QV06 envahissant

Résolu
vincentb73 Messages postés 16 Statut Membre -  
Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
Bonjour,
j'ai un probleme avec le virus ou je ne sais quoi QV06
j'ai deja fait adwcleaner et les differente manip mais sa na rien donné
je suis une bille en informatique
j'y comprend rien
a l'aide , c'est l'un de mes outils de travail

merci d'avance

14 réponses

  1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Salut,

    Faire un scan OTL pour diagnostiquer les programmes qui tournent et déceler des infections - Le programme va générer deux rapports OTL.txt et Extras.txt
    Fournir les deux rapports :

    Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

    * Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

    Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).

    * Lance OTL
    * En haut à droite de Analyse rapide, coche "tous les utilisateurs"
    * Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %temp%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\consrv.dll
    %systemroot%\system32\*.dll /lockedfiles
    %windir%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    /md5start
    explorer.exe
    winlogon.exe
    services.exe
    wininit.exe
    /md5stop
    HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s
    HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
    HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor /s
    HKEY_CURRENT_USER\Software\Microsoft\Command Processor /s
    CREATERESTOREPOINT
    nslookup https://www.google.fr/?gws_rd=ssl /c
    SAVEMBR:0
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs

    * Clique sur le bouton Analyse.

    * Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent).
    Donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.
    Je répète : donne le lien du rapport pjjoint ici dans un nouveau message.

    NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT DANS UN NOUVEAU MESSAGE

    0
  2. vincentb73 Messages postés 16 Statut Membre
     
    ok c'est parti pour le scan y a plus qu'a attendre
    merci
    0
  3. vincentb73 Messages postés 16 Statut Membre
     
    ont dirais que c'est bloqué sur getting folder structure
    0
    1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
       
      le scan peut être long.
      0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. vincentb73 Messages postés 16 Statut Membre
     
    sinon je le met direct ici
    0
    1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
       
      copie/colle en bas sur http://pjjoint.malekal.com
      clic sur envoyer juste au dessus.
      file le lien pjjoint.
      0
    2. vincentb73 Messages postés 16 Statut Membre
       
      deja essayé
      transfert en cour sa bloque a 80 %
      page web inaccesible
      0
    3. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
       
      et si tu fais parcourir et que tu vas chercher le fichier
      ensuite envoyer ?
      0
    4. vincentb73 Messages postés 16 Statut Membre
       
      comme ecrit plus haut
      fichier introuvable
      0
  6. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    copie colle ici alors.
    0
  7. vincentb73 Messages postés 16 Statut Membre
     
    c'est bon ou pas
    0
  8. vincentb73 Messages postés 16 Statut Membre
     
    j'espere que sa va marché

    OTL logfile created on: 08/09/2013 13:00:53 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\VINCENT\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    2,00 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 40,86% Memory free
    4,23 Gb Paging File | 2,48 Gb Available in Paging File | 58,60% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 327,35 Gb Total Space | 234,74 Gb Free Space | 71,71% Space Free | Partition Type: NTFS

    Computer Name: PC-DE-FAMILLE-B | User Name: VINCENT | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    [color=#E56717]========== Processes (SafeList) ==========[/color]

    PRC - [2013/09/08 12:50:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VINCENT\Desktop\OTL (1).exe
    PRC - [2013/09/05 22:53:36 | 000,342,592 | ---- | M] (Woodtale Technology Inc) -- C:\Users\VINCENT\AppData\Local\DProtect\DProtectSvc.exe
    PRC - [2013/07/12 20:51:20 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
    PRC - [2013/05/09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2013/05/09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/03/22 06:07:18 | 000,093,072 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2013/03/22 06:07:16 | 000,248,208 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
    PRC - [2013/02/05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
    PRC - [2013/01/18 16:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    PRC - [2013/01/18 16:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/06/12 16:00:34 | 000,888,480 | ---- | M] (Orange) -- C:\Program Files\Orange\MailNotifier\MailNotifier.exe
    PRC - [2010/07/30 07:51:50 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe
    PRC - [2010/06/24 15:00:14 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
    PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2007/07/19 15:32:34 | 001,120,568 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
    PRC - [2007/03/01 15:38:48 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007/01/19 20:13:32 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
    PRC - [2006/09/27 09:13:14 | 002,486,272 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
    PRC - [2006/09/27 09:13:14 | 002,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
    PRC - [2006/05/23 06:00:00 | 000,139,264 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBPE.EXE

