Mon pare-feu Mc Afee se désactive tout seul...
naelectronic
Messages postés
34
Statut
Membre
-
naelectronic Messages postés 34 Statut Membre -
naelectronic Messages postés 34 Statut Membre -
Bonjour a tous
Depuis quelques jours ,j,ai un probleme de pare-feu. Il s,enleve intempestivement et m,indique alors pare-feu désactivé en rouge !Votre ordinateur n,est plus protégé !
Il s,agit du pare-feu fournit avec McAfee
J,utilise Window XP service pack 3. J,ai un antivirus Mc Afee protection totale (payant)....
Tout d,abord je ne comprends pas pourquoi,il y a 2 pare-feu sur le systeme ! Le premier est celui de Window et le deuxieme celui de McAfee....
Celui de window reste activé (il y a d,ailleurs une option qui demande si l,on souhaite ne pas avoir d,exceptions.....ce qui a premiere vue serait , il me semble, souhaitable?
Donc, lorsque l,annonce en rouge, avertissant "ordinateur non-protégé ",apparait, est-ce réel ou non car le pare-feu de window reste activé lui? Vrai ou faux?
Que me conseillez-vous? Comment régler le probleme du pare-feu McAfee?
Vous remerciant a l,avance pour votre assistance
Michel
Depuis quelques jours ,j,ai un probleme de pare-feu. Il s,enleve intempestivement et m,indique alors pare-feu désactivé en rouge !Votre ordinateur n,est plus protégé !
Il s,agit du pare-feu fournit avec McAfee
J,utilise Window XP service pack 3. J,ai un antivirus Mc Afee protection totale (payant)....
Tout d,abord je ne comprends pas pourquoi,il y a 2 pare-feu sur le systeme ! Le premier est celui de Window et le deuxieme celui de McAfee....
Celui de window reste activé (il y a d,ailleurs une option qui demande si l,on souhaite ne pas avoir d,exceptions.....ce qui a premiere vue serait , il me semble, souhaitable?
Donc, lorsque l,annonce en rouge, avertissant "ordinateur non-protégé ",apparait, est-ce réel ou non car le pare-feu de window reste activé lui? Vrai ou faux?
Que me conseillez-vous? Comment régler le probleme du pare-feu McAfee?
Vous remerciant a l,avance pour votre assistance
Michel
A voir également:
- Mcafee.com mon compte
- Récupérer mon compte facebook désactivé - Guide
- Pave tactile desactive - Guide
- Wifi se désactive tout seul windows 10 - Guide
- Mon compte instagram a été désactivé - Guide
- Mon iphone se verrouille tout seul ✓ - Forum iPhone
2 réponses
Bonjour Naelectroni,
Il ne faut avoir qu'un seul parefeu sinon risque de conflit ce qui provoque des disfoctionnements divers. Une menace peut en profiter pour entrer et infecter le pc. On va faire un bilan pour voir ce qui se passe. C'est un examen simple et rapide. Il te suffit de suivre mes indications :
1) Télécharge ZHPDiag ici :
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
Il faut la dernière version. Si une autre se trouve sur ton pc, désinstalle-la.
Laisse-toi guider lors de l'installation et coche "Ajouter une icône sur le bureau".
Tu verras 2 nouvelles icônes sur le bureau : ZHPDiag (parchemin) et ZHPFix (seringue)
Seul ZHPDiag nous intéresse pour l'instant.
Normalement, il devrait s'ouvrir automatiquement à la fin de l'installation. Sinon :
- Sous Windows Xp, lance ZHPDiag par double clic sur l'icône en forme de parchemin.
Tu dois possèder les droits d'administration du pc.
- Sous Windows Vista / 7 ou 8, clique droit sur l'icône ZHPDiag en forme de parchemin et choisis "Exécuter en tant qu'administrateur".
2) Pour le scan :
Une fois le logiciel ouvert, tu verras deux gros boutons : "Rechercher" et "Configurer"
--> Clique sur "Configurer".
Clique sur l'icône avec le tournevis à droite, puis coche "Tous".
Décoche ensuite les lignes 45, 61, 65, et 80.
Lis la suite du § 2) avant de tout fermer, y compris ton navigateur.
/i\ Désactive ton antivirus, puis lance le scan en cliquant sur "Rechercher".
Laisse l'examen se dérouler sans toucher à rien.
Le logiciel peut s'arrêter un long moment sur une ligne puis repartir, c'est normal.
Il parait inactif mais il travaille.
Ne le relance pas. Attends patiemment la fin du scan.
En fin de scan, un message en bas de page te préviendra que c'est terminé.
Réactive ton antivirus.
3) Pour le rapport : Il doit obligatoirement être hébergé.
Tu le trouveras sur le bureau. Il s'intitule : [ZHPDiag.txt]
Héberge-le sur : http://pjjoint.malekal.com
Merci de respecter le site demandé.
Clique sur "Parcourir".
Dans la fenêtre qui s'ouvre, indique comme emplacement du fichier : Bureau.
Cherche ton fichier et sélectionne-le, puis clique sur "Ouvrir".
Clique sur "Envoyer le fichier".
Un message te confirmera :"Voici le lien à fournir..."
Copie-le et colle-le dans ta réponse sur le forum.
Si quelque chose te pose problème, n'hésite-pas à demander :)
Cordialement Bridget.
Il ne faut avoir qu'un seul parefeu sinon risque de conflit ce qui provoque des disfoctionnements divers. Une menace peut en profiter pour entrer et infecter le pc. On va faire un bilan pour voir ce qui se passe. C'est un examen simple et rapide. Il te suffit de suivre mes indications :
1) Télécharge ZHPDiag ici :
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
Il faut la dernière version. Si une autre se trouve sur ton pc, désinstalle-la.
Laisse-toi guider lors de l'installation et coche "Ajouter une icône sur le bureau".
Tu verras 2 nouvelles icônes sur le bureau : ZHPDiag (parchemin) et ZHPFix (seringue)
Seul ZHPDiag nous intéresse pour l'instant.
Normalement, il devrait s'ouvrir automatiquement à la fin de l'installation. Sinon :
- Sous Windows Xp, lance ZHPDiag par double clic sur l'icône en forme de parchemin.
Tu dois possèder les droits d'administration du pc.
- Sous Windows Vista / 7 ou 8, clique droit sur l'icône ZHPDiag en forme de parchemin et choisis "Exécuter en tant qu'administrateur".
2) Pour le scan :
Une fois le logiciel ouvert, tu verras deux gros boutons : "Rechercher" et "Configurer"
--> Clique sur "Configurer".
Clique sur l'icône avec le tournevis à droite, puis coche "Tous".
Décoche ensuite les lignes 45, 61, 65, et 80.
Lis la suite du § 2) avant de tout fermer, y compris ton navigateur.
/i\ Désactive ton antivirus, puis lance le scan en cliquant sur "Rechercher".
Laisse l'examen se dérouler sans toucher à rien.
Le logiciel peut s'arrêter un long moment sur une ligne puis repartir, c'est normal.
Il parait inactif mais il travaille.
Ne le relance pas. Attends patiemment la fin du scan.
En fin de scan, un message en bas de page te préviendra que c'est terminé.
Réactive ton antivirus.
3) Pour le rapport : Il doit obligatoirement être hébergé.
Tu le trouveras sur le bureau. Il s'intitule : [ZHPDiag.txt]
Héberge-le sur : http://pjjoint.malekal.com
Merci de respecter le site demandé.
Clique sur "Parcourir".
Dans la fenêtre qui s'ouvre, indique comme emplacement du fichier : Bureau.
Cherche ton fichier et sélectionne-le, puis clique sur "Ouvrir".
Clique sur "Envoyer le fichier".
Un message te confirmera :"Voici le lien à fournir..."
Copie-le et colle-le dans ta réponse sur le forum.
Si quelque chose te pose problème, n'hésite-pas à demander :)
Cordialement Bridget.
Salut,
Désactive le pare feu de Windows après avoir supprimé ses exceptions, ainsi le pare feu de McAfee va se réactiver et tu n'auras plus d'alertes du centre de sécurité de Windows.
Pas utile de faire scannner ton PC si l'antivirus n'a rien signalé, même si le pare feu logiciel est désactivé, il reste le pare feu de la box, le plus important.
Désactive le pare feu de Windows après avoir supprimé ses exceptions, ainsi le pare feu de McAfee va se réactiver et tu n'auras plus d'alertes du centre de sécurité de Windows.
Pas utile de faire scannner ton PC si l'antivirus n'a rien signalé, même si le pare feu logiciel est désactivé, il reste le pare feu de la box, le plus important.
Un gros merci a vous deux! Mais en essayant de faire un scan antivirus complet, je me suis apercu que le scan bloque plusieurs minutes sur des dizaines et des dizaines de ROOTKIT......
Donc, je crois qu,avant de regler mes pare-feux, je dois essayer de me debarasser des rootkits....!!!
Avez-vous des methodes?
Bon week end et merci encore
Michel
Donc, je crois qu,avant de regler mes pare-feux, je dois essayer de me debarasser des rootkits....!!!
Avez-vous des methodes?
Bon week end et merci encore
Michel
Bonsoir naelectronic,
Je suis contributrice dans le forum "Virus / Sécurité et j'ai de suite compris que ton pc étais infecté.
Fais le bilan comme je t'ai demandé plus haut. C'est la seule solution pour savoir la nature de l'infection et te prescrire un traitement. Cet examen de diagnostic est très facile à faire. Il suffit de suivre mes indications pas à pas.
A partir du moment où tu auras fait l'examen, je te demanderai pour la sécurité de ton pc :
- de ne plus télécharger ou désinstaller,pour ne pas fausser les rapports car c'est sur eux que je me base, n'ayant pas le pc sous les yeux, pour prescrire le traitement et faire des scripts personnalisés pour ton pc.
