Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.6.19.29 par Nicolas Coolman, Update du 18/06/2013
Run by Laptiteblonde at 22/06/2013 08:53:11
WebSite: http://nicolascoolman.webs.com
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Not Found
---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 21.0 (Defaut)
GCIE: Google Chrome v27.0.1453.116
OPIE: Opera v12.15
OBIE: Safari v5.34.57.2
---\\ Windows Product Information
~ Langage: Fran�ais
Windows XP Home Edition Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ System Protection
Kaspersky Anti-Virus 2013 v13.0.1.4190
Malwarebytes Anti-Malware version 1.75.0.1300
Spybot - Search & Destroy v2.1.19
---\\ System Optimizer
CCleaner v4.02 =>Piriform Ltd
Slowin' Killer - Outil d'optimisation pour Windows v1.3
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 Plugin
Java 7 Update 21
---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046.4 MB (69% free)
System Restore: Activ� (Enable)
System drive C: has 79 GB (33%) free of 233 GB
---\\ Logged in mode
~ Computer Name: HOME-91528EAD9E
~ User Name: Laptiteblonde
~ All Users Names: SUPPORT_388945a0, Laptiteblonde, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Laptiteblonde\Application Data\
~ %Desktop% : C:\Documents and Settings\Laptiteblonde\Bureau\
~ %Favorites% : C:\Documents and Settings\Laptiteblonde\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Laptiteblonde\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 79 Go of 233 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Floppy drive, Flash card reader, USB Key (Free 6 Go of 7 Go)
---\\ Security Center & Tools Informations
~ Security Center: 29 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.DD11A997125B22963CE49A95F7E32034] - (.Microsoft Corporation - Internet Extensions for Win32.) (.07/05/2013 - 23:28:27.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/04/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.14/04/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/171
~ Mes musiques (My Musics) : 1/123
~ Mes Videos (My Videos) : 1/6
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 1/23588
~ Mon Bureau (My Desktop) : 0/16605
~ Menu demarrer (Programs) : 0/69
~ Hidden Files: Scanned in 00mn 34s
---\\ Processus lanc�s
[MD5.CC9275DB74AD57AC0C3EE823F9922298] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 190.3.) -- C:\WINDOWS\system32\nvsvc32.exe [168004] [PID.356]
[MD5.B7822EA8D11717D1FE27295EAFF3E2CE] - (.Broadcom Corporation. - Bluetooth Support Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [266295] [PID.792]
[MD5.7A805CE3682BE4B811B17205B640DD1F] - (.Privacyware/PWI, Inc. - Privatefirewall Network Service.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600] [PID.1320]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1692]
[MD5.587EFD6A3A30A35A27904D21AE1FB882] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376] [PID.1708]
[MD5.01A24B415926BB5F772DBE12459D97DE] - (.Microsoft Corporation. - BingBar Service.) -- C:\Program Files\Microsoft\BingBar\BBSvc.exe [196176] [PID.1748]
[MD5.D3F9205CC4CB07553F2F9472C767EA87] - (.Teruten - FsUsbDevice.) -- C:\WINDOWS\system32\FsUsbExService.exe [233472] [PID.428]
[MD5.5739F2821D49975CEDE6BF0153D0CF01] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [181664] [PID.552]
[MD5.69C494AE77EC2CFC31FD4B0D7AB6F24A] - (.CybelSoft - Service de d�tection mat�riel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [1777488] [PID.660]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.704]
[MD5.E155E09229624C69A1A6609C0CB3641F] - (.Ralink Technology, Corp. - RalinkRegistryWriter.) -- C:\Program Files\Ralink\Common\RaRegistry.exe [185632] [PID.736]
[MD5.95AA9E165C7DE1B64A11E8B18E91E499] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560] [PID.760]
[MD5.E83EAC7ACFE228AFE518FFD6459CE5FF] - (.Privacyware/PWI, Inc. - Privatefirewall 7.0 Application.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe [3011400] [PID.2764]
[MD5.D72D08898E2BA14B8FD6E9533C714385] - (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files\FileHippo.com\UpdateChecker.exe [307712] [PID.2820]
[MD5.44BA6701B36DE1F6C0661E732080ADCF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7521280] [PID.3892]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\eaesr6o7.default\prefs.js (.not file.)
C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\prefs.js
C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\zgvlj5cs.Utilisateur par défaut\prefs.js (.not file.)
C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\zgvlj5cs.Utilisateur par d�faut\prefs.js (.not file.)
M0 - MFSP: prefs.js [Laptiteblonde - i0vdqtuy.fanny] http://www.maxisciences.com
M2 - MFEP: prefs.js [Laptiteblonde - i0vdqtuy.fanny\{3d7eb24f-2740-49df-8937-200b1cc08f8a}] [] Flashblock v1.5.17 (..)
P2 - FPN:Firefox Plugin Navigator . (.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Mozilla Firefox\Plugins\npchime.dll
~ Firefox Browser: 32 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 01s
~ Nombre de lignes (Lines number): 30464
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corp. - Microsoft Search Helper Extention.) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
~ BHO: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: EPSON Web-To-Page - [HKLM]{EE5D279F-081B-4404-994D-C6B60AAEBA6D} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
O4 - HKLM\..\Run: [Privatefirewall] . (.Privacyware/PWI, Inc. - Privatefirewall 7.0 Application.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [KernelFaultCheck] Cl� orpheline
O4 - HKCU\..\Run: [FileHippo.com] . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
O4 - HKUS\S-1-5-21-861567501-1085031214-839522115-1004\..\Run: [FileHippo.com] . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}\AppleSoftwareUpdateIco.exe
O4 - GS\Programs: Ava Find.lnk . (...) -- C:\WINDOWS\Installer\{909577E9-BFB5-48E2-8237-71DCA373F147}\_4ae13d6c.exe
O4 - GS\Programs: Belarc Advisor.lnk . (.Belarc, Inc. - Belarc Advisor and BelMonitor Client Discov.) -- C:\Program Files\Belarc\Advisor\System\NPBelv32.dll
O4 - GS\Programs: Driver Detective.lnk . (.Macrovision Corporation - InstallShield.) -- C:\WINDOWS\Installer\{621C02EA-AAFF-4026-A903-165D59529A16}\DriversHQ.DriverDe_212B77217E284373BD0AA155B0932A89.exe
O4 - GS\Programs: EA Download Manager.lnk . (.Electronic Arts - EA Download Manager.) -- C:\Program Files\Electronic Arts\EADM\Core.exe
O4 - GS\Programs: ILoveENGLISH.lnk . (...) -- C:\Program Files\ILoveENGLISH\ILoveENGLISH.exe
O4 - GS\Programs: Microsoft Baseline Security Analyzer 2.2.lnk . (.Microsoft Corporation - Microsoft Baseline Security Analyzer.) -- C:\Program Files\Microsoft Baseline Security Analyzer 2\mbsa.exe
O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Programs: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\opera.exe
O4 - GS\Programs: Paint.NET.lnk . (.dotPDN LLC - Paint.NET.) -- C:\Program Files\Paint.NET\PaintDotNet.exe
O4 - GS\Programs: Safari.lnk . (...) -- C:\WINDOWS\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\Programs: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - GS\Programs: Windows Search.lnk . (.Microsoft Corporation - Windows Search System Tray.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - GS\QuickLaunch: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\QuickLaunch: System Scan.lnk . (.Safer-Networking Ltd. - Malware Scanner.) -- C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
O4 - GS\Programs: Assistance � distance.lnk . (.Microsoft Corporation - Assistance � distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: eduMap.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\eduMap\eduMap.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - GS\Programs: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) -- C:\Program Files\PrivaZer\PrivaZer.exe
O4 - GS\Programs: Update Checker.lnk . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files\filehippo.com\UpdateChecker.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
~ Global Startup: Scanned in 00mn 00s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier virtuel - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\kbrd.ico
O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Analyse des liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Internet Explorer Plugins (O12)
O12 - Plugin for .csm .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
~ IE Extra Buttons: 18 Legitimates Filtered in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: CabBuilder (CabBuilder) - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} ((no name)) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} ((no name)) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340796359625
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} ((no name)) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} ((no name)) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ((no name)) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAB6C0CF-E121-42E0-A282-D4CA821E014C}: NameServer = 178.33.41.181,88.191.223.122
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDB9682E-18E4-4E64-9AF4-8A0C40265C1C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{BAB6C0CF-E121-42E0-A282-D4CA821E014C}: NameServer = 178.33.41.181,88.191.223.122
O17 - HKLM\System\CS1\Services\Tcpip\..\{CDB9682E-18E4-4E64-9AF4-8A0C40265C1C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{BAB6C0CF-E121-42E0-A282-D4CA821E014C}: NameServer = 178.33.41.181,88.191.223.122
O17 - HKLM\System\CS3\Services\Tcpip\..\{CDB9682E-18E4-4E64-9AF4-8A0C40265C1C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SDWinLogon . (...) -- SDWinLogon.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Privacyware network service (PFNet) . (.Privacyware/PWI, Inc. - Privatefirewall Network Service.) - C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) . (.Ralink Technology, Corp. - RalinkRegistryWriter.) - C:\Program Files\Ralink\Common\RaRegistry.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 14 Legitimates Filtered in 00mn 04s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ BootExecute (O34)
O34 - HKLM BootExecute: (autocheck AUTONTFS C: PAGE=KEEP DIRS=NONE MFT=MIN) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (BANTExt) . (...) - C:\WINDOWS\system32\Drivers\BANTExt.sys
O41 - Driver: (MagicTune) . (.Samsung Electronics, Inc. - MagicTunePremium Driver.) - C:\WINDOWS\system32\drivers\MTiCtwl.sys
O41 - Driver: (sp_rsdrv2) . (...) - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
~ Drivers: 81 Legitimates Filtered in 00mn 00s
---\\ Logiciels install�s (O42)
O42 - Logiciel: AnglaisFacile.com - Planet English - (...) [HKLM] -- afplanet
O42 - Logiciel: ILoveENGLISH - (.Tribal Nova Inc.) [HKLM] -- {69AB3560-67C1-BFD7-5FA9-5FD6A0793246}
O42 - Logiciel: Les Pi�ges de la Route - (.ApportMedia.) [HKLM] -- {A6CCAC7D-C490-45AE-B867-667A4469576A}
O42 - Logiciel: Les�Sims��2 Au�fil�des�saisons - (...) [HKLM] -- {DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}
O42 - Logiciel: Privatefirewall 7.0 - (.PWI, Inc..) [HKLM] -- {E8EA933E-03A2-4E62-9F52-812C72BE2A6B}
O42 - Logiciel: Simulateur de conduite 3D - (...) [HKLM] -- Simulateur de conduite 3D
O42 - Logiciel: eduMap - (.Fyrd.) [HKCU] -- eduMap
~ Logic: 173 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\18 Wheels of Steel Haulin]
[HKCU\Software\OPTX]
[HKCU\Software\PWI, Inc.]