    [color=#E56717]========== Modules (No Company Name) ==========[/color]

    MOD - [2013/09/05 22:53:36 | 000,506,944 | ---- | M] () -- C:\Users\VINCENT\AppData\Local\DProtect\eBP.dll
    MOD - [2013/09/05 22:53:36 | 000,062,016 | ---- | M] () -- C:\Users\VINCENT\AppData\Local\DProtect\eBPSD.dll
    MOD - [2013/09/02 22:35:56 | 000,410,576 | ---- | M] () -- C:\Users\VINCENT\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
    MOD - [2013/09/02 22:35:55 | 013,599,184 | ---- | M] () -- C:\Users\VINCENT\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
    MOD - [2013/09/02 22:35:54 | 004,053,456 | ---- | M] () -- C:\Users\VINCENT\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
    MOD - [2013/09/02 22:35:04 | 000,709,584 | ---- | M] () -- C:\Users\VINCENT\AppData\Local\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
    MOD - [2013/09/02 22:35:03 | 000,099,792 | ---- | M] () -- C:\Users\VINCENT\AppData\Local\Google\Chrome\Application\29.0.1547.66\libegl.dll
    MOD - [2013/09/02 22:35:01 | 001,604,560 | ---- | M] () -- C:\Users\VINCENT\AppData\Local\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
    MOD - [2012/06/12 15:38:12 | 000,337,408 | ---- | M] () -- C:\Program Files\Orange\MailNotifier\QtXml4.dll
    MOD - [2012/06/12 15:38:10 | 000,877,056 | ---- | M] () -- C:\Program Files\Orange\MailNotifier\QtNetwork4.dll
    MOD - [2012/06/12 15:37:40 | 007,388,672 | ---- | M] () -- C:\Program Files\Orange\MailNotifier\QtGui4.dll
    MOD - [2012/06/12 15:37:18 | 002,010,624 | ---- | M] () -- C:\Program Files\Orange\MailNotifier\QtCore4.dll
    MOD - [2012/06/12 15:37:18 | 000,182,784 | ---- | M] () -- C:\Program Files\Orange\MailNotifier\ProxyDetection.dll
    MOD - [2012/06/12 15:37:18 | 000,178,176 | ---- | M] () -- C:\Program Files\Orange\MailNotifier\phonon_backend\phonon_ds94.dll
    MOD - [2012/06/12 15:37:00 | 000,241,664 | ---- | M] () -- C:\Program Files\Orange\MailNotifier\phonon4.dll
    MOD - [2012/06/12 15:36:58 | 000,022,016 | ---- | M] () -- C:\Program Files\Orange\MailNotifier\imageformats\qgif4.dll
    MOD - [2011/11/22 14:46:36 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
    MOD - [2010/08/14 13:06:53 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
    MOD - [2008/03/20 19:39:46 | 002,486,272 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
    MOD - [2007/08/09 12:27:40 | 000,577,536 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\ac3filter.ax
    MOD - [2006/08/11 12:49:42 | 000,828,416 | ---- | M] () -- C:\Program Files\OpenOffice.org 2.0\program\libxml2.dll

    [color=#E56717]========== Services (SafeList) ==========[/color]

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Software\Update\SoftwareUpdate.exe /medsvc -- (Software_update_m)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Software\Update\SoftwareUpdate.exe /svc -- (Software_update)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
    SRV - [2013/09/05 22:53:36 | 000,342,592 | ---- | M] (Woodtale Technology Inc) [Auto | Running] -- C:\Users\VINCENT\AppData\Local\DProtect\DProtectSvc.exe -- (DPService)
    SRV - [2013/08/20 20:49:30 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/07/31 14:56:30 | 001,073,176 | ---- | M] (France Telecom SA) [Auto | Stopped] -- C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe -- (Orange update Core Service)
    SRV - [2013/05/09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2013/03/22 06:07:18 | 000,093,072 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2013/02/26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/02/05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
    SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2013/01/08 13:53:48 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/12/18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/04/22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2010/07/30 07:51:50 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc)
    SRV - [2010/06/24 15:00:14 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
    SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

    [color=#E56717]========== Driver Services (SafeList) ==========[/color]

    DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCANDIS4.SYS -- (PCANDIS4)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCAMPR4.SYS -- (PCAMPR4)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2013/06/29 21:10:44 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2013/06/29 21:10:43 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2013/06/29 21:10:43 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2013/05/09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2013/05/09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2013/05/09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2013/05/09 10:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2013/05/09 10:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
    DRV - [2013/05/09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2013/02/26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2012/04/22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2010/09/06 16:25:10 | 000,239,104 | ---- | M] (AVEO Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVEOdcnt.sys -- (AVEO)
    DRV - [2010/07/30 07:51:50 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
    DRV - [2010/06/24 15:00:14 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
    DRV - [2010/04/27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
    DRV - [2010/04/27 04:25:16 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd)
    DRV - [2010/04/27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
    DRV - [2010/04/27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
    DRV - [2010/04/27 04:25:14 | 000,132,608 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdm.sys -- (ssm_mdm)
    DRV - [2010/04/27 04:25:14 | 000,104,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus)
    DRV - [2010/04/27 04:25:14 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
    DRV - [2006/11/28 20:46:22 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
    DRV - [2006/11/28 20:46:20 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2006/11/02 09:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)

    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]

    [color=#E56717]========== Internet Explorer ==========[/color]

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/?gws_rd=ssl
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/?gws_rd=ssl
    IE - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
    IE - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
    IE - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rlz=1I7GGLL_fr&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\..\SearchScopes\{6cec3876-fc26-4089-9dc3-6194cc219173}: "URL" = http://www.searcheo.fr/france?search&q={searchTerms}
    IE - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\..\SearchScopes\{814C76CB-2623-43F4-AAD0-58A0E5190A20}: "URL" = http://r.orange.fr/r?ref=O_OI_hook_openSearchIE&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata={searchTerms}
    IE - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    [color=#E56717]========== FireFox ==========[/color]

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\VINCENT\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\VINCENT\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\VINCENT\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/07/01 17:21:07 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/01 13:31:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/29 21:37:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/09 19:15:34 | 000,000,000 | ---D | M]

    [2013/03/06 23:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
    [2007/12/04 09:57:01 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2010/05/11 18:00:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/21 11:32:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/10/20 12:39:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/06 21:58:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/03/06 21:28:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/20 22:21:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2012/06/30 19:14:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2012/09/12 18:52:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2007/12/04 09:56:49 | 000,000,000 | ---D | M] (Packard Bell Settings) -- C:\Program Files\mozilla firefox\extensions\packardbell@partners.mozilla.com
    [2010/02/01 10:32:34 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
    [2010/02/01 10:32:34 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
    [2010/02/01 10:32:34 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
    [2010/02/01 10:32:34 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
    [2010/02/01 10:32:34 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

    [color=#E56717]========== Chrome ==========[/color]

