Portable bloqué avec message du ministère de l'intérieur
stephanie_610
Messages postés
58
Statut
Membre
-
stephanie_610 Messages postés 58 Statut Membre -
stephanie_610 Messages postés 58 Statut Membre -
Bonsoir,
Avant hier soir mon pc portable s'est bloqué avec un message du ministère de l'intérieur et me demandant de verser 100 € pour le débloquer. Je sais qu'il s'agit d'un virus. J'ai regardé sur différent forum mais je n'ai pas réussi à trouver la solution.
J'ai seulement réussi à extraire le rapport via OTLPENet :
OTL logfile created on: 1/28/2013 9:55:22 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 17.68 Gb Free Space | 15.83% Space Free | Partition Type: NTFS
Drive D: | 108.19 Gb Total Space | 99.93 Gb Free Space | 92.37% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [Auto] -- -- (CLTNetCnService)
SRV - [2013/01/25 13:03:15 | 000,233,472 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Users\JEAN-MI\116764002.exe -- (Winmgmt)
SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/01 04:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 04:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2008/10/16 10:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 09:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/14 03:55:00 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/12/10 04:23:02 | 000,024,576 | ---- | M] () [Auto] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/10/30 12:45:48 | 000,167,936 | ---- | M] (acer) [Auto] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/10/01 10:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/09/28 13:18:24 | 000,233,472 | ---- | M] (Acer Inc.) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007/09/10 09:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/08/28 08:21:10 | 000,131,072 | ---- | M] (Acer Inc.) [Auto] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/04/25 10:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/26 08:24:42 | 000,050,688 | ---- | M] () [Auto] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2006/11/24 06:57:54 | 000,107,008 | ---- | M] () [Auto] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 11:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 11:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/04/11 00:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2008/11/17 00:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/10/09 08:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/01/19 01:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/14 03:56:00 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007/12/14 03:56:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/12/14 03:55:00 | 007,629,504 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/26 06:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Pilote de carte Intel(R)
DRV - [2007/08/08 14:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 05:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 04:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/09 21:16:00 | 000,042,240 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVerA310Cap.sys -- (BDASwCap)
DRV - [2007/07/09 21:16:00 | 000,026,368 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVerA310USB.sys -- (A310)
DRV - [2007/07/03 04:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007/06/12 04:38:26 | 001,729,152 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Pilote de carte Intel(R)
DRV - [2006/07/14 00:33:58 | 000,009,984 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\gMouUsb.sys -- (gMouUsb)
DRV - [2006/07/14 00:30:52 | 000,014,848 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\gHidPnp.sys -- (gHidPnp)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\JEAN-MI_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
IE - HKU\JEAN-MI_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = https://outlook.live.com/owa/ [binary data]
IE - HKU\JEAN-MI_ON_C\Software\Microsoft\Internet Explorer\Main,SEARCH PAGE =
IE - HKU\JEAN-MI_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\JEAN-MI_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\JEAN-MI_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\JEAN-MI_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://outlook.live.com/owa/ [binary data]
IE - HKU\JEAN-MI_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=115299&tt=201208_mnt_n_3412_7&babsrc=HP_ss&mntrId=d4493200000000000000001de030acab
IE - HKU\JEAN-MI_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\JEAN-MI_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\JEAN-MI_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@ivivo.tv/ivivo;version=1.6.1c: C:\Program Files\iViVo\IVIVO\npivivo.dll (iViVo Team)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\JEAN-MI\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
[2009/03/28 08:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JEAN-MI\AppData\Roaming\Mozilla\Extensions
[2009/03/28 08:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JEAN-MI\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/08/26 13:54:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\1.8.4.0\bh\escort.dll (Funmoods BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKU\JEAN-MI_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [ALaunch] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe (TODO: <Company name>)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] File not found
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\JEAN-MI_ON_C..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKU\JEAN-MI_ON_C..\Run: [DW6] File not found
O4 - HKU\JEAN-MI_ON_C..\Run: [Facebook Update] C:\Users\JEAN-MI\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\JEAN-MI_ON_C..\Run: [wefi] C:\Program Files\WeFi\WeFi.exe (WeFi)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\JEAN-MI_ON_C..\RunOnce: [] C:\Windows\System32\osk.exe (Microsoft Corporation)
O4 - Startup: C:\Users\JEAN-MI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\JEAN-MI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20101013044044 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.mypix.com/fr/fr/fw_model/domain/library/aurigma/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-fr.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 109.0.66.20 109.0.66.10