[HKLM\Software\KarjaSoft]
[HKLM\Software\PWI, Inc.]
~ Key Software: 312 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 05/04/2010 - 12:32:13 - [343.100] ----D C:\Program Files\18 Wheels of Steel Haulin
O43 - CFD: 05/04/2010 - 12:32:14 - [2.189] ----D C:\Program Files\AnglaisFacile.com
O43 - CFD: 27/05/2013 - 22:00:10 - [2.243] ----D C:\Program Files\AvaFind
O43 - CFD: 05/09/2010 - 16:13:40 - [0.241] ----D C:\Program Files\Bonjour(2)
O43 - CFD: 25/04/2011 - 13:43:14 - [5.085] ----D C:\Program Files\ILoveENGLISH
O43 - CFD: 17/01/2010 - 20:55:10 - [480.114] ----D C:\Program Files\Les_Pieges_de_la_Route
O43 - CFD: 31/08/2011 - 16:34:53 - [0.000] ----D C:\Program Files\NSpireTextEditor
O43 - CFD: 05/04/2010 - 12:33:22 - [0.035] ----D C:\Program Files\PMSystem
O43 - CFD: 11/06/2013 - 09:26:29 - [5.253] ----D C:\Program Files\Privacyware
O43 - CFD: 09/09/2009 - 23:14:14 - [22.420] ----D C:\Program Files\Utilitaire de configuration iPhone
O43 - CFD: 11/01/2009 - 15:17:44 - [0.043] ----D C:\Program Files\Fichiers communs\KnifeEdge
O43 - CFD: 16/06/2010 - 11:37:37 - [0] --H-D C:\Documents and Settings\All Users\AVP11
O43 - CFD: 14/08/2011 - 13:20:06 - [2.940] ----D C:\Documents and Settings\All Users\RNDIS
O43 - CFD: 13/06/2013 - 09:47:31 - [21.098] ----D C:\Documents and Settings\Laptiteblonde\Application Data\AvaFind Data
O43 - CFD: 25/04/2011 - 13:43:18 - [0.917] ----D C:\Documents and Settings\Laptiteblonde\Application Data\bamEnglish.08AE7BFC096D057FBA48C7E4F898C35F7FA11BBA.1
O43 - CFD: 23/11/2008 - 21:49:38 - [0.458] ----D C:\Documents and Settings\Laptiteblonde\Application Data\Mostick
O43 - CFD: 04/03/2010 - 22:37:48 - [3.615] ----D C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\eduMap
O43 - CFD: 23/11/2008 - 21:49:38 - [1.080] ----D C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mostick
O43 - CFD: 04/04/2013 - 07:54:20 - [0] ----D C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Privatefirewall
O43 - CFD: 21/11/2009 - 16:11:05 - [0.006] ----D C:\Documents and Settings\Laptiteblonde\Menu D�marrer\Programmes\18 Wheels of Steel Haulin
O43 - CFD: 27/09/2008 - 13:06:00 - [0.003] ----D C:\Documents and Settings\Laptiteblonde\Menu D�marrer\Programmes\AnglaisFacile.com
O43 - CFD: 17/01/2010 - 21:02:46 - [0.005] ----D C:\Documents and Settings\Laptiteblonde\Menu D�marrer\Programmes\Les Pi�ges de la Route
~ Program Folder: 279 Legitimates Filtered in 00mn 20s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/06/2013 - 07:48:52 ---A- . (...) -- C:\WINDOWS\jv16PT_temp.tmp [0]
O44 - LFC:[MD5.E33EBA6400EAA5CCF0237DC3EB2E3997] - 22/06/2013 - 07:37:14 ---A- . (...) -- C:\WINDOWS\system32\NvApps.xml [131150]
O44 - LFC:[MD5.DC0D8FCE51D025594A8473EA96C6814E] - 22/06/2013 - 07:37:10 ----- . (...) -- C:\WINDOWS\wiadebug.log [315]
O44 - LFC:[MD5.CC6C6038B752713D24CD94F459764060] - 22/06/2013 - 07:37:09 ----- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 18/06/2013 - 11:48:57 ---A- . (...) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.9818318017509F7778B8D869A00FF623] - 18/06/2013 - 11:48:57 ---A- . (...) -- C:\WINDOWS\win.ini [696]
O44 - LFC:[MD5.944F9CA807FE9E1095FA894D5A7B018A] - 11/06/2013 - 08:26:35 ---A- . (.Privacyware/PWI, Inc. - pwipf6.) -- C:\WINDOWS\system32\Drivers\pwipf6.sys [135272]
O44 - LFC:[MD5.0C5B4548738AFAB48370C589A094083E] - 11/06/2013 - 08:26:30 ---A- . (...) -- C:\WINDOWS\ODBC.INI [504]
~ Files: 19 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.36FC42A0873D5562E26140C50288C74B] - 22/06/2013 - 07:48:52 ---A- - C:\WINDOWS\Prefetch\JV16PT.EXE-2E23EE72.pf
~ Prefetcher: 18 Legitimates Filtered in 00mn 00s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{55c0a5ba-9c1d-11dd-b158-001f1f05ec27}\AutoRun\command. (...) -- D:\start.exe (.not file.)
O51 - MPSK:{59204133-99b5-11e0-ad4f-001f1f05ec27}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.)
