Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.6.18.25 par Nicolas Coolman, Update du 18/06/2013
Run by Mouton at 19/06/2013 14:52:16
WebSite: http://nicolascoolman.webs.com
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Not Found
---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 21.0 (Defaut)
GCIE: Google Chrome v27.0.1453.116
---\\ Windows Product Information
~ Langage: Fran�ais
Windows XP Professional Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ System Protection
Avira Free Antivirus v13.0.0.3640
COMODO Internet Security v5.10.31649.2253
Malwarebytes Anti-Malware version 1.75.0.1300
Spyware Terminator 2012 v3.0.0.50
---\\ System Optimizer
CCleaner v3.27 =>Piriform Ltd
---\\ Peer To Peer (P2P)
eMule
Pando Media Booster v2.6.0.7
�Torrent v3.2.2.28595 =>P2P.�Torrent
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 21
---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3583 MB (74% free)
System Restore: Activ� (Enable)
System drive C: has 8 GB (5%) free of 146 GB
---\\ Logged in mode
~ Computer Name: MOUTON-07A28FD0
~ User Name: Mouton
~ All Users Names: UpdatusUser, SUPPORT_388945a0, Mouton, HelpAssistant, Guest, ASPNET, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Mouton\Application Data\
~ %Desktop% : C:\Documents and Settings\Mouton\Desktop\
~ %Favorites% : C:\Documents and Settings\Mouton\Favorites\
~ %LocalAppData% : C:\Documents and Settings\Mouton\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Mouton\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ DOS/Devices
A:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
C:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 146 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Hard drive, Flash drive, Thumb drive (Free 61 Go of 319 Go)
F:\ CD-ROM drive (Not Inserted)
---\\ Security Center & Tools Informations
~ Security Center: 33 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.12896823FB95BFB3DC9B46BCAEDC9923] - (.Microsoft Corporation - Windows Explorer.) (.14/04/2008 - 01:12:19.) -- C:\WINDOWS\Explorer.exe [1033728]
[MD5.CE5BA470204A3176E60721C4B63B8DF3] - (.Microsoft Corporation - Internet Extensions for Win32.) (.07/05/2013 - 23:30:06.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.ED0EF0A136DEC83DF69F04118870003E] - (.Microsoft Corporation - Windows NT Logon Application.) (.14/04/2008 - 01:12:39.) -- C:\WINDOWS\system32\Winlogon.exe [507904]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.D45926117EB9FA946A6AF572FBE1CAA3] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/04/2008 - 19:33:28.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44544]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.4A0B06AA8943C1E332520F7440C0AA30] - (.Microsoft Corporation - i8042 Port Driver.) (.13/04/2008 - 21:18:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [52480]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.5575FAF8F97CE5E713D108C2A58D7C7C] - (.Microsoft Corporation - Parallel Port Driver.) (.13/04/2008 - 19:40:10.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80128]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.F828DD7E1419B6653894A8F97A0094C5] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/04/2008 - 19:40:27.) -- C:\WINDOWS\system32\Drivers\redbook.sys [57600]
[MD5.4C8FCB5CC53AAB716D810740FE59D025] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.13/04/2008 - 19:41:01.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [52352]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/108
~ Mes musiques (My Musics) : 1/17
~ Mes Videos (My Videos) : 1/9
~ Mes Favoris (My Favorites) : 1/16
~ Mes Documents (My Documents) : 2/2498
~ Mon Bureau (My Desktop) : 1/3803
~ Menu demarrer (Programs) : 1/65
~ Hidden Files: Scanned in 00mn 01s
---\\ Processus lanc�s
[MD5.00E3E885D8C19CAD03BCD05DFEB2C1FE] - (.Comodo Security Solutions Inc. - livePCsupport launcher system service.) -- C:\Program Files\Common Files\COMODO\launcher_service.exe [70344] [PID.992]
[MD5.907324001AE25AC5959C91EAA34CABAE] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1983232] [PID.1176]
[MD5.E41F55D0B71734BB68FF26963EB250E4] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe [86752] [PID.1728]
[MD5.880AE0BEDE234F27AC252049373B8CB9] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe [110816] [PID.188]
[MD5.D8E18021F91AD79CA8491CB5A5DA22D4] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55144] [PID.216]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.284]
[MD5.E9EFCB47B90FD5498695BB7FEFD36CAE] - (.Seiko Epson Corporation - Epson Scanner Service (32bit).) -- C:\WINDOWS\system32\EscSvc.exe [122000] [PID.364]
[MD5.CBC7E60715F54D8ABC5E577CCFF6B039] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.exe [142432] [PID.460]
[MD5.F96C429788350DB4BA6771C3034DFD88] - (.Teruten - FsUsbDevice.) -- C:\WINDOWS\system32\FsUsbExService.exe [217088] [PID.500]
[MD5.AE63D0DB96C07CAE5DC4CDB2B2A719A0] - (.Comodo Security Solutions, Inc. - GeekBuddy Remote Screen Protocol Server.) -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [1851088] [PID.572]
[MD5.5739F2821D49975CEDE6BF0153D0CF01] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [181664] [PID.1380]
[MD5.414E51CEC052227C581C9EAFE4499C14] - (.VIA Technologies, Inc. - Service binary.) -- C:\WINDOWS\system32\KaraokeSer.exe [88688] [PID.1472]
[MD5.7276ED403221A5A8FE54A9DD136E12EF] - (...) -- C:\Program Files\Logitech\Easy Synchronization\servicestub.exe [65536] [PID.1620]
[MD5.B88A592C93319B477A36FC9D4D2B1FB2] - (.CybelSoft - Service de d�tection mat�riel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [755536] [PID.1720]
[MD5.500D956B8406A69256DEB9EEB4A7F57C] - (...) -- C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe [53248] [PID.1752]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Documents and Settings\Mouton\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.200]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Documents and Settings\Mouton\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.496]
[MD5.D98350792A7CE82E7459A7C36481BEDA] - (.Microsoft Corporation - MsCamSvc.exe.) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe [139632] [PID.1132]
