cjoint

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Publicité

Priorité au Logiciel Libre! Je soutiens l'April.

Format du document : text/plain

Prévisualisation

Rapport de ZHPDiag v2013.4.10.58 par Nicolas Coolman, Update du 2013-04-10
Run by Administrateur at 2013-04-11 07:46:41
State :
High Elevated Privileges : OK
UAC : Activate by user


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16519
MFIE: Mozilla Firefox 19.0.2 v19.0.2 (Defaut)

---\\ Windows Product Information
~ Langage: Fran�ais
Windows 8 Business Edition, 32-bit (Build 9200)
Windows Server License Manager Script : OK
~ ion : Windows(R) Operating System, RETAIL channel
Windows ID Activation : OK
~ Windows Partial Key : YG667
Windows License : OK
~ Windows Remaining Initializations Number : 1000
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Protection

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader X
Java 7 Update 17
Windows Defender W8

---\\ System Information
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3027 MB (63% free)
System Restore: Activ� (Enable)
System drive C: has 115 GB (52%) free of 218 GB

---\\ Logged in mode
~ Computer Name: FRED
~ User Name: Administrateur
~ All Users Names: postgres, Mcx1-FRED, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Administrateur\AppData\Roaming\
~ %Desktop% : C:\Users\Administrateur\Desktop\
~ %Favorites% : C:\Users\Administrateur\Favorites\
~ %LocalAppData% : C:\Users\Administrateur\AppData\Local\
~ %StartMenu% : C:\Users\Administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 115 Go of 218 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ CD-ROM drive (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
~ Security Center: Scanned in 00mn 00s



---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.953ADECFF08202A01EFC6110214FDE02] - (.Microsoft Corporation - Explorateur Windows.) (.2012-10-11 - 00:56:41.) -- C:\Windows\Explorer.exe [2115952]
[MD5.7109FF769FFF962869C50D720F7AA7D7] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.2012-07-25 - 22:21:01.) -- C:\Windows\System32\Wininit.exe [101376]
[MD5.4FF6180429DA389E4154B10450E7C0B8] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2013-02-04 - 23:58:01.) -- C:\Windows\System32\wininet.dll [1766912]
[MD5.87DA6ACA9AF2F536C68471787D1B3F4A] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.2012-10-11 - 00:08:28.) -- C:\Windows\System32\Winlogon.exe [411648]
[MD5.FAB11E1AC62579A9BE21593319F8E464] - (.Microsoft Corporation - Biblioth�que de licences.) (.2012-07-25 - 22:20:01.) -- C:\Windows\System32\sppcomapi.dll [246784]
[MD5.F12EFEE4DD20519D0DDF8D78704EE4DE] - (.Microsoft Corporation - Pilote de fonction connexe pour WinSock.) (.2012-11-05 - 22:50:41.) -- C:\Windows\system32\Drivers\AFD.sys [438272]
[MD5.48D8C3F2006698691F5AE0BB595FDCC8] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2012-07-25 - 22:42:31.) -- C:\Windows\system32\Drivers\atapi.sys [22768]
[MD5.00B4FA77732C7823D292ECD672660882] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2012-07-25 - 21:38:28.) -- C:\Windows\system32\Drivers\Cdfs.sys [89088]
[MD5.4E707EC5071DD8F5C29A7410780BD4C3] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2012-07-25 - 21:33:53.) -- C:\Windows\system32\Drivers\Cdrom.sys [135680]
[MD5.B21FDAC50FCD4CE53C203F097273532A] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2012-07-25 - 21:34:25.) -- C:\Windows\system32\Drivers\DfsC.sys [92160]
[MD5.4A219AB84D6936C2A61FF44D32EF378D] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2012-09-20 - 00:29:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [62464]
[MD5.11EDC37780E8A2F8E311D73F7658A4D7] - (.Microsoft Corporation - Pilote de port i8042.) (.2012-07-25 - 21:36:23.) -- C:\Windows\system32\Drivers\i8042prt.sys [89600]
[MD5.57B0C0D982013C72911A3F5CBA795034] - (.Microsoft Corporation - IP Network Address Translator.) (.2012-07-25 - 21:29:57.) -- C:\Windows\system32\Drivers\IpNat.sys [126976]
[MD5.5FAC7AC77D9ADD42579EDF678F08DF9F] - (.Microsoft Corporation - Minirdr SMB Windows NT.) (.2013-02-05 - 17:30:11.) -- C:\Windows\system32\Drivers\MRxSmb.sys [304128]
[MD5.303A053C25E468B9925C22288BEF8484] - (.Microsoft Corporation - MBT Transport driver.) (.2012-07-25 - 21:31:28.) -- C:\Windows\system32\Drivers\netBT.sys [254464]
[MD5.99C73E3FE9B36275BD91D2009F2BA2E0] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.2013-02-02 - 04:53:24.) -- C:\Windows\system32\Drivers\ntfs.sys [1614568]
[MD5.8BCE63AF5B52642E832630F862DE96EF] - (.Microsoft Corporation - Pilote de port parall�le.) (.2012-07-25 - 21:38:17.) -- C:\Windows\system32\Drivers\Parport.sys [90624]
[MD5.6E0649D7325D85C47C844EB3267E4625] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2012-07-25 - 21:30:07.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [88064]
[MD5.2CAD2A13569741C67CD9C52F97E0F992] - (.Microsoft Corporation - Redirecteur de p�riph�rique de Microsoft RDP.) (.2012-07-25 - 21:32:22.) -- C:\Windows\system32\Drivers\rdpdr.sys [156160]
[MD5.0886D9F1B5A5334FBB143A260E4BFB5C] - (.Microsoft Corporation - TDI Translation Driver.) (.2012-07-25 - 23:17:16.) -- C:\Windows\system32\Drivers\tdx.sys [97792]
[MD5.8E15C3D58A8ADE841060661DBA6E7A9B] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.2012-07-25 - 22:39:34.) -- C:\Windows\system32\Drivers\volsnap.sys [282352]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/1929
~ Mes musiques (My Musics) : 60/1768
~ Mes Videos (My Videos) : 2/51
~ Mes Favoris (My Favorites) : 1/47
~ Mes Documents (My Documents) : 2/4146
~ Mon Bureau (My Desktop) : 2/110
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 03s