O51 - MPSK:{650cda8d-82af-11e0-b86b-001f1f05ec27}\AutoRun\command - Cl� orpheline
O51 - MPSK:{d9c805b4-cff3-11dd-b20e-001f1f05ec27}\AutoRun\command - Cl� orpheline
O51 - MPSK:{f51b4944-7aa3-11e2-aaac-001f1f05ec27}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\AvaFind [Key] . (.Think Less Do More Services - Ava Find.) -- C:\Program Files\AvaFind\AvaFind.exe
O53 - SMSR:HKLM\...\startupreg\Glary Memory Optimizer [Key] . (.Glarysoft Ltd - Memory Optimizer.) -- C:\Program Files\Glary Utilities\memdefrag.exe
O53 - SMSR:HKLM\...\startupreg\MagicTuneLauncher [Key] . (...) -- C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe
~ SMSR Keys: 42 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnablELUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
~ MWPS: 11 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.91F3DF93F40A74D222CD166FE95DB633] - 31/01/2012 - 13:37:25 ---A- . (.Meetinghouse Data Communications - IEEE 802.1X Protocol Driver.) -- C:\WINDOWS\system32\Drivers\AegisP.sys [21275]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 01/05/2008 - 09:26:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\EPUTY287.EX_ [56323]
O61 - LFC: 06/10/2008 - 05:02:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S9X0F7.DA_ [1377]
O61 - LFC: 06/10/2008 - 05:02:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S9X0G7.DA_ [1377]
O61 - LFC: 06/10/2008 - 05:02:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S9X3F7.DA_ [1398]
O61 - LFC: 06/10/2008 - 05:02:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S9X3G7.DA_ [1398]
O61 - LFC: 07/01/2008 - 04:04:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S40RN7.EX_ [83444]
O61 - LFC: 09/02/2007 - 02:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_DP130E.DA_ [129]
O61 - LFC: 10/03/2009 - 03:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_DPPE06.EX_ [100737]
O61 - LFC: 11/01/2007 - 03:02:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S40RP7.EX_ [59293]
O61 - LFC: 12/09/2008 - 00:11:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\EREGISTR.EX_ [222821]
O61 - LFC: 13/12/2007 - 05:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S9I0F7.EX_ [95380]
O61 - LFC: 15/11/2007 - 04:02:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S40MT7.EX_ [88688]
O61 - LFC: 16/11/2007 - 07:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_DM1EAX.DA_ [382]
O61 - LFC: 17/12/2007 - 00:03:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_SIACS7.EX_ [83689]
O61 - LFC: 17/12/2007 - 03:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S40ST7.EX_ [74008]
O61 - LFC: 17/12/2007 - 05:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S9I0G7.EX_ [95380]
O61 - LFC: 19/06/2013 - 11:13:14 ---A- C:\Documents and Settings\Laptiteblonde\Menu D�marrer\Programmes\PrivaZer.lnk [1554]
O61 - LFC: 19/06/2013 - 11:13:14 ---A- C:\Documents and Settings\Laptiteblonde\Menu D�marrer\Programmes\PrivaZer\D�sinstaller PrivaZer.lnk [1624]
O61 - LFC: 19/06/2013 - 11:13:14 ---A- C:\Documents and Settings\Laptiteblonde\Menu D�marrer\Programmes\PrivaZer\PrivaZer.lnk [1560]
O61 - LFC: 19/06/2013 - 11:13:16 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\privazer\default.mo [113573]
O61 - LFC: 19/06/2013 - 11:13:16 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\privazer\sqlite3.dll [562072]
O61 - LFC: 19/06/2013 - 11:13:21 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\privazer\new_version.txt [284]
O61 - LFC: 19/06/2013 - 11:13:23 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\privazer\data_patch.tmp.doc.zip [301]
O61 - LFC: 19/06/2013 - 11:16:25 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\privazer\570000000000000000000_p.0x0 [7280]
O61 - LFC: 19/06/2013 - 11:23:58 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db [7168]
O61 - LFC: 20/06/2013 - 12:55:03 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\adblockplus-rules.json [365283]
O61 - LFC: 20/06/2013 - 12:56:01 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\extensions.sqlite [589824]
O61 - LFC: 20/06/2013 - 13:16:47 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\vlc\ml.xspf [304]
O61 - LFC: 20/06/2013 - 13:16:47 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\vlc\vlcrc [80082]
O61 - LFC: 20/06/2013 - 14:04:42 ---A- C:\Documents and Settings\Laptiteblonde\Mes documents\Fanny\Films.pptx [907544]
O61 - LFC: 20/06/2013 - 14:58:04 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\tasks.xml [431]
O61 - LFC: 20/06/2013 - 14:58:33 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\opthumb.dat [1268]
O61 - LFC: 20/06/2013 - 14:59:32 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\bookmarks.adr [271055]
O61 - LFC: 21/05/2009 - 06:05:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\EPUPDATE.EX_ [361988]
O61 - LFC: 21/06/2013 - 17:39:53 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\healthreport\lastpayload.json [19376]
O61 - LFC: 21/06/2013 - 17:41:24 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\cert8.db [131072]
O61 - LFC: 21/06/2013 - 17:41:24 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\key3.db [16384]
O61 - LFC: 21/06/2013 - 17:41:32 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\optrb.dat [0]
O61 - LFC: 21/06/2013 - 17:50:44 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Opera\Opera\mail\omailbase.dat [1024]
O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\opcacrt6.dat [39513]
O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\opcert6.dat [12]
O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\opicacrt6.dat [17223]
O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\oprand.dat [4096]
O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\opssl6.dat [12415]
O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\optrust.dat [12]
O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\opuntrust.dat [2746]
O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\webserver\users.xml [35]
O61 - LFC: 21/06/2013 - 19:11:00 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\pluginreg.dat [11177]
O61 - LFC: 21/06/2013 - 19:11:00 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\webapps\webapps.json [2]
O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\urlclassifierkey3.txt [154]
O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\test-malware-simple.cache [44]
O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\test-malware-simple.pset [16]
O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\test-malware-simple.sbstore [232]
O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\test-phish-simple.cache [44]
O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\test-phish-simple.pset [16]
O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\test-phish-simple.sbstore [232]
O61 - LFC: 21/06/2013 - 19:11:22 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\localstore.rdf [8347]
O61 - LFC: 21/06/2013 - 19:12:21 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\goog-malware-shavar.sbstore [1540725]
O61 - LFC: 21/06/2013 - 19:12:22 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\goog-malware-shavar.cache [12]
O61 - LFC: 21/06/2013 - 19:12:22 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\goog-malware-shavar.pset [843716]
O61 - LFC: 21/06/2013 - 19:12:22 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\goog-phish-shavar.cache [12]
O61 - LFC: 21/06/2013 - 19:12:22 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\goog-phish-shavar.pset [934386]
O61 - LFC: 21/06/2013 - 19:12:22 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\goog-phish-shavar.sbstore [808968]
O61 - LFC: 21/06/2013 - 19:17:05 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\adblockplus\elemhide.css [2287368]
O61 - LFC: 21/06/2013 - 19:17:05 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\addons.sqlite [524288]
O61 - LFC: 21/06/2013 - 19:17:05 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\addons.sqlite-journal [393824]
O61 - LFC: 21/06/2013 - 19:19:02 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\blocklist.xml [67085]
O61 - LFC: 21/06/2013 - 19:23:17 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\_CACHE_CLEAN_ [1]
O61 - LFC: 21/06/2013 - 19:35:10 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\prefs.js [39504]
O61 - LFC: 21/06/2013 - 19:45:02 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\permissions.sqlite [1835008]
O61 - LFC: 21/06/2013 - 21:19:14 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\Sans nom 1.odt [10285]
O61 - LFC: 22/06/2013 - 07:36:57 -SHA- C:\Documents and Settings\Laptiteblonde\Application Data\Microsoft\Credentials\S-1-5-21-861567501-1085031214-839522115-1004\Credentials [372]
O61 - LFC: 22/06/2013 - 07:36:57 -SHA- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-861567501-1085031214-839522115-1004\Credentials [394]
O61 - LFC: 22/06/2013 - 07:46:00 -SHA- C:\Documents and Settings\Laptiteblonde\UserData\index.dat [16384]
O61 - LFC: 22/06/2013 - 07:47:14 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\cookies.sqlite [524288]
O61 - LFC: 22/06/2013 - 07:47:14 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\cookies4.dat [13]
O61 - LFC: 22/06/2013 - 07:47:25 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\healthreport.sqlite [1146880]
O61 - LFC: 22/06/2013 - 07:47:58 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\places.sqlite [10485760]
O61 - LFC: 22/06/2013 - 07:47:59 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Google\Chrome\User Data\Default\History [90112]
O61 - LFC: 22/06/2013 - 07:48:00 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data [75776]
O61 - LFC: 22/06/2013 - 07:52:42 -SHA- C:\Documents and Settings\Laptiteblonde\IETldCache\index.dat [262144]
O61 - LFC: 23/04/2009 - 23:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\EPUPDATE.DA_ [52316]
O61 - LFC: 24/02/2009 - 13:38:04 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_DUPA30.EX_ [148616]
O61 - LFC: 28/11/2007 - 00:15:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\SAGENT4.EX_ [58285]
~ 2 Fichiers cookies (Cookies files)
~ Files: 115 Legitimates Filtered in 00mn 21s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 27/02/2008 - Pas de propri�taire (BANTExt) .(...) - LEGACY_BANTEXT
O64 - Services: CurCS - 14/01/2013 - C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe (PFNet) .(.Privacyware/PWI, Inc. - Privatefirewall Network Service.) - LEGACY_PFNET
O64 - Services: CurCS - 22/08/2009 - Pas de propri�taire (RivaTuner32) .(...) - LEGACY_RIVATUNER32
O64 - Services: CurCS - 14/01/2010 - C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys (RtNdPt5x) .(.Realtek Semiconductor Corporation - Realtek NDIS Protocol Driver.) - LEGACY_RTNDPT5X
