Rapport de ZHPDiag v2013.4.25.153 par Nicolas Coolman, Update du 25-04-13
Run by Alain  Riendeau at 25-04-13 19:44:08
State : Version à jour.
WhiteList : Enable
High Elevated Privileges : OK
UAC : Deactivate by program


---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16540
MFIE: Mozilla Firefox 20.0.1 (Defaut)

---\\ Windows Product Information
~ Langage: Français
Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_COA_NSLP channel
Windows ID Activation : OK
~ Windows Partial Key : D3TK6
Windows License : OK
~ Windows Remaining Initializations Number : 4
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Protection
AVG 2013 v13.0.2904
Malwarebytes Anti-Malware version 1.75.0.1300
Spyware Terminator 2012 v3.0.0.82
Windows Defender W7

---\\ System Optimizer

---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 17

---\\ System Information
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8173 MB (79% free)
System Restore: Activé (Enable)
System drive C: has 667 GB (71%) free of 931 GB

---\\ Logged in mode
~ Computer Name: ANTOINE
~ User Name: Alain  Riendeau
~ All Users Names: Alain  Riendeau, Administrateur, 
~ Unselected Option: None
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Alain  Riendeau\AppData\Roaming\
~ %Desktop% : C:\Users\Alain  Riendeau\Desktop\
~ %Favorites% : C:\Users\Alain  Riendeau\Favorites\
~ %LocalAppData% : C:\Users\Alain  Riendeau\AppData\Local\
~ %StartMenu% : C:\Users\Alain  Riendeau\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 667 Go of 931 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ Hard drive, Flash drive, Thumb drive (Free 468 Go of 932 Go)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] DisableRegistryTools: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime :  OK
~ Security Center:  Scanned in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25-02-11 - 01:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.13-07-09 - 20:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.753C0848AE7872A3F59663078A517293] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.21-02-13 - 05:15:07.) -- C:\Windows\System32\wininet.dll [2240512]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20-11-10 - 08:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20-11-10 - 08:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27-12-11 - 22:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13-07-09 - 20:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13-07-09 - 18:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20-11-10 - 04:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20-11-10 - 04:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20-11-10 - 05:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.13-07-09 - 18:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13-07-09 - 19:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26-04-11 - 21:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20-11-10 - 04:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12-04-13 - 09:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.13-07-09 - 19:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20-11-10 - 05:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20-11-10 - 06:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13-07-09 - 19:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20-11-10 - 04:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20-11-10 - 08:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 3/331
~ Mes musiques (My Musics) : 68/206
~ Mes Videos (My Videos) : 2/19
~ Mes Favoris (My Favorites) : 1/62
~ Mes Documents (My Documents) : 4/148960
~ Mon Bureau (My Desktop) : 1/32
~ Menu demarrer (Programs) : 1/28
~ Hidden Files:  Scanned in 01mn 17s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe   [532040] [PID.2240]
[MD5.B29FF9A0E584185F2DCDCFC0D13E60A4] - (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe   [2777736] [PID.2888]
[MD5.BC90F2034566DDE57216EF9AFFD12D72] - (.XTRALOG - Agenda de bureau.) -- C:\Program Files (x86)\Calendrier\Cld2000.exe   [3030528] [PID.2928]
[MD5.5FC1063C1532F31A21012BA59C06A2EE] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\uTorrent.exe   [802136] [PID.2936]
[MD5.7E4AD8220AF0B281274F9785DD53E25C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   [18642024] [PID.2952]
[MD5.7DA09FCF45BB6EC4170273044FC0F3B8] - (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe   [3684488] [PID.3036]
[MD5.9DADF1A809ECEC86F04BDE35190D59FE] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe   [3147384] [PID.3184]
[MD5.F20715AC8D4D08D35E71026D104C739D] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7004160] [PID.4308]
[MD5.67A95B9D129ED5399E7965CD09CF30E7] - (.Logitech Inc. - Logitech User mode UMVPF service.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe   [450848] [PID.1332]
[MD5.ADC420616C501B45D26C0FD3EF1E54E4] - (.ArcSoft Inc. - ArcSoft Connect Service.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe   [113152] [PID.1876]
[MD5.4AFC14AFA58878FAA1D249E7E90EA54B] - (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe   [5814904] [PID.1900]
[MD5.6B72E1E329C4E98C6B6FDD2D265E3BA3] - (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe   [196664] [PID.1948]
[MD5.571BE8568485C68FF88A99BB203C4EEB] - (.Creative Labs - System Level Service Utility.) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\APLicensing.exe   [72704] [PID.864]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe   [418376] [PID.1784]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe   [701512] [PID.2068]
[MD5.E2CA898E105C3F2B62DB130F28C73322] - (.Pas de propriétaire - ToolbarU Application.) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe   [990896] [PID.2268]  =>Toolbar.AVGSearch
[MD5.7F32D4C47A50E7223491E8FB9359907D] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe   [325656] [PID.3480]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Alain  Riendeau\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser:  Scanned in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2,M3)
C:\Users\Alain  Riendeau\AppData\Roaming\Mozilla\Firefox\Profiles\i0q8tl3f.default\prefs.js
M0 - MFSP: prefs.js [Alain  Riendeau - i0q8tl3f.default] google.ca
M2 - MFEP: prefs.js [Alain  Riendeau - i0q8tl3f.default\ouuoyya@ujwq.com] [] Browseo2Suaavve v3.8 (..)
~ Firefox Browser: 12 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.ca
~ IE Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 01s
~ Nombre de lignes (Lines number): 15406



