Rapport de ZHPDiag v2013.4.27.159 par Nicolas Coolman, Update du 27.04.2013 Run by Paulo at 28.04.2013 21:53:42 State : Version à jour. WhiteList : Enable High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 (Defaut) OBIE: Safari v5.34.57.2 ---\\ Windows Product Information ~ Langage: Français Windows Vista Home Premium Edition, 64-bit (Build 6000) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 3Q6C9 Windows License : OK ~ Windows Remaining Initializations Number : 3 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK ---\\ System Protection avast! Free Antivirus v8.0.1483.0 Malwarebytes Anti-Malware version 1.75.0.1300 ---\\ System Optimizer CCleaner v4.00 ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader X ---\\ System Information ~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4095.2 MB (44% free) System Restore: Activé (Enable) System drive C: has 466 GB (67%) free of 686 GB ---\\ Logged in mode ~ Computer Name: DA-SILVA ~ User Name: Paulo ~ All Users Names: UpdatusUser, Sonia, Paulo, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\Paulo\AppData\Roaming\ ~ %Desktop% : C:\Users\Paulo\Desktop\ ~ %Favorites% : C:\Users\Paulo\Favorites\ ~ %LocalAppData% : C:\Users\Paulo\AppData\Local\ ~ %StartMenu% : C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 466 Go of 686 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go) E:\ CD-ROM drive (Not Inserted) F:\ Floppy drive, Flash card reader, USB Key (Not Inserted) G:\ Floppy drive, Flash card reader, USB Key (Not Inserted) H:\ Floppy drive, Flash card reader, USB Key (Not Inserted) I:\ Floppy drive, Flash card reader, USB Key (Not Inserted) J:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK ~ Security Center: Scanned in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25.02.2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14.07.2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.A4F6142CABA82FB7293ECE5FF864B440] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22.02.2013 - 07:20:51.) -- C:\Windows\System32\wininet.dll [1392128] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20.11.2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20.11.2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28.12.2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14.07.2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14.07.2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20.11.2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20.11.2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20.11.2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14.07.2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14.07.2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27.04.2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20.11.2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12.04.2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14.07.2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20.11.2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14.07.2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20.11.2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20.11.2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/6745 ~ Mes musiques (My Musics) : 30/1813 ~ Mes Videos (My Videos) : 1/2 ~ Mes Favoris (My Favorites) : 1/184 ~ Mes Documents (My Documents) : 3/20352 ~ Mon Bureau (My Desktop) : 1/888 ~ Menu demarrer (Programs) : 1/58 ~ Hidden Files: Scanned in 00mn 07s ---\\ Processus lancés [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.1796] [MD5.A5F78606A9BA8F0C4C8FF9DED6ED5107] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048] [PID.4024] [MD5.D5D8A5E87D3C32C516E5B5E2BA5B0DBF] - (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247768] [PID.3328] [MD5.AAB979089E192ACC0FE1E3C018F8B591] - (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Paulo\AppData\Local\Akamai\netsession_win.exe [4480768] [PID.3460] [MD5.D5543E09953C8A8B12801A3A7AFEE155] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.3532] [MD5.CC37819A9C45FDF9E0577D71D8044319] - (.Apple Inc. - ApplePhotoStreams.exe.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.3628] [MD5.2E8C92F141FB63FDEA22B7268851B9FC] - (.Tomtomax & KoakDesign - Le logiciel de personnalisation de votre GP.) -- C:\Program Files (x86)\Tomtomax Maxi-Box V3\tomtomax_maxibox.exe [1216000] [PID.3984] [MD5.F920FBB43C1CDB905044C91B9A3FD516] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [18643560] [PID.3276] [MD5.415BA804A36B858B1655123061A39136] - (.CREALOGIX E-Payment AG - CLXReader.) -- C:\Program Files (x86)\CLX.PayPen\CLXReader.exe [4108112] [PID.3816] [MD5.6B5B2043BA9C7E473A01F412325123EB] - (.Ralink Technology, Corp. - Ralink Wireless LAN Card Utility.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe [6479712] [PID.3988] [MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.3380] [MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.4840] [MD5.E5CEAE03ADBE620AB405FC609B6C978D] - (.D-Link Corp. - D-Link WLAN Application.) -- C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe [995328] [PID.4884] [MD5.C0E0151199EC1BE8007438308616BC06] - (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe [122880] [PID.5028] [MD5.8AAC9DE2FE08E81B1A5DEF13D3089DC6] - (.Yuna Software - Messenger Plus! (for Skype).) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe [7799808] [PID.4216] [MD5.46DA8E7484AC7A52CE1D6E428398724B] - (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720] [PID.4444] [MD5.C637FC4638A96165256B28D38DE7B953] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe [49208] [PID.4800] [MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4767304] [PID.3736] [MD5.B77081F8221968C7DAB794B0BA55C43E] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896] [PID.4776] [MD5.8E2A7F1F62467A7DCB8AB2C0642F47CA] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.3772] [MD5.30426544CDDC55B8B71DEB556722ECE3] - (.CyberLink - CyberLink MediaLibray Service.) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [210216] [PID.5920] [MD5.D7B653859D504DB160DC4CB9A7565067] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [315256] [PID.6544] [MD5.FE144DB29FE08220948EE92EEA56B43C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7046656] [PID.7284] [MD5.5463971AE736655EC8BD4198B46CE29D] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_169_ActiveX.exe [812424] [PID.1452] [MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.808] [MD5.41735B82DB57E4EBE9504EC400FD120E] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [45248] [PID.1324] [MD5.3927397AC60D943DAF8808AFFED582B7] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1028] [MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1348] [MD5.6163664C7E9CD110AF70180C126C3FDC] - (.Microsoft Corporation - BCM SQL Startup Service.) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [30312] [PID.1132] [MD5.2238B91AC1A12CC6CC4C4FED41258B2A] - (.Hewlett-Packard Company - LightScribe Service.) -- c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2348] [MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2424] [MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2504] [MD5.313A2CDF7A4B514774272D18D418E174] - (.Yuna Software - Service - Messenger Plus! for Skype.) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [125952] [PID.2532] [MD5.D319343661F7FEBFB6F43C453C26E779] - (.Ralink Technology, Corp. - RalinkRegistryWriter.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [193888] [PID.2592] [MD5.86EBD8B1F23E743AAD21F4D5B4D40985] - (.Microsoft Corporation - SQL Browser Service EXE.) -- c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [238944] [PID.2668] [MD5.F620772888B6E3EDEF5C3E71E3D447F0] - (.TomTom - Windows Service for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [92632] [PID.2808] [MD5.837608240884733792DDAE81E50B802A] - (.Microsoft Corporation - SQL Server Windows NT.) -- c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408] [PID.2144] [MD5.BECDDA0990DEBD72A30096533521AD73] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe [213384] [PID.5012] [MD5.835CE0647E4E9F01BEB26201DA6705B4] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 11.0 (component).) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600] [PID.5404] ~ Processes Running: Scanned in 00mn 02s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 23 ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: LyricsTube [64Bits] - {B399EDE8-1525-458C-8DD9-31EADF632D06} . (.Hansen & Destar Apps - LyricsTube.) -- C:\Program Files (x86)\LyricsTube\lrcstube.dll ~ BHO: 20 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [SmartMenu] . (.Pas de propriétaire - SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe O4 - HKLM\..\Run: [PC-Doctor for Windows localizer] . (.PC-Doctor, Inc. - Hardware Diagnostic Tools Localizer.) -- C:\Program Files\PC-Doctor for Windows\localizer.exe O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe O4 - HKLM\..\Run: [eTMonitor] . (.Aladdin Knowledge Systems, Ltd. - PKIMonitor Application.) -- C:\Program Files\Aladdin\eToken\PKIClient\x64\PKIMonitor.exe O4 - HKCU\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe O4 - HKCU\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Paulo\AppData\Local\Akamai\netsession_win.exe O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - ApplePhotoStreams.exe.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [Tomtomax MaxiBox] . (.Tomtomax & KoakDesign - Le logiciel de personnalisation de votre GP.) -- C:\Program Files (x86)\Tomtomax Maxi-Box V3\Tomtomax_MaxiBox.exe O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - HKCU\..\Run: [CLXReader] . (.CREALOGIX E-Payment AG - CLXReader.) -- C:\Program Files (x86)\CLX.PayPen\CLXReader.exe O4 - HKLM\..\Wow6432Node\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe O4 - HKLM\..\Wow6432Node\Run: [NortonOnlineBackupReminder] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - Pas de description.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Wow6432Node\Run: [AppleSyncNotifier] . (.Apple Inc. - AppleSyncNotifier.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Wow6432Node\Run: [D-Link D-Link DWA-125] . (.D-Link Corp. - D-Link WLAN Application.) -- C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe O4 - HKLM\..\Wow6432Node\Run: [WZCSLDR2] . (.Wireless Service - ANIWZCS2 launcher for Windows..) -- C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe O4 - HKLM\..