~ Rapport de ZHPDiag v2013.9.21.37 - Nicolas Coolman (21/09/2013) ~ Lancé par Lolo (21/09/2013 20:38:25) ~ Adresse du Site Web http://nicolascoolman.webs.com ~ Traduit par Nicolas Coolman ~ Etat de la version : ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by user ---\\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.16521 MFIE: Mozilla Firefox 17.0.1 (Defaut) ---\\ Informations sur les produits Windows ~ Langage: Français Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK Software Protection Service (Protection logicielle) : KO Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ Logiciels de protection du système Avira Free Antivirus v13.0.0.4052 Emsisoft Anti-Malware Malwarebytes Anti-Malware version 1.65.1.1000 Windows Defender W7 ---\\ Logiciels d'optimisation du système CCleaner v3.23 =>Piriform Ltd ---\\ Logiciels de partage PeerToPeer µTorrent v2.2.0 =>P2P.µTorrent ---\\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Java 7 Update 9 ---\\ Informations sur le système ~ Processor: Intel64 Family 6 Model 26 Stepping 5, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 14334 MB (80% free) System Restore: Activé (Enable) System drive C: has 49 GB (35%) free of 137 GB ---\\ Mode de connexion au système ~ Computer Name: LOLO-PC ~ User Name: Lolo ~ All Users Names: UpdatusUser, Lolo, HomeGroupUser$, Administrateur, ~ Unselected Option: None Logged in as Administrator ---\\ Variables d'environnement ~ System Unit : C:\ ~ %AppData% : C:\Users\Lolo\AppData\Roaming\ ~ %Desktop% : C:\Users\Lolo\Desktop\ ~ %Favorites% : C:\Users\Lolo\Favorites\ ~ %LocalAppData% : C:\Users\Lolo\AppData\Local\ ~ %StartMenu% : C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ Enumération des unités disques C:\ Hard drive, Flash drive, Thumb drive (Free 49 Go of 137 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 34 Go of 137 Go) E:\ Hard drive, Flash drive, Thumb drive (Free 126 Go of 191 Go) F:\ CD-ROM drive (Not Inserted) G:\ Hard drive, Flash drive, Thumb drive (Free 253 Go of 559 Go) H:\ Hard drive, Flash drive, Thumb drive (Free 9 Go of 98 Go) I:\ Hard drive, Flash drive, Thumb drive (Free 389 Go of 498 Go) J:\ CD-ROM drive (Not Inserted) K:\ CD-ROM drive (Not Inserted) L:\ CD-ROM drive (Not Inserted) N:\ Floppy drive, Flash card reader, USB Key (Not Inserted) O:\ Floppy drive, Flash card reader, USB Key (Not Inserted) P:\ Floppy drive, Flash card reader, USB Key (Not Inserted) Q:\ CD-ROM drive (Not Inserted) R:\ Floppy drive, Flash card reader, USB Key (Not Inserted) ---\\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified ~ Security Center: 34 Legitimates Filtered in 00mn 00s ---\\ Recherche particulière de fichiers génériques [MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Explorateur Windows.) (.20/11/2010 - 14:24:45.) -- C:\Windows\Explorer.exe [2872320] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.69F1D418B4C4EC23033D598E4CBC6B73] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.19/09/2013 - 21:58:45.) -- C:\Windows\System32\wininet.dll [2240512] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d’ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 12:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/4452 ~ Mes musiques (My Musics) : 1/3 ~ Mes Favoris (My Favorites) : 1/25 ~ Mes Documents (My Documents) : 1/10342 ~ Mon Bureau (My Desktop) : 1/496 ~ Menu demarrer (Programs) : 1/237 ~ Hidden Files: Scanned in 00mn 21s ---\\ Processus lancés [MD5.ADAD9D784F5DBBA223B82A7D5DC1CE48] - (.Gainward Co. - EXPERTool : Display Control Panel.) -- C:\Program Files (x86)\EXPERTool\TBPANEL.exe [2181744] [PID.1100] [MD5.F40E80C04475731C6ED5D19C48E45E3C] - (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- E:\Virtual cloneDrive\VirtualCloneDrive\VCDDaemon.exe [85160] [PID.716] [MD5.F4202F68BB3B9A08822238D9017EC638] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664] [PID.4544] [MD5.B4CF3FB7E9B8EA69757541DCE6CA20ED] - (.Mozilla Corporation - Firefox.) -- E:\FIREFOX\firefox.exe [276376] [PID.4360] [MD5.72EF708552059546B1AAA82E7AA59439] - (.Mozilla Corporation - Plugin Container for Firefox.) -- E:\FIREFOX\plugin-container.exe [17304] [PID.3232] [MD5.8D4AFD5F4955A52C39C8C424FE5516D9] - (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe [1862024] [PID.1992] [MD5.94A0298B5A333CA4CF2F3C9DF9AE16AC] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7989760] [PID.2472] [MD5.8BC7DAFDEA80BBBB929D705DD5703A95] - (.Emsisoft GmbH - Emsisoft Anti-Malware Service.) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4159464] [PID.944] [MD5.5A19667A580B1CE886EAF968B9743F45] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.548] [MD5.0A1CC583E8147004E4AD4625D7FBF88C] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224] [PID.1712] [MD5.B1EA9681502EE57F87DB71D726288A5B] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1856] [MD5.C9A36EF935ACED86AEDF93E97E606911] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032] [PID.1880] [MD5.38DD20EF8455EF871651665F9B3FD9B7] - (.NCH Software - BroadCam Video Streaming Server.) -- C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe [1175556] [PID.1912] [MD5.133F82B6391F3390BECFA429C23FB2BE] - (.CrypKey (Canada) Ltd. - CrypKey License Service.) -- C:\Windows\system32\crypserv.exe [122880] [PID.1984] [MD5.EA22BCA708B37B82ADEBC822A171B92E] - (.CyberLink - CyberLink Media Server Monitor Service.) -- E:\POWER DVD 12 ULTRA v12.0.1312.54\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048] [PID.2008] [MD5.3168D2F171A64590E7A11355CAE60A1E] - (.CyberLink - CyberLink Media Server Service.) -- E:\POWER DVD 12 ULTRA v12.0.1312.54\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232] [PID.1436] [MD5.EE963D96BFD97E54BA6CE6D2AC58DE35] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.1760] [MD5.8881574868E648689B7AA88A88716E17] - (.Apache Software Foundation - Apache HTTP Server.) -- C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [24635] [PID.2040] [MD5.B1EF4686961986DFFB7FE8F18E6FCB5B] - (.Nalpeiron Ltd. - This service enables products that use the.) -- C:\Windows\SysWOW64\nlssrv32.exe [66560] [PID.1452] [MD5.3A2E85F7D90D15460C337CE80C2E3B29] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [76888] [PID.2104] [MD5.F115AF58ABE5605D7D709CBFBD83F418] - (.Pas de propriétaire - nTitles PSIService.) -- C:\Windows\SysWOW64\PSIService.exe [177704] [PID.2132] [MD5.543A4EF0923BF70D126625B034EF25AF] - (.Protexis Inc. - PsiService PsiService.