Disque dur

Résolu
fafany Messages postés 287 Statut Membre -  
fafany Messages postés 287 Statut Membre -
Bonjour, je ne sais pas si je suis au bon endroit pour poster. Il m'arrive une chose que je ne comprends pas, on dirait que mon disque dur c'est rempli en qq instants alors qu'il me restait plus de 500 giga. S'agit-il d'un virus ? Pouvez vous m'aider svp.
Merci

34 réponses

  • 1
  • 2
Résumé de la discussion

Le problème central est qu'un disque dur se remplit rapidement alors qu'il restait environ 500 Go libres, soulevant une éventuelle infection ou un logiciel malveillant sur Windows 7. Des conseils recommandent de diagnostiquer avec des outils de sécurité et d'isoler les menaces, via des scans, la suppression de composants suspects et l'hébergement de rapports pour vérification. Différentes recommandations techniques évoquent des outils comme RogueKiller et AdwCleaner, et des méthodes de nettoyage de registre, montrant que l'infection peut toucher le démarrage et les navigateurs. En pratique, il convient d'analyser rapports générés par ces outils, de vérifier les éléments suspects tels que les tâches planifiées et les extensions, puis d'évaluer l'intégrité du système.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. SlyK Messages postés 1060 Statut Contributeur sécurité 147
     
    Hello fafany,

    C'est fort possible !

    Fais ceci : https://www.security-helpzone.com/2013/04/21/roguekiller-detecter-les-menaces/

    Puis héberge le rapport : https://www.security-helpzone.com/2013/04/14/heberger-un-rapport-doutil/

    @+

    « Ceux qui ne croient pas en l'impossible sont priés de ne pas décourager ceux qui sont en train de le faire. »
    2
    1. fafany Messages postés 287 Statut Membre
       
      j'ai utilisé malwarebytes et rien d'anormal
      0
    2. SlyK Messages postés 1060 Statut Contributeur sécurité 147
       
      Re !

      Où est-ce qu'il est écrit d'utiliser Malwarebytes ?
      Fais un diagnostic avec RogueKiller comme c'est écrit dans la démarche à suivre.


      @+
      0
    3. fafany Messages postés 287 Statut Membre
       
      RogueKiller V8.6.3 [Jul 17 2013] par Tigzy
      mail : tigzyRK<at>gmail<dot>com
      Remontees : http://www.adlice.com/forum/
      Site Web : https://www.luanagames.com/index.fr.html
      Blog : http://tigzyrk.blogspot.com/

      Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
      Demarrage : Mode normal
      Utilisateur : Martine [Droits d'admin]
      Mode : Recherche -- Date : 07/27/2013 22:01:08
      | ARK || FAK || MBR |

      ¤¤¤ Processus malicieux : 2 ¤¤¤
      [SUSP PATH] BrowserDefender.exe -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [7] -> TUÉ [TermProc]
      [SUSP PATH] BrowserDefender.exe -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [7] -> TUÉ [TermProc]

      ¤¤¤ Entrees de registre : 3 ¤¤¤
      [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=localhost:50525) -> TROUVÉ
      [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
      [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

      ¤¤¤ Tâches planifiées : 1 ¤¤¤
      [V2][SUSP PATH] EPUpdater : C:\Users\Martine\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [-] -> TROUVÉ

      ¤¤¤ Entrées Startup : 0 ¤¤¤

      ¤¤¤ Navigateurs web : 0 ¤¤¤

      ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

      ¤¤¤ Driver : [NON CHARGE 0x0] ¤¤¤

      ¤¤¤ Ruches Externes: ¤¤¤

      ¤¤¤ Infection : ¤¤¤

      ¤¤¤ Fichier HOSTS: ¤¤¤
      --> %SystemRoot%\System32\drivers\etc\hosts




      ¤¤¤ MBR Verif: ¤¤¤

      +++++ PhysicalDrive0: WDC WD64 00AAKS-22A7B SCSI Disk Device +++++
      --- User ---
      [MBR] a11fb209d0972fd7956b1df03c7cc2ec
      [BSP] 92c46ac3a239e61a5b5e92571e9c984b : Windows 7/8 MBR Code
      Partition table:
      0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 19456 Mo
      1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 39847936 | Size: 100 Mo
      2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 40052736 | Size: 590922 Mo
      User = LL1 ... OK!
      Error reading LL2 MBR!

