Rapport de ZHPDiag v2013.4.5.28 par Nicolas Coolman, Update du 05/04/2013 Run by Administrateur at 05/04/2013 23:56:18 State : Version à jour. High Elevated Privileges : OK UAC : Not Found ---\\ Web Browser MSIE: Internet Explorer v7.0.5730.13 MFIE: Mozilla Firefox 20.0 v20.0 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows XP Professional Service Pack 3 (Build 2600) Windows Automatic Updates : OK Windows Genuine Advantage : KO ---\\ System Information ~ Processor: x86 Family 15 Model 12 Stepping 0, AuthenticAMD ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 510 MB (15% free) System Restore: Activé (Enable) System drive C: has 8 GB (10%) free of 75 GB ---\\ Logged in mode ~ Computer Name: AMANDINE ~ User Name: Administrateur ~ All Users Names: SUPPORT_388945a0, HelpAssistant, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Documents and Settings\Administrateur\Application Data\ ~ %Desktop% : C:\Documents and Settings\Administrateur\Bureau\ ~ %Favorites% : C:\Documents and Settings\Administrateur\Favoris\ ~ %LocalAppData% : C:\Documents and Settings\Administrateur\Local Settings\Application Data\ ~ %StartMenu% : C:\Documents and Settings\Administrateur\Menu Démarrer\ ~ %Windir% : C:\WINDOWS\ ~ %System% : C:\WINDOWS\system32\ ---\\ DOS/Devices A:\ Floppy drive, Flash card reader, USB Key (Not Inserted) C:\ Hard drive, Flash drive, Thumb drive (Free 8 Go of 75 Go) D:\ CD-ROM drive (Free 0 Go of 1 Go) F:\ Floppy drive, Flash card reader, USB Key (Not Inserted) G:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Intl: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] XMLLookup: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.BFBBBFE0913E6C9706F97598A6588B8F] - (.Microsoft Corporation - Explorateur Windows.) (.27/09/2008 - 11:24:52.) -- C:\WINDOWS\Explorer.exe [1573888] [MD5.D0621A80F2BC172D776FDFFEFCAFD177] - (.Microsoft Corporation - Internet Extensions for Win32.) (.06/02/2013 - 01:46:46.) -- C:\WINDOWS\system32\wininet.dll [841216] [MD5.4BB6301D634C857A5089E8B24C5555E4] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.27/09/2008 - 11:27:21.) -- C:\WINDOWS\system32\Winlogon.exe [593408] [MD5.F6B7B1ECD7B41736BDB6FF4B092BCB79] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/08/2011 - 14:41:46.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496] [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512] [MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744] [MD5.4B0A100EAF5C49EF3CCA8C641431EACC] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.02/05/2008 - 11:49:39.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976] [MD5.31F923EB2170FC172C81ABDA0045D18C] - (.Microsoft Corporation - Pilote de cryptographie FIPS.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672] [MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384] [MD5.A09BDC4ED10E3B2E0EC27BB94AF32516] - (.Microsoft Corporation - Pilote de port i8042.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [54144] [MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112] [MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832] [MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264] [MD5.FB2FCCC70F7174C7BF64F48E96D3ADF4] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/07/2011 - 14:29:35.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457856] [MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816] [MD5.A0857C97770034FD2AF17DC4014B5ABD] - (.Microsoft Corporation - NT File System Driver.) (.22/04/2008 - 14:45:52.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [576384] [MD5.8FD0BDBEA875D06CCF6C945CA9ABAF75] - (.Microsoft Corporation - Pilote de port parallèle.) (.27/09/2008 - 11:31:20.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384] [MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328] [MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.27/09/2008 - 00:58:26.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224] [MD5.D8EB2A7904DB6C916EB5361878DDCBAE] - (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) (.27/09/2008 - 02:58:26.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58752] [MD5.46DE1126684369BACE4849E4FC8C43CA] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/04/2008 - 13:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53376] ~ Generic Processes: Scanned in 00mn 01s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 0/3783 ~ Mes musiques (My Musics) : 52/607 ~ Mes Videos (My Videos) : 2/23 ~ Mes Favoris (My Favorites) : 1/5 ~ Mes Documents (My Documents) : 1/10508 ~ Mon Bureau (My Desktop) : 1/921 ~ Menu demarrer (Programs) : 1/35 ~ Hidden Files: Scanned in 00mn 23s ---\\ Processus lancés [MD5.41735B82DB57E4EBE9504EC400FD120E] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248] [PID.376] [MD5.5DCD235C061022BCDA9AA48670B64211] - (.GRISOFT s.r.o. - AVG Anti-Spyware guard.) -- C:\Program Files\AVG Anti-Spyware 7.5\guard.exe [312880] [PID.804] [MD5.381B25DC8E958D905B33130D500BBF29] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376] [PID.872] [MD5.9F40402087B6D4A428571DD6CA83AC1E] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 91.36.) -- C:\WINDOWS\system32\nvsvc32.exe [155715] [PID.1136] [MD5.80FD4D46B0E9B620CF757A9A5C789329] - (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SOUNDMAN.exe [577536] [PID.1440] [MD5.EFA551863AD71A69690A3685145FD378] - (...) -- ystem32\RUNDLL32.exe [0] [PID.1880] [MD5.6E3245DF783E58375B3465F03274743E] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [254696] [PID.1656] [MD5.0A61A3ACE26CA4FC637BC8AF8C05CC00] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe [115032] [PID.232] =>PUP.SweetIM [MD5.84A878D2D4A84CC73D53733F80FB57CE] - (.