Virus qui continue à revenir (problème accents circonflexes)

Résolu
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   -  
 yoann090 -
Bonjour,

Voici ma config


Depuis 2 jours j'ai un problème
Mon pc ne veut pas afficher mes accents circonflexes

J'ai filtré ma machine avec adwcleaner puis malware antiware
Puis nettoyer les registres avec ccleaner

malware est efficace un temps mais cela ne dure pas
Mes accents reviennent mais le lendemain c'est rebolote

Dans C://ulilisateur/ monnom//local/appdata le dossier toolbar4 revient

et cette fichue clé aussi
hklm/software/microsoft/windows/currentversion/policies/ie/run/61292

C'est suite à l'installation de "easy mp3 wav concerter"
ça m'a vérolé toute la machine avec boxore etc
J'ai réussi à tout disparaitre sauf ce truc

Voici le rapport de malware

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2014.01.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
LOECHNER :: LOECHNER-PC [administrateur]

29/01/2014 14:36:05
MBAM-log-2014-01-28 (19-56-42).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 219708
Temps écoulé: 6 minute(s), 7 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Aucune action effectuée.

Valeur(s) du Registre détectée(s): 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|UserLayout.exe (Backdoor.Messa.E) -> Données: C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe -> Aucune action effectuée.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|61292 (Trojan.Agent) -> Données: C:\PROGRA~3\LOCALS~1\Temp\msoauz.cmd -> Aucune action effectuée.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 1
C:\Users\LOECHNER\AppData\Roaming\dclogs (Stolen.Data) -> Aucune action effectuée.

Fichier(s) détecté(s): 2
C:\Users\LOECHNER\AppData\Roaming\dclogs\2014-01-29-4.dc (Stolen.Data) -> Aucune action effectuée.
C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe (Backdoor.Messa.E) -> Aucune action effectuée.

(fin)


Si je les vire ils reviendront demain
Quelq'un a une petite idée de comment les virer ?

Merci mille fois !!!!!!
A voir également:

165 réponses

Précédent
Réponse 41 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
oups ok je reviens
0
Réponse 42 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
Rapport OTL ici

OTL logfile created on: 31/01/2014 17:06:01 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LOECHNER\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

5,99 Gb Total Physical Memory | 4,05 Gb Available Physical Memory | 67,62% Memory free
11,98 Gb Paging File | 9,20 Gb Available in Paging File | 76,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 691,45 Gb Total Space | 252,71 Gb Free Space | 36,55% Space Free | Partition Type: NTFS
Drive D: | 691,71 Gb Total Space | 211,81 Gb Free Space | 30,62% Space Free | Partition Type: NTFS

Computer Name: LOECHNER-PC | User Name: LOECHNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========/color

PRC - [2014/01/31 17:05:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LOECHNER\Downloads\OTL.exe
PRC - [2014/01/23 13:33:48 | 003,813,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2014/01/22 20:37:49 | 001,001,472 | ---- | M] (CybelSoft) -- D:\Mes documents\2. Hippolyte\PlayForFight Launcher.exe
PRC - [2014/01/18 11:16:25 | 001,863,048 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
PRC - [2014/01/03 16:25:54 | 003,115,008 | ---- | M] () -- C:\Program Files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe
PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/20 18:06:36 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/17 13:03:39 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/12/17 13:02:47 | 001,011,768 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013/12/17 13:02:39 | 000,684,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/11/29 17:57:02 | 002,273,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013/11/29 17:56:51 | 001,370,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/11/12 11:48:33 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/11/11 08:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/11/08 21:46:18 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/05/18 00:23:36 | 002,938,880 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2011/03/24 08:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe
PRC - [2010/06/25 19:44:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/12/09 10:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
PRC - [2009/08/28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/18 08:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2009/08/13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/08/12 23:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/08/07 14:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 14:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2007/05/10 21:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2006/04/10 13:24:20 | 000,049,220 | ---- | M] (Samsung) -- C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe
PRC - [2001/09/16 15:26:20 | 000,266,304 | ---- | M] (DataViz Inc.) -- C:\Program Files\Conversions Plus\FORMATM.EXE


[color=#E56717]========== Modules (No Company Name) ==========/color

MOD - [2014/01/18 11:16:25 | 016,287,624 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
MOD - [2013/12/20 18:06:36 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/11/02 09:46:22 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll
MOD - [2013/11/02 09:45:40 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/11/02 09:44:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/11/02 09:44:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/11/02 09:44:02 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/11/02 09:43:54 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/11/02 09:43:49 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/11/02 09:43:44 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2010/11/13 01:54:34 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 03:00:03 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\System.resources.dll
MOD - [2009/08/18 08:31:22 | 000,163,840 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2009/08/18 08:27:26 | 000,629,280 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2009/02/03 02:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll


[color=#E56717]========== Services (SafeList) ==========/color

SRV:[b]64bit:/b - [2013/11/29 17:56:40 | 015,128,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:[b]64bit:/b - [2013/11/26 10:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:/b - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:[b]64bit:/b - [2009/07/04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:[b]64bit:/b - [2001/09/16 15:26:20 | 000,266,304 | ---- | M] (DataViz Inc.) [Auto | Running] -- C:\Program Files\Conversions Plus\FORMATM.EXE -- (MacFormatService)
SRV - [2014/01/23 13:33:48 | 002,221,904 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014/01/18 11:16:25 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/03 16:25:54 | 003,115,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe -- (MajIndexEducationService)
SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/20 18:06:36 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/17 13:03:39 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/12/17 13:02:47 | 001,011,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013/12/13 12:53:14 | 000,377,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/11/29 17:56:51 | 001,370,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/11/12 11:48:33 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/11/11 08:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/05/18 00:23:36 | 002,938,880 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/25 19:44:00 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/09 10:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009/09/10 14:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/13 00:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/08/07 14:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/07/28 21:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/03/20 15:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)


[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV:[b]64bit:/b - [2013/12/17 13:03:44 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:/b - [2013/12/17 13:03:44 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:/b - [2013/10/30 18:03:12 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:[b]64bit:/b - [2013/10/01 11:16:34 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:[b]64bit:/b - [2013/09/18 09:33:22 | 000,226,768 | ---- | M] (Focusrite A.E.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Saffire.sys -- (Saffire)
DRV:[b]64bit:/b - [2013/09/18 09:33:22 | 000,047,824 | ---- | M] (Focusrite A.E.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaffireAudio.sys -- (SaffireAudio)
DRV:[b]64bit:/b - [2013/09/18 09:33:22 | 000,038,352 | ---- | M] (Focusrite A.E.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaffireMidi.sys -- (SaffireMidi)
DRV:[b]64bit:/b - [2013/06/29 16:25:06 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:[b]64bit:/b - [2013/06/29 16:25:06 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:[b]64bit:/b - [2013/04/17 01:56:46 | 000,023,824 | ---- | M] (Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\diginet.sys -- (DigiNet)
DRV:[b]64bit:/b - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:/b - [2013/03/28 18:50:02 | 000,041,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eve.sys -- (Eve)
DRV:[b]64bit:/b - [2013/02/25 09:12:04 | 002,426,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:[b]64bit:/b - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:/b - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:/b - [2012/05/16 10:13:34 | 000,105,624 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:[b]64bit:/b - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:/b - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:/b - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:/b - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:/b - [2010/07/16 01:45:42 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:[b]64bit:/b - [2010/07/10 15:20:45 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:/b - [2010/02/03 11:16:50 | 000,196,992 | ---- | M] (Archwave AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pae_1394_x64.sys -- (pae_1394)
DRV:[b]64bit:/b - [2009/08/07 14:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:/b - [2009/07/18 06:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:[b]64bit:/b - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:/b - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:/b - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:/b - [2009/07/14 01:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:[b]64bit:/b - [2009/07/14 01:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:[b]64bit:/b - [2009/06/12 11:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:[b]64bit:/b - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:/b - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:/b - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:/b - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:/b - [2009/06/02 12:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:[b]64bit:/b - [2009/06/02 12:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:[b]64bit:/b - [2009/06/02 12:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:[b]64bit:/b - [2009/05/06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:[b]64bit:/b - [2009/05/06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:[b]64bit:/b - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:[b]64bit:/b - [2008/09/23 10:19:04 | 000,034,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gwfilt64.sys -- (gwfilt64)
DRV:[b]64bit:/b - [2007/10/09 16:06:56 | 000,069,168 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pae_avs_x64.sys -- (pae_avs)
DRV:[b]64bit:/b - [2005/09/23 21:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2010/06/24 20:16:05 | 000,036,352 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Haspnt.sys -- (Haspnt)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/10/21 06:25:32 | 000,013,396 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\MTictwl.sys -- (NCPro)
DRV - [2005/10/21 06:25:32 | 000,013,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\MTictwl.sys -- (MagicTune)
DRV - [2001/09/16 15:24:00 | 000,176,709 | ---- | M] (DataViz Inc.) [File_System | Boot | Stopped] -- C:\Windows\SysWow64\drivers\MacOpen.sys -- (MacOpen)


[color=#E56717]========== Standard Registry (SafeList) ==========/color


[color=#E56717]========== Internet Explorer ==========/color

IE:[b]64bit:/b - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:[b]64bit:/b - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
IE:[b]64bit:/b - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&m=aspire_m7721&r=17360610t206pe465v155w44j1t30n
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKCU\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {D655DBD8-0F83-4296-8B32-9F482E4524DF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{D655DBD8-0F83-4296-8B32-9F482E4524DF}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========/color

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.hotmail.com/"
FF - prefs.js..extensions.enabledAddons: %7B132E58DE-22BF-44CA-A061-7FCE1E8BA1EC%7D:2.1.9
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:%7BTB_VERSION%7D
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: "https://www.google.com/webhp?gws_rd=ssl"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:[b]64bit:/b - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:[b]64bit:/b - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:/b - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\LOECHNER\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\LOECHNER\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/20 18:06:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/17 12:52:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9caf5d89-eb75-43ab-9b57-9d4b5b6094ef}: C:\Program Files (x86)\Re-markit\150.xpi

