Je n'arrive pas à supprimer un trojan/virus (nt32.exe et load32)Résolu/Fermé

Question

Bonjour, 


Depuis ce matin, mon ordinateur me lance périodiquement un message m'informant que l'interpréteur de commandes Windows veut se connecter à Internet (provoqué par les processus c/windows/syswow64/cmd.exe et c/programdata/ntkernel/run32.exe). De plus, 2 programmes apparaissent dans le gestionnaire de tâches, qualifiés comme : nt32.exe et load32.exe, tous les deux fichiers cachés dans le fichier NTKernel dans ProgramData. Aucun de ces processus n'apparaît quand je lance mes  antivirus (Avast et Adaware) et  anti-spyware Spybot), et quand je les supprime, ils réapparaissent à chaque fois.

Que faire ? Merci de me donner conseil SVP.

lilidurhone · Answer

Hello

Désinstalles spybot et ad aware!


 * Télécharge sur le bureau RogueKiller

* Quitte tous tes programmes en cours.

* Sous Vista/Seven et windows 8 , clique droit -> lancer en tant qu'administrateur

* Sinon lance simplement RogueKiller.exe

* Patiente pendant le pre-scan, puis clique sur le bouton Scan

* Un rapport RKreport.txt a du se créer sur le bureau, poste-le.

Note : Si le programme a été bloqué, ne pas hésiter à essayer plusieurs fois.

dispride · Answer

Question stupide, peut-être, mais...

si je désinstalle Ad-aware et spybot, ça va pas me laisser vulnérable au trojan en question ?

lilidurhone · Answer

Non car ils sont inutiles

Et tu as avast :)

dispride · Answer

Voici le rapport RogueKiller : RogueKiller V8.8.7 [Feb 11 2014] par Tigzy mail : tigzyRKgmailcom Remontees : https://forum.adlice.com/ Site Web : https://www.luanagames.com/index.fr.html Blog : https://www.adlice.com/ Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Demarrage : Mode normal Utilisateur : Franz [Droits d'admin] Mode : Recherche -- Date : 02/16/2014 16:26:17 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 7 ¤¤¤ [SHELL][SUSP PATH] HKCU\[...]\Winlogon : shell (explorer.exe,"C:\ProgramData\load32.exe" [x][-]) -> TROUVÉ [SHELL][SUSP PATH] HKCU\[...]\Windows : load (C:\ProgramData\NTKernel\nt32.exe [-]) -> TROUVÉ [SHELL][SUSP PATH] HKUS\[...]\Winlogon : shell (explorer.exe,"C:\ProgramData\load32.exe" [x][-]) -> TROUVÉ [SHELL][SUSP PATH] HKUS\[...]\Windows : load (C:\ProgramData\NTKernel\nt32.exe [-]) -> TROUVÉ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ [BROK VAL] HKCR\[...]\command : () -> MANQUANT ¤¤¤ Tâches planifiées : 0 ¤¤¤ ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Addons navigateur : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤ ¤¤¤ Ruches Externes: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100888290cs.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: (\.\PHYSICALDRIVE0 @ IDE) WDC WD20EARX-22PASB0 +++++ --- User --- [MBR] 0ce3491d27e0e25cf1de8eb2fbaf6180 [BSP] 1009db7eb25bce39ed89b8490b073c2f : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 19456 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 39847936 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 40052736 | Size: 944078 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1973524480 | Size: 944093 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[0]_S_02162014_162617.txt >>

lilidurhone · Answer

* Quitte tous tes programmes en cours

* Sous Vista/Seven , clique droit -> lancer en tant qu'administrateur

* Sinon lance simplement RogueKiller.exe

* Patiente pendant le pre-scan, clique sur Scan

* Vérifie que tous les éléments sont cochés puis clique sur Suppression

* Poste le rapport RKreport.txt présent sur le bureau.

dispride · Answer

OK, j'ai relancé un scan RK, mais ayant déjà supprimé les éléments parès le premier scan, il n'y en a pas eu cette fois-ci. RogueKiller V8.8.7 [Feb 11 2014] par Tigzy mail : tigzyRKgmailcom Remontees : https://forum.adlice.com/ Site Web : https://www.luanagames.com/index.fr.html Blog : https://www.adlice.com/ Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Demarrage : Mode normal Utilisateur : Franz [Droits d'admin] Mode : Recherche -- Date : 02/16/2014 16:35:15 | ARK || FAK || MBR | ¤¤¤ Processus malicieux : 0 ¤¤¤ ¤¤¤ Entrees de registre : 0 ¤¤¤ ¤¤¤ Tâches planifiées : 0 ¤¤¤ ¤¤¤ Entrées Startup : 0 ¤¤¤ ¤¤¤ Navigateurs web : 0 ¤¤¤ ¤¤¤ Addons navigateur : 0 ¤¤¤ ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤ ¤¤¤ Ruches Externes: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100888290cs.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: (\.\PHYSICALDRIVE0 @ IDE) WDC WD20EARX-22PASB0 +++++ --- User --- [MBR] 0ce3491d27e0e25cf1de8eb2fbaf6180 [BSP] 1009db7eb25bce39ed89b8490b073c2f : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 19456 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 39847936 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 40052736 | Size: 944078 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1973524480 | Size: 944093 Mo User = LL1 ... OK! User = LL2 ... OK! Termine : << RKreport[0]_S_02162014_163515.txt >> RKreport[0]_D_02162014_163100.txt;RKreport[0]_S_02162014_162617.txt

lilidurhone · Answer

On l'a eu :)

 * Télécharge ZHPDiag (de Nicolas Coolman)
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html ou https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/

* Au cas où le premier lien ne marcherai pas, clique sur celui de dessous
ftp://zebulon.fr/ZHPDiag2.exe

* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.

* Surtout, n'oublie pas d'installer son icône sur le bureau l'icône est en forme de parchemin 
https://www.cjoint.com/13sp/CIvuQfap3YY_zhpdiag.png

* A l'ouverture du logiciel il te sera proposé deux options "rechercher" et "configurer"

* Cliques sur configurer 

* Tournevis puis tous 

* Clique sur l'icône représentant une loupe + (« Lancer le diagnostic »)

* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette

* Pour héberger le rapport, rends toi sur cjoint.com
* Clique sur choisissez un fichier va chercher le rapport dans ton PC.

* Le rapport est hébergé:
- Pour XP : C:\Documents and Settings\username\Local Settings\Application Data\ZHP
- Depuis Vista : C:\Users\username\AppData\Roaming\ZHP 

* Une fois le rapport trouvé, sélectionne le, et clique sur Ouvrir

* Choisis le type de diffusion(je te conseille privée 4 jours il sera détruit)

* Puis cliques sur créer le lien cjoint

* Une fois que tu auras obtenu le lien copies colle dans ta prochaine réponse

* Pour t'aider  https://www.commentcamarche.net/faq/29493-utiliser-cjoint-pour-heberger-des-fichiers

dispride · Answer

OK, voilà le lien : https://www.cjoint.com/?3Bqq3tDndTX

lilidurhone · Answer

Désinstalles ad aware et Spybot !

Dis moi quand c'est fait

dispride · Answer

C'est fait.

Mais ça me laisse un peu nerveux de n'utiliser qu'Avast Free pour protéger tout mon système.

lilidurhone · Answer

Rassure toi avast suffit ;)

On va installer Malwarebytes 

Patiente un peu le temps que je me connecte

dispride · Answer

Argh... le même problème qu'au départ recommence quand je démarre mon ordi, avec  l'interpréteur de commandes Windowsqui me demande la permission de se connecter à Internet ; mais maintenant, roguekiller plante après avoir "tué" les processus nt32 et load32 pendant le pré-scan. A chaque fois.

lilidurhone · Answer

########## 


# Télécharge UsbFix par El Desaparecido sur ton Bureau. 
# Si ton antivirus affiche une alerte, ignore-la et désactive l'antivirus temporairement. 
# Branche toutes tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir. 
# Double clique sur UsbFix.exe. 

# Clique sur Recherche. 

# Laisse travailler l'outil. 
# À la fin du scan, un rapport va s'afficher, poste-le dans ta prochaine réponse sur le forum. 

# Le rapport est aussi sauvegardé à la racine du disque système ( C:\UsbFix [Clean ?] Nom de l'ordinateur.txt ). 
( CTRL+A pour sélectionner, CTRL+C pour copier et CTRL+V pour coller ) 