\Wow6432Node\Run: [PlusService] . (.Yuna Software - Messenger Plus! 6.) -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe O4 - HKLM\..\Wow6432Node\Run: [Wondershare Helper Compact.exe] . (.Wondershare - Wondershare Studio.) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [MessengerPlusForSkypeService] . (.Yuna Software - Service - Messenger Plus! for Skype.) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-3800074162-2600359314-499708318-1001\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe O4 - HKUS\S-1-5-21-3800074162-2600359314-499708318-1001\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe O4 - HKUS\S-1-5-21-3800074162-2600359314-499708318-1001\..\Run: [Akamai NetSession Interface] . (.Akamai Technologies, Inc. - Akamai NetSession Client.) -- C:\Users\Paulo\AppData\Local\Akamai\netsession_win.exe O4 - HKUS\S-1-5-21-3800074162-2600359314-499708318-1001\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe O4 - HKUS\S-1-5-21-3800074162-2600359314-499708318-1001\..\Run: [ApplePhotoStreams] . (.Apple Inc. - ApplePhotoStreams.exe.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe O4 - HKUS\S-1-5-21-3800074162-2600359314-499708318-1001\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKUS\S-1-5-21-3800074162-2600359314-499708318-1001\..\Run: [Tomtomax MaxiBox] . (.Tomtomax & KoakDesign - Le logiciel de personnalisation de votre GP.) -- C:\Program Files (x86)\Tomtomax Maxi-Box V3\Tomtomax_MaxiBox.exe O4 - HKUS\S-1-5-21-3800074162-2600359314-499708318-1001\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - HKUS\S-1-5-21-3800074162-2600359314-499708318-1001\..\Run: [CLXReader] . (.CREALOGIX E-Payment AG - CLXReader.) -- C:\Program Files (x86)\CLX.PayPen\CLXReader.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\QuickLaunch: Ricardo Assistant 5 – Superlister.lnk . (.QXL Ricardo - QXL Ricardo Assistant.) -- C:\QXL Ricardo\QXL Ricardo Assistant\QXLAssistant.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\Desktop: Ricardo Assistant 5 – Superlister.lnk . (.QXL Ricardo - QXL Ricardo Assistant.) -- C:\QXL Ricardo\QXL Ricardo Assistant\QXLAssistant.exe O4 - GS\TaskBar: HP MediaSmart.lnk . (...) -- C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (.not file.) O4 - GS\TaskBar: HPAdvisor.lnk . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Apple Safari.lnk . (...) -- C:\Windows\Installer\{AFAC914D-9E83-4A89-8ABE-427521C82CCF}\SafariIco.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Picasa 3.lnk . (.Google Inc. - Picasa.) -- C:\Program Files (x86)\Google\Picasa3\Picasa3.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files (x86)\Ares\Ares.exe O4 - GS\Desktop: Windows Live Messenger .lnk . (...) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.) O4 - GS\TaskBar: Calculator.lnk . (.Microsoft Corporation - Calculatrice de Windows.) -- C:\Windows\system32\calc.exe O4 - GS\QuickLaunch: Apple Safari.lnk . (...) -- C:\Windows\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\SafariIco.exe O4 - GS\QuickLaunch: iTwin.lnk . (.Stefan Moka - iPhone Twin.) -- C:\Program Files (x86)\iTwin\iTwin.exe O4 - GS\QuickLaunch: IZArc.lnk . (...) -- C:\Program Files (x86)\IZArc\IZArc.exe O4 - GS\QuickLaunch: Media converter.lnk . (...) -- C:\Program Files (x86)\Media converter\MediaConverter.exe O4 - GS\QuickLaunch: Microsoft Office Outlook.lnk . (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.exe O4 - GS\QuickLaunch: WildTangent Games App - hp.lnk . (.WildTangent - WildTangent Games App.) -- C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - GS\SendTo: Transfert de fichiers Bluetooth.LNK . (.Microsoft Corporation - Pas de description.) -- C:\Windows\System32\fsquirt.exe O4 - GS\Desktop: adwcleaner.exe - Raccourci.lnk . (...) -- C:\Users\Paulo\Downloads\adwcleaner.exe O4 - GS\Desktop: AutoData.lnk . (...) -- C:\ADCDA2\AutoData.exe O4 - GS\Desktop: iCloud - Raccourci.lnk - Clé orpheline O4 - GS\Desktop: iTwin.lnk . (.Stefan Moka - iPhone Twin.) -- C:\Program Files (x86)\iTwin\iTwin.exe O4 - GS\Desktop: IZArc.lnk . (...) -- C:\Program Files (x86)\IZArc\IZArc.exe O4 - GS\Desktop: Numériser un document ou une photo - Raccourci.lnk - Clé orpheline O4 - GS\Desktop: Search The Web.lnk - Clé orpheline O4 - GS\Desktop: SIW.lnk . (.Topala Software Solutions - System Information.) -- C:\Program Files (x86)\SIW\siw.exe O4 - GS\Desktop: TomTom HOME 2.lnk . (.TomTom International B.V. - TomTomHOME.exe.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOME.exe ~ Global Startup: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{D24606DE-E783-42BC-A774-CE58B8F0D85C}: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158 O17 - HKLM\System\CS1\Services\Tcpip\..\{D24606DE-E783-42BC-A774-CE58B8F0D85C}: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158 O17 - HKLM\System\CS2\Services\Tcpip\..\{D24606DE-E783-42BC-A774-CE58B8F0D85C}: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.2.17.60 62.2.24.162 62.2.17.61 62.2.24.158 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: D_Link_DWA-125 Service (D_Link_DWA-125) . (.Wireless Service - ANIWZCS2 Service Launcher.) - C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe ~ Services: 18 Legitimates Filtered in 00mn 18s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Sing Along Update.job [392] [MD5.00000000000000000000000000000000] [APT] [Go for FilesUpdate] (...) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles [MD5.00000000000000000000000000000000] [APT] [Sing Along Update] (...) -- C:\Program Files (x86)\SingAlong\SingalngUpdater.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{05753D8E-407C-4215-B40C-5D33BD30FE4A}] (...) -- C:\Program Files (x86)\IDX-SCM\IDXSCMLauncher\IDXSCMLauncher.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{05C4F787-EE26-439C-A228-DE58ACBBF5D3}] (...) -- C:\Program Files (x86)\IDX-SCM\IDXSCMLauncher\IDXSCMLauncher.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{21596721-665B-4D22-BA2E-7E1F0301DC55}] (...) -- C:\Users\Paulo\Desktop\opentrust-scm-3.5.2-renault-vectury-prod.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{30BECB3C-DEAB-427E-9C50-322079F4D8FC}] (...) -- E:\DialogysInstall_PC.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{3B81877C-571C-459F-8FB4-0868DF57B892}] (...) -- C:\Users\Paulo\Desktop\opentrust-scm-3.5.2-renault-vectury-prod.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{A0B68602-D9AE-4EBB-9FA3-02578CD2DEC9}] (...) -- C:\Program Files (x86)\IDX-SCM\IDXSCMLauncher\IDXSCMLauncher.exe (.not file.) [0] [MD5.D9C7FE8DCF09CAB161ED2EAD4841BDD7] [APT] [{A57F6E8F-34FE-4D36-B5F9-A5A9A9CCBE66}] (...) -- C:\Users\Paulo\AppData\Local\Ares\My Shared Folder\adobe photoshop 7 fr francais.exe [171147190] [MD5.00000000000000000000000000000000] [APT] [{AF5F179F-1A4F-4352-AAA1-88087EAB36F1}] (...) -- E:\DialogysInstall_PC.exe (.not file.) [0] ~ Scheduled Task: 80 Legitimates Filtered in 00mn 11s ---\\ Logiciels installés (O42) O42 - Logiciel: Akamai NetSession Interface - (.Akamai Technologies, Inc.) [HKCU][64Bits] -- Akamai O42 - Logiciel: Akamai NetSession Interface Service - (...) [HKLM][64Bits] -- Akamai O42 - Logiciel: Ares 2.0.9 - (.Ares Development Group.) [HKLM][64Bits] -- Ares O42 - Logiciel: Athena ASEDrive x64 2.9.0.0 - (.Athena Smartcard Solutions.) [HKLM][64Bits] -- {E7FA5B1D-28A8-4D4D-B3BA-F399B24FCB2B} O42 - Logiciel: AutoData version 3.38 - (...) [HKLM][64Bits] -- {B1F3EDAC-F0A2-4615-A4E1-AAF4358B0157}_is1 O42 - Logiciel: Iminent - (.Iminent.) [HKLM][64Bits] -- {89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00} =>Adware.IMBooster O42 - Logiciel: LyricsTube - (.Hansen & Destar Apps.) [HKLM][64Bits] -- lrcsTube@hansanddeta.com O42 - Logiciel: Media converter - (...) [HKLM][64Bits] -- {729E66B3-1B80-4F3F-8D19-342A89631E1A}_is1 O42 - Logiciel: OpenTrust SCM Client - (.OpenTrust S.A..) [HKLM][64Bits] -- {FD7BA4C0-9B55-4A5F-B96B-777D258C83EE} O42 - Logiciel: QXL Ricardo Assistant 5 - (...) [HKLM][64Bits] -- QXL Ricardo Assistant 5 O42 - Logiciel: QuickShare - (.Linkury Inc..) [HKLM][64Bits] -- {24554447-718C-4EE5-A376-0000014A88D8} =>PUP.QuickShare O42 - Logiciel: Sing Along - (.Xenophesoft.) [HKLM][64Bits] -- singalong@xenophesoft.com O42 - Logiciel: eToken PKI Client 5.1 SP1 - (.Aladdin Knowledge Systems Ltd..) [HKLM][64Bits] -- {BC5C2BEB-87AF-4636-9184-CA10C3C740B8} ~ Logic: 178 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\AppDataLow\Software\LyricsTube] [HKCU\Software\AppDataLow\Software\SingAlong] [HKCU\Software\Ares] [HKCU\Software\BVI] [HKCU\Software\GoforFiles] =>P2P.GoforFiles [HKCU\Software\OpenSC] [HKCU\Software\QXL Ricardo] [HKLM\Software\Wow6432Node\ADSECURITY] [HKLM\Software\Wow6432Node\AUTODATA] [HKLM\Software\Wow6432Node\Autodata Limited] [HKLM\Software\Wow6432Node\GoforFiles] =>P2P.GoforFiles ~ Key Software: 246 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 31.05.2012 - 12:05:58 - [167.816] ----D C:\Program Files (x86)\Ares O43 - CFD: 30.10.2011 - 11:50:18 - [0.201] ----D C:\Program Files (x86)\Athena O43 - CFD: 19.11.2012 - 00:07:01 - [4.451] ----D C:\Program Files (x86)\GoforFiles =>P2P.GoforFiles O43 - CFD: 24.04.2013 - 19:44:42 - [0.391] ----D C:\Program Files (x86)\LyricsTube O43 - CFD: 07.04.2013 - 15:34:28 - [12.993] ----D C:\Program Files (x86)\Media converter O43 - CFD: 30.10.2011 - 11:52:45 - [24.997] ----D C:\Program Files (x86)\OpenTrust O43 - CFD: 28.04.2013 - 20:41:31 - [30.701] ----D C:\Program Files (x86)\Common Files\Akamai O43 - CFD: 07.04.2013 - 13:22:17 - [4.944] ----D C:\ProgramData\BrowserProtect =>Toolbar.Babylon O43 - CFD: 01.05.2010 - 23:43:55 - [0] ----D C:\ProgramData\eMule O43 - CFD: 07.04.2010 - 06:40:16 - [0.001] ----D C:\ProgramData\FRITax 2009 O43 - CFD: 29.12.2012 - 18:38:17 - [16.079] --H-D C:\ProgramData\{40C16E4D-CC1B-47B1-AB26-3C30E47E3809} O43 - CFD: 30.12.2012 - 00:26:04 - [7.012] --H-D C:\ProgramData\{64300630-5B75-49F3-904F-EA6A0C434430} O43 - CFD: 23.12.2009 - 21:51:46 - [5.468] --H-D C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9} O43 - CFD: 19.11.2012 - 00:04:48 - [0.001] ----D C:\Users\Paulo\AppData\Roaming\GoforFiles =>P2P.GoforFiles O43 - CFD: 26.03.2011 - 18:56:39 - [0.017] ----D C:\Users\Paulo\AppData\Roaming\GOL_byHasbro O43 - CFD: 30.10.2011 - 11:52:49 - [0.466] ----D C:\Users\Paulo\AppData\Roaming\OpenTrust O43 - CFD: 04.07.2011 - 20:57:18 - [0.435] ----D C:\Users\Paulo\AppData\Roaming\QXL Ricardo O43 - CFD: 26.03.2011 - 20:00:31 - [0.001] ----D C:\Users\Paulo\AppData\Roaming\StoneLoopsWT O43 - CFD: 01.04.2013 - 20:51:25 - [0.430] ----D C:\Users\Paulo\AppData\Local\55870E93-9597-4423-A576-85E937F25146.aplzod O43 - CFD: 24.03.2013 - 19:19:22 - [32.453] ----D C:\Users\Paulo\AppData\Local\Akamai O43 - CFD: 22.07.2012 - 13:01:12 - [2046.136] ----D C:\Users\Paulo\AppData\Local\Ares O43 - CFD: 01.05.2010 - 23:43:55 - [0] ----D C:\Users\Paulo\AppData\Local\eMule O43 - CFD: 30.10.2011 - 11:52:49 - [1.577] ----D C:\Users\Paulo\AppData\Local\OpenTrust O43 - CFD: 02.05.2010 - 00:26:05 - [0] ----D C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares O43 - CFD: 04.07.2011 - 20:57:10 - [0] ----D C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QXL Ricardo Assistant 5 ~ 598 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 925 Legitimates Filtered in 00mn 09s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.8CF2B639F0324328B9902120198FF4AA] - 24.04.2013 - 20:40:51 ---A- . (...) -- C:\Windows\DeleteOnReboot.bat [97] ~ Files: 23 Legitimates Filtered in 00mn 21s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.DD09DA4EB6F3AF4EC3B91F6B219C8B6B] - 25.04.2013 - 05:52:18 ---A- - C:\Windows\Prefetch\LOCALIZER.EXE-3FF15560.pf O45 - LFCP:[MD5.63FD83B7F99F80408F726796C9BF3B4C] - 25.04.2013 - 05:52:22 ---A- - C:\Windows\Prefetch\ADOBE GAMMA LOADER.EXE-46CBEC9D.pf O45 - LFCP:[MD5.C575A9D2467E8253BC8FBB36A1E1761E] - 25.04.2013 - 05:52:28 ---A- - C:\Windows\Prefetch\PKIMONITOR.EXE-0B56C11E.pf O45 - LFCP:[MD5.8E62A5EB643F916BE005C08AC48DE672] - 25.04.2013 - 05:52:30 ---A- - C:\Windows\Prefetch\MSGPLUSFORSKYPESERVICE.EXE-DD661085.pf O45 - LFCP:[MD5.E6C0167E4072A46E35AAF2173E48D348] - 25.04.2013 - 05:52:34 ---A- - C:\Windows\Prefetch\SWITCHBOARD.EXE-44EC7AA8.pf O45 - LFCP:[MD5.F85480AE4F687918E777E207D328E367] - 25.04.2013 - 21:17:31 ---A- - C:\Windows\Prefetch\CLXREADER.EXE-1CFFA9D5.pf O45 - LFCP:[MD5.A7E5751C3F273077075353B6199DE75D] - 25.04.2013 - 21:17:31 ---A- - C:\Windows\Prefetch\PLUSSERVICE.EXE-A3F8FF04.pf ~ Prefetcher: 138 Legitimates Filtered in 00mn 01s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 19 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14.07.2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 02.06.2002 - 01:18:00 ---A- C:\Users\Paulo\AppData\Local\Ares\My Shared Folder\Photoshop 7 FR by Arsonik\setup\_INST32I.EX_ [296674] O61 - LFC: 28.04.2013 - 19:41:35 ---A- C:\Users\Paulo\Links\Flux de photos.lnk [154] ~ 2 Fichiers temporaires (Temporary files) ~ Files: 88 Legitimates Filtered in 07mn 20s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Apple Inc. - Safari.) -- C:\Program Files (x86)\Safari\Safari.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.F6458218C78936638F67538EC87F6054] [SPRF][06.12.2010] (.Pas de propriétaire - ANPD Helper DLL API library.) -- C:\Users\Paulo\AppData\Local\Temp\ANPDApi.dll [315392] [MD5.8390E3FF29B6C223A3039C4E339EC832] [SPRF][27.03.2013] (...) -- C:\Users\Paulo\AppData\Local\Temp\defaultCache.reg [1472412] [MD5.3D7CDC3E67A97110321BF7453C649B1F] [SPRF][24.01.2013] (...) -- C:\Users\Paulo\AppData\Local\Temp\DeltaTB.exe [775664] [MD5.55A0088B7C46864F77F1A491538229FB] [SPRF][22.03.2010] (.Adobe Systems Incorporated - Adobe® Flash® Player ActiveX Installer.) -- C:\Users\Paulo\AppData\Local\Temp\FlashPlayerUpdate.exe [1960304] [MD5.E5F1E5CAE32811A1AD884BEA43F1247C] [SPRF][17.06.2010] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.1 r53.) -- C:\Users\Paulo\AppData\Local\Temp\FlashPlayerUpdate01.exe [2605008] [MD5.5C9F59022F9B62D722C3CB494D58CB1D] [SPRF][18.10.2010] (...) -- C:\Users\Paulo\AppData\Local\Temp\GLF50C5.tmp.ConduitEngineSetup.exe [157536] [MD5.A55B82103A202C20717F45C201EC4553] [SPRF][18.11.2012] (.Terra Informatica Software, Inc., British C - HTMLayout - embeddable HTML rendering and layout component.) -- C:\Users\Paulo\AppData\Local\Temp\htmlayout.dll [936960] [MD5.2F46A2E37FB05642A0E859545D6B09F7] [SPRF][06.02.2013] (.Iminent - Iminent Setup.) -- C:\Users\Paulo\AppData\Local\Temp\IminentSetup.exe [854848] =>Adware.IMBooster [MD5.4437864C859B4EE2251CDBC5C77D845D] [SPRF][13.04.2010] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Paulo\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe [922400] [MD5.DB5D2225E502A7E6329C8A0CAC2CBF1A] [SPRF][05.08.2010] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Paulo\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe [875296] [MD5.676A86173A1FE2698C6F049D74DC6EB2] [SPRF][16.09.2010] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Paulo\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe [875296] [MD5.B561AE170381399A4D825E4731458679] [SPRF][06.01.2011] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Paulo\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe [884512] [MD5.A8D666FCE8EFD0788FA0DF14FB3491B4] [SPRF][10.02.2011] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Paulo\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe [885536] [MD5.67DC0277321064080BAD0E9E3BC3CBAB] [SPRF][05.05.2011] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Paulo\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe [901408] [MD5.0E2281AEC56203CA6A9E1848F7DBDF5A] [SPRF][19.10.2011] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Paulo\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe [909088] [MD5.EE622B2CD2D3C5CD950D49BD1708A9D4] [SPRF][20.02.2012] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Paulo\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe [909600] [MD5.107167F15D30AA71D7CAFC0326AFB315] [SPRF][08.06.2012] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Paulo\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe [909104] [MD5.8E51D3D38A26EEAC819974C9295AF35F] [SPRF][29.08.2012] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Paulo\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe [908272] [MD5.47C6B9B408CBB4DEE11A1EE517CD89BE] [SPRF][01.10.2012] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Paulo\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe [912880] [MD5.81EBC5DB32DA754CAE9E200B70F06DE2] [SPRF][23.10.2010] (.Microsoft Corporation - Barre d'outils Bing.) -- C:\Users\Paulo\AppData\Local\Temp\MSNC92A.exe [469256] [MD5.408416EB4F50DAB83625481C0B4E6692] [SPRF][02.10.2012] (.NVIDIA Corporation - NVIDIA 3D Vision Control Panel API.) -- C:\Users\Paulo\AppData\Local\Temp\nvSCPAPI.dll [903584] [MD5.539639C041241616B08C0158C4F8DE60] [SPRF][02.10.2012] (.NVIDIA Corporation - Stereoscpic 3D driver Installer API.) -- C:\Users\Paulo\AppData\Local\Temp\nvStInst.exe [612712] [MD5.BC78F9D077DEA05B892F6111AA1AA45E] [SPRF][01.07.2012] (.Google Inc. - Picasa.) -- C:\Users\Paulo\AppData\Local\Temp\PicasaUpdater_6004.exe [15124368] [MD5.B5EA241BE06D8BC0B9680AD0D8BDE608] [SPRF][24.01.2013] (...) -- C:\Users\Paulo\AppData\Local\Temp\readSTILog.dll [118352] [MD5.4AC204A3300C97A7733A12B082C93B9F] [SPRF][14.09.2010] (.Hewlett-Packard Company - Resource.) -- C:\Users\Paulo\AppData\Local\Temp\Resource.exe [36920] [MD5.59148AC8DDD79AA1A9AD9D58749FA403] [SPRF][03.03.2013] (.Pas de propriétaire - Sing Along.) -- C:\Users\Paulo\AppData\Local\Temp\SingAlong.exe [264403] [MD5.4F0570CF12E7EBFD5DD2BCFB93E285FC] [SPRF][12.02.2013] (.Pas de propriétaire - Linkury.Installer.MsiWrapper.) -- C:\Users\Paulo\AppData\Local\Temp\SmartbarExeInstaller.exe [8565016] =>Hijacker.SmartBar [MD5.376EAD6E862E2957628576A77C08D1E1] [SPRF][24.04.2013] (.Pas de propriétaire - LyricsTube.) -- C:\Users\Paulo\AppData\Local\Temp\sngalng.exe [288489] [MD5.589B6B8F928AE6B3C1196FC8EAF46D42] [SPRF][07.03.2010] (.Hewlett-Packard Development Company, L.P. - HP Support Assistant Update.) -- C:\Users\Paulo\AppData\Local\Temp\sp44614.exe [31216200] [MD5.EE03FCE44982A6BF170AE7ACBD4BFB9D] [SPRF][10.05.2010] (.Hewlett-Packard Development Company, L.P. - HP Support Assistant Application Update.) -- C:\Users\Paulo\AppData\Local\Temp\sp46257.exe [35418120] [MD5.973EB43753F50BCD15EC5578B317C78F] [SPRF][18.12.2010] (.Hewlett-Packard Development Company, L.P. - HP Support Assistant Application Update.) -- C:\Users\Paulo\AppData\Local\Temp\sp49905.exe.exe [49922736] [MD5.C48DB6D2C11D3577ADD9AC535CE4A027] [SPRF][29.09.2011] (.Hewlett-Packard Development Company, L.P. - HP Support Assistant Application Update.) -- C:\Users\Paulo\AppData\Local\Temp\sp53904.exe [62422488] [MD5.A62912D14501566ECB8F3B3476E217D2] [SPRF][31.05.2012] (.Hewlett-Packard Development Company, L.P. - HP Support Assistant Application Update.) -- C:\Users\Paulo\AppData\Local\Temp\sp54931.exe [57826304] [MD5.5C89E24D47562D08D9447F7BAA14338D] [SPRF][18.11.2012] (.http://goforfiles.com/ - GoforFiles Application.) -- C:\Users\Paulo\AppData\Local\Temp\uninstall41045220.exe [904848] =>P2P.GoforFiles [MD5.A55B82103A202C20717F45C201EC4553] [SPRF][18.11.2012] (.Terra Informatica Software, Inc., British C - HTMLayout - embeddable HTML rendering and layout component.) -- C:\Users\Paulo\AppData\Local\Temp\uninstall41045267.exe [936960] [MD5.A55B82103A202C20717F45C201EC4553] [SPRF][18.11.2012] (.Terra Informatica Software, Inc., British C - HTMLayout - embeddable HTML rendering and layout component.) -- C:\Users\Paulo\AppData\Local\Temp\uninstall41046405.exe [936960] [MD5.CB6EAF1B9F7D03F2BCE600158A0B64A9] [SPRF][18.11.2012] (.http://www.goforfiles.com/ - GoforFiles.) -- C:\Users\Paulo\AppData\Local\Temp\uninstall41046499.exe [4667024] =>P2P.GoforFiles [MD5.239CB72E0605A43BF856BCD49712D1FA] [SPRF][27.09.2012] (.Hewlett-Packard Company - HP Support Assistant Uninstaller.) -- C:\Users\Paulo\AppData\Local\Temp\UninstallHPSA.exe [114080] [MD5.0980ED49BA5D6F1D108DDC67C5672689] [SPRF][23.06.2011] (.Hewlett-Packard Company - HP Support Assistant Uninstaller.) -- C:\Users\Paulo\AppData\Local\Temp\UninstallHPTCA.exe [449592] [MD5.369F582B7ED531F30D1D879B43391EBA] [SPRF][01.04.2013] (.Yuna Software - Setup - Messenger Plus!.) -- C:\Users\Paulo\AppData\Local\Temp\Update_2e6d.exe [1081200] [MD5.E9BE011BEC6419CDF649FDC472838DEB] [SPRF][14.10.2012] (.Yuna Software - Setup of Messenger Plus! 6.) -- C:\Users\Paulo\AppData\Local\Temp\Update_2e84.exe [1043896] [MD5.FDD12B8E9A85414BDDD18E42C463AF44] [SPRF][17.12.2011] (.Yuna Software - Setup of Messenger Plus! 5.) -- C:\Users\Paulo\AppData\Local\Temp\Update_3a4c.exe [1138576] [MD5.903B8FE17225A472DED2ABA3FB08CD51] [SPRF][06.11.2010] (.Yuna