[2010/06/24 16:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LOECHNER\AppData\Roaming\mozilla\Extensions
[2014/01/27 09:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LOECHNER\AppData\Roaming\mozilla\Firefox\Profiles\boq222za.default\extensions
[2012/09/19 16:54:52 | 000,000,000 | ---D | M] (Freecorder 6) -- C:\Users\LOECHNER\AppData\Roaming\mozilla\Firefox\Profiles\boq222za.default\extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC}
[2014/01/27 09:10:36 | 000,000,000 | ---D | M] (WOT) -- C:\Users\LOECHNER\AppData\Roaming\mozilla\Firefox\Profiles\boq222za.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/11/16 21:22:36 | 000,000,000 | ---D | M] ("@@toolbarname@@") -- C:\Users\LOECHNER\AppData\Roaming\mozilla\Firefox\Profiles\boq222za.default\extensions\toolbar@ask.com
[2014/01/16 19:01:12 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\LOECHNER\AppData\Roaming\mozilla\firefox\profiles\boq222za.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/01/25 10:53:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/20 18:06:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014/01/28 14:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/20 18:06:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[color=#E56717]========== Chrome ==========/color

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: https://www.google.com/?gws_rd=ssl
CHR - Extension: No name found = C:\Users\LOECHNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: No name found = C:\Users\LOECHNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: No name found = C:\Users\LOECHNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: No name found = C:\Users\LOECHNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Users\LOECHNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: No name found = C:\Users\LOECHNER\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:/b - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:[b]64bit:/b - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:/b - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Freecorder 6) - {6B34ACCF-1B63-4E1A-8633-461917C75544} - C:\Program Files (x86)\Freecorder 6\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:[b]64bit:/b - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder 6) - {6B34ACCF-1B63-4E1A-8633-461917C75544} - C:\Program Files (x86)\Freecorder 6\tbcore3.dll ()
O4:[b]64bit:/b - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:[b]64bit:/b - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:/b - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MacLicense] C:\Program Files\Conversions Plus\MacLic.exe (DataViz Inc.)
O4 - HKCU..\Run: [EPSON Stylus D78 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIBGE.EXE /FU "C:\Users\LOECHNER\AppData\Local\Temp\E_S2253.tmp" /EF "HKCU" File not found
O4 - HKCU..\RunOnce: [UserLayout.exe] C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe (CybelSoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:[b]64bit:/b - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:[b]64bit:/b - Extra context menu item: Ajouter au fichier PDF existant - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:/b - Extra context menu item: Convertir en Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:/b - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:/b - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:/b - Extra context menu item: Convertir la sélection en Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:/b - Extra context menu item: Convertir la sélection en un fichier PDF existant - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:/b - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:/b - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:[b]64bit:/b - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Ajouter au fichier PDF existant - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir en Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:[b]64bit:/b - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13[b]64bit:/b - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E6C0F21-404B-4D33-9803-4183259F272A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A370574F-AE94-4DA1-B10B-6094E7156AAA}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:/b - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:[b]64bit:/b - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:/b - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:/b - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:/b - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:/b - Protocol\Handler\wlpg - No CLSID value found
O18:[b]64bit:/b - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:/b - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:/b - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:/b - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{23c1d6c8-667a-11e0-8ec1-90fba649a48b}\Shell - "" = AutoRun
O33 - MountPoints2\{23c1d6c8-667a-11e0-8ec1-90fba649a48b}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{675061f8-e087-11e2-9eb6-90fba649a48b}\Shell - "" = AutoRun
O33 - MountPoints2\{675061f8-e087-11e2-9eb6-90fba649a48b}\Shell\AutoRun\command - "" = K:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:/b - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:/b - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:/b - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:/b - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2014/01/31 12:56:17 | 000,000,000 | ---D | C] -- C:\Users\LOECHNER\AppData\Roaming\dclogs
[2014/01/31 12:56:15 | 001,001,472 | ---- | C] (CybelSoft) -- C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe
[2014/01/30 21:25:00 | 000,000,000 | ---D | C] -- C:\Users\LOECHNER\Desktop\cle_seb
[2014/01/30 21:20:14 | 000,000,000 | ---D | C] -- C:\Users\LOECHNER\AppData\Local\{1377398D-C2FE-45AA-AAF9-BD377AA42D62}
[2014/01/30 20:40:18 | 000,000,000 | ---D | C] -- C:\Users\LOECHNER\Desktop\RK_Quarantine
[2014/01/29 20:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2014/01/29 20:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZHPDiag
[2014/01/29 20:08:28 | 000,000,000 | ---D | C] -- C:\Users\LOECHNER\AppData\Roaming\ZHP
[2014/01/28 14:21:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2014/01/28 13:30:46 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe
[2014/01/28 13:30:46 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe
[2014/01/28 13:30:46 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swreg.exe
[2014/01/28 13:30:46 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe
[2014/01/28 13:30:46 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe
[2014/01/28 13:30:46 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe
[2014/01/28 13:30:46 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe
[2014/01/28 13:30:46 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe
[2014/01/28 13:30:46 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swxcacls.exe
[2014/01/28 13:30:46 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe
[2014/01/28 13:30:46 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysWow64\Process.exe
[2014/01/27 12:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014/01/27 12:37:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2014/01/27 09:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/27 09:11:55 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/27 09:11:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/01/25 15:33:45 | 000,000,000 | ---D | C] -- C:\Users\LOECHNER\Desktop\Minecraft
[2014/01/25 09:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/01/25 09:58:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/01/22 16:17:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2014/01/20 18:46:42 | 000,000,000 | ---D | C] -- C:\Users\LOECHNER\AppData\Roaming\playforfight
[2009/12/16 19:16:36 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2 C:\Users\LOECHNER\Documents\*.tmp files -> C:\Users\LOECHNER\Documents\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========/color

[2014/01/31 17:07:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/31 16:50:19 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/31 16:50:19 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/31 16:30:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/31 16:30:10 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/31 13:17:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/31 12:49:55 | 529,928,191 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/30 21:27:47 | 001,677,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/30 21:27:47 | 000,750,416 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2014/01/30 21:27:47 | 000,657,174 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/30 21:27:47 | 000,151,062 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2014/01/30 21:27:47 | 000,122,986 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/30 20:39:29 | 003,794,432 | ---- | M] () -- C:\Users\LOECHNER\Desktop\RogueKiller.exe
[2014/01/29 21:05:53 | 000,633,618 | ---- | M] () -- C:\Users\LOECHNER\AppData\Roaming\kjjk$.exe
[2014/01/29 20:18:25 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2014/01/29 20:08:31 | 000,001,995 | ---- | M] () -- C:\Users\LOECHNER\Desktop\ZHPFix.lnk
[2014/01/29 20:08:31 | 000,001,868 | ---- | M] () -- C:\Users\LOECHNER\Desktop\ZHPDiag.lnk
[2014/01/29 19:51:27 | 000,117,837 | ---- | M] () -- C:\Users\LOECHNER\AppData\Roaming\hin.exe
[2014/01/29 19:50:12 | 000,635,655 | ---- | M] () -- C:\Users\LOECHNER\AppData\Roaming\l.exe
[2014/01/29 19:02:59 | 000,002,132 | ---- | M] () -- C:\Users\LOECHNER\Desktop\MBAM-log-2014-01-28 (19-56-42) - Raccourci.lnk
[2014/01/28 13:33:25 | 000,002,350 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
[2014/01/27 09:11:56 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/25 10:40:52 | 000,001,647 | ---- | M] () -- C:\Windows\SysWow64\${LOGFILE}
[2014/01/22 20:37:49 | 001,001,472 | ---- | M] (CybelSoft) -- C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe
[2014/01/21 11:34:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\options
[2014/01/16 12:56:19 | 002,471,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/09 17:42:14 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2 C:\Users\LOECHNER\Documents\*.tmp files -> C:\Users\LOECHNER\Documents\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========/color

[2014/01/30 20:39:27 | 003,794,432 | ---- | C] () -- C:\Users\LOECHNER\Desktop\RogueKiller.exe
[2014/01/29 21:03:58 | 000,633,618 | ---- | C] () -- C:\Users\LOECHNER\AppData\Roaming\kjjk$.exe
[2014/01/29 20:18:25 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin
[2014/01/29 20:08:31 | 000,001,995 | ---- | C] () -- C:\Users\LOECHNER\Desktop\ZHPFix.lnk
[2014/01/29 20:08:31 | 000,001,868 | ---- | C] () -- C:\Users\LOECHNER\Desktop\ZHPDiag.lnk
[2014/01/29 19:51:01 | 000,117,837 | ---- | C] () -- C:\Users\LOECHNER\AppData\Roaming\hin.exe
[2014/01/29 19:46:58 | 000,635,655 | ---- | C] () -- C:\Users\LOECHNER\AppData\Roaming\l.exe
[2014/01/29 19:02:59 | 000,002,132 | ---- | C] () -- C:\Users\LOECHNER\Desktop\MBAM-log-2014-01-28 (19-56-42) - Raccourci.lnk
[2014/01/28 13:31:28 | 000,002,350 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
[2014/01/28 13:30:46 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2014/01/28 13:30:46 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2014/01/28 13:30:46 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2014/01/27 09:11:56 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/25 10:40:39 | 000,001,647 | ---- | C] () -- C:\Windows\SysWow64\${LOGFILE}
[2014/01/21 11:34:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\options
[2013/12/09 20:11:31 | 000,000,017 | ---- | C] () -- C:\Users\LOECHNER\AppData\Local\resmon.resmoncfg
[2013/11/01 16:32:17 | 001,651,504 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/02 19:39:08 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\Uninstall.dll
[2012/08/04 19:44:24 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/06/24 14:31:06 | 000,010,752 | ---- | C] () -- C:\Users\LOECHNER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/24 14:30:04 | 000,061,208 | ---- | C] () -- C:\Windows\SysWow64\MPEG4E-uninstall.exe
[2011/12/19 10:13:59 | 000,000,000 | ---- | C] () -- C:\Users\LOECHNER\AppData\Local\{B7CF92F6-FA10-4B4D-93DA-67EBF9DBE3F0}
[2011/12/19 10:12:11 | 000,000,000 | ---- | C] () -- C:\Users\LOECHNER\AppData\Local\{0B10172A-9C6C-44A1-A11A-32B19289AA46}
[2011/09/04 08:38:09 | 000,000,000 | ---- | C] () -- C:\Users\LOECHNER\AppData\Local\{6CBDA8C1-C9E6-489B-872E-445793367342}
[2011/01/07 18:03:36 | 000,001,082 | ---- | C] () -- C:\Users\LOECHNER\AppData\Roaming\ParisChase3.MCS
[2010/06/25 20:08:57 | 000,000,373 | R--- | C] () -- C:\Users\LOECHNER\_22_f04ae50e0a8c66bc5595d9c38e023a43
[2010/06/25 16:11:55 | 000,000,087 | ---- | C] () -- C:\Program Files\Sound ForgeSFLAUNCH.INI