Si problème il y a il existe toujours une solution 
~~~~~~ Cs ~~~~~~

dispride · Answer

voici le rapport : 

############################## | UsbFix V 7.165 | [Recherche]

Utilisateur: Franz (Administrateur) # PANDEMONIUM
Mis a jour le16/02/2014 par El Desaparecido - Team SosVirus
Lance a 21:05:10 | 16/02/2014

Site Web : https://www.usbfix.net/
Changelog : https://www.usb-antivirus.com/fr/maj/
Support : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : https://www.usb-antivirus.com/fr/contact/

PC: Acer (Aspire X3990)
CPU: Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
RAM -> [Total : 4078 Mo| Free : 2387 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows?7 Edition Familiale Premium  (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16518
WB: Mozilla Firefox : 27.0.1

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender [Enabled | Updated]
AS: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]

C:\ (%systemdrive%) -> Disque fixe # 922 Go (740 Go libre(s) - 80%) [Acer] # NTFS
D:\ -> Disque fixe # 922 Go (757 Go libre(s) - 82%) [DATA] # NTFS
E:\ -> CD-ROM
H:\ -> CD-ROM
I:\ -> Disque amovible # 240 Mo (233 Mo libre(s) - 97%) [UDISK 20X] # FAT

################## | Processus Actif |

C:\Windows\system32\csrss.exe (ID: 560 |ParentID: 504)
C:\Windows\system32\wininit.exe (ID: 632 |ParentID: 504)
C:\Windows\system32\csrss.exe (ID: 656 |ParentID: 640)
C:\Windows\system32\services.exe (ID: 688 |ParentID: 632)
C:\Windows\system32\lsass.exe (ID: 712 |ParentID: 632)
C:\Windows\system32\lsm.exe (ID: 720 |ParentID: 632)
C:\Windows\system32\winlogon.exe (ID: 808 |ParentID: 640)
C:\Windows\system32\svchost.exe (ID: 880 |ParentID: 688)
C:\Windows\system32\svchost.exe (ID: 980 |ParentID: 688)
C:\Windows\system32\atiesrxx.exe (ID: 316 |ParentID: 688)
C:\Windows\System32\svchost.exe (ID: 476 |ParentID: 688)
C:\Windows\System32\svchost.exe (ID: 504 |ParentID: 688)
C:\Windows\system32\svchost.exe (ID: 644 |ParentID: 688)
C:\Windows\system32\svchost.exe (ID: 364 |ParentID: 688)
C:\Windows\system32\svchost.exe (ID: 1200 |ParentID: 688)
C:\Windows\system32\atieclxx.exe (ID: 1284 |ParentID: 316)
C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1368 |ParentID: 688)
C:\Windows\System32\spoolsv.exe (ID: 1520 |ParentID: 688)
C:\Windows\system32\svchost.exe (ID: 1556 |ParentID: 688)
C:\Windows\system32	askhost.exe (ID: 1684 |ParentID: 688)
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1760 |ParentID: 688)
C:\Windows\system32\Dwm.exe (ID: 1808 |ParentID: 504)
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (ID: 1832 |ParentID: 688)
C:\Program Files\Acer\Acer Updater\UpdaterService.exe (ID: 1876 |ParentID: 688)
C:\Program Files (x86)\RealNetworks\RealDownloaderndlresolversvc.exe (ID: 1948 |ParentID: 688)
C:\Windows\system32\svchost.exe (ID: 1984 |ParentID: 688)
C:\Windows\Explorer.EXE (ID: 2096 |ParentID: 1792)
C:\Windows\system32\svchost.exe (ID: 2576 |ParentID: 688)
C:\Windows\System32\WUDFHost.exe (ID: 2648 |ParentID: 504)
C:\Windows\system32\svchost.exe (ID: 3036 |ParentID: 688)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 2768 |ParentID: 2096)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ID: 3308 |ParentID: 3272)
C:\Program Files (x86)\Real\RealPlayer\Updateealsched.exe (ID: 3328 |ParentID: 2852)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 3408 |ParentID: 2852)
C:\Windows\system32\SearchIndexer.exe (ID: 3504 |ParentID: 688)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 3624 |ParentID: 688)
C:\Windows\System32\svchost.exe (ID: 3108 |ParentID: 688)
C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 3760 |ParentID: 2852)
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ID: 4036 |ParentID: 3308)
C:\Windows\system32\DllHost.exe (ID: 4504 |ParentID: 880)
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 1792 |ParentID: 688)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 4392 |ParentID: 688)
C:\Windows\System32\svchost.exe (ID: 4372 |ParentID: 688)
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 4224 |ParentID: 688)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (ID: 4800 |ParentID: 2096)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (ID: 3272 |ParentID: 4800)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe (ID: 1644 |ParentID: 3272)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe (ID: 3588 |ParentID: 1644)
C:\Windows\system32\svchost.exe (ID: 2344 |ParentID: 688)
C:\Windows\system32\wbem\wmiprvse.exe (ID: 1640 |ParentID: 880)

################## | Regedit Run |

04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
04 - HKLM\..\Run : [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
04 - HKLM\..\Run : [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Updateealsched.exe" -osboot
04 - HKLM\..\Run : [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\..\RunOnce : [] 
04 - HKLM64\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-19\..\RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
04 - HKU\S-1-5-18\..\RunOnce : [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

################## | Recherche generique |


################## | Registre |


################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |

lilidurhone · Answer

Fais vacciner (cela immunisera tes clés)

Refais un zhpdiag

dispride · Answer

Voici le diag : ~ Report of ZHPDiag v2014.2.14.14 - Nicolas Coolman (2014/02/14) ~ Launched by Franz (2014/02/16 21:21:48) ~ Web site address : https://nicolascoolman.webs.com/ ~ Free support forums for disinfection : https://nicolascoolman.webs.com/ ~ Translated by ~ Version State : ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Deactivate by program ---\ Internet browsers MSIE: Internet Explorer v11.0.9600.16518 MFIE: Mozilla Firefox 27.0.1 (Defaut) ---\ Windows product information ~ Langage: Anglais Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK ~ Windows Partial Key : 7QJB7 Windows License : OK ~ Windows Remaining Initializations Number : 2 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\ System protection software avast! Free Antivirus v9.0.2013 Windows Defender W7 ---\ System optimization software CCleaner v2.29 =>Piriform Ltd ---\ Sharing software PeerToPeer µTorrent v3.3.0.29544 =>P2P.µTorrent ---\ Surveillance software Adobe Flash Player 12 Plugin Adobe Reader X Java 7 Update 51 ---\ Information on the system ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4078.0 MB (58% free) System Restore: Activé (Enable) System drive C: has 740 GB (80%) free of 922 GB ---\ Connection to the system mode ~ Computer Name: PANDEMONIUM ~ User Name: Franz ~ All Users Names: HomeGroupUser$, Franz, ASPNET, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Franz\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Franz\AppData\Roaming\ ~ %Desktop% : C:\Users\Franz\Desktop\ ~ %Favorites% : C:\Users\Franz\Favorites\ ~ %LocalAppData% : C:\Users\Franz\AppData\Local\ ~ %StartMenu% : C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 740 Go of 922 Go) D: Hard drive, Flash drive, Thumb drive (Free 757 Go of 922 Go) E: CD-ROM drive (Not Inserted) F: Floppy drive, Flash card reader, USB Key (Not Inserted) G: Floppy drive, Flash card reader, USB Key (Not Inserted) H: CD-ROM drive (Not Inserted) ---\ State of the Windows Security Center [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\ Search Generic System Files [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.2011/02/25 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2009/07/14 - 2:39:52.) -- C: \Windows\System32\Wininit.exe [129024] [MD5.263B6E451526A90FF8B1CEC759F22956] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2014/02/06 - 10:24:52.) -- C:\Windows \System32\wininet.dll [2334208] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.2010/11/21 - 4:24:29.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.2010/11/21 - 4:24:16.) -- C:\Windows \System32\sppcomapi.dll [232448] [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2013/09/28 - 2:09:10.) -- C: \Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009/07/14 - 2:52:21.) -- C:\Windows \system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009/07/14 - 0:19:47.) -- C:\Windows \system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010/11/21 - 4:23:47.) -- C:\Windows\system32\Drivers \Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010/11/21 - 4:24:32.) -- C:\Windows \system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010/11/21 - 4:23:47.) -- C:\Windows \system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.2009/07/14 - 0:19:57.) -- C:\Windows\system32\Drivers \i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.2009/07/14 - 1:10:03.) -- C:\Windows \system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011/04/27 - 3:40:40.) -- C:\Windows\system32\Drivers \MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.2010/11/21 - 4:23:51.) -- C:\Windows\system32\Drivers \netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2013/04/12 - 15:45:08.) -- C:\Windows \system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.2009/07/14 - 1:00:41.) -- C:\Windows \system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2010/11/21 - 4:24:33.) -- C:\Windows \system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.2009/07/14 - 1:09:09.) -- C:\Windows\system32\Drivers \smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.2010/11/21 - 4:24:32.) -- C:\Windows \system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2010/11/21 - 4:23:47.) -- C:\Windows \system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 1/2 ~ Mes Favoris (My Favorites) : 1/18 ~ Mes Documents (My Documents) : 1/1919 ~ Mon Bureau (My Desktop) : 1/104 ~ Menu demarrer (Programs) : 1/47 ~ Hidden Files: Scanned in 00mn 00s ---\ Process running [MD5.225518F190EDBC37CA32197A3E94B498] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update \realsched.exe [295512] [PID.3328] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update \jusched.exe [254336] [PID.3408] [MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.3760] [MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.4800] [MD5.FF409C974A9AD58B82374DEEF6B44CBB] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin- container.exe [18544] [PID.3272] [MD5.00FCB1A620DAE030FBF2FD39C2F334CB] - (.Adobe Systems, Inc. - Adobe Flash Player 12.0 r0.) -- C:\Windows\SysWOW64\Macromed\Flash \FlashPlayerPlugin_12_0_0_44.exe [1863048] [PID.1644] [MD5.B5C774CFA944AF3E9A42B592B476F570] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8337920] [PID.2564] [MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1368] [MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files \Adobe\ARM\1.0\armsvc.exe [65432] [PID.1760] [MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration \GREGsvc.exe [36456] [PID.1832] [MD5.B705C7097F9A0EC941D02DCE7C7D426C] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624] [PID.1876] [MD5.B2D01290C0E0465ACA54C2088E947823] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.1948] [MD5.8FFF9083252C16FE3960173722605E9E] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.1792] [MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.4392] [MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.4224] ~ Processes Running: Scanned in 00mn 00s ---\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\myt7ain5.default \prefs.js C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\myt7ain5.default \user.js ~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s ---\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows \System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 02s ~ Nombre de lignes (Lines number): 15516 ---\ Internet Explorer toolbars (O3) O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999- 7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files \AVAST Software\Avast\aswWebRepIE64.dll O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C- C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files \AVAST Software\Avast\aswWebRepIE64.dll ~ Toolbar: Scanned in 00mn 00s ---\ Other User Links (O4) O4 - GS\Desktop [Public]: Dragon Age II.lnk . (.BioWare - Launcher Application.) -- C:\Program Files (x86)\dao\Dragon Age 2\DragonAge2Launcher.exe O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Desktop [Public]: Star Wars Knights of the Old Republic II - The Sith Lords.lnk . (.Obsidian Entertainment, Inc. - Star Wars: Knights of the Old Republic II:.) -- C:\Program Files (x86)\LucasArts \SWKotOR2\swkotor2.exe O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\Program [Public]: Dragon Age 2 Mark of the Assassin Expansion.lnk - Orphan key O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [Franz]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [Franz]: Mass Effect.lnk . (.BioWare - Launcher Application.) -- C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe O4 - GS\QuickLaunch [Franz]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\TaskBar [Franz]: MPC-HC.lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files (x86)\MPC-HC\mpc-hc.exe O4 - GS\Program [Franz]: DC Universe Online Live.lnk . (...) -- C:\Users \Public\Sony Online Entertainment\Installed Games\DC Universe Online Live \LaunchPad.exe (.not file.) O4 - GS\Program [Franz]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer \iexplore.exe O4 - GS\SystemTools [Franz]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [Franz]: Jeux - Raccourci.lnk - Orphan key O4 - GS\Desktop [Franz]: Mass Effect 2 - Raccourci.lnk - Orphan key O4 - GS\Desktop [Franz]: Mass Effect.lnk . (.BioWare - Launcher Application.) -- C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe O4 - GS\Desktop [Franz]: Mass Effect(TM) 3 - Raccourci.lnk - Orphan key O4 - GS\Desktop [Franz]: MPC-HC.lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files (x86)\MPC-HC\mpc-hc.exe O4 - GS\Desktop [Franz]: Ordinateur - Raccourci.lnk - Orphan key O4 - GS\Desktop [Franz]: Play Dragon Age Origins.lnk . (.BioWare - Launcher Application.) -- C:\Program Files (x86)\dao\Dragon Age Origins \DAOriginsLauncher.exe O4 - GS\Desktop [Franz]: Star Wars - The Old Republic.lnk . (.BioWare - SWTOR Launcher.) -- C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe O4 - GS\Desktop [Franz]: swkotor - Raccourci.lnk . (...) -- C:\Program Files (x86)\LucasArts\SWKotOR\swkotor.exe (.not file.) O4 - GS\Desktop [Franz]: Tarobot.lnk . (...) -- C:\Program Files (x86)\Tarobot\tarobot.exe ~ Global Startup: 72 Legitimates Filtered in 00mn 01s ---\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files \Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support \APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc O4 - HKLM\..\Wow6432Node\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files (x86)\DivX\DivX Media Server \DivXMediaServer.exe O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update \realsched.exe =>.RealNetworks, Inc O4 - HKLM\..\Wow6432Node\Run: [DivXUpdate] . (.No owner - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java \Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe ~ Application: Scanned in 00mn 00s ---\ Site in Trusted Zone (O15) O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com ~ IE Zone Confiance: Scanned in 00mn 01s ---\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{E2036B6D-929C-4B58-88CF- 20251397EEF0}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{E2036B6D-929C-4B58-88CF- 20251397EEF0}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{E2036B6D-929C-4B58-88CF- 20251397EEF0}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 ~ Domain: Scanned in 00mn 00s ---\ Extra protocols (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710 -00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\ Task Planned Automatically (039) [MD5.00000000000000000000000000000000] [APT] [Ad-Aware Scan (f)] (...) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{1BCA10CF-C513-4A5D-A95A- 7465A3700D86}] (...) -- H:\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{3208443D-67BB-4D38-9E78- 736366884357}] (...) -- H:\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{3540FB12-4DFA-48E8-A2D7- D58696BA63ED}] (...) -- H:\INSTALL.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{3FE881BE-0323-420A-AF17- 76D278532058}] (...) -- H:\OriginInstaller.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{568FA138-B185-4A77-9894- BCECBA114440}] (...) -- C:\Program Files (x86)\Revolution\REVOUNIN.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{5ECF279A-2BB2-4E18-81CF- 2A5140281EF1}] (...) -- H:\ncall2t.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{8FDC5332-5A41-4A1A-A0AE- 3FAA98865EB8}] (...) -- H:\Installer.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{98F394D1-0BFC-47F7-B17B- A48803FCE144}] (...) -- C:\hen\?????U???Y???A\UnInst.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{A8E1BACE-B5CD-48CF-B45F- 569E21FD797A}] (...) -- C:\Program Files (x86)\InstallShield Installation Information\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}\Setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{C2F9E6DB-E018-4BFB-AC05- 671D2D30BF43}] (...) -- H:\INNAIVTT.