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768] [PID.308] =>PUP.SweetIM [MD5.CC6BC45DD5A58158645E7FB2953604FE] - (.GRISOFT s.r.o. - AVG Anti-Spyware.) -- C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe [6731312] [PID.200] [MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe [4767304] [PID.1288] [MD5.5E118E606E2AF56419A699210DFCF450] - (.Dropbox, Inc. - Dropbox.) -- C:\Documents and Settings\Administrateur\Application Data\Dropbox\bin\Dropbox.exe [29106336] [PID.1644] [MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.3084] [MD5.76DAC52F7A6D3AD3C8307D012ACF46CE] - (.OpenOffice.org - OpenOffice.org 3.0.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe [7424000] [PID.300] [MD5.EEBF2F715C02C8A6CE6DBE844DD1B4E3] - (.OpenOffice.org - OpenOffice.org 3.0.) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin [7418368] [PID.3060] [MD5.312FC312F84305E10828FDBF92CE4300] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.2656] [MD5.6E5876A0BBCD9146A4DB62C68BB99EE6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6493184] [PID.2856] ~ Processes Running: Scanned in 00mn 13s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] None G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.fr G2 - GCE: Preference [User Data\Default] [coobgpohoikkiipiblmjeljniedjpjpf] Recherche Google v.0.0.0.14 (Activé) ~ Google Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\prefs.js C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\user.js M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\MediaDICO-fr.xml M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml M3 - MFPP: Plugins - [Administrateur] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml M0 - MFSP: prefs.js [Administrateur - mteietq8.default] http://www.google.fr M2 - MFEP: prefs.js [Administrateur - mteietq8.default\foxmarks@kei.com] [] Xmarks v (.Todd Agulnick.) M2 - MFEP: prefs.js [Administrateur - mteietq8.default\snaplinks@snaplinks.net] [] Snap Links (EladKarako Mod) v0.0.7.1 (.Todd Agulnick.) M2 - MFEP: prefs.js [Administrateur - mteietq8.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (.Microsoft.) M2 - MFEP: prefs.js [Administrateur - mteietq8.default\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}] [] Gmail Notifier v0.6.4.3 (.Doron Rosenberg.) M2 - MFEP: prefs.js [Administrateur - mteietq8.default\{77b819fa-95ad-4f2c-ac7c-486b356188a9}] [] IE Tab v2.0.20120203 (.Hong Jen Yee (PCMan).) M2 - MFEP: prefs.js [Administrateur - mteietq8.default\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}] [dwhelper] DownloadHelper v4.9.14 (.Michel Gutierrez.) P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll P2 - FPN:Firefox Plugin Navigator . (.Dassault Systèmes SolidWorks Corp. - EModel Plugin.) -- C:\Program Files\Mozilla Firefox\Plugins\npEModelPlugin.dll P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFFICE.DLL P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.5.0".) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.0.) -- C:\WINDOWS\system32\Adobe\Director\np32dsw.dll P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_29 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (...) -- C:\Program Files\Microsoft Silverlight\npctrl.1.0.30716.0.dll (.not file.) P2 - FPN: [HKLM] [@microsoft.com/OfficeLive,version=1.3] - (.Microsoft Corp. - Office Live Update v1.3.) -- C:\Program Files\Microsoft\Office Live\npOLW.dll P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll P2 - FPN: [HKLM] [Adobe Reader] - (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.5.0".) -- C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll ~ Firefox Browser: Scanned in 00mn 07s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = res://ieframe.dll/tabswelcome.htm R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.5.0".) (No version) -- (.not file.) R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 0 ~ IE Browser: Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl" ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 20 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} . (.Safer Networking Limited - Bad download blocker.) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll ~ BHO: 6 Legitimates Scanned in 00mn 03s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [SoundMan] . (.Realtek Semiconductor Corp. - Realtek Sound Manager.) -- C:\WINDOWS\SOUNDMAN.exe O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll O4 - HKLM\..