Rapport de ZHPDiag v2013.6.19.29 par Nicolas Coolman, Update du 18/06/2013 Run by Laptiteblonde at 22/06/2013 08:53:11 WebSite: http://nicolascoolman.webs.com State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Not Found ---\\ Web Browser MSIE: Internet Explorer v8.0.6001.18702 MFIE: Mozilla Firefox 21.0 (Defaut) GCIE: Google Chrome v27.0.1453.116 OPIE: Opera v12.15 OBIE: Safari v5.34.57.2 ---\\ Windows Product Information ~ Langage: Français Windows XP Home Edition Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : OK ---\\ System Protection Kaspersky Anti-Virus 2013 v13.0.1.4190 Malwarebytes Anti-Malware version 1.75.0.1300 Spybot - Search & Destroy v2.1.19 ---\\ System Optimizer CCleaner v4.02 =>Piriform Ltd Slowin' Killer - Outil d'optimisation pour Windows v1.3 ---\\ Peer To Peer (P2P) ---\\ Software Update Adobe Flash Player 11 Plugin Java 7 Update 21 ---\\ System Information ~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2046.4 MB (69% free) System Restore: Activé (Enable) System drive C: has 79 GB (33%) free of 233 GB ---\\ Logged in mode ~ Computer Name: HOME-91528EAD9E ~ User Name: Laptiteblonde ~ All Users Names: SUPPORT_388945a0, Laptiteblonde, HelpAssistant, ASPNET, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\Laptiteblonde\Application Data\ ~ %Desktop% : C:\Documents and Settings\Laptiteblonde\Bureau\ ~ %Favorites% : C:\Documents and Settings\Laptiteblonde\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\Laptiteblonde\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 79 Go of 233 Go) D:\ CD-ROM drive (Not Inserted) E:\ Floppy drive, Flash card reader, USB Key (Free 6 Go of 7 Go) ---\\ Security Center & Tools Informations ~ Security Center: 29 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824] [MD5.DD11A997125B22963CE49A95F7E32034] - (.Microsoft Corporation - Internet Extensions for Win32.) (.07/05/2013 - 23:28:27.) -- C:\WINDOWS\system32\wininet.dll [920064] [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000] [MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/04/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/171 ~ Mes musiques (My Musics) : 1/123 ~ Mes Videos (My Videos) : 1/6 ~ Mes Favoris (My Favorites) : 1/18 ~ Mes Documents (My Documents) : 1/23588 ~ Mon Bureau (My Desktop) : 0/16605 ~ Menu demarrer (Programs) : 0/69 ~ Hidden Files: Scanned in 00mn 34s ---\\ Processus lancés [MD5.CC9275DB74AD57AC0C3EE823F9922298] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 190.3.) -- C:\WINDOWS\system32\nvsvc32.exe [168004] [PID.356] [MD5.B7822EA8D11717D1FE27295EAFF3E2CE] - (.Broadcom Corporation. - Bluetooth Support Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [266295] [PID.792] [MD5.7A805CE3682BE4B811B17205B640DD1F] - (.Privacyware/PWI, Inc. - Privatefirewall Network Service.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600] [PID.1320] [MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1692] [MD5.587EFD6A3A30A35A27904D21AE1FB882] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376] [PID.1708] [MD5.01A24B415926BB5F772DBE12459D97DE] - (.Microsoft Corporation. - BingBar Service.) -- C:\Program Files\Microsoft\BingBar\BBSvc.exe [196176] [PID.1748] [MD5.D3F9205CC4CB07553F2F9472C767EA87] - (.Teruten - FsUsbDevice.) -- C:\WINDOWS\system32\FsUsbExService.exe [233472] [PID.428] [MD5.5739F2821D49975CEDE6BF0153D0CF01] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [181664] [PID.552] [MD5.69C494AE77EC2CFC31FD4B0D7AB6F24A] - (.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [1777488] [PID.660] [MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.704] [MD5.E155E09229624C69A1A6609C0CB3641F] - (.Ralink Technology, Corp. - RalinkRegistryWriter.) -- C:\Program Files\Ralink\Common\RaRegistry.exe [185632] [PID.736] [MD5.95AA9E165C7DE1B64A11E8B18E91E499] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560] [PID.760] [MD5.E83EAC7ACFE228AFE518FFD6459CE5FF] - (.Privacyware/PWI, Inc. - Privatefirewall 7.0 Application.