Virus pirit help !

Réponse 21 / 50

scothy1 Messages postés 16 Date d'inscription Statut Membre Dernière intervention

https://pjjoint.malekal.com/files.php?id=20140829_j9r6t7s11m13

Réponse 22 / 50

Malekal_morte- Messages postés 180304 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention

Tu as réinstallé des programmes parasites hier soir, donc faut recommencer le nettoyage AdwCleaner puis OTL ensuite.

Faudrait faire un peu attention à ce que les utilisateurs installent sur ce PC.

Réponse 23 / 50

scothy

Il n'y a que moi qui me sert de cet ordinateur. ...

Malekal_morte- Messages postés 180304 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention

je me doute :)

Réponse 24 / 50

scothy1 Messages postés 16 Date d'inscription Statut Membre Dernière intervention

# AdwCleaner v3.308 - Rapport créé le 30/08/2014 à 23:36:34
# Mis à jour le 20/08/2014 par Xplode
# Système d'exploitation : Windows 7 Starter Service Pack 1 (32 bits)
# Nom d'utilisateur : Idrissi Marie jeanne - IDRISSI
# Exécuté depuis : C:\Users\Idrissi Marie jeanne\Downloads\adwcleaner_3.308 (4).exe
# Option : Nettoyer

***** [ Services ] *****

[#] Service Supprimé : BackupStack
Service Supprimé : IePluginServices
Service Supprimé : LPTSystemUpdater
Service Supprimé : WindowsMangerProtect

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\IePluginServices
Dossier Supprimé : C:\ProgramData\WindowsMangerProtect
Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freesofttoday
Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Dossier Supprimé : C:\Program Files\LPT
Dossier Supprimé : C:\Program Files\MyPC Backup
Dossier Supprimé : C:\Program Files\NewPlayer
Dossier Supprimé : C:\Program Files\SupTab
Dossier Supprimé : C:\Program Files\fst_fr_369
Dossier Supprimé : C:\Users\Idrissi Marie jeanne\AppData\Local\LPT
Dossier Supprimé : C:\Users\Idrissi Marie jeanne\AppData\Local\Pay-By-Ads
Dossier Supprimé : C:\Users\Idrissi Marie jeanne\AppData\Local\Smartbar
Dossier Supprimé : C:\Users\Idrissi Marie jeanne\AppData\Local\fst_fr_369
Dossier Supprimé : C:\Users\IDRISS~1\AppData\Local\Temp\Smartbar
Dossier Supprimé : C:\Users\Idrissi Marie jeanne\AppData\LocalLow\Smartbar
Dossier Supprimé : C:\Users\Idrissi Marie jeanne\AppData\Roaming\webssearches
Dossier Supprimé : C:\Users\Idrissi Marie jeanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Fichier Supprimé : C:\Users\Idrissi Marie jeanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Fichier Supprimé : C:\Users\Idrissi Marie jeanne\Desktop\MyPC Backup.lnk
Fichier Supprimé : C:\Users\Idrissi Marie jeanne\Desktop\Sync Folder.lnk

***** [ Tâches planifiées ] *****

Tâche Supprimée : LaunchSignup

***** [ Raccourcis ] *****

Raccourci Désinfecté : C:\Users\Idrissi Marie jeanne\Desktop\Search.lnk
Raccourci Désinfecté : C:\Users\Idrissi Marie jeanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Raccourci Désinfecté : C:\Users\Idrissi Marie jeanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Raccourci Désinfecté : C:\Users\Idrissi Marie jeanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Raccourci Désinfecté : C:\Users\Idrissi Marie jeanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Raccourci Désinfecté : C:\Users\Idrissi Marie jeanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Raccourci Désinfecté : C:\Users\Idrissi Marie jeanne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk

***** [ Registre ] *****

Clé Supprimée : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Clé Supprimée : HKLM\SOFTWARE\Classes\iesmartbar.bho
Clé Supprimée : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Clé Supprimée : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Clé Supprimée : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Clé Supprimée : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Clé Supprimée : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Clé Supprimée : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Clé Supprimée : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_fr_369]
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Clé Supprimée : HKCU\Software\Myfree Codec
Clé Supprimée : HKCU\Software\SmartBar
Clé Supprimée : HKCU\Software\smartbarbackup
Clé Supprimée : HKCU\Software\smartbarlog
Clé Supprimée : HKCU\Software\SupHpUISoft
Clé Supprimée : HKCU\Software\Tutorials
Clé Supprimée : HKCU\Software\TutoTag
Clé Supprimée : HKCU\Software\AppDataLow\Software\DynConIE
Clé Supprimée : HKLM\SOFTWARE\FreeSoftToday
Clé Supprimée : HKLM\SOFTWARE\SupDp
Clé Supprimée : HKLM\SOFTWARE\SupTab
Clé Supprimée : HKLM\SOFTWARE\supWindowsMangerProtect
Clé Supprimée : HKLM\SOFTWARE\supWPM
Clé Supprimée : HKLM\SOFTWARE\Tutorials
Clé Supprimée : HKLM\SOFTWARE\webssearchesSoftware
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fst_fr_369_is1
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17239

Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v21.0 (fr)

[ Fichier : C:\Users\Idrissi Marie jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\jgyi9otj.default-1341230711970\prefs.js ]

[ Fichier : C:\Users\Idrissi Marie jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\jyvv30u9.default\prefs.js ]

Ligne Supprimée : user_pref("browser.search.selectedEngine","Search The Web (mysearchs)");
Ligne Supprimée : user_pref("browser.search.defaultenginename","Search The Web (mysearchs)");

[ Fichier : C:\Users\Idrissi Marie jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\nr4xjany.default-1348511095266\prefs.js ]

Ligne Supprimée : user_pref("browser.search.defaultenginename", "Search The Web (mysearchs)");
Ligne Supprimée : user_pref("browser.search.selectedEngine","Search The Web (mysearchs)");

*************************

AdwCleaner[R0].txt - [1352 octets] - [27/08/2014 12:33:22]
AdwCleaner[R1].txt - [1593 octets] - [27/08/2014 22:00:46]
AdwCleaner[R2].txt - [11922 octets] - [30/08/2014 23:27:04]
AdwCleaner[S0].txt - [1415 octets] - [27/08/2014 12:36:18]
AdwCleaner[S1].txt - [1657 octets] - [27/08/2014 22:12:25]
AdwCleaner[S2].txt - [10284 octets] - [30/08/2014 23:36:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [10345 octets] ##########

Malekal_morte- Messages postés 180304 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention

ok, passe à OTL :)

Réponse 25 / 50

scothy

Impossible maintenant de faire un copier coller pour mettre dans le rectangle du bas d'OTL, j'y ai passé des heures, hier encore j'avais réussi mais mon ordinateur pendant le scan d'otl s'est éteint ....

Ras le bol je vais réinitialiser mon ordinateur mais comment faire pour ne pas perdre surtout mes photos? comme je suis nul en informatique peut tu m'aider encore pour le faire ou trouver une autre solution?

Ma souris ne marche qu'a moitié, je l'ai changé et c'est toujours la même chose la page ne veut plus monter ni descendre ....impossible de faire un copier coller enfin bref je jette l'éponge .

Là je suis sur mon ordinateur vista c'est pour ça que je n'ai pas de problème .

Merci .

Malekal_morte- Messages postés 180304 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention

il faut que tu copies tes photos dans une autre partition ou disque externe.

Ce sont tes enfants qui installent tous ces trucs ?

Réponse 26 / 50

scothy

Je te l'ai dit il n'y a que moi qui me sert de cet ordinateur et j'ai du faire une sacré bêtise pour en arriver là .

Une clés USB fera l'affaire ?

Si oui peut tu me donner la marche à suivre ???

Merci encore

Malekal_morte- Messages postés 180304 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention

Tu mets la clef USB.
Tu vas sur les documents en question et clic droit / envoyer / Clef USB.

Réponse 27 / 50

scothy

Voila c'est fait .

Réponse 28 / 50

Malekal_morte- Messages postés 180304 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention

ok, une fois que tu as tout réinitialisé, avant de réinstaller quoique ce soit,

Pour prévenir les sites malicieux, tu peux installer Blockulicious : https://forum.malekal.com/viewtopic.php?t=46656&start=

Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/

Parce que si tu vas sur un mauvais site de téléchargement, tu vas remettre des merdouilles.

Réponse 29 / 50

scothy

Oui cette fois je ferai très attention ...

Disque amovible veut bien dire CLÉS USB ???Si oui alors j'ai bien récupéré mes images et vidéo .