O64 - Services: CurCS - 16/05/2013 - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (SDScannerService) .(.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) - LEGACY_SDSCANNERSERVICE
O64 - Services: CurCS - 16/05/2013 - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (SDUpdateService) .(.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) - LEGACY_SDUPDATESERVICE
O64 - Services: CurCS - 15/05/2013 - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (SDWSCService) .(.Safer-Networking Ltd. - Windows Security Center integration..) - LEGACY_SDWSCSERVICE
O64 - Services: CurCS - 25/11/2012 - C:\Program Files\System Explorer\service\SystemExplorerService.exe (SystemExplorerHelpService) .(.Mister Group - System Explorer Service.) - LEGACY_SYSTEMEXPLORERHELPSERVICE
O64 - Services: CurCS - 27/09/2008 - C:\WINDOWS\system32\DRIVERS\TVICHW32.sys (TVICHW32) .(.EnTech Taiwan - TVicHW32 Driver for Windows NT/2000/XP.) - LEGACY_TVICHW32
~ Legacy: 191 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\Opera.exe
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files\Safari\Safari.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {B743A3D0-AE37-4912-B0BE-0A75459F192F} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.ECA231E339A24B911C5D19B5ED2F34D9] [SPRF][20/02/2011] (...) -- C:\Documents and Settings\Laptiteblonde\Application Data\Sys2662.Config.Repository.bin [22]
[MD5.C61C8F7975B7F7902D09F9516B25D7F9] [SPRF][01/07/2012] (.Robert Simpson, et al. - System.Data.SQLite Interop Assembly.) -- C:\Documents and Settings\Laptiteblonde\Application Data\System.Data.SQLite.dll [773632]
[MD5.E81A437C97058756E88C622E8892D022] [SPRF][19/04/2012] (...) -- C:\Documents and Settings\Laptiteblonde\Application Data\Windows1569_SettingsRepository.bin [22]
[MD5.4EF33D516F31BEB1C9847D1FDA69375C] [SPRF][11/06/2013] (...) -- C:\Documents and Settings\Laptiteblonde\Bureau\adwcleaner.exe [648201]
[MD5.09A3F926C400C29B3CF04FD15A0D8DEA] [SPRF][17/06/2013] (.Oleg N. Scherbakov - 7z Setup SFX.) -- C:\Documents and Settings\Laptiteblonde\Bureau\JRT.exe [545954]
[MD5.10F4163F0EDDC031100180787D5F696F] [SPRF][16/06/2013] (.Microsoft Corporation - Microsoft� Fix it.) -- C:\Documents and Settings\Laptiteblonde\Bureau\MicrosoftFixit.maintenance.FISC.31294812429167579.2.1.Run.exe [347424]
[MD5.0A9990EAEBD2C8C3B3BC25BFB4D02BC3] [SPRF][02/05/2013] (.Microsoft Corporation - Windows Live Installer.) -- C:\Documents and Settings\Laptiteblonde\Bureau\wlsetup-web.exe [1247056]
~ Files: Scanned in 00mn 00s
---\\ Scan Additionnel (O88)
Database Version : v2.12520 - (18/06/2013)
Cl�s trouv�es (Keys found) : 2
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 1
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4089055-D468-45A4-A6BA-5A138DD715FC}] =>Toolbar.Agent
[HKLM\Software\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}] =>Toolbar.ToolBand
C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\eaesr6o7.default\Extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433} =>PUP.Datamngr
~ Additionnel Scan: 404903 Items scanned in 00mn 22s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "1BFA45AF547598348B1CF9579076E21D" . (.Utilitaire de configuration iPhone.) -- C:\WINDOWS\Installer\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}\iPCU.ico
O90 - PUC: "5509804B864D4A546AABA531D87D51CF" . (.Bing Bar.) -- C:\WINDOWS\Installer\{B4089055-D468-45A4-A6BA-5A138DD715FC}\icon_installer_ico
O90 - PUC: "68AB67CA7DA73301B7449A0100000010" . (..) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A91000000001}\SC_Reader.ico
O90 - PUC: "68AB67CA7DA746454382090000000040" . (..) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-5464-3428-900000000004}\ARPPRODUCTICON.exe
O90 - PUC: "90D0C47E03784174C8F610F9FBF7B124" . (.SketchUp 2013.) -- C:\WINDOWS\Installer\{E74C0D09-8730-4714-8C6F-019FBF7F1B42}\SketchUpARPIcon
O90 - PUC: "B77536FE5FC05684B916823B52D0A671" . (.OSAM: Online Solutions Autorun Manager v5.0.) -- C:\WINDOWS\Installer\{EF63577B-0CF5-4865-9B61-28B3250D6A17}\setup.ico
~ Update Products: 116 Legitimates Filtered in 00mn 00s
---\\ MyComputer Name Space (O92)
O92 - MNS: Ava Find - {d1099d29-fe45-462e-b8c3-10a97e827b7a}
O92 - MNS: Ava Find - {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}
~ MNS: 4 Legitimates Filtered in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 13/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 17/11/2012 356376 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
SS - | Auto 21/10/2011 196176 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe
SS - | Auto 13/10/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe
SR - | Auto 29/11/2006 266295 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 31/03/2009 233472 | (FsUsbExService) . (.Teruten.) - C:\WINDOWS\system32\FsUsbExService.exe
SS - | Auto 03/02/2009 133104 | (gupdate1c985fcd83bae54) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 03/02/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 15/05/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 18/04/2013 181664 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SS - | Demand 08/02/2013 295664 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Fichiers communs\LogiShrd\Bluetooth\lbtserv.exe
SR - | Auto 09/06/2013 1777488 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SS - | Demand 16/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 14/07/2009 168004 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 14/01/2013 374600 | (PFNet) . (.Privacyware/PWI, Inc..) - C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
SR - | Auto 14/07/2009 185632 | (RalinkRegistryWriter) . (.Ralink Technology, Corp..) - C:\Program Files\Ralink\Common\RaRegistry.exe
SR - | Auto 16/05/2013 1817560 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
SS - | Auto 16/05/2013 1033688 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
SS - | Auto 15/05/2013 171928 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 14/01/2009 226656 | (SeaPort) . (.Microsoft Corp..) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SS - | Disabled 07/04/2008 430592 | (ServiceLayer) . (.Nokia..) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 07/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 25/11/2012 567256 | (SystemExplorerHelpService) . (.Mister Group.) - C:\Program Files\System Explorer\service\SystemExplorerService.exe
~ Services: Scanned in 00mn 00s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Laptiteblonde at 22/06/2013 08:56:20
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xB80E8000]<< >>UNKNOWN [0xB80D8000]<< >>UNKNOWN [0xB7E5D000]<< >>UNKNOWN [0x806E5000]<< >>UNKNOWN [0xB78F3000]<< >>UNKNOWN [0xB7E8C000]<< >>UNKNOWN [0xB8670000]<< >>UNKNOWN [0xB8328000]<<
1 ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\Harddisk0\DR0[0x8A7DEAB8]
\Driver\Disk[0x8A86DA20] >> IRP_MJ_CREATE >> 0xB80EEBB0
3 [0xB80E8FD7] >> ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\0000007e[0x8A7DF9E8]
5 [0xB7E63620] >> ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\Ide\IdeDeviceP4T0L0-12[0x8A7DFD98]
\Driver\atapi[0x8A8AB240] >> IRP_MJ_CREATE >> 0xB78FCB40
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo >> 0xB78FA864
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
~ MBR: 20 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Laptiteblonde at 22/06/2013 08:56:22
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 1516 Legitimates filtered by white list
End of the scan (697 lines in 03mn 10s)(0)
Run by Laptiteblonde at 22/06/2013 08:53:11
WebSite: http://nicolascoolman.webs.com
State : Version � jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Not Found
---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 21.0 (Defaut)
GCIE: Google Chrome v27.0.1453.116
OPIE: Opera v12.15
OBIE: Safari v5.34.57.2
---\\ Windows Product Information
~ Langage: Fran�ais
Windows XP Home Edition Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ System Protection
Kaspersky Anti-Virus 2013 v13.0.1.4190
Malwarebytes Anti-Malware version 1.75.0.1300
Spybot - Search & Destroy v2.1.19
---\\ System Optimizer
CCleaner v4.02 =>Piriform Ltd
Slowin' Killer - Outil d'optimisation pour Windows v1.3
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 Plugin
Java 7 Update 21
---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2046.4 MB (69% free)
System Restore: Activ� (Enable)
System drive C: has 79 GB (33%) free of 233 GB
---\\ Logged in mode
~ Computer Name: HOME-91528EAD9E
~ User Name: Laptiteblonde
~ All Users Names: SUPPORT_388945a0, Laptiteblonde, HelpAssistant, ASPNET, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Documents and Settings\Laptiteblonde\Application Data\
~ %Desktop% : C:\Documents and Settings\Laptiteblonde\Bureau\
~ %Favorites% : C:\Documents and Settings\Laptiteblonde\Favoris\
~ %LocalAppData% : C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Laptiteblonde\Menu D�marrer\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 79 Go of 233 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Floppy drive, Flash card reader, USB Key (Free 6 Go of 7 Go)
---\\ Security Center & Tools Informations
~ Security Center: 29 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 - 03:34:03.) -- C:\WINDOWS\Explorer.exe [1037824]
[MD5.DD11A997125B22963CE49A95F7E32034] - (.Microsoft Corporation - Internet Extensions for Win32.) (.07/05/2013 - 23:28:27.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 - 03:34:28.) -- C:\WINDOWS\system32\Winlogon.exe [512000]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 - 19:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/04/2008 - 20:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/04/2008 - 19:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 02:57:38.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/04/2008 - 17:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 03:00:52.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/04/2008 - 19:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/04/2008 - 19:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/04/2008 - 20:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/04/2008 - 20:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 - 20:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/04/2008 - 03:09:40.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/04/2008 - 20:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/04/2008 - 19:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.14/04/2008 - 02:57:34.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752]
[MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.14/04/2008 - 02:56:04.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 1/171
~ Mes musiques (My Musics) : 1/123
~ Mes Videos (My Videos) : 1/6
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 1/23588
