Probleme virus
Résolu/Fermé
cric44
-
2 mars 2013 à 09:11
kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 - 2 mars 2013 à 16:50
kalimusic Messages postés 14014 Date d'inscription samedi 7 novembre 2009 Statut Contributeur sécurité Dernière intervention 20 novembre 2015 - 2 mars 2013 à 16:50
A voir également:
- Cybelsoft
- Svchost.exe virus - Guide
- Faux message virus iphone - Forum iPhone
- Operagxsetup virus ✓ - Forum Virus
- Youtu.be virus - Guide
- Produkey virus ✓ - Forum Windows 10
11 réponses
kalimusic
Messages postés
14014
Date d'inscription
samedi 7 novembre 2009
Statut
Contributeur sécurité
Dernière intervention
20 novembre 2015
3 027
2 mars 2013 à 09:23
2 mars 2013 à 09:23
Bonjour,
Télécharge RogueKiller /gras> (par Tigzy) sur le bureau
● <gras> Ferme toutes tes applications en cours
● Lance RogueKiller.exe
Si l'infection bloque le programme, il faut le relancer plusieurs fois ou le renommer en winlogon.exe
● Laisse le prescan se terminer, clique sur Scan
● Clique sur Rapport pour l'ouvrir puis copie/colle le dans ton prochain message.
A +
Télécharge RogueKiller /gras> (par Tigzy) sur le bureau
● <gras> Ferme toutes tes applications en cours
● Lance RogueKiller.exe
Si l'infection bloque le programme, il faut le relancer plusieurs fois ou le renommer en winlogon.exe
● Laisse le prescan se terminer, clique sur Scan
● Clique sur Rapport pour l'ouvrir puis copie/colle le dans ton prochain message.
A +
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 09:28
2 mars 2013 à 09:28
bonjour
merci pour ton aide je fais ca et je te poste le tout
merci pour ton aide je fais ca et je te poste le tout
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 09:41
2 mars 2013 à 09:41
rebonjour
je n arrive pas a le lancer meme en le renomant
je n arrive pas a le lancer meme en le renomant
kalimusic
Messages postés
14014
Date d'inscription
samedi 7 novembre 2009
Statut
Contributeur sécurité
Dernière intervention
20 novembre 2015
3 027
2 mars 2013 à 09:43
2 mars 2013 à 09:43
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 09:44
2 mars 2013 à 09:44
par contre j ai un rapport avec ZHP diag si tu veux
kalimusic
Messages postés
14014
Date d'inscription
samedi 7 novembre 2009
Statut
Contributeur sécurité
Dernière intervention
20 novembre 2015
3 027
2 mars 2013 à 10:00
2 mars 2013 à 10:00
Tu es infecté par zeroaccess, c'est du sérieux.
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 10:02
2 mars 2013 à 10:02
comment puis je faire
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 10:03
2 mars 2013 à 10:03
par contre zhp ca marche
kalimusic
Messages postés
14014
Date d'inscription
samedi 7 novembre 2009
Statut
Contributeur sécurité
Dernière intervention
20 novembre 2015
3 027
2 mars 2013 à 10:16
2 mars 2013 à 10:16
Bien,
Relance RogueKiller.exe
● Décoche la ou les cases suivantes :
● Clique sur Suppression
● Clique sur Rapport pour l'ouvrir puis copie/colle le sur le dans ton prochain message
A +
Relance RogueKiller.exe
● Décoche la ou les cases suivantes :
[TASK][ROGUE ST] 0 : c:\program files\internet explorer\iexplore.exe
● Clique sur Suppression
● Clique sur Rapport pour l'ouvrir puis copie/colle le sur le dans ton prochain message
A +
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 10:30
2 mars 2013 à 10:30
RogueKiller V8.5.2 [Feb 23 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7600 ) 32 bits version
Demarrage : Mode normal
Utilisateur : Moi [Droits d'admin]
Mode : Recherche -- Date : 02/03/2013 10:21:51
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$7a050fccd71238410e25633e7f2feff7\n [-] --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$7a050fccd71238410e25633e7f2feff7\U --> TROUVÉ
¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[84] : NtCreateSection @ 0x8323F2C3 -> HOOKED (Unknown @ 0x907F012E)
SSDT[299] : NtRequestWaitReplyPort @ 0x832850AE -> HOOKED (Unknown @ 0x907F0138)
SSDT[316] : NtSetContextThread @ 0x832EAA23 -> HOOKED (Unknown @ 0x907F0133)
SSDT[347] : NtSetSecurityObject @ 0x83224453 -> HOOKED (Unknown @ 0x907F013D)
SSDT[368] : NtSystemDebugControl @ 0x8321772A -> HOOKED (Unknown @ 0x907F0142)
SSDT[370] : NtTerminateProcess @ 0x83270165 -> HOOKED (Unknown @ 0x907F00CF)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x907F0156)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x907F015B)
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HI SCSI Disk Device +++++
--- User ---
[MBR] 8424c607e1c05a8a34bd847edbb492c8
[BSP] 63e8a0fd3d9aaa80ae6b2f611fd3b229 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99899 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204802048 | Size: 376938 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[3]_S_02032013_102151.txt >>
RKreport[1]_S_02032013_101006.txt ; RKreport[2]_D_02032013_101237.txt ; RKreport[3]_S_02032013_102151.txt
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7600 ) 32 bits version
Demarrage : Mode normal
Utilisateur : Moi [Droits d'admin]
Mode : Recherche -- Date : 02/03/2013 10:21:51
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$7a050fccd71238410e25633e7f2feff7\n [-] --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$7a050fccd71238410e25633e7f2feff7\U --> TROUVÉ
¤¤¤ Driver : [CHARGE] ¤¤¤
SSDT[84] : NtCreateSection @ 0x8323F2C3 -> HOOKED (Unknown @ 0x907F012E)
SSDT[299] : NtRequestWaitReplyPort @ 0x832850AE -> HOOKED (Unknown @ 0x907F0138)
SSDT[316] : NtSetContextThread @ 0x832EAA23 -> HOOKED (Unknown @ 0x907F0133)
SSDT[347] : NtSetSecurityObject @ 0x83224453 -> HOOKED (Unknown @ 0x907F013D)
SSDT[368] : NtSystemDebugControl @ 0x8321772A -> HOOKED (Unknown @ 0x907F0142)
SSDT[370] : NtTerminateProcess @ 0x83270165 -> HOOKED (Unknown @ 0x907F00CF)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x907F0156)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x907F015B)
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HI SCSI Disk Device +++++
--- User ---
[MBR] 8424c607e1c05a8a34bd847edbb492c8
[BSP] 63e8a0fd3d9aaa80ae6b2f611fd3b229 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99899 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204802048 | Size: 376938 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[3]_S_02032013_102151.txt >>
RKreport[1]_S_02032013_101006.txt ; RKreport[2]_D_02032013_101237.txt ; RKreport[3]_S_02032013_102151.txt
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
kalimusic
Messages postés
14014
Date d'inscription
samedi 7 novembre 2009
Statut
Contributeur sécurité
Dernière intervention
20 novembre 2015
3 027
2 mars 2013 à 10:34
2 mars 2013 à 10:34
ok,
1. Relance RogueKiller
● Clique sur Suppression
● Clique sur Rapport pour l'ouvrir
2. Télécharge OTL (de OldTimer) sur ton Bureau.
Ferme toutes tes applications en cours
● Lance OTL.exe, l'interface principale s'ouvre.
● Coche la case Tous les utilisateurs
● Laisse tous les autres paramètres par défaut
● Dans la partie du bas "Personnalisation", copie/colle la liste en citation :
● Clique sur le bouton Analyse rapide, patiente pendant le balayage du système.
● 2 rapports vont s'ouvrir au format bloc-note :
▸ ▸ OTL.txt (qui sera affiché) ainsi que Extras.txt (réduit dans la barre des tâches)
● Ne les poste pas sur le forum, ils seraient trop long
● Héberge les sur un des sites suivants :
https://security-x.fr/up/
https://www.cjoint.com/
http://pjjoint.malekal.com/
https://textup.fr/
● Tu obtiendras 2 liens que tu me donneras dans ton prochain message.
Aide : Tutorial OTL (par Malekal)
A +
1. Relance RogueKiller
● Clique sur Suppression
● Clique sur Rapport pour l'ouvrir
2. Télécharge OTL (de OldTimer) sur ton Bureau.
Ferme toutes tes applications en cours
● Lance OTL.exe, l'interface principale s'ouvre.
● Coche la case Tous les utilisateurs
● Laisse tous les autres paramètres par défaut
● Dans la partie du bas "Personnalisation", copie/colle la liste en citation :
msconfig netsvcs /md5start explorer.exe winlogon.exe userinit.exe svchost.exe services.* winsock.* /md5stop %temp%\*.exe /s %ALLUSERSPROFILE%\Application Data\*.exe /s %ALLUSERSPROFILE%\Application Data\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.* BASESERVICES CREATERESTOREPOINT
● Clique sur le bouton Analyse rapide, patiente pendant le balayage du système.