---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [SpywareTerminatorShield] . (.Crawler.com - Spyware Terminator 2012 Realtime Shield.) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe 
O4 - HKLM\..\Run: [SpywareTerminatorUpdater] . (.Crawler.com - Spyware Terminator 2012 Update Support.) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe 
O4 - HKLM\..\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe 
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe 
O4 - HKCU\..\Run: [Cld2000.exe] . (.XTRALOG - Agenda de bureau.) -- C:\Program Files (x86)\Calendrier\Cld2000.exe 
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\uTorrent.exe 
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe 
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe 
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe 
O4 - HKCU\..\Run: [AdobeBridge] Clé orpheline 
O4 - HKLM\..\Wow6432Node\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe 
O4 - HKLM\..\Wow6432Node\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe (.not file.)   =>Toolbar.AVGSearch
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe 
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe 
O4 - HKUS\S-1-5-21-4270265617-897898914-2664782545-1000\..\Run: [Cld2000.exe] . (.XTRALOG - Agenda de bureau.) -- C:\Program Files (x86)\Calendrier\Cld2000.exe 
O4 - HKUS\S-1-5-21-4270265617-897898914-2664782545-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\uTorrent.exe 
O4 - HKUS\S-1-5-21-4270265617-897898914-2664782545-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe 
O4 - HKUS\S-1-5-21-4270265617-897898914-2664782545-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe 
O4 - HKUS\S-1-5-21-4270265617-897898914-2664782545-1000\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.exe 
O4 - HKUS\S-1-5-21-4270265617-897898914-2664782545-1000\..\Run: [AdobeBridge] Clé orpheline 
~ Application:  Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\TaskBar: Paint.lnk . (.Microsoft Corporation - Paint.)  -- C:\Windows\system32\mspaint.exe 
O4 - GS\TaskBar: Snipping Tool.lnk . (.Microsoft Corporation - Outil Capture.)  -- C:\Windows\system32\SnippingTool.exe 
O4 - GS\TaskBar: TuneUp Utilities - Startoberfläche.lnk . (.TuneUp Software - TuneUp Utilities - Startoberfläche.)  -- C:\Program Files (x86)\TuneUp Utilities 2013\Integrator.exe 
O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.)  -- C:\Windows\explorer.exe 
O4 - GS\TaskBar: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.)  -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe 
O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.)  -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch: CDBurnerXP.lnk . (.Canneverbe Limited - CDBurnerXP.)  -- C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe 
O4 - GS\QuickLaunch: iMesh.lnk . (...)  -- C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe (.not file.)  =>PUP.iMesh
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\QuickLaunch: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\uTorrent.exe 
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.)  -- C:\Windows\system32\eudcedit.exe 
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft  Windows Fax and Scan.)  -- C:\Windows\system32\WFS.exe 
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.)  -- C:\Program Files (x86)\Skype\Phone\Skype.exe 
O4 - GS\Desktop: ADIF Karaoke Player.lnk . (...)  -- C:\ADIF Karaoke Player\AdifKaraoke.exe
O4 - GS\Desktop: Calendrier Xtra.lnk . (.XTRALOG - Agenda de bureau.)  -- C:\Program Files (x86)\Calendrier\Cld2000.exe 
O4 - GS\Desktop: Disque local (C) - Raccourci.lnk . (...)  -- C:\ 
O4 - GS\Desktop: Documents - Raccourci.lnk . (...)  -- C:\Users\Alain  Riendeau\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms 
O4 - GS\Desktop: DVDVideoSoft Free Studio.lnk . (.DvdVideoSoft Ltd. - FreeStudioManager.)  -- C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe 
O4 - GS\Desktop: externe (E) - Raccourci.lnk . (...)  -- E:\ 
O4 - GS\Desktop: Format Factory.lnk . (.Free Time - FormatFactory.)  -- C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe 
O4 - GS\Desktop: Free YouTube Download.lnk . (.DVDVideoSoft Ltd. - Free YouTube Download.)  -- C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe 
O4 - GS\Desktop: iMesh.lnk . (...)  -- C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe (.not file.)  =>PUP.iMesh
O4 - GS\Desktop: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.)  -- C:\Program Files (x86)\Internet Explorer\iexplore.exe 
O4 - GS\Desktop: IZArc.lnk . (...)  -- C:\Program Files (x86)\IZArc\IZArc.exe
O4 - GS\Desktop: KaraFun Player.lnk . (.RECISIO - KaraFun Player - Karaoke Player.)  -- C:\Program Files (x86)\KaraFun Player\KaraFunPlayer.exe 
O4 - GS\Desktop: Karaoke 5.lnk . (...)  -- C:\Program Files (x86)\Karaoke5\karaoke.exe
O4 - GS\Desktop: Lecteur de CD - Raccourci.lnk . (...)  -- D:\ 
O4 - GS\Desktop: Microsoft Publisher 2010.lnk . (...)  -- C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pubs.exe
O4 - GS\Desktop: Microsoft Word 2010.lnk . (...)  -- C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
O4 - GS\Desktop: Mozilla Firefox (2).lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
O4 - GS\Desktop: Mozilla Firefox (3).lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.)  -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
O4 - GS\Desktop: RadioSure.lnk . (.TheBestWare Studio - RadioSure.)  -- C:\Users\Alain  Riendeau\AppData\Local\RadioSure\RadioSure.exe 
O4 - Global Startup: C:\Users\Alain  Riendeau\Desktop\Transports Québec  Québec 511 - Distances routières.url . (.TheBestWare Studio - RadioSure.)  -- C:\Users\Alain  Riendeau\Desktop\Transports Québec  Québec 511 - Distances routières.url
O4 - GS\Desktop: Téléchargements - Raccourci.lnk . (...)  -- C:\Users\Alain  Riendeau\Downloads 
O4 - GS\Desktop: Watchtower Library 2012 - Français.lnk . (.Watch Tower Bible and Tract Society of Penn - Watchtower Library 2012 - Édition française.)  -- C:\Program Files (x86)\Watchtower\Watchtower Library 2012\F\WTLibrary.exe 
O4 - GS\Desktop: XPD - Raccourci.lnk . (...)  -- C:\Program Files (x86)\MAGIX\Xtreme_Photo_Designer_6\XPD.exe
O4 - Global Startup: C:\Users\Alain  Riendeau\Desktop\« BonPatron » correcteur.url . (...)  -- C:\Users\Alain  Riendeau\Desktop\« BonPatron » correcteur.url
O4 - GS\Desktop: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\uTorrent.exe 
~ Global Startup:  Scanned in 00mn 00s