---\\ Processus lanc�s
[MD5.DDBF4AC59767DDB0BEBCAE267EBF0C38] - (.Microsoft Corporation - Processus h�te pour T�ches Windows.) -- C:\WINDOWS\system32\taskhostex.exe [53760] [PID.2196]
[MD5.DAF94FB704ADB9103F6B693E2637D6F6] - (.Dell Inc. - DW WLAN Card Wireless Network Tray Applet.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [4685824] [PID.976]
[MD5.0B1B7568CED61ABF5FD717F28175C96A] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.1632]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848] [PID.1156]
[MD5.DEAE808A574CF9FC667D6939387FC1CE] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [770544] [PID.6088]
[MD5.99B6CE3840F5AD5C4B13B666249AA467] - (.Microsoft Corporation - Microsoft Search Client Server.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe [316208] [PID.5824]
[MD5.B17CCFF325948F931ED63D88D0EA3AB0] - (.Adobe Systems Incorporated - Adobe� Flash� Player Utility.) -- C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe [714072] [PID.4448]
[MD5.AD3A07FEBB3B9F0110C90C26FC95E029] - (.Microsoft Corporation - Runtime Broker.) -- C:\Windows\System32\RuntimeBroker.exe [29808] [PID.4344]
[MD5.92E7844F390DE723C61A5AE4A0C9DC16] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [6663168] [PID.4048]
~ Processes Running: Scanned in 00mn 00s



---\\ Opera, Plugins,D�marrage,Recherche (P1,B0,B1)
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin2.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin3.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin4.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin5.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin6.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin7.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin2.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin3.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin4.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin5.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin6.dll
P1 - OPN:Opera Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Opera\Program\Plugins\npqtplugin7.dll
~ Opera Browser: Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\8eyvrg9g.default\prefs.js
P2 - FPN:Firefox Plugin Navigator . (.Dassault Syst�mes SolidWorks Corp. - EModel Plugin.) -- C:\Program Files\Mozilla Firefox\Plugins\npEModelPlugin.dll
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
~ Firefox Browser: 42 Legitimates Scanned in 00mn 01s



---\\ Internet Explorer, D�marrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com
~ IE Browser: 9 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects de navigateur (O2)
~ BHO: 8 Legitimates Scanned in 00mn 00s



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: PDF Architect Toolbar - [HKLM]{25A3A431-30BB-47C8-AD6A-E1063801134F} . (.pdfforge GbR - PDF Architect Toolbar.) -- C:\Program Files\PDF Architect\PDFIEPlugin.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] . (.Dell Inc. - DW WLAN Card Wireless Network Tray Applet.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [LWS] . (.Logitech Inc. - Logitech Webcam Software.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [WD Drive Unlocker] . (.Western Digital - WD Drive Auto Unlock.) -- C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
O4 - HKLM\..\Run: [WD Quick View] . (.Western Digital Technologies, Inc. - WD Quick View.) -- C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - HKUS\S-1-5-21-188933929-389463662-1403380907-500\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
~ Application: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop: Beyond Compare 2.lnk . (...) -- C:\Program Files\Beyond Compare 2\BC2.exe (.not file.)
O4 - GS\Desktop: DBDesigner 4.lnk . (...) -- C:\Program Files\fabFORCE\DBDesigner4.exe
O4 - GS\Desktop: Movies2iPhone.lnk . (...) -- C:\Program Files\Movies2iPhone\Movies2iPhone.exe
~ Global Startup: Scanned in 00mn 03s



---\\ Invisibilit� de l'ic�ne d'options IE dans le panneau de Configuration (O5)
~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s



---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} . (.Microsoft Corporation - Microsoft Lync.) -- C:\Program Files\Microsoft Office 15\root\Office15\lync.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Winsock hijacker (Layered Service Provider) (O10)
~ Winsock: 7 Legitimates Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} ((no name)) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} ((no name)) - http://www.solidworks.fr/sw/support/subscription/sldimdownload.cab
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{79D30020-7C06-40A3-8A6A-637443CF901C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{79D30020-7C06-40A3-8A6A-637443CF901C}: DhcpDomain = gateway.2wire.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{79D30020-7C06-40A3-8A6A-637443CF901C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{79D30020-7C06-40A3-8A6A-637443CF901C}: DhcpDomain = gateway.2wire.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Cl� de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
~ SSODL: 1 Legitimates Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: BrSplService (Brother XP spl Service) . (.brother Industries Ltd - brsvc01a.) - C:\Windows\system32\brsvc01a.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) . (...) - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.exe
~ Services: 14 Legitimates Scanned in 00mn 03s