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{C7242DB8-1C10-4A02-8424- 0C39057E0974}] (...) -- H:\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{F12637D0-941F-4228-9C7C- 5620149E056F}] (...) -- H:\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{F9355B98-75ED-4F9A-A025- EBC4115E03B6}] (...) -- H:\setup.exe (.not file.) [0] ~ Scheduled Task: 34 Legitimates Filtered in 00mn 02s ---\ Software installed (O42) O42 - Logiciel: Kotor Tool - (...) [HKLM][64Bits] -- Kotor Tool O42 - Logiciel: M4-78 Enhancement Project - (...) [HKLM][64Bits] -- The Sith Lords Restored Content Mod_is1 O42 - Logiciel: piaip AppLocale - (.MS.) [HKLM][64Bits] -- {394BE3D9-7F57- 4638-A8D1-1D88671913B7} ~ Logic: 29 Legitimates Filtered in 00mn 00s ---\ HKCU & HKLM Software Keys [HKCU\Software\APN PIP] [HKCU\Software\Conduit] =>Toolbar.Conduit [HKCU\Software\DarkNite] [HKCU\Software\IminentToolbar] =>Adware.IMBooster [HKCU\Software\MS] [HKCU\Software\MarbleStone] [HKCU\Software\PIP] [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\dmm] [HKLM\Software\CypherTec] [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKLM\Software\Wow6432Node\PIP] [HKLM\Software\Wow6432Node\"'`÷OEn] ~ Key Software: 338 Legitimates Filtered in 00mn 00s ---\ Contents of the Common Files folders (O43) O43 - CFD: 2013/04/12 - 13:50:01 - [374.812] ----D C:\Program Files (x86)\dao O43 - CFD: 2012/10/14 - 16:14:23 - [0] ----D C:\Program Files (x86)\Pando Networks O43 - CFD: 2013/08/06 - 11:50:00 - [0] ----D C:\Program Files (x86)\Common Files\WuShu_0.0.1.034 O43 - CFD: 2014/02/16 - 15:12:06 - [0] ----D C:\ProgramData\Babylon =>PUP.Babylon O43 - CFD: 2014/02/16 - 20:36:28 - [1.931] --H-D C:\ProgramData\NTKernel O43 - CFD: 2014/02/16 - 15:12:05 - [0.003] ----D C:\Users\Franz\AppData \Roaming\Babylon =>PUP.Babylon O43 - CFD: 2013/05/04 - 21:01:03 - [0] ----D C:\Users\Franz\AppData \Roaming\DMM O43 - CFD: 2014/02/16 - 15:12:08 - [0.004] ----D C:\Users\Franz\AppData \Local\Babylon =>PUP.Babylon O43 - CFD: 2013/10/13 - 1:36:41 - [0] ----D C:\Users\Franz\AppData\Roaming \Microsoft\Windows\Start Menu\Programs\Kotor Tool ~ Program Folder: 212 Legitimates Filtered in 00mn 27s ---\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.ADE15DDE041005A70F7909A0283B2E63] - 2014/02/08 - 10:50:41 ---A- . (...) -- C:\AlphaDiscLog.txt [291] O44 - LFC:[MD5.DC5B07F3E7456F6CDD5A4892BCF67A9A] - 2014/02/09 - 17:48:42 ---A- . (...) -- C:\bksk_execlog.txt [143005] O44 - LFC:[MD5.714A6AA2AB37724F0C08170C11677DB4] - 2014/02/11 - 13:40:39 ---A- . (...) -- C:\Windows\wininit.ini [837] O44 - LFC:[MD5.50EAD127549AD36023C83E91F606EAE5] - 2014/02/16 - 21:05:32 ---A- . (...) -- C:\UsbFix [Scan 1] PANDEMONIUM.txt [6633] ~ Files: 50 Legitimates Filtered in 00mn 20s ---\ Last files created in Windows Prefetcher (O45) O45 - LFCP:[MD5.51488D610D82DEBD788E1BD0F38837C1] - 2014/02/14 - 11:44:22 ---A- - C:\Windows\Prefetch\HADAKA_EN.EXE-501E5569.pf O45 - LFCP:[MD5.873057D2CAF30A70C82B6A6AF9BCD775] - 2014/02/14 - 11:44:32 ---A- - C:\Windows\Prefetch\HADAKA.EXE-FCD0D88F.pf O45 - LFCP:[MD5.A4978E7DB936CC19DE3717FB02765593] - 2014/02/14 - 11:50:25 ---A- - C:\Windows\Prefetch\I_VIEW32.EXE-EAB42E7D.pf O45 - LFCP:[MD5.5713DC61E211B4BDC7966799481B43D8] - 2014/02/14 - 13:55:41 ---A- - C:\Windows\Prefetch\SENDDOC.EXE-EF14FCDB.pf O45 - LFCP:[MD5.8296F2662493C630FD7B825562AAD275] - 2014/02/14 - 23:09:28 ---A- - C:\Windows\Prefetch\ESCALATION_EUCLID_PANIC.EXE-AAFC2E00.pf O45 - LFCP:[MD5.7F542F28190C4327D0F256CEAFDC30EF] - 2014/02/15 - 0:07:28 ---A- - C:\Windows\Prefetch\VNCT2.EXE-093C2C51.pf O45 - LFCP:[MD5.4A9803F8260CF8919CF7C74B4268E044] - 2014/02/15 - 0:19:30 ---A- - C:\Windows\Prefetch\LCSEBODY.EXE-3810FF38.pf O45 - LFCP:[MD5.1FB71ABEDC3B94D1C39E6CA420C0F6A8] - 2014/02/15 - 20:29:24 ---A- - C:\Windows\Prefetch\[NODVD PATCH] [110325] [?? TE-D7BEE6FD.pf O45 - LFCP:[MD5.0E5CCDCD86885A82B0A9CE51B700AD55] - 2014/02/16 - 12:25:24 ---A- - C:\Windows\Prefetch\TURBINEINVOKER.EXE-8B43A942.pf O45 - LFCP:[MD5.89A832F97F8640024317EDD7E649187F] - 2014/02/16 - 13:15:59 ---A- - C:\Windows\Prefetch\SORETUMA.EXE-0BC8D7EA.pf O45 - LFCP:[MD5.1DCD1749A0C13E350F5DE9FBA7DD01C6] - 2014/02/16 - 13:19:42 ---A- - C:\Windows\Prefetch\UNINST.EXE-99658E27.pf O45 - LFCP:[MD5.CF7DFC7E46E0F25DE1F92A18498C580D] - 2014/02/16 - 13:20:46 ---A- - C:\Windows\Prefetch\PAKUCCHAU.EXE-4511C60C.pf O45 - LFCP:[MD5.AA15F4D8126552DA562B0A650B74A6A2] - 2014/02/16 - 13:20:52 ---A- - C:\Windows\Prefetch\???????!!.EXE-363CA85C.pf O45 - LFCP:[MD5.18C9917D9F37E05217718522ADF8A20F] - 2014/02/16 - 14:57:24 ---A- - C:\Windows\Prefetch\ADAWAREBP.EXE-57E4AE25.pf O45 - LFCP:[MD5.DBA4AB7AD789F7BC6DD62442C33179A7] - 2014/02/16 - 18:46:24 ---A- - C:\Windows\Prefetch\TAROBOT.EXE-19C1703C.pf O45 - LFCP:[MD5.2E0246D870642168E0C04E37FC4A103A] - 2014/02/16 - 20:06:00 ---A- - C:\Windows\Prefetch\INSTUP.EXE-DCA24DB4.pf O45 - LFCP:[MD5.6500E33E5E9A369FEB6DF0DCE864F7EB] - 2014/02/16 - 20:18:08 ---A- - C:\Windows\Prefetch\ADAWARETRAY.EXE-9456305C.pf O45 - LFCP:[MD5.2063D643FA0913AF2098389164FF3339] - 2014/02/16 - 20:18:12 ---A- - C:\Windows\Prefetch\ADAWAREDESKTOP.EXE-3E86EC5E.pf O45 - LFCP:[MD5.D704114F5B7272BA8834358E22B05561] - 2014/02/16 - 20:36:16 ---A- - C:\Windows\Prefetch\LOAD32.EXE-A94279CB.pf O45 - LFCP:[MD5.1C89B00AB51A0D603973E0D2FC82A9DB] - 2014/02/16 - 20:36:46 ---A- - C:\Windows\Prefetch\NT32.EXE-02F659D0.pf ~ Prefetcher: 144 Legitimates Filtered in 00mn 00s ---\ MountPoints2 Shell Key (MPKS) (O51) O51 - MPSK:{9f6271bc-cd0c-11e1-93e1-c89cdcd1a678}\AutoRun\command. (...) -- H:\autorun.exe (.not file.) O51 - MPSK:{ca6403a0-cd2d-11e1-94ad-c89cdcd1a678}\AutoRun\command. (...) -- H:\setup.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 2013/11/26 - 20:47:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 2014/01/01 - 21:02:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904] O58 - SDL:[MD5.B4BDE3F758A34658A37DFED3D9783CD8] - 2012/08/06 - 7:43:11 ---A- . (...) -- C:\Windows\System32\Drivers\atksgt.sys [88480] O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 2009/07/14 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C: \Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 2009/06/10 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:[MD5.955982BF4421B77722196552B62E8DC2] - 2012/08/06 - 7:43:09 ---A- . (...) -- C:\Windows\System32\Drivers\lirsgt.sys [46400] O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 1601/01/02 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [871408] O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 2009/07/14 - 2:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] ~ Drivers: 16 Legitimates Filtered in 00mn 03s ---\ Last modified or created user files (O61) O61 - LFC: 2014/02/13 - 21:23:02 ---A- . (...) -- C:\Users\Franz\AppData \Local\SWTOR\swtor\settings\GUIProfiles\Keviaz 1.xml [37562] O61 - LFC: 2014/02/14 - 21:23:02 ---A- . (...) -- C:\Users\Franz\AppData \Local\Mozilla\updates\E7CF176E110C211B\active-update.xml [57] O61 - LFC: 2014/02/14 - 21:23:02 ---A- . (...) -- C:\Users\Franz\AppData \Local\Mozilla\updates\E7CF176E110C211B\updates.xml [14990] O61 - LFC: 2014/02/16 - 21:23:01 ---A- . (...) -- C:\Users\Franz\AppData \Local\Babylon\Setup\Setup.zpb [3822] =>PUP.Babylon O61 - LFC: 2014/02/16 - 21:23:02 ---A- . (...) -- C:\Users\Franz\AppData \Local\SWTOR\CrashDump\swtor\CRASH.dmp [151757] O61 - LFC: 2014/02/16 - 21:23:02 ---A- . (...) -- C:\Users\Franz\AppData \Local\SWTOR\CrashDump\swtor\CRASH.json [1894] O61 - LFC: 2014/02/16 - 21:23:02 ---A- . (...) -- C:\Users\Franz\AppData \Local\SWTOR\swtor\DiskCacheStatic [308576] O61 - LFC: 2014/02/16 - 21:23:02 ---A- . (...) -- C:\Users\Franz\AppData \Local\SWTOR\swtor\DiskCacheStream [2122244] O61 - LFC: 2014/02/16 - 21:23:03 ---A- . (...) -- C:\Users\Franz\AppData \Local\Turbine\PatchClient_2014-2-16_1.log.old [1048633] O61 - LFC: 2014/02/16 - 21:23:03 ---A- . (...) -- C:\Users\Franz\AppData \Roaming\Babylon\log_file.txt [2741] =>PUP.Babylon O61 - LFC: 2014/02/16 - 21:23:04 ---A- . (...) -- C:\Users\Franz\AppData \Roaming\LavasoftStatistics\adaware.xml [825] O61 - LFC: 2014/02/16 - 21:23:15 ---A- . (...) -- C:\Users\Franz\AppData \Roaming\ZHP\Log.txt [53916] =>.Nicolas Coolman O61 - LFC: 2014/02/16 - 21:23:15 ---A- . (...) -- C:\Users\Franz\AppData \Roaming\ZHP\TestsZHPDiag.txt [2852] =>.Nicolas Coolman O61 - LFC: 2014/02/16 - 21:23:15 ---A- . (...) -- C:\Users\Franz\AppData \Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman O61 - LFC: 2014/02/16 - 21:23:15 ---A- . (...) -- C:\Users\Franz\AppData \Roaming\ZHP\ZHPDiag.txt [73927] =>.Nicolas Coolman O61 - LFC: 2014/02/16 - 21:23:30 ---A- . (...) -- C:\Users\Franz\Documents \ZHPDiag.txt [71652] =>.Nicolas Coolman O61 - LFC: 2014/02/16 - 21:23:30 ---A- . (...) -- C:\Users\Franz\Documents \cc_20140216_145218.reg [18374] ~ 7 Fichiers temporaires (Temporary files) ~ Files: 58 Legitimates Filtered in 00mn 31s ---\ List all tools cleaner (LATC) (O63) O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell \open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell \open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\ Search Particular Root Folder (SPRF) (O84) [MD5.F3448B26931A76895281076C1239EB47] [SPRF][2014/02/16] (.No owner - Offline Files Migration Plugin.) -- C:\ProgramData\load32.exe [256512] [MD5.D89B5D0769D1BEEA2F622C61F2401E95] [SPRF][2010/11/11] (.Freebyte.com - HJSplit.) -- C:\Users\Franz\Desktop\hjsplit.exe [201728] [MD5.444D1016CF8768D83B05DCFB9974D001] [SPRF][2014/02/16] (...) -- C: \Users\Franz\Desktop\RogueKiller.exe [3813376] ~ Files: 3 Legitimates Filtered in 00mn 00s ---\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "TCP Query User{8BC905EE-E9AE-4FA3-A3DB-03D4D34FA3AC}C:\program files (x86)\tixati\tixati.exe" |In - Private - P6 - TRUE | .(...) -- C: \program files (x86)\tixati\tixati.exe (.not file.) O87 - FAEL: "UDP Query User{F8FF4C54-244C-4025-B191-8EED1CDEE035}C:\program files (x86)\tixati\tixati.exe" |In - Private - P17 - TRUE | .(...) -- C: \program files (x86)\tixati\tixati.exe (.not file.) O87 - FAEL: "TCP Query User{DEB084E3-EAC9-4891-ADD5-FB5CDBAA989A}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\funcom\age of conan\conanpatcher.exe (.not file.) O87 - FAEL: "UDP Query User{0834CF0B-0F59-4277-8737-8FD3F22E015D}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\funcom\age of conan \conanpatcher.exe (.not file.) O87 - FAEL: "TCP Query User{11FD0FA6-61E3-435D-AD39-082E38CD28A5}C:\program files (x86)\funcom\age of conan\ageofconan.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\funcom\age of conan\ageofconan.exe (.not file.) O87 - FAEL: "UDP Query User{374093BD-70FC-4FDB-AAD7-595727A7C635}C:\program files (x86)\funcom\age of conan\ageofconan.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\funcom\age of conan\ageofconan.exe (.not file.) O87 - FAEL: "{028E5969-5828-44A3-B994-6E7D0A49609E}" |In - Private - P6 - TRUE | .(...) -- C:\SEVENCORE\Launcher.exe (.not file.) O87 - FAEL: "{E602664E-DC97-40A2-8D24-B959207C141C}" |In - Private - P17 - TRUE | .(...) -- C:\SEVENCORE\Launcher.exe (.not file.) O87 - FAEL: "{0DE9E749-9283-4F46-B236-016C6EBF6BC4}" |In - Private - P6 - TRUE | .(...) -- C:\SEVENCORE\SEVENCORE.exe (.not file.) O87 - FAEL: "{F55A4EE0-43DE-4C74-A24C-0883DED6E858}" |In - Private - P17 - TRUE | .(...) -- C:\SEVENCORE\SEVENCORE.exe (.not file.) O87 - FAEL: "TCP Query User{FF421B88-079D-46D1-BB8C-2E48A56E536E}C:\users \franz\appdata\local\akamai\netsession_win.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\franz\appdata\local\akamai\netsession_win.exe (.not file.) O87 - FAEL: "UDP Query User{C7DA8828-A1BA-48EC-89E0-F85BBC53E657}C:\users \franz\appdata\local\akamai\netsession_win.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\franz\appdata\local\akamai\netsession_win.exe (.not file.) O87 - FAEL: "TCP Query User{C201BD45-5C85-4153-9014-E2EBE0D8E3B5}C:\users \franz\appdata\local\akamai\netsession_win.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\franz\appdata\local\akamai\netsession_win.exe (.not file.) O87 - FAEL: "UDP Query User{838F46CC-5702-45EE-8432-050E68A98AA9}C:\users \franz\appdata\local\akamai\netsession_win.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\franz\appdata\local\akamai\netsession_win.exe (.not file.) O87 - FAEL: "TCP Query User{E8B8C03A-D566-4CED-B6FC-972A4F06F2F3}C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe (.not file.) O87 - FAEL: "UDP Query User{584B66C2-2301-4519-B51F-1D2C1AE4DC46}C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\cryptic studios \star trek online\live\gameclient.exe (.not file.) ~ Firewall: 260 Legitimates Filtered in 00mn 00s ---\ Windows Installer Scan (WIS) (O93) (NTFS) [MD5.51E091336BEEEDAF9EE41B8BDC3C9555] [WIS][2011/07/11] (.?????? ?????? - Windows Live Mail setup package.) -- C:\Windows\Installer\140fc6.msi [6745088] ~ WIS: 454 Legitimates Filtered in 00mn 31s ---\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 2014/02/05 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash \FlashPlayerUpdateService.exe SS - | Demand 2014/02/14 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service \maintenanceservice.exe SS - | Disabled 2010/05/04 503080 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe SS - | Demand 1658/07/10 0 | (npggsvc) . (.INCA Internet Co., Ltd..) - C: \Windows\system32\GameMon.des SR - | Auto 2013/12/18 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM \1.0\armsvc.exe SR - | Auto 2012/12/19 240640 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 2014/01/23 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 2011/05/30 36456 | (GREGService) . (.Acer Incorporated.) - C: \Program Files (x86)\Acer\Registration\GREGsvc.exe SR - | Auto 2010/11/05 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology \IAStorDataMgrSvc.exe SR - | Auto 2011/04/22 244624 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe SR - | Auto 2010/12/20 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 2013/04/16 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader \rndlresolversvc.exe SR - | Auto 2010/12/20 2656280 | (UNS) . (.Intel Corporation.) - C: \Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS \UNS.exe SR - | Auto 2009/07/14 27136 | C:\Program Files (x86)\Windows Defender \mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows \System32\svchost.exe SR - | Auto 1658/07/10 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 2009/07/14 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 33s ---\ Search Master Boot Record Infection (MBR)(O80) Run by Franz at 2014/02/16 21:24:28 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Franz at 2014/02/16 21:24:30 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\ List of CD/DVD Emulators (MBR Hook) O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 1601/01/02 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [871408] ~ Emulateurs: Scanned in 00mn 02s ---\ Scan Additionnel (O88) Database Version : 13031 - (2014/02/14) Clés trouvées (Keys found) : 8 Valeurs trouvées (Values found) : 3 Dossiers trouvés (Folders found) : 4 Fichiers trouvés (Files found) : 2 [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights \ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights \ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}] =>Adware.IMBooster [HKCU\Software\APN PIP] =>Toolbar.Ask [HKLM\Software\Wow6432Node\Iminent] =>Adware.IMBooster [HKCU\Software\PIP] =>Toolbar.Ask [HKLM\Software\Wow6432Node\PIP] =>Toolbar.Ask [HKCU\Software\Softonic] =>Toolbar.Conduit [HKLM\Software\Classes\Prod.cap] =>PUP.Babylon [HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{84FF7BD6-B47F- 46F8-9130-01B2696B36CB} =>Adware.IMBooster C:\ProgramData\Babylon =>PUP.Babylon^ C:\Users\Franz\AppData\Roaming\Babylon =>PUP.Babylon^ C:\Users\Franz\AppData\Local\Babylon =>PUP.Babylon^ C:\Program Files (x86)\DAEMON Tools Toolbar =>Toolbar.Agent [HKCU\Software\Conduit] =>Toolbar.Conduit^ [HKCU\Software\IminentToolbar] =>Adware.IMBooster^ ~ Additionnel Scan: 307737 Items scanned in 00mn 16s ---\ Summary of the detections found on your workstation ~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>PUP.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask ~ MSI: 4 link(s) detected in 00mn 16s ~ 1840 Legitimates filtered by white list End of the scan (559 lines in 02mn 58s)(0)

lilidurhone · Answer

Tu as dû installer des logiciels potentiellement indésirables


Pour éviter ce genre de problème :

- Ne télécharge aucun programme proposé dans des publicités ou sur des sites suspects. A noter que certains sites connus comme O1net, Softronic, Tuto4PC, etc modifient parfois les programmes proposés au téléchargement pour y ajouter des logiciels publicitaires ==> Préfère toujours le téléchargement directement sur le site de l'éditeur.


- Au cours de l'installation d'un programme gratuit, lis bien attentivement et décoche tous les programmes additionnels qui sont proposés, en particulier les barres d'outils.

Pour ton information lis ces dossier sur les Programmes Potentiellement Indésirables et Les Barres d'Outils ce n'est pas obligatoires

* Télécharge cet outil simple d'utilisation 

http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner (de Xplode) sur ton bureau.


* Si problème avec le 1er lien prends le ici https://www.commentcamarche.net/telecharger/securite/2759-adwcleaner/

* Lance le (Sous vista/seven/8 clic droit dessus,et sur exécuter en tant qu'administrateur)si tu es sous xp double cliques dessus

* Cliques sur scanner 
* Poste le rapport de recherche C:\Adwcleaner[R]

* Note le rapport de recherche est également sauvegardé sous C:\Adwcleaner[R1]

dispride · Answer

Après scan et redémarrage, voici le rapport : 

# AdwCleaner v3.018 - Rapport cree le 16/02/2014 a 21:45:09
# Mis a jour le 28/01/2014 par Xplode
# Systeme d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Franz - PANDEMONIUM
# Execute depuis : C:\Users\Franz\Desktop\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprime : C:\ProgramData\Babylon
Dossier Supprime : C:\Program Files (x86)\DAEMON Tools Toolbar
Dossier Supprime : C:\Users\Franz\AppData\Local\Babylon
Dossier Supprime : C:\Users\Franz\AppData\LocalLow\boost_interprocess
Dossier Supprime : C:\Users\Franz\AppData\Roaming\Babylon
Fichier Supprime : C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\myt7ain5.default\user.js

***** [ Raccourcis ] *****


***** [ Registre ] *****

Cle Supprimee : HKLM\SOFTWARE\Classes\Prod.cap
Cle Supprimee : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Cle Supprimee : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Cle Supprimee : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Valeur Supprimee : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Cle Supprimee : HKCU\Software\APN PIP
Cle Supprimee : HKCU\Software\Conduit
Cle Supprimee : HKCU\Software\PIP
Cle Supprimee : HKCU\Software\Softonic
Cle Supprimee : HKLM\Software\Iminent
Cle Supprimee : HKLM\Software\PIP

***** [ Navigateurs ] *****

-\ Internet Explorer v11.0.9600.16518


-\ Mozilla Firefox v27.0.1 (fr)

[ Fichier : C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\myt7ain5.default\prefs.js ]

Ligne Supprimee : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.14,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1");
Ligne Supprimee : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Ligne Supprimee : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\:\/\/(.+\.)?ask\.com\/.*");
Ligne Supprimee : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