---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Envoyer à OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll
O9 - Extra button: Notes &liées OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BEF6BF0-352A-4351-BFD5-3FE2308FD5D9}: DhcpNameServer = 192.168.1.254 142.169.1.16
O17 - HKLM\System\CS1\Services\Tcpip\..\{8BEF6BF0-352A-4351-BFD5-3FE2308FD5D9}: DhcpNameServer = 192.168.1.254 142.169.1.16
O17 - HKLM\System\CS2\Services\Tcpip\..\{8BEF6BF0-352A-4351-BFD5-3FE2308FD5D9}: DhcpNameServer = 192.168.1.254 142.169.1.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 142.169.1.16
~ Domain:  Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- 
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Creative Audio Pack Licensing Service (Creative Audio Pack Licensing Service) . (.Creative Labs - System Level Service Utility.) - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\APLicensing.exe
O23 - Service:  (vToolbarUpdater15.0.0) . (.Pas de propriétaire - ToolbarU Application.) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe  =>Toolbar.AVGSearch
~ Services: 14 Legitimates Filtered in 00mn 02s



---\\ BootExecute (O34)
O34 - HKLM BootExecute: (autocheck autochk /r \??\E:) - File not found
O34 - HKLM BootExecute: (autocheck autochk /r \??\E:) - File not found
~ BEX: 4 Legitimates Filtered in 00mn 00s