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.qvo6.com/?utm_source=b&utm_medium=adks&utm_campaign=eXQ&utm_content=hp&from=adks&uid=ST3360320AS_9QF8E933XXXX9QF8E933&ts=1378634576
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.225\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\VINCENT\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\VINCENT\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: 3DVIA player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\VINCENT\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Recherche Google = C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_1\
    CHR - Extension: Gmail = C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: YouTube = C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Recherche Google = C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_1\
    CHR - Extension: Gmail = C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (barre d'outils Orange) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (Orange)
    O3 - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
    O3 - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\..\Toolbar\WebBrowser: (barre d'outils Orange) - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll (Orange)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\.DEFAULT..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
    O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
    O4 - HKU\S-1-5-18..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background File not found
    O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002..\Run: [EPSON Stylus Photo RX560 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE (SEIKO EPSON CORPORATION)
    O4 - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002..\Run: [EPSON Stylus Photo RX560 Series (Copie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE (SEIKO EPSON CORPORATION)
    O4 - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002..\Run: [EPSON Stylus Photo RX560 Series (Copie 2)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.EXE (SEIKO EPSON CORPORATION)
    O4 - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s File not found
    O4 - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe File not found
    O4 - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002..\Run: [MailNotifier] C:\Program Files\Orange\MailNotifier\MailNotifier.exe (Orange)
    O4 - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002..\Run: [orangeinside] C:\Users\VINCENT\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe (Orange)
    O4 - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
    O4 - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    O4 - Startup: C:\Users\STEPHANIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
    O4 - Startup: C:\Users\VINCENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
    O4 - Startup: C:\Users\VINCENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites File not found
    O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Users\VINCENT\AppData\Roaming\Orange\OrangeInside\src\addfavorites_html\addfavorites.html ()
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: envoyer le texte sélectionné par sms - C:\Users\VINCENT\AppData\Roaming\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html ()
    O8 - Extra context menu item: envoyer par sms - C:\Users\VINCENT\AppData\Roaming\Orange\OrangeInside\src\sendsms_html\sendsms.html ()
    O8 - Extra context menu item: envoyer un mail - C:\Users\VINCENT\AppData\Roaming\Orange\OrangeInside\src\sendmail_html\sendmail.html ()
    O8 - Extra context menu item: orange.fr - C:\Users\VINCENT\AppData\Roaming\Orange\OrangeInside\src\orange_html\orange.html ()
    O8 - Extra context menu item: rechercher le texte sélectionné - C:\Users\VINCENT\AppData\Roaming\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html ()
    O8 - Extra context menu item: traduire la page - C:\Users\VINCENT\AppData\Roaming\Orange\OrangeInside\src\translate_html\translate.html ()
    O8 - Extra context menu item: traduire le texte sélectionné - C:\Users\VINCENT\AppData\Roaming\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html ()
    O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\..Trusted Domains: localhost ([]http in Intranet local)
    O15 - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\..Trusted Domains: mappy.com ([]http in Sites de confiance)
    O15 - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\..Trusted Domains: orange.fr ([]http in Sites de confiance)
    O15 - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\..Trusted Domains: orange.fr ([logicielsgratuits] http in Sites de confiance)
    O15 - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\..Trusted Domains: voila.fr ([rw.search.ke] http in Sites de confiance)
    O15 - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\..Trusted Domains: weborama.fr ([orange] http in Sites de confiance)
    O15 - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002\..Trusted Ranges: GD ([http] in Intranet local)
    O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} http://webtv.guidetv.orange.fr/resources/OCS_8971.cab (FTMediaPlayer Class)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{018D29E4-DB84-49C5-AE26-A7572602C740}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\Users\VINCENT\AppData\Local\DProtect\eBP.dll) - C:\Users\VINCENT\AppData\Local\DProtect\eBP.dll ()
    O20 - AppInit_DLLs: (C:\Users\VINCENT\AppData\Local\DProtect\eBPSD.dll) - C:\Users\VINCENT\AppData\Local\DProtect\eBPSD.dll ()
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-21-2540306535-3082117121-2615299298-1002 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Green Sea Turtle.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{1aa6c632-5e6c-11df-8705-001c2556db0b}\Shell - "" = AutoRun
    O33 - MountPoints2\{1aa6c632-5e6c-11df-8705-001c2556db0b}\Shell\AutoRun\command - "" = "K:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{663dfae4-a444-11dd-96f9-001c2556db0b}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 0

    SafeBootMin: AppMgmt - Service
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: NTDS - File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    SafeBootNet: AppMgmt - Service
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - Service
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: NTDS - File not found
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
    ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
    ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
    ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0} - Microsoft .NET Framework 1.1 Security Update (KB2833941)
    ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
    PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

