Rapport de ZHPDiag v2013.7.3.4 par Nicolas Coolman, Update du 03/07/2013
Run by JOEL at 04/07/2013 11:24:03
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program
---\\ Web Browser
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
MFIE: Mozilla Firefox 22.0
GCIE: Google Chrome v27.0.1453.116
---\\ Windows Product Information
~ Langage: Français
Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK
---\\ System Protection
Malwarebytes Anti-Malware version 1.75.0.1300
---\\ System Optimizer
CCleaner v4.03 =>Piriform Ltd
---\\ Peer To Peer (P2P)
eMule
---\\ Software Update
Adobe Flash Player 11 Plugin
Java 7 Update 25
---\\ System Information
~ Processor: x86 Family 15 Model 107 Stepping 2, AuthenticAMD
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2941 MB (51% free)
System Restore: Activé (Enable)
System drive C: has 175 GB (78%) free of 223 GB
---\\ Logged in mode
~ Computer Name: PC-DE-JOEL
~ User Name: JOEL
~ All Users Names: UpdatusUser, JOEL, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\JOEL\AppData\Roaming\
~ %Desktop% : C:\Users\JOEL\desktop\
~ %Favorites% : C:\Users\JOEL\Favorites\
~ %LocalAppData% : C:\Users\JOEL\AppData\Local\
~ %StartMenu% : C:\Users\JOEL\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 175 Go of 223 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 1 Go of 10 Go)
E:\ CD-ROM drive (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Security Center & Tools Informations
~ Security Center: 37 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.10/04/2009 - 22:27:38.) -- C:\WINDOWS\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 - 03:33:13.) -- C:\WINDOWS\System32\Wininit.exe [96768]
[MD5.6A25377A76479A0C0BF3DB6FC42FE09A] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.16/05/2013 - 23:28:26.) -- C:\WINDOWS\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.10/04/2009 - 22:28:14.) -- C:\WINDOWS\System32\Winlogon.exe [314368]
[MD5.3911B972B55FEA0478476B2E777B29FA] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.21/04/2011 - 14:58:27.) -- C:\WINDOWS\system32\Drivers\AFD.sys [273408]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.10/04/2009 - 22:32:28.) -- C:\WINDOWS\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.21/01/2008 - 03:33:23.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.10/04/2009 - 20:39:18.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [67072]
[MD5.622C41A07CA7E6DD91770F50D532CB6C] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.14/04/2011 - 15:59:03.) -- C:\WINDOWS\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.10/04/2009 - 20:42:44.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - Pilote de port i8042.) (.21/01/2008 - 03:32:45.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.21/01/2008 - 03:34:06.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [100864]
[MD5.1E94971C4B446AB2290DEB71D01CF0C2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.29/04/2011 - 14:24:40.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.10/04/2009 - 20:45:38.) -- C:\WINDOWS\system32\Drivers\netBT.sys [185856]
[MD5.2C1121F2B87E9A6B12485DF53CD848C7] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.03/03/2013 - 20:07:52.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [1082232]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Pilote de port parallèle.) (.02/11/2006 - 09:51:30.) -- C:\WINDOWS\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/01/2008 - 03:34:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [76288]