[MD5.FD306FBCCE7ADB1077B709742E7148E9] - (...) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096] [PID.1336]
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Documents and Settings\Mouton\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1808]
[MD5.E666A28CC51F04C7D972EF8AD4234BBA] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 310.9.) -- C:\WINDOWS\system32\nvsvc32.exe [157112] [PID.1512]
[MD5.9D84376931440F3679BEEF2A414FA493] - (.HP - PML Driver.) -- C:\WINDOWS\system32\HPZipm12.exe [69632] [PID.2084]
[MD5.205E1B699FD3F2F9B036EEA2EC30C620] - (...) -- C:\WINDOWS\system32\PnkBstrA.exe [76888] [PID.2096]
[MD5.7D6D84E523FE830B483A0DCBF1EAEDE0] - (...) -- C:\WINDOWS\system32\PnkBstrB.exe [189072] [PID.2116]
[MD5.2CD3EE180EADDE93DF78AADE87B61504] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) -- C:\Program Files\Spyware Terminator\st_rsser.exe [482992] [PID.2288]
[MD5.3F08838E262984EF555A50B9D6C8BC34] - (.Vodafone Group - VodafoneConnectorService.) -- C:\Program Files\Vodafone\Via The Phone\VodafoneConnectorService.exe [233472] [PID.2388]
[MD5.DD0042F0C3B606A6A8B92D49AFB18AD6] - (.Yahoo! Inc. - AutoUpater Service Module.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [602392] [PID.2452]
[MD5.C61F226996B84AB78D481FD69362E72A] - (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [6749512] [PID.3532]
[MD5.70F40294A8BF20CF0A5473BC60730BD5] - (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe [1851192] [PID.3552]
[MD5.0FA8B91757C93A29FA0A035ACA8B9C4E] - (.VIA Technologies, Inc. - HDeck MFC Application.) -- C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [41122448] [PID.3584]
[MD5.037B1E7798960E0420003D05BB577EE6] - (...) -- ystem32\RunDLL32.exe [0] [PID.3608]
[MD5.F7C957383CE7E11A8CB3C0E7D80BDB76] - (.SEIKO EPSON CORPORATION - Fax Reception.) -- C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912] [PID.3652]
[MD5.91AE51D746D6AC6943849D9465AE40E6] - (.SEIKO EPSON CORPORATION - Fax Transmission.) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360] [PID.3716]
[MD5.06EB82143478B8EA270E5BD06EFA1534] - (.Logitech, Inc. - Logitech KHAL Main Process.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe [150328] [PID.3816]
[MD5.46D3D19A4745B67DCA6692AFAB0E136D] - (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058912] [PID.3812]
[MD5.FD579C25D253A47DF82A76B7EE96ADB5] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.3908]
[MD5.AD298BDBF33C10EFD2F9BB2BAE8718D9] - (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [495616] [PID.1140]
[MD5.4C4CF9220E628D1378F9807EC5175488] - (.Microsoft Corporation - ActiveSync Connection Manager.) -- C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [1289000] [PID.3508]
[MD5.6B3DD4B1D5D4C239AD84A460E676C6D7] - (.Avira Operations GmbH & Co. KG - Avira Shadow Copy Service.) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe [79584] [PID.3288]
[MD5.09301A1FB10CDB3328AB616B5B18C92F] - (.Comodo Security Solutions, Inc. - livePCsupport Component.) -- C:\Program Files\COMODO\GeekBuddy\unit_manager.exe [207560] [PID.3160]
[MD5.DCFC84480C76D862D9BFD386EA6E8DE7] - (.Microsoft Corporation - ActiveSync RAPI Manager.) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe [199464] [PID.3452]
[MD5.27F7E2A7B7E09FF2F17A97DCA6EE0F1A] - (.Comodo Security Solutions, Inc. - livePCsupport Component.) -- C:\Program Files\COMODO\GeekBuddy\unit.exe [194760] [PID.3116]
[MD5.612AF40F6F45DEFC00F68E868B75927A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\Mouton\Desktop\ZHPDiag\ZHPDiag.exe [7518208] [PID.4176]
[MD5.8C515081584A38AA007909CD02020B3D] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe [44544] [PID.4180]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [agbbmachalkmbecmaamehkfbhaggpckk] Webplayer Toolbar v.2.1, (D�sactiv�)
~ Google Browser: 9 Legitimates Filtered in 00mn 13s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\prefs.js
M3 - MFPP: Plugins - [Mouton] -- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\searchplugins\live-search.xml
M2 - MFEP: prefs.js [Mouton - bhl22nkz.default\amin.eft_PhProxy@gmail.com] [] PhZilla v4.1.1 (..)
M2 - MFEP: prefs.js [Mouton - bhl22nkz.default\foxyproxy@eric.h.jung] [] FoxyProxy Basic v3.2 (..)
M2 - MFEP: prefs.js [Mouton - bhl22nkz.default\MouseControl@neocodex.us] [] MouseControl v1.5.1 (..)
M2 - MFEP: prefs.js [Mouton - bhl22nkz.default\support@6point7.com] [] Social Video Chat v1.2 (..)
M2 - MFEP: prefs.js [Mouton - bhl22nkz.default\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}] [] FoxyTunes v4.3.6 (..)
M2 - MFEP: prefs.js [Mouton - bhl22nkz.default\{c850fe9c-684f-4875-9eb2-604eb1996d5c}] [] Webplayer Toolbar v2.2 (..)
P2 - FPN: [HKLM] [@qq.com/npqscall] - (...) -- C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll (.not file.)
P2 - FPN: [HKLM] [@qq.com/TXSSO] - (...) -- C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll (.not file.)
~ Firefox Browser: 42 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com =>PUP.CertifiedToolbar
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://newtab.certified-toolbar.com =>PUP.CertifiedToolbar
~ IE Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 22
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} . (.Shareaza Development Team - Shareaza Web Download Hook.) -- C:\Program Files\Shareaza\RazaWebHook32.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Cl� orpheline
~ BHO: 8 Legitimates Filtered in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [ISUSPM Startup] . (.Macrovision Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
O4 - HKLM\..\Run: [ISUSScheduler] . (.Macrovision Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKLM\..\Run: [Easy Synchronization] . (...) -- C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] . (.Logitech, Inc. - Logitech KHAL Main Process.) -- C:\WINDOWS\KHALMNPR.exe
O4 - HKLM\..\Run: [COMODO Internet Security] . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
O4 - HKLM\..\Run: [Launch LCore] . (.Logitech Inc. - Logitech Gaming Framework.) -- C:\Program Files\Logitech Gaming Software\LCore.exe
