Rapport de ZHPDiag v2013.6.3.5 par Nicolas Coolman, Update du 03/juin/2013 Run by Fernand at 04/juin/2013 07:02:23 WebSite: http://nicolascoolman.webs.com State : WhiteList : Enable High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v10.0.9200.16576 MFIE: Mozilla Firefox 21.0 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : Absent (Not found) Windows ID Activation : Inconnue (Unknown) Windows Licence : Inconnue (Unknown) Software Protection Service (Protection logicielle) : KO Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection Avira Free Antivirus v13.0.0.3640 Malwarebytes Anti-Malware version 1.75.0.1300 Windows Defender W7 ---\\ System Optimizer CCleaner v4.01 =>Piriform Ltd ---\\ Peer To Peer (P2P) eMule ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader XI Java 7 Update 21 ---\\ System Information ~ Processor: x86 Family 16 Model 6 Stepping 3, AuthenticAMD ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 2815 MB (61% free) System Restore: Activé (Enable) System drive C: has 164 GB (67%) free of 243 GB ---\\ Logged in mode ~ Computer Name: FERNAND-PC ~ User Name: Fernand ~ All Users Names: UpdatusUser, HomeGroupUser$, Fernand, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\Fernand\AppData\Roaming\ ~ %Desktop% : C:\Users\Fernand\Desktop\ ~ %Favorites% : C:\Users\Fernand\Favorites\ ~ %LocalAppData% : C:\Users\Fernand\AppData\Local\ ~ %StartMenu% : C:\Users\Fernand\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 164 Go of 243 Go) D:\ CD-ROM drive (Not Inserted) E:\ Hard drive, Flash drive, Thumb drive (Free 192 Go of 222 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: 35 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.40D777B7A95E00593EB1568C68514493] - (.Microsoft Corporation - Explorateur Windows.) (.20/nov./2010 - 07:17:09.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.13/juil./2009 - 20:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.5ABB3F36AF17007F33FA275E96A2C95E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.05/avr./2013 - 00:28:24.) -- C:\Windows\System32\wininet.dll [1767424] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/nov./2010 - 07:17:54.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/nov./2010 - 07:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/avr./2011 - 21:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/juil./2009 - 20:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/juil./2009 - 18:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/nov./2010 - 03:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/nov./2010 - 03:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/nov./2010 - 04:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.13/juil./2009 - 18:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/juil./2009 - 18:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/avr./2011 - 21:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/nov./2010 - 03:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/avr./2013 - 08:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.13/juil./2009 - 18:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/juil./2009 - 18:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/nov./2010 - 05:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/juil./2009 - 18:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/nov./2010 - 03:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/nov./2010 - 07:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 1/3677 ~ Mes musiques (My Musics) : 1/22 ~ Mes Favoris (My Favorites) : 1/907 ~ Mes Documents (My Documents) : 2/607 ~ Mon Bureau (My Desktop) : 2/76 ~ Menu demarrer (Programs) : 0/36 ~ Hidden Files: Scanned in 00mn 06s ---\\ Processus lancés [MD5.A44375E1D6828865BAE97EE2C2084813] - (.IDEAL Computer Services, Inc. - IDEAL Calendar.) -- C:\Program Files\IDEAL Calendar\Calendar.exe [593920] [PID.3124] [MD5.FD579C25D253A47DF82A76B7EE96ADB5] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345312] [PID.3132] [MD5.F65E9E1BA41A512592013542FDAC8E72] - (.ACD