*************************

AdwCleaner[R0].txt - [2867 octets] - [16/02/2014 21:43:11]
AdwCleaner[S0].txt - [2650 octets] - [16/02/2014 21:45:09]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2710 octets] ##########

lilidurhone · Answer

On va faire un scan généralisé pour voir si d'autres infections ne se cachent pas

Attention le scan peut durer assez longtemps environ 2h voire plus suivant la capacité des disques durs

* Télécharge MalwareBytes' anti-malware sur le bureau
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/

* Cliques droit sur l'icône Download_mbam-setup.exe afin de l'exécuter en tant qu'admin pour lancer le processus d'installation

* Si le pare-feu demande l'autorisation de se connecter pour malwareBytes, accepte

* Décoche pour la version d'essai pour malwarebytes pro

* Il va se mettre à jour une fois faite

* Va dans l'onglet recherche

* Sélectionne exécuter un examen complet

* Clique sur rechercher

* Le scan démarre
 
* A la fin de l'analyse, le message s'affiche: L'examen s'est terminé normalement.

* Clique sur afficher les résultats pour afficher les objets trouvés

* Clique sur OK pour poursuivre

* Si des malwares ont été détectés, cliquer sur afficher les résultats

* Sélectionne tout (ou laisser coché)

* Clique sur tout supprimer

* MalwareBytes va détruire les fichiers et les clés de registre et en mettre une
copie dans la quarantaine

* Malwarebytes va ouvrir le bloc-note et y copier le rapport

* Redémarre le PC

* Une fois redémarré, double-clique sur MalwareBytes

* Va dans l'onglet rapport/log

* Clique dessus pour l'afficher une fois affiché, cliquer sur édition
en haut du bloc-note puis sur sélectionner tout

* Reviens sur édition, puis sur copier et reviens
sur le forum dans ta réponse

* Clic droit dans le cadre de la réponse et coller

Bonne chance

dispride · Answer

L'analyse est faite, et 6 éléments ont été supprimés, dont le "load32.exe", mais je ne peux pas ouvrir le rapport : j'ai reçu le message "accès refusé" quand il a essayé de le copier dans Notepad, et le même message s'affiche quand j'essaie de l'ouvrir.

dispride · Answer

Ceci étant dit, mes problèmes semblent avoir cessé : load32.exe etnt32.exe n'aparaissent plus dans le gestionnaire, et l'interpréteur de commandes windows ne m'interpelle plus au démarrage.

lilidurhone · Answer

Hello

J'aurais bien aimé voir le rapport de Mbam 

Refais un zhpdiag

dispride · Answer

le rapport mbam reste en mémoire, mais je peux toujours pas l'ouvrir. Voici le rapport zhp ; ~ Report of ZHPDiag v2014.2.14.14 - Nicolas Coolman (2014/02/14) ~ Launched by Franz (2014/02/17 11:53:05) ~ Web site address : https://nicolascoolman.webs.com/ ~ Free support forums for disinfection : https://nicolascoolman.webs.com/ ~ Translated by ~ Version State : ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Activate by user ---\ Internet browsers MSIE: Internet Explorer v11.0.9600.16518 MFIE: Mozilla Firefox 27.0.1 (Defaut) ---\ Windows product information ~ Langage: Anglais Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK ~ Windows Partial Key : 7QJB7 Windows License : OK ~ Windows Remaining Initializations Number : 2 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\ System protection software avast! Free Antivirus v9.0.2013 Malwarebytes Anti-Malware version 1.75.0.1300 Windows Defender W7 ---\ System optimization software CCleaner v2.29 =>Piriform Ltd ---\ Sharing software PeerToPeer µTorrent v3.3.0.29544 =>P2P.µTorrent ---\ Surveillance software Adobe Flash Player 12 Plugin Adobe Reader X Java 7 Update 51 ---\ Information on the system ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4078.0 MB (55% free) System Restore: Activé (Enable) System drive C: has 736 GB (79%) free of 922 GB ---\ Connection to the system mode ~ Computer Name: PANDEMONIUM ~ User Name: Franz ~ All Users Names: HomeGroupUser$, Franz, ASPNET, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Franz\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Franz\AppData\Roaming\ ~ %Desktop% : C:\Users\Franz\Desktop\ ~ %Favorites% : C:\Users\Franz\Favorites\ ~ %LocalAppData% : C:\Users\Franz\AppData\Local\ ~ %StartMenu% : C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 736 Go of 922 Go) D: Hard drive, Flash drive, Thumb drive (Free 757 Go of 922 Go) E: CD-ROM drive (Not Inserted) F: Floppy drive, Flash card reader, USB Key (Not Inserted) G: Floppy drive, Flash card reader, USB Key (Not Inserted) H: CD-ROM drive (Not Inserted) ---\ State of the Windows Security Center [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\ Search Generic System Files [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.2011/02/25 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2009/07/14 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.263B6E451526A90FF8B1CEC759F22956] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2014/02/06 - 10:24:52.) -- C:\Windows\System32\wininet.dll [2334208] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.2010/11/21 - 4:24:29.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.2010/11/21 - 4:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2013/09/28 - 2:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009/07/14 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009/07/14 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010/11/21 - 4:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010/11/21 - 4:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010/11/21 - 4:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.2009/07/14 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.2009/07/14 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011/04/27 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.2010/11/21 - 4:23:51.) -- C:\Windows\system32\Drivers etBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2013/04/12 - 15:45:08.) -- C:\Windows\system32\Drivers tfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.2009/07/14 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2010/11/21 - 4:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.2009/07/14 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.2010/11/21 - 4:24:32.) -- C:\Windows\system32\Drivers dx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2010/11/21 - 4:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 1/2 ~ Mes Favoris (My Favorites) : 1/18 ~ Mes Documents (My Documents) : 1/1928 ~ Mon Bureau (My Desktop) : 1/105 ~ Menu demarrer (Programs) : 1/46 ~ Hidden Files: Scanned in 00mn 00s ---\ Process running [MD5.225518F190EDBC37CA32197A3E94B498] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update ealsched.exe [295512] [PID.3124] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3224] [MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.3436] [MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.2628] [MD5.B5C774CFA944AF3E9A42B592B476F570] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8337920] [PID.4348] [MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1364] [MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1728] [MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456] [PID.1780] [MD5.B705C7097F9A0EC941D02DCE7C7D426C] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624] [PID.1816] [MD5.B2D01290C0E0465ACA54C2088E947823] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader ndlresolversvc.exe [39056] [PID.1948] [MD5.8FFF9083252C16FE3960173722605E9E] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.1984] [MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.2552] [MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.1256] ~ Processes Running: Scanned in 00mn 00s ---\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\myt7ain5.default\prefs.js ~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s ---\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 02s ~ Nombre de lignes (Lines number): 15516 ---\ Internet Explorer toolbars (O3) O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ~ Toolbar: Scanned in 00mn 00s ---\ Other User Links (O4) O4 - GS\Desktop [Public]: Dragon Age II.lnk . (.BioWare - Launcher Application.) -- C:\Program Files (x86)\dao\Dragon Age 2\DragonAge2Launcher.exe O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Desktop [Public]: Star Wars Knights of the Old Republic II - The Sith Lords.lnk . (.Obsidian Entertainment, Inc. - Star Wars: Knights of the Old Republic II:.) -- C:\Program Files (x86)\LucasArts\SWKotOR2\swkotor2.exe O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\Program [Public]: Dragon Age 2 Mark of the Assassin Expansion.lnk - Orphan key O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [Franz]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [Franz]: Mass Effect.lnk . (.BioWare - Launcher Application.) -- C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe O4 - GS\QuickLaunch [Franz]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\TaskBar [Franz]: MPC-HC.lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files (x86)\MPC-HC\mpc-hc.exe O4 - GS\Program [Franz]: DC Universe Online Live.lnk . (...) -- C:\Users\Public\Sony Online Entertainment\Installed Games\DC Universe Online Live\LaunchPad.exe (.not file.) O4 - GS\Program [Franz]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SystemTools [Franz]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [Franz]: Jeux - Raccourci.lnk - Orphan key O4 - GS\Desktop [Franz]: Mass Effect 2 - Raccourci.lnk - Orphan key O4 - GS\Desktop [Franz]: Mass Effect.lnk . (.BioWare - Launcher Application.) -- C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe O4 - GS\Desktop [Franz]: Mass Effect(TM) 3 - Raccourci.lnk - Orphan key O4 - GS\Desktop [Franz]: MPC-HC.lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files (x86)\MPC-HC\mpc-hc.exe O4 - GS\Desktop [Franz]: Ordinateur - Raccourci.lnk - Orphan key O4 - GS\Desktop [Franz]: Play Dragon Age Origins.lnk . (.BioWare - Launcher Application.) -- C:\Program Files (x86)\dao\Dragon Age Origins\DAOriginsLauncher.exe O4 - GS\Desktop [Franz]: Star Wars - The Old Republic.lnk . (.BioWare - SWTOR Launcher.) -- C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe O4 - GS\Desktop [Franz]: swkotor - Raccourci.lnk . (...) -- C:\Program Files (x86)\LucasArts\SWKotOR\swkotor.exe (.not file.) O4 - GS\Desktop [Franz]: Tarobot.lnk . (...) -- C:\Program Files (x86)\Tarobot arobot.exe ~ Global Startup: 72 Legitimates Filtered in 00mn 01s ---\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc O4 - HKLM\..\Wow6432Node\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update ealsched.exe =>.RealNetworks, Inc O4 - HKLM\..\Wow6432Node\Run: [DivXUpdate] . (.No owner - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe ~ Application: Scanned in 00mn 00s ---\ Site in Trusted Zone (O15) O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com ~ IE Zone Confiance: Scanned in 00mn 01s ---\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{E2036B6D-929C-4B58-88CF-20251397EEF0}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{E2036B6D-929C-4B58-88CF-20251397EEF0}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{E2036B6D-929C-4B58-88CF-20251397EEF0}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 ~ Domain: Scanned in 00mn 00s ---\ Extra protocols (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\ Task Planned Automatically (039) [MD5.00000000000000000000000000000000] [APT] [Ad-Aware Scan (f)] (...) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{1BCA10CF-C513-4A5D-A95A-7465A3700D86}] (...) -- H:\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{3208443D-67BB-4D38-9E78-736366884357}] (...) -- H:\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{3540FB12-4DFA-48E8-A2D7-D58696BA63ED}] (...) -- H:\INSTALL.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{3FE881BE-0323-420A-AF17-76D278532058}] (...) -- H:\OriginInstaller.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{568FA138-B185-4A77-9894-BCECBA114440}] (...) -- C:\Program Files (x86)\Revolution\REVOUNIN.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{5ECF279A-2BB2-4E18-81CF-2A5140281EF1}] (...) -- H: call2t.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{8FDC5332-5A41-4A1A-A0AE-3FAA98865EB8}] (...) -- H:\Installer.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{98F394D1-0BFC-47F7-B17B-A48803FCE144}] (...) -- C:\hen\?????U???Y???A\UnInst.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{A8E1BACE-B5CD-48CF-B45F-569E21FD797A}] (...) -- C:\Program Files (x86)\InstallShield Installation Information\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}\Setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{C2F9E6DB-E018-4BFB-AC05-671D2D30BF43}] (...) -- H:\INNAIVTT.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{C7242DB8-1C10-4A02-8424-0C39057E0974}] (...) -- H:\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{F12637D0-941F-4228-9C7C-5620149E056F}] (...) -- H:\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{F9355B98-75ED-4F9A-A025-EBC4115E03B6}] (...) -- H:\setup.exe (.not file.) [0] ~ Scheduled Task: 34 Legitimates Filtered in 00mn 04s ---\ Software installed (O42) O42 - Logiciel: Kotor Tool - (...) [HKLM][64Bits] -- Kotor Tool O42 - Logiciel: M4-78 Enhancement Project - (...) [HKLM][64Bits] -- The Sith Lords Restored Content Mod_is1 O42 - Logiciel: piaip AppLocale - (.MS.) [HKLM][64Bits] -- {394BE3D9-7F57-4638-A8D1-1D88671913B7} ~ Logic: 29 Legitimates Filtered in 00mn 00s ---\ HKCU & HKLM Software Keys [HKCU\Software\DarkNite] [HKCU\Software\MS] [HKCU\Software\MarbleStone] [HKCU\Software\dmm] [HKLM\Software\CypherTec] [HKLM\Software\Wow6432Node\"'`÷OEn] ~ Key Software: 336 Legitimates Filtered in 00mn 00s ---\ Contents of the Common Files folders (O43) O43 - CFD: 2013/04/12 - 13:50:01 - [374.812] ----D C:\Program Files (x86)\dao O43 - CFD: 2012/10/14 - 16:14:23 - [0] ----D C:\Program Files (x86)\Pando Networks O43 - CFD: 2013/08/06 - 11:50:00 - [0] ----D C:\Program Files (x86)\Common Files\WuShu_0.0.1.034 O43 - CFD: 2014/02/16 - 20:36:28 - [1.931] --H-D C:\ProgramData\NTKernel O43 - CFD: 2013/05/04 - 21:01:03 - [0] ----D C:\Users\Franz\AppData\Roaming\DMM O43 - CFD: 2013/10/13 - 1:36:41 - [0] ----D C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kotor Tool ~ Program Folder: 211 Legitimates Filtered in 00mn 21s ---\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.ADE15DDE041005A70F7909A0283B2E63] - 2014/02/08 - 10:50:41 ---A- . (...) -- C:\AlphaDiscLog.txt [291] O44 - LFC:[MD5.DC5B07F3E7456F6CDD5A4892BCF67A9A] - 2014/02/09 - 17:48:42 ---A- . (...) -- C:\bksk_execlog.txt [143005] O44 - LFC:[MD5.714A6AA2AB37724F0C08170C11677DB4] - 2014/02/11 - 13:40:39 ---A- . (...) -- C:\Windows\wininit.ini [837] O44 - LFC:[MD5.50EAD127549AD36023C83E91F606EAE5] - 2014/02/16 - 21:05:32 ---A- . (...) -- C:\UsbFix [Scan 1] PANDEMONIUM.txt [6633] ~ Files: 52 Legitimates Filtered in 00mn 20s ---\ Last files created in Windows Prefetcher (O45) O45 - LFCP:[MD5.9577FC719DD421C8C123106663F1FD77] - 2014/02/17 - 2:56:08 ---A- - C:\Windows\Prefetch\TAROBOT.EXE-19C1703C.pf O45 - LFCP:[MD5.D32E70A90D6AB297C5ECB48E922EAA5E] - 2014/02/17 - 3:00:02 ---A- - C:\Windows\Prefetch\INSTUP.EXE-DCA24DB4.pf ~ Prefetcher: 73 Legitimates Filtered in 00mn 00s ---\ MountPoints2 Shell Key (MPKS) (O51) O51 - MPSK:{9f6271bc-cd0c-11e1-93e1-c89cdcd1a678}\AutoRun\command. (...) -- H:\autorun.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 2013/11/26 - 20:47:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 2014/01/01 - 21:02:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904] O58 - SDL:[MD5.B4BDE3F758A34658A37DFED3D9783CD8] - 2012/08/06 - 7:43:11 ---A- . (...) -- C:\Windows\System32\Drivers\atksgt.sys [88480] O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 2009/07/14 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 2009/06/10 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:[MD5.955982BF4421B77722196552B62E8DC2] - 2012/08/06 - 7:43:09 ---A- . (...) -- C:\Windows\System32\Drivers\lirsgt.sys [46400] O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 1601/01/02 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [871408] O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 2009/07/14 - 2:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] ~ Drivers: 16 Legitimates Filtered in 00mn 02s ---\ Last modified or created user files (O61) O61 - LFC: 2014/02/14 - 11:54:15 ---A- . (...) -- C:\Users\Franz\AppData\Local\Mozilla\updates\E7CF176E110C211B\active-update.xml [57] O61 - LFC: 2014/02/14 - 11:54:15 ---A- . (...) -- C:\Users\Franz\AppData\Local\Mozilla\updates\E7CF176E110C211B\updates.xml [14990] O61 - LFC: 2014/02/16 - 11:54:15 ---A- . (...) -- C:\Users\Franz\AppData\Local\SWTOR\CrashDump\swtor\CRASH.dmp [151757] O61 - LFC: 2014/02/16 - 11:54:15 ---A- . (...) -- C:\Users\Franz\AppData\Local\SWTOR\CrashDump\swtor\CRASH.json [1894] O61 - LFC: 2014/02/16 - 11:54:15 ---A- . (...) -- C:\Users\Franz\AppData\Local\SWTOR\swtor\DiskCacheStatic [308576] O61 - LFC: 2014/02/16 - 11:54:15 ---A- . (...) -- C:\Users\Franz\AppData\Local\SWTOR\swtor\DiskCacheStream [2122244] O61 - LFC: 2014/02/16 - 11:54:16 ---A- . (...) -- C:\Users\Franz\AppData\Local\Turbine\PatchClient_2014-2-16_1.log.old [1048633] O61 - LFC: 2014/02/16 - 11:54:17 ---A- . (...) -- C:\Users\Franz\AppData\Roaming\LavasoftStatistics\adaware.xml [825] O61 - LFC: 2014/02/16 - 11:54:27 ---A- . (...) -- C:\Users\Franz\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman O61 - LFC: 2014/02/16 - 11:54:27 ---A- . (...) -- C:\Users\Franz\AppData\Roaming\ZHP\ZHPDiag.txt [42446] =>.Nicolas Coolman O61 - LFC: 2014/02/16 - 11:54:44 ---A- . (...) -- C:\Users\Franz\Documents\HOTOTOGISU\data0.bmp [76392] O61 - LFC: 2014/02/16 - 11:54:44 ---A- . (...) -- C:\Users\Franz\Documents\HOTOTOGISU\data1000.ksd [53100] O61 - LFC: 2014/02/16 - 11:54:44 ---A- . (...) -- C:\Users\Franz\Documents\HOTOTOGISU\data990.bmp [74722] O61 - LFC: 2014/02/16 - 11:54:44 ---A- . (...) -- C:\Users\Franz\Documents\HOTOTOGISU\data998.ksd [53100] O61 - LFC: 2014/02/16 - 11:54:44 ---A- . (...) -- C:\Users\Franz\Documents\HOTOTOGISU\data999.ksd [66296] O61 - LFC: 2014/02/16 - 11:54:44 ---A- . (...) -- C:\Users\Franz\Documents\HOTOTOGISU\datasc.ksd [37040] O61 - LFC: 2014/02/16 - 11:54:44 ---A- . (...) -- C:\Users\Franz\Documents\HOTOTOGISU\datasu.ksd [38754] O61 - LFC: 2014/02/16 - 11:54:44 ---A- . (...) -- C:\Users\Franz\Documents\HOTOTOGISU\krenvprf.kep [78] O61 - LFC: 2014/02/16 - 11:54:44 ---A- . (...) -- C:\Users\Franz\Documents\ZHPDiag.txt [40333] =>.Nicolas Coolman O61 - LFC: 2014/02/16 - 11:54:44 ---A- . (...) -- C:\Users\Franz\Documents\cc_20140216_145218.reg [18374] O61 - LFC: 2014/02/17 - 11:54:27 ---A- . (...) -- C:\Users\Franz\AppData\Roaming\ZHP\Log.txt [75175] =>.Nicolas Coolman O61 - LFC: 2014/02/17 - 11:54:27 ---A- . (...) -- C:\Users\Franz\AppData\Roaming\ZHP\TestsZHPDiag.txt [2852] =>.Nicolas Coolman ~ 8 Fichiers temporaires (Temporary files) ~ Files: 64 Legitimates Filtered in 00mn 34s ---\ List all tools cleaner (LATC) (O63) O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\ Search Particular Root Folder (SPRF) (O84) [MD5.D89B5D0769D1BEEA2F622C61F2401E95] [SPRF][2010/11/11] (.Freebyte.com - HJSplit.) -- C:\Users\Franz\Desktop\hjsplit.exe [201728] ~ Files: 1 Legitimates Filtered in 00mn 00s ---\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "TCP Query User{8BC905EE-E9AE-4FA3-A3DB-03D4D34FA3AC}C:\program files (x86) ixati ixati.