Virus qui continue à revenir (problème accents circonflexes)

Résolu
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   -  
 yoann090 -
Bonjour,

Voici ma config


Depuis 2 jours j'ai un problème
Mon pc ne veut pas afficher mes accents circonflexes

J'ai filtré ma machine avec adwcleaner puis malware antiware
Puis nettoyer les registres avec ccleaner

malware est efficace un temps mais cela ne dure pas
Mes accents reviennent mais le lendemain c'est rebolote

Dans C://ulilisateur/ monnom//local/appdata le dossier toolbar4 revient

et cette fichue clé aussi
hklm/software/microsoft/windows/currentversion/policies/ie/run/61292

C'est suite à l'installation de "easy mp3 wav concerter"
ça m'a vérolé toute la machine avec boxore etc
J'ai réussi à tout disparaitre sauf ce truc

Voici le rapport de malware

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2014.01.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
LOECHNER :: LOECHNER-PC [administrateur]

29/01/2014 14:36:05
MBAM-log-2014-01-28 (19-56-42).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 219708
Temps écoulé: 6 minute(s), 7 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Aucune action effectuée.

Valeur(s) du Registre détectée(s): 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|UserLayout.exe (Backdoor.Messa.E) -> Données: C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|61292 (Trojan.Agent) -> Données: C:\PROGRA~3\LOCALS~1\Temp\msoauz.cmd -> Aucune action effectuée.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 1
C:\Users\LOECHNER\AppData\Roaming\dclogs (Stolen.Data) -> Aucune action effectuée.

Fichier(s) détecté(s): 2
C:\Users\LOECHNER\AppData\Roaming\dclogs\2014-01-29-4.dc (Stolen.Data) -> Aucune action effectuée.
C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe (Backdoor.Messa.E) -> Aucune action effectuée.

(fin)


Si je les vire ils reviendront demain
Quelq'un a une petite idée de comment les virer ?

Merci mille fois !!!!!!
A voir également:

165 réponses

Précédent
Réponse 21 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
Bon effectivement le meme fichier revient tout le temps

Mes accents circonflexes ne fonctionnent à nouveau plus

pour le mode sans echec je vais vérifier ... je reviens ..

Voici le dernier rapport malware

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2014.01.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
LOECHNER :: LOECHNER-PC [administrateur]

30/01/2014 17:59:25
MBAM-log-2014-01-30 (20-19-20).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 219743
Temps écoulé: 7 minute(s), 20 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|61292 (Trojan.Agent) -> Données: C:\PROGRA~3\LOCALS~1\Temp\msoauz.cmd -> Aucune action effectuée.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)
0
Réponse 22 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
Voilà le rapport demandé

~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Lancé par LOECHNER (30/01/2014 20:20:05)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 26.0 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.2.286
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v4.07 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 26 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6135 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 254 GB (36%) free of 691 GB

---\\ Mode de connexion au système
~ Computer Name: LOECHNER-PC
~ User Name: LOECHNER
~ All Users Names: LOECHNER, Administrateur, 7B43C345E0764AC59F81,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\LOECHNER\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\LOECHNER\AppData\Roaming\
~ %Desktop% : C:\Users\LOECHNER\Desktop\
~ %Favorites% : C:\Users\LOECHNER\Favorites\
~ %LocalAppData% : C:\Users\LOECHNER\AppData\Local\
~ %StartMenu% : C:\Users\LOECHNER\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 254 Go of 691 Go)
D: Hard drive, Flash drive, Thumb drive (Free 212 Go of 692 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 08:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/144
~ Mes musiques (My Musics) : 1/13
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 6/3663
~ Mon Bureau (My Desktop) : 1/125
~ Menu demarrer (Programs) : 1/39
~ Hidden Files: Scanned in 00mn 02s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2544]
[MD5.0B1B7568CED61ABF5FD717F28175C96A] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.2596]
[MD5.588BEEE7B106E6520F550A45897D00B2] - (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384] [PID.1924]
[MD5.B644A9A9A8ADDEC20E7956373130AC2D] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056] [PID.3452]
[MD5.00287B525957A9AC91C112C7264BEA27] - (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3813200] [PID.3460]
[MD5.B17E1702DC1DAC26C17A917A1E255843] - (.Samsung - NCPro.) -- C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe [49220] [PID.3700]
[MD5.D9CB30BF12B3670650C85637EA1AB6EA] - (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888] [PID.3848]
[MD5.84F122BFFA0638CE735E891620EF7754] - (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280] [PID.3856]
[MD5.4D042B1F1375CF371AFBE0E0276BA627] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [624248] [PID.3880]
[MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.3900]
[MD5.4F2B6D05AFC4F680DFC2392EDA749493] - (.Applian Technologies, Inc. - FLV Service for Freecorder.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe [167936] [PID.3908] =>Riskware.Movly
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3984]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.5080]
[MD5.C4407E2DBC111685B6D8D8C0057B8586] - (.CybelSoft - T3KiiLA.) -- D:\Mes documents\2. Hippolyte\PlayForFight Launcher.exe [1001472] [PID.3892]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.5528]
[MD5.18D60D7C3F19D7C91E59CEB02D640DDC] - (.Cakewalk - Cakewalk Pro Audio.) -- C:\audio\cw9\cwpa.exe [1548288] [PID.4224]
[MD5.49D9C17FDDFAC66F27FA735E94923216] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [414496] [PID.960]
[MD5.FE79366FECD444A16CCA9979134DBEA8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376] [PID.1580]
[MD5.54192D7830C987D4DA7008204F53B34F] - (...) -- C:\Program Files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe [3115008] [PID.548]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.2052]
[MD5.FDE9C7030FB1E9E2715E113EE6A10F90] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376] [PID.2180]
[MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376] [PID.2200]
[MD5.816FD5A6F3C2F3D600900096632FC60E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [1150496] [PID.2312]
[MD5.A39F245FC5170BF80E89BBBD59610E24] - (.DataViz Inc. - MacOpener Mac Formatter.) -- C:\Program Files\Conversions Plus\FORMATM.exe [266304] [PID.2440]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2464]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2484]
[MD5.BD691091AC7D9713D8F0B07C6B099E6C] - (.NewTech Infosystems, Inc. - Backup Manager Module.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [62208] [PID.2508]
[MD5.1D3878E5722F0AB3C22D04E88AC4AC55] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912] [PID.2632]
[MD5.673E36852E2F9FA778D5D3DDCEFA591B] - (.PACE Anti-Piracy, Inc. - PACE License Support Service.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880] [PID.2728]
[MD5.70DDE3A86DBEB1D6C3C30AD687B1877A] - (.Acer - Acer Update Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160] [PID.2816]
[MD5.B5E6C4F280EBF0B16F74A5B415F2E0DF] - (.Pas de propriétaire - USB S3S4 Detection.) -- C:\OEM\USBDECTION\USBS3S4Detection.exe [76320] [PID.2932]
[MD5.0E899D0DB39617AA0B2F992E7E95B5EB] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840] [PID.3108]
[MD5.29D956C8CB67222D678FAF20D485B25B] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe [1011768] [PID.3284]
[MD5.227846995AFEEFA70D328BF5334A86A5] - (.Macrovision Europe Ltd. - Activation Licensing Service.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848] [PID.4948]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\LOECHNER\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\LOECHNER\AppData\Roaming\Mozilla\Firefox\Profiles\boq222za.default\prefs.js
M0 - MFSP: prefs.js [LOECHNER - boq222za.default] www.hotmail.com
M2 - MFEP: prefs.js [LOECHNER - boq222za.default\toolbar@ask.com] [] @@toolbarname@@ v (..)
M2 - MFEP: prefs.js [LOECHNER - boq222za.default\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC}] [] Freecorder 6 v2.1.9 (..) =>Riskware.Movly
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (.Pas de propriétaire - Provides additional functionality on Facebook. See <a href="http://www.) -- C:\Users\LOECHNER\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll =>.Facebook
~ Firefox Browser: 27 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{6B34ACCF-1B63-4E1A-8633-461917C75544} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Readme.LNK . (...) -- C:\Program Files (x86)\Waves\Documents\HTM DOCS\Join.htm
O4 - GS\QuickLaunch [LOECHNER]: DVD Decrypter.lnk . (.LIGHTNING UK! - DVD Decrypter - The Ultimate DVD Ripper!.) -- C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe
O4 - GS\QuickLaunch [LOECHNER]: Easy Audio Cutter.lnk . (.Koyote Soft - Pas de description.) -- C:\Program Files (x86)\Free Audio Pack\Easy Audio Cutter\AudioCutter.exe
O4 - GS\QuickLaunch [LOECHNER]: Free CD Ripper.lnk . (.Koyote Soft - FreeCDRipper.) -- C:\Program Files (x86)\Free Audio Pack\Free CD Ripper\FreeCDRipper.exe
O4 - GS\QuickLaunch [LOECHNER]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [LOECHNER]: Pro Tools 10.lnk . (.Avid Technology, Inc. - Pro Tools Application.) -- C:\Program Files (x86)\Avid\Pro Tools\ProTools.exe
O4 - GS\QuickLaunch [LOECHNER]: VSO Image Resizer 4.lnk . (.VSO Software SARL - ImageResizer.) -- C:\Program Files (x86)\VSO\Image Resizer 4\Resize.exe
O4 - GS\TaskBar [LOECHNER]: 00 Photoshop 7.0.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop.) -- C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe
O4 - GS\TaskBar [LOECHNER]: cwpa.lnk . (.Cakewalk - Cakewalk Pro Audio.) -- C:\audio\cw9\cwpa.exe
O4 - GS\TaskBar [LOECHNER]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [LOECHNER]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [LOECHNER]: Pro Tools 10.lnk . (.Avid Technology, Inc. - Pro Tools Application.) -- C:\Program Files (x86)\Avid\Pro Tools\ProTools.exe
O4 - GS\TaskBar [LOECHNER]: Saffire MixControl.lnk . (...) -- C:\Program Files\Focusrite\Saffire MixControl\SaffireCpl.exe
O4 - GS\TaskBar [LOECHNER]: SONAR 8 Producer Edition(x64).lnk . (.Twelve Tone Systems, Inc. - Pas de description.) -- C:\Program Files\Cakewalk\SONAR 8 Producer Edition\SONARPDR.exe
O4 - GS\Program [LOECHNER]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [LOECHNER]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [LOECHNER]: en_cours.lnk . (...) -- D:\Mes documents\7. Cours Collège Seb Elodie\Chorale\Chorale2014
O4 - GS\Desktop [LOECHNER]: MBAM-log-2014-01-28 (19-56-42) - Raccourci.lnk . (...) -- C:\Users\LOECHNER\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\MBAM-log-2014-01-28 (19-56-42).txt
O4 - GS\Desktop [LOECHNER]: Mes documents.lnk . (...) -- D:\Mes documents
~ Global Startup: 80 Legitimates Filtered in 00mn 04s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: NCProTray.lnk . (.Samsung - NCPro.) -- C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [EPSON Stylus D78 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBGE.exe =>.Epson Seiko Corporation
O4 - HKCU\..\RunOnce: [UserLayout.exe] . (.CybelSoft - T3KiiLA.) -- C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe
O4 - HKLM\..\Wow6432Node\Run: [JMB36X IDE Setup] . (...) -- C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
O4 - HKLM\..\Wow6432Node\Run: [Hotkey Utility] . (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Wow6432Node\Run: [MacLicense] . (.DataViz Inc. - MacOpener MacLicense.) -- C:\Program Files\Conversions Plus\MacLic.exe
O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe_ID0EYTHM] . (.Adobe Systems Incorporated - Adobe Version Cue CS3.) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [Freecorder FLV Service] . (.Applian Technologies, Inc. - FLV Service for Freecorder.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe =>Riskware.Movly
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
O4 - HKLM\..\policies\Explorer\Run: [61292] C:\PROGRA~3\LOCALS~1\Temp\msoauz.cmd (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3929475522-2066774324-1603334053-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-3929475522-2066774324-1603334053-1001\..\Run: [EPSON Stylus D78 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBGE.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-3929475522-2066774324-1603334053-1001\..\RunOnce: [UserLayout.exe] . (.CybelSoft - T3KiiLA.) -- C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E6C0F21-404B-4D33-9803-4183259F272A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A370574F-AE94-4DA1-B10B-6094E7156AAA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4E6C0F21-404B-4D33-9803-4183259F272A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A370574F-AE94-4DA1-B10B-6094E7156AAA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{4E6C0F21-404B-4D33-9803-4183259F272A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A370574F-AE94-4DA1-B10B-6094E7156AAA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (MacFormatService) . (.DataViz Inc. - MacOpener Mac Formatter.) - C:\Program Files\Conversions Plus\FORMATM.exe
O23 - Service: Mise à jour automatique - Index Education (MajIndexEducationService) . (...) - C:\Program Files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe
O23 - Service: USBS3S4Detection (USBS3S4Detection) . (.Pas de propriétaire - USB S3S4 Detection.) - C:\OEM\USBDECTION\USBS3S4Detection.exe
~ Services: 22 Legitimates Filtered in 00mn 04s