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [189728] [PID.2152] [MD5.958E956E119EB7B9ABA142AFED1B5FF4] - (...) -- C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760] [PID.2176] [MD5.360959BBD4F451E1AB811F4304232766] - (.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2568120] [PID.2328] [MD5.F8217A55B4B183188F8D5B30C5022B49] - (.Pas de propriétaire - Event Service Application.) -- C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [151552] [PID.3092] [MD5.4C6406CF07D4EBB70C5774D55C6688FB] - (.CyberLink Corp. - CLHNServiceForPowerDVD12 Module.) -- E:\POWER DVD 12 ULTRA v12.0.1312.54\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336] [PID.5020] [MD5.1BBBF640BC0E0B750537BAECE8D66C18] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [641832] [PID.4612] [MD5.4789E020D2617046862D1790FC235FF6] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1260320] [PID.2240] ~ Processes Running: Scanned in 00mn 00s ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2) C:\Users\Lolo\AppData\Local\Google\Chrome\User Data\Default\Preferences G2 - GCE: Preference [User Data\Default] [dlnembnfbcpjnepmfjmngjenhhajpdfd] Web Assistant v.2.0.0.464 (Activé) =>Adware.IncrediBar G2 - GCE: Preference [User Data\Default] [jplinpmadfkdgipabgcdchbdikologlh] 1Click Downloader v.1.5 (Activé) G2 - GCE: Preference [User Data\Default] [pmlghpafmmnmmkjdhacccolfgnkiboco] OneClickDownload v.1.1, (Activé) =>PUP.OneClickDownloader ~ Google Browser: 6 Legitimates Filtered in 00mn 02s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>; R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8888;https=127.0.0.1:8888 =>Hijacker.Proxy R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 0 ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\\ Autres liens utilisateurs (O4) O4 - GS\Desktop [Public]: BookSmart.lnk . (.Blurb, Inc - BookSmart® 3.1.0 3.1.0 33329.) -- E:\BLURB\Booksmart\BookSmart\BookSmart.exe O4 - GS\Desktop [Public]: REX Essential.lnk . (.REX Game Studios - REX Essential.) -- C:\Program Files (x86)\Real Environment Xtreme Essential\rex.exe O4 - GS\Desktop [Public]: Shortcut to Plan-Gv3.lnk . (...) -- C:\Windows\Installer\{56251E2E-176C-449E-9012-2BA827EC1D65}\_A78D5359FFEB9D18395849.exe O4 - GS\Program [Public]: BroadCam Video Streaming Server.lnk . (.NCH Software - BroadCam Video Streaming Server.) -- C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe O4 - GS\Program [Public]: Debut Video Capture Software.lnk . (.NCH Software - Debut Video Capture Software.) -- C:\Program Files (x86)\NCH Software\Debut\debut.exe O4 - GS\Program [Public]: HD VDeck.lnk . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe O4 - GS\Program [Public]: Mocha for After Effects CS4.lnk . (...) -- E:\ADOBE AFTER EFFECTS CS4\Adobe After Effects CS4\Mocha\bin\Mocha For After Effects.exe (.not file.) O4 - GS\Program [Public]: Prism Video File Converter.lnk . (.NCH Software - Prism Video File Converter.) -- C:\Program Files (x86)\NCH Software\Prism\prism.exe O4 - GS\QuickLaunch [Lolo]: Aiseesoft 3D Convertisseur.lnk . (.Aiseesoft - Aiseesoft 3D Converter.) -- E:\AISEESOFT 3D CONVERTER\Aiseesoft 3D Converter\Aiseesoft 3D Converter.exe O4 - GS\QuickLaunch [Lolo]: BitTorrent.lnk . (...) -- E:\Bittorent\BitTorrent.exe (.not file.) =>P2P.BitTorrent O4 - GS\QuickLaunch [Lolo]: Emsisoft Anti-Malware.lnk . (.Emsisoft GmbH - Security Center.) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe O4 - GS\QuickLaunch [Lolo]: ProShow Producer.lnk . (.Photodex - ProShow.) -- C:\Program Files (x86)\Photodex\ProShow Producer\proshow.exe O4 - GS\QuickLaunch [Lolo]: µTorrent.lnk . (.BitTorrent, Inc. - µTorrent.) -- E:\Bittorent\utorrent\utorrent.exe =>P2P.BitTorrent O4 - GS\TaskBar [Lolo]: Aiseesoft 3D Convertisseur.lnk . (.Aiseesoft - Aiseesoft 3D Converter.) -- E:\AISEESOFT 3D CONVERTER\Aiseesoft 3D Converter\Aiseesoft 3D Converter.exe O4 - GS\TaskBar [Lolo]: Auslogics Disk Defrag.lnk . (.Auslogics - Disk Defrag.) -- E:\Auslogics Disk Defrag\Auslogics Disk Defrag\DiskDefrag.exe O4 - GS\TaskBar [Lolo]: BitTorrent-7.1 - Raccourci.lnk . (.BitTorrent, Inc. - BitTorrent.) -- E:\Bittorent\BitTorrent-7.1.exe =>P2P.BitTorrent O4 - GS\TaskBar [Lolo]: CDex.lnk . (.Albert L Faber - CDex CD-Ripper.) -- E:\CEDEX\CDex\CDex.exe O4 - GS\TaskBar [Lolo]: CPU-Z.lnk . (.CPUID - CPU-Z Application.) -- E:\Overclocking- utilitaires\CPU-Z\cpuz.exe O4 - GS\TaskBar [Lolo]: Dreamweaver - Raccourci.lnk . (.Adobe Systems, Inc. - Adobe Dreamweaver CS6.) -- E:\Adobe Dreamweaver CS 6\Adobe Dreamweaver CS6\Dreamweaver.exe O4 - GS\TaskBar [Lolo]: Emsisoft Anti-Malware.lnk . (.Emsisoft GmbH - Security Center.) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2start.exe O4 - GS\TaskBar [Lolo]: FileZilla.lnk . (.FileZilla Project - FileZilla FTP Client.) -- E:\FILEZILLA\FileZilla FTP Client\filezilla.exe O4 - GS\TaskBar [Lolo]: Google SketchUp 8.lnk . (.Google, Inc. - SketchUp Application.) -- E:\SKETCHUP\SketchUp.exe O4 - GS\TaskBar [Lolo]: Live 6.0.1 - Raccourci.lnk . (.Ableton - Pas de description.) -- H:\ABLETON LIVE 6\ABLETON 6\Live 6.0.1\Program\Live 6.0.1.exe O4 - GS\TaskBar [Lolo]: MpegJoiner - Raccourci.lnk . (.DigitByte Studio - MpegJoiner Application.) -- E:\MPEGJOINER\MpegJoiner.exe O4 - GS\TaskBar [Lolo]: openElement.lnk . (.Element Technologie - openElement.) -- E:\openElement\openElement.exe O4 - GS\TaskBar [Lolo]: Prism Video File Converter.lnk . (.NCH Software - Prism Video File Converter.) -- C:\Program Files (x86)\NCH Software\Prism\prism.exe O4 - GS\TaskBar [Lolo]: ProShow Producer.lnk . (.Photodex - ProShow.) -- C:\Program Files (x86)\Photodex\ProShow Producer\proshow.exe O4 - GS\TaskBar [Lolo]: The Eye.lnk . (.IVAO - The Eye.) -- G:\VOL EN RESAU\IVAO\ivap\The Eye\TheEye.exe O4 - GS\Desktop [Lolo]: Australian_OZx3.3_ORBX_Ant - Raccourci.lnk . (...) -- C:\Users\Lolo\Desktop\FSX -app\AUSTRALIE\Australian_OZx3.3_ORBX_Ant.kmz O4 - GS\Desktop [Lolo]: CGV - Raccourci.lnk . (...) -- E:\AUTO-ENTREPRENEUR\CGV.docx (.not file.) O4 - GS\Desktop [Lolo]: Facture Modele Pro.lnk . (...) -- C:\Program Files (x86)\FactureModelePro\FactureModelePro.exe O4 - GS\Desktop [Lolo]: Free Window Registry Repair.lnk . (...) -- E:\UTILITAIRES NETTOYAGE DESINSTALLATION\Free Window Registry Repair\Free Window Registry Repair\Regpair.exe O4 - GS\Desktop [Lolo]: FTX Central.lnk . (.Orbx Simulation Systems Pty Ltd - FTX Central.) -- G:\Flight Simulator X\ORBX\Scripts\FTXCentral\FTXCentral.exe O4 - GS\Desktop [Lolo]: FTXORBXLIBS_120825 - Raccourci.lnk . (...) -- G:\A SAUVEGARDER\scenes\library 25-08-12\FTXORBXLIBS_120825.exe (.not file.) O4 - GS\Desktop [Lolo]: FTXUSKORS115_PATCH - Raccourci.lnk . (...) -- G:\A SAUVEGARDER\scenes\FTXUSKORS115_PATCH.zip (.not file.) O4 - GS\Desktop [Lolo]: idée janv 2013.als - Raccourci.lnk . (...) -- H:\SAUVEGARDE PROJETS\idée janv 2013 Project\idée janv 2013.als O4 - GS\Desktop [Lolo]: laurentphotos85 - Raccourci.lnk . (...) -- E:\MON SITE WEB\laurentphotos85\public_html\laurentphotos85.ope O4 - GS\Desktop [Lolo]: NDB & VOR France.dat - Raccourci.lnk . (...) -- G:\A SAUVEGARDER\divers\NDB & VOR France.dat.kmz O4 - GS\Desktop [Lolo]: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.) -- E:\UTILITAIRES NETTOYAGE DESINSTALLATION\REVO UNINSTALLER\Revouninstaller.exe O4 - GS\Desktop [Lolo]: Tvix Thème Manager.lnk . (.Jérôme Boulinguez - Tvix Thème Manager.) -- E:\TVIX THEME MANAGER 3.05\TvixTM\tvixmng.exe ~ Global Startup: 123 Legitimates Filtered in 00mn 06s ---\\ Applications lancées au démarrage du sytème (O4) O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated O4 - HKCU\..\Run: [GAINWARD] . (.Gainward Co. - EXPERTool : Display Control Panel.) -- C:\Program Files (x86)\EXPERTool\TBPanel.exe O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe O4 - HKLM\..\Wow6432Node\Run: [VirtualCloneDrive] . (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) -- E:\Virtual cloneDrive\VirtualCloneDrive\VCDDaemon.exe =>.Elaborate Bytes AG O4 - HKLM\..\Wow6432Node\Run: [FaxCenterServer] . (.Pas de propriétaire - Fax Man Server.) -- C:\Program Files (x86)\Lexmark Fax Solutions\fm3032.exe O4 - HKLM\..\Wow6432Node\Run: [SwitchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Wow6432Node\Run: [AdobeCS5ServiceManager] . (.Adobe Systems Incorporated - Adobe CS5 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- E:\quicktime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-357804714-886165105-902047999-1011\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-21-357804714-886165105-902047999-1011\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation ~ Application: Scanned in 00mn 00s ---\\ Site dans la Zone de confiance d'Internet Explorer (O15) O15 - Trusted Zone: [HKCU\...\Domains] *.line6.net O15 - Trusted Zone: [HKCU\...\EscDomains] http.127.0.0.1 ~ IE Zone Confiance: Scanned in 00mn 00s ---\\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{FCCABA90-5273-4232-89C1-19BC962658DA}: DhcpNameServer = 212.27.40.241 212.27.40.240 O17 - HKLM\System\CS1\Services\Tcpip\..\{FCCABA90-5273-4232-89C1-19BC962658DA}: DhcpNameServer = 212.27.40.241 212.27.40.240 O17 - HKLM\System\CS2\Services\Tcpip\..\{FCCABA90-5273-4232-89C1-19BC962658DA}: DhcpNameServer = 212.27.40.241 212.27.40.240 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240 ~ Domain: Scanned in 00mn 00s ---\\ Protocole additionnel (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll =>.Microsoft Corporation O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation ~ Protocole Additionnel: Scanned in 00mn 00s ---\\ Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: Marvell RAID Event Agent (Marvell RAID) . (.Pas de propriétaire - Event Service Application.) - C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe O23 - Service: ScsiAccess (ScsiAccess) . (...) - C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe O23 - Service: Power Control [2012/05/21 23:20:06] ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) . (.CyberLink Corp. - Pas de description.) - E:\POWER DVD 12 ULTRA v12.0.1312.54\PowerDVD12\Common\NavFilter\000.fcl ~ Services: 23 Legitimates Filtered in 00mn 04s ---\\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [Express Files Updater] (...) -- C:\Program Files (x86)\ExpressFiles\EFupdater.exe (.not file.) [0] =>Adware.ExpressFiles [MD5.00000000000000000000000000000000] [APT] [Your File Updater] (...) -- C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe (.not file.) [0] =>PUP.YourFileDownloader [MD5.00000000000000000000000000000000] [APT] [YourFile Update] (...) -- C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe (.not file.) [0] =>PUP.YourFileDownloader [MD5.00000000000000000000000000000000] [APT] [{1D8B7DBD-014E-42E0-B33D-CC502FB90859}] (...) -- F:\SHELexeC.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{2ECCCE38-A08E-4423-988F-84F3D097FD6E}] (...) -- J:\Autorun.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{49C699CD-E04C-4197-AEA3-ED7BDD9B60D8}] (...) -- F:\driver\275.97_WinVista_Win7_64bit_WHQL\NV3DVision\3DVision_275.97.