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1b9afe92-6bd4-11dd-8af4-d5895755a024}\Shell\Auto\command - "" = sal.xls.exe
O33 - MountPoints2\{1b9afe92-6bd4-11dd-8af4-d5895755a024}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
O33 - MountPoints2\{4967d635-edc6-11dd-8e19-9491e55b5c10}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe winrun.vbs
O33 - MountPoints2\{6dc873ce-e4df-11dd-977c-001e6806c59d}\Shell\Auto\command - "" = sal.xls.exe
O33 - MountPoints2\{6dc873ce-e4df-11dd-977c-001e6806c59d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
O33 - MountPoints2\{b73545d5-96dc-11dd-be1e-959a981ccf53}\Shell\AutoRun\command - "" = WD_Windows_Tools\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013/01/24 14:54:42 | 000,000,000 | ---D | C] -- C:\Users\JEAN-MI\AppData\Roaming\WinRAR
[2013/01/24 14:54:42 | 000,000,000 | ---D | C] -- C:\Users\JEAN-MI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/01/24 14:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/01/24 14:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/01/24 14:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2013/01/24 14:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/01/24 14:48:41 | 000,000,000 | ---D | C] -- C:\Users\JEAN-MI\AppData\Roaming\Funmoods
[2013/01/24 14:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\Funmoods
[2013/01/22 05:53:19 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/22 05:52:37 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/04 03:49:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/01/04 03:49:57 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2013/01/04 03:49:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/01/04 03:49:55 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/01/04 03:49:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/01/04 03:49:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/01/04 03:49:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/01/04 03:49:51 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/01/04 03:49:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/01/04 03:49:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/01/04 03:38:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2013/01/04 03:38:33 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2013/01/04 03:38:32 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2013/01/04 03:38:31 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2013/01/04 03:38:26 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2013/01/04 03:38:26 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2013/01/04 03:36:31 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/01/04 03:36:31 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/01/03 11:42:20 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2013/01/03 11:42:20 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2013/01/03 11:42:19 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2013/01/03 11:42:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2008/01/24 07:17:05 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2008/01/24 07:14:03 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008/01/24 07:14:03 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2008/01/24 07:14:03 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2007/12/21 00:20:33 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013/01/28 13:04:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/28 13:04:29 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/01/28 13:04:17 | 095,023,320 | ---- | M] () -- C:\ProgramData\200467611.pad
[2013/01/28 13:04:09 | 000,028,029 | ---- | M] () -- C:\Users\JEAN-MI\AppData\Roaming\nvModes.001
[2013/01/28 13:03:56 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/28 13:03:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/28 13:03:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/28 13:03:43 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/26 07:47:39 | 000,002,299 | ---- | M] () -- C:\Users\JEAN-MI\AppData\Roaming\acervcmtmp.ini
[2013/01/25 14:14:06 | 000,000,680 | ---- | M] () -- C:\Users\JEAN-MI\AppData\Local\d3d9caps.dat
[2013/01/25 13:19:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/25 13:18:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-113336085-737412853-708303479-1000UA.job
[2013/01/25 13:16:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-113336085-737412853-708303479-1000Core.job
[2013/01/25 13:03:20 | 000,002,825 | ---- | M] () -- C:\ProgramData\200467611.js
[2013/01/25 13:03:20 | 000,000,884 | ---- | M] () -- C:\Users\JEAN-MI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/25 03:36:40 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013/01/25 03:36:40 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/25 03:36:40 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013/01/25 03:36:40 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/24 14:58:27 | 000,140,288 | ---- | M] () -- C:\Users\JEAN-MI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/24 14:54:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/01/24 14:48:37 | 000,077,671 | ---- | M] () -- C:\Users\JEAN-MI\AppData\Local\funmoods_2.0.1.crx
[2013/01/24 04:38:48 | 000,296,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/24 04:21:31 | 000,001,999 | ---- | M] () -- C:\Users\JEAN-MI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/22 05:57:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013/01/26 09:57:56 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/25 13:03:20 | 000,002,825 | ---- | C] () -- C:\ProgramData\200467611.js
[2013/01/25 13:03:20 | 000,000,884 | ---- | C] () -- C:\Users\JEAN-MI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/25 13:03:17 | 095,023,320 | ---- | C] () -- C:\ProgramData\200467611.pad
[2013/01/24 14:48:40 | 000,077,671 | ---- | C] () -- C:\Users\JEAN-MI\AppData\Local\funmoods_2.0.1.crx
[2013/01/04 03:38:46 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/04 03:38:46 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2010/10/15 08:31:02 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/02/05 16:50:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/05 16:50:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/01/31 15:55:25 | 000,002,299 | ---- | C] () -- C:\Users\JEAN-MI\AppData\Roaming\acervcmtmp.ini