Systems - acdID InTouch2.) -- C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1133176] [PID.3164] [MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.3200] [MD5.8D40FA84FB925E1324D4DE4F619CDEE6] - (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe [13007440] [PID.4756] [MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.4400] [MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.3660] [MD5.6FC79A950476A5F539EEB65F9097C0A8] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.5456] [MD5.23AA0FDCBDD87D0B78092798C68312D8] - (.Adobe Systems, Inc. - Adobe Flash Player 11.7 r700.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe [1855880] [PID.5244] [MD5.A3285102E7656627A53625A9138FD9AA] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7447552] [PID.4524] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Fernand\AppData\Local\Google\Chrome\User Data\Default\Preferences ~ Google Browser: 1 Legitimates Filtered in 00mn 00s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Fernand\AppData\Roaming\Mozilla\Firefox\Profiles\bwx3hmbx.default-1356198503207\prefs.js M2 - MFEP: prefs.js [Fernand - bwx3hmbx.default-1356198503207\plugin@analytic-s.com] [] Analytics v (..) M2 - MFEP: prefs.js [Fernand - bwx3hmbx.default-1356198503207\{c3ab9114-33fb-415b-851d-9fe38de026d4}] [] QuickShare Widget v4.9.15 (..) =>PUP.QuickShare P2 - FPN: [HKCU] [@nsroblox.roblox.com/launcher] - (. Roblox Corporation - Roblox Launcher Plugin.) -- C:\Users\Fernand\AppData\Local\Roblox\Versions\version-3f2bb30af20140a4\NPRobloxProxy.dll ~ Firefox Browser: 39 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4) R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (. Roblox Corporation - Roblox Launcher Plugin.) (No version) -- (.not file.) ~ IE Browser: 10 Legitimates Filtered in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Redirection du fichier Hosts (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [IDEAL Calendar] . (.IDEAL Computer Services, Inc. - IDEAL Calendar.) -- C:\Program Files\IDEAL Calendar\Calendar.exe O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe O4 - HKLM\..\Run: [Driver Genius] Clé orpheline O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Run: [ACPW06EN] . (.ACD Systems - acdID InTouch2.) -- C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe O4 - HKLM\..\Run: [Business PDF Writer] . (.BureauSoft - Business PDF Writer.) -- C:\Program Files\Business PDF Writer\busipdf.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe ~ Application: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\Desktop: Cliquez pour trouver et reparer les erreurs du PC.lnk . (...) -- C:\Program Files\Smart PC Solutions\Smart Data Recovery\Smart PC.url O4 - GS\Desktop: Dys-Vocal.lnk . (.TODO: - TODO: .) -- C:\Program Files\Dys-Vocal\Dys-Vocal.exe O4 - GS\Desktop: Smart Data Recovery.lnk . (.Smart PC Solutions - Data recovery tool.) -- C:\Program Files\Smart PC Solutions\Smart Data Recovery\SmartDataRecovery.exe O4 - GS\Desktop: uRex DVD Ripper Platinum.lnk . (.uRexsoft, Inc . - DVD Ripper.) -- C:\Program Files\uRexsoft\uRex DVD Ripper Platinum\DVDRipper.exe O4 - GS\Desktop: Webshots Desktop.lnk . (.Webshots.com - Webshots Photo Manager Launcher.) -- C:\Program Files\Webshots\3.1.5.7620\Launcher.exe O4 - GS\TaskBar: FastStone Capture.lnk . (...) -- C:\Program Files\FastStone Capture\FSCapture.exe O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\TaskBar: Microsoft Office Outlook 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O4 - GS\TaskBar: Winamp.lnk . (.Nullsoft, Inc. - Winamp.) -- C:\Program Files\Winamp\winamp.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\Programs: Microsoft SkyDrive.lnk . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Fernand\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe O4 - GS\Programs: Update Checker.lnk . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files\FileHippo.com\UpdateChecker.exe O4 - GS\Programs: Webshots Desktop.lnk . (.Webshots.com - Webshots Photo Manager Launcher.) -- C:\Program Files\Webshots\3.1.5.7620\Launcher.exe O4 - GS\QuickLaunch: iMesh.lnk . (.iMesh, Inc - iMesh.) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe =>PUP.iMesh O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Microsoft Office Outlook.lnk . (.Microsoft Corporation - Microsoft Office Outlook.) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe O4 - GS\SendTo: Unlocker.lnk . (...) -- C:\Program Files\Unlocker\Unlocker.exe O4 - Global Startup: C:\Users\Fernand\Desktop\(66) Facebook.URL . (...) -- C:\Users\Fernand\Desktop\(66) Facebook.URL O4 - GS\Desktop: Adobe Photoshop 7.0.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop.) -- C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe O4 - Global Startup: C:\Users\Fernand\Desktop\Antique Engine Photos - SmokStak.URL . (.Adobe Systems, Incorporated - Adobe Photoshop.) -- C:\Users\Fernand\Desktop\Antique Engine Photos - SmokStak.URL O4 - Global Startup: C:\Users\Fernand\Desktop\Association de hockey sur glace de Cowansville.URL . (.Adobe Systems, Incorporated - Adobe Photoshop.) -- C:\Users\Fernand\Desktop\Association de hockey sur glace de Cowansville.URL O4 - Global Startup: C:\Users\Fernand\Desktop\CIBC en direct.URL . (.Adobe Systems, Incorporated - Adobe Photoshop.) -- C:\Users\Fernand\Desktop\CIBC en direct.URL O4 - Global Startup: C:\Users\Fernand\Desktop\FileHippo.com - Download Free Software.URL . (.Adobe Systems, Incorporated - Adobe Photoshop.) -- C:\Users\Fernand\Desktop\FileHippo.com - Download Free Software.URL O4 - Global Startup: C:\Users\Fernand\Desktop\FORUM CHEZ... MAYA ! Voir le Forum - FORUM INFORMATIQUE.URL . (.Adobe Systems, Incorporated - Adobe Photoshop.) -- C:\Users\Fernand\Desktop\FORUM CHEZ... MAYA ! Voir le Forum - FORUM INFORMATIQUE.URL O4 - Global Startup: C:\Users\Fernand\Desktop\Giveaway of the Day in French. Today XYplorer 10.80 - XYplorer est un gestionnaire de fichiers par onglets pour Windows. Il .URL . (.Adobe Systems, Incorporated - Adobe Photoshop.) -- C:\Users\Fernand\Desktop\Giveaway of the Day in French. Today XYplorer 10.80 - XYplorer est un gestionnaire de fichiers par onglets pour Windows. Il .URL O4 - Global Startup: C:\Users\Fernand\Desktop\Google Traduction.URL . (.Adobe Systems, Incorporated - Adobe Photoshop.) -- C:\Users\Fernand\Desktop\Google Traduction.URL O4 - GS\Desktop: iMesh - Raccourci.lnk . (...) -- C:\Users\Fernand\Music\iMesh =>PUP.iMesh O4 - GS\Desktop: Incoming - Raccourci.lnk . (...) -- C:\Users\Fernand\Downloads\eMule\Incoming O4 - Global Startup: C:\Users\Fernand\Desktop\La presse.URL . (...) -- C:\Users\Fernand\Desktop\La presse.URL O4 - Global Startup: C:\Users\Fernand\Desktop\Le Journal de Montréal.URL . (...) -- C:\Users\Fernand\Desktop\Le Journal de Montréal.URL O4 - Global Startup: C:\Users\Fernand\Desktop\micro-click.URL . (...) -- C:\Users\Fernand\Desktop\micro-click.URL O4 - GS\Desktop: Microsoft Office Outlook 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe O4 - GS\Desktop: musique - Raccourci.lnk . (...) -- C:\document\musique O4 - Global Startup: C:\Users\Fernand\Desktop\Nest Cams.URL . (...) -- C:\Users\Fernand\Desktop\Nest Cams.URL O4 - GS\Desktop: Ordinateur - Raccourci.lnk - Clé orpheline O4 - Global Startup: C:\Users\Fernand\Desktop\Outlook - fernand_3@hotmail.com.URL . (...) -- C:\Users\Fernand\Desktop\Outlook - fernand_3@hotmail.com.URL O4 - GS\Desktop: Repertoire - Raccourci.lnk . (.THe UDS - Répertoire / agenda téléphonique (adress an.) -- C:\document\Repertoire\Repertoire.exe O4 - Global Startup: C:\Users\Fernand\Desktop\TV Hebdo - Votre grille horaire télé TV Hebdo.URL . (...) -- C:\Users\Fernand\Desktop\TV Hebdo - Votre grille horaire télé TV Hebdo.URL O4 - Global Startup: C:\Users\Fernand\Desktop\Vos Prévisions locales Cowansville, Québec - MétéoMédia.URL . (...) -- C:\Users\Fernand\Desktop\Vos Prévisions locales Cowansville, Québec - MétéoMédia.URL O4 - GS\Desktop: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) -- C:\Program Files\Windows Live\Mail\wlmail.