Sujet Précédent Sujet Suivant

PC infecté par un virus

Fermé
Eric_59 Messages postés 7 Date d'inscription dimanche 1 décembre 2013 Statut Membre Dernière intervention 8 décembre 2013 - 1 déc. 2013 à 19:54
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 8 déc. 2013 à 21:55
Bonjour, mon pc a été infecté par un virus reçu via une clef USB. Ce virus transforme de fichiers comme des doc word en raccourcis. Mon antivirus ne voit rien.
Pouvez-vous m'aider?
A voir également:

12 réponses

Réponse 1 / 12
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 629
1 déc. 2013 à 19:56
Salut,



Ton infection est donc une infection qui se propage par disques amovibles (clefs USB, disque dur externe, carte flash etc..).
Les disques amovibles que tu as insérés dans l'ordinateur quand celui-ci était infecté ont été infectés à leur tour.

Le simple faite d'ouvrir le poste de travail et de double-cliquer sur ta clef USB/disque dur externe va réinfecter ton système.
Tu trouveras un lien explicatif sur la propagation de ces infections, comment s'en protéger etc.... à partir de ces liens :

https://forum.malekal.com/viewtopic.php?t=5544&start=

Il te faut maintenant nettoyer tes clefs USB/disques dur externes, pour cela suis le tutorial USBFix.
Suis bien le tutorial dans l'ordre : Désactive bien Autorun/Autoplay, insère tes clefs USB et disque dur externe que tu as pour les nettoyer.
Poste les rapports sur http://pjjoint.malekal.com et donne les adresses.

L'adresse du tutorial : https://www.malekal.com/usbfix-supprimer-virus-usb/

0
CariBOUHH Messages postés 27 Date d'inscription dimanche 1 décembre 2013 Statut Membre Dernière intervention 16 janvier 2014 5
1 déc. 2013 à 21:04
démarche intéressante sinon ce n'es pas à proprement parlé un virus, j'ai déjà rencontré se soucis, c'est un simple payload. Et roguekiller étais tout aussi rapide.
0
Réponse 2 / 12
Eric_59 Messages postés 7 Date d'inscription dimanche 1 décembre 2013 Statut Membre Dernière intervention 8 décembre 2013
1 déc. 2013 à 20:30
bonjour Malekal,
La 1ere chose demandée est de lancer open config pour désactiver l autorun. Je le lance, mais j ai un écran bleu, vide .... cela fait 15 minutes déjà environ... est-ce normal?
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 629
1 déc. 2013 à 20:37
passe outre openconfig.
0
Réponse 3 / 12
Eric_59 Messages postés 7 Date d'inscription dimanche 1 décembre 2013 Statut Membre Dernière intervention 8 décembre 2013
4 déc. 2013 à 20:31
Bonsoir, ci-joint le lien vers le résultat du test de usbFIX https://pjjoint.malekal.com/files.php?id=20131204_e13h14y8z7y9
Merci de m'indiquer la marche à suivre, bonne soirée.
0
Réponse 4 / 12
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 629
4 déc. 2013 à 23:37
ok fais suppressions sur USBFix puis :

Faire un scan OTL pour diagnostiquer les programmes qui tournent et déceler des infections - Le programme va générer deux rapports OTL.txt et Extras.txt
Fournir les deux rapports :

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).

* Lance OTL
* En haut à droite de Analyse rapide, coche "tous les utilisateurs"
* Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :



netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\consrv.dll
%systemroot%\system32\*.dll /lockedfiles
%windir%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
services.exe
wininit.exe
/md5stop
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor /s
HKEY_CURRENT_USER\Software\Microsoft\Command Processor /s
CREATERESTOREPOINT
nslookup https://www.google.fr/?gws_rd=ssl /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs



* Clique sur le bouton Analyse.

* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent).
Donne le ou les liens pjjoint qui pointent vers ces rapports ici dans une réponse.
Je répète : donne le lien du rapport pjjoint ici en réponse.

NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT DANS UN NOUVEAU MESSAGE


0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
Eric_59 Messages postés 7 Date d'inscription dimanche 1 décembre 2013 Statut Membre Dernière intervention 8 décembre 2013
8 déc. 2013 à 19:10
Bonsoir, voici le lien du scan fait avec OTL : https://pjjoint.malekal.com/files.php?id=20131208_n12y8q7n14t5
Merci de m'indiquer la marche à suivre, bonne soirée.
0
Réponse 6 / 12
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 629
8 déc. 2013 à 19:57
T'as des programmes parasites.
Désinstalle :
Ask
MovieToolbar
SweetPack / SweetIM


Suis ce tutorial https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= AdwCleaner ( d'Xplode ) sur ton bureau.
Vas sur le lien, télécharge AdwCleaner comme indiqué.
Lance AdwCleaner, clique sur [Scanner].
Le scan peux durer plusieurs minutes, patienter.
Une fois le scan terminé, clique sur [Nettoyer]

Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt


puis :

Relance OTL.
o sous Personnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:

:OTL
O4 - Startup: C:\Users\Marine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FLASHM~1.VBE ()
O4 - HKU\S-1-5-21-2655689279-337458180-2004251834-1000..\Run: [FLASHM~1] wscript.exe //B C:\Windows\system32\config\systemprofile\AppData\Local\Temp\FLASHM~1.VBE File not found


* poste le rapport ici


Redémarre l'ordinateur

Fais un scan OTL et donne le rapport.
0
Réponse 7 / 12
Eric_59 Messages postés 7 Date d'inscription dimanche 1 décembre 2013 Statut Membre Dernière intervention 8 décembre 2013
8 déc. 2013 à 20:49
Bonsoir,
voici le premier scan fait avec AdwCleaner :
# AdwCleaner v3.014 - Rapport créé le 08/12/2013 à 20:33:53
# Mis à jour le 01/12/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Marine - MARINE-PC
# Exécuté depuis : C:\Users\Marine\Downloads\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****

[#] Service Supprimé : Browser Manager

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\ProgramData\BitGuard
Dossier Supprimé : C:\ProgramData\Browser Manager
Dossier Supprimé : C:\ProgramData\BrowserProtect
Dossier Supprimé : C:\ProgramData\NCH Software
Dossier Supprimé : C:\ProgramData\SweetIM
Dossier Supprimé : C:\Program Files (x86)\Ask.com
Dossier Supprimé : C:\Program Files (x86)\Movies Toolbar
Dossier Supprimé : C:\Program Files (x86)\NCH Software
Dossier Supprimé : C:\Program Files (x86)\SweetIM
Dossier Supprimé : C:\Program Files (x86)\Webplayer setup
Dossier Supprimé : C:\Program Files (x86)\webplayer
Dossier Supprimé : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Dossier Supprimé : C:\Users\Marine\AppData\Local\apn
Dossier Supprimé : C:\Users\Marine\AppData\Local\lollipop
Dossier Supprimé : C:\Users\Marine\AppData\Local\torch
Dossier Supprimé : C:\Users\Marine\AppData\Local\Temp\TempDir
Dossier Supprimé : C:\Users\Marine\AppData\LocalLow\AskToolbar
Dossier Supprimé : C:\Users\Marine\AppData\LocalLow\BabylonToolbar
Dossier Supprimé : C:\Users\Marine\AppData\Roaming\Babylon
Dossier Supprimé : C:\Users\Marine\AppData\Roaming\Funmoods
Dossier Supprimé : C:\Users\Marine\AppData\Roaming\NCH Software
Dossier Supprimé : C:\Users\Marine\AppData\Roaming\WebPlayerBdd
Fichier Supprimé : C:\Users\Public\Desktop\eBay.lnk
Fichier Supprimé : C:\Program Files (x86)\Common Files\plugin.crx
Fichier Supprimé : C:\Users\Marine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WebPlayerV2.lnk
Fichier Supprimé : C:\Users\Marine\Desktop\WebPlayerV2.lnk
Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\user.js
Fichier Supprimé : C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Fichier Supprimé : C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Fichier Supprimé : C:\Windows\System32\Tasks\Browser Manager
Fichier Supprimé : C:\Windows\System32\Tasks\Funmoods
Fichier Supprimé : C:\Windows\System32\Tasks\NCH Software
Fichier Supprimé : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Raccourcis ] *****


***** [ Registre ] *****

Valeur Supprimée : HKCU\Software\Mozilla\Firefox\Extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Valeur Supprimée : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Valeur Supprimée : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Clé Supprimée : HKCU\Software\595388deb26ae544
Clé Supprimée : HKLM\SOFTWARE\595388deb26ae544
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Clé Supprimée : HKCU\Software\APN DTX
Clé Supprimée : HKCU\Software\APN
Clé Supprimée : HKCU\Software\Ask.com
Clé Supprimée : HKCU\Software\Conduit
[#] Clé Supprimée : HKCU\Software\DataMngr_Toolbar
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\lollipop
Clé Supprimée : HKCU\Software\NCH Software
Clé Supprimée : HKCU\Software\torch
Clé Supprimée : HKCU\Software\AppDataLow\Software\AskToolbar
Clé Supprimée : HKLM\Software\APN
Clé Supprimée : HKLM\Software\AskToolbar
Clé Supprimée : HKLM\Software\Babylon
Clé Supprimée : HKLM\Software\Conduit
Clé Supprimée : HKLM\Software\DataMngr
Clé Supprimée : HKLM\Software\InstallCore
Clé Supprimée : HKLM\Software\NCH Software
Clé Supprimée : HKLM\Software\torch
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F21ABA47-CE22-4B3D-8F47-8BF08C21C094}
Donnée Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\movies~1\datamngr\mgrldr.dll
Donnée Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\movies~1\datamngr\x64\mgrldr.dll
Clé Supprimée : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Clé Supprimée : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Clé Supprimée : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé Supprimée : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v

[ Fichier : C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Supprimée : homepage
Supprimée : search_url
Supprimée : keyword
Supprimée : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [12910 octets] - [08/12/2013 20:32:31]
AdwCleaner[S0].txt - [12017 octets] - [08/12/2013 20:33:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12078 octets] ##########