\Run: [nwiz] . (...) -- C:\WINDOWS\system32\nwiz.exe O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMcTray.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe O4 - HKLM\..\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe =>PUP.SweetIM O4 - HKLM\..\Run: [Sweetpacks Communicator] . (.SweetIM Technologies Ltd. - Update Manager for SweetPacks.) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe =>PUP.SweetIM O4 - HKLM\..\Run: [!AVG Anti-Spyware] . (.GRISOFT s.r.o. - AVG Anti-Spyware.) -- C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe O4 - HKLM\..\Run: [KernelFaultCheck] Clé orpheline O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.) O4 - HKUS\S-1-5-18\..\RunOnce: [JkDefrag] rundll32 advpack.dll O4 - HKUS\S-1-5-18\..\RunOnce: [SweetRegistry] rundll32 advpack.dll O4 - HKUS\S-1-5-20\..\RunOnce: [JkDefrag] rundll32 advpack.dll O4 - HKUS\S-1-5-20\..\RunOnce: [SweetRegistry] rundll32 advpack.dll O4 - HKUS\S-1-5-21-329068152-706699826-1417001333-500\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.) ~ Application: Scanned in 00mn 07s ---\\ Autres liens utilisateurs (O4) O4 - GS\Programs: Adobe Reader 9.lnk . (...) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A95000000001}\SC_Reader.ico O4 - GS\Programs: cellule_3D.lnk . (...) -- C:\Program Files\Logiciels SVT\planetes3D\planet3D.exe O4 - GS\Programs: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\Programs: Windows Live Messenger.lnk . (...) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe (.not file.) O4 - GS\Programs: Windows Movie Maker.lnk . (.Microsoft Corporation - Windows Movie Maker.) -- C:\Program Files\Movie Maker\moviemk.exe O4 - GS\Programs: Assistance à distance.lnk . (.Microsoft Corporation - Assistance à distance Microsoft.) -- C:\WINDOWS\system32\rcimlby.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Programs: Outlook Express.lnk . (.Microsoft Corporation - Outlook Express.) -- C:\Program Files\Outlook Express\msimn.exe O4 - GS\Programs: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exe ~ Global Startup: Scanned in 00mn 07s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\OFFICE11\REFBARH.ICO O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Clé orpheline ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) ~ Winsock: 3 Legitimates Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{07BBFA34-E1AC-44A8-A2F3-47EA7D4614B6}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{07BBFA34-E1AC-44A8-A2F3-47EA7D4614B6}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{07BBFA34-E1AC-44A8-A2F3-47EA7D4614B6}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\WINDOWS\system32\cscdll.dll O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\WINDOWS\system32\sclgntfy.dll O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\WlNotify.dll O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Windows Genuine Advantage Notifications.) -- C:\WINDOWS\system32\WgaLogon.dll O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\WINDOWS\system32\wlnotify.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) ~ SSODL: 4 Legitimates Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: AVG Anti-Spyware Guard (AVG Anti-Spyware Guard) . (.GRISOFT s.r.o. - AVG Anti-Spyware guard.) - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 91.36.) - C:\WINDOWS\system32\nvsvc32.exe ~ Services: 4 Legitimates Scanned in 00mn 11s ---\\ Enumération Active Desktop & MHTML Editor (O24) O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp ~ Desktop Component: 1 Legitimates Scanned in 00mn 00s ---\\ BootExecute (O34) ~ BEX: 1 Legitimates Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) ~ IE Control Panel: 4 Legitimates Scanned in 00mn 02s ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Mozilla Firefox - >{D10A0BD6-DEAB-423e-8A6B-373B4BDB3C7B} . (...) -- C:\WINDOWS\INF\firefox.inf ~ Active Setup: 22 Legitimates Scanned in 00mn 02s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (AVG Anti-Spyware Driver) . (...) - C:\Program Files\AVG Anti-Spyware 7.5\guard.sys O41 - Driver: (AvgAsCln) . (.GRISOFT, s.r.o. - AVG7 Clean Driver.) - C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys ~ Drivers: 63 Legitimates Scanned in 00mn 01s ---\\ Logiciels installés (O42) O42 - Logiciel: AVG Anti-Spyware 7.5 - (.Grisoft Ltd..) [HKLM] -- AVGAntiSpyware75 O42 - Logiciel: Adobe Flash Player 11 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin O42 - Logiciel: Adobe Flash Player ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX O42 - Logiciel: Adobe Reader 9.5.0 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A95000000001} O42 - Logiciel: CPU-Z - (...) [HKLM] -- CPUZ O42 - Logiciel: ClearType Tuning - (...) [HKLM] -- ClearTypeCPL O42 - Logiciel: Coeur - (.PP ©.) [HKLM] -- "Coeur"_is1 O42 - Logiciel: CurrPorts - (...) [HKLM] -- CurrPorts O42 - Logiciel: GPU-Z - (...) [HKLM] -- GPUZ O42 - Logiciel: GoRC - (...) [HKLM] -- GoRC O42 - Logiciel: HWMonitor - (...) [HKLM] -- HWMonitor O42 - Logiciel: L'oeil et la vision version 1.06a. - (...) [HKLM] -- L'oeil et la vision_is1 O42 - Logiciel: MemTest - (...) [HKLM] -- MemTest