Rapport de ZHPDiag v2013.6.1.2 par Nicolas Coolman, Update du 01/06/2013 Run by Annick at 02/06/2013 13:46:08 WebSite: http://nicolascoolman.webs.com State : WhiteList : Enable High Elevated Privileges : OK UAC : Deactivate by user ---\\ Web Browser MSIE: Internet Explorer v10.0.9200.16576 MFIE: Mozilla Firefox 21.0 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 3Q6C9 Windows License : OK ~ Windows Remaining Initializations Number : 2 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection AVG 2013 v13.0.2904 Malwarebytes Anti-Malware version 1.75.0.1300 SUPERAntiSpyware v5.6.1014 Windows Defender W7 ---\\ System Optimizer CCleaner v4.02 =>Piriform Ltd ---\\ Peer To Peer (P2P) ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader XI Java 7 Update 21 ---\\ System Information ~ Processor: AMD64 Family 16 Model 5 Stepping 3, AuthenticAMD ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3834 MB (53% free) System Restore: Activé (Enable) System drive C: has 624 GB (91%) free of 684 GB ---\\ Logged in mode ~ Computer Name: ANNICK-HP ~ User Name: Annick ~ All Users Names: HomeGroupUser$, Annick, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\Annick\AppData\Roaming\ ~ %Desktop% : C:\Users\Annick\Desktop\ ~ %Favorites% : C:\Users\Annick\Favorites\ ~ %LocalAppData% : C:\Users\Annick\AppData\Local\ ~ %StartMenu% : C:\Users\Annick\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 624 Go of 684 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 15 Go) E:\ CD-ROM drive (Not Inserted) F:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go) H:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified ~ Security Center: 37 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.27A9000C534AA9BADC9EE74940F50C6D] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.05/04/2013 - 07:52:14.) -- C:\Windows\System32\wininet.dll [2242048] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/326 ~ Mes musiques (My Musics) : 1/390 ~ Mes Favoris (My Favorites) : 1/19 ~ Mes Documents (My Documents) : 1/31 ~ Mon Bureau (My Desktop) : 1/42 ~ Menu demarrer (Programs) : 1/39 ~ Hidden Files: Scanned in 00mn 01s ---\\ Processus lancés [MD5.C4FCBEE3A7BF26DFF4314CB5C377A7AF] - (.HP - TouchControl.) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe [635208] [PID.3384] [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3216] [MD5.18BAF27E59DDA3C7EE526D5D3847B848] - (.HP - BioMonitor.) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe [142664] [PID.4616] [MD5.9D51EA92A612B37E76E5E4621650C50A] - (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288] [PID.3420] [MD5.8A3B69683E63808719D24E1C68C21CC7] - (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960] [PID.4752] [MD5.9DADF1A809ECEC86F04BDE35190D59FE] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe [3147384] [PID.1172] [MD5.BC6390A6736A5F4A048AC75168DD7869] - (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008] [PID.5076] [MD5.966511572EB360D49D9BD95FC0F0F35D] - (.Zemana Ltd. - Zemana AntiLogger User Interface.) -- C:\Program Files (x86)\AntiLogger\AntiLogger.exe [16866728] [PID.4496] [MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [920472] [PID.5616] [MD5.9987636E1191907AB52F3A49FFB83393] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7431168] [PID.3076] [MD5.0DCEF328BCCD4E1622EA613F84BD3E54] - (.HP - HP Service.) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [249672] [PID.440] [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.2056] [MD5.D0BE22C910E46550C6308D50DDA76B94] - (.AVG Technologies CZ, s.r.o. - AVG Firewall Service.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1342024] [PID.2132] [MD5.4AFC14AFA58878FAA1D249E7E90EA54B] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904] [PID.2160] [MD5.6B72E1E329C4E98C6B6FDD2D265E3BA3] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664] [PID.2228] [MD5.CA793DCC1D5F619021EF1D37CC7A831E] - (.EasyBits Software AS - Shared EasyBits services for Windows.) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232] [PID.2320] [MD5.491CE9B6321FB74E4B37AF2C47F98434] - (.Hewlett-Packard Development Company, L.P. - HP Quick Launch WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26680] [PID.2480] [MD5.FCBDCC6F1801E32244235608E1277752] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2552] [MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2636] [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2672] [MD5.9B7EDD3FE7C211C36E921D34D18A3A0A] - (.Hewlett-Packard Company - HP Software Framework WMI Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1001376] [PID.888] ~ Processes Running: Scanned in 00mn 01s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Annick\AppData\Roaming\Mozilla\Firefox\Profiles\8o9l0mqo.default\prefs.js M2 - MFEP: prefs.js [Annick - 8o9l0mqo.default\{3ffb7be0-8bde-11de-8a39-0800200c9a66}] [] Purple Fox v20.0.10.04.13 (..) M2 - MFEP: prefs.js [Annick - 8o9l0mqo.default\{d122ad80-ff45-11dd-87af-0800200c9a66}] [] Green Fox v20.0.10.04.13 (..) ~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: MegaIeHelperBHO [64Bits] - {77F4E711-789B-447F-9614-96759B2F83C6} . (.Megamedia Ltd. - Web browser plugin for Megakey.) -- C:\Users\Annick\AppData\Local\Megamedia\Megakey\MegaIeHelper.dll ~ BHO: 9 Legitimates Filtered in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.) O4 - HKLM\..\Run: [HPWirelessAssistant] . (...) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Wow6432Node\Run: [NUSB3MON] . (.Renesas Electronics Corporation - USB 3.0 Monitor.) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Wow6432Node\Run: [HPOSD] . (.Hewlett-Packard Development Company, L.P. - HP On Screen Display.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe O4 - HKLM\..\Wow6432Node\Run: [HP Quick Launch] . (.Hewlett-Packard Development Company, L.P. - HP Message Service.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Wow6432Node\Run: [AntiLogger] . (.Zemana Ltd. - Zemana AntiLogger User Interface.) -- C:\Program Files (x86)\AntiLogger\AntiLogger.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\TaskBar: Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\TaskBar: hpDST.lnk . (.Hewlett-Packard Company - Setup Manager.) -- C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Programs: Update Checker.lnk . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe O4 - GS\QuickLaunch: ChrisPC Free Anonymous Proxy.lnk . (.Chris P.C. srl - ChrisPC Free Anonymous Proxy.) -- C:\Program Files (x86)\ChrisPC Free Anonymous Proxy\ChrisPC Proxy.exe O4 - GS\QuickLaunch: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- C:\Program Files (x86)\Glary Utilities\Integrator.exe O4 - GS\QuickLaunch: jetAudio.lnk . (.JetAudio, Inc. - jetAudio.) -- C:\Program Files (x86)\JetAudio\JetAudio.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Revo Uninstaller Pro.lnk . (.VS Revo Group - Revo Uninstaller Pro.) -- C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe O4 - GS\QuickLaunch: Xilisoft Convertisseur Vidéo Ultimate.lnk . (...) -- C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\vcloader.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\SendTo: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - GS\Desktop: ANIDPO.lnk . (...) -- C:\Users\Annick\Downloads\ANIDPO.gif O4 - GS\Desktop: ChrisPC Free Anonymous Proxy.lnk . (.Chris P.C. srl - ChrisPC Free Anonymous Proxy.) -- C:\Program Files (x86)\ChrisPC Free Anonymous Proxy\ChrisPC Proxy.exe O4 - GS\Desktop: Format Factory.lnk . (.Free Time - FormatFactory.) -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe O4 - GS\Desktop: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- C:\Program Files (x86)\Glary Utilities\Integrator.exe O4 - GS\Desktop: mimi adieu.lnk . (...) -- C:\Users\Annick\Desktop\mimi adieu.PNG O4 - GS\Desktop: Update Checker.lnk . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe O4 - GS\Desktop: Wedding Album Maker Gold.lnk . (.http://www.wedding-album-maker.com - Wedding Album Maker Gold.) -- C:\Program Files (x86)\Wedding Album Maker Gold\DVDPhotoMaker.