Voici le rapport de OTL :
========== OTL ==========
C:\Users\Marine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FLASHM~1.VBE moved successfully.
Registry value HKEY_USERS\S-1-5-21-2655689279-337458180-2004251834-1000\Software\Microsoft\Windows\CurrentVersion\Run\\FLASHM~1 deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 12082013_204520
0
Réponse 8 / 12
Eric_59 Messages postés 7 Date d'inscription dimanche 1 décembre 2013 Statut Membre Dernière intervention 8 décembre 2013
8 déc. 2013 à 21:08
Et voici le rapport OTL après redémarrage du pc :
OTL logfile created on: 08/12/2013 20:53:12 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Marine\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,84 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 64,86% Memory free
7,68 Gb Paging File | 6,11 Gb Available in Paging File | 79,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279,99 Gb Total Space | 199,22 Gb Free Space | 71,15% Space Free | Partition Type: NTFS

Computer Name: MARINE-PC | User Name: Marine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/12/08 14:49:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marine\Desktop\OTL.exe
PRC - [2013/11/25 18:54:09 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/11/25 18:54:08 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2012/10/21 17:56:20 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2012/03/23 10:33:48 | 000,419,408 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2012/03/23 10:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2012/03/23 10:33:46 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2012/03/23 10:33:44 | 001,105,488 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2012/02/29 14:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2012/02/27 12:01:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/08 03:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/07 01:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2012/01/05 22:22:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2012/01/05 22:21:44 | 000,296,984 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/05/20 17:44:32 | 000,986,208 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/12/04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Users\Marine\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
MOD - [2013/12/04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Users\Marine\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Users\Marine\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Users\Marine\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Users\Marine\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/11/25 18:54:11 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/09/13 18:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 18:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/01/05 22:22:36 | 000,465,344 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2013/11/25 18:54:08 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:[b]64bit:[/b] - [2013/11/12 11:56:46 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2012/06/28 20:23:02 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)
SRV:[b]64bit:[/b] - [2012/03/21 12:03:16 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:[b]64bit:[/b] - [2012/02/07 16:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:[b]64bit:[/b] - [2012/02/07 01:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:[b]64bit:[/b] - [2012/02/02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/21 17:56:20 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet)
SRV - [2012/04/26 07:07:38 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/23 05:25:32 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/03/23 10:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012/02/29 14:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2012/02/08 03:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/08 03:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/08 03:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/01/05 22:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/11/30 04:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/06/21 20:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2013/11/25 18:54:13 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:[b]64bit:[/b] - [2013/11/25 18:54:13 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:[b]64bit:[/b] - [2013/11/25 18:54:13 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:[b]64bit:[/b] - [2013/11/25 18:54:13 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:[b]64bit:[/b] - [2013/11/25 18:54:13 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:[b]64bit:[/b] - [2013/11/25 18:54:13 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:[b]64bit:[/b] - [2013/11/25 18:54:13 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:[b]64bit:[/b] - [2013/11/25 18:54:13 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:[b]64bit:[/b] - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:[b]64bit:[/b] - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:[b]64bit:[/b] - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:[b]64bit:[/b] - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:[b]64bit:[/b] - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2012/06/28 20:23:01 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:[b]64bit:[/b] - [2012/06/28 20:22:59 | 004,746,816 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2012/04/26 06:59:26 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:[b]64bit:[/b] - [2012/04/26 06:59:26 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:[b]64bit:[/b] - [2012/04/26 06:59:26 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:[b]64bit:[/b] - [2012/03/29 13:11:44 | 000,429,328 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2012/03/27 03:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2012/03/21 22:23:22 | 000,594,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:[b]64bit:[/b] - [2012/03/21 22:23:22 | 000,163,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:[b]64bit:[/b] - [2012/03/21 22:23:18 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:[b]64bit:[/b] - [2012/03/21 22:23:18 | 000,184,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:[b]64bit:[/b] - [2012/03/21 22:23:18 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:[b]64bit:[/b] - [2012/03/21 22:23:18 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:[b]64bit:[/b] - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2012/02/27 12:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:[b]64bit:[/b] - [2012/02/27 12:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:[b]64bit:[/b] - [2012/02/27 12:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:[b]64bit:[/b] - [2011/12/06 12:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2011/11/30 03:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2011/11/10 10:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2011/07/14 06:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/07/14 06:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/05/06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:[b]64bit:[/b] - [2009/05/06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?cobrand=acer.msn.com&ocid=AARDHP&pc=MAAR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{343F2424-0225-4EBF-8C1C-F650C2BF4507}: "URL" = http://www.search.ask.com/?l=dis{searchTerms}&locale=&apn_ptnrs=^LH&apn_dtid=^YYYYYY^YY^FR&apn_uid=111691f8-6f09-44af-a643-f4ca5ce9eb21&apn_sauid=CB211797-91F2-4CCE-931F-BA909FC2F1D6
IE - HKCU\..\SearchScopes\{DCB0371C-92D3-4984-8276-9DA2C86D4B15}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=ironpubd&ir=ironpubd&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtC0B0BtD0B0EyDyC0FzyyDtN0D0Tzu0CtAzztCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=42378097
IE - HKCU\..\SearchScopes\F067CDD73680486090943EBF75A3CC8C: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111020&tt=4712_2&babsrc=SP_ss&mntrId=2ef76f9500000000000008edb9f972ff
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Marine\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Marine\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK

[2012/11/25 20:41:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Ask.com (Enabled)
CHR - default_search_provider: search_url = https://www.search.ask.com/web?l=dis&q=&o=APN10649&apn_dtid=%5EBND410%5EYY%5EFR&shad=s_0043&apn_uid=7904349248804015&gct=ds&apn_ptnrs=%5EAGA&d=410-0&lang=en&atb=sysid%3D410%3Auid%3D859cc93a15898cdb%3Auc2%3D137%3Atypekbn%3Du9397%3Asrc%3Dcrb%3Ao%3DAPN10649%3Atg%3D&p2=%5EAGA%5EBND410%5EYY%5EFR{searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: https://www.google.com/?gws_rd=ssl
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Marine\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Marine\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Marine\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Intel\u00C2\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00C2\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Windows Live\u00C2\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Marine\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Recherche Google = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Fruit Ninja HD = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchnjgmichjpgfjjdjgmjaiklkdigckl\1.0_0\
CHR - Extension: Bloxorz = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfkaiemjhgblkkcanmhciiopcehlhnhi\2.0.0_0\
CHR - Extension: Stardoll = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkaepijclibocpmckgabmkoglbgmlk\1.2_0\
CHR - Extension: Candy Crush Saga = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlijfpeflagkjclpmgpploonfbnmmbpa\2.1_0\
CHR - Extension: Fou Rollercoaster = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafhgomkapdagnpmmgilphbolnejepoc\1.3_0\
CHR - Extension: MagicScroll eBook Reader = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble\3.0_0\
CHR - Extension: Planificateur de logements = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc\1.2.0.5_0\
CHR - Extension: Cut the Rope = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0\
CHR - Extension: Bubble Shooter HD = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndgglaokdcehgidecngoahldebkmkpf\2.0.0_0\
CHR - Extension: Google\u00A0Wallet = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Deezer = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh\1.3.2_0\
CHR - Extension: Gmail = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: night tochpc = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjmhomfflfeomeelinjbpnmomlllilom\0.2_0\
CHR - Extension: YouTube = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Recherche Google = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Fruit Ninja HD = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchnjgmichjpgfjjdjgmjaiklkdigckl\1.0_0\
CHR - Extension: Bloxorz = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfkaiemjhgblkkcanmhciiopcehlhnhi\2.0.0_0\
CHR - Extension: Stardoll = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkaepijclibocpmckgabmkoglbgmlk\1.2_0\
CHR - Extension: Candy Crush Saga = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlijfpeflagkjclpmgpploonfbnmmbpa\2.1_0\
CHR - Extension: Fou Rollercoaster = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\eafhgomkapdagnpmmgilphbolnejepoc\1.3_0\
CHR - Extension: MagicScroll eBook Reader = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble\3.0_0\
CHR - Extension: Planificateur de logements = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc\1.2.0.5_0\
CHR - Extension: Cut the Rope = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0\
CHR - Extension: Bubble Shooter HD = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gndgglaokdcehgidecngoahldebkmkpf\2.0.0_0\
CHR - Extension: Google\u00A0Wallet = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Deezer = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh\1.3.2_0\
CHR - Extension: Gmail = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: night tochpc = C:\Users\Marine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjmhomfflfeomeelinjbpnmomlllilom\0.2_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:[b]64bit:[/b] - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121022214904.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20121022214904.dll File not found
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe (Broadcom Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [InstantUpdate] C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\ffadd00e-a9bf-4c4c-97f9-8d746945e21a.exe (AVAST Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DA11251-EF0B-4813-85D4-3D41ABD0ACC6}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:[b]64bit:[/b] - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/12/08 20:45:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/08 20:32:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/08 14:49:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marine\Desktop\OTL.exe
[2013/12/01 20:40:51 | 000,000,000 | ---D | C] -- C:\UsbFix
[2013/12/01 19:42:28 | 000,000,000 | ---D | C] -- C:\Users\Marine\AppData\Roaming\AVAST Software
[2013/11/25 18:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/19 08:04:34 | 000,000,000 | ---D | C] -- C:\Users\Marine\Documents\Histoire
[2013/11/17 19:40:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/11/17 19:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/11/17 19:40:36 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/11/16 12:49:36 | 000,000,000 | ---D | C] -- C:\Users\Marine\AppData\Local\ElevatedDiagnostics
[2013/11/16 12:48:06 | 000,000,000 | ---D | C] -- C:\MATS
[2013/11/14 18:32:46 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/14 18:16:11 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/14 18:15:58 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/14 18:15:57 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/14 18:15:57 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/14 18:15:57 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/14 18:15:56 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/14 18:11:43 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/11/14 18:11:43 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/14 18:11:43 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/14 18:11:42 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/11/13 16:22:57 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/13 16:22:56 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/13 16:22:55 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/13 16:22:55 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/13 16:22:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/12 11:57:48 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/12 11:57:48 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/12 11:57:32 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/12 11:57:31 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/12 11:57:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/12 11:57:30 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/12 11:57:30 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/12 11:57:28 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/12 11:57:28 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/12 11:57:28 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/12 11:57:27 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/12 11:57:27 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/12 11:57:27 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/12 11:57:26 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/12 11:57:26 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/12 11:57:26 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/12 11:57:26 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/12 11:57:25 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/12 11:57:25 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/12 11:57:25 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/12 11:57:25 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/12 11:57:25 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/12 11:57:25 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/12 11:57:24 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/12 11:57:10 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/12 11:57:10 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/12 11:57:10 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/12 11:57:10 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/12 11:57:09 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/12 11:57:09 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/12 11:57:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/12 11:57:08 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/12 11:57:07 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/12 11:57:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/12 11:57:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/12 11:57:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/12 11:57:04 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/12 11:57:04 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/12 11:57:03 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/12 11:57:02 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/12 11:57:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/12 11:57:00 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/12 11:57:00 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/12 11:57:00 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/12 11:56:59 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/12 11:56:59 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/12 11:56:59 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/12 11:56:58 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/12 11:56:55 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/12 11:56:55 