---\\ Tâches planifiées en automatique (O39)
[MD5.5CA85461AFFF7D0067286AB6DAF11BC2] [APT] [{01784662-8B28-4815-9055-E057779EA8DA}] (...) -- C:\Program Files (x86)\Finale 2003\Finale install\Finale 2003.exe [95158505]
[MD5.00000000000000000000000000000000] [APT] [{2B61860C-3EDE-42D3-A5F0-05F76E4B6217}] (...) -- C:\Program Files (x86)\CONVER~1\dvzeng.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3BD0A5E2-9A0A-4D69-8369-8C31F88A36A1}] (...) -- E:\bin\Adobe Premiere 6.0\bs-pe60\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{43E6DF3F-AB79-4620-9090-08DBB451A899}] (...) -- J:\Program Files\Outlook Express\setup50.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{496ADC8C-A36E-4533-B4D1-26B16341DCB6}] (...) -- E:\paint shop pro 7\crack\Crack.exe (.not file.) [0]
[MD5.5CA85461AFFF7D0067286AB6DAF11BC2] [APT] [{529757F2-826E-4CAE-99D0-765417F87860}] (...) -- C:\My_download_files\finale\Finale 2003.exe [95158505]
[MD5.00000000000000000000000000000000] [APT] [{795E3531-9C25-4E19-811F-4F43C46118EF}] (...) -- E:\bin\Adobe Premiere 6.0\bs-pe60\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9D0D9FA7-B60C-4126-A451-F487329AFF73}] (...) -- E:\bin\Adobe Premiere 6.0\bs-pe60\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A316033E-2AE5-4C57-AF54-4E8869A7B3AC}] (...) -- C:\Program Files (x86)\Steinberg\Asio\dxfdsetup.exe (.not file.) [0]
[MD5.988D37BC3CE0DDD813546B97F5AE2DE7] [APT] [{C3915191-0908-4B19-AEBA-71564AFF9D16}] (...) -- C:\My_download_files\pro_tools_APTHD.10.3.5.win\Patch\02 KillerBugs v2 for Pro Tools 10.3.5 HD (for 64 bits systems).exe [92571917]
[MD5.00000000000000000000000000000000] [APT] [{D96E953A-2843-48FC-BBAB-CC7A423BAF60}] (...) -- E:\musique\effets direct x\TubeWarmth DirectX Audio Plug-In ( 935 Ko )\OSETUP.exe (.not file.) [0]
[MD5.7856D7DCA83DF06DF2C8C2B7BC59A3A9] [APT] [{E85D9429-D59D-4459-9AD5-0D45EE7BE397}] (...) -- C:\audio\tcnative\tc-essentials\TCESSENTIAL\SETUPTCE.exe [1386560]
[MD5.00000000000000000000000000000000] [APT] [{FF4ABBAC-429C-4E5B-A7FF-E9B190AE3088}] (...) -- K:\My_download_files\Firebox\FireBox_121_Installer.exe (.not file.) [0]
~ Scheduled Task: 26 Legitimates Filtered in 00mn 08s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (Eve) . (...) - C:\Windows\System32\DRIVERS\eve.sys
O41 - Driver: (NCPro) . (. - .) - C:\Windows\system32\drivers\MTictwl.sys (.not file.)
~ Drivers: 84 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Clean! v1.0 - (...) [HKLM][64Bits] -- Clean!
O42 - Logiciel: Conversions Plus 6.05 - (...) [HKLM][64Bits] -- ConversionsPlus6.05
O42 - Logiciel: Driver Updater Pro - (.iXi Tools.) [HKLM][64Bits] -- Driver Updater Pro
O42 - Logiciel: Driver Updater Pro - (.iXi Tools.) [HKLM][64Bits] -- {7D1FA102-9B90-48B0-8DF8-735BBA5F4093}
O42 - Logiciel: Freecorder Toolbar - (...) [HKLM][64Bits] -- Freecorder Toolbar =>Riskware.Movly
O42 - Logiciel: HammerHead Rhythm Station - (...) [HKLM][64Bits] -- HammerHead Rhythm Station
O42 - Logiciel: Hyperprism DX 1.5 © Arboretum Systems, Inc. - (...) [HKLM][64Bits] -- Hyperprism DX 1.5 © Arboretum Systems, Inc.
O42 - Logiciel: Native Power Pack 2.3 - (...) [HKLM][64Bits] -- Native Power Pack 2.3
O42 - Logiciel: Nomad Factory Blue Tubes Bundle v2.0 - (...) [HKLM][64Bits] -- Nomad Factory Blue Tubes Bundle v2.0
O42 - Logiciel: Nomad Factory Liquid Bundle VST v1.6 - (...) [HKLM][64Bits] -- Nomad Factory Liquid Bundle VST v1.6
O42 - Logiciel: Nomad Factory Rock Amp Legends VST v1.0 - (...) [HKLM][64Bits] -- Nomad Factory Rock Amp Legends VST v1.0
O42 - Logiciel: RBC Audio Voice Tweaker Pro V3.02 - (...) [HKLM][64Bits] -- RBC Audio Voice Tweaker Pro V3.02
O42 - Logiciel: Saffire MixControl 3.3 - (.Focusrite Audio Engineering Ltd..) [HKLM][64Bits] -- Saffire PRO 40_is1
O42 - Logiciel: T-RackS 24 - (...) [HKLM][64Bits] -- T-RackS 24
O42 - Logiciel: TC Native Essentials v1.02 - (...) [HKLM][64Bits] -- TC-Essentials
O42 - Logiciel: USB PC Cam Plus - (.Nom de votre société.) [HKLM][64Bits] -- InstallShield_{B9724615-DC4C-49C6-B741-44CFE412CDAF}
O42 - Logiciel: Warp VST V1.0 - (...) [HKLM][64Bits] -- Warp VST V1.0
~ Logic: 48 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN]
[HKCU\Software\Ask&Record]
[HKCU\Software\Ask.com]
[HKCU\Software\AskToolbar]
[HKCU\Software\CCaissotti]
[HKCU\Software\DC3_FEXEC] =>Trojan.Fynloski
[HKCU\Software\Electron]
[HKCU\Software\Project]
[HKCU\Software\Soup]
[HKCU\Software\XPCTools]
[HKLM\Software\Wow6432Node\124]
[HKLM\Software\Wow6432Node\APN]
[HKLM\Software\Wow6432Node\AskToolbar]
[HKLM\Software\Wow6432Node\Bevee]
[HKLM\Software\Wow6432Node\Calculator]
[HKLM\Software\Wow6432Node\DSPFX32]
[HKLM\Software\Wow6432Node\Net4Music]
[HKLM\Software\Wow6432Node\Ogcrosoft]
[HKLM\Software\Wow6432Node\RBC Audio]
[HKLM\Software\Wow6432Node\SpectralDesign]
~ Key Software: 692 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/12/2012 - 15:22:33 - [4,406] ----D C:\Program Files (x86)\Ask.com
O43 - CFD: 19/06/2012 - 14:58:00 - [4,473] ----D C:\Program Files (x86)\DSPFX32
O43 - CFD: 19/09/2012 - 16:54:52 - [0,046] ----D C:\Program Files (x86)\Freecorder Toolbar =>Riskware.Movly
O43 - CFD: 24/06/2010 - 16:58:41 - [2,177] ----D C:\Program Files (x86)\HammerHead
O43 - CFD: 23/09/2010 - 09:35:13 - [13,325] ----D C:\Program Files (x86)\NPeducmus
O43 - CFD: 26/06/2010 - 09:26:16 - [1,181] ----D C:\Program Files (x86)\RBC Audio
O43 - CFD: 26/06/2010 - 08:22:23 - [2,521] ----D C:\Program Files (x86)\SmartMusic
O43 - CFD: 07/01/2011 - 17:59:41 - [0,707] ----D C:\Program Files (x86)\Team6 game studios
O43 - CFD: 26/06/2010 - 09:59:38 - [3,948] --H-D C:\ProgramData\{CC51AE54-B346-4954-ADDB-30BD4F138CF2}
O43 - CFD: 17/12/2013 - 17:27:24 - [13,924] ----D C:\Users\LOECHNER\AppData\Roaming\.Nachie1.6
O43 - CFD: 12/04/2012 - 10:39:52 - [0] ----D C:\Users\LOECHNER\AppData\Roaming\FireBox Mixer
O43 - CFD: 30/01/2014 - 19:02:18 - [415,645] ----D C:\Users\LOECHNER\AppData\Roaming\playforfight
O43 - CFD: 08/10/2013 - 18:46:32 - [0] --HAD C:\Users\LOECHNER\AppData\Local\2WcVdNSt
O43 - CFD: 10/12/2013 - 15:22:43 - [0,001] --H-D C:\Users\LOECHNER\AppData\Local\3dQ3SkCiUV0h
O43 - CFD: 23/05/2013 - 16:02:50 - [1,039] ----D C:\Users\LOECHNER\AppData\Local\AskToolbar
O43 - CFD: 02/07/2010 - 19:17:16 - [30,447] ----D C:\Users\LOECHNER\AppData\Local\Installer2084
O43 - CFD: 02/07/2010 - 19:12:01 - [33,915] ----D C:\Users\LOECHNER\AppData\Local\Installer3564
O43 - CFD: 25/06/2010 - 15:55:38 - [0] ----D C:\Users\LOECHNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Clean
O43 - CFD: 24/06/2010 - 20:14:58 - [0] ----D C:\Users\LOECHNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DSPFX32
O43 - CFD: 24/06/2010 - 20:17:00 - [0] ----D C:\Users\LOECHNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hyperprism DX Manual HTML
O43 - CFD: 26/06/2010 - 09:26:16 - [0] ----D C:\Users\LOECHNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RBC Audio
~ Program Folder: 346 Legitimates Filtered in 01mn 28s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.0E5318568C846443EFB0ED0C3BEEB687] - 28/01/2014 - 13:33:25 ---A- . (...) -- C:\rapport.txt [4956]
~ Files: 15 Legitimates Filtered in 00mn 43s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{23c1d6c8-667a-11e0-8ec1-90fba649a48b}\AutoRun\command. (...) -- K:\LaunchU3.exe (.not file.)
O51 - MPSK:{675061f8-e087-11e2-9eb6-90fba649a48b}\AutoRun\command. (...) -- K:\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.5C3BF188F182C26974646A13B0CA4715] - 28/03/2013 - 18:50:02 ---A- . (...) -- C:\Windows\System32\Drivers\eve.sys [41304]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.748EEDBB095FE6535C7E3616AEBC533F] - 16/05/2012 - 10:15:12 ---A- . (.Pas de propriétaire - iLok Kernel Driver.) -- C:\Windows\System32\Drivers\iLokDrvr.sys [25752]
O58 - SDL:[MD5.16E6B5C643D7611684994E158A227D5E] - 03/02/2010 - 11:16:50 ---A- . (.Archwave AG - Archwave 1394 Audio Device Driver.) -- C:\Windows\System32\Drivers\pae_1394_x64.sys [196992]
O58 - SDL:[MD5.64FC7B5C2B6899FC19A7060E0BCCBDB7] - 09/10/2007 - 16:06:56 ---A- . (.BridgeCo AG - BridgeCo WDM Audio Driver (AVStream).) -- C:\Windows\System32\Drivers\pae_avs_x64.sys [69168]
O58 - SDL:[MD5.E92EFA4A9287B1D4C65C13401CC2F891] - 18/09/2013 - 09:33:22 ---A- . (.Focusrite A.E. - Saffire.) -- C:\Windows\System32\Drivers\Saffire.sys [226768]
O58 - SDL:[MD5.0334399C48FB1A8E24FABFD719D07D78] - 18/09/2013 - 09:33:22 ---A- . (.Focusrite A.E. - Saffire.) -- C:\Windows\System32\Drivers\SaffireAudio.sys [47824]
O58 - SDL:[MD5.AB6946AE88816A0A7729A3DA0B47B4D1] - 18/09/2013 - 09:33:22 ---A- . (.Focusrite A.E. - Saffire.) -- C:\Windows\System32\Drivers\SaffireMidi.sys [38352]
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.5E214964C6E01245FABD40B283697180] - 24/06/2010 - 20:16:05 ---A- . (...) -- C:\Windows\SysWOW64\drivers\Haspnt.sys [36352]
O58 - SDL:[MD5.00971841E1B0B9722AEF94AFB99228F4] - 16/09/2001 - 15:24:00 ---A- . (.DataViz Inc. - MacOpener File System Driver.) -- C:\Windows\SysWOW64\drivers\MacOpen.sys [176709]
O58 - SDL:[MD5.F627E9DA4D3D8DC05A15B68944302F14] - 21/10/2005 - 06:25:32 ---A- . (...) -- C:\Windows\SysWOW64\drivers\MTictwl.sys [13396]
O58 - SDL:[MD5.3F24EAEB165328E00D687BF3B60A448A] - 24/02/2005 - 11:29:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\PFC027.sys [162176]
O58 - SDL:[MD5.F7B1044170266FA4EC8605F77818C7FD] - 24/06/2010 - 20:16:05 ---A- . (...) -- C:\Windows\SysWOW64\haspdos.sys [383]
O58 - SDL:[MD5.EA2270613011D57E2385D92A2CEF44C7] - 02/06/2011 - 09:49:02 ---A- . (...) -- C:\Windows\SysWOW64\isric5.sys [16]
~ Drivers: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 28/03/2013 - C:\Windows\System32\DRIVERS\eve.sys (Eve) .(...) - LEGACY_EVE
~ Legacy: 83 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.cbid", "A2");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.crumb", "2014.01.28+15.23.04-dubprdapntlfe6-FR-UGFyaXMsRnJhbmNl");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.default-channel-url-mask", "https://fr.ask.com/?o=0&l=dir&ad=dirN{query}&o={o}&l={l}&qsrc={qsrc}");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.dtid", "YYYYYYYYFR");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "FRXX0076");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.http-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"ww[...]
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.l", "dis");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.locale", "en_US");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.location", "Paris,France");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.o", "10148");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.qsrc", "2871");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.to", "");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {D655DBD8-0F83-4296-8B32-9F482E4524DF} [DefaultScope] - (Freecorder Customized Web Search) - http://search.conduit.com =>Riskware.Movly
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.24F6D923EF6956ABD0449C879F36D7C7] [SPRF][30/01/2014] (...) -- C:\Users\LOECHNER\AppData\Local\Temp\i4jdel0.exe [27411]
[MD5.FA07E81AE9FC09E0353EF32E6F1BF122] [SPRF][30/01/2014] (.T3KiiLA - Launcher F4F.) -- C:\Users\LOECHNER\AppData\Local\Temp\PlayForFight Launcher.exe [425688]
[MD5.22935D99B8B9691F6EBC348237D29832] [SPRF][29/01/2014] (...) -- C:\Users\LOECHNER\AppData\Roaming\hin.exe [117837]
[MD5.913671EB63F3947F8065BF5E4D599907] [SPRF][29/01/2014] (...) -- C:\Users\LOECHNER\AppData\Roaming\kjjk$.exe [633618]
[MD5.D25C6A0228341A2A68E3B44F4A36D169] [SPRF][29/01/2014] (...) -- C:\Users\LOECHNER\AppData\Roaming\l.exe [635655]
~ Files: 7 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "5164279BC4CD6C947B1444FC4E21DCFA" . (.USB PC Cam Plus.) -- C:\Windows\Installer\{B9724615-DC4C-49C6-B741-44CFE412CDAF}\ARPPRODUCTICON.exe
O90 - PUC: "78886CCC70E683440A53C722FEDB1CE5" . (..) -- C:\Windows\Installer\{CCC68887-6E07-4438-A035-7C22EFBDC15E}\ARPPRODUCTICON.exe
~ Update Products: 199 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.EF376EF21F36FDC18D8DAC4A82A63F61] [WIS][26/06/2010] (.iXi Tools - Driver Updater Pro Installation.) -- C:\Windows\Installer\c40aa2.msi [268288]
~ WIS: 203 Legitimates Filtered in 00mn 13s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 20/03/2007 153792 | (Adobe Version Cue CS3) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe =>.Adobe Systems Incorporated
SS - | Demand 18/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 24/06/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/06/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 20/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/09/2009 305448 | (MWLService) . (.Egis Technology Inc..) - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
SS - | Demand 28/07/2009 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
SS - | Demand 04/02/2013 155824 | (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
SS - | Demand 16/03/2011 407336 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 17/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 12/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 17/12/2013 1011768 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe
SR - | Auto 28/02/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
SR - | Demand 25/06/2010 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Auto 28/08/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
SR - | Auto 23/01/2014 2221904 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SR - | Auto 07/08/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 13/12/2013 377104 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
SR - | Auto 16/09/2001 266304 | (MacFormatService) . (.DataViz Inc..) - C:\Program Files\Conversions Plus\FORMATM.exe
SR - | Auto 03/01/2014 3115008 | (MajIndexEducationService) . (...) - C:\Program Files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 13/08/2009 62208 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
SR - | Auto 29/11/2013 1370912 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 29/11/2013 15128352 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 11/11/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 18/05/2012 2938880 | (PaceLicenseDServices) . (.PACE Anti-Piracy, Inc..) - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
SR - | Auto 11/11/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 04/07/2009 240160 | (Updater Service) . (.Acer.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 09/12/2009 76320 | (USBS3S4Detection) . (...) - C:\OEM\USBDECTION\USBS3S4Detection.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 14s