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe [3011400] [PID.2764] [MD5.D72D08898E2BA14B8FD6E9533C714385] - (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files\FileHippo.com\UpdateChecker.exe [307712] [PID.2820] [MD5.44BA6701B36DE1F6C0661E732080ADCF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7521280] [PID.3892] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences ~ Google Browser: 0 Legitimates Filtered in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\eaesr6o7.default\prefs.js (.not file.) C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\prefs.js C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\zgvlj5cs.Utilisateur par défaut\prefs.js (.not file.) C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\zgvlj5cs.Utilisateur par défaut\prefs.js (.not file.) M0 - MFSP: prefs.js [Laptiteblonde - i0vdqtuy.fanny] http://www.maxisciences.com M2 - MFEP: prefs.js [Laptiteblonde - i0vdqtuy.fanny\{3d7eb24f-2740-49df-8937-200b1cc08f8a}] [] Flashblock v1.5.17 (..) P2 - FPN:Firefox Plugin Navigator . (.MDL Information Systems, Inc (Elsevier MDL) - MDL® Chime Pro 2.6 SP7.) -- C:\Program Files\Mozilla Firefox\Plugins\npchime.dll ~ Firefox Browser: 32 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 01s ~ Nombre de lignes (Lines number): 30464 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corp. - Microsoft Search Helper Extention.) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll ~ BHO: 11 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: EPSON Web-To-Page - [HKLM]{EE5D279F-081B-4404-994D-C6B60AAEBA6D} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe O4 - HKLM\..\Run: [Privatefirewall] . (.Privacyware/PWI, Inc. - Privatefirewall 7.0 Application.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll O4 - HKLM\..\Run: [KernelFaultCheck] Clé orpheline O4 - HKCU\..\Run: [FileHippo.com] . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files\FileHippo.com\UpdateChecker.exe O4 - HKUS\S-1-5-21-861567501-1085031214-839522115-1004\..\Run: [FileHippo.com] . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files\FileHippo.com\UpdateChecker.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}\AppleSoftwareUpdateIco.exe O4 - GS\Programs: Ava Find.lnk . (...) -- C:\WINDOWS\Installer\{909577E9-BFB5-48E2-8237-71DCA373F147}\_4ae13d6c.exe O4 - GS\Programs: Belarc Advisor.lnk . (.Belarc, Inc. - Belarc Advisor and BelMonitor Client Discov.) -- C:\Program Files\Belarc\Advisor\System\NPBelv32.dll O4 - GS\Programs: Driver Detective.lnk . (.Macrovision Corporation - InstallShield.) -- C:\WINDOWS\Installer\{621C02EA-AAFF-4026-A903-165D59529A16}\DriversHQ.DriverDe_212B77217E284373BD0AA155B0932A89.exe O4 - GS\Programs: EA Download Manager.lnk . (.Electronic Arts - EA Download Manager.) -- C:\Program Files\Electronic Arts\EADM\Core.exe O4 - GS\Programs: ILoveENGLISH.lnk . (...) -- C:\Program Files\ILoveENGLISH\ILoveENGLISH.exe O4 - GS\Programs: Microsoft Baseline Security Analyzer 2.2.lnk . (.Microsoft Corporation - Microsoft Baseline Security Analyzer.) -- C:\Program Files\Microsoft Baseline Security Analyzer 2\mbsa.exe O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Programs: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\opera.exe O4 - GS\Programs: Paint.NET.lnk . (.dotPDN LLC - Paint.NET.) -- C:\Program Files\Paint.NET\PaintDotNet.exe O4 - GS\Programs: Safari.lnk . (...) -- C:\WINDOWS\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe O4 - GS\Programs: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe O4 - GS\Programs: Windows Search.lnk . (.Microsoft Corporation - Windows Search System Tray.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - GS\QuickLaunch: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe O4 - GS\QuickLaunch: System Scan.lnk . (.Safer-Networking Ltd. - Malware Scanner.) -- C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe O4 - GS\Programs: eduMap.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\eduMap\eduMap.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe O4 - GS\Programs: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) -- C:\Program Files\PrivaZer\PrivaZer.exe O4 - GS\Programs: Update Checker.lnk . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files\filehippo.com\UpdateChecker.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Clavier virtuel - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\kbrd.ico O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO O9 - Extra button: Analyse des liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\logo.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Internet Explorer Plugins (O12) O12 - Plugin for .csm .(.MDL Information Systems, Inc (Elsevier MDL) - MDL® Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .csml .(.MDL Information Systems, Inc (Elsevier MDL) - MDL® Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .cub .(.MDL Information Systems, Inc (Elsevier MDL) - MDL® Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .cube .(.MDL Information Systems, Inc (Elsevier MDL) - MDL® Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .dx .