[color=#E56717]========== ZeroAccess Check ==========/color

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========/color

[2014/01/30 18:41:43 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\.minecraft
[2013/12/17 17:27:24 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\.Nachie1.6
[2010/06/25 15:50:20 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\ACD Systems
[2014/01/29 21:43:18 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\Audacity
[2013/10/08 18:46:38 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\Avid
[2012/08/06 14:13:04 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\Cakewalk
[2013/11/01 22:50:26 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\Canneverbe Limited
[2011/10/18 11:12:04 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\DAEMON Tools Lite
[2014/01/31 12:57:40 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\dclogs
[2010/06/27 08:57:55 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\Facebook
[2012/04/12 10:39:52 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\FireBox Mixer
[2010/06/26 10:15:50 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\FreeAudioPack
[2010/12/08 18:00:10 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\FreeCDRipper
[2013/01/28 11:08:11 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\Freecorder 6 Audio
[2013/05/13 19:38:35 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\Freecorder 6 Converter
[2012/09/19 19:07:04 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\Freecorder 6 Video
[2010/10/07 16:49:56 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\GrabPro
[2012/02/03 18:00:55 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\Kiddinx
[2013/10/09 13:25:18 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\Leadertech
[2011/12/17 15:26:55 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\OpenOffice.org
[2010/10/07 16:54:17 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\Orbit
[2013/12/10 15:22:43 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\PACE Anti-Piracy
[2014/01/31 13:26:24 | 000,000,000 | ---D | M] -- C:\Users\LOECHNER\AppData\Roaming\playforfight
0
Réponse 43 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
Rapport malware avec MAJ ici

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2014.01.31.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
LOECHNER :: LOECHNER-PC [administrateur]

31/01/2014 17:16:33
MBAM-log-2014-01-31 (17-19-56).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 220843
Temps écoulé: 3 minute(s), 7 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Aucune action effectuée.

Valeur(s) du Registre détectée(s): 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|UserLayout.exe (Backdoor.Messa.E) -> Données: C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe -> Aucune action effectuée.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 1
C:\Users\LOECHNER\AppData\Roaming\dclogs (Stolen.Data) -> Aucune action effectuée.

Fichier(s) détecté(s): 2
C:\Users\LOECHNER\AppData\Roaming\dclogs\2014-01-31-6.dc (Stolen.Data) -> Aucune action effectuée.
C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe (Backdoor.Messa.E) -> Aucune action effectuée.

(fin)
0
Réponse 44 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
je télécharge combofix et je lance un scan ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 165
lilidurhone Messages postés 43355 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 807
 
Tu as bien fait suppression?
0
Réponse 46 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
Bien sûr j'ai bien fais suppression puis redémarrer ma machien à chaque fois...
mais les mêmes fichiers vérolés reviennent à chaque fois...
^^ rhalala
0
Réponse 47 / 165
lilidurhone Messages postés 43355 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 807
 
J'aurais bien tenté un outil avant de laisser la main

Je vais t'expliquer pourquoi

Tu as une infection résistante et l'outil que cabrier a proposé je ne le connais pas ni sais comment l'utiliser :)

Par prudence je préfère laisser la main ;)
0
Réponse 48 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
Mince alors j'ai compris de travers
j'ai cru qu'il fallait lancer combofix

En fait c'est ton collègue qui a tapé ça...