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office15\ONBttnIE.dll (.not file.) O9 - Extra button: Cliquer pour appeler Lync [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office\Office15\lync.exe O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office15\ONBTTN~1.dll (.not file.) O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{47FC508E-4653-4F70-8375-4FD4DC70C3DB}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{47FC508E-4653-4F70-8375-4FD4DC70C3DB}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{47FC508E-4653-4F70-8375-4FD4DC70C3DB}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: AMD Reservation Manager (AMD Reservation Manager) . (.Advanced Micro Devices - RM Application.) - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe O23 - Service: HP Wireless Assistant Service (HP Wireless Assistant Service) . (.Hewlett-Packard Company - HPPA_Service.) - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe O23 - Service: C:\Windows\System32\stlang64.dll (STacSV) . (.IDT, Inc. - IDT PC Audio.) - C:\Program Files\IDT\WDM\STacSV64.exe ~ Services: 23 Legitimates Filtered in 00mn 17s ---\\ Session Manager Key (AppCertDlls,KnownDLLs) (O36) O36 - AppCertDlls: (x86) . (...) -- C:\Program Files (x86)\Search Results Toolbar\Datamngr\apcrtldr.dll =>Adware.IMBooster O36 - AppCertDlls: (x64) . (...) -- C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\apcrtldr.dll =>Adware.IMBooster ~ Keys: Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe (.not file.) [0] =>Toolbar.Ask [MD5.00000000000000000000000000000000] [APT] [{9152BDC2-8F5C-4EFB-8ADD-44506DE5E0DB}] (...) -- F:\SUPERCOW JEUX\SupercowSetup.exe (.not file.) [0] ~ Scheduled Task: 13 Legitimates Filtered in 00mn 06s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (AntiLog32) . (.Zemana Ltd. - Zemana AntiLogger Driver.) - C:\Windows\system32\drivers\AntiLog64.sys ~ Drivers: 87 Legitimates Filtered in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: Megakey - (.Megamedia Ltd..) [HKCU][64Bits] -- Megakey O42 - Logiciel: Supercow - (...) [HKLM][64Bits] -- Supercow_is1 ~ Logic: 157 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\AppDataLow\Software\Megamedia] [HKCU\Software\Drivers] [HKCU\Software\Megamedia] [HKCU\Software\System32] [HKCU\Software\Wedding Album Maker Gold] [HKCU\Software\Win] [HKCU\Software\koyotesofttoolbarnew] [HKLM\Software\Wow6432Node\KoyoteSRTB] [HKLM\Software\Wow6432Node\Megamedia] ~ Key Software: 233 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 24/04/2013 - 17:56:18 - [1,068] ----D C:\Program Files (x86)\Search Results Toolbar =>Adware.IMBooster O43 - CFD: 21/01/2012 - 10:51:55 - [74,444] ----D C:\Program Files (x86)\Supercow O43 - CFD: 22/05/2013 - 23:26:04 - [59,380] ----D C:\Program Files (x86)\Wedding Album Maker Gold O43 - CFD: 24/04/2013 - 17:56:15 - [0,012] ----D C:\ProgramData\Datamngr =>PUP.Datamngr O43 - CFD: 19/01/2012 - 01:32:05 - [6,254] ----D C:\ProgramData\Megamedia O43 - CFD: 29/05/2013 - 19:53:34 - [26,025] --H-D C:\ProgramData\{3D3D405B-A26F-46DE-8E42-8BCC08AC2C4B} O43 - CFD: 19/01/2012 - 01:32:24 - [0,007] ----D C:\Users\Annick\AppData\Roaming\Megamedia O43 - CFD: 22/04/2013 - 16:02:03 - [0,093] ----D C:\Users\Annick\AppData\Roaming\Wedding Album Maker O43 - CFD: 19/01/2012 - 01:32:03 - [13,603] ----D C:\Users\Annick\AppData\Local\Megamedia O43 - CFD: 19/01/2012 - 01:32:20 - [0,005] ----D C:\Users\Annick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Megakey O43 - CFD: 22/04/2013 - 16:00:47 - [0,005] ----D C:\Users\Annick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wedding Album Maker Gold ~ 12 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 209 Legitimates Filtered in 00mn 22s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.0BEDF5661FA0D89E60FDA578E6E70659] - 02/06/2013 - 08:24:25 ---A- . (...) -- C:\Windows\capsys184523.log [20] O44 - LFC:[MD5.92BD32585D1445BD7E6943165DB170D5] - 29/05/2013 - 20:14:45 ---A- . (...) -- C:\Windows\avgui.INI [36] O44 - LFC:[MD5.898ADED880961EB034461303C647F449] - 29/05/2013 - 18:53:35 RSHAD . (.Zemana Ltd. - Zemana AntiLogger Driver.) -- C:\Windows\System32\Drivers\AntiLog64.sys [49240] O44 - LFC:[MD5.5C0EFEC50E1E82492454953D1039DEB7] - 23/05/2013 - 12:38:01 ---A- . (...) -- C:\bdlog.txt [8968] O44 - LFC:[MD5.AB1201F8DE199E764DA9A32ABF71049C] - 20/05/2013 - 15:07:28 RSHAD . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\System32\Drivers\CSCrySec.sys [85048] O44 - LFC:[MD5.A6EED705BB510FA6B0F9F097165A3395] - 20/05/2013 - 15:07:28 RSHAD . (.Infowatch - Virtual Volume Container Driver (wnet).) -- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [66104] ~ Files: 31 Legitimates Filtered in 00mn 08s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.2BA35BD11581BB74C5F28660A4F23B9C] - 02/06/2013 - 11:13:57 ---A- - C:\Windows\Prefetch\DELAYEDAPPSTARTER.EXE-5499AE40.pf O45 - LFCP:[MD5.D4745A1F4AAFC22D05410A22487A3A76] - 02/06/2013 - 11:13:57 ---A- - C:\Windows\Prefetch\PICTUREMOVER.EXE-1E55DF5C.pf O45 - LFCP:[MD5.927FE74F7A00057C9507E112C039103F] - 02/06/2013 - 11:14:01 ---A- - C:\Windows\Prefetch\ANTILOGGER.EXE-2BCDB1F1.pf ~ Prefetcher: 115 Legitimates Filtered in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) O52 - TDSD: \Drivers32\"VIDC.FICV"="ficvdec_x64.dll" . (...) -- C:\Windows\System32\ficvdec_x64.dll ~ TDSD: 3 Legitimates Filtered in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\MegakeyUpdater [Key] . (.Megamedia Ltd. - Megakey Update.) -- C:\Users\Annick\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe ~ SMSR Keys: 5 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 20 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.5C368F4B04ED2A923E6AFCA2D37BAFF5] - 27/05/2011 - 10:20:12 ---A- . (.Hewlett-Packard Company - HP Accelerometer.) -- C:\Windows\System32\Drivers\Accelerometer.sys [43320] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 01/06/2013 - 17:40:45 ---A- C:\Users\Annick\Documents\MOMOCON.txt [79] O61 - LFC: 02/06/2013 - 07:59:23 ---A- C:\Users\Annick\Downloads\Revo_Uninstaller_Pro_3.0.5_Inclus_Patch_32bits_et_64bits_by_Majax31.rar [18253367] O61 - LFC: 02/06/2013 - 11:14:15 ---A- C:\Users\Annick\AppData\Local\Zemana\ZALSDK\threats.zdb [3695768] O61 - LFC: 30/05/2013 - 20:05:30 ---A- C:\Users\Annick\Documents\Mes fichiers reçus\cleeve3123460394\Historique\MessageLog.xsl [11600] O61 - LFC: 30/05/2013 - 20:05:30 ---A- C:\Users\Annick\Documents\Mes fichiers reçus\cleeve3123460394\Historique\angelusse21845618841.xml [67669] O61 - LFC: 30/05/2013 - 20:05:30 ---A- C:\Users\Annick\Documents\Mes fichiers reçus\cleeve3123460394\Historique\cleeve3123460394.xml [22946] O61 - LFC: 31/05/2013 - 07:23:58 ---A- C:\Users\Annick\AppData\Roaming\PictureMover\Data\DataCenter.madb [364544] O61 - LFC: 31/05/2013 - 07:36:28 ---A- C:\Users\Annick\AppData\Roaming\PictureMover\Data\DataCenter.ldb [64] O61 - LFC: 31/05/2013 - 16:03:05 ---A- C:\Users\Annick\Documents\Mes fichiers reçus\cleeve3123460394\Historique\paul24241396712874.xml [24582] O61 - LFC: 31/05/2013 - 19:22:47 ---A- C:\Users\Annick\Downloads\martineb-Tropical Hits.rar [193037447] ~ 15 Fichiers temporaires (Temporary files) ~ Files: 98 Legitimates Filtered in 00mn 12s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: prefs.js [Annick - 8o9l0mqo.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search"); O69 - SBI: SearchScopes [HKCU] {9DCB7A20-9E3D-46DB-AEC7-84F207636D27} - (01NET.com Main Customized Web Search) - http://search.conduit.com O69 - SBI: SearchScopes [HKCU] {b7fca997-d0fb-4fe0-8afd-255e89cf9671} - (Yahoo) - http://fr.search.yahoo.com O69 - SBI: SearchScopes [HKCU] {CFD547B7-F9D7-4892-94A7-291BCDBC6DD1} - (Ask Search) - http://websearch.ask.com O69 - SBI: SearchScopes [HKCU] {d43b3890-80c7-4010-a95d-1e77b5924dc3} - (Wikipedia) - http://fr.wikipedia.org O69 - SBI: SearchScopes [HKCU] {D944BB61-2E34-4DBF-A683-47E505C587DC} - (eBay) - http://rover.ebay.com O69 - SBI: SearchScopes [HKCU] {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.C634644A9157B193D7B0940A5C251657] [SPRF][20/05/2013] (...) -- C:\ProgramData\1369071217.bdinstall.bin [930580] [MD5.90CD1CCD44E75AB072F3B088E0691523] [SPRF][23/05/2013] (...) -- C:\ProgramData\1369306753.bdinstall.bin [586586] [MD5.FCD412C74B842B96567BA8B5AFA90875] [SPRF][23/05/2013] (...) -- C:\ProgramData\1369309064.bdinstall.bin [234791] [MD5.C73C69B575F83091AEF6F8C4E03599DD] [SPRF][18/05/2013] (...) -- C:\ProgramData\ntuser.dat [262144] [MD5.8BE8A70114A168DB89CA40923C55BA5B] [SPRF][02/06/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Annick\Desktop\ZHPDiag2.exe [5667061] ~ Files: Scanned in 00mn 00s ---\\ Scan Additionnel (O88) Database Version : v2.12368 - (01/06/2013) Clés trouvées (Keys found) : 28 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9] =>Adware.MyWebSearch [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls] =>Trojan.FakeAlert [HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls] =>Trojan.FakeAlert [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask [HKLM\Software\Wow6432Node\KoyoteSRTB] =>Toolbar.CoyoteSoft [HKCU\Software\koyotesofttoolbarnew] =>Toolbar.CoyoteSoft [HKLM\Software\Wow6432Node\Google\Chrome\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn] =>Adware.Downware C:\Program Files (x86)\FTDownloader.com =>Adware.Downware C:\Program Files (x86)\Search Results Toolbar =>Adware.Bandoo ~ Additionnel Scan: 229133 Items scanned in 00mn 23s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 11/07/2012 140672 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE64.exe SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 14/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 03/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\IDT\WDM\AESTSr64.exe SR - | Auto 10/12/2010 203776 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 09/12/2010 354304 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe SR - | Auto 17/06/2010 194496 | (AMD Reservation Manager) . (.Advanced Micro Devices.) - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe SR - | Auto 10/12/2012 1342024 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe SR - | Auto 15/11/2012 5814904 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe SR - | Auto 22/10/2012 196664 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe SR - | Auto 29/07/2010 951584 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe SR - | Auto ??\??\???? 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe SR - | Auto 15/12/2010 249672 | (FPLService) . (.HP.) - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe SS - | Demand 19/06/2010 246520 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe SR - | Auto 21/07/2010 103992 | (HP Wireless Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe SR - | Auto 05/08/2010 291896 | (HPClientSvc) . (.Hewlett-Packard Company.) - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe SR - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe SR - | Auto 27/05/2011 30520 | (hpsrv) . (.Hewlett-Packard Company.) - C:\Windows\System32\Hpservice.exe SR - | Auto 11/07/2011 26680 | (HPWMISVC) . (.Hewlett-Packard Development Company, L.P..) - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe SR - | Auto 23/05/2013 2375168 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe SR - | Auto 16/08/2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe SR - | Auto 15/05/2013 1144144 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe SS - | Demand 22/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Auto 28/02/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SR - | Auto 02/12/2010 275968 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV64.exe SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 00s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by Annick at 02/06/2013 13:49:18 device: opened successfully user: error reading MBR Disk trace: error: Read Descripteur non valide kernel: error reading MBR ~ MBR: 9 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Annick at 02/06/2013 13:49:20 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 1478 Legitimates filtered by white list End of the scan (529 lines in 03mn 12s)(0)