- de ne pas passer d'autres outils que ceux que je te prescrirai pour ne pas interférer entre les outils, ce qui pourrait faire planter le pc et
- de ne pas suivre d'autres prescriptions.que les miennes pour les mêmes raisons.
- enfin de ne pas abandonner la désinfection, même si tu notes une amélioration car au cas où tu aurais des rootkits, infection coriaces, ils repartiraient de plus belle si pas entièrement éradiqués.
Dés que tu m'auras envoyé le rapport, on s'y met !
.Cordialement. Bridget :)
Je suis contributrice dans le forum "Virus / Sécurité et j'ai de suite compris que ton pc étais infecté.
Fais le bilan comme je t'ai demandé plus haut. C'est la seule solution pour savoir la nature de l'infection et te prescrire un traitement. Cet examen de diagnostic est très facile à faire. Il suffit de suivre mes indications pas à pas.
A partir du moment où tu auras fait l'examen, je te demanderai pour la sécurité de ton pc :
- de ne plus télécharger ou désinstaller,pour ne pas fausser les rapports car c'est sur eux que je me base, n'ayant pas le pc sous les yeux, pour prescrire le traitement et faire des scripts personnalisés pour ton pc.
- de ne pas passer d'autres outils que ceux que je te prescrirai pour ne pas interférer entre les outils, ce qui pourrait faire planter le pc et
- de ne pas suivre d'autres prescriptions.que les miennes pour les mêmes raisons.
- enfin de ne pas abandonner la désinfection, même si tu notes une amélioration car au cas où tu aurais des rootkits, infection coriaces, ils repartiraient de plus belle si pas entièrement éradiqués.
Dés que tu m'auras envoyé le rapport, on s'y met !
.Cordialement. Bridget :)
Merci Bridget
J,ai cliquè sur configurer mais apres malheureusement ,je n,ai pas trouvè le tournevis, j,ai cliquè sur la deuxieme loupe en partout de la gauche avec un plus a l,interieur..la le scan est parti! Je n,ai rien voulu arreter....
J,ai un rapport quand meme..mais tout etre erronnee...desole!! Que dois-je faire maintenant
un gros merci encore
J,ai cliquè sur configurer mais apres malheureusement ,je n,ai pas trouvè le tournevis, j,ai cliquè sur la deuxieme loupe en partout de la gauche avec un plus a l,interieur..la le scan est parti! Je n,ai rien voulu arreter....
J,ai un rapport quand meme..mais tout etre erronnee...desole!! Que dois-je faire maintenant
un gros merci encore
voila le rapport que j,ai obtenu avec l,erreur que j,ai commise
~ Report of ZHPDiag v2013.12.6.12 - Nicolas Coolman (2013-12-06)
~ Launched by Michel (2013-12-07 13:39:01)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found
---\\ Internet browsers
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome v31.0.1650.63 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows XP Home Edition Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ System protection software
---\\ System optimization software
CCleaner v3.21 =>Piriform Ltd
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 10 ActiveX
Adobe Reader 8.2.0 - Français
---\\ Information on the system
~ Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3191 MB (71% free)
System Restore: Activé (Enable)
System drive C: has 255 GB (87%) free of 293 GB
---\\ Connection to the system mode
~ Computer Name: YOUR-4F1261A8E5
~ User Name: Michel
~ All Users Names: SUPPORT_fddfa904, SUPPORT_388945a0, Michel, HP_Owner, HelpAssistant, Guest, ASPNET, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Michel\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Michel\Application Data\
~ %Desktop% : C:\Documents and Settings\Michel\Desktop\
~ %Favorites% : C:\Documents and Settings\Michel\Favorites\
~ %LocalAppData% : C:\Documents and Settings\Michel\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Michel\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 255 Go of 293 Go)
D: Hard drive, Flash drive, Thumb drive (Free 0 Go of 6 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ State of the Windows Security Center
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.12896823FB95BFB3DC9B46BCAEDC9923] - (.Microsoft Corporation - Windows Explorer.) (.2008-04-13 - 19:12:19.) -- C:\WINDOWS\Explorer.exe [1033728]
[MD5.C5ACAB147F9697F40ECEBB4BC0247EBF] - (.Microsoft Corporation - Internet Extensions for Win32.) (.2013-10-13 - 02:25:38.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.ED0EF0A136DEC83DF69F04118870003E] - (.Microsoft Corporation - Windows NT Logon Application.) (.2008-04-13 - 19:12:39.) -- C:\WINDOWS\system32\Winlogon.exe [507904]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2011-08-17 - 08:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.2008-04-13 - 13:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2008-04-13 - 14:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2008-04-13 - 13:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.D45926117EB9FA946A6AF572FBE1CAA3] - (.Microsoft Corporation - FIPS Crypto Driver.) (.2008-04-13 - 13:33:28.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44544]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.2008-04-13 - 11:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.4A0B06AA8943C1E332520F7440C0AA30] - (.Microsoft Corporation - i8042 Port Driver.) (.2008-04-13 - 14:18:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [52480]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.2008-04-13 - 13:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.2008-04-13 - 13:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.2008-04-13 - 14:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-07-15 - 08:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.2008-04-13 - 14:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.2008-04-13 - 14:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.5575FAF8F97CE5E713D108C2A58D7C7C] - (.Microsoft Corporation - Parallel Port Driver.) (.2008-04-13 - 13:40:10.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80128]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2008-04-13 - 14:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2008-04-13 - 13:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.F828DD7E1419B6653894A8F97A0094C5] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.2008-04-13 - 13:40:27.) -- C:\WINDOWS\system32\Drivers\redbook.sys [57600]
[MD5.4C8FCB5CC53AAB716D810740FE59D025] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.2008-04-13 - 13:41:01.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [52352]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/204
~ Mes musiques (My Musics) : 1/93
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/204
~ Mes Documents (My Documents) : 1/1118
~ Mon Bureau (My Desktop) : 0/19
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 02s
---\\ Process running
[MD5.ED85B344E6EDC30C1BC57EC1A2A56BF3] - (...) -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [32881] [PID.296]
[MD5.06A1ECB63DF139EC639E084D4AB3C9D7] - (.Hewlett-Packard Company - hpsysdrv.) -- C:\windows\system\hpsysdrv.exe [52736] [PID.304]
[MD5.D7ACBC053673F37505B6E2B3C4444F74] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [126976] [PID.328]
[MD5.E7BE65BF79906AEBC698E077D53F6A1C] - (.Agere Systems - SoftModem Messaging Applet.) -- C:\WINDOWS\AGRSMMSG.exe [88363] [PID.292]
[MD5.4A95F15B706B8FD9EC8715B6401EAB7B] - (.Hewlett-Packard Company - KBD EXE.) -- C:\HP\KBD\KBD.exe [61440] [PID.360]
[MD5.7237366A57A26B7ED71C9B081FBDD6EB] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [180269] [PID.364]
[MD5.4507BAD213F0B3FF5CDDFAF1A665F501] - (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SOUNDMAN.exe [77824] [PID.456]
[MD5.42BC5F3F941653F0FEEFA6A993D35C68] - (.RealTek Semicoductor Corp. - RealTek AlcWzrd Application.) -- C:\WINDOWS\ALCWZRD.exe [2742272] [PID.464]
[MD5.C7C8B79223E36655D4F214ACA885739C] - (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe [57344] [PID.472]
[MD5.69581380E69C8DCE30EDE2A463C912EE] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe [421888] [PID.488]
[MD5.2DFCB2393528446AEB9FB861A8FC39AB] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [421160] [PID.500]
[MD5.2589FFE360BED8F824CBC6171CB5B874] - (...) -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304] [PID.536]
[MD5.BAD6BEA0DE1F69C82BDB74378CE0C20A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288] [PID.580]
[MD5.000A83380536DF86EFE77D020D812F96] - (.Babylon Ltd. - No Comment.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe [286720] [PID.624] =>PUP.Babylon
[MD5.C519CEC624CF9BCBA3059F32266C8FFF] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [258048] [PID.824]
[MD5.74557BFD04530E512DBB9C151C4DA110] - (.McAfee, Inc. - McAfee.) -- C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499384] [PID.1056]
[MD5.061380AFF32EC10474B2B355499B6E35] - (.Hewlett-Packard - No Comment.) -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [45056] [PID.1168]
[MD5.018857EAD9A077A56AEDFC0E5EF7A24A] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [37664] [PID.1288]
[MD5.98D472ECFBC0E8ED25A0483E765F42B6] - (...) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe [560472] [PID.1480]
[MD5.F832F1505AD8B83474BD9A5B1B985E01] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [345376] [PID.1504]
[MD5.75F8FDF480DBED5358188E0EAA2020D9] - (...) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe [38912] [PID.1896]
[MD5.0DDFDCAA92C7F553328DB06BA599BEA9] - (.Logitech Inc. - Logitech LVPrcSrv Module..) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [154136] [PID.1952]
[MD5.ECAB006AC6136F1307E140B633CDB8C2] - (.McAfee, Inc. - McAfee Service Host.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784] [PID.2052]
[MD5.C59D9F880BEA416BAB4C57AD04242A71] - (.McAfee, Inc. - McAfee Access Protection.) -- C:\Program Files\McAfee\MSC\McAPexe.exe [145088] [PID.2204]
[MD5.5007E21208DA68F60EBF43352BDFE6D0] - (.McAfee, Inc. - McAfee Service Host.) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560] [PID.2052]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.2700]
[MD5.A1262E7DC2394EA04AB97D48752F7332] - (.McAfee, Inc. - McAfee Process Validation Service.) -- C:\WINDOWS\system32\mfevtps.exe [172416] [PID.2740]
[MD5.35176FA09A0FC58DB630991A81A0BA39] - (.McAfee, Inc. - McAfee Online Backup Service bootstrapper.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe [229688] [PID.2772]
[MD5.1F0F4B564BFFD1E5C319F39DC3EEA17F] - (.McAfee, Inc. - McAfee On-Access Scanner service.) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [638976] [PID.3136]
[MD5.7A9F90099CBF6FA6D4011E10F36EF0C7] - (.McAfee, Inc. - McAfee Core Firewall Service.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [169320] [PID.3168]
[MD5.037B1E7798960E0420003D05BB577EE6] - (...) -- ystem32\rundll32.exe [0] [PID.400]
[MD5.0CA8C2E721617AA2F923A8151C96FB33] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [820008] [PID.2260]
