~ Rapport de ZHPDiag v2013.9.21.37 - Nicolas Coolman (21/09/2013)
~ Lancé par Lolo (21/09/2013 20:38:25)
~ Adresse du Site Web http://nicolascoolman.webs.com
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user
---\\ Navigateurs Internet
MSIE: Internet Explorer v10.0.9200.16521
MFIE: Mozilla Firefox 17.0.1 (Defaut)
---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Logiciels de protection du système
Avira Free Antivirus v13.0.0.4052
Emsisoft Anti-Malware
Malwarebytes Anti-Malware version 1.65.1.1000
Windows Defender W7
---\\ Logiciels d'optimisation du système
CCleaner v3.23 =>Piriform Ltd
---\\ Logiciels de partage PeerToPeer
µTorrent v2.2.0 =>P2P.µTorrent
---\\ Surveillance de Logiciels
Adobe Flash Player 11 Plugin
Java 7 Update 9
---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 26 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 14334 MB (80% free)
System Restore: Activé (Enable)
System drive C: has 49 GB (35%) free of 137 GB
---\\ Mode de connexion au système
~ Computer Name: LOLO-PC
~ User Name: Lolo
~ All Users Names: UpdatusUser, Lolo, HomeGroupUser$, Administrateur,
~ Unselected Option: None
Logged in as Administrator
---\\ Variables d'environnement
~ System Unit : C:\
~ %AppData% : C:\Users\Lolo\AppData\Roaming\
~ %Desktop% : C:\Users\Lolo\Desktop\
~ %Favorites% : C:\Users\Lolo\Favorites\
~ %LocalAppData% : C:\Users\Lolo\AppData\Local\
~ %StartMenu% : C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumération des unités disques
C:\ Hard drive, Flash drive, Thumb drive (Free 49 Go of 137 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 34 Go of 137 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 126 Go of 191 Go)
F:\ CD-ROM drive (Not Inserted)
G:\ Hard drive, Flash drive, Thumb drive (Free 253 Go of 559 Go)
H:\ Hard drive, Flash drive, Thumb drive (Free 9 Go of 98 Go)
I:\ Hard drive, Flash drive, Thumb drive (Free 389 Go of 498 Go)
J:\ CD-ROM drive (Not Inserted)
K:\ CD-ROM drive (Not Inserted)
L:\ CD-ROM drive (Not Inserted)
N:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
O:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
P:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
Q:\ CD-ROM drive (Not Inserted)
R:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 34 Legitimates Filtered in 00mn 00s
---\\ Recherche particulière de fichiers génériques
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Explorateur Windows.) (.20/11/2010 - 14:24:45.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.69F1D418B4C4EC23033D598E4CBC6B73] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.19/09/2013 - 21:58:45.) -- C:\Windows\System32\wininet.dll [2240512]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 2/4452
~ Mes musiques (My Musics) : 1/3
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 1/10342
~ Mon Bureau (My Desktop) : 1/496
~ Menu demarrer (Programs) : 1/237
~ Hidden Files: Scanned in 00mn 21s
---\\ Processus lancés
[MD5.ADAD9D784F5DBBA223B82A7D5DC1CE48] - (.Gainward Co. - EXPERTool : Display Control Panel.) -- C:\Program Files (x86)\EXPERTool\TBPANEL.exe [2181744] [PID.1100]
[MD5.F40E80C04475731C6ED5D19C48E45E3C] - (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- E:\Virtual cloneDrive\VirtualCloneDrive\VCDDaemon.exe [85160] [PID.716]
[MD5.F4202F68BB3B9A08822238D9017EC638] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664] [PID.4544]
[MD5.B4CF3FB7E9B8EA69757541DCE6CA20ED] - (.Mozilla Corporation - Firefox.) -- E:\FIREFOX\firefox.exe [276376] [PID.4360]
[MD5.72EF708552059546B1AAA82E7AA59439] - (.Mozilla Corporation - Plugin Container for Firefox.) -- E:\FIREFOX\plugin-container.exe [17304] [PID.3232]
[MD5.8D4AFD5F4955A52C39C8C424FE5516D9] - (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe [1862024] [PID.1992]
[MD5.94A0298B5A333CA4CF2F3C9DF9AE16AC] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7989760] [PID.2472]
[MD5.8BC7DAFDEA80BBBB929D705DD5703A95] - (.Emsisoft GmbH - Emsisoft Anti-Malware Service.) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4159464] [PID.944]
[MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.548]
[MD5.0A1CC583E8147004E4AD4625D7FBF88C] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224] [PID.1712]
[MD5.B1EA9681502EE57F87DB71D726288A5B] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1856]
[MD5.C9A36EF935ACED86AEDF93E97E606911] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032] [PID.1880]
[MD5.38DD20EF8455EF871651665F9B3FD9B7] - (.NCH Software - BroadCam Video Streaming Server.) -- C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe [1175556] [PID.1912]
[MD5.133F82B6391F3390BECFA429C23FB2BE] - (.CrypKey (Canada) Ltd. - CrypKey License Service.) -- C:\Windows\system32\crypserv.exe [122880] [PID.1984]
[MD5.EA22BCA708B37B82ADEBC822A171B92E] - (.CyberLink - CyberLink Media Server Monitor Service.) -- E:\POWER DVD 12 ULTRA v12.0.1312.54\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048] [PID.2008]
[MD5.3168D2F171A64590E7A11355CAE60A1E] - (.CyberLink - CyberLink Media Server Service.) -- E:\POWER DVD 12 ULTRA v12.0.1312.54\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232] [PID.1436]
[MD5.EE963D96BFD97E54BA6CE6D2AC58DE35] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.1760]
[MD5.8881574868E648689B7AA88A88716E17] - (.Apache Software Foundation - Apache HTTP Server.) -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [24635] [PID.2040]
[MD5.B1EF4686961986DFFB7FE8F18E6FCB5B] - (.Nalpeiron Ltd. - This service enables products that use the.) -- C:\Windows\SysWOW64\nlssrv32.exe [66560] [PID.1452]
[MD5.3A2E85F7D90D15460C337CE80C2E3B29] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [76888] [PID.2104]
[MD5.F115AF58ABE5605D7D709CBFBD83F418] - (.Pas de propriétaire - nTitles PSIService.) -- C:\Windows\SysWOW64\PSIService.exe [177704] [PID.2132]
[MD5.543A4EF0923BF70D126625B034EF25AF] - (.Protexis Inc. - PsiService PsiService.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [189728] [PID.2152]
