Publicité
Publicité
Format du document : text/plain
Prévisualisation
Rapport de ZHPDiag v2013.6.6.10 par Nicolas Coolman, Update du 06/06/2013
Run by Anick at 06/06/2013 20:10:22
WebSite: http://nicolascoolman.webs.com
State :
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16576
MFIE: Mozilla Firefox 21.0 (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 5
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
AVG 2013 v13.0.3343
Malwarebytes Anti-Malware version 1.75.0.1300
Panda Internet Security 2013 v18.00.01
Windows Defender W7
---\\ System Optimizer
CCleaner v4.02 =>Piriform Ltd
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 21
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1791 MB (37% free)
System Restore: Activ� (Enable)
System drive C: has 141 GB (62%) free of 228 GB
---\\ Logged in mode
~ Computer Name: PC-DE-ANICK
~ User Name: Anick
~ All Users Names: Liliclochette, Anick, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Anick\AppData\Roaming\
~ %Desktop% : C:\Users\Anick\Desktop\Desktop\
~ %Favorites% : C:\Users\Anick\dwhelper\Favorites\
~ %LocalAppData% : C:\Users\Anick\AppData\Local\
~ %StartMenu% : C:\Users\Anick\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 141 Go of 228 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 218 Go of 228 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Free 1 Go of 1 Go)
L:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
O:\ Hard drive, Flash drive, Thumb drive (Free 588 Go of 932 Go)
---\\ Security Center & Tools Informations
~ Security Center: 38 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.5ABB3F36AF17007F33FA275E96A2C95E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.05/04/2013 - 06:28:24.) -- C:\Windows\System32\wininet.dll [1767424]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 22:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/127
~ Mes musiques (My Musics) : 1/92
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/40
~ Mes Documents (My Documents) : 1/950
~ Mon Bureau (My Desktop) : 1/119229
~ Menu demarrer (Programs) : 1/54
~ Hidden Files: Scanned in 00mn 56s
---\\ Processus lanc�s
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3768]
[MD5.F3B864BF39CDB3A71F2774DD02FC1090] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4390912] [PID.6548]
[MD5.44DEB3D86883C91621956C2C65EB7853] - (.Creative Technology Ltd. - Live! Cam Console Auto Launcher.) -- C:\Windows\V0470Mon.exe [32768] [PID.6604]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.6920]
[MD5.3D24A66867ECE2A70223A83A1B18248D] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2013\avgui.exe [4408368] [PID.7028]
[MD5.966511572EB360D49D9BD95FC0F0F35D] - (.Zemana Ltd. - Zemana AntiLogger User Interface.) -- C:\Program Files\AntiLogger\AntiLogger.exe [16866728] [PID.7688]
[MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.21648]
[MD5.4B54D0C57B9E2E13FD416502CEA11CB8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7463936] [PID.33592]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Anick\AppData\Roaming\Mozilla\Firefox\Profiles\6ejitbmq.default\prefs.js
M3 - MFPP: Plugins - [Anick] -- C:\Users\Anick\AppData\Roaming\Mozilla\Firefox\Profiles\6ejitbmq.default\searchplugins\livecom.xml
M2 - MFEP: prefs.js [Anick - 6ejitbmq.default\50b4d3607af86@50b4d3607afbf.com] [] Download and Sa v7.1 (..)
M2 - MFEP: prefs.js [Anick - 6ejitbmq.default\{3ffb7be0-8bde-11de-8a39-0800200c9a66}] [] Purple Fox v20.0.10.04.13 (..)
P2 - FPN:Firefox Plugin Navigator . (.BitComet - BitCometAgent v1.23 for Firefox.) -- C:\Program Files\Mozilla Firefox\Plugins\npBitCometAgent.dll =>P2P.BitComet
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - 1.9.0042.0.) -- C:\Program Files\Mozilla Firefox\Plugins\npLegitCheckPlugin.dll
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (.Pas de propri�taire - Provides additional functionality on Facebook. See ~ IE Browser: 14 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 25
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Acer eDataSecurity Management - [HKLM]{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} . (.HiTRUST - eDStoolbar Module.) -- C:\Windows\system32\eDStoolbar.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe
O4 - HKLM\..\Run: [V0470Mon.exe] . (.Creative Technology Ltd. - Live! Cam Console Auto Launcher.) -- C:\Windows\V0470Mon.exe
O4 - HKLM\..\Run: [Adobe ARM] . (...) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst� Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [AMD AVT] . (.Microsoft Corporation - Interpr�teur de commandes Windows.) -- C:\Windows\System32\Cmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2013\avgui.exe
O4 - HKLM\..\Run: [AntiLogger] . (.Zemana Ltd. - Zemana AntiLogger User Interface.) -- C:\Program Files\AntiLogger\AntiLogger.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: OpenOffice.org 3.3.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - GS\QuickLaunch: Panda Internet Security 2013.lnk . (...) -- C:\Program Files\Panda Security\Panda Internet Security 2013\Iface.exe (.not file.)
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: Driver Cleaner Pro.lnk . (...) -- C:\Program Files\Driver Cleaner Pro\DCleaner.exe (.not file.)
O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop: Notepad.lnk . (.Don HO don.h@free.fr - Notepad++ : a free (GNU) source code editor.) -- C:\Program Files\Notepad++\notepad++.exe
O4 - GS\Desktop: OpenOffice.org.lnk . (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Programs: Microsoft SkyDrive.lnk . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Anick\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - GS\Programs: Update Checker.lnk . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
O4 - Global Startup: C:\Users\Anick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Aller sur MSN.fr.url . (...) -- C:\Users\Anick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Aller sur MSN.fr.url
O4 - GS\QuickLaunch: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- C:\Program Files\Glary Utilities\Integrator.exe
O4 - GS\QuickLaunch: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: jetAudio.lnk . (.JetAudio, Inc. - jetAudio.) -- C:\Program Files\JetAudio\JetAudio.exe
O4 - GS\QuickLaunch: MediaMonkey.lnk . (.Ventis Media Inc. - MediaMonkey.) -- C:\Program Files\MediaMonkey\MediaMonkey.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Windows Live Messenger.lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - GS\SendTo: Unlocker.lnk . (...) -- C:\Program Files\Unlocker\Unlocker.exe
O4 - GS\Desktop: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>Piriform Ltd
O4 - GS\Desktop: Corbeille - Raccourci.lnk - Cl� orpheline
O4 - GS\Desktop: Desktop.lnk . (...) -- C:\Users\Public\Documents
O4 - GS\Desktop: Notepad++.lnk . (.Don HO don.h@free.fr - Notepad++ : a free (GNU) source code editor.) -- C:\Program Files\Notepad++\notepad++.exe
O4 - GS\Desktop: Windows Live Messenger (2).lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - GS\Desktop: Windows Live Messenger .lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
