Rapport de ZHPDiag v2013.3.31.116 par Nicolas Coolman, Update du 31/03/2013 Run by Mad at 01/04/2013 23:28:05 State : Version à jour. High Elevated Privileges : OK UAC : Deactivate by program ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 19.0.2 v19.0.2 GCIE: Google Chrome v26.0.1410.43 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_COA_NSLP channel Windows ID Activation : OK ~ Windows Partial Key : 62396 Windows License : OK ~ Windows Remaining Initializations Number : 4 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Information ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3000 MB (47% free) System Restore: Activé (Enable) System drive C: has 195 GB (42%) free of 456 GB ---\\ Logged in mode ~ Computer Name: ACER4200 ~ User Name: Mad ~ All Users Names: utilisateur, Mad, HomeGroupUser$, Administrateur, Admin, ~ Unselected Option: O45,O61 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\Mad\AppData\Roaming\ ~ %Desktop% : C:\Users\Mad\Desktop\ ~ %Favorites% : C:\Users\Mad\Favorites\ ~ %LocalAppData% : C:\Users\Mad\AppData\Local\ ~ %StartMenu% : C:\Users\Mad\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 195 Go of 456 Go) E:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.03728C624D05C2F157BBD46F6B7F6EA0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/02/2013 - 04:30:21.) -- C:\Windows\System32\wininet.dll [1129472] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 13:17:54.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 13:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 09:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 09:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 10:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 09:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.0D87503986BB3DFED58E343FE39DDE13] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.31/08/2012 - 18:18:09.) -- C:\Windows\system32\Drivers\ntfs.sys [1211760] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 09:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 13:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes musiques (My Musics) : 1/32 ~ Mes Videos (My Videos) : 1/7 ~ Mes Favoris (My Favorites) : 1/22 ~ Mes Documents (My Documents) : 1/16 ~ Mon Bureau (My Desktop) : 1/4 ~ Menu demarrer (Programs) : 1/251 ~ Hidden Files: Scanned in 00mn 00s ---\\ Processus lancés [MD5.C7A9C4FDCEA704A34A5997FE0A8A0A38] - (.Dritek System Inc. - Launch Manager Keyboard Application.) -- C:\Program Files\Launch Manager\LManager.exe [1194504] [PID.3880] [MD5.E3F058D8721EA53BEAB9079A8FB53FD7] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7600672] [PID.3924] [MD5.FA75594EED65C420D75F01D54788F9E4] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [135168] [PID.4004] [MD5.D282AF9E91C1F1E66FC3858DCCE33303] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [167424] [PID.2352] [MD5.09A1F74F093349AFF6327447AADC0FC5] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [246272] [PID.2480] [MD5.401274DE05B52704B006F913D43BE1DD] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [144384] [PID.2324] [MD5.9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F] - (.Google - Google Desktop.) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192] [PID.2768] [MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4767304] [PID.3032] [MD5.255E405D801CF01247390F38F92D8042] - (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe [17408] [PID.3020] [MD5.B5A4EBA9487F08BECC843A87422B8052] - (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176] [PID.888] [MD5.8DFC3AB968EA5A7E56D36C4B4CBE188A] - (.Luis Cobian, CobianSoft - Cobian backup 11 Gravity - Interface.) -- C:\Program Files\Cobian Backup 11\cbInterface.exe [4407808] [PID.3440] [MD5.7F2691FD961C9A704DA221745CCE6295] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512] [PID.3460] [MD5.43D083268A0919F3527A2837390BAF63] - (.Macrovision Corporation - Macrovision Software Manager.) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032] [PID.2424] [MD5.6492A4F1E63C01B9E1BAD8734A65FA92] - (.DVDVideoSoft Ltd. - Free Screen Video Recorder.) -- C:\Program Files\DVDVideoSoft\Free Screen Video Recorder\FreeScreenVideoRecorder.exe [1725112] [PID.2660] [MD5.47E5F236BD34B9D5BA9939A9A2302051] - (.Sebastien.warin.fr - Stream What You Hear.) -- C:\Program Files\Stream What You Hear\SWYH.exe [368128] [PID.2760] [MD5.B0BF698030DB6561393AE753C6D3F936] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [1312720] [PID.2992] [MD5.FFBB294D0FE5EDD5A8A5AF29FD4018B5] - (.Zhorn Software - Stickies 7.0b.) -- C:\Program Files\stickies\stickies.exe [1101824] [PID.3412] [MD5.2A8DB5FA2032E5E9E40778AD47860CE5] - (.KO Software - KO Approach.) -- C:\Program Files\KO Approach\Approach.exe [408576] [PID.3388] [MD5.E84DA43E726D043CA2DEE71F01DB261A] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe [228448] [PID.3732] [MD5.3FA19C41179F9F3786135C794CEA85BE] - (.Steamcore.se - Screamer Radio.) -- C:\Users\Mad\AppData\Local\Screamer Radio\screamer.exe [1894912] [PID.1120] [MD5.E98D0D64BD25EDCFD3AE0B90514099BA] - (.RealNetworks, Inc. - RealDownloader.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [233048] [PID.5744] [MD5.CC5CFE5A9C826B934DC3BE176617E182] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6306816] [PID.976] ~ Processes Running: Scanned in 00mn 16s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Mad\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] http://start.iminent.com ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Mad\AppData\Roaming\Mozilla\Firefox\Profiles\4h2ptrp1.default\prefs.js M3 - MFPP: Plugins - [Mad] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml M3 - MFPP: Plugins - [Mad] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml M3 - MFPP: Plugins - [Mad] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml M3 - MFPP: Plugins - [Mad] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml M3 - MFPP: Plugins - [Mad] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [Mad] -- C:\Program Files\Mozilla FireFox\searchplugins\googledesktop.xml M3 - MFPP: Plugins - [Mad] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml M3 - MFPP: Plugins - [Mad] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml M0 - MFSP: prefs.js [Mad - 4h2ptrp1.default] www.google.fr M2 - MFEP: prefs.js [Mad - 4h2ptrp1.default\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}] [dwhelper] DownloadHelper v4.9.14 (.Michel Gutierrez.) P2 - FPN: [HKLM] [@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf] - (.Foxit Corporation - Foxit Reader Plug-In For Firefox and Netscape.) -- C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20125.0.) -- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll P2 - FPN: [HKLM] [@microsoft.com/OfficeAuthz,version=14.0] - (.Microsoft Corporation - Office Authorization plug-in for NPAPI browsers.) -- C:\Program Files\Microsoft Office\Office14\NPAUTHZ.dll P2 - FPN: [HKLM] [@microsoft.com/SharePoint,version=14.0] - (.Microsoft Corporation - The plug-in allows you to open and edit files using Microsoft Office a.) -- C:\Program Files\Microsoft Office\Office14\NPSPWRAP.dll P2 - FPN: [HKLM] [@real.com/nppl3260;version=16.0.1.18] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll P2 - FPN: [HKLM] [@real.com/nprndlchromebrowserrecordext;version=1.3.1] - (.RealNetworks, Inc. - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In.) -- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll P2 - FPN: [HKLM] [@real.com/nprndlhtml5videoshim;version=1.3.1] - (.RealNetworks, Inc. - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In.) -- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll P2 - FPN: [HKLM] [@real.com/nprndlpepperflashvideoshim;version=1.3.1] - (.RealNetworks, Inc. - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In.) -- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll P2 - FPN: [HKLM] [@real.com/nprpplugin;version=16.0.1.18] - (.RealPlayer - RealPlayer Download Plugin.) -- C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll P2 - FPN: [HKLM] [@realnetworks.com/npdlplugin;version=1] - (.RealDownloader - RealDownloader Plugin.) -- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=3] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=9] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.5] - (.VideoLAN - VLC media player Web Plugin 2.0.2.) -- C:\Program Files\VideoLAN\VLC\npvlc.dll ~ Firefox Browser: Scanned in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.VideoLAN - VLC media player Web Plugin 2.0.2.) (No version) -- (.not file.) R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 ~ IE