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86) ixati ixati.exe (.not file.) O87 - FAEL: "UDP Query User{F8FF4C54-244C-4025-B191-8EED1CDEE035}C:\program files (x86) ixati ixati.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86) ixati ixati.exe (.not file.) O87 - FAEL: "TCP Query User{DEB084E3-EAC9-4891-ADD5-FB5CDBAA989A}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\funcom\age of conan\conanpatcher.exe (.not file.) O87 - FAEL: "UDP Query User{0834CF0B-0F59-4277-8737-8FD3F22E015D}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\funcom\age of conan\conanpatcher.exe (.not file.) O87 - FAEL: "TCP Query User{11FD0FA6-61E3-435D-AD39-082E38CD28A5}C:\program files (x86)\funcom\age of conan\ageofconan.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\funcom\age of conan\ageofconan.exe (.not file.) O87 - FAEL: "UDP Query User{374093BD-70FC-4FDB-AAD7-595727A7C635}C:\program files (x86)\funcom\age of conan\ageofconan.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\funcom\age of conan\ageofconan.exe (.not file.) O87 - FAEL: "{028E5969-5828-44A3-B994-6E7D0A49609E}" |In - Private - P6 - TRUE | .(...) -- C:\SEVENCORE\Launcher.exe (.not file.) O87 - FAEL: "{E602664E-DC97-40A2-8D24-B959207C141C}" |In - Private - P17 - TRUE | .(...) -- C:\SEVENCORE\Launcher.exe (.not file.) O87 - FAEL: "{0DE9E749-9283-4F46-B236-016C6EBF6BC4}" |In - Private - P6 - TRUE | .(...) -- C:\SEVENCORE\SEVENCORE.exe (.not file.) O87 - FAEL: "{F55A4EE0-43DE-4C74-A24C-0883DED6E858}" |In - Private - P17 - TRUE | .(...) -- C:\SEVENCORE\SEVENCORE.exe (.not file.) O87 - FAEL: "TCP Query User{FF421B88-079D-46D1-BB8C-2E48A56E536E}C:\users\franz\appdata\local\akamai etsession_win.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\franz\appdata\local\akamai etsession_win.exe (.not file.) O87 - FAEL: "UDP Query User{C7DA8828-A1BA-48EC-89E0-F85BBC53E657}C:\users\franz\appdata\local\akamai etsession_win.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\franz\appdata\local\akamai etsession_win.exe (.not file.) O87 - FAEL: "TCP Query User{C201BD45-5C85-4153-9014-E2EBE0D8E3B5}C:\users\franz\appdata\local\akamai etsession_win.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\franz\appdata\local\akamai etsession_win.exe (.not file.) O87 - FAEL: "UDP Query User{838F46CC-5702-45EE-8432-050E68A98AA9}C:\users\franz\appdata\local\akamai etsession_win.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\franz\appdata\local\akamai etsession_win.exe (.not file.) O87 - FAEL: "TCP Query User{E8B8C03A-D566-4CED-B6FC-972A4F06F2F3}C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe (.not file.) O87 - FAEL: "UDP Query User{584B66C2-2301-4519-B51F-1D2C1AE4DC46}C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe (.not file.) ~ Firewall: 260 Legitimates Filtered in 00mn 00s ---\ Windows Installer Scan (WIS) (O93) (NTFS) [MD5.51E091336BEEEDAF9EE41B8BDC3C9555] [WIS][2011/07/11] (.?????? ?????? - Windows Live Mail setup package.) -- C:\Windows\Installer\140fc6.msi [6745088] ~ WIS: 454 Legitimates Filtered in 00mn 32s ---\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 2014/02/05 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 2014/02/14 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Disabled 2010/05/04 503080 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe SS - | Demand 1658/07/10 0 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des SR - | Auto 2013/12/18 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 2012/12/19 240640 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 2014/01/23 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 2011/05/30 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe SR - | Auto 2010/11/05 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 2011/04/22 244624 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe SR - | Auto 2010/12/20 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 2013/04/16 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader ndlresolversvc.exe SR - | Auto 2010/12/20 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Auto 2009/07/14 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 1658/07/10 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 2009/07/14 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 34s ---\ Search Master Boot Record Infection (MBR)(O80) Run by Franz at 2014/02/17 11:55:46 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Franz at 2014/02/17 11:55:48 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\ List of CD/DVD Emulators (MBR Hook) O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 1601/01/02 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [871408] ~ Emulateurs: Scanned in 00mn 02s ---\ Scan Additionnel (O88) Database Version : 13031 - (2014/02/14) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 ~ Additionnel Scan: 308168 Items scanned in 00mn 15s ---\ Summary of the detections found on your workstation ~ MSI: 0 link(s) detected in 00mn 15s ~ 1771 Legitimates filtered by white list End of the scan (512 lines in 02mn 58s)(0)

lilidurhone · Answer

Et en désactivant avast?

Y a plus grand chose 

On finit cet am :)

dispride · Answer

A vrai dire, maintenant que le problème a disparu, je pensais que c'était déjà fini, mais je suppose que c'est toujours plus compliqué que ça. Voici le rapport ZHP avec Avast désactivé : ~ Report of ZHPDiag v2014.2.14.14 - Nicolas Coolman (2014/02/14) ~ Launched by Franz (2014/02/17 12:53:39) ~ Web site address : https://nicolascoolman.webs.com/ ~ Free support forums for disinfection : https://nicolascoolman.webs.com/ ~ Translated by ~ Version State : ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Deactivate by program ---\ Internet browsers MSIE: Internet Explorer v11.0.9600.16518 MFIE: Mozilla Firefox 27.0.1 (Defaut) ---\ Windows product information ~ Langage: Anglais Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK ~ Windows Partial Key : 7QJB7 Windows License : OK ~ Windows Remaining Initializations Number : 2 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\ System protection software avast! Free Antivirus v9.0.2013 Malwarebytes Anti-Malware version 1.75.0.1300 Windows Defender W7 ---\ System optimization software CCleaner v2.29 =>Piriform Ltd ---\ Sharing software PeerToPeer µTorrent v3.3.0.29544 =>P2P.µTorrent ---\ Surveillance software Adobe Flash Player 12 Plugin Adobe Reader X Java 7 Update 51 ---\ Information on the system ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4078.0 MB (69% free) System Restore: Activé (Enable) System drive C: has 736 GB (79%) free of 922 GB ---\ Connection to the system mode ~ Computer Name: PANDEMONIUM ~ User Name: Franz ~ All Users Names: HomeGroupUser$, Franz, ASPNET, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Franz\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Franz\AppData\Roaming\ ~ %Desktop% : C:\Users\Franz\Desktop\ ~ %Favorites% : C:\Users\Franz\Favorites\ ~ %LocalAppData% : C:\Users\Franz\AppData\Local\ ~ %StartMenu% : C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 736 Go of 922 Go) D: Hard drive, Flash drive, Thumb drive (Free 757 Go of 922 Go) E: CD-ROM drive (Not Inserted) F: Floppy drive, Flash card reader, USB Key (Not Inserted) G: Floppy drive, Flash card reader, USB Key (Not Inserted) H: CD-ROM drive (Not Inserted) ---\ State of the Windows Security Center [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 41 Legitimates Filtered in 00mn 00s ---\ Search Generic System Files [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.2011/02/25 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2009/07/14 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.263B6E451526A90FF8B1CEC759F22956] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2014/02/06 - 10:24:52.) -- C:\Windows\System32\wininet.dll [2334208] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.2010/11/21 - 4:24:29.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.2010/11/21 - 4:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2013/09/28 - 2:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009/07/14 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009/07/14 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010/11/21 - 4:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010/11/21 - 4:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010/11/21 - 4:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.2009/07/14 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.2009/07/14 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011/04/27 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.2010/11/21 - 4:23:51.) -- C:\Windows\system32\Drivers etBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2013/04/12 - 15:45:08.) -- C:\Windows\system32\Drivers tfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.2009/07/14 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2010/11/21 - 4:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.2009/07/14 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.2010/11/21 - 4:24:32.) -- C:\Windows\system32\Drivers dx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2010/11/21 - 4:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 1/2 ~ Mes Favoris (My Favorites) : 1/18 ~ Mes Documents (My Documents) : 1/1928 ~ Mon Bureau (My Desktop) : 1/105 ~ Menu demarrer (Programs) : 1/46 ~ Hidden Files: Scanned in 00mn 00s ---\ Process running [MD5.225518F190EDBC37CA32197A3E94B498] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update ealsched.exe [295512] [PID.3124] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3224] [MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.3436] [MD5.B5C774CFA944AF3E9A42B592B476F570] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8337920] [PID.3988] [MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1364] [MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1728] [MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456] [PID.1780] [MD5.B705C7097F9A0EC941D02DCE7C7D426C] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624] [PID.1816] [MD5.B2D01290C0E0465ACA54C2088E947823] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader ndlresolversvc.exe [39056] [PID.1948] [MD5.8FFF9083252C16FE3960173722605E9E] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.1984] [MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.2552] [MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.1256] ~ Processes Running: Scanned in 00mn 00s ---\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\myt7ain5.default\prefs.js ~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s ---\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 02s ~ Nombre de lignes (Lines number): 15516 ---\ Internet Explorer toolbars (O3) O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ~ Toolbar: Scanned in 00mn 00s ---\ Other User Links (O4) O4 - GS\Desktop [Public]: Dragon Age II.lnk . (.BioWare - Launcher Application.) -- C:\Program Files (x86)\dao\Dragon Age 2\DragonAge2Launcher.exe O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Desktop [Public]: Star Wars Knights of the Old Republic II - The Sith Lords.lnk . (.Obsidian Entertainment, Inc. - Star Wars: Knights of the Old Republic II:.) -- C:\Program Files (x86)\LucasArts\SWKotOR2\swkotor2.exe O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\Program [Public]: Dragon Age 2 Mark of the Assassin Expansion.lnk - Orphan key O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [Franz]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [Franz]: Mass Effect.lnk . (.BioWare - Launcher Application.) -- C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe O4 - GS\QuickLaunch [Franz]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\TaskBar [Franz]: MPC-HC.lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files (x86)\MPC-HC\mpc-hc.exe O4 - GS\Program [Franz]: DC Universe Online Live.lnk . (...) -- C:\Users\Public\Sony Online Entertainment\Installed Games\DC Universe Online Live\LaunchPad.exe (.not file.) O4 - GS\Program [Franz]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SystemTools [Franz]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [Franz]: Jeux - Raccourci.lnk - Orphan key O4 - GS\Desktop [Franz]: Mass Effect 2 - Raccourci.lnk - Orphan key O4 - GS\Desktop [Franz]: Mass Effect.lnk . (.BioWare - Launcher Application.) -- C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe O4 - GS\Desktop [Franz]: Mass Effect(TM) 3 - Raccourci.lnk - Orphan key O4 - GS\Desktop [Franz]: MPC-HC.lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files (x86)\MPC-HC\mpc-hc.exe O4 - GS\Desktop [Franz]: Ordinateur - Raccourci.lnk - Orphan key O4 - GS\Desktop [Franz]: Play Dragon Age Origins.lnk . (.BioWare - Launcher Application.) -- C:\Program Files (x86)\dao\Dragon Age Origins\DAOriginsLauncher.exe O4 - GS\Desktop [Franz]: Star Wars - The Old Republic.lnk . (.BioWare - SWTOR Launcher.) -- C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe O4 - GS\Desktop [Franz]: swkotor - Raccourci.lnk . (...) -- C:\Program Files (x86)\LucasArts\SWKotOR\swkotor.exe (.not file.) O4 - GS\Desktop [Franz]: Tarobot.lnk . (...) -- C:\Program Files (x86)\Tarobot arobot.exe ~ Global Startup: 72 Legitimates Filtered in 00mn 00s ---\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc O4 - HKLM\..\Wow6432Node\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update ealsched.exe =>.RealNetworks, Inc O4 - HKLM\..\Wow6432Node\Run: [DivXUpdate] . (.No owner - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe ~ Application: Scanned in 00mn 00s ---\ Site in Trusted Zone (O15) O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com ~ IE Zone Confiance: Scanned in 00mn 01s ---\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{E2036B6D-929C-4B58-88CF-20251397EEF0}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{E2036B6D-929C-4B58-88CF-20251397EEF0}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{E2036B6D-929C-4B58-88CF-20251397EEF0}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 ~ Domain: Scanned in 00mn 00s ---\ Extra protocols (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\ Task Planned Automatically (039) [MD5.00000000000000000000000000000000] [APT] [Ad-Aware Scan (f)] (...) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{1BCA10CF-C513-4A5D-A95A-7465A3700D86}] (...) -- H:\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{3208443D-67BB-4D38-9E78-736366884357}] (...) -- H:\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{3540FB12-4DFA-48E8-A2D7-D58696BA63ED}] (...) -- H:\INSTALL.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{3FE881BE-0323-420A-AF17-76D278532058}] (...) -- H:\OriginInstaller.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{568FA138-B185-4A77-9894-BCECBA114440}] (...) -- C:\Program Files (x86)\Revolution\REVOUNIN.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{5ECF279A-2BB2-4E18-81CF-2A5140281EF1}] (...) -- H: call2t.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{8FDC5332-5A41-4A1A-A0AE-3FAA98865EB8}] (...) -- H:\Installer.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{98F394D1-0BFC-47F7-B17B-A48803FCE144}] (...) -- C:\hen\?????U???Y???A\UnInst.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{A8E1BACE-B5CD-48CF-B45F-569E21FD797A}] (...) -- C:\Program Files (x86)\InstallShield Installation Information\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}\Setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{C2F9E6DB-E018-4BFB-AC05-671D2D30BF43}] (...) -- H:\INNAIVTT.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{C7242DB8-1C10-4A02-8424-0C39057E0974}] (...) -- H:\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{F12637D0-941F-4228-9C7C-5620149E056F}] (...) -- H:\setup.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{F9355B98-75ED-4F9A-A025-EBC4115E03B6}] (...) -- H:\setup.exe (.not file.) [0] ~ Scheduled Task: 34 Legitimates Filtered in 00mn 01s ---\ Software installed (O42) O42 - Logiciel: Kotor Tool - (...) [HKLM][64Bits] -- Kotor Tool O42 - Logiciel: M4-78 Enhancement Project - (...) [HKLM][64Bits] -- The Sith Lords Restored Content Mod_is1 O42 - Logiciel: piaip AppLocale - (.MS.) [HKLM][64Bits] -- {394BE3D9-7F57-4638-A8D1-1D88671913B7} ~ Logic: 29 Legitimates Filtered in 00mn 00s ---\ HKCU & HKLM Software Keys [HKCU\Software\DarkNite] [HKCU\Software\MS] [HKCU\Software\MarbleStone] [HKCU\Software\dmm] [HKCU\Software\illusion] [HKLM\Software\CypherTec] [HKLM\Software\Wow6432Node\"'`÷OEn] ~ Key Software: 336 Legitimates Filtered in 00mn 00s ---\ Contents of the Common Files folders (O43) O43 - CFD: 2013/04/12 - 13:50:01 - [374.812] ----D C:\Program Files (x86)\dao O43 - CFD: 2012/10/14 - 16:14:23 - [0] ----D C:\Program Files (x86)\Pando Networks O43 - CFD: 2013/08/06 - 11:50:00 - [0] ----D C:\Program Files (x86)\Common Files\WuShu_0.0.1.034 O43 - CFD: 2014/02/16 - 20:36:28 - [1.931] --H-D C:\ProgramData\NTKernel O43 - CFD: 2013/05/04 - 21:01:03 - [0] ----D C:\Users\Franz\AppData\Roaming\DMM O43 - CFD: 2013/10/13 - 1:36:41 - [0] ----D C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kotor Tool ~ Program Folder: 211 Legitimates Filtered in 00mn 03s ---\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.ADE15DDE041005A70F7909A0283B2E63] - 2014/02/08 - 10:50:41 ---A- . (...) -- C:\AlphaDiscLog.txt [291] O44 - LFC:[MD5.DC5B07F3E7456F6CDD5A4892BCF67A9A] - 2014/02/09 - 17:48:42 ---A- . (...) -- C:\bksk_execlog.txt [143005] O44 - LFC:[MD5.714A6AA2AB37724F0C08170C11677DB4] - 2014/02/11 - 13:40:39 ---A- . (...) -- C:\Windows\wininit.ini [837] O44 - LFC:[MD5.50EAD127549AD36023C83E91F606EAE5] - 2014/02/16 - 21:05:32 ---A- . (...) -- C:\UsbFix [Scan 1] PANDEMONIUM.txt [6633] ~ Files: 52 Legitimates Filtered in 00mn 01s ---\ Last files created in Windows Prefetcher (O45) O45 - LFCP:[MD5.9577FC719DD421C8C123106663F1FD77] - 2014/02/17 - 2:56:08 ---A- - C:\Windows\Prefetch\TAROBOT.EXE-19C1703C.pf O45 - LFCP:[MD5.D32E70A90D6AB297C5ECB48E922EAA5E] - 2014/02/17 - 3:00:02 ---A- - C:\Windows\Prefetch\INSTUP.EXE-DCA24DB4.pf ~ Prefetcher: 82 Legitimates Filtered in 00mn 00s ---\ MountPoints2 Shell Key (MPKS) (O51) O51 - MPSK:{9f6271bc-cd0c-11e1-93e1-c89cdcd1a678}\AutoRun\command. (...) -- H:\autorun.