Rapport de ZHPDiag v2013.6.6.10 par Nicolas Coolman, Update du 06/06/2013 Run by Anick at 06/06/2013 20:10:22 WebSite: http://nicolascoolman.webs.com State : WhiteList : Enable High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v10.0.9200.16576 MFIE: Mozilla Firefox 21.0 (Defaut) ---\\ Windows Product Information ~ Langage: Français Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 7QJB7 Windows License : OK ~ Windows Remaining Initializations Number : 5 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Protection AVG 2013 v13.0.3343 Malwarebytes Anti-Malware version 1.75.0.1300 Panda Internet Security 2013 v18.00.01 Windows Defender W7 ---\\ System Optimizer CCleaner v4.02 =>Piriform Ltd ---\\ Peer To Peer (P2P) ---\\ Software Update Adobe Flash Player 11 Plugin Adobe Reader XI Java 7 Update 21 ---\\ System Information ~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel ~ Operating System: 32 Bits Boot mode: Normal (Normal boot) Total RAM: 1791 MB (37% free) System Restore: Activé (Enable) System drive C: has 141 GB (62%) free of 228 GB ---\\ Logged in mode ~ Computer Name: PC-DE-ANICK ~ User Name: Anick ~ All Users Names: Liliclochette, Anick, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\Anick\AppData\Roaming\ ~ %Desktop% : C:\Users\Anick\Desktop\Desktop\ ~ %Favorites% : C:\Users\Anick\dwhelper\Favorites\ ~ %LocalAppData% : C:\Users\Anick\AppData\Local\ ~ %StartMenu% : C:\Users\Anick\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 141 Go of 228 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 218 Go of 228 Go) E:\ CD-ROM drive (Not Inserted) F:\ CD-ROM drive (Not Inserted) H:\ Floppy drive, Flash card reader, USB Key (Free 1 Go of 1 Go) L:\ Floppy drive, Flash card reader, USB Key (Not Inserted) O:\ Hard drive, Flash drive, Thumb drive (Free 588 Go of 932 Go) ---\\ Security Center & Tools Informations ~ Security Center: 38 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320] [MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256] [MD5.5ABB3F36AF17007F33FA275E96A2C95E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.05/04/2013 - 06:28:24.) -- C:\Windows\System32\wininet.dll [1767424] [MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 22:29:06.) -- C:\Windows\System32\Winlogon.exe [286720] [MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536] [MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944] [MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584] [MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656] [MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544] [MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336] [MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544] [MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896] [MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888] [MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904] [MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904] [MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752] [MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360] [MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848] [MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168] [MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752] [MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/127 ~ Mes musiques (My Musics) : 1/92 ~ Mes Videos (My Videos) : 1/2 ~ Mes Favoris (My Favorites) : 1/40 ~ Mes Documents (My Documents) : 