● 2 rapports vont s'ouvrir au format bloc-note :
▸ ▸ OTL.txt (qui sera affiché) ainsi que Extras.txt (réduit dans la barre des tâches)
● Ne les poste pas sur le forum, ils seraient trop long
● Héberge les sur un des sites suivants :
https://security-x.fr/up/
https://www.cjoint.com/
http://pjjoint.malekal.com/
https://textup.fr/
● Tu obtiendras 2 liens que tu me donneras dans ton prochain message.
Aide : Tutorial OTL (par Malekal)
A +
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 10:58
2 mars 2013 à 10:58
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 11:04
2 mars 2013 à 11:04
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 11:04
2 mars 2013 à 11:04
je t avais mis les deux meme je t ai remis l autre
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 11:08
2 mars 2013 à 11:08
merci pour ton aide je ne suis pas tres calé en informatique
kalimusic
Messages postés
14014
Date d'inscription
samedi 7 novembre 2009
Statut
Contributeur sécurité
Dernière intervention
20 novembre 2015
3 027
2 mars 2013 à 11:12
2 mars 2013 à 11:12
Ne t'inquiète pas, je regarde les rapports et je reviens avec la suite de la procédure ;)
kalimusic
Messages postés
14014
Date d'inscription
samedi 7 novembre 2009
Statut
Contributeur sécurité
Dernière intervention
20 novembre 2015
3 027
2 mars 2013 à 11:28
2 mars 2013 à 11:28
ok,
1. Désinstalle Spybot S&D, logiciel dépassé et inutile.
2. Désinstalle si possible les logiciels indésirables suivants:
Aide : Comment désinstaller un programme
2. Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
▸ Sous XP double-clic sur l'icône pour lancer l'outil.
▸ Sous Vista/Seven/8 clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● Ferme impérativement le navigateur ainsi que les applications en cours.
● Clique sur Suppression
● Patiente le temps du scan, accepte de redémarrer si l'outil le demande
● Le rapport doit s'ouvrir spontanément.
Le rapport est sauvegardé à la racine du disque C:\AdwCleaner[S1].txt
== == == == == == == == == == == == == == == == == == == == == ==
Ce script n'est valable que pour ce système, l'utiliser sur un autre ordinateur pourrait causer des problèmes.
Lorsque la correction commence, tous les processus en cours d'exécution vont être stoppés ce qui peut provoquer la perte momentanée du Bureau et des icônes. Ils reviendront au démarrage.
== == == == == == == == == == == == == == == == == == == == == ==
Relance OTL
● Dans la partie "Personnalisation", copie/colle les instructions hébergées ici
● Ferme impérativement les applications en cours.
● Clique sur le bouton Correction.
● Patiente pendant le travail de l'outil, il doit ensuite redémarrer le PC.
● Accepte en cliquant sur OK.
● Le rapport indiquant les actions réalisées par OTL doit s'ouvrir spontanément.
Le rapport est sauvegardé à la racine du disque dans ce dossier : C:\_OTL\MovedFiles
4. Poste les rapports AdwCleaner et OTL
A +
1. Désinstalle Spybot S&D, logiciel dépassé et inutile.
2. Désinstalle si possible les logiciels indésirables suivants:
Internet Explorer Toolbar 4.6 by SweetPacks SweetPacks bundle SweetIM for Messenger 3.7 Update Manager for SweetPacks 1.1
Aide : Comment désinstaller un programme
2. Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
▸ Sous XP double-clic sur l'icône pour lancer l'outil.
▸ Sous Vista/Seven/8 clic-droit sur l'icône et choisir "Exécuter en tant qu'administrateur" dans le menu contextuel.
● Ferme impérativement le navigateur ainsi que les applications en cours.
● Clique sur Suppression
● Patiente le temps du scan, accepte de redémarrer si l'outil le demande
● Le rapport doit s'ouvrir spontanément.
Le rapport est sauvegardé à la racine du disque C:\AdwCleaner[S1].txt
== == == == == == == == == == == == == == == == == == == == == ==
Ce script n'est valable que pour ce système, l'utiliser sur un autre ordinateur pourrait causer des problèmes.
Lorsque la correction commence, tous les processus en cours d'exécution vont être stoppés ce qui peut provoquer la perte momentanée du Bureau et des icônes. Ils reviendront au démarrage.
== == == == == == == == == == == == == == == == == == == == == ==
Relance OTL
● Dans la partie "Personnalisation", copie/colle les instructions hébergées ici
● Ferme impérativement les applications en cours.
● Clique sur le bouton Correction.
● Patiente pendant le travail de l'outil, il doit ensuite redémarrer le PC.
● Accepte en cliquant sur OK.
● Le rapport indiquant les actions réalisées par OTL doit s'ouvrir spontanément.
Le rapport est sauvegardé à la racine du disque dans ce dossier : C:\_OTL\MovedFiles
4. Poste les rapports AdwCleaner et OTL
A +
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 11:50
2 mars 2013 à 11:50
All processes killed
Error: Unable to interpret <:instructions> in the current context!
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{48405d3d-2674-4cd8-b1ef-9a719443bd3f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}\ not found.
Registry key HKEY_USERS\S-1-5-21-251482549-948832375-1649116876-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-251482549-948832375-1649116876-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ED4BBDD6-68E3-4449-8261-699B5467E6B6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED4BBDD6-68E3-4449-8261-699B5467E6B6}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
File C:\Program Files\Web Assistant\Firefox not found.
C:\Users\Moi\AppData\Roaming\mozilla\firefox\profiles\0\extensions\torntv@torntv.com.xpi moved successfully.
Folder C:\Program Files\mozilla firefox\extensions\ffxtlbr@babylon.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
File C:\PROGRA~1\SPYBOT~1\SDHelper.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{48405d3d-2674-4cd8-b1ef-9a719443bd3f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-251482549-948832375-1649116876-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Rechercher sur le Web\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
File C:\PROGRA~1\SPYBOT~1\SDHelper.dll not found.
Folder C:\Users\Moi\AppData\Roaming\OpenCandy\ not found.
C:\Windows\System32\SET2A6B.tmp deleted successfully.
C:\Windows\System32\SET4CCA.tmp deleted successfully.
C:\Windows\System32\SETF652.tmp deleted successfully.
C:\Users\Moi\AppData\Local\Temp\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}\VistaCookiesCollector.exe moved successfully.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
C:\$Recycle.bin\S-1-5-21-251482549-948832375-1649116876-1000\$RUSG8XG folder moved successfully.
[color=#A23BEC]< ipconfig /flushdns /c >/color
Configuration IP de Windows
Cache de r'solution DNS vid'.
D:\Moi\Downloads\cmd.bat deleted successfully.
D:\Moi\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 58264 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Moi
->Temp folder emptied: 2082345 bytes
->Temporary Internet Files folder emptied: 442402436 bytes
->Java cache emptied: 206765110 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 124224 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39802 bytes
RecycleBin emptied: 527310 bytes
Total Files Cleaned = 622,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03022013_114256
Files\Folders moved on Reboot...
C:\Users\Moi\AppData\Local\Temp\Low\REG6F26.tmp moved successfully.
C:\Users\Moi\AppData\Local\Temp\Low\REGFF83.tmp moved successfully.
C:\Users\Moi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CEZRKJJN\file[1].txt moved successfully.
C:\Users\Moi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0953RWI4\affich-27263257-probleme-virus[1].htm moved successfully.
C:\Users\Moi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Moi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Moi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Error: Unable to interpret <:instructions> in the current context!
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{48405d3d-2674-4cd8-b1ef-9a719443bd3f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}\ not found.
Registry key HKEY_USERS\S-1-5-21-251482549-948832375-1649116876-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-251482549-948832375-1649116876-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ED4BBDD6-68E3-4449-8261-699B5467E6B6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED4BBDD6-68E3-4449-8261-699B5467E6B6}\ not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
File C:\Program Files\Web Assistant\Firefox not found.
C:\Users\Moi\AppData\Roaming\mozilla\firefox\profiles\0\extensions\torntv@torntv.com.xpi moved successfully.
Folder C:\Program Files\mozilla firefox\extensions\ffxtlbr@babylon.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
File C:\PROGRA~1\SPYBOT~1\SDHelper.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{48405d3d-2674-4cd8-b1ef-9a719443bd3f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48405d3d-2674-4cd8-b1ef-9a719443bd3f}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-251482549-948832375-1649116876-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Rechercher sur le Web\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.
File C:\PROGRA~1\SPYBOT~1\SDHelper.dll not found.
Folder C:\Users\Moi\AppData\Roaming\OpenCandy\ not found.
C:\Windows\System32\SET2A6B.tmp deleted successfully.
C:\Windows\System32\SET4CCA.tmp deleted successfully.
C:\Windows\System32\SETF652.tmp deleted successfully.