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 2013/11/26 - 20:47:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 2014/01/01 - 21:02:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904] O58 - SDL:[MD5.B4BDE3F758A34658A37DFED3D9783CD8] - 2012/08/06 - 7:43:11 ---A- . (...) -- C:\Windows\System32\Drivers\atksgt.sys [88480] O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 2009/07/14 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 2009/06/10 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:[MD5.955982BF4421B77722196552B62E8DC2] - 2012/08/06 - 7:43:09 ---A- . (...) -- C:\Windows\System32\Drivers\lirsgt.sys [46400] O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 1601/01/02 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [871408] O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 2009/07/14 - 2:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] ~ Drivers: 16 Legitimates Filtered in 00mn 00s ---\ Last modified or created user files (O61) O61 - LFC: 2014/02/14 - 12:54:03 ---A- . (...) -- C:\Users\Franz\AppData\Local\Mozilla\updates\E7CF176E110C211B\active-update.xml [57] O61 - LFC: 2014/02/14 - 12:54:03 ---A- . (...) -- C:\Users\Franz\AppData\Local\Mozilla\updates\E7CF176E110C211B\updates.xml [14990] O61 - LFC: 2014/02/16 - 12:54:03 ---A- . (...) -- C:\Users\Franz\AppData\Local\SWTOR\CrashDump\swtor\CRASH.dmp [151757] O61 - LFC: 2014/02/16 - 12:54:03 ---A- . (...) -- C:\Users\Franz\AppData\Local\SWTOR\CrashDump\swtor\CRASH.json [1894] O61 - LFC: 2014/02/16 - 12:54:03 ---A- . (...) -- C:\Users\Franz\AppData\Local\SWTOR\swtor\DiskCacheStatic [308576] O61 - LFC: 2014/02/16 - 12:54:03 ---A- . (...) -- C:\Users\Franz\AppData\Local\SWTOR\swtor\DiskCacheStream [2122244] O61 - LFC: 2014/02/16 - 12:54:03 ---A- . (...) -- C:\Users\Franz\AppData\Local\Turbine\PatchClient_2014-2-16_1.log.old [1048633] O61 - LFC: 2014/02/16 - 12:54:03 ---A- . (...) -- C:\Users\Franz\AppData\Roaming\LavasoftStatistics\adaware.xml [825] O61 - LFC: 2014/02/16 - 12:54:05 ---A- . (...) -- C:\Users\Franz\Documents\ZHPDiag.txt [40333] =>.Nicolas Coolman O61 - LFC: 2014/02/16 - 12:54:05 ---A- . (...) -- C:\Users\Franz\Documents\cc_20140216_145218.reg [18374] O61 - LFC: 2014/02/17 - 12:54:04 ---A- . (...) -- C:\Users\Franz\AppData\Roaming\ZHP\Log.txt [96434] =>.Nicolas Coolman O61 - LFC: 2014/02/17 - 12:54:04 ---A- . (...) -- C:\Users\Franz\AppData\Roaming\ZHP\TestsZHPDiag.txt [2852] =>.Nicolas Coolman O61 - LFC: 2014/02/17 - 12:54:04 ---A- . (...) -- C:\Users\Franz\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman O61 - LFC: 2014/02/17 - 12:54:04 ---A- . (...) -- C:\Users\Franz\AppData\Roaming\ZHP\ZHPDiag.txt [37859] =>.Nicolas Coolman ~ 8 Fichiers temporaires (Temporary files) ~ Files: 64 Legitimates Filtered in 00mn 03s ---\ List all tools cleaner (LATC) (O63) O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\ Search Particular Root Folder (SPRF) (O84) [MD5.D89B5D0769D1BEEA2F622C61F2401E95] [SPRF][2010/11/11] (.Freebyte.com - HJSplit.) -- C:\Users\Franz\Desktop\hjsplit.exe [201728] ~ Files: 1 Legitimates Filtered in 00mn 00s ---\ Firewall Active Exception List (FirewallRules) (O87) O87 - FAEL: "TCP Query User{8BC905EE-E9AE-4FA3-A3DB-03D4D34FA3AC}C:\program files (x86) ixati ixati.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86) ixati ixati.exe (.not file.) O87 - FAEL: "UDP Query User{F8FF4C54-244C-4025-B191-8EED1CDEE035}C:\program files (x86) ixati ixati.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86) ixati ixati.exe (.not file.) O87 - FAEL: "TCP Query User{DEB084E3-EAC9-4891-ADD5-FB5CDBAA989A}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\funcom\age of conan\conanpatcher.exe (.not file.) O87 - FAEL: "UDP Query User{0834CF0B-0F59-4277-8737-8FD3F22E015D}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\funcom\age of conan\conanpatcher.exe (.not file.) O87 - FAEL: "TCP Query User{11FD0FA6-61E3-435D-AD39-082E38CD28A5}C:\program files (x86)\funcom\age of conan\ageofconan.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\funcom\age of conan\ageofconan.exe (.not file.) O87 - FAEL: "UDP Query User{374093BD-70FC-4FDB-AAD7-595727A7C635}C:\program files (x86)\funcom\age of conan\ageofconan.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\funcom\age of conan\ageofconan.exe (.not file.) O87 - FAEL: "{028E5969-5828-44A3-B994-6E7D0A49609E}" |In - Private - P6 - TRUE | .(...) -- C:\SEVENCORE\Launcher.exe (.not file.) O87 - FAEL: "{E602664E-DC97-40A2-8D24-B959207C141C}" |In - Private - P17 - TRUE | .(...) -- C:\SEVENCORE\Launcher.exe (.not file.) O87 - FAEL: "{0DE9E749-9283-4F46-B236-016C6EBF6BC4}" |In - Private - P6 - TRUE | .(...) -- C:\SEVENCORE\SEVENCORE.exe (.not file.) O87 - FAEL: "{F55A4EE0-43DE-4C74-A24C-0883DED6E858}" |In - Private - P17 - TRUE | .(...) -- C:\SEVENCORE\SEVENCORE.exe (.not file.) O87 - FAEL: "TCP Query User{FF421B88-079D-46D1-BB8C-2E48A56E536E}C:\users\franz\appdata\local\akamai etsession_win.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\franz\appdata\local\akamai etsession_win.exe (.not file.) O87 - FAEL: "UDP Query User{C7DA8828-A1BA-48EC-89E0-F85BBC53E657}C:\users\franz\appdata\local\akamai etsession_win.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\franz\appdata\local\akamai etsession_win.exe (.not file.) O87 - FAEL: "TCP Query User{C201BD45-5C85-4153-9014-E2EBE0D8E3B5}C:\users\franz\appdata\local\akamai etsession_win.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\franz\appdata\local\akamai etsession_win.exe (.not file.) O87 - FAEL: "UDP Query User{838F46CC-5702-45EE-8432-050E68A98AA9}C:\users\franz\appdata\local\akamai etsession_win.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\franz\appdata\local\akamai etsession_win.exe (.not file.) O87 - FAEL: "TCP Query User{E8B8C03A-D566-4CED-B6FC-972A4F06F2F3}C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe (.not file.) O87 - FAEL: "UDP Query User{584B66C2-2301-4519-B51F-1D2C1AE4DC46}C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe (.not file.) ~ Firewall: 260 Legitimates Filtered in 00mn 00s ---\ Windows Installer Scan (WIS) (O93) (NTFS) [MD5.51E091336BEEEDAF9EE41B8BDC3C9555] [WIS][2011/07/11] (.?????? ?????? - Windows Live Mail setup package.) -- C:\Windows\Installer\140fc6.msi [6745088] ~ WIS: 454 Legitimates Filtered in 00mn 29s ---\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 2014/02/05 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 2014/02/14 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Disabled 2010/05/04 503080 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe SS - | Demand 1658/07/10 0 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des SR - | Auto 2013/12/18 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 2012/12/19 240640 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 2014/01/23 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 2011/05/30 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe SR - | Auto 2010/11/05 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 2011/04/22 244624 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe SR - | Auto 2010/12/20 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 2013/04/16 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader ndlresolversvc.exe SR - | Auto 2010/12/20 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Auto 2009/07/14 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 1658/07/10 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 2009/07/14 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 30s ---\ Search Master Boot Record Infection (MBR)(O80) Run by Franz at 2014/02/17 12:54:49 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Franz at 2014/02/17 12:54:51 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\ List of CD/DVD Emulators (MBR Hook) O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 1601/01/02 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [871408] ~ Emulateurs: Scanned in 00mn 02s ---\ Scan Additionnel (O88) Database Version : 13031 - (2014/02/14) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 ~ Additionnel Scan: 308084 Items scanned in 00mn 15s ---\ Summary of the detections found on your workstation ~ MSI: 0 link(s) detected in 00mn 15s ~ 1780 Legitimates filtered by white list End of the scan (511 lines in 01mn 28s)(0)

lilidurhone · Answer

Je parlais pour Mbam

dispride · Answer

Voici le rapport mbam, que je peux ouvrir cette fois-ci, et il a l'air clean : 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Version de la base de données: v2014.02.16.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Franz :: PANDEMONIUM [administrateur]

2014/02/17 14:13:17
mbam-log-2014-02-17 (14-13-17).txt

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 442024
Temps écoulé: 55 minute(s), 34 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)

lilidurhone · Answer

Re

J'aimerai que tu vérifie ce fichier
 O43 - CFD: 2014/02/16 - 20:36:28 - [1.931] --H-D C:\ProgramData\NTKernel 
Sur virustotal

Procédure préliminaire : Afficher les fichiers/dossiers cachés

Dans l'explorateur, sous XP -> Menu -> Outils -> Options des dossiers -> onglet Affichage
Dans l'explorateur, sous Vista/7 -> Organiser -> Options des dossiers et de recherche -> onglet Affichage

1 - Cocher Afficher les fichiers et dossiers cachés
2 - Décocher Masquer les extensions des fichiers dont le type est connu
3 - Décocher Masquer les fichiers protégés du système d'exploitation
4 - Valider par Appliquer

Ne pas oublier de recocher ou décocher les options modifiées après l'analyse sur VirusTotal

Ouvrir la page VirusTotal https://www.virustotal.com/gui/

1 - Cliquer sur Choose File pour chercher le fichier à analyser
2 - Sélectionner le fichier à analyser
3 - Cliquer sur Scan it!
4 - Patienter le temps de l'envoi
5 - Souvent le fichier a déjà été analysé, si c'est le cas, cliquer sur Reanalyse
6 - Patienter le temps de l'analyse.
Le résultat s'affiche et indique le nombre de détections (Detection ratio)

7 - Copier-coller l'url affichée dans la barre d'adresse, si l'analyse a été demandée sur un forum de désinfection.

dispride · Answer

NTKernel est un dossier, pas un fichier. Il contient uniquement le fichier load32 (à noter qu'il ne semble pas être un exécutable, et que le le fichier qui me posait problème était load32.exe).

Analyse de load32 sur virustotal.fr : 0/50 detection ratio 

https://www.virustotal.com/gui/file/9244b2a4dc0ad7831465323b4653c8b7749810e0a3bd531838b2aba1edc7133d

dispride · Answer

OK, rectification : il n'y a pas 1, mais 3 fichiers dans le dossier. les deux autres sont en effet infectés : 

nt32.exe avec 5/48 detection ration (https://www.virustotal.com/gui/file/6b40fe1b308c480e803b97aa7fed4c6bb92cba429f86852d92fe36878a6b04ff

et run32.exe avec 7/50 detection ration (https://www.virustotal.com/gui/file/6b40fe1b308c480e803b97aa7fed4c6bb92cba429f86852d92fe36878a6b04ff

lilidurhone · Answer

Avant de passer au script fais ceci

=> https://forums.commentcamarche.net/forum/affich-29716112-je-n-arrive-pas-a-supprimer-un-trojan-virus-nt32-exe-et-load32?page=2#32

Attention script personnalisé à ne pas reproduire sur un autre ordinateur risque de plantage !   

* Désactive le temps du nettoyage avast(clic droit sur la boule bleue>gestion des agents>désactiver pour 10 minutes)

* Copies uniquement les lignes indiquées en gras ci-dessous dans le presse papier soit le bloc note(tu surlignes avec la souris puis clic droit copier de Script ZHPFix jusqu'à la fin soit sysrestore)

Script ZHPFix
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified 
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Scan (f)] (...) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [{1BCA10CF-C513-4A5D-A95A-7465A3700D86}] (...) -- H:\setup.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [{3208443D-67BB-4D38-9E78-736366884357}] (...) -- H:\setup.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [{3540FB12-4DFA-48E8-A2D7-D58696BA63ED}] (...) -- H:\INSTALL.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [{3FE881BE-0323-420A-AF17-76D278532058}] (...) -- H:\OriginInstaller.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [{568FA138-B185-4A77-9894-BCECBA114440}] (...) -- C:\Program Files (x86)\Revolution\REVOUNIN.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [{5ECF279A-2BB2-4E18-81CF-2A5140281EF1}] (...) -- H:
call2t.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [{8FDC5332-5A41-4A1A-A0AE-3FAA98865EB8}] (...) -- H:\Installer.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [{98F394D1-0BFC-47F7-B17B-A48803FCE144}] (...) -- C:\hen\?????U???Y???A\UnInst.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [{A8E1BACE-B5CD-48CF-B45F-569E21FD797A}] (...) -- C:\Program Files (x86)\InstallShield Installation Information\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}\Setup.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [{C2F9E6DB-E018-4BFB-AC05-671D2D30BF43}] (...) -- H:\INNAIVTT.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [{C7242DB8-1C10-4A02-8424-0C39057E0974}] (...) -- H:\setup.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [{F12637D0-941F-4228-9C7C-5620149E056F}] (...) -- H:\setup.exe (.not file.) [0] 
[MD5.00000000000000000000000000000000] [APT] [{F9355B98-75ED-4F9A-A025-EBC4115E03B6}] (...) -- H:\setup.exe (.not file.) [0] O51 - MPSK:{9f6271bc-cd0c-11e1-93e1-c89cdcd1a678}\AutoRun\command. (...) -- H:\autorun.exe (.not file.) 
O43 - CFD: 2014/02/16 - 20:36:28 - [1.931] --H-D C:\ProgramData\NTKernel 
O61 - LFC: 2014/02/16 - 12:54:03 ---A- . (...) -- C:\Users\Franz\AppData\Roaming\LavasoftStatistics\adaware.xml [825] 
O87 - FAEL: "TCP Query User{8BC905EE-E9AE-4FA3-A3DB-03D4D34FA3AC}C:\program files (x86)	ixati	ixati.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)	ixati	ixati.exe (.not file.) 
O87 - FAEL: "UDP Query User{F8FF4C54-244C-4025-B191-8EED1CDEE035}C:\program files (x86)	ixati	ixati.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)	ixati	ixati.exe (.not file.) 
O87 - FAEL: "TCP Query User{DEB084E3-EAC9-4891-ADD5-FB5CDBAA989A}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\funcom\age of conan\conanpatcher.exe (.not file.) 
O87 - FAEL: "UDP Query User{0834CF0B-0F59-4277-8737-8FD3F22E015D}C:\program files (x86)\funcom\age of conan\conanpatcher.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\funcom\age of conan\conanpatcher.exe (.not file.) 
O87 - FAEL: "TCP Query User{11FD0FA6-61E3-435D-AD39-082E38CD28A5}C:\program files (x86)\funcom\age of conan\ageofconan.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\funcom\age of conan\ageofconan.exe (.not file.) 
O87 - FAEL: "UDP Query User{374093BD-70FC-4FDB-AAD7-595727A7C635}C:\program files (x86)\funcom\age of conan\ageofconan.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\funcom\age of conan\ageofconan.exe (.not file.) 
O87 - FAEL: "{028E5969-5828-44A3-B994-6E7D0A49609E}" |In - Private - P6 - TRUE | .(...) -- C:\SEVENCORE\Launcher.exe (.not file.) 
O87 - FAEL: "{E602664E-DC97-40A2-8D24-B959207C141C}" |In - Private - P17 - TRUE | .(...) -- C:\SEVENCORE\Launcher.exe (.not file.) 
O87 - FAEL: "{0DE9E749-9283-4F46-B236-016C6EBF6BC4}" |In - Private - P6 - TRUE | .(...) -- C:\SEVENCORE\SEVENCORE.exe (.not file.) 
O87 - FAEL: "{F55A4EE0-43DE-4C74-A24C-0883DED6E858}" |In - Private - P17 - TRUE | .(...) -- C:\SEVENCORE\SEVENCORE.exe (.not file.) 
O87 - FAEL: "TCP Query User{FF421B88-079D-46D1-BB8C-2E48A56E536E}C:\users\franz\appdata\local\akamai
etsession_win.exe" |In - Private - P6 - TRUE | .(...) -- C:\users\franz\appdata\local\akamai
etsession_win.exe (.not file.) 
O87 - FAEL: "UDP Query User{C7DA8828-A1BA-48EC-89E0-F85BBC53E657}C:\users\franz\appdata\local\akamai
etsession_win.exe" |In - Private - P17 - TRUE | .(...) -- C:\users\franz\appdata\local\akamai
etsession_win.exe (.not file.) 
O87 - FAEL: "TCP Query User{C201BD45-5C85-4153-9014-E2EBE0D8E3B5}C:\users\franz\appdata\local\akamai
etsession_win.exe" |In - Public - P6 - TRUE | .(...) -- C:\users\franz\appdata\local\akamai
etsession_win.exe (.not file.) 
O87 - FAEL: "UDP Query User{838F46CC-5702-45EE-8432-050E68A98AA9}C:\users\franz\appdata\local\akamai
etsession_win.exe" |In - Public - P17 - TRUE | .(...) -- C:\users\franz\appdata\local\akamai
etsession_win.exe (.not file.) 
O87 - FAEL: "TCP Query User{E8B8C03A-D566-4CED-B6FC-972A4F06F2F3}C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe" |In - Private - P6 - TRUE | .(...) -- C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe (.not file.) 
O87 - FAEL: "UDP Query User{584B66C2-2301-4519-B51F-1D2C1AE4DC46}C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe" |In - Private - P17 - TRUE | .(...) -- C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe (.not file.)
Sysrestore 


* Lance ZHPFix (icône seringue)en tant qu'administrateur(si tu es sous Vista/7/8)sinon double clique sur l'icône en forme de seringue  puis clique sur OK pour continuer.

* Cliques sur importer(Dans certains cas le script se colle automatiquement dans la zone de script et ne nécessite pas de cliquer sur le bouton "IMPORTER".)

* Si tu ne vois pas les lignes clic droit dans l'encadré puis coller

* Clique sur le bouton GO pour lancer le nettoyage, et laisse l'outil travailler.

* Zhpfix te proposera de vider la corbeille si tu le souhaites cliques sur oui si tu ne le souhaites pas cliques sur non

* Redémarre le PC et poste le rapport C:\ZHP\ZHPFixReport.txt
 
Si problème il y a il existe toujours une solution 
~~~~~~ Cs ~~~~~~