[MD5.958E956E119EB7B9ABA142AFED1B5FF4] - (...) -- C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760] [PID.2176]
[MD5.360959BBD4F451E1AB811F4304232766] - (.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2568120] [PID.2328]
[MD5.F8217A55B4B183188F8D5B30C5022B49] - (.Pas de propriétaire - Event Service Application.) -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [151552] [PID.3092]
[MD5.4C6406CF07D4EBB70C5774D55C6688FB] - (.CyberLink Corp. - CLHNServiceForPowerDVD12 Module.) -- E:\POWER DVD 12 ULTRA v12.0.1312.54\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336] [PID.5020]
[MD5.1BBBF640BC0E0B750537BAECE8D66C18] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [641832] [PID.4612]
[MD5.4789E020D2617046862D1790FC235FF6] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1260320] [PID.2240]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\Lolo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [dlnembnfbcpjnepmfjmngjenhhajpdfd] Web Assistant v.2.0.0.464 (Activé) =>Adware.IncrediBar
G2 - GCE: Preference [User Data\Default] [jplinpmadfkdgipabgcdchbdikologlh] 1Click Downloader v.1.5 (Activé)
G2 - GCE: Preference [User Data\Default] [pmlghpafmmnmmkjdhacccolfgnkiboco] OneClickDownload v.1.1, (Activé) =>PUP.OneClickDownloader
~ Google Browser: 6 Legitimates Filtered in 00mn 02s
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>;<local>
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8888;https=127.0.0.1:8888 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 0
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
~ Toolbar: Scanned in 00mn 00s
---\\ Autres liens utilisateurs (O4)
O4 - GS\Desktop [Public]: BookSmart.lnk . (.Blurb, Inc - BookSmart® 3.1.0 3.1.0 33329.) -- E:\BLURB\Booksmart\BookSmart\BookSmart.exe
O4 - GS\Desktop [Public]: REX Essential.lnk . (.REX Game Studios - REX Essential.) -- C:\Program Files (x86)\Real Environment Xtreme Essential\rex.exe
O4 - GS\Desktop [Public]: Shortcut to Plan-Gv3.lnk . (...) -- C:\Windows\Installer\{56251E2E-176C-449E-9012-2BA827EC1D65}\_A78D5359FFEB9D18395849.exe
O4 - GS\Program [Public]: BroadCam Video Streaming Server.lnk . (.NCH Software - BroadCam Video Streaming Server.) -- C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe
O4 - GS\Program [Public]: Debut Video Capture Software.lnk . (.NCH Software - Debut Video Capture Software.) -- C:\Program Files (x86)\NCH Software\Debut\debut.exe
O4 - GS\Program [Public]: HD VDeck.lnk . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - GS\Program [Public]: Mocha for After Effects CS4.lnk . (...) -- E:\ADOBE AFTER EFFECTS CS4\Adobe After Effects CS4\Mocha\bin\Mocha For After Effects.exe (.not file.)
O4 - GS\Program [Public]: Prism Video File Converter.lnk . (.NCH Software - Prism Video File Converter.) -- C:\Program Files (x86)\NCH Software\Prism\prism.exe
O4 - GS\QuickLaunch [Lolo]: Aiseesoft 3D Convertisseur.lnk . (.Aiseesoft - Aiseesoft 3D Converter.) -- E:\AISEESOFT 3D CONVERTER\Aiseesoft 3D Converter\Aiseesoft 3D Converter.exe
O4 - GS\QuickLaunch [Lolo]: BitTorrent.lnk . (...) -- E:\Bittorent\BitTorrent.exe (.not file.) =>P2P.BitTorrent
O4 - GS\QuickLaunch [Lolo]: Emsisoft Anti-Malware.lnk . (.Emsisoft GmbH - Security Center.) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
O4 - GS\QuickLaunch [Lolo]: ProShow Producer.lnk . (.Photodex - ProShow.) -- C:\Program Files (x86)\Photodex\ProShow Producer\proshow.exe
O4 - GS\QuickLaunch [Lolo]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- E:\Bittorent\utorrent\utorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Lolo]: Aiseesoft 3D Convertisseur.lnk . (.Aiseesoft - Aiseesoft 3D Converter.) -- E:\AISEESOFT 3D CONVERTER\Aiseesoft 3D Converter\Aiseesoft 3D Converter.exe
O4 - GS\TaskBar [Lolo]: Auslogics Disk Defrag.lnk . (.Auslogics - Disk Defrag.) -- E:\Auslogics Disk Defrag\Auslogics Disk Defrag\DiskDefrag.exe
O4 - GS\TaskBar [Lolo]: BitTorrent-7.1 - Raccourci.lnk . (.BitTorrent, Inc. - BitTorrent.) -- E:\Bittorent\BitTorrent-7.1.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Lolo]: CDex.lnk . (.Albert L Faber - CDex CD-Ripper.) -- E:\CEDEX\CDex\CDex.exe
O4 - GS\TaskBar [Lolo]: CPU-Z.lnk . (.CPUID - CPU-Z Application.) -- E:\Overclocking- utilitaires\CPU-Z\cpuz.exe
O4 - GS\TaskBar [Lolo]: Dreamweaver - Raccourci.lnk . (.Adobe Systems, Inc. - Adobe Dreamweaver CS6.) -- E:\Adobe Dreamweaver CS 6\Adobe Dreamweaver CS6\Dreamweaver.exe
O4 - GS\TaskBar [Lolo]: Emsisoft Anti-Malware.lnk . (.Emsisoft GmbH - Security Center.) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe
O4 - GS\TaskBar [Lolo]: FileZilla.lnk . (.FileZilla Project - FileZilla FTP Client.) -- E:\FILEZILLA\FileZilla FTP Client\filezilla.exe
O4 - GS\TaskBar [Lolo]: Google SketchUp 8.lnk . (.Google, Inc. - SketchUp Application.) -- E:\SKETCHUP\SketchUp.exe
O4 - GS\TaskBar [Lolo]: Live 6.0.1 - Raccourci.lnk . (.Ableton - Pas de description.) -- H:\ABLETON LIVE 6\ABLETON 6\Live 6.0.1\Program\Live 6.0.1.exe
O4 - GS\TaskBar [Lolo]: MpegJoiner - Raccourci.lnk . (.DigitByte Studio - MpegJoiner Application.) -- E:\MPEGJOINER\MpegJoiner.exe
O4 - GS\TaskBar [Lolo]: openElement.lnk . (.Element Technologie - openElement.) -- E:\openElement\openElement.exe
O4 - GS\TaskBar [Lolo]: Prism Video File Converter.lnk . (.NCH Software - Prism Video File Converter.) -- C:\Program Files (x86)\NCH Software\Prism\prism.exe
O4 - GS\TaskBar [Lolo]: ProShow Producer.lnk . (.Photodex - ProShow.) -- C:\Program Files (x86)\Photodex\ProShow Producer\proshow.exe
O4 - GS\TaskBar [Lolo]: The Eye.lnk . (.IVAO - The Eye.) -- G:\VOL EN RESAU\IVAO\ivap\The Eye\TheEye.exe
O4 - GS\Desktop [Lolo]: Australian_OZx3.3_ORBX_Ant - Raccourci.lnk . (...) -- C:\Users\Lolo\Desktop\FSX -app\AUSTRALIE\Australian_OZx3.3_ORBX_Ant.kmz
O4 - GS\Desktop [Lolo]: CGV - Raccourci.lnk . (...) -- E:\AUTO-ENTREPRENEUR\CGV.docx (.not file.)
