Rapport de ZHPDiag v2013.4.10.58 par Nicolas Coolman, Update du 2013-04-10 Run by Administrateur at 2013-04-11 07:46:41 State : High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v10.0.9200.16519 MFIE: Mozilla Firefox 19.0.2 v19.0.2 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows 8 Business Edition, 32-bit (Build 9200) Windows Server License Manager Script : OK ~ ion : Windows(R) Operating System, RETAIL channel Windows ID Activation : OK ~ Windows Partial Key : YG667 Windows License : OK ~ Windows Remaining Initializations Number : 1000 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader X Java 7 Update 17 Windows Defender W8 ---\\ System Information ~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 3027 MB (63% free) System Restore: Activé (Enable) System drive C: has 115 GB (52%) free of 218 GB ---\\ Logged in mode ~ Computer Name: FRED ~ User Name: Administrateur ~ All Users Names: postgres, Mcx1-FRED, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\Administrateur\AppData\Roaming\ ~ %Desktop% : C:\Users\Administrateur\Desktop\ ~ %Favorites% : C:\Users\Administrateur\Favorites\ ~ %LocalAppData% : C:\Users\Administrateur\AppData\Local\ ~ %StartMenu% : C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 115 Go of 218 Go) D:\ CD-ROM drive (Not Inserted) E:\ CD-ROM drive (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.953ADECFF08202A01EFC6110214FDE02] - (.Microsoft Corporation - Explorateur Windows.) (.2012-10-11 - 00:56:41.) -- C:\Windows\Explorer.exe [2115952] [MD5.7109FF769FFF962869C50D720F7AA7D7] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2012-07-25 - 22:21:01.) -- C:\Windows\System32\Wininit.exe [101376] [MD5.4FF6180429DA389E4154B10450E7C0B8] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2013-02-04 - 23:58:01.) -- C:\Windows\System32\wininet.dll [1766912] [MD5.87DA6ACA9AF2F536C68471787D1B3F4A] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.2012-10-11 - 00:08:28.) -- C:\Windows\System32\Winlogon.exe [411648] [MD5.FAB11E1AC62579A9BE21593319F8E464] - (.Microsoft Corporation - Bibliothèque de licences.) (.2012-07-25 - 22:20:01.) -- C:\Windows\System32\sppcomapi.dll [246784] [MD5.F12EFEE4DD20519D0DDF8D78704EE4DE] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.2012-11-05 - 22:50:41.) -- C:\Windows\system32\Drivers\AFD.sys [438272] [MD5.48D8C3F2006698691F5AE0BB595FDCC8] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2012-07-25 - 22:42:31.) -- C:\Windows\system32\Drivers\atapi.sys [22768] [MD5.00B4FA77732C7823D292ECD672660882] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2012-07-25 - 21:38:28.) -- C:\Windows\system32\Drivers\Cdfs.sys [89088] [MD5.4E707EC5071DD8F5C29A7410780BD4C3] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2012-07-25 - 21:33:53.) -- C:\Windows\system32\Drivers\Cdrom.sys [135680] [MD5.B21FDAC50FCD4CE53C203F097273532A] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2012-07-25 - 21:34:25.) -- C:\Windows\system32\Drivers\DfsC.sys [92160] [MD5.4A219AB84D6936C2A61FF44D32EF378D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2012-09-20 - 00:29:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [62464] [MD5.11EDC37780E8A2F8E311D73F7658A4D7] - (.Microsoft Corporation - Pilote de port i8042.) (.2012-07-25 - 21:36:23.) -- C:\Windows\system32\Drivers\i8042prt.sys [89600] [MD5.57B0C0D982013C72911A3F5CBA795034] - (.Microsoft Corporation - IP Network Address Translator.) (.2012-07-25 - 21:29:57.) -- C:\Windows\system32\Drivers\IpNat.sys [126976] [MD5.5FAC7AC77D9ADD42579EDF678F08DF9F] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.2013-02-05 - 17:30:11.) -- C:\Windows\system32\Drivers\MRxSmb.sys [304128] [MD5.303A053C25E468B9925C22288BEF8484] - (.Microsoft Corporation - MBT Transport driver.) (.2012-07-25 - 21:31:28.) -- C:\Windows\system32\Drivers\netBT.sys [254464] [MD5.99C73E3FE9B36275BD91D2009F2BA2E0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2013-02-02 - 04:53:24.) -- C:\Windows\system32\Drivers\ntfs.sys [1614568] [MD5.8BCE63AF5B52642E832630F862DE96EF] - (.Microsoft Corporation - Pilote de port parallèle.) (.2012-07-25 - 21:38:17.) -- C:\Windows\system32\Drivers\Parport.sys [90624] [MD5.6E0649D7325D85C47C844EB3267E4625] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2012-07-25 - 21:30:07.