Sinon je voudrais rendre mon ordinateur comme il était quand je l'ai acheté c'est à dire USINE.

Peux tu me dire ou cliquer exactement pour en arriver là !

Merci

Malekal_morte- Messages postés 180304 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention

La procédure est un peu différente selon le constructeur, c'est quelle marque ?

Réponse 30 / 50

scothy1 Messages postés 16 Date d'inscription Statut Membre Dernière intervention

Acer .

Malekal_morte- Messages postés 180304 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention

Regarde là :
https://www.commentcamarche.net/faq/8775-restaurer-un-ordinateur-acer-a-son-etat-d-usine

Réponse 31 / 50

scothy

Merci, j'étais entrain de regarder cette page, j'espère m'en sortir sans disque de restauration car c'est un ordinateur mini sans lecteur DVD.

Malekal_morte- Messages postés 180304 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention

ok :)

Réponse 32 / 50

scothy

Bon je fais un dernier essai .

Réponse 33 / 50

scothy1 Messages postés 16 Date d'inscription Statut Membre Dernière intervention

https://pjjoint.malekal.com/files.php?id=20140901_i6x14d6p14p7

Réponse 34 / 50

scothy1 Messages postés 16 Date d'inscription Statut Membre Dernière intervention

# AdwCleaner v3.308 - Rapport créé le 01/09/2014 à 15:44:15
# Mis à jour le 20/08/2014 par Xplode
# Système d'exploitation : Windows 7 Starter Service Pack 1 (32 bits)
# Nom d'utilisateur : Idrissi Marie jeanne - IDRISSI
# Exécuté depuis : C:\Users\Idrissi Marie jeanne\Downloads\adwcleaner_3.308 (5).exe
# Option : Nettoyer

***** [ Services ] *****

***** [ Fichiers / Dossiers ] *****

***** [ Tâches planifiées ] *****

***** [ Raccourcis ] *****

***** [ Registre ] *****

Clé Supprimée : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Clé Supprimée : HKCU\Software\SmartBar

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17239

-\\ Mozilla Firefox v21.0 (fr)

[ Fichier : C:\Users\Idrissi Marie jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\jgyi9otj.default-1341230711970\prefs.js ]

[ Fichier : C:\Users\Idrissi Marie jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\jyvv30u9.default\prefs.js ]

[ Fichier : C:\Users\Idrissi Marie jeanne\AppData\Roaming\Mozilla\Firefox\Profiles\nr4xjany.default-1348511095266\prefs.js ]

*************************

AdwCleaner[R0].txt - [1352 octets] - [27/08/2014 12:33:22]
AdwCleaner[R1].txt - [1593 octets] - [27/08/2014 22:00:46]
AdwCleaner[R2].txt - [11922 octets] - [30/08/2014 23:27:04]
AdwCleaner[R3].txt - [1923 octets] - [01/09/2014 15:37:50]
AdwCleaner[S0].txt - [1415 octets] - [27/08/2014 12:36:18]
AdwCleaner[S1].txt - [1657 octets] - [27/08/2014 22:12:25]
AdwCleaner[S2].txt - [10426 octets] - [30/08/2014 23:36:34]
AdwCleaner[S3].txt - [1849 octets] - [01/09/2014 15:44:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1909 octets] ##########

Malekal_morte- Messages postés 180304 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention

refais un scan OTL et donne le rapport.

scothy

ok

Réponse 35 / 50

scothy1 Messages postés 16 Date d'inscription Statut Membre Dernière intervention

https://pjjoint.malekal.com/files.php?id=20140901_u10k8y12t5l6

Réponse 36 / 50

Malekal_morte- Messages postés 180304 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention

Il y a à nouveau des programmes parasites qui se sont installés aujourd'hui vers 16h.

Faudrait tout faire un en un coup.