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/12 11:56:53 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/12 11:56:53 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/12 11:56:53 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/12 11:56:53 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/12 11:56:53 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/12 11:56:52 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/12 11:56:52 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/12 11:56:52 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/12 11:56:52 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/12 11:56:52 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/12 11:56:52 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/12 11:56:51 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/12 11:56:51 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/12 11:56:51 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/12 11:56:51 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/12 11:56:50 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/12 11:56:50 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/12 11:56:50 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/12 11:56:50 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/12 11:56:48 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/12 11:56:47 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/12 11:56:47 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/12 11:56:46 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/12 11:56:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/12 11:56:46 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/12 11:56:46 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/12 11:56:45 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/12 11:56:45 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/12 11:56:45 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/12 11:56:45 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/12/08 20:58:55 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/08 20:58:55 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/08 20:53:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/08 20:51:35 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/08 20:51:30 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2013/12/08 20:51:28 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWow64\rpcnet.dll
[2013/12/08 20:51:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/08 20:51:00 | 3092,533,248 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/08 20:37:07 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2013/12/08 20:36:39 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2013/12/08 20:19:03 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/08 19:57:01 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2655689279-337458180-2004251834-1000UA.job
[2013/12/08 14:55:59 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013/12/08 14:49:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marine\Desktop\OTL.exe
[2013/12/06 07:51:11 | 000,002,333 | ---- | M] () -- C:\Users\Marine\Desktop\Google Chrome.lnk
[2013/12/05 07:50:08 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2655689279-337458180-2004251834-1000Core.job
[2013/12/01 20:03:08 | 001,676,232 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/01 20:03:08 | 000,750,184 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013/12/01 20:03:08 | 000,656,796 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/01 20:03:08 | 000,151,120 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013/12/01 20:03:08 | 000,123,272 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/25 18:54:41 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/25 18:54:13 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/11/25 18:54:13 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/11/25 18:54:13 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/11/25 18:54:13 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/11/25 18:54:13 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/11/25 18:54:13 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/11/25 18:54:13 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/11/25 18:54:13 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/11/25 18:54:13 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/11/25 18:54:12 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/25 18:28:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/11/17 19:40:37 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/11/16 12:42:51 | 000,000,020 | ---- | M] () -- C:\Windows\Lù­
[2013/11/12 11:57:48 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/12 11:57:48 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/12 11:57:32 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/12 11:57:32 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/12 11:57:31 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/12 11:57:30 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/12 11:57:30 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/12 11:57:28 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/12 11:57:28 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/12 11:57:28 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/12 11:57:28 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/12 11:57:27 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/12 11:57:27 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/12 11:57:26 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/12 11:57:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/12 11:57:26 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/12 11:57:26 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/12 11:57:26 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/12 11:57:26 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/12 11:57:25 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/12 11:57:25 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/12 11:57:25 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/12 11:57:25 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/12 11:57:25 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/12 11:57:24 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/12 11:57:10 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/12 11:57:10 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/12 11:57:10 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/12 11:57:10 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/12 11:57:10 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/12 11:57:09 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/12 11:57:09 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/12 11:57:08 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/12 11:57:07 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/12 11:57:07 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/12 11:57:07 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/12 11:57:07 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/12 11:57:05 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/12 11:57:04 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/12 11:57:03 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/12 11:57:02 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/12 11:57:01 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/12 11:57:00 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/12 11:57:00 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/12 11:57:00 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/12 11:57:00 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/12 11:56:59 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/12 11:56:59 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/12 11:56:59 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/12 11:56:56 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/12 11:56:55 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/12 11:56:53 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/12 11:56:53 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/12 11:56:53 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/12 11:56:53 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/12 11:56:53 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/12 11:56:52 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/12 11:56:52 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/12 11:56:52 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/12 11:56:52 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/12 11:56:52 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/12 11:56:52 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/12 11:56:52 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/12 11:56:51 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/12 11:56:51 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/12 11:56:51 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/12 11:56:51 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/12 11:56:50 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/12 11:56:50 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/12 11:56:50 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/12 11:56:50 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/12 11:56:48 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/12 11:56:47 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/12 11:56:47 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/12 11:56:46 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/12
0
Réponse 9 / 12
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 629
8 déc. 2013 à 21:11
tu avais bien fait suppression sur USBFix : https://forums.commentcamarche.net/forum/affich-29219229-pc-infecte-par-un-virus#9 ?