[MD5.1CE6EC1145B551E21B8C97E23878D387] - (.McAfee, Inc. - McAfee File Lock Monitor.) -- C:\Program Files\McAfee\MAT\McPvTray.exe [517960] [PID.548]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [863184] [PID.3056]
[MD5.AADD0892A428B133ABEF5EBCCE5E1799] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8281600] [PID.176]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://ca.search.yahoo.com
G2 - GCE: Preference [User Data\Default] [dhkplhfnhceodhffomolpfigojocbpcb] Babylon Translator v.1.9 (Désactivé) =>PUP.Babylon
~ Google Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl.dll
~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.babylon.com =>PUP.Babylon
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Browser Helper Objects (O2)
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} . (.Babylon BHO - No Comment.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll =>PUP.Babylon
~ BHO: 8 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: HP view - [HKLM]{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} . (.Hewlett-Packard Company - hp view toolbar.) -- c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Babylon Toolbar - [HKLM]{98889811-442D-49dd-99D7-DC866BE87DBC} . (.Babylon Ltd. - No Comment.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll =>PUP.Babylon
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Orphan key
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Desktop [AllUsers]: McAfee Total Protection.lnk . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - GS\Desktop [Michel]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Michel]: Shortcut to RECETTE3.lnk . (...) -- C:\Documents and Settings\Michel\My Documents\RECETTE3.XLW
O4 - GS\Desktop [HP_Owner]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [HP_Owner]: Help and Support.lnk . (.Microsoft Corporation - Microsoft Help and Support Center.) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
O4 - GS\Desktop [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Guest]: Help and Support.lnk . (.Microsoft Corporation - Microsoft Help and Support Center.) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
~ Global Startup: 17 Legitimates Filtered in 00mn 00s
---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [AllUsers]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - GS\Startup [AllUsers]: Updates from HP.lnk . (.Hewlett-Packard - No Comment.) -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (...) -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] . (.Windows (R) Server 2003 DDK provider - High Definition Audio Property Page Shortcu.) -- C:\WINDOWS\system32\HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] . (.Agere Systems - SoftModem Messaging Applet.) -- C:\WINDOWS\AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] . (.Hewlett-Packard - HPHupd06.) -- c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] . (.Hewlett-Packard - HPHmon06.) -- C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] . (.Hewlett-Packard Company - KBD EXE.) -- C:\HP\KBD\KBD.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [Recguard] . (.No owner - Recguard Application.) -- C:\WINDOWS\SMINST\RECGUARD.exe
O4 - HKLM\..\Run: [PS2] . (.Hewlett-Packard Company - PS2 EXE.) -- C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] . (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SOUNDMAN.exe
O4 - HKLM\..\Run: [AlcWzrd] . (.RealTek Semicoductor Corp. - RealTek AlcWzrd Application.) -- C:\WINDOWS\ALCWZRD.exe
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe
O4 - HKLM\..\Run: [LSBWatcher] . (.Hewlett-Packard Company - LightScribe Burn Watcher.) -- c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] . (...) -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe =>.Logitech Inc
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [BabylonToolbar] . (.Babylon Ltd. - No Comment.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe =>PUP.Babylon
O4 - HKLM\..\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.exe (.not file.)
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-3291444504-2448968992-2195186465-1010\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3291444504-2448968992-2195186465-1010\..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.exe (.not file.)
O4 - HKUS\S-1-5-21-3291444504-2448968992-2195186465-1010\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-21-3291444504-2448968992-2195186465-1010\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Orphan key
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Reset Web Settings' hijack (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} ((no name)) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8892C418-6AED-40AF-9878-D5E92D8B11FE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8892C418-6AED-40AF-9878-D5E92D8B11FE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{8892C418-6AED-40AF-9878-D5E92D8B11FE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Offline Network Agent.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - Secondary Logon Service Notification DLL.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Browseui preloader - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: My Current Home Page - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Michel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Michel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Registry Cleaner Pro_scan_schedule_task_2e0ba364-dcdf-450c-bb16-df4a85a48b2d.job [368]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Symantec NetDetect.job [364]
~ Scheduled Task: 6 Legitimates Filtered in 00mn 00s
---\\ Software installed (O42)
O42 - Logiciel: Babylon toolbar - (...) [HKLM] -- BabylonToolbar =>PUP.Babylon
O42 - Logiciel: IntelliMover Data Transfer Demo - (...) [HKLM] -- {14589F05-C658-4594-9429-D437BA688686}
O42 - Logiciel: PM66 V1.28 - (...) [HKLM] -- PM66 V1.28
O42 - Logiciel: Pololu Maestro USB Servo Controller - (.Pololu.) [HKLM] -- {0448BD26-40F6-43EA-B79D-66FD733256F9}
O42 - Logiciel: Updates from HP - (...) [HKLM] -- BackWeb-309731 Uninstaller
~ Logic: 57 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\BabylonToolbar] =>PUP.Babylon
[HKCU\Software\BearShare] =>PUP.BearShare
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Pololu]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\685D6D1C-D73A-4F37-B7E5E53660311DDB]
[HKLM\Software\Detto Technologies Inc.]
[HKLM\Software\DettoTechnologies]
[HKLM\Software\JL802]
[HKLM\Software\TENCENT] =>Adware.TencentAddressBar
~ Key Software: 577 Legitimates Filtered in 00mn 01s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 2011-04-20 - 15:08:47 - [1,555] ----D C:\Program Files\BabylonToolbar =>PUP.Babylon
O43 - CFD: 2011-04-06 - 14:13:47 - [0] ----D C:\Program Files\GOlive
O43 - CFD: 2011-02-17 - 14:04:42 - [5,701] ----D C:\Program Files\Pololu
O43 - CFD: 2011-11-11 - 14:11:55 - [0,004] ----D C:\Documents and Settings\All Users\Application Data\37177
O43 - CFD: 2011-04-20 - 15:09:03 - [0] ----D C:\Documents and Settings\Michel\Application Data\BabylonToolbar =>PUP.Babylon
O43 - CFD: 2011-11-11 - 14:12:01 - [74,317] ----D C:\Documents and Settings\Michel\Local Settings\Application Data\BearShare =>PUP.BearShare
O43 - CFD: 2012-08-03 - 15:39:12 - [0] ----D C:\Documents and Settings\Michel\Local Settings\Application Data\Registry Cleaner Pro
O43 - CFD: 2012-08-03 - 15:39:14 - [0,007] ----D C:\Documents and Settings\Michel\Local Settings\Application Data\Registry_Cleaner_Pro
O43 - CFD: 2011-02-07 - 14:50:55 - [0,001] ----D C:\Documents and Settings\Michel\Start Menu\Programs\PM66 V1.28
~ Program Folder: 177 Legitimates Filtered in 00mn 25s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2013-12-07 - 12:14:57 ---A- . (...) -- C:\WINDOWS\system32\Drivers\logiflt.iad [0]
O44 - LFC:[MD5.834622B29C5112346A44DD3BDADE74C7] - 2013-12-07 - 12:15:23 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.0A83E32AD17B8CE9C34F79C1FCFFEFC7] - 2013-12-07 - 12:15:35 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2013-12-07 - 13:16:48 ---A- . (...) -- C:\WINDOWS\system32\Drivers\lvuvc.hs [0]
~ Files: 12 Legitimates Filtered in 00mn 50s
---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.7D4264D2A5A0D2D5AEE993CF6CE0F41B] - 2013-12-06 - 08:16:00 ---A- - C:\WINDOWS\Prefetch\NEWPROBE.EXE-01C200F7.pf
O45 - LFCP:[MD5.7D89FA41C6620BBD0DCE3E1E8183F171] - 2013-12-06 - 09:14:40 ---A- - C:\WINDOWS\Prefetch\31.0.1650.63_31.0.1650.57_CHR-2151FDCA.pf
O45 - LFCP:[MD5.A8E0597588BDE1130A8595698DA25D80] - 2013-12-06 - 10:49:25 ---A- - C:\WINDOWS\Prefetch\MCUIHOST.EXE-19EB1CA7.pf
O45 - LFCP:[MD5.4A0B3645F985DE4640B846B1E008A6FB] - 2013-12-07 - 09:50:34 ---A- - C:\WINDOWS\Prefetch\MCMIGR~1.EXE-275F5DA9.pf
O45 - LFCP:[MD5.7F9356CBD4C034103083FD5059112734] - 2013-12-07 - 12:16:30 ---A- - C:\WINDOWS\Prefetch\MCPVTRAY.EXE-027D3FE0.pf
~ Prefetcher: 73 Legitimates Filtered in 00mn 00s
---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [Enabled] .(...) -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Michel\Local Settings\Temporary Internet Files\Content.IE5\JIF2V5MC\VideoToMp3Setup[1].exe" [Enabled] .(...) -- C:\Documents and Settings\Michel\Local Settings\Temporary Internet Files\Content.IE5\JIF2V5MC\VideoToMp3Setup[1].exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" [Enabled] .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O47 - AAKE:Key Export DP - "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" [Enabled] .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
~ Keys Export: 20 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{946850c5-1e27-11d9-baf0-806d6172696f}\AutoRun\command. (...) -- D:\setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.B562592B7F5759C99E179CA467ECFB4C] - 2004-08-04 - 20:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 2008-04-13 - 11:36:05 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.160B24FD894E79E71C983EA403A6E6E7] - 2004-03-18 - 01:10:40 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Function Driver v1.0.) -- C:\WINDOWS\system32\Drivers\Hdaudio.sys [113664]
O58 - SDL:[MD5.1A7DB7A00A4B0D8DA24CD691A4547291] - 2009-10-07 - 01:46:36 ---A- . (...) -- C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [25752]
O58 - SDL:[MD5.C53775780148884AC87C455489A0C070] - 2004-08-03 - 22:41:40 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686]
O58 - SDL:[MD5.54886A652BF5685192141DF304E923FD] - 2004-08-03 - 22:41:38 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184]
O58 - SDL:[MD5.6DDA78A0BE692B61B668FAB860F276CF] - 2004-08-03 - 22:29:38 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736]
O58 - SDL:[MD5.576B34CEAE5B7E5D9FD2775E93B3DB53] - 2004-08-03 - 22:41:40 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360]
O58 - SDL:[MD5.231F133B4A5A04307ABD95CAC80FD063] - 2000-03-23 - 07:42:24 ---A- . (.PC-Doctor Inc. - PC-Doctor NT Support Driver.) -- C:\WINDOWS\system32\Drivers\PcdrNt.sys [44192]