---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Go for FilesUpdate] (...) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{01A9887F-63A6-4D04-B26A-592BF1BA2568}] (...) -- D:\AudPack_PCApp_LB_1_01_01.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{2F062051-D6E8-445C-9397-A4AEE43E64A9}] (...) -- C:\Program Files (x86)\Nero\KM\KwikMedia.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{2F18B8BA-0BF6-481D-A069-B2BF1BF102BC}] (...) -- D:\PCIe\LAN\Win7\setup.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{31DD5C11-B484-44A6-A208-3EAB43301DEE}] (...) -- C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{32F92936-0A7C-493A-8685-A205464D81A2}] (...) -- C:\Users\Alain  Riendeau\Desktop\PandoSetupNCI.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{4D313775-2993-4045-BA83-1FB241A70032}] (...) -- C:\Program Files (x86)\Nero\KM\KwikMedia.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{5D0B297A-3BD9-47EB-B998-F98946DF1A09}] (...) -- C:\Program Files (x86)\JetAudio\JetAudio.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{6285D823-5139-43DE-846C-EAB2FFC536E4}] (...) -- D:\LAN\RTL8169_8169S(B)_8110S(B)\setup.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{77D819C7-96B2-4E4B-BB52-4C190CE7E81D}] (...) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\AudioCS\CTAudCS.cpl" -c Audio Console (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{9BF417CF-D019-426F-8292-8D2607FA8E81}] (...) -- C:\Program Files (x86)\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{9C4E9850-0D16-4C60-9935-D6A73218E592}] (...) -- C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{C0860903-B1EE-41A2-B9CB-82D51EE0688B}] (...) -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.7.2\GUninstaller.exe (.not file.)   [0]  =>Toolbar.Babylon
[MD5.2A3F475153BF079C208F4AACA6DB63C1] [APT] [{CB277870-8661-4EE5-BF59-72755B9001B0}] (.MAGIX AG.) -- C:\Program Files (x86)\MAGIX\Music Maker 2013\MusicMaker.exe   [15418912]
[MD5.CAFB55AA463C6DF8802122838D50D2BB] [APT] [{D53F4943-02B3-4208-9DD5-2BAE3BD96DF0}] (.InstallShield Software Corporation.) -- C:\Program Files (x86)\InstallShield Installation Information\{8FAF844C-FFC0-41C6-BECB-DECB7435A7D8}\MTB\Setup\setup.exe   [116880]
[MD5.00000000000000000000000000000000] [APT] [{DA7E0D42-EB3A-4723-AD4D-4DF199D77E33}] (...) -- C:\Program Files (x86)\JetAudio\JetAudio.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{F892FE97-A8F3-41E6-B8C4-ABCAB3F17363}] (...) -- D:\ExpressCard\RTL81XXX\setup.exe (.not file.)   [0]
~ Scheduled Task: 25 Legitimates Filtered in 00mn 03s



---\\ Logiciels installés (O42)
O42 - Logiciel: Digital Video - (...) [HKLM][64Bits] -- {C833C7B6-1140-471D-932B-391B5CA66D7D}
O42 - Logiciel: Karaoke 5 ver. 40.33 - (.MediaSoft.) [HKLM][64Bits] -- Karaoke 5_is1
O42 - Logiciel: PCIe to Peripheral Adaptor - (...) [HKLM][64Bits] -- MosChip Semiconductor Technology Ltd
O42 - Logiciel: Pando - (.Pando Networks Inc..) [HKLM][64Bits] -- {AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}
O42 - Logiciel: Print Creations - (...) [HKLM][64Bits] -- {948A3F91-22EE-4E24-B4E0-BADB972357F4}
O42 - Logiciel: Watchtower Library 2012 - Français - (.Watchtower Bible and Tract Society of Pennsylvania, Inc..) [HKLM][64Bits] -- {429C765D-42CC-4F2A-A6CA-2737630E502A}
O42 - Logiciel: iMesh - (.iMesh Inc..) [HKLM][64Bits] -- {8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}  =>PUP.iMesh
O42 - Logiciel: µTorrent - (.BitTorrent Inc..) [HKLM][64Bits] -- uTorrent
~ Logic: 121 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\BitTorrent]
[HKCU\Software\Domain Tools]
[HKCU\Software\GoforFiles]
[HKCU\Software\KLC]
[HKCU\Software\MediaScience]
[HKCU\Software\Mixi.DJ]
[HKCU\Software\Protector]
[HKCU\Software\Watchtower]
[HKCU\Software\iMesh]  =>PUP.iMesh
[HKCU\Software\iTurbo]
[HKLM\Software\DomaIQ]
[HKLM\Software\Wow6432Node\Digital Video]
[HKLM\Software\Wow6432Node\GoforFiles]
[HKLM\Software\Wow6432Node\K5]
[HKLM\Software\Wow6432Node\KLC]
[HKLM\Software\Wow6432Node\WATCHTOWER]
[HKLM\Software\Wow6432Node\iMeshSRTB]  =>PUP.iMesh
[HKLM\Software\Wow6432Node\iMesh]  =>PUP.iMesh
[HKLM\Software\Wow6432Node\iNTERNET Turbo]
~ Key Software: 221 Legitimates Filtered in 00mn 00s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08-01-13 - 16:23:07 - [4,641] ----D C:\Program Files (x86)\Calendrier
O43 - CFD: 08-01-13 - 14:09:21 - [0,136] ----D C:\Program Files (x86)\Digital Video
O43 - CFD: 20-03-13 - 21:08:37 - [0] ----D C:\Program Files (x86)\Domain Tools
O43 - CFD: 23-04-13 - 12:50:33 - [0] ----D C:\Program Files (x86)\Easy Create Card 4.0
O43 - CFD: 10-12-12 - 18:16:44 - [0] ----D C:\Program Files (x86)\ExperimentalScene
O43 - CFD: 27-02-13 - 18:02:21 - [182,021] ----D C:\Program Files (x86)\Karaoke5
O43 - CFD: 12-03-13 - 12:02:30 - [411,683] ----D C:\Program Files (x86)\Watchtower
O43 - CFD: 17-04-13 - 23:53:12 - [0,004] ----D C:\ProgramData\C1A2
O43 - CFD: 26-02-13 - 01:11:22 - [0,079] ----D C:\ProgramData\iMesh  =>PUP.iMesh
O43 - CFD: 26-02-13 - 22:42:30 - [0] --H-D C:\ProgramData\{0419CFB1-1A0C-45EA-BA96-013307B12C54}
O43 - CFD: 20-01-13 - 14:46:31 - [0] ----D C:\Users\Alain  Riendeau\AppData\Roaming\ProjectWhois
O43 - CFD: 25-04-13 - 19:42:48 - [14,431] ----D C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent
O43 - CFD: 10-01-13 - 08:07:41 - [0] ----D C:\Users\Alain  Riendeau\AppData\Roaming\Watchtower
O43 - CFD: 21-04-13 - 22:52:33 - [355,493] ----D C:\Users\Alain  Riendeau\AppData\Local\ECC4
O43 - CFD: 21-04-13 - 22:19:13 - [0,000] ----D C:\Users\Alain  Riendeau\AppData\Local\ECC4_Config
O43 - CFD: 21-04-13 - 22:19:16 - [0,001] ----D C:\Users\Alain  Riendeau\AppData\Local\HardGames3D
O43 - CFD: 20-03-13 - 20:36:32 - [89,232] ----D C:\Users\Alain  Riendeau\AppData\Local\iMesh  =>PUP.iMesh
O43 - CFD: 12-01-13 - 14:45:36 - [0,100] ----D C:\Users\Alain  Riendeau\AppData\Local\Pando
~ Program Folder: 238 Legitimates Filtered in 00mn 59s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.B9657A0AFF28C1CB114ACC0CB93EE4BB] - 18-04-13 - 11:58:33 RSHAD . (.Windows (R) Win 7 DDK provider - Spyware Terminator 2012 driver.) -- C:\Windows\System32\Drivers\stflt.sys   [51496]
O44 - LFC:[MD5.E13F489F0B1E52319A86BDD996263F4B] - 25-04-13 - 07:14:38 ---A- . (...) -- C:\Windows\win.ini   [478]
~ Files: 67 Legitimates Filtered in 00mn 06s