~ Global Startup: Scanned in 00mn 01s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: (no name) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} ((no name)) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{169CEE27-4969-46D2-AB0F-0C9722446995}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{169CEE27-4969-46D2-AB0F-0C9722446995}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{169CEE27-4969-46D2-AB0F-0C9722446995}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: avldr . (...) -- avldr.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) . (...) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acer HomeMedia Connect Service (Acer HomeMedia Connect Service) . (.CyberLink - CLMSServer.) - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: eDSService.exe (eDataSecurity Service) . (.HiTRSUT - eDataSecurity Service.) - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) . (.Acer Inc. - eRecoveryService.) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 20 Legitimates Filtered in 00mn 16s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\OptimizerProUpdaterTask{F12180C7-3FBC-4656-B8F0-1037E05226B7}.job [406] =>PUP.OptimizerPro
[MD5.00000000000000000000000000000000] [APT] [OptimizerProUpdaterTask{F12180C7-3FBC-4656-B8F0-1037E05226B7}] (...) -- C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe (.not file.) [0] =>PUP.OptimizerPro
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.) [0] =>Toolbar.Ask
[MD5.00000000000000000000000000000000] [APT] [YourFile Update] (...) -- C:\Program Files\YourFileDownloader\YourFileUpdater.exe (.not file.) [0] =>PUP.YourFileDownloader
[MD5.00000000000000000000000000000000] [APT] [{0B4322C0-2A3E-4603-A0E6-991F1DD79902}] (...) -- L:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{32CFB9F8-0518-41E3-BAC3-EC73CD3FBAE2}] (...) -- C:\Program Files\Mega Bloc Notes\desinstall.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{33D1502A-7596-46F2-99DB-66908331960A}] (...) -- C:\Users\Anick\Downloads\HiJackThis.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{91AC181B-71CF-4DA5-AEF6-F5BFBE428715}] (...) -- C:\Program Files\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A62D5FE7-C2FE-41BA-A869-13BAA9EF7137}] (...) -- C:\Program Files\7-Zip\Uninstall.exe (.not file.) [0]
~ Scheduled Task: 24 Legitimates Filtered in 01mn 55s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (AntiLog32) . (.Zemana Ltd. - Zemana AntiLogger Driver.) - C:\Windows\system32\drivers\AntiLog32.sys
~ Drivers: 81 Legitimates Filtered in 00mn 15s
---\\ Logiciels install�s (O42)
O42 - Logiciel: ESSPDock - (.Nom de votre soci�t�.) [HKLM] -- {FCDB1C92-03C6-4C76-8625-371224256091}
O42 - Logiciel: Falsh Player 10 - (...) [HKLM] -- {4C5F4B75-32D1-472B-90DF-26A3181D7597}_is1
~ Logic: 154 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\3D Wild Dolphin Screensaver]
[HKCU\Software\IncrediMail]
[HKCU\Software\Wedding Album Maker Gold]
[HKCU\Software\simonpepito]
[HKCU\Software\wscontb]
[HKLM\Software\Mitac]
[HKLM\Software\megablocnote]
~ Key Software: 300 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 27/11/2012 - 03:42:02 - [2,801] ----D C:\Program Files\BonkEnc
O43 - CFD: 27/11/2012 - 03:42:24 - [0,403] ----D C:\Program Files\DNA
O43 - CFD: 27/11/2012 - 03:45:22 - [0,667] ----D C:\Program Files\FP
O43 - CFD: 08/01/2013 - 12:45:39 - [0,000] ----D C:\Program Files\Supercow
O43 - CFD: 27/11/2012 - 03:48:05 - [0,000] ----D C:\Program Files\SynthPronosPlusSha
O43 - CFD: 27/11/2012 - 03:48:21 - [59,379] ----D C:\Program Files\Wedding Album Maker Gold
O43 - CFD: 27/11/2012 - 03:48:31 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 30/05/2013 - 16:20:56 - [26,025] --H-D C:\ProgramData\{3D3D405B-A26F-46DE-8E42-8BCC08AC2C4B}
O43 - CFD: 27/11/2012 - 03:49:29 - [0,552] --H-D C:\ProgramData\~1
O43 - CFD: 27/11/2012 - 04:02:13 - [0,001] ----D C:\Users\Anick\AppData\Roaming\#Hf
O43 - CFD: 27/11/2012 - 04:02:16 - [0,995] ----D C:\Users\Anick\AppData\Roaming\Aveyond 3
O43 - CFD: 27/11/2012 - 04:02:16 - [0,341] ----D C:\Users\Anick\AppData\Roaming\BitComet =>P2P.BitComet
O43 - CFD: 27/11/2012 - 04:02:16 - [0,006] ----D C:\Users\Anick\AppData\Roaming\BonkEnc
O43 - CFD: 27/11/2012 - 04:02:18 - [0,001] ----D C:\Users\Anick\AppData\Roaming\CometPlayer
O43 - CFD: 26/12/2011 - 10:36:46 - [0] ----D C:\Users\Anick\AppData\Roaming\lang
O43 - CFD: 27/11/2012 - 04:02:43 - [0,007] ----D C:\Users\Anick\AppData\Roaming\Pi Eye Games
O43 - CFD: 30/11/2012 - 11:29:55 - [0,329] ----D C:\Users\Anick\AppData\Roaming\Wedding Album Maker
O43 - CFD: 27/11/2012 - 04:02:48 - [0,001] ----D C:\Users\Anick\AppData\Roaming\Woozworld.2AB110D612309D36CC287D3596C3A64DA1EE9210.1
O43 - CFD: 27/11/2012 - 04:00:17 - [-1703,113] ----D C:\Users\Anick\AppData\Local\Ares
O43 - CFD: 27/11/2012 - 04:00:26 - [0,610] ----D C:\Users\Anick\AppData\Local\eSupport.com =>Rogue.RegistryWizard
O43 - CFD: 27/11/2012 - 04:00:30 - [6,711] ----D C:\Users\Anick\AppData\Local\IM
O43 - CFD: 27/11/2012 - 04:01:44 - [0,001] ----D C:\Users\Anick\AppData\Local\Pirate
O43 - CFD: 01/04/2011 - 15:58:17 - [0] ----D C:\Users\Anick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\La Poste
O43 - CFD: 15/06/2011 - 21:26:17 - [0] ----D C:\Users\Anick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Supercow
O43 - CFD: 27/11/2012 - 04:02:28 - [0,004] ----D C:\Users\Anick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wedding Album Maker Gold
~ Program Folder: 387 Legitimates Filtered in 00mn 20s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.30CD54C2A4212D776CE57A6E8F67DC96] - 06/06/2013 - 17:26:56 ---A- . (...) -- C:\Windows\ntbtlog.txt [151522]
O44 - LFC:[MD5.4240992C33A949CB7C8E5642AFCA3492] - 05/06/2013 - 14:02:03 ---A- . (...) -- C:\UsbFix [Clean 2] PC-DE-ANICK.txt [9950]
O44 - LFC:[MD5.13F15C7B58571B8B0F4CCD5FE7EA62E5] - 05/06/2013 - 13:59:06 ----- . (...) -- C:\UsbFix [Scan 4] PC-DE-ANICK.txt [3699]
O44 - LFC:[MD5.B7E98A5F4DC40E05D1EBB073FD832D47] - 04/06/2013 - 12:20:27 ----- . (...) -- C:\UsbFix [Clean 1] PC-DE-ANICK.txt [4443]
O44 - LFC:[MD5.D6B45EA0258066159F18DF02F2E373C2] - 04/06/2013 - 12:19:25 ----- . (...) -- C:\UsbFix [Scan 3] PC-DE-ANICK.txt [5482]
O44 - LFC:[MD5.798F9F407BE82F6AC1FAD668607AFD67] - 04/06/2013 - 11:59:10 ----- . (...) -- C:\UsbFix [Scan 2] PC-DE-ANICK.txt [5593]
O44 - LFC:[MD5.460023AC6C3E079344A4F625D4FE6370] - 04/06/2013 - 11:17:53 ----- . (...) -- C:\UsbFix [Scan 1] PC-DE-ANICK.txt [5535]
O44 - LFC:[MD5.D4D9E640862D7748F8F0D986C0E0DC9A] - 30/05/2013 - 15:20:58 ---A- . (.Zemana Ltd. - Zemana AntiLogger Driver.) -- C:\Windows\System32\Drivers\AntiLog32.sys [80104]
~ Files: 18 Legitimates Filtered in 00mn 28s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.804E556BB2794C49A60B7DAD2800EA1A] - 04/06/2013 - 12:43:57 ---A- - C:\Windows\Prefetch\GO.EXE-0A7DE786.pf
O45 - LFCP:[MD5.791E1BBB81B176346A057D830BF30B33] - 04/06/2013 - 12:57:15 ---A- - C:\Windows\Prefetch\MBRWRWIN.EXE-2144233B.pf
