Rapport de ZHPDiag v2013.3.28.105 par Nicolas Coolman, Update du 28/03/2013 Run by Laurent at 29/03/2013 19:39:44 State : Version à jour. High Elevated Privileges : OK UAC : Deactivate by program ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 19.0.2 v19.0.2 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002) Windows Server License Manager Script : OK ~ Vista, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : MQ3CQ Windows License : OK Windows Automatic Updates : OK ---\\ System Information ~ Processor: x86 Family 6 Model 15 Stepping 6, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2046 MB (52% free) System Restore: Activé (Enable) System drive C: has 33 GB (23%) free of 141 GB ---\\ Logged in mode ~ Computer Name: LH-W895CQ9KIRKS ~ User Name: Laurent ~ All Users Names: Laurent, ASPNET, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\Laurent\AppData\Roaming\ ~ %Desktop% : C:\Users\Julien\Desktop\ ~ %Favorites% : C:\Users\Julien\Favorites\ ~ %LocalAppData% : C:\Users\Laurent\AppData\Local\ ~ %StartMenu% : C:\Users\Laurent\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 33 Go of 141 Go) D:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyComputer: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 - 07:27:36.) -- C:\Windows\Explorer.exe [2926592] [MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 - 08:33:37.) -- C:\Windows\System32\Wininit.exe [96768] [MD5.03728C624D05C2F157BBD46F6B7F6EA0] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.02/02/2013 - 04:30:21.) -- C:\Windows\System32\wininet.dll [1129472] [MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 - 07:28:13.) -- C:\Windows\System32\Winlogon.exe [314368] [MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\Windows\system32\Drivers\AFD.sys [273408] [MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 - 07:32:26.) -- C:\Windows\system32\Drivers\atapi.sys [19944] [MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.19/01/2008 - 06:28:02.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144] [MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/04/2009 - 05:39:17.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072] [MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\Windows\system32\Drivers\DfsC.sys [75264] [MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/04/2009 - 05:42:42.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152] [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.19/01/2008 - 06:49:18.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784] [MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.19/01/2008 - 06:56:28.) -- C:\Windows\system32\Drivers\IpNat.sys [100864] [MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496] [MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.11/04/2009 - 05:45:37.) -- C:\Windows\system32\Drivers\netBT.sys [185856] [MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/04/2009 - 07:32:49.) -- C:\Windows\system32\Drivers\ntfs.sys [1083880] [MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.19/01/2008 - 06:56:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288] [MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.02/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688] [MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.11/04/2009 - 05:45:22.) -- C:\Windows\system32\Drivers\smb.sys [66560] [MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.11/04/2009 - 05:45:56.) -- C:\Windows\system32\Drivers\tdx.sys [72192] [MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\Windows\system32\Drivers\volsnap.sys [224640] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 0/0 ~ Mes musiques (My Musics) : 9/4623 ~ Mes Videos (My Videos) : 1/56 ~ Mes Favoris (My Favorites) : 1/63 ~ Mes Documents (My Documents) : 1/409 ~ Mon Bureau (My Desktop) : 0/6 ~ Menu demarrer (Programs) : 1/35 ~ Hidden Files: Scanned in 00mn 04s ---\\ Processus lancés [MD5.0D392EDE3B97E0B3131B2F63EF1DB94E] - (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe [1008184] [PID.2576] [MD5.D96CDA05732F68C5FDB3C547C939C98A] - (.Microsoft Corporation - Gestionnaire pour appareils Windows Mobile.) -- C:\Windows\WindowsMobile\wmdc.exe [563080] [PID.2584] [MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe [0] [PID.3032] [MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4767304] [PID.3316] [MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe [125952] [PID.3356] [MD5.497F27E279C0F921E2130BB89C1CB5CA] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe [18705664] [PID.3396] [MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe [37376] [PID.3568] [MD5.BC9C9BE7BB74D629362608ACE470E7DA] - (.Microsoft Corporation - Notification de cadeaux MSN.) -- C:\Users\Laurent\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [135680] [PID.3788] [MD5.8911702CC546B76FE8F9C61987C68C43] - (.Microsoft Corporation - Internet Low-Mic Utility Tool.) -- C:\Program Files\Internet Explorer\IELowutil.exe [222720] [PID.4104] [MD5.DDE5A0DFAF7C6370FB36402D7A746ED3] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [757296] [PID.4844] [MD5.A854BC2D2AD9856F6B84C7870FF246D9] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe [706776] [PID.5304] [MD5.D54EAB26A6060E8A6318A947C8541B79] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6184448] [PID.5756] [MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe [69120] [PID.3988] [MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\Windows\system32\SLsvc.exe [3408896] [PID.1384] [MD5.41735B82DB57E4EBE9504EC400FD120E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248] [PID.1780] ~ Processes Running: Scanned in 00mn 01s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Laurent\AppData\Roaming\Mozilla\Firefox\Profiles\i8tkeogz.default\prefs.js M3 - MFPP: Plugins - [Laurent] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml M3 - MFPP: Plugins - [Laurent] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml M3 - MFPP: Plugins - [Laurent] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml M3 - MFPP: Plugins - [Laurent] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml M3 - MFPP: Plugins - [Laurent] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [Laurent] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml M3 - MFPP: Plugins - [Laurent] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml M0 - MFSP: prefs.js [Laurent - i8tkeogz.default] http://www.google.fr M2 - MFEP: prefs.js [Laurent - i8tkeogz.default\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}] [WOT] WOT v20130129 (.WOT Services Oy.) P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.6.) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll P2 - FPN: [HKLM] [@divx.com/DivX Browser Plugin,version=1.0.0] - (.DivX,Inc. - DivX® Web Player.) -- C:\Program Files\DivX\DivX Web Player\npdivx32.dll P2 - FPN: [HKLM] [@divx.com/DivX Content Upload Plugin,version=1.0.0] - (.DivX,Inc. - DivX® Content Upload Plugin.) -- C:\Program Files\DivX\DivX Content Uploader\npUpload.dll P2 - FPN: [HKLM] [@divx.com/DivX Player Plugin,version=1.0.0] - (.DivX, Inc - npdivxplayerplugin.) -- C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll P2 - FPN: [HKLM] [@java.com/DTPlugin,version=10.17.2] - (.Oracle Corporation - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Windows\system32\npDeployJava1.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin,version=10.17.2] - (.Oracle Corporation - Next Generation Java Plug-in 10.17.2 for Mozilla browsers.) -- C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll P2 - FPN: [HKLM] [@ma-config.com/HardwareDetection] - (.Cybelsoft - Plugin NPAPI Ma-Config.com # win # 6.5.1.1.) -- C:\Program Files\ma-config.com\nphardwaredetection.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.20125.0.) -- c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.5] - (.Microsoft Corp. - Office Live Update v1.5.) -- C:\Program Files\Microsoft\Office Live\npOLW.dll P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8081.0709] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.11.2105] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.11.2571] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.1739] - (.RealNetworks, Inc. - 6.0.12.1739.) -- C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.6.) -- C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll ~ Firefox Browser: Scanned in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape 10.1.6.) (No version) -- (.not file.) R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0 ~ IE Browser: Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} Clé orpheline O2 - BHO: IE AdBlock - {46B37057-5BA8-4014-B28D-6448FD171A3E} . (.CatenaLogic - Internet Explorer Browser Extension to bloc.) -- C:\Program Files\IE AdBlock\IE AdBlock.