548ed6-036b-4c1f-8908-5f97b8fa315b [75010] O61 - LFC: 19/06/2013 - 00:21:16 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\sessionstore.bak [165797] O61 - LFC: 19/06/2013 - 09:54:22 -SHA- C:\Documents and Settings\Mouton\Application Data\Microsoft\Credentials\S-1-5-21-436374069-1788223648-725345543-1003\Credentials [1316] O61 - LFC: 19/06/2013 - 09:54:22 -SHA- C:\Documents and Settings\Mouton\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-436374069-1788223648-725345543-1003\Credentials [21578] O61 - LFC: 19/06/2013 - 09:56:54 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\parent.lock [0] O61 - LFC: 19/06/2013 - 09:57:12 -SHA- C:\Documents and Settings\Mouton\IETldCache\index.dat [262144] O61 - LFC: 19/06/2013 - 09:57:16 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\webapps\webapps.json [2] O61 - LFC: 19/06/2013 - 09:57:25 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\ImTranslator\profile.imt [483] O61 - LFC: 19/06/2013 - 09:57:34 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\urlclassifierkey3.txt [154] O61 - LFC: 19/06/2013 - 10:03:11 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\adblockplus\elemhide.css [2434789] O61 - LFC: 19/06/2013 - 13:00:43 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\signons.sqlite [99328] O61 - LFC: 19/06/2013 - 13:14:15 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\webappsstore.sqlite [2588672] O61 - LFC: 19/06/2013 - 13:38:44 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\startupCache\startupCache.4.little [1517470] O61 - LFC: 19/06/2013 - 13:40:38 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\formhistory.sqlite [1080320] O61 - LFC: 19/06/2013 - 13:48:09 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\cookies.sqlite [1048576] O61 - LFC: 19/06/2013 - 13:48:11 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\saved-telemetry-pings\f6c4d695-defc-4b79-bb7c-89b8d6b3dec1 [84797] O61 - LFC: 19/06/2013 - 13:48:13 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\dh-media-lists.rdf [520] O61 - LFC: 19/06/2013 - 13:48:13 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\dh-smart-names.rdf [60617] O61 - LFC: 19/06/2013 - 13:48:13 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\downloads.sqlite [98304] O61 - LFC: 19/06/2013 - 13:48:13 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\healthreport.sqlite [1146880] O61 - LFC: 19/06/2013 - 13:48:13 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\sessionstore.js [195456] O61 - LFC: 19/06/2013 - 13:48:14 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\localstore.rdf [60140] O61 - LFC: 19/06/2013 - 13:48:14 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\permissions.sqlite [5120] O61 - LFC: 19/06/2013 - 13:48:14 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\places.sqlite [20971520] O61 - LFC: 19/06/2013 - 13:48:14 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\_CACHE_CLEAN_ [1] O61 - LFC: 19/06/2013 - 13:48:15 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\Telemetry.ShutdownTime.txt [6] O61 - LFC: 19/06/2013 - 13:48:15 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\prefs.js [38008] O61 - LFC: 19/06/2013 - 13:48:16 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\cert8.db [360448] O61 - LFC: 19/06/2013 - 13:48:16 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\key3.db [16384] ~ 11 Fichiers temporaires (Temporary files) ~ 4 Fichiers cookies (Cookies files) ~ Files: 1221 Legitimates Filtered in 00mn 09s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 30/08/2011 - C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE O64 - Services: CurCS - 17/04/2013 - C:\Program Files\Common Files\COMODO\launcher_service.exe (CLPSLauncher) .(.Comodo Security Solutions Inc. - livePCsupport launcher system service.) - LEGACY_CLPSLAUNCHER O64 - Services: CurCS - 17/04/2013 - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe (GeekBuddyRSP) .(.Comodo Security Solutions, Inc. - GeekBuddy Remote Screen Protocol Server.) - LEGACY_GEEKBUDDYRSP O64 - Services: CurCS - 22/11/2011 - C:\Program Files\Spyware Terminator\st_rsser.exe (ST2012_Svc) .(.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) - LEGACY_ST2012_SVC O64 - Services: CurCS - 14/05/2010 - C:\Program Files\Vodafone\Via The Phone\VodafoneConnectorService.exe (VodafoneConnectorService) .(.Vodafone Group - VodafoneConnectorService.) - LEGACY_VODAFONECONNECTORSERVICE O64 - Services: CurCS - 09/11/2008 - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (YahooAUService) .(.Yahoo! Inc. - AutoUpater Service Module.) - LEGACY_YAHOOAUSERVICE ~ Legacy: 175 Legitimates Filtered in 00mn 03s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Adobe Systems, Inc. - Adobe Dreamweaver CS5.) -- C:\Program Files\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe ~ FASS Keys: 17 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {8A244612-A1F7-11E0-95C0-E71F4824019B} - (Web Search) - http://search.certified-toolbar.com =>PUP.CertifiedToolbar O69 - SBI: SearchScopes [HKCU] {B536885E-5BD9-4199-8B26-76CD4C25AD07} - (Live Search) - http://search.live.