O45 - LFCP:[MD5.560E80F58EE7BC7561F4239BDD67B1DB] - 04/06/2013 - 17:02:10 ---A- - C:\Windows\Prefetch\MKV.EXE-6EC3DB31.pf
O45 - LFCP:[MD5.4E8DDC1BDFFD406E0B15549B9357A42A] - 05/06/2013 - 16:46:32 ---A- - C:\Windows\Prefetch\MEDIAMONKEYCOM.EXE-48DF8DA7.pf
O45 - LFCP:[MD5.792E55BCF27F7629D3BD0206A2E4DC0F] - 06/06/2013 - 18:55:34 ---A- - C:\Windows\Prefetch\KDBSYNC.EXE-FEEAE65E.pf
O45 - LFCP:[MD5.F77DF278309CC5A771B42A8B29993D72] - 06/06/2013 - 18:55:43 ---A- - C:\Windows\Prefetch\V0470MON.EXE-B4C86809.pf
O45 - LFCP:[MD5.BEDD33A3946E510635BAEDB3A10AB371] - 06/06/2013 - 18:55:45 ---A- - C:\Windows\Prefetch\ANTILOGGER.EXE-EDF2E5FE.pf
O45 - LFCP:[MD5.7E2B3CE8AD688B42AC0607792E3B2740] - 28/05/2013 - 17:35:04 ---A- - C:\Windows\Prefetch\PROCMGR.EXE-57DDAE67.pf
O45 - LFCP:[MD5.965F7A2B52618C96F5A1E5E1A157B4AC] - 30/05/2013 - 15:20:42 ---A- - C:\Windows\Prefetch\ZEMANA_ANTILOGGER_1.9.3.454.E-6AB5B00C.pf
O45 - LFCP:[MD5.A5F9AC9ACB4BC5A2A402CBCB55A2F2B7] - 30/05/2013 - 15:20:49 ---A- - C:\Windows\Prefetch\ANTILOGGER.EXE-A1B534BF.pf
O45 - LFCP:[MD5.154C9D053C0BC4F6F334B2E030897DCF] - 30/05/2013 - 15:21:45 ---A- - C:\Windows\Prefetch\KEYGEN_ZEMANA_ANTILOGGER_1.9.-1F5BB6FE.pf
O45 - LFCP:[MD5.8A89F19ACEFA354CA0838EA5D127EF58] - 30/05/2013 - 20:56:32 ---A- - C:\Windows\Prefetch\NSE570.TMP-5C3C84C5.pf
O45 - LFCP:[MD5.19694D87F44B1D982F4C4F4EFD95C675] - 30/05/2013 - 20:56:32 ---A- - C:\Windows\Prefetch\NSEC98.TMP-B1505375.pf
~ Prefetcher: 138 Legitimates Filtered in 00mn 00s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Cl� orpheline
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\MegakeyUpdater [Key] . (...) -- C:\Users\Anick\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe (.not file.)
~ SMSR Keys: 25 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "HonorAutoRunSetting"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=0
~ MWPE Keys: 17 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 04/06/2013 - 11:14:15 ---A- C:\Users\Anick\AppData\Local\Zemana\ZALSDK\Blobs.db [510]
O61 - LFC: 05/06/2013 - 14:03:05 ---A- C:\Users\Anick\tennis 2013.txt [9950]
O61 - LFC: 06/06/2013 - 18:27:36 ---A- C:\Users\Anick\AppData\Local\Zemana\ZALSDK\threats.zdb [3729536]
O61 - LFC: 06/06/2013 - 19:05:22 ---A- C:\Users\Anick\AppData\Local\Zemana\ZALSDK\samples.zdb [1051]
~ 10 Fichiers temporaires (Temporary files)
~ Files: 31 Legitimates Filtered in 00mn 56s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - SosVirus.org.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [Anick - 6ejitbmq.default] user_pref("extensions.helperbar.DockingPositionDown", false);
O69 - SBI: prefs.js [Anick - 6ejitbmq.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] Live Search - (Live Search) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {02F1D67D-F8FB-47CF-B7F0-EBCD6A07C2C6} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-1111-472f-A0FF-E1416B8B2EAA} - (Search) - http://www.pucuy.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {AB85108A-7723-4B6D-BAA4-875AD5E04CD6} - (WhiteSmoke US New Customized Web Search) - http://search.conduit.com =>PUP.WhiteSmoke
O69 - SBI: SearchScopes [HKCU] {BFC73B0C-7420-43E5-8D44-F8FCD22E8A38} - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {C5717A24-E901-4A94-BF62-CDA5ABE2027A} - ((search.live.com) Live Search) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {E4286D06-B96B-443A-B293-6455ED5FA75E} - (Yahoo! Search) - http://fr.search.yahoo.com
~ Keys: Scanned in 00mn 00s
---\\ Crack & Keygen Files (O82)
C:\Users\Anick\Downloads\Keygen_Zemana_AntiLogger_1.9.x.xxx_-_SND.exe
C:\Users\Anick\Downloads\Keygen_Zemana_AntiLogger_1.9.x.xxx_-_SND.exe
~ Files: Scanned in 01mn 13s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.D21896C3CD4BE9CCDC88BCED166B58F5] [SPRF][15/04/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.90086F77F7D4113A7E7C63D910699E39] [SPRF][14/05/2011] (...) -- C:\Users\Anick\AppData\Roaming\Anicklog.dat [1243]
[MD5.E152C2E083BB18DF3770DE4040E3F391] [SPRF][09/10/2011] (...) -- C:\Users\Anick\AppData\Roaming\SetValue.bat [35]
[MD5.806C402AB92F481AF77B4E4C7D23E439] [SPRF][09/03/2011] (...) -- C:\Users\Anick\AppData\Roaming\Sys2662.Config.Repository.bin [22]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][12/03/2008] (...) -- C:\Users\Anick\AppData\Roaming\wklnhst.dat [0]
[MD5.0A90C8A3F94564E7EAF541981EAFA52A] [SPRF][06/06/2013] (...) -- C:\Users\Anick\Desktop\Desktop\adwcleaner.exe [632031]
[MD5.121F4ED4AD27877A9CCCC5D56BDF156D] [SPRF][03/06/2013] (...) -- C:\Users\Anick\Desktop\Desktop\MKV.exe [388227]
[MD5.04247E26DC344937A535CA9C7AB0B597] [SPRF][19/01/2011] (...) -- C:\Program Files\setup.exe [475016]
[MD5.E802BAF0B20CCCA90EC32D1D7D0BA05A] [SPRF][16/10/2009] (.NHN Corporation - ChannelingPluginforReactor Dynamic Linking Library.) -- C:\Windows\Downloaded Program Files\ChannelingPluginforReactor.dll [65536]
[MD5.9956CB0A1A1C8886A956EFAA3BBD6FF0] [SPRF][10/11/2009] (.Pas de propri�taire - ijji Optimizer Application.) -- C:\Windows\Downloaded Program Files\ijjiOptimizer.exe [811008]
[MD5.F5274D356DB9259A6904C98F65F8D1AE] [SPRF][21/12/2009] (.NHN USA.Inc - ijji.com.) -- C:\Windows\Downloaded Program Files\ijjiPCPlugin.dll [204560]
[MD5.4B0C612F9878234885D0058EE3C59A88] [SPRF][10/11/2009] (.PC Pitstop LLC - PC Pitstop ActiveX Control 2.) -- C:\Windows\Downloaded Program Files\PCPitstop2.dll [381664]
~ Files: Scanned in 00mn 00s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{602E7204-E3F3-4B6E-9DD6-ED59C9E62FB2}" | In - Public - P17 - TRUE | .(.Acer Inc. - Acer Empowering Techonology Framework Launcher.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
O87 - FAEL: "{FAC52499-1DF8-4F4B-A548-475E6E8A556C}" | In - Public - P6 - TRUE | .(.Acer Inc. - Acer Empowering Techonology Framework Launcher.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
O87 - FAEL: "UDP Query User{3AB5DCAD-2F22-4904-8DA0-0CAC8D49CE52}C:\program files\sightspeed\sightspeed.exe" | In - Public - P17 - TRUE | .(.SightSpeed Inc. - SightSpeed.) -- C:\program files\sightspeed\sightspeed.exe
O87 - FAEL: "TCP Query User{6D348608-7440-4D2F-8380-91B0C2094D9C}C:\program files\sightspeed\sightspeed.exe" | In - Public - P6 - TRUE | .(.SightSpeed Inc. - SightSpeed.) -- C:\program files\sightspeed\sightspeed.exe
O87 - FAEL: "{D585109C-A3E9-47A0-B1F8-BEF827E9F6D7}" | In - None - P6 - TRUE | .(.Pas de propri�taire - DVAX2Process MFC Application.) -- C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe
~ Firewall: 233 Legitimates Filtered in 00mn 01s
---\\ Scan Additionnel (O88)
Database Version : v2.12397 - (06/06/2013)
Cl�s trouv�es (Keys found) : 5
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 1
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Microsoft\Tracing\YourFile_RASAPI32] =>PUP.YourFileDownloader
[HKLM\Software\Microsoft\Tracing\YourFileUpdater_RASAPI32] =>PUP.YourFileDownloader
[HKLM\Software\Microsoft\Tracing\YourFileUpdater_RASMANCS] =>PUP.YourFileDownloader
[HKCU\Software\wscontb] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181110}] =>PUP.CrossRider
C:\Users\Anick\AppData\Local\eSupport.com =>Rogue.RegistryWizard