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{4B1D039F-EDA5-4E4A-8754-4690D0148FC4}] (...) -- G:\AUSTRALIE\Aerosoft scenery - Lord Howe Island X-payware2008\AS_LordHoweIslandX_V100.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{AC1C7EBC-1FCB-4E69-BB6A-BA6A49867991}] (...) -- E:\PROSHOW PRODUCER 5\remove.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{CF2791D9-4934-413A-8B7A-5BCD373F03D0}] (...) -- G:\A SAUVEGARDER\FTX NA Blue Central Rocky Mountains(NEW)\setup_CRM.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{E925A665-1E0E-429C-8B7F-3B8D5B281C36}] (...) -- N:\Install TomTom HOME.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{F845D8FC-BC0C-4215-8DE3-9D1D180B3ACB}] (...) -- F:\Setup.exe (.not file.) [0] ~ Scheduled Task: 21 Legitimates Filtered in 00mn 05s ---\\ Logiciels installés (O42) O42 - Logiciel: A2A Wings of POWER 3 Spitfire - (...) [HKLM][64Bits] -- A2A Wings of POWER 3 Spitfire O42 - Logiciel: Accu-Sim for the WoP3 Spitfire - (...) [HKLM][64Bits] -- Accu-Sim for the WoP3 Spitfire O42 - Logiciel: Airbus Series Vol.2 (FS X) - (...) [HKCU][64Bits] -- Airbus Series Vol.2 (FS X) O42 - Logiciel: Ant's De Havilland Tiger Moth Version 1.1 FSX - (.Anthony Lynch.) [HKLM][64Bits] -- {BD43E91E-5610-4E53-8350-4E475DA50118} O42 - Logiciel: Aquitaine PHOTO Vol.1 - (...) [HKLM][64Bits] -- Aquitaine PHOTO Vol.1 O42 - Logiciel: Aquitaine PHOTO Vol.2 - (...) [HKLM][64Bits] -- Aquitaine PHOTO Vol.2 O42 - Logiciel: Auvergne PHOTO - (...) [HKLM][64Bits] -- Auvergne PHOTO O42 - Logiciel: Aéroports Français FSX - (...) [HKCU][64Bits] -- Aéroports Français FSX O42 - Logiciel: Bretagne VFR FSX - (...) [HKCU][64Bits] -- Bretagne VFR FSX O42 - Logiciel: Canarias FSX Parte-1 - (...) [HKLM][64Bits] -- Canarias FSX Parte-1 O42 - Logiciel: Canarias FSX Parte-2 - (...) [HKLM][64Bits] -- Canarias FSX Parte-2 O42 - Logiciel: Canarias FSX Parte-3 - (...) [HKLM][64Bits] -- Canarias FSX Parte-3 O42 - Logiciel: Canarias FSX Parte-4 - (...) [HKLM][64Bits] -- Canarias FSX Parte-4 O42 - Logiciel: ConcordeX for FSX - (.FlightSimLabs, Ltd..) [HKLM][64Bits] -- ConcordeX for FSX_is1 O42 - Logiciel: Corse PHOTO (part 1/3) - (...) [HKLM][64Bits] -- Corse PHOTO (part 1/3) O42 - Logiciel: Discover Arabia - (...) [HKLM][64Bits] -- Discover Arabia O42 - Logiciel: DodoSim Bell 206 FSX - (...) [HKCU][64Bits] -- DodoSim Bell 206 FSX O42 - Logiciel: E-Jets v2 World Airliners 1 (v1.0b021) - (...) [HKCU][64Bits] -- E-Jets v2 World Airliners 1 (v1.0b021) O42 - Logiciel: E-MU Xboard - (...) [HKLM][64Bits] -- {D925601D-25E3-4E95-A456-FBD8C2995289} O42 - Logiciel: Embraer A-29B Super Tucano FSX Acceleration - (.Tim Piglet Conrad.) [HKLM][64Bits] -- {F698FEB2-FECB-4FD7-8FC5-670CE2739F29} O42 - Logiciel: FS Water Configurator 3.15 - (...) [HKLM][64Bits] -- FS Water Configurator O42 - Logiciel: FSAddon Piper Super Cub - (...) [HKLM][64Bits] -- FSAddon Piper Super Cub O42 - Logiciel: FSAddon Piper Super Cub X - (...) [HKLM][64Bits] -- FSAddon Piper Super Cub X O42 - Logiciel: FSX Sirocco_LT Motoryacht - (...) [HKLM][64Bits] -- FSX Sirocco_LT Motoryacht O42 - Logiciel: FTX AU GOLD Version 1.0 - (...) [HKCU][64Bits] -- FTX AU GOLD Version 1.0 O42 - Logiciel: FeelThere E-Jets v.2 - (...) [HKCU][64Bits] -- FeelThere E-Jets v.2 O42 - Logiciel: Fly the MADDOG 2008 - Professional Edition - (...) [HKLM][64Bits] -- Fly the MADDOG 2008 - Professional Edition O42 - Logiciel: HD Jetway and Airport Parking FSX - (.Real Environment Xtreme, Inc..) [HKLM][64Bits] -- {350F852D-4916-44C5-81B0-7D62A7A088E5} O42 - Logiciel: Hangsim - (...) [HKLM][64Bits] -- Hangsim O42 - Logiciel: Hurricane - (...) [HKCU][64Bits] -- Hurricane O42 - Logiciel: LFRS - Nantes Atlantique - (...) [HKCU][64Bits] -- LFRS - Nantes Atlantique O42 - Logiciel: La Réunion - (...) [HKLM][64Bits] -- La Réunion O42 - Logiciel: Level-D World Airliners 3 v1.0b001 - (...) [HKCU][64Bits] -- Level-D World Airliners 3 v1.0b001 O42 - Logiciel: Live 6.0.1 - (...) [HKLM][64Bits] -- Live 6.0.1 O42 - Logiciel: Mailsoft's - Switzerland Professional X - (.Mailsoft.) [HKLM][64Bits] -- {C0E7FAD8-F8AE-4819-AEBF-D92562315EEE} O42 - Logiciel: MegaSceneryX Las Vegas - (.PC Aviator Inc..) [HKLM][64Bits] -- MegaSceneryX Las Vegas_is1 O42 - Logiciel: NZ- Landclass and Textures - (...) [HKLM][64Bits] -- NZ- Landclass and Textures O42 - Logiciel: Natural World Trees - (.Alexey Samoshin aka NoName.) [HKLM][64Bits] -- {5CDDCA2E-2882-4BCC-96A2-14163D5234DE} O42 - Logiciel: Obstacles et Repères VFR FRANCE - (...) [HKLM][64Bits] -- Obstacles et Repères VFR FRANCE O42 - Logiciel: PA-28-181 ARCHER II FSX - (...) [HKCU][64Bits] -- PA-28-181 ARCHER II FSX O42 - Logiciel: PA28RT ARROW IV FSX - (...) [HKCU][64Bits] -- PA28RT ARROW IV FSX O42 - Logiciel: PA32R Saratoga SP FSX - (...) [HKCU][64Bits] -- PA32R Saratoga SP FSX O42 - Logiciel: PACA PHOTO Vol.1 - (...) [HKLM][64Bits] -- PACA PHOTO Vol.1 O42 - Logiciel: PACA PHOTO Vol.2 - (...) [HKLM][64Bits] -- PACA PHOTO Vol.2 O42 - Logiciel: Paris PHOTO (part 1/3) - (...) [HKLM][64Bits] -- Paris PHOTO (part 1/3) O42 - Logiciel: Pays-de-Loire PHOTO (part 1/5) - (...) [HKLM][64Bits] -- Pays-de-Loire PHOTO (part 1/5) O42 - Logiciel: Photo Real Los Angeles X - (...) [HKCU][64Bits] -- Photo Real Los Angeles X O42 - Logiciel: Picardie PHOTO (part 1/4) - (...) [HKLM][64Bits] -- Picardie PHOTO (part 1/4) O42 - Logiciel: Raw Grit PNG BushPilot FSX - (.SimMarket.) [HKLM][64Bits] -- RawGritPNGBushPilot_is1 O42 - Logiciel: Rhone-Alpes PHOTO Vol1 - (...) [HKLM][64Bits] -- Rhone-Alpes PHOTO Vol1 O42 - Logiciel: Rhone-Alpes PHOTO Vol2 - (...) [HKLM][64Bits] -- Rhone-Alpes PHOTO Vol2 O42 - Logiciel: Shade - (...) [HKCU][64Bits] -- Shade O42 - Logiciel: Tvix Thème Manager 3.05 version du 14/06/2010 - (.MarbleMad.) [HKLM][64Bits] -- Tvix Thème Manager_is1 O42 - Logiciel: UK2000 VFR Scenery Volume1 