---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
~ Emulateurs: Scanned in 00mn 14s



---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 34
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 8
Fichiers trouvés (Files found) : 1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar] =>Riskware.Movly^
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKCU\Software\APN] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\APN] =>Toolbar.Ask
[HKCU\Software\Ask&Record] =>Toolbar.Agent
[HKCU\Software\Ask.com] =>Toolbar.AskBar
[HKCU\Software\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar
[HKLM\Software\Wow6432Node\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\DC3_FEXEC] =>Trojan.Fynloski
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6B34ACCF-1B63-4E1A-8633-461917C75544}] =>Toolbar.Freecorder
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6B34ACCF-1B63-4E1A-8633-461917C75544}] =>Toolbar.Freecorder
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Freecorder FLV Service =>Riskware.Movly^
C:\Users\LOECHNER\AppData\Roaming\Mozilla\Firefox\Profiles\boq222za.default\extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC} =>Riskware.Movly^
C:\Program Files (x86)\Freecorder Toolbar =>Riskware.Movly^
C:\Program Files (x86)\Ask.com =>Toolbar.AskBar
C:\Program Files (x86)\Freecorder 6 =>Toolbar.Freecorder
C:\Users\LOECHNER\AppData\Local\AskToolbar =>Toolbar.AskTBar
C:\Users\LOECHNER\AppData\LocalLow\AskToolbar =>Toolbar.AskTBar
C:\Users\LOECHNER\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit
C:\Users\LOECHNER\AppData\Roaming\Mozilla\Firefox\Profiles\boq222za.default\Extensions\toolbar@ask.com =>Toolbar.AskTBar
C:\Program Files (x86)\Freecorder\FLVSrvc.exe =>Riskware.Movly^
~ Additionnel Scan: 716171 Items scanned in 00mn 21s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28801930-riskware-movly =>Riskware.Movly
~ http://nicolascoolman.webs.com/apps/blog/show/32240257-trojan-fynloski =>Trojan.Fynloski
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ MSI: 4 link(s) detected in 00mn 22s



~ 1698 Legitimates filtered by white list
End of the scan (632 lines in 03mn 26s)(0)
0
Réponse 23 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
Bon je reviens du mode sans échec
Aucun souci pour y faire apparaitre des circconflexes...

C'est très gentil de vous occuper de moi ;)
0
ArnaudLy6 Messages postés 4412 Date d'inscription   Statut Membre Dernière intervention   189
 
Il faudrait une nouvelle analyse ZHPDiag ;)
0
Réponse 24 / 165
lilidurhone Messages postés 43355 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 807
 
* Télécharge sur le bureau RogueKiller

* Quitte tous tes programmes en cours.

* Sous Vista/Seven et windows 8 , clique droit -> lancer en tant qu'administrateur

* Sinon lance simplement RogueKiller.exe

* Patiente pendant le pre-scan, puis clique sur le bouton Scan

* Un rapport RKreport.txt a du se créer sur le bureau, poste-le.

Note : Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois.


0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
voici le rapport

RogueKiller V8.8.4 [Jan 27 2014] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : https://www.luanagames.com/index.fr.html
Blog : https://www.adlice.com/

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : LOECHNER [Droits d'admin]
Mode : Recherche -- Date : 01/30/2014 20:43:06
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 1 ¤¤¤
[SUSP PATH] UserLayout.exe -- C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe [-] -> TUÉ [TermProc]

¤¤¤ Entrees de registre : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\RunOnce : UserLayout.exe (C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe [-]) -> TROUVÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-3929475522-2066774324-1603334053-1001\[...]\RunOnce : UserLayout.exe (C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe [-]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Run : 61292 (C:\PROGRA~3\LOCALS~1\Temp\msoauz.cmd [x]) -> TROUVÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : 61292 (C:\PROGRA~3\LOCALS~1\Temp\msoauz.cmd [x]) -> TROUVÉ
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

¤¤¤ Tâches planifiées : 0 ¤¤¤

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Addons navigateur : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD15EADS-22P8B0 +++++
--- User ---
[MBR] 2cebcf00f630463e11011815babfed63
[BSP] ed7b7e9d2a217c59ab631c67c5a39760 : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 708046 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1479645184 | Size: 708315 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[0]_S_01302014_204306.txt >>
0
Réponse 26 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
Ok scan ZHPDIAG

~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Lancé par LOECHNER (30/01/2014 20:45:12)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 26.0 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.2.286
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v4.07 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 26 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6135 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 254 GB (36%) free of 691 GB