C:\Users\Moi\AppData\Local\Temp\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}\VistaCookiesCollector.exe moved successfully.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
C:\$Recycle.bin\S-1-5-21-251482549-948832375-1649116876-1000\$RUSG8XG folder moved successfully.
[color=#A23BEC]< ipconfig /flushdns /c >/color
Configuration IP de Windows
Cache de r'solution DNS vid'.
D:\Moi\Downloads\cmd.bat deleted successfully.
D:\Moi\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 58264 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Moi
->Temp folder emptied: 2082345 bytes
->Temporary Internet Files folder emptied: 442402436 bytes
->Java cache emptied: 206765110 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 124224 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 39802 bytes
RecycleBin emptied: 527310 bytes
Total Files Cleaned = 622,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03022013_114256
Files\Folders moved on Reboot...
C:\Users\Moi\AppData\Local\Temp\Low\REG6F26.tmp moved successfully.
C:\Users\Moi\AppData\Local\Temp\Low\REGFF83.tmp moved successfully.
C:\Users\Moi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CEZRKJJN\file[1].txt moved successfully.
C:\Users\Moi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0953RWI4\affich-27263257-probleme-virus[1].htm moved successfully.
C:\Users\Moi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Moi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Moi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 11:51
2 mars 2013 à 11:51
OTL logfile created on: 02/03/2013 10:38:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Moi\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 58,97% Memory free
6,00 Gb Paging File | 4,42 Gb Available in Paging File | 73,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 17,90 Gb Free Space | 18,35% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 331,89 Gb Free Space | 90,16% Space Free | Partition Type: NTFS
Drive F: | 6,24 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MON-PC | User Name: Moi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013/03/02 10:37:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Moi\Downloads\OTL.exe
PRC - [2013/03/02 10:08:09 | 000,816,640 | ---- | M] () -- C:\Users\Moi\Desktop\RogueKiller-8.5.2.exe
PRC - [2013/02/26 22:43:38 | 000,701,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
PRC - [2013/02/13 15:53:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/02/13 15:53:12 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/02/13 15:53:10 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/02/13 15:53:10 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/12/29 09:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/12/29 09:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/16 23:12:02 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV - File not found [Auto | Stopped] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- D:\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2013/02/26 22:43:42 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/13 15:53:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/02/13 15:53:10 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/02/05 16:03:02 | 000,312,704 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2012/12/29 11:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/06/28 20:40:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Moi\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - [2012/12/29 11:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/12/07 08:40:32 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/12/07 08:40:32 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/12/07 08:40:32 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011/08/02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/07/21 19:55:50 | 000,016,640 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2010/03/10 17:25:58 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2009/10/09 11:44:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbvoice.sys -- (ZTEusbvoice)
DRV - [2009/10/09 11:44:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/10/09 11:44:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/10/09 11:44:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2008/10/08 13:17:14 | 001,879,168 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2008/07/26 14:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 14:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 14:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008/07/26 14:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2006/07/24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/?crg=3.1010000.10011&barid={2B580B40-29A1-11E2-8AF2-40618600F1B4}
IE - HKLM\..\URLSearchHook: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = https://www.msn.com/fr-fr?ocid=iehp
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=060612_7_&babsrc=SP_ss&mntrId=1071e14400000000000040618600f1b4
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_frFR494
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\..\SearchScopes\{ED4BBDD6-68E3-4449-8261-699B5467E6B6}: "URL" = http://www.search.ask.com/?l=dis{searchTerms}&locale=fr_FR&apn_ptnrs=U3&apn_dtid=OSJ000YYFR&apn_uid=0FD748E6-9150-46E4-AB19-E01CD16F55CF&apn_sauid=7A09344D-D3DA-4DF8-8124-F82D8E75AE45
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
[color=#E56717]========== FireFox ==========[/color]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/24 18:03:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/24 18:03:38 | 000,000,000 | ---D | M]
[2010/07/02 17:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moi\AppData\Roaming\mozilla\Extensions
[2010/07/02 17:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moi\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012/07/26 08:55:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moi\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012/11/08 13:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moi\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2012/11/08 13:37:47 | 000,213,316 | ---- | M] () (No name found) -- C:\Users\Moi\AppData\Roaming\mozilla\firefox\profiles\0\extensions\torntv@torntv.com.xpi
[2012/06/26 15:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/06/26 15:00:58 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\mozilla firefox\extensions\ffxtlbr@babylon.com
[color=#E56717]========== Chrome ==========[/color]
CHR - homepage: https://home.sweetim.com/?crg=3.1010000.10011&barid={2B580B40-29A1-11E2-8AF2-40618600F1B4}
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: https://home.sweetim.com/?crg=3.1010000.10011&barid={2B580B40-29A1-11E2-8AF2-40618600F1B4}
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.6_0\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.6_0\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-251482549-948832375-1649116876-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe File not found
O4 - HKU\S-1-5-21-251482549-948832375-1649116876-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-251482549-948832375-1649116876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Rechercher sur le Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1361034517133 (MUCatalogWebControl Class)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} https://www.touslesdrivers.com/index.php?v_page=29 ("Ma-Config.com control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2070110D-ABE5-4ABF-8E67-6A813124F489}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFA9F9E0-1FC0-42D5-B65B-5D6C92DC58A7}: DhcpNameServer = 172.20.2.39 172.20.2.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB3E2DB6-458E-4F87-AC93-2B5C926AAEE0}: DhcpNameServer = 172.20.2.39 172.20.2.10
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/10/06 04:40:15 | 000,000,115 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{2f15847a-5f80-11df-b037-40618600f1b4}\Shell - "" = AutoRun
O33 - MountPoints2\{2f15847a-5f80-11df-b037-40618600f1b4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d51c8566-c214-11df-bcd4-40618600f1b4}\Shell - "" = AutoRun
O33 - MountPoints2\{d51c8566-c214-11df-bcd4-40618600f1b4}\Shell\AutoRun\command - "" = G:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013/03/02 09:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2013/03/02 09:23:45 | 000,000,000 | ---D | C] -- C:\ZHP
[2013/03/02 03:04:24 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{3C9CBDFC-CFB4-48A6-86DC-C89A30AB7523}
[2013/03/01 15:03:52 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{F375EA57-AB0D-4AD5-AC4B-C16910043228}
[2013/02/26 09:44:04 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{7986DD9B-8B7E-42F0-A826-4032DDB1FEB3}
[2013/02/20 17:19:50 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{B58FA40B-793D-4841-94BE-D44CE5A92624}
[2013/02/19 19:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/02/19 19:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2013/02/19 01:56:32 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{A2D85022-2400-4A4A-AB23-2AA0C7172729}
[2013/02/16 17:38:43 | 000,000,000 | ---D | C] -- C:\Medion
[2013/02/16 17:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ma-config.com
[2013/02/16 09:17:36 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{340F2701-7828-426E-A139-FB67B7F11BEB}
[2013/02/15 21:17:24 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{C2764754-9BE1-4804-99B5-AE8B14D4B68B}
[2013/02/15 09:17:12 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{A0EFAA8C-37D5-48F8-8D9D-CC4A0FA063E6}
[2013/02/14 21:17:00 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{FD252945-4237-4199-8230-89B83D1A835F}
[2013/02/14 09:16:48 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{6D87E4E3-61B8-46B4-B2A6-485B184E82D4}
[2013/02/13 21:16:21 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{E9580E77-8F5A-4D7C-92E4-352B9CAFAD64}
[2013/02/13 09:16:09 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{2EDB1CBE-2004-4126-8823-6341745FF440}
[2013/02/11 11:06:16 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{4B9D4F03-ED93-4FEB-9C12-95FB80169213}
[2013/02/10 11:05:39 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\Programs
[2013/02/02 02:46:47 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{4FC83984-7165-4E8C-94D2-D44B9FE12A6E}
[2013/02/01 14:46:35 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{AEAD32C1-096E-4BAC-B817-94260637C3F9}
[2013/02/01 02:46:10 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{F941B245-F5EC-44FD-808F-6EEF76879EFC}
[2013/01/31 14:45:58 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{303B5EFB-BE06-4D36-A570-F5DF2588EF1B}
[2010/12/30 19:44:24 | 000,699,177 | ---- | C] (Internet Scrabble Club ) -- C:\Program Files\WordBiz18.exe
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013/03/02 10:16:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/02 10:14:10 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/02 10:14:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/02 10:13:57 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/02 10:13:04 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/02 10:13:04 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/02 10:08:09 | 000,816,640 | ---- | M] () -- C:\Users\Moi\Desktop\RogueKiller-8.5.2.exe
[2013/03/02 09:43:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/02 09:30:22 | 000,693,016 | ---- | M] () -- C:\Users\Moi\Desktop\winlogon.exe
[2013/03/02 09:23:46 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2013/03/02 08:49:55 | 000,004,982 | ---- | M] () -- C:\Windows\wininit.ini
[2013/03/01 18:07:36 | 000,000,470 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Moi.job
[2013/03/01 15:02:14 | 000,327,680 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/03/01 12:08:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\package.lst
[2013/02/26 16:20:34 | 000,000,367 | ---- | M] () -- C:\content_update_notification.xml