O4 - HKLM\..\Run: [EvtMgr6] . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
O4 - HKLM\..\Run: [HDAudDeck] . (.VIA Technologies, Inc. - HDeck MFC Application.) -- C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMCTray.dll
O4 - HKLM\..\Run: [nwiz] . (...) -- C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
O4 - HKLM\..\Run: [FUFAXRCV] . (.SEIKO EPSON CORPORATION - Fax Reception.) -- C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
O4 - HKLM\..\Run: [FUFAXSTM] . (.SEIKO EPSON CORPORATION - Fax Transmission.) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
O4 - HKLM\..\Run: [EEventManager] . (.SEIKO EPSON CORPORATION - EEventManager Application.) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [gbrspcontrol] . (.Comodo Security Solutions, Inc. - GeekBuddy Remote Screen Protocol Server.) -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\RunOnce: [Easy Synchronization] . (...) -- C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] . (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] . (.Microsoft Corporation - ActiveSync Connection Manager.) -- C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-436374069-1788223648-725345543-1003\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-436374069-1788223648-725345543-1003\..\Run: [Gadwin PrintScreen] . (.Gadwin Systems, Inc - Gadwin PrintScreen.) -- C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
O4 - HKUS\S-1-5-21-436374069-1788223648-725345543-1003\..\Run: [H/PC Connection Agent] . (.Microsoft Corporation - ActiveSync Connection Manager.) -- C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop: AntiError.lnk . (.Comodo Security Solutions Inc. - livePCsupport launcher application.) -- C:\Program Files\COMODO\GeekBuddy\launcher.exe
O4 - GS\Desktop: Avira Control Center.lnk . (.Avira Operations GmbH & Co. KG - Avira Control Center.) -- C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
O4 - GS\Desktop: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>Piriform Ltd
O4 - GS\Desktop: Code de la Route.lnk . (.Micro Application - Code de la Route.) -- E:\Logiciel\permis\CDR.exe
O4 - GS\Desktop: COMODO Firewall.lnk . (.COMODO - COMODO Internet Security.) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
O4 - GS\Desktop: Diablo III.lnk . (.Blizzard Entertainment - Diablo III Setup.) -- E:\Jeuxinstal�s\Diablo3full\Diablo III\Diablo III Launcher.exe
O4 - GS\Desktop: GeekBuddy.lnk . (.Comodo Security Solutions Inc. - livePCsupport launcher application.) -- C:\Program Files\COMODO\GeekBuddy\launcher.exe
O4 - GS\Desktop: HD ADeck.lnk . (.VIA Technologies, Inc. - HDeck MFC Application.) -- C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
O4 - GS\Desktop: Ma-Config.com - Start the detection.lnk . (.CybelSoft - Ma-Config.com start detection.) -- C:\Program Files\ma-config.com\MCDetection.exe
O4 - GS\Desktop: Malwarebytes Anti-Malware.lnk . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Documents and Settings\Mouton\Desktop\Malwarebytes' Anti-Malware\mbam.exe
O4 - GS\Desktop: MBRCheck.lnk . (...) -- C:\Documents and Settings\Mouton\Desktop\ZHPDiag\mbrcheck.exe
O4 - GS\Desktop: Microsoft LifeCam.lnk . (.Microsoft Corporation - LifeCam.exe.) -- C:\Program Files\Microsoft LifeCam\LifeCam.exe
O4 - GS\Desktop: mouton.lnk - Cl� orpheline
O4 - GS\Desktop: Param�tres de la souris et du clavier Logitech.lnk . (.Logitech, Inc. - Logitech SetPoint Event Manager (UNICODE).) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - GS\Desktop: VLC media player.lnk . (...) -- C:\Program Files\VideoLAN\VLC\vlc.exe
O4 - GS\Desktop: Your Freedom.lnk . (.resolution Reichert Network Solutions GmbH - Your Freedom client software.) -- C:\Program Files\Your Freedom\freedom.exe
O4 - GS\Desktop: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Documents and Settings\Mouton\Desktop\ZHPDiag\ZHPhep.exe
O4 - GS\Desktop: ZHPFix.lnk . (.Nicolas Coolman - ZHPDiag Setup.) -- C:\Documents and Settings\Mouton\Desktop\ZHPDiag\ZHPFix\ZHPhep.exe
O4 - GS\Desktop: �Torrent.lnk . (.BitTorrent, Inc. - �Torrent.) -- C:\Program Files\uTorrent\uTorrent.exe =>P2P.�Torrent
O4 - GS\Desktop: eteindre.lnk . (...) -- C:\Documents and Settings\Mouton\Desktop\outils\off.bat
O4 - GS\Desktop: Google Drive.lnk . (...) -- C:\Documents and Settings\Mouton\My Documents\Google Drive
O4 - GS\Desktop: Guitar Hero III.lnk . (.Aspyr Media, Inc. - Guitar Hero III.) -- E:\Jeuxinstal�s\guitarhero\GH3.exe
O4 - GS\Desktop: Microsoft Office Word 2007.lnk . (...) -- C:\WINDOWS\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop: Proxifier.lnk . (.Initex - Proxifier Standard Edition v3.15.) -- C:\Program Files\Proxifier\Proxifier.exe
O4 - GS\Desktop: Shortcut to Local Disk (E).lnk . (...) -- E:\
O4 - GS\Desktop: Shortcut to PlantsVsZombies.exe.lnk . (...) -- E:\Jeux\Plants_vs._Zombies\PlantsVsZombies.exe
O4 - GS\Desktop: Shortcut to TESV.exe.lnk . (.Bethesda Softworks - Skyrim.) -- E:\Jeuxinstal�s\The Elder Scrolls V Skyrim\TESV.exe
O4 - GS\Desktop: Shortcut to Vie quotidienne.docx.lnk . (...) -- C:\Documents and Settings\Mouton\Local Settings\Temp\Vie quotidienne.docx (.not file.)
O4 - GS\Desktop: Sounds and Audio Devices.lnk - Cl� orpheline
O4 - GS\Desktop: StarCraft II.lnk . (.Blizzard Entertainment - StarCraft II Setup.) -- C:\Program Files\StarCraft II\StarCraft II.exe
O4 - GS\Desktop: Steam.lnk . (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslav.) -- C:\Program Files\Steam\Steam.exe
~ Global Startup: Scanned in 00mn 00s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - ActiveSync Favorite Synchronization.) -- C:\Program Files\MI3AA1~1\INetRepl.dll
O9 - Extra button: Cr�er un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -- Cl� orpheline
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} -- (.not file.)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Cl� orpheline
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000005\Winsock LSP File . (.Pas de propri�taire - Proxifier Namespace Service Provider.) -- C:\WINDOWS\system32\PrxerNsp.dll
~ Winsock: 5 Legitimates Filtered in 00mn 00s
---\\ Piratage de l'Option 'R�tablir les param�tres Web' (O14)
