Suppression adware.Gen2

Fermé
NULOS33 Messages postés 12 Date d'inscription jeudi 27 mars 2014 Statut Membre Dernière intervention 31 mars 2014 - Modifié par Malekal_morte- le 27/03/2014 à 10:20
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 1 avril 2014 à 08:20
Bonjour,
l'antivirus AVIRA me signale un "adware.Gen2" Comment le supprimer ??????

Je signale que je suis NUL en informatique !!!!!!!!
A voir également:

19 réponses

Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
27 mars 2014 à 10:19
Salut,

Détecté dans quel fichier ?
0
NULOS33 Messages postés 12 Date d'inscription jeudi 27 mars 2014 Statut Membre Dernière intervention 31 mars 2014
27 mars 2014 à 10:39
En fait dans plusieurs fichiers.......

C:programData\WPM\update.exe

mais j'ai aussi relevé :

ADWARE/InstallCore.Gen7 sous D:\MICHEL\Downloads\FreeHDConverterSetup-r0-nbf.exe

ADWARE/InstallCore.Gen7 sous D:\MICHEL\Download\goforfiles.exe

ADWARE/InstallCore.Gen7 sous D:\MINOU\Downloads\GamesSetup.exe

ADWARE/Wajam.A sous C:\Program Files (x86)\\Wajam\Updater\update.exe
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
27 mars 2014 à 10:45
Tu télécharges bcp de programmes parasites :/

Fais un nettoyage AdwCleaner.

Un nettoyage AdwCleaner (environ 10/15min) :
======================================
Suis ce tutorial https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= AdwCleaner ( d'Xplode ) sur ton bureau.
Vas sur le lien, télécharge AdwCleaner comme indiqué.
Lance AdwCleaner, clique sur [Scanner].
Le scan peux durer plusieurs minutes, patienter.
Une fois le scan terminé, clique sur [Nettoyer]

Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

0
NULOS33 Messages postés 12 Date d'inscription jeudi 27 mars 2014 Statut Membre Dernière intervention 31 mars 2014
27 mars 2014 à 20:34
Super !!!!! Le nettoyage à apparemment bien fonctionné, ci-joint le 1er rapport, étant donné qu'il y en a 2, est ce que celui ci est suffisant, sinon je vous enverrai le second





# AdwCleaner v3.022 - Rapport créé le 27/03/2014 à 18:12:37
# Mis à jour le 13/03/2014 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : MICHEL - HOME-PC
# Exécuté depuis : D:\MICHEL\Downloads\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****

Service Supprimé : CltMngSvc
Service Supprimé : DatamngrCoordinator
[#] Service Supprimé : Software_update
[#] Service Supprimé : Software_update_m
Service Supprimé : winzipersvc
Service Supprimé : Wpm

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\BitGuard
Dossier Supprimé : C:\ProgramData\Browser Manager
Dossier Supprimé : C:\ProgramData\BrowserProtect
Dossier Supprimé : C:\ProgramData\wincert
Dossier Supprimé : C:\ProgramData\WPM
Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Dossier Supprimé : C:\Program Files (x86)\BearShare Applications
Dossier Supprimé : C:\Program Files (x86)\Boxore
Dossier Supprimé : C:\Program Files (x86)\Desk 365
Dossier Supprimé : C:\Program Files (x86)\Movies Toolbar
Dossier Supprimé : C:\Program Files (x86)\MyPC Backup
Dossier Supprimé : C:\Program Files (x86)\SearchProtect
Dossier Supprimé : C:\Program Files (x86)\WinZipper
Dossier Supprimé : C:\Program Files (x86)\Common Files\337
Dossier Supprimé : C:\Users\MICHEL\AppData\Local\SearchProtect
Dossier Supprimé : C:\Users\MICHEL\AppData\LocalLow\searchresultstb
Dossier Supprimé : C:\Users\MICHEL\AppData\Roaming\Desk 365
Dossier Supprimé : C:\Users\MICHEL\AppData\Roaming\iSafe
Dossier Supprimé : C:\Users\MICHEL\AppData\Roaming\Mysearchdial
Dossier Supprimé : C:\Users\MICHEL\AppData\Roaming\Systweak
Dossier Supprimé : C:\Users\MICHEL\AppData\Roaming\WinZipper
Dossier Supprimé : D:\MICHEL\Documents\PC Health Kit
Dossier Supprimé : C:\Users\JULES\AppData\Roaming\WinZipper
Dossier Supprimé : C:\Users\MINOU\AppData\Roaming\WinZipper
Dossier Supprimé : D:\MINOU\Documents\widestream
Dossier Supprimé : C:\Program Files (x86)\Software
Dossier Supprimé : C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Dossier Supprimé : C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Dossier Supprimé : C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Fichier Supprimé : C:\Windows\System32\roboot64.exe
Fichier Supprimé : C:\Users\MICHEL\AppData\Local\mysearchdial-speeddial.crx
Fichier Supprimé : C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
Fichier Supprimé : C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
Fichier Supprimé : C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
Fichier Supprimé : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
Fichier Supprimé : C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job
Fichier Supprimé : C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineCore
Fichier Supprimé : C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job
Fichier Supprimé : C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineUA

***** [ Raccourcis ] *****

Raccourci Désinfecté : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Raccourci Désinfecté : C:\Users\MICHEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Raccourci Désinfecté : C:\Users\MICHEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Raccourci Désinfecté : C:\Users\MICHEL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Raccourci Désinfecté : C:\Users\MICHEL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Raccourci Désinfecté : C:\Users\MICHEL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Raccourci Désinfecté : C:\Users\MICHEL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Raccourci Désinfecté : C:\Users\MICHEL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk

***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Clé Supprimée : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane
Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Clé Supprimée : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Clé Supprimée : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Clé Supprimée : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Clé Supprimée : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Clé Supprimée : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Clé Supprimée : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.CoreClass
Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.CoreClass.1
Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine
Clé Supprimée : HKLM\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine.1.0
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Boxore Client]
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@tools.Software.com/Software Update;version=3
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@tools.Software.com/Software Update;version=9
Valeur Supprimée : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Valeur Supprimée : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Valeur Supprimée : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Valeur Supprimée : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Clé Supprimée : HKCU\Software\APN DTX
Clé Supprimée : HKCU\Software\Boxore
Clé Supprimée : HKCU\Software\DataMngr
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\mysearchdial
Clé Supprimée : HKCU\Software\systweak
Clé Supprimée : HKCU\Software\UpdateStar
Clé Supprimée : HKLM\Software\Boxore
Clé Supprimée : HKLM\Software\DataMngr
Clé Supprimée : HKLM\Software\Desksvc
Clé Supprimée : HKLM\Software\hdcode
Clé Supprimée : HKLM\Software\InstallCore
Clé Supprimée : HKLM\Software\nationzoomSoftware
Clé Supprimée : HKLM\Software\SearchProtect
Clé Supprimée : HKLM\Software\supWPM
Clé Supprimée : HKLM\Software\systweak
Clé Supprimée : HKLM\Software\V9
Clé Supprimée : HKLM\Software\winzipersvc
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Donnée Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Donnée Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\Wincert\win32cert.dll
Donnée Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - Toolbar\Datamngr\mgrldr.dll
Donnée Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Donnée Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\Wincert\win64cert.dll
Donnée Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - Toolbar\Datamngr\x64\mgrldr.dll

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.16521

Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v33.0.1750.154

[ Fichier : C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Supprimée : suggest_url
Supprimée : keyword
Supprimée : homepage
Supprimée : search_url

[ Fichier : C:\Users\JULES\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Supprimée : homepage
Supprimée : icon_url
Supprimée : search_url
Supprimée : keyword

[ Fichier : C:\Users\MINOU\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Supprimée : homepage

[ Fichier : C:\Users\SEB\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Supprimée : homepage
Supprimée : icon_url
Supprimée : search_url
Supprimée : keyword

*************************

AdwCleaner[R0].txt - [17998 octets] - [27/03/2014 18:11:28]
AdwCleaner[S0].txt - [15394 octets] - [27/03/2014 18:12:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15455 octets] ##########
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
27 mars 2014 à 22:31
cool :)

Scan Malwarebytes (temps : environ 40min de scan):
==================================================
Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour puis lance un examen.

A la fin du scan, clic sur "Mettre tout en quarantaine" en bas à gauche.
Redémarre l'ordinateur si besoin.
Après redémarrage, relance Malwarebytes.
Vas chercher le rapport dans l'onglet Historique.
A gauche Journal des examens.
Doube-clic sur l'examen dans la liste.
Puis en bas Copier dans le presse papier
et colle ici le rapport dans un message en réponse.

puis :



Sur Firefox : Menu Outils / Modules complémentaires
Onglet Extension.
Donne la liste.

Sur Google Chrome : Menu en haut à droite puis Outils / Extensions
Donne la liste.

0
NULOS33 Messages postés 12 Date d'inscription jeudi 27 mars 2014 Statut Membre Dernière intervention 31 mars 2014
28 mars 2014 à 10:37
Bonjour,

voici ci-dessous le rapport demandé, mais dans votre réponse "sur Google Chrome", qu'entendez vous par Donne la liste ?????