Du coup j'ai le rapport ici

ComboFix 14-01-29.01 - LOECHNER 31/01/2014 17:43:05.1.8 - x64
Microsoft Windows 7 Édition Familiale Premium 6.1.7601.1.1252.33.1036.18.6135.4426 [GMT 1:00]
Lancé depuis: c:\users\LOECHNER\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un nouveau point de restauration a été créé
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\programdata\Local Settings\Temp
c:\users\LOECHNER\AppData\Roaming\dclogs
c:\users\LOECHNER\AppData\Roaming\dclogs\2014-01-31-6.dc
c:\users\LOECHNER\AppData\Roaming\hin.exe
c:\users\LOECHNER\AppData\Roaming\kjjk$.exe
c:\users\LOECHNER\AppData\Roaming\l.exe
c:\users\LOECHNER\AppData\Roaming\UserLayout.exe
c:\users\LOECHNER\Documents\~WRL0705.tmp
c:\users\LOECHNER\Documents\~WRL3604.tmp
c:\windows\iun6002.exe
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\ir41_qc.dll.new00
c:\windows\SysWow64\ir41_qcx.dll.new00
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\wpcap.dll
c:\windows\SysWow64\WS2Fix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-12-28 au 2014-01-31 ))))))))))))))))))))))))))))))))))))
.
.
2014-01-31 11:55 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4D74D8D4-017B-43CF-8395-D451F52A36DA}\mpengine.dll
2014-01-29 19:18 . 2014-01-29 19:18 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2014-01-29 19:08 . 2014-01-31 15:45 -------- d-----w- c:\users\LOECHNER\AppData\Roaming\ZHP
2014-01-29 19:08 . 2014-01-31 15:45 -------- d-----w- c:\program files (x86)\ZHPDiag
2014-01-27 11:37 . 2014-01-27 11:37 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-01-27 08:11 . 2014-01-27 08:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-27 08:11 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-25 08:59 . 2014-01-25 08:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-01-25 08:58 . 2014-01-25 08:58 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-22 15:17 . 2014-01-31 16:51 -------- d-----w- c:\programdata\Local Settings
2014-01-20 17:46 . 2014-01-31 12:26 -------- d-----w- c:\users\LOECHNER\AppData\Roaming\playforfight
2014-01-16 16:03 . 2014-01-16 16:03 82432 ----a-w- c:\users\LOECHNER\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2014-01-16 16:03 . 2014-01-16 16:03 44544 ----a-w- c:\users\LOECHNER\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2014-01-16 16:03 . 2014-01-16 16:03 1275392 ----a-w- c:\users\LOECHNER\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
2014-01-15 18:01 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 18:01 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 18:01 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 18:01 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 18:01 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 18:01 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 18:01 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 18:01 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 18:01 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-18 10:16 . 2013-08-01 14:35 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-18 10:16 . 2011-05-14 07:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-15 20:59 . 2010-06-24 14:49 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-18 05:13 . 2010-06-24 14:17 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-17 12:03 . 2013-05-07 12:06 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-12-17 12:03 . 2013-03-29 16:11 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-12-17 12:03 . 2013-03-29 16:11 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-11-29 16:56 . 2013-11-01 15:36 1096480 ----a-w- c:\windows\system32\nvspcap64.dll
2013-11-29 16:56 . 2013-11-01 15:36 979744 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-11-26 11:54 . 2013-12-12 20:05 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-12 20:05 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-12 20:05 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-12 20:05 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-12 20:05 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-12 20:05 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-12 20:05 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-12 20:05 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-12 20:05 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-12 20:05 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-12 20:05 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-12 20:05 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-12 20:05 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-12 20:05 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-12 20:05 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-12 20:05 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-12 20:05 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-12 20:05 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-12 20:05 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-12 20:05 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-12 20:05 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-12 20:05 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-12 20:05 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-12 20:05 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-12 16:22 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 16:22 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-19 21:09 . 2013-11-19 21:09 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-19 21:09 . 2013-11-19 21:09 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-11-19 21:09 . 2013-11-19 21:09 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-19 21:09 . 2013-11-19 21:09 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-11-19 21:09 . 2013-11-19 21:09 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-11-19 21:09 . 2013-11-19 21:09 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-19 21:09 . 2013-11-19 21:09 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-11-19 21:09 . 2013-11-19 21:09 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-11-19 21:09 . 2013-11-19 21:09 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-11-19 21:09 . 2013-11-19 21:09 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-19 21:09 . 2013-11-19 21:09 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-19 21:09 . 2013-11-19 21:09 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-11-19 21:09 . 2013-11-19 21:09 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-19 21:09 . 2013-11-19 21:09 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-19 21:09 . 2013-11-19 21:09 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-11-19 21:09 . 2013-11-19 21:09 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-11-19 21:09 . 2013-11-19 21:09 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-11-19 21:09 . 2013-11-19 21:09 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-11-19 21:09 . 2013-11-19 21:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-11-19 21:09 . 2013-11-19 21:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-19 21:09 . 2013-11-19 21:09 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-11-19 21:09 . 2013-11-19 21:09 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-11-19 21:09 . 2013-11-19 21:09 247808 ----a-w- c:\windows\system32\msls31.dll
2013-11-19 21:09 . 2013-11-19 21:09 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-11-19 21:09 . 2013-11-19 21:09 195584 ----a-w- c:\windows\system32\msrating.dll
2013-11-19 21:09 . 2013-11-19 21:09 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-11-19 21:09 . 2013-11-19 21:09 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-11-19 21:09 . 2013-11-19 21:09 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-11-19 21:09 . 2013-11-19 21:09 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-11-19 21:09 . 2013-11-19 21:09 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-19 21:09 . 2013-11-19 21:09 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-11-19 21:09 . 2013-11-19 21:09 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-11-19 21:09 . 2013-11-19 21:09 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-19 21:09 . 2013-11-19 21:09 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-11-19 21:09 . 2013-11-19 21:09 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-11-19 21:09 . 2013-11-19 21:09 81408 ----a-w- c:\windows\system32\icardie.dll
2013-11-19 21:09 . 2013-11-19 21:09 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-11-19 21:09 . 2013-11-19 21:09 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-11-19 21:09 . 2013-11-19 21:09 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-11-19 21:09 . 2013-11-19 21:09 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-11-19 21:09 . 2013-11-19 21:09 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-11-19 21:09 . 2013-11-19 21:09 413696 ----a-w- c:\windows\system32\html.iec
2013-11-19 21:09 . 2013-11-19 21:09 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-19 21:09 . 2013-11-19 21:09 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-19 21:09 . 2013-11-19 21:09 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-11-19 21:09 . 2013-11-19 21:09 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-11-19 21:09 . 2013-11-19 21:09 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-11-19 21:09 . 2013-11-19 21:09 235520 ----a-w- c:\windows\system32\url.dll
2013-11-19 21:09 . 2013-11-19 21:09 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-11-19 21:09 . 2013-11-19 21:09 143872 ----a-w- c:\windows\system32\wextract.exe
2013-11-19 21:09 . 2013-11-19 21:09 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-19 21:09 . 2013-11-19 21:09 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-19 21:09 . 2013-11-19 21:09 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-19 21:09 . 2013-11-19 21:09 774144 ----a-w- c:\windows\system32\jscript.dll
2013-11-19 21:09 . 2013-11-19 21:09 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-11-19 21:09 . 2013-11-19 21:09 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-11-19 21:09 . 2013-11-19 21:09 147968 ----a-w- c:\windows\system32\occache.dll
2013-11-19 21:09 . 2013-11-19 21:09 13824 ----a-w- c:\windows\system32\mshta.exe
2013-11-19 21:09 . 2013-11-19 21:09 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-14 11:56 . 2013-11-19 19:29 18293608 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-11-14 11:56 . 2013-02-25 22:32 15862272 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-11-14 11:56 . 2013-11-19 19:29 9619872 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-11-14 11:56 . 2013-11-19 19:29 11514624 ----a-w- c:\windows\system32\nvopencl.dll
2013-11-14 11:56 . 2013-11-19 19:29 30361888 ----a-w- c:\windows\system32\nvoglv64.dll
2013-11-14 11:56 . 2013-11-19 19:29 22951200 ----a-w- c:\windows\SysWow64\nvoglv32.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6B34ACCF-1B63-4E1A-8633-461917C75544}"= "c:\program files (x86)\Freecorder 6\tbcore3.dll" [2012-08-01 2711928]
.
[HKEY_CLASSES_ROOT\clsid\{6b34accf-1b63-4e1a-8633-461917c75544}]
[HKEY_CLASSES_ROOT\TBSB00808.TBSB00808.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB00808.TBSB00808]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"MacLicense"="c:\program files\Conversions Plus\MacLic.exe" [2001-09-16 163904]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-17 684600]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-01-23 3813200]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NCProTray.lnk - c:\program files (x86)\SEC\Natural Color Pro\NCProTray.exe [2010-7-9 49220]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R0 MacOpen;MacOpen; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 Eve;EVE Protocol Driver;c:\windows\system32\DRIVERS\eve.sys;c:\windows\SYSNATIVE\DRIVERS\eve.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys;c:\windows\SYSNATIVE\DRIVERS\diginet.sys [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MajIndexEducationService;Mise à jour automatique - Index Education;c:\program files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe;c:\program files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4Detection.exe [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x]
S3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys;c:\windows\SYSNATIVE\drivers\gwfilt64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Saffire;Saffire;c:\windows\system32\Drivers\Saffire.sys;c:\windows\SYSNATIVE\Drivers\Saffire.sys [x]
S3 SaffireAudio;Saffire Audio;c:\windows\system32\drivers\SaffireAudio.sys;c:\windows\SYSNATIVE\drivers\SaffireAudio.sys [x]
S3 SaffireMidi;Saffire MIDI;c:\windows\system32\drivers\SaffireMidi.sys;c:\windows\SYSNATIVE\drivers\SaffireMidi.sys [x]
.
.
Contenu du dossier 'Tâches planifiées'
.
2014-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-01 10:16]
.
2014-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-24 14:19]
.
2014-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-24 14:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-29 1096480]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-11-29 2273056]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Envoyer à OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Ajouter au fichier PDF existant - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
FF - ProfilePath - c:\users\LOECHNER\AppData\Roaming\Mozilla\Firefox\Profiles\boq222za.default\
FF - prefs.js: browser.startup.homepage - www.hotmail.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-12-10 18:56; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\LOECHNER\AppData\Roaming\Mozilla\Firefox\Profiles\boq222za.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{6B34ACCF-1B63-4E1A-8633-461917C75544} - (no file)
AddRemove-Freecorder_1.0 - c:\windows\iun6002.exe
AddRemove-{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B} - c:\programdata\Updater\Uninstall.exe
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,38,12,8a,de,68,
55,95,ad,1e,00,cd,08,68,12,b3,4d,db,d3
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"=hex:51,66,7a,6c,4c,1d,38,12,bc,bb,81,
17,37,12,f1,04,d7,e0,fa,b1,5f,07,22,06
"{6B34ACCF-1B63-4E1A-8633-461917C75544}"=hex:51,66,7a,6c,4c,1d,38,12,a1,af,27,
6f,51,55,74,0b,f9,25,05,59,12,99,11,50
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,38,12,ab,1e,5f,
03,12,dd,f4,0f,eb,6b,83,02,91,c2,26,02
"{0FB6A909-6086-458F-BD92-1F8EE10042A0}"=hex:51,66,7a,6c,4c,1d,38,12,67,aa,a5,
0b,b4,2e,e1,00,c2,84,5c,ce,e4,5e,06,b4
"{1631550F-191D-4826-B069-D9439253D926}"=hex:51,66,7a,6c,4c,1d,38,12,61,56,22,
12,2f,57,48,0d,cf,7f,9a,03,97,0d,9d,32
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FCBCCB87-9224-4B8D-B117-F56D924BEB18}"=hex:51,66,7a,6c,4c,1d,38,12,e9,c8,af,
f8,16,dc,e3,0e,ce,01,b6,2d,97,15,af,0c
"{182EC0BE-5110-49C8-A062-BEB1D02A220B}"=hex:51,66,7a,6c,4c,1d,38,12,d0,c3,3d,
1c,22,1f,a6,0c,df,74,fd,f1,d5,74,66,1f
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:24,11,08,52,f4,dd,cd,01
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.032"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ani"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bay"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-3929475522-2066774324-1603334053-1001)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Bitmap"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bw"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cr2"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.crw"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cs1"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cur"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcr"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcx"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dib"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.djv"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.djvu"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dng"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.emf"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.eps"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.erf"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fff"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fpx"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-3929475522-2066774324-1603334053-1001)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLive.PhotoGallery.gif.15.4"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icl"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icn"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ico"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.iff"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ilbm"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.int"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.inta"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.iw4"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2c"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2k"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jfif"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jif"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jp2"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpc"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpe"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpeg"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpg"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpk"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpx"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.lbm"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mos"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mrw"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.nef"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.orf"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pbm"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pcd"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pct"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (S-1-5-21-3929475522-2066774324-1603334053-1001)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\ois.exe"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pef"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pgm"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pic"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pict"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pix"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.png"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ppm"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.psd"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.psp"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raf"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ras"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raw"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rgb"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rgba"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rle"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rsb"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sgi"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sr2"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.srf"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tga"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.thm"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tif"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-3929475522-2066774324-1603334053-1001)
@Denied: (2) (LocalSystem)
"Progid"="PhotoViewer.FileAssoc.Tiff"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttc"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttf"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wbm"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wbmp"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wmf"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xbm"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xif"
.
[HKEY_USERS\S-1-5-21-3929475522-2066774324-1603334053-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:3a,91,3d,a5,e8,1e,2b,3a,c2,c1,b5,be,2c,6c,ac,13,1d,b2,33,4d,45,
c0,5a,17,fa,23,fe,51,1b,e0,e7,dc,b7,52,aa,3e,e8,a2,b4,ad,40,ca,e1,30,e2,ae,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:75,f3,aa,48,56,cb,d0,08,81,b7,27,ef,13,ff,51,3d,1e,4a,ca,6b,75,
68,38,3e,2a,7d,9b,ab,e2,84,73,f8,db,7d,a6,eb,f1,7d,b5,d9,17,00,0d,a8,00,e9,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Autres processus actifs ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files\Conversions Plus\FORMATM.EXE
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Avira\AntiVir Desktop\avscan.exe
.
**************************************************************************
.
Heure de fin: 2014-01-31 18:09:48 - La machine a redémarré
ComboFix-quarantined-files.txt 2014-01-31 17:09
.
Avant-CF: 271 033 888 768 octets libres
Après-CF: 270 173 220 864 octets libres
.
- - End Of File - - 90651712483FEA6BBF2E21205888AD33
70E629B51C16B3C007730C6AE57144C9
0
Réponse 49 / 165
lilidurhone Messages postés 43355 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 807
 
Refais un scan Mbam

Si problème il y a il existe toujours une solution
*** Contributrice sécurité ***
0
Utilisateur anonyme
 