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} . (...) -- C:\Program Files\WOT\WOT.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre7\bin\jp2ssv.dll ~ BHO: Scanned in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: WOT - [HKLM]{71576546-354D-41c9-AAE8-31F2EC22BF0D} . (...) -- C:\Program Files\WOT\WOT.dll O3 - Toolbar: IE AdBlock - [HKLM]{BE1B1F92-AC2E-4AFB-BC9D-07FE272C1373} . (.CatenaLogic - Internet Explorer Browser Extension to bloc.) -- C:\Program Files\IE AdBlock\IE AdBlock.dll O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe O4 - HKLM\..\Run: [Windows Mobile-based device management] . (.Microsoft Corporation - Gestionnaire pour appareils Windows Mobile.) -- C:\Windows\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [NvSvc] . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 97.54.) -- C:\Windows\system32\nvsvc.dll O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [WindowsWelcomeCenter] oobefldr.dll O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll O4 - HKUS\S-1-5-21-3170817046-711842421-4265168336-1002\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-21-3170817046-711842421-4265168336-1002\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-21-3170817046-711842421-4265168336-1002\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - HKUS\S-1-5-21-3170817046-711842421-4265168336-1002\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Application de configuration du service Par.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-21-3170817046-711842421-4265168336-1002\..\Run: [WindowsWelcomeCenter] oobefldr.dll ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Programs: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\wlmail.exe O4 - GS\Programs: Windows Mail.lnk . (.Microsoft Corporation - Windows Mail.) -- C:\Program Files\Windows Mail\WinMail.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Microsoft Office Outlook.lnk . (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch: Nero Home.lnk . (.Nero AG - Nero Home.) -- C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe O4 - GS\QuickLaunch: Nero StartSmart.lnk . (.Nero AG - Nero StartSmart.) -- C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe O4 - GS\QuickLaunch: Snipping Tool.lnk . (.Microsoft Corporation - Outil Capture.) -- C:\Windows\System32\SnippingTool.exe O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SendTo: Assistant Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - GS\Desktop: eMule Plus.lnk . (...) -- C:\Program Files\eMule\eMule.exe (.not file.) O4 - GS\Desktop: LimeWire 5.1.4.lnk . (...) -- C:\Program Files\LimeWire\LimeWire.exe (.not file.) O4 - GS\Desktop: YesMessenger.lnk . (...) -- C:\Program Files\YesMessenger\YesMessenger.exe (.not file.) ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} . (.Microsoft Corporation - Synchronisation des favoris ActiveSync.) -- C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -- Clé orpheline O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) ~ Winsock: 7 Legitimates Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ((no name)) - http://fichiers2.touslesdrivers.com/maconfig/MaConfig_6_5_1_1.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{9854AD79-1BEE-46A8-A1E3-D86C42D58B40}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{BA809834-ED4F-4AF4-B768-5FDE45DC127F}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\..\{BA809834-ED4F-4AF4-B768-5FDE45DC127F}: DhcpDomain = lan O17 - HKLM\System\CS1\Services\Tcpip\..\{9854AD79-1BEE-46A8-A1E3-D86C42D58B40}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{BA809834-ED4F-4AF4-B768-5FDE45DC127F}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{BA809834-ED4F-4AF4-B768-5FDE45DC127F}: DhcpDomain = lan O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} . (...) -- C:\Program Files\WOT\WOT.