[MD5.FBC0BACD9C3D7F6956853F64A66E252D] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/01/2008 - 03:32:22.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [248832]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.10/04/2009 - 20:45:24.) -- C:\WINDOWS\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.10/04/2009 - 20:45:58.) -- C:\WINDOWS\system32\Drivers\tdx.sys [72192]
[MD5.786DB5771F05EF300390399F626BF30A] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.21/08/2012 - 12:47:42.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [224640]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/1633
~ Mes musiques (My Musics) : 9/31
~ Mes Videos (My Videos) : 1/8
~ Mes Favoris (My Favorites) : 1/40
~ Mes Documents (My Documents) : 1/233
~ Mon Bureau (My Desktop) : 1/12
~ Menu demarrer (Programs) : 1/36
~ Hidden Files: Scanned in 00mn 03s
---\\ Processus lancés
[MD5.9A4322EE420D6FACD4D4B1FF6CB856B1] - (.Hewlett-Packard Company - hpsysdrv.) -- C:\hp\support\hpsysdrv.exe [65536] [PID.2892]
[MD5.CE2B8F601D18C3282390FA2CA4752C6E] - (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5105808] [PID.3020]
[MD5.C20CF0E75EFAE6F97BAD1376CB980405] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3380632] [PID.3044]
[MD5.5734269D86F4DB2C6B74E4029E4B5455] - (.LED - Logiciel de gestion d'image d'arrière plan.) -- C:\Program Files\Led\LedWallpaper\LedWallpaper.exe [659456] [PID.3156]
[MD5.8C181BAFE72607F6CBA82134CFF8411E] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821624] [PID.3252]
[MD5.207B16FA69F61D1895F8D8532F587E4B] - (.Tonec Inc. - Internet Download Manager agent for click m.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe [263600] [PID.1716]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\WINDOWS\system32\conime.exe [69120] [PID.1788]
[MD5.94753463EE96A4B975FCFC3D0E098945] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7646208] [PID.4920]
[MD5.77453B17EB0D6A4AB366200C3193CBD6] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 307.7.) -- C:\WINDOWS\system32\nvvsvc.exe [634808] [PID.8076]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Service de gestion des licences Microsoft.) -- C:\WINDOWS\system32\SLsvc.exe [3408896] [PID.716]
[MD5.50CA14EBEBF27C81EBF342BCE5A6CE6C] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [865208] [PID.1808]
[MD5.9EBE730D4B5E3FF25EAAF5A59BA6CCFF] - (.SUPERAntiSpyware.com - Core Service.) -- C:\Program Files\SUPERAntiSpyware\SASCORE.exe [119056] [PID.3612]
[MD5.A1545B731579895D8CC44FC0481C1192] - (.Microsoft Corporation - Service de la passerelle de la couche Appli.) -- C:\WINDOWS\System32\alg.exe [59392] [PID.3740]
[MD5.73A2220C3C50D3D62589E2C1DB6BE107] - (.ESET - ESET Service.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1335496] [PID.3804]
[MD5.FD1DDB4649944D941050E9F2BB6CDB54] - (.SafeNet Inc. - Sentinel HASP License Manager Service.) -- C:\WINDOWS\system32\hasplms.exe [4180576] [PID.4020]
[MD5.69C494AE77EC2CFC31FD4B0D7AB6F24A] - (.CybelSoft - Service de détection matériel.) -- C:\Program Files\ma-config.com\MaConfigAgent.exe [1777488] [PID.4104]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\JOEL\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [pafkcccccfmnjkhhndjfffifnflhkpdo] Desktop v.1.0 (Activé)
~ Google Browser: 13 Legitimates Filtered in 00mn 17s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\JOEL\AppData\Roaming\Mozilla\Firefox\Profiles\qoupm3k5.default\prefs.js
C:\Users\JOEL\AppData\Roaming\Mozilla\Firefox\Profiles\trxevccd.default\prefs.js
M2 - MFEP: prefs.js [JOEL - qoupm3k5.default\{0545b830-f0aa-4d7e-8820-50a4629a56fe}] [] ColorfulTabs v (..)
M2 - MFEP: prefs.js [JOEL - trxevccd.default\{0545b830-f0aa-4d7e-8820-50a4629a56fe}] [] ColorfulTabs v (..)