Bonsoir
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
MalwareBytes ne fait pas le poids contre ce rootkit.
En espérant que ComboFix l'a mis KO.
Normal qu'il revenait, un rootkit ne se supprime pas aussi facilement.
Bonne continuation.
0
Réponse 50 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
Oui je comprends !
Bon alors le rapport de zhpdia

~ Rapport de ZHPDiag v2014.1.25.26 - Nicolas Coolman (25/01/2014)
~ Lancé par LOECHNER (31/01/2014 22:10:56)
~ Adresse du Site Web https://nicolascoolman.webs.com/
~ Forums gratuits d'Assistance à la désinfection : https://nicolascoolman.webs.com/
~ Traduit par Nicolas Coolman
~ Etat de la version :
~ Liste blanche : Activée par le programme
~ Elévation des Privilèges : OK
~ User Account Control (UAC): Activate by user


---\\ Navigateurs Internet
MSIE: Internet Explorer v11.0.9600.16476 (Defaut)
MFIE: Mozilla Firefox 26.0

---\\ Informations sur les produits Windows
~ Langage: Français
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Windows ID Activation : OK
~ Windows Partial Key : 7QJB7
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Logiciels de protection du système
Avira Free Antivirus v14.0.2.286
Malwarebytes Anti-Malware version 1.75.0.1300
Windows Defender W7

---\\ Logiciels d'optimisation du système
CCleaner v4.07 =>Piriform Ltd

---\\ Logiciels de partage PeerToPeer

---\\ Surveillance de Logiciels
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51

---\\ Informations sur le système
~ Processor: Intel64 Family 6 Model 26 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6135 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 252 GB (36%) free of 691 GB

---\\ Mode de connexion au système
~ Computer Name: LOECHNER-PC
~ User Name: LOECHNER
~ All Users Names: LOECHNER, Administrateur, 7B43C345E0764AC59F81,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Variables d'environnement
~ System Unit : C:\
~ %AppZHP% : C:\Users\LOECHNER\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\LOECHNER\AppData\Roaming\
~ %Desktop% : C:\Users\LOECHNER\Desktop\
~ %Favorites% : C:\Users\LOECHNER\Favorites\
~ %LocalAppData% : C:\Users\LOECHNER\AppData\Local\
~ %StartMenu% : C:\Users\LOECHNER\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumération des unités disques
C: Hard drive, Flash drive, Thumb drive (Free 252 Go of 691 Go)
D: Hard drive, Flash drive, Thumb drive (Free 212 Go of 692 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: CD-ROM drive (Not Inserted)



---\\ Etat du Centre de Sécurité Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Recherche particulière de fichiers génériques
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.9B6678DB9C6A232C5A84D2FDFFF8B0E1] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.26/11/2013 - 08:07:57.) -- C:\Windows\System32\wininet.dll [2334208]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/09/2013 - 02:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 1/144
~ Mes musiques (My Musics) : 1/13
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/25
~ Mes Documents (My Documents) : 4/3661
~ Mon Bureau (My Desktop) : 0/143
~ Menu demarrer (Programs) : 1/39
~ Hidden Files: Scanned in 00mn 02s



---\\ Processus lancés
[MD5.D1D5DAB39DCB4BE0359943738D87409B] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [532040] [PID.2428]
[MD5.0B1B7568CED61ABF5FD717F28175C96A] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904] [PID.2496]
[MD5.588BEEE7B106E6520F550A45897D00B2] - (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384] [PID.2676]
[MD5.B644A9A9A8ADDEC20E7956373130AC2D] - (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056] [PID.2632]
[MD5.B17E1702DC1DAC26C17A917A1E255843] - (.Samsung - NCPro.) -- C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe [49220] [PID.3120]
[MD5.00287B525957A9AC91C112C7264BEA27] - (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3813200] [PID.3432]
[MD5.D9CB30BF12B3670650C85637EA1AB6EA] - (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [261888] [PID.3796]
[MD5.84F122BFFA0638CE735E891620EF7754] - (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280] [PID.3832]
[MD5.4D042B1F1375CF371AFBE0E0276BA627] - (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [624248] [PID.3852]
[MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.3876]
[MD5.4F2B6D05AFC4F680DFC2392EDA749493] - (.Applian Technologies, Inc. - FLV Service for Freecorder.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe [167936] [PID.3888] =>Riskware.Movly
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3920]
[MD5.1EEA6C1B35191DC177EA83672B9C3FC0] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.5212]
[MD5.C4407E2DBC111685B6D8D8C0057B8586] - (.CybelSoft - T3KiiLA.) -- D:\Mes documents\2. Hippolyte\PlayForFight Launcher.exe [1001472] [PID.5700]
[MD5.CA25CAEEBDBE25D85565877219F684F8] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8339968] [PID.4484]
[MD5.49D9C17FDDFAC66F27FA735E94923216] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [414496] [PID.960]
[MD5.FE79366FECD444A16CCA9979134DBEA8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376] [PID.1548]
[MD5.54192D7830C987D4DA7008204F53B34F] - (...) -- C:\Program Files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe [3115008] [PID.2044]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.2040]
[MD5.FDE9C7030FB1E9E2715E113EE6A10F90] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376] [PID.2064]
[MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376] [PID.2092]
[MD5.816FD5A6F3C2F3D600900096632FC60E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [1150496] [PID.2196]
[MD5.A39F245FC5170BF80E89BBBD59610E24] - (.DataViz Inc. - MacOpener Mac Formatter.) -- C:\Program Files\Conversions Plus\FORMATM.exe [266304] [PID.2320]
[MD5.65085456FD9A74D7F1A999520C299ECB] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376] [PID.2360]
[MD5.E0D7732F2D2E24B2DB3F67B6750295B8] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512] [PID.2384]
[MD5.BD691091AC7D9713D8F0B07C6B099E6C] - (.NewTech Infosystems, Inc. - Backup Manager Module.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [62208] [PID.2412]
[MD5.1D3878E5722F0AB3C22D04E88AC4AC55] - (.NVIDIA Corporation - NVIDIA Network Service.) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912] [PID.2716]
[MD5.673E36852E2F9FA778D5D3DDCEFA591B] - (.PACE Anti-Piracy, Inc. - PACE License Support Service.) -- C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2938880] [PID.2808]
[MD5.70DDE3A86DBEB1D6C3C30AD687B1877A] - (.Acer - Acer Update Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160] [PID.3052]
[MD5.B5E6C4F280EBF0B16F74A5B415F2E0DF] - (.Pas de propriétaire - USB S3S4 Detection.) -- C:\OEM\USBDECTION\USBS3S4Detection.exe [76320] [PID.1096]
[MD5.0E899D0DB39617AA0B2F992E7E95B5EB] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840] [PID.3228]
[MD5.29D956C8CB67222D678FAF20D485B25B] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe [1011768] [PID.2020]
[MD5.227846995AFEEFA70D328BF5334A86A5] - (.Macrovision Europe Ltd. - Activation Licensing Service.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848] [PID.4172]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\LOECHNER\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 0 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\LOECHNER\AppData\Roaming\Mozilla\Firefox\Profiles\boq222za.default\prefs.js
M0 - MFSP: prefs.js [LOECHNER - boq222za.default] www.hotmail.com
M2 - MFEP: prefs.js [LOECHNER - boq222za.default\toolbar@ask.com] [] @@toolbarname@@ v (..)
M2 - MFEP: prefs.js [LOECHNER - boq222za.default\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC}] [] Freecorder 6 v2.1.9 (..) =>Riskware.Movly
P2 - FPN: [HKCU] [@facebook.com/FBPlugin,version=1.0.3] - (.Pas de propriétaire - Provides additional functionality on Facebook. See <a href="http://www.) -- C:\Users\LOECHNER\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll =>.Facebook
~ Firefox Browser: 27 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{6B34ACCF-1B63-4E1A-8633-461917C75544} Clé orpheline
~ Toolbar: Scanned in 00mn 00s



---\\ Autres liens utilisateurs (O4)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Readme.LNK . (...) -- C:\Program Files (x86)\Waves\Documents\HTM DOCS\Join.htm
O4 - GS\QuickLaunch [LOECHNER]: DVD Decrypter.lnk . (.LIGHTNING UK! - DVD Decrypter - The Ultimate DVD Ripper!.) -- C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe
O4 - GS\QuickLaunch [LOECHNER]: Easy Audio Cutter.lnk . (.Koyote Soft - Pas de description.) -- C:\Program Files (x86)\Free Audio Pack\Easy Audio Cutter\AudioCutter.exe
O4 - GS\QuickLaunch [LOECHNER]: Free CD Ripper.lnk . (.Koyote Soft - FreeCDRipper.) -- C:\Program Files (x86)\Free Audio Pack\Free CD Ripper\FreeCDRipper.exe
O4 - GS\QuickLaunch [LOECHNER]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [LOECHNER]: Pro Tools 10.lnk . (.Avid Technology, Inc. - Pro Tools Application.) -- C:\Program Files (x86)\Avid\Pro Tools\ProTools.exe
O4 - GS\QuickLaunch [LOECHNER]: VSO Image Resizer 4.lnk . (.VSO Software SARL - ImageResizer.) -- C:\Program Files (x86)\VSO\Image Resizer 4\Resize.exe
O4 - GS\TaskBar [LOECHNER]: 00 Photoshop 7.0.lnk . (.Adobe Systems, Incorporated - Adobe Photoshop.) -- C:\Program Files (x86)\Adobe\Photoshop 7.0\Photoshop.exe
O4 - GS\TaskBar [LOECHNER]: cwpa.lnk . (.Cakewalk - Cakewalk Pro Audio.) -- C:\audio\cw9\cwpa.exe
O4 - GS\TaskBar [LOECHNER]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [LOECHNER]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - GS\TaskBar [LOECHNER]: Pro Tools 10.lnk . (.Avid Technology, Inc. - Pro Tools Application.) -- C:\Program Files (x86)\Avid\Pro Tools\ProTools.exe
O4 - GS\TaskBar [LOECHNER]: Saffire MixControl.lnk . (...) -- C:\Program Files\Focusrite\Saffire MixControl\SaffireCpl.exe
O4 - GS\TaskBar [LOECHNER]: SONAR 8 Producer Edition(x64).lnk . (.Twelve Tone Systems, Inc. - Pas de description.) -- C:\Program Files\Cakewalk\SONAR 8 Producer Edition\SONARPDR.exe
O4 - GS\Program [LOECHNER]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [LOECHNER]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [LOECHNER]: en_cours.lnk . (...) -- D:\Mes documents\7. Cours Collège Seb Elodie\Chorale\Chorale2014
O4 - GS\Desktop [LOECHNER]: Mes documents.lnk . (...) -- D:\Mes documents
~ Global Startup: 76 Legitimates Filtered in 00mn 02s