---\\ Mode de connexion au système
~ Computer Name: LOECHNER-PC
~ User Name: LOECHNER
~ All Users Names: LOECHNER, Administrateur, 7B43C345E0764AC59F81,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\LOECHNER\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\LOECHNER\AppData\Roaming\
~ %Desktop% : C:\Users\LOECHNER\Desktop\
~ %Favorites% : C:\Users\LOECHNER\Favorites\
~ %LocalAppData% : C:\Users\LOECHNER\AppData\Local\
~ %StartMenu% : C:\Users\LOECHNER\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 254 Go of 691 Go)
D: Hard drive, Flash drive, Thumb drive (Free 212 Go of 692 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 08:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/144
~ Mes musiques (My Musics) : 1/13
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 6/3663
~ Mon Bureau (My Desktop) : 1/128
~ Menu demarrer (Programs) : 1/39
~ Hidden Files: Scanned in 00mn 02s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2408]
[MD5.0B1B7568CED61ABF5FD717F28175C96A] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.2472]
[MD5.588BEEE7B106E6520F550A45897D00B2] - (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384] [PID.2584]
[MD5.B644A9A9A8ADDEC20E7956373130AC2D] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056] [PID.2608]
[MD5.B17E1702DC1DAC26C17A917A1E255843] - (.Samsung - NCPro.) -- C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe [49220] [PID.2744]
[MD5.D9CB30BF12B3670650C85637EA1AB6EA] - (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888] [PID.2832]
[MD5.84F122BFFA0638CE735E891620EF7754] - (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280] [PID.2840]
[MD5.4D042B1F1375CF371AFBE0E0276BA627] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [624248] [PID.2856]
[MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.2872]
[MD5.4F2B6D05AFC4F680DFC2392EDA749493] - (.Applian Technologies, Inc. - FLV Service for Freecorder.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe [167936] [PID.2880] =>Riskware.Movly
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3052]
[MD5.00287B525957A9AC91C112C7264BEA27] - (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3813200] [PID.2392]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.5384]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.1560]
[MD5.49D9C17FDDFAC66F27FA735E94923216] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [414496] [PID.960]
[MD5.FE79366FECD444A16CCA9979134DBEA8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376] [PID.1552]
[MD5.54192D7830C987D4DA7008204F53B34F] - (...) -- C:\Program Files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe [3115008] [PID.1088]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1084]
[MD5.FDE9C7030FB1E9E2715E113EE6A10F90] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376] [PID.2028]
[MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376] [PID.2060]
[MD5.816FD5A6F3C2F3D600900096632FC60E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [1150496] [PID.2152]
[MD5.A39F245FC5170BF80E89BBBD59610E24] - (.DataViz Inc. - MacOpener Mac Formatter.) -- C:\Program Files\Conversions Plus\FORMATM.exe [266304] [PID.2320]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2340]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2372]
[MD5.BD691091AC7D9713D8F0B07C6B099E6C] - (.NewTech Infosystems, Inc. - Backup Manager Module.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [62208] [PID.2396]
[MD5.1D3878E5722F0AB3C22D04E88AC4AC55] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912] [PID.1932]
[MD5.673E36852E2F9FA778D5D3DDCEFA591B] - (.PACE Anti-Piracy, Inc. - PACE License Support Service.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880] [PID.1396]
[MD5.70DDE3A86DBEB1D6C3C30AD687B1877A] - (.Acer - Acer Update Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160] [PID.3092]
[MD5.B5E6C4F280EBF0B16F74A5B415F2E0DF] - (.Pas de propriétaire - USB S3S4 Detection.) -- C:\OEM\USBDECTION\USBS3S4Detection.exe [76320] [PID.3128]
[MD5.0E899D0DB39617AA0B2F992E7E95B5EB] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840] [PID.3660]
[MD5.29D956C8CB67222D678FAF20D485B25B] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe [1011768] [PID.3308]
[MD5.227846995AFEEFA70D328BF5334A86A5] - (.Macrovision Europe Ltd. - Activation Licensing Service.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848] [PID.4124]
[MD5.B074E6CEC8F56453F6C9E71E85440F55] - (...) -- C:\Users\LOECHNER\Desktop\RogueKiller.exe [3794432] [PID.5920]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\LOECHNER\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\LOECHNER\AppData\Roaming\Mozilla\Firefox\Profiles\boq222za.default\prefs.js
M0 - MFSP: prefs.js [LOECHNER - boq222za.default] www.hotmail.com
M2 - MFEP: prefs.js [LOECHNER - boq222za.default\toolbar@ask.com] [] @@toolbarname@@ v (..)
M2 - MFEP: prefs.js [LOECHNER - boq222za.default\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC}] [] Freecorder 6 v2.1.9 (..) =>Riskware.Movly
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (.Pas de propriétaire - Provides additional functionality on Facebook. See <a href="http://www.) -- C:\Users\LOECHNER\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll =>.Facebook
~ Firefox Browser: 27 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{6B34ACCF-1B63-4E1A-8633-461917C75544} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Readme.LNK . (...) -- C:\Program Files (x86)\Waves\Documents\HTM DOCS\Join.htm
O4 - GS\QuickLaunch [LOECHNER]: DVD Decrypter.lnk . (.LIGHTNING UK! - DVD Decrypter - The Ultimate DVD Ripper!.) -- C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe
O4 - GS\QuickLaunch [LOECHNER]: Easy Audio Cutter.lnk . (.Koyote Soft - Pas de description.) -- C:\Program Files (x86)\Free Audio Pack\Easy Audio Cutter\AudioCutter.exe
O4 - GS\QuickLaunch [LOECHNER]: Free CD Ripper.lnk . (.Koyote Soft - FreeCDRipper.) -- C:\Program Files (x86)\Free Audio Pack\Free CD Ripper\FreeCDRipper.exe
O4 - GS\QuickLaunch [LOECHNER]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [LOECHNER]: Pro Tools 10.lnk . (.Avid Technology, Inc. - Pro Tools Application.) -- C:\Program Files (x86)\Avid\Pro Tools\ProTools.exe
O4 - GS\QuickLaunch [LOECHNER]: VSO Image Resizer 4.lnk . (.VSO Software SARL - ImageResizer.) -- C:\Program Files (x86)\VSO\Image Resizer 4\Resize.exe
O4 - GS\TaskBar [LOECHNER]: 00 Photoshop 7.0.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop.) -- C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe
O4 - GS\TaskBar [LOECHNER]: cwpa.lnk . (.Cakewalk - Cakewalk Pro Audio.) -- C:\audio\cw9\cwpa.exe
O4 - GS\TaskBar [LOECHNER]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [LOECHNER]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [LOECHNER]: Pro Tools 10.lnk . (.Avid Technology, Inc. - Pro Tools Application.) -- C:\Program Files (x86)\Avid\Pro Tools\ProTools.exe
O4 - GS\TaskBar [LOECHNER]: Saffire MixControl.lnk . (...) -- C:\Program Files\Focusrite\Saffire MixControl\SaffireCpl.exe
O4 - GS\TaskBar [LOECHNER]: SONAR 8 Producer Edition(x64).lnk . (.Twelve Tone Systems, Inc. - Pas de description.) -- C:\Program Files\Cakewalk\SONAR 8 Producer Edition\SONARPDR.exe
O4 - GS\Program [LOECHNER]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [LOECHNER]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [LOECHNER]: en_cours.lnk . (...) -- D:\Mes documents\7. Cours Collège Seb Elodie\Chorale\Chorale2014
O4 - GS\Desktop [LOECHNER]: MBAM-log-2014-01-28 (19-56-42) - Raccourci.lnk . (...) -- C:\Users\LOECHNER\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\MBAM-log-2014-01-28 (19-56-42).txt
O4 - GS\Desktop [LOECHNER]: Mes documents.lnk . (...) -- D:\Mes documents
~ Global Startup: 80 Legitimates Filtered in 00mn 03s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: NCProTray.lnk . (.Samsung - NCPro.) -- C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [EPSON Stylus D78 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBGE.exe =>.Epson Seiko Corporation
O4 - HKCU\..\RunOnce: [UserLayout.exe] . (.CybelSoft - T3KiiLA.) -- C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe
O4 - HKLM\..\Wow6432Node\Run: [JMB36X IDE Setup] . (...) -- C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
O4 - HKLM\..\Wow6432Node\Run: [Hotkey Utility] . (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Wow6432Node\Run: [MacLicense] . (.DataViz Inc. - MacOpener MacLicense.) -- C:\Program Files\Conversions Plus\MacLic.exe
O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe_ID0EYTHM] . (.Adobe Systems Incorporated - Adobe Version Cue CS3.) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [Freecorder FLV Service] . (.Applian Technologies, Inc. - FLV Service for Freecorder.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe =>Riskware.Movly
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
O4 - HKLM\..\policies\Explorer\Run: [61292] C:\PROGRA~3\LOCALS~1\Temp\msoauz.cmd (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3929475522-2066774324-1603334053-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-3929475522-2066774324-1603334053-1001\..\Run: [EPSON Stylus D78 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBGE.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-3929475522-2066774324-1603334053-1001\..\RunOnce: [UserLayout.exe] . (.CybelSoft - T3KiiLA.) -- C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E6C0F21-404B-4D33-9803-4183259F272A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A370574F-AE94-4DA1-B10B-6094E7156AAA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4E6C0F21-404B-4D33-9803-4183259F272A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A370574F-AE94-4DA1-B10B-6094E7156AAA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{4E6C0F21-404B-4D33-9803-4183259F272A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A370574F-AE94-4DA1-B10B-6094E7156AAA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (MacFormatService) . (.DataViz Inc. - MacOpener Mac Formatter.) - C:\Program Files\Conversions Plus\FORMATM.exe
O23 - Service: Mise à jour automatique - Index Education (MajIndexEducationService) . (...) - C:\Program Files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe
O23 - Service: USBS3S4Detection (USBS3S4Detection) . (.Pas de propriétaire - USB S3S4 Detection.) - C:\OEM\USBDECTION\USBS3S4Detection.exe
~ Services: 22 Legitimates Filtered in 00mn 03s