Relance OTL.
o sous Personnalisation (Custom Scan), copie_colle le contenu ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\Savdm\SavdmMonitor.exe -- (SavdmMonitor)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Savdm\Savdm.exe -- (Savdm)
SRV - File not found [Auto | Stopped] -- C:\Users\Idrissi Marie jeanne\AppData\Local\22b5643ee1872e85b90100d02d4c69f5\3ad78e5745a2b0a.exe -- (3ad78e5745a2b0a.exe)
SRV - [2014/09/01 16:12:27 | 000,715,656 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginServices\PluginService.exe -- (IePluginServices)
SRV - [2014/09/01 16:12:12 | 000,528,896 | ---- | M] (Fuyu LIMITED) [Auto | Running] -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -- (WindowsMangerProtect)
SRV - [2014/06/03 16:34:16 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Users\Idrissi Marie jeanne\AppData\Local\6b2b450c6dee82084ce2acdf16642d13\DOSFormatPython.exe -- (DOSFormatPython.exe)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.webpageing.com/?type=hp&ts=1409580687&from=fimo&uid=HitachiXHTS545025B9A300_101024PBN204DSDLXBWLX [Pays US - 69.28.58.38]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 69.28.58.38]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 69.28.58.38]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.webpageing.com/?type=hp&ts=1409580687&from=fimo&uid=HitachiXHTS545025B9A300_101024PBN204DSDLXBWLX [Pays US - 69.28.58.38]
O4 - HKU\.DEFAULT..\Run: [systray] C:\Program Files\Savdm\DWCSysTray.exe File not found
O4 - HKU\S-1-5-18..\Run: [systray] C:\Program Files\Savdm\DWCSysTray.exe File not found
O4 - HKU\S-1-5-19..\Run: [systray] C:\Program Files\Savdm\DWCSysTray.exe File not found
O4 - HKU\S-1-5-20..\Run: [systray] C:\Program Files\Savdm\DWCSysTray.exe File not found
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
[2014/09/01 16:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginServices
[2014/09/01 16:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsMangerProtect
[2014/09/01 16:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\SupTab
[2014/09/01 16:11:40 | 000,000,000 | ---D | C] -- C:\Users\Idrissi Marie jeanne\AppData\Roaming\webssearches
:files
C:\Program Files\Savdm\

* poste le rapport ici

Redémarre l'ordinateur

Scan Malwarebytes (temps : environ 40min de scan):
==================================================
Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour puis lance un examen.

A la fin du scan, clic sur "Mettre tout en quarantaine" en bas à gauche.
Redémarre l'ordinateur si besoin.
Après redémarrage, relance Malwarebytes.
Vas chercher le rapport dans l'onglet Historique.
A gauche Journal des examens.
Doube-clic sur l'examen dans la liste.
Puis en bas Copier dans le presse papier
Vas sur http://pjjoint.malekal.com et en bas, clic droit / coller pour coller le rapport du scan Malwarebytes.
Clic sur envoyer.
Dans un nouveau message ici en réponse, donne le lien pjjoint afin de pouvoir consulter le rapport.

et un nettoyage AdwCleaner.

Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left

Réponse 37 / 50

scothy1 Messages postés 16 Date d'inscription Statut Membre Dernière intervention

OTL logfile created on: 02/09/2014 08:33:15 - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Idrissi Marie jeanne\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1013,09 Mb Total Physical Memory | 418,07 Mb Available Physical Memory | 41,27% Memory free
1,99 Gb Paging File | 1,09 Gb Available in Paging File | 54,78% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,79 Gb Total Space | 54,96 Gb Free Space | 25,47% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: FAT32