1/950 ~ Mon Bureau (My Desktop) : 1/119229 ~ Menu demarrer (Programs) : 1/54 ~ Hidden Files: Scanned in 00mn 56s ---\\ Processus lancés [MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3768] [MD5.F3B864BF39CDB3A71F2774DD02FC1090] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4390912] [PID.6548] [MD5.44DEB3D86883C91621956C2C65EB7853] - (.Creative Technology Ltd. - Live! Cam Console Auto Launcher.) -- C:\Windows\V0470Mon.exe [32768] [PID.6604] [MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.6920] [MD5.3D24A66867ECE2A70223A83A1B18248D] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2013\avgui.exe [4408368] [PID.7028] [MD5.966511572EB360D49D9BD95FC0F0F35D] - (.Zemana Ltd. - Zemana AntiLogger User Interface.) -- C:\Program Files\AntiLogger\AntiLogger.exe [16866728] [PID.7688] [MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.21648] [MD5.4B54D0C57B9E2E13FD416502CEA11CB8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7463936] [PID.33592] ~ Processes Running: Scanned in 00mn 01s ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Anick\AppData\Roaming\Mozilla\Firefox\Profiles\6ejitbmq.default\prefs.js M3 - MFPP: Plugins - [Anick] -- C:\Users\Anick\AppData\Roaming\Mozilla\Firefox\Profiles\6ejitbmq.default\searchplugins\livecom.xml M2 - MFEP: prefs.js [Anick - 6ejitbmq.default\50b4d3607af86@50b4d3607afbf.com] [] Download and Sa v7.1 (..) M2 - MFEP: prefs.js [Anick - 6ejitbmq.default\{3ffb7be0-8bde-11de-8a39-0800200c9a66}] [] Purple Fox v20.0.10.04.13 (..) P2 - FPN:Firefox Plugin Navigator . (.BitComet - BitCometAgent v1.23 for Firefox.) -- C:\Program Files\Mozilla Firefox\Plugins\npBitCometAgent.dll =>P2P.BitComet P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - 1.9.0042.0.) -- C:\Program Files\Mozilla Firefox\Plugins\npLegitCheckPlugin.dll P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (.Pas de propriétaire - Provides additional functionality on Facebook. See Piriform Ltd O4 - GS\Desktop: Corbeille - Raccourci.lnk - Clé orpheline O4 - GS\Desktop: Desktop.lnk . (...) -- C:\Users\Public\Documents O4 - GS\Desktop: Notepad++.lnk . (.Don HO don.h@free.fr - Notepad++ : a free (GNU) source code editor.) -- C:\Program Files\Notepad++\notepad++.exe O4 - GS\Desktop: Windows Live Messenger (2).lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe O4 - GS\Desktop: Windows Live Messenger .lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe ~ Global Startup: Scanned in 00mn 01s ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll (.not file.) O9 - Extra button: (no name) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll (.not file.) ~ IE Extra Buttons: Scanned in 00mn 00s ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} ((no name)) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab ~ Objets ActiveX: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{169CEE27-4969-46D2-AB0F-0C9722446995}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{169CEE27-4969-46D2-AB0F-0C9722446995}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{169CEE27-4969-46D2-AB0F-0C9722446995}: DhcpNameServer = 192.168.0.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - Winlogon Notify: avldr . (...) -- avldr.dll ~ Winlogon: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: ArcSoft Connect Daemon (ACDaemon) . (...) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Acer HomeMedia Connect Service (Acer HomeMedia Connect Service) . (.CyberLink - CLMSServer.) - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: eDSService.exe (eDataSecurity Service) . (.HiTRSUT - eDataSecurity Service.) - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eRecovery Service (eRecoveryService) . (.Acer Inc. - eRecoveryService.) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe ~ Services: 20 Legitimates Filtered in 00mn 16s ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\OptimizerProUpdaterTask{F12180C7-3FBC-4656-B8F0-1037E05226B7}.job [406] =>PUP.OptimizerPro [MD5.00000000000000000000000000000000] [APT] [OptimizerProUpdaterTask{F12180C7-3FBC-4656-B8F0-1037E05226B7}] (...) -- C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe (.not file.) [0] =>PUP.OptimizerPro [MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.) [0] =>Toolbar.Ask [MD5.00000000000000000000000000000000] [APT] [YourFile Update] (...) -- C:\Program Files\YourFileDownloader\YourFileUpdater.exe (.not file.) [0] =>PUP.YourFileDownloader [MD5.00000000000000000000000000000000] [APT] [{0B4322C0-2A3E-4603-A0E6-991F1DD79902}] (...) -- L:\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{32CFB9F8-0518-41E3-BAC3-EC73CD3FBAE2}] (...) -- C:\Program Files\Mega Bloc Notes\desinstall.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{33D1502A-7596-46F2-99DB-66908331960A}] (...) -- C:\Users\Anick\Downloads\HiJackThis.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{91AC181B-71CF-4DA5-AEF6-F5BFBE428715}] (...) -- C:\Program Files\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{A62D5FE7-C2FE-41BA-A869-13BAA9EF7137}] (...) -- C:\Program Files\7-Zip\Uninstall.exe (.not file.) [0] ~ Scheduled Task: 24 Legitimates Filtered in 01mn 55s ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: (AntiLog32) . (.Zemana Ltd. - Zemana AntiLogger Driver.) - C:\Windows\system32\drivers\AntiLog32.sys ~ Drivers: 81 Legitimates Filtered in 00mn 15s ---\\ Logiciels installés (O42) O42 - Logiciel: ESSPDock - (.Nom de votre société.) [HKLM] -- {FCDB1C92-03C6-4C76-8625-371224256091} O42 - Logiciel: Falsh Player 10 - (...) [HKLM] -- {4C5F4B75-32D1-472B-90DF-26A3181D7597}_is1 ~ Logic: 154 Legitimates Filtered in 00mn 00s ---\\ HKCU & HKLM Software Keys [HKCU\Software\3D Wild Dolphin Screensaver] [HKCU\Software\IncrediMail] [HKCU\Software\Wedding Album Maker Gold] [HKCU\Software\simonpepito] [HKCU\Software\wscontb] [HKLM\Software\Mitac] [HKLM\Software\megablocnote] ~ Key Software: 300 Legitimates Filtered in 00mn 00s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 27/11/2012 - 03:42:02 - [2,801] ----D C:\Program Files\BonkEnc O43 - CFD: 27/11/2012 - 03:42:24 - [0,403] ----D C:\Program Files\DNA O43 - CFD: 27/11/2012 - 03:45:22 - [0,667] ----D C:\Program Files\FP O43 - CFD: 08/01/2013 - 12:45:39 - [0,000] ----D C:\Program Files\Supercow O43 - CFD: 27/11/2012 - 03:48:05 - [0,000] ----D C:\Program Files\SynthPronosPlusSha O43 - CFD: 27/11/2012 - 03:48:21 - [59,379] ----D C:\Program Files\Wedding Album Maker Gold O43 - CFD: 27/11/2012 - 03:48:31 - [0,000] ----D C:\ProgramData\IM O43 - CFD: 30/05/2013 - 16:20:56 - [26,025] --H-D C:\ProgramData\{3D3D405B-A26F-46DE-8E42-8BCC08AC2C4B} O43 - CFD: 27/11/2012 - 03:49:29 - [0,552] --H-D C:\ProgramData\~1 O43 - CFD: 27/11/2012 - 04:02:13 - [0,001] ----D C:\Users\Anick\AppData\Roaming\#Hf O43 - CFD: 27/11/2012 - 04:02:16 - [0,995] ----D C:\Users\Anick\AppData\Roaming\Aveyond 3 O43 - CFD: 27/11/2012 - 04:02:16 - [0,341] ----D