---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.C6323EE29AFF6BCEFB4FA49D1A106084] - 25-04-13 - 12:23:36 ---A- - C:\Windows\Prefetch\PDAPP.EXE-0CD424B4.pf
O45 - LFCP:[MD5.107BE8B85F6C350B66805B2A90E88863] - 25-04-13 - 12:28:02 ---A- - C:\Windows\Prefetch\SWITCHBOARD.EXE-44EC7AA8.pf
O45 - LFCP:[MD5.CBA7E6E80787C61D5FD66844BDE7B702] - 25-04-13 - 18:43:10 ---A- - C:\Windows\Prefetch\CLD2000.EXE-7C31C147.pf
O45 - LFCP:[MD5.CB3B6CF28F6C3C3E2C7A8B608DFD81E5] - 25-04-13 - 18:43:10 ---A- - C:\Windows\Prefetch\UTORRENT.EXE-8D601355.pf
~ Prefetcher: 101 Legitimates Filtered in 00mn 00s



---\\ Opérations et fonctions au démarrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\Pando  [Key] . (.Pando Networks - pando.) -- C:\Program Files (x86)\Pando Networks\Pando\pando.exe
O53 - SMSR:HKLM\...\startupreg\ProjectWhois  [Key] . (...) -- C:\Program Files (x86)\Domain Tools\ProjectWhois\ProjectWhois.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\TrayServer  [Key] . (.Magix - Trayserver.) -- C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_17_Plus\Trayserver_FR.exe
~ SMSR Keys: 12 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Liste des Drivers Système (O58)
O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 13-07-09 - 20:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys   [491088]
O58 - SDL:[MD5.9CC1029D3B2238C58439D5C129EC1D12] - 24-12-10 - 14:57:54 R--A- . (...) -- C:\Windows\System32\WinIo64.sys   [14416]
O58 - SDL:[MD5.6CCD1135320109D6B219F1A6E04AD9F6] - 14-11-06 - 11:31:00 ---A- . (.Arcsoft, Inc. - Arcsoft(R) ASPI Shell.) -- C:\Windows\SysWOW64\drivers\afc.sys   [22784]
~ Drivers:  Scanned in 00mn 00s