      Termine : << RKreport[0]_S_07272013_220108.txt >>
      0
  2. PiBeats Messages postés 31 Statut Membre 1
     
    Euuummh, as tu installer des chose par accidents ou un autre truc du genre ?
    0
  3. fafany Messages postés 287 Statut Membre
     
    non, je ne pense pas, juste une fois où j'ai annulé java qui a voulu s'installer de puis facebook.
    merci
    0
    1. PiBeats Messages postés 31 Statut Membre 1
       
      As tu verifier si il été vraiment plein ? Par ce que des fois ont confond clé usb etc
      0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. fafany Messages postés 287 Statut Membre
     
    Je connais bien, je ne confonds pas c'est mon C
    0
  6. fafany Messages postés 287 Statut Membre
     
    OTL logfile created on: 27/07/2013 22:08:32 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martine\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16635)
    Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2,75 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 57,54% Memory free
    5,50 Gb Paging File | 3,18 Gb Available in Paging File | 57,88% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 577,07 Gb Total Space | 6,64 Gb Free Space | 1,15% Space Free | Partition Type: NTFS

    Computer Name: MARTINE-PC | User Name: Martine | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    [color=#E56717]========== Processes (SafeList) ==========[/color]

    PRC - [2013/07/27 22:07:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martine\Downloads\OTL.exe
    PRC - [2013/07/27 21:53:48 | 000,915,968 | ---- | M] () -- C:\Users\Martine\Downloads\RogueKiller.exe
    PRC - [2013/07/04 08:07:32 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2013/07/04 08:07:02 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2013/07/04 08:07:01 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2013/05/23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
    PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/05 03:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    PRC - [2012/09/20 10:21:24 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    PRC - [2012/08/30 21:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/08/13 11:22:48 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\program\soffice.exe
    PRC - [2012/08/13 11:22:48 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\program\soffice.bin
    PRC - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    PRC - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2012/01/26 15:06:29 | 002,659,192 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
    PRC - [2012/01/22 16:39:49 | 000,124,832 | ---- | M] (Yuna Software) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
    PRC - [2011/06/10 08:23:52 | 000,959,880 | ---- | M] (SFR) -- C:\Program Files (x86)\Neuf\Kit\9props.exe
    PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/01/11 12:33:50 | 000,708,096 | ---- | M] () -- C:\Program Files (x86)\Philips\CamSuite\2.0.16.0\ACPService.exe
    PRC - [2011/01/11 12:33:28 | 000,781,312 | ---- | M] () -- C:\Program Files (x86)\Philips\CamSuite\2.0.16.0\ACPGUI.dll
    PRC - [2010/11/20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    PRC - [2010/11/20 14:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
    PRC - [2010/01/29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
    PRC - [2009/08/28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

    [color=#E56717]========== Modules (No Company Name) ==========[/color]