O4 - GS\Desktop [Lolo]: Facture Modele Pro.lnk . (...) -- C:\Program Files (x86)\FactureModelePro\FactureModelePro.exe
O4 - GS\Desktop [Lolo]: Free Window Registry Repair.lnk . (...) -- E:\UTILITAIRES NETTOYAGE DESINSTALLATION\Free Window Registry Repair\Free Window Registry Repair\Regpair.exe
O4 - GS\Desktop [Lolo]: FTX Central.lnk . (.Orbx Simulation Systems Pty Ltd - FTX Central.) -- G:\Flight Simulator X\ORBX\Scripts\FTXCentral\FTXCentral.exe
O4 - GS\Desktop [Lolo]: FTXORBXLIBS_120825 - Raccourci.lnk . (...) -- G:\A SAUVEGARDER\scenes\library 25-08-12\FTXORBXLIBS_120825.exe (.not file.)
O4 - GS\Desktop [Lolo]: FTXUSKORS115_PATCH - Raccourci.lnk . (...) -- G:\A SAUVEGARDER\scenes\FTXUSKORS115_PATCH.zip (.not file.)
O4 - GS\Desktop [Lolo]: idée janv 2013.als - Raccourci.lnk . (...) -- H:\SAUVEGARDE PROJETS\idée janv 2013 Project\idée janv 2013.als
O4 - GS\Desktop [Lolo]: laurentphotos85 - Raccourci.lnk . (...) -- E:\MON SITE WEB\laurentphotos85\public_html\laurentphotos85.ope
O4 - GS\Desktop [Lolo]: NDB & VOR France.dat - Raccourci.lnk . (...) -- G:\A SAUVEGARDER\divers\NDB & VOR France.dat.kmz
O4 - GS\Desktop [Lolo]: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.) -- E:\UTILITAIRES NETTOYAGE DESINSTALLATION\REVO UNINSTALLER\Revouninstaller.exe
O4 - GS\Desktop [Lolo]: Tvix Thème Manager.lnk . (.Jérôme Boulinguez - Tvix Thème Manager.) -- E:\TVIX THEME MANAGER 3.05\TvixTM\tvixmng.exe
~ Global Startup: 123 Legitimates Filtered in 00mn 06s
---\\ Applications lancées au démarrage du sytème (O4)
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [GAINWARD] . (.Gainward Co. - EXPERTool : Display Control Panel.) -- C:\Program Files (x86)\EXPERTool\TBPanel.exe
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [VirtualCloneDrive] . (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- E:\Virtual cloneDrive\VirtualCloneDrive\VCDDaemon.exe =>.Elaborate Bytes AG
O4 - HKLM\..\Wow6432Node\Run: [FaxCenterServer] . (.Pas de propriétaire - Fax Man Server.) -- C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe
O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- E:\quicktime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-357804714-886165105-902047999-1011\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-357804714-886165105-902047999-1011\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.line6.net
O15 - Trusted Zone: [HKCU\...\EscDomains] http.127.0.0.1
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCCABA90-5273-4232-89C1-19BC962658DA}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS1\Services\Tcpip\..\{FCCABA90-5273-4232-89C1-19BC962658DA}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CS2\Services\Tcpip\..\{FCCABA90-5273-4232-89C1-19BC962658DA}: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
~ Domain: Scanned in 00mn 00s
---\\ Protocole additionnel (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Marvell RAID Event Agent (Marvell RAID) . (.Pas de propriétaire - Event Service Application.) - C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
O23 - Service: ScsiAccess (ScsiAccess) . (...) - C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
O23 - Service: Power Control [2012/05/21 23:20:06] ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) . (.CyberLink Corp. - Pas de description.) - E:\POWER DVD 12 ULTRA v12.0.1312.54\PowerDVD12\Common\NavFilter\000.fcl
~ Services: 23 Legitimates Filtered in 00mn 04s
---\\ Tâches planifiées en automatique (O39)
[MD5.00000000000000000000000000000000] [APT] [Express Files Updater] (...) -- C:\Program Files (x86)\ExpressFiles\EFupdater.exe (.not file.) [0] =>Adware.ExpressFiles
[MD5.00000000000000000000000000000000] [APT] [Your File Updater] (...) -- C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe (.not file.) [0] =>PUP.YourFileDownloader
[MD5.00000000000000000000000000000000] [APT] [YourFile Update] (...) -- C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe (.not file.) [0] =>PUP.YourFileDownloader
[MD5.00000000000000000000000000000000] [APT] [{1D8B7DBD-014E-42E0-B33D-CC502FB90859}] (...) -- F:\SHELexeC.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{2ECCCE38-A08E-4423-988F-84F3D097FD6E}] (...) -- J:\Autorun.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{49C699CD-E04C-4197-AEA3-ED7BDD9B60D8}] (...) -- F:\driver\275.97_WinVista_Win7_64bit_WHQL\NV3DVision\3DVision_275.97.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4B1D039F-EDA5-4E4A-8754-4690D0148FC4}] (...) -- G:\AUSTRALIE\Aerosoft scenery - Lord Howe Island X-payware2008\AS_LordHoweIslandX_V100.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{AC1C7EBC-1FCB-4E69-BB6A-BA6A49867991}] (...) -- E:\PROSHOW PRODUCER 5\remove.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{CF2791D9-4934-413A-8B7A-5BCD373F03D0}] (...) -- G:\A SAUVEGARDER\FTX NA Blue Central Rocky Mountains(NEW)\setup_CRM.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E925A665-1E0E-429C-8B7F-3B8D5B281C36}] (...) -- N:\Install TomTom HOME.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F845D8FC-BC0C-4215-8DE3-9D1D180B3ACB}] (...) -- F:\Setup.exe (.not file.) [0]
~ Scheduled Task: 21 Legitimates Filtered in 00mn 05s
---\\ Logiciels installés (O42)
O42 - Logiciel: A2A Wings of POWER 3 Spitfire - (...) [HKLM][64Bits] -- A2A Wings of POWER 3 Spitfire
O42 - Logiciel: Accu-Sim for the WoP3 Spitfire - (...) [HKLM][64Bits] -- Accu-Sim for the WoP3 Spitfire