dispride · Answer

Voici le rapport : 

Rapport de ZHPFix 2014.2.12.2 par Nicolas Coolman, Update du 12/02/2014
Fichier d'export Registre : 
Run by Franz at 2014/02/17 17:52:34
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (00mn 02s)

========== Registry values ==========
REMOVES: TCP Query User{8BC905EE-E9AE-4FA3-A3DB-03D4D34FA3AC}C:\program files (x86)	ixati	ixati.exe
REMOVES: UDP Query User{F8FF4C54-244C-4025-B191-8EED1CDEE035}C:\program files (x86)	ixati	ixati.exe
REMOVES: TCP Query User{DEB084E3-EAC9-4891-ADD5-FB5CDBAA989A}C:\program files (x86)\funcom\age of conan\conanpatcher.exe
REMOVES: UDP Query User{0834CF0B-0F59-4277-8737-8FD3F22E015D}C:\program files (x86)\funcom\age of conan\conanpatcher.exe
REMOVES: TCP Query User{11FD0FA6-61E3-435D-AD39-082E38CD28A5}C:\program files (x86)\funcom\age of conan\ageofconan.exe
REMOVES: UDP Query User{374093BD-70FC-4FDB-AAD7-595727A7C635}C:\program files (x86)\funcom\age of conan\ageofconan.exe
REMOVES: {028E5969-5828-44A3-B994-6E7D0A49609E}
REMOVES: {E602664E-DC97-40A2-8D24-B959207C141C}
REMOVES: {0DE9E749-9283-4F46-B236-016C6EBF6BC4}
REMOVES: {F55A4EE0-43DE-4C74-A24C-0883DED6E858}
REMOVES: TCP Query User{FF421B88-079D-46D1-BB8C-2E48A56E536E}C:\users\franz\appdata\local\akamai
etsession_win.exe
REMOVES: UDP Query User{C7DA8828-A1BA-48EC-89E0-F85BBC53E657}C:\users\franz\appdata\local\akamai
etsession_win.exe
REMOVES: TCP Query User{C201BD45-5C85-4153-9014-E2EBE0D8E3B5}C:\users\franz\appdata\local\akamai
etsession_win.exe
REMOVES: UDP Query User{838F46CC-5702-45EE-8432-050E68A98AA9}C:\users\franz\appdata\local\akamai
etsession_win.exe
REMOVES: TCP Query User{E8B8C03A-D566-4CED-B6FC-972A4F06F2F3}C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe
REMOVES: UDP Query User{584B66C2-2301-4519-B51F-1D2C1AE4DC46}C:\program files (x86)\cryptic studios\star trek online\live\gameclient.exe

========== Files ==========
REMOVES: c:\users\franz\appdataoaming\lavasoftstatistics\adaware.xml

========== Scheduled task ==========
REMOVES: Ad-Aware Update (Weekly)
REMOVES: {1BCA10CF-C513-4A5D-A95A-7465A3700D86}
REMOVES: {3208443D-67BB-4D38-9E78-736366884357}
REMOVES: {3540FB12-4DFA-48E8-A2D7-D58696BA63ED}
REMOVES: {3FE881BE-0323-420A-AF17-76D278532058}
REMOVES: {568FA138-B185-4A77-9894-BCECBA114440}
REMOVES: {5ECF279A-2BB2-4E18-81CF-2A5140281EF1}
REMOVES: {8FDC5332-5A41-4A1A-A0AE-3FAA98865EB8}
REMOVES: {98F394D1-0BFC-47F7-B17B-A48803FCE144}
REMOVES: {A8E1BACE-B5CD-48CF-B45F-569E21FD797A}
REMOVES: {C2F9E6DB-E018-4BFB-AC05-671D2D30BF43}
REMOVES: {C7242DB8-1C10-4A02-8424-0C39057E0974}
REMOVES: {F12637D0-941F-4228-9C7C-5620149E056F}
REMOVES: {F9355B98-75ED-4F9A-A025-EBC4115E03B6}

========== System restore ==========
The system successfully created restore point


========== Summary ==========
16 : Registry values
1 : Files
14 : Scheduled task
1 : System restore


End of clean in 00mn 31s

========== Path to file report ==========
C:\Users\Franz\AppData\Roaming\ZHP\ZHPFix[R1].txt - 2014/02/17 17:52:36 [3030]

lilidurhone · Answer

Refais un zhpdiag

Merci pour ta contribution :)