[2008/09/10 13:42:02 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/10 13:32:50 | 000,000,000 | ---- | C] () -- C:\Users\JEAN-MI\AppData\Roaming\wklnhst.dat
[2008/08/02 04:05:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/07/30 22:59:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/20 03:58:19 | 000,000,680 | ---- | C] () -- C:\Users\JEAN-MI\AppData\Local\d3d9caps.dat
[2008/07/18 12:17:01 | 000,014,848 | ---- | C] () -- C:\Windows\System32\drivers\gHidPnp.sys
[2008/07/18 12:17:01 | 000,009,984 | ---- | C] () -- C:\Windows\System32\drivers\gMouUsb.sys
[2008/07/03 07:42:30 | 000,028,029 | ---- | C] () -- C:\Users\JEAN-MI\AppData\Roaming\nvModes.001
[2008/07/03 07:40:58 | 000,028,029 | ---- | C] () -- C:\Users\JEAN-MI\AppData\Roaming\nvModes.dat
[2008/06/18 15:26:38 | 000,140,288 | ---- | C] () -- C:\Users\JEAN-MI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/24 15:58:32 | 000,086,016 | ---- | C] () -- C:\Windows\Hide.exe
[2008/01/24 15:58:27 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2008/01/24 15:58:14 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008/01/24 07:17:05 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008/01/24 07:14:03 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/01/24 07:02:11 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/01/24 07:02:11 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2007/12/21 09:34:47 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/12/21 06:27:29 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/12/21 00:28:36 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/12/21 00:27:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/12/21 00:20:27 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/04/25 10:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 10:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 10:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 10:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 10:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 10:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 09:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/12 23:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 10:48:33 | 000,679,042 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2006/11/02 10:48:33 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2006/11/02 10:48:33 | 000,126,626 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2006/11/02 10:48:33 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,296,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 10:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 17:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/08/06 22:16:34 | 000,045,056 | ---- | C] () -- C:\Windows\OTS_UI.EXE
[2001/07/30 10:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 16:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[color=#E56717]========== LOP Check ==========[/color]
[2008/06/17 21:50:46 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\Acer
[2012/08/26 13:54:03 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\Babylon
[2013/01/28 13:04:11 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\BrowserCompanion
[2008/07/03 23:27:47 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\Camfrog
[2013/01/24 14:48:41 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\Funmoods
[2009/01/17 09:33:41 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\ivivo
[2010/02/25 15:31:12 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\LimeWire
[2010/07/16 18:02:58 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\PhotoFiltre
[2008/07/30 12:56:39 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\Podmailing
[2008/09/10 13:33:04 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\Template
[2010/10/07 15:06:52 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\Windows Live Writer
[2012/01/01 14:56:03 | 000,000,000 | ---D | M] -- C:\ProgramData\albumphoto
[2010/02/04 18:25:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Alwil Software
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/02/16 09:07:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Arcade Lab
[2012/03/10 12:54:46 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
[2012/08/26 13:54:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2008/06/17 05:50:15 | 000,000,000 | -HSD | M] -- C:\ProgramData\Bureau
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/06/17 05:50:15 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoris
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/06/17 05:50:15 | 000,000,000 | -HSD | M] -- C:\ProgramData\Menu Démarrer
[2008/06/17 05:50:15 | 000,000,000 | -HSD | M] -- C:\ProgramData\Modèles
[2009/03/15 20:26:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Native Instruments
[2012/08/19 09:24:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Roaming
[2009/03/12 05:04:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Soulseek
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2013/01/24 14:48:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2011/09/04 16:07:24 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2013/01/28 13:04:11 | 000,000,000 | ---D | M] -- C:\ProgramData\WeFi
[2011/10/17 15:12:07 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2007/12/21 00:39:05 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009/03/15 20:25:45 | 000,000,000 | -H-D | M] -- C:\ProgramData\{902029B2-957E-4066-85FA-30DA31731718}
[2009/03/15 20:25:54 | 000,000,000 | ---D | M] -- C:\ProgramData\{C59C4281-5384-43B2-9E48-2FA6F8967AB1}
[2009/03/15 20:27:08 | 000,000,000 | -H-D | M] -- C:\ProgramData\{C79A30AF-08C1-49CF-8F27-526F179A478D}
[2013/01/25 13:16:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-113336085-737412853-708303479-1000Core.job
[2013/01/25 13:18:01 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-113336085-737412853-708303479-1000UA.job
[2013/01/28 13:04:29 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:9F683177
< End of report >
Merci à tous pour votre aide !!! ;p
Avant hier soir mon pc portable s'est bloqué avec un message du ministère de l'intérieur et me demandant de verser 100 € pour le débloquer. Je sais qu'il s'agit d'un virus. J'ai regardé sur différent forum mais je n'ai pas réussi à trouver la solution.