O42 - Logiciel: Airbus Series Vol.2 (FS X) - (...) [HKCU][64Bits] -- Airbus Series Vol.2 (FS X)
O42 - Logiciel: Ant's De Havilland Tiger Moth Version 1.1 FSX - (.Anthony Lynch.) [HKLM][64Bits] -- {BD43E91E-5610-4E53-8350-4E475DA50118}
O42 - Logiciel: Aquitaine PHOTO Vol.1 - (...) [HKLM][64Bits] -- Aquitaine PHOTO Vol.1
O42 - Logiciel: Aquitaine PHOTO Vol.2 - (...) [HKLM][64Bits] -- Aquitaine PHOTO Vol.2
O42 - Logiciel: Auvergne PHOTO - (...) [HKLM][64Bits] -- Auvergne PHOTO
O42 - Logiciel: Aéroports Français FSX - (...) [HKCU][64Bits] -- Aéroports Français FSX
O42 - Logiciel: Bretagne VFR FSX - (...) [HKCU][64Bits] -- Bretagne VFR FSX
O42 - Logiciel: Canarias FSX Parte-1 - (...) [HKLM][64Bits] -- Canarias FSX Parte-1
O42 - Logiciel: Canarias FSX Parte-2 - (...) [HKLM][64Bits] -- Canarias FSX Parte-2
O42 - Logiciel: Canarias FSX Parte-3 - (...) [HKLM][64Bits] -- Canarias FSX Parte-3
O42 - Logiciel: Canarias FSX Parte-4 - (...) [HKLM][64Bits] -- Canarias FSX Parte-4
O42 - Logiciel: ConcordeX for FSX - (.FlightSimLabs, Ltd..) [HKLM][64Bits] -- ConcordeX for FSX_is1
O42 - Logiciel: Corse PHOTO (part 1/3) - (...) [HKLM][64Bits] -- Corse PHOTO (part 1/3)
O42 - Logiciel: Discover Arabia - (...) [HKLM][64Bits] -- Discover Arabia
O42 - Logiciel: DodoSim Bell 206 FSX - (...) [HKCU][64Bits] -- DodoSim Bell 206 FSX
O42 - Logiciel: E-Jets v2 World Airliners 1 (v1.0b021) - (...) [HKCU][64Bits] -- E-Jets v2 World Airliners 1 (v1.0b021)
O42 - Logiciel: E-MU Xboard - (...) [HKLM][64Bits] -- {D925601D-25E3-4E95-A456-FBD8C2995289}
O42 - Logiciel: Embraer A-29B Super Tucano FSX Acceleration - (.Tim Piglet Conrad.) [HKLM][64Bits] -- {F698FEB2-FECB-4FD7-8FC5-670CE2739F29}
O42 - Logiciel: FS Water Configurator 3.15 - (...) [HKLM][64Bits] -- FS Water Configurator
O42 - Logiciel: FSAddon Piper Super Cub - (...) [HKLM][64Bits] -- FSAddon Piper Super Cub
O42 - Logiciel: FSAddon Piper Super Cub X - (...) [HKLM][64Bits] -- FSAddon Piper Super Cub X
O42 - Logiciel: FSX Sirocco_LT Motoryacht - (...) [HKLM][64Bits] -- FSX Sirocco_LT Motoryacht
O42 - Logiciel: FTX AU GOLD Version 1.0 - (...) [HKCU][64Bits] -- FTX AU GOLD Version 1.0
O42 - Logiciel: FeelThere E-Jets v.2 - (...) [HKCU][64Bits] -- FeelThere E-Jets v.2
O42 - Logiciel: Fly the MADDOG 2008 - Professional Edition - (...) [HKLM][64Bits] -- Fly the MADDOG 2008 - Professional Edition
O42 - Logiciel: HD Jetway and Airport Parking FSX - (.Real Environment Xtreme, Inc..) [HKLM][64Bits] -- {350F852D-4916-44C5-81B0-7D62A7A088E5}
O42 - Logiciel: Hangsim - (...) [HKLM][64Bits] -- Hangsim
O42 - Logiciel: Hurricane - (...) [HKCU][64Bits] -- Hurricane
O42 - Logiciel: LFRS - Nantes Atlantique - (...) [HKCU][64Bits] -- LFRS - Nantes Atlantique
O42 - Logiciel: La Réunion - (...) [HKLM][64Bits] -- La Réunion
O42 - Logiciel: Level-D World Airliners 3 v1.0b001 - (...) [HKCU][64Bits] -- Level-D World Airliners 3 v1.0b001
O42 - Logiciel: Live 6.0.1 - (...) [HKLM][64Bits] -- Live 6.0.1
O42 - Logiciel: Mailsoft's - Switzerland Professional X - (.Mailsoft.) [HKLM][64Bits] -- {C0E7FAD8-F8AE-4819-AEBF-D92562315EEE}
O42 - Logiciel: MegaSceneryX Las Vegas - (.PC Aviator Inc..) [HKLM][64Bits] -- MegaSceneryX Las Vegas_is1
O42 - Logiciel: NZ- Landclass and Textures - (...) [HKLM][64Bits] -- NZ- Landclass and Textures
O42 - Logiciel: Natural World Trees - (.Alexey Samoshin aka NoName.) [HKLM][64Bits] -- {5CDDCA2E-2882-4BCC-96A2-14163D5234DE}
O42 - Logiciel: Obstacles et Repères VFR FRANCE - (...) [HKLM][64Bits] -- Obstacles et Repères VFR FRANCE
O42 - Logiciel: PA-28-181 ARCHER II FSX - (...) [HKCU][64Bits] -- PA-28-181 ARCHER II FSX
O42 - Logiciel: PA28RT ARROW IV FSX - (...) [HKCU][64Bits] -- PA28RT ARROW IV FSX
O42 - Logiciel: PA32R Saratoga SP FSX - (...) [HKCU][64Bits] -- PA32R Saratoga SP FSX
O42 - Logiciel: PACA PHOTO Vol.1 - (...) [HKLM][64Bits] -- PACA PHOTO Vol.1
O42 - Logiciel: PACA PHOTO Vol.2 - (...) [HKLM][64Bits] -- PACA PHOTO Vol.2
O42 - Logiciel: Paris PHOTO (part 1/3) - (...) [HKLM][64Bits] -- Paris PHOTO (part 1/3)
O42 - Logiciel: Pays-de-Loire PHOTO (part 1/5) - (...) [HKLM][64Bits] -- Pays-de-Loire PHOTO (part 1/5)
O42 - Logiciel: Photo Real Los Angeles X - (...) [HKCU][64Bits] -- Photo Real Los Angeles X
O42 - Logiciel: Picardie PHOTO (part 1/4) - (...) [HKLM][64Bits] -- Picardie PHOTO (part 1/4)
O42 - Logiciel: Raw Grit PNG BushPilot FSX - (.SimMarket.) [HKLM][64Bits] -- RawGritPNGBushPilot_is1
O42 - Logiciel: Rhone-Alpes PHOTO Vol1 - (...) [HKLM][64Bits] -- Rhone-Alpes PHOTO Vol1
O42 - Logiciel: Rhone-Alpes PHOTO Vol2 - (...) [HKLM][64Bits] -- Rhone-Alpes PHOTO Vol2
O42 - Logiciel: Shade - (...) [HKCU][64Bits] -- Shade
O42 - Logiciel: Tvix Thème Manager 3.05 version du 14/06/2010 - (.MarbleMad.) [HKLM][64Bits] -- Tvix Thème Manager_is1
O42 - Logiciel: UK2000 VFR Scenery Volume1 files - (...) [HKLM][64Bits] -- UK2000 VFR Scenery Volume1
O42 - Logiciel: VB Runtime - (...) [HKLM][64Bits] -- VB Runtime
O42 - Logiciel: VFR scenery Volume 2 - (...) [HKCU][64Bits] -- VFR scenery Volume 2
~ Logic: 439 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Ariane Studios]
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles
[HKCU\Software\IncrediMail]
[HKCU\Software\SimCheck]
[HKCU\Software\TAS]
[HKCU\Software\YahooPartnerToolbar] =>Toolbar.Yahoo
[HKLM\Software\Leonardo]
[HKLM\Software\NaturalWorld]
[HKLM\Software\WNLT] =>Adware.IncrediBar
[HKLM\Software\Wow6432Node\Abraxis]
[HKLM\Software\Wow6432Node\Dimension]
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles
[HKLM\Software\Wow6432Node\Florenc]
[HKLM\Software\Wow6432Node\France VFR]
[HKLM\Software\Wow6432Node\IncrediMail]
[HKLM\Software\Wow6432Node\Leonardo]
[HKLM\Software\Wow6432Node\Mailsoft]
[HKLM\Software\Wow6432Node\NaturalWorld]
[HKLM\Software\Wow6432Node\Uk2000 Scenery]
[HKLM\Software\Wow6432Node\id]
~ Key Software: 482 Legitimates Filtered in 00mn 01s
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 15/06/2012 - 12:55:45 - [0,538] ----D C:\ProgramData\Droppix
O43 - CFD: 19/03/2013 - 15:48:47 - [0] ----D C:\ProgramData\xml_param
O43 - CFD: 19/09/2013 - 20:52:02 - [0,006] ----D C:\Users\Lolo\AppData\Roaming\4X_DATA
O43 - CFD: 23/03/2011 - 23:05:10 - [0] ----D C:\Users\Lolo\AppData\Roaming\Ariane
O43 - CFD: 23/11/2012 - 13:26:09 - [0] -SH-D C:\Users\Lolo\AppData\Roaming\B2B502
O43 - CFD: 18/11/2012 - 07:55:43 - [0] -SH-D C:\Users\Lolo\AppData\Roaming\D4E308
O43 - CFD: 25/05/2011 - 13:49:54 - [0,001] ----D C:\Users\Lolo\AppData\Roaming\Droppix
O43 - CFD: 16/03/2011 - 16:00:58 - [0] ----D C:\Users\Lolo\AppData\Roaming\MyTraffic
O43 - CFD: 12/08/2012 - 09:12:06 - [0,000] ----D C:\Users\Lolo\AppData\Roaming\Road Trip Effect prefs
O43 - CFD: 29/03/2011 - 11:30:48 - [0,000] ----D C:\Users\Lolo\AppData\Roaming\TH1
O43 - CFD: 05/02/2013 - 10:03:32 - [0,011] ----D C:\Users\Lolo\AppData\Roaming\Ultra Fractal 5
O43 - CFD: 12/01/2011 - 18:34:47 - [0,001] --H-D C:\Users\Lolo\AppData\Local\934grAkv
O43 - CFD: 26/04/2011 - 18:31:34 - [0,001] ----D C:\Users\Lolo\AppData\Local\Peter_Lürkens
O43 - CFD: 19/09/2013 - 20:52:15 - [0,006] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FeelThere
O43 - CFD: 19/09/2013 - 20:52:16 - [0,029] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\France VFR
O43 - CFD: 19/09/2013 - 20:52:16 - [0,001] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FS Dreamscapes
O43 - CFD: 19/09/2013 - 20:52:17 - [0,003] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSAddon+
O43 - CFD: 09/04/2011 - 00:23:37 - [0] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSX Sirocco_LT Motoryacht
O43 - CFD: 19/09/2013 - 20:52:17 - [0,001] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OZx
O43 - CFD: 19/09/2013 - 20:52:17 - [0,001] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OZx#Startup#
O43 - CFD: 19/09/2013 - 20:52:17 - [0,000] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo Real Copenhagen X Day+Night
O43 - CFD: 19/09/2013 - 20:52:17 - [0,001] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo Real Los Angeles X
O43 - CFD: 19/09/2013 - 20:52:17 - [0,005] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SceneryBox
O43 - CFD: 19/09/2013 - 20:52:17 - [0,001] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shade
O43 - CFD: 24/04/2011 - 09:54:43 - [0] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UK2000 Scenery
~ Program Folder: 375 Legitimates Filtered in 00mn 29s
---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.863E3125BB624F3E845F3C780BB7BC1F] - 21/09/2013 - 17:41:49 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [21200]
O44 - LFC:[MD5.863E3125BB624F3E845F3C780BB7BC1F] - 21/09/2013 - 17:41:49 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [21200]
O44 - LFC:[MD5.863E3125BB624F3E845F3C780BB7BC1F] - 21/09/2013 - 17:41:49 RSHAD . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [21200]
O44 - LFC:[MD5.863E3125BB624F3E845F3C780BB7BC1F] - 21/09/2013 - 17:41:49 RSHAD . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [21200]
O44 - LFC:[MD5.E5C680DE13079AEC92C991DE45FD4FEC] - 21/09/2013 - 17:36:46 ---A- . (...) -- C:\Windows\mvraidver.dat [8]
O44 - LFC:[MD5.09D3D390C8E0D8CCF1A7D2D711437DED] - 21/09/2013 - 17:36:17 ---A- . (...) -- C:\Windows\error.log [744]
O44 - LFC:[MD5.74CB115142FF252F752690B9FAFAF147] - 21/09/2013 - 17:35:36 ---A- . (...) -- C:\Windows\errord.log [168]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 19/09/2013 - 21:58:45 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [25185]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 19/09/2013 - 21:58:45 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [25185]
~ Files: 326 Legitimates Filtered in 01mn 03s
---\\ Derniers fichiers créés dans Windows Prefetcher (O45)
O45 - LFCP:[MD5.06DE5A9A1037DFB05E267F5170CA5D43] - 20/09/2013 - 14:06:11 ---A- - C:\Windows\Prefetch\CLMSSERVERPDVD12.EXE-45CD721A.pf
O45 - LFCP:[MD5.65943D5B5C86E4316AF3155A882009AC] - 20/09/2013 - 14:48:33 ---A- - C:\Windows\Prefetch\COREL PAINTSHOP PRO.EXE-09A3472E.pf
O45 - LFCP:[MD5.1EF0B3FFD40B942D5FF52ECF1214946B] - 20/09/2013 - 15:44:16 ---A- - C:\Windows\Prefetch\KWIKMEDIA.601.EXE-3794A278.pf
O45 - LFCP:[MD5.612FC4383852C97FF6A78AF83DED5ADE] - 20/09/2013 - 15:44:18 ---A- - C:\Windows\Prefetch\KWIKMEDIA.EXE-FF07C1AF.pf
O45 - LFCP:[MD5.DC4325B0AA99708BAD9156D7081E8328] - 20/09/2013 - 15:47:02 ---A- - C:\Windows\Prefetch\BITTORRENT-7.1.EXE-545DFC56.pf =>P2P.BitTorrent
O45 - LFCP:[MD5.F6D29AA18F193630B01608E1C737142C] - 20/09/2013 - 20:02:15 ---A- - C:\Windows\Prefetch\MIGRATIONASSISTANT.EXE-6ED5E245.pf
O45 - LFCP:[MD5.508CE7E671295365A3692B99EF45A65E] - 20/09/2013 - 22:55:10 ---A- - C:\Windows\Prefetch\HTTPD.EXE-FA22AD93.pf
O45 - LFCP:[MD5.99DF6946F5ECF4A82D42261A5CA8D10A] - 20/09/2013 - 22:55:10 ---A- - C:\Windows\Prefetch\NLSSRV32.EXE-4B9A5957.pf
O45 - LFCP:[MD5.C1CEF05A1BAD94F873305D42BFB35042] - 20/09/2013 - 22:55:10 ---A- - C:\Windows\Prefetch\PSISERVICE.EXE-2AAF5EAF.pf