O42 - Logiciel: NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up - (...) [HKLM] -- Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1 O42 - Logiciel: Phylogene V2.5.1 - (...) [HKLM] -- Phylogène collège (version de base)_is1 O42 - Logiciel: Phylogene V2.7.3 - (...) [HKLM] -- Phylogène lycée et collège_is1 O42 - Logiciel: Planètes 3D version 1.02 - (...) [HKLM] -- Planètes 3D_is1 O42 - Logiciel: Pserv - (...) [HKLM] -- Pserv O42 - Logiciel: Quicksys RegDefrag - (...) [HKLM] -- RegDefrag O42 - Logiciel: RegScanner - (...) [HKLM] -- RegScanner O42 - Logiciel: Spybot - Search & Destroy 1.4 - (.Safer Networking Limited.) [HKLM] -- Spybot - Search & Destroy_is1 O42 - Logiciel: SweetIM for Messenger 3.7 - (.SweetIM Technologies Ltd..) [HKLM] -- {A0C9DF2B-89B5-4483-8983-18A68200F1B4} =>PUP.SweetIM O42 - Logiciel: Tweak UI - (...) [HKLM] -- TweakUI O42 - Logiciel: Update Manager for SweetPacks 1.1 - (.SweetIM Technologies Ltd..) [HKLM] -- {EA8FA6BE-29BE-4AF2-9352-841F83215EB0} =>PUP.SweetIM O42 - Logiciel: avast! Free Antivirus v8.0.1483.0 - (.AVAST Software.) [HKLM] -- avast ~ Logic: 101 Legitimates Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\BORDAS] [HKCU\Software\INRP] [HKCU\Software\MOVDLTool] [HKCU\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\RasTop] [HKCU\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\INRP] [HKLM\Software\MetaStream] =>Adware.MetaStream [HKLM\Software\QTLite] [HKLM\Software\SweetIM] =>PUP.SweetIM ~ Key Software: 176 Legitimates Scanned in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 04/04/2013 - 14:27:58 - [18,897] ----D C:\Program Files\AVG Anti-Spyware 7.5 O43 - CFD: 14/03/2012 - 16:34:53 - [1,114] ----D C:\Program Files\File Scanner Library (Spybot - Search & Destroy) O43 - CFD: 30/05/2012 - 14:25:51 - [965,100] ----D C:\Program Files\Logiciels SVT O43 - CFD: 14/03/2012 - 16:34:53 - [0,918] ----D C:\Program Files\Misc. Support Library (Spybot - Search & Destroy) O43 - CFD: 21/01/2010 - 20:13:23 - [11,868] ----D C:\Program Files\Phylogene O43 - CFD: 14/03/2012 - 16:34:55 - [2,981] ----D C:\Program Files\SDHelper (Spybot - Search & Destroy) O43 - CFD: 18/08/2010 - 18:15:43 - [42,922] ----D C:\Program Files\Spybot - Search & Destroy O43 - CFD: 04/04/2013 - 20:10:16 - [7,547] ----D C:\Program Files\SweetIM =>PUP.SweetIM O43 - CFD: 14/03/2012 - 16:34:53 - [4,312] ----D C:\Program Files\TeaTimer (Spybot - Search & Destroy) O43 - CFD: 29/03/2009 - 17:39:10 - [23,677] ----D C:\Program Files\Utilitaires O43 - CFD: 01/04/2009 - 21:39:19 - [1,023] ----D C:\Documents and Settings\Administrateur\Application Data\Delivery ~ Program Folder: 120 Legitimates Scanned in 00mn 28s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 05/04/2013 - 22:13:56 ---A- . (...) -- C:\WINDOWS\RTacDbg.txt [0] O44 - LFC:[MD5.7F32AF8D79573CFDEFE23A1D8FC5F2A3] - 05/04/2013 - 22:09:00 ---A- . (...) -- C:\WINDOWS\system32\nvapps.xml [88386] O44 - LFC:[MD5.6AD95E540F1F230B700F76DCAE77553E] - 05/04/2013 - 22:08:19 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159] O44 - LFC:[MD5.3AE6E745C82EFB336D2104AB434AEAB0] - 05/04/2013 - 22:08:15 ---A- . (...) -- C:\WINDOWS\wiaservc.log [50] O44 - LFC:[MD5.856B0CEE009946BF2D327E6B24FE7E3F] - 03/04/2013 - 17:35:58 ---A- . (.GRISOFT, s.r.o. - AVG7 Clean Driver.) -- C:\WINDOWS\system32\Drivers\AvgAsCln.sys [10872] O44 - LFC:[MD5.C7BC96C3711C0D269DA26D1F0ECEC547] - 31/03/2013 - 20:54:15 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini [69] ~ Files: 24 Legitimates Scanned in 01mn 08s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll O46 - SEH:ShellExecuteHooks - AVG Anti-Spyware 7.5 - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\AVG Anti-Spyware 7.5\shellexecutehook.dll ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export SP - "C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [Enabled] .(.SweetIM Technologies Ltd..) -- C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe =>PUP.SweetIM ~ Keys Export: 9 Legitimates Scanned in 00mn 00s ---\\ Déni du service (Local Security Authority) (O48) ~ LSA: 6 Legitimates Scanned in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) ~ CBS: 21 Legitimates Scanned in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{86898bae-b88c-11e0-98a6-0008d3950e9a}\AutoRun\command. (...) -- E:\Une-cle-pour-demarrer.