[2013/02/23 20:50:49 | 000,704,464 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013/02/23 20:50:49 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/23 20:50:49 | 000,130,770 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013/02/23 20:50:49 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/21 19:30:23 | 000,117,953 | ---- | M] () -- D:\Moi\Documents\prise de sang caline.pdf
[2013/02/19 19:57:34 | 000,000,215 | ---- | M] () -- C:\Users\Moi\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
[2013/02/19 19:57:34 | 000,000,215 | ---- | M] () -- C:\Users\Moi\Desktop\Call of Duty Modern Warfare 3 - Dedicated Server.url
[2013/02/19 19:57:33 | 000,000,215 | ---- | M] () -- C:\Users\Moi\Desktop\Call of Duty Modern Warfare 3.url
[2013/02/19 19:08:42 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/02/16 18:27:25 | 000,000,170 | ---- | M] () -- C:\Windows\System\Cmicnfg3.ini
[2013/02/14 03:20:30 | 000,366,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/10 11:05:58 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013/03/02 10:24:32 | 000,816,640 | ---- | C] () -- C:\Users\Moi\Desktop\RogueKiller-8.5.2.exe
[2013/03/02 09:37:35 | 000,693,016 | ---- | C] () -- C:\Users\Moi\Desktop\winlogon.exe
[2013/03/02 09:23:46 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2013/02/26 16:20:34 | 000,000,367 | ---- | C] () -- C:\content_update_notification.xml
[2013/02/21 19:30:14 | 000,117,953 | ---- | C] () -- D:\Moi\Documents\prise de sang caline.pdf
[2013/02/19 19:57:34 | 000,000,215 | ---- | C] () -- C:\Users\Moi\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
[2013/02/19 19:57:34 | 000,000,215 | ---- | C] () -- C:\Users\Moi\Desktop\Call of Duty Modern Warfare 3 - Dedicated Server.url
[2013/02/19 19:57:33 | 000,000,215 | ---- | C] () -- C:\Users\Moi\Desktop\Call of Duty Modern Warfare 3.url
[2013/02/19 19:08:42 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/02/04 09:03:07 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011/11/18 13:13:10 | 000,000,000 | ---- | C] () -- C:\Users\Moi\AppData\Local\{FA612CA5-40CE-4277-A3C3-D199A7531136}
[2011/08/16 10:01:54 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/05/28 17:20:50 | 000,000,780 | ---- | C] () -- C:\Windows\_delis32.ini
[2011/05/28 16:35:50 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.68-8876480L.exe
[2010/08/23 11:25:21 | 000,033,134 | ---- | C] () -- C:\Users\Moi\AppData\Roaming\UserTile.png
[2010/07/15 18:55:41 | 000,000,744 | ---- | C] () -- C:\Users\Moi\AppData\Roaming\filterclsid.dat
[2010/06/27 10:05:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/04/25 12:34:10 | 000,000,233 | ---- | C] () -- C:\Users\Moi\AppData\Roaming\default.rss
[2010/04/25 12:34:10 | 000,000,000 | ---- | C] () -- C:\Users\Moi\AppData\Roaming\downloads.m3u
[2010/04/20 21:17:31 | 000,007,605 | ---- | C] () -- C:\Users\Moi\AppData\Local\resmon.resmoncfg
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2013/03/02 10:11:44 | 000,002,048 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-251482549-948832375-1649116876-1000\$RUSG8XG\@.vir
[2013/03/02 10:35:45 | 000,060,416 | -HS- | M] () -- C:\$Recycle.bin\S-1-5-21-251482549-948832375-1649116876-1000\$RUSG8XG\n.vir
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\Windows\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[color=#E56717]========== LOP Check ==========[/color]
[2010/05/11 16:18:53 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\Canneverbe Limited
[2012/12/14 07:42:53 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/12/08 09:50:27 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\DVDVideoSoft
[2011/05/03 11:12:08 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\eTeks
[2012/08/05 19:52:51 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\eType
[2012/01/22 13:57:17 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\EurekaLog
[2012/05/04 14:24:26 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\GetRightToGo
[2012/04/14 15:58:25 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\ImTOO
[2010/04/20 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\Leadertech
[2010/09/14 10:24:23 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\Netscape
[2012/12/08 09:50:17 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\OpenCandy
[2011/04/22 13:07:24 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\OpenOffice.org
[2010/09/14 10:23:50 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\Photodex
[2010/06/27 14:35:39 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\Samsung
[2012/01/13 18:14:18 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\SFR
[2010/07/02 17:09:58 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\TomTom
[2013/02/24 18:45:58 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\uTorrent
[2011/12/03 14:22:52 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\WindSolutions
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[color=#A23BEC]< MD5 for: SERVICES >[/color]
[2009/06/10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
[color=#A23BEC]< MD5 for: SERVICES.ASFX >[/color]
[2012/09/23 20:43:42 | 000,002,616 | ---- | M] () MD5=939A97CCEC5E78C7D41262B21158D749 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\fr_FR\Services\Services.asfx
[color=#A23BEC]< MD5 for: SERVICES.CFG >[/color]
[2012/12/18 20:08:30 | 000,559,043 | ---- | M] () MD5=BA25E8F1460C7453B7488FE4B42F6919 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg
[color=#A23BEC]< MD5 for: SERVICES.EXE >[/color]
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[color=#A23BEC]< MD5 for: SERVICES.EXE.MUI >[/color]
[2009/07/14 09:39:06 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=665623741B4E3A3701871FCEFD1C9192 -- C:\Windows\System32\fr-FR\services.exe.mui
[2009/07/14 09:39:06 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=665623741B4E3A3701871FCEFD1C9192 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0c56701d7a41cb39\services.exe.mui
[color=#A23BEC]< MD5 for: SERVICES.LNK >[/color]
[2009/07/14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[color=#A23BEC]< MD5 for: SERVICES.MOCHIADS.COM.SOL >[/color]
[2013/02/24 09:25:26 | 000,000,750 | ---- | M] () MD5=757272C0FA0D596D81AA538BC02FA123 -- C:\Users\Moi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7DXX387N\mochiads.com\services.mochiads.com.sol
[color=#A23BEC]< MD5 for: SERVICES.MOF >[/color]
[2009/06/10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
[color=#A23BEC]< MD5 for: SERVICES.MSC >[/color]
[2009/07/14 09:39:05 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\System32\fr-FR\services.msc
[2009/07/14 09:39:05 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4698400950ab652c\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[color=#A23BEC]< MD5 for: SERVICES.PTXML >[/color]
[2009/07/13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
[color=#A23BEC]< MD5 for: SERVICES.RDB >[/color]
[2011/01/17 15:59:52 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 15:59:10 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[color=#A23BEC]< MD5 for: SERVICES.SBS >[/color]
[2011/03/01 08:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs
[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2013/03/02 09:30:22 | 000,693,016 | ---- | M] () MD5=6FA65BEE91791F5DA5BC352C7A5E9817 -- C:\Users\Moi\Desktop\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[color=#A23BEC]< MD5 for: WINSOCK.DLL >[/color]
[2009/07/13 22:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009/07/13 22:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\WINSOCK.DLL
[color=#A23BEC]< %temp%\*.exe /s >[/color]
[2013/03/02 09:01:07 | 000,065,880 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Users\Moi\AppData\Local\Temp\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}\VistaCookiesCollector.exe
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2012/07/25 14:14:26 | 000,300,440 | ---- | M] (DMI) -- C:\Users\Moi\AppData\Roaming\eType\eTypeUninstall.exe
[2012/12/14 07:42:24 | 000,055,424 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Moi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011/02/08 15:29:33 | 000,010,134 | R--- | M] () -- C:\Users\Moi\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2012/03/21 04:16:04 | 005,877,640 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\Moi\AppData\Roaming\OpenCandy\0903622027FF4A178F253CA117D14B24\driverscannerFR.exe
[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2010/05/01 10:49:35 | 000,002,908 | ---- | M] () -- C:\aaw7boot.log
[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/02/26 16:20:34 | 000,000,367 | ---- | M] () -- C:\content_update_notification.xml
[2013/03/02 10:13:57 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/08 11:06:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/28 17:33:54 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log
[2010/05/08 11:06:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/03/02 10:14:00 | 3220,430,848 | -HS- | M] () -- C:\pagefile.sys
[2012/07/26 08:55:57 | 000,000,700 | ---- | M] () -- C:\user.js
[color=#E56717]========== Base Services ==========[/color]
SRV - [2009/07/14 02:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2009/07/14 02:14:53 | 000,046,592 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 02:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/07/14 02:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
No service found with a name of BFE
SRV - [2011/11/17 06:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 22:23:55 | 000,102,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/02 05:45:21 | 000,139,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/07/14 02:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 06:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 02:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
No service found with a name of SharedAccess
SRV - [2009/07/14 02:15:33 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/14 02:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 02:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2009/07/14 02:16:03 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 02:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 11:35:34 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/21 06:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/17 06:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 02:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/07/14 02:16:12 | 000,285,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/07/14 02:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 02:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/17 06:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV - [2010/08/27 06:46:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/14 02:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/02 05:39:32 | 000,749,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/07/14 02:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:12 | 000,162,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/07/14 02:14:43 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/07/14 02:14:57 | 000,473,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/07/14 02:14:57 | 000,473,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2009/07/14 02:16:13 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV - [2009/07/14 02:16:18 | 001,086,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
No service found with a name of MpsSvc
SRV - [2009/07/14 02:16:18 | 000,462,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2009/07/14 02:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/07/14 02:15:12 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 02:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/07/14 02:16:19 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Moi\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy
3,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 58,97% Memory free
6,00 Gb Paging File | 4,42 Gb Available in Paging File | 73,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 17,90 Gb Free Space | 18,35% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 331,89 Gb Free Space | 90,16% Space Free | Partition Type: NTFS