J'ai seulement réussi à extraire le rapport via OTLPENet :
OTL logfile created on: 1/28/2013 9:55:22 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.69 Gb Total Space | 17.68 Gb Free Space | 15.83% Space Free | Partition Type: NTFS
Drive D: | 108.19 Gb Total Space | 99.93 Gb Free Space | 92.37% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [Auto] -- -- (CLTNetCnService)
SRV - [2013/01/25 13:03:15 | 000,233,472 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Users\JEAN-MI\116764002.exe -- (Winmgmt)
SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/04/01 04:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 04:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2008/10/16 10:26:20 | 000,860,160 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 09:54:34 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/14 03:55:00 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/12/10 04:23:02 | 000,024,576 | ---- | M] () [Auto] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/10/30 12:45:48 | 000,167,936 | ---- | M] (acer) [Auto] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/10/01 10:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/09/28 13:18:24 | 000,233,472 | ---- | M] (Acer Inc.) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007/09/10 09:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/08/28 08:21:10 | 000,131,072 | ---- | M] (Acer Inc.) [Auto] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/04/25 10:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/01/26 08:24:42 | 000,050,688 | ---- | M] () [Auto] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2006/11/24 06:57:54 | 000,107,008 | ---- | M] () [Auto] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - [2012/07/03 11:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/07/03 11:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/07/03 11:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/07/03 11:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/07/03 11:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/04/11 00:06:26 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2008/11/17 00:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/10/09 08:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/01/19 01:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/14 03:56:00 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007/12/14 03:56:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/12/14 03:55:00 | 007,629,504 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/09/26 06:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Pilote de carte Intel(R)
DRV - [2007/08/08 14:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 05:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 04:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/09 21:16:00 | 000,042,240 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVerA310Cap.sys -- (BDASwCap)
DRV - [2007/07/09 21:16:00 | 000,026,368 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AVerA310USB.sys -- (A310)
DRV - [2007/07/03 04:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007/06/12 04:38:26 | 001,729,152 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Pilote de carte Intel(R)
DRV - [2006/07/14 00:33:58 | 000,009,984 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\gMouUsb.sys -- (gMouUsb)
DRV - [2006/07/14 00:30:52 | 000,014,848 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\gHidPnp.sys -- (gHidPnp)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\JEAN-MI_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
IE - HKU\JEAN-MI_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = https://outlook.live.com/owa/ [binary data]
IE - HKU\JEAN-MI_ON_C\Software\Microsoft\Internet Explorer\Main,SEARCH PAGE =
IE - HKU\JEAN-MI_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\JEAN-MI_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\JEAN-MI_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\JEAN-MI_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://outlook.live.com/owa/ [binary data]
IE - HKU\JEAN-MI_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=115299&tt=201208_mnt_n_3412_7&babsrc=HP_ss&mntrId=d4493200000000000000001de030acab
IE - HKU\JEAN-MI_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\JEAN-MI_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\JEAN-MI_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@ivivo.tv/ivivo;version=1.6.1c: C:\Program Files\iViVo\IVIVO\npivivo.dll (iViVo Team)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\JEAN-MI\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
[2009/03/28 08:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JEAN-MI\AppData\Roaming\Mozilla\Extensions
[2009/03/28 08:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JEAN-MI\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/08/26 13:54:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Browser Companion Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\1.8.4.0\bh\escort.dll (Funmoods BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Browser Companion Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.6.9.12\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKU\JEAN-MI_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [ALaunch] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe (TODO: <Company name>)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetPanel] File not found
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\JEAN-MI_ON_C..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKU\JEAN-MI_ON_C..\Run: [DW6] File not found
O4 - HKU\JEAN-MI_ON_C..\Run: [Facebook Update] C:\Users\JEAN-MI\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\JEAN-MI_ON_C..\Run: [wefi] C:\Program Files\WeFi\WeFi.exe (WeFi)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\JEAN-MI_ON_C..\RunOnce: [] C:\Windows\System32\osk.exe (Microsoft Corporation)
O4 - Startup: C:\Users\JEAN-MI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\JEAN-MI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20101013044044 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.mypix.com/fr/fr/fw_model/domain/library/aurigma/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-fr.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 109.0.66.20 109.0.66.10
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1b9afe92-6bd4-11dd-8af4-d5895755a024}\Shell\Auto\command - "" = sal.xls.exe
O33 - MountPoints2\{1b9afe92-6bd4-11dd-8af4-d5895755a024}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