O58 - SDL:[MD5.444F122E68DB44C0589227781F3C8B3F] - 2003-09-19 - 10:47:00 ---A- . (.Padus, Inc. - Padus(R) ASPI Shell.) -- C:\WINDOWS\system32\Drivers\pfc.sys [10368]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 2004-08-03 - 22:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.E9AAA0092D74A9D371659C4C38882E12] - 2004-08-03 - 22:41:40 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776]
O58 - SDL:[MD5.D9673011648A71ED1E1F77B831BC85E6] - 2004-08-03 - 22:41:42 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535]
O58 - SDL:[MD5.2C1779C0FEB1F4A6033600305EBA623A] - 2004-08-03 - 22:41:44 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990]
O58 - SDL:[MD5.F9B8E30E82EE95CF3E1D3E495599B99C] - 2004-08-03 - 22:41:46 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424]
O58 - SDL:[MD5.DB56BB2C55723815CF549D7FC50CFCEB] - 2004-08-03 - 22:41:46 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 2004-08-04 - 20:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.390A2A9B42F315338E392A39E4A78C57] - 2002-11-14 - 15:55:40 ---A- . (.Windows (R) 2000 DDK provider - Universal Serial Bus Camera Driver.) -- C:\WINDOWS\system32\Drivers\videocap.sys [177880]
O58 - SDL:[MD5.A51F4DABCE9B424451BA2ED1271D1C1C] - 2005-05-15 - 22:29:16 R--A- . (.Windows (R) 2000 DDK provider - W55U01 USB Driver.) -- C:\WINDOWS\system32\Drivers\W55U01.sys [15232]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2004-08-04 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9029]
O58 - SDL:[MD5.5E2F6621A5B43A4E005C620FBE921F6C] - 2005-05-03 - 22:48:36 ---A- . (...) -- C:\WINDOWS\system32\CHODDI.SYS [14554]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 2004-08-04 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4768]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 2004-08-04 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.4FE09F868CE65B334B42862C372C69CC] - 2004-08-04 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33840]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 5 Legitimates Filtered in 00mn 02s
---\\ Last modified or created user files (O61)
O61 - LFC: 2013-12-04 - 13:41:52 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\LightScribe\log\log2236.txt [0]
O61 - LFC: 2013-12-04 - 13:41:52 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\LightScribe\log\log472.txt [114]
O61 - LFC: 2013-12-04 - 13:41:52 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\LightScribe\log\log488.txt [114]
O61 - LFC: 2013-12-04 - 13:42:28 ---A- . (.MICHEL NAESSENS.) -- C:\Documents and Settings\Michel\My Documents\Downloads\TEmballage Crown.xls [36864]
O61 - LFC: 2013-12-04 - 13:42:36 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\18 pouces 004.lnk [737]
O61 - LFC: 2013-12-04 - 13:42:36 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\225 60 17 001.lnk [737]
O61 - LFC: 2013-12-04 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\RootkitRemover_20131204_191653.lnk [341]
O61 - LFC: 2013-12-04 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\TEmballage Crown.lnk [598]
O61 - LFC: 2013-12-05 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db [7168]
O61 - LFC: 2013-12-05 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db-journal [5672]
O61 - LFC: 2013-12-05 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager [13312]
O61 - LFC: 2013-12-05 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager-journal [6704]
O61 - LFC: 2013-12-05 - 13:41:52 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\LightScribe\log\log2996.txt [0]
O61 - LFC: 2013-12-05 - 13:41:52 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\LightScribe\log\log3012.txt [0]
O61 - LFC: 2013-12-05 - 13:41:52 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\LightScribe\log\log496.txt [114]
O61 - LFC: 2013-12-05 - 13:42:28 ---A- . (...) -- C:\Documents and Settings\Michel\My Documents\Downloads\RogueKiller.exe [3580416]
O61 - LFC: 2013-12-05 - 13:42:33 ---A- . (...) -- C:\Documents and Settings\Michel\My Documents\RECETTE3.XLW [628736]
O61 - LFC: 2013-12-05 - 13:42:33 -SHA- . (...) -- C:\Documents and Settings\Michel\My Documents\My Pictures\Thumbs.db [582144]
O61 - LFC: 2013-12-05 - 13:42:36 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\18 pouces 003.lnk [737]
O61 - LFC: 2013-12-05 - 13:42:36 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\235 55 18.lnk [502]
O61 - LFC: 2013-12-05 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\RECETTE3.lnk [275]
O61 - LFC: 2013-12-05 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\Removable Disk (K).lnk [179]
O61 - LFC: 2013-12-05 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\Roguekiller rapport du 5 dec 2013.lnk [622]
O61 - LFC: 2013-12-05 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\RootkitRemover_20131204_192739.lnk [607]
O61 - LFC: 2013-12-05 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\RootkitRemover_20131204_192902.lnk [607]
O61 - LFC: 2013-12-05 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\toyo225 60 18 001.lnk [757]
O61 - LFC: 2013-12-06 - 13:41:06 -SHA- . (...) -- C:\Documents and Settings\Michel\IECompatCache\index.dat [16384]
O61 - LFC: 2013-12-06 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Bookmarks [88926]
O61 - LFC: 2013-12-06 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Bookmarks.bak [88926]
O61 - LFC: 2013-12-06 - 13:41:52 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\LightScribe\log\log3708.txt [0]
O61 - LFC: 2013-12-06 - 13:42:36 -SHA- . (...) -- C:\Documents and Settings\Michel\PrivacIE\index.dat [16187392]
O61 - LFC: 2013-12-06 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\ski 002.lnk [707]
O61 - LFC: 2013-12-07 - 13:40:48 -SHA- . (...) -- C:\Documents and Settings\Michel\Application Data\Microsoft\Credentials\S-1-5-21-3291444504-2448968992-2195186465-1010\Credentials [492]
O61 - LFC: 2013-12-07 - 13:41:00 ---A- . (...) -- C:\Documents and Settings\Michel\Application Data\ZHP\Log.txt [19436] =>.Nicolas Coolman
O61 - LFC: 2013-12-07 - 13:41:00 ---A- . (...) -- C:\Documents and Settings\Michel\Application Data\ZHP\TestsZHPDiag.txt [3241] =>.Nicolas Coolman
O61 - LFC: 2013-12-07 - 13:41:06 -SHA- . (...) -- C:\Documents and Settings\Michel\IETldCache\index.dat [262144]
O61 - LFC: 2013-12-07 - 13:41:08 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Certificate Revocation Lists [265395]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Archived History [57344]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Archived History-journal [512]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies [1054720]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal [16384]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT [16]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG [151]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG.old [151]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\CURRENT [16]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG [154]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG.old [154]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-011285 [615]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons [925696]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons-journal [16384]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_0 [8192]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_1 [270336]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_2 [8192]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_3 [8192]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\index [262512]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\History [151552]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\History Provider Cache [3126]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal [16384]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Last Session [22130]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Last Tabs [10464]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage [75776]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal [3608]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_googleads.g.doubleclick.net_0.localstorage [3072]
O61 - LFC: 2013-12-07 - 13:41:12 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_googleads.g.doubleclick.net_0.localstorage-journal [512]
O61 - LFC: 2013-12-07 - 13:41:12 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor [147456]
O61 - LFC: 2013-12-07 - 13:41:12 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor-journal [16384]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs [29696]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs-journal [16384]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [37386]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\018294.ldb [147]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\018296.ldb [163345]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\018299.ldb [51914]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\CURRENT [16]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG [281]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG.old [277]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\MANIFEST-018298 [216]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts [12288]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts-journal [16384]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites [20480]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites-journal [12824]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\TransportSecurity [321]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Visited Links [131072]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data [428032]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal [16384]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Local State [48036]
O61 - LFC: 2013-12-07 - 13:41:50 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom [7987492]
O61 - LFC: 2013-12-07 - 13:41:50 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set [1372948]
O61 - LFC: 2013-12-07 - 13:41:50 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies [6144]
O61 - LFC: 2013-12-07 - 13:41:50 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies-journal [4640]
O61 - LFC: 2013-12-07 - 13:41:50 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Csd Whitelist [135336]
O61 - LFC: 2013-12-07 - 13:41:50 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download [1258936]
O61 - LFC: 2013-12-07 - 13:41:50 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download Whitelist [19492]
O61 - LFC: 2013-12-07 - 13:41:50 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Extension Blacklist [6840]
O61 - LFC: 2013-12-07 - 13:41:52 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\LightScribe\log\log1256.txt [0]