~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1
---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard Company - hpsysdrv.) -- c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [Anvi Ultimate Defrag] . (.Anvisoft - Anvi Ultimate Defrag.) -- C:\Program Files\Anvisoft\Anvi Ultimate Defrag\AUDTip.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [egui] . (.ESET - ESET Main GUI.) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
O4 - HKCU\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2858283277-4066182598-2609673477-1000\..\Run: [IDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe
O4 - HKUS\S-1-5-21-2858283277-4066182598-2609673477-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: MediaInfo.lnk . (.MediaArea.net - All about your audio and video files.) -- C:\Program Files\MediaInfo\MediaInfo.exe
O4 - GS\Programs: Screenpresso.lnk . (.Learnpulse - Screenpresso.) -- C:\Users\JOEL\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe
O4 - GS\Programs: Spotify.lnk . (.Spotify Ltd - Spotify.) -- C:\Users\JOEL\AppData\Roaming\Spotify\spotify.exe
O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Mozilla Thunderbird.lnk . (.Mozilla Corporation - Thunderbird.) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
O4 - GS\QuickLaunch: Q-Dir.lnk . (.Nenad Hrg (SoftwareOK.com) - Q-Dir 5.49.) -- C:\Program Files\Q-Dir\Q-Dir.exe
O4 - GS\QuickLaunch: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - GS\Desktop: adsl TV.lnk . (.adsl TV / FM - adsl TV.) -- C:\Program Files\adslTV\adsltv.exe
O4 - GS\Desktop: Advanced Uninstaller PRO 11.lnk . (.Innovative Solutions - Advanced Uninstaller.) -- C:\Program Files\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
O4 - GS\Desktop: Aureas v8.5.lnk . (.Aureas Software - Pas de description.) -- C:\Program Files\Aureas85\Aureas85.exe
O4 - GS\Desktop: Disque local (F) - Raccourci.lnk - Clé orpheline
O4 - GS\Desktop: DOC.lnk . (...) -- C:\Users\JOEL\Documents
O4 - GS\Desktop: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- C:\Program Files\Glary Utilities\Integrator.exe
O4 - GS\Desktop: iexplore - Raccourci.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop: JOEL.lnk . (...) -- C:\Users\JOEL
O4 - GS\Desktop: MSWorks - Raccourci.lnk . (.Microsoft® Corporation - Microsoft® Works.) -- C:\Program Files\Microsoft Works\MSWorks.exe
O4 - GS\Desktop: Telechargement.lnk . (...) -- C:\Users\JOEL\Downloads
O4 - GS\Desktop: VIDEOS.lnk . (...) -- C:\Users\JOEL\Videos
~ Global Startup: Scanned in 00mn 01s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{020684D8-4E96-4B07-8CEF-C479735D4800}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{020684D8-4E96-4B07-8CEF-C479735D4800}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} . (...) -- C:\Program Files\WOT\WOT.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\WINDOWS\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\System32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Sentinel HASP License Manager (hasplms) . (.SafeNet Inc. - Sentinel HASP License Manager Service.) - C:\WINDOWS\system32\hasplms.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) . (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
~ Services: 7 Legitimates Filtered in 00mn 11s
---\\ BootExecute (O34)
O34 - HKLM BootExecute: (OODBS) (.O&O Software GmbH - O&O BootTimeDefrag (Win32).) -- C:\WINDOWS\System32\OODBS.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
~ BEX: 3 Legitimates Filtered in 00mn 00s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{0F484624-1F1A-483B-92D3-CCFEC58625F8}] (...) -- C:\Users\JOEL\Downloads\Programs\15.53_nforce_win7_32bit_international_whql.exe (.not file.) [0]
~ Scheduled Task: 16 Legitimates Filtered in 00mn 06s
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AntiLog32) . (. - .) - C:\WINDOWS\system32\drivers\AntiLog32.sys (.not file.)
O41 - Driver: (kl2) . (. - .) - C:\WINDOWS\System32\DRIVERS\kl2.sys (.not file.)
O41 - Driver: (StarPortLite) . (.StarWind Software - StarPort Storage Controller Lite.) - C:\WINDOWS\System32\DRIVERS\StarPortLite.sys
O41 - Driver: (MpFilter) . (. - .) - C:\WINDOWS\System32\DRIVERS\MpFilter.sys (.not file.)