Pouvez vous me conseiller pour me protéger des "adwares" définitivement




Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 28/03/2014 10:07:35, SYSTEM, HOME-PC, Protection, Malware Protection, Starting,
Protection, 28/03/2014 10:07:35, SYSTEM, HOME-PC, Protection, Malware Protection, Started,
Protection, 28/03/2014 10:07:35, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
Protection, 28/03/2014 10:07:47, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
Update, 28/03/2014 10:09:22, SYSTEM, HOME-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Update, 28/03/2014 10:09:50, SYSTEM, HOME-PC, Manual, Malware Database, 2014.3.4.9, 2014.3.28.3,
Protection, 28/03/2014 10:09:51, SYSTEM, HOME-PC, Protection, Refresh, Starting,
Protection, 28/03/2014 10:09:51, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopping,
Protection, 28/03/2014 10:09:52, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopped,
Protection, 28/03/2014 10:09:54, SYSTEM, HOME-PC, Protection, Refresh, Success,
Protection, 28/03/2014 10:09:54, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
Protection, 28/03/2014 10:09:54, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
Detection, 28/03/2014 10:18:00, SYSTEM, HOME-PC, Protection, Malware Protection, File, PUP.Optional.ReMarkable.A, C:\PROGRAM FILES (X86)\RE-MARKABLE\REMARKABLEUP.EXE, Quarantine, [c7dc10f8f4877db95628322353afa55b]
Protection, 28/03/2014 10:19:37, SYSTEM, HOME-PC, Protection, Malware Protection, Starting,
Protection, 28/03/2014 10:19:37, SYSTEM, HOME-PC, Protection, Malware Protection, Started,
Protection, 28/03/2014 10:19:37, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
Protection, 28/03/2014 10:20:11, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,

(end)
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
28 mars 2014 à 11:07
c'est un rapport de protection, lire les instructions et lien d'aide.
0
NULOS33 Messages postés 12 Date d'inscription jeudi 27 mars 2014 Statut Membre Dernière intervention 31 mars 2014
28 mars 2014 à 12:10
Ok,
je vous remercie pour votre amabilité, vos explications sont claires pour un néophyte de l'informatique comme moi. Je pense que mon problème hardware est résolu, mais que dois je faire pour avoir une protection durable dans le temps ?????
Encore merci
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
28 mars 2014 à 12:39
Fais le scan Malwarebytes et donne le rapport.
0
NULOS33 Messages postés 12 Date d'inscription jeudi 27 mars 2014 Statut Membre Dernière intervention 31 mars 2014
28 mars 2014 à 17:41
Voici le rapport après dernier scan........



Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 28/03/2014 10:07:35, SYSTEM, HOME-PC, Protection, Malware Protection, Starting,
Protection, 28/03/2014 10:07:35, SYSTEM, HOME-PC, Protection, Malware Protection, Started,
Protection, 28/03/2014 10:07:35, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
Protection, 28/03/2014 10:07:47, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
Update, 28/03/2014 10:09:22, SYSTEM, HOME-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Update, 28/03/2014 10:09:50, SYSTEM, HOME-PC, Manual, Malware Database, 2014.3.4.9, 2014.3.28.3,
Protection, 28/03/2014 10:09:51, SYSTEM, HOME-PC, Protection, Refresh, Starting,
Protection, 28/03/2014 10:09:51, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopping,
Protection, 28/03/2014 10:09:52, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopped,
Protection, 28/03/2014 10:09:54, SYSTEM, HOME-PC, Protection, Refresh, Success,
Protection, 28/03/2014 10:09:54, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
Protection, 28/03/2014 10:09:54, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
Detection, 28/03/2014 10:18:00, SYSTEM, HOME-PC, Protection, Malware Protection, File, PUP.Optional.ReMarkable.A, C:\PROGRAM FILES (X86)\RE-MARKABLE\REMARKABLEUP.EXE, Quarantine, [c7dc10f8f4877db95628322353afa55b]
Protection, 28/03/2014 10:19:37, SYSTEM, HOME-PC, Protection, Malware Protection, Starting,
Protection, 28/03/2014 10:19:37, SYSTEM, HOME-PC, Protection, Malware Protection, Started,
Protection, 28/03/2014 10:19:37, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
Protection, 28/03/2014 10:20:11, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
Detection, 28/03/2014 10:27:39, SYSTEM, HOME-PC, Protection, Malware Protection, File, PUP.Optional.OptimumInstaller.A, D:\MICHEL\DOWNLOADS\Setup.exe, Quarantine, [dfc4b4541368da5ca17f3015986937c9]
Detection, 28/03/2014 10:28:08, SYSTEM, HOME-PC, Protection, Malware Protection, File, PUP.Optional.OptimumInstaller.A, d:\michel\downloads\setup.exe, Quarantine, [dfc4b4541368da5ca17f3015986937c9]
Protection, 28/03/2014 10:28:08, SYSTEM, HOME-PC, Protection, SDKQuarantine, 2, Failed, d:\michel\downloads\setup.exe,
Error, 28/03/2014 10:28:08, SYSTEM, HOME-PC, Protection, SDKQuarantine, 2, Failed, d:\michel\downloads\setup.exe,
Detection, 28/03/2014 10:28:13, SYSTEM, HOME-PC, Protection, Malware Protection, File, PUP.Optional.OptimumInstaller.A, d:\michel\downloads\setup.exe, Quarantine, [dfc4b4541368da5ca17f3015986937c9]
Protection, 28/03/2014 10:28:13, SYSTEM, HOME-PC, Protection, SDKQuarantine, 2, Failed, d:\michel\downloads\setup.exe,
Error, 28/03/2014 10:28:13, SYSTEM, HOME-PC, Protection, SDKQuarantine, 2, Failed, d:\michel\downloads\setup.exe,
Detection, 28/03/2014 12:22:43, MICHEL, HOME-PC, Protection, Malware Protection, File, PUP.Optional.OptimumInstaller.A, d:\michel\downloads\setup.exe, Quarantine, [dfc4b4541368da5ca17f3015986937c9]
Protection, 28/03/2014 12:22:43, SYSTEM, HOME-PC, Protection, SDKQuarantine, 2, Failed, d:\michel\downloads\setup.exe,
Error, 28/03/2014 12:22:43, SYSTEM, HOME-PC, Protection, SDKQuarantine, 2, Failed, d:\michel\downloads\setup.exe,
Update, 28/03/2014 12:54:32, SYSTEM, HOME-PC, Scheduler, Malware Database, 2014.3.28.3, 2014.3.28.4,
Protection, 28/03/2014 12:54:34, SYSTEM, HOME-PC, Protection, Refresh, Starting,
Protection, 28/03/2014 12:54:34, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopping,
Protection, 28/03/2014 12:54:35, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopped,
Protection, 28/03/2014 12:54:37, SYSTEM, HOME-PC, Protection, Refresh, Success,
Protection, 28/03/2014 12:54:37, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
Protection, 28/03/2014 12:54:37, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,
Update, 28/03/2014 16:51:12, SYSTEM, HOME-PC, Scheduler, Malware Database, 2014.3.28.4, 2014.3.28.5,
Protection, 28/03/2014 16:51:13, SYSTEM, HOME-PC, Protection, Refresh, Starting,
Protection, 28/03/2014 16:51:13, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopping,
Protection, 28/03/2014 16:51:13, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Stopped,
Protection, 28/03/2014 16:51:15, SYSTEM, HOME-PC, Protection, Refresh, Success,
Protection, 28/03/2014 16:51:15, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Starting,
Protection, 28/03/2014 16:51:16, SYSTEM, HOME-PC, Protection, Malicious Website Protection, Started,

(end)
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
28 mars 2014 à 19:05
Ce n'est pas un rapport d'examen.

Vas chercher le rapport dans l'onglet Historique.
A gauche Journal des examens.
Doube-clic sur l'examen dans la liste.
Puis en bas Copier dans le presse papier
et colle ici le rapport dans un message en réponse.
0
NULOS33 Messages postés 12 Date d'inscription jeudi 27 mars 2014 Statut Membre Dernière intervention 31 mars 2014
28 mars 2014 à 19:23
excusez moi, l'informatique et moi.......en plus c'est en anglais.....
j'espère que je ne me suis pas trompé


Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28/03/2014
Scan Time: 17:36:52
Logfile:
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.03.28.05
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: MICHEL

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 356233
Time Elapsed: 6 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 55
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0400EBCA-042C-4000-AA89-9713FBEDB671}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0BD19251-4B4B-4B94-AB16-617106245BB7}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{44B29DDD-CF7A-454A-A275-A322A398D93F}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B2DB115C-8278-4947-9A07-57B53D1C4215}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B97FC455-DB33-431D-84DB-6F1514110BD5}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E72E9312-0367-4216-BFC7-21485FA8390B}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FBC322D5-407E-4854-8C0B-555B951FD8E3}, Quarantined, [9f0602068af1f046f67054e8788a4cb4],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3004627E-F8E9-4E8B-909D-316753CBA923}, Delete-on-Reboot, [c6df1fe9a8d3310570465fdc46bc9b65],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3004627E-F8E9-4E8B-909D-316753CBA923}, Delete-on-Reboot, [c6df1fe9a8d3310570465fdc46bc9b65],
PUP.Optional.Wajam.A, HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Delete-on-Reboot, [0f966f99cdae3df91645ad5ce61ca35d],
PUP.Optional.Wajam.A, HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Delete-on-Reboot, [0f966f99cdae3df91645ad5ce61ca35d],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Delete-on-Reboot, [198c14f481fa2e08fdb84af109f943bd],
PUP.Optional.MySearchDial.A, HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}, Delete-on-Reboot, [198c14f481fa2e08fdb84af109f943bd],
PUP.Optional.ReMarkable.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ejdfidgapfiokiphmcjpmmjbdndepoja, Quarantined, [04a1d236b6c594a23eb7bad910f37090],
PUP.Optional.MoviesToolBar.A, HKU\S-1-5-21-370734024-4008565141-4128318953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\koyotesoftmoviestoolbarha, Delete-on-Reboot, [8520e226ee8d51e511ffb8aeb949ea16],
PUP.Optional.ReMarkable.A, HKU\S-1-5-21-370734024-4008565141-4128318953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re_Markable, Delete-on-Reboot, [9f0607014d2ee2540083203753af8c74],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Datamngr, Delete-on-Reboot, [efb66a9e1e5da096b6a7e39863a031cf],
PUP.Optional.ReMarkable.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{94c759f5-e0cb-46c0-a721-f006145e790a}, Quarantined, [34712eda7209e74f8e53e76e6b976997],
PUP.Optional.ReMarkable.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{1f784544-1613-4290-8add-15a03753aa54}, Quarantined, [34712eda7209e74f8e53e76e6b976997],
PUP.Optional.ReMarkable.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{38535339-e862-4d18-907c-a179f6f7683c}, Quarantined, [34712eda7209e74f8e53e76e6b976997],
PUP.Optional.ReMarkable.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1f784544-1613-4290-8add-15a03753aa54}, Quarantined, [34712eda7209e74f8e53e76e6b976997],
PUP.Optional.ReMarkable.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{94C759F5-E0CB-46C0-A721-F006145E790A}, Quarantined, [34712eda7209e74f8e53e76e6b976997],
PUP.Optional.ReMarkable.A, HKU\S-1-5-21-370734024-4008565141-4128318953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{94C759F5-E0CB-46C0-A721-F006145E790A}, Delete-on-Reboot, [34712eda7209e74f8e53e76e6b976997],
PUP.Optional.ReMarkable.A, HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{94C759F5-E0CB-46C0-A721-F006145E790A}, Delete-on-Reboot, [34712eda7209e74f8e53e76e6b976997],
PUP.Optional.ReMarkable.A, HKU\S-1-5-21-370734024-4008565141-4128318953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{94C759F5-E0CB-46C0-A721-F006145E790A}, Delete-on-Reboot, [34712eda7209e74f8e53e76e6b976997],
PUP.Optional.ReMarkable.A, HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{94C759F5-E0CB-46C0-A721-F006145E790A}, Delete-on-Reboot, [34712eda7209e74f8e53e76e6b976997],
PUP.Optional.ReMarkable.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\2a7fb3aa-1a94-44dc-ba84-cc22523dbe1f, Quarantined, [34712eda7209e74f8e53e76e6b976997],
PUP.Optional.MoviesToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{e5d4f4fd-a039-4670-8354-633c30a5f54e}, Quarantined, [287d77919cdf4ceae10ee7256b999769],
PUP.Optional.MoviesToolBar.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5D4F4FD-A039-4670-8354-633C30A5F54E}, Quarantined, [287d77919cdf4ceae10ee7256b999769],
PUP.Optional.MoviesToolBar.A, HKU\S-1-5-21-370734024-4008565141-4128318953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E5D4F4FD-A039-4670-8354-633C30A5F54E}, Delete-on-Reboot, [287d77919cdf4ceae10ee7256b999769],
PUP.Optional.MoviesToolBar.A, HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E5D4F4FD-A039-4670-8354-633C30A5F54E}, Delete-on-Reboot, [287d77919cdf4ceae10ee7256b999769],
PUP.Optional.MoviesToolBar.A, HKU\S-1-5-21-370734024-4008565141-4128318953-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E5D4F4FD-A039-4670-8354-633C30A5F54E}, Delete-on-Reboot, [287d77919cdf4ceae10ee7256b999769],
PUP.Optional.MoviesToolBar.A, HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E5D4F4FD-A039-4670-8354-633C30A5F54E}, Delete-on-Reboot, [287d77919cdf4ceae10ee7256b999769],
PUP.Optional.MoviesToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E5D4F4FD-A039-4670-8354-633C30A5F54E}, Quarantined, [287d77919cdf4ceae10ee7256b999769],