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files\Windows Media Player\wmplayer.exe O4 - GS\Desktop: Img2CAD.lnk . (.http://www.img2cad.com - Img2CAD.) -- C:\Program Files\Img2CAD\img_cad.exe ~ Global Startup: Scanned in 00mn 01s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -- Clé orpheline O9 - Extra button: Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} . (.Tomato - YouTube Video Downloader Internet Explorer Extension.) -- C:\Program Files\Tomato\YouTube Video Downloader\MDIEEx.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{3377082B-AF52-46A6-92FD-6B749D7446FC}: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{3377082B-AF52-46A6-92FD-6B749D7446FC}: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{3377082B-AF52-46A6-92FD-6B749D7446FC}: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Tor Win32 Service (tor) . (...) - C:\Program Files\Tor\tor.exe O23 - Service: Acronis Try And Decide Service (TryAndDecideService) . (...) - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) . (.WDC - WD Drive Manager Service.) - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe ~ Services: 17 Legitimates Filtered in 00mn 03s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\One-Click Tweak.job [504] [MD5.00000000000000000000000000000000] [APT] [Express FilesUpdate] (...) -- C:\Program Files\ExpressFiles\EFUpdater.exe (.not file.) [0] =>Adware.ExpressFiles [MD5.00000000000000000000000000000000] [APT] [GoforFilesUpdate] (...) -- C:\Program Files\GoforFiles\GFFUpdater.exe (.not file.) [0] =>P2P.GoforFiles [MD5.00000000000000000000000000000000] [APT] [One-Click Tweak] (...) -- C:\Program Files\Advanced PC Tweaker\OneClick.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.) [0] =>Toolbar.Ask [MD5.00000000000000000000000000000000] [APT] [{3C501FA0-BC15-4085-8DB2-E1266C21BDAA}] (...) -- C:\Users\Fernand\Downloads\4200fvst8611a_xpen\4200fvst8611a_xpen\SetupSG.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{3D28E9D1-13CC-4BA7-991A-FAEA05673537}] (...) -- C:\Users\Fernand\Downloads\lide20lide30n670un676un1240uvst7031a_xpfr\SetupSG.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{6ED25C87-3DDA-4833-AAC2-64BBE35CE0EF}] (...) -- C:\Users\Fernand\Downloads\Canon\Disk1\Setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{7FE07AA7-523E-45C1-B738-FE04C422B02D}] (...) -- C:\Users\Fernand\Downloads\4200fvst8611a_xpen\SetupSG.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{BD5E981C-1BB8-47E7-96B5-63CA8CF9FEA9}] (...) -- C:\Users\Fernand\Downloads\mp3gain-win-1_2_5(1).exe (.not file.) [0] [MD5.D90745AA1E293A39F91D3F6056E5A411] [APT] [{BF7D4B26-446B-4B67-975A-53C7701AD4D1}] (...) -- E:\ancien D\programmes\ACDSee.Pro.2.v2.5.335.FR.Incl-Keygen.[emule-island.com]\acdseepro-2-5-335-fr.exe [38910568] [MD5.00000000000000000000000000000000] [APT] [{C16E02CD-9813-41D6-A6EF-9696C59DB1DA}] (...) -- D:\(SOFTWARE) -3D HOME FLOOR PLAN Design Suite v.9 + key & patch\FloorPlan Design Suite v.9 + key & patch\FloorPlanDesignSuite9.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{C17D4B9B-437B-4403-B40F-FE87BD94B68E}] (...) -- D:\Canada\WIA\SetupWIA.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{C31DBFA4-991B-4BEF-84C7-C0A5AD7F5BD0}] (...) -- C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{D1CE2CE8-3BDB-40A1-A459-048637D27F57}] (...) -- C:\Program Files\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{D4E692C8-8FCE-4EC1-97C3-C851083B46A0}] (...) -- C:\document\Fernand\programmes\ACDSee.Pro.2.v2.5.335.FR.Incl-Keygen.