C:\Users\Anick\AppData\Roaming\BitComet =>P2P.BitComet O43 - CFD: 27/11/2012 - 04:02:16 - [0,006] ----D C:\Users\Anick\AppData\Roaming\BonkEnc O43 - CFD: 27/11/2012 - 04:02:18 - [0,001] ----D C:\Users\Anick\AppData\Roaming\CometPlayer O43 - CFD: 26/12/2011 - 10:36:46 - [0] ----D C:\Users\Anick\AppData\Roaming\lang O43 - CFD: 27/11/2012 - 04:02:43 - [0,007] ----D C:\Users\Anick\AppData\Roaming\Pi Eye Games O43 - CFD: 30/11/2012 - 11:29:55 - [0,329] ----D C:\Users\Anick\AppData\Roaming\Wedding Album Maker O43 - CFD: 27/11/2012 - 04:02:48 - [0,001] ----D C:\Users\Anick\AppData\Roaming\Woozworld.2AB110D612309D36CC287D3596C3A64DA1EE9210.1 O43 - CFD: 27/11/2012 - 04:00:17 - [-1703,113] ----D C:\Users\Anick\AppData\Local\Ares O43 - CFD: 27/11/2012 - 04:00:26 - [0,610] ----D C:\Users\Anick\AppData\Local\eSupport.com =>Rogue.RegistryWizard O43 - CFD: 27/11/2012 - 04:00:30 - [6,711] ----D C:\Users\Anick\AppData\Local\IM O43 - CFD: 27/11/2012 - 04:01:44 - [0,001] ----D C:\Users\Anick\AppData\Local\Pirate O43 - CFD: 01/04/2011 - 15:58:17 - [0] ----D C:\Users\Anick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\La Poste O43 - CFD: 15/06/2011 - 21:26:17 - [0] ----D C:\Users\Anick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Supercow O43 - CFD: 27/11/2012 - 04:02:28 - [0,004] ----D C:\Users\Anick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wedding Album Maker Gold ~ Program Folder: 387 Legitimates Filtered in 00mn 20s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.30CD54C2A4212D776CE57A6E8F67DC96] - 06/06/2013 - 17:26:56 ---A- . (...) -- C:\Windows\ntbtlog.txt [151522] O44 - LFC:[MD5.4240992C33A949CB7C8E5642AFCA3492] - 05/06/2013 - 14:02:03 ---A- . (...) -- C:\UsbFix [Clean 2] PC-DE-ANICK.txt [9950] O44 - LFC:[MD5.13F15C7B58571B8B0F4CCD5FE7EA62E5] - 05/06/2013 - 13:59:06 ----- . (...) -- C:\UsbFix [Scan 4] PC-DE-ANICK.txt [3699] O44 - LFC:[MD5.B7E98A5F4DC40E05D1EBB073FD832D47] - 04/06/2013 - 12:20:27 ----- . (...) -- C:\UsbFix [Clean 1] PC-DE-ANICK.txt [4443] O44 - LFC:[MD5.D6B45EA0258066159F18DF02F2E373C2] - 04/06/2013 - 12:19:25 ----- . (...) -- C:\UsbFix [Scan 3] PC-DE-ANICK.txt [5482] O44 - LFC:[MD5.798F9F407BE82F6AC1FAD668607AFD67] - 04/06/2013 - 11:59:10 ----- . (...) -- C:\UsbFix [Scan 2] PC-DE-ANICK.txt [5593] O44 - LFC:[MD5.460023AC6C3E079344A4F625D4FE6370] - 04/06/2013 - 11:17:53 ----- . (...) -- C:\UsbFix [Scan 1] PC-DE-ANICK.txt [5535] O44 - LFC:[MD5.D4D9E640862D7748F8F0D986C0E0DC9A] - 30/05/2013 - 15:20:58 ---A- . (.Zemana Ltd. - Zemana AntiLogger Driver.) -- C:\Windows\System32\Drivers\AntiLog32.sys [80104] ~ Files: 18 Legitimates Filtered in 00mn 28s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.804E556BB2794C49A60B7DAD2800EA1A] - 04/06/2013 - 12:43:57 ---A- - C:\Windows\Prefetch\GO.EXE-0A7DE786.pf O45 - LFCP:[MD5.791E1BBB81B176346A057D830BF30B33] - 04/06/2013 - 12:57:15 ---A- - C:\Windows\Prefetch\MBRWRWIN.EXE-2144233B.pf O45 - LFCP:[MD5.560E80F58EE7BC7561F4239BDD67B1DB] - 04/06/2013 - 17:02:10 ---A- - C:\Windows\Prefetch\MKV.EXE-6EC3DB31.pf O45 - LFCP:[MD5.4E8DDC1BDFFD406E0B15549B9357A42A] - 05/06/2013 - 16:46:32 ---A- - C:\Windows\Prefetch\MEDIAMONKEYCOM.EXE-48DF8DA7.pf O45 - LFCP:[MD5.792E55BCF27F7629D3BD0206A2E4DC0F] - 06/06/2013 - 18:55:34 ---A- - C:\Windows\Prefetch\KDBSYNC.EXE-FEEAE65E.pf O45 - LFCP:[MD5.F77DF278309CC5A771B42A8B29993D72] - 06/06/2013 - 18:55:43 ---A- - C:\Windows\Prefetch\V0470MON.EXE-B4C86809.pf O45 - LFCP:[MD5.BEDD33A3946E510635BAEDB3A10AB371] - 06/06/2013 - 18:55:45 ---A- - C:\Windows\Prefetch\ANTILOGGER.EXE-EDF2E5FE.pf O45 - LFCP:[MD5.7E2B3CE8AD688B42AC0607792E3B2740] - 28/05/2013 - 17:35:04 ---A- - C:\Windows\Prefetch\PROCMGR.EXE-57DDAE67.pf O45 - LFCP:[MD5.965F7A2B52618C96F5A1E5E1A157B4AC] - 30/05/2013 - 15:20:42 ---A- - C:\Windows\Prefetch\ZEMANA_ANTILOGGER_1.9.3.454.E-6AB5B00C.pf O45 - LFCP:[MD5.A5F9AC9ACB4BC5A2A402CBCB55A2F2B7] - 30/05/2013 - 15:20:49 ---A- - C:\Windows\Prefetch\ANTILOGGER.EXE-A1B534BF.pf O45 - LFCP:[MD5.154C9D053C0BC4F6F334B2E030897DCF] - 30/05/2013 - 15:21:45 ---A- - C:\Windows\Prefetch\KEYGEN_ZEMANA_ANTILOGGER_1.9.-1F5BB6FE.pf O45 - LFCP:[MD5.8A89F19ACEFA354CA0838EA5D127EF58] - 30/05/2013 - 20:56:32 ---A- - C:\Windows\Prefetch\NSE570.TMP-5C3C84C5.pf O45 - LFCP:[MD5.19694D87F44B1D982F4C4F4EFD95C675] - 30/05/2013 - 20:56:32 ---A- - C:\Windows\Prefetch\NSEC98.TMP-B1505375.pf ~ Prefetcher: 138 Legitimates Filtered in 00mn 00s ---\\ Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Clé orpheline ~ ShellExecuteHooks: Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (O53) O53 - SMSR:HKLM\...\startupreg\MegakeyUpdater [Key] . (...) -- C:\Users\Anick\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe (.not file.) ~ SMSR Keys: 25 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies System (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\\ Microsoft Windows Policies Explorer (O56) O56 - MWPE:[HKCU\...\policies\Explorer] - "HonorAutoRunSetting"=0 O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=0 ~ MWPE Keys: 17 Legitimates Filtered in 00mn 00s ---\\ Liste des Drivers Système (O58) O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976] O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029] ~ Drivers: Scanned in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 04/06/2013 - 11:14:15 ---A- C:\Users\Anick\AppData\Local\Zemana\ZALSDK\Blobs.db [510] O61 - LFC: 05/06/2013 - 14:03:05 ---A- C:\Users\Anick\tennis 2013.txt [9950] O61 - LFC: 06/06/2013 - 18:27:36 ---A- C:\Users\Anick\AppData\Local\Zemana\ZALSDK\threats.zdb [3729536] O61 - LFC: 06/06/2013 - 19:05:22 ---A- C:\Users\Anick\AppData\Local\Zemana\ZALSDK\samples.zdb [1051] ~ 10 Fichiers temporaires (Temporary files) ~ Files: 31 Legitimates Filtered in 00mn 56s ---\\ Liste des outils de nettoyage (O63) O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - SosVirus.org.) [HKLM] -- Usbfix O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\\ Start Menu Internet (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Search Browser Infection (O69) O69 - SBI: prefs.js [Anick - 6ejitbmq.default] user_pref("extensions.helperbar.DockingPositionDown", false); O69 - SBI: prefs.js [Anick - 6ejitbmq.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search"); O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com O69 - SBI: SearchScopes [HKCU] Live Search - (Live Search) - http://search.live.com O69 - SBI: SearchScopes [HKCU] {02F1D67D-F8FB-47CF-B7F0-EBCD6A07C2C6} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {0633EE93-1111-472f-A0FF-E1416B8B2EAA} - (Search) - http://www.pucuy.com O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Bing) - http://www.bing.com O69 - SBI: SearchScopes [HKCU] {AB85108A-7723-4B6D-BAA4-875AD5E04CD6} - (WhiteSmoke US New Customized Web Search) - http://search.conduit.com =>PUP.WhiteSmoke O69 - SBI: SearchScopes [HKCU] {BFC73B0C-7420-43E5-8D44-F8FCD22E8A38} - (Ask