---\\ Tâches planifiées en automatique (O39)
[MD5.5CA85461AFFF7D0067286AB6DAF11BC2] [APT] [{01784662-8B28-4815-9055-E057779EA8DA}] (...) -- C:\Program Files (x86)\Finale 2003\Finale install\Finale 2003.exe [95158505]
[MD5.00000000000000000000000000000000] [APT] [{2B61860C-3EDE-42D3-A5F0-05F76E4B6217}] (...) -- C:\Program Files (x86)\CONVER~1\dvzeng.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3BD0A5E2-9A0A-4D69-8369-8C31F88A36A1}] (...) -- E:\bin\Adobe Premiere 6.0\bs-pe60\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{43E6DF3F-AB79-4620-9090-08DBB451A899}] (...) -- J:\Program Files\Outlook Express\setup50.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{496ADC8C-A36E-4533-B4D1-26B16341DCB6}] (...) -- E:\paint shop pro 7\crack\Crack.exe (.not file.) [0]
[MD5.5CA85461AFFF7D0067286AB6DAF11BC2] [APT] [{529757F2-826E-4CAE-99D0-765417F87860}] (...) -- C:\My_download_files\finale\Finale 2003.exe [95158505]
[MD5.00000000000000000000000000000000] [APT] [{795E3531-9C25-4E19-811F-4F43C46118EF}] (...) -- E:\bin\Adobe Premiere 6.0\bs-pe60\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9D0D9FA7-B60C-4126-A451-F487329AFF73}] (...) -- E:\bin\Adobe Premiere 6.0\bs-pe60\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A316033E-2AE5-4C57-AF54-4E8869A7B3AC}] (...) -- C:\Program Files (x86)\Steinberg\Asio\dxfdsetup.exe (.not file.) [0]
[MD5.988D37BC3CE0DDD813546B97F5AE2DE7] [APT] [{C3915191-0908-4B19-AEBA-71564AFF9D16}] (...) -- C:\My_download_files\pro_tools_APTHD.10.3.5.win\Patch\02 KillerBugs v2 for Pro Tools 10.3.5 HD (for 64 bits systems).exe [92571917]
[MD5.00000000000000000000000000000000] [APT] [{D96E953A-2843-48FC-BBAB-CC7A423BAF60}] (...) -- E:\musique\effets direct x\TubeWarmth DirectX Audio Plug-In ( 935 Ko )\OSETUP.exe (.not file.) [0]
[MD5.7856D7DCA83DF06DF2C8C2B7BC59A3A9] [APT] [{E85D9429-D59D-4459-9AD5-0D45EE7BE397}] (...) -- C:\audio\tcnative\tc-essentials\TCESSENTIAL\SETUPTCE.exe [1386560]
[MD5.00000000000000000000000000000000] [APT] [{FF4ABBAC-429C-4E5B-A7FF-E9B190AE3088}] (...) -- K:\My_download_files\Firebox\FireBox_121_Installer.exe (.not file.) [0]
~ Scheduled Task: 26 Legitimates Filtered in 00mn 03s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (Eve) . (...) - C:\Windows\System32\DRIVERS\eve.sys
O41 - Driver: (NCPro) . (. - .) - C:\Windows\system32\drivers\MTictwl.sys (.not file.)
~ Drivers: 84 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Clean! v1.0 - (...) [HKLM][64Bits] -- Clean!
O42 - Logiciel: Conversions Plus 6.05 - (...) [HKLM][64Bits] -- ConversionsPlus6.05
O42 - Logiciel: Driver Updater Pro - (.iXi Tools.) [HKLM][64Bits] -- Driver Updater Pro
O42 - Logiciel: Driver Updater Pro - (.iXi Tools.) [HKLM][64Bits] -- {7D1FA102-9B90-48B0-8DF8-735BBA5F4093}
O42 - Logiciel: Freecorder Toolbar - (...) [HKLM][64Bits] -- Freecorder Toolbar =>Riskware.Movly
O42 - Logiciel: HammerHead Rhythm Station - (...) [HKLM][64Bits] -- HammerHead Rhythm Station
O42 - Logiciel: Hyperprism DX 1.5 © Arboretum Systems, Inc. - (...) [HKLM][64Bits] -- Hyperprism DX 1.5 © Arboretum Systems, Inc.
O42 - Logiciel: Native Power Pack 2.3 - (...) [HKLM][64Bits] -- Native Power Pack 2.3
O42 - Logiciel: Nomad Factory Blue Tubes Bundle v2.0 - (...) [HKLM][64Bits] -- Nomad Factory Blue Tubes Bundle v2.0
O42 - Logiciel: Nomad Factory Liquid Bundle VST v1.6 - (...) [HKLM][64Bits] -- Nomad Factory Liquid Bundle VST v1.6
O42 - Logiciel: Nomad Factory Rock Amp Legends VST v1.0 - (...) [HKLM][64Bits] -- Nomad Factory Rock Amp Legends VST v1.0
O42 - Logiciel: RBC Audio Voice Tweaker Pro V3.02 - (...) [HKLM][64Bits] -- RBC Audio Voice Tweaker Pro V3.02
O42 - Logiciel: Saffire MixControl 3.3 - (.Focusrite Audio Engineering Ltd..) [HKLM][64Bits] -- Saffire PRO 40_is1
O42 - Logiciel: T-RackS 24 - (...) [HKLM][64Bits] -- T-RackS 24
O42 - Logiciel: TC Native Essentials v1.02 - (...) [HKLM][64Bits] -- TC-Essentials
O42 - Logiciel: USB PC Cam Plus - (.Nom de votre société.) [HKLM][64Bits] -- InstallShield_{B9724615-DC4C-49C6-B741-44CFE412CDAF}
O42 - Logiciel: Warp VST V1.0 - (...) [HKLM][64Bits] -- Warp VST V1.0
~ Logic: 48 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN]
[HKCU\Software\Ask&Record]
[HKCU\Software\Ask.com]
[HKCU\Software\AskToolbar]
[HKCU\Software\CCaissotti]
[HKCU\Software\DC3_FEXEC] =>Trojan.Fynloski
[HKCU\Software\Electron]
[HKCU\Software\Project]
[HKCU\Software\Soup]
[HKCU\Software\XPCTools]
[HKLM\Software\Wow6432Node\124]
[HKLM\Software\Wow6432Node\APN]
[HKLM\Software\Wow6432Node\AskToolbar]
[HKLM\Software\Wow6432Node\Bevee]
[HKLM\Software\Wow6432Node\Calculator]
[HKLM\Software\Wow6432Node\DSPFX32]
[HKLM\Software\Wow6432Node\Net4Music]
[HKLM\Software\Wow6432Node\Ogcrosoft]
[HKLM\Software\Wow6432Node\RBC Audio]
[HKLM\Software\Wow6432Node\SpectralDesign]
~ Key Software: 692 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/12/2012 - 15:22:33 - [4,406] ----D C:\Program Files (x86)\Ask.com
O43 - CFD: 19/06/2012 - 14:58:00 - [4,473] ----D C:\Program Files (x86)\DSPFX32
O43 - CFD: 19/09/2012 - 16:54:52 - [0,046] ----D C:\Program Files (x86)\Freecorder Toolbar =>Riskware.Movly
O43 - CFD: 24/06/2010 - 16:58:41 - [2,177] ----D C:\Program Files (x86)\HammerHead
O43 - CFD: 23/09/2010 - 09:35:13 - [13,325] ----D C:\Program Files (x86)\NPeducmus
O43 - CFD: 26/06/2010 - 09:26:16 - [1,181] ----D C:\Program Files (x86)\RBC Audio
O43 - CFD: 26/06/2010 - 08:22:23 - [2,521] ----D C:\Program Files (x86)\SmartMusic
O43 - CFD: 07/01/2011 - 17:59:41 - [0,707] ----D C:\Program Files (x86)\Team6 game studios
O43 - CFD: 26/06/2010 - 09:59:38 - [3,948] --H-D C:\ProgramData\{CC51AE54-B346-4954-ADDB-30BD4F138CF2}
O43 - CFD: 17/12/2013 - 17:27:24 - [13,924] ----D C:\Users\LOECHNER\AppData\Roaming\.Nachie1.6
O43 - CFD: 12/04/2012 - 10:39:52 - [0] ----D C:\Users\LOECHNER\AppData\Roaming\FireBox Mixer
O43 - CFD: 30/01/2014 - 19:02:18 - [415,645] ----D C:\Users\LOECHNER\AppData\Roaming\playforfight
O43 - CFD: 08/10/2013 - 18:46:32 - [0] --HAD C:\Users\LOECHNER\AppData\Local\2WcVdNSt
O43 - CFD: 10/12/2013 - 15:22:43 - [0,001] --H-D C:\Users\LOECHNER\AppData\Local\3dQ3SkCiUV0h
O43 - CFD: 23/05/2013 - 16:02:50 - [1,039] ----D C:\Users\LOECHNER\AppData\Local\AskToolbar
O43 - CFD: 02/07/2010 - 19:17:16 - [30,447] ----D C:\Users\LOECHNER\AppData\Local\Installer2084
O43 - CFD: 02/07/2010 - 19:12:01 - [33,915] ----D C:\Users\LOECHNER\AppData\Local\Installer3564
O43 - CFD: 25/06/2010 - 15:55:38 - [0] ----D C:\Users\LOECHNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Clean
O43 - CFD: 24/06/2010 - 20:14:58 - [0] ----D C:\Users\LOECHNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DSPFX32
O43 - CFD: 24/06/2010 - 20:17:00 - [0] ----D C:\Users\LOECHNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hyperprism DX Manual HTML
O43 - CFD: 26/06/2010 - 09:26:16 - [0] ----D C:\Users\LOECHNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RBC Audio
~ Program Folder: 346 Legitimates Filtered in 01mn 07s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.0E5318568C846443EFB0ED0C3BEEB687] - 28/01/2014 - 13:33:25 ---A- . (...) -- C:\rapport.txt [4956]
O44 - LFC:[MD5.6B7CBF3E6629C02E79FC2DD543098B4E] - 30/01/2014 - 20:28:52 ---A- . (...) -- C:\Windows\ntbtlog.txt [260630]
~ Files: 16 Legitimates Filtered in 00mn 37s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{23c1d6c8-667a-11e0-8ec1-90fba649a48b}\AutoRun\command. (...) -- K:\LaunchU3.exe (.not file.)
O51 - MPSK:{675061f8-e087-11e2-9eb6-90fba649a48b}\AutoRun\command. (...) -- K:\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.5C3BF188F182C26974646A13B0CA4715] - 28/03/2013 - 18:50:02 ---A- . (...) -- C:\Windows\System32\Drivers\eve.sys [41304]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.748EEDBB095FE6535C7E3616AEBC533F] - 16/05/2012 - 10:15:12 ---A- . (.Pas de propriétaire - iLok Kernel Driver.) -- C:\Windows\System32\Drivers\iLokDrvr.sys [25752]
O58 - SDL:[MD5.16E6B5C643D7611684994E158A227D5E] - 03/02/2010 - 11:16:50 ---A- . (.Archwave AG - Archwave 1394 Audio Device Driver.) -- C:\Windows\System32\Drivers\pae_1394_x64.sys [196992]
O58 - SDL:[MD5.64FC7B5C2B6899FC19A7060E0BCCBDB7] - 09/10/2007 - 16:06:56 ---A- . (.BridgeCo AG - BridgeCo WDM Audio Driver (AVStream).) -- C:\Windows\System32\Drivers\pae_avs_x64.sys [69168]
O58 - SDL:[MD5.E92EFA4A9287B1D4C65C13401CC2F891] - 18/09/2013 - 09:33:22 ---A- . (.Focusrite A.E. - Saffire.) -- C:\Windows\System32\Drivers\Saffire.sys [226768]
O58 - SDL:[MD5.0334399C48FB1A8E24FABFD719D07D78] - 18/09/2013 - 09:33:22 ---A- . (.Focusrite A.E. - Saffire.) -- C:\Windows\System32\Drivers\SaffireAudio.sys [47824]
O58 - SDL:[MD5.AB6946AE88816A0A7729A3DA0B47B4D1] - 18/09/2013 - 09:33:22 ---A- . (.Focusrite A.E. - Saffire.) -- C:\Windows\System32\Drivers\SaffireMidi.sys [38352]
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.5E214964C6E01245FABD40B283697180] - 24/06/2010 - 20:16:05 ---A- . (...) -- C:\Windows\SysWOW64\drivers\Haspnt.sys [36352]
O58 - SDL:[MD5.00971841E1B0B9722AEF94AFB99228F4] - 16/09/2001 - 15:24:00 ---A- . (.DataViz Inc. - MacOpener File System Driver.) -- C:\Windows\SysWOW64\drivers\MacOpen.sys [176709]
O58 - SDL:[MD5.F627E9DA4D3D8DC05A15B68944302F14] - 21/10/2005 - 06:25:32 ---A- . (...) -- C:\Windows\SysWOW64\drivers\MTictwl.sys [13396]
O58 - SDL:[MD5.3F24EAEB165328E00D687BF3B60A448A] - 24/02/2005 - 11:29:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\PFC027.sys [162176]
O58 - SDL:[MD5.F7B1044170266FA4EC8605F77818C7FD] - 24/06/2010 - 20:16:05 ---A- . (...) -- C:\Windows\SysWOW64\haspdos.sys [383]
O58 - SDL:[MD5.EA2270613011D57E2385D92A2CEF44C7] - 02/06/2011 - 09:49:02 ---A- . (...) -- C:\Windows\SysWOW64\isric5.sys [16]
~ Drivers: 16 Legitimates Filtered in 00mn 33s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 28/03/2013 - C:\Windows\System32\DRIVERS\eve.sys (Eve) .(...) - LEGACY_EVE
~ Legacy: 83 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.cbid", "A2");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.crumb", "2014.01.28+15.23.04-dubprdapntlfe6-FR-UGFyaXMsRnJhbmNl");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.default-channel-url-mask", "https://fr.ask.com/?o=0&l=dir&ad=dirN{query}&o={o}&l={l}&qsrc={qsrc}");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.dtid", "YYYYYYYYFR");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "FRXX0076");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.http-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"ww[...]
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.l", "dis");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.locale", "en_US");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.location", "Paris,France");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.o", "10148");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.qsrc", "2871");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.to", "");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {D655DBD8-0F83-4296-8B32-9F482E4524DF} [DefaultScope] - (Freecorder Customized Web Search) - http://search.conduit.com =>Riskware.Movly
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.FA07E81AE9FC09E0353EF32E6F1BF122] [SPRF][30/01/2014] (.T3KiiLA - Launcher F4F.) -- C:\Users\LOECHNER\AppData\Local\Temp\PlayForFight Launcher.exe [425688]
[MD5.22935D99B8B9691F6EBC348237D29832] [SPRF][29/01/2014] (...) -- C:\Users\LOECHNER\AppData\Roaming\hin.exe [117837]
[MD5.913671EB63F3947F8065BF5E4D599907] [SPRF][29/01/2014] (...) -- C:\Users\LOECHNER\AppData\Roaming\kjjk$.exe [633618]
[MD5.D25C6A0228341A2A68E3B44F4A36D169] [SPRF][29/01/2014] (...) -- C:\Users\LOECHNER\AppData\Roaming\l.exe [635655]
[MD5.B074E6CEC8F56453F6C9E71E85440F55] [SPRF][30/01/2014] (...) -- C:\Users\LOECHNER\Desktop\RogueKiller.exe [3794432]
~ Files: 8 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "5164279BC4CD6C947B1444FC4E21DCFA" . (.USB PC Cam Plus.) -- C:\Windows\Installer\{B9724615-DC4C-49C6-B741-44CFE412CDAF}\ARPPRODUCTICON.exe
O90 - PUC: "78886CCC70E683440A53C722FEDB1CE5" . (..) -- C:\Windows\Installer\{CCC68887-6E07-4438-A035-7C22EFBDC15E}\ARPPRODUCTICON.exe
~ Update Products: 199 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.EF376EF21F36FDC18D8DAC4A82A63F61] [WIS][26/06/2010] (.iXi Tools - Driver Updater Pro Installation.) -- C:\Windows\Installer\c40aa2.msi [268288]
~ WIS: 203 Legitimates Filtered in 00mn 30s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 20/03/2007 153792 | (Adobe Version Cue CS3) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe =>.Adobe Systems Incorporated
SS - | Demand 18/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 24/06/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/06/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 20/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/09/2009 305448 | (MWLService) . (.Egis Technology Inc..) - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
SS - | Demand 28/07/2009 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
SS - | Demand 04/02/2013 155824 | (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
SS - | Demand 16/03/2011 407336 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 17/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 12/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 17/12/2013 1011768 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe
SR - | Auto 28/02/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
SR - | Demand 25/06/2010 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Auto 28/08/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
SR - | Auto 23/01/2014 2221904 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SR - | Auto 07/08/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 13/12/2013 377104 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
SR - | Auto 16/09/2001 266304 | (MacFormatService) . (.DataViz Inc..) - C:\Program Files\Conversions Plus\FORMATM.exe
SR - | Auto 03/01/2014 3115008 | (MajIndexEducationService) . (...) - C:\Program Files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 13/08/2009 62208 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
SR - | Auto 29/11/2013 1370912 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 29/11/2013 15128352 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 11/11/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 18/05/2012 2938880 | (PaceLicenseDServices) . (.PACE Anti-Piracy, Inc..) - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
SR - | Auto 11/11/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 04/07/2009 240160 | (Updater Service) . (.Acer.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 09/12/2009 76320 | (USBS3S4Detection) . (...) - C:\OEM\USBDECTION\USBS3S4Detection.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 30s



---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
~ Emulateurs: Scanned in 00mn 30s