~ Additionnel Scan: 285092 Items scanned in 00mn 24s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "9888910D6677B424BA181FF6E8DDEF4F" . (.Facemoods.) -- C:\Windows\Installer\{D0198889-7766-424B-AB81-F16F8EDDFEF4}\ARPPRODUCTICON.exe =>Adware.Facemoods
~ Update Products: 164 Legitimates Filtered in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 113152 | (ACDaemon) . (...) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 04/04/2007 266343 | (Acer HomeMedia Connect Service) . (.CyberLink.) - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
SR - | Auto 28672 | (AcerMemUsageCheckService) . (...) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
SR - | Auto 65192 | (AdobeARMservice) . (...) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 17/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 29/12/2011 497496 | (AdvancedSystemCareService5) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
SR - | Auto 04/07/2012 217088 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 10/04/2013 1428472 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2013\avgfws.exe
SR - | Auto 13/05/2013 4937264 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2013\avgidsagent.exe
SR - | Auto 18/04/2013 283136 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 06/02/2007 457512 | (eDataSecurity Service) . (.HiTRSUT.) - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
SR - | Auto 03/07/2007 53248 | (eRecoveryService) . (.Acer Inc..) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
SR - | Auto 07/09/2012 1828496 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
SS - | Auto 61440 | (LightScribeService) . (...) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 24/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 14/12/2012 1522912 | (PDF Architect Helper Service) . (.pdfforge GbR.) - C:\Program Files\PDF Architect\HelperService.exe
SR - | Auto 14/12/2012 906464 | (PDF Architect Service) . (.pdfforge GbR.) - C:\Program Files\PDF Architect\ConversionService.exe
SR - | Auto 143360 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SS - | Auto 19/04/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Anick at 06/06/2013 20:17:48
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8509E1F8]<<
1 ntkrnlpa!IofCallDriver[0x8304ABC5] >> \Device\Harddisk0\DR0[0x85F36510]
\Driver\atapi[0x85DC0D70] >> IRP_MJ_CREATE >> 0x8509E1F8
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Anick at 06/06/2013 20:17:50
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 1779 Legitimates filtered by white list
End of the scan (572 lines in 07mn 28s)(2)
Run by Anick at 06/06/2013 20:10:22
WebSite: http://nicolascoolman.webs.com
State :
WhiteList : Enable
High Elevated Privileges : OK
UAC : Activate by user
---\\ Web Browser
MSIE: Internet Explorer v10.0.9200.16576
MFIE: Mozilla Firefox 21.0 (Defaut)
---\\ Windows Product Information
~ Langage: Fran�ais
Windows 7 Home Premium Edition, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 5
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System Protection
AVG 2013 v13.0.3343
Malwarebytes Anti-Malware version 1.75.0.1300
Panda Internet Security 2013 v18.00.01
Windows Defender W7
---\\ System Optimizer
CCleaner v4.02 =>Piriform Ltd
---\\ Peer To Peer (P2P)
---\\ Software Update
Adobe Flash Player 11 Plugin
Adobe Reader XI
Java 7 Update 21
---\\ System Information
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1791 MB (37% free)
System Restore: Activ� (Enable)
System drive C: has 141 GB (62%) free of 228 GB
---\\ Logged in mode
~ Computer Name: PC-DE-ANICK
~ User Name: Anick
~ All Users Names: Liliclochette, Anick, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\Anick\AppData\Roaming\
~ %Desktop% : C:\Users\Anick\Desktop\Desktop\
~ %Favorites% : C:\Users\Anick\dwhelper\Favorites\
~ %LocalAppData% : C:\Users\Anick\AppData\Local\
~ %StartMenu% : C:\Users\Anick\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 141 Go of 228 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 218 Go of 228 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ CD-ROM drive (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Free 1 Go of 1 Go)
L:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
O:\ Hard drive, Flash drive, Thumb drive (Free 588 Go of 932 Go)
---\\ Security Center & Tools Informations
~ Security Center: 38 Legitimates Filtered in 00mn 00s
---\\ Recherche particuli�re de fichiers g�n�riques
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 06:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de d�marrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.5ABB3F36AF17007F33FA275E96A2C95E] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.05/04/2013 - 06:28:24.) -- C:\Windows\System32\wininet.dll [1767424]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Application d�ouverture de session Windows.) (.20/11/2010 - 22:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioth�que de licences.) (.20/11/2010 - 22:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 22:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Pilote du syst�me de fichiers NT.) (.12/04/2013 - 14:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parall�le.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 22:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Pilote de clich� instantan� du volume.) (.20/11/2010 - 22:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cach�s (Cach�/Total)
~ Mes images (My Pictures) : 2/127
~ Mes musiques (My Musics) : 1/92
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/40
~ Mes Documents (My Documents) : 1/950
~ Mon Bureau (My Desktop) : 1/119229
~ Menu demarrer (Programs) : 1/54
~ Hidden Files: Scanned in 00mn 56s
---\\ Processus lanc�s
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.3768]
[MD5.F3B864BF39CDB3A71F2774DD02FC1090] - (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe [4390912] [PID.6548]
[MD5.44DEB3D86883C91621956C2C65EB7853] - (.Creative Technology Ltd. - Live! Cam Console Auto Launcher.) -- C:\Windows\V0470Mon.exe [32768] [PID.6604]
[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.6920]
[MD5.3D24A66867ECE2A70223A83A1B18248D] - (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2013\avgui.exe [4408368] [PID.7028]
[MD5.966511572EB360D49D9BD95FC0F0F35D] - (.Zemana Ltd. - Zemana AntiLogger User Interface.) -- C:\Program Files\AntiLogger\AntiLogger.exe [16866728] [PID.7688]
[MD5.95110A1C5A1D228AC1DDF6AB67D00BEB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.21648]
[MD5.4B54D0C57B9E2E13FD416502CEA11CB8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7463936] [PID.33592]
~ Processes Running: Scanned in 00mn 01s
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\Anick\AppData\Roaming\Mozilla\Firefox\Profiles\6ejitbmq.default\prefs.js
M3 - MFPP: Plugins - [Anick] -- C:\Users\Anick\AppData\Roaming\Mozilla\Firefox\Profiles\6ejitbmq.default\searchplugins\livecom.xml
M2 - MFEP: prefs.js [Anick - 6ejitbmq.default\50b4d3607af86@50b4d3607afbf.com] [] Download and Sa v7.1 (..)