Search) - http://websearch.ask.com O69 - SBI: SearchScopes [HKCU] {C5717A24-E901-4A94-BF62-CDA5ABE2027A} - ((search.live.com) Live Search) - http://search.live.com O69 - SBI: SearchScopes [HKCU] {E4286D06-B96B-443A-B293-6455ED5FA75E} - (Yahoo! Search) - http://fr.search.yahoo.com ~ Keys: Scanned in 00mn 00s ---\\ Crack & Keygen Files (O82) C:\Users\Anick\Downloads\Keygen_Zemana_AntiLogger_1.9.x.xxx_-_SND.exe C:\Users\Anick\Downloads\Keygen_Zemana_AntiLogger_1.9.x.xxx_-_SND.exe ~ Files: Scanned in 01mn 13s ---\\ Recherche particuliere à la racine de certains dossiers (O84) [MD5.D21896C3CD4BE9CCDC88BCED166B58F5] [SPRF][15/04/2013] (...) -- C:\ProgramData\ntuser.dat [262144] [MD5.90086F77F7D4113A7E7C63D910699E39] [SPRF][14/05/2011] (...) -- C:\Users\Anick\AppData\Roaming\Anicklog.dat [1243] [MD5.E152C2E083BB18DF3770DE4040E3F391] [SPRF][09/10/2011] (...) -- C:\Users\Anick\AppData\Roaming\SetValue.bat [35] [MD5.806C402AB92F481AF77B4E4C7D23E439] [SPRF][09/03/2011] (...) -- C:\Users\Anick\AppData\Roaming\Sys2662.Config.Repository.bin [22] [MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][12/03/2008] (...) -- C:\Users\Anick\AppData\Roaming\wklnhst.dat [0] [MD5.0A90C8A3F94564E7EAF541981EAFA52A] [SPRF][06/06/2013] (...) -- C:\Users\Anick\Desktop\Desktop\adwcleaner.exe [632031] [MD5.121F4ED4AD27877A9CCCC5D56BDF156D] [SPRF][03/06/2013] (...) -- C:\Users\Anick\Desktop\Desktop\MKV.exe [388227] [MD5.04247E26DC344937A535CA9C7AB0B597] [SPRF][19/01/2011] (...) -- C:\Program Files\setup.exe [475016] [MD5.E802BAF0B20CCCA90EC32D1D7D0BA05A] [SPRF][16/10/2009] (.NHN Corporation - ChannelingPluginforReactor Dynamic Linking Library.) -- C:\Windows\Downloaded Program Files\ChannelingPluginforReactor.dll [65536] [MD5.9956CB0A1A1C8886A956EFAA3BBD6FF0] [SPRF][10/11/2009] (.Pas de propriétaire - ijji Optimizer Application.) -- C:\Windows\Downloaded Program Files\ijjiOptimizer.exe [811008] [MD5.F5274D356DB9259A6904C98F65F8D1AE] [SPRF][21/12/2009] (.NHN USA.Inc - ijji.com.) -- C:\Windows\Downloaded Program Files\ijjiPCPlugin.dll [204560] [MD5.4B0C612F9878234885D0058EE3C59A88] [SPRF][10/11/2009] (.PC Pitstop LLC - PC Pitstop ActiveX Control 2.) -- C:\Windows\Downloaded Program Files\PCPitstop2.dll [381664] ~ Files: Scanned in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "{602E7204-E3F3-4B6E-9DD6-ED59C9E62FB2}" | In - Public - P17 - TRUE | .(.Acer Inc. - Acer Empowering Techonology Framework Launcher.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe O87 - FAEL: "{FAC52499-1DF8-4F4B-A548-475E6E8A556C}" | In - Public - P6 - TRUE | .(.Acer Inc. - Acer Empowering Techonology Framework Launcher.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe O87 - FAEL: "UDP Query User{3AB5DCAD-2F22-4904-8DA0-0CAC8D49CE52}C:\program files\sightspeed\sightspeed.exe" | In - Public - P17 - TRUE | .(.SightSpeed Inc. - SightSpeed.) -- C:\program files\sightspeed\sightspeed.exe O87 - FAEL: "TCP Query User{6D348608-7440-4D2F-8380-91B0C2094D9C}C:\program files\sightspeed\sightspeed.exe" | In - Public - P6 - TRUE | .(.SightSpeed Inc. - SightSpeed.) -- C:\program files\sightspeed\sightspeed.exe O87 - FAEL: "{D585109C-A3E9-47A0-B1F8-BEF827E9F6D7}" | In - None - P6 - TRUE | .