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) ~ SSODL: 1 Legitimates Scanned in 00mn 00s ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\System32\browseui.dll ~ STS/SSO: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) ~ Services: 2 Legitimates Scanned in 00mn 06s ---\\ Enumération Active Desktop & MHTML Editor (O24) ~ Desktop Component: 1 Legitimates Scanned in 00mn 00s ---\\ BootExecute (O34) ~ BEX: 1 Legitimates Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Adobe Flash Player Updater.job [1002] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Extension de garantie.job [344] [MD5.EA856F4A46320389D1899B2CAA7BF40F] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [253656] [MD5.A9DA5B43CF597F83B1EB441968E24891] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [3497240] [MD5.FA52C48CA18EDFB00180FD465E8F0B08] [APT] [Extension de garantie] (.Packard Bell BV.) -- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe [425016] [MD5.19BCAFED90DABA9C536357366AD5E25A] [APT] [PC Checkup 3 Weekly Scan] (.Symantec Corporation.) -- C:\Program Files\Norton PC Checkup 3.0\NLAppLauncher.exe [1409944] [MD5.00000000000000000000000000000000] [APT] [{1AA0788A-1112-43D9-8E82-17772732F288}] (...) -- C:\Users\Laurent\Downloads\Sony Ericsson PC Suite for Smart Phones 1.3.22.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{363CA9E6-042E-49BC-A7BC-597AA6E45E87}] (...) -- C:\Users\Laurent\Desktop\SetupAnyDVD6184.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{46727B76-97F3-4CF5-90FD-620DC9B0D1E9}] (...) -- C:\Users\Laurent\yesmessenger.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{47B10591-4031-4F04-B654-9AA59B7393D1}] (...) -- C:\Users\Laurent\Downloads\eMule0.48a-Installer.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{5CED9A9F-7FC5-46DD-BD1A-E5DB43654668}] (...) -- E:\Program Files\AxCrypt-Setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{689FC89D-0409-418D-AB73-D97F778278A6}] (...) -- F:\QuickTime.Player.7.1 - Pro + Keygen\QuickTime.Player.7.1 - Pro + Keygen\QuickTimeInstaller.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{9FB33004-63AE-4AD9-9784-F65E337D922C}] (...) -- D:\LGInstaller.exe (.not file.) [0] [MD5.B1C2340D578E8534FCBD3857856900A0] [APT] [{AB428C01-77BB-4527-B1C3-EEC914ECA33F}] (.RealNetworks, Inc..) -- C:\Users\Laurent\RealPlayer11GOLD_fr.exe [357936] [MD5.497F27E279C0F921E2130BB89C1CB5CA] [APT] [{CB5A5BB2-82FE-4F4C-9F06-5192A1FD5C18}] (.Skype Technologies S.A..) -- C:\Program Files\Skype\Phone\Skype.exe [18705664] [MD5.00000000000000000000000000000000] [APT] [{CC9CDDEF-7424-476E-904A-FB120FDCB256}] (...) -- F:\QuickTime.Player.7.1 - Pro + Keygen\QuickTime.Player.7.1 - Pro + Keygen\QuickTimeInstaller.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{E6CEA18D-D405-4A63-9FC2-A7607878C782}] (...) -- C:\Users\Laurent\Downloads\AxCrypt-Setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{F3B14FF0-7383-4F1E-B4C1-71C9B011234C}] (...) -- D:\LGInstaller.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{FDC6F0F6-1813-4C21-AA2C-62E109CA2131}] (...) -- D:\Setup.exe (.not file.) [0] [MD5.3B785E9B3D7DC098A2CB87E38B5FF558] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [566592] ~ Scheduled Task: Scanned in 00mn 06s ---\\ Composants installés (ActiveSetup Installed Components) (O40) ~ Active Setup: 11 Legitimates Scanned in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) ~ Drivers: 40 Legitimates Scanned in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Adobe Flash Player 11 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Reader X (10.1.6) - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-AA1000000001} O42 - Logiciel: Favorit (wiiybk) - (...) [HKLM] -- wiiybk O42 - Logiciel: Flash Player plugins 9 - (...) [HKLM] -- Flashplayer O42 - Logiciel: IE AdBlock - (.CatenaLogic.) [HKLM] -- IE AdBlock_is1 O42 - Logiciel: Java 7 Update 17 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83217017FF} O42 - Logiciel: OFFICE One Fonts v7 - (.ISSENDIS.) [HKLM] -- {CC0C788C-7C68-47A9-BFBF-0DF7B205B4CC} O42 - Logiciel: RTC Client API v1.2 - (.Microsoft.) [HKLM] -- {44CDBD1B-89FB-4E02-8319-2A4C550F664A} O42 - Logiciel: avast! Free Antivirus v8.0.1483.0 - (.AVAST Software.) [HKLM] -- avast ~ Logic: 82 Legitimates Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\AVS] [HKCU\Software\Addictive