(.MDL Information Systems, Inc (Elsevier MDL) - MDL® Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .emb .(.MDL Information Systems, Inc (Elsevier MDL) - MDL® Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .embl .(.MDL Information Systems, Inc (Elsevier MDL) - MDL® Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .gau .(.MDL Information Systems, Inc (Elsevier MDL) - MDL® Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .jdx .(.MDL Information Systems, Inc (Elsevier MDL) - MDL® Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .mol .(.MDL Information Systems, Inc (Elsevier MDL) - MDL® Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .mop .(.MDL Information Systems, Inc (Elsevier MDL) - MDL® Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .pdb .(.MDL Information Systems, Inc (Elsevier MDL) - MDL® Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .rxn .(.MDL Information Systems, Inc (Elsevier MDL) - MDL® Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .scr .(.MDL Information Systems, Inc (Elsevier MDL) - MDL® Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .skc .(.MDL Information Systems, Inc (Elsevier MDL) - MDL® Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .spt .(.MDL Information Systems, Inc (Elsevier MDL) - MDL® Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .tgf .(.MDL Information Systems, Inc (Elsevier MDL) - MDL® Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll O12 - Plugin for .xyz .(.MDL Information Systems, Inc (Elsevier MDL) - MDL® Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll ~ IE Extra Buttons: 18 Legitimates Filtered in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: CabBuilder (CabBuilder) - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} ((no name)) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} ((no name)) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340796359625 O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} ((no name)) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} ((no name)) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ((no name)) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{BAB6C0CF-E121-42E0-A282-D4CA821E014C}: NameServer = 178.33.41.181,88.191.223.122 O17 - HKLM\System\CCS\Services\Tcpip\..\{CDB9682E-18E4-4E64-9AF4-8A0C40265C1C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{BAB6C0CF-E121-42E0-A282-D4CA821E014C}: NameServer = 178.33.41.181,88.191.223.122 O17 - HKLM\System\CS1\Services\Tcpip\..\{CDB9682E-18E4-4E64-9AF4-8A0C40265C1C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{BAB6C0CF-E121-42E0-A282-D4CA821E014C}: NameServer = 178.33.41.181,88.191.223.122 O17 - HKLM\System\CS3\Services\Tcpip\..\{CDB9682E-18E4-4E64-9AF4-8A0C40265C1C}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SDWinLogon . (...) -- SDWinLogon.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Privacyware network service (PFNet) . (.Privacyware/PWI, Inc. - Privatefirewall Network Service.) - C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) . (.Ralink Technology, Corp. - RalinkRegistryWriter.) - C:\Program Files\Ralink\Common\RaRegistry.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe ~ Services: 14 Legitimates Filtered in 00mn 04s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Microsoft\Wallpaper1.bmp ~ Desktop Component: 4 Legitimates Filtered in 00mn 00s ---\\ BootExecute (O34) O34 - HKLM BootExecute: (autocheck AUTONTFS C: PAGE=KEEP DIRS=NONE MFT=MIN) - File not found ~ BEX: 2 Legitimates Filtered in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (BANTExt) . (...) - C:\WINDOWS\system32\Drivers\BANTExt.sys O41 - Driver: (MagicTune) . (.Samsung Electronics, Inc. - MagicTunePremium Driver.) - C:\WINDOWS\system32\drivers\MTiCtwl.sys O41 - Driver: (sp_rsdrv2) . (...) - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ~ Drivers: 81 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: AnglaisFacile.com - Planet English - (...) [HKLM] -- afplanet O42 - Logiciel: ILoveENGLISH - (.Tribal Nova Inc.) [HKLM] -- {69AB3560-67C1-BFD7-5FA9-5FD6A0793246} O42 - Logiciel: Les Pièges de la Route - (.ApportMedia.) [HKLM] -- {A6CCAC7D-C490-45AE-B867-667A4469576A} O42 - Logiciel: Les Sims™ 2 Au fil des saisons - (...) [HKLM] -- {DFEF49D9-FC95-4301-99B9-2FB91C6ABA06} O42 - Logiciel: Privatefirewall 7.0 - (.PWI, Inc..) [HKLM] -- {E8EA933E-03A2-4E62-9F52-812C72BE2A6B} O42 - Logiciel: Simulateur de conduite 3D - (...) [HKLM] -- Simulateur de conduite 3D O42 - Logiciel: eduMap - (.Fyrd.) [HKCU] -- eduMap ~ Logic: 173 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\18 Wheels of Steel Haulin] [HKCU\Software\OPTX] [HKCU\Software\PWI, Inc.] [HKLM\Software\KarjaSoft] [HKLM\Software\PWI, Inc.] ~ Key Software: 312 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 05/04/2010 - 12:32:13 - [343.100] ----D C:\Program Files\18 Wheels of Steel Haulin O43 - CFD: 05/04/2010 - 12:32:14 - [2.189] ----D C:\Program Files\AnglaisFacile.com O43 - CFD: 27/05/2013 - 22:00:10 - [2.243] ----D C:\Program Files\AvaFind O43 - CFD: 05/09/2010 - 16:13:40 - [0.241] ----D C:\Program Files\Bonjour(2) O43 - CFD: 25/04/2011 - 13:43:14 - [5.085] ----D C:\Program Files\ILoveENGLISH O43 - CFD: 17/01/2010 - 20:55:10 - [480.114] ----D C:\Program Files\Les_Pieges_de_la_Route O43 - CFD: 31/08/2011 - 16:34:53 - [0.000] ----D C:\Program Files\NSpireTextEditor O43 - CFD: 05/04/2010 - 12:33:22 - [0.035] ----D C:\Program Files\PMSystem O43 - CFD: 11/06/2013 - 09:26:29 - [5.253] ----D C:\Program Files\Privacyware O43 - CFD: 09/09/2009 - 23:14:14 - [22.420] ----D C:\Program Files\Utilitaire de configuration iPhone O43 - CFD: 11/01/2009 - 15:17:44 - [0.043] ----D C:\Program Files\Fichiers communs\KnifeEdge O43 - CFD: 16/06/2010 - 11:37:37 - [0] --H-D C:\Documents and Settings\All Users\AVP11 O43 - CFD: 14/08/2011 - 13:20:06 - [2.940] ----D C:\Documents and Settings\All Users\RNDIS O43 - CFD: 13/06/2013 - 09:47:31 - [21.098] ----D C:\Documents and Settings\Laptiteblonde\Application Data\AvaFind Data O43 - CFD: 25/04/2011 - 13:43:18 - [0.917] ----D C:\Documents and Settings\Laptiteblonde\Application Data\bamEnglish.08AE7BFC096D057FBA48C7E4F898C35F7FA11BBA.1 O43 - CFD: 23/11/2008 - 21:49:38 - [0.458] ----D C:\Documents and Settings\Laptiteblonde\Application Data\Mostick O43 - CFD: 04/03/2010 - 22:37:48 - [3.615] ----D C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\eduMap O43 - CFD: 23/11/2008 - 21:49:38 - [1.080] ----D C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mostick O43 - CFD: 04/04/2013 - 07:54:20 - [0] ----D C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Privatefirewall O43 - CFD: 21/11/2009 - 16:11:05 - [0.006] ----D C:\Documents and Settings\Laptiteblonde\Menu Démarrer\Programmes\18 Wheels of Steel Haulin O43 - CFD: 27/09/2008 - 13:06:00 - [0.003] ----D C:\Documents and Settings\Laptiteblonde\Menu Démarrer\Programmes\AnglaisFacile.com O43 - CFD: 17/01/2010 - 21:02:46 - [0.005] ----D C:\Documents and Settings\Laptiteblonde\Menu Démarrer\Programmes\Les Pièges de la Route ~ Program Folder: 279 Legitimates Filtered in 00mn 20s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/06/2013 - 07:48:52 ---A- . (...) -- C:\WINDOWS\jv16PT_temp.tmp [0] O44 - LFC:[MD5.E33EBA6400EAA5CCF0237DC3EB2E3997] - 22/06/2013 - 07:37:14 ---A- . (...) -- C:\WINDOWS\system32\NvApps.xml [131150] O44 - LFC:[MD5.DC0D8FCE51D025594A8473EA96C6814E] - 22/06/2013 - 07:37:10 ----- . (...) -- C:\WINDOWS\wiadebug.log [315] O44 - LFC:[MD5.CC6C6038B752713D24CD94F459764060] - 22/06/2013 - 07:37:09 ----- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 18/06/2013 - 11:48:57 ---A- . (...) -- C:\WINDOWS\system.ini [227] O44 - LFC:[MD5.9818318017509F7778B8D869A00FF623] - 18/06/2013 - 11:48:57 ---A- . (...) -- C:\WINDOWS\win.ini [696] O44 - LFC:[MD5.944F9CA807FE9E1095FA894D5A7B018A] - 11/06/2013 - 08:26:35 ---A- . (.Privacyware/PWI, Inc. - pwipf6.) -- C:\WINDOWS\system32\Drivers\pwipf6.sys [135272] O44 - LFC:[MD5.0C5B4548738AFAB48370C589A094083E] - 11/06/2013 - 08:26:30 ---A- . (...) -- C:\WINDOWS\ODBC.INI [504] ~ Files: 19 Legitimates Filtered in 00mn 01s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.36FC42A0873D5562E26140C50288C74B] - 22/06/2013 - 07:48:52 ---A- - C:\WINDOWS\Prefetch\JV16PT.EXE-2E23EE72.pf ~ Prefetcher: 18 Legitimates Filtered in 00mn 00s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll O46 - SEH:ShellExecuteHooks - Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Image File Execution Options (IFEO) (O50) O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ~ IFEO: Scanned in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{55c0a5ba-9c1d-11dd-b158-001f1f05ec27}\AutoRun\command. (...) -- D:\start.exe (.not file.) O51 - MPSK:{59204133-99b5-11e0-ad4f-001f1f05ec27}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.) O51 - MPSK:{650cda8d-82af-11e0-b86b-001f1f05ec27}\AutoRun\command - Clé orpheline O51 - MPSK:{d9c805b4-cff3-11dd-b20e-001f1f05ec27}\AutoRun\command - Clé orpheline O51 - MPSK:{f51b4944-7aa3-11e2-aaac-001f1f05ec27}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\AvaFind [Key] . (.Think Less Do More Services - Ava Find.) -- C:\Program Files\AvaFind\AvaFind.exe O53 - SMSR:HKLM\...