Drive F: | 6,24 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MON-PC | User Name: Moi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013/03/02 10:37:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Moi\Downloads\OTL.exe
PRC - [2013/03/02 10:08:09 | 000,816,640 | ---- | M] () -- C:\Users\Moi\Desktop\RogueKiller-8.5.2.exe
PRC - [2013/02/26 22:43:38 | 000,701,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
PRC - [2013/02/13 15:53:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/02/13 15:53:12 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/02/13 15:53:10 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/02/13 15:53:10 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/12/29 09:26:22 | 001,822,136 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/12/29 09:26:22 | 000,873,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/16 23:12:02 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 02:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV - File not found [Auto | Stopped] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- D:\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2013/02/26 22:43:42 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/13 15:53:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/02/13 15:53:10 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/02/05 16:03:02 | 000,312,704 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2012/12/29 11:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/12/29 02:53:20 | 000,383,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/06/28 20:40:37 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Moi\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - [2012/12/29 11:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/12/07 08:40:32 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/12/07 08:40:32 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/12/07 08:40:32 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011/08/02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/07/21 19:55:50 | 000,016,640 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2010/03/10 17:25:58 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2009/10/09 11:44:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbvoice.sys -- (ZTEusbvoice)
DRV - [2009/10/09 11:44:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009/10/09 11:44:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009/10/09 11:44:00 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009/07/14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2008/10/08 13:17:14 | 001,879,168 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2008/07/26 14:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 14:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/07/26 14:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008/07/26 14:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2006/07/24 15:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/?crg=3.1010000.10011&barid={2B580B40-29A1-11E2-8AF2-40618600F1B4}
IE - HKLM\..\URLSearchHook: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = https://www.msn.com/fr-fr?ocid=iehp
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=060612_7_&babsrc=SP_ss&mntrId=1071e14400000000000040618600f1b4
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_frFR494
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\..\SearchScopes\{ED4BBDD6-68E3-4449-8261-699B5467E6B6}: "URL" = http://www.search.ask.com/?l=dis{searchTerms}&locale=fr_FR&apn_ptnrs=U3&apn_dtid=OSJ000YYFR&apn_uid=0FD748E6-9150-46E4-AB19-E01CD16F55CF&apn_sauid=7A09344D-D3DA-4DF8-8124-F82D8E75AE45
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-251482549-948832375-1649116876-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local
[color=#E56717]========== FireFox ==========[/color]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/24 18:03:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/24 18:03:38 | 000,000,000 | ---D | M]
[2010/07/02 17:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moi\AppData\Roaming\mozilla\Extensions
[2010/07/02 17:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moi\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012/07/26 08:55:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moi\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012/11/08 13:37:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moi\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2012/11/08 13:37:47 | 000,213,316 | ---- | M] () (No name found) -- C:\Users\Moi\AppData\Roaming\mozilla\firefox\profiles\0\extensions\torntv@torntv.com.xpi
[2012/06/26 15:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/06/26 15:00:58 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files\mozilla firefox\extensions\ffxtlbr@babylon.com
[color=#E56717]========== Chrome ==========[/color]
CHR - homepage: https://home.sweetim.com/?crg=3.1010000.10011&barid={2B580B40-29A1-11E2-8AF2-40618600F1B4}
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: https://home.sweetim.com/?crg=3.1010000.10011&barid={2B580B40-29A1-11E2-8AF2-40618600F1B4}
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.6_0\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid\1.6_0\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0\
CHR - Extension: No name found = C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-251482549-948832375-1649116876-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe File not found
O4 - HKU\S-1-5-21-251482549-948832375-1649116876-1000..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-251482549-948832375-1649116876-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Rechercher sur le Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://www.catalog.update.microsoft.com/ClientControl/en/x86/MuCatalogWebControl.cab?1361034517133 (MUCatalogWebControl Class)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} https://www.touslesdrivers.com/index.php?v_page=29 ("Ma-Config.com control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2070110D-ABE5-4ABF-8E67-6A813124F489}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFA9F9E0-1FC0-42D5-B65B-5D6C92DC58A7}: DhcpNameServer = 172.20.2.39 172.20.2.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB3E2DB6-458E-4F87-AC93-2B5C926AAEE0}: DhcpNameServer = 172.20.2.39 172.20.2.10
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/10/06 04:40:15 | 000,000,115 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{2f15847a-5f80-11df-b037-40618600f1b4}\Shell - "" = AutoRun
O33 - MountPoints2\{2f15847a-5f80-11df-b037-40618600f1b4}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d51c8566-c214-11df-bcd4-40618600f1b4}\Shell - "" = AutoRun
O33 - MountPoints2\{d51c8566-c214-11df-bcd4-40618600f1b4}\Shell\AutoRun\command - "" = G:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013/03/02 09:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2013/03/02 09:23:45 | 000,000,000 | ---D | C] -- C:\ZHP
[2013/03/02 03:04:24 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{3C9CBDFC-CFB4-48A6-86DC-C89A30AB7523}
[2013/03/01 15:03:52 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{F375EA57-AB0D-4AD5-AC4B-C16910043228}
[2013/02/26 09:44:04 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{7986DD9B-8B7E-42F0-A826-4032DDB1FEB3}
[2013/02/20 17:19:50 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{B58FA40B-793D-4841-94BE-D44CE5A92624}
[2013/02/19 19:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/02/19 19:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2013/02/19 01:56:32 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{A2D85022-2400-4A4A-AB23-2AA0C7172729}
[2013/02/16 17:38:43 | 000,000,000 | ---D | C] -- C:\Medion
[2013/02/16 17:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ma-config.com
[2013/02/16 09:17:36 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{340F2701-7828-426E-A139-FB67B7F11BEB}
[2013/02/15 21:17:24 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{C2764754-9BE1-4804-99B5-AE8B14D4B68B}
[2013/02/15 09:17:12 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{A0EFAA8C-37D5-48F8-8D9D-CC4A0FA063E6}
[2013/02/14 21:17:00 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{FD252945-4237-4199-8230-89B83D1A835F}
[2013/02/14 09:16:48 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{6D87E4E3-61B8-46B4-B2A6-485B184E82D4}
[2013/02/13 21:16:21 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{E9580E77-8F5A-4D7C-92E4-352B9CAFAD64}
[2013/02/13 09:16:09 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{2EDB1CBE-2004-4126-8823-6341745FF440}
[2013/02/11 11:06:16 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{4B9D4F03-ED93-4FEB-9C12-95FB80169213}
[2013/02/10 11:05:39 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\Programs
[2013/02/02 02:46:47 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{4FC83984-7165-4E8C-94D2-D44B9FE12A6E}
[2013/02/01 14:46:35 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{AEAD32C1-096E-4BAC-B817-94260637C3F9}
[2013/02/01 02:46:10 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{F941B245-F5EC-44FD-808F-6EEF76879EFC}
[2013/01/31 14:45:58 | 000,000,000 | ---D | C] -- C:\Users\Moi\AppData\Local\{303B5EFB-BE06-4D36-A570-F5DF2588EF1B}
[2010/12/30 19:44:24 | 000,699,177 | ---- | C] (Internet Scrabble Club ) -- C:\Program Files\WordBiz18.exe
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013/03/02 10:16:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/02 10:14:10 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/02 10:14:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/02 10:13:57 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/02 10:13:04 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/02 10:13:04 | 000,019,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/02 10:08:09 | 000,816,640 | ---- | M] () -- C:\Users\Moi\Desktop\RogueKiller-8.5.2.exe
[2013/03/02 09:43:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/02 09:30:22 | 000,693,016 | ---- | M] () -- C:\Users\Moi\Desktop\winlogon.exe
[2013/03/02 09:23:46 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2013/03/02 08:49:55 | 000,004,982 | ---- | M] () -- C:\Windows\wininit.ini
[2013/03/01 18:07:36 | 000,000,470 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Moi.job
[2013/03/01 15:02:14 | 000,327,680 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/03/01 12:08:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\package.lst
[2013/02/26 16:20:34 | 000,000,367 | ---- | M] () -- C:\content_update_notification.xml
[2013/02/23 20:50:49 | 000,704,464 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013/02/23 20:50:49 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/23 20:50:49 | 000,130,770 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013/02/23 20:50:49 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/21 19:30:23 | 000,117,953 | ---- | M] () -- D:\Moi\Documents\prise de sang caline.pdf
[2013/02/19 19:57:34 | 000,000,215 | ---- | M] () -- C:\Users\Moi\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
[2013/02/19 19:57:34 | 000,000,215 | ---- | M] () -- C:\Users\Moi\Desktop\Call of Duty Modern Warfare 3 - Dedicated Server.url
[2013/02/19 19:57:33 | 000,000,215 | ---- | M] () -- C:\Users\Moi\Desktop\Call of Duty Modern Warfare 3.url
[2013/02/19 19:08:42 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/02/16 18:27:25 | 000,000,170 | ---- | M] () -- C:\Windows\System\Cmicnfg3.ini
[2013/02/14 03:20:30 | 000,366,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/10 11:05:58 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013/03/02 10:24:32 | 000,816,640 | ---- | C] () -- C:\Users\Moi\Desktop\RogueKiller-8.5.2.exe
[2013/03/02 09:37:35 | 000,693,016 | ---- | C] () -- C:\Users\Moi\Desktop\winlogon.exe
[2013/03/02 09:23:46 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2013/02/26 16:20:34 | 000,000,367 | ---- | C] () -- C:\content_update_notification.xml
[2013/02/21 19:30:14 | 000,117,953 | ---- | C] () -- D:\Moi\Documents\prise de sang caline.pdf