---\\ Enum�ration Active Desktop & MHTML Editor (O24)
~ Desktop Component: 1 Legitimates Scanned in 00mn 00s



---\\ BootExecute (O34)
~ BEX: 1 Legitimates Scanned in 00mn 00s



---\\ T�ches planifi�es en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [{0135B95B-A0C6-445E-8EB2-E1A517541850}] (...) -- C:\Users\Administrateur\AppData\Local\Temp\Temp1_pbsetup.zip\pbsetup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{179EF33A-A8D2-4E71-A0A9-32779BE7E959}] (...) -- C:\Users\Administrateur\AppData\Local\Temp\Temp1_pb105cd1win32.zip\PowerBuilder105\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{33264FBF-7381-448E-A900-926CC0E4F5B6}] (...) -- C:\Users\Administrateur\Documents\Downloads\Uninstall\brunins.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{347499B3-FF4F-4F0F-8B0B-764148598008}] (...) -- C:\Users\Administrateur\AppData\Local\Temp\Temp1_pb105cd1win32.zip\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{57DAE3B3-3E45-407C-855B-BB070D68E224}] (...) -- C:\Program Files\D-Link\SharePort Utility\Couninst.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{781985D0-0B77-4383-A39E-729FF4E08CDD}] (...) -- C:\Users\Administrateur\Downloads\DBDesigner4.0.5.6_Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BED81265-6CAE-430D-AF01-48596A627D6F}] (...) -- C:\Users\Administrateur\AppData\Local\Temp\Temp1_mymanager_lite.zip\MyManagerLiteSetup.exe (.not file.) [0]
~ Scheduled Task: 25 Legitimates Scanned in 00mn 08s



---\\ Composants install�s (ActiveSetup Installed Components) (O40)
~ Active Setup: 10 Legitimates Scanned in 00mn 00s



---\\ Pilotes lanc�s au d�marrage (O41)
~ Drivers: 36 Legitimates Scanned in 00mn 00s



---\\ Logiciels install�s (O42)
O42 - Logiciel: BackUp Maker v6.4 - (.ASCOMP Software GmbH.) [HKLM] -- BackUp Maker_is1
O42 - Logiciel: Jext - Java Text Editor - (.Romain Guy.) [HKLM] -- Jext_is1
O42 - Logiciel: LINDO 6.1 - (.XXXXXXXX.) [HKLM] -- {C19796D5-E477-40A1-8C78-DF2EB439D99B}
O42 - Logiciel: MediaHuman YouTube to MP3 Converter version 2.7.2 - (...) [HKLM] -- MediaHuman YouTube to MP3 Converter_is1
O42 - Logiciel: Office 15 Click-to-Run Extensibility Component - (.Microsoft Corporation.) [HKLM] -- {90150000-008C-0000-0000-0000000FF1CE}
O42 - Logiciel: Office 15 Click-to-Run Licensing Component - (.Microsoft Corporation.) [HKLM] -- {90150000-007E-0000-0000-0000000FF1CE}
O42 - Logiciel: Office 15 Click-to-Run Localization Component - (.Microsoft Corporation.) [HKLM] -- {90150000-008C-040C-0000-0000000FF1CE}
O42 - Logiciel: Pando Media Booster - (.Pando Networks Inc..) [HKLM] -- {980A182F-E0A2-4A40-94C1-AE0C1235902E}
O42 - Logiciel: TextPad 4.7 - (.Nom de votre soci�t�.) [HKLM] -- {B510A987-487E-4C66-9F4F-D386AC275715}
O42 - Logiciel: Vuze - (.Vuze Inc..) [HKLM] -- 8461-7759-5462-8226
~ Logic: 121 Legitimates Scanned in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\ASCOMP]
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\AppDataLow\Software\Smartbar] =>Hijacker.SmartBar
[HKCU\Software\Azureus]
[HKCU\Software\LINDO Systems, Inc.]
[HKCU\Software\MGS]
[HKCU\Software\MediaHuman]
[HKCU\Software\Microgaming]
[HKCU\Software\MightyUninstaller]
[HKCU\Software\Pando Networks]
[HKCU\Software\Softonic]
[HKCU\Software\�A�v���P�[�V���� �E�B�U�[�h�Ő������ꂽ���[�J�� �A�v���P�[�V����]
[HKLM\Software\Aventail VPN Client]
[HKLM\Software\Azureus]
[HKLM\Software\EnterpriseDB]
[HKLM\Software\Humyo]
[HKLM\Software\NetMotion]
[HKLM\Software\Nortel Networks]
[HKLM\Software\Pando Networks]
~ Key Software: 238 Legitimates Scanned in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 2010-04-28 - 19:50:36 - [0,140] ----D C:\Program Files\BlueVoda Website Builder
O43 - CFD: 2011-10-03 - 19:14:16 - [0] ----D C:\Program Files\EMS
O43 - CFD: 2010-04-19 - 19:12:32 - [14,370] ----D C:\Program Files\fabFORCE
O43 - CFD: 2012-02-03 - 19:03:56 - [0,001] ----D C:\Program Files\ImpotExpert 2009
O43 - CFD: 2012-02-03 - 19:04:10 - [0,704] ----D C:\Program Files\ImpotExpert 2010
O43 - CFD: 2013-01-28 - 14:41:49 - [0,000] ----D C:\Program Files\ImpotExpert 2011
O43 - CFD: 2010-03-22 - 20:14:54 - [41,603] ----D C:\Program Files\Jext
O43 - CFD: 2012-08-26 - 16:26:52 - [42,390] ----D C:\Program Files\MediaHuman
O43 - CFD: 2012-06-10 - 20:25:31 - [6,671] ----D C:\Program Files\Pando Networks
O43 - CFD: 2010-07-17 - 21:29:14 - [47,311] ----D C:\Program Files\PostgresPlus
O43 - CFD: 2010-03-23 - 20:17:55 - [3,468] ----D C:\Program Files\TextPad 4
O43 - CFD: 2012-03-02 - 17:36:31 - [17,845] ----D C:\Program Files\Vuze
O43 - CFD: 2010-04-19 - 19:12:32 - [0,050] ----D C:\Program Files\Common Files\fabFORCE
O43 - CFD: 2012-12-02 - 15:37:17 - [0] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 2010-09-25 - 13:24:29 - [0,000] ----D C:\ProgramData\DriverBoost
O43 - CFD: 2011-10-11 - 19:52:10 - [0,001] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 2012-05-09 - 16:56:12 - [993,978] ----D C:\ProgramData\MGS
O43 - CFD: 2013-01-28 - 15:19:13 - [0] --H-D C:\ProgramData\~0
O43 - CFD: 2012-03-02 - 21:34:07 - [0,092] ----D C:\Users\Administrateur\AppData\Roaming\ar
O43 - CFD: 2013-01-26 - 23:20:15 - [4,608] ----D C:\Users\Administrateur\AppData\Roaming\Azureus
O43 - CFD: 2013-01-27 - 11:52:43 - [5,546] ----D C:\Users\Administrateur\AppData\Roaming\OpenCandy =>Adware.OpenCandy
O43 - CFD: 2012-04-23 - 19:36:13 - [0] ----D C:\Users\Administrateur\AppData\Roaming\TextPad
O43 - CFD: 2012-08-26 - 16:27:39 - [0] ----D C:\Users\Administrateur\AppData\Local\MediaHuman
O43 - CFD: 2013-03-26 - 14:09:06 - [0] ----D C:\Users\Administrateur\AppData\Local\TempFichierSauvegardeSW
~ Program Folder: 274 Legitimates Scanned in 04mn 46s