O61 - LFC: 2013-12-07 - 13:41:52 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\LightScribe\log\log480.txt [114]
O61 - LFC: 2013-12-07 - 13:42:36 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\18 pouces 006.lnk [737]
O61 - LFC: 2013-12-07 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\My Pictures.lnk [481]
O61 - LFC: 2013-12-07 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\ski 004.lnk [707]
O61 - LFC: 2013-12-07 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\ski 005.lnk [707]
O61 - LFC: 2013-12-07 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\ski 006.lnk [707]
O61 - LFC: 2013-12-07 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\toyo225 60 18 002.lnk [757]
~ 23 Fichiers temporaires (Temporary files)
~ 17 Fichiers cookies (Cookies files)
~ Files: 420 Legitimates Filtered in 01mn 51s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 2013-11-04 - C:\WINDOWS\system32\mfevtps.exe (mfevtp) .(.McAfee, Inc. - McAfee Process Validation Service.) - LEGACY_MFEVTP
~ Legacy: 176 Legitimates Filtered in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][2010-09-24] (...) -- C:\Documents and Settings\Michel\Application Data\wklnhst.dat [0]
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "62DB84406F04AE347BD966DF3723659F" . (.Pololu Maestro USB Servo Controller.) -- C:\WINDOWS\Installer\{0448BD26-40F6-43EA-B79D-66FD733256F9}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "E16766C0A7943EB4EAD0E83CF09C9AAA" . (.PC-Doctor for Windows.) -- C:\Program Files\PC-Doctor for Windows\Pcdrw32.exe
~ Update Products: 76 Legitimates Filtered in 00mn 00s
---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.98A9D0CFFE233B00706CF2A6230C0BE1] [WIS][2005-05-03] (.PC-Doctor, Inc. - PC-Doctor for Windows Installer.) -- C:\Windows\Installer\104d6.msi [5117440]
[MD5.B9AF517CBADE46910C5348C09472210E] [WIS][2013-02-10] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\1d2188e.msi [20717568]
~ WIS: 74 Legitimates Filtered in 00mn 07s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 2008-04-13 224768 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 2011-03-11 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2011-03-11 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2011-05-09 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 2013-08-02 471592 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Disabled 2013-07-30 281560 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SS - | Disabled 2013-07-30 281560 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SS - | Auto 2004-09-29 69632 | (Pml Driver HPZ12) . (.HP.) - C:\WINDOWS\system32\HPZipm12.exe
SS - | Auto 2013-02-28 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 2008-01-29 394704 | (Symantec RemoteAssist) . (.Symantec, Inc..) - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
SR - | Auto 2010-10-16 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 2010-10-07 345376 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 2013-07-30 281560 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Demand 2010-11-17 820008 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 2004-09-23 38912 | (LightScribeService) . (...) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 2009-10-07 154136 | (LVPrcSrv) . (.Logitech Inc..) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
SR - | Auto 2012-08-31 167784 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
SR - | Auto 2013-09-24 145088 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Disabled 2013-07-30 281560 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 2013-07-30 281560 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 2013-07-30 281560 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 2013-09-20 638976 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 2013-11-04 169320 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 2013-11-04 172416 | (mfevtp) . (.McAfee, Inc..) - C:\WINDOWS\system32\mfevtps.exe
SR - | Auto 2010-04-13 229688 | (MOBKbackup) . (.McAfee, Inc..) - C:\Program Files\McAfee Online Backup\MOBKbackup.exe
~ Services: Scanned in 00mn 08s
---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Michel at 2013-12-07 13:44:04
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EE1A0] >> \Device\Harddisk0\DR0[0x8B1E4AB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 12 Legitimates Filtered in 00mn 02s
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Michel at 2013-12-07 13:44:06
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 13011 - (2013-12-06)
Clés trouvées (Keys found) : 46
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 3
[HKLM\Software\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb] =>PUP.Babylon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}] =>PUP.Babylon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar] =>PUP.Babylon^
[HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Softw
~ Report of ZHPDiag v2013.12.6.12 - Nicolas Coolman (2013-12-06)
~ Launched by Michel (2013-12-07 13:39:01)
~ Web site address : http://nicolascoolman.webs.com
~ Free support forums for disinfection : http://nicolascoolman.webs.com/apps/links/
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Not Found
---\\ Internet browsers
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome v31.0.1650.63 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows XP Home Edition Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO
---\\ System protection software
---\\ System optimization software
CCleaner v3.21 =>Piriform Ltd
---\\ Sharing software PeerToPeer
---\\ Surveillance software
Adobe Flash Player 10 ActiveX
Adobe Reader 8.2.0 - Français
---\\ Information on the system
~ Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3191 MB (71% free)
System Restore: Activé (Enable)
System drive C: has 255 GB (87%) free of 293 GB
---\\ Connection to the system mode
~ Computer Name: YOUR-4F1261A8E5
~ User Name: Michel
~ All Users Names: SUPPORT_fddfa904, SUPPORT_388945a0, Michel, HP_Owner, HelpAssistant, Guest, ASPNET, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Michel\Application Data\ZHP\
~ %AppData% : C:\Documents and Settings\Michel\Application Data\
~ %Desktop% : C:\Documents and Settings\Michel\Desktop\
~ %Favorites% : C:\Documents and Settings\Michel\Favorites\
~ %LocalAppData% : C:\Documents and Settings\Michel\Local Settings\Application Data\
~ %StartMenu% : C:\Documents and Settings\Michel\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 255 Go of 293 Go)
D: Hard drive, Flash drive, Thumb drive (Free 0 Go of 6 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ State of the Windows Security Center
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Search Generic System Files
[MD5.12896823FB95BFB3DC9B46BCAEDC9923] - (.Microsoft Corporation - Windows Explorer.) (.2008-04-13 - 19:12:19.) -- C:\WINDOWS\Explorer.exe [1033728]
[MD5.C5ACAB147F9697F40ECEBB4BC0247EBF] - (.Microsoft Corporation - Internet Extensions for Win32.) (.2013-10-13 - 02:25:38.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.ED0EF0A136DEC83DF69F04118870003E] - (.Microsoft Corporation - Windows NT Logon Application.) (.2008-04-13 - 19:12:39.) -- C:\WINDOWS\system32\Winlogon.exe [507904]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2011-08-17 - 08:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.2008-04-13 - 13:40:30.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2008-04-13 - 14:14:21.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2008-04-13 - 13:40:46.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.D45926117EB9FA946A6AF572FBE1CAA3] - (.Microsoft Corporation - FIPS Crypto Driver.) (.2008-04-13 - 13:33:28.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44544]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.2008-04-13 - 11:36:05.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.4A0B06AA8943C1E332520F7440C0AA30] - (.Microsoft Corporation - i8042 Port Driver.) (.2008-04-13 - 14:18:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [52480]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.2008-04-13 - 13:40:58.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.2008-04-13 - 13:57:15.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.2008-04-13 - 14:19:42.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011-07-15 - 08:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.2008-04-13 - 14:21:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.2008-04-13 - 14:15:53.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.5575FAF8F97CE5E713D108C2A58D7C7C] - (.Microsoft Corporation - Parallel Port Driver.) (.2008-04-13 - 13:40:10.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80128]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2008-04-13 - 14:19:43.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2008-04-13 - 13:32:51.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.F828DD7E1419B6653894A8F97A0094C5] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.2008-04-13 - 13:40:27.) -- C:\WINDOWS\system32\Drivers\redbook.sys [57600]
[MD5.4C8FCB5CC53AAB716D810740FE59D025] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.2008-04-13 - 13:41:01.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [52352]
~ Generic Processes: Scanned in 00mn 00s
---\\ Hidden files state (Hidden/Total)
~ Mes images (My Pictures) : 2/204
~ Mes musiques (My Musics) : 1/93
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/204
~ Mes Documents (My Documents) : 1/1118
~ Mon Bureau (My Desktop) : 0/19
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn 02s
---\\ Process running
[MD5.ED85B344E6EDC30C1BC57EC1A2A56BF3] - (...) -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [32881] [PID.296]
[MD5.06A1ECB63DF139EC639E084D4AB3C9D7] - (.Hewlett-Packard Company - hpsysdrv.) -- C:\windows\system\hpsysdrv.exe [52736] [PID.304]
[MD5.D7ACBC053673F37505B6E2B3C4444F74] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [126976] [PID.328]
[MD5.E7BE65BF79906AEBC698E077D53F6A1C] - (.Agere Systems - SoftModem Messaging Applet.) -- C:\WINDOWS\AGRSMMSG.exe [88363] [PID.292]
[MD5.4A95F15B706B8FD9EC8715B6401EAB7B] - (.Hewlett-Packard Company - KBD EXE.) -- C:\HP\KBD\KBD.exe [61440] [PID.360]
[MD5.7237366A57A26B7ED71C9B081FBDD6EB] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [180269] [PID.364]
[MD5.4507BAD213F0B3FF5CDDFAF1A665F501] - (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SOUNDMAN.exe [77824] [PID.456]
[MD5.42BC5F3F941653F0FEEFA6A993D35C68] - (.RealTek Semicoductor Corp. - RealTek AlcWzrd Application.) -- C:\WINDOWS\ALCWZRD.exe [2742272] [PID.464]
[MD5.C7C8B79223E36655D4F214ACA885739C] - (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe [57344] [PID.472]
[MD5.69581380E69C8DCE30EDE2A463C912EE] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe [421888] [PID.488]
[MD5.2DFCB2393528446AEB9FB861A8FC39AB] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [421160] [PID.500]