---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 34
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 8
Fichiers trouvés (Files found) : 1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar] =>Riskware.Movly^
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKCU\Software\APN] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\APN] =>Toolbar.Ask
[HKCU\Software\Ask&Record] =>Toolbar.Agent
[HKCU\Software\Ask.com] =>Toolbar.AskBar
[HKCU\Software\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar
[HKLM\Software\Wow6432Node\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\DC3_FEXEC] =>Trojan.Fynloski
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6B34ACCF-1B63-4E1A-8633-461917C75544}] =>Toolbar.Freecorder
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6B34ACCF-1B63-4E1A-8633-461917C75544}] =>Toolbar.Freecorder
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Freecorder FLV Service =>Riskware.Movly^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{CA3EB689-8F09-4026-AA10-B9534C691CE0} =>Adware.SocialSkinz
C:\Users\LOECHNER\AppData\Roaming\Mozilla\Firefox\Profiles\boq222za.default\extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC} =>Riskware.Movly^
C:\Program Files (x86)\Freecorder Toolbar =>Riskware.Movly^
C:\Program Files (x86)\Ask.com =>Toolbar.AskBar
C:\Program Files (x86)\Freecorder 6 =>Toolbar.Freecorder
C:\Users\LOECHNER\AppData\Local\AskToolbar =>Toolbar.AskTBar
C:\Users\LOECHNER\AppData\LocalLow\AskToolbar =>Toolbar.AskTBar
C:\Users\LOECHNER\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit
C:\Users\LOECHNER\AppData\Roaming\Mozilla\Firefox\Profiles\boq222za.default\Extensions\toolbar@ask.com =>Toolbar.AskTBar
C:\Program Files (x86)\Freecorder\FLVSrvc.exe =>Riskware.Movly^
~ Additionnel Scan: 716119 Items scanned in 00mn 21s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28801930-riskware-movly =>Riskware.Movly
~ http://nicolascoolman.webs.com/apps/blog/show/32240257-trojan-fynloski =>Trojan.Fynloski
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ MSI: 5 link(s) detected in 00mn 21s



~ 1700 Legitimates filtered by white list
End of the scan (634 lines in 03mn 39s)(0)
0
Réponse 27 / 165
lilidurhone Messages postés 43355 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 807
 
* Quitte tous tes programmes en cours

* Sous Vista/Seven , clique droit -> lancer en tant qu'administrateur

* Sinon lance simplement RogueKiller.exe

* Patiente pendant le pre-scan, clique sur Scan

* Vérifie que tous les éléments sont cochés puis clique sur Suppression

* Poste le rapport RKreport.txt présent sur le bureau.
0
Réponse 28 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
RogueKiller V8.8.4 [Jan 27 2014] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.adlice.com/forum/
Site Web : https://www.luanagames.com/index.fr.html
Blog : https://www.adlice.com/

Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : LOECHNER [Droits d'admin]
Mode : Suppression -- Date : 01/30/2014 20:52:03
| ARK || FAK || MBR |

¤¤¤ Processus malicieux : 1 ¤¤¤
[SUSP PATH] UserLayout.exe -- C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe [-] -> TUÉ [TermProc]

¤¤¤ Entrees de registre : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\RunOnce : UserLayout.exe (C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe [-]) -> SUPPRIMÉ
[RUN][SUSP PATH] HKUS\S-1-5-21-3929475522-2066774324-1603334053-1001\[...]\RunOnce : UserLayout.exe (C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe [-]) -> [0x2] Le fichier spécifié est introuvable.
[RUN][SUSP PATH] HKLM\[...]\Run : 61292 (C:\PROGRA~3\LOCALS~1\Temp\msoauz.cmd [x]) -> SUPPRIMÉ
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : 61292 (C:\PROGRA~3\LOCALS~1\Temp\msoauz.cmd [x]) -> [0x2] Le fichier spécifié est introuvable.
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REMPLACÉ (2)
[HJ POL][PUM] HKLM\[...]\System : EnableLUA (0) -> REMPLACÉ (1)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REMPLACÉ (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REMPLACÉ (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REMPLACÉ (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REMPLACÉ (0)

¤¤¤ Tâches planifiées : 0 ¤¤¤

¤¤¤ Entrées Startup : 0 ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Addons navigateur : 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤

¤¤¤ Ruches Externes: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD15EADS-22P8B0 +++++
--- User ---
[MBR] 2cebcf00f630463e11011815babfed63
[BSP] ed7b7e9d2a217c59ab631c67c5a39760 : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 14336 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 29362176 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 29566976 | Size: 708046 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1479645184 | Size: 708315 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[0]_D_01302014_205203.txt >>
RKreport[0]_S_01302014_204306.txt
0
Réponse 29 / 165
lilidurhone Messages postés 43355 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 807
 
Refais un scan rapide de Mbam
0
Réponse 30 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
C'est mieux mais j'en ai encore 4
Grrrrrrrrrrrrr

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2014.01.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
LOECHNER :: LOECHNER-PC [administrateur]

30/01/2014 20:56:11
MBAM-log-2014-01-30 (21-01-34).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 220300
Temps écoulé: 5 minute(s), 6 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Aucune action effectuée.

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 1
C:\Users\LOECHNER\AppData\Roaming\dclogs (Stolen.Data) -> Aucune action effectuée.

Fichier(s) détecté(s): 2
C:\Users\LOECHNER\AppData\Roaming\dclogs\2014-01-30-5.dc (Stolen.Data) -> Aucune action effectuée.
C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe (Backdoor.Messa.E) -> Aucune action effectuée.

(fin)
0
Réponse 31 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
Je nettoie ?
0
Réponse 32 / 165
lilidurhone Messages postés 43355 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 807
 
Oui
0
Réponse 33 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
Ok nettoyé
Je passe un nouveau scan

Pour la première fois mon pc me demande si je suis bien sûr de vouloir lancer un programme (quand je lance malware) et à nouveau si je suis sur de vouloirs firefox quand je le lance

J'ai mis ok of course
On se croirait sous vista d'un coup !!
0
Réponse 34 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
Voici donc tin tin le résultat

J'attends un tout petit peu ou j'ai le droit de dire un grand merci tout de suite ?

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2014.01.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
LOECHNER :: LOECHNER-PC [administrateur]

30/01/2014 21:14:52
mbam-log-2014-01-30 (21-14-52).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 219920
Temps écoulé: 8 minute(s), 3 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)
0
Réponse 35 / 165
lilidurhone Messages postés 43355 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 807
 
:D

Refais un zhpdiag
0
Réponse 36 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
Grrrrrrrrrr c'est revenu ce soir : plus d'accent à nouveau

Je reviens avec un rapport zhpdia (je viens de la lancer)

Rhalala !!
0
cabrier Messages postés 5591 Date d'inscription   Statut Contributeur sécurité Dernière intervention   702
 
@lili---> Eventuellement rapport OTL mais à mon avis---> Combofix !
0
Réponse 37 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Lancé par LOECHNER (31/01/2014 16:45:15)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Deactivate by program


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476
MFIE: Mozilla Firefox 26.0 (Defaut)

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.2.286
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v4.07 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 26 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6135 MB (76% free)
System Restore: Activé (Enable)
System drive C: has 253 GB (36%) free of 691 GB

---\\ Mode de connexion au système
~ Computer Name: LOECHNER-PC
~ User Name: LOECHNER
~ All Users Names: LOECHNER, Administrateur, 7B43C345E0764AC59F81,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\LOECHNER\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\LOECHNER\AppData\Roaming\
~ %Desktop% : C:\Users\LOECHNER\Desktop\
~ %Favorites% : C:\Users\LOECHNER\Favorites\
~ %LocalAppData% : C:\Users\LOECHNER\AppData\Local\
~ %StartMenu% : C:\Users\LOECHNER\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 253 Go of 691 Go)
D: Hard drive, Flash drive, Thumb drive (Free 212 Go of 692 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 08:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/144
~ Mes musiques (My Musics) : 1/13
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 6/3663
~ Mon Bureau (My Desktop) : 1/140
~ Menu demarrer (Programs) : 1/39
~ Hidden Files: Scanned in 00mn 02s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2544]
[MD5.0B1B7568CED61ABF5FD717F28175C96A] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.2592]
[MD5.588BEEE7B106E6520F550A45897D00B2] - (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384] [PID.2652]
[MD5.B644A9A9A8ADDEC20E7956373130AC2D] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056] [PID.2676]
[MD5.B17E1702DC1DAC26C17A917A1E255843] - (.Samsung - NCPro.) -- C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe [49220] [PID.2736]
[MD5.D9CB30BF12B3670650C85637EA1AB6EA] - (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888] [PID.2848]
[MD5.84F122BFFA0638CE735E891620EF7754] - (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280] [PID.2860]
[MD5.4D042B1F1375CF371AFBE0E0276BA627] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [624248] [PID.2884]
[MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.2928]
[MD5.4F2B6D05AFC4F680DFC2392EDA749493] - (.Applian Technologies, Inc. - FLV Service for Freecorder.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe [167936] [PID.2956] =>Riskware.Movly
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2984]
[MD5.00287B525957A9AC91C112C7264BEA27] - (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3813200] [PID.3048]
[MD5.C4407E2DBC111685B6D8D8C0057B8586] - (.CybelSoft - T3KiiLA.) -- D:\Mes documents\2. Hippolyte\PlayForFight Launcher.exe [1001472] [PID.3952]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.1860]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.1248]
[MD5.49D9C17FDDFAC66F27FA735E94923216] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [414496] [PID.964]
[MD5.FE79366FECD444A16CCA9979134DBEA8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376] [PID.1572]
[MD5.54192D7830C987D4DA7008204F53B34F] - (...) -- C:\Program Files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe [3115008] [PID.2024]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.2056]
[MD5.FDE9C7030FB1E9E2715E113EE6A10F90] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376] [PID.2192]
[MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376] [PID.2224]
[MD5.816FD5A6F3C2F3D600900096632FC60E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [1150496] [PID.2308]
[MD5.A39F245FC5170BF80E89BBBD59610E24] - (.DataViz Inc. - MacOpener Mac Formatter.) -- C:\Program Files\Conversions Plus\FORMATM.exe [266304] [PID.2428]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2448]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2488]
[MD5.BD691091AC7D9713D8F0B07C6B099E6C] - (.NewTech Infosystems, Inc. - Backup Manager Module.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [62208] [PID.2512]
[MD5.1D3878E5722F0AB3C22D04E88AC4AC55] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912] [PID.2800]
[MD5.673E36852E2F9FA778D5D3DDCEFA591B] - (.PACE Anti-Piracy, Inc. - PACE License Support Service.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880] [PID.2244]
[MD5.70DDE3A86DBEB1D6C3C30AD687B1877A] - (.Acer - Acer Update Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160] [PID.2696]
[MD5.B5E6C4F280EBF0B16F74A5B415F2E0DF] - (.Pas de propriétaire - USB S3S4 Detection.) -- C:\OEM\USBDECTION\USBS3S4Detection.exe [76320] [PID.3084]
[MD5.29D956C8CB67222D678FAF20D485B25B] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe [1011768] [PID.3612]
[MD5.0E899D0DB39617AA0B2F992E7E95B5EB] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840] [PID.3868]
[MD5.227846995AFEEFA70D328BF5334A86A5] - (.Macrovision Europe Ltd. - Activation Licensing Service.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848] [PID.4004]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\LOECHNER\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\LOECHNER\AppData\Roaming\Mozilla\Firefox\Profiles\boq222za.default\prefs.js
M0 - MFSP: prefs.js [LOECHNER - boq222za.default] www.hotmail.com
M2 - MFEP: prefs.js [LOECHNER - boq222za.default\toolbar@ask.com] [] @@toolbarname@@ v (..)
M2 - MFEP: prefs.js [LOECHNER - boq222za.default\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC}] [] Freecorder 6 v2.1.9 (..) =>Riskware.Movly
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (.Pas de propriétaire - Provides additional functionality on Facebook. See <a href="http://www.) -- C:\Users\LOECHNER\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll =>.Facebook
~ Firefox Browser: 27 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{6B34ACCF-1B63-4E1A-8633-461917C75544} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Readme.LNK . (...) -- C:\Program Files (x86)\Waves\Documents\HTM DOCS\Join.htm
O4 - GS\QuickLaunch [LOECHNER]: DVD Decrypter.lnk . (.LIGHTNING UK! - DVD Decrypter - The Ultimate DVD Ripper!.) -- C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe
O4 - GS\QuickLaunch [LOECHNER]: Easy Audio Cutter.lnk . (.Koyote Soft - Pas de description.) -- C:\Program Files (x86)\Free Audio Pack\Easy Audio Cutter\AudioCutter.exe
O4 - GS\QuickLaunch [LOECHNER]: Free CD Ripper.lnk . (.Koyote Soft - FreeCDRipper.) -- C:\Program Files (x86)\Free Audio Pack\Free CD Ripper\FreeCDRipper.exe
O4 - GS\QuickLaunch [LOECHNER]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [LOECHNER]: Pro Tools 10.lnk . (.Avid Technology, Inc. - Pro Tools Application.) -- C:\Program Files (x86)\Avid\Pro Tools\ProTools.exe
O4 - GS\QuickLaunch [LOECHNER]: VSO Image Resizer 4.lnk . (.VSO Software SARL - ImageResizer.) -- C:\Program Files (x86)\VSO\Image Resizer 4\Resize.exe
O4 - GS\TaskBar [LOECHNER]: 00 Photoshop 7.0.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop.) -- C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe
O4 - GS\TaskBar [LOECHNER]: cwpa.lnk . (.Cakewalk - Cakewalk Pro Audio.) -- C:\audio\cw9\cwpa.exe
O4 - GS\TaskBar [LOECHNER]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [LOECHNER]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [LOECHNER]: Pro Tools 10.lnk . (.Avid Technology, Inc. - Pro Tools Application.) -- C:\Program Files (x86)\Avid\Pro Tools\ProTools.exe
O4 - GS\TaskBar [LOECHNER]: Saffire MixControl.lnk . (...) -- C:\Program Files\Focusrite\Saffire MixControl\SaffireCpl.exe
O4 - GS\TaskBar [LOECHNER]: SONAR 8 Producer Edition(x64).lnk . (.Twelve Tone Systems, Inc. - Pas de description.) -- C:\Program Files\Cakewalk\SONAR 8 Producer Edition\SONARPDR.exe
O4 - GS\Program [LOECHNER]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [LOECHNER]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [LOECHNER]: MBAM-log-2014-01-28 (19-56-42) - Raccourci.lnk . (...) -- C:\Users\LOECHNER\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\MBAM-log-2014-01-28 (19-56-42).txt
O4 - GS\Desktop [LOECHNER]: Mes documents.lnk . (...) -- D:\Mes documents
~ Global Startup: 80 Legitimates Filtered in 00mn 01s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: NCProTray.lnk . (.Samsung - NCPro.) -- C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\Run: [EPSON Stylus D78 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBGE.exe =>.Epson Seiko Corporation
O4 - HKCU\..\RunOnce: [UserLayout.exe] . (.CybelSoft - T3KiiLA.) -- C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe
O4 - HKLM\..\Wow6432Node\Run: [JMB36X IDE Setup] . (...) -- C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
O4 - HKLM\..\Wow6432Node\Run: [Hotkey Utility] . (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Wow6432Node\Run: [MacLicense] . (.DataViz Inc. - MacOpener MacLicense.) -- C:\Program Files\Conversions Plus\MacLic.exe
O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe_ID0EYTHM] . (.Adobe Systems Incorporated - Adobe Version Cue CS3.) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [Freecorder FLV Service] . (.Applian Technologies, Inc. - FLV Service for Freecorder.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe =>Riskware.Movly
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3929475522-2066774324-1603334053-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-3929475522-2066774324-1603334053-1001\..\Run: [EPSON Stylus D78 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBGE.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-3929475522-2066774324-1603334053-1001\..\RunOnce: [UserLayout.exe] . (.CybelSoft - T3KiiLA.) -- C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E6C0F21-404B-4D33-9803-4183259F272A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A370574F-AE94-4DA1-B10B-6094E7156AAA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4E6C0F21-404B-4D33-9803-4183259F272A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A370574F-AE94-4DA1-B10B-6094E7156AAA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{4E6C0F21-404B-4D33-9803-4183259F272A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A370574F-AE94-4DA1-B10B-6094E7156AAA}: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (MacFormatService) . (.DataViz Inc. - MacOpener Mac Formatter.) - C:\Program Files\Conversions Plus\FORMATM.exe
O23 - Service: Mise à jour automatique - Index Education (MajIndexEducationService) . (...) - C:\Program Files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe
O23 - Service: USBS3S4Detection (USBS3S4Detection) . (.Pas de propriétaire - USB S3S4 Detection.) - C:\OEM\USBDECTION\USBS3S4Detection.exe
~ Services: 22 Legitimates Filtered in 00mn 03s