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com"
~ IE Param�tres WEB: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} ((no name)) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281877548328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1355378613281
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5116D062-B9E3-4FAF-AABC-4063C077E212}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{5116D062-B9E3-4FAF-AABC-4063C077E212}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5116D062-B9E3-4FAF-AABC-4063C077E212}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{5116D062-B9E3-4FAF-AABC-4063C077E212}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5116D062-B9E3-4FAF-AABC-4063C077E212}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{5116D062-B9E3-4FAF-AABC-4063C077E212}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS3\Services\Tcpip\..\{5116D062-B9E3-4FAF-AABC-4063C077E212}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Offline Network Agent.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - Secondary Logon Service Notification DLL.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - UPNP Tray Monitor and Folder.) -- C:\WINDOWS\system32\upnpui.dll
~ SSODL: 6 Legitimates Filtered in 00mn 00s
---\\ Cl� de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Browseui preloader - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Logitech Easy Synchronization (Logitech Easy Synchronization) . (...) - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
O23 - Service: Vodafone Connector Service (VodafoneConnectorService) . (.Vodafone Group - VodafoneConnectorService.) - C:\Program Files\Vodafone\Via The Phone\VodafoneConnectorService.exe
~ Services: 26 Legitimates Filtered in 00mn 09s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: My Current Home Page - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Mouton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Mouton\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Install_NSS.job [366]
[MD5.00000000000000000000000000000000] [APT] [Install_NSS] (...) -- C:\Program Files\DivX\Symantec\scstubinstaller.exe (.not file.) [0]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 00s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (sp_rsdrv2) . (...) - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
~ Drivers: 92 Legitimates Filtered in 00mn 00s
---\\ Logiciels install�s (O42)
O42 - Logiciel: Barbarian Invasion - (...) [HKLM] -- {FD69C8CB-6964-432C-98AB-A5A09ED50EEA}
O42 - Logiciel: LameACM - (...) [HKLM] -- LameACM
O42 - Logiciel: Shareaza 2.6.0.0 - (.Shareaza Development Team.) [HKLM] -- Shareaza_is1
O42 - Logiciel: SplitCam - (.SplitCam Co.) [HKLM] -- SplitCam
O42 - Logiciel: System.Data.SQLite v1.0.76.0 - (.System.Data.SQLite Team.) [HKLM] -- {02E43EC2-6B1C-45B5-9E48-941C3E1B204A}_is1
O42 - Logiciel: Webplayer Toolbar 2.1 - (.Webplayer Toolbar.) [HKLM] -- {b0439fd3-8f96-400d-9515-eb8122ee1f21}_is1
~ Logic: 446 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Malfador Machinations]
[HKCU\Software\Nival Interactive]
[HKCU\Software\Shareaza]
[HKCU\Software\SplitCam]
[HKCU\Software\WebplayerToolbar]
[HKCU\Software\�V�R�f��]
[HKLM\Software\Shareaza]
[HKLM\Software\Sirius]
[HKLM\Software\Trymedia Systems] =>Adware.Trymedia
~ Key Software: 327 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/06/2011 - 05:15:23 - [0,000] ----D C:\Program Files\Camersoft
O43 - CFD: 11/09/2011 - 20:05:44 - [1908,344] ----D C:\Program Files\Huyustus
O43 - CFD: 20/07/2012 - 22:19:46 - [42,574] ----D C:\Program Files\ICQ7.5
O43 - CFD: 29/12/2010 - 17:41:34 - [0,073] ----D C:\Program Files\LameACM
O43 - CFD: 04/12/2012 - 02:00:56 - [28,721] ----D C:\Program Files\Shareaza
O43 - CFD: 18/05/2013 - 21:21:30 - [5,617] ----D C:\Program Files\Space Empires V
O43 - CFD: 29/12/2011 - 08:16:17 - [189,677] ----D C:\Program Files\SplitCam
O43 - CFD: 04/11/2011 - 03:48:31 - [7,223] ----D C:\Program Files\System.Data.SQLite
O43 - CFD: 03/12/2011 - 02:29:49 - [9,467] ----D C:\Program Files\Zygocam
O43 - CFD: 14/03/2013 - 20:43:10 - [0,003] ----D C:\Documents and Settings\Mouton\Application Data\.oit
O43 - CFD: 05/08/2011 - 18:08:06 - [0,061] ----D C:\Documents and Settings\Mouton\Application Data\AtomZombieDemoData
O43 - CFD: 16/10/2009 - 19:52:23 - [0,390] ----D C:\Documents and Settings\Mouton\Application Data\Shareaza
O43 - CFD: 13/09/2011 - 01:26:57 - [0] ----D C:\Documents and Settings\Mouton\Local Settings\Application Data\28050
O43 - CFD: 03/11/2011 - 09:05:43 - [935,188] ----D C:\Documents and Settings\Mouton\Local Settings\Application Data\MooExt
O43 - CFD: 16/10/2009 - 19:52:23 - [620,516] ----D C:\Documents and Settings\Mouton\Local Settings\Application Data\Shareaza
O43 - CFD: 08/10/2009 - 21:23:39 - [0,001] ----D C:\Documents and Settings\Mouton\Start Menu\Programs\�V�R�f��
~ Program Folder: 264 Legitimates Filtered in 00mn 02s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.65D7FAAD87FBC25BF170789AA4BE6CB8] - 19/06/2013 - 12:47:02 ---A- . (...) -- C:\WINDOWS\popcinfot.dat [25]
O44 - LFC:[MD5.BCE65D5198DE2875917B4C326B0372A2] - 19/06/2013 - 09:54:26 ---A- . (...) -- C:\WINDOWS\wiadebug.log [157]
O44 - LFC:[MD5.E431037D6565AB75DCE6B521138CF179] - 19/06/2013 - 09:54:25 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.FA579938B0733B87066546AFE951082C] - 18/06/2013 - 23:37:21 ---A- . (...) -- C:\Boot.bak [211]
O44 - LFC:[MD5.48C65662EC81FBCAA110509F50C51497] - 18/06/2013 - 23:37:19 RSHA- . (...) -- C:\cmldr [263488]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 18/06/2013 - 23:32:38 ---A- . (...) -- C:\WINDOWS\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 18/06/2013 - 23:32:38 ---A- . (...) -- C:\WINDOWS\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 18/06/2013 - 23:32:38 ---A- . (...) -- C:\WINDOWS\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 18/06/2013 - 23:32:38 ---A- . (...) -- C:\WINDOWS\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 18/06/2013 - 23:32:38 ---A- . (...) -- C:\WINDOWS\zip.exe [68096]