~ Drivers: 55 Legitimates Filtered in 00mn 03s
---\\ Logiciels installés (O42)
O42 - Logiciel: Anvi Ultimate Defrag 1.0 - (.Anvisoft.) [HKLM] -- Anvi Ultimate Defrag
O42 - Logiciel: Audio Record Wizard - (.NowSmart.) [HKLM] -- Audio Record Wizard
O42 - Logiciel: Aureas v8.5 - (...) [HKLM] -- Aureas85_is1
O42 - Logiciel: Bass Audio Decoder (remove only) - (...) [HKLM] -- Bass Audio Decoder
O42 - Logiciel: CD Audio Reader Filter (remove only) - (...) [HKLM] -- CD Audio Reader Filter
O42 - Logiciel: DCoder Image Source (remove only) - (...) [HKLM] -- DCoder Image Source
O42 - Logiciel: FFMPEG Core Files (remove only) - (...) [HKLM] -- FFMPEG Core Files
O42 - Logiciel: Gold Audio Extractor 5.5.9 - (.SuperEZMedia Co., Ltd..) [HKLM] -- Gold Audio Extractor_is1
O42 - Logiciel: MadVR (remove only) - (...) [HKLM] -- MadVR
O42 - Logiciel: OpenSource AVI Splitter (remove only) - (...) [HKLM] -- OpenSource AVI Splitter
O42 - Logiciel: OpenSource DTS/AC3/DD+ Source Filter (remove only) - (...) [HKLM] -- OpenSource DTS/AC3/DD+ Source Filter
O42 - Logiciel: Smart Cutter for DV and DVB - (.FameRing.) [HKLM] -- {9A9CEF47-6227-4D03-A3E0-55C2B64F61DE}
O42 - Logiciel: WinSysClean X3 Trial - (.Ultimate Systems, Inc..) [HKLM] -- WinSysClean X3 Trial
O42 - Logiciel: WinSysClean X3 Trial - (.Ultimate Systems, Inc..) [HKLM] -- {C5089197-5B15-44AD-B0FC-2E94EE9ECB63}
O42 - Logiciel: Zoom Player (remove only) - (...) [HKLM] -- ZoomPlayer
~ Logic: 107 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\9f2b1960]
[HKCU\Software\AUREAS]
[HKCU\Software\AlonVideoJoiner]
[HKCU\Software\AppBar]
[HKCU\Software\Business Logic Corporation]
[HKCU\Software\Drivers]
[HKCU\Software\GG-Shutdown planner]
[HKCU\Software\Harby]
[HKCU\Software\Malware Destroyer 6]
[HKCU\Software\MicroWorld]
[HKCU\Software\Mirekusoft]
[HKCU\Software\Over-Link]
[HKCU\Software\Perenety]
[HKCU\Software\SafeIT Security]
[HKCU\Software\Smashing Defrag]
[HKCU\Software\SysCodecID]
[HKCU\Software\Ultimate Systems]
[HKCU\Software\UndeleteMyFiles]
[HKCU\Software\VideoConverter-Media]
[HKCU\Software\Win]
[HKCU\Software\Womble]
[HKCU\Software\dx20120118]
[HKCU\Software\vfcTK]
[HKLM\Software\DriverBackup!]