dispride · Answer

Si par contribution tu fais référence aux fichiers sur SOSvirus, c'est bien le moins que je puisse faire. Voici le rapport : ~ Report of ZHPDiag v2014.2.14.14 - Nicolas Coolman (2014/02/14) ~ Launched by Franz (2014/02/17 18:08:32) ~ Web site address : https://nicolascoolman.webs.com/ ~ Free support forums for disinfection : https://nicolascoolman.webs.com/ ~ Translated by ~ Version State : ~ White List : Activate by program ~ Elevation of privilege : OK ~ User Account Control : Activate by user ---\ Internet browsers MSIE: Internet Explorer v11.0.9600.16518 MFIE: Mozilla Firefox 27.0.1 (Defaut) ---\ Windows product information ~ Langage: Anglais Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK ~ Windows Partial Key : 7QJB7 Windows License : OK ~ Windows Remaining Initializations Number : 2 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\ System protection software avast! Free Antivirus v9.0.2013 Malwarebytes Anti-Malware version 1.75.0.1300 Windows Defender W7 ---\ System optimization software CCleaner v2.29 =>Piriform Ltd ---\ Sharing software PeerToPeer µTorrent v3.3.0.29544 =>P2P.µTorrent ---\ Surveillance software Adobe Flash Player 12 Plugin Adobe Reader X Java 7 Update 51 ---\ Information on the system ~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 4078.0 MB (63% free) System Restore: Activé (Enable) System drive C: has 743 GB (80%) free of 922 GB ---\ Connection to the system mode ~ Computer Name: PANDEMONIUM ~ User Name: Franz ~ All Users Names: HomeGroupUser$, Franz, ASPNET, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\ Environment variables ~ System Unit : C:\ ~ %AppZHP% : C:\Users\Franz\AppData\Roaming\ZHP\ ~ %AppData% : C:\Users\Franz\AppData\Roaming\ ~ %Desktop% : C:\Users\Franz\Desktop\ ~ %Favorites% : C:\Users\Franz\Favorites\ ~ %LocalAppData% : C:\Users\Franz\AppData\Local\ ~ %StartMenu% : C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\ Enumeration of the disk units C: Hard drive, Flash drive, Thumb drive (Free 743 Go of 922 Go) D: Hard drive, Flash drive, Thumb drive (Free 757 Go of 922 Go) E: CD-ROM drive (Not Inserted) F: Floppy drive, Flash card reader, USB Key (Not Inserted) G: Floppy drive, Flash card reader, USB Key (Not Inserted) H: CD-ROM drive (Not Inserted) ---\ State of the Windows Security Center ~ Security Center: 37 Legitimates Filtered in 00mn 00s ---\ Search Generic System Files [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.2011/02/25 - 7:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.2009/07/14 - 2:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.263B6E451526A90FF8B1CEC759F22956] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.2014/02/06 - 10:24:52.) -- C:\Windows\System32\wininet.dll [2334208] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.2010/11/21 - 4:24:29.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.2010/11/21 - 4:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.2013/09/28 - 2:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.2009/07/14 - 2:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.2009/07/14 - 0:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.2010/11/21 - 4:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.2010/11/21 - 4:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.2010/11/21 - 4:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.2009/07/14 - 0:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.2009/07/14 - 1:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.2011/04/27 - 3:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.2010/11/21 - 4:23:51.) -- C:\Windows\system32\Drivers etBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.2013/04/12 - 15:45:08.) -- C:\Windows\system32\Drivers tfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.2009/07/14 - 1:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.2010/11/21 - 4:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.2009/07/14 - 1:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.2010/11/21 - 4:24:32.) -- C:\Windows\system32\Drivers dx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.2010/11/21 - 4:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 1/2 ~ Mes Favoris (My Favorites) : 1/18 ~ Mes Documents (My Documents) : 1/1929 ~ Mon Bureau (My Desktop) : 1/106 ~ Menu demarrer (Programs) : 1/46 ~ Hidden Files: Scanned in 00mn 00s ---\ Process running [MD5.225518F190EDBC37CA32197A3E94B498] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update ealsched.exe [295512] [PID.3136] [MD5.FB1A303207C1124C2B61A50E5A32AC21] - (.No owner - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968] [PID.3180] [MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3208] [MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096] [PID.3216] [MD5.D9184C5FF3FD526761D518A95ABA74A3] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.4312] [MD5.B5C774CFA944AF3E9A42B592B476F570] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8337920] [PID.2532] [MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1404] [MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1800] [MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456] [PID.1908] [MD5.B705C7097F9A0EC941D02DCE7C7D426C] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624] [PID.1984] [MD5.B2D01290C0E0465ACA54C2088E947823] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader ndlresolversvc.exe [39056] [PID.1196] [MD5.8FFF9083252C16FE3960173722605E9E] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.840] [MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.2516] [MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.968] ~ Processes Running: Scanned in 00mn 00s ---\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) C:\Users\Franz\AppData\Roaming\Mozilla\Firefox\Profiles\myt7ain5.default\prefs.js ~ Firefox Browser: 19 Legitimates Filtered in 00mn 00s ---\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 02s ~ Nombre de lignes (Lines number): 15516 ---\ Internet Explorer toolbars (O3) O3 - Toolbar: avast! Online Security - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ~ Toolbar: Scanned in 00mn 00s ---\ Other User Links (O4) O4 - GS\Desktop [Public]: Dragon Age II.lnk . (.BioWare - Launcher Application.) -- C:\Program Files (x86)\dao\Dragon Age 2\DragonAge2Launcher.exe O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\Desktop [Public]: Star Wars Knights of the Old Republic II - The Sith Lords.lnk . (.Obsidian Entertainment, Inc. - Star Wars: Knights of the Old Republic II:.) -- C:\Program Files (x86)\LucasArts\SWKotOR2\swkotor2.exe O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\Program [Public]: Dragon Age 2 Mark of the Assassin Expansion.lnk - Orphan key O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\QuickLaunch [Franz]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch [Franz]: Mass Effect.lnk . (.BioWare - Launcher Application.) -- C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe O4 - GS\QuickLaunch [Franz]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent O4 - GS\TaskBar [Franz]: MPC-HC.lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files (x86)\MPC-HC\mpc-hc.exe O4 - GS\Program [Franz]: DC Universe Online Live.lnk . (...) -- C:\Users\Public\Sony Online Entertainment\Installed Games\DC Universe Online Live\LaunchPad.exe (.not file.) O4 - GS\Program [Franz]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\SystemTools [Franz]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Desktop [Franz]: Jeux - Raccourci.lnk - Orphan key O4 - GS\Desktop [Franz]: Mass Effect 2 - Raccourci.lnk - Orphan key O4 - GS\Desktop [Franz]: Mass Effect.lnk . (.BioWare - Launcher Application.) -- C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe O4 - GS\Desktop [Franz]: Mass Effect(TM) 3 - Raccourci.lnk - Orphan key O4 - GS\Desktop [Franz]: MPC-HC.lnk . (.MPC-HC Team - Media Player Classic - Home Cinema.) -- C:\Program Files (x86)\MPC-HC\mpc-hc.exe O4 - GS\Desktop [Franz]: Ordinateur - Raccourci.lnk - Orphan key O4 - GS\Desktop [Franz]: Play Dragon Age Origins.lnk . (.BioWare - Launcher Application.) -- C:\Program Files (x86)\dao\Dragon Age Origins\DAOriginsLauncher.exe O4 - GS\Desktop [Franz]: Star Wars - The Old Republic.lnk . (.BioWare - SWTOR Launcher.) -- C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe O4 - GS\Desktop [Franz]: swkotor - Raccourci.lnk . (...) -- C:\Program Files (x86)\LucasArts\SWKotOR\swkotor.exe (.not file.) O4 - GS\Desktop [Franz]: Tarobot.lnk . (...) -- C:\Program Files (x86)\Tarobot arobot.exe ~ Global Startup: 72 Legitimates Filtered in 00mn 00s ---\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe =>.Realtek Semiconductor Corp O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc O4 - HKLM\..\Wow6432Node\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Wow6432Node\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files (x86)\Real\RealPlayer\Update ealsched.exe =>.RealNetworks, Inc O4 - HKLM\..\Wow6432Node\Run: [DivXUpdate] . (.No owner - DivX Update.) -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [IsMyWinLockerReboot] . (.Microsoft Corporation - Installateur Windows®.) -- C:\Windows\System32\msiexec.exe ~ Application: Scanned in 00mn 00s ---\ Site in Trusted Zone (O15) O15 - Trusted Zone: [HKCU\...\Domains] http.aeriagames.com O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com ~ IE Zone Confiance: Scanned in 00mn 01s ---\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{E2036B6D-929C-4B58-88CF-20251397EEF0}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS1\Services\Tcpip\..\{E2036B6D-929C-4B58-88CF-20251397EEF0}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CS2\Services\Tcpip\..\{E2036B6D-929C-4B58-88CF-20251397EEF0}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 ~ Domain: Scanned in 00mn 00s ---\ Extra protocols (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\ Software installed (O42) O42 - Logiciel: Kotor Tool - (...) [HKLM][64Bits] -- Kotor Tool O42 - Logiciel: M4-78 Enhancement Project - (...) [HKLM][64Bits] -- The Sith Lords Restored Content Mod_is1 O42 - Logiciel: piaip AppLocale - (.MS.) [HKLM][64Bits] -- {394BE3D9-7F57-4638-A8D1-1D88671913B7} ~ Logic: 29 Legitimates Filtered in 00mn 00s ---\ HKCU & HKLM Software Keys [HKCU\Software\DarkNite] [HKCU\Software\MS] [HKCU\Software\MarbleStone] [HKCU\Software\dmm] [HKLM\Software\CypherTec] [HKLM\Software\Wow6432Node\"'`÷OEn] ~ Key Software: 336 Legitimates Filtered in 00mn 00s ---\ Contents of the Common Files folders (O43) O43 - CFD: 2013/04/12 - 13:50:01 - [374.812] ----D C:\Program Files (x86)\dao O43 - CFD: 2012/10/14 - 16:14:23 - [0] ----D C:\Program Files (x86)\Pando Networks O43 - CFD: 2013/08/06 - 11:50:00 - [0] ----D C:\Program Files (x86)\Common Files\WuShu_0.0.1.034 O43 - CFD: 2013/05/04 - 21:01:03 - [0] ----D C:\Users\Franz\AppData\Roaming\DMM O43 - CFD: 2013/10/13 - 1:36:41 - [0] ----D C:\Users\Franz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kotor Tool ~ Program Folder: 209 Legitimates Filtered in 00mn 01s ---\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.ADE15DDE041005A70F7909A0283B2E63] - 2014/02/08 - 10:50:41 ---A- . (...) -- C:\AlphaDiscLog.txt [291] O44 - LFC:[MD5.DC5B07F3E7456F6CDD5A4892BCF67A9A] - 2014/02/09 - 17:48:42 ---A- . (...) -- C:\bksk_execlog.txt [143005] O44 - LFC:[MD5.714A6AA2AB37724F0C08170C11677DB4] - 2014/02/11 - 13:40:39 ---A- . (...) -- C:\Windows\wininit.ini [837] O44 - LFC:[MD5.50EAD127549AD36023C83E91F606EAE5] - 2014/02/16 - 21:05:32 ---A- . (...) -- C:\UsbFix [Scan 1] PANDEMONIUM.txt [6633] ~ Files: 52 Legitimates Filtered in 00mn 20s ---\ Last files created in Windows Prefetcher (O45) O45 - LFCP:[MD5.314B75B99F81B8D1B53EF94FE3990311] - 2014/02/17 - 14:31:36 ---A- - C:\Windows\Prefetch\I_VIEW32.EXE-EAB42E7D.pf O45 - LFCP:[MD5.D291B11DD6597B8DE9F3A92E69649A7B] - 2014/02/17 - 15:10:18 ---A- - C:\Windows\Prefetch\TAROBOT.EXE-19C1703C.pf O45 - LFCP:[MD5.77C912E12D0D9780F7C60FD926B0C822] - 2014/02/17 - 15:47:34 ---A- - C:\Windows\Prefetch\INSTUP.EXE-DCA24DB4.pf ~ Prefetcher: 101 Legitimates Filtered in 00mn 00s ---\ MountPoints2 Shell Key (MPKS) (O51) O51 - MPSK:{9f6271bc-cd0c-11e1-93e1-c89cdcd1a678}\AutoRun\command. (...) -- H:\autorun.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.C04F7B373881009D7994D9BF55D24AB4] - 2013/11/26 - 20:47:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] O58 - SDL:[MD5.90399625F341AB76BA4B85A5E860EB1F] - 2014/01/01 - 21:02:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [207904] O58 - SDL:[MD5.B4BDE3F758A34658A37DFED3D9783CD8] - 2012/08/06 - 7:43:11 ---A- . (...) -- C:\Windows\System32\Drivers\atksgt.sys [88480] O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 2009/07/14 - 2:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496] O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 2009/06/10 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232] O58 - SDL:[MD5.955982BF4421B77722196552B62E8DC2] - 2012/08/06 - 7:43:09 ---A- . (...) -- C:\Windows\System32\Drivers\lirsgt.sys [46400] O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 1601/01/02 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [871408] O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 2009/07/14 - 2:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656] ~ Drivers: 16 Legitimates Filtered in 00mn 00s ---\ Last modified or created user files (O61) O61 - LFC: 2014/02/14 - 18:09:11 ---A- . (...) -- C:\Users\Franz\AppData\Local\Mozilla\updates\E7CF176E110C211B\active-update.xml [57] O61 - LFC: 2014/02/14 - 18:09:11 ---A- . (...) -- C:\Users\Franz\AppData\Local\Mozilla\updates\E7CF176E110C211B\updates.xml [14990] O61 - LFC: 2014/02/16 - 18:09:11 ---A- . (...) -- C:\Users\Franz\AppData\Local\SWTOR\CrashDump\swtor\CRASH.dmp [151757] O61 - LFC: 2014/02/16 - 18:09:11 ---A- . (...) -- C:\Users\Franz\AppData\Local\SWTOR\CrashDump\swtor\CRASH.json [1894] O61 - LFC: 2014/02/16 - 18:09:12 ---A- . (...) -- C:\Users\Franz\AppData\Local\Turbine\PatchClient_2014-2-16_1.log.old [1048633] O61 - LFC: 2014/02/16 - 18:09:38 ---A- . (...) -- C:\Users\Franz\Documents\ZHPDiag.txt [40333] =>.Nicolas Coolman O61 - LFC: 2014/02/16 - 18:09:38 ---A- . (...) -- C:\Users\Franz\Documents\cc_20140216_145218.reg [18374] O61 - LFC: 2014/02/17 - 18:09:13 ---A- . (...) -- C:\Users\Franz\AppData\Roaming\Media Player Classic\default.mpcpl [98] O61 - LFC: 2014/02/17 - 18:09:13 ---A- . (...) -- C:\Users\Franz\AppData\Roaming\Microsoft\MMC askschd [145557] O61 - LFC: 2014/02/17 - 18:09:23 ---A- . (...) -- C:\Users\Franz\AppData\Roaming\ZHP\Log.txt [137840] =>.Nicolas Coolman O61 - LFC: 2014/02/17 - 18:09:23 ---A- . (...) -- C:\Users\Franz\AppData\Roaming\ZHP\TestsZHPDiag.txt [2852] =>.Nicolas Coolman O61 - LFC: 2014/02/17 - 18:09:23 ---A- . (...) -- C:\Users\Franz\AppData\Roaming\ZHP\ZHPADSReport.txt [351] =>.Nicolas Coolman O61 - LFC: 2014/02/17 - 18:09:23 ---A- . (...) -- C:\Users\Franz\AppData\Roaming\ZHP\ZHPDiag.txt [37712] =>.Nicolas Coolman O61 - LFC: 2014/02/17 - 18:09:23 ---A- . (...) -- C:\Users\Franz\AppData\Roaming\ZHP\ZHPExportRegistry-2014-02-17-17-52-36.txt [3209720] =>.Nicolas Coolman O61 - LFC: 2014/02/17 - 18:09:23 ---A- . (...) -- C:\Users\Franz\AppData\Roaming\ZHP\ZHPFixQuarantine.txt [209] =>.Nicolas Coolman O61 - LFC: 2014/02/17 - 18:09:23 ---A- . (...) -- C:\Users\Franz\AppData\Roaming\ZHP\ZHPFix[R1].txt [3110] =>.Nicolas Coolman O61 - LFC: 2014/02/17 - 18:09:23 ---A- . (...) -- C:\Users\Franz\Documents\back.txt [7646] ~ 9 Fichiers temporaires (Temporary files) ~ Files: 71 Legitimates Filtered in 00mn 30s ---\ List all tools cleaner (LATC) (O63) O63 - Logiciel: UsbFix - (.El Desaparecido - www.usbfix.net - www.sosvirus.net.) [HKLM] -- Usbfix O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\ Search Particular Root Folder (SPRF) (O84) [MD5.D89B5D0769D1BEEA2F622C61F2401E95] [SPRF][2010/11/11] (.Freebyte.com - HJSplit.) -- C:\Users\Franz\Desktop\hjsplit.exe [201728] ~ Files: 1 Legitimates Filtered in 00mn 00s ---\ Windows Installer Scan (WIS) (O93) (NTFS) [MD5.51E091336BEEEDAF9EE41B8BDC3C9555] [WIS][2011/07/11] (.?????? ?????? - Windows Live Mail setup package.) -- C:\Windows\Installer\140fc6.msi [6745088] ~ WIS: 454 Legitimates Filtered in 00mn 15s ---\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 2014/02/05 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SS - | Demand 2014/02/14 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Disabled 2010/05/04 503080 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe SS - | Demand 1658/07/10 0 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\Windows\system32\GameMon.des SR - | Auto 2013/12/18 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SR - | Auto 2012/12/19 240640 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 2014/01/23 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 2011/05/30 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe SR - | Auto 2010/11/05 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe SR - | Auto 2011/04/22 244624 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe SR - | Auto 2010/12/20 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe SR - | Auto 2013/04/16 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader ndlresolversvc.exe SR - | Auto 2010/12/20 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe SR - | Auto 2009/07/14 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 1658/07/10 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation SR - | Auto 2009/07/14 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 17s ---\ Search Master Boot Record Infection (MBR)(O80) Run by Franz at 2014/02/17 18:10:10 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Franz at 2014/02/17 18:10:12 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\ List of CD/DVD Emulators (MBR Hook) O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 1601/01/02 - 23:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [871408] ~ Emulateurs: Scanned in 00mn 02s ---\ Scan Additionnel (O88) Database Version : 13031 - (2014/02/14) Clés trouvées (Keys found) : 0 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 ~ Additionnel Scan: 308229 Items scanned in 00mn 15s ---\ Summary of the detections found on your workstation ~ MSI: 0 link(s) detected in 00mn 15s ~ 1756 Legitimates filtered by white list End of the scan (458 lines in 01mn 55s)(0)

lilidurhone · Answer

:)

Change tout tes mots de passe ils ont été pompé

Tu as eu un RAT(qui est un voleur de mot de passe!)

Mets adobe reader à jour 

Si plus de souci on passe au final

dispride · Answer

Considérant que les seuls mots de passe enregistrés sur mon ordi sont mes messageries et des sites de recherche d'emploi, j'ai pas grand chose à changer.

J'ai mis Adobe reader à jour( mais Firefox continue à me dire que le plugin n'est pas à jour).

Je suis prêt pour le final, avec une question bonus : maintenant que j'ai viré spybot et adaware; par quoi je dois les remplacer pour la protection résidente ? Ou est-ce qu'Avast suffit ?

lilidurhone · Answer

Hello

Patientes un peu 

On va sécuriser tes navigateurs

dispride · Answer

Le seul navigateur que j'utilise est firefox, et il a déjà Adblock Plus et NoScript en permanence... Ce n'est pas assez sécurisé ?

lilidurhone · Answer

Si si c'est suffisant tu rajouteras WOT :)

 1)Désinstallation des outils de désinfection
Télécharges Delfix ici https://www.commentcamarche.net/telecharger/securite/7111-delfix/

Exécutes le en tant qu'administrateur(si tu es sous xp double clic sur le fichier téléchargé) puis une fois sur l'interface coches les cases suivantes


-supprimer les outils de désinfections
-purger la restauration du système

Cliques ensuite sur Exécuter puis patientes pendant le processus de suppression.

Le rapport sera enregistré dans le presse-papier et sur le disque dur (C:\DelFix.txt).
Poste le rapport

2)N'oublies pas de mettre à jour java adobe reader et flashplayer pour IE (chrome l'intègre déjà)
Un lien utile à lire https://www.commentcamarche.net/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite
N'oublies pas aussi de maintenir Windows à jour via Windows update 
https://www.java.com/fr/download/manual.jsp



3)Pour permettre de mettre à jour tes logiciels je te conseille d'utiliser Filehippo update checker

Tu peux le télécharger ici https://www.commentcamarche.net/telecharger/utilitaires/9771-filehippo-app-manager/

Pour l'installation de filehippo décoches seulement mettre l'icône dans la barre de lancement rapide 



4)Pour nettoyer les fichiers temporaires (attention pas de nettoyage registre ) tu peux utiliser Ccleaner avec tuto pour bien le configurer (https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
Lien du téléchargement https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
Tu peux aussi utiliser le nettoyeur de disque windows
N'oublies pas de défragmenter de temps en temps ton disque dur soit par le biais de l'utilitaire soit par le biais d'un logiciel tiers comme par exemple Deffagler ou auslogic Disk Defrag

Oublies les genres de nettoyeurs comme Tuneup ,Glary et autre nettoyeurs miracles ils ne te feront que ralentir ta machine et nettoyer plus blanc que blanc peut provoquer de graves dysfonctionnements



5)Sécurise tes navigateurs par exemple avec WOT et simple adblock pour Internet explorer
Pour télécharger WOT pour ie c'est par ici https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
https://adblockplus.org/
Pour chrome(si tu possèdes Chrome)

Wot disponible ici https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp?hl=fr

Adblock disponible ici https://www.commentcamarche.net/telecharger/web-internet/2555-adblock-plus-pour-chrome/

Lien du téléchargement pour wot sur firefox
https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/

Lien pour télécharger adblock +

https://addons.mozilla.org/fr/firefox/addon/adblock-plus/?src=ss


6)Fais attention à ce que tu télécharges où et comment 
Evites si possible de télécharger sur O1net,tom's guide,télécharger.com et Softonic et compagnie car ils repackent les logiciels avec des programmes potientellement indésirables
A lire
http://www.stoppublicites.fr/
https://www.malekal.com/adwares-pup-protection/

7)Pourquoi faut-il éviter de télécharger sur du p2p

Les risques sont gros la machine risque de devenir un pc zombie
Un peu de lecture concernant les dangers et le risque
https://forum.malekal.com/viewtopic.php?t=3208&start=
https://forum.malekal.com/viewtopic.php?t=893&start=

dispride · Answer

1) fait ! voici le rapport : 

# DelFix v10.6 - Rapport cree le 17/02/2014 a 19:19:17
# Mis a jour le 11/11/2013 par Xplode
# Nom d'utilisateur : Franz - PANDEMONIUM
# Systeme d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Suppression des outils de desinfection ...

Supprime : C:\USBFix
Supprime : C:\AdwCleaner
Supprime : C:\Users\Franz\AppData\Roaming\ZHP
Supprime : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Supprime : C:\Program Files (x86)\ZHPDiag
Supprime : C:\PhysicalDisk0_MBR.bin
Supprime : C:\UsbFix [Scan 1] PANDEMONIUM.txt
Supprime : C:\Users\Franz\Desktop\ZHPDiag.txt
Supprime : C:\Users\Franz\Desktop\ZHPFixReport.txt
Supprimee : HKCU\Software\USBFix
Supprimee : HKLM\SOFTWARE\AdwCleaner
Supprimee : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USBFix
Supprimee : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Purge de la restauration systeme ...

Supprime : RP #341 [Operation de restauration | 02/16/2014 14:25:44]
Supprime : RP #342 [AA11 | 02/16/2014 19:19:28]
Supprime : RP #343 [ZHPFix Restore System Point | 02/17/2014 16:52:12]

Nouveau point de restauration cree !

########## - EOF - ##########

2)Je n'ai pas Chrome, et n'utilise jamais IE.

3)Avast a un outil de suivi de mise à jour des logiciels.

4) J'utilise déjà CCleaner, mais je n'ai pas contre jamais défragmenté mon disque... j'essaierai cette semaine avec l'utilitaire Windows.

5)J'ai ajouté WOT sur firefox, et j'ai déjà Adblock.

6) et 7) Je faisais déjà attention... mais clairement pas assez. Merci pour les guides.

lilidurhone · Answer

Ah j'oubliais ce petit utilitaire complémentaire à CCleaner :)

* Télécharge http://www.archive-host.com SFTGC.exe 
(de Pierre13) sur ton Bureau. 

*  Lance SFTGC, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista 

* Clique sur GO 
image http://img11.hostingpics.net/pics/122370401.png 

* Note : A la fin un rapport va s'ouvrir 

* Une fois le scan terminé rends toi sur le bureau, le fichier SFT.txt à été créé. 

*  Héberge le rapport sur https://www.cjoint.com/ ==> Copie/colle la totalité du rapport SFT.txt dans ta prochaine réponse.

dispride · Answer

j'ai essayé deux fois de poster le rapport, et mon message disparait dès que je quitte la page.

Voilà le lien sur cjoint : http://cjoint.com/data3/3BrvggDw1Tm.htm

lilidurhone · Answer

Plus de souci?

Tu peux passer en résolu

dispride · Answer

Au revoir et merci beaucoup pour tout le travail.

Je n'arrive pas à supprimer un trojan/virus (nt32.exe et load32)

44 réponses

Discussions similaires

Newsletters