Registry Values: 1
PUP.Optional.MoviesToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{E5D4F4FD-A039-4670-8354-633C30A5F54E}, Movies Toolbar (Dist. by Koyote-Lab, Inc.), Quarantined, [287d77919cdf4ceae10ee7256b999769]

Registry Data: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[f3b2e820aad185b1c5297e8b27dde31d]

Folders: 3
PUP.Optional.Datamngr.A, C:\PROGRAMDATA\Datamngr, Quarantined, [465f7296b6c541f56645e898b74c47b9],
PUP.Optional.Lightning.A, C:\Users\MICHEL\AppData\Local\Google\Chrome\USER DATA\Default\EXTENSIONS\CEKCJPGEHMOHOBMDIIKFNOPIBIPMGNML, Quarantined, [74319870ef8c58de6708391813ef8977],
PUP.Optional.ReMarkable.A, C:\PROGRAM FILES (X86)\RE-MARKABLE, Quarantined, [34712eda7209e74f8e53e76e6b976997],

Files: 23
PUP.Optional.Conduit, C:\Users\MICHEL\AppData\Local\Temp\embededstub_20140224.exe, Quarantined, [c7de53b5cdae35018dc9970c8083c739],
PUP.Optional.SearchProtect.A, C:\Users\MICHEL\AppData\Local\Temp\nsaFA3.exe, Quarantined, [287d24e42c4f46f0755d0c148d74e11f],
PUP.Optional.SearchProtect.A, C:\Users\MICHEL\AppData\Local\Temp\nskF645.exe, Quarantined, [f7aea662f18a2115a03275ab1fe2867a],
PUP.Optional.SearchProtect.A, C:\Users\MICHEL\AppData\Local\Temp\nspD8F.exe, Quarantined, [594c7791057694a2e7eb8f91a859748c],
PUP.Optional.SearchProtect.A, C:\Users\MICHEL\AppData\Local\Temp\nspF441.exe, Quarantined, [f6af29dfb3c868ce656d24fc2ed339c7],
PUP.Optional.Conduit, C:\Users\MICHEL\AppData\Local\Temp\verifier.exe, Quarantined, [b7ee8484ff7c142290c66142b25118e8],
PUP.Optional.WebToolbar, C:\Users\MICHEL\AppData\Local\Temp\BoxoreInstaller.exe, Quarantined, [f0b526e2a9d265d1d127db24ae532bd5],
PUP.Optional.Conduit.A, C:\Users\MICHEL\AppData\Local\Temp\nsz88A2\SpSetup.exe, Quarantined, [cfd6ca3ea6d5d6607a484cc9cf3202fe],
Adware.Boxore, C:\Windows\Installer\193b16.msi, Quarantined, [0e97ec1c116a8bab8245860e1fe146ba],
PUP.Optional.ReMarkable.A, C:\Windows\Tasks\RE-MARKABLE UPDATE.JOB, Quarantined, [dacb77915c1f1620176955021ee4d62a],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\COORDINATOR.CFG, Quarantined, [465f7296b6c541f56645e898b74c47b9],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\general.cfg, Quarantined, [465f7296b6c541f56645e898b74c47b9],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-370734024-4008565141-4128318953-1000.cfg, Quarantined, [465f7296b6c541f56645e898b74c47b9],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-370734024-4008565141-4128318953-1002.cfg, Quarantined, [465f7296b6c541f56645e898b74c47b9],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\S-1-5-21-370734024-4008565141-4128318953-1003.cfg, Quarantined, [465f7296b6c541f56645e898b74c47b9],
PUP.Optional.Datamngr.A, C:\ProgramData\Datamngr\stats.cfg, Quarantined, [465f7296b6c541f56645e898b74c47b9],
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable\01.db, Quarantined, [34712eda7209e74f8e53e76e6b976997],
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable\150.crx, Quarantined, [34712eda7209e74f8e53e76e6b976997],
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable\150.dat, Quarantined, [34712eda7209e74f8e53e76e6b976997],
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable\150.dll, Quarantined, [34712eda7209e74f8e53e76e6b976997],
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable\150.xpi, Quarantined, [34712eda7209e74f8e53e76e6b976997],
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable\Sqlite3.dll, Quarantined, [34712eda7209e74f8e53e76e6b976997],
PUP.Optional.ReMarkable.A, C:\Program Files (x86)\Re-Markable\Uninstall.exe, Quarantined, [34712eda7209e74f8e53e76e6b976997],

Physical Sectors: 0
(No malicious items detected)


(end)
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
28 mars 2014 à 19:25
ok :)





Sur Firefox : Menu Outils / Modules complémentaires
Onglet Extension.
Donne la liste.

Sur Google Chrome : Menu en haut à droite puis Outils / Extensions
Donne la liste.

puis :



Faire un Scan OTL - Temps : Environ 40min
=============================================
OTL permet de diagnostiquer les programmes qui tournent et déceler des infections - Le programme va générer deux rapports OTL.txt et Extras.txt
Fournir les deux rapports :

Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

* Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).

* Lance OTL
* En haut à droite de Analyse rapide, coche "tous les utilisateurs"
* Clique sur le bouton Analyse.

**** Si durant le scan - OTL ne répond pas, ne touche à rien et laisse le scan se poursuivre ****

* Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent).
Donne le ou les liens pjjoint qui pointent vers ces rapports ici dans une réponse.
Je répète : donne le lien du rapport pjjoint ici en réponse.

NE PAS COPIER/COLLER LE RAPPORT ICI - DONNER LE LIEN PJJOINT DANS UN NOUVEAU MESSAGE

0
NULOS33 Messages postés 12 Date d'inscription jeudi 27 mars 2014 Statut Membre Dernière intervention 31 mars 2014
29 mars 2014 à 03:08
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
29 mars 2014 à 12:57
Désactive les proxys : https://forums.commentcamarche.net/forum/affich-37640573-desactiver-son-proxy

Relance OTL.
o sous Personnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:

:OTL
O4 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000..\Run: [WebInternetSecurity] C:\Users\MICHEL\AppData\Local\WebInternetSecurity\WebInternetSecurity.exe (WebInternetSecurity)
O4 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000..\Run: [WebInternetSecurity Update Task] C:\Users\MICHEL\AppData\Local\WebInternetSecurity\uninstall.webinternetsecurity.exe ()
[2014/03/27 17:59:38 | 000,000,000 | ---D | C] -- C:\Users\MICHEL\AppData\Local\WebInternetSecurity
[2014/03/27 17:58:30 | 000,000,000 | ---D | C] -- C:\Users\MICHEL\AppData\Local\Software
CHR - Extension: Downloads = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbalphdbabbndjidpoacmfgjaniipcj\1.0.4_0\
:files
C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbalphdbabbndjidpoacmfgjaniipcj\
C:\Users\MICHEL\AppData\Local\WebInternetSecurity\


* poste le rapport ici

0
NULOS33 Messages postés 12 Date d'inscription jeudi 27 mars 2014 Statut Membre Dernière intervention 31 mars 2014
30 mars 2014 à 19:48
j'ai utilisé ZHPDiag et ZHPFix pour désactiver les proxys,
voici le rapport OTL


OTL logfile created on: 29/03/2014 02:51:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MICHEL\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

7,96 Gb Total Physical Memory | 5,73 Gb Available Physical Memory | 71,96% Memory free
15,92 Gb Paging File | 13,19 Gb Available in Paging File | 82,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 58,47 Gb Free Space | 58,47% Space Free | Partition Type: NTFS
Drive D: | 831,41 Gb Total Space | 791,57 Gb Free Space | 95,21% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: MICHEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========/color

PRC - [2014/03/29 02:47:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MICHEL\Desktop\OTL.exe
PRC - [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/03/13 18:36:27 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014/03/13 18:35:33 | 000,689,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/03/13 18:35:33 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/03/05 09:24:48 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/03/05 09:24:40 | 007,430,968 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/01/03 01:32:12 | 033,508,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\MICHEL\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/30 21:11:47 | 000,797,184 | ---- | M] (WebInternetSecurity) -- C:\Users\MICHEL\AppData\Local\WebInternetSecurity\WebInternetSecurity.exe
PRC - [2013/11/14 12:56:57 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/11/14 12:56:48 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/11/11 08:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/08/27 11:02:58 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/08/27 11:02:56 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2013/08/07 14:24:00 | 000,287,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/08/07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe


[color=#E56717]========== Modules (No Company Name) ==========/color

MOD - [2014/03/28 18:08:19 | 000,041,984 | ---- | M] () -- c:\users\michel\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqwmmda.dll
MOD - [2014/03/15 01:50:40 | 013,637,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
MOD - [2014/03/15 01:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014/03/15 01:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/15 01:50:35 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
MOD - [2014/03/15 01:50:34 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
MOD - [2014/03/15 01:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/15 01:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2014/02/18 12:59:37 | 001,091,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\13a5237a9d76679b8b2f855a8485688a\System.ServiceModel.Web.ni.dll
MOD - [2014/02/18 12:58:56 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\63a75869cd4d300a84cd40f329b81e13\System.IdentityModel.ni.dll
MOD - [2014/02/18 12:58:54 | 019,692,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e5227f5391b5b4c2e0cd993054e443c2\System.ServiceModel.ni.dll
MOD - [2014/02/18 12:58:28 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\6feaf474ef03fd07f0ebad9849c18878\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/18 12:58:28 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\e3478968389db3c171dfcef2f202646f\SMDiagnostics.ni.dll
MOD - [2014/02/18 12:58:27 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\0ee41fa2a881c94332f77c337279d700\System.Runtime.Serialization.ni.dll
MOD - [2014/02/18 12:26:39 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/18 12:26:29 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/18 12:26:13 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/18 12:26:10 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/18 12:26:00 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/18 12:25:55 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/17 14:15:18 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\72378b76092322951a615f0a1d955d9b\System.Windows.Forms.ni.dll
MOD - [2014/02/17 14:15:18 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\0ac2703fab5f933747bc09d6d92a7e18\System.Xml.ni.dll
MOD - [2014/02/17 14:15:14 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\225682de27718009f2266167eb827786\System.Core.ni.dll
MOD - [2014/02/17 14:15:12 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\f8ad7c0616801aa60bc983f618e435d8\System.Drawing.ni.dll
MOD - [2014/02/17 14:15:12 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\dacea41baff8cafd72eadf7a4ff1c074\System.Configuration.ni.dll
MOD - [2014/02/17 14:15:11 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e0e02e4da7fbd2dcbb99f5b98427cd90\System.ni.dll
MOD - [2014/02/17 14:15:07 | 016,954,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\34039999fa99a03291fefca43325f98f\mscorlib.ni.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/12/18 03:25:54 | 003,610,624 | ---- | M] () -- C:\Users\MICHEL\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/11/23 16:13:57 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2013/10/19 00:55:02 | 025,100,288 | ---- | M] () -- C:\Users\MICHEL\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2011/04/12 10:16:03 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\System.resources.dll
MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll


[color=#E56717]========== Services (SafeList) ==========/color

SRV:[b]64bit:/b - [2014/03/01 05:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:/b - [2013/11/23 16:23:36 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:[b]64bit:/b - [2013/11/14 12:57:03 | 015,125,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:[b]64bit:/b - [2013/08/07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:[b]64bit:/b - [2013/07/30 17:16:10 | 000,204,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:[b]64bit:/b - [2013/05/11 17:45:54 | 000,822,232 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:[b]64bit:/b - [2013/05/11 17:45:38 | 000,733,696 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:[b]64bit:/b - [2012/03/22 21:11:28 | 000,825,032 | ---- | M] (Cambridge Silicon Radio Limited) [Auto | Running] -- C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe -- (CsrBtService)
SRV:[b]64bit:/b - [2012/03/22 21:11:16 | 001,041,616 | ---- | M] (Cambridge Silicon Radio Limited) [Auto | Running] -- C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe -- (CsrBtOBEXService)
SRV:[b]64bit:/b - [2012/03/22 21:11:08 | 000,465,624 | ---- | M] (Cambridge Silicon Radio Limited) [Auto | Running] -- C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe -- (CSRBtAudioService)
SRV:[b]64bit:/b - [2012/03/22 21:11:00 | 000,064,216 | ---- | M] (Cambridge Silicon Radio Limited) [Auto | Running] -- C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe -- (BtSwitcherService)
SRV - [2014/03/19 21:31:30 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/13 18:36:27 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/03/13 18:35:33 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/03/05 09:24:48 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/05 09:24:46 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/11/14 12:56:48 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/11/11 08:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/09/12 00:54:32 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/27 11:02:58 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/08/27 11:02:56 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV:[b]64bit:/b - [2014/03/28 23:54:29 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:[b]64bit:/b - [2014/03/05 09:26:18 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:[b]64bit:/b - [2014/03/05 09:26:04 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:/b - [2013/12/19 21:59:51 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:/b - [2013/12/19 21:59:51 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:/b - [2013/12/07 19:05:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:[b]64bit:/b - [2013/11/23 16:14:54 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:/b - [2013/11/23 16:11:16 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:/b - [2013/11/23 16:11:16 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:/b - [2013/11/14 12:57:13 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:[b]64bit:/b - [2013/11/14 12:57:05 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:/b - [2013/10/02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:/b - [2013/08/27 11:02:56 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:[b]64bit:/b - [2013/08/21 10:27:24 | 000,494,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:[b]64bit:/b - [2013/08/07 14:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:/b - [2013/08/07 14:23:46 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:[b]64bit:/b - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:/b - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:/b - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:/b - [2012/03/22 21:08:36 | 000,023,752 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\csrusbfilter.sys -- (csrusbfilter)
DRV:[b]64bit:/b - [2012/03/22 21:08:34 | 000,047,296 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\csrusb.sys -- (csrusb)
DRV:[b]64bit:/b - [2012/03/22 21:08:32 | 000,061,128 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\csrserial.sys -- (csrserial)
DRV:[b]64bit:/b - [2012/03/22 21:08:30 | 000,039,616 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\csrpan.sys -- (csrpan)
DRV:[b]64bit:/b - [2012/03/22 21:08:22 | 002,784,968 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CsrBtPort.sys -- (CsrBtPort)
DRV:[b]64bit:/b - [2012/03/22 21:08:20 | 000,099,520 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\csrbthav.sys -- (csr_bthav)
DRV:[b]64bit:/b - [2012/03/22 21:08:16 | 000,026,304 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\csravrcp.sys -- (csravrcp)
DRV:[b]64bit:/b - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:[b]64bit:/b - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:[b]64bit:/b - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:/b - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:/b - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:/b - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:/b - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:[b]64bit:/b - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:/b - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:/b - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:/b - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:/b - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========/color


[color=#E56717]========== Internet Explorer ==========/color

IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/?gws_rd=ssl
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/?gws_rd=ssl
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
IE:[b]64bit:/b - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:/b - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
IE:[b]64bit:/b - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2419}: "URL" = https://www.search.ask.com/web?l=dis&q=&o=APN10649&apn_dtid=%5EBND419%5EYY%5EFR&shad=s_0043&apn_uid=1500101571074127&gct=ds&apn_ptnrs=%5EAGA&d=419-0&lang=en&atb=sysid%3D419%3Auid%3D6460f1a9f156fd36%3Auc2%3D240%3Atypekbn%3Dn11178%3Asrc%3Dieb%3Ao%3DAPN10649%3Atg%3D&p2=%5EAGA%5EBND419%5EYY%5EFR{searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/?gws_rd=ssl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/?gws_rd=ssl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2419}: "URL" = https://www.search.ask.com/web?l=dis&q=&o=APN10649&apn_dtid=%5EBND419%5EYY%5EFR&shad=s_0043&apn_uid=1500101571074127&gct=ds&apn_ptnrs=%5EAGA&d=419-0&lang=en&atb=sysid%3D419%3Auid%3D6460f1a9f156fd36%3Auc2%3D240%3Atypekbn%3Dn11178%3Asrc%3Dieb%3Ao%3DAPN10649%3Atg%3D&p2=%5EAGA%5EBND419%5EYY%5EFR{searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}: "URL" = https://www.google.com/webhp?hl=en&gws_rd=ssl{searchTerms}&meta=
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}: "URL" = https://www.google.com/webhp?hl=en&gws_rd=ssl{searchTerms}&meta=
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\..\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutB0CtByB0DyBtAtD0EyByCtBtByCyBzytN0D0Tzu0SyBtBtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=710721245&ir=
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2419}: "URL" = https://www.search.ask.com/web?l=dis&q=&o=APN10649&apn_dtid=%5EBND419%5EYY%5EFR&shad=s_0043&apn_uid=1500101571074127&gct=ds&apn_ptnrs=%5EAGA&d=419-0&lang=en&atb=sysid%3D419%3Auid%3D6460f1a9f156fd36%3Auc2%3D240%3Atypekbn%3Dn11178%3Asrc%3Dieb%3Ao%3DAPN10649%3Atg%3D&p2=%5EAGA%5EBND419%5EYY%5EFR{searchTerms}
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49182;https=127.0.0.1:49182

IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1001\..\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}: "URL" = https://www.google.com/webhp?hl=en&gws_rd=ssl{searchTerms}&meta=

IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes,DefaultScope = {637D6E3C-DF93-48A5-8362-159A8AC56B11}
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}: "URL" = https://www.google.com/webhp?hl=en&gws_rd=ssl{searchTerms}&meta=
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes,DefaultScope = {637D6E3C-DF93-48A5-8362-159A8AC56B11}
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}: "URL" = https://www.google.com/webhp?hl=en&gws_rd=ssl{searchTerms}&meta=
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========/color

FF:[b]64bit:/b - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:/b - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:/b - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:[b]64bit:/b - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:[b]64bit:/b - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{2f142d2b-e3c3-44f2-a7db-1b2f1aa4c8ca}: C:\Program Files (x86)\Re-Markable\150.xpi

[2013/12/07 17:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MICHEL\AppData\Roaming\mozilla\Extensions