O44 - LFC:[MD5.81A0357693E251098AB0267BE6971280] - 18/06/2013 - 17:04:07 ---A- . (...) -- C:\DelFix.txt [339]
O44 - LFC:[MD5.9CB1D4C44092E93833D05E773E431261] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [117471]
O44 - LFC:[MD5.7E75775E345CE1F50B1C06B3F5081D45] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [8075]
O44 - LFC:[MD5.62FDC39E35E3C96C454B47C0F8D2C85A] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\comsetup.log [38884]
O44 - LFC:[MD5.140D2A2608B7F22866CF1551E83F3E96] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\iis6.log [125492]
O44 - LFC:[MD5.AA5D5F6881145474885C6155927065BE] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\imsins.log [1374]
O44 - LFC:[MD5.8F01524AB411F85867F0A2C97F0ED537] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\msgsocm.log [5871]
O44 - LFC:[MD5.6CC6944060C9A8F1DE2566539A10F6B2] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\msmqinst.log [35380]
O44 - LFC:[MD5.61A8042D41BA86E8B940F1D6C140A6F0] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\netfxocm.log [20577]
O44 - LFC:[MD5.CD00E695FCECBCFA63757D22E9574921] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [23568]
O44 - LFC:[MD5.714AB9F75653A983B11A6CB676F66F65] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\ocgen.log [56164]
O44 - LFC:[MD5.DB7B1ED64ABC69E0DA7DB9506DC0E040] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\ocmsn.log [6498]
O44 - LFC:[MD5.C775D6419F27F87B46E5E4438E7113CD] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\tabletoc.log [5909]
O44 - LFC:[MD5.DE0606B1C16AE8F1D13B9AC4C61BEEAA] - 15/06/2013 - 03:25:32 ---A- . (...) -- C:\WINDOWS\tsoc.log [53601]
O44 - LFC:[MD5.0D52B8F64719D67A6DA09BAB3C24136C] - 15/06/2013 - 03:21:47 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1374]
O44 - LFC:[MD5.3C22A34DB7F632A3C0A850E05ED29A7D] - 15/06/2013 - 03:21:38 ---A- . (...) -- C:\WINDOWS\updspapi.log [13490]
O44 - LFC:[MD5.EE52541150655ACC9B9B23F23C45FA04] - 08/06/2013 - 15:25:58 ---A- . (...) -- C:\img2-001.raw [230424]
~ Files: 44 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.B7C17B84D7D15C540DD2B931E0250330] - 12/06/2013 - 01:22:41 ---A- - C:\WINDOWS\Prefetch\WORDVIEW.EXE-08BD9A01.pf
O45 - LFCP:[MD5.D476CD41D47E78778C2937698A9669F2] - 14/06/2013 - 01:54:37 ---A- - C:\WINDOWS\Prefetch\HEROES3.EXE-3770266B.pf
O45 - LFCP:[MD5.3751322C9377717EBEF4C0F859190DEC] - 14/06/2013 - 18:00:23 ---A- - C:\WINDOWS\Prefetch\GH3.EXE-25F165C0.pf
O45 - LFCP:[MD5.1C4115661DB61789085D642FC3C079E0] - 15/06/2013 - 02:43:41 ---A- - C:\WINDOWS\Prefetch\DXDLLREG.EXE-39C012FF.pf
O45 - LFCP:[MD5.6E889FAA473C5E604C9A71B2702BD1D2] - 15/06/2013 - 02:44:15 ---A- - C:\WINDOWS\Prefetch\DXDLLREG.EXE-338FC561.pf
O45 - LFCP:[MD5.B3B9BB484EB803B4DCC4423831128442] - 15/06/2013 - 23:35:11 ---A- - C:\WINDOWS\Prefetch\WLXQUICKTIMECONTROLHOST.EXE-271639BF.pf
O45 - LFCP:[MD5.99B8F349B39EE06A46BA58F8563CE314] - 16/06/2013 - 01:41:28 ---A- - C:\WINDOWS\Prefetch\ROBOTCLIC.EXE-108028E2.pf
O45 - LFCP:[MD5.8FCDDDE789CC052BC32E1A22CB3C6078] - 16/06/2013 - 02:18:11 ---A- - C:\WINDOWS\Prefetch\LIFEENC2.EXE-2B883052.pf
O45 - LFCP:[MD5.D89F82B4E1D474C7FD299DFDD5755F8B] - 16/06/2013 - 02:18:16 ---A- - C:\WINDOWS\Prefetch\LIFETRAY.EXE-36181759.pf
O45 - LFCP:[MD5.064EC63AE5F1527A1CC6177ECA8F3941] - 16/06/2013 - 18:01:33 ---A- - C:\WINDOWS\Prefetch\RELICCOH2.EXE-03CD7BD9.pf
O45 - LFCP:[MD5.007D7B60727D0EFA0E0BEA7DD6B22D5D] - 17/06/2013 - 17:12:19 ---A- - C:\WINDOWS\Prefetch\CACAOWEB.EXE-022A14F5.pf =>PUP.CacaoWeb
O45 - LFCP:[MD5.CFB470929909D95B1FC6F1C002F5B1E5] - 19/06/2013 - 09:55:15 ---A- - C:\WINDOWS\Prefetch\HDECK.EXE-00161107.pf
O45 - LFCP:[MD5.CF76FFFB6FB7C1ED63D956E89ED78295] - 19/06/2013 - 09:55:15 ---A- - C:\WINDOWS\Prefetch\LOGITECHEASYSYNC.EXE-1F3F5E19.pf
O45 - LFCP:[MD5.35462FB18894F1E43F9F7DCC9FCC45D0] - 19/06/2013 - 09:55:16 ---A- - C:\WINDOWS\Prefetch\CFP.EXE-1E7EB3AA.pf
O45 - LFCP:[MD5.903FBD3623B9199AC530CB2DCE4CC64E] - 19/06/2013 - 09:55:16 ---A- - C:\WINDOWS\Prefetch\FUFAXRCV.EXE-068C1C00.pf
O45 - LFCP:[MD5.1AB2EB68AEC297BBA446A1B41D304FF4] - 19/06/2013 - 09:55:16 ---A- - C:\WINDOWS\Prefetch\FUFAXSTM.EXE-285BC6E9.pf
O45 - LFCP:[MD5.037483F6C21C2533FC671043B3D0DB84] - 19/06/2013 - 09:55:16 ---A- - C:\WINDOWS\Prefetch\SETPOINT.EXE-015059E8.pf
O45 - LFCP:[MD5.E3E99DB9A7B930842C0BB6299C483206] - 19/06/2013 - 09:55:16 ---A- - C:\WINDOWS\Prefetch\SETPOINT.EXE-1A5FD1F0.pf
O45 - LFCP:[MD5.5CE6D06B37769B926BD8C37BC5057D30] - 19/06/2013 - 09:55:16 ---A- - C:\WINDOWS\Prefetch\WCESCOMM.EXE-062FDF7F.pf
O45 - LFCP:[MD5.59B586C4455416803A5CED1686AAA669] - 19/06/2013 - 09:55:18 ---A- - C:\WINDOWS\Prefetch\RAPIMGR.EXE-105F1493.pf
O45 - LFCP:[MD5.85EE1D28D7BDB1D50218867099D444CC] - 19/06/2013 - 09:55:19 ---A- - C:\WINDOWS\Prefetch\UNIT_MANAGER.EXE-307FD43E.pf
O45 - LFCP:[MD5.759E3549A465FFA7189A450471247F4F] - 19/06/2013 - 12:05:42 ---A- - C:\WINDOWS\Prefetch\POPCAPGAME1.EXE-069DFA3F.pf
O45 - LFCP:[MD5.83415DE4261105C6C7C41EB793CF8944] - 19/06/2013 - 12:05:47 ---A- - C:\WINDOWS\Prefetch\PLANTSVSZOMBIES.EXE-3771D1B9.pf
~ Prefetcher: 130 Legitimates Filtered in 00mn 00s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - ShellExecuteHook class - {FE24CD78-7C63-465D-8787-4EDF7FC79895} - C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export de cl� d'application autoris�e (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\Your Freedom\freedom.exe" [Enabled] .(.resolution Reichert Network Solutions GmbH.) -- C:\Program Files\Your Freedom\freedom.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Mouton\Local Settings\Application Data\Akamai\netsession_win.exe" [Enabled] .(...) -- C:\Documents and Settings\Mouton\Local Settings\Application Data\Akamai\netsession_win.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.976\Agent.exe" [Enabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.976\Agent.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\StarCraft II 2012 Beta\StarCraft II Beta.exe" [Enabled] .(...) -- C:\Program Files\StarCraft II 2012 Beta\StarCraft II Beta.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.998\Agent.exe" [Enabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.998\Agent.exe (.not file.)