(.Pas de propriétaire - DVAX2Process MFC Application.) -- C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe ~ Firewall: 233 Legitimates Filtered in 00mn 01s ---\\ Scan Additionnel (O88) Database Version : v2.12397 - (06/06/2013) Clés trouvées (Keys found) : 5 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 1 Fichiers trouvés (Files found) : 0 [HKLM\Software\Microsoft\Tracing\YourFile_RASAPI32] =>PUP.YourFileDownloader [HKLM\Software\Microsoft\Tracing\YourFileUpdater_RASAPI32] =>PUP.YourFileDownloader [HKLM\Software\Microsoft\Tracing\YourFileUpdater_RASMANCS] =>PUP.YourFileDownloader [HKCU\Software\wscontb] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181110}] =>PUP.CrossRider C:\Users\Anick\AppData\Local\eSupport.com =>Rogue.RegistryWizard ~ Additionnel Scan: 285092 Items scanned in 00mn 24s ---\\ Product Upgrade Codes (O90) O90 - PUC: "9888910D6677B424BA181FF6E8DDEF4F" . (.Facemoods.) -- C:\Windows\Installer\{D0198889-7766-424B-AB81-F16F8EDDFEF4}\ARPPRODUCTICON.exe =>Adware.Facemoods ~ Update Products: 164 Legitimates Filtered in 00mn 00s ---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Auto 113152 | (ACDaemon) . (...) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe SR - | Auto 04/04/2007 266343 | (Acer HomeMedia Connect Service) . (.CyberLink.) - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe SR - | Auto 28672 | (AcerMemUsageCheckService) . (...) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe SR - | Auto 65192 | (AdobeARMservice) . (...) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 17/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 29/12/2011 497496 | (AdvancedSystemCareService5) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe SR - | Auto 04/07/2012 217088 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 10/04/2013 1428472 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2013\avgfws.exe SR - | Auto 13/05/2013 4937264 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2013\avgidsagent.exe SR - | Auto 18/04/2013 283136 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2013\avgwdsvc.exe SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 06/02/2007 457512 | (eDataSecurity Service) . (.HiTRSUT.) - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe SR - | Auto 03/07/2007 53248 | (eRecoveryService) . (.Acer Inc..) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe SR - | Auto 07/09/2012 1828496 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe SS - | Auto 61440 | (LightScribeService) . (...) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe SS - | Demand 24/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 14/12/2012 1522912 | (PDF Architect Helper Service) . (.pdfforge GbR.) - C:\Program Files\PDF Architect\HelperService.exe SR - | Auto 14/12/2012 906464 | (PDF Architect Service) . (.pdfforge GbR.) - C:\Program Files\PDF Architect\ConversionService.exe SR - | Auto 143360 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe SS - | Auto 19/04/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 01s ---\\ Recherche Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by Anick at 06/06/2013 20:17:48 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8509E1F8]<< 1 ntkrnlpa!IofCallDriver[0x8304ABC5] >> \Device\Harddisk0\DR0[0x85F36510] \Driver\atapi[0x85DC0D70] >> IRP_MJ_CREATE >> 0x8509E1F8 kernel: MBR read successfully user & kernel MBR OK ~ MBR: 14 Legitimates Filtered in 00mn 02s ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Anick at 06/06/2013 20:17:50 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 04s ~ 1779 Legitimates filtered by white list End of the scan (572 lines in 07mn 28s)(2)