O33 - MountPoints2\{4967d635-edc6-11dd-8e19-9491e55b5c10}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe winrun.vbs
O33 - MountPoints2\{6dc873ce-e4df-11dd-977c-001e6806c59d}\Shell\Auto\command - "" = sal.xls.exe
O33 - MountPoints2\{6dc873ce-e4df-11dd-977c-001e6806c59d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sal.xls.exe
O33 - MountPoints2\{b73545d5-96dc-11dd-be1e-959a981ccf53}\Shell\AutoRun\command - "" = WD_Windows_Tools\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013/01/24 14:54:42 | 000,000,000 | ---D | C] -- C:\Users\JEAN-MI\AppData\Roaming\WinRAR
[2013/01/24 14:54:42 | 000,000,000 | ---D | C] -- C:\Users\JEAN-MI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/01/24 14:54:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/01/24 14:54:24 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/01/24 14:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo
[2013/01/24 14:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/01/24 14:48:41 | 000,000,000 | ---D | C] -- C:\Users\JEAN-MI\AppData\Roaming\Funmoods
[2013/01/24 14:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\Funmoods
[2013/01/22 05:53:19 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/22 05:52:37 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/04 03:49:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/01/04 03:49:57 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2013/01/04 03:49:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/01/04 03:49:55 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/01/04 03:49:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/01/04 03:49:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/01/04 03:49:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/01/04 03:49:51 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/01/04 03:49:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/01/04 03:49:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/01/04 03:38:40 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2013/01/04 03:38:33 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2013/01/04 03:38:32 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2013/01/04 03:38:31 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2013/01/04 03:38:26 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2013/01/04 03:38:26 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2013/01/04 03:36:31 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/01/04 03:36:31 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/01/03 11:42:20 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2013/01/03 11:42:20 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2013/01/03 11:42:19 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2013/01/03 11:42:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2008/01/24 07:17:05 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2008/01/24 07:14:03 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2008/01/24 07:14:03 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2008/01/24 07:14:03 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2007/12/21 00:20:33 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013/01/28 13:04:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/28 13:04:29 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/01/28 13:04:17 | 095,023,320 | ---- | M] () -- C:\ProgramData\200467611.pad
[2013/01/28 13:04:09 | 000,028,029 | ---- | M] () -- C:\Users\JEAN-MI\AppData\Roaming\nvModes.001
[2013/01/28 13:03:56 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/28 13:03:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/28 13:03:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/28 13:03:43 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/26 07:47:39 | 000,002,299 | ---- | M] () -- C:\Users\JEAN-MI\AppData\Roaming\acervcmtmp.ini
[2013/01/25 14:14:06 | 000,000,680 | ---- | M] () -- C:\Users\JEAN-MI\AppData\Local\d3d9caps.dat
[2013/01/25 13:19:00 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/25 13:18:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-113336085-737412853-708303479-1000UA.job
[2013/01/25 13:16:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-113336085-737412853-708303479-1000Core.job
[2013/01/25 13:03:20 | 000,002,825 | ---- | M] () -- C:\ProgramData\200467611.js
[2013/01/25 13:03:20 | 000,000,884 | ---- | M] () -- C:\Users\JEAN-MI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/25 03:36:40 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013/01/25 03:36:40 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/25 03:36:40 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013/01/25 03:36:40 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/24 14:58:27 | 000,140,288 | ---- | M] () -- C:\Users\JEAN-MI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/24 14:54:42 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/01/24 14:48:37 | 000,077,671 | ---- | M] () -- C:\Users\JEAN-MI\AppData\Local\funmoods_2.0.1.crx
[2013/01/24 04:38:48 | 000,296,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/24 04:21:31 | 000,001,999 | ---- | M] () -- C:\Users\JEAN-MI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/22 05:57:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013/01/26 09:57:56 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/25 13:03:20 | 000,002,825 | ---- | C] () -- C:\ProgramData\200467611.js
[2013/01/25 13:03:20 | 000,000,884 | ---- | C] () -- C:\Users\JEAN-MI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013/01/25 13:03:17 | 095,023,320 | ---- | C] () -- C:\ProgramData\200467611.pad
[2013/01/24 14:48:40 | 000,077,671 | ---- | C] () -- C:\Users\JEAN-MI\AppData\Local\funmoods_2.0.1.crx
[2013/01/04 03:38:46 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/04 03:38:46 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2010/10/15 08:31:02 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/02/05 16:50:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/05 16:50:31 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/01/31 15:55:25 | 000,002,299 | ---- | C] () -- C:\Users\JEAN-MI\AppData\Roaming\acervcmtmp.ini
[2008/09/10 13:42:02 | 000,000,382 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/09/10 13:32:50 | 000,000,000 | ---- | C] () -- C:\Users\JEAN-MI\AppData\Roaming\wklnhst.dat
[2008/08/02 04:05:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/07/30 22:59:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/20 03:58:19 | 000,000,680 | ---- | C] () -- C:\Users\JEAN-MI\AppData\Local\d3d9caps.dat