    MOD - [2013/07/14 08:15:43 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f95e6b6a92e3e28a3b553fe2998dd308\System.Data.ni.dll
    MOD - [2013/07/14 08:14:49 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
    MOD - [2013/07/14 08:14:46 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
    MOD - [2013/07/14 08:14:45 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
    MOD - [2013/07/14 08:14:39 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
    MOD - [2013/05/23 11:09:59 | 002,827,728 | ---- | M] () -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
    MOD - [2013/02/13 22:09:05 | 012,638,576 | ---- | M] () -- C:\Users\Martine\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
    MOD - [2012/12/05 03:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
    MOD - [2012/12/05 03:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
    MOD - [2012/12/05 03:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
    MOD - [2012/12/05 03:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
    MOD - [2012/12/05 03:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
    MOD - [2012/12/05 03:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
    MOD - [2012/12/05 03:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
    MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\program\libxml2.dll
    MOD - [2012/04/17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
    MOD - [2012/04/17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    MOD - [2012/04/17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
    MOD - [2012/04/17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
    MOD - [2012/04/17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
    MOD - [2012/04/17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
    MOD - [2012/04/17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
    MOD - [2012/04/17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
    MOD - [2012/04/17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
    MOD - [2011/11/07 10:18:26 | 008,499,712 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\QtGui4.dll
    MOD - [2011/11/07 10:18:24 | 002,347,520 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\QtCore4.dll
    MOD - [2011/01/11 12:34:12 | 000,358,400 | ---- | M] () -- C:\Program Files (x86)\Philips\CamSuite\2.0.16.0\Resources.dll
    MOD - [2011/01/11 12:33:40 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\Philips\CamSuite\2.0.16.0\ACPPlugins.dll
    MOD - [2011/01/11 12:33:28 | 000,781,312 | ---- | M] () -- C:\Program Files (x86)\Philips\CamSuite\2.0.16.0\ACPGUI.dll
    MOD - [2011/01/11 12:32:16 | 000,470,016 | ---- | M] () -- C:\Program Files (x86)\Philips\CamSuite\2.0.16.0\ACP_Lib.dll
    MOD - [2011/01/11 12:31:56 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\Philips\CamSuite\2.0.16.0\ACPSharedTypes.dll
    MOD - [2011/01/11 12:31:48 | 000,315,904 | ---- | M] () -- C:\Program Files (x86)\Philips\CamSuite\2.0.16.0\Common.dll
    MOD - [2010/11/13 01:52:13 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
    MOD - [2010/11/05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

    [color=#E56717]========== Services (SafeList) ==========[/color]

    SRV:[b]64bit:[/b] - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV:[b]64bit:[/b] - [2013/03/18 11:32:34 | 000,263,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe -- (becldr3Service)
    SRV:[b]64bit:[/b] - [2012/09/23 12:45:00 | 000,427,976 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\x64\maconfservice.exe -- (maconfservice)
    SRV:[b]64bit:[/b] - [2010/01/29 02:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
    SRV:[b]64bit:[/b] - [2009/08/10 16:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
    SRV:[b]64bit:[/b] - [2009/08/10 16:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
    SRV - [2013/07/04 08:07:32 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2013/07/04 08:07:02 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2013/06/21 09:53:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/06/12 18:39:30 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/05/23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
    SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/08/30 21:14:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/03/23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2012/01/22 16:39:49 | 000,124,832 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
    SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2011/01/11 12:33:50 | 000,708,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Philips\CamSuite\2.0.16.0\ACPService.exe -- (ACPService)
    SRV - [2010/10/12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/16 00:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2009/08/28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
    SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

    [color=#E56717]========== Driver Services (SafeList) ==========[/color]

    DRV:[b]64bit:[/b] - [2013/03/28 21:20:18 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:[b]64bit:[/b] - [2013/03/28 21:20:18 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:[b]64bit:[/b] - [2013/03/28 21:20:18 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
    DRV:[b]64bit:[/b] - [2013/02/12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:[b]64bit:[/b] - [2012/07/28 03:15:28 | 000,057,280 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:[b]64bit:[/b] - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:[b]64bit:[/b] - [2011/07/21 20:55:50 | 000,016,640 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2x64.sys -- (driverhardwarev2x64)
    DRV:[b]64bit:[/b] - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:[b]64bit:[/b] - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:[b]64bit:[/b] - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:[b]64bit:[/b] - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:[b]64bit:[/b] - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
    DRV:[b]64bit:[/b] - [2009/12/14 15:55:46 | 000,584,192 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\spc999.sys -- (spc999)
    DRV:[b]64bit:[/b] - [2009/12/14 15:55:46 | 000,008,192 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\spc999m.sys -- (spc999m)
    DRV:[b]64bit:[/b] - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV:[b]64bit:[/b] - [2009/10/20 18:20:36 | 000,114,608 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\phaudlwr.sys -- (phaudlwr)
    DRV:[b]64bit:[/b] - [2009/07/30 11:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
    DRV:[b]64bit:[/b] - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:[b]64bit:[/b] - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:[b]64bit:[/b] - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:[b]64bit:[/b] - [2009/07/13 23:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:[b]64bit:[/b] - [2009/06/10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:[b]64bit:[/b] - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:[b]64bit:[/b] - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:[b]64bit:[/b] - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:[b]64bit:[/b] - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:[b]64bit:[/b] - [2006/10/16 10:44:12 | 000,587,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\phc600.sys -- (phc600)
    DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]