O47 - AAKE:Key Export SP - "E:\Jeux\DDOinst\dndclient.exe" [Enabled] .(...) -- E:\Jeux\DDOinst\dndclient.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\StarCraft II\Versions\Base21029\SC2.exe" [Enabled] .(...) -- C:\Program Files\StarCraft II\Versions\Base21029\SC2.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Tencent\QQIntl\Bin\QQ.exe" [Enabled] .(...) -- C:\Program Files\Tencent\QQIntl\Bin\QQ.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Tencent\QQIntl\Bin\auclt.exe" [Enabled] .(...) -- C:\Program Files\Tencent\QQIntl\Bin\auclt.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Tencent\QQIntl\Bin\txupd.exe" [Enabled] .(...) -- C:\Program Files\Tencent\QQIntl\Bin\txupd.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1040\Agent.exe" [Enabled] .(...) -- C:\Documents and Settings\All Users\Application Data\Battle.net\Agent\Agent.1040\Agent.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\StarCraft II\sc2-x.x.x.x-1.5.0.22342-enUS-Downloader.exe" [Enabled] .(...) -- C:\Program Files\StarCraft II\sc2-x.x.x.x-1.5.0.22342-enUS-Downloader.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\Shareaza\Shareaza.exe" [Enabled] .(.Shareaza Development Team.) -- C:\Program Files\Shareaza\Shareaza.exe
O47 - AAKE:Key Export SP - "C:\Program Files\cacaoweb\cacaoweb.exe" [Enabled] .(...) -- C:\Program Files\cacaoweb\cacaoweb.exe (.not file.) =>PUP.CacaoWeb
~ Keys Export: 44 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \drivers.desc\"mciqtz32.dll"="mciqtz32.dll" . (...) -- C:\WINDOWS\system32\mciqtz32.dll
~ TDSD: 24 Legitimates Filtered in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Badoo Desktop [Key] . (...) -- C:\Documents and Settings\All Users\Application Data\Badoo\Badoo desktop\1.6.30.1009\Badoo.desktop.exe (.not file.)
~ SMSR Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.95B4FB835E28AA1336CEEB07FD5B9398] - 13/04/2008 - 19:36:39 ----- . (.Advanced Micro Devices, Inc. - AMD Win2000 AGP Filter.) -- C:\WINDOWS\system32\Drivers\amdagp.sys [43008]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 04/08/2004 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 16/06/2013 - 00:54:18 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\bookmarkbackups\bookmarks-2013-06-16.json [26075]
O61 - LFC: 16/06/2013 - 02:17:38 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\000304.sst [159]
O61 - LFC: 16/06/2013 - 03:04:46 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Microsoft\LifeEnC2.exe_StrongName_rfxtevkrx4mwctk21ysagzokh3nchq2z\3.22.270.0\user.config [1092]
O61 - LFC: 16/06/2013 - 13:33:14 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG.old [145]
O61 - LFC: 16/06/2013 - 13:34:04 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Last Tabs [4338]
O61 - LFC: 16/06/2013 - 13:34:04 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\000307.sst [159]
O61 - LFC: 16/06/2013 - 13:34:06 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Last Session [5825]
O61 - LFC: 16/06/2013 - 13:34:06 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG.old [359]
O61 - LFC: 16/06/2013 - 13:39:18 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Certificate Revocation Lists [270879]
O61 - LFC: 16/06/2013 - 13:43:50 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG.old [148]
O61 - LFC: 16/06/2013 - 14:34:22 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\search-metadata.json [180]
O61 - LFC: 16/06/2013 - 16:49:22 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\chrome.manifest [2681]
O61 - LFC: 16/06/2013 - 16:49:22 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\chrome\flagfox\content.jar [802816]
O61 - LFC: 16/06/2013 - 16:49:22 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\chrome\flagfox\modules\flagfox.jsm [71632]
O61 - LFC: 16/06/2013 - 16:49:22 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\chrome\flagfox\modules\ipdb.jsm [9327]
O61 - LFC: 16/06/2013 - 16:49:22 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\defaults\preferences\defaultpreferences.js [4823]
O61 - LFC: 16/06/2013 - 16:49:22 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\install.rdf [1814]
O61 - LFC: 16/06/2013 - 16:49:22 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\ipdb\ip4.db [489672]
O61 - LFC: 16/06/2013 - 16:49:22 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\ipdb\ip6.db [235816]
O61 - LFC: 16/06/2013 - 16:49:22 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}\ipdb\metadata.js [120]
O61 - LFC: 16/06/2013 - 21:51:29 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT [16]
O61 - LFC: 16/06/2013 - 21:51:29 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000058 [248]
O61 - LFC: 16/06/2013 - 21:51:30 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG [145]
O61 - LFC: 16/06/2013 - 21:51:34 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\CURRENT [16]
O61 - LFC: 16/06/2013 - 21:51:34 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000261 [436]
O61 - LFC: 16/06/2013 - 21:51:39 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Managed Mode Settings [8]
O61 - LFC: 16/06/2013 - 21:51:40 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Session [4573]
O61 - LFC: 16/06/2013 - 21:51:40 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Current Tabs [4338]
O61 - LFC: 16/06/2013 - 21:51:41 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\000310.sst [159]
O61 - LFC: 16/06/2013 - 21:51:41 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\CURRENT [16]
O61 - LFC: 16/06/2013 - 21:51:41 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000309 [4438]
O61 - LFC: 16/06/2013 - 21:51:42 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2013-06 [36864]
O61 - LFC: 16/06/2013 - 21:51:42 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\History Index 2013-06-journal [16384]
O61 - LFC: 16/06/2013 - 21:51:42 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG [359]
O61 - LFC: 16/06/2013 - 21:52:01 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies [228352]
O61 - LFC: 16/06/2013 - 21:52:01 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal [16384]
O61 - LFC: 16/06/2013 - 21:53:24 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download [678084]
O61 - LFC: 16/06/2013 - 21:53:26 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom [9202312]
O61 - LFC: 16/06/2013 - 21:53:26 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set [1746656]
O61 - LFC: 16/06/2013 - 21:53:26 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Csd Whitelist [135072]
O61 - LFC: 16/06/2013 - 21:53:26 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download Whitelist [19616]
O61 - LFC: 16/06/2013 - 21:53:26 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Extension Blacklist [5268]
O61 - LFC: 16/06/2013 - 21:53:50 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG [148]
O61 - LFC: 16/06/2013 - 21:53:50 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\History [2330624]
O61 - LFC: 16/06/2013 - 21:53:50 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\History Provider Cache [1625]
O61 - LFC: 16/06/2013 - 21:53:50 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal [16384]
O61 - LFC: 16/06/2013 - 21:53:50 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Local State [36007]
O61 - LFC: 16/06/2013 - 21:53:50 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies [6144]
O61 - LFC: 16/06/2013 - 21:53:50 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies-journal [4640]
O61 - LFC: 16/06/2013 - 21:53:51 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