---\\ Applications lancées au démarrage du sytème (O4)
O4 - GS\Startup [Public]: NCProTray.lnk . (.Samsung - NCPro.) -- C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKLM\..\Run: [NvBackend] . (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKCU\..\RunOnce: [UserLayout.exe] . (.CybelSoft - T3KiiLA.) -- C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe
O4 - HKLM\..\Wow6432Node\Run: [JMB36X IDE Setup] . (...) -- C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
O4 - HKLM\..\Wow6432Node\Run: [Hotkey Utility] . (.Pas de propriétaire - Hotkey Utility.) -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Wow6432Node\Run: [MacLicense] . (.DataViz Inc. - MacOpener MacLicense.) -- C:\Program Files\Conversions Plus\MacLic.exe
O4 - HKLM\..\Wow6432Node\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe_ID0EYTHM] . (.Adobe Systems Incorporated - Adobe Version Cue CS3.) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [Freecorder FLV Service] . (.Applian Technologies, Inc. - FLV Service for Freecorder.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe =>Riskware.Movly
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [LogMeIn Hamachi Ui] . (.LogMeIn Inc. - Hamachi Client Application.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
O4 - HKUS\S-1-5-21-3929475522-2066774324-1603334053-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe =>Toolbar.Google
O4 - HKUS\S-1-5-21-3929475522-2066774324-1603334053-1001\..\RunOnce: [UserLayout.exe] . (.CybelSoft - T3KiiLA.) -- C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe
~ Application: Scanned in 00mn 00s



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E6C0F21-404B-4D33-9803-4183259F272A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A370574F-AE94-4DA1-B10B-6094E7156AAA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4E6C0F21-404B-4D33-9803-4183259F272A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A370574F-AE94-4DA1-B10B-6094E7156AAA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{4E6C0F21-404B-4D33-9803-4183259F272A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A370574F-AE94-4DA1-B10B-6094E7156AAA}: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocole additionnel (O18)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (MacFormatService) . (.DataViz Inc. - MacOpener Mac Formatter.) - C:\Program Files\Conversions Plus\FORMATM.exe
O23 - Service: Mise à jour automatique - Index Education (MajIndexEducationService) . (...) - C:\Program Files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe
O23 - Service: USBS3S4Detection (USBS3S4Detection) . (.Pas de propriétaire - USB S3S4 Detection.) - C:\OEM\USBDECTION\USBS3S4Detection.exe
~ Services: 22 Legitimates Filtered in 00mn 03s



---\\ Tâches planifiées en automatique (O39)
[MD5.5CA85461AFFF7D0067286AB6DAF11BC2] [APT] [{01784662-8B28-4815-9055-E057779EA8DA}] (...) -- C:\Program Files (x86)\Finale 2003\Finale install\Finale 2003.exe [95158505]
[MD5.00000000000000000000000000000000] [APT] [{2B61860C-3EDE-42D3-A5F0-05F76E4B6217}] (...) -- C:\Program Files (x86)\CONVER~1\dvzeng.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{3BD0A5E2-9A0A-4D69-8369-8C31F88A36A1}] (...) -- E:\bin\Adobe Premiere 6.0\bs-pe60\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{43E6DF3F-AB79-4620-9090-08DBB451A899}] (...) -- J:\Program Files\Outlook Express\setup50.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{496ADC8C-A36E-4533-B4D1-26B16341DCB6}] (...) -- E:\paint shop pro 7\crack\Crack.exe (.not file.) [0]
[MD5.5CA85461AFFF7D0067286AB6DAF11BC2] [APT] [{529757F2-826E-4CAE-99D0-765417F87860}] (...) -- C:\My_download_files\finale\Finale 2003.exe [95158505]
[MD5.00000000000000000000000000000000] [APT] [{795E3531-9C25-4E19-811F-4F43C46118EF}] (...) -- E:\bin\Adobe Premiere 6.0\bs-pe60\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9D0D9FA7-B60C-4126-A451-F487329AFF73}] (...) -- E:\bin\Adobe Premiere 6.0\bs-pe60\SETUP.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A316033E-2AE5-4C57-AF54-4E8869A7B3AC}] (...) -- C:\Program Files (x86)\Steinberg\Asio\dxfdsetup.exe (.not file.) [0]
[MD5.988D37BC3CE0DDD813546B97F5AE2DE7] [APT] [{C3915191-0908-4B19-AEBA-71564AFF9D16}] (...) -- C:\My_download_files\pro_tools_APTHD.10.3.5.win\Patch\02 KillerBugs v2 for Pro Tools 10.3.5 HD (for 64 bits systems).exe [92571917]
[MD5.00000000000000000000000000000000] [APT] [{D96E953A-2843-48FC-BBAB-CC7A423BAF60}] (...) -- E:\musique\effets direct x\TubeWarmth DirectX Audio Plug-In ( 935 Ko )\OSETUP.exe (.not file.) [0]
[MD5.7856D7DCA83DF06DF2C8C2B7BC59A3A9] [APT] [{E85D9429-D59D-4459-9AD5-0D45EE7BE397}] (...) -- C:\audio\tcnative\tc-essentials\TCESSENTIAL\SETUPTCE.exe [1386560]
[MD5.00000000000000000000000000000000] [APT] [{FF4ABBAC-429C-4E5B-A7FF-E9B190AE3088}] (...) -- K:\My_download_files\Firebox\FireBox_121_Installer.exe (.not file.) [0]
~ Scheduled Task: 26 Legitimates Filtered in 00mn 12s



---\\ Pilotes lancés au démarrage du système (O41)
O41 - Driver: (Eve) . (...) - C:\Windows\System32\DRIVERS\eve.sys
O41 - Driver: (NCPro) . (. - .) - C:\Windows\system32\drivers\MTictwl.sys (.not file.)
~ Drivers: 87 Legitimates Filtered in 00mn 00s



---\\ Logiciels installés (O42)
O42 - Logiciel: Clean! v1.0 - (...) [HKLM][64Bits] -- Clean!
O42 - Logiciel: Conversions Plus 6.05 - (...) [HKLM][64Bits] -- ConversionsPlus6.05
O42 - Logiciel: Driver Updater Pro - (.iXi Tools.) [HKLM][64Bits] -- Driver Updater Pro
O42 - Logiciel: Driver Updater Pro - (.iXi Tools.) [HKLM][64Bits] -- {7D1FA102-9B90-48B0-8DF8-735BBA5F4093}
O42 - Logiciel: Freecorder Toolbar - (...) [HKLM][64Bits] -- Freecorder Toolbar =>Riskware.Movly
O42 - Logiciel: HammerHead Rhythm Station - (...) [HKLM][64Bits] -- HammerHead Rhythm Station
O42 - Logiciel: Hyperprism DX 1.5 © Arboretum Systems, Inc. - (...) [HKLM][64Bits] -- Hyperprism DX 1.5 © Arboretum Systems, Inc.
O42 - Logiciel: Native Power Pack 2.3 - (...) [HKLM][64Bits] -- Native Power Pack 2.3
O42 - Logiciel: Nomad Factory Blue Tubes Bundle v2.0 - (...) [HKLM][64Bits] -- Nomad Factory Blue Tubes Bundle v2.0
O42 - Logiciel: Nomad Factory Liquid Bundle VST v1.6 - (...) [HKLM][64Bits] -- Nomad Factory Liquid Bundle VST v1.6
O42 - Logiciel: Nomad Factory Rock Amp Legends VST v1.0 - (...) [HKLM][64Bits] -- Nomad Factory Rock Amp Legends VST v1.0
O42 - Logiciel: RBC Audio Voice Tweaker Pro V3.02 - (...) [HKLM][64Bits] -- RBC Audio Voice Tweaker Pro V3.02
O42 - Logiciel: Saffire MixControl 3.3 - (.Focusrite Audio Engineering Ltd..) [HKLM][64Bits] -- Saffire PRO 40_is1
O42 - Logiciel: T-RackS 24 - (...) [HKLM][64Bits] -- T-RackS 24
O42 - Logiciel: TC Native Essentials v1.02 - (...) [HKLM][64Bits] -- TC-Essentials
O42 - Logiciel: USB PC Cam Plus - (.Nom de votre société.) [HKLM][64Bits] -- InstallShield_{B9724615-DC4C-49C6-B741-44CFE412CDAF}
O42 - Logiciel: Warp VST V1.0 - (...) [HKLM][64Bits] -- Warp VST V1.0
~ Logic: 48 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\APN]
[HKCU\Software\Ask&Record]
[HKCU\Software\Ask.com]
[HKCU\Software\AskToolbar]
[HKCU\Software\CCaissotti]
[HKCU\Software\DC3_FEXEC] =>Trojan.Fynloski
[HKCU\Software\Electron]
[HKCU\Software\Project]
[HKCU\Software\Soup]
[HKCU\Software\XPCTools]
[HKLM\Software\Wow6432Node\124]
[HKLM\Software\Wow6432Node\APN]
[HKLM\Software\Wow6432Node\AskToolbar]
[HKLM\Software\Wow6432Node\Bevee]
[HKLM\Software\Wow6432Node\Calculator]
[HKLM\Software\Wow6432Node\DSPFX32]
[HKLM\Software\Wow6432Node\Net4Music]
[HKLM\Software\Wow6432Node\Ogcrosoft]
[HKLM\Software\Wow6432Node\RBC Audio]
[HKLM\Software\Wow6432Node\SpectralDesign]
~ Key Software: 698 Legitimates Filtered in 00mn 01s