---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
~ LFC: 79 Legitimates Scanned in 00mn 16s



---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.29CEAA6A5967DED2C4309D59CE52E1B7] - 2013-03-14 - 15:40:35 ---A- - C:\Windows\Prefetch\PIANO8.EXE-D622AC60.pf
O45 - LFCP:[MD5.454045D54E23BEEBA3E7418465D892CE] - 2013-03-20 - 10:34:33 ---A- - C:\Windows\Prefetch\WAB.EXE-5899287B.pf
O45 - LFCP:[MD5.2768645425DBC8F8BF094221B5248A17] - 2013-03-27 - 09:34:20 ---A- - C:\Windows\Prefetch\CALCULATOR.EXE-0B9DFB0D.pf
O45 - LFCP:[MD5.11EDA6A3302603B99C380260FF59F416] - 2013-03-27 - 12:19:34 ---A- - C:\Windows\Prefetch\WD DRIVE UNLOCK.EXE-2380C6AE.pf
O45 - LFCP:[MD5.309D1D0CC4D1F20EF999638846684AE2] - 2013-03-27 - 16:06:54 ---A- - C:\Windows\Prefetch\WDAPP.EXE-6B3F936D.pf
O45 - LFCP:[MD5.D2ED90F3132638B069A4AEBBCF3FDDAB] - 2013-04-02 - 07:54:42 ---A- - C:\Windows\Prefetch\SMARTSCREENSETTINGS.EXE-23226BDD.pf
O45 - LFCP:[MD5.1C9DB1DC49CFBEF304939EE2CB2333E8] - 2013-04-02 - 16:44:02 ---A- - C:\Windows\Prefetch\ASTRONOID.EXE-D2F50392.pf
O45 - LFCP:[MD5.B8F120088B3967A02662A137955877B3] - 2013-04-06 - 07:48:41 ---A- - C:\Windows\Prefetch\MIGHTYUNINSTALLER_SETUP.TMP-71A26C59.pf
O45 - LFCP:[MD5.EA3A7D4912C507C5041E8EF124D219AE] - 2013-04-06 - 07:48:45 ---A- - C:\Windows\Prefetch\MIGHTYUNINSTALLER_SETUP.TMP-09ECCE8A.pf
O45 - LFCP:[MD5.F1A23910619E6EC21E2B978143FE7767] - 2013-04-06 - 07:50:22 ---A- - C:\Windows\Prefetch\_IU14D2N.TMP-C19F1944.pf
O45 - LFCP:[MD5.304749B861E162E19FBF336D446F1730] - 2013-04-06 - 07:56:49 ---A- - C:\Windows\Prefetch\SKYA805.TMP-18FE7E25.pf
O45 - LFCP:[MD5.7B988D5075E38FCC97DF9CBF9DD70FC2] - 2013-04-08 - 08:47:02 ---A- - C:\Windows\Prefetch\GX DEVELOPER-FX.EXE-84F1D17E.pf
O45 - LFCP:[MD5.FE845DF2C56C33EFD855EEC9F03F186D] - 2013-04-08 - 08:48:51 ---A- - C:\Windows\Prefetch\GX DEVELOPER-FX.EXE-A3DAC888.pf
O45 - LFCP:[MD5.3BD901F7922A93C578D5DD60F72E8E20] - 2013-04-08 - 13:57:37 ---A- - C:\Windows\Prefetch\YOUTUBETOMP3.EXE-F9B12E6C.pf
O45 - LFCP:[MD5.42CDC36EA600F523E3082ADB38968CD3] - 2013-04-09 - 06:26:31 ---A- - C:\Windows\Prefetch\REPLAYVIDEO.EXE-3947CD3D.pf
O45 - LFCP:[MD5.08EB79EE1783113068B2F6A694A16FD5] - 2013-04-09 - 13:08:41 ---A- - C:\Windows\Prefetch\SLDWORKS.EXE-6DE69F12.pf
O45 - LFCP:[MD5.A86B0DF90EFA2599EC379144F3EC9773] - 2013-04-10 - 10:36:57 ---A- - C:\Windows\Prefetch\dynreservedpri.db
O45 - LFCP:[MD5.57532C367DA14D1A5D0B4F8B0F5F460A] - 2013-04-10 - 10:37:11 ---A- - C:\Windows\Prefetch\SRTASKS.EXE-3C9D2EEC.pf