O45 - LFCP:[MD5.8F927EE295054EAC76D905730C463199] - 21/09/2013 - 03:12:30 ---A- - C:\Windows\Prefetch\MVRAIDSVC.EXE-26B20D59.pf
O45 - LFCP:[MD5.140A881E009B864AD092E223D3D6AE28] - 21/09/2013 - 07:03:26 ---A- - C:\Windows\Prefetch\FM3032.EXE-D4C30AC9.pf
O45 - LFCP:[MD5.CDC9F1FC2FE2E2A45BD9F11896B0DA52] - 21/09/2013 - 07:07:47 ---A- - C:\Windows\Prefetch\OPENELEMENT.EXE-C34D04BF.pf
~ Prefetcher: 136 Legitimates Filtered in 00mn 00s
---\\ Contrôle du Safe Boot (CSB) (O49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\LogMeIn Hamachi Ui [Key] . (...) -- E:\HAMACHI\hamachi-2-ui.exe (.not file.)
O53 - SMSR:HKLM\...\startupreg\MRUTray [Key] . (.Pas de propriétaire - MarvellTray.) -- C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
~ SMSR Keys: 18 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s
---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.AD12F5C7251BB8D575D560894E73CBBA] - 24/12/2010 - 10:43:40 . (.Wondershare - Wondershare Virtual Audio Device.) -- C:\Windows\System32\Drivers\Apowersoft_AudioDevice.sys [29288]
O58 - SDL:[MD5.2263727032E9B19231A706046B8C82D3] - 17/03/2008 - 18:12:26 ---A- . (...) -- C:\Windows\System32\Ckldrv.sys [28664]
O58 - SDL:[MD5.5940062D95C753F1F77AC2086089A7CF] - 10/12/2005 - 01:07:59 ---A- . (.Line 6 - Line 6 Device Proxy.) -- C:\Windows\SysWOW64\drivers\l6dp.sys [27392]
O58 - SDL:[MD5.C08B090F485B0028720BD0D31FB33B20] - 08/01/2012 - 10:41:33 -SHA- . (...) -- C:\Windows\SysWOW64\KGyGaAvL.sys [1056]
~ Drivers: 17 Legitimates Filtered in 00mn 00s
---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 - LFC: 19/09/2013 - 08:51:54 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\268.OESkin [6907]
O61 - LFC: 19/09/2013 - 08:52:02 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\220.OESkin [5089]
O61 - LFC: 19/09/2013 - 08:55:29 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\221.OESkin [27543]
O61 - LFC: 19/09/2013 - 08:55:52 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\242.OESkin [5222]
O61 - LFC: 19/09/2013 - 09:01:07 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\183.OESkin [6336]
O61 - LFC: 19/09/2013 - 09:02:20 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\182.OESkin [20268]
O61 - LFC: 19/09/2013 - 09:02:30 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\184.OESkin [7404]
O61 - LFC: 19/09/2013 - 09:02:34 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\561.OESkin [5357]
O61 - LFC: 19/09/2013 - 09:04:46 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\186.OESkin [6038]
O61 - LFC: 19/09/2013 - 09:06:19 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\270.OESkin [17505]
O61 - LFC: 19/09/2013 - 09:06:21 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\231.OESkin [7570]
O61 - LFC: 19/09/2013 - 09:06:55 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\48.OESkin [8969]
O61 - LFC: 19/09/2013 - 09:10:45 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\52.OESkin [9959]
O61 - LFC: 19/09/2013 - 09:10:49 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\50.OESkin [10021]
O61 - LFC: 19/09/2013 - 09:11:09 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\245.OESkin [9387]
O61 - LFC: 19/09/2013 - 09:11:14 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\230.OESkin [8101]
O61 - LFC: 19/09/2013 - 09:11:32 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\49.OESkin [10187]
O61 - LFC: 19/09/2013 - 09:11:34 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\51.OESkin [9245]
O61 - LFC: 19/09/2013 - 09:12:38 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\239.OESkin [7348]
O61 - LFC: 19/09/2013 - 09:12:47 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\241.OESkin [5398]
O61 - LFC: 19/09/2013 - 09:13:20 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\559.OESkin [4889]
O61 - LFC: 19/09/2013 - 09:13:43 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\185.OESkin [6773]
O61 - LFC: 19/09/2013 - 09:13:49 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\29.OESkin [25653]
O61 - LFC: 19/09/2013 - 09:14:05 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\31.OESkin [9186]
O61 - LFC: 19/09/2013 - 09:14:13 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\28.OESkin [25614]
O61 - LFC: 19/09/2013 - 09:14:15 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\560.OESkin [5402]
O61 - LFC: 19/09/2013 - 09:14:17 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\658.OESkin [23791]
O61 - LFC: 19/09/2013 - 09:14:21 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\739.OESkin [24500]
O61 - LFC: 19/09/2013 - 09:14:27 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\269.OESkin [6985]
O61 - LFC: 19/09/2013 - 09:14:39 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\740.OESkin [25303]
O61 - LFC: 19/09/2013 - 09:17:37 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\738.OESkin [24520]
O61 - LFC: 19/09/2013 - 09:17:38 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\367.OESkin [6194]
O61 - LFC: 19/09/2013 - 09:19:05 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\368.OESkin [10099]
O61 - LFC: 19/09/2013 - 09:19:07 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\240.OESkin [3640]
O61 - LFC: 19/09/2013 - 09:22:47 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\366.OESkin [44936]
O61 - LFC: 19/09/2013 - 09:22:50 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\53.OESkin [9114]
O61 - LFC: 19/09/2013 - 09:22:55 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\54.OESkin [7788]