~ Mon Bureau (My Desktop) : 0/16605
~ Menu demarrer (Programs) : 0/69
~ Hidden Files: Scanned in 00mn 34s
---\\ Processus lanc�s
[MD5.CC9275DB74AD57AC0C3EE823F9922298] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 190.3.) -- C:\WINDOWS\system32\nvsvc32.exe [168004] [PID.356]
[MD5.B7822EA8D11717D1FE27295EAFF3E2CE] - (.Broadcom Corporation. - Bluetooth Support Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [266295] [PID.792]
[MD5.7A805CE3682BE4B811B17205B640DD1F] - (.Privacyware/PWI, Inc. - Privatefirewall Network Service.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600] [PID.1320]
[MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1692]
[MD5.587EFD6A3A30A35A27904D21AE1FB882] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376] [PID.1708]
[MD5.01A24B415926BB5F772DBE12459D97DE] - (.Microsoft Corporation. - BingBar Service.) -- C:\Program Files\Microsoft\BingBar\BBSvc.exe [196176] [PID.1748]
[MD5.D3F9205CC4CB07553F2F9472C767EA87] - (.Teruten - FsUsbDevice.) -- C:\WINDOWS\system32\FsUsbExService.exe [233472] [PID.428]
[MD5.5739F2821D49975CEDE6BF0153D0CF01] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Program Files\Java\jre7\bin\jqs.exe [181664] [PID.552]
[MD5.69C494AE77EC2CFC31FD4B0D7AB6F24A] - (.CybelSoft - Service de d�tection mat�riel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [1777488] [PID.660]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.704]
[MD5.E155E09229624C69A1A6609C0CB3641F] - (.Ralink Technology, Corp. - RalinkRegistryWriter.) -- C:\Program Files\Ralink\Common\RaRegistry.exe [185632] [PID.736]
[MD5.95AA9E165C7DE1B64A11E8B18E91E499] - (.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560] [PID.760]
[MD5.E83EAC7ACFE228AFE518FFD6459CE5FF] - (.Privacyware/PWI, Inc. - Privatefirewall 7.0 Application.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe [3011400] [PID.2764]
[MD5.D72D08898E2BA14B8FD6E9533C714385] - (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files\FileHippo.com\UpdateChecker.exe [307712] [PID.2820]
[MD5.44BA6701B36DE1F6C0661E732080ADCF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7521280] [PID.3892]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, D�marrage,Recherche,Extensions (G0,G1,G2)
C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\eaesr6o7.default\prefs.js (.not file.)
C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\prefs.js
C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\zgvlj5cs.Utilisateur par défaut\prefs.js (.not file.)
C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\zgvlj5cs.Utilisateur par d�faut\prefs.js (.not file.)
M0 - MFSP: prefs.js [Laptiteblonde - i0vdqtuy.fanny] http://www.maxisciences.com
M2 - MFEP: prefs.js [Laptiteblonde - i0vdqtuy.fanny\{3d7eb24f-2740-49df-8937-200b1cc08f8a}] [] Flashblock v1.5.17 (..)
P2 - FPN:Firefox Plugin Navigator . (.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Mozilla Firefox\Plugins\npchime.dll
~ Firefox Browser: 32 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 01s
~ Nombre de lignes (Lines number): 30464
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} . (.Microsoft Corp. - Microsoft Search Helper Extention.) -- C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
~ BHO: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: EPSON Web-To-Page - [HKLM]{EE5D279F-081B-4404-994D-C6B60AAEBA6D} . (.SEIKO EPSON CORPORATION - EPSON Web-To-Page.) -- C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - [HKLM]{9421DD08-935F-4701-A9CA-22DF90AC4EA6} . (.SEIKO EPSON CORPORATION / CyCom Technology - Epson Easy Photo Print (TBL).) -- C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
O4 - HKLM\..\Run: [Privatefirewall] . (.Privacyware/PWI, Inc. - Privatefirewall 7.0 Application.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll
O4 - HKLM\..\Run: [KernelFaultCheck] Cl� orpheline
O4 - HKCU\..\Run: [FileHippo.com] . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
O4 - HKUS\S-1-5-21-861567501-1085031214-839522115-1004\..\Run: [FileHippo.com] . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}\AppleSoftwareUpdateIco.exe
O4 - GS\Programs: Ava Find.lnk . (...) -- C:\WINDOWS\Installer\{909577E9-BFB5-48E2-8237-71DCA373F147}\_4ae13d6c.exe
O4 - GS\Programs: Belarc Advisor.lnk . (.Belarc, Inc. - Belarc Advisor and BelMonitor Client Discov.) -- C:\Program Files\Belarc\Advisor\System\NPBelv32.dll
O4 - GS\Programs: Driver Detective.lnk . (.Macrovision Corporation - InstallShield.) -- C:\WINDOWS\Installer\{621C02EA-AAFF-4026-A903-165D59529A16}\DriversHQ.DriverDe_212B77217E284373BD0AA155B0932A89.exe
O4 - GS\Programs: EA Download Manager.lnk . (.Electronic Arts - EA Download Manager.) -- C:\Program Files\Electronic Arts\EADM\Core.exe
O4 - GS\Programs: ILoveENGLISH.lnk . (...) -- C:\Program Files\ILoveENGLISH\ILoveENGLISH.exe
O4 - GS\Programs: Microsoft Baseline Security Analyzer 2.2.lnk . (.Microsoft Corporation - Microsoft Baseline Security Analyzer.) -- C:\Program Files\Microsoft Baseline Security Analyzer 2\mbsa.exe
O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Programs: Opera.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Program Files\Opera\opera.exe
O4 - GS\Programs: Paint.NET.lnk . (.dotPDN LLC - Paint.NET.) -- C:\Program Files\Paint.NET\PaintDotNet.exe
O4 - GS\Programs: Safari.lnk . (...) -- C:\WINDOWS\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe
O4 - GS\Programs: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - GS\Programs: Windows Search.lnk . (.Microsoft Corporation - Windows Search System Tray.) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - GS\QuickLaunch: Spybot-S&D Start Center.lnk . (.Safer-Networking Ltd. - Start Center.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
O4 - GS\QuickLaunch: System Scan.lnk . (.Safer-Networking Ltd. - Malware Scanner.) -- C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
O4 - GS\Programs: Assistance � distance.lnk . (.Microsoft Corporation - Assistance � distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - GS\Programs: eduMap.lnk . (.Opera Software - Opera Internet Browser.) -- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\eduMap\eduMap.exe
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe
O4 - GS\Programs: PrivaZer.lnk . (.Goversoft LLC - PrivaZer.) -- C:\Program Files\PrivaZer\PrivaZer.exe
O4 - GS\Programs: Update Checker.lnk . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files\filehippo.com\UpdateChecker.exe
O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
~ Global Startup: Scanned in 00mn 00s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Clavier virtuel - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\kbrd.ico
O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: Analyse des liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Internet Explorer Plugins (O12)
O12 - Plugin for .csm .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spt .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz .(.MDL Information Systems, Inc (Elsevier MDL) - MDL� Chime Pro 2.6 SP7.) -- C:\Program Files\Internet Explorer\Plugins\npchime.dll
~ IE Extra Buttons: 18 Legitimates Filtered in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: CabBuilder (CabBuilder) - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} ((no name)) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} ((no name)) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ((no name)) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340796359625
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} ((no name)) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} ((no name)) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} ((no name)) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAB6C0CF-E121-42E0-A282-D4CA821E014C}: NameServer = 178.33.41.181,88.191.223.122
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDB9682E-18E4-4E64-9AF4-8A0C40265C1C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{BAB6C0CF-E121-42E0-A282-D4CA821E014C}: NameServer = 178.33.41.181,88.191.223.122
O17 - HKLM\System\CS1\Services\Tcpip\..\{CDB9682E-18E4-4E64-9AF4-8A0C40265C1C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{BAB6C0CF-E121-42E0-A282-D4CA821E014C}: NameServer = 178.33.41.181,88.191.223.122
O17 - HKLM\System\CS3\Services\Tcpip\..\{CDB9682E-18E4-4E64-9AF4-8A0C40265C1C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent r�seau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: klogon . (.Kaspersky Lab ZAO - Logon Visualizer.) -- C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: LBTWlgn . (.Logitech, Inc. - Logitech Bluetooth Service.) -- c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SDWinLogon . (...) -- SDWinLogon.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de r�ception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: Privacyware network service (PFNet) . (.Privacyware/PWI, Inc. - Privatefirewall Network Service.) - C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) . (.Ralink Technology, Corp. - RalinkRegistryWriter.) - C:\Program Files\Ralink\Common\RaRegistry.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) . (.Safer-Networking Ltd. - Windows Security Center integration..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 14 Legitimates Filtered in 00mn 04s
---\\ Enum�ration Active Desktop & MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ BootExecute (O34)
O34 - HKLM BootExecute: (autocheck AUTONTFS C: PAGE=KEEP DIRS=NONE MFT=MIN) - File not found
~ BEX: 2 Legitimates Filtered in 00mn 00s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (BANTExt) . (...) - C:\WINDOWS\system32\Drivers\BANTExt.sys
O41 - Driver: (MagicTune) . (.Samsung Electronics, Inc. - MagicTunePremium Driver.) - C:\WINDOWS\system32\drivers\MTiCtwl.sys
O41 - Driver: (sp_rsdrv2) . (...) - C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
~ Drivers: 81 Legitimates Filtered in 00mn 00s
---\\ Logiciels install�s (O42)
O42 - Logiciel: AnglaisFacile.com - Planet English - (...) [HKLM] -- afplanet
O42 - Logiciel: ILoveENGLISH - (.Tribal Nova Inc.) [HKLM] -- {69AB3560-67C1-BFD7-5FA9-5FD6A0793246}
O42 - Logiciel: Les Pi�ges de la Route - (.ApportMedia.) [HKLM] -- {A6CCAC7D-C490-45AE-B867-667A4469576A}
O42 - Logiciel: Les�Sims��2 Au�fil�des�saisons - (...) [HKLM] -- {DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}
O42 - Logiciel: Privatefirewall 7.0 - (.PWI, Inc..) [HKLM] -- {E8EA933E-03A2-4E62-9F52-812C72BE2A6B}
O42 - Logiciel: Simulateur de conduite 3D - (...) [HKLM] -- Simulateur de conduite 3D
O42 - Logiciel: eduMap - (.Fyrd.) [HKCU] -- eduMap
~ Logic: 173 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\18 Wheels of Steel Haulin]
[HKCU\Software\OPTX]
[HKCU\Software\PWI, Inc.]