O45 - LFCP:[MD5.D14CBD8B65C2D0DD18CD32CFAC7454B1] - 2013-04-10 - 19:08:28 ---A- - C:\Windows\Prefetch\SWSPMANAGER.EXE-6AA2E71D.pf
O45 - LFCP:[MD5.7E9DFD1B112FFD15CC154C9F412A4849] - 2013-04-10 - 19:08:39 ---A- - C:\Windows\Prefetch\SLDPROCMON.EXE-E029A4BA.pf
O45 - LFCP:[MD5.CD4324D7DBA55A0391C99C73B9B2FB13] - 2013-04-10 - 19:08:39 ---A- - C:\Windows\Prefetch\SLDWORKS.EXE-E5D429C1.pf
O45 - LFCP:[MD5.83EC436BDE54B7D930CE9B5F981AC016] - 2013-04-10 - 19:11:26 ---A- - C:\Windows\Prefetch\SLDSHELLEXTSERVER.EXE-CA586E64.pf
O45 - LFCP:[MD5.A9A9968FA93A1E33F8A4981E17BC9686] - 2013-04-10 - 20:22:57 ---A- - C:\Windows\Prefetch\PMB.EXE-149621F3.pf
O45 - LFCP:[MD5.877661A86A105CA23E19FEE324C88669] - 2013-04-10 - 20:46:00 ---A- - C:\Windows\Prefetch\CONNECT.SERVICE.CONTENTSERVIC-A7C7C922.pf
O45 - LFCP:[MD5.B9AA5CFBDCF6D7900C3431324BB1F29B] - 2013-04-10 - 21:02:11 ---A- - C:\Windows\Prefetch\WSHOST.EXE-20E1A6EA.pf
O45 - LFCP:[MD5.9E172B47FB415AB41B4ED1BB845A4EB8] - 2013-04-10 - 21:18:11 ---A- - C:\Windows\Prefetch\WDLOCKEDFILES.EXE-EE26236A.pf
O45 - LFCP:[MD5.78C35779AEA0DDD73AD5BDA553CF049C] - 2013-04-11 - 06:29:15 ---A- - C:\Windows\Prefetch\IAANOTIF.EXE-C3128AE7.pf
O45 - LFCP:[MD5.E3BF7C438F43A24DFF792387F885A3C0] - 2013-04-11 - 06:29:49 ---A- - C:\Windows\Prefetch\SCSERVER.EXE-FAFA817A.pf
~ Prefetcher: 196 Legitimates Scanned in 00mn 03s



---\\ D�ni du service (Local Security Authority) (O48)
~ LSA: 9 Legitimates Scanned in 00mn 00s



---\\ Contr�le du Safe Boot (CSB) (O49)
~ CBS: 17 Legitimates Scanned in 00mn 00s



---\\ MountPoints2 Shell Key (O51)
O51 - MPSK:{3d1e3bca-496b-11e2-bf70-806e6f6e6963}\AutoRun\command. (...) -- F:\WD Drive Unlock.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Trojan Driver Search Data (HKLM) (O52)
~ TDSD: 3 Legitimates Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
~ SMSR Keys: 6 Legitimates Scanned in 00mn 00s



---\\ Microsoft Control Security Providers (O54)
~ MSCP: 2 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=1
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 18 Legitimates Scanned in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
~ MWPE Keys: 1 Legitimates Scanned in 00mn 00s



---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.96191579DDB1A201A2FB79C1D05680B4] - 2012-07-25 - 22:42:31 ---A- . (.LSI - LSI 3ware SCSI Storport Driver.) -- C:\Windows\System32\Drivers\3ware.sys [85232]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 2012-07-25 - 17:52:51 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s