Computer Name: IDRISSI | User Name: Idrissi Marie jeanne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014/09/01 16:12:27 | 000,715,656 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginServices\PluginService.exe
PRC - [2014/09/01 16:12:16 | 000,733,576 | ---- | M] () -- C:\Program Files\SupTab\HpUI.exe
PRC - [2014/09/01 16:12:12 | 000,528,896 | ---- | M] (Fuyu LIMITED) -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
PRC - [2014/08/28 22:46:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Idrissi Marie jeanne\Downloads\OTL (1).exe
PRC - [2014/08/06 00:21:11 | 000,042,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CompatTel\wicainventory.exe
PRC - [2014/07/16 11:16:28 | 000,064,000 | ---- | M] () -- C:\Program Files\SupTab\Loader32.exe
PRC - [2014/06/03 16:34:16 | 000,110,592 | ---- | M] () -- C:\Users\Idrissi Marie jeanne\AppData\Local\6b2b450c6dee82084ce2acdf16642d13\DOSFormatPython.exe
PRC - [2014/06/03 16:33:54 | 000,294,400 | ---- | M] () -- C:\Users\Idrissi Marie jeanne\AppData\Local\6b2b450c6dee82084ce2acdf16642d13\DebuggerDLCOCR.exe
PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/12/30 03:54:22 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2013/09/02 22:52:29 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/08/02 02:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/06/26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/09/27 13:39:00 | 000,056,480 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\adminservice.exe
PRC - [2010/08/10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2010/06/11 15:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010/06/08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/01/30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2014/09/01 16:12:31 | 000,023,944 | ---- | M] () -- C:\Program Files\SupTab\WindowsSupportDll32.dll
MOD - [2014/09/01 16:12:16 | 000,733,576 | ---- | M] () -- C:\Program Files\SupTab\HpUI.exe
MOD - [2014/07/16 11:16:28 | 000,064,000 | ---- | M] () -- C:\Program Files\SupTab\Loader32.exe
MOD - [2014/06/03 16:33:54 | 000,294,400 | ---- | M] () -- C:\Users\Idrissi Marie jeanne\AppData\Local\6b2b450c6dee82084ce2acdf16642d13\DebuggerDLCOCR.exe
MOD - [2014/03/07 20:56:28 | 000,970,766 | ---- | M] () -- C:\Users\Idrissi Marie jeanne\AppData\Local\6b2b450c6dee82084ce2acdf16642d13\libstdc++-6.dll
MOD - [2014/03/07 20:56:28 | 000,117,262 | ---- | M] () -- C:\Users\Idrissi Marie jeanne\AppData\Local\6b2b450c6dee82084ce2acdf16642d13\libgcc_s_dw2-1.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\Savdm\SavdmMonitor.exe -- (SavdmMonitor)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Savdm\Savdm.exe -- (Savdm)
SRV - File not found [Auto | Stopped] -- C:\Users\Idrissi Marie jeanne\AppData\Local\22b5643ee1872e85b90100d02d4c69f5\3ad78e5745a2b0a.exe -- (3ad78e5745a2b0a.exe)
SRV - [2014/09/01 16:12:27 | 000,715,656 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginServices\PluginService.exe -- (IePluginServices)
SRV - [2014/09/01 16:12:12 | 000,528,896 | ---- | M] (Fuyu LIMITED) [Auto | Running] -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -- (WindowsMangerProtect)
SRV - [2014/07/25 14:10:12 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/07/20 16:09:45 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/03 16:34:16 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Users\Idrissi Marie jeanne\AppData\Local\6b2b450c6dee82084ce2acdf16642d13\DOSFormatPython.exe -- (DOSFormatPython.exe)
SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/12/30 03:54:22 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/06/26 19:23:04 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:23:00 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/09/27 13:39:00 | 000,056,480 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2010/08/10 11:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/11 15:28:02 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/06/08 19:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/05/27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/01/30 01:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/08 15:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\L1C62x86.sys -- (L1C)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\boxfnjyv.sys -- (boxfnjyv)
DRV - [2014/09/02 08:19:57 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9E3188D7-9306-4672-8D9B-5DD9587FF604}\MpKsl0645be22.sys -- (MpKsl0645be22)
DRV - [2014/08/27 22:57:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2014/06/03 16:34:16 | 000,017,552 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Users\Idrissi Marie jeanne\AppData\Local\6b2b450c6dee82084ce2acdf16642d13\RegFltrX86.sys -- (RegFltrX86)
DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/12/30 03:54:22 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2013/06/26 19:23:04 | 000,020,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2013/06/26 19:23:00 | 000,197,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2013/06/26 19:23:00 | 000,024,232 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2013/06/26 19:22:58 | 000,583,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/27 13:13:42 | 000,260,968 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2010/09/27 13:13:42 | 000,242,024 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2010/09/27 13:13:42 | 000,178,024 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2010/09/27 13:13:42 | 000,143,336 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2010/09/27 13:13:42 | 000,051,560 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2010/09/27 13:13:42 | 000,037,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2010/09/27 13:13:42 | 000,026,984 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2010/07/15 23:57:36 | 001,906,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/06/17 08:50:38 | 000,082,768 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2009/07/14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/03 04:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/03 04:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/03 04:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.webpageing.com/?type=hp&ts=1409580687&from=fimo&uid=HitachiXHTS545025B9A300_101024PBN204DSDLXBWLX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/webhp?gws_rd=ssl{searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.webpageing.com/?type=hp&ts=1409580687&from=fimo&uid=HitachiXHTS545025B9A300_101024PBN204DSDLXBWLX
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.webpageing.com/?type=hp&ts=1409580687&from=fimo&uid=HitachiXHTS545025B9A300_101024PBN204DSDLXBWLX
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.webpageing.com/?type=hp&ts=1409580687&from=fimo&uid=HitachiXHTS545025B9A300_101024PBN204DSDLXBWLX
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = https://www.msn.com/fr-fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr-FR
IE - HKCU\..\SearchScopes,DefaultScope = {9F9A1520-1A8D-4E65-857F-9B4DE0AC1025}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\..\SearchScopes\{9F9A1520-1A8D-4E65-857F-9B4DE0AC1025}: "URL" = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*origin.com;*ea.com;*akamaihd.net
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:22336