Browser: Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} . (.pdfforge GbR - PDF Architect Helper.) -- C:\Program Files\PDF Architect\PDFIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer-Networking Ltd. - Blocks URLs that could install spyware, mal.) -- C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} . (.Microsoft Corporation - MoneySide Controls.) -- C:\Program Files\Microsoft Money\System\mnyviewer.dll O2 - BHO: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} . (.AVAST Software - avast! Ad Blocker Module.) -- C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll ~ BHO: 9 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: PDF Architect Toolbar - [HKLM]{25A3A431-30BB-47C8-AD6A-E1063801134F} . (.pdfforge GbR - PDF Architect Toolbar.) -- C:\Program Files\PDF Architect\PDFIEPlugin.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [LManager] . (.Dritek System Inc. - Launch Manager Keyboard Application.) -- C:\Program Files\Launch Manager\LManager.exe O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Program Files\Realtek\Audio\HDA\Skytel.exe O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe O4 - HKLM\..\Run: [Google Desktop Search] . (.Google - Google Desktop.) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O4 - HKLM\..\Run: [KeePass 2 PreLoad] . (.Dominik Reichl - KeePass.) -- C:\Program Files\KeePass Password Safe 2\KeePass.exe O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Run: [UnlockerAssistant] . (...) -- C:\Program Files\Unlocker\UnlockerAssistant.exe O4 - HKLM\..\Run: [BlueStacks Agent] . (.BlueStack Systems, Inc. - BlueStacks Agent.) -- C:\Program Files\BlueStacks\HD-Agent.exe O4 - HKLM\..\Run: [SDTray] . (.Safer-Networking Ltd. - Spybot - Search & Destroy tray access.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] . (.Microsoft Corporation - Microsoft Money Startup.) -- C:\Program Files\Microsoft Money\System\Activation.exe O4 - HKLM\..\Run: [Cobian Backup 11 interface] . (.Luis Cobian, CobianSoft - Cobian backup 11 Gravity - Interface.) -- C:\Program Files\Cobian Backup 11\cbInterface.exe O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe O4 - HKCU\..\Run: [ISUSPM] . (.Macrovision Corporation - Macrovision Software Manager.) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe O4 - HKCU\..\Run: [FreeScreenVideoRecorder] . (.DVDVideoSoft Ltd. - Free Screen Video Recorder.) -- C:\Program Files\DVDVideoSoft\Free Screen Video Recorder\FreeScreenVideoRecorder.exe O4 - HKCU\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe O4 - HKCU\..\Run: [MoneyAgent] . (.Microsoft Corporation - Microsoft Money Express.) -- C:\Program Files\Microsoft Money\System\Money Express.exe O4 - HKCU\..\Run: [StreamWhatYouHear] . (.Sebastien.warin.fr - Stream What You Hear.) -- C:\Program Files\Stream What You Hear\SWYH.exe O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_21706D80BE32747B20EB2CAC122540A2] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-89730552-3888946514-1729103065-1005\..\Run: [ISUSPM] . (.Macrovision Corporation - Macrovision Software Manager.) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe O4 - HKUS\S-1-5-21-89730552-3888946514-1729103065-1005\..\Run: [FreeScreenVideoRecorder] . (.DVDVideoSoft Ltd. - Free Screen Video Recorder.) -- C:\Program Files\DVDVideoSoft\Free Screen Video Recorder\FreeScreenVideoRecorder.exe O4 - HKUS\S-1-5-21-89730552-3888946514-1729103065-1005\..\Run: [Spybot-S&D Cleaning] . (.Safer-Networking Ltd. - Search results cleaner.) -- C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe O4 - HKUS\S-1-5-21-89730552-3888946514-1729103065-1005\..\Run: [MoneyAgent] . (.Microsoft Corporation - Microsoft Money Express.) -- C:\Program Files\Microsoft Money\System\Money Express.exe O4 - HKUS\S-1-5-21-89730552-3888946514-1729103065-1005\..\Run: [StreamWhatYouHear] . (.Sebastien.warin.fr - Stream What You Hear.) -- C:\Program Files\Stream What You Hear\SWYH.exe O4 - HKUS\S-1-5-21-89730552-3888946514-1729103065-1005\..