---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 2013-04-08 - 08:46:57 ---A- C:\Users\Administrateur\Documents\Cours\G�nie M�canique\4e session\Automatismes industriels\GX\FX Configurator-EN\%drive_C%\MELSEC\GPPW\Gppw.Ini [9889]
O61 - LFC: 2013-04-08 - 08:46:57 ---A- C:\Users\Administrateur\Documents\Cours\G�nie M�canique\4e session\Automatismes industriels\GX\FX Configurator-EN\Registry.rw.tvr.lck [60]
O61 - LFC: 2013-04-08 - 08:46:57 ---A- C:\Users\Administrateur\Documents\Cours\G�nie M�canique\4e session\Automatismes industriels\GX\FX Configurator-EN\Registry.tlog.cache [65536]
O61 - LFC: 2013-04-08 - 08:47:02 ---A- C:\Users\Administrateur\Documents\Cours\G�nie M�canique\4e session\Automatismes industriels\GX\FX Configurator-EN\Registry.rw.tvr [36864]
O61 - LFC: 2013-04-08 - 08:47:02 ---A- C:\Users\Administrateur\Documents\Cours\G�nie M�canique\4e session\Automatismes industriels\GX\FX Configurator-EN\Registry.rw.tvr.transact [36864]
O61 - LFC: 2013-04-08 - 08:47:02 ---A- C:\Users\Administrateur\Documents\Cours\G�nie M�canique\4e session\Automatismes industriels\GX\FX Configurator-EN\Registry.tlog [19456]
O61 - LFC: 2013-04-08 - 12:09:59 ---A- C:\Users\Administrateur\AppData\Roaming\Microsoft\Forms\EXCEL.box [12800]
O61 - LFC: 2013-04-08 - 12:10:53 ---A- C:\Users\Administrateur\AppData\Roaming\Microsoft\Excel\Excel15.xlb [10104]
O61 - LFC: 2013-04-08 - 14:05:35 ---A- C:\Users\Administrateur\Videos\RVC Recordings\19-2 Saison 2 �pisode 7 - TOU.TV -.mpg [12786277]
O61 - LFC: 2013-04-08 - 14:09:54 ---A- C:\Users\Administrateur\Videos\RVC Recordings\19-2 Saison 2 �pisode 6 - TOU.TV -.mpg [15576498]
O61 - LFC: 2013-04-09 - 06:27:44 ---A- C:\Users\Administrateur\Videos\RVC Recordings\Qu�bec sexy - Une playlist sur Dailymotion -[11].mpg [13456000]
O61 - LFC: 2013-04-09 - 06:29:20 ---A- C:\Users\Administrateur\Videos\RVC Recordings\Qu�bec sexy - Une playlist sur Dailymotion -[12].mpg [28557010]
O61 - LFC: 2013-04-09 - 06:52:03 ---A- C:\Users\Administrateur\Videos\RVC Recordings\2 frogs dans l'ouest Streaming VF � Film Streaming -.mpg [17779633]
O61 - LFC: 2013-04-09 - 07:03:05 -SHA- C:\Users\Administrateur\Videos\Thumbs.db [4096]
O61 - LFC: 2013-04-09 - 13:08:43 ---A- C:\Users\Administrateur\AppData\Local\SolidWorks\CXPA\20130409140831_20.2.0.0055.zip [1991]
O61 - LFC: 2013-04-09 - 13:54:20 ---A- C:\Users\Administrateur\AppData\Roaming\SolidWorks\SolidWorks 2012\swxJRNL.BAK [483942]
O61 - LFC: 2013-04-10 - 19:08:33 ---A- C:\Users\Administrateur\AppData\Local\SolidWorks\CXPA\20130410200829_20.2.0.0055.zip [12702]
O61 - LFC: 2013-04-10 - 19:11:17 ---A- C:\Users\Administrateur\AppData\Roaming\SolidWorks\SolidWorks 2012\swxJRNL.swj [94260]
O61 - LFC: 2013-04-10 - 20:22:52 ---A- C:\Users\Administrateur\AppData\Local\PMB Files\cert\secmod.db [16384]
O61 - LFC: 2013-04-10 - 20:35:24 ---A- C:\Users\Administrateur\AppData\Local\PMB Files\cert\cert8.db [65536]
O61 - LFC: 2013-04-10 - 20:35:24 ---A- C:\Users\Administrateur\AppData\Local\PMB Files\cert\key3.db [16384]
O61 - LFC: 2013-04-10 - 20:35:24 ---A- C:\Users\Administrateur\AppData\Local\PMB Files\pando.save [10225]
~ 22 Fichiers temporaires (Temporary files)
~ Files: 715 Legitimates Scanned in 10mn 28s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s



---\\ File Associations Shell Spawning (O67)
~ FASS Keys: 19 Legitimates Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Recherche des services d�marr�s par Svchost (O83)
~ Services: 35 Legitimates Scanned in 00mn 00s