    [color=#E56717]========== Internet Explorer ==========[/color]

    IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope =
    IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
    IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=afterd&chnl=afterd&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtAtC0C0FtAzz0AtCzy0CtN0D0Tzu0StByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2110594908
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{0B997C1D-5DDD-E277-7CE0-389C918B84F5}: "URL" = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = https://www.google.com/webhp?sourceid=ie7&gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=afterd&chnl=afterd&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtAtC0C0FtAzz0AtCzy0CtN0D0Tzu0StByEyEtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2110594908

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?affID=121845&babsrc=HP_ss_din2g&mntrId=54BE00262D31CF38
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer-group.com/selection.html?b=ACEW&l=040c&m=el1352&r=17361010z016pe4c5v1j5r4671s622
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?gws_rd=ssl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=121845&babsrc=HP_ss_din2g&mntrId=54BE00262D31CF38
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = https://www.google.com/?gws_rd=ssl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.com/?gws_rd=ssl
    IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-search.com/?q={searchTerms}&affID=121845&babsrc=SP_ss&mntrId=54BE00262D31CF38
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = https://www.google.com/webhp?sourceid=ie7&gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_frFR400FR400
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_frFR400FR400
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:50525

    [color=#E56717]========== FireFox ==========[/color]

    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\x64\nphardwaredetection.dll (Cybelsoft)
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Martine\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

    [2010/10/29 21:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martine\AppData\Roaming\mozilla\Extensions
    [2010/10/29 21:58:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martine\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2012/09/01 17:43:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martine\AppData\Roaming\mozilla\Firefox\extensions
    [2012/09/01 17:43:47 | 000,000,000 | ---D | M] (01NET.com) -- C:\Users\Martine\AppData\Roaming\mozilla\Firefox\extensions\{8e5025c2-8ea3-430d-80b8-a14151068a6d}
    [2012/08/27 14:30:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

    [color=#E56717]========== Chrome ==========[/color]

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Martine\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
    CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Martine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll
    CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Ma-Config.com plugin (Enabled) = C:\Program Files\ma-config.com\nphardwaredetection.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Martine\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
    CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
    CHR - Extension: Skype Click to Call = C:\Users\Martine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\

    O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:[b]64bit:[/b] - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Objet d'aide à la navigation SFR) - {0F6E720A-1A6B-40E1-A294-1D4D19F156C8} - C:\Program Files (x86)\Neuf\Kit\SFRNavErrorHelper.dll (SFR)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.71\npchrome_frame.dll (Google Inc.)
    O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:[b]64bit:[/b] - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
    O4 - HKCU..\Run: [Connexion SFR 9props.exe] C:\Program Files (x86)\Neuf\Kit\9props.exe (SFR)
    O4 - HKCU..\Run: [Facebook Update] C:\Users\Martine\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKCU..\Run: [Philips Intelligent Agent] C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe (Philips Consumer Electronics)
    O4 - HKCU..\RunOnce: [Uninstall C:\Users\Martine\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Martine\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
    O4 - Startup: C:\Users\Martine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9:[b]64bit:[/b] - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13[b]64bit:[/b] - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.25.2)
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFE4FEE7-4906-4336-AAB0-28550CC777ED}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFE4FEE7-4906-4336-AAB0-28550CC777ED}: NameServer = 8.8.8.8,8.8.4.4
    O18:[b]64bit:[/b] - Protocol\Handler\gcf - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\28.0.1500.71\npchrome_frame.dll (Google Inc.)
    O18 - Protocol\Handler\livecall - No CLSID value found
    O18 - Protocol\Handler\msnim - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{353c1d9f-0855-11e1-a6a8-00262d31cf38}\Shell - "" = AutoRun
    O33 - MountPoints2\{353c1d9f-0855-11e1-a6a8-00262d31cf38}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
    O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
    O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