M2 - MFEP: prefs.js [Anick - 6ejitbmq.default\{3ffb7be0-8bde-11de-8a39-0800200c9a66}] [] Purple Fox v20.0.10.04.13 (..)
P2 - FPN:Firefox Plugin Navigator . (.BitComet - BitCometAgent v1.23 for Firefox.) -- C:\Program Files\Mozilla Firefox\Plugins\npBitCometAgent.dll =>P2P.BitComet
P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - 1.9.0042.0.) -- C:\Program Files\Mozilla Firefox\Plugins\npLegitCheckPlugin.dll
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (.Pas de propri�taire - Provides additional functionality on Facebook. See ~ IE Browser: 14 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redirection du fichier Hosts (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 25
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Acer eDataSecurity Management - [HKLM]{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} . (.HiTRUST - eDStoolbar Module.) -- C:\Windows\system32\eDStoolbar.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Applications d�marr�es par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Windows\RtHDVCpl.exe
O4 - HKLM\..\Run: [V0470Mon.exe] . (.Creative Technology Ltd. - Live! Cam Console Auto Launcher.) -- C:\Windows\V0470Mon.exe
O4 - HKLM\..\Run: [Adobe ARM] . (...) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst� Control Center Launcher.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [AMD AVT] . (.Microsoft Corporation - Interpr�teur de commandes Windows.) -- C:\Windows\System32\Cmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [AVG_UI] . (.AVG Technologies CZ, s.r.o. - AVG User Interface.) -- C:\Program Files\AVG\AVG2013\avgui.exe
O4 - HKLM\..\Run: [AntiLogger] . (.Zemana Ltd. - Zemana AntiLogger User Interface.) -- C:\Program Files\AntiLogger\AntiLogger.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Application: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: OpenOffice.org 3.3.lnk . (...) -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - GS\QuickLaunch: Panda Internet Security 2013.lnk . (...) -- C:\Program Files\Panda Security\Panda Internet Security 2013\Iface.exe (.not file.)
O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - �diteur de caract�res priv�s.) -- C:\Windows\system32\eudcedit.exe
O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe
O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe
O4 - GS\Desktop: Driver Cleaner Pro.lnk . (...) -- C:\Program Files\Driver Cleaner Pro\DCleaner.exe (.not file.)
O4 - GS\Desktop: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop: Notepad.lnk . (.Don HO don.h@free.fr - Notepad++ : a free (GNU) source code editor.) -- C:\Program Files\Notepad++\notepad++.exe
O4 - GS\Desktop: OpenOffice.org.lnk . (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Programs: Microsoft SkyDrive.lnk . (.Microsoft Corporation - Microsoft SkyDrive.) -- C:\Users\Anick\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
O4 - GS\Programs: Update Checker.lnk . (.FileHippo.com - FileHippo.com Update Checker.) -- C:\Program Files\FileHippo.com\UpdateChecker.exe
O4 - Global Startup: C:\Users\Anick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Aller sur MSN.fr.url . (...) -- C:\Users\Anick\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Aller sur MSN.fr.url
O4 - GS\QuickLaunch: Glary Utilities.lnk . (.Glarysoft Ltd - Glary Utilities.) -- C:\Program Files\Glary Utilities\Integrator.exe
O4 - GS\QuickLaunch: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch: jetAudio.lnk . (.JetAudio, Inc. - jetAudio.) -- C:\Program Files\JetAudio\JetAudio.exe
O4 - GS\QuickLaunch: MediaMonkey.lnk . (.Ventis Media Inc. - MediaMonkey.) -- C:\Program Files\MediaMonkey\MediaMonkey.exe
O4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch: Windows Live Messenger.lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - GS\SendTo: Unlocker.lnk . (...) -- C:\Program Files\Unlocker\Unlocker.exe
O4 - GS\Desktop: CCleaner.lnk . (.Piriform Ltd - CCleaner.) -- C:\Program Files\CCleaner\CCleaner.exe =>Piriform Ltd
O4 - GS\Desktop: Corbeille - Raccourci.lnk - Cl� orpheline
O4 - GS\Desktop: Desktop.lnk . (...) -- C:\Users\Public\Documents
O4 - GS\Desktop: Notepad++.lnk . (.Don HO don.h@free.fr - Notepad++ : a free (GNU) source code editor.) -- C:\Program Files\Notepad++\notepad++.exe
O4 - GS\Desktop: Windows Live Messenger (2).lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - GS\Desktop: Windows Live Messenger .lnk . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
~ Global Startup: Scanned in 00mn 01s
---\\ Boutons situ�s sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: (no name) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ((no name)) - http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ((no name)) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} ((no name)) - http://utilities.pcpitstop.com/da2/PCPitStop2.cab
~ Objets ActiveX: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{169CEE27-4969-46D2-AB0F-0C9722446995}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{169CEE27-4969-46D2-AB0F-0C9722446995}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{169CEE27-4969-46D2-AB0F-0C9722446995}: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valeur de Registre AppInit_DLLs et sous-cl�s Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: avldr . (...) -- avldr.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non d�sactiv�s (O23)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) . (...) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acer HomeMedia Connect Service (Acer HomeMedia Connect Service) . (.CyberLink - CLMSServer.) - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: eDSService.exe (eDataSecurity Service) . (.HiTRSUT - eDataSecurity Service.) - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) . (.Acer Inc. - eRecoveryService.) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files\Skype\Updater\Updater.exe