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [88064] [MD5.2CAD2A13569741C67CD9C52F97E0F992] - (.Microsoft Corporation - Redirecteur de périphérique de Microsoft RDP.) (.2012-07-25 - 21:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [156160] [MD5.0886D9F1B5A5334FBB143A260E4BFB5C] - (.Microsoft Corporation - TDI Translation Driver.) (.2012-07-25 - 23:17:16.) -- C:\Windows\system32\Drivers\tdx.sys [97792] [MD5.8E15C3D58A8ADE841060661DBA6E7A9B] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2012-07-25 - 22:39:34.) -- C:\Windows\system32\Drivers\volsnap.sys [282352] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/1929 ~ Mes musiques (My Musics) : 60/1768 ~ Mes Videos (My Videos) : 2/51 ~ Mes Favoris (My Favorites) : 1/47 ~ Mes Documents (My Documents) : 2/4146 ~ Mon Bureau (My Desktop) : 2/110 ~ Menu demarrer (Programs) : 1/32 ~ Hidden Files: Scanned in 00mn 03s ---\\ Processus lancés [MD5.DDBF4AC59767DDB0BEBCAE267EBF0C38] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) -- C:\WINDOWS\system32\taskhostex.exe [53760] [PID.2196] [MD5.DAF94FB704ADB9103F6B693E2637D6F6] - (.Dell Inc. - DW WLAN Card Wireless Network Tray Applet.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [4685824] [PID.976] [MD5.0B1B7568CED61ABF5FD717F28175C96A] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.1632] [MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848] [PID.1156] [MD5.DEAE808A574CF9FC667D6939387FC1CE] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [770544] [PID.6088] [MD5.99B6CE3840F5AD5C4B13B666249AA467] - (.Microsoft Corporation - Microsoft Search Client Server.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe [316208] [PID.5824] [MD5.B17CCFF325948F931ED63D88D0EA3AB0] - (.Adobe Systems Incorporated - Adobe® Flash® Player Utility.) -- C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe [714072] [PID.4448] [MD5.AD3A07FEBB3B9F0110C90C26FC95E029] - (.Microsoft Corporation - Runtime Broker.) -- C:\Windows\System32\RuntimeBroker.exe [29808] [PID.4344] [MD5.92E7844F390DE723C61A5AE4A0C9DC16] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6663168] [PID.4048] ~ Processes Running: Scanned in 00mn 00s ---\\ Opera, Plugins,Démarrage,Recherche (P1,B0,B1) P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin.dll P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin2.dll P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin3.dll P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin4.dll P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin5.dll P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin6.dll P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin7.dll P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin.dll P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin2.dll P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin3.dll P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin4.dll P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin5.dll P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin6.dll P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin7.dll ~ Opera Browser: Scanned in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\8eyvrg9g.default\prefs.js P2 - FPN:Firefox Plugin Navigator . (.Dassault Systèmes SolidWorks Corp. - EModel Plugin.) -- C:\Program Files\Mozilla Firefox\Plugins\npEModelPlugin.dll P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll ~ Firefox Browser: 42 Legitimates Scanned in 00mn 01s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com ~ IE Browser: 9 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects de navigateur (O2) ~ BHO: 8 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: PDF Architect Toolbar - [HKLM]{25A3A431-30BB-47C8-AD6A-E1063801134F} . (.pdfforge GbR - PDF Architect Toolbar.) -- C:\Program Files\PDF Architect\PDFIEPlugin.dll ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] . (.Dell Inc. - DW WLAN Card Wireless Network Tray Applet.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [LWS] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [WD Drive Unlocker] . (.Western Digital - WD Drive Auto Unlock.) -- C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe O4 - HKLM\..