Software] [HKCU\Software\Applications] [HKCU\Software\Aware] [HKCU\Software\Canopus] [HKCU\Software\DVC150] [HKCU\Software\Grand Virtual] [HKCU\Software\Intuwave] [HKCU\Software\MatrixMixer] [HKCU\Software\Orban] [HKCU\Software\Oshima Technology laboratory] [HKCU\Software\Paradigm Matrix] [HKCU\Software\Paul Glagla] [HKCU\Software\Prodiff] [HKCU\Software\QDesign Corporation] [HKCU\Software\SWN] [HKCU\Software\Semi] [HKCU\Software\Suunto] [HKCU\Software\Terravirtual] [HKCU\Software\Titan Poker] [HKLM\Software\AVS] [HKLM\Software\Acorn] [HKLM\Software\Axon Data] [HKLM\Software\BisonCam] [HKLM\Software\Bisont Electrocnics. Inc.] [HKLM\Software\Canopus] [HKLM\Software\DVC150] [HKLM\Software\Etymonix] [HKLM\Software\ISSENDIS] [HKLM\Software\LGE] [HKLM\Software\MovieBox USB] [HKLM\Software\PRR] [HKLM\Software\PTECH] [HKLM\Software\Symbian] [HKLM\Software\TerraVirtual] [HKLM\Software\Titan Poker] [HKLM\Software\WebCam] ~ Key Software: 234 Legitimates Scanned in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 14/07/2007 - 11:26:56 - [0,002] ----D C:\Program Files\3GP Converter 2007 O43 - CFD: 15/03/2007 - 19:49:23 - [0] ----D C:\Program Files\Alice_Triway_WiFi O43 - CFD: 27/01/2013 - 14:36:56 - [112,531] ----D C:\Program Files\American Conquest O43 - CFD: 27/01/2013 - 14:37:19 - [50,470] ----D C:\Program Files\American Conquest - Fight Back O43 - CFD: 17/03/2013 - 18:31:48 - [3,061] ----D C:\Program Files\ATK Hotkey O43 - CFD: 31/03/2007 - 17:39:50 - [0,001] ----D C:\Program Files\Axon Data O43 - CFD: 14/07/2009 - 18:41:35 - [0] ----D C:\Program Files\eMule O43 - CFD: 12/01/2007 - 15:15:04 - [1,854] ----D C:\Program Files\HDReg O43 - CFD: 27/01/2013 - 18:51:16 - [2,424] ----D C:\Program Files\IE AdBlock O43 - CFD: 19/12/2007 - 00:09:07 - [0,000] ----D C:\Program Files\Live_TV O43 - CFD: 17/02/2008 - 10:14:17 - [0] ----D C:\Program Files\OFFICE ONE 7.0 O43 - CFD: 17/02/2008 - 10:16:28 - [11,905] ----D C:\Program Files\OFFICE One v7 O43 - CFD: 27/01/2013 - 09:52:49 - [0,999] ----D C:\Program Files\TF1Vision O43 - CFD: 01/11/2007 - 14:31:22 - [0] ----D C:\Program Files\VLS O43 - CFD: 29/03/2008 - 17:48:11 - [1,141] ----D C:\Program Files\Common Files\Teleca Shared O43 - CFD: 30/09/2007 - 11:39:32 - [21,572] ----D C:\ProgramData\D2dWizardTemp O43 - CFD: 14/07/2009 - 18:41:35 - [0] ----D C:\ProgramData\eMule O43 - CFD: 30/09/2007 - 17:21:44 - [0,000] ----D C:\ProgramData\EnterNHelp O43 - CFD: 12/01/2007 - 15:41:34 - [0,002] ----D C:\ProgramData\OFFICE One v7 O43 - CFD: 27/02/2008 - 20:15:44 - [0,398] ----D C:\ProgramData\Suunto O43 - CFD: 30/09/2007 - 17:21:44 - [0,000] ----D C:\ProgramData\Ultima_T15 O43 - CFD: 16/03/2013 - 17:44:18 - [0] ----D C:\Users\Laurent\AppData\Roaming\LimeWire O43 - CFD: 23/02/2007 - 21:13:55 - [0,001] ----D C:\Users\Laurent\AppData\Roaming\OFFICE One v7 O43 - CFD: 30/05/2007 - 22:01:35 - [2,004] ----D C:\Users\Laurent\AppData\Roaming\OFFICEOne7 O43 - CFD: 18/02/2008 - 01:34:24 - [0,003] ----D C:\Users\Laurent\AppData\Roaming\Teleca O43 - CFD: 14/07/2009 - 18:26:27 - [0,068] ----D C:\Users\Laurent\AppData\Roaming\TuxPaint O43 - CFD: 14/07/2009 - 18:41:36 - [0] ----D C:\Users\Laurent\AppData\Local\eMule O43 - CFD: 24/01/2013 - 17:42:48 - [0,001] ----D C:\Users\Laurent\AppData\Local\TF1 Vision ~ Program Folder: 220 Legitimates Scanned in 00mn 20s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.D474397CC1258F42F9C9C722A3C273F0] - 28/03/2013 - 20:02:59 ---A- . (...) -- C:\AdwCleaner[S1].txt [2677] O44 - LFC:[MD5.CB5841269D34630A977553D817548FB5] - 28/03/2013 - 12:58:45 ---A- . (...) -- C:\AdwCleaner[R1].txt [2791] O44 - LFC:[MD5.028818ACBB0623B46EAED827F13D7EE6] - 28/03/2013 - 10:26:27 ---A- . (...) -- C:\UsbFix [Clean 1] LH-W895CQ9KIRKS.txt [7655] O44 - LFC:[MD5.A4BAC46A84DFE673440083562AFC8E52] - 27/03/2013 - 14:57:42 ----- . (...) -- C:\UsbFix [Scan 3] LH-W895CQ9KIRKS.txt [9260] O44 - LFC:[MD5.766C2A45BFBCB12CF016C83177F074CB] - 26/03/2013 - 18:53:36 ---A- . (...) -- C:\Windows\win.ini [298] O44 - LFC:[MD5.A0A7E504FFF72FB7D785A58A57DC146D] - 26/03/2013 - 18:53:33 ---A- . (.Bison Inc. - USB PC Camera Uninstallation.) -- C:\Windows\System32\BisonRem.dll [176128] O44 - LFC:[MD5.232D5686AA08E8ACD3C3203C86559ACE] - 26/03/2013 - 18:53:32 ---A- . (.Bison Electronics. Inc. - Universal Serial