files - (...) [HKLM][64Bits] -- UK2000 VFR Scenery Volume1 O42 - Logiciel: VB Runtime - (...) [HKLM][64Bits] -- VB Runtime O42 - Logiciel: VFR scenery Volume 2 - (...) [HKCU][64Bits] -- VFR scenery Volume 2 ~ Logic: 439 Legitimates Filtered in 00mn 01s ---\\ HKCU & HKLM Software Keys [HKCU\Software\Ariane Studios] [HKCU\Software\ExpressFiles] =>Adware.ExpressFiles [HKCU\Software\IncrediMail] [HKCU\Software\SimCheck] [HKCU\Software\TAS] [HKCU\Software\YahooPartnerToolbar] =>Toolbar.Yahoo [HKLM\Software\Leonardo] [HKLM\Software\NaturalWorld] [HKLM\Software\WNLT] =>Adware.IncrediBar [HKLM\Software\Wow6432Node\Abraxis] [HKLM\Software\Wow6432Node\Dimension] [HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles [HKLM\Software\Wow6432Node\Florenc] [HKLM\Software\Wow6432Node\France VFR] [HKLM\Software\Wow6432Node\IncrediMail] [HKLM\Software\Wow6432Node\Leonardo] [HKLM\Software\Wow6432Node\Mailsoft] [HKLM\Software\Wow6432Node\NaturalWorld] [HKLM\Software\Wow6432Node\Uk2000 Scenery] [HKLM\Software\Wow6432Node\id] ~ Key Software: 482 Legitimates Filtered in 00mn 01s ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 15/06/2012 - 12:55:45 - [0,538] ----D C:\ProgramData\Droppix O43 - CFD: 19/03/2013 - 15:48:47 - [0] ----D C:\ProgramData\xml_param O43 - CFD: 19/09/2013 - 20:52:02 - [0,006] ----D C:\Users\Lolo\AppData\Roaming\4X_DATA O43 - CFD: 23/03/2011 - 23:05:10 - [0] ----D C:\Users\Lolo\AppData\Roaming\Ariane O43 - CFD: 23/11/2012 - 13:26:09 - [0] -SH-D C:\Users\Lolo\AppData\Roaming\B2B502 O43 - CFD: 18/11/2012 - 07:55:43 - [0] -SH-D C:\Users\Lolo\AppData\Roaming\D4E308 O43 - CFD: 25/05/2011 - 13:49:54 - [0,001] ----D C:\Users\Lolo\AppData\Roaming\Droppix O43 - CFD: 16/03/2011 - 16:00:58 - [0] ----D C:\Users\Lolo\AppData\Roaming\MyTraffic O43 - CFD: 12/08/2012 - 09:12:06 - [0,000] ----D C:\Users\Lolo\AppData\Roaming\Road Trip Effect prefs O43 - CFD: 29/03/2011 - 11:30:48 - [0,000] ----D C:\Users\Lolo\AppData\Roaming\TH1 O43 - CFD: 05/02/2013 - 10:03:32 - [0,011] ----D C:\Users\Lolo\AppData\Roaming\Ultra Fractal 5 O43 - CFD: 12/01/2011 - 18:34:47 - [0,001] --H-D C:\Users\Lolo\AppData\Local\934grAkv O43 - CFD: 26/04/2011 - 18:31:34 - [0,001] ----D C:\Users\Lolo\AppData\Local\Peter_Lürkens O43 - CFD: 19/09/2013 - 20:52:15 - [0,006] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FeelThere O43 - CFD: 19/09/2013 - 20:52:16 - [0,029] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\France VFR O43 - CFD: 19/09/2013 - 20:52:16 - [0,001] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FS Dreamscapes O43 - CFD: 19/09/2013 - 20:52:17 - [0,003] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSAddon+ O43 - CFD: 09/04/2011 - 00:23:37 - [0] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSX Sirocco_LT Motoryacht O43 - CFD: 19/09/2013 - 20:52:17 - [0,001] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OZx O43 - CFD: 19/09/2013 - 20:52:17 - [0,001] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OZx#Startup# O43 - CFD: 19/09/2013 - 20:52:17 - [0,000] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo Real Copenhagen X Day+Night O43 - CFD: 19/09/2013 - 20:52:17 - [0,001] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photo Real Los Angeles X O43 - CFD: 19/09/2013 - 20:52:17 - [0,005] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SceneryBox O43 - CFD: 19/09/2013 - 20:52:17 - [0,001] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shade O43 - CFD: 24/04/2011 - 09:54:43 - [0] ----D C:\Users\Lolo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UK2000 Scenery ~ Program Folder: 375 Legitimates Filtered in 00mn 29s ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.863E3125BB624F3E845F3C780BB7BC1F] - 21/09/2013 - 17:41:49 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [21200] O44 - LFC:[MD5.863E3125BB624F3E845F3C780BB7BC1F] - 21/09/2013 - 17:41:49 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [21200] O44 - LFC:[MD5.863E3125BB624F3E845F3C780BB7BC1F] - 21/09/2013 - 17:41:49 RSHAD . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [21200] O44 - LFC:[MD5.863E3125BB624F3E845F3C780BB7BC1F] - 21/09/2013 - 17:41:49 RSHAD . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [21200] O44 - LFC:[MD5.E5C680DE13079AEC92C991DE45FD4FEC] - 21/09/2013 - 17:36:46 ---A- . (...) -- C:\Windows\mvraidver.dat [8] O44 - LFC:[MD5.09D3D390C8E0D8CCF1A7D2D711437DED] - 21/09/2013 - 17:36:17 ---A- . (...) -- C:\Windows\error.log [744] O44 - LFC:[MD5.74CB115142FF252F752690B9FAFAF147] - 21/09/2013 - 17:35:36 ---A- . (...) -- C:\Windows\errord.log [168] O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 19/09/2013 - 21:58:45 ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [25185] O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 19/09/2013 - 21:58:45 ---A- . (...) -- C:\Windows\System32\ieuinit.inf [25185] ~ Files: 326 Legitimates Filtered in 01mn 03s ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:[MD5.06DE5A9A1037DFB05E267F5170CA5D43] - 20/09/2013 - 14:06:11 ---A- - C:\Windows\Prefetch\CLMSSERVERPDVD12.EXE-45CD721A.pf O45 - LFCP:[MD5.65943D5B5C86E4316AF3155A882009AC] - 20/09/2013 - 14:48:33 ---A- - C:\Windows\Prefetch\COREL PAINTSHOP PRO.EXE-09A3472E.pf O45 - LFCP:[MD5.1EF0B3FFD40B942D5FF52ECF1214946B] - 20/09/2013 - 15:44:16 ---A- - C:\Windows\Prefetch\KWIKMEDIA.601.EXE-3794A278.pf O45 - LFCP:[MD5.612FC4383852C97FF6A78AF83DED5ADE] - 20/09/2013 - 15:44:18 ---A- - C:\Windows\Prefetch\KWIKMEDIA.EXE-FF07C1AF.pf O45 - LFCP:[MD5.DC4325B0AA99708BAD9156D7081E8328] - 20/09/2013 - 15:47:02 ---A- - C:\Windows\Prefetch\BITTORRENT-7.1.EXE-545DFC56.pf =>P2P.BitTorrent O45 - LFCP:[MD5.F6D29AA18F193630B01608E1C737142C] - 20/09/2013 - 20:02:15 ---A- - C:\Windows\Prefetch\MIGRATIONASSISTANT.EXE-6ED5E245.pf O45 - LFCP:[MD5.508CE7E671295365A3692B99EF45A65E] - 20/09/2013 - 22:55:10 ---A- - C:\Windows\Prefetch\HTTPD.EXE-FA22AD93.pf O45 - LFCP:[MD5.99DF6946F5ECF4A82D42261A5CA8D10A] - 20/09/2013 - 22:55:10 ---A- - C:\Windows\Prefetch\NLSSRV32.EXE-4B9A5957.pf O45 - LFCP:[MD5.C1CEF05A1BAD94F873305D42BFB35042] - 20/09/2013 - 22:55:10 ---A- - C:\Windows\Prefetch\PSISERVICE.EXE-2AAF5EAF.pf O45 - LFCP:[MD5.8F927EE295054EAC76D905730C463199] - 21/09/2013 - 03:12:30 ---A- - C:\Windows\Prefetch\MVRAIDSVC.EXE-26B20D59.pf O45 - LFCP:[MD5.140A881E009B864AD092E223D3D6AE28] - 21/09/2013 - 07:03:26 ---A- - C:\Windows\Prefetch\FM3032.EXE-D4C30AC9.pf O45 - LFCP:[MD5.CDC9F1FC2FE2E2A45BD9F11896B0DA52] - 21/09/2013 - 07:07:47 ---A- - C:\Windows\Prefetch\OPENELEMENT.EXE-C34D04BF.pf ~ Prefetcher: 136 Legitimates Filtered in 00mn 00s ---\\ Contrôle du Safe Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.) O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.) ~ CSB: 15 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\LogMeIn Hamachi Ui [Key] . (...) -- E:\HAMACHI\hamachi-2-ui.exe (.not file.) O53 - SMSR:HKLM\...\startupreg\MRUTray [Key] . (.Pas de propriétaire - MarvellTray.) -- C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe ~ SMSR Keys: 18 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLinkedConnections"=1 ~ MWPS: 17 Legitimates Filtered in 00mn 00s ---\\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s ---\\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.AD12F5C7251BB8D575D560894E73CBBA] - 24/12/2010 - 10:43:40 . (.Wondershare - Wondershare Virtual Audio Device.) -- C:\Windows\System32\Drivers\Apowersoft_AudioDevice.sys [29288] O58 - SDL:[MD5.2263727032E9B19231A706046B8C82D3] - 17/03/2008 - 18:12:26 ---A- . (...) -- C:\Windows\System32\Ckldrv.sys [28664] O58 - SDL:[MD5.5940062D95C753F1F77AC2086089A7CF] - 10/12/2005 - 01:07:59 ---A- . (.Line 6 - Line 6 Device Proxy.) -- C:\Windows\SysWOW64\drivers\l6dp.sys [27392] O58 - SDL:[MD5.C08B090F485B0028720BD0D31FB33B20] - 08/01/2012 - 10:41:33 -SHA- . (...) -- C:\Windows\SysWOW64\KGyGaAvL.sys [1056] ~ Drivers: 17 Legitimates Filtered in 00mn 00s ---\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61) O61 - LFC: 19/09/2013 - 08:51:54 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\268.OESkin [6907] O61 - LFC: 19/09/2013 - 08:52:02 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\220.OESkin [5089] O61 - LFC: 19/09/2013 - 08:55:29 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\221.OESkin [27543] O61 - LFC: 19/09/2013 - 08:55:52 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\242.OESkin [5222] O61 - LFC: 19/09/2013 - 09:01:07 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\183.OESkin [6336] O61 - LFC: 19/09/2013 - 09:02:20 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\182.OESkin [20268] O61 - LFC: 19/09/2013 - 09:02:30 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\184.OESkin [7404] O61 - LFC: 19/09/2013 - 09:02:34 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\561.OESkin [5357] O61 - LFC: 19/09/2013 - 09:04:46 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\186.OESkin [6038] O61 - LFC: 19/09/2013 - 09:06:19 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\270.OESkin [17505] O61 - LFC: 19/09/2013 - 09:06:21 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\231.OESkin [7570] O61 - LFC: 19/09/2013 - 09:06:55 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\48.OESkin [8969] O61 - LFC: 19/09/2013 - 09:10:45 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\52.OESkin [9959] O61 - LFC: 19/09/2013 - 09:10:49 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\50.OESkin [10021] O61 - LFC: 19/09/2013 - 09:11:09 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\245.OESkin [9387] O61 - LFC: 19/09/2013 - 09:11:14 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\230.OESkin [8101] O61 - LFC: 19/09/2013 - 09:11:32 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\49.OESkin [10187] O61 - LFC: 19/09/2013 - 09:11:34 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\51.OESkin [9245] O61 - LFC: 19/09/2013 - 09:12:38 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\239.OESkin [7348] O61 - LFC: 19/09/2013 - 09:12:47 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\241.OESkin [5398] O61 - LFC: 19/09/2013 - 09:13:20 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\559.OESkin [4889] O61 - LFC: 19/09/2013 - 09:13:43 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\185.OESkin [6773] O61 - LFC: 19/09/2013 - 09:13:49 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\29.OESkin [25653] O61 - LFC: 19/09/2013 - 09:14:05 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\31.OESkin [9186] O61 - LFC: 19/09/2013 - 09:14:13 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\28.OESkin [25614] O61 - LFC: 19/09/2013 - 09:14:15 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\560.OESkin [5402] O61 - LFC: 19/09/2013 - 09:14:17 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\658.OESkin [23791] O61 - LFC: 19/09/2013 - 09:14:21 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\739.OESkin [24500] O61 - LFC: 19/09/2013 - 09:14:27 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\269.OESkin [6985] O61 - LFC: 19/09/2013 - 09:14:39 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\740.OESkin [25303] O61 - LFC: 19/09/2013 - 09:17:37 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\738.OESkin [24520] O61 - LFC: 19/09/2013 - 09:17:38 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\367.OESkin [6194] O61 - LFC: 19/09/2013 - 09:19:05 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\368.OESkin [10099] O61 - LFC: 19/09/2013 - 09:19:07 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\240.OESkin [3640] O61 - LFC: 19/09/2013 - 09:22:47 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\366.OESkin [44936] O61 - LFC: 19/09/2013 - 09:22:50 