[2008/07/18 12:17:01 | 000,014,848 | ---- | C] () -- C:\Windows\System32\drivers\gHidPnp.sys
[2008/07/18 12:17:01 | 000,009,984 | ---- | C] () -- C:\Windows\System32\drivers\gMouUsb.sys
[2008/07/03 07:42:30 | 000,028,029 | ---- | C] () -- C:\Users\JEAN-MI\AppData\Roaming\nvModes.001
[2008/07/03 07:40:58 | 000,028,029 | ---- | C] () -- C:\Users\JEAN-MI\AppData\Roaming\nvModes.dat
[2008/06/18 15:26:38 | 000,140,288 | ---- | C] () -- C:\Users\JEAN-MI\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/24 15:58:32 | 000,086,016 | ---- | C] () -- C:\Windows\Hide.exe
[2008/01/24 15:58:27 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2008/01/24 15:58:14 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008/01/24 07:17:05 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008/01/24 07:14:03 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2008/01/24 07:02:11 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/01/24 07:02:11 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2007/12/21 09:34:47 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/12/21 06:27:29 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/12/21 00:28:36 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/12/21 00:27:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/12/21 00:20:27 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/04/25 10:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 10:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 10:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 10:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 10:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007/04/25 10:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006/12/25 09:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/12 23:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 10:48:33 | 000,679,042 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2006/11/02 10:48:33 | 000,340,236 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2006/11/02 10:48:33 | 000,126,626 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2006/11/02 10:48:33 | 000,037,390 | ---- | C] () -- C:\Windows\System32\perfd00C.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,296,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/12/26 10:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/03 17:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/08/06 22:16:34 | 000,045,056 | ---- | C] () -- C:\Windows\OTS_UI.EXE
[2001/07/30 10:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/23 16:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[color=#E56717]========== LOP Check ==========[/color]
[2008/06/17 21:50:46 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\Acer
[2012/08/26 13:54:03 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\Babylon
[2013/01/28 13:04:11 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\BrowserCompanion
[2008/07/03 23:27:47 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\Camfrog
[2013/01/24 14:48:41 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\Funmoods
[2009/01/17 09:33:41 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\ivivo
[2010/02/25 15:31:12 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\LimeWire
[2010/07/16 18:02:58 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\PhotoFiltre
[2008/07/30 12:56:39 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\Podmailing
[2008/09/10 13:33:04 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\Template
[2010/10/07 15:06:52 | 000,000,000 | ---D | M] -- C:\Users\JEAN-MI\AppData\Roaming\Windows Live Writer
[2012/01/01 14:56:03 | 000,000,000 | ---D | M] -- C:\ProgramData\albumphoto
[2010/02/04 18:25:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Alwil Software
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2010/02/16 09:07:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Arcade Lab
[2012/03/10 12:54:46 | 000,000,000 | ---D | M] -- C:\ProgramData\AVAST Software
[2012/08/26 13:54:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2008/06/17 05:50:15 | 000,000,000 | -HSD | M] -- C:\ProgramData\Bureau
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/06/17 05:50:15 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoris
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/06/17 05:50:15 | 000,000,000 | -HSD | M] -- C:\ProgramData\Menu Démarrer
[2008/06/17 05:50:15 | 000,000,000 | -HSD | M] -- C:\ProgramData\Modèles
[2009/03/15 20:26:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Native Instruments
[2012/08/19 09:24:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Roaming
[2009/03/12 05:04:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Soulseek
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2013/01/24 14:48:57 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2011/09/04 16:07:24 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2013/01/28 13:04:11 | 000,000,000 | ---D | M] -- C:\ProgramData\WeFi
[2011/10/17 15:12:07 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2007/12/21 00:39:05 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2009/03/15 20:25:45 | 000,000,000 | -H-D | M] -- C:\ProgramData\{902029B2-957E-4066-85FA-30DA31731718}
[2009/03/15 20:25:54 | 000,000,000 | ---D | M] -- C:\ProgramData\{C59C4281-5384-43B2-9E48-2FA6F8967AB1}
[2009/03/15 20:27:08 | 000,000,000 | -H-D | M] -- C:\ProgramData\{C79A30AF-08C1-49CF-8F27-526F179A478D}
[2013/01/25 13:16:00 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-113336085-737412853-708303479-1000Core.job
[2013/01/25 13:18:01 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-113336085-737412853-708303479-1000UA.job
[2013/01/28 13:04:29 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:9F683177
< End of report >
Merci à tous pour votre aide !!! ;p
A voir également:
- Portable bloqué avec message du ministère de l'intérieur
- Nettoyer ordinateur portable lent - Guide
- Message du pere noel gratuit whatsapp - Accueil - Messagerie instantanée
- Code puk bloqué - Guide
- Souris bloqué pc portable - Guide
- Recuperer message whatsapp supprimé - Guide
17 réponses
Stephanie,ne paniques pas et attends qu'un helper te prenne en main, et fais pas attention aux commentaires ( comme ceux plus haut ) qui ne sont d'aucune utilité ;)
stephanie_610
Messages postés
58
Statut
Membre
Merci ;p
Salut n'ecoute que moi stp pour ne pas chambouler la desinfection
le pc demarre-t-il en mode sans echec avec prise en charge réseau ?