Software - Messenger Plus! Live Setup.) -- C:\Users\Paulo\AppData\Local\Temp\Update_43ad.exe [4853144] [MD5.807245CFE00E1C9C2E7898193341AC79] [SPRF][25.09.2011] (.Yuna Software - Setup of Messenger Plus! 5.) -- C:\Users\Paulo\AppData\Local\Temp\Update_47a5.exe [915856] [MD5.7F363A3AAFC80FE457F28ABE93F7114E] [SPRF][21.08.2010] (.Yuna Software - Messenger Plus! Live Setup.) -- C:\Users\Paulo\AppData\Local\Temp\Update_5180.exe [4832664] [MD5.478E9D2578A35563F96C02FEC71085A8] [SPRF][01.04.2012] (.Yuna Software - Setup of Messenger Plus! 5.) -- C:\Users\Paulo\AppData\Local\Temp\Update_5cfe.exe [1151376] [MD5.1BECE9F68E87D919D481751ACC5E3D3F] [SPRF][25.02.2012] (.Yuna Software - Setup of Messenger Plus! 5.) -- C:\Users\Paulo\AppData\Local\Temp\Update_65fa.exe [1150352] [MD5.FFB6C31EE998B93F1DC38C02DD40865F] [SPRF][19.06.2010] (.Yuna Software - Messenger Plus! Live Setup.) -- C:\Users\Paulo\AppData\Local\Temp\Update_a060.exe [4672336] [MD5.C3A3A4CDCF3D6A196201703E2288D8FC] [SPRF][10.02.2013] (.Yuna Software - Setup of Messenger Plus! 6.) -- C:\Users\Paulo\AppData\Local\Temp\Update_c8fa.exe [1161584] [MD5.8811B5B2567CAC9555F1A3E8812E2045] [SPRF][25.06.2011] (.Yuna Software - Setup of Messenger Plus! 5.) -- C:\Users\Paulo\AppData\Local\Temp\Update_dd86.exe [7184784] [MD5.679EAF2CB7A14DF0F56C5C90F0F39557] [SPRF][18.08.2012] (.Yuna Software - Setup of Messenger Plus! 5.) -- C:\Users\Paulo\AppData\Local\Temp\Update_f718.exe [1160624] [MD5.9C861801951E8CA9500F7061497AD0BA] [SPRF][28.02.2010] (...) -- C:\Users\Paulo\AppData\Roaming\wklnhst.dat [236] [MD5.6FF9135B8C59B13D608A49D930509C6A] [SPRF][10.02.2013] (.Google Inc. - Google Update Setup.) -- C:\Users\Paulo\Desktop\GoogleEarthSetup.exe [763408] [MD5.83CBDE6DAC5805DB08387939DEDADA73] [SPRF][17.02.2011] (...) -- C:\Users\Paulo\Desktop\greenpois0n.exe [5298620] [MD5.5C5BDDB8C61A90F84FFAEDCFDC28F005] [SPRF][02.12.2011] (.Stefan Moka - iPhone Twin.) -- C:\Users\Paulo\Desktop\iTwin.exe [810496] [MD5.683FDD3D773C58B262DC07CD0C6CE938] [SPRF][24.04.2013] (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Users\Paulo\Desktop\mbam-setup-1.75.0.1300.exe [10285040] [MD5.40FC808FA8F448C3E355E15C716491CA] [SPRF][30.06.2012] (.Google Inc. - Picasa.) -- C:\Users\Paulo\Desktop\picasa39-setup.exe [15263592] [MD5.F18CC0951ED5A4CB7551F7FBE431DD14] [SPRF][28.11.2010] (...) -- C:\Users\Paulo\Desktop\redsn0w.exe [15257088] [MD5.F22412515DFB28A4F0DE3F75071EC909] [SPRF][19.06.2011] (.Pas de propriétaire - TinyUmbrella - Save your SHSH!.) -- C:\Users\Paulo\Desktop\tinyumbrella-5.00.00.exe [1901568] [MD5.9F502DE8525FF88B19062CAA955740EB] [SPRF][19.05.2007] (.Pas de propriétaire - VirtualDub.) -- C:\Users\Paulo\Desktop\VirtualDub.exe [758272] ~ Files: Scanned in 00mn 06s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "TCP Query User{10F9831D-C7B0-41EE-9E56-A8D6227AEF45}C:\program files (x86)\ares\ares.exe" | In - Private - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe O87 - FAEL: "UDP Query User{3EEAB169-D5A7-4E05-81A4-6E083E38FA49}C:\program files (x86)\ares\ares.exe" | In - Private - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe O87 - FAEL: "TCP Query User{28A781B0-0DF6-476C-9FCE-DA2DEC530E89}C:\program files (x86)\ares\chatserver.exe" | In - Private - P6 - TRUE | .(.Ares Development Group - Ares Chat Server.) -- C:\program files (x86)\ares\chatserver.exe O87 - FAEL: "UDP Query User{74088088-525C-47AC-8BDA-5F78B23DEDA0}C:\program files (x86)\ares\chatserver.exe" | In - Private - P17 - TRUE | .(.Ares Development Group - Ares Chat Server.) -- C:\program files (x86)\ares\chatserver.exe O87 - FAEL: "TCP Query User{C7FE4546-C3FE-480D-A567-1A4FC7B99FCE}C:\program files (x86)\ares\ares.exe" | In - Public - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe O87 - FAEL: "UDP Query User{7A138DD3-CF3D-424A-81D7-3E3903812C87}C:\program files (x86)\ares\ares.exe" | In - Public - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files (x86)\ares\ares.exe O87 - FAEL: "{C5E4F89D-E317-412B-AFEC-763CBD89BD0F}" | In - Public - P6 - TRUE | .(.Pas de propriétaire - upc cablecom assistant.) -- C:\Program Files (x86)\upc cablecom\assistant\Assistant.exe O87 - FAEL: "{10EB5519-933B-490C-A20D-5AAB244141BA}" | In - Public - P17 - TRUE | .(.Pas de propriétaire - upc cablecom assistant.) -- C:\Program Files (x86)\upc cablecom\assistant\Assistant.exe O87 - FAEL: "{BC082A70-3527-4D16-85EC-E412269DEDD4}" | In - Public - P6 - TRUE | .(.mquadr.at software engineering & consulting - The professional internet setup software..) -- C:\Program Files (x86)\upc cablecom\installer\upc_cablecom_installer.exe O87 - FAEL: "{D095B005-1E1F-47EB-9D95-EFAE36AC4A04}" | In - Public - P17 - TRUE | .(.mquadr.at software engineering & consulting.) -- C:\Program Files (x86)\upc cablecom\installer\upc_cablecom_installer.exe O87 - FAEL: "{D67A00F3-2AF2-4A8C-A8CB-A7CA2F3F66B1}" | In - Private - P6 - TRUE | .(.mquadr.at software engineering & consulting.) -- C:\Program Files (x86)\upc cablecom\installer\upc_cablecom_installer.exe O87 - FAEL: "{1D948878-99DF-4D82-B288-209089B49543}" | In - Private - P17 - TRUE | .