~ Services: 20 Legitimates Filtered in 00mn 16s
---\\ T�ches planifi�es en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\OptimizerProUpdaterTask{F12180C7-3FBC-4656-B8F0-1037E05226B7}.job [406] =>PUP.OptimizerPro
[MD5.00000000000000000000000000000000] [APT] [OptimizerProUpdaterTask{F12180C7-3FBC-4656-B8F0-1037E05226B7}] (...) -- C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe (.not file.) [0] =>PUP.OptimizerPro
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.) [0] =>Toolbar.Ask
[MD5.00000000000000000000000000000000] [APT] [YourFile Update] (...) -- C:\Program Files\YourFileDownloader\YourFileUpdater.exe (.not file.) [0] =>PUP.YourFileDownloader
[MD5.00000000000000000000000000000000] [APT] [{0B4322C0-2A3E-4603-A0E6-991F1DD79902}] (...) -- L:\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{32CFB9F8-0518-41E3-BAC3-EC73CD3FBAE2}] (...) -- C:\Program Files\Mega Bloc Notes\desinstall.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{33D1502A-7596-46F2-99DB-66908331960A}] (...) -- C:\Users\Anick\Downloads\HiJackThis.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{91AC181B-71CF-4DA5-AEF6-F5BFBE428715}] (...) -- C:\Program Files\QuickTime\QTSystem\QuickTime.cpl" -c QuickTime (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A62D5FE7-C2FE-41BA-A869-13BAA9EF7137}] (...) -- C:\Program Files\7-Zip\Uninstall.exe (.not file.) [0]
~ Scheduled Task: 24 Legitimates Filtered in 01mn 55s
---\\ Pilotes lanc�s au d�marrage (O41)
O41 - Driver: (AntiLog32) . (.Zemana Ltd. - Zemana AntiLogger Driver.) - C:\Windows\system32\drivers\AntiLog32.sys
~ Drivers: 81 Legitimates Filtered in 00mn 15s
---\\ Logiciels install�s (O42)
O42 - Logiciel: ESSPDock - (.Nom de votre soci�t�.) [HKLM] -- {FCDB1C92-03C6-4C76-8625-371224256091}
O42 - Logiciel: Falsh Player 10 - (...) [HKLM] -- {4C5F4B75-32D1-472B-90DF-26A3181D7597}_is1
~ Logic: 154 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\3D Wild Dolphin Screensaver]
[HKCU\Software\IncrediMail]
[HKCU\Software\Wedding Album Maker Gold]
[HKCU\Software\simonpepito]
[HKCU\Software\wscontb]
[HKLM\Software\Mitac]
[HKLM\Software\megablocnote]
~ Key Software: 300 Legitimates Filtered in 00mn 00s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 27/11/2012 - 03:42:02 - [2,801] ----D C:\Program Files\BonkEnc
O43 - CFD: 27/11/2012 - 03:42:24 - [0,403] ----D C:\Program Files\DNA
O43 - CFD: 27/11/2012 - 03:45:22 - [0,667] ----D C:\Program Files\FP
O43 - CFD: 08/01/2013 - 12:45:39 - [0,000] ----D C:\Program Files\Supercow
O43 - CFD: 27/11/2012 - 03:48:05 - [0,000] ----D C:\Program Files\SynthPronosPlusSha
O43 - CFD: 27/11/2012 - 03:48:21 - [59,379] ----D C:\Program Files\Wedding Album Maker Gold
O43 - CFD: 27/11/2012 - 03:48:31 - [0,000] ----D C:\ProgramData\IM
O43 - CFD: 30/05/2013 - 16:20:56 - [26,025] --H-D C:\ProgramData\{3D3D405B-A26F-46DE-8E42-8BCC08AC2C4B}
O43 - CFD: 27/11/2012 - 03:49:29 - [0,552] --H-D C:\ProgramData\~1
O43 - CFD: 27/11/2012 - 04:02:13 - [0,001] ----D C:\Users\Anick\AppData\Roaming\#Hf
O43 - CFD: 27/11/2012 - 04:02:16 - [0,995] ----D C:\Users\Anick\AppData\Roaming\Aveyond 3
O43 - CFD: 27/11/2012 - 04:02:16 - [0,341] ----D C:\Users\Anick\AppData\Roaming\BitComet =>P2P.BitComet
O43 - CFD: 27/11/2012 - 04:02:16 - [0,006] ----D C:\Users\Anick\AppData\Roaming\BonkEnc
O43 - CFD: 27/11/2012 - 04:02:18 - [0,001] ----D C:\Users\Anick\AppData\Roaming\CometPlayer
O43 - CFD: 26/12/2011 - 10:36:46 - [0] ----D C:\Users\Anick\AppData\Roaming\lang
O43 - CFD: 27/11/2012 - 04:02:43 - [0,007] ----D C:\Users\Anick\AppData\Roaming\Pi Eye Games
O43 - CFD: 30/11/2012 - 11:29:55 - [0,329] ----D C:\Users\Anick\AppData\Roaming\Wedding Album Maker
O43 - CFD: 27/11/2012 - 04:02:48 - [0,001] ----D C:\Users\Anick\AppData\Roaming\Woozworld.2AB110D612309D36CC287D3596C3A64DA1EE9210.1
O43 - CFD: 27/11/2012 - 04:00:17 - [-1703,113] ----D C:\Users\Anick\AppData\Local\Ares
O43 - CFD: 27/11/2012 - 04:00:26 - [0,610] ----D C:\Users\Anick\AppData\Local\eSupport.com =>Rogue.RegistryWizard
O43 - CFD: 27/11/2012 - 04:00:30 - [6,711] ----D C:\Users\Anick\AppData\Local\IM
O43 - CFD: 27/11/2012 - 04:01:44 - [0,001] ----D C:\Users\Anick\AppData\Local\Pirate
O43 - CFD: 01/04/2011 - 15:58:17 - [0] ----D C:\Users\Anick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\La Poste
O43 - CFD: 15/06/2011 - 21:26:17 - [0] ----D C:\Users\Anick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Supercow
O43 - CFD: 27/11/2012 - 04:02:28 - [0,004] ----D C:\Users\Anick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wedding Album Maker Gold
~ Program Folder: 387 Legitimates Filtered in 00mn 20s
---\\ Derniers fichiers modifi�s ou cr�es sous Windows et System32 (O44)
O44 - LFC:[MD5.30CD54C2A4212D776CE57A6E8F67DC96] - 06/06/2013 - 17:26:56 ---A- . (...) -- C:\Windows\ntbtlog.txt [151522]
O44 - LFC:[MD5.4240992C33A949CB7C8E5642AFCA3492] - 05/06/2013 - 14:02:03 ---A- . (...) -- C:\UsbFix [Clean 2] PC-DE-ANICK.txt [9950]
O44 - LFC:[MD5.13F15C7B58571B8B0F4CCD5FE7EA62E5] - 05/06/2013 - 13:59:06 ----- . (...) -- C:\UsbFix [Scan 4] PC-DE-ANICK.txt [3699]
O44 - LFC:[MD5.B7E98A5F4DC40E05D1EBB073FD832D47] - 04/06/2013 - 12:20:27 ----- . (...) -- C:\UsbFix [Clean 1] PC-DE-ANICK.txt [4443]
O44 - LFC:[MD5.D6B45EA0258066159F18DF02F2E373C2] - 04/06/2013 - 12:19:25 ----- . (...) -- C:\UsbFix [Scan 3] PC-DE-ANICK.txt [5482]
O44 - LFC:[MD5.798F9F407BE82F6AC1FAD668607AFD67] - 04/06/2013 - 11:59:10 ----- . (...) -- C:\UsbFix [Scan 2] PC-DE-ANICK.txt [5593]
O44 - LFC:[MD5.460023AC6C3E079344A4F625D4FE6370] - 04/06/2013 - 11:17:53 ----- . (...) -- C:\UsbFix [Scan 1] PC-DE-ANICK.txt [5535]