[HKLM\Software\GSLLC]
[HKLM\Software\MicroWorld]
[HKLM\Software\Product Key Reader]
[HKLM\Software\Server Info]
[HKLM\Software\Soft4Boost]
[HKLM\Software\Ultimate Systems]
[HKLM\Software\vfcTK]
~ Key Software: 324 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 25/01/2013 - 10:10:00 - [10,404] ----D C:\Program Files\Audio Record Wizard
O43 - CFD: 02/10/2012 - 09:30:16 - [124,813] ----D C:\Program Files\Aureas85
O43 - CFD: 04/05/2013 - 11:26:43 - [1,097] ----D C:\Program Files\Bass Audio Decoder
O43 - CFD: 04/05/2013 - 11:27:50 - [0,410] ----D C:\Program Files\CD Audio Reader Filter
O43 - CFD: 04/05/2013 - 11:28:49 - [0,210] ----D C:\Program Files\DCoder Image Source
O43 - CFD: 04/05/2013 - 11:28:43 - [9,516] ----D C:\Program Files\FFMPEG Core Files
O43 - CFD: 08/06/2012 - 09:19:12 - [15,577] ----D C:\Program Files\Gold Audio Extractor
O43 - CFD: 14/06/2013 - 11:28:17 - [13,615] ----D C:\Program Files\MadVR
O43 - CFD: 04/05/2013 - 11:27:44 - [0,499] ----D C:\Program Files\OpenSource AVI Splitter
O43 - CFD: 04/05/2013 - 11:27:31 - [0,534] ----D C:\Program Files\OpenSource DTSAC3DD+ Source Filter
O43 - CFD: 20/05/2013 - 10:01:46 - [23,152] ----D C:\Program Files\WinSysClean X3 Trial
O43 - CFD: 04/05/2013 - 11:25:45 - [10,714] ----D C:\Program Files\Zoom Player
O43 - CFD: 18/12/2011 - 16:45:43 - [15,706] ----D C:\Program Files\Common Files\Common Share
O43 - CFD: 27/09/2012 - 10:04:02 - [7,618] ----D C:\Program Files\Common Files\FlashIntegro
O43 - CFD: 01/07/2013 - 12:40:59 - [0,000] ----D C:\ProgramData\Aureas85
O43 - CFD: 27/06/2013 - 19:16:21 - [50,107] ----D C:\ProgramData\Zoom Player
O43 - CFD: 20/05/2013 - 10:02:11 - [8,913] --H-D C:\ProgramData\{B2FE6FE4-63BF-44CA-91FD-921DA2BAAE44}
O43 - CFD: 14/10/2010 - 10:09:17 - [0,028] ----D C:\Users\JOEL\AppData\Roaming\Aureas85
O43 - CFD: 21/11/2012 - 18:16:29 - [0,000] ----D C:\Users\JOEL\AppData\Roaming\BlackSharkSoft
O43 - CFD: 08/12/2011 - 17:52:10 - [0,001] ----D C:\Users\JOEL\AppData\Roaming\CyberPower Video Switch
O43 - CFD: 12/06/2013 - 18:35:05 - [0,031] ----D C:\Users\JOEL\AppData\Roaming\DevEject
O43 - CFD: 27/09/2012 - 10:00:29 - [0,006] ----D C:\Users\JOEL\AppData\Roaming\FlashIntegro
O43 - CFD: 29/03/2013 - 13:55:13 - [0,000] ----D C:\Users\JOEL\AppData\Roaming\FreeMoviesToDVD
O43 - CFD: 08/06/2012 - 09:19:19 - [0,001] ----D C:\Users\JOEL\AppData\Roaming\Gold Audio Extractor
O43 - CFD: 29/03/2013 - 12:37:08 - [14,702] ----D C:\Users\JOEL\AppData\Roaming\MediaFilters
O43 - CFD: 19/11/2012 - 17:52:03 - [0,007] ----D C:\Users\JOEL\AppData\Roaming\Product_RM
O43 - CFD: 29/06/2011 - 14:42:02 - [0,346] ----D C:\Users\JOEL\AppData\Roaming\Smarty Uninstaller
O43 - CFD: 01/07/2011 - 12:03:21 - [0,001] ----D C:\Users\JOEL\AppData\Roaming\Umile Family
O43 - CFD: 04/05/2011 - 13:16:01 - [0,001] ----D C:\Users\JOEL\AppData\Roaming\WinFF
O43 - CFD: 29/04/2011 - 17:17:17 - [0,001] ----D C:\Users\JOEL\AppData\Local\Aero
O43 - CFD: 25/01/2013 - 10:10:27 - [0,003] ----D C:\Users\JOEL\AppData\Local\arw
O43 - CFD: 01/07/2013 - 12:41:44 - [3,964] ----D C:\Users\JOEL\AppData\Local\Aureas85
O43 - CFD: 29/04/2012 - 18:45:23 - [0,001] ----D C:\Users\JOEL\AppData\Local\dcunningham.net
O43 - CFD: 09/04/2011 - 09:50:00 - [0,008] ----D C:\Users\JOEL\AppData\Local\DeviceRemover
O43 - CFD: 22/03/2013 - 14:27:21 - [15,016] ----D C:\Users\JOEL\AppData\Local\lptmp1634382980
O43 - CFD: 22/03/2013 - 17:29:25 - [4,516] ----D C:\Users\JOEL\AppData\Local\lptmp693452439