    [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

    [2013/09/08 12:51:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\VINCENT\Desktop\OTL (1).exe
    [2013/09/08 12:34:12 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{83019421-B991-447B-A9E7-177A781669F1}
    [2013/09/08 09:52:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/09/08 09:42:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2013/09/07 09:00:28 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{F2BD40C4-FE2F-4EE6-A0E4-18CE9DF8F244}
    [2013/09/06 12:53:49 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{FAFD7749-A44F-49B4-9729-7A06996FD1F0}
    [2013/09/05 23:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2013/09/05 23:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2013/09/05 22:56:32 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Player Pro
    [2013/09/05 22:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\BoxUpdChk
    [2013/09/05 22:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BoxUpdChk
    [2013/09/05 22:53:35 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\DProtect
    [2013/09/05 18:19:47 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{4CFA3ACB-6BC6-4694-8F09-61EE5507DE2F}
    [2013/09/04 19:24:03 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{835A7329-427C-43EC-A224-5CC6BC26B238}
    [2013/09/03 20:05:12 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{980BACD9-2642-4EFB-9094-F48D98674BB7}
    [2013/09/02 18:57:24 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{C7DE84CC-B267-4257-9A07-01B5181852EE}
    [2013/09/01 09:56:02 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{9674A035-1017-45DB-AC60-90296E19D6B2}
    [2013/08/31 12:11:55 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{983964BF-527C-4C05-96CF-1677B0F72C81}
    [2013/08/27 21:22:30 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{D51CCEC5-86EB-4C8B-A983-E854E25B6026}
    [2013/08/27 20:59:12 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
    [2013/08/26 21:46:19 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{B3E1A3A7-B3FE-43DC-8D6B-43AABB61C62D}
    [2013/08/24 11:49:55 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{8C68C183-C5E9-418D-890A-754610FB597E}
    [2013/08/23 19:13:29 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{8F060833-3FD2-4926-AEDE-59B0546A7564}
    [2013/08/22 17:17:17 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{3C16A3A7-5761-4348-9BC1-C0374D87F824}
    [2013/08/20 12:15:07 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{9B5A24FF-1CDD-4566-9A92-875A6A5658B4}
    [2013/08/19 19:00:41 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{438C0628-F058-425C-87D3-E6625D40980F}
    [2013/08/18 17:41:05 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\Documents\web
    [2013/08/18 17:35:50 | 000,040,960 | ---- | C] (AVEO) -- C:\Windows\System32\AVEOcamintfc.ax
    [2013/08/18 17:35:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB2.0 PC Camera
    [2013/08/18 17:35:49 | 000,239,104 | ---- | C] (AVEO Corp) -- C:\Windows\System32\drivers\AVEOdcnt.sys
    [2013/08/18 17:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVEO UVC Like Driver
    [2013/08/18 17:26:54 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{896FBC76-C45F-49EC-9D4E-AA7B06B8DB58}
    [2013/08/15 11:41:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
    [2013/08/15 09:52:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2013/08/15 09:51:53 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2013/08/15 09:51:52 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2013/08/15 09:51:51 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013/08/15 09:51:50 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2013/08/15 09:51:50 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2013/08/15 09:51:50 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2013/08/15 09:51:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2013/08/15 09:51:49 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013/08/15 09:51:49 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
    [2013/08/15 09:51:43 | 003,603,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2013/08/15 09:51:43 | 003,551,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2013/08/14 17:44:48 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{5846497A-7B17-44B4-A45B-4E24E2CC8245}
    [2013/08/13 20:32:59 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{CCAFDE46-56CD-440A-8E10-CC509F2B9171}
    [2013/08/12 21:06:30 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{ECB8B469-2B96-4B6B-9429-7C8E758B8A90}
    [2013/08/11 12:40:04 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{AB84A3F8-0A31-40FA-9960-899C5CC96646}
    [2013/08/10 15:09:43 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{EED73289-AACF-4FCF-B7E6-2D6AFBBD7DF8}
    [2013/08/09 19:15:15 | 000,000,000 | ---D | C] -- C:\Users\VINCENT\AppData\Local\{0BD0177B-F848-4B86-8B6C-8650E447B282}
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

    [2013/09/08 13:05:25 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{052CD4A5-CEEF-40B5-9CA3-2BECF15B4FAB}.job
    [2013/09/08 13:05:12 | 000,002,475 | ---- | M] () -- C:\Users\VINCENT\Desktop\Google Chrome.lnk
    [2013/09/08 13:05:06 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
    [2013/09/08 13:04:59 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FCEC8A1D-E211-4E6E-96E4-8341CAB33EB1}.job
    [2013/09/08 13:00:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\Extension de garantie.job
    [2013/09/08 12:59:59 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2540306535-3082117121-2615299298-1003UA.job
    [2013/09/08 12:56:03 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/09/08 12:50:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VINCENT\Desktop\OTL (1).exe
    [2013/09/08 12:49:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/09/08 12:32:00 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2540306535-3082117121-2615299298-1002UA.job
    [2013/09/08 11:56:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/09/08 11:56:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/09/08 10:38:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2540306535-3082117121-2615299298-1003UA.job
    [2013/09/08 10:38:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2540306535-3082117121-2615299298-1003Core.job
    [2013/09/08 10:32:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2540306535-3082117121-2615299298-1002Core.job
    [2013/09/08 10:00:00 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2540306535-3082117121-2615299298-1003Core.job
    [2013/09/08 09:59:56 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/09/08 09:56:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/09/07 13:26:00 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2013/09/05 22:56:44 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/09/05 22:56:44 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/08/18 17:48:54 | 313,977,547 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/08/18 17:35:51 | 000,000,661 | ---- | M] () -- C:\Users\Public\Desktop\CamApp.lnk
    [2013/08/15 11:33:49 | 000,691,048 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
    [2013/08/15 11:33:48 | 000,606,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/08/15 11:33:48 | 000,132,320 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
    [2013/08/15 11:33:48 | 000,109,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    [color=#E56717]========== Files Created - No Company Name ==========[/color]