O44 - LFC:[MD5.D4D9E640862D7748F8F0D986C0E0DC9A] - 30/05/2013 - 15:20:58 ---A- . (.Zemana Ltd. - Zemana AntiLogger Driver.) -- C:\Windows\System32\Drivers\AntiLog32.sys [80104]
~ Files: 18 Legitimates Filtered in 00mn 28s
---\\ Derniers fichiers cr��s dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.804E556BB2794C49A60B7DAD2800EA1A] - 04/06/2013 - 12:43:57 ---A- - C:\Windows\Prefetch\GO.EXE-0A7DE786.pf
O45 - LFCP:[MD5.791E1BBB81B176346A057D830BF30B33] - 04/06/2013 - 12:57:15 ---A- - C:\Windows\Prefetch\MBRWRWIN.EXE-2144233B.pf
O45 - LFCP:[MD5.560E80F58EE7BC7561F4239BDD67B1DB] - 04/06/2013 - 17:02:10 ---A- - C:\Windows\Prefetch\MKV.EXE-6EC3DB31.pf
O45 - LFCP:[MD5.4E8DDC1BDFFD406E0B15549B9357A42A] - 05/06/2013 - 16:46:32 ---A- - C:\Windows\Prefetch\MEDIAMONKEYCOM.EXE-48DF8DA7.pf
O45 - LFCP:[MD5.792E55BCF27F7629D3BD0206A2E4DC0F] - 06/06/2013 - 18:55:34 ---A- - C:\Windows\Prefetch\KDBSYNC.EXE-FEEAE65E.pf
O45 - LFCP:[MD5.F77DF278309CC5A771B42A8B29993D72] - 06/06/2013 - 18:55:43 ---A- - C:\Windows\Prefetch\V0470MON.EXE-B4C86809.pf
O45 - LFCP:[MD5.BEDD33A3946E510635BAEDB3A10AB371] - 06/06/2013 - 18:55:45 ---A- - C:\Windows\Prefetch\ANTILOGGER.EXE-EDF2E5FE.pf
O45 - LFCP:[MD5.7E2B3CE8AD688B42AC0607792E3B2740] - 28/05/2013 - 17:35:04 ---A- - C:\Windows\Prefetch\PROCMGR.EXE-57DDAE67.pf
O45 - LFCP:[MD5.965F7A2B52618C96F5A1E5E1A157B4AC] - 30/05/2013 - 15:20:42 ---A- - C:\Windows\Prefetch\ZEMANA_ANTILOGGER_1.9.3.454.E-6AB5B00C.pf
O45 - LFCP:[MD5.A5F9AC9ACB4BC5A2A402CBCB55A2F2B7] - 30/05/2013 - 15:20:49 ---A- - C:\Windows\Prefetch\ANTILOGGER.EXE-A1B534BF.pf
O45 - LFCP:[MD5.154C9D053C0BC4F6F334B2E030897DCF] - 30/05/2013 - 15:21:45 ---A- - C:\Windows\Prefetch\KEYGEN_ZEMANA_ANTILOGGER_1.9.-1F5BB6FE.pf
O45 - LFCP:[MD5.8A89F19ACEFA354CA0838EA5D127EF58] - 30/05/2013 - 20:56:32 ---A- - C:\Windows\Prefetch\NSE570.TMP-5C3C84C5.pf
O45 - LFCP:[MD5.19694D87F44B1D982F4C4F4EFD95C675] - 30/05/2013 - 20:56:32 ---A- - C:\Windows\Prefetch\NSEC98.TMP-B1505375.pf
~ Prefetcher: 138 Legitimates Filtered in 00mn 00s
---\\ Op�rations et fonctions au d�marrage de Windows Explorer (O46)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Cl� orpheline
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ ShareTools MSconfig StartupReg (O53)
O53 - SMSR:HKLM\...\startupreg\MegakeyUpdater [Key] . (...) -- C:\Users\Anick\AppData\Local\Megamedia\Megakey\MegakeyUpdater.exe (.not file.)
~ SMSR Keys: 25 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies System (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Microsoft Windows Policies Explorer (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "HonorAutoRunSetting"=0
O56 - MWPE:[HKLM\...\policies\Explorer] - "HonorAutoRunSetting"=0
~ MWPE Keys: 17 Legitimates Filtered in 00mn 00s
---\\ Liste des Drivers Syst�me (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Drivers: Scanned in 00mn 00s
---\\ Derniers fichiers modifi�s ou cr�es (Utilisateur) (O61)
O61 - LFC: 04/06/2013 - 11:14:15 ---A- C:\Users\Anick\AppData\Local\Zemana\ZALSDK\Blobs.db [510]
O61 - LFC: 05/06/2013 - 14:03:05 ---A- C:\Users\Anick\tennis 2013.txt [9950]
O61 - LFC: 06/06/2013 - 18:27:36 ---A- C:\Users\Anick\AppData\Local\Zemana\ZALSDK\threats.zdb [3729536]
O61 - LFC: 06/06/2013 - 19:05:22 ---A- C:\Users\Anick\AppData\Local\Zemana\ZALSDK\samples.zdb [1051]
~ 10 Fichiers temporaires (Temporary files)
~ Files: 31 Legitimates Filtered in 00mn 56s
---\\ Liste des outils de nettoyage (O63)
O63 - Logiciel: UsbFix By El Desaparecido - (.El Desaparecido - SosVirus.org.) [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1
~ ADS: Scanned in 00mn 00s
---\\ Start Menu Internet (O68)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Search Browser Infection (O69)
O69 - SBI: prefs.js [Anick - 6ejitbmq.default] user_pref("extensions.helperbar.DockingPositionDown", false);
O69 - SBI: prefs.js [Anick - 6ejitbmq.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] Live Search - (Live Search) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {02F1D67D-F8FB-47CF-B7F0-EBCD6A07C2C6} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-1111-472f-A0FF-E1416B8B2EAA} - (Search) - http://www.pucuy.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (@ieframe.dll,-12512) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {9D5BD211-422C-4164-9298-BB4186A30F31} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {AB85108A-7723-4B6D-BAA4-875AD5E04CD6} - (WhiteSmoke US New Customized Web Search) - http://search.conduit.com =>PUP.WhiteSmoke
O69 - SBI: SearchScopes [HKCU] {BFC73B0C-7420-43E5-8D44-F8FCD22E8A38} - (Ask Search) - http://websearch.ask.com
O69 - SBI: SearchScopes [HKCU] {C5717A24-E901-4A94-BF62-CDA5ABE2027A} - ((search.live.com) Live Search) - http://search.live.com
O69 - SBI: SearchScopes [HKCU] {E4286D06-B96B-443A-B293-6455ED5FA75E} - (Yahoo! Search) - http://fr.search.yahoo.com
~ Keys: Scanned in 00mn 00s
---\\ Crack & Keygen Files (O82)
C:\Users\Anick\Downloads\Keygen_Zemana_AntiLogger_1.9.x.xxx_-_SND.exe
C:\Users\Anick\Downloads\Keygen_Zemana_AntiLogger_1.9.x.xxx_-_SND.exe
~ Files: Scanned in 01mn 13s
---\\ Recherche particuliere � la racine de certains dossiers (O84)
[MD5.D21896C3CD4BE9CCDC88BCED166B58F5] [SPRF][15/04/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.90086F77F7D4113A7E7C63D910699E39] [SPRF][14/05/2011] (...) -- C:\Users\Anick\AppData\Roaming\Anicklog.dat [1243]
[MD5.E152C2E083BB18DF3770DE4040E3F391] [SPRF][09/10/2011] (...) -- C:\Users\Anick\AppData\Roaming\SetValue.bat [35]
[MD5.806C402AB92F481AF77B4E4C7D23E439] [SPRF][09/03/2011] (...) -- C:\Users\Anick\AppData\Roaming\Sys2662.Config.Repository.bin [22]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][12/03/2008] (...) -- C:\Users\Anick\AppData\Roaming\wklnhst.dat [0]
[MD5.0A90C8A3F94564E7EAF541981EAFA52A] [SPRF][06/06/2013] (...) -- C:\Users\Anick\Desktop\Desktop\adwcleaner.exe [632031]