Tu peux refaire et donner le rapport.
0
Réponse 10 / 12
Eric_59 Messages postés 7 Date d'inscription dimanche 1 décembre 2013 Statut Membre Dernière intervention 8 décembre 2013
8 déc. 2013 à 21:40
Non désolé j'avais mal compris. Voici le rapport "suppression" sur UBSfix :
############################## | UsbFix V 7.152 | [Suppression]

Utilisateur: Marine (Administrateur) # MARINE-PC
Mis à jour le 20/11/2013 par El Desaparecido - Team SosVirus
Lancé à 21:25:17 | 08/12/2013

Site Web : https://www.usbfix.net/
Forum : https://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : https://www.usb-antivirus.com/fr/contact/

PC: Acer (Mimic )
CPU: Intel(R) Core(TM) i3-2367M CPU @ 1.40GHz
RAM -> [Total : 3932 | Free : 1900]
Bios: Acer
Boot: Normal boot

OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.16428

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 280 Go (199 Go libre(s) - 71%) [Acer] # NTFS
D:\ -> Disque amovible # 4 Go (4 Go libre(s) - 97%) [] # FAT32

################## | Processus Stoppés |

Stoppé! C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE (ID: 1368 |ParentID: 756)
Stoppé! C:\Windows\system32\WLANExt.exe (ID: 1392 |ParentID: 660)
Stoppé! C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe (ID: 1400 |ParentID: 1368)
Stoppé! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID: 1420 |ParentID: 756)
Stoppé! C:\Windows\System32\spoolsv.exe (ID: 1740 |ParentID: 756)
Stoppé! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1860 |ParentID: 756)
Stoppé! C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 1988 |ParentID: 756)
Stoppé! C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (ID: 2044 |ParentID: 756)
Stoppé! C:\Program Files (x86)\Launch Manager\dsiwmis.exe (ID: 1192 |ParentID: 756)
Stoppé! C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (ID: 1300 |ParentID: 756)
Stoppé! C:\Program Files (x86)\Launch Manager\LMutilps32.exe (ID: 1172 |ParentID: 1192)
Stoppé! C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (ID: 1700 |ParentID: 756)
Stoppé! C:\Program Files\Intel\iCLS Client\HeciServer.exe (ID: 1324 |ParentID: 756)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (ID: 1592 |ParentID: 756)
Stoppé! C:\Program Files\Acer\Acer Updater\UpdaterService.exe (ID: 1904 |ParentID: 756)
Stoppé! C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (ID: 1900 |ParentID: 756)
Stoppé! C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (ID: 2060 |ParentID: 756)
Stoppé! C:\Windows\SysWOW64\rpcnet.exe (ID: 2096 |ParentID: 756)
Stoppé! C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (ID: 2480 |ParentID: 756)
Stoppé! C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ID: 2592 |ParentID: 756)
Stoppé! C:\Windows\system32\taskhost.exe (ID: 3100 |ParentID: 756)
Stoppé! C:\Windows\Explorer.EXE (ID: 3232 |ParentID: 3196)
Stoppé! C:\Windows\System32\igfxtray.exe (ID: 3536 |ParentID: 3232)
Stoppé! C:\Windows\System32\hkcmd.exe (ID: 3544 |ParentID: 3232)
Stoppé! C:\Windows\System32\igfxpers.exe (ID: 3552 |ParentID: 3232)
Stoppé! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 3668 |ParentID: 3232)
Stoppé! C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (ID: 3804 |ParentID: 3232)
Stoppé! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID: 3812 |ParentID: 3232)
Stoppé! C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (ID: 3840 |ParentID: 3232)
Stoppé! C:\Windows\System32\StikyNot.exe (ID: 3876 |ParentID: 3232)
Stoppé! C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (ID: 3960 |ParentID: 3232)
Stoppé! C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (ID: 4016 |ParentID: 3884)
Stoppé! C:\Program Files (x86)\Launch Manager\LManager.exe (ID: 4044 |ParentID: 3884)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (ID: 4052 |ParentID: 3884)
Stoppé! C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 4080 |ParentID: 3884)
Stoppé! C:\Windows\system32\igfxext.exe (ID: 3968 |ParentID: 920)
Stoppé! C:\Windows\system32\igfxsrvc.exe (ID: 3996 |ParentID: 920)
Stoppé! C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (ID: 1332 |ParentID: 4044)
Stoppé! C:\Program Files (x86)\Launch Manager\LMworker.exe (ID: 4244 |ParentID: 1192)
Stoppé! C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (ID: 4288 |ParentID: 1300)
Stoppé! C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID: 4472 |ParentID: 3884)
Stoppé! C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (ID: 4844 |ParentID: 756)
Stoppé! C:\Windows\system32\SearchIndexer.exe (ID: 4908 |ParentID: 756)
Stoppé! C:\Program Files\iPod\bin\iPodService.exe (ID: 4952 |ParentID: 756)
Stoppé! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 5148 |ParentID: 756)
Stoppé! C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID: 5436 |ParentID: 3864)
Stoppé! C:\Windows\SysWOW64\RunDll32.exe (ID: 5592 |ParentID: 3960)
Stoppé! C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (ID: 5828 |ParentID: 920)
Stoppé! C:\Users\Marine\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5432 |ParentID: 3232)
Stoppé! C:\Users\Marine\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5192 |ParentID: 5432)
Stoppé! C:\Users\Marine\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 5644 |ParentID: 5432)
Stoppé! C:\Windows\system32\taskeng.exe (ID: 452 |ParentID: 996)
Stoppé! C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (ID: 5376 |ParentID: 452)
Stoppé! C:\Users\Marine\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2340 |ParentID: 5432)
Stoppé! C:\Users\Marine\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2052 |ParentID: 5432)
Stoppé! C:\Users\Marine\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 2080 |ParentID: 5432)
Stoppé! C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe (ID: 4984 |ParentID: 3524)
Stoppé! C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe (ID: 4808 |ParentID: 3524)
Stoppé! C:\Windows\system32\conhost.exe (ID: 4432 |ParentID: 716)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (ID: 1776 |ParentID: 756)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 2984 |ParentID: 756)
Stoppé! C:\Windows\system32\sppsvc.exe (ID: 3056 |ParentID: 756)
Stoppé! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 1512 |ParentID: 756)
Stoppé! C:\Windows\system32\taskeng.exe (ID: 2260 |ParentID: 996)
Stoppé! C:\Windows\System32\WUDFHost.exe (ID: 700 |ParentID: 660)