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) ~ TDSD: 12 Legitimates Scanned in 00mn 00s ---\\ Microsoft Control Security Providers (O54) ~ MSCP: 6 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=1 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=1 ~ MWPS: 7 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "ForceClassicControlPanel"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "LinkResolveIgnoreLinkInfo"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoDesktopCleanupWizard"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoInstrumentation"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsHistory"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoRecentDocsMenu"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveSearch"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoResolveTrack"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMBalloonTip"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMConfigurePrograms"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoSMHelp"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoStartMenuMFUprogramsList"=1 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoStrCmpLogical"=0 O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWelcomeScreen"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "CDRAutoRun"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "HideRunAsVerb"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoCDBurning"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDesktopCleanupWizard"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoInstrumentation"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoNetConnectDisconnect"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRecentDocsHistory"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoRemoteRecursiveEvents"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoResolveTrack"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoSetActiveDesktop"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoStartMenuMFUprogramsList"=1 ~ MWPE Keys: 31 Legitimates Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.023867B6606FBABCDD52E089C4A507DA] - 12/12/2010 - 21:22:34 ---A- . (.Cisco Systems, Inc. - IEEE 802.1X Protocol Driver.) -- C:\WINDOWS\system32\Drivers\AegisP.sys [21361] O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 14/04/2008 - 13:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 03/04/2013 - 17:34:18 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\bookmarkbackups\bookmarks-2013-04-03.json [32001] O61 - LFC: 03/04/2013 - 17:36:02 ---A- C:\Documents and Settings\Administrateur\Bureau\SOS nettoyage PC\AVG Anti-Spyware.lnk [749] O61 - LFC: 03/04/2013 - 18:51:24 ---A- C:\Documents and Settings\Administrateur\Bureau\SOS nettoyage PC\avast! Free Antivirus.lnk [1689] O61 - LFC: 03/04/2013 - 20:22:02 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\signons.sqlite [69632] O61 - LFC: 03/04/2013 - 21:18:31 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\content-prefs.sqlite [10240] O61 - LFC: 03/04/2013 - 21:27:34 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\adblockplus-rules.json [365283] O61 - LFC: 04/04/2013 - 14:05:05 -SHA- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\UserData\index.dat [32768] O61 - LFC: 04/04/2013 - 14:08:08 ---A- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\UserData\TAAFI3IO\mgmhppd[1].xml [142] O61 - LFC: 04/04/2013 - 15:07:02 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\bookmarkbackups\bookmarks-2013-04-04.json [32001] O61 - LFC: 04/04/2013 - 17:48:36 ---A- C:\Documents and Settings\Administrateur\Application Data\Microsoft\Windows\Themes\Custom.theme [8620] O61 - LFC: 04/04/2013 - 19:12:05 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Crash Reports\InstallTime20130326150557 [10] O61 - LFC: 04/04/2013 - 19:12:17 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [714654] O61 - LFC: 04/04/2013 - 19:12:46 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions.sqlite [524288] O61 - LFC: 04/04/2013 - 19:12:48 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\active-update.xml [57] O61 - LFC: 04/04/2013 - 19:12:48 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Mozilla Firefox\updates.xml [13361] O61 - LFC: 04/04/2013 - 19:13:16 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\search.json [11499] O61 - LFC: 04/04/2013 - 19:29:22 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\dh-media-lists.rdf [520] O61 - LFC: 04/04/2013 - 19:29:22 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\dh-smart-names.rdf [629] O61 - LFC: 04/04/2013 - 19:29:50 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\key3.db [16384] O61 - LFC: 05/04/2013 - 19:36:34 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\addons.sqlite [524288] O61 - LFC: 05/04/2013 - 19:36:34 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\addons.sqlite-journal [393824] O61 - LFC: 05/04/2013 - 19:38:31 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\blocklist.xml [58746] O61 - LFC: 05/04/2013 - 19:47:02 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\xmarks.sqlite [65536] O61 - LFC: 05/04/2013 - 20:15:49 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Crash Reports\pending\0ce86e82-3a0f-4a07-be26-8c4d622df5bd.dmp [43433] O61 - LFC: 05/04/2013 - 20:16:01 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Crash Reports\pending\0ce86e82-3a0f-4a07-be26-8c4d622df5bd-browser.dmp [115138] O61 - LFC: 05/04/2013 - 20:16:26 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Crash Reports\pending\0ce86e82-3a0f-4a07-be26-8c4d622df5bd.extra [3575] O61 - LFC: 05/04/2013 - 20:28:03 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\webappsstore.sqlite [2510848] O61 - LFC: 05/04/2013 - 20:34:20 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\formhistory.sqlite [126976] O61 - LFC: 05/04/2013 - 21:20:23 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\bookmarkbackups\bookmarks-2013-04-05.json [32011] O61 - LFC: 05/04/2013 - 21:29:32 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\cert8.db [344064] O61 - LFC: 05/04/2013 - 21:29:32 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\permissions.sqlite [2048] O61 - LFC: 05/04/2013 - 21:34:38 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\sessionstore.bak [112095] O61 - LFC: 05/04/2013 - 21:53:23 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\cookies.sqlite-wal [54528] O61 - LFC: 05/04/2013 - 21:53:23 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\webappsstore.sqlite-wal [1096240] O61 - LFC: 05/04/2013 - 22:07:57 -SHA- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-329068152-706699826-1417001333-500\Credentials [2458] O61 - LFC: 05/04/2013 - 22:10:31 ---A- C:\Documents and Settings\Administrateur\Application Data\Delivery\logs\Delivery Switcher.LOG [82019] O61 - LFC: 05/04/2013 - 22:19:54 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\places.sqlite-shm [32768] O61 - LFC: 05/04/2013 - 22:20:11 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\webapps\webapps.json [2] O61 - LFC: 05/04/2013 - 22:20:14 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\adblockplus\elemhide.css [161] O61 - LFC: 05/04/2013 - 22:20:37 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\cookies.sqlite-shm [32768] O61 - LFC: 05/04/2013 - 22:20:58 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\urlclassifierkey3.txt [154] O61 - LFC: 05/04/2013 - 22:25:18 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\prefs.js [57209] O61 - LFC: 05/04/2013 - 22:33:16 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\webappsstore.sqlite-shm [32768] O61 - LFC: 05/04/2013 - 22:47:53 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\pluginreg.dat [9953] O61 - LFC: 05/04/2013 - 22:48:45 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\downloads.sqlite [98304] O61 - LFC: 05/04/2013 - 22:48:46 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\localstore.rdf [20220] O61 - LFC: 05/04/2013 - 22:50:13 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\startupCache\startupCache.4.little [1331236] O61 - LFC: 05/04/2013 - 22:50:50 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\places.sqlite [10485760] O61 - LFC: 05/04/2013 - 22:51:07 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\cookies.sqlite [2097152] O61 - LFC: 05/04/2013 - 22:51:17 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\sessionstore.js [135194] O61 - LFC: 05/04/2013 - 22:52:14 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\wrcMultiRatingStorage.json [2] O61 - LFC: 05/04/2013 - 22:52:14 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\wrcPhishingStorage.json [6164] O61 - LFC: 05/04/2013 - 22:52:14 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\wrcRatingStorage.json [2] O61 - LFC: 05/04/2013 - 22:52:14 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\wrcUserStorage.json [156] O61 - LFC: 05/04/2013 - 22:52:14 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\wrcVotingStorage.json [2] O61 - LFC: 05/04/2013 - 22:52:14 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\wrcWarningStorage.json [2] O61 - LFC: 05/04/2013 - 22:56:10 ---A- C:\Documents and Settings\Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\_CACHE_CLEAN_ [1] O61 - LFC: 05/04/2013 - 22:56:41 ---A- C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\places.sqlite-wal [424392] ~ 5 Fichiers temporaires (Temporary files) ~ 57 Fichiers cookies (Cookies files) ~ Files: 341 Legitimates Scanned in 51mn 09s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Liste des services Legacy (O64) O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\alg.exe (ALG) .(.Microsoft Corporation - Application Layer Gateway Service.) - LEGACY_ALG O64 - Services: CurCS - 30/05/2007 - C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys (AvgAsCln) .(.GRISOFT, s.r.o. - AVG7 Clean Driver.) - LEGACY_AVGASCLN O64 - Services: CurCS - 30/05/2007 - C:\Program Files\AVG Anti-Spyware 7.5\guard.sys - AVG Anti-Spyware Driver (AVG Anti-Spyware Driver) .(...) - LEGACY_AVG_ANTI-SPYWARE_DRIVER O64 - Services: CurCS - 30/05/2007 - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe (AVG Anti-Spyware Guard) .(.GRISOFT s.r.o. - AVG Anti-Spyware guard.) - LEGACY_AVG_ANTI-SPYWARE_GUARD O64 - Services: CurCS - 10/06/2010 - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks Licensing Service) .(.SolidWorks - System Level Service Utility.) - LEGACY_SOLIDWORKS_LICENSING_SERVICE O64 - Services: CurCS - 14/04/2008 - C:\WINDOWS\system32\svchost.exe (WZCSVC) .