[color=#E56717]========== Chrome ==========/color

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.fr/?gws_rd=ssl
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Recherche Google = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: instant translate = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\1.8.1_0\
CHR - Extension: Downloads = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbalphdbabbndjidpoacmfgjaniipcj\1.0.4_0\
CHR - Extension: Vérificateur de messages Google = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Google Wallet = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.16_0\
CHR - Extension: Gmail = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (PDFXChange 2012) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll (Tracker Software Products (Canada) Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:[b]64bit:/b - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDFXChange 2012) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll (Tracker Software Products (Canada) Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:[b]64bit:/b - HKLM..\Run: [CsrAudioguiCtrl] C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe (Cambridge Silicon Radio Limited)
O4:[b]64bit:/b - HKLM..\Run: [CSRHarmonySkypePlugin] C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe (Cambridge Silicon Radio Limited)
O4:[b]64bit:/b - HKLM..\Run: [CsrHCRPServer] C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe (Cambridge Silicon Radio Limited)
O4:[b]64bit:/b - HKLM..\Run: [CsrSyncMLServer] C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe ()
O4:[b]64bit:/b - HKLM..\Run: [HarmonyUserStartup] C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe (Cambridge Silicon Radio Limited)
O4:[b]64bit:/b - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:[b]64bit:/b - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [TrayApplication] C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe (Cambridge Silicon Radio Limited)
O4:[b]64bit:/b - HKLM..\Run: [vksts] C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe (Cambridge Silicon Radio Limited)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000..\Run: [HP Deskjet 3520 series (NET)] C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000..\Run: [WebInternetSecurity] C:\Users\MICHEL\AppData\Local\WebInternetSecurity\WebInternetSecurity.exe (WebInternetSecurity)
O4 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000..\Run: [WebInternetSecurity Update Task] C:\Users\MICHEL\AppData\Local\WebInternetSecurity\uninstall.webinternetsecurity.exe ()
O4 - HKU\S-1-5-21-370734024-4008565141-4128318953-1001..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [Facebook Update] C:\Users\JULES\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [Skype] "C:\Users\JULES\AppData\Local\Skype\Phone\Skype.exe" /minimized /regrun File not found
O4 - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-370734024-4008565141-4128318953-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\MICHEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MICHEL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Services present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1001\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1001\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:/b - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19A39410-B063-4C6E-8EA8-72F37049E755}: DhcpNameServer = 212.27.40.241 212.27.40.240
O18:[b]64bit:/b - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:[b]64bit:/b - AppInit_DLLs: (C:\Program Files C:\Program Files (x86)\Movies) - File not found
O20 - AppInit_DLLs: (C:\Program Files C:\Program Files (x86)\Movies) - File not found
O20:[b]64bit:/b - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:/b - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:/b - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:[b]64bit:/b - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:[b]64bit:/b - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:[b]64bit:/b - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:[b]64bit:/b - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:[b]64bit:/b - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:[b]64bit:/b - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:[b]64bit:/b - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:[b]64bit:/b - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:/b - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:/b - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:/b - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:/b - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2014/03/29 02:47:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MICHEL\Desktop\OTL.exe
[2014/03/28 18:09:39 | 000,000,000 | R--D | C] -- C:\Users\MICHEL\Dropbox
[2014/03/28 18:04:29 | 000,000,000 | ---D | C] -- C:\Users\MICHEL\AppData\Roaming\DropboxMaster
[2014/03/28 18:04:17 | 000,000,000 | ---D | C] -- C:\Users\MICHEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/03/28 18:03:45 | 000,000,000 | ---D | C] -- C:\Users\MICHEL\AppData\Roaming\Dropbox
[2014/03/28 10:07:34 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/03/28 10:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/03/28 10:07:24 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/03/28 10:07:24 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/03/28 10:07:24 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/28 10:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/03/28 10:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/27 18:11:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/27 17:59:38 | 000,000,000 | ---D | C] -- C:\Users\MICHEL\AppData\Local\WebInternetSecurity
[2014/03/27 17:58:30 | 000,000,000 | ---D | C] -- C:\Users\MICHEL\AppData\Local\Software
[2014/03/27 17:51:16 | 000,000,000 | ---D | C] -- D:\MICHEL\Documents\VIRUS
[2014/03/25 12:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MonAlbumPhoto
[2014/03/25 12:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MonAlbumPhoto
[2014/03/25 12:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\albumphoto
[2014/03/24 12:54:12 | 000,000,000 | ---D | C] -- C:\Users\MICHEL\AppData\Roaming\OpenOffice
[2014/03/24 12:53:39 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
[2014/03/24 12:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2014/03/24 12:52:39 | 000,000,000 | ---D | C] -- C:\Users\MICHEL\Desktop\OpenOffice 4.0.1 (fr) Installation Files
[2014/03/23 20:31:30 | 000,000,000 | ---D | C] -- C:\Users\MICHEL\AppData\Roaming\Panasonic
[2014/03/20 17:28:43 | 000,000,000 | ---D | C] -- D:\MICHEL\Documents\BASSIN ARCACHON
[2014/03/19 22:57:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\SmartSwitch
[2014/03/19 22:57:01 | 000,000,000 | ---D | C] -- C:\Users\MICHEL\AppData\Roaming\Samsung
[2014/03/19 21:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/03/13 18:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/03/13 18:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/03/13 18:54:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/03/13 18:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/03/13 18:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/03/13 18:43:00 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/03/13 18:43:00 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/03/13 18:42:59 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/03/13 18:42:59 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/03/13 18:42:59 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/03/13 18:42:58 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/03/13 18:42:58 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/03/13 18:42:58 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/03/13 18:42:58 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/03/13 18:42:58 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/03/13 18:42:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/03/13 18:42:58 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/03/13 18:42:57 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/03/13 18:42:57 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/03/13 18:42:57 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/03/13 18:42:57 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/03/13 18:42:57 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/03/13 18:42:57 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/03/13 18:42:57 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/03/13 18:42:56 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/03/13 18:42:56 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/03/13 18:42:56 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/03/13 18:42:56 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/03/13 18:42:56 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/03/13 18:42:55 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/03/13 18:42:55 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/03/13 18:39:53 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/03/13 18:39:53 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/03/13 18:39:53 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/03/11 16:34:32 | 006,574,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/03/11 16:34:32 | 005,694,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========/color

[2014/03/29 02:47:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MICHEL\Desktop\OTL.exe
[2014/03/29 02:31:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/29 02:18:13 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/29 00:41:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-370734024-4008565141-4128318953-1002UA.job
[2014/03/28 23:54:29 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/03/28 18:18:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/28 18:09:39 | 000,001,006 | ---- | M] () -- C:\Users\MICHEL\Desktop\Dropbox.lnk
[2014/03/28 18:08:21 | 000,001,016 | ---- | M] () -- C:\Users\MICHEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/03/28 17:52:03 | 000,028,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/28 17:52:03 | 000,028,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/28 17:47:43 | 000,001,984 | ---- | M] () -- C:\Users\MICHEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alertes de surveillance de l'encre - HP Deskjet 3520 series (réseau).lnk
[2014/03/28 12:41:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-370734024-4008565141-4128318953-1002Core.job
[2014/03/28 10:07:25 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/27 18:12:52 | 000,001,324 | ---- | M] () -- C:\Users\MICHEL\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/27 18:12:52 | 000,001,204 | ---- | M] () -- C:\Users\MICHEL\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/27 08:37:11 | 001,670,714 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/27 08:37:11 | 000,747,954 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2014/03/27 08:37:11 | 000,654,564 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/27 08:37:11 | 000,149,976 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2014/03/27 08:37:11 | 000,121,934 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/26
0
NULOS33 Messages postés 12 Date d'inscription jeudi 27 mars 2014 Statut Membre Dernière intervention 31 mars 2014
30 mars 2014 à 19:45
j'ai utilisé ZHPDiag et ZHPFix pour désactiver les proxys,




OTL logfile created on: 29/03/2014 02:51:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MICHEL\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

7,96 Gb Total Physical Memory | 5,73 Gb Available Physical Memory | 71,96% Memory free
15,92 Gb Paging File | 13,19 Gb Available in Paging File | 82,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 58,47 Gb Free Space | 58,47% Space Free | Partition Type: NTFS
Drive D: | 831,41 Gb Total Space | 791,57 Gb Free Space | 95,21% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: MICHEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========/color

PRC - [2014/03/29 02:47:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MICHEL\Desktop\OTL.exe
PRC - [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/03/13 18:36:27 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2014/03/13 18:35:33 | 000,689,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014/03/13 18:35:33 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2014/03/05 09:24:48 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/03/05 09:24:40 | 007,430,968 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/01/03 01:32:12 | 033,508,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\MICHEL\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/30 21:11:47 | 000,797,184 | ---- | M] (WebInternetSecurity) -- C:\Users\MICHEL\AppData\Local\WebInternetSecurity\WebInternetSecurity.exe
PRC - [2013/11/14 12:56:57 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/11/14 12:56:48 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/11/11 08:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/08/27 11:02:58 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/08/27 11:02:56 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2013/08/07 14:24:00 | 000,287,592 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2013/08/07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe


[color=#E56717]========== Modules (No Company Name) ==========/color

MOD - [2014/03/28 18:08:19 | 000,041,984 | ---- | M] () -- c:\users\michel\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqwmmda.dll
MOD - [2014/03/15 01:50:40 | 013,637,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
MOD - [2014/03/15 01:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014/03/15 01:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/15 01:50:35 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
MOD - [2014/03/15 01:50:34 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll
MOD - [2014/03/15 01:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/15 01:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2014/02/18 12:59:37 | 001,091,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\13a5237a9d76679b8b2f855a8485688a\System.ServiceModel.Web.ni.dll
MOD - [2014/02/18 12:58:56 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\63a75869cd4d300a84cd40f329b81e13\System.IdentityModel.ni.dll
MOD - [2014/02/18 12:58:54 | 019,692,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e5227f5391b5b4c2e0cd993054e443c2\System.ServiceModel.ni.dll
MOD - [2014/02/18 12:58:28 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\6feaf474ef03fd07f0ebad9849c18878\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/18 12:58:28 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\e3478968389db3c171dfcef2f202646f\SMDiagnostics.ni.dll
MOD - [2014/02/18 12:58:27 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\0ee41fa2a881c94332f77c337279d700\System.Runtime.Serialization.ni.dll
MOD - [2014/02/18 12:26:39 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/18 12:26:29 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/18 12:26:13 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/18 12:26:10 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/18 12:26:00 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/18 12:25:55 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/17 14:15:18 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\72378b76092322951a615f0a1d955d9b\System.Windows.Forms.ni.dll
MOD - [2014/02/17 14:15:18 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\0ac2703fab5f933747bc09d6d92a7e18\System.Xml.ni.dll
MOD - [2014/02/17 14:15:14 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\225682de27718009f2266167eb827786\System.Core.ni.dll
MOD - [2014/02/17 14:15:12 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\f8ad7c0616801aa60bc983f618e435d8\System.Drawing.ni.dll
MOD - [2014/02/17 14:15:12 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\dacea41baff8cafd72eadf7a4ff1c074\System.Configuration.ni.dll
MOD - [2014/02/17 14:15:11 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e0e02e4da7fbd2dcbb99f5b98427cd90\System.ni.dll
MOD - [2014/02/17 14:15:07 | 016,954,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\34039999fa99a03291fefca43325f98f\mscorlib.ni.dll
MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/12/18 03:25:54 | 003,610,624 | ---- | M] () -- C:\Users\MICHEL\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/11/23 16:13:57 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2013/10/19 00:55:02 | 025,100,288 | ---- | M] () -- C:\Users\MICHEL\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2011/04/12 10:16:03 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\System.resources.dll
MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll


[color=#E56717]========== Services (SafeList) ==========/color

SRV:[b]64bit:/b - [2014/03/01 05:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:/b - [2013/11/23 16:23:36 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:[b]64bit:/b - [2013/11/14 12:57:03 | 015,125,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:[b]64bit:/b - [2013/08/07 14:24:00 | 000,015,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:[b]64bit:/b - [2013/07/30 17:16:10 | 000,204,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:[b]64bit:/b - [2013/05/11 17:45:54 | 000,822,232 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:[b]64bit:/b - [2013/05/11 17:45:38 | 000,733,696 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:[b]64bit:/b - [2012/03/22 21:11:28 | 000,825,032 | ---- | M] (Cambridge Silicon Radio Limited) [Auto | Running] -- C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtService.exe -- (CsrBtService)
SRV:[b]64bit:/b - [2012/03/22 21:11:16 | 001,041,616 | ---- | M] (Cambridge Silicon Radio Limited) [Auto | Running] -- C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe -- (CsrBtOBEXService)
SRV:[b]64bit:/b - [2012/03/22 21:11:08 | 000,465,624 | ---- | M] (Cambridge Silicon Radio Limited) [Auto | Running] -- C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtAudioService.exe -- (CSRBtAudioService)
SRV:[b]64bit:/b - [2012/03/22 21:11:00 | 000,064,216 | ---- | M] (Cambridge Silicon Radio Limited) [Auto | Running] -- C:\Program Files\CSR\CSR Harmony Wireless Software Stack\BtSwitcherService.exe -- (BtSwitcherService)
SRV - [2014/03/19 21:31:30 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/13 18:36:27 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014/03/13 18:35:33 | 000,440,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014/03/05 09:24:48 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/03/05 09:24:46 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/11/14 12:56:48 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/11/11 08:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/09/12 00:54:32 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/27 11:02:58 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/08/27 11:02:56 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========/color

DRV:[b]64bit:/b - [2014/03/28 23:54:29 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:[b]64bit:/b - [2014/03/05 09:26:18 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:[b]64bit:/b - [2014/03/05 09:26:04 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:/b - [2013/12/19 21:59:51 | 000,131,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:[b]64bit:/b - [2013/12/19 21:59:51 | 000,108,440 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:[b]64bit:/b - [2013/12/07 19:05:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:[b]64bit:/b - [2013/11/23 16:14:54 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:/b - [2013/11/23 16:11:16 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:/b - [2013/11/23 16:11:16 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:/b - [2013/11/14 12:57:13 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:[b]64bit:/b - [2013/11/14 12:57:05 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:/b - [2013/10/02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:/b - [2013/08/27 11:02:56 | 000,099,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:[b]64bit:/b - [2013/08/21 10:27:24 | 000,494,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:[b]64bit:/b - [2013/08/07 14:23:46 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:/b - [2013/08/07 14:23:46 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:[b]64bit:/b - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:/b - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:/b - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:/b - [2012/03/22 21:08:36 | 000,023,752 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\csrusbfilter.sys -- (csrusbfilter)
DRV:[b]64bit:/b - [2012/03/22 21:08:34 | 000,047,296 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\csrusb.sys -- (csrusb)
DRV:[b]64bit:/b - [2012/03/22 21:08:32 | 000,061,128 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\csrserial.sys -- (csrserial)
DRV:[b]64bit:/b - [2012/03/22 21:08:30 | 000,039,616 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\csrpan.sys -- (csrpan)
DRV:[b]64bit:/b - [2012/03/22 21:08:22 | 002,784,968 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CsrBtPort.sys -- (CsrBtPort)
DRV:[b]64bit:/b - [2012/03/22 21:08:20 | 000,099,520 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\csrbthav.sys -- (csr_bthav)
DRV:[b]64bit:/b - [2012/03/22 21:08:16 | 000,026,304 | ---- | M] (Cambridge Silicon Radio Limited) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\csravrcp.sys -- (csravrcp)
DRV:[b]64bit:/b - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:[b]64bit:/b - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:[b]64bit:/b - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:/b - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:/b - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:/b - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:/b - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:[b]64bit:/b - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:/b - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:/b - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:/b - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:/b - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========/color


[color=#E56717]========== Internet Explorer ==========/color

IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/?gws_rd=ssl
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/?gws_rd=ssl
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
IE:[b]64bit:/b - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
IE:[b]64bit:/b - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:/b - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
IE:[b]64bit:/b - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2419}: "URL" = https://www.search.ask.com/web?l=dis&q=&o=APN10649&apn_dtid=%5EBND419%5EYY%5EFR&shad=s_0043&apn_uid=1500101571074127&gct=ds&apn_ptnrs=%5EAGA&d=419-0&lang=en&atb=sysid%3D419%3Auid%3D6460f1a9f156fd36%3Auc2%3D240%3Atypekbn%3Dn11178%3Asrc%3Dieb%3Ao%3DAPN10649%3Atg%3D&p2=%5EAGA%5EBND419%5EYY%5EFR{searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/?gws_rd=ssl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/?gws_rd=ssl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2419}: "URL" = https://www.search.ask.com/web?l=dis&q=&o=APN10649&apn_dtid=%5EBND419%5EYY%5EFR&shad=s_0043&apn_uid=1500101571074127&gct=ds&apn_ptnrs=%5EAGA&d=419-0&lang=en&atb=sysid%3D419%3Auid%3D6460f1a9f156fd36%3Auc2%3D240%3Atypekbn%3Dn11178%3Asrc%3Dieb%3Ao%3DAPN10649%3Atg%3D&p2=%5EAGA%5EBND419%5EYY%5EFR{searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}: "URL" = https://www.google.com/webhp?hl=en&gws_rd=ssl{searchTerms}&meta=
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}: "URL" = https://www.google.com/webhp?hl=en&gws_rd=ssl{searchTerms}&meta=
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\..\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutB0CtByB0DyBtAtD0EyByCtBtByCyBzytN0D0Tzu0SyBtBtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=710721245&ir=
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2419}: "URL" = https://www.search.ask.com/web?l=dis&q=&o=APN10649&apn_dtid=%5EBND419%5EYY%5EFR&shad=s_0043&apn_uid=1500101571074127&gct=ds&apn_ptnrs=%5EAGA&d=419-0&lang=en&atb=sysid%3D419%3Auid%3D6460f1a9f156fd36%3Auc2%3D240%3Atypekbn%3Dn11178%3Asrc%3Dieb%3Ao%3DAPN10649%3Atg%3D&p2=%5EAGA%5EBND419%5EYY%5EFR{searchTerms}
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49182;https=127.0.0.1:49182

IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1001\..\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}: "URL" = https://www.google.com/webhp?hl=en&gws_rd=ssl{searchTerms}&meta=

IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes,DefaultScope = {637D6E3C-DF93-48A5-8362-159A8AC56B11}
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}: "URL" = https://www.google.com/webhp?hl=en&gws_rd=ssl{searchTerms}&meta=
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes,DefaultScope = {637D6E3C-DF93-48A5-8362-159A8AC56B11}
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\SearchScopes\{637D6E3C-DF93-48A5-8362-159A8AC56B11}: "URL" = https://www.google.com/webhp?hl=en&gws_rd=ssl{searchTerms}&meta=
IE - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[color=#E56717]========== FireFox ==========/color

FF:[b]64bit:/b - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:/b - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:/b - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:[b]64bit:/b - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:[b]64bit:/b - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{2f142d2b-e3c3-44f2-a7db-1b2f1aa4c8ca}: C:\Program Files (x86)\Re-Markable\150.xpi

[2013/12/07 17:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MICHEL\AppData\Roaming\mozilla\Extensions