    [2013/09/08 13:05:06 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
    [2013/09/06 20:48:31 | 000,002,475 | ---- | C] () -- C:\Users\VINCENT\Desktop\Google Chrome.lnk
    [2013/08/18 17:35:54 | 000,921,656 | ---- | C] () -- C:\Windows\System32\newspaper_640_480.bmp
    [2013/08/18 17:35:54 | 000,921,656 | ---- | C] () -- C:\Windows\System32\aim_640_480.bmp
    [2013/08/18 17:35:54 | 000,921,656 | ---- | C] () -- C:\Windows\System32\4_640_480.bmp
    [2013/08/18 17:35:54 | 000,921,656 | ---- | C] () -- C:\Windows\System32\3_640_480.bmp
    [2013/08/18 17:35:54 | 000,921,656 | ---- | C] () -- C:\Windows\System32\2_640_480.bmp
    [2013/08/18 17:35:54 | 000,921,656 | ---- | C] () -- C:\Windows\System32\1_640_480.bmp
    [2013/08/18 17:35:54 | 000,921,654 | ---- | C] () -- C:\Windows\System32\magnifier_640_480.bmp
    [2013/08/18 17:35:54 | 000,230,456 | ---- | C] () -- C:\Windows\System32\newspaper_320_240.bmp
    [2013/08/18 17:35:54 | 000,230,456 | ---- | C] () -- C:\Windows\System32\magnifier_320_240.bmp
    [2013/08/18 17:35:54 | 000,230,456 | ---- | C] () -- C:\Windows\System32\aim_320_240.bmp
    [2013/08/18 17:35:54 | 000,230,456 | ---- | C] () -- C:\Windows\System32\4_320_240.bmp
    [2013/08/18 17:35:54 | 000,230,456 | ---- | C] () -- C:\Windows\System32\3_320_240.bmp
    [2013/08/18 17:35:54 | 000,230,456 | ---- | C] () -- C:\Windows\System32\2_320_240.bmp
    [2013/08/18 17:35:54 | 000,230,456 | ---- | C] () -- C:\Windows\System32\1_320_240.bmp
    [2013/08/18 17:35:54 | 000,028,672 | ---- | C] () -- C:\Windows\System32\MFC_InstDrvDLL.dll
    [2013/08/18 17:35:51 | 000,000,661 | ---- | C] () -- C:\Users\Public\Desktop\CamApp.lnk
    [2013/08/10 10:33:13 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2540306535-3082117121-2615299298-1003UA.job
    [2013/08/10 10:33:12 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2540306535-3082117121-2615299298-1003Core.job
    [2013/06/29 21:10:44 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
    [2013/06/29 21:10:44 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
    [2013/06/29 21:10:44 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
    [2013/06/09 09:04:10 | 000,109,696 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
    [2013/06/09 09:04:10 | 000,091,264 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
    0
  9. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Désinstalle McAfee Security Scan.
    Sert à rien, c'est un programme marketting pour te refiler l'antivirus.

    Télécharge https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= AdwCleaner ( d'Xplode ) sur ton bureau.
    Lance le, clique sur [Suppression] puis patiente le temps du scan (Pas besoin de faire de Recherche avant).
    Une fois le scan fini, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
    Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.

    Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

    0
  10. vincentb73 Messages postés 16 Statut Membre
     
    # AdwCleaner v3.003 - Rapport créé le 09/09/2013 à 10:53:24
    # Mis à jour le 07/09/2013 par Xplode
    # Système d'exploitation : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Nom d'utilisateur : VINCENT - PC-DE-FAMILLE-B
    # Exécuté depuis : C:\Users\VINCENT\Desktop\adwcleaner (1).exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    Dossier Supprimé : C:\Users\STEPHANIE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
    Fichier Supprimé : C:\Users\VINCENT\AppData\Roaming\Mozilla\Firefox\Profiles\jqnisjik.default\.autoreg