[MD5.2589FFE360BED8F824CBC6171CB5B874] - (...) -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304] [PID.536]
[MD5.BAD6BEA0DE1F69C82BDB74378CE0C20A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288] [PID.580]
[MD5.000A83380536DF86EFE77D020D812F96] - (.Babylon Ltd. - No Comment.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe [286720] [PID.624] =>PUP.Babylon
[MD5.C519CEC624CF9BCBA3059F32266C8FFF] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [258048] [PID.824]
[MD5.74557BFD04530E512DBB9C151C4DA110] - (.McAfee, Inc. - McAfee.) -- C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [499384] [PID.1056]
[MD5.061380AFF32EC10474B2B355499B6E35] - (.Hewlett-Packard - No Comment.) -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [45056] [PID.1168]
[MD5.018857EAD9A077A56AEDFC0E5EF7A24A] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [37664] [PID.1288]
[MD5.98D472ECFBC0E8ED25A0483E765F42B6] - (...) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe [560472] [PID.1480]
[MD5.F832F1505AD8B83474BD9A5B1B985E01] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [345376] [PID.1504]
[MD5.75F8FDF480DBED5358188E0EAA2020D9] - (...) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe [38912] [PID.1896]
[MD5.0DDFDCAA92C7F553328DB06BA599BEA9] - (.Logitech Inc. - Logitech LVPrcSrv Module..) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [154136] [PID.1952]
[MD5.ECAB006AC6136F1307E140B633CDB8C2] - (.McAfee, Inc. - McAfee Service Host.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784] [PID.2052]
[MD5.C59D9F880BEA416BAB4C57AD04242A71] - (.McAfee, Inc. - McAfee Access Protection.) -- C:\Program Files\McAfee\MSC\McAPexe.exe [145088] [PID.2204]
[MD5.5007E21208DA68F60EBF43352BDFE6D0] - (.McAfee, Inc. - McAfee Service Host.) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560] [PID.2052]
[MD5.11F714F85530A2BD134074DC30E99FCA] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe [322120] [PID.2700]
[MD5.A1262E7DC2394EA04AB97D48752F7332] - (.McAfee, Inc. - McAfee Process Validation Service.) -- C:\WINDOWS\system32\mfevtps.exe [172416] [PID.2740]
[MD5.35176FA09A0FC58DB630991A81A0BA39] - (.McAfee, Inc. - McAfee Online Backup Service bootstrapper.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe [229688] [PID.2772]
[MD5.1F0F4B564BFFD1E5C319F39DC3EEA17F] - (.McAfee, Inc. - McAfee On-Access Scanner service.) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [638976] [PID.3136]
[MD5.7A9F90099CBF6FA6D4011E10F36EF0C7] - (.McAfee, Inc. - McAfee Core Firewall Service.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [169320] [PID.3168]
[MD5.037B1E7798960E0420003D05BB577EE6] - (...) -- ystem32\rundll32.exe [0] [PID.400]
[MD5.0CA8C2E721617AA2F923A8151C96FB33] - (.Apple Inc. - iPodService Module (32-bit).) -- C:\Program Files\iPod\bin\iPodService.exe [820008] [PID.2260]
[MD5.1CE6EC1145B551E21B8C97E23878D387] - (.McAfee, Inc. - McAfee File Lock Monitor.) -- C:\Program Files\McAfee\MAT\McPvTray.exe [517960] [PID.548]
[MD5.376A9B411BF8B77D5BF84B24D0C7DACD] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [863184] [PID.3056]
[MD5.AADD0892A428B133ABEF5EBCCE5E1799] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8281600] [PID.176]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] http://ca.search.yahoo.com
G2 - GCE: Preference [User Data\Default] [dhkplhfnhceodhffomolpfigojocbpcb] Babylon Translator v.1.9 (Désactivé) =>PUP.Babylon
~ Google Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@mcafee.com/MSC,version=10] - (...) -- C:\Program Files\McAfee\MSC\npMcSnFFPl.dll
~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://search.babylon.com =>PUP.Babylon
~ IE Browser: 13 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19
---\\ Browser Helper Objects (O2)
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} . (.Babylon BHO - No Comment.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll =>PUP.Babylon
~ BHO: 8 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer toolbars (O3)
O3 - Toolbar: HP view - [HKLM]{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} . (.Hewlett-Packard Company - hp view toolbar.) -- c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Babylon Toolbar - [HKLM]{98889811-442D-49dd-99D7-DC866BE87DBC} . (.Babylon Ltd. - No Comment.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll =>PUP.Babylon
O3 - Toolbar: McAfee SiteAdvisor Toolbar - [HKLM]{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} . (.McAfee, Inc. - SiteAdvisor.) -- C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Orphan key
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Orphan key
~ Toolbar: Scanned in 00mn 00s
---\\ Other User Links (O4)
O4 - GS\Desktop [AllUsers]: McAfee Total Protection.lnk . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - GS\Desktop [Michel]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Michel]: Shortcut to RECETTE3.lnk . (...) -- C:\Documents and Settings\Michel\My Documents\RECETTE3.XLW
O4 - GS\Desktop [HP_Owner]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [HP_Owner]: Help and Support.lnk . (.Microsoft Corporation - Microsoft Help and Support Center.) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
O4 - GS\Desktop [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Guest]: Help and Support.lnk . (.Microsoft Corporation - Microsoft Help and Support Center.) -- C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
~ Global Startup: 17 Legitimates Filtered in 00mn 00s
---\\ Auto loading programs from Registry and folders (O4)
O4 - GS\Startup [AllUsers]: HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe =>.Hewlett-Packard Co
O4 - GS\Startup [AllUsers]: Updates from HP.lnk . (.Hewlett-Packard - No Comment.) -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (...) -- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] . (.Windows (R) Server 2003 DDK provider - High Definition Audio Property Page Shortcu.) -- C:\WINDOWS\system32\HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] . (.Agere Systems - SoftModem Messaging Applet.) -- C:\WINDOWS\AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] . (.Hewlett-Packard - HPHupd06.) -- c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] . (.Hewlett-Packard - HPHmon06.) -- C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] . (.Hewlett-Packard Company - KBD EXE.) -- C:\HP\KBD\KBD.exe
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [Recguard] . (.No owner - Recguard Application.) -- C:\WINDOWS\SMINST\RECGUARD.exe
O4 - HKLM\..\Run: [PS2] . (.Hewlett-Packard Company - PS2 EXE.) -- C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [SoundMan] . (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SOUNDMAN.exe
O4 - HKLM\..\Run: [AlcWzrd] . (.RealTek Semicoductor Corp. - RealTek AlcWzrd Application.) -- C:\WINDOWS\ALCWZRD.exe
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe
O4 - HKLM\..\Run: [LSBWatcher] . (.Hewlett-Packard Company - LightScribe Burn Watcher.) -- c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\qttask.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] . (...) -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe =>.Logitech Inc
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [BabylonToolbar] . (.Babylon Ltd. - No Comment.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe =>PUP.Babylon
O4 - HKLM\..\Run: [mcui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [mcpltui_exe] . (.McAfee, Inc. - McAfee Security Center.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.exe (.not file.)
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-3291444504-2448968992-2195186465-1010\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3291444504-2448968992-2195186465-1010\..\Run: [MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.exe (.not file.)
O4 - HKUS\S-1-5-21-3291444504-2448968992-2195186465-1010\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - HKUS\S-1-5-21-3291444504-2448968992-2195186465-1010\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Orphan key
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Orphan key
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Reset Web Settings' hijack (O14)
O14 - IERESET.INF: START_PAGE_URL=START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="ie.search.msn.com"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ ActiveX Objects (Downloaded Program Files) (O16)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} ((no name)) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} ((no name)) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8892C418-6AED-40AF-9878-D5E92D8B11FE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{8892C418-6AED-40AF-9878-D5E92D8B11FE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{8892C418-6AED-40AF-9878-D5E92D8B11FE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s
---\\ Extra protocols (O18)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ AppInit_DLLs Registry value Autorun (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Offline Network Agent.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - Secondary Logon Service Notification DLL.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - Common DLL to receive Winlogon notification.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ SharedTaskScheduler (O22)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Browseui preloader - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browser UI Library.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Desktop Component 0: My Current Home Page - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Michel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Michel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ Task Planned Automatically (039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Registry Cleaner Pro_scan_schedule_task_2e0ba364-dcdf-450c-bb16-df4a85a48b2d.job [368]
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\Symantec NetDetect.job [364]
~ Scheduled Task: 6 Legitimates Filtered in 00mn 00s
---\\ Software installed (O42)
O42 - Logiciel: Babylon toolbar - (...) [HKLM] -- BabylonToolbar =>PUP.Babylon
O42 - Logiciel: IntelliMover Data Transfer Demo - (...) [HKLM] -- {14589F05-C658-4594-9429-D437BA688686}
O42 - Logiciel: PM66 V1.28 - (...) [HKLM] -- PM66 V1.28
O42 - Logiciel: Pololu Maestro USB Servo Controller - (.Pololu.) [HKLM] -- {0448BD26-40F6-43EA-B79D-66FD733256F9}
O42 - Logiciel: Updates from HP - (...) [HKLM] -- BackWeb-309731 Uninstaller
~ Logic: 57 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\BabylonToolbar] =>PUP.Babylon
[HKCU\Software\BearShare] =>PUP.BearShare
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Pololu]
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\685D6D1C-D73A-4F37-B7E5E53660311DDB]
[HKLM\Software\Detto Technologies Inc.]