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\53.OESkin [9114] O61 - LFC: 19/09/2013 - 09:22:55 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\54.OESkin [7788] O61 - LFC: 19/09/2013 - 09:23:04 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\Skins\323.OESkin [6960] O61 - LFC: 19/09/2013 - 19:45:45 ---A- . (...) -- C:\Users\Lolo\AppData\Local\GDIPFONTCACHEV1.DAT [196648] O61 - LFC: 19/09/2013 - 21:24:39 ---A- . (...) -- C:\Users\Lolo\AppData\Roaming\Photodex\ProShow Producer\def.dat [93] O61 - LFC: 19/09/2013 - 22:27:37 ---A- . (...) -- C:\Users\Lolo\Links\Desktop.lnk [489] O61 - LFC: 19/09/2013 - 22:27:37 ---A- . (...) -- C:\Users\Lolo\Links\Downloads.lnk [936] O61 - LFC: 19/09/2013 - 22:27:37 ---A- . (...) -- C:\Users\Lolo\Links\RecentPlaces.lnk [383] O61 - LFC: 19/09/2013 - 23:07:33 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\keys\272098ef-e420-416b-9bcd-da89896c8952.key [313] O61 - LFC: 20/09/2013 - 01:24:09 ---A- . (...) -- C:\Users\Lolo\Documents\Anti-Malware\Reports\a2scan_130920-002318.txt [1790] O61 - LFC: 21/09/2013 - 03:08:42 ---A- . (...) -- C:\Users\Lolo\Documents\Anti-Malware\Reports\a2scan_130921-000152.txt [6764] O61 - LFC: 21/09/2013 - 07:08:14 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\Config\OpenRecentProject.cfg [865] O61 - LFC: 21/09/2013 - 07:08:34 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\Config\Config.cfg [15276] O61 - LFC: 21/09/2013 - 07:08:34 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\SkinsCache\DataSkinsCache.dat [39873] O61 - LFC: 21/09/2013 - 07:08:34 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\UserDockManager2.xml [18517] O61 - LFC: 21/09/2013 - 07:08:34 ---A- . (...) -- C:\Users\Lolo\AppData\Local\Element Technologie\openElement\UserToolsBox2.xml [49063] ~ 26 Fichiers temporaires (Temporary files) ~ Files: 189 Legitimates Filtered in 00mn 58s ---\\ Fichiers Alternate Data Stream (ADS) (O62) O62 - ADS:Alternate Data Stream File - C:\Windows\System32\pbsvc.exe:Zone.Identifier ~ ADS: Scanned in 00mn 37s ---\\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman ~ ADS: Scanned in 00mn 00s ---\\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 16/03/2007 - C:\Windows\sysWOW64\drivers\TBPANELX64.sys (Cardex) .(.Windows (R) Server 2003 DDK provider - Display Control Program.) - LEGACY_CARDEX ~ Legacy: 84 Legitimates Filtered in 00mn 00s ---\\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- E:\FIREFOX\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com ~ Keys: Scanned in 00mn 00s ---\\ Enumère les fichiers Crack & Keygen (CKF) (O82) C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4cg.nfo =>P2P.BitTorrent C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz01.zip =>P2P.BitTorrent C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz02.zip =>P2P.BitTorrent C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz03.zip =>P2P.BitTorrent C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz04.zip =>P2P.BitTorrent C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz05.zip =>P2P.BitTorrent C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz07.zip =>P2P.BitTorrent C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\file_id.diz =>P2P.BitTorrent C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\Read-Me.txt =>P2P.BitTorrent C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\www.torrentday.com.txt =>P2P.BitTorrent C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4cg.nfo =>P2P.BitTorrent C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz01.zip =>P2P.BitTorrent C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz02.zip =>P2P.BitTorrent C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz03.zip =>P2P.BitTorrent C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz04.zip =>P2P.BitTorrent C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz05.zip =>P2P.BitTorrent C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\f4macz07.zip =>P2P.BitTorrent C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\file_id.diz =>P2P.BitTorrent C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\Read-Me.txt =>P2P.BitTorrent C:\Users\Lolo\AppData\Roaming\BitTorrent\Droppix.Label.Maker.v2.9.8.0.Cracked-F4CG - [ www.torrentday.com ]\www.torrentday.com.txt =>P2P.BitTorrent E:\PERFECT PHOTO SUITE\OnOne Perfect Photo Suite 7.0.2 Premium Edition Incl Keygen NiCkkkDoN\install.exe E:\PERFECT PHOTO SUITE\OnOne Perfect Photo Suite 7.0.2 Premium Edition Incl Keygen NiCkkkDoN\Torrent downloaded from ExtraTorrent.com.txt E:\RECOVER MY FILES\GetData.Recover.My.Files.v4.9.4.1343.Cracked\crack\RecoverMyFiles.exe E:\RECOVER MY FILES\GetData.Recover.My.Files.v4.9.4.1343.Cracked\RecoverMyFiles-Setup.exe H:\FM7\FM7 -Vsti\CloneCd_keygen.zip ~ Files: Scanned in 02mn 22s ---\\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.70942B01C11A1F507404903C89EC1A28] [SPRF][08/01/2012] (...) -- C:\ProgramData\CC4564BBD6.sys [88] [MD5.433F06F7AC10A8998A4638E80EA3D15D] [SPRF][11/01/2012] (...) -- C:\ProgramData\KGyGaAvL.sys [6266] ~ Files: 2 Legitimates Filtered in 00mn 00s ---\\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{EA0244CE-4F7A-4933-8C0F-1296D07A2796}" | In - Public - P6 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe O87 - FAEL: "{18BFDECD-4740-496F-BEE9-B6B170274FED}" | In - Public - P17 - TRUE | .