\Run: [WD Quick View] . (.Western Digital Technologies, Inc. - WD Quick View.) -- C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - HKUS\S-1-5-21-188933929-389463662-1403380907-500\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop: Beyond Compare 2.lnk . (...) -- C:\Program Files\Beyond Compare 2\BC2.exe (.not file.) O4 - GS\Desktop: DBDesigner 4.lnk . (...) -- C:\Program Files\fabFORCE\DBDesigner4.exe O4 - GS\Desktop: Movies2iPhone.lnk . (...) -- C:\Program Files\Movies2iPhone\Movies2iPhone.exe ~ Global Startup: Scanned in 00mn 03s ---\\ Invisibilité de l'icône d'options IE dans le panneau de Configuration (O5) ~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office 15\root\Office15\lync.exe O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) ~ Winsock: 7 Legitimates Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} ((no name)) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} ((no name)) - http://www.solidworks.fr/sw/support/subscription/sldimdownload.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{79D30020-7C06-40A3-8A6A-637443CF901C}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{79D30020-7C06-40A3-8A6A-637443CF901C}: DhcpDomain = gateway.2wire.net O17 - HKLM\System\CS1\Services\Tcpip\..\{79D30020-7C06-40A3-8A6A-637443CF901C}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{79D30020-7C06-40A3-8A6A-637443CF901C}: DhcpDomain = gateway.2wire.net O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21) ~ SSODL: 1 Legitimates Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: BrSplService (Brother XP spl Service) . (.brother Industries Ltd - brsvc01a.) - C:\Windows\system32\brsvc01a.exe O23 - Service: DW WLAN Tray Service (wltrysvc) . (...) - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.exe ~ Services: 14 Legitimates Scanned in 00mn 03s ---\\ Enumération Active Desktop & MHTML Editor (O24) ~ Desktop Component: 1 Legitimates Scanned in 00mn 00s ---\\ BootExecute (O34) ~ BEX: 1 Legitimates Scanned in 00mn 00s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [{0135B95B-A0C6-445E-8EB2-E1A517541850}] (...) -- C:\Users\Administrateur\AppData\Local\Temp\Temp1_pbsetup.zip\pbsetup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{179EF33A-A8D2-4E71-A0A9-32779BE7E959}] (...) -- C:\Users\Administrateur\AppData\Local\Temp\Temp1_pb105cd1win32.zip\PowerBuilder105\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{33264FBF-7381-448E-A900-926CC0E4F5B6}] (...) -- C:\Users\Administrateur\Documents\Downloads\Uninstall\brunins.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{347499B3-FF4F-4F0F-8B0B-764148598008}] (...) -- C:\Users\Administrateur\AppData\Local\Temp\Temp1_pb105cd1win32.zip\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{57DAE3B3-3E45-407C-855B-BB070D68E224}] (...) -- C:\Program Files\D-Link\SharePort Utility\Couninst.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{781985D0-0B77-4383-A39E-729FF4E08CDD}] (...) -- C:\Users\Administrateur\Downloads\DBDesigner4.0.5.6_Setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{BED81265-6CAE-430D-AF01-48596A627D6F}] (...) -- C:\Users\Administrateur\AppData\Local\Temp\Temp1_mymanager_lite.zip\MyManagerLiteSetup.exe (.not file.) [0] ~ Scheduled Task: 25 Legitimates Scanned in 00mn 08s ---\\ Composants installés (ActiveSetup Installed Components) (O40) ~ Active Setup: 10 Legitimates Scanned in 00mn 00s ---\\ Pilotes lancés au démarrage (O41) ~ Drivers: 36 Legitimates Scanned in 00mn 00s ---\\ Logiciels installés (O42) O42 - Logiciel: BackUp Maker v6.4 - (.ASCOMP Software GmbH.) [HKLM] -- BackUp Maker_is1 O42 - Logiciel: Jext - Java Text Editor - (.Romain Guy.) [HKLM] -- Jext_is1 O42 - Logiciel: LINDO 6.1 - (.XXXXXXXX.) [HKLM] -- {C19796D5-E477-40A1-8C78-DF2EB439D99B} O42 - Logiciel: MediaHuman YouTube to MP3 Converter version 2.7.2 - (...) [HKLM] -- MediaHuman YouTube to MP3 Converter_is1 O42 - Logiciel: Office 15 Click-to-Run Extensibility Component - (.Microsoft Corporation.) [HKLM] -- {90150000-008C-0000-0000-0000000FF1CE} O42 - Logiciel: Office 15 Click-to-Run Licensing Component - (.Microsoft Corporation.) [HKLM] -- {90150000-007E-0000-0000-0000000FF1CE} O42 - Logiciel: Office 15 Click-to-Run