---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 23-04-13 - 09:49:22 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\dlimagecache\195F8AFB7892FCF568932A37079D04ADFB6429C5   [10223]
O61 - LFC: 23-04-13 - 09:49:22 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\dlimagecache\EA6FF9EC658399A43F3CBDDB2F962B005AD84B80   [77904]
O61 - LFC: 23-04-13 - 11:48:36 ---A- C:\Users\Alain  Riendeau\AppData\Local\ECC4_Config\config.xml   [182]
O61 - LFC: 23-04-13 - 11:48:37 ---A- C:\Users\Alain  Riendeau\AppData\Local\ECC4\update.xml   [689]
O61 - LFC: 23-04-13 - 11:48:37 ---A- C:\Users\Alain  Riendeau\AppData\Local\HardGames3D\Easy_Create_Card_4.2.exe_Url_hunkzubqlnfrpmesizlcgdwkmv0onqzo\4.2.0.0\user.config   [849]
O61 - LFC: 23-04-13 - 15:06:56 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\dlimagecache\481A0258BCEBCA66B1A3F3F6E09F5D273C5CF381   [22551]
O61 - LFC: 23-04-13 - 16:38:46 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\dlimagecache\52900A1D843B25F5ACC7F9D790B7BCBA3A23EE3B   [65954]
O61 - LFC: 23-04-13 - 18:57:21 --HA- C:\Users\Alain  Riendeau\Documents\clipart.zdx   [45]
O61 - LFC: 23-04-13 - 18:57:21 --HA- C:\Users\Alain  Riendeau\Documents\clthumbs.zdx   [15864]
O61 - LFC: 23-04-13 - 19:22:23 ----- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\MICROSOFT.OFFICE.2010.VF.64.BIT.FRENCH.RETAIL.FINAL.BY.PARISIEN99.SMS.iso.torrent   [16147]
O61 - LFC: 23-04-13 - 20:24:16 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\Microsoft\Document Building Blocks\1036\14\Building Blocks.dotx   [41402]
O61 - LFC: 23-04-13 - 20:25:26 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\Microsoft\Templates\Normal.dotm   [20647]
O61 - LFC: 23-04-13 - 20:28:50 ---A- C:\Users\Alain  Riendeau\Documents\Blocs-notes OneNote\Guide de OneNote 2010\Ouvrir le bloc-notes.onetoc2   [5000]
O61 - LFC: 23-04-13 - 20:28:51 ---A- C:\Users\Alain  Riendeau\Documents\Blocs-notes OneNote\Guide de OneNote 2010\Guide OneNote.one   [1444976]
O61 - LFC: 23-04-13 - 20:28:51 -SHA- C:\Users\Alain  Riendeau\Documents\Blocs-notes OneNote\Bloc-notes personnel\OneNote Table Of Contents.onetoc2   [7736]
O61 - LFC: 23-04-13 - 20:28:51 -SHA- C:\Users\Alain  Riendeau\Documents\Blocs-notes OneNote\Bloc-notes professionnel\OneNote Table Of Contents.onetoc2   [7656]
O61 - LFC: 23-04-13 - 20:28:51 -SHA- C:\Users\Alain  Riendeau\Documents\Blocs-notes OneNote\Guide de OneNote 2007\OneNote Table Of Contents.onetoc2   [6384]*
O61 - LFC: 23-04-13 - 20:29:01 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat   [23752]
O61 - LFC: 23-04-13 - 22:43:52 ---A- C:\Users\Alain  Riendeau\Documents\Composition1.pub   [88064]
O61 - LFC: 24-04-13 - 09:30:15 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\dlimagecache\BF1246754F0D3B614B5FB0CB4BB0886EC83B449C   [21709]
O61 - LFC: 24-04-13 - 09:55:25 ---A- C:\Users\Alain  Riendeau\AppData\Local\GDIPFONTCACHEV1.DAT   [161632]
O61 - LFC: 24-04-13 - 17:48:54 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\Microsoft\Publisher\pubcmd14.dat   [851]
O61 - LFC: 24-04-13 - 20:56:19 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\Microsoft\Publisher Building Blocks\ContentStore.xml   [168]
O61 - LFC: 25-04-13 - 08:15:43 ---A- C:\Users\Alain  Riendeau\Documents\MAGIX\Movie_Edit_Pro_17_Plus\MovieShow Musiq..lnk   [1963]
O61 - LFC: 25-04-13 - 08:15:46 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\MAGIX\Movie_Edit_Pro_17_Plus\News Feed Info\MxNewsfeed.xml   [91]
O61 - LFC: 25-04-13 - 08:16:00 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\MAGIX\Movie_Edit_Pro_17_Plus\crm.dat   [800]
O61 - LFC: 25-04-13 - 08:16:01 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\MAGIX\Movie_Edit_Pro_17_Plus\layout\0_1.umly   [5894]
O61 - LFC: 25-04-13 - 08:16:01 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\MAGIX\Movie_Edit_Pro_17_Plus\layout\1_0.umly   [3226]
O61 - LFC: 25-04-13 - 08:16:01 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\MAGIX\Movie_Edit_Pro_17_Plus\layout\258_0.umly   [1880]
O61 - LFC: 25-04-13 - 08:16:01 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\MAGIX\Movie_Edit_Pro_17_Plus\layout\3_0.umly   [4614]
O61 - LFC: 25-04-13 - 11:59:12 ---A- C:\Users\Alain  Riendeau\AppData\Local\RadioSure\RadioSure.xml   [2489]
O61 - LFC: 25-04-13 - 12:25:56 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\dht.dat.old   [4196]
O61 - LFC: 25-04-13 - 12:25:56 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\rss.dat.old   [99]
O61 - LFC: 25-04-13 - 14:56:19 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\dlimagecache\AAD3307719AF3A637CA9E067C96F76EB21EE37A3   [30214]
O61 - LFC: 25-04-13 - 15:29:03 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\dlimagecache\3EA09BDBFA028B2B19F9C7CC1C8C8001A541E41E   [16980]
O61 - LFC: 25-04-13 - 17:43:03 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\dht_feed.dat.old   [2]
O61 - LFC: 25-04-13 - 17:44:21 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\resume.dat.old   [7621]
O61 - LFC: 25-04-13 - 17:46:52 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\dht.dat   [3546]
O61 - LFC: 25-04-13 - 17:46:52 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\dht_feed.dat   [2]
O61 - LFC: 25-04-13 - 17:46:52 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\rss.dat   [99]
O61 - LFC: 25-04-13 - 17:46:53 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\resume.dat   [7631]
O61 - LFC: 25-04-13 - 17:47:07 ---A- C:\Users\Alain  Riendeau\Documents\Calendrier Xtra\Jours.edb   [463128]
O61 - LFC: 25-04-13 - 18:42:38 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\settings.dat.old   [146869]
O61 - LFC: 25-04-13 - 18:42:48 ---A- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\settings.dat   [146845]
~ 57 Fichiers temporaires (Temporary files)
~ Files: 272 Legitimates Filtered in 00mn 53s