[HKLM\Software\KarjaSoft]
[HKLM\Software\PWI, Inc.]
~ Key Software: 312 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 05/04/2010 - 12:32:13 - [343.100] ----D C:\Program Files\18 Wheels of Steel Haulin
O43 - CFD: 05/04/2010 - 12:32:14 - [2.189] ----D C:\Program Files\AnglaisFacile.com
O43 - CFD: 27/05/2013 - 22:00:10 - [2.243] ----D C:\Program Files\AvaFind
O43 - CFD: 05/09/2010 - 16:13:40 - [0.241] ----D C:\Program Files\Bonjour(2)
O43 - CFD: 25/04/2011 - 13:43:14 - [5.085] ----D C:\Program Files\ILoveENGLISH
O43 - CFD: 17/01/2010 - 20:55:10 - [480.114] ----D C:\Program Files\Les_Pieges_de_la_Route
O43 - CFD: 31/08/2011 - 16:34:53 - [0.000] ----D C:\Program Files\NSpireTextEditor
O43 - CFD: 05/04/2010 - 12:33:22 - [0.035] ----D C:\Program Files\PMSystem
O43 - CFD: 11/06/2013 - 09:26:29 - [5.253] ----D C:\Program Files\Privacyware
O43 - CFD: 09/09/2009 - 23:14:14 - [22.420] ----D C:\Program Files\Utilitaire de configuration iPhone
O43 - CFD: 11/01/2009 - 15:17:44 - [0.043] ----D C:\Program Files\Fichiers communs\KnifeEdge
O43 - CFD: 16/06/2010 - 11:37:37 - [0] --H-D C:\Documents and Settings\All Users\AVP11
O43 - CFD: 14/08/2011 - 13:20:06 - [2.940] ----D C:\Documents and Settings\All Users\RNDIS
O43 - CFD: 13/06/2013 - 09:47:31 - [21.098] ----D C:\Documents and Settings\Laptiteblonde\Application Data\AvaFind Data
O43 - CFD: 25/04/2011 - 13:43:18 - [0.917] ----D C:\Documents and Settings\Laptiteblonde\Application Data\bamEnglish.08AE7BFC096D057FBA48C7E4F898C35F7FA11BBA.1
O43 - CFD: 23/11/2008 - 21:49:38 - [0.458] ----D C:\Documents and Settings\Laptiteblonde\Application Data\Mostick
O43 - CFD: 04/03/2010 - 22:37:48 - [3.615] ----D C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\eduMap
O43 - CFD: 23/11/2008 - 21:49:38 - [1.080] ----D C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mostick
O43 - CFD: 04/04/2013 - 07:54:20 - [0] ----D C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Privatefirewall
O43 - CFD: 21/11/2009 - 16:11:05 - [0.006] ----D C:\Documents and Settings\Laptiteblonde\Menu D�marrer\Programmes\18 Wheels of Steel Haulin
O43 - CFD: 27/09/2008 - 13:06:00 - [0.003] ----D C:\Documents and Settings\Laptiteblonde\Menu D�marrer\Programmes\AnglaisFacile.com
O43 - CFD: 17/01/2010 - 21:02:46 - [0.005] ----D C:\Documents and Settings\Laptiteblonde\Menu D�marrer\Programmes\Les Pi�ges de la Route
~ Program Folder: 279 Legitimates Filtered in 00mn 20s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 22/06/2013 - 07:48:52 ---A- . (...) -- C:\WINDOWS\jv16PT_temp.tmp [0]
O44 - LFC:[MD5.E33EBA6400EAA5CCF0237DC3EB2E3997] - 22/06/2013 - 07:37:14 ---A- . (...) -- C:\WINDOWS\system32\NvApps.xml [131150]
O44 - LFC:[MD5.DC0D8FCE51D025594A8473EA96C6814E] - 22/06/2013 - 07:37:10 ----- . (...) -- C:\WINDOWS\wiadebug.log [315]
O44 - LFC:[MD5.CC6C6038B752713D24CD94F459764060] - 22/06/2013 - 07:37:09 ----- . (...) -- C:\WINDOWS\wiaservc.log [50]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 18/06/2013 - 11:48:57 ---A- . (...) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.9818318017509F7778B8D869A00FF623] - 18/06/2013 - 11:48:57 ---A- . (...) -- C:\WINDOWS\win.ini [696]
O44 - LFC:[MD5.944F9CA807FE9E1095FA894D5A7B018A] - 11/06/2013 - 08:26:35 ---A- . (.Privacyware/PWI, Inc. - pwipf6.) -- C:\WINDOWS\system32\Drivers\pwipf6.sys [135272]
O44 - LFC:[MD5.0C5B4548738AFAB48370C589A094083E] - 11/06/2013 - 08:26:30 ---A- . (...) -- C:\WINDOWS\ODBC.INI [504]
~ Files: 19 Legitimates Filtered in 00mn 01s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.36FC42A0873D5562E26140C50288C74B] - 22/06/2013 - 07:48:52 ---A- - C:\WINDOWS\Prefetch\JV16PT.EXE-2E23EE72.pf
~ Prefetcher: 18 Legitimates Filtered in 00mn 00s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{55c0a5ba-9c1d-11dd-b158-001f1f05ec27}\AutoRun\command. (...) -- D:\start.exe (.not file.)
O51 - MPSK:{59204133-99b5-11e0-ad4f-001f1f05ec27}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.)