    [2013/07/27 21:59:08 | 000,000,000 | ---D | C] -- C:\Users\Martine\Desktop\RK_Quarantine
    [2013/07/15 13:17:14 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/07/15 13:17:07 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/07/14 01:25:03 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/07/14 01:25:03 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/07/14 01:25:02 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/07/14 01:25:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/07/14 01:25:02 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/07/14 01:25:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/07/14 01:25:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013/07/14 01:25:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/07/14 01:25:02 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/07/14 01:25:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013/07/14 01:25:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/07/14 01:25:01 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/07/14 01:25:00 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/07/14 01:25:00 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/07/14 01:24:59 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/07/13 18:51:41 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
    [2013/07/13 18:51:41 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
    [2013/07/13 18:51:36 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
    [2013/07/13 18:51:36 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
    [2013/07/13 18:50:46 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2013/07/04 16:54:41 | 000,000,000 | ---D | C] -- C:\Users\Martine\CS6 Master Collection
    [2013/07/04 16:47:20 | 000,000,000 | ---D | C] -- C:\Users\Martine\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

    [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

    [2013/07/27 21:52:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/07/27 21:39:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/07/27 21:26:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/07/27 21:09:32 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/07/27 21:09:32 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/07/27 21:01:29 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/07/27 21:01:09 | 2214,092,800 | -HS- | M] () -- C:\hiberfil.sys
    [2013/07/27 19:32:14 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-332380891-3990497652-3503449136-1000UA.job
    [2013/07/27 17:50:02 | 000,000,498 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Martine.job
    [2013/07/26 22:32:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-332380891-3990497652-3503449136-1000Core.job
    [2013/07/21 13:46:17 | 000,010,516 | ---- | M] () -- C:\Users\Martine\Documents\cc_20130721_134609.reg
    [2013/07/20 20:13:33 | 000,075,819 | ---- | M] () -- C:\Users\Martine\Documents\Evan.jpg
    [2013/07/17 14:00:04 | 000,014,700 | ---- | M] () -- C:\Users\Martine\Documents\je voudrais tant que tu sois là.odt
    [2013/07/15 13:17:01 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/07/15 13:17:01 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/07/15 13:17:01 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/07/15 13:17:00 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
    [2013/07/15 13:17:00 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
    [2013/07/15 13:17:00 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/07/15 08:34:12 | 000,047,608 | ---- | M] () -- C:\Users\Martine\Documents\cc_20130715_083400.reg
    [2013/07/14 08:06:12 | 000,436,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/07/13 18:59:38 | 056,854,286 | ---- | M] () -- C:\Users\Martine\Documents\subliminal_mincir_parc.zip
    [2013/07/06 20:35:49 | 000,302,904 | ---- | M] () -- C:\Users\Martine\Documents\Eveil.pdf
    [2013/07/05 22:16:41 | 004,054,978 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
    [2013/07/05 22:16:41 | 001,672,464 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/07/05 22:16:41 | 001,242,168 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
    [2013/07/05 22:16:41 | 001,068,730 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/07/05 22:16:41 | 000,006,248 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/07/04 18:32:39 | 000,729,770 | ---- | M] () -- C:\Users\Martine\Documents\S3711 (1).pdf
    [2013/07/04 08:07:36 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys

    [color=#E56717]========== Files Created - No Company Name ==========[/color]