[HKLM\Software\DettoTechnologies]
[HKLM\Software\JL802]
[HKLM\Software\TENCENT] =>Adware.TencentAddressBar
~ Key Software: 577 Legitimates Filtered in 00mn 01s
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 2011-04-20 - 15:08:47 - [1,555] ----D C:\Program Files\BabylonToolbar =>PUP.Babylon
O43 - CFD: 2011-04-06 - 14:13:47 - [0] ----D C:\Program Files\GOlive
O43 - CFD: 2011-02-17 - 14:04:42 - [5,701] ----D C:\Program Files\Pololu
O43 - CFD: 2011-11-11 - 14:11:55 - [0,004] ----D C:\Documents and Settings\All Users\Application Data\37177
O43 - CFD: 2011-04-20 - 15:09:03 - [0] ----D C:\Documents and Settings\Michel\Application Data\BabylonToolbar =>PUP.Babylon
O43 - CFD: 2011-11-11 - 14:12:01 - [74,317] ----D C:\Documents and Settings\Michel\Local Settings\Application Data\BearShare =>PUP.BearShare
O43 - CFD: 2012-08-03 - 15:39:12 - [0] ----D C:\Documents and Settings\Michel\Local Settings\Application Data\Registry Cleaner Pro
O43 - CFD: 2012-08-03 - 15:39:14 - [0,007] ----D C:\Documents and Settings\Michel\Local Settings\Application Data\Registry_Cleaner_Pro
O43 - CFD: 2011-02-07 - 14:50:55 - [0,001] ----D C:\Documents and Settings\Michel\Start Menu\Programs\PM66 V1.28
~ Program Folder: 177 Legitimates Filtered in 00mn 25s
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2013-12-07 - 12:14:57 ---A- . (...) -- C:\WINDOWS\system32\Drivers\logiflt.iad [0]
O44 - LFC:[MD5.834622B29C5112346A44DD3BDADE74C7] - 2013-12-07 - 12:15:23 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.0A83E32AD17B8CE9C34F79C1FCFFEFC7] - 2013-12-07 - 12:15:35 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 2013-12-07 - 13:16:48 ---A- . (...) -- C:\WINDOWS\system32\Drivers\lvuvc.hs [0]
~ Files: 12 Legitimates Filtered in 00mn 50s
---\\ Last files created in Windows Prefetcher (O45)
O45 - LFCP:[MD5.7D4264D2A5A0D2D5AEE993CF6CE0F41B] - 2013-12-06 - 08:16:00 ---A- - C:\WINDOWS\Prefetch\NEWPROBE.EXE-01C200F7.pf
O45 - LFCP:[MD5.7D89FA41C6620BBD0DCE3E1E8183F171] - 2013-12-06 - 09:14:40 ---A- - C:\WINDOWS\Prefetch\31.0.1650.63_31.0.1650.57_CHR-2151FDCA.pf
O45 - LFCP:[MD5.A8E0597588BDE1130A8595698DA25D80] - 2013-12-06 - 10:49:25 ---A- - C:\WINDOWS\Prefetch\MCUIHOST.EXE-19EB1CA7.pf
O45 - LFCP:[MD5.4A0B3645F985DE4640B846B1E008A6FB] - 2013-12-07 - 09:50:34 ---A- - C:\WINDOWS\Prefetch\MCMIGR~1.EXE-275F5DA9.pf
O45 - LFCP:[MD5.7F9356CBD4C034103083FD5059112734] - 2013-12-07 - 12:16:30 ---A- - C:\WINDOWS\Prefetch\MCPVTRAY.EXE-027D3FE0.pf
~ Prefetcher: 73 Legitimates Filtered in 00mn 00s
---\\ Operations and functions at Windows Explorer startup (O46)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Export authorized application key (O47)
O47 - AAKE:Key Export SP - "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [Enabled] .(...) -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Documents and Settings\Michel\Local Settings\Temporary Internet Files\Content.IE5\JIF2V5MC\VideoToMp3Setup[1].exe" [Enabled] .(...) -- C:\Documents and Settings\Michel\Local Settings\Temporary Internet Files\Content.IE5\JIF2V5MC\VideoToMp3Setup[1].exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" [Enabled] .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
O47 - AAKE:Key Export DP - "C:\Program Files\BearShare Applications\BearShare\BearShare.exe" [Enabled] .(...) -- C:\Program Files\BearShare Applications\BearShare\BearShare.exe (.not file.) =>PUP.BearShare
~ Keys Export: 20 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{946850c5-1e27-11d9-baf0-806d6172696f}\AutoRun\command. (...) -- D:\setup.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.B562592B7F5759C99E179CA467ECFB4C] - 2004-08-04 - 20:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 2008-04-13 - 11:36:05 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.160B24FD894E79E71C983EA403A6E6E7] - 2004-03-18 - 01:10:40 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Function Driver v1.0.) -- C:\WINDOWS\system32\Drivers\Hdaudio.sys [113664]
O58 - SDL:[MD5.1A7DB7A00A4B0D8DA24CD691A4547291] - 2009-10-07 - 01:46:36 ---A- . (...) -- C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [25752]
O58 - SDL:[MD5.C53775780148884AC87C455489A0C070] - 2004-08-03 - 22:41:40 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys [126686]
O58 - SDL:[MD5.54886A652BF5685192141DF304E923FD] - 2004-08-03 - 22:41:38 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys [1309184]
O58 - SDL:[MD5.6DDA78A0BE692B61B668FAB860F276CF] - 2004-08-03 - 22:29:38 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys [452736]
O58 - SDL:[MD5.576B34CEAE5B7E5D9FD2775E93B3DB53] - 2004-08-03 - 22:41:40 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys [180360]
O58 - SDL:[MD5.231F133B4A5A04307ABD95CAC80FD063] - 2000-03-23 - 07:42:24 ---A- . (.PC-Doctor Inc. - PC-Doctor NT Support Driver.) -- C:\WINDOWS\system32\Drivers\PcdrNt.sys [44192]
O58 - SDL:[MD5.444F122E68DB44C0589227781F3C8B3F] - 2003-09-19 - 10:47:00 ---A- . (.Padus, Inc. - Padus(R) ASPI Shell.) -- C:\WINDOWS\system32\Drivers\pfc.sys [10368]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 2004-08-03 - 22:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.E9AAA0092D74A9D371659C4C38882E12] - 2004-08-03 - 22:41:40 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\recagent.sys [13776]
O58 - SDL:[MD5.D9673011648A71ED1E1F77B831BC85E6] - 2004-08-03 - 22:41:42 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys [129535]
O58 - SDL:[MD5.2C1779C0FEB1F4A6033600305EBA623A] - 2004-08-03 - 22:41:44 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slntamr.sys [404990]
O58 - SDL:[MD5.F9B8E30E82EE95CF3E1D3E495599B99C] - 2004-08-03 - 22:41:46 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnthal.sys [95424]
O58 - SDL:[MD5.DB56BB2C55723815CF549D7FC50CFCEB] - 2004-08-03 - 22:41:46 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys [13240]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 2004-08-04 - 20:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.390A2A9B42F315338E392A39E4A78C57] - 2002-11-14 - 15:55:40 ---A- . (.Windows (R) 2000 DDK provider - Universal Serial Bus Camera Driver.) -- C:\WINDOWS\system32\Drivers\videocap.sys [177880]
O58 - SDL:[MD5.A51F4DABCE9B424451BA2ED1271D1C1C] - 2005-05-15 - 22:29:16 R--A- . (.Windows (R) 2000 DDK provider - W55U01 USB Driver.) -- C:\WINDOWS\system32\Drivers\W55U01.sys [15232]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2004-08-04 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9029]
O58 - SDL:[MD5.5E2F6621A5B43A4E005C620FBE921F6C] - 2005-05-03 - 22:48:36 ---A- . (...) -- C:\WINDOWS\system32\CHODDI.SYS [14554]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 2004-08-04 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4768]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 2004-08-04 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.4FE09F868CE65B334B42862C372C69CC] - 2004-08-04 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33840]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 2004-08-03 - 22:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 5 Legitimates Filtered in 00mn 02s
---\\ Last modified or created user files (O61)
O61 - LFC: 2013-12-04 - 13:41:52 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\LightScribe\log\log2236.txt [0]
O61 - LFC: 2013-12-04 - 13:41:52 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\LightScribe\log\log472.txt [114]
O61 - LFC: 2013-12-04 - 13:41:52 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\LightScribe\log\log488.txt [114]
O61 - LFC: 2013-12-04 - 13:42:28 ---A- . (.MICHEL NAESSENS.) -- C:\Documents and Settings\Michel\My Documents\Downloads\TEmballage Crown.xls [36864]
O61 - LFC: 2013-12-04 - 13:42:36 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\18 pouces 004.lnk [737]
O61 - LFC: 2013-12-04 - 13:42:36 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\225 60 17 001.lnk [737]
O61 - LFC: 2013-12-04 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\RootkitRemover_20131204_191653.lnk [341]
O61 - LFC: 2013-12-04 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\TEmballage Crown.lnk [598]
O61 - LFC: 2013-12-05 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db [7168]
O61 - LFC: 2013-12-05 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db-journal [5672]
O61 - LFC: 2013-12-05 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager [13312]
O61 - LFC: 2013-12-05 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\QuotaManager-journal [6704]
O61 - LFC: 2013-12-05 - 13:41:52 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\LightScribe\log\log2996.txt [0]
O61 - LFC: 2013-12-05 - 13:41:52 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\LightScribe\log\log3012.txt [0]
O61 - LFC: 2013-12-05 - 13:41:52 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\LightScribe\log\log496.txt [114]
O61 - LFC: 2013-12-05 - 13:42:28 ---A- . (...) -- C:\Documents and Settings\Michel\My Documents\Downloads\RogueKiller.exe [3580416]
O61 - LFC: 2013-12-05 - 13:42:33 ---A- . (...) -- C:\Documents and Settings\Michel\My Documents\RECETTE3.XLW [628736]
O61 - LFC: 2013-12-05 - 13:42:33 -SHA- . (...) -- C:\Documents and Settings\Michel\My Documents\My Pictures\Thumbs.db [582144]
O61 - LFC: 2013-12-05 - 13:42:36 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\18 pouces 003.lnk [737]
O61 - LFC: 2013-12-05 - 13:42:36 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\235 55 18.lnk [502]
O61 - LFC: 2013-12-05 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\RECETTE3.lnk [275]
O61 - LFC: 2013-12-05 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\Removable Disk (K).lnk [179]
O61 - LFC: 2013-12-05 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\Roguekiller rapport du 5 dec 2013.lnk [622]
O61 - LFC: 2013-12-05 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\RootkitRemover_20131204_192739.lnk [607]
O61 - LFC: 2013-12-05 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\RootkitRemover_20131204_192902.lnk [607]
O61 - LFC: 2013-12-05 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\toyo225 60 18 001.lnk [757]
O61 - LFC: 2013-12-06 - 13:41:06 -SHA- . (...) -- C:\Documents and Settings\Michel\IECompatCache\index.dat [16384]
O61 - LFC: 2013-12-06 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Bookmarks [88926]
O61 - LFC: 2013-12-06 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Bookmarks.bak [88926]
O61 - LFC: 2013-12-06 - 13:41:52 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\LightScribe\log\log3708.txt [0]
O61 - LFC: 2013-12-06 - 13:42:36 -SHA- . (...) -- C:\Documents and Settings\Michel\PrivacIE\index.dat [16187392]
O61 - LFC: 2013-12-06 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\ski 002.lnk [707]
O61 - LFC: 2013-12-07 - 13:40:48 -SHA- . (...) -- C:\Documents and Settings\Michel\Application Data\Microsoft\Credentials\S-1-5-21-3291444504-2448968992-2195186465-1010\Credentials [492]