################## | Regedit Run |

04 - HKLM\SOFTWARE | Run : [SuiteTray] - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
04 - HKLM\SOFTWARE | Run : [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
04 - HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE | Run : [BackupManagerTray] - "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
04 - HKLM\SOFTWARE | Run : [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe
04 - HKLM\SOFTWARE | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
04 - HKLM\SOFTWARE | Run : [] -
04 - HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\ffadd00e-a9bf-4c4c-97f9-8d746945e21a.exe /check
04 - HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE\wow6432Node | Run : [SuiteTray] - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [BackupManagerTray] - "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
04 - HKLM\SOFTWARE\wow6432Node | Run : [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe
04 - HKLM\SOFTWARE\wow6432Node | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [] -
04 - HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
04 - HKLM\SOFTWARE\wow6432Node | Run : [20131121] - C:\Program Files\AVAST Software\Avast\setup\emupdate\ffadd00e-a9bf-4c4c-97f9-8d746945e21a.exe /check
04 - HKLM\SOFTWARE\wow6432Node | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKLM\SOFTWARE | RunOnce : [] -
04 - HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
04 - HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2655689279-337458180-2004251834-1000\SOFTWARE | Run : [Google Update] - "C:\Users\Marine\AppData\Local\Google\Update\GoogleUpdate.exe" /c
04 - HKU\S-1-5-21-2655689279-337458180-2004251834-1000\SOFTWARE | Run : [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-19\SOFTWARE | RunOnce : [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\SOFTWARE | RunOnce : [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
04 - HKU\S-1-5-18\SOFTWARE | RunOnce : [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

################## | Recherche générique |

Supprimé! D:\Suite litté.lnk
Supprimé! D:\Philosophie.lnk
Supprimé! D:\Musique.lnk
Supprimé! D:\Littérature Fr.lnk
Supprimé! D:\Litérature anglaise.lnk
Supprimé! D:\Imprimer.lnk
Supprimé! D:\Histoire.lnk
Supprimé! D:\Europeenne.lnk
Supprimé! D:\DGEMC.lnk
Supprimé! D:\Anglais.lnk
Supprimé! D:\Allemand.lnk
Supprimé! C:\Users\Marine\AppData\Local\Temp\NEW3D6F.tmp.exe
Supprimé! C:\Users\Marine\AppData\Local\Temp\NEW3E6B.tmp.exe
Supprimé! C:\Users\Marine\AppData\Local\Temp\NEW4FA1.tmp.exe
Supprimé! C:\Users\Marine\AppData\Local\Temp\NEW7840.tmp.exe
Supprimé! C:\Users\Marine\AppData\Local\Temp\NEW85D6.tmp.exe
Supprimé! C:\Users\Marine\AppData\Local\Temp\NEW8F5.tmp.exe
Supprimé! C:\Users\Marine\AppData\Local\Temp\NEW9349.tmp.exe
Supprimé! C:\Users\Marine\AppData\Local\Temp\NEWAF98.tmp.exe
Supprimé! C:\Users\Marine\AppData\Local\Temp\NEWCBD6.tmp.exe
Supprimé! C:\Users\Marine\AppData\Local\Temp\NEWDC71.tmp.exe
Supprimé! C:\Users\Marine\AppData\Local\Temp\FLASHM~1.VBE
Supprimé! D:\FLASHM~1.VBE

(!) Fichiers temporaires supprimés.