---\\ Tâches planifiées en automatique (O39)
[MD5.5CA85461AFFF7D0067286AB6DAF11BC2] [APT] [{01784662-8B28-4815-9055-E057779EA8DA}] (...) -- C:\Program Files (x86)\Finale 2003\Finale install\Finale 2003.exe [95158505]
[MD5.00000000000000000000000000000000] [APT] [{2B61860C-3EDE-42D3-A5F0-05F76E4B6217}] (...) -- C:\Program Files (x86)\CONVER~1\dvzeng.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3BD0A5E2-9A0A-4D69-8369-8C31F88A36A1}] (...) -- E:\bin\Adobe Premiere 6.0\bs-pe60\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{43E6DF3F-AB79-4620-9090-08DBB451A899}] (...) -- J:\Program Files\Outlook Express\setup50.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{496ADC8C-A36E-4533-B4D1-26B16341DCB6}] (...) -- E:\paint shop pro 7\crack\Crack.exe (.not file.) [0]
[MD5.5CA85461AFFF7D0067286AB6DAF11BC2] [APT] [{529757F2-826E-4CAE-99D0-765417F87860}] (...) -- C:\My_download_files\finale\Finale 2003.exe [95158505]
[MD5.00000000000000000000000000000000] [APT] [{795E3531-9C25-4E19-811F-4F43C46118EF}] (...) -- E:\bin\Adobe Premiere 6.0\bs-pe60\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9D0D9FA7-B60C-4126-A451-F487329AFF73}] (...) -- E:\bin\Adobe Premiere 6.0\bs-pe60\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A316033E-2AE5-4C57-AF54-4E8869A7B3AC}] (...) -- C:\Program Files (x86)\Steinberg\Asio\dxfdsetup.exe (.not file.) [0]
[MD5.988D37BC3CE0DDD813546B97F5AE2DE7] [APT] [{C3915191-0908-4B19-AEBA-71564AFF9D16}] (...) -- C:\My_download_files\pro_tools_APTHD.10.3.5.win\Patch\02 KillerBugs v2 for Pro Tools 10.3.5 HD (for 64 bits systems).exe [92571917]
[MD5.00000000000000000000000000000000] [APT] [{D96E953A-2843-48FC-BBAB-CC7A423BAF60}] (...) -- E:\musique\effets direct x\TubeWarmth DirectX Audio Plug-In ( 935 Ko )\OSETUP.exe (.not file.) [0]
[MD5.7856D7DCA83DF06DF2C8C2B7BC59A3A9] [APT] [{E85D9429-D59D-4459-9AD5-0D45EE7BE397}] (...) -- C:\audio\tcnative\tc-essentials\TCESSENTIAL\SETUPTCE.exe [1386560]
[MD5.00000000000000000000000000000000] [APT] [{FF4ABBAC-429C-4E5B-A7FF-E9B190AE3088}] (...) -- K:\My_download_files\Firebox\FireBox_121_Installer.exe (.not file.) [0]
~ Scheduled Task: 26 Legitimates Filtered in 00mn 10s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (Eve) . (...) - C:\Windows\System32\DRIVERS\eve.sys
O41 - Driver: (NCPro) . (. - .) - C:\Windows\system32\drivers\MTictwl.sys (.not file.)
~ Drivers: 84 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Clean! v1.0 - (...) [HKLM][64Bits] -- Clean!
O42 - Logiciel: Conversions Plus 6.05 - (...) [HKLM][64Bits] -- ConversionsPlus6.05
O42 - Logiciel: Driver Updater Pro - (.iXi Tools.) [HKLM][64Bits] -- Driver Updater Pro
O42 - Logiciel: Driver Updater Pro - (.iXi Tools.) [HKLM][64Bits] -- {7D1FA102-9B90-48B0-8DF8-735BBA5F4093}
O42 - Logiciel: Freecorder Toolbar - (...) [HKLM][64Bits] -- Freecorder Toolbar =>Riskware.Movly
O42 - Logiciel: HammerHead Rhythm Station - (...) [HKLM][64Bits] -- HammerHead Rhythm Station
O42 - Logiciel: Hyperprism DX 1.5 © Arboretum Systems, Inc. - (...) [HKLM][64Bits] -- Hyperprism DX 1.5 © Arboretum Systems, Inc.
O42 - Logiciel: Native Power Pack 2.3 - (...) [HKLM][64Bits] -- Native Power Pack 2.3
O42 - Logiciel: Nomad Factory Blue Tubes Bundle v2.0 - (...) [HKLM][64Bits] -- Nomad Factory Blue Tubes Bundle v2.0
O42 - Logiciel: Nomad Factory Liquid Bundle VST v1.6 - (...) [HKLM][64Bits] -- Nomad Factory Liquid Bundle VST v1.6
O42 - Logiciel: Nomad Factory Rock Amp Legends VST v1.0 - (...) [HKLM][64Bits] -- Nomad Factory Rock Amp Legends VST v1.0
O42 - Logiciel: RBC Audio Voice Tweaker Pro V3.02 - (...) [HKLM][64Bits] -- RBC Audio Voice Tweaker Pro V3.02
O42 - Logiciel: Saffire MixControl 3.3 - (.Focusrite Audio Engineering Ltd..) [HKLM][64Bits] -- Saffire PRO 40_is1
O42 - Logiciel: T-RackS 24 - (...) [HKLM][64Bits] -- T-RackS 24
O42 - Logiciel: TC Native Essentials v1.02 - (...) [HKLM][64Bits] -- TC-Essentials
O42 - Logiciel: USB PC Cam Plus - (.Nom de votre société.) [HKLM][64Bits] -- InstallShield_{B9724615-DC4C-49C6-B741-44CFE412CDAF}
O42 - Logiciel: Warp VST V1.0 - (...) [HKLM][64Bits] -- Warp VST V1.0
~ Logic: 48 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN]
[HKCU\Software\Ask&Record]
[HKCU\Software\Ask.com]
[HKCU\Software\AskToolbar]
[HKCU\Software\CCaissotti]
[HKCU\Software\DC3_FEXEC] =>Trojan.Fynloski
[HKCU\Software\Electron]
[HKCU\Software\Project]
[HKCU\Software\Soup]
[HKCU\Software\XPCTools]
[HKLM\Software\Wow6432Node\124]
[HKLM\Software\Wow6432Node\APN]
[HKLM\Software\Wow6432Node\AskToolbar]
[HKLM\Software\Wow6432Node\Bevee]
[HKLM\Software\Wow6432Node\Calculator]
[HKLM\Software\Wow6432Node\DSPFX32]
[HKLM\Software\Wow6432Node\Net4Music]
[HKLM\Software\Wow6432Node\Ogcrosoft]
[HKLM\Software\Wow6432Node\RBC Audio]
[HKLM\Software\Wow6432Node\SpectralDesign]
~ Key Software: 693 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/12/2012 - 15:22:33 - [4,406] ----D C:\Program Files (x86)\Ask.com
O43 - CFD: 19/06/2012 - 14:58:00 - [4,473] ----D C:\Program Files (x86)\DSPFX32
O43 - CFD: 19/09/2012 - 16:54:52 - [0,046] ----D C:\Program Files (x86)\Freecorder Toolbar =>Riskware.Movly
O43 - CFD: 24/06/2010 - 16:58:41 - [2,177] ----D C:\Program Files (x86)\HammerHead
O43 - CFD: 23/09/2010 - 09:35:13 - [13,325] ----D C:\Program Files (x86)\NPeducmus
O43 - CFD: 26/06/2010 - 09:26:16 - [1,181] ----D C:\Program Files (x86)\RBC Audio
O43 - CFD: 26/06/2010 - 08:22:23 - [2,521] ----D C:\Program Files (x86)\SmartMusic
O43 - CFD: 07/01/2011 - 17:59:41 - [0,707] ----D C:\Program Files (x86)\Team6 game studios
O43 - CFD: 26/06/2010 - 09:59:38 - [3,948] --H-D C:\ProgramData\{CC51AE54-B346-4954-ADDB-30BD4F138CF2}
O43 - CFD: 17/12/2013 - 17:27:24 - [13,924] ----D C:\Users\LOECHNER\AppData\Roaming\.Nachie1.6
O43 - CFD: 12/04/2012 - 10:39:52 - [0] ----D C:\Users\LOECHNER\AppData\Roaming\FireBox Mixer
O43 - CFD: 31/01/2014 - 13:26:24 - [415,735] ----D C:\Users\LOECHNER\AppData\Roaming\playforfight
O43 - CFD: 08/10/2013 - 18:46:32 - [0] --HAD C:\Users\LOECHNER\AppData\Local\2WcVdNSt
O43 - CFD: 10/12/2013 - 15:22:43 - [0,001] --H-D C:\Users\LOECHNER\AppData\Local\3dQ3SkCiUV0h
O43 - CFD: 23/05/2013 - 16:02:50 - [1,039] ----D C:\Users\LOECHNER\AppData\Local\AskToolbar
O43 - CFD: 02/07/2010 - 19:17:16 - [30,447] ----D C:\Users\LOECHNER\AppData\Local\Installer2084
O43 - CFD: 02/07/2010 - 19:12:01 - [33,915] ----D C:\Users\LOECHNER\AppData\Local\Installer3564
O43 - CFD: 25/06/2010 - 15:55:38 - [0] ----D C:\Users\LOECHNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Clean
O43 - CFD: 24/06/2010 - 20:14:58 - [0] ----D C:\Users\LOECHNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DSPFX32
O43 - CFD: 24/06/2010 - 20:17:00 - [0] ----D C:\Users\LOECHNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hyperprism DX Manual HTML
O43 - CFD: 26/06/2010 - 09:26:16 - [0] ----D C:\Users\LOECHNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RBC Audio
~ 1 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 347 Legitimates Filtered in 00mn 59s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.0E5318568C846443EFB0ED0C3BEEB687] - 28/01/2014 - 13:33:25 ---A- . (...) -- C:\rapport.txt [4956]
O44 - LFC:[MD5.6B7CBF3E6629C02E79FC2DD543098B4E] - 30/01/2014 - 20:28:52 ---A- . (...) -- C:\Windows\ntbtlog.txt [260630]
~ Files: 14 Legitimates Filtered in 00mn 45s