(.mquadr.at software engineering & consulting.) -- C:\Program Files (x86)\upc cablecom\installer\upc_cablecom_installer.exe O87 - FAEL: "{1E5C7E6E-4067-4EED-A727-CAB9C8E08CFD}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.exe (.not file.) =>Adware.IMBooster O87 - FAEL: "{A570DB73-E2B7-4B3C-BD36-B7358E177982}" |In - None - P17 - TRUE | .(...) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (.not file.) =>Adware.IMBooster ~ Firewall: 238 Legitimates Filtered in 00mn 01s ---\\ Scan Additionnel (O88) Database Version : v2.11735 - (27.04.2013) Clés trouvées (Keys found) : 11 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 1 Fichiers trouvés (Files found) : 2 [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] =>Toolbar.DeltaSearch [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}] =>PUP.Funmoods [HKLM\Software\Wow6432Node\Topala Software Solutions\OpenCandy] =>Adware.OpenCandy C:\Program Files (x86)\Conduit =>Toolbar.Conduit C:\Users\Paulo\AppData\Local\Temp\IminentSetup.exe =>Adware.IMBooster ~ Additionnel Scan: 532378 Items scanned in 01mn 10s ---\\ Product Upgrade Codes (O90) O90 - PUC: "3D8DDBDE0BCBE8546906A216771F1E27" . (.CLX.NetBanking BCF.) -- C:\Windows\Installer\{EDBDD8D3-BCB0-458E-9660-2A6177F1E172}\appicon.exe O90 - PUC: "45BBEC296F3A7C14C93F16A242935165" . (.CLX.PayPen - CLX.PayPen Wireless.) -- C:\Windows\Installer\{92CEBB54-A3F6-41C7-9CF3-612A24391556}\appicon.exe O90 - PUC: "ACFD5B980E184AE4A8A0F404781ADD00" . (.Iminent.) -- C:\Windows\Installer\{89B5DFCA-81E0-4EA4-8A0A-4F4087A1DD00}\imbooster.ico =>Adware.IMBooster O90 - PUC: "BEB2C5CBFA7863641948AC013C7C048B" . (.eToken PKI Client 5.1 SP1.) -- C:\Windows\Installer\{BC5C2BEB-87AF-4636-9184-CA10C3C740B8}\AppRTEicon O90 - PUC: "D1B5AF7E8A82D4D43BAB3F992BF4BCB2" . (.Athena ASEDrive x64 2.9.0.0.) -- C:\Windows\Installer\{E7FA5B1D-28A8-4D4D-B3BA-F399B24FCB2B}\ARPPRODUCTICON.exe ~ Update Products: 166 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 23.09.2012 171600 | (AdobeActiveFileMonitor11.0) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe SR - | Auto 18.12.2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 24.04.2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 14.07.2009 27136 | c:\program files (x86)\common files\akamai\netsession_win_ca0e279.dll (Akamai) . (.Akamai Technologies, Inc..) - C:\Windows\System32\svchost.exe SR - | Auto 21.12.2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SS - | Auto 11.06.2012 193616 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe SR - | Demand 11.06.2012 240208 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe SR - | Auto 30.08.2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SS - | Auto 21.08.2009 126976 | (D_Link_DWA-125) . (.Wireless Service.) - C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe SS - | Disabled 0 | (D_Link_DWA-125_WPS) . (...) - C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe SR - | Auto 14.07.2009 27136 | C:\Windows\System32\ezsvc7.dll (ezSharedSvc) . (.EasyBits Sofware AS.) - C:\Windows\System32\svchost.exe SS - | Demand 12.10.2010 206072 | (GamesAppService) . (.WildTangent, Inc..) - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe SS - | Auto 18.11.2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 18.11.2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 09.05.2011 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Auto 27.09.2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe SS - | Demand 10.08.2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe SR - | Demand 20.02.2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SR - | Auto 20.08.2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe SS - | Demand 12.09.2010 251248 | (maconfservice) . (.CybelSoft.) - C:\Program Files (x86)\ma-config.com\maconfservice.exe SR - | Auto 04.04.2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 04.04.2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe SR - | Auto 27.02.2013 125952 | (MsgPlusService) . (.Yuna Software.) - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe SR - | Auto 18.01.2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SS - | Auto 03.12.2012 1259880 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 01.06.2010 193888 | (RalinkRegistryWriter) . (.Ralink Technology, Corp..) - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe SR - | Auto 01.06.2010 211296 | (RalinkRegistryWriter64) . (.Ralink Technology, Corp..) - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe SS - | Auto 01.03.2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SR - | Auto 18.01.2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SS - | Demand 19.02.2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe SR - | Auto 05.12.2012 92632 | (TomTomHOMEService) . (.TomTom.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe SR - | Auto 14.07.2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Auto 14.07.2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 01s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net ~ MBR: 2 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Paulo at 28.04.2013 22:07:23 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 2243 Legitimates filtered by white list End of the scan (633 lines in 13mn 41s)(0)