################## | Référence de comparaison MD5 |

Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> C:\Users\Marine\AppData\Local\Temp\FLASHM~1.VBE
Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> D:\FLASHM~1.VBE

################## | Comparaison MD5 |

Supprimé! Md5 : BCDEF9A6D179F4C587F9B742DE82EEF0 -> C:\_OTL\MovedFiles\12082013_204520\C_Users\Marine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FLASHM~1.VBE

################## | Registre |

Réparé ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktop -> 0
Réparé ! HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoActiveDesktopChanges -> 0
Supprimé! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe

################## | Listing |

[21/10/2012 - 16:58:54 | SHD ] C:\$Recycle.Bin
[08/12/2013 - 20:34:22 | D ] C:\AdwCleaner
[28/06/2012 - 20:03:36 | D ] C:\book
[26/04/2012 - 07:10:48 | RASH | 8192] C:\BOOTSECT.BAK
[08/12/2013 - 20:36:47 | SHD ] C:\Config.Msi
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[13/01/2013 - 20:28:36 | D ] C:\f2876e2317f47bfc5aeafd
[13/01/2013 - 20:36:26 | D ] C:\found.000
[08/12/2013 - 21:17:44 | ASH | 3092533248] C:\hiberfil.sys
[28/06/2012 - 20:09:03 | D ] C:\Intel
[16/11/2013 - 12:48:06 | D ] C:\MATS
[21/10/2012 - 18:28:15 | RHD ] C:\MSOCache
[21/10/2012 - 16:58:43 | D ] C:\OEM
[08/12/2013 - 21:17:49 | ASH | 4123377664] C:\pagefile.sys
[14/07/2009 - 04:20:08 | D ] C:\PerfLogs
[08/12/2013 - 14:55:59 | N | 512] C:\PhysicalMBR.bin
[16/11/2013 - 12:55:30 | D ] C:\Program Files
[08/12/2013 - 20:33:58 | D ] C:\Program Files (x86)
[08/12/2013 - 20:33:53 | HD ] C:\ProgramData
[21/10/2012 - 16:54:58 | SHD ] C:\Recovery
[08/12/2013 - 20:55:52 | SHD ] C:\System Volume Information
[08/12/2013 - 21:37:05 | D ] C:\UsbFix
[08/12/2013 - 21:37:20 | A | 13554] C:\UsbFix [Clean 1] MARINE-PC.txt
[21/10/2012 - 16:55:08 | RD ] C:\Users
[25/11/2013 - 18:54:15 | D ] C:\Windows
[08/12/2013 - 20:45:20 | D ] C:\_OTL
[21/11/2013 - 08:39:00 | D ] D:\Philosophie
[21/11/2013 - 08:39:00 | D ] D:\Musique
[21/11/2013 - 08:39:00 | D ] D:\Littérature Fr
[21/11/2013 - 08:39:06 | D ] D:\Litérature anglaise
[21/11/2013 - 08:39:06 | D ] D:\Imprimer
[21/11/2013 - 08:39:06 | D ] D:\Histoire
[21/11/2013 - 08:39:06 | D ] D:\Europeenne
[21/11/2013 - 08:39:06 | D ] D:\DGEMC
[21/11/2013 - 08:39:06 | D ] D:\Anglais
[21/11/2013 - 08:39:06 | D ] D:\Allemand
[22/11/2013 - 11:00:58 | N | 32437] D:\Suite litté.odt

################## | Vaccin |

D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | E.O.F | https://www.usbfix.net/ - https://www.sosvirus.net/ |
0
Réponse 11 / 12
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 629
8 déc. 2013 à 21:55
ok ça doit être bon.
Vois ce que cela donne.
0
Réponse 12 / 12
CariBOUHH Messages postés 27 Date d'inscription dimanche 1 décembre 2013 Statut Membre Dernière intervention 16 janvier 2014 5
Modifié par CariBOUHH le 1/12/2013 à 20:01
En .lnk tu veux dire ?


Télécharge RogueKiller sur le bureau :
https://www.luanagames.com/index.fr.html

- Fermes les applications et programmes en cours.
- Double clique sur RogueKiller.exe pour lancer le programme
(Vista/Seven - Faire un clique droit sur RogueKiller.exe présent sur le bureau et choisir exécuter en tant qu'administrateur pour lancer le programme)
- tu scan
- tu suprime

après ça devrais être réglé, et après lance un scan de ton antivirus ça pourra aidé.
-1