---\\ Clé de registre Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{23c1d6c8-667a-11e0-8ec1-90fba649a48b}\AutoRun\command. (...) -- K:\LaunchU3.exe (.not file.)
O51 - MPSK:{675061f8-e087-11e2-9eb6-90fba649a48b}\AutoRun\command. (...) -- K:\Startme.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.5C3BF188F182C26974646A13B0CA4715] - 28/03/2013 - 18:50:02 ---A- . (...) -- C:\Windows\System32\Drivers\eve.sys [41304]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.748EEDBB095FE6535C7E3616AEBC533F] - 16/05/2012 - 10:15:12 ---A- . (.Pas de propriétaire - iLok Kernel Driver.) -- C:\Windows\System32\Drivers\iLokDrvr.sys [25752]
O58 - SDL:[MD5.16E6B5C643D7611684994E158A227D5E] - 03/02/2010 - 11:16:50 ---A- . (.Archwave AG - Archwave 1394 Audio Device Driver.) -- C:\Windows\System32\Drivers\pae_1394_x64.sys [196992]
O58 - SDL:[MD5.64FC7B5C2B6899FC19A7060E0BCCBDB7] - 09/10/2007 - 16:06:56 ---A- . (.BridgeCo AG - BridgeCo WDM Audio Driver (AVStream).) -- C:\Windows\System32\Drivers\pae_avs_x64.sys [69168]
O58 - SDL:[MD5.E92EFA4A9287B1D4C65C13401CC2F891] - 18/09/2013 - 09:33:22 ---A- . (.Focusrite A.E. - Saffire.) -- C:\Windows\System32\Drivers\Saffire.sys [226768]
O58 - SDL:[MD5.0334399C48FB1A8E24FABFD719D07D78] - 18/09/2013 - 09:33:22 ---A- . (.Focusrite A.E. - Saffire.) -- C:\Windows\System32\Drivers\SaffireAudio.sys [47824]
O58 - SDL:[MD5.AB6946AE88816A0A7729A3DA0B47B4D1] - 18/09/2013 - 09:33:22 ---A- . (.Focusrite A.E. - Saffire.) -- C:\Windows\System32\Drivers\SaffireMidi.sys [38352]
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.5E214964C6E01245FABD40B283697180] - 24/06/2010 - 20:16:05 ---A- . (...) -- C:\Windows\SysWOW64\drivers\Haspnt.sys [36352]
O58 - SDL:[MD5.00971841E1B0B9722AEF94AFB99228F4] - 16/09/2001 - 15:24:00 ---A- . (.DataViz Inc. - MacOpener File System Driver.) -- C:\Windows\SysWOW64\drivers\MacOpen.sys [176709]
O58 - SDL:[MD5.F627E9DA4D3D8DC05A15B68944302F14] - 21/10/2005 - 06:25:32 ---A- . (...) -- C:\Windows\SysWOW64\drivers\MTictwl.sys [13396]
O58 - SDL:[MD5.3F24EAEB165328E00D687BF3B60A448A] - 24/02/2005 - 11:29:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\PFC027.sys [162176]
O58 - SDL:[MD5.F7B1044170266FA4EC8605F77818C7FD] - 24/06/2010 - 20:16:05 ---A- . (...) -- C:\Windows\SysWOW64\haspdos.sys [383]
O58 - SDL:[MD5.EA2270613011D57E2385D92A2CEF44C7] - 02/06/2011 - 09:49:02 ---A- . (...) -- C:\Windows\SysWOW64\isric5.sys [16]
~ Drivers: 16 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 28/03/2013 - C:\Windows\System32\DRIVERS\eve.sys (Eve) .(...) - LEGACY_EVE
~ Legacy: 83 Legitimates Filtered in 00mn 00s



---\\ Associations Shell Spawning (O67)
O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.cbid", "A2");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.crumb", "2014.01.28+15.23.04-dubprdapntlfe6-FR-UGFyaXMsRnJhbmNl");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.default-channel-url-mask", "https://fr.ask.com/?o=0&l=dir&ad=dirN{query}&o={o}&l={l}&qsrc={qsrc}");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.dtid", "YYYYYYYYFR");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "FRXX0076");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.http-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"ww[...]
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.l", "dis");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.locale", "en_US");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.location", "Paris,France");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.o", "10148");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.qsrc", "2871");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.to", "");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {D655DBD8-0F83-4296-8B32-9F482E4524DF} [DefaultScope] - (Freecorder Customized Web Search) - http://search.conduit.com =>Riskware.Movly
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.FA07E81AE9FC09E0353EF32E6F1BF122] [SPRF][31/01/2014] (.T3KiiLA - Launcher F4F.) -- C:\Users\LOECHNER\AppData\Local\Temp\PlayForFight Launcher.exe [425688]
[MD5.22935D99B8B9691F6EBC348237D29832] [SPRF][29/01/2014] (...) -- C:\Users\LOECHNER\AppData\Roaming\hin.exe [117837]
[MD5.913671EB63F3947F8065BF5E4D599907] [SPRF][29/01/2014] (...) -- C:\Users\LOECHNER\AppData\Roaming\kjjk$.exe [633618]
[MD5.D25C6A0228341A2A68E3B44F4A36D169] [SPRF][29/01/2014] (...) -- C:\Users\LOECHNER\AppData\Roaming\l.exe [635655]
[MD5.B074E6CEC8F56453F6C9E71E85440F55] [SPRF][30/01/2014] (...) -- C:\Users\LOECHNER\Desktop\RogueKiller.exe [3794432]
~ Files: 8 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "5164279BC4CD6C947B1444FC4E21DCFA" . (.USB PC Cam Plus.) -- C:\Windows\Installer\{B9724615-DC4C-49C6-B741-44CFE412CDAF}\ARPPRODUCTICON.exe
O90 - PUC: "78886CCC70E683440A53C722FEDB1CE5" . (..) -- C:\Windows\Installer\{CCC68887-6E07-4438-A035-7C22EFBDC15E}\ARPPRODUCTICON.exe
~ Update Products: 199 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.EF376EF21F36FDC18D8DAC4A82A63F61] [WIS][26/06/2010] (.iXi Tools - Driver Updater Pro Installation.) -- C:\Windows\Installer\c40aa2.msi [268288]
~ WIS: 203 Legitimates Filtered in 00mn 29s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 20/03/2007 153792 | (Adobe Version Cue CS3) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe =>.Adobe Systems Incorporated
SS - | Demand 18/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 24/06/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/06/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 20/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/09/2009 305448 | (MWLService) . (.Egis Technology Inc..) - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
SS - | Demand 28/07/2009 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
SS - | Demand 04/02/2013 155824 | (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
SS - | Demand 16/03/2011 407336 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 17/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 12/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 17/12/2013 1011768 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe
SR - | Auto 28/02/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
SR - | Demand 25/06/2010 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Auto 28/08/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
SR - | Auto 23/01/2014 2221904 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SR - | Auto 07/08/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 13/12/2013 377104 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
SR - | Auto 16/09/2001 266304 | (MacFormatService) . (.DataViz Inc..) - C:\Program Files\Conversions Plus\FORMATM.exe
SR - | Auto 03/01/2014 3115008 | (MajIndexEducationService) . (...) - C:\Program Files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 13/08/2009 62208 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
SR - | Auto 29/11/2013 1370912 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 29/11/2013 15128352 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 11/11/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 18/05/2012 2938880 | (PaceLicenseDServices) . (.PACE Anti-Piracy, Inc..) - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
SR - | Auto 11/11/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 04/07/2009 240160 | (Updater Service) . (.Acer.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 09/12/2009 76320 | (USBS3S4Detection) . (...) - C:\OEM\USBDECTION\USBS3S4Detection.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 29s



---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
~ Emulateurs: Scanned in 00mn 29s



---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 34
Valeurs trouvées (Values found) : 4
Dossiers trouvés (Folders found) : 8
Fichiers trouvés (Files found) : 1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar] =>Riskware.Movly^
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKCU\Software\APN] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\APN] =>Toolbar.Ask
[HKCU\Software\Ask&Record] =>Toolbar.Agent
[HKCU\Software\Ask.com] =>Toolbar.AskBar
[HKCU\Software\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar
[HKLM\Software\Wow6432Node\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\DC3_FEXEC] =>Trojan.Fynloski
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6B34ACCF-1B63-4E1A-8633-461917C75544}] =>Toolbar.Freecorder
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6B34ACCF-1B63-4E1A-8633-461917C75544}] =>Toolbar.Freecorder
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Freecorder FLV Service =>Riskware.Movly^
[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{CA3EB689-8F09-4026-AA10-B9534C691CE0} =>Adware.SocialSkinz
C:\Users\LOECHNER\AppData\Roaming\Mozilla\Firefox\Profiles\boq222za.default\extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC} =>Riskware.Movly^
C:\Program Files (x86)\Freecorder Toolbar =>Riskware.Movly^
C:\Program Files (x86)\Ask.com =>Toolbar.AskBar
C:\Program Files (x86)\Freecorder 6 =>Toolbar.Freecorder
C:\Users\LOECHNER\AppData\Local\AskToolbar =>Toolbar.AskTBar
C:\Users\LOECHNER\AppData\LocalLow\AskToolbar =>Toolbar.AskTBar
C:\Users\LOECHNER\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit
C:\Users\LOECHNER\AppData\Roaming\Mozilla\Firefox\Profiles\boq222za.default\Extensions\toolbar@ask.com =>Toolbar.AskTBar
C:\Program Files (x86)\Freecorder\FLVSrvc.exe =>Riskware.Movly^
~ Additionnel Scan: 716265 Items scanned in 00mn 26s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28801930-riskware-movly =>Riskware.Movly
~ http://nicolascoolman.webs.com/apps/blog/show/32240257-trojan-fynloski =>Trojan.Fynloski
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/27480243-adware-socialskinz =>Adware.SocialSkinz
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ MSI: 5 link(s) detected in 00mn 26s



~ 1700 Legitimates filtered by white list
End of the scan (631 lines in 03mn 14s)(0)
0
Réponse 38 / 165
lilidurhone Messages postés 43355 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 807
 
@cabrier

Je ne sais pas l'utiliser :(


Si problème il y a il existe toujours une solution
*** Contributrice sécurité ***
0
Réponse 39 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
oups et voici celui de malware
Je dois être un cas

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2014.01.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
LOECHNER :: LOECHNER-PC [administrateur]

31/01/2014 16:51:42
MBAM-log-2014-01-31 (17-03-01).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 220397
Temps écoulé: 4 minute(s), 27 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Aucune action effectuée.

Valeur(s) du Registre détectée(s): 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|UserLayout.exe (Backdoor.Messa.E) -> Données: C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe -> Aucune action effectuée.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 1
C:\Users\LOECHNER\AppData\Roaming\dclogs (Stolen.Data) -> Aucune action effectuée.

Fichier(s) détecté(s): 2
C:\Users\LOECHNER\AppData\Roaming\dclogs\2014-01-31-6.dc (Stolen.Data) -> Aucune action effectuée.
C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe (Backdoor.Messa.E) -> Aucune action effectuée.

(fin)
0
Réponse 40 / 165
lilidurhone Messages postés 43355 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 807
 
2014.01.29

Mbam pas à jour!

Fais une maj avant de lancer un scan

0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Retour en arrière avec Pages sur Mac ?
alex 2510 -
emma.plv -

13 réponses
Je n'arrives pas à faire des cédilles ou des accents circonflexes dans mes SMS
Pandaroux -
Woodycatz -

13 réponses
Revenir 2 jours en arriére sur ordi
Zitounettee -
zitounettee -

23 réponses
comment revenir en arriere sur un pc
fafaetman -
fafaetman -

7 réponses