---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 19/12/2012 - 15:22:33 - [4,406] ----D C:\Program Files (x86)\Ask.com
O43 - CFD: 19/06/2012 - 14:58:00 - [4,473] ----D C:\Program Files (x86)\DSPFX32
O43 - CFD: 19/09/2012 - 16:54:52 - [0,046] ----D C:\Program Files (x86)\Freecorder Toolbar =>Riskware.Movly
O43 - CFD: 24/06/2010 - 16:58:41 - [2,177] ----D C:\Program Files (x86)\HammerHead
O43 - CFD: 23/09/2010 - 09:35:13 - [13,325] ----D C:\Program Files (x86)\NPeducmus
O43 - CFD: 26/06/2010 - 09:26:16 - [1,181] ----D C:\Program Files (x86)\RBC Audio
O43 - CFD: 26/06/2010 - 08:22:23 - [2,521] ----D C:\Program Files (x86)\SmartMusic
O43 - CFD: 07/01/2011 - 17:59:41 - [0,707] ----D C:\Program Files (x86)\Team6 game studios
O43 - CFD: 26/06/2010 - 09:59:38 - [3,948] --H-D C:\ProgramData\{CC51AE54-B346-4954-ADDB-30BD4F138CF2}
O43 - CFD: 17/12/2013 - 17:27:24 - [13,924] ----D C:\Users\LOECHNER\AppData\Roaming\.Nachie1.6
O43 - CFD: 12/04/2012 - 10:39:52 - [0] ----D C:\Users\LOECHNER\AppData\Roaming\FireBox Mixer
O43 - CFD: 31/01/2014 - 20:52:40 - [415,841] ----D C:\Users\LOECHNER\AppData\Roaming\playforfight
O43 - CFD: 08/10/2013 - 18:46:32 - [0] --HAD C:\Users\LOECHNER\AppData\Local\2WcVdNSt
O43 - CFD: 10/12/2013 - 15:22:43 - [0,001] --H-D C:\Users\LOECHNER\AppData\Local\3dQ3SkCiUV0h
O43 - CFD: 23/05/2013 - 16:02:50 - [1,039] ----D C:\Users\LOECHNER\AppData\Local\AskToolbar
O43 - CFD: 02/07/2010 - 19:17:16 - [30,447] ----D C:\Users\LOECHNER\AppData\Local\Installer2084
O43 - CFD: 02/07/2010 - 19:12:01 - [33,915] ----D C:\Users\LOECHNER\AppData\Local\Installer3564
O43 - CFD: 25/06/2010 - 15:55:38 - [0] ----D C:\Users\LOECHNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Clean
O43 - CFD: 24/06/2010 - 20:14:58 - [0] ----D C:\Users\LOECHNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DSPFX32
O43 - CFD: 24/06/2010 - 20:17:00 - [0] ----D C:\Users\LOECHNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hyperprism DX Manual HTML
O43 - CFD: 26/06/2010 - 09:26:16 - [0] ----D C:\Users\LOECHNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RBC Audio
~ 1 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 347 Legitimates Filtered in 01mn 12s



---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.0E5318568C846443EFB0ED0C3BEEB687] - 28/01/2014 - 13:33:25 ---A- . (...) -- C:\rapport.txt [4956]
O44 - LFC:[MD5.6B7CBF3E6629C02E79FC2DD543098B4E] - 30/01/2014 - 20:28:52 ---A- . (...) -- C:\Windows\ntbtlog.txt [260630]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 31/01/2014 - 17:40:41 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 31/01/2014 - 17:40:41 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 31/01/2014 - 17:40:41 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 31/01/2014 - 17:40:41 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 31/01/2014 - 17:40:41 ---A- . (...) -- C:\Windows\zip.exe [68096]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 31/01/2014 - 17:57:12 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.7435EBEF35621F5182BA2920380F4783] - 31/01/2014 - 18:09:58 ---A- . (...) -- C:\ComboFix.txt [50356]
~ Files: 24 Legitimates Filtered in 00mn 40s



---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des pilotes du système (SDL) (O58)
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 14/07/2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.5C3BF188F182C26974646A13B0CA4715] - 28/03/2013 - 18:50:02 ---A- . (...) -- C:\Windows\System32\Drivers\eve.sys [41304]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.748EEDBB095FE6535C7E3616AEBC533F] - 16/05/2012 - 10:15:12 ---A- . (.Pas de propriétaire - iLok Kernel Driver.) -- C:\Windows\System32\Drivers\iLokDrvr.sys [25752]
O58 - SDL:[MD5.16E6B5C643D7611684994E158A227D5E] - 03/02/2010 - 11:16:50 ---A- . (.Archwave AG - Archwave 1394 Audio Device Driver.) -- C:\Windows\System32\Drivers\pae_1394_x64.sys [196992]
O58 - SDL:[MD5.64FC7B5C2B6899FC19A7060E0BCCBDB7] - 09/10/2007 - 16:06:56 ---A- . (.BridgeCo AG - BridgeCo WDM Audio Driver (AVStream).) -- C:\Windows\System32\Drivers\pae_avs_x64.sys [69168]
O58 - SDL:[MD5.E92EFA4A9287B1D4C65C13401CC2F891] - 18/09/2013 - 09:33:22 ---A- . (.Focusrite A.E. - Saffire.) -- C:\Windows\System32\Drivers\Saffire.sys [226768]
O58 - SDL:[MD5.0334399C48FB1A8E24FABFD719D07D78] - 18/09/2013 - 09:33:22 ---A- . (.Focusrite A.E. - Saffire.) -- C:\Windows\System32\Drivers\SaffireAudio.sys [47824]
O58 - SDL:[MD5.AB6946AE88816A0A7729A3DA0B47B4D1] - 18/09/2013 - 09:33:22 ---A- . (.Focusrite A.E. - Saffire.) -- C:\Windows\System32\Drivers\SaffireMidi.sys [38352]
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 14/07/2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.5E214964C6E01245FABD40B283697180] - 24/06/2010 - 20:16:05 ---A- . (...) -- C:\Windows\SysWOW64\drivers\Haspnt.sys [36352]
O58 - SDL:[MD5.00971841E1B0B9722AEF94AFB99228F4] - 16/09/2001 - 15:24:00 ---A- . (.DataViz Inc. - MacOpener File System Driver.) -- C:\Windows\SysWOW64\drivers\MacOpen.sys [176709]
O58 - SDL:[MD5.F627E9DA4D3D8DC05A15B68944302F14] - 21/10/2005 - 06:25:32 ---A- . (...) -- C:\Windows\SysWOW64\drivers\MTictwl.sys [13396]
O58 - SDL:[MD5.3F24EAEB165328E00D687BF3B60A448A] - 24/02/2005 - 11:29:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\PFC027.sys [162176]
O58 - SDL:[MD5.F7B1044170266FA4EC8605F77818C7FD] - 24/06/2010 - 20:16:05 ---A- . (...) -- C:\Windows\SysWOW64\haspdos.sys [383]
O58 - SDL:[MD5.EA2270613011D57E2385D92A2CEF44C7] - 02/06/2011 - 09:49:02 ---A- . (...) -- C:\Windows\SysWOW64\isric5.sys [16]
~ Drivers: 17 Legitimates Filtered in 00mn 00s



---\\ Liste des outils de désinfection (LATC) (O63)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Liste les services legacy du registre (LALS) (O64)
O64 - Services: CurCS - 28/03/2013 - C:\Windows\System32\DRIVERS\eve.sys (Eve) .(...) - LEGACY_EVE
~ Legacy: 83 Legitimates Filtered in 00mn 00s



---\\ Menu de démarrage Internet (SMI) (O68)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.cbid", "A2");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.crumb", "2014.01.28+15.23.04-dubprdapntlfe6-FR-UGFyaXMsRnJhbmNl");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.default-channel-url-mask", "https://fr.ask.com/?o=0&l=dir&ad=dirN{query}&o={o}&l={l}&qsrc={qsrc}");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.dtid", "YYYYYYYYFR");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "FRXX0076");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "C");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.http-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"ww[...]
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.l", "dis");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.locale", "en_US");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.location", "Paris,France");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.o", "10148");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.qsrc", "2871");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("extensions.asktb.to", "");
O69 - SBI: prefs.js [LOECHNER - boq222za.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl
O69 - SBI: SearchScopes [HKCU] {D655DBD8-0F83-4296-8B32-9F482E4524DF} [DefaultScope] - (Freecorder Customized Web Search) - http://search.conduit.com =>Riskware.Movly
~ Keys: Scanned in 00mn 00s



---\\ Recherche particulière à la racine du système (SPRF) (O84)
[MD5.24F6D923EF6956ABD0449C879F36D7C7] [SPRF][31/01/2014] (...) -- C:\Users\LOECHNER\AppData\Local\Temp\i4jdel0.exe [27411]
[MD5.FA07E81AE9FC09E0353EF32E6F1BF122] [SPRF][31/01/2014] (.T3KiiLA - Launcher F4F.) -- C:\Users\LOECHNER\AppData\Local\Temp\PlayForFight Launcher.exe [425688]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Enumère les codes produits des logiciels (PUC) (O90)
O90 - PUC: "5164279BC4CD6C947B1444FC4E21DCFA" . (.USB PC Cam Plus.) -- C:\Windows\Installer\{B9724615-DC4C-49C6-B741-44CFE412CDAF}\ARPPRODUCTICON.exe
O90 - PUC: "78886CCC70E683440A53C722FEDB1CE5" . (..) -- C:\Windows\Installer\{CCC68887-6E07-4438-A035-7C22EFBDC15E}\ARPPRODUCTICON.exe
~ Update Products: 199 Legitimates Filtered in 00mn 00s