O61 - LFC: 19/09/2013 - 09:23:04 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\323.OESkin [6960]
O61 - LFC: 19/09/2013 - 19:45:45 ---A- . (...) -- C:\Users\Lolo\AppData\Local\GDIPFONTCACHEV1.DAT [196648]
O61 - LFC: 19/09/2013 - 21:24:39 ---A- . (...) -- C:\Users\Lolo\AppData\Roaming\Photodex\ProShow Producer\def.dat [93]
O61 - LFC: 19/09/2013 - 22:27:37 ---A- . (...) -- C:\Users\Lolo\Links\Desktop.lnk [489]
O61 - LFC: 19/09/2013 - 22:27:37 ---A- . (...) -- C:\Users\Lolo\Links\Downloads.lnk [936]
O61 - LFC: 19/09/2013 - 22:27:37 ---A- . (...) -- C:\Users\Lolo\Links\RecentPlaces.lnk [383]
O61 - LFC: 19/09/2013 - 23:07:33 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\keys\272098ef-e420-416b-9bcd-da89896c8952.key [313]
O61 - LFC: 20/09/2013 - 01:24:09 ---A- . (...) -- C:\Users\Lolo\Documents\Anti-Malware\Reports\a2scan_130920-002318.txt [1790]
O61 - LFC: 21/09/2013 - 03:08:42 ---A- . (...) -- C:\Users\Lolo\Documents\Anti-Malware\Reports\a2scan_130921-000152.txt [6764]
O61 - LFC: 21/09/2013 - 07:08:14 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\Config\OpenRecentProject.cfg [865]
O61 - LFC: 21/09/2013 - 07:08:34 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\Config\Config.cfg [15276]
O61 - LFC: 21/09/2013 - 07:08:34 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\DataSkinsCache.dat [39873]
O61 - LFC: 21/09/2013 - 07:08:34 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\UserDockManager2.xml [18517]
O61 - LFC: 21/09/2013 - 07:08:34 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\UserToolsBox2.xml [49063]
~ 26 Fichiers temporaires (Temporary files)
~ Files: 189 Legitimates Filtered in 00mn 58s
---\\ Fichiers Alternate Data Stream (ADS) (O62)
O62 - ADS:Alternate Data Stream File - C:\Windows\System32\pbsvc.exe:Zone.Identifier
~ ADS: Scanned in 00mn 37s
---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 16/03/2007 - C:\Windows\sysWOW64\drivers\TBPANELX64.sys (Cardex) .(.Windows (R) Server 2003 DDK provider - Display Control Program.) - LEGACY_CARDEX
~ Legacy: 84 Legitimates Filtered in 00mn 00s
---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- E:\FIREFOX\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Enumère les fichiers Crack & Keygen (CKF) (O82)
C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4cg.nfo =>P2P.BitTorrent
C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz01.zip =>P2P.BitTorrent
C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz02.zip =>P2P.BitTorrent
C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz03.zip =>P2P.BitTorrent
C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz04.zip =>P2P.BitTorrent
C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz05.zip =>P2P.BitTorrent
C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz07.zip =>P2P.BitTorrent
C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\file_id.diz =>P2P.BitTorrent
C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\Read-Me.txt =>P2P.BitTorrent
C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\www.torrentday.com.txt =>P2P.BitTorrent
C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4cg.nfo =>P2P.BitTorrent
C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz01.zip =>P2P.BitTorrent
C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz02.zip =>P2P.BitTorrent
C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz03.zip =>P2P.BitTorrent
C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz04.zip =>P2P.BitTorrent
C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz05.zip =>P2P.BitTorrent
C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz07.zip =>P2P.BitTorrent
C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\file_id.diz =>P2P.BitTorrent
C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\Read-Me.txt =>P2P.BitTorrent
C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\www.torrentday.com.txt =>P2P.BitTorrent
E:\PERFECT PHOTO SUITE\OnOne Perfect Photo Suite 7.0.2 Premium Edition Incl Keygen NiCkkkDoN\install.exe
E:\PERFECT PHOTO SUITE\OnOne Perfect Photo Suite 7.0.2 Premium Edition Incl Keygen NiCkkkDoN\Torrent downloaded from ExtraTorrent.com.txt
E:\RECOVER MY FILES\GetData.Recover.My.Files.v4.9.4.1343.Cracked\crack\RecoverMyFiles.exe
E:\RECOVER MY FILES\GetData.Recover.My.Files.v4.9.4.1343.Cracked\RecoverMyFiles-Setup.exe
H:\FM7\FM7 -Vsti\CloneCd_keygen.zip
~ Files: Scanned in 02mn 22s
---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.70942B01C11A1F507404903C89EC1A28] [SPRF][08/01/2012] (...) -- C:\ProgramData\CC4564BBD6.sys [88]
[MD5.433F06F7AC10A8998A4638E80EA3D15D] [SPRF][11/01/2012] (...) -- C:\ProgramData\KGyGaAvL.sys [6266]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Liste des exceptions du parefeu (FirewallRules) (O87)
O87 - FAEL: "{EA0244CE-4F7A-4933-8C0F-1296D07A2796}" | In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
O87 - FAEL: "{18BFDECD-4740-496F-BEE9-B6B170274FED}" | In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe
~ Firewall: 246 Legitimates Filtered in 00mn 01s
---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "041A393C89D535E41AE5F5E8EBBB9BCC" . (.KDFW v1.1.2 for FSX.) -- C:\Windows\Installer\{C393A140-5D98-4E53-A15E-5F8EBEBBB9CC}\controlPanelIcon.exe
O90 - PUC: "5B7E7436F608203409A6506CC2EC5A20" . (.Tpkd x64.) -- C:\Windows\Installer\{6347E7B5-806F-4302-906A-05C62CCEA502}\ARPPRODUCTICON.exe
O90 - PUC: "E2ACDDC52882CCB4692A4161D32543ED" . (.Natural World Trees.) -- C:\Windows\Installer\{5CDDCA2E-2882-4BCC-96A2-14163D5234DE}\ARPPRODUCTICON.exe