---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS:  Scanned in 00mn 00s



---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Search Browser Infection (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
~ Keys:  Scanned in 00mn 00s



---\\ Crack & Keygen Files (O82)
E:\Alain Éduc Câlin\TUNEUP UTI.. VIDÉO BOBO\TuneUp.Utilities.2011.v10.0.2020.10.Incl.Keygen.FRENCH-Lz0\TuneUpUtilities2011_fr-FR.exe
~ Files:  Scanned in 02mn 58s



---\\ Recherche particuliere à la racine de certains dossiers (O84)
[MD5.7FAB4A7DB8B6D18AF7D226710BB7FB2B] [SPRF][17-01-13] (...) -- C:\ProgramData\NTUser.dat   [262144]
[MD5.E1B1417C72774E918C8EE0AB44B4F7E7] [SPRF][25-04-13] (...) -- C:\Users\Alain  Riendeau\Desktop\adwcleaner.exe   [619461]
~ Files:  Scanned in 00mn 00s



---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{0444B6E8-A6DF-4DBC-BFAF-4711B6B13A71}" | In - Public - P6 - TRUE | .(.Pando Networks - pando.) -- C:\Program Files (x86)\Pando Networks\Pando\Pando.exe
O87 - FAEL: "{64DEFB72-3712-4603-B338-67606AB1FD4A}" | In - Public - P17 - TRUE | .(.Pando Networks - pando.) -- C:\Program Files (x86)\Pando Networks\Pando\Pando.exe
O87 - FAEL: "{DDD63CD9-9A9C-4978-83F6-198CA6B93AA1}" | In - None - P17 - TRUE | .(.Pando Networks - pando.) -- C:\Program Files (x86)\Pando Networks\Pando\Pando.exe
O87 - FAEL: "{7065889E-BBD6-4DB9-AD07-EE72AEEAE9BD}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\uTorrent.exe
O87 - FAEL: "{56045A3C-B3C2-45D1-8E13-9DF0F2A08E4F}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Alain  Riendeau\AppData\Roaming\uTorrent\uTorrent.exe
O87 - FAEL: "{7FFB52DF-5A45-41C6-B91A-5DDB514329EC}" |In - Domain - P6 - TRUE | .(...) -- C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe (.not file.)  =>PUP.iMesh
O87 - FAEL: "{2E0590FE-2264-420E-95B9-3A0E760ACAB0}" |In - Domain - P17 - TRUE | .(...) -- C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe (.not file.)  =>PUP.iMesh
O87 - FAEL: "{848751FB-02FB-4E7C-BE8D-DE8859148FAB}" |In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe (.not file.)  =>PUP.iMesh
O87 - FAEL: "{094CD228-E847-49F5-9B81-6B66B8A082B9}" |In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe (.not file.)  =>PUP.iMesh
O87 - FAEL: "TCP Query User{6483A37B-BFCF-40F2-8D80-7FDB54EE770C}C:\program files (x86)\imesh applications\imesh\imesh.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\imesh applications\imesh\imesh.exe (.not file.)  =>PUP.iMesh
O87 - FAEL: "UDP Query User{09766213-7F55-4A4D-A13F-C4D8FBDEAD3A}C:\program files (x86)\imesh applications\imesh\imesh.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\imesh applications\imesh\imesh.exe (.not file.)  =>PUP.iMesh
~ Firewall: 208 Legitimates Filtered in 00mn 00s