\Run: [GoogleChromeAutoLaunch_21706D80BE32747B20EB2CAC122540A2] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\Desktop: Handbrake.lnk . (.HandBrake - HandBrake.) -- C:\Program Files\Handbrake\Handbrake.exe O4 - GS\Desktop: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Desktop: PhotoFiltre 7.lnk . (.PhotoFiltre - PhotoFiltre 7.) -- C:\Program Files\PhotoFiltre 7\PhotoFiltre7.exe O4 - GS\Desktop: Radio Fr Solo.lnk . (...) -- C:\Program Files\Radio Fr Solo\Radio_Fr_Solo.exe O4 - GS\Desktop: Windows Update Troubleshooting Info.lnk - Clé orpheline O4 - GS\TaskBar: Q-Dir.lnk . (.Nenad Hrg (SoftwareOK.com) - Q-Dir 5.50.) -- C:\Program Files\Q-Dir\Q-Dir.exe O4 - GS\TaskBar: ShutDown.lnk . (.Microsoft Corporation - Outil d’arrêt et d’annotation Windows.) -- C:\Windows\System32\shutdown.exe O4 - GS\TaskBar: Startpage Web Recherche.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://startpage.com O4 - GS\Programs: (37 non lus) - m.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://fr-mg42.mail.yahoo.com O4 - GS\QuickLaunch: Bullzip PDF Printer.lnk . (.Bullzip - Bullzip PDF Printer.) -- C:\Program Files\Bullzip\PDF Printer\gui.exe O4 - GS\QuickLaunch: CDBurnerXP.lnk . (.Canneverbe Limited - CDBurnerXP.) -- C:\Program Files\CDBurnerXP\cdbxpp.exe O4 - GS\QuickLaunch: Microsoft Outlook.lnk . (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.exe O4 - GS\SendTo: CDBurnerXP.lnk . (.Canneverbe Limited - CDBurnerXP.) -- C:\Program Files\CDBurnerXP\cdbxpp.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - GS\Desktop: Startpage Web Recherche.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe http://startpage.com O4 - GS\Desktop: VPNC Front End.lnk . (...) -- C:\Program Files\VPNC Front End\vpnc-fe.exe O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5) ~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBttnIE.dll O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBTTN~1.dll O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -- Clé orpheline O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} . (.Microsoft Corporation - MoneySide Controls.) -- C:\Program Files\Microsoft Money\System\mnyviewer.dll ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) ~ Winsock: 6 Legitimates Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{2379E76B-AF1D-4903-85E3-CCFD2937A8D8}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{2379E76B-AF1D-4903-85E3-CCFD2937A8D8}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{2379E76B-AF1D-4903-85E3-CCFD2937A8D8}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll O20 - Winlogon Notify: SDWinLogon . (...) -- SDWinLogon.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: . (.Google - Google Desktop.) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ~ AppInit DLL: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) ~ SSODL: 1 Legitimates Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Cobian Backup 11 Gravity (CobianBackup11) . (.Luis Cobian, CobianSoft - Cobian Backup 11 Gravity - Service.) - C:\Program Files\Cobian Backup 11\cbService.exe O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) . (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) . (.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe ~ Services: 13 Legitimates Scanned in 00mn 07s ---\\ Enumération Active Desktop & MHTML Editor (O24) ~ Desktop Component: 1 Legitimates Scanned in 00mn 00s ---\\ BootExecute (O34) ~ BEX: 2 Legitimates Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-89730552-3888946514-1729103065-1005.job [274] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-89730552-3888946514-1729103065-1005.job [282] [MD5.00000000000000000000000000000000] [APT] [Ad-Aware Antivirus Scheduled Scan] (...) -- C:\Program Files\AD-AWA~1\AdAwareLauncher.exe (.not file.) [0] [MD5.E98D0D64BD25EDCFD3AE0B90514099BA] [APT] [{50813A0A-0CA9-42A0-A8D1-246BD13A178C}] (.RealNetworks, Inc..) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [233048] [MD5.E98D0D64BD25EDCFD3AE0B90514099BA] [APT] [{56EFA1CD-3D5E-4320-8271-486DB6F585F8}] (.RealNetworks, Inc..) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [233048] [MD5.00000000000000000000000000000000] [APT] [{6254868E-AA9A-4058-8067-353BC7D6641F}] (...) -- C:\Users\Mad\Documents\ExtractOffice\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{9C25E530-AE32-40FD-9AC2-762AC8AAD3B6}] (...) -- C:\Users\Mad\0_DOSSIERMad\KarmaFX_Plugin_Pack.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{9E906914-601E-4AA0-9A99-511E23CEBE34}] (...) -- C:\Users\Mad\0_DOSSIERMad\KarmaFX_Plugin_Pack.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{A45E007A-8963-4FD2-94ED-D15DD5328643}] (...) -- C:\Users\Mad\0_DOSSIERMad\mtr90_SOFTAD0003_Mars2013_PcPortableAc\05_AudioVideo\Mp3Gain-win-1_2_5.