O61 - LFC: 17/06/2013 - 12:09:28 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\bookmarkbackups\bookmarks-2013-06-17.json [26075]
O61 - LFC: 18/06/2013 - 03:00:16 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\bookmarkbackups\bookmarks-2013-06-18.json [26075]
O61 - LFC: 18/06/2013 - 15:44:54 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\healthreport\lastpayload.json [23555]
O61 - LFC: 18/06/2013 - 16:51:43 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\search.json [14031]
O61 - LFC: 18/06/2013 - 16:52:00 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\pluginreg.dat [13224]
O61 - LFC: 18/06/2013 - 16:55:24 ---A- C:\Documents and Settings\Mouton\Recent\AdwCleaner[S1].txt.lnk [523]
O61 - LFC: 18/06/2013 - 17:05:34 ---A- C:\Documents and Settings\Mouton\Recent\DelFix.txt.lnk [481]
O61 - LFC: 18/06/2013 - 17:11:23 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\saved-telemetry-pings\2e2308ef-03a1-46a2-89c5-f8026949d949 [74839]
O61 - LFC: 18/06/2013 - 17:12:08 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\saved-telemetry-pings\acfd765f-ed2b-45fd-86bd-c8225e41f2c6 [50234]
O61 - LFC: 18/06/2013 - 17:12:42 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [80949]
O61 - LFC: 18/06/2013 - 17:16:46 ---A- C:\Documents and Settings\Mouton\Recent\AdwCleaner[S2].txt.lnk [523]
O61 - LFC: 18/06/2013 - 17:17:54 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\blocklist.xml [65991]
O61 - LFC: 18/06/2013 - 17:19:57 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\addons.sqlite [589824]
O61 - LFC: 18/06/2013 - 17:19:59 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\extensions.sqlite [524288]
O61 - LFC: 18/06/2013 - 18:06:27 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\saved-telemetry-pings\0ecb6971-f1f4-4437-a075-abb5134397fd [80675]
O61 - LFC: 18/06/2013 - 22:42:43 ---A- C:\Documents and Settings\Mouton\Recent\mbam-log-2013-06-18 (18-21-49).txt.lnk [603]
O61 - LFC: 18/06/2013 - 22:45:47 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\content-prefs.sqlite [28672]
O61 - LFC: 18/06/2013 - 22:45:47 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\saved-telemetry-pings\ada6bbff-ad3f-47ad-8a76-c3a5f8092a06 [66056]
O61 - LFC: 18/06/2013 - 23:02:13 ---A- C:\Documents and Settings\Mouton\Recent\ZHPDiag.txt.lnk [486]
O61 - LFC: 18/06/2013 - 23:17:09 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\saved-telemetry-pings\52254e49-45fd-45a1-b0b2-704969246fa0 [74809]
O61 - LFC: 18/06/2013 - 23:17:10 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\bookmarkbackups\bookmarks-2013-06-19.json [26075]
O61 - LFC: 18/06/2013 - 23:32:02 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\saved-telemetry-pings\2006241a-1960-4494-b2e6-bbd3f1a8494d [55167]
O61 - LFC: 18/06/2013 - 23:56:18 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\saved-telemetry-pings\68e871ec-c88a-41e5-a41e-0f84765ffdc5 [54807]
O61 - LFC: 19/06/2013 - 00:06:46 ---A- C:\Documents and Settings\Mouton\Recent\New Text Document.txt.lnk [538]
O61 - LFC: 19/06/2013 - 00:21:16 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\saved-telemetry-pings\cc548ed6-036b-4c1f-8908-5f97b8fa315b [75010]
O61 - LFC: 19/06/2013 - 00:21:16 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\sessionstore.bak [165797]
O61 - LFC: 19/06/2013 - 09:54:22 -SHA- C:\Documents and Settings\Mouton\Application Data\Microsoft\Credentials\S-1-5-21-436374069-1788223648-725345543-1003\Credentials [1316]
O61 - LFC: 19/06/2013 - 09:54:22 -SHA- C:\Documents and Settings\Mouton\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-436374069-1788223648-725345543-1003\Credentials [21578]
O61 - LFC: 19/06/2013 - 09:56:54 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\parent.lock [0]
O61 - LFC: 19/06/2013 - 09:57:12 -SHA- C:\Documents and Settings\Mouton\IETldCache\index.dat [262144]
O61 - LFC: 19/06/2013 - 09:57:16 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\webapps\webapps.json [2]
O61 - LFC: 19/06/2013 - 09:57:25 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\ImTranslator\profile.imt [483]
O61 - LFC: 19/06/2013 - 09:57:34 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\urlclassifierkey3.txt [154]
O61 - LFC: 19/06/2013 - 10:03:11 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\adblockplus\elemhide.css [2434789]
O61 - LFC: 19/06/2013 - 13:00:43 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\signons.sqlite [99328]
O61 - LFC: 19/06/2013 - 13:14:15 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\webappsstore.sqlite [2588672]
O61 - LFC: 19/06/2013 - 13:38:44 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\startupCache\startupCache.4.little [1517470]
O61 - LFC: 19/06/2013 - 13:40:38 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\formhistory.sqlite [1080320]
O61 - LFC: 19/06/2013 - 13:48:09 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\cookies.sqlite [1048576]
O61 - LFC: 19/06/2013 - 13:48:11 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\saved-telemetry-pings\f6c4d695-defc-4b79-bb7c-89b8d6b3dec1 [84797]
O61 - LFC: 19/06/2013 - 13:48:13 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\dh-media-lists.rdf [520]
O61 - LFC: 19/06/2013 - 13:48:13 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\dh-smart-names.rdf [60617]
O61 - LFC: 19/06/2013 - 13:48:13 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\downloads.sqlite [98304]
O61 - LFC: 19/06/2013 - 13:48:13 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\healthreport.sqlite [1146880]
O61 - LFC: 19/06/2013 - 13:48:13 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\sessionstore.js [195456]
O61 - LFC: 19/06/2013 - 13:48:14 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\localstore.rdf [60140]
O61 - LFC: 19/06/2013 - 13:48:14 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\permissions.sqlite [5120]
O61 - LFC: 19/06/2013 - 13:48:14 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\places.sqlite [20971520]
O61 - LFC: 19/06/2013 - 13:48:14 ---A- C:\Documents and Settings\Mouton\Local Settings\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\_CACHE_CLEAN_ [1]
O61 - LFC: 19/06/2013 - 13:48:15 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\Telemetry.ShutdownTime.txt [6]
O61 - LFC: 19/06/2013 - 13:48:15 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\prefs.js [38008]
O61 - LFC: 19/06/2013 - 13:48:16 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\cert8.db [360448]
O61 - LFC: 19/06/2013 - 13:48:16 ---A- C:\Documents and Settings\Mouton\Application Data\Mozilla\Firefox\Profiles\bhl22nkz.default\key3.db [16384]
~ 11 Fichiers temporaires (Temporary files)
~ 4 Fichiers cookies (Cookies files)
~ Files: 1221 Legitimates Filtered in 00mn 09s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 30/08/2011 - C:\Program Files\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE
O64 - Services: CurCS - 17/04/2013 - C:\Program Files\Common Files\COMODO\launcher_service.exe (CLPSLauncher) .(.Comodo Security Solutions Inc. - livePCsupport launcher system service.) - LEGACY_CLPSLAUNCHER
O64 - Services: CurCS - 17/04/2013 - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe (GeekBuddyRSP) .(.Comodo Security Solutions, Inc. - GeekBuddy Remote Screen Protocol Server.) - LEGACY_GEEKBUDDYRSP
O64 - Services: CurCS - 22/11/2011 - C:\Program Files\Spyware Terminator\st_rsser.exe (ST2012_Svc) .(.Crawler.com - Spyware Terminator 2012 Realtime Shield Ser.) - LEGACY_ST2012_SVC