(...) -- C:\Windows\System32\dmwu.exe ~ Firewall: 246 Legitimates Filtered in 00mn 01s ---\\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "041A393C89D535E41AE5F5E8EBBB9BCC" . (.KDFW v1.1.2 for FSX.) -- C:\Windows\Installer\{C393A140-5D98-4E53-A15E-5F8EBEBBB9CC}\controlPanelIcon.exe O90 - PUC: "5B7E7436F608203409A6506CC2EC5A20" . (.Tpkd x64.) -- C:\Windows\Installer\{6347E7B5-806F-4302-906A-05C62CCEA502}\ARPPRODUCTICON.exe O90 - PUC: "E2ACDDC52882CCB4692A4161D32543ED" . (.Natural World Trees.) -- C:\Windows\Installer\{5CDDCA2E-2882-4BCC-96A2-14163D5234DE}\ARPPRODUCTICON.exe ~ Update Products: 157 Legitimates Filtered in 00mn 00s ---\\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.CB70C99DC9309AAD6841A8F5A28E2607] [WIS][12/05/2012] (.Google, Inc. - Google SketchUp 8 Installer.) -- C:\Windows\Installer\1364eff.msi [50302976] [MD5.A91D34375B4647FF0F57E8076EC72B1B] [WIS][08/08/2012] (.Babylon Ltd - BabylonObjectInstaller.) -- C:\Windows\Installer\1a53c.msi [343040] =>Toolbar.Babylon ~ WIS: 167 Legitimates Filtered in 00mn 46s ---\\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 19/09/2013 4159464 | (a2AntiMalware) . (.Emsisoft GmbH.) - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe SR - | Auto 23/09/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 19/09/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 17/11/2012 86224 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe SR - | Auto 17/11/2012 110032 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe SR - | Auto 20/05/2011 1175556 | (BroadCamService) . (.NCH Software.) - C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe SR - | Auto 12/01/2012 87336 | (CLHNServiceForPowerDVD12) . (.CyberLink Corp..) - E:\POWER DVD 12 ULTRA v12.0.1312.54\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe SR - | Auto 19/07/2012 2568120 | (CodeMeter.exe) . (.WIBU-SYSTEMS AG.) - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe SR - | Auto 08/05/2008 122880 | (Crypkey License) . (.CrypKey (Canada) Ltd..) - C:\Windows\System32\crypserv.exe SR - | Auto 12/01/2012 75048 | (CyberLink PowerDVD 12 Media Server Monitor Service) . (.CyberLink.) - E:\POWER DVD 12 ULTRA v12.0.1312.54\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe SR - | Auto 12/01/2012 296232 | (CyberLink PowerDVD 12 Media Server Service) . (.CyberLink.) - E:\POWER DVD 12 ULTRA v12.0.1312.54\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe SS - | Demand 16/08/2011 1044816 | (FLEXnet Licensing Service) . (.Flexera Software, Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe SR - | Auto 27/06/2012 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe SR - | Auto 14/10/2009 151552 | (Marvell RAID) . (...) - C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe SS - | Demand 11/12/2012 115168 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 12/06/2008 24635 | (MRUWebService) . (.Apache Software Foundation.) - C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe SR - | Auto 23/09/2011 641832 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe SR - | Auto 21/02/2011 66560 | (nlsX86cc) . (.Nalpeiron Ltd..) - C:\Windows\SysWOW64\nlssrv32.exe SR - | Auto 18/01/2013 884512 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe SR - | Auto 25/02/2013 1260320 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe SR - | Auto 10/07/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe SR - | Auto 05/06/2007 177704 | (ProtexisLicensing) . (...) - C:\Windows\SysWOW64\PSIService.exe SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe SR - | Auto 13/10/2012 186760 | (ScsiAccess) . (...) - C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe SR - | Auto 18/01/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe SS - | Demand 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SR - | Auto 11/01/2012 146928 | ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) . (.CyberLink Corp..) - E:\POWER DVD 12 ULTRA v12.0.1312.54\PowerDVD12\Common\NavFilter\000.fcl ~ Services: Scanned in 00mn 47s ---\\ Recherche d'infection sur le Master Boot Record (MBR)(O80) Run by Lolo at 21/09/2013 20:45:42 ~ OS 64 not supported by MBR tool ~ MBR: 0 Legitimates Filtered in 00mn 00s ---\\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by Lolo at 21/09/2013 20:45:44 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Scanned in 00mn 02s ---\\ Scan Additionnel (O88) Database Version : 12924 - (21/09/2013) Clés trouvées (Keys found) : 9 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 6 [HKLM\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd] =>Adware.IncrediBar^ [HKLM\Software\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco] =>PUP.OneClickDownloader^ [HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFile_RASAPI32] =>PUP.YourFileDownloader [HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFileUpdater_RASAPI32] =>PUP.YourFileDownloader [HKLM\Software\Wow6432Node\Microsoft\Tracing\YourFileUpdater_RASMANCS] =>PUP.YourFileDownloader [HKLM\Software\WNLT] =>Adware.IncrediBar [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly [HKLM\Software\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Canneverbe Limited\OpenCandy] =>Adware.OpenCandy C:\Users\Lolo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd =>Adware.IncrediBar^ C:\Users\Lolo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco =>PUP.OneClickDownloader^ [HKCU\Software\ExpressFiles] =>Adware.ExpressFiles^ [HKCU\Software\YahooPartnerToolbar] =>Toolbar.Yahoo^ [HKLM\Software\Wow6432Node\ExpressFiles] =>Adware.ExpressFiles^ C:\Windows\Installer\1a53c.msi =>Toolbar.Babylon^ ~ Additionnel Scan: 540254 Items scanned in 01mn 31s ---\\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/26898222-adware-incredibar =>Adware.Incredibar ~ http://nicolascoolman.webs.com/apps/blog/show/27232411-hijacker-proxy =>Hijacker.Proxy ~ http://nicolascoolman.webs.com/apps/blog/show/26753274-adware-expressfiles =>Adware.ExpressFiles ~ http://nicolascoolman.webs.com/apps/blog/show/27752690-pup-yourfiledownloader =>PUP.YourFileDownloader ~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly ~ http://nicolascoolman.webs.com/apps/blog/show/26770694-adware-opencandy =>Adware.OpenCandy ~ MSI: 8 link(s) detected in 01mn 31s ~ 2323 Legitimates filtered by white list End of the scan (742 lines in 08mn 52s)(25)