[2013/02/19 19:57:34 | 000,000,215 | ---- | C] () -- C:\Users\Moi\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
[2013/02/19 19:57:34 | 000,000,215 | ---- | C] () -- C:\Users\Moi\Desktop\Call of Duty Modern Warfare 3 - Dedicated Server.url
[2013/02/19 19:57:33 | 000,000,215 | ---- | C] () -- C:\Users\Moi\Desktop\Call of Duty Modern Warfare 3.url
[2013/02/19 19:08:42 | 000,000,884 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/02/04 09:03:07 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011/11/18 13:13:10 | 000,000,000 | ---- | C] () -- C:\Users\Moi\AppData\Local\{FA612CA5-40CE-4277-A3C3-D199A7531136}
[2011/08/16 10:01:54 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/05/28 17:20:50 | 000,000,780 | ---- | C] () -- C:\Windows\_delis32.ini
[2011/05/28 16:35:50 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.68-8876480L.exe
[2010/08/23 11:25:21 | 000,033,134 | ---- | C] () -- C:\Users\Moi\AppData\Roaming\UserTile.png
[2010/07/15 18:55:41 | 000,000,744 | ---- | C] () -- C:\Users\Moi\AppData\Roaming\filterclsid.dat
[2010/06/27 10:05:11 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010/04/25 12:34:10 | 000,000,233 | ---- | C] () -- C:\Users\Moi\AppData\Roaming\default.rss
[2010/04/25 12:34:10 | 000,000,000 | ---- | C] () -- C:\Users\Moi\AppData\Roaming\downloads.m3u
[2010/04/20 21:17:31 | 000,007,605 | ---- | C] () -- C:\Users\Moi\AppData\Local\resmon.resmoncfg
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2013/03/02 10:11:44 | 000,002,048 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-251482549-948832375-1649116876-1000\$RUSG8XG\@.vir
[2013/03/02 10:35:45 | 000,060,416 | -HS- | M] () -- C:\$Recycle.bin\S-1-5-21-251482549-948832375-1649116876-1000\$RUSG8XG\n.vir
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\Windows\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[color=#E56717]========== LOP Check ==========[/color]
[2010/05/11 16:18:53 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\Canneverbe Limited
[2012/12/14 07:42:53 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/12/08 09:50:27 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\DVDVideoSoft
[2011/05/03 11:12:08 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\eTeks
[2012/08/05 19:52:51 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\eType
[2012/01/22 13:57:17 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\EurekaLog
[2012/05/04 14:24:26 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\GetRightToGo
[2012/04/14 15:58:25 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\ImTOO
[2010/04/20 17:49:11 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\Leadertech
[2010/09/14 10:24:23 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\Netscape
[2012/12/08 09:50:17 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\OpenCandy
[2011/04/22 13:07:24 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\OpenOffice.org
[2010/09/14 10:23:50 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\Photodex
[2010/06/27 14:35:39 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\Samsung
[2012/01/13 18:14:18 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\SFR
[2010/07/02 17:09:58 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\TomTom
[2013/02/24 18:45:58 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\uTorrent
[2011/12/03 14:22:52 | 000,000,000 | ---D | M] -- C:\Users\Moi\AppData\Roaming\WindSolutions
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[color=#A23BEC]< MD5 for: SERVICES >[/color]
[2009/06/10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 22:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services
[color=#A23BEC]< MD5 for: SERVICES.ASFX >[/color]
[2012/09/23 20:43:42 | 000,002,616 | ---- | M] () MD5=939A97CCEC5E78C7D41262B21158D749 -- C:\Program Files\Adobe\Reader 11.0\Reader\Locale\fr_FR\Services\Services.asfx
[color=#A23BEC]< MD5 for: SERVICES.CFG >[/color]
[2012/12/18 20:08:30 | 000,559,043 | ---- | M] () MD5=BA25E8F1460C7453B7488FE4B42F6919 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg
[color=#A23BEC]< MD5 for: SERVICES.EXE >[/color]
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 02:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[color=#A23BEC]< MD5 for: SERVICES.EXE.MUI >[/color]
[2009/07/14 09:39:06 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=665623741B4E3A3701871FCEFD1C9192 -- C:\Windows\System32\fr-FR\services.exe.mui
[2009/07/14 09:39:06 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=665623741B4E3A3701871FCEFD1C9192 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_0c56701d7a41cb39\services.exe.mui
[color=#A23BEC]< MD5 for: SERVICES.LNK >[/color]
[2009/07/14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[color=#A23BEC]< MD5 for: SERVICES.MOCHIADS.COM.SOL >[/color]
[2013/02/24 09:25:26 | 000,000,750 | ---- | M] () MD5=757272C0FA0D596D81AA538BC02FA123 -- C:\Users\Moi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7DXX387N\mochiads.com\services.mochiads.com.sol
[color=#A23BEC]< MD5 for: SERVICES.MOF >[/color]
[2009/06/10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 22:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof
[color=#A23BEC]< MD5 for: SERVICES.MSC >[/color]
[2009/07/14 09:39:05 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\System32\fr-FR\services.msc
[2009/07/14 09:39:05 | 000,092,751 | ---- | M] () MD5=1E203CFA3C6C7661317793BEEBA3423B -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_4698400950ab652c\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
[color=#A23BEC]< MD5 for: SERVICES.PTXML >[/color]
[2009/07/13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 21:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml
[color=#A23BEC]< MD5 for: SERVICES.RDB >[/color]
[2011/01/17 15:59:52 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 15:59:10 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[color=#A23BEC]< MD5 for: SERVICES.SBS >[/color]
[2011/03/01 08:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs
[color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color]
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2013/03/02 09:30:22 | 000,693,016 | ---- | M] () MD5=6FA65BEE91791F5DA5BC352C7A5E9817 -- C:\Users\Moi\Desktop\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[color=#A23BEC]< MD5 for: WINSOCK.DLL >[/color]
[2009/07/13 22:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009/07/13 22:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\WINSOCK.DLL
[color=#A23BEC]< %temp%\*.exe /s >[/color]
[2013/03/02 09:01:07 | 000,065,880 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Users\Moi\AppData\Local\Temp\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}\VistaCookiesCollector.exe
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]
[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]
[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2012/07/25 14:14:26 | 000,300,440 | ---- | M] (DMI) -- C:\Users\Moi\AppData\Roaming\eType\eTypeUninstall.exe
[2012/12/14 07:42:24 | 000,055,424 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Moi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011/02/08 15:29:33 | 000,010,134 | R--- | M] () -- C:\Users\Moi\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2012/03/21 04:16:04 | 005,877,640 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\Moi\AppData\Roaming\OpenCandy\0903622027FF4A178F253CA117D14B24\driverscannerFR.exe
[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2010/05/01 10:49:35 | 000,002,908 | ---- | M] () -- C:\aaw7boot.log
[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/02/26 16:20:34 | 000,000,367 | ---- | M] () -- C:\content_update_notification.xml
[2013/03/02 10:13:57 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/08 11:06:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/05/28 17:33:54 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log
[2010/05/08 11:06:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/03/02 10:14:00 | 3220,430,848 | -HS- | M] () -- C:\pagefile.sys
[2012/07/26 08:55:57 | 000,000,700 | ---- | M] () -- C:\user.js
[color=#E56717]========== Base Services ==========[/color]
SRV - [2009/07/14 02:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2009/07/14 02:14:53 | 000,046,592 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 02:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/07/14 02:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
No service found with a name of BFE
SRV - [2011/11/17 06:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 22:23:55 | 000,102,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/02 05:45:21 | 000,139,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/07/14 02:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/07/14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 06:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 02:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
No service found with a name of SharedAccess
SRV - [2009/07/14 02:15:33 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/14 02:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 02:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 02:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2009/07/14 02:16:03 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 02:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 11:35:34 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/21 06:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/17 06:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 02:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/07/14 02:16:12 | 000,285,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/07/14 02:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 02:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/17 06:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV - [2010/08/27 06:46:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/14 02:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/02 05:39:32 | 000,749,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/07/14 02:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 02:16:12 | 000,162,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/07/14 02:14:43 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/07/14 02:14:57 | 000,473,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/07/14 02:14:57 | 000,473,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2009/07/14 02:16:13 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV - [2009/07/14 02:16:18 | 001,086,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
No service found with a name of MpsSvc
SRV - [2009/07/14 02:16:18 | 000,462,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2009/07/14 02:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 02:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/07/14 02:15:12 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 02:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/07/14 02:16:19 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
kalimusic
Messages postés
14014
Date d'inscription
samedi 7 novembre 2009
Statut
Contributeur sécurité
Dernière intervention
20 novembre 2015
3 027
2 mars 2013 à 12:38
2 mars 2013 à 12:38
re,
Il manque ce rapport stp : AdwCleaner[S1].txt
A+
Il manque ce rapport stp : AdwCleaner[S1].txt
A+
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 12:42
2 mars 2013 à 12:42
# AdwCleaner v2.113 - Rapport créé le 02/03/2013 à 12:40:48
# Mis à jour le 23/02/2013 par Xplode
# Système d'exploitation : Windows 7 Ultimate (32 bits)
# Nom d'utilisateur : Moi - MON-PC
# Mode de démarrage : Normal
# Exécuté depuis : D:\Moi\Downloads\adwcleaner.exe
# Option [Recherche]
***** [Services] *****
***** [Fichiers / Dossiers] *****
Dossier Présent : C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Dossier Présent : C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
***** [Registre] *****
***** [Navigateurs] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Le registre ne contient aucune entrée illégitime.