O43 - CFD: 08/05/2012 - 09:39:44 - [0,002] ----D C:\Users\JOEL\AppData\Local\PitchAndShiftAudio
O43 - CFD: 19/01/2011 - 10:04:38 - [0,135] ----D C:\Users\JOEL\AppData\Local\Preton_Ltd
O43 - CFD: 23/06/2013 - 10:14:18 - [0] ----D C:\Users\JOEL\AppData\Local\Privatefirewall
O43 - CFD: 16/04/2013 - 15:56:34 - [0,002] ----D C:\Users\JOEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FameRing
~ Program Folder: 298 Legitimates Filtered in 00mn 13s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.78617047F8C0A141DEE7B20A8480377F] - 04/07/2013 - 08:57:06 ---A- . (...) -- C:\WINDOWS\System32\oodbs.lor [384076]
O44 - LFC:[MD5.CA11041DDC5984DC5157A9B2A35305BC] - 01/07/2013 - 08:21:55 ---A- . (...) -- C:\WINDOWS\Q-Dir.ini [44415]
O44 - LFC:[MD5.1248169176703A9B6A89A0711FCA4B1D] - 01/07/2013 - 08:13:13 ---A- . (...) -- C:\WINDOWS\System32\TEST.log [5530]
O44 - LFC:[MD5.FDA04D17F7510B04A66337F1EC606354] - 25/06/2013 - 16:03:25 ---A- . (. COOl VISUAL BASIC ( www.coolvb.fr.st ) - Un ocx qui permet de capturer tous les evèn.) -- C:\WINDOWS\System32\MouseEventsCapture.ocx [40960]
O44 - LFC:[MD5.F67A7E52FB5F0EB763E7103CCC1A26C3] - 25/06/2013 - 16:03:25 ---A- . (.HLB. LE BIGOT Hervé.28 bis rue de VERD - Button ActiveX control.) -- C:\WINDOWS\System32\HLBButton6.ocx [98304]
O44 - LFC:[MD5.8E22449B7EDC5AC85B08CC5D4F83F052] - 25/06/2013 - 16:03:25 ---A- . (.LED - Dll commune aux programmes LED.) -- C:\WINDOWS\System32\LedCommon.dll [49152]
O44 - LFC:[MD5.197B2FDB8EAA8EAFCA85E5025CEC2749] - 25/06/2013 - 16:03:25 ---A- . (.UniCont Soft - Pas de description.) -- C:\WINDOWS\System32\HookMenuPlus.ocx [237568]
O44 - LFC:[MD5.9076E1887C41DDE3A1A571EDB5B79659] - 25/06/2013 - 16:03:25 ---A- . (.XnView - GflAx ASP component.) -- C:\WINDOWS\System32\GflAx.dll [1085440]
O44 - LFC:[MD5.73FE8285D075FE7F0CD980870A09AF3D] - 25/06/2013 - 08:52:14 ---A- . (...) -- C:\WINDOWS\wininit.ini [79]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 24/06/2013 - 17:27:08 ---A- . (...) -- C:\autoexec.bat [0]
~ Files: 29 Legitimates Filtered in 00mn 08s
---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Déni du service (Local Security Authority) (O48)
O48 - LSA:Local Security Authority Security Packages . (...) -- C:\WINDOWS\System32\pku2u.dll
~ LSA: 8 Legitimates Filtered in 00mn 00s
---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\83680542.sys . (...) -- C:\WINDOWS\System32\Drivers\83680542.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\83680542.sys . (...) -- C:\WINDOWS\System32\Drivers\83680542.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s
---\\ Trojan Driver Search Data (HKLM) (O52)
O52 - TDSD: \Drivers32\"vidc.dvsd"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\WINDOWS\System32\mcdvd_32.dll
O52 - TDSD: \Drivers32\"msacm.scg726"="scg726.acm" . (.SHARP Corporation - SHARP G.726 ACM Audio Decoder.) -- C:\WINDOWS\System32\scg726.acm
O52 - TDSD: \Drivers32\"msacm.alf2cd"="alf2cd.acm" . (.NCT Company - NCT ALF2CD Audio CODEC.) -- C:\WINDOWS\System32\alf2cd.acm
O52 - TDSD: \drivers.desc\"alf2cd.acm"="alf2cd.acm" . (.NCT Company - NCT ALF2CD Audio CODEC.) -- C:\WINDOWS\System32\alf2cd.acm
O52 - TDSD: \drivers.desc\"mcdvd_32.dll"="mcdvd_32.dll" . (.MainConcept - MainConcept DV Codec.) -- C:\WINDOWS\System32\mcdvd_32.dll
~ TDSD: 28 Legitimates Filtered in 00mn 01s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Glary Memory Optimizer [Key] . (.Glarysoft Ltd - Memory Optimizer.) -- C:\Program Files\Glary Utilities\memdefrag.exe