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{A97A8291-0E43-4E88-A603-C38E7EBD71BD}] (...) -- C:\Users\Mad\0_DOSSIERMad\KarmaFX_Plugin_Pack.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{BB8934A9-FFE4-490A-A0AD-0CB3CAAB71D3}] (...) -- E:\autorun.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{F1576602-A20D-420E-806F-2B7DAD930D32}] (...) -- C:\Users\Mad\Documents\ExtractOffice\setup.exe (.not file.) [0] [MD5.452DB84283EB2F043827AC95D62CE19C] [APT] [Check for updates] (.Safer-Networking Ltd..) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe [3487240] [MD5.36A82C214B46787385F3B0CD02ECAA88] [APT] [Refresh immunization] (.Safer-Networking Ltd..) -- C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe [3653656] [MD5.E4A0900CF535888DDD85B10040CA3E34] [APT] [Scan the system] (.Safer-Networking Ltd..) -- C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe [3906584] ~ Scheduled Task: 30 Legitimates Scanned in 00mn 03s ---\\ Composants installés (ActiveSetup Installed Components) (O40) ~ Active Setup: 12 Legitimates Scanned in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) ~ Drivers: 63 Legitimates Scanned in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Bullzip PDF Printer 7.2.0.1338 - (.Bullzip.) [HKLM] -- Bullzip PDF Printer_is1 O42 - Logiciel: Free Screen Video Recorder version 2.5.22.508 - (.DVDVideoSoft Ltd..) [HKLM] -- Free Screen Video Recorder_is1 O42 - Logiciel: KO Approach - (...) [HKLM] -- KO Approach O42 - Logiciel: MusicIP Mixer 1.8.1 - (.MusicIP.) [HKLM] -- MusicIP Mixer_is1 O42 - Logiciel: PI Free PC (Désintallation seule) - (...) [HKLM] -- PiFreePC O42 - Logiciel: Pamus MP3 Recorder 1.05 - (.papiermusique.fr.) [HKLM] -- {3917F510-D2F1-46CA-8DB7-BBDA20720180}_is1 O42 - Logiciel: Q-Dir - (...) [HKLM] -- Q-Dir O42 - Logiciel: RadioSure - (...) [HKCU] -- RadioSure O42 - Logiciel: Spybot - Search & Destroy - (.Safer-Networking Ltd..) [HKLM] -- {B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1 O42 - Logiciel: Stickies 7.0b - (.Zhorn Software.) [HKLM] -- ZhornStickies O42 - Logiciel: Stream What You Hear (SWYH) version 1.3 - (.Sebastien.warin.fr.) [HKLM] -- {5FBEA9D3-668E-4B88-BF6C-E1BCF441ECFD}_is1 O42 - Logiciel: Suppress plus 1.8 - (.Perrysoft.) [HKLM] -- Suppress plus_is1 O42 - Logiciel: VPNC Front End - (...) [HKLM] -- VPNCFE O42 - Logiciel: avast! Ad Blocker v1.0.0.0 - (.AVAST Software.) [HKLM] -- {021C6667-63D3-4416-B537-865E77F4DF4F} O42 - Logiciel: avast! Free Antivirus v8.0.1483.0 - (.AVAST Software.) [HKLM] -- avast O42 - Logiciel: rtmpGUI_Attilla version 0.9 - (.Neo-Net, Forum..) [HKLM] -- {6FCDAB6B-8EDC-4AAD-9123-E0320525F25B}_is1 ~ Logic: 99 Legitimates Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\AppDataLow\Software\adawarebp] [HKCU\Software\Infonautics] [HKCU\Software\KO Software] [HKCU\Software\KarmaFX] [HKCU\Software\Perrysoft] [HKCU\Software\Screamer Radio] [HKCU\Software\SoftwareOK.de] [HKLM\Software\ArchRival Software] [HKLM\Software\Bullzip] [HKLM\Software\KO Software] [HKLM\Software\MusicIP] [HKLM\Software\Perrysoft] ~ Key Software: 181 Legitimates Scanned in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 22/03/2013 - 13:46:23 - [166,453] ----D C:\Program Files\Ad-Aware Antivirus O43 - CFD: 10/03/2013 - 20:09:29 - [7,594] ----D C:\Program Files\Advanced Tokens Manager O43 - CFD: 21/03/2013 - 13:17:19 - [21,375] ----D C:\Program Files\Bullzip O43 - CFD: 30/03/2013 - 20:07:15 - [248,167] ----D C:\Program Files\CapTvTy O43 - CFD: 10/03/2013 - 20:19:01 - [8,803] ----D C:\Program Files\Directory List O43 - CFD: 10/03/2013 - 20:29:52 - [5,131] ----D C:\Program Files\Double Driver O43 - CFD: 11/03/2013 - 00:37:12 - [11,936] ----D C:\Program Files\Fre_ac O43 - CFD: 01/04/2013 - 21:48:43 - [0] ----D C:\Program Files\KarmaFx O43 - CFD: 22/03/2013 - 02:02:02 - [1,262] ----D C:\Program Files\KO Approach O43 - CFD: 15/03/2013 - 14:37:07 - [11,519] ----D C:\Program Files\MusicIP O43 - CFD: 15/03/2013 - 02:20:25 - [0,898] ----D C:\Program Files\NfReader_FluxRss O43 - CFD: 30/03/2013 - 11:55:04 - [2,235] ----D C:\Program Files\Pamus MP3 Recorder O43 - CFD: 10/03/2013 - 18:13:30 - [0,704] ----D C:\Program Files\Q-Dir O43 - CFD: 01/04/2013 - 15:14:19 - [0] ----D C:\Program