    ***** [ Raccourcis ] *****

    Raccourci Désinfecté : C:\Users\VINCENT\Desktop\Google Chrome.lnk
    Raccourci Désinfecté : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Services en ligne\eBay.lnk
    Raccourci Désinfecté : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Services en ligne\Kodak Gallery.lnk
    Raccourci Désinfecté : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Services en ligne\Vacances.lnk
    Raccourci Désinfecté : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox (Mode sans échec).lnk
    Raccourci Désinfecté : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox\Mozilla Firefox.lnk
    Raccourci Désinfecté : C:\Users\VINCENT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk

    ***** [ Registre ] *****

    Donnée Restaurée : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
    Donnée Restaurée : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command

    ***** [ Navigateurs ] *****

    -\\ Internet Explorer v7.0.6002.18005

    -\\ Mozilla Firefox v3.5.8 (fr)

    [ Fichier : C:\Users\VINCENT\AppData\Roaming\Mozilla\Firefox\Profiles\jqnisjik.default\prefs.js ]

    Ligne Supprimée : user_pref("browser.newtab.url", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=adks&utm_campaign=eXQ&utm_content=hp&from=adks&uid=ST3360320AS_9QF8E933XXXX9QF8E933&ts=1378636582");
    Ligne Supprimée : user_pref("browser.search.defaultenginename", "qvo6");
    Ligne Supprimée : user_pref("browser.search.order.1", "qvo6");
    Ligne Supprimée : user_pref("browser.search.selectedEngine", "qvo6");
    Ligne Supprimée : user_pref("browser.startup.homepage", "hxxp://www.qvo6.com/?utm_source=b&utm_medium=adks&utm_campaign=eXQ&utm_content=hp&from=adks&uid=ST3360320AS_9QF8E933XXXX9QF8E933&ts=1378636582");

    [ Fichier : C:\Users\STEPHANIE\AppData\Roaming\Mozilla\Firefox\Profiles\1fjtjckl.default\prefs.js ]

    -\\ Google Chrome v

    [ Fichier : C:\Users\VINCENT\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Supprimée : homepage
    Supprimée : urls_to_restore_on_startup

    [ Fichier : C:\Users\STEPHANIE\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    *************************

    AdwCleaner[R0].txt - [10367 octets] - [08/09/2013 09:52:26]
    AdwCleaner[R1].txt - [3905 octets] - [08/09/2013 10:07:57]
    AdwCleaner[R2].txt - [4610 octets] - [09/09/2013 10:50:06]
    AdwCleaner[S0].txt - [8268 octets] - [08/09/2013 09:54:14]
    AdwCleaner[S1].txt - [3134 octets] - [09/09/2013 10:53:24]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3194 octets] ##########
    0
  11. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Plus de qvo6 ?
    0
  12. vincentb73 Messages postés 16 Statut Membre
     
    si toujours
    0
  13. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    c'est normal, j'ai pas fait virer DProtect \o

    Relance OTL.
    o sous Personnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
    Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:

    :OTL
    SRV - [2013/09/05 22:53:36 | 000,342,592 | ---- | M] (Woodtale Technology Inc) [Auto | Running] -- C:\Users\VINCENT\AppData\Local\DProtect\DProtectSvc.exe -- (DPService)
    O20 - AppInit_DLLs: (C:\Users\VINCENT\AppData\Local\DProtect\eBP.dll) - C:\Users\VINCENT\AppData\Local\DProtect\eBP.dll ()
    O20 - AppInit_DLLs: (C:\Users\VINCENT\AppData\Local\DProtect\eBPSD.dll) - C:\Users\VINCENT\AppData\Local\DProtect\eBPSD.dll ()

    * redemarre le pc sous windows et poste le rapport ici

    Quand tu as fait cela, relance AdwCleaner en nettoyage et ça devrait rouler.

    Like the angel you are, you laugh creating a lightness in my chest,
    Your eyes they penetrate me,
    (Your answer's always 'maybe')
    That's when I got up and left
    0
    1. vincentb73 Messages postés 16 Statut Membre
       
      merci pour ton aide
      je fait sa tous de suite
      0
    2. vincentb73 Messages postés 16 Statut Membre
       
      je recommence j'ai pas fait correction
      0
    3. vincentb73 Messages postés 16 Statut Membre
       
      impec merci
      tous est en ordre
      0