Localization Component - (.Microsoft Corporation.) [HKLM] -- {90150000-008C-040C-0000-0000000FF1CE} O42 - Logiciel: Pando Media Booster - (.Pando Networks Inc..) [HKLM] -- {980A182F-E0A2-4A40-94C1-AE0C1235902E} O42 - Logiciel: TextPad 4.7 - (.Nom de votre société.) [HKLM] -- {B510A987-487E-4C66-9F4F-D386AC275715} O42 - Logiciel: Vuze - (.Vuze Inc..) [HKLM] -- 8461-7759-5462-8226 ~ Logic: 121 Legitimates Scanned in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\ASCOMP] [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar [HKCU\Software\Azureus] [HKCU\Software\LINDO Systems, Inc.] [HKCU\Software\MGS] [HKCU\Software\MediaHuman] [HKCU\Software\Microgaming] [HKCU\Software\MightyUninstaller] [HKCU\Software\Pando Networks] [HKCU\Software\Softonic] [HKCU\Software\ƒAƒvƒŠƒP[ƒVƒ‡ƒ“ ƒEƒBƒU[ƒh‚Ŷ¬‚³‚ꂽƒ[ƒJƒ‹ ƒAƒvƒŠƒP[ƒVƒ‡ƒ“] [HKLM\Software\Aventail VPN Client] [HKLM\Software\Azureus] [HKLM\Software\EnterpriseDB] [HKLM\Software\Humyo] [HKLM\Software\NetMotion] [HKLM\Software\Nortel Networks] [HKLM\Software\Pando Networks] ~ Key Software: 238 Legitimates Scanned in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 2010-04-28 - 19:50:36 - [0,140] ----D C:\Program Files\BlueVoda Website Builder O43 - CFD: 2011-10-03 - 19:14:16 - [0] ----D C:\Program Files\EMS O43 - CFD: 2010-04-19 - 19:12:32 - [14,370] ----D C:\Program Files\fabFORCE O43 - CFD: 2012-02-03 - 19:03:56 - [0,001] ----D C:\Program Files\ImpotExpert 2009 O43 - CFD: 2012-02-03 - 19:04:10 - [0,704] ----D C:\Program Files\ImpotExpert 2010 O43 - CFD: 2013-01-28 - 14:41:49 - [0,000] ----D C:\Program Files\ImpotExpert 2011 O43 - CFD: 2010-03-22 - 20:14:54 - [41,603] ----D C:\Program Files\Jext O43 - CFD: 2012-08-26 - 16:26:52 - [42,390] ----D C:\Program Files\MediaHuman O43 - CFD: 2012-06-10 - 20:25:31 - [6,671] ----D C:\Program Files\Pando Networks O43 - CFD: 2010-07-17 - 21:29:14 - [47,311] ----D C:\Program Files\PostgresPlus O43 - CFD: 2010-03-23 - 20:17:55 - [3,468] ----D C:\Program Files\TextPad 4 O43 - CFD: 2012-03-02 - 17:36:31 - [17,845] ----D C:\Program Files\Vuze O43 - CFD: 2010-04-19 - 19:12:32 - [0,050] ----D C:\Program Files\Common Files\fabFORCE O43 - CFD: 2012-12-02 - 15:37:17 - [0] ----D C:\ProgramData\boost_interprocess O43 - CFD: 2010-09-25 - 13:24:29 - [0,000] ----D C:\ProgramData\DriverBoost O43 - CFD: 2011-10-11 - 19:52:10 - [0,001] ----D C:\ProgramData\Malwarebytes O43 - CFD: 2012-05-09 - 16:56:12 - [993,978] ----D C:\ProgramData\MGS O43 - CFD: 2013-01-28 - 15:19:13 - [0] --H-D C:\ProgramData\~0 O43 - CFD: 2012-03-02 - 21:34:07 - [0,092] ----D C:\Users\Administrateur\AppData\Roaming\ar O43 - CFD: 2013-01-26 - 23:20:15 - [4,608] ----D C:\Users\Administrateur\AppData\Roaming\Azureus O43 - CFD: 2013-01-27 - 11:52:43 - [5,546] ----D C:\Users\Administrateur\AppData\Roaming\OpenCandy =>Adware.OpenCandy O43 - CFD: 2012-04-23 - 19:36:13 - [0] ----D C:\Users\Administrateur\AppData\Roaming\TextPad O43 - CFD: 2012-08-26 - 16:27:39 - [0] ----D C:\Users\Administrateur\AppData\Local\MediaHuman O43 - CFD: 2013-03-26 - 14:09:06 - [0] ----D C:\Users\Administrateur\AppData\Local\TempFichierSauvegardeSW ~ Program Folder: 274 Legitimates Scanned in 04mn 46s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) ~ LFC: 79 Legitimates Scanned in 00mn 16s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.29CEAA6A5967DED2C4309D59CE52E1B7] - 2013-03-14 - 15:40:35 ---A- - C:\Windows\Prefetch\PIANO8.EXE-D622AC60.pf O45 - LFCP:[MD5.454045D54E23BEEBA3E7418465D892CE] - 2013-03-20 - 10:34:33 ---A- - C:\Windows\Prefetch\WAB.EXE-5899287B.pf O45 - LFCP:[MD5.2768645425DBC8F8BF094221B5248A17] - 2013-03-27 - 09:34:20 ---A- - C:\Windows\Prefetch\CALCULATOR.EXE-0B9DFB0D.pf O45 - LFCP:[MD5.11EDA6A3302603B99C380260FF59F416] - 2013-03-27 - 12:19:34 ---A- - C:\Windows\Prefetch\WD DRIVE UNLOCK.EXE-2380C6AE.pf O45 - LFCP:[MD5.309D1D0CC4D1F20EF999638846684AE2] - 2013-03-27 - 16:06:54 ---A- - C:\Windows\Prefetch\WDAPP.EXE-6B3F936D.pf O45 - LFCP:[MD5.D2ED90F3132638B069A4AEBBCF3FDDAB] - 2013-04-02 - 07:54:42 ---A- - C:\Windows\Prefetch\SMARTSCREENSETTINGS.EXE-23226BDD.pf O45 - LFCP:[MD5.1C9DB1DC49CFBEF304939EE2CB2333E8] - 2013-04-02 - 16:44:02 ---A- - C:\Windows\Prefetch\ASTRONOID.EXE-D2F50392.pf O45 - LFCP:[MD5.B8F120088B3967A02662A137955877B3] - 2013-04-06 - 07:48:41 ---A- - C:\Windows\Prefetch\MIGHTYUNINSTALLER_SETUP.TMP-71A26C59.pf O45 - LFCP:[MD5.EA3A7D4912C507C5041E8EF124D219AE] - 2013-04-06 - 07:48:45 ---A- - C:\Windows\Prefetch\MIGHTYUNINSTALLER_SETUP.TMP-09ECCE8A.pf O45 - LFCP:[MD5.F1A23910619E6EC21E2B978143FE7767] - 2013-04-06 - 07:50:22 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-C19F1944.pf O45 - LFCP:[MD5.304749B861E162E19FBF336D446F1730] - 2013-04-06 - 07:56:49 ---A- - C:\Windows\Prefetch\SKYA805.TMP-18FE7E25.pf O45 - LFCP:[MD5.7B988D5075E38FCC97DF9CBF9DD70FC2] - 2013-04-08 - 08:47:02 ---A- - C:\Windows\Prefetch\GX DEVELOPER-FX.EXE-84F1D17E.pf O45 - LFCP:[MD5.FE845DF2C56C33EFD855EEC9F03F186D] - 2013-04-08 - 08:48:51 ---A- - C:\Windows\Prefetch\GX DEVELOPER-FX.EXE-A3DAC888.pf O45 - LFCP:[MD5.3BD901F7922A93C578D5DD60F72E8E20] - 2013-04-08 - 13:57:37 ---A- - C:\Windows\Prefetch\YOUTUBETOMP3.EXE-F9B12E6C.pf O45 - LFCP:[MD5.42CDC36EA600F523E3082ADB38968CD3] - 2013-04-09 - 06:26:31 ---A- - C:\Windows\Prefetch\REPLAYVIDEO.EXE-3947CD3D.pf O45 - LFCP:[MD5.08EB79EE1783113068B2F6A694A16FD5] - 2013-04-09 - 13:08:41 ---A- - C:\Windows\Prefetch\SLDWORKS.EXE-6DE69F12.pf O45 - LFCP:[MD5.A86B0DF90EFA2599EC379144F3EC9773] - 2013-04-10 - 10:36:57 ---A- - C:\Windows\Prefetch\dynreservedpri.db O45 - LFCP:[MD5.57532C367DA14D1A5D0B4F8B0F5F460A] - 2013-04-10 - 10:37:11 ---A- - C:\Windows\Prefetch\SRTASKS.EXE-3C9D2EEC.pf O45 - LFCP:[MD5.D14CBD8B65C2D0DD18CD32CFAC7454B1] - 2013-04-10 - 19:08:28 ---A- - C:\Windows\Prefetch\SWSPMANAGER.EXE-6AA2E71D.pf O45 - LFCP:[MD5.7E9DFD1B112FFD15CC154C9F412A4849] - 2013-04-10 - 19:08:39 ---A- - C:\Windows\Prefetch\SLDPROCMON.EXE-E029A4BA.pf O45 - LFCP:[MD5.CD4324D7DBA55A0391C99C73B9B2FB13] - 2013-04-10 - 19:08:39 ---A- - C:\Windows\Prefetch\SLDWORKS.EXE-E5D429C1.pf O45 - LFCP:[MD5.83EC436BDE54B7D930CE9B5F981AC016] - 2013-04-10 - 19:11:26 ---A- - C:\Windows\Prefetch\SLDSHELLEXTSERVER.EXE-CA586E64.pf O45 - LFCP:[MD5.A9A9968FA93A1E33F8A4981E17BC9686] - 2013-04-10 - 20:22:57 ---A- - C:\Windows\Prefetch\PMB.EXE-149621F3.pf O45 - LFCP:[MD5.877661A86A105CA23E19FEE324C88669] - 2013-04-10 - 20:46:00 ---A- - C:\Windows\Prefetch\CONNECT.SERVICE.CONTENTSERVIC-A7C7C922.pf O45 - LFCP:[MD5.B9AA5CFBDCF6D7900C3431324BB1F29B] - 2013-04-10 - 21:02:11 ---A- - C:\Windows\Prefetch\WSHOST.EXE-20E1A6EA.pf O45 - LFCP:[MD5.9E172B47FB415AB41B4ED1BB845A4EB8] - 2013-04-10 - 21:18:11 ---A- - C:\Windows\Prefetch\WDLOCKEDFILES.EXE-EE26236A.pf O45 - LFCP:[MD5.78C35779AEA0DDD73AD5BDA553CF049C] - 2013-04-11 - 06:29:15 ---A- - C:\Windows\Prefetch\IAANOTIF.EXE-C3128AE7.pf O45 - LFCP:[MD5.E3BF7C438F43A24DFF792387F885A3C0] - 2013-04-11 - 06:29:49 ---A- - C:\Windows\Prefetch\SCSERVER.EXE-FAFA817A.pf ~ Prefetcher: 196 Legitimates Scanned in 00mn 03s ---\\ Déni du service (Local Security Authority) (O48) ~ LSA: 9 Legitimates Scanned in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) ~ CBS: 17 Legitimates Scanned in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{3d1e3bca-496b-11e2-bf70-806e6f6e6963}\AutoRun\command. (...) -- F:\WD Drive Unlock.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ Trojan Driver Search Data (HKLM) (O52) ~ TDSD: 3 Legitimates Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) ~ SMSR Keys: 6 Legitimates Scanned in 00mn 00s ---\\ Microsoft Control Security Providers (O54) ~ MSCP: 2 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1 ~ MWPS: 18 Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) ~ MWPE Keys: 1 Legitimates Scanned in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.96191579DDB1A201A2FB79C1D05680B4] - 2012-07-25 - 22:42:31 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [85232] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2012-07-25 - 17:52:51 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 2013-04-08 - 08:46:57 ---A- C:\Users\Administrateur\Documents\Cours\Génie Mécanique\4e session\Automatismes industriels\GX\FX Configurator-EN\%drive_C%\MELSEC\GPPW\Gppw.Ini [9889] O61 - LFC: 2013-04-08 - 08:46:57 ---A- C:\Users\Administrateur\Documents\Cours\Génie Mécanique\4e session\Automatismes industriels\GX\FX Configurator-EN\Registry.rw.tvr.lck [60] O61 - LFC: 2013-04-08 - 08:46:57 ---A- C:\Users\Administrateur\Documents\Cours\Génie Mécanique\4e session\Automatismes industriels\GX\FX Configurator-EN\Registry.tlog.cache [65536] O61 - LFC: 2013-04-08 - 08:47:02 ---A- C:\Users\Administrateur\Documents\Cours\Génie Mécanique\4e session\Automatismes industriels\GX\FX Configurator-EN\Registry.rw.tvr [36864] O61 - LFC: 2013-04-08 - 08:47:02 ---A- C:\Users\Administrateur\Documents\Cours\Génie Mécanique\4e session\Automatismes industriels\GX\FX Configurator-EN\Registry.rw.tvr.transact [36864] O61 - LFC: 2013-04-08 - 08:47:02 ---A- C:\Users\Administrateur\Documents\Cours\Génie Mécanique\4e session\Automatismes industriels\GX\FX Configurator-EN\Registry.tlog [19456] O61 - LFC: 2013-04-08 - 12:09:59 ---A- C:\Users\Administrateur\AppData\Roaming\Microsoft\Forms\EXCEL.box [12800] O61 - LFC: 2013-04-08 - 12:10:53 ---A- C:\Users\Administrateur\AppData\Roaming\Microsoft\Excel\Excel15.xlb [10104] O61 - LFC: 2013-04-08 - 14:05:35 ---A- C:\Users\Administrateur\Videos\RVC Recordings\19-2 Saison 2 Épisode 7 - TOU.TV -.mpg [12786277] O61 - LFC: 2013-04-08 - 14:09:54 ---A- C:\Users\Administrateur\Videos\RVC Recordings\19-2 Saison 2 Épisode 6 - TOU.TV -.mpg [15576498] O61 - LFC: 2013-04-09 - 06:27:44 ---A- C:\Users\Administrateur\Videos\RVC Recordings\Québec sexy - Une playlist sur Dailymotion -[11].mpg [13456000] O61 - LFC: 2013-04-09 - 06:29:20 ---A- C:\Users\Administrateur\Videos\RVC Recordings\Québec sexy - Une playlist sur Dailymotion -[12].mpg [28557010] O61 - LFC: 2013-04-09 - 06:52:03 ---A- C:\Users\Administrateur\Videos\RVC Recordings\2 frogs dans l'ouest Streaming VF » Film Streaming -.mpg [17779633] O61 - LFC: 2013-04-09 - 07:03:05 -SHA- C:\Users\Administrateur\Videos\Thumbs.db [4096] O61 - LFC: 2013-04-09 - 13:08:43 ---A- C:\Users\Administrateur\AppData\Local\SolidWorks\CXPA\20130409140831_20.2.0.0055.zip [1991] O61 - LFC: 2013-04-09 - 13:54:20 ---A- C:\Users\Administrateur\AppData\Roaming\SolidWorks\SolidWorks 2012\swxJRNL.BAK [483942] O61 - LFC: 2013-04-10 - 19:08:33 ---A- C:\Users\Administrateur\AppData\Local\SolidWorks\CXPA\20130410200829_20.2.0.0055.zip [12702] O61 - LFC: 2013-04-10 - 19:11:17 ---A- C:\Users\Administrateur\AppData\Roaming\SolidWorks\SolidWorks 2012\swxJRNL.swj [94260] O61 - LFC: 2013-04-10 - 20:22:52 ---A- C:\Users\Administrateur\AppData\Local\PMB Files\cert\secmod.db [16384] O61 - LFC: 2013-04-10 - 20:35:24 ---A- C:\Users\Administrateur\AppData\Local\PMB Files\cert\cert8.db [65536] O61 - LFC: 2013-04-10 - 20:35:24 ---A- C:\Users\Administrateur\AppData\Local\PMB Files\cert\key3.db [16384] O61 - LFC: 2013-04-10 - 20:35:24 ---A- C:\Users\Administrateur\AppData\Local\PMB Files\pando.save [10225] ~ 22 Fichiers temporaires (Temporary files) ~ Files: 715 Legitimates Scanned in 10mn 28s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) ~ FASS Keys: 19 Legitimates Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche des services démarrés par Svchost (O83) ~ Services: 35 Legitimates Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.3BB84349396CFCFF74B0A0CBE81C190C] [SPRF][2011-05-30] (...) -- C:\ProgramData\ezsidmv.dat [56] [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][2013-01-27] (...) -- C:\Users\Administrateur\AppData\Local\WavXMapDrive.bat [0] [MD5.876DF625E242A10E46DAB5D77C7F6C87] [SPRF][2013-03-26] (.Microsoft Corporation - Self-Extracting Cabinet.) -- C:\Users\Administrateur\AppData\Local\Temp\IPx86_1036.exe [19885952] [MD5.C6AA274F69EBDD86F75B7E3E4FA58AF4] [SPRF][2013-01-31] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Administrateur\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe [915376] [MD5.5CC163324A11091C975B686EF4C52C73] [SPRF][2013-02-16] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\Administrateur\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe [897448] [MD5.A620A735458E04AE0CF471319B6D6E7D] [SPRF][2013-03-01] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\Administrateur\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe [897448] [MD5.241270AB16BE407767DE70143E8DB3AF] [SPRF][2012-03-14] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\Administrateur\AppData\Local\Temp\tbWise.dll [4398376] =>Toolbar.Conduit [MD5.404D11F891C281853BC658B30A15E695] [SPRF][2013-04-11] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Administrateur\Desktop\ZHPDiag2.exe [5551512] [MD5.E3815CD387F4E37269914D7762903CE4] [SPRF][2011-02-03] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\Windows\Downloaded Program Files\IDropENU.dll [113888] [MD5.988DF18DC66DC34FF664168E371526B9] [SPRF][2011-02-16] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\Windows\Downloaded Program Files\IDropFRA.dll [116040] [MD5.6CDCCCC096DEBB05C50A6E69D056DD75] [SPRF][2007-05-04] (.SolidWorks Corporation - sldimdownload Module.) -- C:\Windows\Downloaded Program Files\sldimdownload.dll [726560] ~ Files: Scanned in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{9DB125B9-AC68-4990-9C4B-EDD0176F160B}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe (.not file.) O87 - FAEL: "{0F50D901-98FD-450C-A4EF-1D6425672790}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe (.not file.) O87 - FAEL: "{23013309-623C-4F90-9F63-7EB35D5A59A8}" | In - None - P6 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "{B3A8D83F-F919-47CD-B45E-F6FF44A93002}" | In - Private - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "{D5FA3E58-68D5-4D73-B314-0BF7D6B79158}" | In - Private - P6 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "{5A0DFC39-3EC5-49E2-8297-7D1A74236E0F}" | In - Domain - P17 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "{DC0AE0B9-DDEE-428E-95B7-268401F52C6D}" | In - Domain - P6 - TRUE | .(.Pas de propriétaire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe O87 - FAEL: "UDP Query User{9EC53B5F-1C1A-4B1E-B4F4-DCFF3370294B}C:\program files\ascomp software\backup maker\bkmaker.exe" | In - Private - P17 - TRUE | .(.ASCOMP Software GmbH.) -- C:\program files\ascomp software\backup maker\bkmaker.exe O87 - FAEL: "TCP Query User{5631FA26-B6A2-403C-ACF2-8EB8F07DB3D9}C:\program files\ascomp software\backup maker\bkmaker.exe" | In - Private - P6 - TRUE | .(.ASCOMP Software GmbH.) -- C:\program files\ascomp software\backup maker\bkmaker.exe O87 - FAEL: "UDP Query User{54E02E3B-5CC3-400D-B5AB-7A740453CCA2}C:\program files\vuze\azureus.exe" | In - Public - P17 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\program files\vuze\azureus.exe O87 - FAEL: "TCP Query User{71F0C25C-D494-4955-8AC8-0BCD0AE6CACB}C:\program files\vuze\azureus.exe" | In - Public - P6 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\program files\vuze\azureus.exe O87 - FAEL: "{F2335CA5-8111-4537-81B3-AB57B8099B06}" | In - Private - P17 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\Program Files\Vuze\Azureus.exe O87 - FAEL: "{292BA80A-3253-4A15-A632-4E3B7C452D60}" | In - Private - P6 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\Program Files\Vuze\Azureus.exe O87 - FAEL: "UDP Query User{D00F665C-7C92-4943-BF7F-3D96E5C109FD}C:\program files\sybase\shared\sybase central 4.3\win32\scjview.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files\sybase\shared\sybase central 4.3\win32\scjview.exe O87 - FAEL: "TCP Query User{850A2D5E-EC50-4611-89D8-B98CD4D3D3E3}C:\program files\sybase\shared\sybase central 4.3\win32\scjview.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files\sybase\shared\sybase central 4.3\win32\scjview.exe O87 - FAEL: "UDP Query User{3DD2F143-DB04-4C8D-96FF-BF12851FC7C0}C:\program files\sybase\shared\sybase central 4.3\win32\scjview.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files\sybase\shared\sybase central 4.3\win32\scjview.exe O87 - FAEL: "TCP Query User{0C7AE7E9-61D0-46CB-8D0C-8D3398E42A56}C:\program files\sybase\shared\sybase central 4.3\win32\scjview.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files\sybase\shared\sybase central 4.3\win32\scjview.exe O87 - FAEL: "UDP Query User{9AB5114E-228A-48D8-B7B7-0030C8CC96AA}C:\xampp\mysql\bin\mysqld.exe" | In - Public - P17 - TRUE | .(.MySQL AB - The MySQL Server.) -- C:\xampp\mysql\bin\mysqld.exe O87 - FAEL: "TCP Query User{422D9DF1-11DF-4695-AAD2-D63D39F7319A}C:\xampp\mysql\bin\mysqld.exe" | In - Public - P6 - TRUE | .(.MySQL AB - The MySQL Server.) -- C:\xampp\mysql\bin\mysqld.exe O87 - FAEL: "UDP Query User{CE4B4C36-73E7-40CE-A723-F5B9B311CDCF}C:\xampp\mysql\bin\mysqld.exe" | In - Private - P17 - TRUE | .