Files\Quickfilter Technologies O43 - CFD: 16/03/2013 - 21:42:00 - [94,523] ----D C:\Program Files\rtmpGUI_Attilla O43 - CFD: 26/03/2013 - 09:38:47 - [0,001] ----D C:\Program Files\SecurityKISS Tunnel O43 - CFD: 10/03/2013 - 20:55:29 - [0,607] ----D C:\Program Files\SleepTimer O43 - CFD: 22/03/2013 - 10:49:56 - [4,154] ----D C:\Program Files\splus O43 - CFD: 22/03/2013 - 12:20:43 - [152,201] ----D C:\Program Files\Spybot - Search & Destroy 2 O43 - CFD: 22/03/2013 - 01:30:44 - [1,840] ----D C:\Program Files\stickies O43 - CFD: 31/03/2013 - 02:53:21 - [2,903] ----D C:\Program Files\Stream What You Hear O43 - CFD: 10/03/2013 - 19:33:48 - [0,507] ----D C:\Program Files\ToYcon O43 - CFD: 17/03/2013 - 02:36:01 - [5,744] ----D C:\Program Files\VPNC Front End O43 - CFD: 21/03/2013 - 13:17:27 - [0,059] ----D C:\Program Files\Common Files\Bullzip O43 - CFD: 22/03/2013 - 02:29:59 - [0,015] ----D C:\ProgramData\Ad-Aware Antivirus O43 - CFD: 27/03/2013 - 01:31:26 - [0,138] ----D C:\ProgramData\Spybot - Search & Destroy O43 - CFD: 22/03/2013 - 03:23:28 - [0,018] ----D C:\Users\Mad\AppData\Roaming\Ad-Aware Antivirus O43 - CFD: 10/03/2013 - 20:20:42 - [0,004] ----D C:\Users\Mad\AppData\Roaming\DirectoryListPrintPro O43 - CFD: 15/03/2013 - 14:38:23 - [0] ----D C:\Users\Mad\AppData\Roaming\MusicIP O43 - CFD: 10/03/2013 - 18:13:31 - [0] ----D C:\Users\Mad\AppData\Roaming\Q-Dir O43 - CFD: 01/04/2013 - 22:21:53 - [0,120] ----D C:\Users\Mad\AppData\Roaming\stickies O43 - CFD: 17/03/2013 - 17:44:18 - [9,974] ----D C:\Users\Mad\AppData\Local\RadioSure O43 - CFD: 17/03/2013 - 19:06:29 - [5,591] ----D C:\Users\Mad\AppData\Local\Screamer Radio O43 - CFD: 31/03/2013 - 03:49:05 - [0,001] ----D C:\Users\Mad\AppData\Local\Sebastien.warin.fr O43 - CFD: 15/03/2013 - 03:21:08 - [0,002] ----D C:\Users\Mad\AppData\Local\Steppschuh O43 - CFD: 09/03/2013 - 15:21:21 - [0,003] R---D C:\Users\Mad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\01_Bureautique O43 - CFD: 15/03/2013 - 03:15:40 - [0,005] R---D C:\Users\Mad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\02_Web O43 - CFD: 08/03/2013 - 14:25:36 - [0,002] ----D C:\Users\Mad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\03_Dial O43 - CFD: 15/03/2013 - 03:13:47 - [0,003] ----D C:\Users\Mad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\04_Peripherique O43 - CFD: 01/04/2013 - 11:32:48 - [0,042] ----D C:\Users\Mad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\05_AudioVideo O43 - CFD: 14/03/2013 - 14:12:21 - [0,901] ----D C:\Users\Mad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\06_Pic&Design O43 - CFD: 14/03/2013 - 14:12:21 - [0,010] ----D C:\Users\Mad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\07_UtilitairesNoSyst O43 - CFD: 22/03/2013 - 23:40:16 - [0,015] ----D C:\Users\Mad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\08_Secur&BkUp O43 - CFD: 22/03/2013 - 02:35:18 - [0,032] R---D C:\Users\Mad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\09_UtilitaireSyst O43 - CFD: 26/03/2013 - 23:14:09 - [0,001] ----D C:\Users\Mad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\10_Pro O43 - CFD: 01/04/2013 - 18:07:09 - [0] ----D C:\Users\Mad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KarmaFX ~ Program Folder: 213 Legitimates Scanned in 00mn 03s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.D9D73C3B42A49FF4A1E44B8F9C5D4374] - 01/04/2013 - 22:09:18 ---A- . (...) -- C:\AdwCleaner[S1].txt [1769] O44 - LFC:[MD5.0D0A0848AEE40488B2DF1815BC57C83F] - 30/03/2013 - 10:10:42 ---A- . (.Open Source Software community project - POSIX Threads for Windows32 Library.) -- C:\Windows\System32\pthreadGC2.dll [86683] O44 - LFC:[MD5.CDBFE4D4490803B2083372A52EAAE917] - 26/03/2013 - 08:38:07 ---A- . (...) -- C:\Windows\System32\ipconfig_results.txt [3152] O44 - LFC:[MD5.A9C25C9A8F9DA7F25C14D84C4CE845A3] - 22/03/2013 - 11:20:29 ---A- . (.Safer Networking Limited - Pas de description.) -- C:\Windows\System32\sdnclean.exe [15224] O44 - LFC:[MD5.B4DF0B041525828BADE1AC84B1CE146C] - 21/03/2013 - 12:17:26 ---A- . (.Bullzip - Bullzip Dictionary Component.) -- C:\Windows\System32\bzDCT.dll [103424] O44 - LFC:[MD5.0DAD3B8A1238F5C8E404A420601B4F06] - 21/03/2013 - 12:17:26 ---A- . (.Bullzip - Bullzip File Reader functions.) -- C:\Windows\System32\bzFlRdr.dll [227840] O44 - LFC:[MD5.443BFA08420112DFAFA9D8FBC2615044] - 21/03/2013 - 12:17:26 ---A- . (.Bullzip - Pas de description.) -- C:\Windows\System32\bzpdfc.dll [135168] O44 - LFC:[MD5.23AE05CAA571CF89FCF1CD9EFD0F84C6] - 21/03/2013 - 12:17:23 ---A- . (.Bullzip - Bullzip PDF Writer.) -- C:\Windows\System32\bzpdf.dll [196608] O44 - LFC:[MD5.D032A3D8D81B6C164EE2DF07954E2ABF] - 19/03/2013 - 11:01:35 ---A- . (...) -- C:\Windows\uninstallstickies.bat [589] O44 - LFC:[MD5.19BC3077C98654C4F685624D8383BC2E] - 17/03/2013 - 16:25:51 ---A- . (...) -- C:\Windows\Radio_Fr.ini [1208] O44 - LFC:[MD5.3B7EA9C7488C214736E8942D67AB9007] - 15/03/2013 - 11:10:27 ---A- . (.Nokia Corporation and/or its subsidiary(-ie - C++ application development framework..) -- C:\Windows\System32\QtCore4.dll [2557952] O44 - LFC:[MD5.DA32E0D240146EB2481B7D4C3C358C3E] - 15/03/2013 - 01:57:34 ---A- . (.pdfforge GbR - pdfcmon.) -- C:\Windows\System32\pdfcmon.dll [88576] O44 - LFC:[MD5.E8922B113747A410C11D6AF7042F4A0B] - 10/03/2013 - 17:27:47 ---A- . (...) -- C:\Windows\Q-Dir.ini [12953] O44 - LFC:[MD5.60FEE6F524865950EF0A40D49F969320] - 09/06/2012 - 19:21:56 ---A- . (...) -- C:\Windows\System32\unrar.dll [178688] O44 - LFC:[MD5.995AE326D98358B7822542538FE4E851] - 17/10/2005 - 18:13:34 ---A- . (...) -- C:\Windows\System32\splus.cpl [447488] ~ Files: 73 Legitimates Scanned in 00mn 02s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe O47 - AAKE:Key Export SP - "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe O47 - AAKE:Key Export SP - "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe O47 - AAKE:Key Export SP - "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" [Enabled] .(.Safer-Networking Ltd..) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe ~ Keys Export: 4 Legitimates Scanned in 00mn 00s ---\\ Déni du service (Local Security Authority) (O48) ~ LSA: 8 Legitimates Scanned in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) ~ CBS: 13 Legitimates Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) ~ TDSD: 3 Legitimates Scanned in 00mn 00s ---\\ Microsoft Control Security Providers (O54) ~ MSCP: 2 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=1 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 18 Legitimates Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 05/12/2012 - C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys (BstHdDrv) .(.BlueStack Systems - BlueStacks Hypervisor for x86.) - LEGACY_BSTHDDRV ~ Legacy: 74 Legitimates Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.) O67 - Shell Spawning: <.bat> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> [HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d’événements.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> [HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe ~ Keys: Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche des services démarrés par Svchost (O83) ~ Services: 32 Legitimates Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.EAFF5F43AA51848E7F7A087B9B4F4BB4] [SPRF][26/03/2013] (.Ellora Assets Corporation - Freemake Video Converter Setup.) -- C:\Users\Mad\AppData\Local\Temp\FreemakeVideoConverter_4.0.0.1.exe [26413600] [MD5.FEA8181EB5D54DD6EC2F8C712BA85640] [SPRF][30/03/2013] (...) -- C:\Users\Mad\AppData\Local\Temp\ICReinstall_mp3tagv250setup.exe [667016] [MD5.7EC6C8E88BECD3C40AE35AAD1DF6EB0A] [SPRF][13/02/2013] (.RealNetworks, Inc. - RealDownloader Application.) -- C:\Users\Mad\AppData\Local\Temp\stubhelper.dll [90624] [MD5.AAACA015ECED630E7F7C0DD996412B98] [SPRF][30/03/2013] (...) -- C:\Users\Mad\AppData\Local\Temp\temp_presets.dat [2664] [MD5.887173F53072CD2D238014F4199B35CF] [SPRF][02/11/2012] (...) -- C:\Users\Mad\AppData\Local\Temp\xmlUpdater.exe [118784] [MD5.4EAD115CF40445118BA41F070296669F] [SPRF][30/03/2013] (...) -- C:\Users\Mad\AppData\Local\Temp\~glaryutilities-version.dat [514] [MD5.49F3EF3560FFE11FC756518BB092FB58] [SPRF][30/03/2013] (...) -- C:\Users\Mad\AppData\Local\Temp\~gu-ver.dat [112] [MD5.8CE7705CB43B03BB7970B04087C7758F] [SPRF][30/06/2006] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [29616] [MD5.01E2ECA759056F23C73A035FDABB2D6D] [SPRF][30/06/2006] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [201648] [MD5.0C135B4FEFF52ED92CF08BB3F0A75A90] [SPRF][11/09/2006] (.Macrovision Corporation - Macrovision Software Manager Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [484272] ~ Files: Scanned in 00mn 01s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "TCP Query User{07C3EECA-9C0B-4435-BB3D-48E6E168B70E}C:\users\mad\appdata\local\radiosure\radiosure.exe" | In - Private - P6 - TRUE | .