[emule-island.com]\acdseepro-2-5-335-fr.exe (.not file.) [0] ~ Scheduled Task: 25 Legitimates Filtered in 00mn 06s ---\\ Logiciels installés (O42) O42 - Logiciel: 2D Vector Pak - (.ACD Systems Ltd.) [HKLM] -- {5E15681A-695E-4B1E-807B-7F6CF5A5141D} O42 - Logiciel: Ares 2.2.4 - (.Ares Development Group.) [HKLM] -- Ares O42 - Logiciel: Content Manager - (.Magellan.) [HKLM] -- {B64BC516-2406-43AE-A21A-1E387A2343B1} O42 - Logiciel: Family Tree Maker 2005 - (...) [HKLM] -- {A4004E8B-6A95-4FA4-AA05-731FC6510474} O42 - Logiciel: Flip Image - (.Flipbuilder Solution.) [HKLM] -- Flip Image_is1 O42 - Logiciel: Ideal DVD Copy V4.1.2 - (.Ideal DVD Software, Inc..) [HKLM] -- Ideal DVD Copy_is1 O42 - Logiciel: Ideal Media Solution 4.1.0 - (.Ideal DVD Software, Inc..) [HKLM] -- Ideal Media Solution_is1 O42 - Logiciel: Img2CAD 7.1 - (.Img2CAD, Inc..) [HKLM] -- Img2CAD_is1 O42 - Logiciel: Registry Winner 6.5 - (.RegistryWinner.com.) [HKLM] -- Registry Winner_is1 =>Rogue.RegistryWinner O42 - Logiciel: Roblox for Fernand - (.ROBLOX Corporation.) [HKCU] -- {373B1718-8CC5-4567-8EE2-9033AD08A680} O42 - Logiciel: Softonic for Windows - (.Softonic International S.L..) [HKCU] -- Softonic for Windows O42 - Logiciel: WoDy - (.Sensotec.) [HKLM] -- {4E062826-F1BE-40A3-9DB4-BA70E7024339} O42 - Logiciel: iMesh - (.iMesh Inc..) [HKLM] -- iMesh =>PUP.iMesh O42 - Logiciel: iMesh - (.iMesh Inc..) [HKLM] -- {8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763} =>PUP.iMesh ~ Logic: 127 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\ARDL_lic] [HKCU\Software\Ares] [HKCU\Software\CaptureSaver] [HKCU\Software\GoforFiles] =>P2P.GoforFiles [HKCU\Software\GoldGingko] [HKCU\Software\IDEAL Computer Services] [HKCU\Software\IMG2CAD] [HKCU\Software\IntelGDI] [HKCU\Software\KRyLack] [HKCU\Software\MITAC INTERNATIONAL CORP.] [HKCU\Software\Mixi.DJ] [HKCU\Software\MyFamily.com] [HKCU\Software\ParetoLogic] =>PUP.Paretologic [HKCU\Software\ROBLOX Corporation] [HKCU\Software\RobloxReg] [HKCU\Software\Sensotec] [HKCU\Software\Softonic] [HKCU\Software\Stereosoft] [HKCU\Software\UltraResizer] [HKCU\Software\XunK Entertainment] [HKCU\Software\card] [HKCU\Software\flipbuilder] [HKCU\Software\iMesh] =>PUP.iMesh [HKLM\Software\GoforFiles] =>P2P.GoforFiles [HKLM\Software\IDEAL Computer Services] [HKLM\Software\MyFamily.com] [HKLM\Software\ParetoLogic] =>PUP.Paretologic [HKLM\Software\Sensotec] [HKLM\Software\flipbuilder] ~ Key Software: 282 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 13/févr./2013 - 11:31:11 - [6,642] ----D C:\Program Files\Ares O43 - CFD: 10/juil./2012 - 07:03:29 - [0,000] ----D C:\Program Files\Artensoft Photo Mosaic Wizard O43 - CFD: 19/mars/2013 - 08:29:18 - [8,808] ----D C:\Program Files\CaptureSaver O43 - CFD: 20/mars/2013 - 21:24:37 - [0,434] ----D C:\Program Files\CaTrain O43 - CFD: 21/avr./2012 - 10:27:31 - [18,575] ----D C:\Program Files\Content Manager O43 - CFD: 22/janv./2013 - 23:31:33 - [5,633] ----D C:\Program Files\Emoticon O43 - CFD: 13/avr./2012 - 20:17:08 - [50,860] ----D C:\Program Files\Family Tree Maker 2005 O43 - CFD: 24/janv./2013 - 08:29:54 - [19,234] ----D C:\Program Files\Flip Image O43 - CFD: 08/févr./2012 - 09:29:44 - [4,331] ----D C:\Program Files\IDEAL Calendar O43 - CFD: 01/juil./2012 - 06:51:48 - [10,566] ----D C:\Program Files\IdealDVDCopy O43 - CFD: 23/mars/2013 - 07:24:26 - [11,772] ----D C:\Program Files\IdealMediaSolution O43 - CFD: 06/févr./2012 - 21:28:32 - [49,758] ----D C:\Program Files\iMesh Applications =>PUP.iMesh O43 - CFD: 22/févr./2012 - 17:00:30 - [1,366] ----D C:\Program Files\Img2CAD O43 - CFD: 23/mai/2013 - 20:43:25 - [28,416] ----D C:\Program Files\Registry Winner =>Rogue.RegistryWinner O43 - CFD: 24/mai/2013 - 13:23:08 - [409,802] ----D C:\Program Files\Sensotec O43 - CFD: 07/sept./2012 - 07:25:34 - [16,244] ----D C:\Program Files\uRexsoft O43 - CFD: 29/oct./2012 - 09:00:50 - [0,000] ----D C:\ProgramData\AntiTracks O43 - CFD: 24/janv./2013 - 08:29:58 - [0,000] ----D C:\ProgramData\flipbuilder O43 - CFD: 28/avr./2013 - 21:14:11 - [0,079] ----D C:\ProgramData\iMesh =>PUP.iMesh O43 - CFD: 11/févr./2012 - 22:28:57 - [0,071] ----D C:\ProgramData\page O43 - CFD: 24/mai/2013 - 13:23:07 - [10,083] ----D C:\ProgramData\Sensotec O43 - CFD: 28/avr./2013 - 21:15:05 - [20,579] --H-D C:\ProgramData\{83A28E07-EB73-429C-97CF-4F602916DD9C} O43 - CFD: 05/mai/2012 - 10:28:24 - [0,001] ----D C:\Users\Fernand\AppData\Roaming\AnnVideo O43 - CFD: 19/mai/2013 - 07:12:11 - [4,203] ----D C:\Users\Fernand\AppData\Roaming\Asterisk Password Decryptor O43 - CFD: 12/juil./2012 - 07:22:11 - [0,000] ----D C:\Users\Fernand\AppData\Roaming\AV Burning Pro O43 - CFD: 02/avr./2013 - 08:09:01 - [0,001] ----D C:\Users\Fernand\AppData\Roaming\CaptureSaver O43 - CFD: 07/oct./2012 - 09:20:40 - [0,021] ----D C:\Users\Fernand\AppData\Roaming\Ditto O43 - CFD: 13/avr./2012 - 20:17:29 - [0,001] ----D C:\Users\Fernand\AppData\Roaming\FTW O43 - CFD: 08/mars/2013 - 09:49:19 - [0,001] ----D C:\Users\Fernand\AppData\Roaming\GoforFiles =>P2P.GoforFiles O43 - CFD: 21/sept./2012 - 21:15:09 - [0,013] ----D C:\Users\Fernand\AppData\Roaming\GooglePlusYoutube O43 - CFD: 01/avr./2013 - 11:18:54 - [0] ----D C:\Users\Fernand\AppData\Roaming\ParetoLogic =>PUP.Paretologic O43 - CFD: 31/mars/2012 - 07:25:12 - [0] ----D C:\Users\Fernand\AppData\Roaming\Stereosoft O43 - CFD: 29/mars/2013 - 10:26:12 - [0,035] ----D C:\Users\Fernand\AppData\Local\Ares O43 - CFD: 03/juin/2013 - 10:16:50 - [90,556] ----D C:\Users\Fernand\AppData\Local\iMesh =>PUP.iMesh O43 - CFD: 07/juil./2012 - 20:26:02 - [63,222] ----D C:\Users\Fernand\AppData\Local\Roblox O43 - CFD: 22/janv./2013 - 15:38:31 - [0] ----D C:\Users\Fernand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emoticon ~ 343 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 730 Legitimates Filtered in 00mn 40s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.32C463206792AFCDBA313B4043D03F99] - 03/juin/2013 - 10:43:23 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [24512] O44 - LFC:[MD5.32C463206792AFCDBA313B4043D03F99] - 03/juin/2013 - 10:43:23 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [24512] ~ Files: 12 Legitimates Filtered in 00mn 57s ---\\ Déni du service (Local Security Authority) (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Acronis - Acronis Relogon Authentication Package.) -- C:\Windows\System32\relog_ap.dll ~ LSA: 10 Legitimates Filtered in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\hitmanpro36.sys . (...) -- C:\Windows\System32\Drivers\hitmanpro36.sys (.not file.) ~ CSB: 14 Legitimates Filtered in 00mn 00s ---\\ MountPoints2 Shell Key (O51) O51 - MPSK:{2dde786f-50fd-11e1-a73f-c1f2c35f63bc}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\ares [Key] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe O53 - SMSR:HKLM\...\startupreg\Browser Infrastructure Helper [Key] . (...) -- C:\Users\Fernand\AppData\Local\Smartbar\Application\QuickShare.exe (.not file.) =>Hijacker.SmartBar O53 - SMSR:HKLM\...\startupreg\CmTray [Key] . (...) -- C:\Program Files\Content Manager\launchCM.exe O53 - SMSR:HKLM\...\startupreg\WD Drive Manager [Key] . (.WDC - WD Drive Manager.) -- C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe ~ SMSR Keys: 22 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "NoAutoUpdate"=1 ~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 13/juil./2009 - 20:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/juil./2009 - 16:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: prefs.js [Fernand - bwx3hmbx.default-1356198503207] user_pref("extensions.helperbar.DockingPositionDown", false); O69 - SBI: prefs.js [Fernand - bwx3hmbx.default-1356198503207] user_pref("extensions.helperbar.LastHiddenTime", 22837947); O69 - SBI: prefs.js [Fernand - bwx3hmbx.default-1356198503207] user_pref("extensions.helperbar.SmartbarDisabled", true); =>Hijacker.SmartBar O69 - SBI: prefs.js [Fernand - bwx3hmbx.default-1356198503207] user_pref("extensions.helperbar.SmartbarStateMinimaized", false); =>Hijacker.SmartBar O69 - SBI: prefs.js [Fernand - bwx3hmbx.default-1356198503207] user_pref("extensions.helperbar.Visibility", false); O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {CC66EA70-BEEB-4962-86FC-15CC31B09853} - (Ask