(.MySQL AB - The MySQL Server.) -- C:\xampp\mysql\bin\mysqld.exe O87 - FAEL: "TCP Query User{9C6A6529-B77F-429B-A0A2-E66B2A9E32F2}C:\xampp\mysql\bin\mysqld.exe" | In - Private - P6 - TRUE | .(.MySQL AB - The MySQL Server.) -- C:\xampp\mysql\bin\mysqld.exe ~ Firewall: 291 Legitimates Scanned in 00mn 03s ---\\ Scan Additionnel (O88) Database Version : v2.11504 - (2013-04-10) Clés trouvées (Keys found) : 11 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 5 Fichiers trouvés (Files found) : 4 [HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Toolbar.Conduit [HKLM\Software\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}] =>Dialer.IEAcess [HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent [HKLM\Software\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent [HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Canneverbe Limited\OpenCandy] =>Adware.OpenCandy [HKLM\Software\Classes\Toolbar.CT3196716] =>Toolbar.Conduit C:\Program Files\Conduit =>Toolbar.Conduit C:\Users\Administrateur\AppData\Roaming\OpenCandy =>Adware.OpenCandy C:\Users\Administrateur\AppData\Local\Conduit =>Toolbar.Conduit C:\Users\Administrateur\AppData\LocalLow\Conduit =>Toolbar.Conduit C:\Users\Administrateur\AppData\LocalLow\PriceGong =>Adware.PriceGong C:\Users\Administrateur\AppData\Local\Temp\GoogleToolbarInstaller1.log =>Toolbar.Babylon C:\Users\Administrateur\AppData\Local\Temp\GoogleToolbarInstaller2.log =>Toolbar.Babylon C:\Users\Administrateur\AppData\Local\Temp\tbWise.dll =>Toolbar.Conduit ~ Additionnel: Scanned in 00mn 16s ---\\ Product Upgrade Codes (O90) ~ Update Products: 77 Legitimates Scanned in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 2012-12-18 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 2013-03-12 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 2012-12-21 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 18656 | (Autodesk Content Service) . (...) - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe SR - | Auto 2011-08-30 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 2002-04-11 57344 | (Brother XP spl Service) . (.brother Industries Ltd.) - C:\Windows\system32\brsvc01a.exe SS - | Demand 2012-01-20 89160 | (CoordinatorServiceHost) . (.Dassault Systèmes SolidWorks Corp..) - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe SS - | Demand 2012-02-05 1044816 | (FLEXnet Licensing Service) . (.Flexera Software, Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe SS - | Auto 2010-08-08 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 2010-08-08 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SR - | Auto 2009-08-07 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe SS - | Demand 2013-02-20 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 2013-03-13 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 2013-01-09 1324104 | (PDF Architect Helper Service) . (.pdfforge GbR.) - C:\Program Files\PDF Architect\HelperService.exe SR - | Auto 2013-01-09 795208 | (PDF Architect Service) . (.pdfforge GbR.) - C:\Program Files\PDF Architect\ConversionService.exe SR - | Auto 2010-09-22 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe SS - | Auto 2013-02-28 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Demand 2013-02-28 79360 | (SolidWorks Licensing Service) . (.SolidWorks.) - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe SS - | Demand 2011-03-16 407336 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe SR - | Auto 2012-09-19 1157056 | (WDBackup) . (.Western Digital.) - C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe SR - | Auto 2012-09-06 248248 | (WDDriveService) . (.Western Digital.) - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe SR - | Auto 2012-09-19 1177536 | (WDRulesService) . (.Western Digital.) - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe SR - | Auto 26112 | (wltrysvc) . (...) - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.exe SS - | Demand 2012-09-20 23040 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 1 Legitimates Scanned in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Administrateur at 2013-04-11 08:06:20 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 2127 Legitimates filtered by white list End of the scan (650 lines in 19mn 39s)(0)