---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.3BB84349396CFCFF74B0A0CBE81C190C] [SPRF][2011-05-30] (...) -- C:\ProgramData\ezsidmv.dat [56]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][2013-01-27] (...) -- C:\Users\Administrateur\AppData\Local\WavXMapDrive.bat [0]
[MD5.876DF625E242A10E46DAB5D77C7F6C87] [SPRF][2013-03-26] (.Microsoft Corporation - Self-Extracting Cabinet.) -- C:\Users\Administrateur\AppData\Local\Temp\IPx86_1036.exe [19885952]
[MD5.C6AA274F69EBDD86F75B7E3E4FA58AF4] [SPRF][2013-01-31] (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Users\Administrateur\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe [915376]
[MD5.5CC163324A11091C975B686EF4C52C73] [SPRF][2013-02-16] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\Administrateur\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe [897448]
[MD5.A620A735458E04AE0CF471319B6D6E7D] [SPRF][2013-03-01] (.Oracle Corporation - Java(TM) Platform SE binary.) -- C:\Users\Administrateur\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe [897448]
[MD5.241270AB16BE407767DE70143E8DB3AF] [SPRF][2012-03-14] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\Administrateur\AppData\Local\Temp\tbWise.dll [4398376] =>Toolbar.Conduit
[MD5.404D11F891C281853BC658B30A15E695] [SPRF][2013-04-11] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\Administrateur\Desktop\ZHPDiag2.exe [5551512]
[MD5.E3815CD387F4E37269914D7762903CE4] [SPRF][2011-02-03] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\Windows\Downloaded Program Files\IDropENU.dll [113888]
[MD5.988DF18DC66DC34FF664168E371526B9] [SPRF][2011-02-16] (.Autodesk, Inc. - Autodesk i-drop control.) -- C:\Windows\Downloaded Program Files\IDropFRA.dll [116040]
[MD5.6CDCCCC096DEBB05C50A6E69D056DD75] [SPRF][2007-05-04] (.SolidWorks Corporation - sldimdownload Module.) -- C:\Windows\Downloaded Program Files\sldimdownload.dll [726560]
~ Files: Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{9DB125B9-AC68-4990-9C4B-EDD0176F160B}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe (.not file.)
O87 - FAEL: "{0F50D901-98FD-450C-A4EF-1D6425672790}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files\SolidWorks Corp\SolidWorks\photoview\photoview360_cl.exe (.not file.)
O87 - FAEL: "{23013309-623C-4F90-9F63-7EB35D5A59A8}" | In - None - P6 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{B3A8D83F-F919-47CD-B45E-F6FF44A93002}" | In - Private - P17 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{D5FA3E58-68D5-4D73-B314-0BF7D6B79158}" | In - Private - P6 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{5A0DFC39-3EC5-49E2-8297-7D1A74236E0F}" | In - Domain - P17 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "{DC0AE0B9-DDEE-428E-95B7-268401F52C6D}" | In - Domain - P6 - TRUE | .(.Pas de propri�taire - Pando Media Booster.) -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
O87 - FAEL: "UDP Query User{9EC53B5F-1C1A-4B1E-B4F4-DCFF3370294B}C:\program files\ascomp software\backup maker\bkmaker.exe" | In - Private - P17 - TRUE | .(.ASCOMP Software GmbH.) -- C:\program files\ascomp software\backup maker\bkmaker.exe
O87 - FAEL: "TCP Query User{5631FA26-B6A2-403C-ACF2-8EB8F07DB3D9}C:\program files\ascomp software\backup maker\bkmaker.exe" | In - Private - P6 - TRUE | .(.ASCOMP Software GmbH.) -- C:\program files\ascomp software\backup maker\bkmaker.exe
O87 - FAEL: "UDP Query User{54E02E3B-5CC3-400D-B5AB-7A740453CCA2}C:\program files\vuze\azureus.exe" | In - Public - P17 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\program files\vuze\azureus.exe
O87 - FAEL: "TCP Query User{71F0C25C-D494-4955-8AC8-0BCD0AE6CACB}C:\program files\vuze\azureus.exe" | In - Public - P6 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\program files\vuze\azureus.exe
O87 - FAEL: "{F2335CA5-8111-4537-81B3-AB57B8099B06}" | In - Private - P17 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\Program Files\Vuze\Azureus.exe
O87 - FAEL: "{292BA80A-3253-4A15-A632-4E3B7C452D60}" | In - Private - P6 - TRUE | .(.Vuze Inc. - Pas de description.) -- C:\Program Files\Vuze\Azureus.exe
O87 - FAEL: "UDP Query User{D00F665C-7C92-4943-BF7F-3D96E5C109FD}C:\program files\sybase\shared\sybase central 4.3\win32\scjview.exe" | In - Public - P17 - TRUE | .(...) -- C:\program files\sybase\shared\sybase central 4.3\win32\scjview.exe
O87 - FAEL: "TCP Query User{850A2D5E-EC50-4611-89D8-B98CD4D3D3E3}C:\program files\sybase\shared\sybase central 4.3\win32\scjview.exe" | In - Public - P6 - TRUE | .(...) -- C:\program files\sybase\shared\sybase central 4.3\win32\scjview.exe
O87 - FAEL: "UDP Query User{3DD2F143-DB04-4C8D-96FF-BF12851FC7C0}C:\program files\sybase\shared\sybase central 4.3\win32\scjview.exe" | In - Private - P17 - TRUE | .(...) -- C:\program files\sybase\shared\sybase central 4.3\win32\scjview.exe
O87 - FAEL: "TCP Query User{0C7AE7E9-61D0-46CB-8D0C-8D3398E42A56}C:\program files\sybase\shared\sybase central 4.3\win32\scjview.exe" | In - Private - P6 - TRUE | .(...) -- C:\program files\sybase\shared\sybase central 4.3\win32\scjview.exe
O87 - FAEL: "UDP Query User{9AB5114E-228A-48D8-B7B7-0030C8CC96AA}C:\xampp\mysql\bin\mysqld.exe" | In - Public - P17 - TRUE | .(.MySQL AB - The MySQL Server.) -- C:\xampp\mysql\bin\mysqld.exe
O87 - FAEL: "TCP Query User{422D9DF1-11DF-4695-AAD2-D63D39F7319A}C:\xampp\mysql\bin\mysqld.exe" | In - Public - P6 - TRUE | .(.MySQL AB - The MySQL Server.) -- C:\xampp\mysql\bin\mysqld.exe
O87 - FAEL: "UDP Query User{CE4B4C36-73E7-40CE-A723-F5B9B311CDCF}C:\xampp\mysql\bin\mysqld.exe" | In - Private - P17 - TRUE | .(.MySQL AB - The MySQL Server.) -- C:\xampp\mysql\bin\mysqld.exe
O87 - FAEL: "TCP Query User{9C6A6529-B77F-429B-A0A2-E66B2A9E32F2}C:\xampp\mysql\bin\mysqld.exe" | In - Private - P6 - TRUE | .(.MySQL AB - The MySQL Server.) -- C:\xampp\mysql\bin\mysqld.exe
~ Firewall: 291 Legitimates Scanned in 00mn 03s