Search) - http://websearch.ask.com ~ Keys: Scanned in 00mn 00s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.5B63E2A32494BAFBE5FFB9001DE7D106] [SPRF][21/févr./2012] (...) -- C:\ProgramData\hash.dat [32] [MD5.546026247543D6B9499A1503798E3B10] [SPRF][04/juin/2013] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Fernand\Desktop\ZHPDiag2.exe [5672605] ~ Files: Scanned in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "TCP Query User{D5496EA6-9849-4999-BF4E-305202CF9DA1}C:\program files\ares\ares.exe" | In - Private - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files\ares\ares.exe O87 - FAEL: "UDP Query User{D5C332C5-DB8A-4332-B71D-AF120108B75B}C:\program files\ares\ares.exe" | In - Private - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files\ares\ares.exe O87 - FAEL: "TCP Query User{0F436F16-C1C5-4167-80CE-F7195D06BFC9}C:\program files\ares\ares.exe" | In - Public - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files\ares\ares.exe O87 - FAEL: "UDP Query User{C7C05664-2A9A-4DFA-9F94-A8E3A8A1256B}C:\program files\ares\ares.exe" | In - Public - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files\ares\ares.exe O87 - FAEL: "TCP Query User{3AA0BCB3-4139-4181-BA7F-F78F1AB8CB47}C:\program files\studioscrap4-decouverte\studioscrap.exe" | In - Private - P6 - TRUE | .(.CDIP - Logiciel de Scrapbooking.) -- C:\program files\studioscrap4-decouverte\studioscrap.exe O87 - FAEL: "UDP Query User{A46AFD60-4D3D-4682-A625-C84322EAD9AB}C:\program files\studioscrap4-decouverte\studioscrap.exe" | In - Private - P17 - TRUE | .(.CDIP - Logiciel de Scrapbooking.) -- C:\program files\studioscrap4-decouverte\studioscrap.exe O87 - FAEL: "{5AD2A1CD-0F35-48E0-BA58-63853B4BF2EA}" | In - Domain - P6 - TRUE | .(.iMesh, Inc - iMesh.) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe =>PUP.iMesh O87 - FAEL: "{208930C0-B46D-4B58-A333-81F526F2823C}" | In - Domain - P17 - TRUE | .(.iMesh, Inc - iMesh.) -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe =>PUP.iMesh O87 - FAEL: "TCP Query User{E99F9AB8-D744-47E3-AD0F-4BB185A1CB81}C:\program files\imesh applications\imesh\imesh.exe" | In - Private - P6 - TRUE | .(.iMesh, Inc - iMesh.) -- C:\program files\imesh applications\imesh\imesh.exe =>PUP.iMesh O87 - FAEL: "UDP Query User{05195140-8B55-4904-BEF3-26667B97DD36}C:\program files\imesh applications\imesh\imesh.exe" | In - Private - P17 - TRUE | .(.iMesh, Inc - iMesh.) -- C:\program files\imesh applications\imesh\imesh.exe =>PUP.iMesh ~ Firewall: 248 Legitimates Filtered in 00mn 01s ---\\ Scan Additionnel (O88) Database Version : v2.12387 - (03/juin/2013) Clés trouvées (Keys found) : 32 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 9 Fichiers trouvés (Files found) : 0 [HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4e42-A125-57C0A11DBCDE}] =>PUP.iMesh [HKLM\Software\Classes\CLSID\{148132E6-626D-4A5E-8063-A761EB29A50B}] =>PUP.BearShare [HKLM\Software\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}] =>PUP.BearShare [HKLM\Software\Classes\Interface\{69d3f709-9de2-479f-980f-532d46895703}] =>Adware.BHO [HKLM\Software\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}] =>PUP.iMesh [HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}] =>PUP.iMesh [HKLM\Software\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}] =>PUP.SweetIM [HKLM\Software\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}] =>PUP.iMesh [HKLM\Software\Classes\TypeLib\{ec96f516-51b2-4b46-8451-8665f5a6ba2b}] =>Adware.BHO [HKLM\Software\Classes\TypeLib\{f07fbd3e-2048-44a4-9065-71bf551e2672}] =>PUP.iMesh [HKLM\Software\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}] =>PUP.iMesh [HKLM\Software\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}] =>PUP.iMesh [HKLM\Software\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}] =>PUP.iMesh [HKLM\Software\Classes\CLSID\{F8AB43ED-EC88-4de7-B213-F89157D29C62}] =>PUP.iMesh [HKLM\Software\Classes\AppID\iMesh.exe] =>PUP.iMesh [HKLM\Software\Classes\AppID\WMHelper.DLL] =>PUP.BearShare [HKCU\Software\iMesh] =>PUP.iMesh [HKLM\Software\iMesh] =>PUP.iMesh [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\SpeedyPC Software] =>PUP.SpeedyPC [HKLM\Software\SpeedyPC Software] =>PUP.SpeedyPC [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Imesh] =>PUP.iMesh [HKLM\Software\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}] =>Toolbar.Conduit [HKLM\Software\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}] =>Toolbar.Conduit [HKCU\Software\Mixi.DJ] =>Toolbar.MixiDJ [HKCU\Software\ParetoLogic] =>PUP.Paretologic [HKLM\Software\ParetoLogic] =>PUP.Paretologic [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Registry Winner_is1] =>Rogue.RegistryWinner [HKLM\Software\Classes\agcore.Config.AGConfig] =>Adware.BHO [HKLM\Software\Classes\agcore.Search.Search] =>Adware.BHO [HKLM\Software\Classes\agcore.Text.JSON] =>Adware.BHO C:\Program Files\iMesh Applications =>PUP.iMesh C:\Program Files\Registry Winner =>Rogue.RegistryWinner C:\ProgramData\iMesh =>PUP.iMesh C:\ProgramData\SpeedyPC Software =>PUP.SpeedyPC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh =>PUP.iMesh C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Winner =>Rogue.RegistryWinner C:\Users\Fernand\AppData\Roaming\SpeedyPC Software =>PUP.SpeedyPC C:\Users\Fernand\AppData\Roaming\ParetoLogic =>PUP.Paretologic C:\Users\Fernand\AppData\Local\iMesh =>PUP.iMesh ~ Additionnel Scan: 274871 Items scanned in 00mn 13s ---\\ Product Upgrade Codes (O90) O90 - PUC: "621229683A9D8034B988D09BF882A118" . (.Shaderlight For SketchUp.) -- C:\Windows\Installer\{86922126-D9A3-4308-9B88-0DB98F281A81}\shaderlight.ico O90 - PUC: "628260E4EB1F3A04D94BAB077E203493" . (.WoDy.) -- C:\Windows\Installer\{4E062826-F1BE-40A3-9DB4-BA70E7024339}\WoDy.exe O90 - PUC: "A18651E5E596E1B408B7F7C65F5A41D1" . (.2D Vector Pak.) -- C:\Windows\Installer\{5E15681A-695E-4B1E-807B-7F6CF5A5141D}\ARPPRODUCTICON.exe ~ Update Products: 110 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 07/oct./2007 427288 | (AcrSch2Svc) . (.Acronis.) - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe SR - | Auto 18/déc./2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 15/mai/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 27/mars/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\sched.exe SR - | Auto 27/mars/2013 110816 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files\Avira\AntiVir Desktop\avguard.exe SR - | Auto 21/déc./2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 30/août/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SS - | Auto 11/mars/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SS - | Demand 11/mars/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe SR - | Auto 15/mai/2013 755536 | (MaConfigAgent) . (.CybelSoft.) - C:\Program Files\ma-config.com\MaConfigAgent.exe SR - | Auto 04/avr./2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe SS - | Auto 04/avr./2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SS - | Demand 23/mai/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 31/janv./2013 634656 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SS - | Auto 31/janv./2013 1259296 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SS - | Auto 28/févr./2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SR - | Auto 06/mars/2013 3560288 | (TeamViewer8) . (.TeamViewer GmbH.) - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe SR - | Auto 2897422 | (tor) . (...) - C:\Program Files\Tor\tor.exe SR - | Auto 493200 | (TryAndDecideService) . (...) - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe SR - | Auto 26/juin/2009 102400 | (WDBtnMgrSvc.exe) . (.WDC.) - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe SS - | Disabled 13/juil./2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 13/juil./2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 00s ~ 1817 Legitimates filtered by white list End of the scan (592 lines in 02mn 21s)(0)