[color=#E56717]========== Chrome ==========/color

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.fr/?gws_rd=ssl
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Recherche Google = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: instant translate = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmgiclibbndffejedjimfjmfoabpcke\1.8.1_0\
CHR - Extension: Downloads = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbalphdbabbndjidpoacmfgjaniipcj\1.0.4_0\
CHR - Extension: Vérificateur de messages Google = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Google Wallet = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.16_0\
CHR - Extension: Gmail = C:\Users\MICHEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (PDFXChange 2012) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll (Tracker Software Products (Canada) Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:[b]64bit:/b - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (PDFXChange 2012) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll (Tracker Software Products (Canada) Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:[b]64bit:/b - HKLM..\Run: [CsrAudioguiCtrl] C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrAudioguiCtrl.exe (Cambridge Silicon Radio Limited)
O4:[b]64bit:/b - HKLM..\Run: [CSRHarmonySkypePlugin] C:\Program Files (x86)\CSR\CSR Harmony Wireless Software Stack\CSRHarmonySkypePlugin.exe (Cambridge Silicon Radio Limited)
O4:[b]64bit:/b - HKLM..\Run: [CsrHCRPServer] C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrHCRPServer.exe (Cambridge Silicon Radio Limited)
O4:[b]64bit:/b - HKLM..\Run: [CsrSyncMLServer] C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrSyncMLServer.exe ()
O4:[b]64bit:/b - HKLM..\Run: [HarmonyUserStartup] C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe (Cambridge Silicon Radio Limited)
O4:[b]64bit:/b - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:[b]64bit:/b - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:[b]64bit:/b - HKLM..\Run: [TrayApplication] C:\Program Files\CSR\CSR Harmony Wireless Software Stack\TrayApplication.exe (Cambridge Silicon Radio Limited)
O4:[b]64bit:/b - HKLM..\Run: [vksts] C:\Program Files\CSR\CSR Harmony Wireless Software Stack\vksts.exe (Cambridge Silicon Radio Limited)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000..\Run: [HP Deskjet 3520 series (NET)] C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000..\Run: [WebInternetSecurity] C:\Users\MICHEL\AppData\Local\WebInternetSecurity\WebInternetSecurity.exe (WebInternetSecurity)
O4 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000..\Run: [WebInternetSecurity Update Task] C:\Users\MICHEL\AppData\Local\WebInternetSecurity\uninstall.webinternetsecurity.exe ()
O4 - HKU\S-1-5-21-370734024-4008565141-4128318953-1001..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [Facebook Update] C:\Users\JULES\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [Skype] "C:\Users\JULES\AppData\Local\Skype\Phone\Skype.exe" /minimized /regrun File not found
O4 - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-370734024-4008565141-4128318953-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\MICHEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MICHEL\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Services present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1001\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1001\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\Software\Policies\Microsoft\Internet Explorer\Privacy present
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-370734024-4008565141-4128318953-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O10:[b]64bit:/b - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:/b - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19A39410-B063-4C6E-8EA8-72F37049E755}: DhcpNameServer = 212.27.40.241 212.27.40.240
O18:[b]64bit:/b - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:[b]64bit:/b - AppInit_DLLs: (C:\Program Files C:\Program Files (x86)\Movies) - File not found
O20 - AppInit_DLLs: (C:\Program Files C:\Program Files (x86)\Movies) - File not found
O20:[b]64bit:/b - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:/b - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:/b - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:[b]64bit:/b - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:[b]64bit:/b - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:[b]64bit:/b - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:[b]64bit:/b - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:[b]64bit:/b - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:[b]64bit:/b - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:[b]64bit:/b - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:[b]64bit:/b - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bpsvc.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\protectedsearch.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\searchprotection.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\snapdo.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst32.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\stinst64.exe: Debugger - C:\Windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:/b - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:/b - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:/b - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:/b - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========/color

[2014/03/29 02:47:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MICHEL\Desktop\OTL.exe
[2014/03/28 18:09:39 | 000,000,000 | R--D | C] -- C:\Users\MICHEL\Dropbox
[2014/03/28 18:04:29 | 000,000,000 | ---D | C] -- C:\Users\MICHEL\AppData\Roaming\DropboxMaster
[2014/03/28 18:04:17 | 000,000,000 | ---D | C] -- C:\Users\MICHEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/03/28 18:03:45 | 000,000,000 | ---D | C] -- C:\Users\MICHEL\AppData\Roaming\Dropbox
[2014/03/28 10:07:34 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/03/28 10:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/03/28 10:07:24 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/03/28 10:07:24 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/03/28 10:07:24 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/03/28 10:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/03/28 10:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/27 18:11:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/27 17:59:38 | 000,000,000 | ---D | C] -- C:\Users\MICHEL\AppData\Local\WebInternetSecurity
[2014/03/27 17:58:30 | 000,000,000 | ---D | C] -- C:\Users\MICHEL\AppData\Local\Software
[2014/03/27 17:51:16 | 000,000,000 | ---D | C] -- D:\MICHEL\Documents\VIRUS
[2014/03/25 12:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MonAlbumPhoto
[2014/03/25 12:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MonAlbumPhoto
[2014/03/25 12:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\albumphoto
[2014/03/24 12:54:12 | 000,000,000 | ---D | C] -- C:\Users\MICHEL\AppData\Roaming\OpenOffice
[2014/03/24 12:53:39 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
[2014/03/24 12:53:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2014/03/24 12:52:39 | 000,000,000 | ---D | C] -- C:\Users\MICHEL\Desktop\OpenOffice 4.0.1 (fr) Installation Files
[2014/03/23 20:31:30 | 000,000,000 | ---D | C] -- C:\Users\MICHEL\AppData\Roaming\Panasonic
[2014/03/20 17:28:43 | 000,000,000 | ---D | C] -- D:\MICHEL\Documents\BASSIN ARCACHON
[2014/03/19 22:57:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\SmartSwitch
[2014/03/19 22:57:01 | 000,000,000 | ---D | C] -- C:\Users\MICHEL\AppData\Roaming\Samsung
[2014/03/19 21:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/03/13 18:55:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/03/13 18:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/03/13 18:54:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/03/13 18:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/03/13 18:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/03/13 18:43:00 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wer.dll
[2014/03/13 18:43:00 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wer.dll
[2014/03/13 18:42:59 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/03/13 18:42:59 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/03/13 18:42:59 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/03/13 18:42:58 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/03/13 18:42:58 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/03/13 18:42:58 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/03/13 18:42:58 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/03/13 18:42:58 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/03/13 18:42:58 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/03/13 18:42:58 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/03/13 18:42:57 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/03/13 18:42:57 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/03/13 18:42:57 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/03/13 18:42:57 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/03/13 18:42:57 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/03/13 18:42:57 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/03/13 18:42:57 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/03/13 18:42:56 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/03/13 18:42:56 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/03/13 18:42:56 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/03/13 18:42:56 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/03/13 18:42:56 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/03/13 18:42:55 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/03/13 18:42:55 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/03/13 18:39:53 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2014/03/13 18:39:53 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2014/03/13 18:39:53 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2014/03/11 16:34:32 | 006,574,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/03/11 16:34:32 | 005,694,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[color=#E56717]========== Files - Modified Within 30 Days ==========/color

[2014/03/29 02:47:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MICHEL\Desktop\OTL.exe
[2014/03/29 02:31:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/29 02:18:13 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/29 00:41:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-370734024-4008565141-4128318953-1002UA.job
[2014/03/28 23:54:29 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/03/28 18:18:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/28 18:09:39 | 000,001,006 | ---- | M] () -- C:\Users\MICHEL\Desktop\Dropbox.lnk
[2014/03/28 18:08:21 | 000,001,016 | ---- | M] () -- C:\Users\MICHEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/03/28 17:52:03 | 000,028,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/28 17:52:03 | 000,028,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/28 17:47:43 | 000,001,984 | ---- | M] () -- C:\Users\MICHEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Alertes de surveillance de l'encre - HP Deskjet 3520 series (réseau).lnk
[2014/03/28 12:41:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-370734024-4008565141-4128318953-1002Core.job
[2014/03/28 10:07:25 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/27 18:12:52 | 000,001,324 | ---- | M] () -- C:\Users\MICHEL\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/27 18:12:52 | 000,001,204 | ---- | M] () -- C:\Users\MICHEL\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/03/27 08:37:11 | 001,670,714 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/27 08:37:11 | 000,747,954 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2014/03/27 08:37:11 | 000,654,564 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/27 08:37:11 | 000,149,976 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2014/03/27 08:37:11 | 000,121,934 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/26 12:20:58 | 0
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
30 mars 2014 à 19:51
Ce n'est pas un rapport de Correction.
0
NULOS33 Messages postés 12 Date d'inscription jeudi 27 mars 2014 Statut Membre Dernière intervention 31 mars 2014
30 mars 2014 à 23:07
je pense que c'est çà


OTL Extras logfile created on: 29/03/2014 02:51:32 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MICHEL\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