O64 - Services: CurCS - 14/05/2010 - C:\Program Files\Vodafone\Via The Phone\VodafoneConnectorService.exe (VodafoneConnectorService) .(.Vodafone Group - VodafoneConnectorService.) - LEGACY_VODAFONECONNECTORSERVICE
O64 - Services: CurCS - 09/11/2008 - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (YahooAUService) .(.Yahoo! Inc. - AutoUpater Service Module.) - LEGACY_YAHOOAUSERVICE
~ Legacy: 175 Legitimates Filtered in 00mn 03s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Adobe Systems, Inc. - Adobe Dreamweaver CS5.) -- C:\Program Files\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe
~ FASS Keys: 17 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {8A244612-A1F7-11E0-95C0-E71F4824019B} - (Web Search) - http://search.certified-toolbar.com =>PUP.CertifiedToolbar
O69 - SBI: SearchScopes [HKCU] {B536885E-5BD9-4199-8B26-76CD4C25AD07} - (Live Search) - http://search.live.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.33798C860C211501B04B795BA915A8F4] [SPRF][15/06/2012] (...) -- C:\Documents and Settings\Mouton\Local Settings\Application Data\fusioncache.dat [129]
[MD5.73709547A3B136DE4FCFDE3EF78C1B8F] [SPRF][14/12/2012] (...) -- C:\Documents and Settings\Mouton\Application Data\PnkBstrK.sys [138056]
[MD5.83462636B733B8C345E0499140E3531E] [SPRF][10/01/2013] (...) -- C:\Documents and Settings\Mouton\Desktop\cc_20130110_063009.reg [315402]
[MD5.EB2543728CED96CAFFC60D252FF8AB92] [SPRF][18/06/2013] (.Swearware - ComboFix NSIS Installer.) -- C:\Documents and Settings\Mouton\Desktop\mouton.exe [5081021]
[MD5.4EBAADDE48169D9C149FF5C57FA2CE86] [SPRF][15/10/2011] (...) -- C:\Documents and Settings\Mouton\Desktop\RobotClic.exe [131072]
[MD5.FBD3701C6FA07A4D896E6ED786D9142E] [SPRF][19/06/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\Mouton\Desktop\ZHPDiag2(1).exe [5680617]
[MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll [24576]
[MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe [196608]
[MD5.5095D657B76B7F782A9F626273170A79] [SPRF][22/02/2011] (.Adobe Systems, Inc. - Adobe� Flash� Player Installer/Uninstaller 10.2 r152.) -- C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [2871968]
[MD5.B8F39C9E0F0B71E454DBA431CF3B99C9] [SPRF][11/08/2005] (.Macrovision Corporation - InstallShield Update Service Web Agent.) -- C:\WINDOWS\Downloaded Program Files\isusweb.dll [417792]
~ Files: Scanned in 00mn 00s
---\\ Scan Additionnel (O88)
Database Version : v2.12511 - (18/06/2013)
Cl�s trouv�es (Keys found) : 9
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 0
Fichiers trouv�s (Files found) : 0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F6E720A-1A6B-40E1-A294-1D4D19F156C8}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKLM\Software\Classes\setup.player] =>Spyware.MarketScore
[HKLM\Software\Classes\setup.player.2k2] =>Spyware.MarketScore
[HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\HssSrv] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{b0439fd3-8f96-400d-9515-eb8122ee1f21}_is1] =>Toolbar.Agent
~ Additionnel Scan: 422950 Items scanned in 00mn 14s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "0C6A1EC07F3F6E94F8D942139F284714" . (.Guitar Hero III.) -- C:\WINDOWS\Installer\{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}\ARPPRODUCTICON.exe
O90 - PUC: "0FDBBA955E1EFA8458BF5F320AC84309" . (.STREET FIGHTER IV.) -- C:\WINDOWS\Installer\{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}\ARPPRODUCTICON.exe
O90 - PUC: "B6BB246AD1AC2414D84D13C8F3D38C43" . (.Rome - Total War(TM).) -- C:\WINDOWS\Installer\{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}\ARPPRODUCTICON.exe
O90 - PUC: "C99998047BC6D9F42A6FBD51D8FB19BF" . (.Rome - Total War(TM).) -- C:\WINDOWS\Installer\{4089999C-6CB7-4F9D-A2F6-DB158DBF91FB}\ARPPRODUCTICON.exe
~ Update Products: 111 Legitimates Filtered in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 12/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 19/05/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe
SR - | Auto 19/05/2013 110816 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 09/10/2011 55144 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 17/04/2013 70344 | (CLPSLauncher) . (.Comodo Security Solutions Inc..) - C:\Program Files\Common Files\COMODO\launcher_service.exe
SR - | Auto 11/03/2012 1983232 | (cmdAgent) . (.COMODO.) - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
SS - | Demand 14/04/2008 224768 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 12/12/2011 122000 | (EpsonScanSvc) . (.Seiko Epson Corporation.) - C:\WINDOWS\system32\EscSvc.exe
SR - | Auto 27/02/2012 142432 | (EPSON_PM_RPCV4_05) . (.SEIKO EPSON CORPORATION.) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.exe
SR - | Auto 22/12/2009 217088 | (FsUsbExService) . (.Teruten.) - C:\WINDOWS\system32\FsUsbExService.exe
SR - | Auto 17/04/2013 1851088 | (GeekBuddyRSP) . (.Comodo Security Solutions, Inc..) - C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
SS - | Demand 14/04/2008 14336 | C:\Program Files\NOS\bin\getPlus_Helper.dll (getPlusHelper) . (.NOS Microsystems Ltd..) - C:\WINDOWS\system32\svchost.exe
SS - | Auto 02/09/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 02/09/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 09/10/2011 821608 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 16/05/2013 181664 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SR - | Auto 04/05/2012 88688 | (KaraokeService) . (.VIA Technologies, Inc..) - C:\WINDOWS\system32\KaraokeSer.exe
SS - | Demand 01/10/2012 295224 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
SR - | Auto 65536 | (Logitech Easy Synchronization) . (...) - C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
SR - | Auto 15/05/2013 755536 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Documents and Settings\Mouton\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Documents and Settings\Mouton\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 22/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 71096 | (NMSAccessU) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe
SR - | Auto 29/12/2012 157112 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SS - | Auto 29/12/2012 1260472 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 29/09/2004 69632 | (Pml Driver HPZ12) . (.HP.) - C:\WINDOWS\system32\HPZipm12.exe
SR - | Auto 76888 | (PnkBstrA) . (...) - C:\WINDOWS\system32\PnkBstrA.exe
SR - | Auto 189072 | (PnkBstrB) . (...) - C:\WINDOWS\system32\PnkBstrB.exe
SS - | Demand 11/11/2008 620544 | (ServiceLayer) . (.Nokia..) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 03/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SR - | Auto 22/11/2011 482992 | (ST2012_Svc) . (.Crawler.com.) - C:\Program Files\Spyware Terminator\st_rsser.exe
SR - | Auto 14/05/2010 233472 | (VodafoneConnectorService) . (.Vodafone Group.) - C:\Program Files\Vodafone\Via The Phone\VodafoneConnectorService.exe
SR - | Auto 09/11/2008 602392 | (YahooAUService) . (.Yahoo! Inc..) - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
~ Services: Scanned in 00mn 00s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Mouton at 19/06/2013 14:55:56
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spdp.sys >>UNKNOWN [0x8B376938]<<
spdp.sys
1 ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\Harddisk0\DR0[0x8B31AAB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Mouton at 19/06/2013 14:55:58
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 2729 Legitimates filtered by white list
End of the scan (826 lines in 03mn 42s)(0)