-\\ Google Chrome v25.0.1364.97
Fichier : C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Le fichier ne contient aucune entrée illégitime.
*************************
AdwCleaner[R1].txt - [974 octets] - [02/03/2013 12:40:48]
AdwCleaner[S1].txt - [10522 octets] - [02/03/2013 11:36:19]
########## EOF - C:\AdwCleaner[R1].txt - [1094 octets] ##########
# Mis à jour le 23/02/2013 par Xplode
# Système d'exploitation : Windows 7 Ultimate (32 bits)
# Nom d'utilisateur : Moi - MON-PC
# Mode de démarrage : Normal
# Exécuté depuis : D:\Moi\Downloads\adwcleaner.exe
# Option [Recherche]
***** [Services] *****
***** [Fichiers / Dossiers] *****
Dossier Présent : C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Dossier Présent : C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
***** [Registre] *****
***** [Navigateurs] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Le registre ne contient aucune entrée illégitime.
-\\ Google Chrome v25.0.1364.97
Fichier : C:\Users\Moi\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Le fichier ne contient aucune entrée illégitime.
*************************
AdwCleaner[R1].txt - [974 octets] - [02/03/2013 12:40:48]
AdwCleaner[S1].txt - [10522 octets] - [02/03/2013 11:36:19]
########## EOF - C:\AdwCleaner[R1].txt - [1094 octets] ##########
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 12:43
2 mars 2013 à 12:43
ce doit etre celui la je l avais zappé
merci
merci
kalimusic
Messages postés
14014
Date d'inscription
samedi 7 novembre 2009
Statut
Contributeur sécurité
Dernière intervention
20 novembre 2015
3 027
2 mars 2013 à 12:51
2 mars 2013 à 12:51
Pas grave, relance le en suppression.
kalimusic
Messages postés
14014
Date d'inscription
samedi 7 novembre 2009
Statut
Contributeur sécurité
Dernière intervention
20 novembre 2015
3 027
2 mars 2013 à 13:03
2 mars 2013 à 13:03
Suis bien la procédure jusqu'au bout car l'infection principale a fait des dégâts, on va devoir réparer ensuite.
Pour l'instant, tu me relances AdwCleaner en Suppression
Pour l'instant, tu me relances AdwCleaner en Suppression
kalimusic
Messages postés
14014
Date d'inscription
samedi 7 novembre 2009
Statut
Contributeur sécurité
Dernière intervention
20 novembre 2015
3 027
2 mars 2013 à 13:14
2 mars 2013 à 13:14
ok,
1. Relance OTL
● Clique sur le bouton Analyse rapide, patiente pendant le balayage du système.
● Un nouveau rapport OTL.txt va s'ouvrir au format bloc-note
Télécharge Farbar Service Scanner sur ton Bureau.
● Lance l'outil puis coche les cases suivantes :
● Clique sur "Scan".
● Un rapport FSS.txt est crée dans le dossier où se trouve l'outil.
● Héberge les 2 rapports et donne moi les liens.
A +
1. Relance OTL
● Clique sur le bouton Analyse rapide, patiente pendant le balayage du système.
● Un nouveau rapport OTL.txt va s'ouvrir au format bloc-note
Télécharge Farbar Service Scanner sur ton Bureau.
● Lance l'outil puis coche les cases suivantes :
Internet Services Windows Firewall System Restore Security Center Windows Update Windows Defender Others Services
● Clique sur "Scan".
● Un rapport FSS.txt est crée dans le dossier où se trouve l'outil.
● Héberge les 2 rapports et donne moi les liens.
A +
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 13:27
2 mars 2013 à 13:27
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 13:28
2 mars 2013 à 13:28
kalimusic
Messages postés
14014
Date d'inscription
samedi 7 novembre 2009
Statut
Contributeur sécurité
Dernière intervention
20 novembre 2015
3 027
2 mars 2013 à 13:34
2 mars 2013 à 13:34
ok,
Il faut réparer des services endommagés par l'infection.
1. Télécharge Windows Repair (all in one)
Choisir Portable (3.32 MB) > Download > Direct Download
● Lance le programme, onglet Step 3 :
● Clique sur Do it , laisse se dérouler la vérification des fichiers système.
● Ensuite onglet Start Repairs, clique sur Start
● Coche les cases suivantes :
● Coche la case Restart/Shutdown System when finished et Restart System
● Clique sur Start et laisse l'outil travailler.
2. Relance FSS et poste son nouveau rapport.
A +
Il faut réparer des services endommagés par l'infection.
1. Télécharge Windows Repair (all in one)
Choisir Portable (3.32 MB) > Download > Direct Download
● Lance le programme, onglet Step 3 :
● Clique sur Do it , laisse se dérouler la vérification des fichiers système.
● Ensuite onglet Start Repairs, clique sur Start
● Coche les cases suivantes :
Reset Registry Permissions Reset File Permissions Repair WMI Repair Windows Firewall Repair Internet Explorer Repair Hosts File Remove Policies Set By Infections Repair Winsock & DNS Cache Repair Proxy Settings Repair Windows Updates Set Windows Services To Default Startup Repair MSI (Windows Installer)
● Coche la case Restart/Shutdown System when finished et Restart System
● Clique sur Start et laisse l'outil travailler.
2. Relance FSS et poste son nouveau rapport.
A +
kalimusic
Messages postés
14014
Date d'inscription
samedi 7 novembre 2009
Statut
Contributeur sécurité
Dernière intervention
20 novembre 2015
3 027
2 mars 2013 à 13:36
2 mars 2013 à 13:36
Indique moi aussi si tu utilises toujours Chrome comme navigateur.
A +
A +
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 14:17
2 mars 2013 à 14:17
Farbar Service Scanner Version: 20-02-2013
Ran by Moi (administrator) on 02-03-2013 at 14:17:05
Running from "D:\Moi\Downloads"
Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-02-13 20:50] - [2013-01-04 05:55] - 1287528 ____A (Microsoft Corporation) BBCEAEFF1FD72A026F827CBB2F4AA8AD
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll
[2011-02-10 08:14] - [2010-12-21 06:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-10 01:47] - [2012-06-02 05:45] - 0139264 ____A (Microsoft Corporation) F2FDE6C8DBAAD44CC58D1E07E4AF4EED
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
Ran by Moi (administrator) on 02-03-2013 at 14:17:05
Running from "D:\Moi\Downloads"
Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-02-13 20:50] - [2013-01-04 05:55] - 1287528 ____A (Microsoft Corporation) BBCEAEFF1FD72A026F827CBB2F4AA8AD
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll
[2011-02-10 08:14] - [2010-12-21 06:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-10-10 01:47] - [2012-06-02 05:45] - 0139264 ____A (Microsoft Corporation) F2FDE6C8DBAAD44CC58D1E07E4AF4EED
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 14:18
2 mars 2013 à 14:18
j utilise google normal
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 14:27
2 mars 2013 à 14:27
avira ne m envoie plus de message de virus depuis tout a l heure
kalimusic
Messages postés
14014
Date d'inscription
samedi 7 novembre 2009
Statut
Contributeur sécurité
Dernière intervention
20 novembre 2015
3 027
2 mars 2013 à 14:36
2 mars 2013 à 14:36
Et oui :)
Quand je parle de navigateur : tu utilises Chrome ou Firefox ou les 2 ?