Bus Camera Driver.) -- C:\Windows\System32\Drivers\BisonCam.sys [806320] O44 - LFC:[MD5.013755B8B44BED1838EA570FD482C707] - 26/03/2013 - 18:53:14 ---A- . (...) -- C:\Windows\DPINST.LOG [12972] O44 - LFC:[MD5.46579AB90249E6F2D055207E71E6029D] - 16/03/2013 - 18:10:13 ---A- . (...) -- C:\Windows\wininit.ini [1703] O44 - LFC:[MD5.AD3247B0F258A1547C1C96F7D239077D] - 16/03/2013 - 17:39:47 ---A- . (...) -- C:\Windows\SIERRA.INI [295] O44 - LFC:[MD5.F899D431D27FF2A41537877443505A30] - 22/09/2003 - 14:36:46 ---A- . (...) -- C:\Windows\M2000Twn.src [13448] O44 - LFC:[MD5.73C0153E028AEC0793663544115ADBA4] - 22/09/2003 - 13:49:36 ---A- . (...) -- C:\Windows\M2000Twn.ini [15190] ~ Files: 61 Legitimates Scanned in 00mn 43s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.F53A4B5A7C963D4DD6B72CB0D8515389] - 28/03/2013 - 10:36:40 ---A- - C:\Windows\Prefetch\SETUP.OVR-56BCD126.pf O45 - LFCP:[MD5.990F4CEB04DA890E24965BCF81197CBE] - 28/03/2013 - 14:18:21 ---A- - C:\Windows\Prefetch\MCDETECTION.EXE-8E559037.pf O45 - LFCP:[MD5.EFD72CAD0C0EAC0C8DA852D6345673AF] - 28/03/2013 - 14:19:36 ---A- - C:\Windows\Prefetch\MCSTUBUSER.EXE-B48ADE55.pf O45 - LFCP:[MD5.BCB802BA8B0370FC04B2647E13B1347B] - 28/03/2013 - 20:07:42 ---A- - C:\Windows\Prefetch\UPDATER.EXE-AC3844D8.pf O45 - LFCP:[MD5.E47E6CA542A4A0CADCDE639CA5ADB45D] - 29/03/2013 - 00:47:43 ---A- - C:\Windows\Prefetch\SNIPPINGTOOL.EXE-EFFDAFDE.pf O45 - LFCP:[MD5.9B482AE167F17B91D690203903FD4D1F] - 29/03/2013 - 00:47:43 ---A- - C:\Windows\Prefetch\WISPTIS.EXE-48018B16.pf O45 - LFCP:[MD5.1E3D74DE9F21E6941D903D4DBAB32F0B] - 29/03/2013 - 00:54:48 ---A- - C:\Windows\Prefetch\WLXPHOTOGALLERY.EXE-0AE806EC.pf O45 - LFCP:[MD5.19F50C2B083C1AAE7479748EF2F83BF0] - 29/03/2013 - 01:11:45 ---A- - C:\Windows\Prefetch\SYSTEMPROPERTIESPROTECTION.EX-64B3993D.pf O45 - LFCP:[MD5.24072F468EA4BDA4F4E709704656E0C7] - 29/03/2013 - 10:34:38 ---A- - C:\Windows\Prefetch\SIDEBAR.EXE-FA75EA61.pf O45 - LFCP:[MD5.7B9ADD947FA5C03EFB7576EC651B05C6] - 29/03/2013 - 10:45:20 ---A- - C:\Windows\Prefetch\LADS.EXE-3D3801BD.pf O45 - LFCP:[MD5.9ED40CDFA3B467C3B9BA59C748282AFE] - 29/03/2013 - 10:46:36 ---A- - C:\Windows\Prefetch\NSLOOKUP.EXE-3D06E09F.pf O45 - LFCP:[MD5.590D1DED5669FD829853710666A52428] - 29/03/2013 - 10:46:52 ---A- - C:\Windows\Prefetch\MBR.EXE-3DE60006.pf O45 - LFCP:[MD5.416E09F6760BE2D6FEAC63D805228CDD] - 29/03/2013 - 13:41:01 ---A- - C:\Windows\Prefetch\DFRGNTFS.EXE-7E4077FE.pf O45 - LFCP:[MD5.A246B6080E4A615DFC45E8C2C3A73C75] - 29/03/2013 - 15:51:14 ---A- - C:\Windows\Prefetch\NSEB50.TMP-5E5424C6.pf O45 - LFCP:[MD5.7D42DC15E20F3024668F0AE7636863EE] - 29/03/2013 - 17:00:00 ---A- - C:\Windows\Prefetch\PBCARNOT.EXE-21B8D0CA.pf O45 - LFCP:[MD5.02F186038C8872D32A6A5289570BDB86] - 29/03/2013 - 17:04:10 ---A- - C:\Windows\Prefetch\MYSTIFY.SCR-0667C0AF.pf O45 - LFCP:[MD5.A19599ABE286CC61310E485A1FA4D09F] - 29/03/2013 - 19:35:06 ---A- - C:\Windows\Prefetch\AVBUGREPORT.EXE-3B5B9E84.pf O45 - LFCP:[MD5.45C040428717001F6F7A0B5440536D3F] - 29/03/2013 - 19:39:55 ---A- - C:\Windows\Prefetch\CONIME.EXE-9781FD5F.pf ~ Prefetcher: 91 Legitimates Scanned in 00mn 01s ---\\ Déni du service (Local Security Authority) (O48) ~ LSA: 7 Legitimates Scanned in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) ~ CBS: 13 Legitimates Scanned in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{099aa7db-1511-11dd-8d60-001a9261ff91}\AutoRun\command. (...) -- F:\AdobeR.exe (.not file.) O51 - MPSK:{1b0cc459-eb82-11dd-8189-001a9261ff91}\AutoRun\command. (...) -- F:\AdobeR.exe (.not file.) O51 - MPSK:{25610934-a607-11dd-a8ad-001a9261ff91}\AutoRun\command. (...) -- F:\EmDesk.exe (.not file.) O51 - MPSK:{a2449fa2-e092-11dd-b0da-001a9261ff91}\AutoRun\command. (...) -- F:\tel.xls.exe (.not file.) O51 - MPSK:{b972f9d9-1c8e-11dd-876b-001a9261ff91}\AutoRun\command. (...) -- F:\AdobeR.exe (.not file.) O51 - MPSK:{bcf39c64-2134-11dd-a5c0-806e6f6e6963}\AutoRun\command. (...) -- H:\AdobeR.exe (.not file.) O51 - MPSK:{ea559e9e-48d7-11df-89f1-001a9261ff91}\AutoRun\command. (...) -- H:\WD SmartWare.