O53 - SMSR:HKLM\...\startupreg\Screenpresso [Key] . (.Learnpulse - Screenpresso.) -- C:\Users\JOEL\AppData\Local\Learnpulse\Screenpresso\Screenpresso.exe
~ SMSR Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Microsoft Control Security Providers (O54)
O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.not file.) -- msapsspc.dll
~ MSCP: 4 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 8 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDevMgrUpdate"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoChangeStartMenu"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoEncryptOnMove"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRunasInstallPrompt"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveSearch"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveTrack"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoStartMenuSubFolders"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDevMgrUpdate"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoChangeStartMenu"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoEncryptOnMove"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRunasInstallPrompt"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoResolveSearch"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoResolveTrack"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoStartMenuSubFolders"=0
~ MWPE Keys: 28 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.04F0FCAC69C7C71A3AC4EB97FAFC8303] - 21/01/2008 - 03:32:46 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\WINDOWS\System32\Drivers\adp94xx.sys [422968]
O58 - SDL:[MD5.0F32054B98D1C543A4C743ED95BDA23B] - 24/05/2012 - 09:35:25 ---A- . (...) -- C:\WINDOWS\System32\91207717.sys [73]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 01/07/2013 - 08:21:55 ---A- C:\Users\JOEL\AppData\Roaming\Q-Dir\start.qdr [1523]
O61 - LFC: 01/07/2013 - 11:41:00 ---A- C:\Users\JOEL\AppData\Local\Aureas85\Options.BAS [7036]
O61 - LFC: 01/07/2013 - 11:41:01 ---A- C:\Users\JOEL\Documents\Aureas85\Options.dat [7036]
O61 - LFC: 01/07/2013 - 11:41:11 ---A- C:\Users\JOEL\AppData\Roaming\Aureas85\Temp.Do0 [215]
O61 - LFC: 01/07/2013 - 11:41:11 ---A- C:\Users\JOEL\Documents\Aureas85\Fichiers.dat [1434]
O61 - LFC: 01/07/2013 - 17:20:54 ---A- C:\Users\JOEL\AppData\Roaming\wklnhst.dat [24212]
O61 - LFC: 02/07/2013 - 07:54:27 ---A- C:\Users\JOEL\AppData\Roaming\HP\ScLogs\SolutionCenter.htm [46894]
O61 - LFC: 03/07/2013 - 08:15:08 ---A- C:\Users\JOEL\Videos\Le royaume du cobra.mp4 [1542421184]
O61 - LFC: 04/07/2013 - 07:52:13 ---A- C:\Users\JOEL\Videos\Alerte, méduses géantes.mp4 [1622286780]
O61 - LFC: 04/07/2013 - 07:54:55 ---A- C:\Users\JOEL\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [265994]
O61 - LFC: 04/07/2013 - 08:02:00 ---A- C:\Users\JOEL\Downloads\Programs\adwcleaner_2.exe [650027]
O61 - LFC: 04/07/2013 - 08:14:24 ---A- C:\Users\JOEL\Downloads\Video\YouTube.FLV [22803563]
O61 - LFC: 04/07/2013 - 09:31:35 ---A- C:\Users\JOEL\Downloads\Programs\RogueKiller.exe [915456]
O61 - LFC: 04/07/2013 - 10:23:03 ---A- C:\Users\JOEL\AppData\Local\Google\Chrome\User Data\Local State [38206]
O61 - LFC: 04/07/2013 - 10:23:03 ---A- C:\Users\JOEL\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4]
~ 3 Fichiers temporaires (Temporary files)
~ Files: 299 Legitimates Filtered in 01mn 45s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
O63 - Logiciel: RSIT - (.random/random.)