Quand je parle de navigateur : tu utilises Chrome ou Firefox ou les 2 ?
kalimusic
Messages postés
14014
Date d'inscription
samedi 7 novembre 2009
Statut
Contributeur sécurité
Dernière intervention
20 novembre 2015
3 027
2 mars 2013 à 14:50
2 mars 2013 à 14:50
Il reste encore des traces d'indésirables dans Chrome comme SweetIM, il faut les supprimer depuis l'interface du logiciel et remettre Google (ou celui de ton choix).
Gérer les moteurs de recherche
Désinstallation d'extensions
Définir votre page d'accueil
== == == == == == == == == == == == == == == == == == == == == ==
Ce script n'est valable que pour ce système, l'utiliser sur un autre ordinateur pourrait endommager le système..
Lorsque la correction commence, tous les processus en cours d'exécution vont être stoppés ce qui peut provoquer la perte momentanée du Bureau et des icônes. Ils reviendront au démarrage.
== == == == == == == == == == == == == == == == == == == == == ==
Relance OTL
● Dans la partie "Personnalisation", copie/colle les instructions hébergées ici
● Ferme impérativement les applications en cours.
● Clique sur le bouton Correction.
● Patiente pendant le travail de l'outil, il doit ensuite redémarrer le PC.
● Accepte en cliquant sur OK.
● Le rapport indiquant les actions réalisées par OTL doit s'ouvrir spontanément.
Le rapport est sauvegardé à la racine du disque dans ce dossier : C:\_OTL\MovedFiles
Poste le rapport, A +
Gérer les moteurs de recherche
Désinstallation d'extensions
Définir votre page d'accueil
== == == == == == == == == == == == == == == == == == == == == ==
Ce script n'est valable que pour ce système, l'utiliser sur un autre ordinateur pourrait endommager le système..
Lorsque la correction commence, tous les processus en cours d'exécution vont être stoppés ce qui peut provoquer la perte momentanée du Bureau et des icônes. Ils reviendront au démarrage.
== == == == == == == == == == == == == == == == == == == == == ==
Relance OTL
● Dans la partie "Personnalisation", copie/colle les instructions hébergées ici
● Ferme impérativement les applications en cours.
● Clique sur le bouton Correction.
● Patiente pendant le travail de l'outil, il doit ensuite redémarrer le PC.
● Accepte en cliquant sur OK.
● Le rapport indiquant les actions réalisées par OTL doit s'ouvrir spontanément.
Le rapport est sauvegardé à la racine du disque dans ce dossier : C:\_OTL\MovedFiles
Poste le rapport, A +
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 15:04
2 mars 2013 à 15:04
je n arrive pas a enlever les traces de sweetIM je ne sais pas comment faire
kalimusic
Messages postés
14014
Date d'inscription
samedi 7 novembre 2009
Statut
Contributeur sécurité
Dernière intervention
20 novembre 2015
3 027
2 mars 2013 à 15:06
2 mars 2013 à 15:06
C'est expliquer dans les 3 liens, tu ne ne le vois plus dans aucun paramètres ?
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 15:11
2 mars 2013 à 15:11
non je ne le vois plus
kalimusic
Messages postés
14014
Date d'inscription
samedi 7 novembre 2009
Statut
Contributeur sécurité
Dernière intervention
20 novembre 2015
3 027
2 mars 2013 à 15:14
2 mars 2013 à 15:14
hum étrange OTL le voit.
Passe à la suite, il reste un services à réparer.
A +
Passe à la suite, il reste un services à réparer.
A +
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 15:19
2 mars 2013 à 15:19
j ai relancé otl mais je n ai pas eu le rapport
kalimusic
Messages postés
14014
Date d'inscription
samedi 7 novembre 2009
Statut
Contributeur sécurité
Dernière intervention
20 novembre 2015
3 027
2 mars 2013 à 15:39
2 mars 2013 à 15:39
C'est tout bon :)
== == == == == == DÉSINSTALLATION DES OUTILS == == == == == ==
1. Relance AdwCleaner en tant qu'administrateur
● Clique sur Désinstallation
2. Lance OTL
● Dans la partie "Personnalisation", copie/colle :
● Clique sur le bouton Correction.
3. Relance OTL
● Clique sur le bouton Purge outils
● Puis sur OK dans la boite de dialogue qui t'invite à redémarrer le système.
● Supprime les outils et les rapports restants éventuellement sur ton Bureau.
== == == == == == == == == MISES A JOUR == == == == == == == == ==
Vérifie que les logiciels pouvant présenter des failles de sécurité sont à jour, c'est par ce biais que les infections arrivent :
Maintenir Java, Adobe Reader et le player Flash à jour ou bien tu peux utiliser cet outil : Vérifier et mettre à jour facilement les logiciels à risque avec SX Check&Update
!! Décoche les cases proposant des logiciels partenaires pendant les installations !!
Désinstalle les anciennes versions de Java si tu en as encore installées.
https://www.java.com/fr/download/help/remove_olderversions.html
Je te recommande de regarder ici : https://www.commentcamarche.net/faq/35621-desactiver-java-sur-ses-navigateurs-web
== == == == == == == == == == == == == == == == == == == == == ==
La sécurité de son PC, c'est quoi ? (par Malekal)
== == == == == == == == == == == == == == == == == == == == == ==
Bonne continuation
== == == == == == DÉSINSTALLATION DES OUTILS == == == == == ==
1. Relance AdwCleaner en tant qu'administrateur
● Clique sur Désinstallation
2. Lance OTL
● Dans la partie "Personnalisation", copie/colle :
:commands [clearallrestorepoints]
● Clique sur le bouton Correction.
3. Relance OTL
● Clique sur le bouton Purge outils
● Puis sur OK dans la boite de dialogue qui t'invite à redémarrer le système.
● Supprime les outils et les rapports restants éventuellement sur ton Bureau.
== == == == == == == == == MISES A JOUR == == == == == == == == ==
Vérifie que les logiciels pouvant présenter des failles de sécurité sont à jour, c'est par ce biais que les infections arrivent :
Maintenir Java, Adobe Reader et le player Flash à jour ou bien tu peux utiliser cet outil : Vérifier et mettre à jour facilement les logiciels à risque avec SX Check&Update
!! Décoche les cases proposant des logiciels partenaires pendant les installations !!
Désinstalle les anciennes versions de Java si tu en as encore installées.
https://www.java.com/fr/download/help/remove_olderversions.html
Je te recommande de regarder ici : https://www.commentcamarche.net/faq/35621-desactiver-java-sur-ses-navigateurs-web
== == == == == == == == == == == == == == == == == == == == == ==
La sécurité de son PC, c'est quoi ? (par Malekal)
== == == == == == == == == == == == == == == == == == == == == ==
Bonne continuation
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 16:00
2 mars 2013 à 16:00
flash player ne veus pas se mettre a jour
merci beaucoup pour ton aide sans toi je n y serais pas arrivé
merci beaucoup pour ton aide sans toi je n y serais pas arrivé
kalimusic
Messages postés
14014
Date d'inscription
samedi 7 novembre 2009
Statut
Contributeur sécurité
Dernière intervention
20 novembre 2015
3 027
2 mars 2013 à 16:03
2 mars 2013 à 16:03
C'est une grosse faille de sécurité.
Désinstalle l'ancienne version et installe la dernière : https://get.adobe.com/flashplayer/?loc=fr
Décoche la case proposant des logiciels partenaires pendant l' installation
Désinstalle l'ancienne version et installe la dernière : https://get.adobe.com/flashplayer/?loc=fr
Décoche la case proposant des logiciels partenaires pendant l' installation
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 16:09
2 mars 2013 à 16:09
merci
kalimusic
Messages postés
14014
Date d'inscription
samedi 7 novembre 2009
Statut
Contributeur sécurité
Dernière intervention
20 novembre 2015
3 027
2 mars 2013 à 16:12
2 mars 2013 à 16:12
De rien, bonne journée
cric44
Messages postés
52
Date d'inscription
samedi 2 mars 2013
Statut
Membre
Dernière intervention
24 février 2016
2 mars 2013 à 16:14
2 mars 2013 à 16:14
ok c est bon tout est ok a part le service pack 1
2 mars 2013 à 15:49