(.Microsoft Corporation - Generic Host Process for Win32 Services.) - LEGACY_WZCSVC ~ Legacy: 119 Legitimates Scanned in 00mn 03s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- C:\WINDOWS\system32\WScript.exe ~ FASS Keys: 17 Legitimates Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("keyword.URL", "http://search.sweetim.com/search.asp?barid={8C95E4C5-69CA-405B-971F-D7E4307C6BCA}&src=2&crg=3.1010006&q=[...] =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.RevertDialog.enable", "false"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.Visibility.enable", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.Visibility.intervaldays", "7"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.cargo", "3.1010006"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.cda.HideOveride.enable", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.cda.returnValue", "hide"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.0.enable", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.0.height", "335"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.0.url", "http://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version[...] =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.0.width", "761"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.1.enable", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.1.height", "300"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.1.width", "500"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.2.enable", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.2.height", "150"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.2.url", "http://www.sweetim.com/simffbar/simcdadialog.asp"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dialogs.2.width", "530"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.[...] =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.mode.debug", "false"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.newtab.created", "false"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.newtab.enable", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.previous.keyword.URL", ""); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.rc.url", "http://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.0.callback", "simVerification"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.0.domain-blacklist", ""); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "http://(www.|apps.)?facebook\\.com.*"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.0.enable", "false"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.0.url", "http://sc.sweetim.com/apps/in/fb/infb.js"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.1.callback", "simVerification"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "https://(www.|apps.)?facebook\\.com.*"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.1.enable", "false"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_httpS"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.1.url", "https://sc.sweetim.com/apps/in/fb/infb.js"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.2.callback", ""); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*[...] =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.2.domain-whitelist", ""); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.2.enable", "false"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.scripts.2.url", "http://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.search.external", "PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.search.history.capacity", "10"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.searchguard.enable", "false"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.simapp_id", "{8C95E4C5-69CA-405B-971F-D7E4307C6BCA}"); =>PUP.SweetIM O69 - SBI: prefs.js [Administrateur - mteietq8.default] user_pref("sweetim.toolbar.version", "1.9.0.0"); =>PUP.SweetIM O69 - SBI: SearchScopes [HKCU] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} [DefaultScope] - (Google) - http://www.google.fr O69 - SBI: SearchScopes [HKUS\.DEFAULT] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} [DefaultScope] - (Google) - http://www.google.fr O69 - SBI: SearchScopes [HKUS\S-1-5-18] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} [DefaultScope] - (Google) - http://www.google.fr O69 - SBI: SearchScopes [HKUS\S-1-5-20] {06B469CF-CDC2-47F4-81A9-8EA6E8506E45} [DefaultScope] - (Google) - http://www.google.fr ~ Keys: Scanned in 00mn 00s ---\\ Recherche des services démarrés par Svchost (O83) ~ Services: 40 Legitimates Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.14E0E43D9C2184A19BD83AF270CEA4E6] [SPRF][05/04/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Documents and Settings\Administrateur\Bureau\ZHPDiag2.exe [5528973] [MD5.334B155A29C3AB7A63A18B059316C3F1] [SPRF][03/04/2013] (.Pas de propriétaire - AVAST Software Setup Engine.) -- C:\Program Files\avast_free_antivirus_setup.exe [111691960] [MD5.8D1AEFCC7E0683868294C0D5F592D6EE] [SPRF][02/10/2008] (.Immanens - Installer for Immanens Delivery software suite.) -- C:\Program Files\DeliveryInstaller.exe [6864792] [MD5.C05A03F72386B7C9D5CC7DCEFA8555DA] [SPRF][11/04/2012] (.Dropbox, Inc. - Dropbox 1.2.52 Installer.) -- C:\Program Files\Dropbox 1.2.52.exe [15036792] [MD5.FB3E7C25865C1278E700AF17F04EBACB] [SPRF][10/06/2010] (.Dassault Systèmes SolidWorks Corp. - Pas de description.) -- C:\Program Files\eDrawingsFullEnglish.exe [36744584] [MD5.25D73A2BD775663A3294CD03C4D85630] [SPRF][05/05/2010] (.Microsoft Corporation - Pas de description.) -- C:\Program Files\FileFormatConverters.exe [39060536] [MD5.5BF68FD342EF7F20C5D0D47FFBADE327] [SPRF][01/04/2010] (.Mozilla - Firefox.) -- C:\Program Files\Firefox Setup 3.6.2.exe [8412416] [MD5.6D4DCFF45E0D85C332D324DB695BFC51] [SPRF][22/02/2010] (.Mozilla - Firefox.) -- C:\Program Files\Firefox Setup 3.6.exe [8382888] [MD5.BD2BB11D15B65357B80927AB6C1E208A] [SPRF][02/05/2011] (.Mozilla - Firefox.) -- C:\Program Files\Firefox Setup 4.0.1.exe [12602568] [MD5.9A4935A6B2C1FA0459C0FDD8B5B10724] [SPRF][07/06/2010] (.Google Inc. - Setup.) -- C:\Program Files\GoogleEarthSetup.exe [562848] [MD5.51F26C0051E97A91145971FE5BC632FF] [SPRF][29/04/2009] (.Adobe Systems Incorporated - Adobe® Flash® Player Plugin Installer.) -- C:\Program Files\install_flash_player.exe [1878888] [MD5.D366D75DCDC1140D018E5BBBC9BCAB3F] [SPRF][24/03/2009] (.SFR - Media Center SFR.) -- C:\Program Files\mediacenter.exe [2488008] [MD5.93EE1D78C8C7F8C15137BEE7720B36DF] [SPRF][29/03/2009] (...) -- C:\Program Files\OOo_3.0.1_Win32Intel_install_fr.exe [128780648] [MD5.B943980FFD0F442428E1410A18F59FDC] [SPRF][16/11/2011] (.Microsoft Corporation - Self-Extracting Cabinet.) -- C:\Program Files\Silverlight.exe [6283632] [MD5.7C032F26E2EC5CF153ED4D8080C193B4] [SPRF][29/03/2009] (...) -- C:\Program Files\supercopier_supercopier_2.0_beta_1.9_francais_11010.exe [486519] [MD5.918D20E4DEA1BC41A7729BFCB9E6BA1C] [SPRF][10/09/2009] (...) -- C:\Program Files\TE5126.exe [11045670] ~ Files: Scanned in 05mn 54s ---\\ Scan Additionnel (O88) Database Version : v2.11459 - (05/04/2013) Clés trouvées (Keys found) : 89 Valeurs trouvées (Values found) : 1 Dossiers trouvés (Folders found) : 2 Fichiers trouvés (Files found) : 0 [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}] =>Adware.PriceGong [HKLM\Software\Classes\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}] =>PUP.SweetIM [HKLM\Software\Classes\CLSID\{82ac53b4-164c-4b07-a016-437a8388b81a}] =>PUP.SweetIM [HKLM\Software\Classes\TypeLib\{9dbb28c1-1925-11d3-a498-00104b6eb52e}] =>Adware.MetaStream [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}] =>PUP.SweetIM [HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}] =>Toolbar.Babylon [HKLM\Software\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}] =>PUP.SweetIM [HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}] =>Toolbar.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\sweetim.exe] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer] =>Adware.MetaStream [HKLM\Software\Classes\axmetastream.metastreamctl] =>Adware.MetaStream [HKLM\Software\Classes\axmetastream.metastreamctl.1] =>Adware.MetaStream [HKLM\Software\Classes\sim-packages] =>Toolbar.Agent [HKLM\Software\MetaStream] =>Adware.MetaStream [HKCU\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\PriceGong] =>Adware.PriceGong [HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B] =>PUP.SweetIM [HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B] =>PUP.SweetIM [HKCU\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\SweetIM] =>PUP.SweetIM [HKLM\Software\Viewpoint] =>Adware.MetaStream [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer] =>Adware.MetaStream [HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B] =>PUP.SweetIM [HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432] =>PUP.SweetIM [HKLM\Software\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}] =>PUP.SweetIM [HKLM\Software\Classes\MediaPlayer.GraphicsUtils] =>PUP.SweetIM [HKLM\Software\Classes\MediaPlayer.GraphicsUtils.1] =>PUP.SweetIM [HKLM\Software\Classes\MgMediaPlayer.GifAnimator] =>PUP.SweetIM [HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe] =>PUP.SweetIM [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836] =>PUP.SweetIM^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]:sweetIM =>PUP.SweetIM C:\Program Files\SweetIM =>PUP.SweetIM C:\Program Files\Viewpoint =>Adware.MetaStream ~ Additionnel: Scanned in 01mn 52s ---\\ Product Upgrade Codes (O90) ~ Update Products: 30 Legitimates Scanned in 00mn 00s ---\\ MyComputer Name Space (O92) O92 - MNS: Dossiers Web - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} ~ MNS: 1 Legitimates Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 06/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 30/05/2007 312880 | (AVG Anti-Spyware Guard) . (.GRISOFT s.r.o..) - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe SS - | Demand 13/04/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe SR - | Auto 08/02/2012 153376 | (JavaQuickStarterService) . (.Sun Microsystems, Inc..) - C:\Program Files\Java\jre6\bin\jqs.exe SS - | Demand 04/04/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 24/09/2006 155715 | (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe SS - | Demand 10/06/2010 79360 | (SolidWorks Licensing Service) . (.SolidWorks.) - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe ~ Services: Scanned in 00mn 03s ~ 1068 Legitimates filtered by white list End of the scan (836 lines in 37mn 39s)(0)