[MD5.121F4ED4AD27877A9CCCC5D56BDF156D] [SPRF][03/06/2013] (...) -- C:\Users\Anick\Desktop\Desktop\MKV.exe [388227]
[MD5.04247E26DC344937A535CA9C7AB0B597] [SPRF][19/01/2011] (...) -- C:\Program Files\setup.exe [475016]
[MD5.E802BAF0B20CCCA90EC32D1D7D0BA05A] [SPRF][16/10/2009] (.NHN Corporation - ChannelingPluginforReactor Dynamic Linking Library.) -- C:\Windows\Downloaded Program Files\ChannelingPluginforReactor.dll [65536]
[MD5.9956CB0A1A1C8886A956EFAA3BBD6FF0] [SPRF][10/11/2009] (.Pas de propri�taire - ijji Optimizer Application.) -- C:\Windows\Downloaded Program Files\ijjiOptimizer.exe [811008]
[MD5.F5274D356DB9259A6904C98F65F8D1AE] [SPRF][21/12/2009] (.NHN USA.Inc - ijji.com.) -- C:\Windows\Downloaded Program Files\ijjiPCPlugin.dll [204560]
[MD5.4B0C612F9878234885D0058EE3C59A88] [SPRF][10/11/2009] (.PC Pitstop LLC - PC Pitstop ActiveX Control 2.) -- C:\Windows\Downloaded Program Files\PCPitstop2.dll [381664]
~ Files: Scanned in 00mn 00s
---\\ Firewall Active Exception List (FirewallRules) (O87)
O87 - FAEL: "{602E7204-E3F3-4B6E-9DD6-ED59C9E62FB2}" | In - Public - P17 - TRUE | .(.Acer Inc. - Acer Empowering Techonology Framework Launcher.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
O87 - FAEL: "{FAC52499-1DF8-4F4B-A548-475E6E8A556C}" | In - Public - P6 - TRUE | .(.Acer Inc. - Acer Empowering Techonology Framework Launcher.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
O87 - FAEL: "UDP Query User{3AB5DCAD-2F22-4904-8DA0-0CAC8D49CE52}C:\program files\sightspeed\sightspeed.exe" | In - Public - P17 - TRUE | .(.SightSpeed Inc. - SightSpeed.) -- C:\program files\sightspeed\sightspeed.exe
O87 - FAEL: "TCP Query User{6D348608-7440-4D2F-8380-91B0C2094D9C}C:\program files\sightspeed\sightspeed.exe" | In - Public - P6 - TRUE | .(.SightSpeed Inc. - SightSpeed.) -- C:\program files\sightspeed\sightspeed.exe
O87 - FAEL: "{D585109C-A3E9-47A0-B1F8-BEF827E9F6D7}" | In - None - P6 - TRUE | .(.Pas de propri�taire - DVAX2Process MFC Application.) -- C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe
~ Firewall: 233 Legitimates Filtered in 00mn 01s
---\\ Scan Additionnel (O88)
Database Version : v2.12397 - (06/06/2013)
Cl�s trouv�es (Keys found) : 5
Valeurs trouv�es (Values found) : 0
Dossiers trouv�s (Folders found) : 1
Fichiers trouv�s (Files found) : 0
[HKLM\Software\Microsoft\Tracing\YourFile_RASAPI32] =>PUP.YourFileDownloader
[HKLM\Software\Microsoft\Tracing\YourFileUpdater_RASAPI32] =>PUP.YourFileDownloader
[HKLM\Software\Microsoft\Tracing\YourFileUpdater_RASMANCS] =>PUP.YourFileDownloader
[HKCU\Software\wscontb] =>Toolbar.Agent
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181110}] =>PUP.CrossRider
C:\Users\Anick\AppData\Local\eSupport.com =>Rogue.RegistryWizard
~ Additionnel Scan: 285092 Items scanned in 00mn 24s
---\\ Product Upgrade Codes (O90)
O90 - PUC: "9888910D6677B424BA181FF6E8DDEF4F" . (.Facemoods.) -- C:\Windows\Installer\{D0198889-7766-424B-AB81-F16F8EDDFEF4}\ARPPRODUCTICON.exe =>Adware.Facemoods
~ Update Products: 164 Legitimates Filtered in 00mn 00s
---\\ Etat g�n�ral des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Auto 113152 | (ACDaemon) . (...) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 04/04/2007 266343 | (Acer HomeMedia Connect Service) . (.CyberLink.) - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
SR - | Auto 28672 | (AcerMemUsageCheckService) . (...) - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
SR - | Auto 65192 | (AdobeARMservice) . (...) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 17/05/2013 256904 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 29/12/2011 497496 | (AdvancedSystemCareService5) . (.IObit.) - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
SR - | Auto 04/07/2012 217088 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 10/04/2013 1428472 | (avgfws) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2013\avgfws.exe
SR - | Auto 13/05/2013 4937264 | (AVGIDSAgent) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2013\avgidsagent.exe
SR - | Auto 18/04/2013 283136 | (avgwd) . (.AVG Technologies CZ, s.r.o..) - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 06/02/2007 457512 | (eDataSecurity Service) . (.HiTRSUT.) - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
SR - | Auto 03/07/2007 53248 | (eRecoveryService) . (.Acer Inc..) - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
SR - | Auto 07/09/2012 1828496 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
SS - | Auto 61440 | (LightScribeService) . (...) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
SS - | Demand 24/05/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 14/12/2012 1522912 | (PDF Architect Helper Service) . (.pdfforge GbR.) - C:\Program Files\PDF Architect\HelperService.exe
SR - | Auto 14/12/2012 906464 | (PDF Architect Service) . (.pdfforge GbR.) - C:\Program Files\PDF Architect\ConversionService.exe
SR - | Auto 143360 | (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SS - | Auto 19/04/2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 14/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 01s
---\\ Recherche Master Boot Record Infection (MBR)(O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Anick at 06/06/2013 20:17:48
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8509E1F8]<<
1 ntkrnlpa!IofCallDriver[0x8304ABC5] >> \Device\Harddisk0\DR0[0x85F36510]
\Driver\atapi[0x85DC0D70] >> IRP_MJ_CREATE >> 0x8509E1F8
kernel: MBR read successfully
user & kernel MBR OK
~ MBR: 14 Legitimates Filtered in 00mn 02s
---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Anick at 06/06/2013 20:17:50
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 04s
~ 1779 Legitimates filtered by white list
End of the scan (572 lines in 07mn 28s)(2)