O51 - MPSK:{650cda8d-82af-11e0-b86b-001f1f05ec27}\AutoRun\command - Cl� orpheline
O51 - MPSK:{d9c805b4-cff3-11dd-b20e-001f1f05ec27}\AutoRun\command - Cl� orpheline
O51 - MPSK:{f51b4944-7aa3-11e2-aaac-001f1f05ec27}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\AvaFind [Key] . (.Think Less Do More Services - Ava Find.) -- C:\Program Files\AvaFind\AvaFind.exe
O53 - SMSR:HKLM\...\startupreg\Glary Memory Optimizer [Key] . (.Glarysoft Ltd - Memory Optimizer.) -- C:\Program Files\Glary Utilities\memdefrag.exe
O53 - SMSR:HKLM\...\startupreg\MagicTuneLauncher [Key] . (...) -- C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe
~ SMSR Keys: 42 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnablELUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
~ MWPS: 11 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.91F3DF93F40A74D222CD166FE95DB633] - 31/01/2012 - 13:37:25 ---A- . (.Meetinghouse Data Communications - IEEE 802.1X Protocol Driver.) -- C:\WINDOWS\system32\Drivers\AegisP.sys [21275]
O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 02/03/2006 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 01/05/2008 - 09:26:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\EPUTY287.EX_ [56323]
O61 - LFC: 06/10/2008 - 05:02:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S9X0F7.DA_ [1377]
O61 - LFC: 06/10/2008 - 05:02:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S9X0G7.DA_ [1377]
O61 - LFC: 06/10/2008 - 05:02:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S9X3F7.DA_ [1398]
O61 - LFC: 06/10/2008 - 05:02:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S9X3G7.DA_ [1398]
O61 - LFC: 07/01/2008 - 04:04:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S40RN7.EX_ [83444]
O61 - LFC: 09/02/2007 - 02:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_DP130E.DA_ [129]
O61 - LFC: 10/03/2009 - 03:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_DPPE06.EX_ [100737]
O61 - LFC: 11/01/2007 - 03:02:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S40RP7.EX_ [59293]
O61 - LFC: 12/09/2008 - 00:11:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\EREGISTR.EX_ [222821]
O61 - LFC: 13/12/2007 - 05:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S9I0F7.EX_ [95380]
O61 - LFC: 15/11/2007 - 04:02:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S40MT7.EX_ [88688]
O61 - LFC: 16/11/2007 - 07:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_DM1EAX.DA_ [382]
O61 - LFC: 17/12/2007 - 00:03:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_SIACS7.EX_ [83689]
O61 - LFC: 17/12/2007 - 03:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S40ST7.EX_ [74008]
O61 - LFC: 17/12/2007 - 05:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_S9I0G7.EX_ [95380]
O61 - LFC: 19/06/2013 - 11:13:14 ---A- C:\Documents and Settings\Laptiteblonde\Menu D�marrer\Programmes\PrivaZer.lnk [1554]
O61 - LFC: 19/06/2013 - 11:13:14 ---A- C:\Documents and Settings\Laptiteblonde\Menu D�marrer\Programmes\PrivaZer\D�sinstaller PrivaZer.lnk [1624]
O61 - LFC: 19/06/2013 - 11:13:14 ---A- C:\Documents and Settings\Laptiteblonde\Menu D�marrer\Programmes\PrivaZer\PrivaZer.lnk [1560]
O61 - LFC: 19/06/2013 - 11:13:16 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\privazer\default.mo [113573]
O61 - LFC: 19/06/2013 - 11:13:16 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\privazer\sqlite3.dll [562072]
O61 - LFC: 19/06/2013 - 11:13:21 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\privazer\new_version.txt [284]
O61 - LFC: 19/06/2013 - 11:13:23 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\privazer\data_patch.tmp.doc.zip [301]
O61 - LFC: 19/06/2013 - 11:16:25 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\privazer\570000000000000000000_p.0x0 [7280]
O61 - LFC: 19/06/2013 - 11:23:58 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db [7168]
O61 - LFC: 20/06/2013 - 12:55:03 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\adblockplus-rules.json [365283]
O61 - LFC: 20/06/2013 - 12:56:01 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\extensions.sqlite [589824]
O61 - LFC: 20/06/2013 - 13:16:47 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\vlc\ml.xspf [304]
O61 - LFC: 20/06/2013 - 13:16:47 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\vlc\vlcrc [80082]
O61 - LFC: 20/06/2013 - 14:04:42 ---A- C:\Documents and Settings\Laptiteblonde\Mes documents\Fanny\Films.pptx [907544]
O61 - LFC: 20/06/2013 - 14:58:04 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\tasks.xml [431]
O61 - LFC: 20/06/2013 - 14:58:33 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\opthumb.dat [1268]
O61 - LFC: 20/06/2013 - 14:59:32 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\bookmarks.adr [271055]
O61 - LFC: 21/05/2009 - 06:05:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\EPUPDATE.EX_ [361988]
O61 - LFC: 21/06/2013 - 17:39:53 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\healthreport\lastpayload.json [19376]
O61 - LFC: 21/06/2013 - 17:41:24 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\cert8.db [131072]
O61 - LFC: 21/06/2013 - 17:41:24 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\key3.db [16384]
O61 - LFC: 21/06/2013 - 17:41:32 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\optrb.dat [0]
O61 - LFC: 21/06/2013 - 17:50:44 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Opera\Opera\mail\omailbase.dat [1024]
O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\opcacrt6.dat [39513]
O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\opcert6.dat [12]
O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\opicacrt6.dat [17223]
O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\oprand.dat [4096]
O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\opssl6.dat [12415]
O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\optrust.dat [12]
O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\opuntrust.dat [2746]
O61 - LFC: 21/06/2013 - 17:50:45 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\webserver\users.xml [35]
O61 - LFC: 21/06/2013 - 19:11:00 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\pluginreg.dat [11177]
O61 - LFC: 21/06/2013 - 19:11:00 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\webapps\webapps.json [2]
O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\urlclassifierkey3.txt [154]
O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\test-malware-simple.cache [44]
O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\test-malware-simple.pset [16]
O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\test-malware-simple.sbstore [232]
O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\test-phish-simple.cache [44]
O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\test-phish-simple.pset [16]
O61 - LFC: 21/06/2013 - 19:11:06 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\test-phish-simple.sbstore [232]
O61 - LFC: 21/06/2013 - 19:11:22 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\localstore.rdf [8347]
O61 - LFC: 21/06/2013 - 19:12:21 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\goog-malware-shavar.sbstore [1540725]
O61 - LFC: 21/06/2013 - 19:12:22 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\goog-malware-shavar.cache [12]
O61 - LFC: 21/06/2013 - 19:12:22 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\goog-malware-shavar.pset [843716]
O61 - LFC: 21/06/2013 - 19:12:22 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\goog-phish-shavar.cache [12]
O61 - LFC: 21/06/2013 - 19:12:22 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\goog-phish-shavar.pset [934386]
O61 - LFC: 21/06/2013 - 19:12:22 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\safebrowsing\goog-phish-shavar.sbstore [808968]
O61 - LFC: 21/06/2013 - 19:17:05 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\adblockplus\elemhide.css [2287368]
O61 - LFC: 21/06/2013 - 19:17:05 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\addons.sqlite [524288]
O61 - LFC: 21/06/2013 - 19:17:05 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\addons.sqlite-journal [393824]
O61 - LFC: 21/06/2013 - 19:19:02 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\blocklist.xml [67085]
O61 - LFC: 21/06/2013 - 19:23:17 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\_CACHE_CLEAN_ [1]
O61 - LFC: 21/06/2013 - 19:35:10 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\prefs.js [39504]
O61 - LFC: 21/06/2013 - 19:45:02 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\permissions.sqlite [1835008]
O61 - LFC: 21/06/2013 - 21:19:14 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\Sans nom 1.odt [10285]
O61 - LFC: 22/06/2013 - 07:36:57 -SHA- C:\Documents and Settings\Laptiteblonde\Application Data\Microsoft\Credentials\S-1-5-21-861567501-1085031214-839522115-1004\Credentials [372]
O61 - LFC: 22/06/2013 - 07:36:57 -SHA- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-861567501-1085031214-839522115-1004\Credentials [394]
O61 - LFC: 22/06/2013 - 07:46:00 -SHA- C:\Documents and Settings\Laptiteblonde\UserData\index.dat [16384]
O61 - LFC: 22/06/2013 - 07:47:14 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\cookies.sqlite [524288]
O61 - LFC: 22/06/2013 - 07:47:14 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Opera\Opera\cookies4.dat [13]