O61 - LFC: 2013-12-07 - 13:41:00 ---A- . (...) -- C:\Documents and Settings\Michel\Application Data\ZHP\Log.txt [19436] =>.Nicolas Coolman
O61 - LFC: 2013-12-07 - 13:41:00 ---A- . (...) -- C:\Documents and Settings\Michel\Application Data\ZHP\TestsZHPDiag.txt [3241] =>.Nicolas Coolman
O61 - LFC: 2013-12-07 - 13:41:06 -SHA- . (...) -- C:\Documents and Settings\Michel\IETldCache\index.dat [262144]
O61 - LFC: 2013-12-07 - 13:41:08 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Certificate Revocation Lists [265395]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Archived History [57344]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Archived History-journal [512]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies [1054720]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies-journal [16384]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENT [16]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG [151]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG.old [151]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\CURRENT [16]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG [154]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\LOG.old [154]
O61 - LFC: 2013-12-07 - 13:41:09 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-011285 [615]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons [925696]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Favicons-journal [16384]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_0 [8192]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_1 [270336]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_2 [8192]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\data_3 [8192]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\GPUCache\index [262512]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\History [151552]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\History Provider Cache [3126]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\History-journal [16384]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Last Session [22130]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Last Tabs [10464]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage [75776]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal [3608]
O61 - LFC: 2013-12-07 - 13:41:11 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_googleads.g.doubleclick.net_0.localstorage [3072]
O61 - LFC: 2013-12-07 - 13:41:12 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_googleads.g.doubleclick.net_0.localstorage-journal [512]
O61 - LFC: 2013-12-07 - 13:41:12 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor [147456]
O61 - LFC: 2013-12-07 - 13:41:12 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Network Action Predictor-journal [16384]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs [29696]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Origin Bound Certs-journal [16384]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [37386]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\018294.ldb [147]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\018296.ldb [163345]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\018299.ldb [51914]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\CURRENT [16]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG [281]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG.old [277]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Session Storage\MANIFEST-018298 [216]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts [12288]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Shortcuts-journal [16384]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites [20480]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Top Sites-journal [12824]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\TransportSecurity [321]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Visited Links [131072]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data [428032]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal [16384]
O61 - LFC: 2013-12-07 - 13:41:49 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Local State [48036]
O61 - LFC: 2013-12-07 - 13:41:50 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom [7987492]
O61 - LFC: 2013-12-07 - 13:41:50 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Bloom Prefix Set [1372948]
O61 - LFC: 2013-12-07 - 13:41:50 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies [6144]
O61 - LFC: 2013-12-07 - 13:41:50 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Cookies-journal [4640]
O61 - LFC: 2013-12-07 - 13:41:50 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Csd Whitelist [135336]
O61 - LFC: 2013-12-07 - 13:41:50 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download [1258936]
O61 - LFC: 2013-12-07 - 13:41:50 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Download Whitelist [19492]
O61 - LFC: 2013-12-07 - 13:41:50 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\Google\Chrome\User Data\Safe Browsing Extension Blacklist [6840]
O61 - LFC: 2013-12-07 - 13:41:52 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\LightScribe\log\log1256.txt [0]
O61 - LFC: 2013-12-07 - 13:41:52 ---A- . (...) -- C:\Documents and Settings\Michel\Local Settings\Application Data\LightScribe\log\log480.txt [114]
O61 - LFC: 2013-12-07 - 13:42:36 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\18 pouces 006.lnk [737]
O61 - LFC: 2013-12-07 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\My Pictures.lnk [481]
O61 - LFC: 2013-12-07 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\ski 004.lnk [707]
O61 - LFC: 2013-12-07 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\ski 005.lnk [707]
O61 - LFC: 2013-12-07 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\ski 006.lnk [707]
O61 - LFC: 2013-12-07 - 13:42:37 ---A- . (...) -- C:\Documents and Settings\Michel\Recent\toyo225 60 18 002.lnk [757]
~ 23 Fichiers temporaires (Temporary files)
~ 17 Fichiers cookies (Cookies files)
~ Files: 420 Legitimates Filtered in 01mn 51s
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 2013-11-04 - C:\WINDOWS\system32\mfevtps.exe (mfevtp) .(.McAfee, Inc. - McAfee Process Validation Service.) - LEGACY_MFEVTP
~ Legacy: 176 Legitimates Filtered in 00mn 00s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][2010-09-24] (...) -- C:\Documents and Settings\Michel\Application Data\wklnhst.dat [0]
~ Files: 6 Legitimates Filtered in 00mn 00s
---\\ Product Upgrade Codes (PUC) (O90)
O90 - PUC: "62DB84406F04AE347BD966DF3723659F" . (.Pololu Maestro USB Servo Controller.) -- C:\WINDOWS\Installer\{0448BD26-40F6-43EA-B79D-66FD733256F9}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "E16766C0A7943EB4EAD0E83CF09C9AAA" . (.PC-Doctor for Windows.) -- C:\Program Files\PC-Doctor for Windows\Pcdrw32.exe
~ Update Products: 76 Legitimates Filtered in 00mn 00s
---\\ Windows Installer Scan (WIS) (O93) (NTFS)
[MD5.98A9D0CFFE233B00706CF2A6230C0BE1] [WIS][2005-05-03] (.PC-Doctor, Inc. - PC-Doctor for Windows Installer.) -- C:\Windows\Installer\104d6.msi [5117440]
[MD5.B9AF517CBADE46910C5348C09472210E] [WIS][2013-02-10] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\1d2188e.msi [20717568]
~ WIS: 74 Legitimates Filtered in 00mn 07s
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 2008-04-13 224768 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 2011-03-11 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2011-03-11 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2011-05-09 136120 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 2013-08-02 471592 | (McODS) . (.McAfee, Inc..) - C:\Program Files\McAfee\VirusScan\mcods.exe
SS - | Disabled 2013-07-30 281560 | (McProxy) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SS - | Disabled 2013-07-30 281560 | (MSK80Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SS - | Auto 2004-09-29 69632 | (Pml Driver HPZ12) . (.HP.) - C:\WINDOWS\system32\HPZipm12.exe
SS - | Auto 2013-02-28 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 2008-01-29 394704 | (Symantec RemoteAssist) . (.Symantec, Inc..) - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
SR - | Auto 2010-10-16 37664 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 2010-10-07 345376 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 2013-07-30 281560 | (HomeNetSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Demand 2010-11-17 820008 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 2004-09-23 38912 | (LightScribeService) . (...) - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 2009-10-07 154136 | (LVPrcSrv) . (.Logitech Inc..) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
SR - | Auto 2012-08-31 167784 | (McAfee SiteAdvisor Service) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
SR - | Auto 2013-09-24 145088 | (McAPExe) . (.McAfee, Inc..) - C:\Program Files\McAfee\MSC\McAPexe.exe
SR - | Disabled 2013-07-30 281560 | (McMPFSvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 2013-07-30 281560 | (McNaiAnn) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 2013-07-30 281560 | (mcpltsvc) . (.McAfee, Inc..) - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
SR - | Auto 2013-09-20 638976 | (mfecore) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
SR - | Auto 2013-11-04 169320 | (mfefire) . (.McAfee, Inc..) - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
SR - | Auto 2013-11-04 172416 | (mfevtp) . (.McAfee, Inc..) - C:\WINDOWS\system32\mfevtps.exe
SR - | Auto 2010-04-13 229688 | (MOBKbackup) . (.McAfee, Inc..) - C:\Program Files\McAfee Online Backup\MOBKbackup.exe
~ Services: Scanned in 00mn 08s
---\\ Search Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Michel at 2013-12-07 13:44:04
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EE1A0] >> \Device\Harddisk0\DR0[0x8B1E4AB8]
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 12 Legitimates Filtered in 00mn 02s
---\\ Search Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Michel at 2013-12-07 13:44:06
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
---\\ Scan Additionnel (O88)
Database Version : 13011 - (2013-12-06)
Clés trouvées (Keys found) : 46
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 5
Fichiers trouvés (Files found) : 3
[HKLM\Software\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb] =>PUP.Babylon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}] =>PUP.Babylon^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar] =>PUP.Babylon^
[HKLM\Software\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}] =>PUP.Babylon
[HKLM\Softw
Decidement ,je viens de faire une deuxieme betise!! Je viens d,envoyer le rapport sur ce site au lieu de l,envoyer sur le site que tu m,avais dit..........Dans mon desarroi apres avoir presse sur la loupe plus..je n,ai pas pris le temps de lire la suite de ton message....Je suis vraiment desole,j,espere ne pas enfreindre les reglements du site,etc....