sinon :
le pc demarre-t-il en invité de commandes ?
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤
le pc demarre-t-il en mode sans echec avec prise en charge réseau ?
sinon :
le pc demarre-t-il en invité de commandes ?
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤
ben c'est dans le menu mode sans echec
"invité de commandes"
si ca n'apparait pas fais F8 il devrait apparaitre
"invité de commandes"
si ca n'apparait pas fais F8 il devrait apparaitre
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
deplie avec les petits "+"
HKEY_CURRENT_USER
\Softwate
\Microsoft
\Windows NT
\CurrentVersion
\Winlogon
clic gauche sur "winlogon"
ensuite tableau de droite :
si tu trouves une valeur shell => clic droit , puis supprimer
ensuite reviens dans ta fenetre noire
tape :
del /f /q "C:\Users\JEAN-MI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk"
n'oublie pas les guillemets ni les espaces
ensuite , tape :
shutdown -r
le pc devrait redemarrer noralement , mais on a pas fini on juste desamorcé son demarrrage , l'infection est toujours là mais tu devrais avoir accès au pc
HKEY_CURRENT_USER
\Softwate
\Microsoft
\Windows NT
\CurrentVersion
\Winlogon
clic gauche sur "winlogon"
ensuite tableau de droite :
si tu trouves une valeur shell => clic droit , puis supprimer
ensuite reviens dans ta fenetre noire
tape :
del /f /q "C:\Users\JEAN-MI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk"
n'oublie pas les guillemets ni les espaces
ensuite , tape :
shutdown -r
le pc devrait redemarrer noralement , mais on a pas fini on juste desamorcé son demarrrage , l'infection est toujours là mais tu devrais avoir accès au pc
salut tu as essayé ca ?
tape :
del /f /q "C:\Users\JEAN-MI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk"
n'oublie pas les guillemets ni les espaces
ensuite , tape :
shutdown -r
le pc devrait redemarrer noralement , mais on a pas fini on juste desamorcé son demarrrage , l'infection est toujours là mais tu devrais avoir accès au pc
tape :
del /f /q "C:\Users\JEAN-MI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk"
n'oublie pas les guillemets ni les espaces
ensuite , tape :
shutdown -r
le pc devrait redemarrer noralement , mais on a pas fini on juste desamorcé son demarrrage , l'infection est toujours là mais tu devrais avoir accès au pc
mets ca dessus :
http://www.security-helpzone.com/Tools/g3n/winlogon.exe
mets-la clé dans le pc malade
redemarre le pc en invité de commandes ( pour qu'il prenne en charge la clé )
ensuite tape
dir E:
si ca repond le peripherique n'est pas pret continue avec F: , G: , etc jusqu'à ce qu il t'affiche le contenue de la clé
ensuite tape
E:\winlogon.exe
si la lettre est E: , sinon F:\winlogon.exe , etc suivant la lettre de lecteur qui t'affiche le menu contenant winlogon.exe
tu saisis ?
http://www.security-helpzone.com/Tools/g3n/winlogon.exe
mets-la clé dans le pc malade
redemarre le pc en invité de commandes ( pour qu'il prenne en charge la clé )
ensuite tape
dir E:
si ca repond le peripherique n'est pas pret continue avec F: , G: , etc jusqu'à ce qu il t'affiche le contenue de la clé
ensuite tape
E:\winlogon.exe
si la lettre est E: , sinon F:\winlogon.exe , etc suivant la lettre de lecteur qui t'affiche le menu contenant winlogon.exe
tu saisis ?