    [2013/07/21 13:46:13 | 000,010,516 | ---- | C] () -- C:\Users\Martine\Documents\cc_20130721_134609.reg
    [2013/07/20 20:03:32 | 000,075,819 | ---- | C] () -- C:\Users\Martine\Documents\Evan.jpg
    [2013/07/15 08:34:08 | 000,047,608 | ---- | C] () -- C:\Users\Martine\Documents\cc_20130715_083400.reg
    [2013/07/13 18:58:30 | 056,854,286 | ---- | C] () -- C:\Users\Martine\Documents\subliminal_mincir_parc.zip
    [2013/07/06 20:35:49 | 000,302,904 | ---- | C] () -- C:\Users\Martine\Documents\Eveil.pdf
    [2013/07/04 18:32:39 | 000,729,770 | ---- | C] () -- C:\Users\Martine\Documents\S3711 (1).pdf
    [2013/06/25 16:18:09 | 000,006,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/06/21 15:59:09 | 000,000,004 | ---- | C] () -- C:\Users\Martine\AppData\Roaming\skype.ini
    [2012/11/20 20:18:32 | 000,000,471 | ---- | C] () -- C:\ProgramData\CamSuite.ini
    [2012/11/20 11:34:06 | 000,040,960 | ---- | C] () -- C:\Windows\CleanDev.exe
    [2012/09/02 20:17:49 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
    [2012/09/02 20:17:16 | 000,000,000 | ---- | C] () -- C:\Users\Martine\AppData\Roaming\pdfconverter
    [2012/08/13 11:22:46 | 000,014,071 | ---- | C] () -- C:\Program Files (x86)\readme.html
    [2012/05/08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files (x86)\basis-link
    [2012/04/22 16:09:25 | 000,010,240 | ---- | C] () -- C:\Users\Martine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/07/08 23:18:00 | 000,000,000 | ---- | C] () -- C:\Users\Martine\AppData\Local\{382C2329-3901-4F91-8484-22A8448479A5}
    [2011/02/19 18:23:51 | 000,003,383 | ---- | C] () -- C:\Users\Martine\.recently-used.xbel
    [2011/01/31 11:19:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/01/14 12:43:21 | 000,007,609 | ---- | C] () -- C:\Users\Martine\AppData\Local\Resmon.ResmonCfg

    [color=#E56717]========== ZeroAccess Check ==========[/color]

    [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    [color=#E56717]========== Alternate Data Streams ==========[/color]

    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:59846E5E

    < End of report >
    0
    1. fafany Messages postés 287 Statut Membre
       
      Merci de bien vouloir m'aider
      0
  7. SlyK Messages postés 1060 Statut Contributeur sécurité 147
     
    Re !

    Bien dormis ?

    Il manque le rapport Extras.txt, ainsi que le rapport de suppression de RogueKiller.

    @+
    0
  8. fafany Messages postés 287 Statut Membre
     
    Bonjour, je vous ai mis les rapports et je n'en vois pas d'autres. Ce matin j'ai scanné avec BitDefender pris sur votre site et il a trouvé "trojan generic 6615220.
    J'espère que vous avez bien dormi car moi c'est très peu....
    Merci
    0
  9. SlyK Messages postés 1060 Statut Contributeur sécurité 147
     
    Re !

    Règle d'or qu'il faut respecter, attendre les instructions et ne pas passer n'importe quel outil. Bon, là en revanche ce n'est pas grave.

    Dans ton poste précédent je ne vois qu'un rapport OTL.txt, alors qu'il m'en faut 3. N'oublie pas non plus de l'héberger comme il est préciser un fin de démarche au lieu de directement l'envoyer sur le forum.

    @+
    0
  10. fafany Messages postés 287 Statut Membre
     
    Désolée, je recommence tout ?
    0
  11. SlyK Messages postés 1060 Statut Contributeur sécurité 147
     
    Re !

    Non tu ne recommences rien. Les rapports sont enregistré. Vérifie leurs présence sur le bureau.

    @+
    0
  12. fafany Messages postés 287 Statut Membre
     
    Je n'ai pas compris comment vous les envoyer :-(
    0
  13. SlyK Messages postés 1060 Statut Contributeur sécurité 147
     
    Re !

    C'est Ok pour le rapport de RogueKiller, alors maintenant il me manque simplement le deuxième rapport générer par OTL. Il se nomme Extras.txt.

    Si tu ne le trouves pas sur le bureau regarde à l'endroit où se trouve l'exécutable d'OTL.

    @+
    0
  14. fafany Messages postés 287 Statut Membre
     
    https://www.cjoint.com/c/CGCjyTmwUo4

    C'est laborieux; mais je pense y être arrivée
    0
    1. fafany Messages postés 287 Statut Membre
       
      Mon lien a fonctionné ?
      0
    2. SlyK Messages postés 1060 Statut Contributeur sécurité 147
       
      Re !

      Oui c'est tout bon !
      Je regarde.