7,96 Gb Total Physical Memory | 5,73 Gb Available Physical Memory | 71,96% Memory free
15,92 Gb Paging File | 13,19 Gb Available in Paging File | 82,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 58,47 Gb Free Space | 58,47% Space Free | Partition Type: NTFS
Drive D: | 831,41 Gb Total Space | 791,57 Gb Free Space | 95,21% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: MICHEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-370734024-4008565141-4128318953-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D100BD-8BBD-4463-9886-917A24454BF4}" = lport=138 | protocol=17 | dir=in | app=system |
"{12266CD7-9821-4C7C-A50E-E410C335F447}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2B084B1B-1DBC-4BE9-A693-FEEB8C1EDC4C}" = lport=139 | protocol=6 | dir=in | app=system |
"{330635E1-3518-47FE-A762-F102DAF3A2CF}" = rport=445 | protocol=6 | dir=out | app=system |
"{669D7AD9-8DE2-4E29-9F74-A81752D05930}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{8025F561-1A64-4ECB-942E-170C7FD0D22D}" = rport=137 | protocol=17 | dir=out | app=system |
"{80EB004F-8D05-4D3C-B65A-40F631382D1E}" = lport=137 | protocol=17 | dir=in | app=system |
"{8D8C3F9F-F4B5-4788-993F-345E1FB3E021}" = rport=138 | protocol=17 | dir=out | app=system |
"{9E046B61-6723-464B-9770-72F950CEC31E}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{9FEF89A5-4270-4BE4-B915-B1F391DD0F7B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A2335E59-8062-46D5-A03B-2A0E5BDA4267}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{A992BA92-4EE2-4FC0-93B6-AAEF76D5499F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AC6FB129-0AEE-40CE-969D-FABB81A7B53E}" = lport=445 | protocol=6 | dir=in | app=system |
"{E79C42D7-4F12-4BBE-AE66-625A39510041}" = rport=139 | protocol=6 | dir=out | app=system |
"{EBE3FF13-5D99-40AF-A7E1-2E3AB7C6ACA3}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{F87FAF35-2D65-41FC-98D3-1334B7559667}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033022D7-63C0-4416-812D-3FEBE8EE3D7C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0C1207CF-6FE1-47DA-B6DA-DFFF4CFDA411}" = protocol=6 | dir=in | app=c:\program files (x86)\movies toolbar\datamngr\srtoolbar\ie\dtuser.exe |
"{10EBF0E3-0116-4444-8537-82317E7B154E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{14407A90-D8F5-43E5-9AB8-346B6F17EF70}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{346E5F41-6515-457B-9119-2211051EA804}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3E8D01CD-5ED2-4630-AB46-B1A64F82F693}" = dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{41833DF7-3AAB-468E-8B02-E284538F90AC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{43133841-7523-4774-B07C-EF68412CDEAF}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicatorcom.exe |
"{4BC98FB8-DD43-4326-B170-D66F12FCD9B3}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\devicesetup.exe |
"{7F88C03F-63A0-479B-9266-06C7221B8F4D}" = protocol=6 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{9470355A-F4C2-4C97-AA60-1BCBFEA65D8C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9BCD1236-CF3B-406D-9E96-60F7FF285039}" = protocol=6 | dir=in | app=c:\users\michel\appdata\roaming\dropbox\bin\dropbox.exe |
"{BF3C5F30-9463-4B1E-8F2E-60DA0D5AEF18}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe |
"{C652A686-08A4-43C2-B538-896168ED779A}" = protocol=17 | dir=in | app=c:\program files (x86)\bearshare applications\bearshare\bearshare.exe |
"{CBCAB30F-0718-40EA-A070-5CE78900A759}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D748F264-D7D5-4D38-BB2C-6B57EC82DD67}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D8AEEB44-5D4D-4629-94B8-580F16D54DAE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{DFD1EF41-5282-4CEF-87AE-E0E62811B28B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E3042EEC-2C3D-4078-9610-585775F1DCF1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F8C42EBA-9C60-4EAF-8A02-AD15E86FA86B}" = protocol=17 | dir=in | app=c:\users\michel\appdata\roaming\dropbox\bin\dropbox.exe |
"{F9F902E3-C2B4-4659-BA63-9D1DA8415438}" = protocol=17 | dir=in | app=c:\program files (x86)\movies toolbar\datamngr\srtoolbar\ie\dtuser.exe |
"TCP Query User{014EC8C8-2EAA-49F9-ABB4-5741D907BD38}C:\users\michel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\michel\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{10FA3152-603F-4087-B565-EE5DB43BA0F6}C:\users\michel\desktop\microsoft toolkit.exe" = protocol=6 | dir=in | app=c:\users\michel\desktop\microsoft toolkit.exe |
"TCP Query User{2B609CE9-98E0-4A61-AEFE-E4F28CF61591}C:\users\jules\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\jules\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{4164E1C9-60E8-425F-A6A1-BED931E251A0}C:\users\michel\desktop\microsoft toolkit.exe" = protocol=17 | dir=in | app=c:\users\michel\desktop\microsoft toolkit.exe |
"UDP Query User{D011ECB0-9199-45F5-9688-41B761E565FA}C:\users\jules\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\jules\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"UDP Query User{EAE30C22-09EC-4729-9215-FE1738B74F97}C:\users\michel\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\michel\appdata\roaming\dropbox\bin\dropbox.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17DEA095-8EE1-49A2-AC5A-9663DB098FA9}" = CSR Harmony Wireless Software Stack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2FF9A24D-EFCA-4F3E-8EEC-16F2D4E1E7E8}" = PDF-XChange Editor
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{54F2237F-018C-483B-8884-9FC0D88840C3}" = VC_CRT_x64
"{594AEAFB-0822-4EA9-A5B8-309485A515EE}" = Intel(R) Network Connections 18.7.28.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{78A98B47-C599-3263-9848-F8A1C05A4456}" = Microsoft .NET Framework 4.5.1 (FRA)
"{7E59919F-564E-3FB5-B1FC-884251B18B06}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A0AFE76-95AC-40B9-A95C-A1BABD4A552B}" = Logiciel de base du périphérique HP Deskjet 3520 series
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-040C-1000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2010
"{90140000-0016-040C-1000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2010
"{90140000-0018-040C-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2010
"{90140000-0019-040C-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2010
"{90140000-001A-040C-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2010
"{90140000-001B-040C-1000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2010
"{90140000-001F-0401-1000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0413-1000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-040C-1000-0000000FF1CE}" = Microsoft Office Proofing (French) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-040C-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (French) 2010
"{90140000-0044-040C-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2010
"{90140000-006E-040C-1000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2010
"{90140000-00A1-040C-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2010
"{90140000-00BA-040C-1000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2010
"{93F692D4-0C4D-4EED-9BFE-657C1D5959FE}" = Intel(R) Rapid Storage Technology
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Pilote 3D Vision 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Pilote du contrôleur 3D Vision 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Logiciel système PhysX 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Mises à jour NVIDIA 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Pilote audio HD : 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{F92F0AAB-2EF6-412C-8BF4-0B11EB535280}_is1" = PDF-XChange 2012 Pro
"Office14.PROPLUS" = Microsoft Office Professionnel Plus 2010
"PROSetDX" = Intel(R) Network Connections 18.7.28.0
"VLC media player" = VLC media player 2.1.4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4C6F4EE5-F42F-4288-B970-2B5FAD1D85BD}" = Boxore Client
"{57476447-95ee-4c7c-8373-875ad649bbb9}" = PDF-XChange Editor
"{5909A89E-C97F-407C-AE2B-47BDED86BF5D}" = Prerequisite installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{8D5D54B8-3D29-4AB4-8DA8-1868DAF941D8}" = OpenOffice 4.0.1
"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
"{9347E332-74BC-4738-9D37-FEC946F1900F}" = HP Deskjet 3520 series Aide
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}" = HP Deskjet 3520 series Setup Guide
"{B166374C-105E-445E-8E5D-A86CA5742645}" = Nero Burning Core
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{CDFE8F95-F80F-4115-9C3F-0E1FD8F9F58C}" = Nero ControlCenter Help (CHM)
"{D8DBDAC8-C435-4EA7-816F-6D2E4A728D49}" = Nero Burning ROM 2014
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2B9C8D6-C69C-4BA7-95D2-66F1C68D15DA}" = Nero Burning ROM
"{FA78CC15-9F90-443B-BA61-A66595F06432}" = Nero Burning ROM Help (CHM)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Free HD Converter_is1" = Free HD Converter V 2.0
"Google Chrome" = Google Chrome
"koyotesoftmoviestoolbarhaIE" = Movies Toolbar for Internet Explorer (Dist. by Koyote-Lab, Inc.)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.00.0.1000
"MonAlbumPhoto_is1" = MonAlbumPhoto
"Mozilla Thunderbird 24.4.0 (x86 fr)" = Mozilla Thunderbird 24.4.0 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PrivaZer" = PrivaZer

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-370734024-4008565141-4128318953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Bandizip" = Bandizip
"Dropbox" = Dropbox
"Webinternetsecurity" = WebInternetSecurity

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 28/03/2014 04:48:38 | Computer Name = HOME-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 28/03/2014 04:48:38 | Computer Name = HOME-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 28/03/2014 04:50:18 | Computer Name = HOME-PC | Source = WinMgmt | ID = 10
Description =

Error - 28/03/2014 05:19:58 | Computer Name = HOME-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 28/03/2014 05:19:58 | Computer Name = HOME-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 28/03/2014 05:21:15 | Computer Name = HOME-PC | Source = WinMgmt | ID = 10
Description =

Error - 28/03/2014 12:46:13 | Computer Name = HOME-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 28/03/2014 12:46:13 | Computer Name = HOME-PC | Source = NvStreamSvc | ID = 131073
Description =

Error - 28/03/2014 12:47:24 | Computer Name = HOME-PC | Source = WinMgmt | ID = 10
Description =

Error - 28/03/2014 21:01:58 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Nom de l'application défaillante mbamscheduler.exe, version : 2.0.23.0,
horodatage : 0x52f2947e Nom du module défaillant : MSVCR100.dll, version : 10.0.40219.325,
horodatage : 0x4df2be1e Code d'exception : 0x40000015 Décalage d'erreur : 0x0008d6fd
ID
du processus défaillant : 0x69c Heure de début de l'application défaillante : 0x01cf4aa528dfeb03
Chemin
d'accès de l'application défaillante : C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
Chemin
d'accès du module défaillant: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll
ID
de rapport : ba3e146d-b6dd-11e3-b6d3-2c27d730e762

[ System Events ]
Error - 25/03/2014 19:39:17 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7043
Description = Le service Service audio Bluetooth CSR ne s'est pas fermé correctement
après avoir reçu une commande d'anticipation de fermeture.

Error - 26/03/2014 07:21:38 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7034
Description = Le service Acquisition d'image Windows (WIA) s'est terminé de façon
inattendue pour la 1ème fois.

Error - 26/03/2014 09:04:35 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7043
Description = Le service Service audio Bluetooth CSR ne s'est pas fermé correctement
après avoir reçu une commande d'anticipation de fermeture.

Error - 27/03/2014 05:53:01 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7043
Description = Le service Service audio Bluetooth CSR ne s'est pas fermé correctement
après avoir reçu une commande d'anticipation de fermeture.

Error - 27/03/2014 12:31:47 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7034
Description = Le service Acquisition d'image Windows (WIA) s'est terminé de façon
inattendue pour la 1ème fois.

Error - 27/03/2014 13:17:37 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7043
Description = Le service Service audio Bluetooth CSR ne s'est pas fermé correctement
après avoir reçu une commande d'anticipation de fermeture.

Error - 27/03/2014 18:00:44 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7043
Description = Le service Service audio Bluetooth CSR ne s'est pas fermé correctement
après avoir reçu une commande d'anticipation de fermeture.

Error - 28/03/2014 05:18:55 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7043
Description = Le service Service audio Bluetooth CSR ne s'est pas fermé correctement
après avoir reçu une commande d'anticipation de fermeture.

Error - 28/03/2014 12:45:04 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7043
Description = Le service Service audio Bluetooth CSR ne s'est pas fermé correctement
après avoir reçu une commande d'anticipation de fermeture.

Error - 28/03/2014 21:01:59 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7034
Description = Le service MBAMScheduler s'est terminé de façon inattendue pour la
1ème fois.


< End of report >
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
30 mars 2014 à 23:58
Merci de lire ce qui est demandé de faire...
0
NULOS33 Messages postés 12 Date d'inscription jeudi 27 mars 2014 Statut Membre Dernière intervention 31 mars 2014
31 mars 2014 à 23:28
Désolé, mais je ne comprend pas ce que vous voulez dire..........comme je vous l'ai dis, l'informatique et moi......essayez d'être compréhensif....d'avance merci. De plus un événement m'oblige à m'absenter une quinzaine de jours......pourrait-on reprendre contact à ce moment là ???????? Merci
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
1 avril 2014 à 08:20
tu as copié/collé le rapport ici, il faut utiliser pjjoint.
0