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"msacm.scg726"="scg726.acm" . (.SHARP Corporation - SHARP G.726 ACM Audio Decoder.) -- C:\Windows\System32\scg726.acm O52 - TDSD: \Drivers32\"msacm.alf2cd"="alf2cd.acm" . (.NCT Company - NCT ALF2CD Audio CODEC.) -- C:\Windows\System32\alf2cd.acm O52 - TDSD: \Drivers32\"vidc.dvsd"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\Windows\System32\mcdvd_32.dll O52 - TDSD: \drivers.desc\"alf2cd.acm"="alf2cd.acm" . (.NCT Company - NCT ALF2CD Audio CODEC.) -- C:\Windows\System32\alf2cd.acm O52 - TDSD: \drivers.desc\"mcdvd_32.dll"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\Windows\System32\mcdvd_32.dll ~ TDSD: 30 Legitimates Scanned in 00mn 01s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} [Key] . (.Nero AG - Nero Home.) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe O53 - SMSR:HKLM\...\startupreg\DAEMON Tools [Key] . (...) -- C:\Program Files\DAEMON Tools\daemon.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\Google Desktop Search [Key] . (...) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\ISUSPM Startup [Key] . (.Macrovision Corporation - Macrovision Update Service Update Manager.) -- C:\Program Files\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe O53 - SMSR:HKLM\...\startupreg\ISUSScheduler [Key] . (.Macrovision Corporation - Macrovision Update Service Scheduler.) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe O53 - SMSR:HKLM\...\startupreg\iTunesHelper [Key] . (...) -- C:\Program Files\iTunes\iTunesHelper.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\NeroFilterCheck [Key] . (.Nero AG - NeroCheck.) -- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O53 - SMSR:HKLM\...\startupreg\TerraTec Remote Control [Key] . (...) -- C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (.not file.) ~ SMSR Keys: 12 Legitimates Scanned in 00mn 00s ---\\ Microsoft Control Security Providers (O54) ~ MSCP: 2 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 ~ MWPS: 16 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveAutoRun"=3 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDriveTypeAutoRun"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "BindDirectlyToPropertySetStorage"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveAutoRun"=3 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDriveTypeAutoRun"=0 ~ Keys: Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.8C5BC02856DCAE3B46388E007F33BFBA] - 10/11/2006 - 10:01:54 ---A- . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\ADIHdAud.sys [307712] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 02/11/2006 - 08:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 26/03/2013 - 00:37:14 ---A- C:\Users\Laurent\Pictures\Sample Pictures.lnk [668] O61 - LFC: 26/03/2013 - 00:37:49 ---A- C:\Users\Laurent\AppData\Roaming\Microsoft\OIS\Toolbars.dat [666] O61 - LFC: 26/03/2013 - 01:08:57 ---A- C:\Users\Laurent\AppData\Roaming\Microsoft\MMC\eventvwr [86847] O61 - LFC: 26/03/2013 - 01:10:31 ---A- C:\Users\Laurent\AppData\Roaming\Packard Bell\InfoCentre\myComputerMenu.xml [1327] O61 - LFC: 27/03/2013 - 14:38:06 ---A- C:\Users\Laurent\UsbFix.exe [1022936] O61 - LFC: 28/03/2013 - 12:54:05 ---A- C:\Users\Laurent\aswclear.exe [375336] O61 - LFC: 28/03/2013 - 12:56:02 ---A- C:\Users\Laurent\adwcleaner.exe [609993] O61 - LFC: 28/03/2013 - 18:20:28 ---A- C:\Users\Laurent\AppData\default.pls [107] O61 - LFC: 29/03/2013 - 01:09:38 ---A- C:\Users\Laurent\install_flash_player_ics.apk [4708608] O61 - LFC: 29/03/2013 - 16:11:14 --HA- C:\Users\Laurent\AppData\Local\IconCache.db [3162777] ~ 4 Fichiers temporaires (Temporary files) ~ Files: 37 Legitimates Scanned in 00mn 17s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - SosVirus.org.) [HKLM] -- Usbfix O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) ~ Legacy: 83 Legitimates Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.bat> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> [HKCR\..\open\Command] (.Microsoft Corporation - Lanceur du composant logiciel enfichable Observateur d'événements.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> [HKCR\..\open\Command] (.Microsoft Corporation - Éditeur du Registre.) -- C:\Windows\regedit.exe ~ Keys: Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: prefs.js [Laurent - i8tkeogz.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search"); O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {1FEB4F25-FFB8-42C5-98C8-26D5A5AD56EE} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Live Search) - http://search.live.