(.TheBestWare Studio - RadioSure.) -- C:\users\mad\appdata\local\radiosure\radiosure.exe O87 - FAEL: "UDP Query User{CE2ADDAC-4E51-4156-AA74-25D900C78BF6}C:\users\mad\appdata\local\radiosure\radiosure.exe" | In - Private - P17 - TRUE | .(.TheBestWare Studio - RadioSure.) -- C:\users\mad\appdata\local\radiosure\radiosure.exe O87 - FAEL: "TCP Query User{A93D434E-19B5-4D6D-8C8F-EB2B23E88B65}C:\program files\stream what you hear\swyh.exe" | In - Private - P6 - TRUE | .(.Sebastien.warin.fr - Stream What You Hear.) -- C:\program files\stream what you hear\swyh.exe O87 - FAEL: "UDP Query User{B29E5384-B176-4C97-B40B-3194DF178C23}C:\program files\stream what you hear\swyh.exe" | In - Private - P17 - TRUE | .(.Sebastien.warin.fr - Stream What You Hear.) -- C:\program files\stream what you hear\swyh.exe O87 - FAEL: "TCP Query User{D08AD1DB-607C-4382-9994-89DCC1562E12}C:\program files\pifreepc\pifreepc.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files\pifreepc\pifreepc.exe O87 - FAEL: "UDP Query User{A89B0DE5-2873-401B-89E2-653EC4CB6C46}C:\program files\pifreepc\pifreepc.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files\pifreepc\pifreepc.exe O87 - FAEL: "TCP Query User{FA61D44E-AE48-4E35-8196-5B2E7FA7CF6F}C:\program files\stream what you hear\swyh.exe" | In - Public - P6 - TRUE | .(.Sebastien.warin.fr - Stream What You Hear.) -- C:\program files\stream what you hear\swyh.exe O87 - FAEL: "UDP Query User{5180289D-8255-4FF7-9B54-4E181A7D6CF2}C:\program files\stream what you hear\swyh.exe" | In - Public - P17 - TRUE | .(.Sebastien.warin.fr - Stream What You Hear.) -- C:\program files\stream what you hear\swyh.exe ~ Firewall: 211 Legitimates Scanned in 00mn 01s ---\\ Scan Additionnel (O88) Database Version : v2.11349 - (31/03/2013) Clés trouvées (Keys found) : 5 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing ~ Additionnel: Scanned in 00mn 47s ---\\ Product Upgrade Codes (O90) O90 - PUC: "44870A0846AC4ED4BA163DD7BD8E70F4" . (.PDF Architect.) -- C:\Windows\Installer\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}\main_icon O90 - PUC: "7672DADFAC1183D4C94C8477C03ECCB7" . (.Notification Center.) -- C:\Windows\Installer\{FDAD2767-11CA-4D38-9CC4-48770CE3CC7B}\BlueStacksIcon ~ Update Products: 36 Legitimates Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 07/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SS - | Auto 05/12/2012 393080 | (BstHdAndroidSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-Service.exe SR - | Auto 05/12/2012 384888 | (BstHdLogRotatorSvc) . (.BlueStack Systems, Inc..) - C:\Program Files\BlueStacks\HD-LogRotatorService.exe SR - | Auto 05/12/2012 67584 | (cbVSCService11) . (.CobianSoft, Luis Cobian.) - C:\Program Files\Cobian Backup 11\cbVSCService11.exe SR - | Auto 05/12/2012 1131008 | (CobianBackup11) . (.Luis Cobian, CobianSoft.) - C:\Program Files\Cobian Backup 11\cbService.exe SS - | Demand 06/03/2013 30192 | (GoogleDesktopManager-051210-111108) . (.Google.) - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe SS - | Auto 05/03/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 05/03/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 05/03/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe SS - | Demand 07/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 09/01/2013 1324104 | (PDF Architect Helper Service) . (.pdfforge GbR.) - C:\Program Files\PDF Architect\HelperService.exe SR - | Auto 09/01/2013 795208 | (PDF Architect Service) . (.pdfforge GbR.) - C:\Program Files\PDF Architect\ConversionService.exe SR - | Auto 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe SR - | Auto 13/11/2012 1103392 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe SR - | Auto 13/11/2012 1369624 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe SR - | Auto 13/11/2012 168384 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe SS - | Auto 07/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 01s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 1 Legitimates Scanned in 00mn 02s End of the scan (705 lines in 04mn 06s)(0)