---\\ Scan Additionnel (O88)
Database Version : v2.11716 - (25-04-13)
Clés trouvées (Keys found) : 17
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 4
Fichiers trouvés  (Files found) : 0

[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4e42-A125-57C0A11DBCDE}]   =>PUP.iMesh
[HKLM\Software\Classes\Interface\{69d3f709-9de2-479f-980f-532d46895703}]   =>Adware.BHO
[HKLM\Software\Wow6432Node\Classes\Interface\{69d3f709-9de2-479f-980f-532d46895703}]   =>Adware.BHO
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}]   =>PUP.iMesh
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}]   =>Toolbar.Agent
[HKLM\Software\Classes\TypeLib\{ec96f516-51b2-4b46-8451-8665f5a6ba2b}]   =>Adware.BHO
[HKLM\Software\Classes\TypeLib\{f07fbd3e-2048-44a4-9065-71bf551e2672}]   =>PUP.iMesh
[HKLM\Software\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}]   =>PUP.iMesh
[HKLM\Software\Wow6432Node\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}]   =>PUP.iMesh
[HKLM\Software\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}]   =>PUP.iMesh
[HKLM\Software\Wow6432Node\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}]   =>PUP.iMesh
[HKLM\Software\Classes\AppID\iMesh.exe]   =>PUP.iMesh
[HKCU\Software\iMesh]   =>PUP.iMesh
[HKLM\Software\Wow6432Node\iMesh]   =>PUP.iMesh
[HKCU\Software\Protector]   =>PUP.AdvancedSystemProtector
[HKLM\Software\Wow6432Node\iMeshSRTB]   =>PUP.iMesh
[HKCU\Software\Mixi.DJ]   =>Toolbar.MixiDJ
C:\Program Files (x86)\Common Files\AVG Secure Search   =>Toolbar.AVGSearch
C:\ProgramData\iMesh   =>PUP.iMesh
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh   =>PUP.iMesh
C:\Users\Alain  Riendeau\AppData\Local\iMesh   =>PUP.iMesh
~ Additionnel Scan: 287657 Items scanned in 00mn 13s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 18-03-10 113152 |  (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SS - | Disabled 18-12-12 65192 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 22-04-13 256904 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 28-09-10 203264 |  (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 15-11-12 5814904 |  (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
SR - | Auto 22-10-12 196664 |  (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
SS - | Demand 08-01-13 79360 |  (Creative Audio Engine Licensing Service) . (.Creative Labs.) - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
SR - | Auto 29-10-12 72704 |  (Creative Audio Pack Licensing Service) . (.Creative Labs.) - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\APLicensing.exe
SR - | Disabled 24-05-11 1840128 |  (Fabs) . (.MAGIX AG.) - C:\Program Files (x86)\Common Files\MAGIX Services\Database_188e94d\bin\FABS.exe
SS - | Demand 26-04-11 2702848 |  (FirebirdServerMAGIXInstance) . (.MAGIX®.) - C:\Program Files (x86)\Common Files\MAGIX Services\Database_188e94d\bin\fbserver.exe
SS - | Demand 04-04-05 69632 |  (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Disabled 04-03-11 73728 |  (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 20-12-10 325656 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 04-04-13 418376 |  (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04-04-13 701512 |  (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 12-04-13 115608 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 28-02-13 161384 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 03-04-13 1149104 |  (ST2012_Svc) . (.Crawler.com.) - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
SS - | Demand 19-02-10 517096 |  (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 31-01-13 2402080 |  (TuneUp.UtilitiesSvc) . (.TuneUp Software.) - C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
SR - | Auto 18-01-12 450848 |  (UMVPFSrv) . (.Logitech Inc..) - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
SR - | Auto 20-12-10 2656280 |  (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SS - | Demand 13-07-09 27136 | C:\Windows\System32\uxtuneup.dll (UxTuneUp) . (.TuneUp Software.) - C:\Windows\System32\svchost.exe
SR - | Auto  990896 |  (vToolbarUpdater15.0.0) . (...) - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe  =>Toolbar.AVGSearch
SS - | Demand 13-07-09 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand  0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 13-07-09 27136 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 00s



---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Alain  Riendeau at 25-04-13 19:51:23

device: opened successfully
user: error reading MBR 

Disk trace:
error: Read  Descripteur non valide
kernel: error reading MBR 
~ MBR: 9 Legitimates Filtered in 00mn 02s



---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Alain  Riendeau at 25-04-13 19:51:25

********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 04s



~ 1639 Legitimates filtered by white list
End of the scan (625 lines in 07mn 16s)(1)