---\\ Scan Additionnel (O88)
Database Version : v2.11504 - (2013-04-10)
Cl�s trouv�es (Keys found) : 11
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 5
Fichiers trouv�s (Files found) : 4

[HKLM\Software\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}] =>Toolbar.Conduit
[HKLM\Software\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}] =>Dialer.IEAcess
[HKCU\Software\AppDataLow\Software\PriceGong] =>Adware.PriceGong
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent
[HKLM\Software\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing
[HKLM\Software\Canneverbe Limited\OpenCandy] =>Adware.OpenCandy
[HKLM\Software\Classes\Toolbar.CT3196716] =>Toolbar.Conduit
C:\Program Files\Conduit =>Toolbar.Conduit
C:\Users\Administrateur\AppData\Roaming\OpenCandy =>Adware.OpenCandy
C:\Users\Administrateur\AppData\Local\Conduit =>Toolbar.Conduit
C:\Users\Administrateur\AppData\LocalLow\Conduit =>Toolbar.Conduit
C:\Users\Administrateur\AppData\LocalLow\PriceGong =>Adware.PriceGong
C:\Users\Administrateur\AppData\Local\Temp\GoogleToolbarInstaller1.log =>Toolbar.Babylon
C:\Users\Administrateur\AppData\Local\Temp\GoogleToolbarInstaller2.log =>Toolbar.Babylon
C:\Users\Administrateur\AppData\Local\Temp\tbWise.dll =>Toolbar.Conduit
~ Additionnel: Scanned in 00mn 16s



---\\ Product Upgrade Codes (O90)
~ Update Products: 77 Legitimates Scanned in 00mn 00s



---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 2012-12-18 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 2013-03-12 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 2012-12-21 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 18656 | (Autodesk Content Service) . (...) - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
SR - | Auto 2011-08-30 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 2002-04-11 57344 | (Brother XP spl Service) . (.brother Industries Ltd.) - C:\Windows\system32\brsvc01a.exe
SS - | Demand 2012-01-20 89160 | (CoordinatorServiceHost) . (.Dassault Syst�mes SolidWorks Corp..) - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
SS - | Demand 2012-02-05 1044816 | (FLEXnet Licensing Service) . (.Flexera Software, Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 2010-08-08 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 2010-08-08 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SR - | Auto 2009-08-07 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SS - | Demand 2013-02-20 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 2013-03-13 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 2013-01-09 1324104 | (PDF Architect Helper Service) . (.pdfforge GbR.) - C:\Program Files\PDF Architect\HelperService.exe
SR - | Auto 2013-01-09 795208 | (PDF Architect Service) . (.pdfforge GbR.) - C:\Program Files\PDF Architect\ConversionService.exe
SR - | Auto 2010-09-22 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SS - | Auto 2013-02-28 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 2013-02-28 79360 | (SolidWorks Licensing Service) . (.SolidWorks.) - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
SS - | Demand 2011-03-16 407336 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe
SR - | Auto 2012-09-19 1157056 | (WDBackup) . (.Western Digital.) - C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
SR - | Auto 2012-09-06 248248 | (WDDriveService) . (.Western Digital.) - C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
SR - | Auto 2012-09-19 1177536 | (WDRulesService) . (.Western Digital.) - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
SR - | Auto 26112 | (wltrysvc) . (...) - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.exe
SS - | Demand 2012-09-20 23040 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
~ MBR: 1 Legitimates Scanned in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Administrateur at 2013-04-11 08:06:20

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s



~ 2127 Legitimates filtered by white list
End of the scan (650 lines in 19mn 39s)(0)

Publicité

Soutenons La Quadrature du Net ! Soutenons La Quadrature du Net !

Signaler le contenu de ce document

Publicité

Soutenons La Quadrature du Net !