~ Update Products: 157 Legitimates Filtered in 00mn 00s
---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.CB70C99DC9309AAD6841A8F5A28E2607] [WIS][12/05/2012] (.Google, Inc. - Google SketchUp 8 Installer.) -- C:\Windows\Installer\1364eff.msi [50302976]
[MD5.A91D34375B4647FF0F57E8076EC72B1B] [WIS][08/08/2012] (.Babylon Ltd - BabylonObjectInstaller.) -- C:\Windows\Installer\1a53c.msi [343040] =>Toolbar.Babylon
~ WIS: 167 Legitimates Filtered in 00mn 46s
---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped)
SR - | Auto 19/09/2013 4159464 | (a2AntiMalware) . (.Emsisoft GmbH.) - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
SR - | Auto 23/09/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 19/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 17/11/2012 86224 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 17/11/2012 110032 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 20/05/2011 1175556 | (BroadCamService) . (.NCH Software.) - C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe
SR - | Auto 12/01/2012 87336 | (CLHNServiceForPowerDVD12) . (.CyberLink Corp..) - E:\POWER DVD 12 ULTRA v12.0.1312.54\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
SR - | Auto 19/07/2012 2568120 | (CodeMeter.exe) . (.WIBU-SYSTEMS AG.) - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
SR - | Auto 08/05/2008 122880 | (Crypkey License) . (.CrypKey (Canada) Ltd..) - C:\Windows\System32\crypserv.exe
SR - | Auto 12/01/2012 75048 | (CyberLink PowerDVD 12 Media Server Monitor Service) . (.CyberLink.) - E:\POWER DVD 12 ULTRA v12.0.1312.54\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
SR - | Auto 12/01/2012 296232 | (CyberLink PowerDVD 12 Media Server Service) . (.CyberLink.) - E:\POWER DVD 12 ULTRA v12.0.1312.54\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
SS - | Demand 16/08/2011 1044816 | (FLEXnet Licensing Service) . (.Flexera Software, Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SR - | Auto 27/06/2012 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 14/10/2009 151552 | (Marvell RAID) . (...) - C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
SS - | Demand 11/12/2012 115168 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 12/06/2008 24635 | (MRUWebService) . (.Apache Software Foundation.) - C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
SR - | Auto 23/09/2011 641832 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SR - | Auto 21/02/2011 66560 | (nlsX86cc) . (.Nalpeiron Ltd..) - C:\Windows\SysWOW64\nlssrv32.exe
SR - | Auto 18/01/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 25/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 05/06/2007 177704 | (ProtexisLicensing) . (...) - C:\Windows\SysWOW64\PSIService.exe
SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 13/10/2012 186760 | (ScsiAccess) . (...) - C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 11/01/2012 146928 | ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) . (.CyberLink Corp..) - E:\POWER DVD 12 ULTRA v12.0.1312.54\PowerDVD12\Common\NavFilter\000.fcl
~ Services: Scanned in 00mn 47s
---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
Run by Lolo at 21/09/2013 20:45:42
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
Written by ad13, http://ad13.geekstog
Run by Lolo at 21/09/2013 20:45:44
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scan Additionnel (O88)
Database Version : 12924 - (21/09/2013)
Clés trouvées (Keys found) : 9
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 6
[HKLM\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.IncrediBar^
[HKLM\Software\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco] =>PUP.OneClickDownloader^
[HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFile_RASAPI32] =>PUP.YourFileDownloader
[HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFileUpdater_RASAPI32] =>PUP.YourFileDownloader
[HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFileUpdater_RASMANCS] =>PUP.YourFileDownloader
[HKLM\Software\WNLT] =>Adware.IncrediBar
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly
[HKLM\Software\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}] =>Toolbar.Babylon
[HKLM\Software\Wow6432Node\Canneverbe Limited\OpenCandy] =>Adware.OpenCandy
C:\Users\Lolo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd =>Adware.IncrediBar^
C:\Users\Lolo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco =>PUP.OneClickDownloader^
[HKCU\Software\ExpressFiles] =>Adware.ExpressFiles^
[HKCU\Software\YahooPartnerToolbar] =>Toolbar.Yahoo^
[HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles^
C:\Windows\Installer\1a53c.msi =>Toolbar.Babylon^
~ Additionnel Scan: 540254 Items scanned in 01mn 31s
---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.Incredibar
~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy =>Hijacker.Proxy
~ http://nicolascoolman.webs.com/apps/blog/show/26753274-adware-expressfiles =>Adware.ExpressFiles
~ http://nicolascoolman.webs.com/apps/blog/show/27752690-pup-yourfiledownloader =>PUP.YourFileDownloader
~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo
~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon
~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly
~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy
~ MSI: 8 link(s) detected in 01mn 31s
~ 2323 Legitimates filtered by white list
End of the scan (742 lines in 08mn 52s)(25)