\startupreg\Glary Memory Optimizer [Key] . (.Glarysoft Ltd - Memory Optimizer.) -- C:\Program Files\Glary Utilities\memdefrag.exe O53 - SMSR:HKLM\...\startupreg\MagicTuneLauncher [Key] . (...) -- C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe ~ SMSR Keys: 42 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnablELUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 ~ MWPS: 11 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1 ~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.91F3DF93F40A74D222CD166FE95DB633] - 31/01/2012 - 13:37:25 ---A- . (.Meetinghouse Data Communications - IEEE 802.1X Protocol Driver.) -- C:\WINDOWS\system32\Drivers\AegisP.sys [21275] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 01/05/2008 - 09:26:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\EPUTY287.EX_ [56323] O61 - LFC: 06/10/2008 - 05:02:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S9X0F7.DA_ [1377] O61 - LFC: 06/10/2008 - 05:02:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S9X0G7.DA_ [1377] O61 - LFC: 06/10/2008 - 05:02:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S9X3F7.DA_ [1398] O61 - LFC: 06/10/2008 - 05:02:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S9X3G7.DA_ [1398] O61 - LFC: 07/01/2008 - 04:04:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S40RN7.EX_ [83444] O61 - LFC: 09/02/2007 - 02:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_DP130E.DA_ [129] O61 - LFC: 10/03/2009 - 03:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_DPPE06.EX_ [100737] O61 - LFC: 11/01/2007 - 03:02:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S40RP7.EX_ [59293] O61 - LFC: 12/09/2008 - 00:11:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\EREGISTR.EX_ [222821] O61 - LFC: 13/12/2007 - 05:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S9I0F7.EX_ [95380] O61 - LFC: 15/11/2007 - 04:02:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S40MT7.EX_ [88688] O61 - LFC: 16/11/2007 - 07:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_DM1EAX.DA_ [382] O61 - LFC: 17/12/2007 - 00:03:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_SIACS7.EX_ [83689] O61 - LFC: 17/12/2007 - 03:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S40ST7.EX_ [74008] O61 - LFC: 17/12/2007 - 05:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S9I0G7.EX_ [95380] O61 - LFC: 19/06/2013 - 11:13:14 ---A- C:\Documents and Settings\Laptiteblonde\Menu Démarrer\Programmes\PrivaZer.lnk [1554] O61 - LFC: 19/06/2013 - 11:13:14 ---A- C:\Documents and Settings\Laptiteblonde\Menu Démarrer\Programmes\PrivaZer\Désinstaller PrivaZer.lnk [1624] O61 - LFC: 19/06/2013 - 11:13:14 ---A- C:\Documents and Settings\Laptiteblonde\Menu Démarrer\Programmes\PrivaZer\PrivaZer.lnk [1560] O61 - LFC: 19/06/2013 - 11:13:16 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\privazer\default.mo [113573] O61 - LFC: 19/06/2013 - 11:13:16 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\privazer\sqlite3.dll [562072] O61 - LFC: 19/06/2013 - 11:13:21 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\privazer\new_version.txt [284] O61 - LFC: 19/06/2013 - 11:13:23 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\privazer\data_patch.tmp.doc.zip [301] O61 - LFC: 19/06/2013 - 11:16:25 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\privazer\570000000000000000000_p.0x0 [7280] O61 - LFC: 19/06/2013 - 11:23:58 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db [7168] O61 - LFC: 20/06/2013 - 12:55:03 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\adblockplus-rules.json [365283] O61 - LFC: 20/06/2013 - 12:56:01 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\extensions.sqlite [589824] O61 - LFC: 20/06/2013 - 13:16:47 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\vlc\ml.xspf [304] O61 - LFC: 20/06/2013 - 13:16:47 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\vlc\vlcrc [80082] O61 - LFC: 20/06/2013 - 14:04:42 ---A- C:\Documents and Settings\Laptiteblonde\Mes documents\Fanny\Films.pptx [907544] O61 - LFC: 20/06/2013 - 14:58:04 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\tasks.xml [431] O61 - LFC: 20/06/2013 - 14:58:33 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\opthumb.dat [1268] O61 - LFC: 20/06/2013 - 14:59:32 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\bookmarks.adr [271055] O61 - LFC: 21/05/2009 - 06:05:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\EPUPDATE.EX_ [361988] O61 - LFC: 21/06/2013 - 17:39:53 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\healthreport\lastpayload.json [19376] O61 - LFC: 21/06/2013 - 17:41:24 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\cert8.db [131072] O61 - LFC: 21/06/2013 - 17:41:24 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\key3.db [16384] O61 - LFC: 21/06/2013 - 17:41:32 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\optrb.dat [0] O61 - LFC: 21/06/2013 - 17:50:44 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Opera\Opera\mail\omailbase.dat [1024] O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\opcacrt6.dat [39513] O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\opcert6.dat [12] O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\opicacrt6.dat [17223] O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\oprand.dat [4096] O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\opssl6.dat [12415] O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\optrust.dat [12] O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\opuntrust.dat [2746] O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\webserver\users.xml [35] O61 - LFC: 21/06/2013 - 19:11:00 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\pluginreg.dat [11177] O61 - LFC: 21/06/2013 - 19:11:00 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\webapps\webapps.json [2] O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\urlclassifierkey3.txt [154] O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\test-malware-simple.cache [44] O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\test-malware-simple.pset [16] O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\test-malware-simple.sbstore [232] O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\test-phish-simple.cache [44] O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\test-phish-simple.pset [16] O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\test-phish-simple.sbstore [232] O61 - LFC: 21/06/2013 - 19:11:22 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\localstore.rdf [8347] O61 - LFC: 21/06/2013 - 19:12:21 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\goog-malware-shavar.sbstore [1540725] O61 - LFC: 21/06/2013 - 19:12:22 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\goog-malware-shavar.cache [12] O61 - LFC: 21/06/2013 - 19:12:22 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\goog-malware-shavar.pset [843716] O61 - LFC: 21/06/2013 - 19:12:22 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\goog-phish-shavar.cache [12] O61 - LFC: 21/06/2013 - 19:12:22 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\goog-phish-shavar.pset [934386] O61 - LFC: 21/06/2013 - 19:12:22 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\goog-phish-shavar.sbstore [808968] O61 - LFC: 21/06/2013 - 19:17:05 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\adblockplus\elemhide.css [2287368] O61 - LFC: 21/06/2013 - 19:17:05 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\addons.sqlite [524288] O61 - LFC: 21/06/2013 - 19:17:05 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\addons.sqlite-journal [393824] O61 - LFC: 21/06/2013 - 19:19:02 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\blocklist.xml [67085] O61 - LFC: 21/06/2013 - 19:23:17 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\_CACHE_CLEAN_ [1] O61 - LFC: 21/06/2013 - 19:35:10 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\prefs.js [39504] O61 - LFC: 21/06/2013 - 19:45:02 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\permissions.sqlite [1835008] O61 - LFC: 21/06/2013 - 21:19:14 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\Sans nom 1.odt [10285] O61 - LFC: 22/06/2013 - 07:36:57 -SHA- C:\Documents and Settings\Laptiteblonde\Application Data\Microsoft\Credentials\S-1-5-21-861567501-1085031214-839522115-1004\Credentials [372] O61 - LFC: 22/06/2013 - 07:36:57 -SHA- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-861567501-1085031214-839522115-1004\Credentials [394] O61 - LFC: 22/06/2013 - 07:46:00 -SHA- C:\Documents and Settings\Laptiteblonde\UserData\index.dat [16384] O61 - LFC: 22/06/2013 - 07:47:14 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\cookies.sqlite [524288] O61 - LFC: 22/06/2013 - 07:47:14 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\cookies4.dat [13] O61 - LFC: 22/06/2013 - 07:47:25 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\healthreport.sqlite [1146880] O61 - LFC: 22/06/2013 - 