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche des services démarrés par Svchost (O83) ~ Services: 31 Legitimates Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.AC270A11CCF131F249CDF5B80F800900] [SPRF][01/12/2007] (...) -- C:\ProgramData\ezsid.dat [32] [MD5.87B9392783187F44B13D53CA3FA26838] [SPRF][06/09/2009] (...) -- C:\ProgramData\ezsidmv.dat [56] [MD5.6B0A152183594EFB8ED0533DE3C8A5F4] [SPRF][06/03/2013] (...) -- C:\Users\Laurent\AppData\Local\d3d9caps.dat [1356] [MD5.8A1EA761A0BC4A157500C1831A9EB3CD] [SPRF][24/02/2007] (...) -- C:\Users\Laurent\AppData\Local\fusioncache.dat [95] [MD5.76280F364A6CF309744E6B5CFCF852B0] [SPRF][27/01/2013] (...) -- C:\Users\Laurent\AppData\Local\wiiybk.bat [93] [MD5.B849893B32030F351C84C00FA06580B5] [SPRF][28/03/2013] (...) -- C:\Users\Laurent\AppData\Roaming\nvModes.dat [39385] [MD5.4147BF5C3912835835A7F0BF105C6B88] [SPRF][27/03/2013] (.El Desaparecido - SosVirus.org - UsbFix - Remove malware from yours drive!.) -- C:\Users\Julien\Desktop\usbfix (1).exe [1022936] [MD5.C38CB308D795D58602841649F1659A1B] [SPRF][10/12/2007] (...) -- C:\Program Files\Diaporama LM Version-2.5-F.exe [17101436] [MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576] [MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608] [MD5.6C378170CBEC45E5DBBE6B5A17BB3C90] [SPRF][15/06/2006] (.eBay, Inc. - EPUWALControl Module.) -- C:\Windows\Downloaded Program Files\EPUWALcontrol.dll [1132192] [MD5.68CDC33D31F1952C80A915677D7B7796] [SPRF][09/08/2004] (.InstallShield Software Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [327680] ~ Files: Scanned in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) ~ Firewall: 211 Legitimates Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : v2.11334 - (28/03/2013) Clés trouvées (Keys found) : 7 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKLM\Software\Classes\Interface\{D6094FC6-821F-474C-8D73-C13066CD178D}] =>Toolbar.Agent [HKCU\Software\Grand Virtual] =>Spyware.AgenceExclusive [HKCU\Software\Prodiff] =>Adware.Locator [HKCU\Software\titan poker] =>Adware.Casino [HKLM\Software\titan poker] =>Adware.Casino [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing ~ Additionnel: Scanned in 00mn 26s ---\\ Product Upgrade Codes (O90) O90 - PUC: "106CEACDC537EA148BF47D290FF97B1D" . (.WOT for Internet Explorer.) -- C:\Windows\Installer\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}\ProductIcon ~ Update Products: 68 Legitimates Scanned in 00mn 00s ---\\ MyComputer Name Space (O92) O92 - MNS: Nero Scout - {3d6be802-fc0d-4595-a304-e611f97089dc} O92 - MNS: LG Phone - {792F0537-F929-4eb7-AC1D-FB6334C71550} ~ MNS: Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Disabled 18/12/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 16/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Disabled 06/09/2007 110592 | (Apple Mobile Device) . (.Apple, Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe SR - | Auto 07/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SS - | Demand 14/11/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe SS - | Demand 05/02/2013 312704 | (maconfservice) . (.CybelSoft.) - C:\Program Files\ma-config.com\maconfservice.exe SS - | Demand 11/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 29/06/2007 800040 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe SS - | Disabled 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe SS - | Disabled 11/03/2013 132504 | (Norton PC Checkup Application Launcher) . (.Symantec Corporation.) - C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe SS - | Auto 08/01/2013 161536 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Disabled 10/12/2006 24576 | (StkSSrv) . (.Syntek America Inc..) - C:\Windows\System32\StkCSrv.exe SR - | Auto 19/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 19/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 01s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 1 Legitimates Scanned in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Laurent at 29/03/2013 19:43:01 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s End of the scan (738 lines in 03mn 16s)(0)