O61 - LFC: 22/06/2013 - 07:47:25 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\healthreport.sqlite [1146880]
O61 - LFC: 22/06/2013 - 07:47:58 ---A- C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\i0vdqtuy.fanny\places.sqlite [10485760]
O61 - LFC: 22/06/2013 - 07:47:59 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Google\Chrome\User Data\Default\History [90112]
O61 - LFC: 22/06/2013 - 07:48:00 ---A- C:\Documents and Settings\Laptiteblonde\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data [75776]
O61 - LFC: 22/06/2013 - 07:52:42 -SHA- C:\Documents and Settings\Laptiteblonde\IETldCache\index.dat [262144]
O61 - LFC: 23/04/2009 - 23:00:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\EPUPDATE.DA_ [52316]
O61 - LFC: 24/02/2009 - 13:38:04 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\E_DUPA30.EX_ [148616]
O61 - LFC: 28/11/2007 - 00:15:00 ---A- C:\Documents and Settings\Laptiteblonde\Bureau\pilotes imprimante et scannr EPSON\2\WINVISTA_XP_2K\SAGENT4.EX_ [58285]
~ 2 Fichiers cookies (Cookies files)
~ Files: 115 Legitimates Filtered in 00mn 21s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - 27/02/2008 - Pas de propri�taire (BANTExt) .(...) - LEGACY_BANTEXT
O64 - Services: CurCS - 14/01/2013 - C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe (PFNet) .(.Privacyware/PWI, Inc. - Privatefirewall Network Service.) - LEGACY_PFNET
O64 - Services: CurCS - 22/08/2009 - Pas de propri�taire (RivaTuner32) .(...) - LEGACY_RIVATUNER32
O64 - Services: CurCS - 14/01/2010 - C:\WINDOWS\system32\DRIVERS\RtNdPt5x.sys (RtNdPt5x) .(.Realtek Semiconductor Corporation - Realtek NDIS Protocol Driver.) - LEGACY_RTNDPT5X
O64 - Services: CurCS - 16/05/2013 - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (SDScannerService) .(.Safer-Networking Ltd. - Spybot-S&D 2 Scanner Service.) - LEGACY_SDSCANNERSERVICE
O64 - Services: CurCS - 16/05/2013 - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (SDUpdateService) .(.Safer-Networking Ltd. - Spybot-S&D 2 Background update service.) - LEGACY_SDUPDATESERVICE
O64 - Services: CurCS - 15/05/2013 - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (SDWSCService) .(.Safer-Networking Ltd. - Windows Security Center integration..) - LEGACY_SDWSCSERVICE
O64 - Services: CurCS - 25/11/2012 - C:\Program Files\System Explorer\service\SystemExplorerService.exe (SystemExplorerHelpService) .(.Mister Group - System Explorer Service.) - LEGACY_SYSTEMEXPLORERHELPSERVICE
O64 - Services: CurCS - 27/09/2008 - C:\WINDOWS\system32\DRIVERS\TVICHW32.sys (TVICHW32) .(.EnTech Taiwan - TVicHW32 Driver for Windows NT/2000/XP.) - LEGACY_TVICHW32
~ Legacy: 191 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {B743A3D0-AE37-4912-B0BE-0A75459F192F} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.ECA231E339A24B911C5D19B5ED2F34D9] [SPRF][20/02/2011] (...) -- C:\Documents and Settings\Laptiteblonde\Application Data\Sys2662.Config.Repository.bin [22]
[MD5.C61C8F7975B7F7902D09F9516B25D7F9] [SPRF][01/07/2012] (.Robert Simpson, et al. - System.Data.SQLite Interop Assembly.) -- C:\Documents and Settings\Laptiteblonde\Application Data\System.Data.SQLite.dll [773632]
[MD5.E81A437C97058756E88C622E8892D022] [SPRF][19/04/2012] (...) -- C:\Documents and Settings\Laptiteblonde\Application Data\Windows1569_SettingsRepository.bin [22]
[MD5.4EF33D516F31BEB1C9847D1FDA69375C] [SPRF][11/06/2013] (...) -- C:\Documents and Settings\Laptiteblonde\Bureau\adwcleaner.exe [648201]
[MD5.09A3F926C400C29B3CF04FD15A0D8DEA] [SPRF][17/06/2013] (.Oleg N. Scherbakov - 7z Setup SFX.) -- C:\Documents and Settings\Laptiteblonde\Bureau\JRT.exe [545954]
[MD5.10F4163F0EDDC031100180787D5F696F] [SPRF][16/06/2013] (.Microsoft Corporation - Microsoft� Fix it.) -- C:\Documents and Settings\Laptiteblonde\Bureau\MicrosoftFixit.maintenance.FISC.31294812429167579.2.1.Run.exe [347424]
[MD5.0A9990EAEBD2C8C3B3BC25BFB4D02BC3] [SPRF][02/05/2013] (.Microsoft Corporation - Windows Live Installer.) -- C:\Documents and Settings\Laptiteblonde\Bureau\wlsetup-web.exe [1247056]
~ Files: Scanned in 00mn 00s
---\\ Scan Additionnel (O88)
Database Version : v2.12520 - (18/06/2013)
Cl�s trouv�es (Keys found) : 2
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 1
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B4089055-D468-45A4-A6BA-5A138DD715FC}] =>Toolbar.Agent
[HKLM\Software\Classes\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}] =>Toolbar.ToolBand
C:\Documents and Settings\Laptiteblonde\Application Data\Mozilla\Firefox\Profiles\eaesr6o7.default\Extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433} =>PUP.Datamngr
~ Additionnel Scan: 404903 Items scanned in 00mn 22s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "1BFA45AF547598348B1CF9579076E21D" . (.Utilitaire de configuration iPhone.) -- C:\WINDOWS\Installer\{FA54AFB1-5745-4389-B8C1-9F7509672ED1}\iPCU.ico
O90 - PUC: "5509804B864D4A546AABA531D87D51CF" . (.Bing Bar.) -- C:\WINDOWS\Installer\{B4089055-D468-45A4-A6BA-5A138DD715FC}\icon_installer_ico
O90 - PUC: "68AB67CA7DA73301B7449A0100000010" . (..) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A91000000001}\SC_Reader.ico
O90 - PUC: "68AB67CA7DA746454382090000000040" . (..) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-5464-3428-900000000004}\ARPPRODUCTICON.exe
O90 - PUC: "90D0C47E03784174C8F610F9FBF7B124" . (.SketchUp 2013.) -- C:\WINDOWS\Installer\{E74C0D09-8730-4714-8C6F-019FBF7F1B42}\SketchUpARPIcon
O90 - PUC: "B77536FE5FC05684B916823B52D0A671" . (.OSAM: Online Solutions Autorun Manager v5.0.) -- C:\WINDOWS\Installer\{EF63577B-0CF5-4865-9B61-28B3250D6A17}\setup.ico
~ Update Products: 116 Legitimates Filtered in 00mn 00s
---\\ MyComputer Name Space (O92)
O92 - MNS: Ava Find - {d1099d29-fe45-462e-b8c3-10a97e827b7a}
O92 - MNS: Ava Find - {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}
~ MNS: 4 Legitimates Filtered in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 13/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 17/11/2012 356376 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
SS - | Auto 21/10/2011 196176 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files\Microsoft\BingBar\BBSvc.exe
SS - | Auto 13/10/2011 249648 | (BBUpdate) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\BingBar\SeaPort.exe
SR - | Auto 29/11/2006 266295 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
SS - | Demand 14/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SR - | Auto 31/03/2009 233472 | (FsUsbExService) . (.Teruten.) - C:\WINDOWS\system32\FsUsbExService.exe
SS - | Auto 03/02/2009 133104 | (gupdate1c985fcd83bae54) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 03/02/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 15/05/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 18/04/2013 181664 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Program Files\Java\jre7\bin\jqs.exe
SS - | Demand 08/02/2013 295664 | (LBTServ) . (.Logitech, Inc..) - C:\Program Files\Fichiers communs\LogiShrd\Bluetooth\lbtserv.exe
SR - | Auto 09/06/2013 1777488 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SS - | Demand 16/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 14/07/2009 168004 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 14/01/2013 374600 | (PFNet) . (.Privacyware/PWI, Inc..) - C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
SR - | Auto 14/07/2009 185632 | (RalinkRegistryWriter) . (.Ralink Technology, Corp..) - C:\Program Files\Ralink\Common\RaRegistry.exe
SR - | Auto 16/05/2013 1817560 | (SDScannerService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
SS - | Auto 16/05/2013 1033688 | (SDUpdateService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
SS - | Auto 15/05/2013 171928 | (SDWSCService) . (.Safer-Networking Ltd..) - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
SR - | Auto 14/01/2009 226656 | (SeaPort) . (.Microsoft Corp..) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SS - | Disabled 07/04/2008 430592 | (ServiceLayer) . (.Nokia..) - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 07/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 25/11/2012 567256 | (SystemExplorerHelpService) . (.Mister Group.) - C:\Program Files\System Explorer\service\SystemExplorerService.exe
~ Services: Scanned in 00mn 00s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Laptiteblonde at 22/06/2013 08:56:20
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xB80E8000]<< >>UNKNOWN [0xB80D8000]<< >>UNKNOWN [0xB7E5D000]<< >>UNKNOWN [0x806E5000]<< >>UNKNOWN [0xB78F3000]<< >>UNKNOWN [0xB7E8C000]<< >>UNKNOWN [0xB8670000]<< >>UNKNOWN [0xB8328000]<<
1 ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\Harddisk0\DR0[0x8A7DEAB8]
\Driver\Disk[0x8A86DA20] >> IRP_MJ_CREATE >> 0xB80EEBB0
3 [0xB80E8FD7] >> ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\0000007e[0x8A7DF9E8]
5 [0xB7E63620] >> ntkrnlpa!IofCallDriver[0x804EF200] >> \Device\Ide\IdeDeviceP4T0L0-12[0x8A7DFD98]
\Driver\atapi[0x8A8AB240] >> IRP_MJ_CREATE >> 0xB78FCB40
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo >> 0xB78FA864
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
~ MBR: 20 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Laptiteblonde at 22/06/2013 08:56:22
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 1516 Legitimates filtered by white list
End of the scan (697 lines in 03mn 10s)(0)