07:47:58 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\places.sqlite [10485760] O61 - LFC: 22/06/2013 - 07:47:59 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Google\Chrome\User Data\Default\History [90112] O61 - LFC: 22/06/2013 - 07:48:00 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data [75776] O61 - LFC: 22/06/2013 - 07:52:42 -SHA- C:\Documents and Settings\Laptiteblonde\IETldCache\index.dat [262144] O61 - LFC: 23/04/2009 - 23:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\EPUPDATE.DA_ [52316] O61 - LFC: 24/02/2009 - 13:38:04 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_DUPA30.EX_ [148616] O61 - LFC: 28/11/2007 - 00:15:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\SAGENT4.EX_ [58285] ~ 2 Fichiers cookies (Cookies files) ~ Files: 115 Legitimates Filtered in 00mn 21s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 27/02/2008 - Pas de propriétaire (BANTExt) .(...) - LEGACY_BANTEXT O64 - Services: CurCS - 14/01/2013 - C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe (PFNet) .(.Privacyware/PWI, Inc. - Privatefirewall Network Service.) - LEGACY_PFNET O64 - Services: CurCS - 22/08/2009 - Pas de propriétaire (RivaTuner32) .(...) - LEGACY_RIVATUNER32 O64 - Services: CurCS - 14/01/2010 - C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys (RtNdPt5x) .(.Realtek Semiconductor Corporation - Realtek NDIS Protocol Driver.) - LEGACY_RTNDPT5X O64 - Services: CurCS - 16/05/2013 - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (SDScannerService) .(.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) - LEGACY_SDSCANNERSERVICE O64 - Services: CurCS - 16/05/2013 - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (SDUpdateService) .(.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) - LEGACY_SDUPDATESERVICE O64 - Services: CurCS - 15/05/2013 - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (SDWSCService) .(.Safer-Networking Ltd. - Windows Security Center integration..) - LEGACY_SDWSCSERVICE O64 - Services: CurCS - 25/11/2012 - C:\Program Files\System Explorer\service\SystemExplorerService.exe (SystemExplorerHelpService) .(.Mister Group - System Explorer Service.) - LEGACY_SYSTEMEXPLORERHELPSERVICE O64 - Services: CurCS - 27/09/2008 - C:\WINDOWS\system32\DRIVERS\TVICHW32.sys (TVICHW32) .(.EnTech Taiwan - TVicHW32 Driver for Windows NT/2000/XP.) - LEGACY_TVICHW32 ~ Legacy: 191 Legitimates Filtered in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Opera.exe O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {B743A3D0-AE37-4912-B0BE-0A75459F192F} - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.ECA231E339A24B911C5D19B5ED2F34D9] [SPRF][20/02/2011] (...) -- C:\Documents and Settings\Laptiteblonde\Application Data\Sys2662.Config.Repository.bin [22] [MD5.C61C8F7975B7F7902D09F9516B25D7F9] [SPRF][01/07/2012] (.Robert Simpson, et al. - System.Data.SQLite Interop Assembly.) -- C:\Documents and Settings\Laptiteblonde\Application Data\System.Data.SQLite.dll [773632] [MD5.E81A437C97058756E88C622E8892D022] [SPRF][19/04/2012] (...) -- C:\Documents and Settings\Laptiteblonde\Application Data\Windows1569_SettingsRepository.bin [22] [MD5.4EF33D516F31BEB1C9847D1FDA69375C] [SPRF][11/06/2013] (...) -- C:\Documents and Settings\Laptiteblonde\Bureau\adwcleaner.exe [648201] [MD5.09A3F926C400C29B3CF04FD15A0D8DEA] [SPRF][17/06/2013] (.Oleg N. Scherbakov - 7z Setup SFX.) -- C:\Documents and Settings\Laptiteblonde\Bureau\JRT.exe [545954] [MD5.10F4163F0EDDC031100180787D5F696F] [SPRF][16/06/2013] (.Microsoft Corporation - Microsoft® Fix it.) -- C:\Documents and Settings\Laptiteblonde\Bureau\MicrosoftFixit.maintenance.FISC.31294812429167579.2.1.Run.exe [347424] [MD5.0A9990EAEBD2C8C3B3BC25BFB4D02BC3] [SPRF][02/05/2013] (.Microsoft Corporation - Windows Live Installer.) -- C:\Documents and Settings\Laptiteblonde\Bureau\wlsetup-web.exe [1247056] ~ Files: Scanned in 00mn 00s ---\\ Scan Additionnel (O88) Database Version : v2.12520 - (18/06/2013) Clés trouvées (Keys found) : 2 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 1 Fichiers trouvés (Files found) : 0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4089055-D468-45A4-A6BA-5A138DD715FC}] =>Toolbar.Agent [HKLM\Software\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}] =>Toolbar.ToolBand C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\eaesr6o7.default\Extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433} =>PUP.Datamngr ~ Additionnel Scan: 404903 Items scanned in 00mn 22s ---\\ Product Upgrade Codes (O90) O90 - PUC: "1BFA45AF547598348B1CF9579076E21D" . (.Utilitaire de configuration iPhone.) -- C:\WINDOWS\Installer\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}\iPCU.ico O90 - PUC: "5509804B864D4A546AABA531D87D51CF" . (.Bing Bar.) -- C:\WINDOWS\Installer\{B4089055-D468-45A4-A6BA-5A138DD715FC}\icon_installer_ico O90 - PUC: "68AB67CA7DA73301B7449A0100000010" . (..) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A91000000001}\SC_Reader.ico O90 - PUC: "68AB67CA7DA746454382090000000040" . (..) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-5464-3428-900000000004}\ARPPRODUCTICON.exe O90 - PUC: "90D0C47E03784174C8F610F9FBF7B124" . (.SketchUp 2013.) -- C:\WINDOWS\Installer\{E74C0D09-8730-4714-8C6F-019FBF7F1B42}\SketchUpARPIcon O90 - PUC: "B77536FE5FC05684B916823B52D0A671" . (.OSAM: Online Solutions Autorun Manager v5.0.) -- C:\WINDOWS\Installer\{EF63577B-0CF5-4865-9B61-28B3250D6A17}\setup.ico ~ Update Products: 116 Legitimates Filtered in 00mn 00s ---\\ MyComputer Name Space (O92) O92 - MNS: Ava Find - {d1099d29-fe45-462e-b8c3-10a97e827b7a} O92 - MNS: Ava Find - {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} ~ MNS: 4 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 13/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 17/11/2012 356376 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe SS - | Auto 21/10/2011 196176 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe SS - | Auto 13/10/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe SR - | Auto 29/11/2006 266295 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SR - | Auto 31/03/2009 233472 | (FsUsbExService) . (.Teruten.) - C:\WINDOWS\system32\FsUsbExService.exe SS - | Auto 03/02/2009 133104 | (gupdate1c985fcd83bae54) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 03/02/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 15/05/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 18/04/2013 181664 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe SS - | Demand 08/02/2013 295664 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Fichiers communs\LogiShrd\Bluetooth\lbtserv.exe SR - | Auto 09/06/2013 1777488 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe SS - | Demand 16/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 14/07/2009 168004 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe SR - | Auto 14/01/2013 374600 | (PFNet) . (.Privacyware/PWI, Inc..) - C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe SR - | Auto 14/07/2009 185632 | (RalinkRegistryWriter) . (.Ralink Technology, Corp..) - C:\Program Files\Ralink\Common\RaRegistry.exe SR - | Auto 16/05/2013 1817560 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe SS - | Auto 16/05/2013 1033688 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe SS - | Auto 15/05/2013 171928 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe SR - | Auto 14/01/2009 226656 | (SeaPort) . (.Microsoft Corp..) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe SS - | Disabled 07/04/2008 430592 | (ServiceLayer) . (.Nokia..) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe SS - | Auto 07/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Demand 25/11/2012 567256 | (SystemExplorerHelpService) . (.Mister Group.) - C:\Program Files\System Explorer\service\SystemExplorerService.exe ~ Services: Scanned in 00mn 00s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by Laptiteblonde at 22/06/2013 08:56:20 device: opened successfully user: MBR read successfully Disk trace: called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xB80E8000]<< >>UNKNOWN [0xB80D8000]<< >>UNKNOWN [0xB7E5D000]<< >>UNKNOWN [0x806E5000]<< >>UNKNOWN [0xB78F3000]<< >>UNKNOWN [0xB7E8C000]<< >>UNKNOWN [0xB8670000]<< >>UNKNOWN [0xB8328000]<< 1 ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\Harddisk0\DR0[0x8A7DEAB8] \Driver\Disk[0x8A86DA20] >> IRP_MJ_CREATE >> 0xB80EEBB0 3 [0xB80E8FD7] >> ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\0000007e[0x8A7DF9E8] 5 [0xB7E63620] >> ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\Ide\IdeDeviceP4T0L0-12[0x8A7DFD98] \Driver\atapi[0x8A8AB240] >> IRP_MJ_CREATE >> 0xB78FCB40 kernel: MBR read successfully detected disk devices: detected hooks: \Driver\atapi DriverStartIo >> 0xB78FA864 user & kernel MBR OK Warning: possible TDL3 rootkit infection ! ~ MBR: 20 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Laptiteblonde at 22/06/2013 08:56:22 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 1516 Legitimates filtered by white list End of the scan (697 lines in 03mn 10s)(0)