      @+
      0
  15. SlyK Messages postés 1060 Statut Contributeur sécurité 147
     
    Re !

    Désinstalles les logiciels suivant :
    - WebCake
    - Snap.Do
    - BrowserDefender
    - Google Toolbar for Internet Explorer
    - Bing Bar
    - Boxore Client
    - Norton Online Backup (à moins que tu l'utilises)
    - Delta toolbar
    - Delta Chrome Toolbar
    

    Puis fais ceci : http://www.security-helpzone.com/blog/adwcleaner-supprimer-les-adwares-news-88.html

    @+
    « Ceux qui ne croient pas en l'impossible sont priés de ne pas décourager ceux qui sont en train de le faire. »
    0
    1. fafany Messages postés 287 Statut Membre
       
      je n'ai pas pu désinstaller browser defender et delta chrome toolbar ça m'affiche "vous ne disposez pas d'un accès suffisant pour désinstaller, contactez votre administrateur système".
      Je fais quand même la suite ?
      0
    2. fafany Messages postés 287 Statut Membre
       
      Plus j'y pense et plus je pense qu'il m'a été impossible de télécharger 500 gigas en si peu de temps, voire qq jours. Je ne voudrais pas faire un formatage (d'abord je ne sais pas faire) et je ne voudrais rien perdre de ce qu'il y a dans mon ordi. Je suis désespérée.
      0
  16. g3n-h@ckm@n Messages postés 14350 Statut Membre 949
     
    salut Slyk manque de temps , il m' a demandé de poursuivre avec toi

    ==

    Télécharge et enregistre (lien direct) ADWCleaner sur ton bureau :

    attends que la fenetre de confirmation de telechargement arrive

    Lance le,(Pour vista/7/8 => clic droit "executer en tant qu'administrateur")

    clique sur suppression et poste C:\Adwcleaner[Sx].txt
    0
  17. fafany Messages postés 287 Statut Membre
     
    # AdwCleaner v2.306 - Rapport créé le 28/07/2013 à 14:28:29
    # Mis à jour le 19/07/2013 par Xplode
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d'utilisateur : Martine - MARTINE-PC
    # Mode de démarrage : Normal
    # Exécuté depuis : C:\Users\Martine\Downloads\adwcleaner.exe
    # Option [Recherche]

    ***** [Services] *****

    ***** [Fichiers / Dossiers] *****

    ***** [Registre] *****

    ***** [Navigateurs] *****

    -\\ Internet Explorer v10.0.9200.16635

    [OK] Le registre ne contient aucune entrée illégitime.

    -\\ Google Chrome v23.0.1271.97

    Fichier : C:\Users\Martine\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] Le fichier ne contient aucune entrée illégitime.

    *************************

    AdwCleaner[R1].txt - [8518 octets] - [08/02/2013 14:05:33]
    AdwCleaner[R2].txt - [2537 octets] - [14/02/2013 01:27:23]
    AdwCleaner[R3].txt - [3849 octets] - [13/03/2013 08:42:47]
    AdwCleaner[R4].txt - [3615 octets] - [08/05/2013 17:55:29]
    AdwCleaner[R6].txt - [11526 octets] - [28/07/2013 10:37:16]
    AdwCleaner[R7].txt - [11526 octets] - [28/07/2013 10:38:28]
    AdwCleaner[R8].txt - [1502 octets] - [28/07/2013 14:26:37]
    AdwCleaner[R9].txt - [1193 octets] - [28/07/2013 14:28:29]
    AdwCleaner[S1].txt - [7593 octets] - [08/02/2013 14:05:56]
    AdwCleaner[S2].txt - [1781 octets] - [14/02/2013 01:27:40]
    AdwCleaner[S3].txt - [2991 octets] - [13/03/2013 08:43:07]
    AdwCleaner[S4].txt - [3744 octets] - [08/05/2013 17:55:57]

    ########## EOF - C:\AdwCleaner[R9].txt - [1493 octets] ##########
    0
    1. fafany Messages postés 287 Statut Membre
       
      J'ai oublié de vous remercier pour avoir pris la "relève"
      0
  • 1
  • 2