---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
[MD5.EF376EF21F36FDC18D8DAC4A82A63F61] [WIS][26/06/2010] (.iXi Tools - Driver Updater Pro Installation.) -- C:\Windows\Installer\c40aa2.msi [268288]
~ WIS: 203 Legitimates Filtered in 00mn 30s



---\\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 20/03/2007 153792 | (Adobe Version Cue CS3) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe =>.Adobe Systems Incorporated
SS - | Demand 18/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 24/06/2010 135664 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 24/06/2010 135664 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 28/08/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 20/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/09/2009 305448 | (MWLService) . (.Egis Technology Inc..) - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
SS - | Demand 28/07/2009 935208 | (Nero BackItUp Scheduler 4.0) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
SS - | Demand 04/02/2013 155824 | (Sony PC Companion) . (.Avanquest Software.) - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
SS - | Demand 16/03/2011 407336 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 17/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 12/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 17/12/2013 1011768 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe
SR - | Auto 28/02/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
SR - | Demand 25/06/2010 654848 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Auto 28/08/2009 1150496 | (Greg_Service) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
SR - | Auto 23/01/2014 2221904 | (Hamachi2Svc) . (.LogMeIn Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
SR - | Auto 07/08/2009 354840 | (IAANTMON) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
SR - | Auto 13/12/2013 377104 | (LMIGuardianSvc) . (.LogMeIn, Inc..) - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
SR - | Auto 16/09/2001 266304 | (MacFormatService) . (.DataViz Inc..) - C:\Program Files\Conversions Plus\FORMATM.exe
SR - | Auto 03/01/2014 3115008 | (MajIndexEducationService) . (...) - C:\Program Files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe
SR - | Auto 04/04/2013 418376 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
SR - | Auto 04/04/2013 701512 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
SR - | Auto 13/08/2009 62208 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
SR - | Auto 29/11/2013 1370912 | (NvNetworkService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
SR - | Auto 29/11/2013 15128352 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 11/11/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 18/05/2012 2938880 | (PaceLicenseDServices) . (.PACE Anti-Piracy, Inc..) - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
SR - | Auto 11/11/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 04/07/2009 240160 | (Updater Service) . (.Acer.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
SR - | Auto 09/12/2009 76320 | (USBS3S4Detection) . (...) - C:\OEM\USBDECTION\USBS3S4Detection.exe
SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 31s



---\\ Liste des émulateurs de CD/DVD (MBR Hook)
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 02/01/1601 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [834544]
~ Emulateurs: Scanned in 00mn 31s



---\\ Scan Additionnel (O88)
Database Version : 13030 - (25/01/2014)
Clés trouvées (Keys found) : 34
Valeurs trouvées (Values found) : 3
Dossiers trouvés (Folders found) : 8
Fichiers trouvés (Files found) : 1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar] =>Riskware.Movly^
[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] =>Toolbar.Ask
[HKLM\Software\Classes\AppID\GenericAskToolbar.DLL] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF] =>Toolbar.AVGSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E] =>Toolbar.Ask
[HKCU\Software\APN] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\APN] =>Toolbar.Ask
[HKCU\Software\Ask&Record] =>Toolbar.Agent
[HKCU\Software\Ask.com] =>Toolbar.AskBar
[HKCU\Software\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\AppDataLow\Software\AskToolbar] =>Toolbar.AskTBar
[HKLM\Software\Wow6432Node\AskToolbar] =>Toolbar.AskTBar
[HKCU\Software\DC3_FEXEC] =>Trojan.Fynloski
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2] =>Toolbar.Ask
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6B34ACCF-1B63-4E1A-8633-461917C75544}] =>Toolbar.Freecorder
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6B34ACCF-1B63-4E1A-8633-461917C75544}] =>Toolbar.Freecorder
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:swg =>Toolbar.Google^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:Freecorder FLV Service =>Riskware.Movly^
C:\Users\LOECHNER\AppData\Roaming\Mozilla\Firefox\Profiles\boq222za.default\extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC} =>Riskware.Movly^
C:\Program Files (x86)\Freecorder Toolbar =>Riskware.Movly^
C:\Program Files (x86)\Ask.com =>Toolbar.AskBar
C:\Program Files (x86)\Freecorder 6 =>Toolbar.Freecorder
C:\Users\LOECHNER\AppData\Local\AskToolbar =>Toolbar.AskTBar
C:\Users\LOECHNER\AppData\LocalLow\AskToolbar =>Toolbar.AskTBar
C:\Users\LOECHNER\AppData\LocalLow\Toolbar4 =>Toolbar.Conduit
C:\Users\LOECHNER\AppData\Roaming\Mozilla\Firefox\Profiles\boq222za.default\Extensions\toolbar@ask.com =>Toolbar.AskTBar
C:\Program Files (x86)\Freecorder\FLVSrvc.exe =>Riskware.Movly^
~ Additionnel Scan: 716034 Items scanned in 00mn 21s



---\\ Récapitulatif des détections trouvées sur votre station
~ http://nicolascoolman.webs.com/apps/blog/show/28801930-riskware-movly =>Riskware.Movly
~ http://nicolascoolman.webs.com/apps/blog/show/32240257-trojan-fynloski =>Trojan.Fynloski
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit
~ MSI: 4 link(s) detected in 00mn 21s



~ 1722 Legitimates filtered by white list
End of the scan (613 lines in 03mn 23s)(0)
0
Réponse 51 / 165
lilidurhone Messages postés 43355 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 807
 
Tu connais?

=> CybelSoft - T3KiiLA

Refais un scan Malwarebytes
0
Réponse 52 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
ok je m'en occupe ;)
Merci
0
Réponse 53 / 165
lilidurhone Messages postés 43355 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 807
 
https://www.virustotal.com/gui/file/b0c247d1b94768c1ed263132ad728201187361b343c20917d3b555b946876812

On dirait un faux positif... pour => [MD5.FA07E81AE9FC09E0353EF32E6F1BF122] [SPRF][31/01/2014] (.T3KiiLA - Launcher F4F.) -- C:\Users\LOECHNER\AppData\Local\Temp\PlayForFight Launcher.exe [425688]
0
Réponse 54 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
rapport malwares : encore 10 !
Je suis maudit !! grrrrrrrrr

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2014.02.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
LOECHNER :: LOECHNER-PC [administrateur]

01/02/2014 10:00:30
MBAM-log-2014-02-01 (10-16-39).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 231239
Temps écoulé: 7 minute(s), 25 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Aucune action effectuée.

Valeur(s) du Registre détectée(s): 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Données: C:\Users\LOECHNER\LOCALS~1\Temp\msaaroyau.exe -> Aucune action effectuée.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 1
C:\Users\LOECHNER\AppData\Roaming\dclogs (Stolen.Data) -> Aucune action effectuée.

Fichier(s) détecté(s): 7
C:\ProgramData\812416085.exe (Trojan.Agent) -> Aucune action effectuée.
C:\Users\LOECHNER\AppData\Roaming\dclogs\2014-01-31-6.dc (Stolen.Data) -> Aucune action effectuée.
C:\Users\LOECHNER\AppData\Roaming\msconfig.ini (Trojan.Agent) -> Aucune action effectuée.
C:\Users\LOECHNER\AppData\Roaming\UserLayout.exe (Backdoor.Messa.E) -> Aucune action effectuée.
C:\Users\LOECHNER\AppData\Roaming\Microsoft\HeciServer.exe (Backdoor.Agent.E) -> Aucune action effectuée.
C:\Users\LOECHNER\AppData\Roaming\Adobe\credwiz.exe (Trojan.Agent) -> Aucune action effectuée.
C:\Users\LOECHNER\AppData\Roaming\Adobe\PrintBrmPs.exe (Trojan.Agent) -> Aucune action effectuée.

(fin)
0
Réponse 55 / 165
lilidurhone Messages postés 43355 Date d'inscription   Statut Contributeur sécurité Dernière intervention   3 807
 
Fais suppression

Je vais laisser la main cela dépasse mes compétences....
0
Réponse 56 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
Pour playforfight c'est un serveur minecraft (pas basé ici) qui sert aux enfants à jouer en ligne avec leurs amis... Yep ?
0
Réponse 57 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
Je tente le CybelSoft - T3KiiLA ?
0
Réponse 58 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2014.02.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
LOECHNER :: LOECHNER-PC [administrateur]

01/02/2014 10:25:05
MBAM-log-2014-02-01 (10-33-42).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 230996
Temps écoulé: 7 minute(s), 46 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Données: C:\Users\LOECHNER\LOCALS~1\Temp\msaaroyau.exe -> Aucune action effectuée.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)
0
Réponse 59 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
ok j'ai compris pour T3KiiLA !!
0
Réponse 60 / 165
slibar Messages postés 115 Date d'inscription   Statut Membre Dernière intervention   5
 
Bon il revient tout le temps celui-là :

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2014.02.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
LOECHNER :: LOECHNER-PC [administrateur]

01/02/2014 10:44:33
MBAM-log-2014-02-01 (10-53-36).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 231079
Temps écoulé: 4 minute(s), 54 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Données: C:\Users\LOECHNER\LOCALS~1\Temp\msaaroyau.exe -> Aucune action effectuée.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Retour en arrière avec Pages sur Mac ?
alex 2510 -
emma.plv -

13 réponses
Je n'arrives pas à faire des cédilles ou des accents circonflexes dans mes SMS
Pandaroux -
Woodycatz -

13 réponses
Revenir 2 jours en arriére sur ordi
Zitounettee -
zitounettee -

23 réponses
comment revenir en arriere sur un pc
fafaetman -
fafaetman -

7 réponses