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.33798C860C211501B04B795BA915A8F4] [SPRF][15/06/2012] (...) -- C:\Documents and Settings\Mouton\Local Settings\Application Data\fusioncache.dat [129] [MD5.73709547A3B136DE4FCFDE3EF78C1B8F] [SPRF][14/12/2012] (...) -- C:\Documents and Settings\Mouton\Application Data\PnkBstrK.sys [138056] [MD5.83462636B733B8C345E0499140E3531E] [SPRF][10/01/2013] (...) -- C:\Documents and Settings\Mouton\Desktop\cc_20130110_063009.reg [315402] [MD5.EB2543728CED96CAFFC60D252FF8AB92] [SPRF][18/06/2013] (.Swearware - ComboFix NSIS Installer.) -- C:\Documents and Settings\Mouton\Desktop\mouton.exe [5081021] [MD5.4EBAADDE48169D9C149FF5C57FA2CE86] [SPRF][15/10/2011] (...) -- C:\Documents and Settings\Mouton\Desktop\RobotClic.exe [131072] [MD5.FBD3701C6FA07A4D896E6ED786D9142E] [SPRF][19/06/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\Mouton\Desktop\ZHPDiag2(1).exe [5680617] [MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [24576] [MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [196608] [MD5.5095D657B76B7F782A9F626273170A79] [SPRF][22/02/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.2 r152.) -- C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [2871968] [MD5.B8F39C9E0F0B71E454DBA431CF3B99C9] [SPRF][11/08/2005] (.Macrovision Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [417792] ~ Files: Scanned in 00mn 00s ---\\ Scan Additionnel (O88) Database Version : v2.12511 - (18/06/2013) Clés trouvées (Keys found) : 9 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\setup.player] =>Spyware.MarketScore [HKLM\Software\Classes\setup.player.2k2] =>Spyware.MarketScore [HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{b0439fd3-8f96-400d-9515-eb8122ee1f21}_is1] =>Toolbar.Agent ~ Additionnel Scan: 422950 Items scanned in 00mn 14s ---\\ Product Upgrade Codes (O90) O90 - PUC: "0C6A1EC07F3F6E94F8D942139F284714" . (.Guitar Hero III.) -- C:\WINDOWS\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\ARPPRODUCTICON.exe O90 - PUC: "0FDBBA955E1EFA8458BF5F320AC84309" . (.STREET FIGHTER IV.) -- C:\WINDOWS\Installer\{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}\ARPPRODUCTICON.exe O90 - PUC: "B6BB246AD1AC2414D84D13C8F3D38C43" . (.Rome - Total War(TM).) -- C:\WINDOWS\Installer\{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}\ARPPRODUCTICON.exe O90 - PUC: "C99998047BC6D9F42A6FBD51D8FB19BF" . (.Rome - Total War(TM).) -- C:\WINDOWS\Installer\{4089999C-6CB7-4F9D-A2F6-DB158DBF91FB}\ARPPRODUCTICON.exe ~ Update Products: 111 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 12/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 19/05/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe SR - | Auto 19/05/2013 110816 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe SR - | Auto 09/10/2011 55144 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 17/04/2013 70344 | (CLPSLauncher) . (.Comodo Security Solutions Inc..) - C:\Program Files\Common Files\COMODO\launcher_service.exe SR - | Auto 11/03/2012 1983232 | (cmdAgent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe SS - | Demand 14/04/2008 224768 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SR - | Auto 12/12/2011 122000 | (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\WINDOWS\system32\EscSvc.exe SR - | Auto 27/02/2012 142432 | (EPSON_PM_RPCV4_05) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.exe SR - | Auto 22/12/2009 217088 | (FsUsbExService) . (.Teruten.) - C:\WINDOWS\system32\FsUsbExService.exe SR - | Auto 17/04/2013 1851088 | (GeekBuddyRSP) . (.Comodo Security Solutions, Inc..) - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe SS - | Demand 14/04/2008 14336 | C:\Program Files\NOS\bin\getPlus_Helper.dll (getPlusHelper) . (.NOS Microsystems Ltd..) - C:\WINDOWS\system32\svchost.exe SS - | Auto 02/09/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 02/09/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 09/10/2011 821608 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 16/05/2013 181664 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe SR - | Auto 04/05/2012 88688 | (KaraokeService) . (.VIA Technologies, Inc..) - C:\WINDOWS\system32\KaraokeSer.exe SS - | Demand 01/10/2012 295224 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe SR - | Auto 65536 | (Logitech Easy Synchronization) . (...) - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe SR - | Auto 15/05/2013 755536 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Documents and Settings\Mouton\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Documents and Settings\Mouton\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe SS - | Demand 22/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 71096 | (NMSAccessU) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe SR - | Auto 29/12/2012 157112 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe SS - | Auto 29/12/2012 1260472 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 29/09/2004 69632 | (Pml Driver HPZ12) . (.HP.) - C:\WINDOWS\system32\HPZipm12.exe SR - | Auto 76888 | (PnkBstrA) . (...) - C:\WINDOWS\system32\PnkBstrA.exe SR - | Auto 189072 | (PnkBstrB) . (...) - C:\WINDOWS\system32\PnkBstrB.exe SS - | Demand 11/11/2008 620544 | (ServiceLayer) . (.Nokia..) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe SS - | Auto 03/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 22/11/2011 482992 | (ST2012_Svc) . (.Crawler.com.) - C:\Program Files\Spyware Terminator\st_rsser.exe SR - | Auto 14/05/2010 233472 | (VodafoneConnectorService) . (.Vodafone Group.) - C:\Program Files\Vodafone\Via The Phone\VodafoneConnectorService.exe SR - | Auto 09/11/2008 602392 | (YahooAUService) . (.Yahoo! Inc..) - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe ~ Services: Scanned in 00mn 00s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by Mouton at 19/06/2013 14:55:56 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spdp.sys >>UNKNOWN [0x8B376938]<< spdp.sys 1 ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\Harddisk0\DR0[0x8B31AAB8] kernel: MBR read successfully user & kernel MBR OK ~ MBR: 14 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Mouton at 19/06/2013 14:55:58 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 2729 Legitimates filtered by white list End of the scan (826 lines in 03mn 42s)(0)