~ ADS: Scanned in 00mn 00s
---\\ Liste des services Legacy (O64)
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (kl2) .(...) - LEGACY_KL2
O64 - Services: CurCS - 23/08/2010 - C:\WINDOWS\System32\DRIVERS\rspSanity32.sys (rspSanity) .(.Resplendence Software Projects Sp. - Resplendence Sanity Check.) - LEGACY_RSPSANITY
O64 - Services: CurCS - ??\??\???? - Pas de propriétaire (sbapifs) .(...) - LEGACY_SBAPIFS
O64 - Services: CurCS - 26/11/2012 - C:\WINDOWS\System32\DRIVERS\szkg.sys (szkg5) .(.iS3 Inc. - szkg Device Driver.) - LEGACY_SZKG5
O64 - Services: CurCS - 29/03/2013 - C:\WINDOWS\System32\drivers\WRkrn.sys (WRkrn) .(.Webroot - Webroot SecureAnywhere.) - LEGACY_WRKRN
~ Legacy: 346 Legitimates Filtered in 00mn 07s
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <Opera.HTML>[HKLM\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <exefile>[HKU\..\open\Command] (...) -- "%1" %*
~ FASS Keys: 20 Legitimates Filtered in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [JOEL - qoupm3k5.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) -
http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) -
http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.4E430EE4C3872166D1B52CB4132EC938] [SPRF][13/03/2013] (...) -- C:\Users\JOEL\AppData\Local\d3d9caps.dat [1356]
[MD5.5B6C11DE7E839C05248CED8825470FEF] [SPRF][31/03/2013] (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Users\JOEL\AppData\Roaming\pcouffin.sys [47360]
[MD5.4CBF1046DE0F2FCFC5E6DE3244B6B9EC] [SPRF][01/07/2013] (...) -- C:\Users\JOEL\AppData\Roaming\wklnhst.dat [24212]
~ Files: Scanned in 00mn 00s
---\\ Scan Additionnel (O88)
Database Version : v2.12641 - (03/07/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 236957 Items scanned in 00mn 52s
---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 23/05/2013 119056 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SS - | Demand 12/06/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 27/05/2013 1335496 | (ekrn) . (.ESET.) - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
SS - | Auto 12/04/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 12/04/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 27/09/2010 4180576 | (hasplms) . (.SafeNet Inc..) - C:\WINDOWS\system32\hasplms.exe
SR - | Demand 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 09/06/2013 1777488 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe
SR - | Auto 03/01/2013 634808 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvvsvc.exe
SS - | Auto 03/01/2013 1259448 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 21/01/2008 21504 | C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\WINDOWS\System32\svchost.exe
SS - | Demand 21/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
SR - | Auto 21/01/2008 21504 | C:\WINDOWS\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\WINDOWS\System32\svchost.exe
~ Services: Scanned in 00mn 01s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Run by JOEL at 04/07/2013 11:29:37
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe hal.dll CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0x895241F8]<<
1 ntkrnlpa!IofCallDriver[0x83889916] >> \Device\Harddisk0\DR0[0x8B461480]
\Driver\nvstor32[0x895D2980] >> IRP_MJ_CREATE >> 0x895241F8
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi >> 0x895231f8
user & kernel MBR OK
Warning: possible MBR rootkit infection !
~ MBR: 18 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Run by JOEL at 04/07/2013 11:29:39
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 1878 Legitimates filtered by white list
End of the scan (587 lines in 05mn 36s)(0)