relance-le il tournera jusqu'au bout , le WMI a du morfler
au redemarrage laisse redemarrer normalement , il le fera quand le scan sera fini
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤
au redemarrage laisse redemarrer normalement , il le fera quand le scan sera fini
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤
Poste Pre_Scan_la_date_et_l'heure.txt qui apparaitra à la racine de ton disque système ( généralement C:\ )
NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)
Heberge le rapport sur https://www.cjoint.com/ puis donne le lien obtenu en echange sur le forum où tu te fais aider
NE LE POSTE PAS SUR LE FORUM !!! (il est trop long)
Heberge le rapport sur https://www.cjoint.com/ puis donne le lien obtenu en echange sur le forum où tu te fais aider
tu vois qu il existait le fichier : Moved to quarantine successfully : C:\Users\JEAN-MI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
^^
relance l'outil , clique sur "Post Reboot" et reheberge le rapport il manque un bout de travail de l outil
^^
relance l'outil , clique sur "Post Reboot" et reheberge le rapport il manque un bout de travail de l outil
? t'as relancé un scan complet...
relance -le clique sur DIAG et heberge le rapport Pre_Diag puis donne le lien
relance -le clique sur DIAG et heberge le rapport Pre_Diag puis donne le lien
Télécharge et enregistre ADWCleaner sur ton bureau :
Lance le,(Pour vista/7/8 => clic droit "executer en tant qu'administrateur")
clique sur suppression et poste C:\Adwcleaner[Sx].txt
Lance le,(Pour vista/7/8 => clic droit "executer en tant qu'administrateur")
clique sur suppression et poste C:\Adwcleaner[Sx].txt
sacré poubelle ! lol !
fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge ici :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
▶ Télécharge ici :
Malwarebytes
▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
relance malwarebytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
▶ Lance Malwarebyte's .
Fais un examen dit "Complet" .
▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .
▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)
desinstalle adobe reader 8
=====
selectionne ce texte , puis CTRL + C :
Relance Pre_scan puis choisis l'option "Script"
une page va s'ouvrir
logiquement le texte que tu as sélectionné s'y trouve déjà , donc tu fermes et le programme va travailler.
sinon colle-le (clic droit/coller ou ctrl+V) dans la page vierge.
puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte
des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille
poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤
=====
selectionne ce texte , puis CTRL + C :
Kill::
Key::
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[Acer Tour]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]|[eRecoveryService]
[HKU\S-1-5-21-113336085-737412853-708303479-1000\Software\Blabbers ]
[HKU\S-1-5-21-113336085-737412853-708303479-1000\Software\SweetIM]
[HKLM\Software\BrowserChoice]
[HKLM\Software\SweetIM]
[HKCR\Installer\Products\68AB67CA7DA73301B7448A0200000030]
[HKCR\Installer\Products\68AB67CA7DA73301B7448A3100000030]
[HKCR\Installer\Products\88ECA1CA174CE4945BAFB0C7122FE2F4]
File|Fold::
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\NewFeature1
C:\Windows\Installer\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\NewShortcut6.txt
C:\Windows\Installer\{AC1ACE88-C471-494E-B5FA-0B7C21F22E4F}
C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A81300000003}
C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-A82000000003}
C:\ProgramData\200467611.js
C:\Users\JEAN-MI\AppData\Local\Temp\Low\alot.txt
C:\Users\JEAN-MI\AppData\Local\Temp\Low\~*.tmp
C:\Users\JEAN-MI\AppData\Local\Temp\Low\~*.jpg
C:\Users\JEAN-MI\AppData\Local\Temp\Low\~*.jpd
C:\Users\JEAN-MI\AppData\Local\Temp\Low\*.htm
C:\Users\JEAN-MI\AppData\Local\Temp\Low\*.emf
C:\Windows\System32\Tasks\CreateChoiceProcessTask
C:\Windows\System32\Tasks\Funmoods
Clean::
MBR::
Reboot::
Relance Pre_scan puis choisis l'option "Script"
une page va s'ouvrir
logiquement le texte que tu as sélectionné s'y trouve déjà , donc tu fermes et le programme va travailler.
sinon colle-le (clic droit/coller ou ctrl+V) dans la page vierge.
puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte
des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille
poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail
¤¤¤¤¤¤¤¤¤¤ Pre_Scan_Concept ¤¤¤¤¤¤¤¤¤¤