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8877
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8877
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8877
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8877
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8877
FF - prefs.js..network.proxy.type: 1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8877
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Idrissi Marie jeanne\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/09/02 22:55:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/02 22:55:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/02/05 12:05:13 | 000,000,000 | ---D | M]

[2011/02/25 21:09:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Idrissi Marie jeanne\AppData\Roaming\mozilla\Extensions
[2014/07/12 00:08:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Idrissi Marie jeanne\AppData\Roaming\mozilla\Firefox\Profiles\jgyi9otj.default-1341230711970\extensions
[2014/07/20 15:40:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Idrissi Marie jeanne\AppData\Roaming\mozilla\Firefox\Profiles\jyvv30u9.default\extensions
[2012/03/06 18:02:23 | 000,000,000 | ---D | M] (Plugin Orange Installeur) -- C:\Users\Idrissi Marie jeanne\AppData\Roaming\mozilla\Firefox\Profiles\jyvv30u9.default\extensions\{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF}
[2014/07/20 15:40:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Idrissi Marie jeanne\AppData\Roaming\mozilla\Firefox\Profiles\jyvv30u9.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}
[2012/05/31 21:41:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Idrissi Marie jeanne\AppData\Roaming\mozilla\Firefox\Profiles\jyvv30u9.default\extensions\menu_contextuel_orange@orange.fr
[2011/03/12 00:28:48 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Idrissi Marie jeanne\AppData\Roaming\mozilla\Firefox\Profiles\jyvv30u9.default\extensions\personas@christopher.beard
[2014/07/18 08:48:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Idrissi Marie jeanne\AppData\Roaming\mozilla\Firefox\Profiles\kc11bgoi.default-1405205099701\extensions
[2012/05/17 16:44:50 | 000,058,106 | ---- | M] () (No name found) -- C:\Users\Idrissi Marie jeanne\AppData\Roaming\mozilla\firefox\profiles\jyvv30u9.default\extensions\cliptomp3_plugin@ClipToMP3.xpi
[2014/07/11 16:13:46 | 000,017,696 | ---- | M] () (No name found) -- C:\Users\Idrissi Marie jeanne\AppData\Roaming\mozilla\firefox\profiles\jyvv30u9.default\extensions\j003-lqgrmgpcekslhg@jetpack.xpi
[2012/05/21 09:36:28 | 001,184,804 | ---- | M] () (No name found) -- C:\Users\Idrissi Marie jeanne\AppData\Roaming\mozilla\firefox\profiles\jyvv30u9.default\extensions\testpilot@labs.mozilla.com.xpi
[2014/07/18 08:48:31 | 000,967,387 | ---- | M] () (No name found) -- C:\Users\Idrissi Marie jeanne\AppData\Roaming\mozilla\firefox\profiles\kc11bgoi.default-1405205099701\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/11/30 00:23:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/12/20 00:28:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\staged
[2014/07/13 00:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
[2014/07/13 00:41:36 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [C:\Users\Idrissi Marie jeanne\Downloads\setup-samsung-kies.exe] "C:\Users\Idrissi Marie jeanne\Downloads\setup-samsung-kies.exe" /exenoupdates /exelang 0 /prereqs "0" File not found
O4 - HKCU..\Run: [mysearchs] C:\Users\Idrissi Marie jeanne\AppData\Local\Pay-By-Ads\MySearchs\1.3.11.0\mysearchs.exe File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Idrissi Marie jeanne\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Idrissi Marie jeanne\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Idrissi Marie jeanne\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Idrissi Marie jeanne\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Idrissi Marie jeanne\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Idrissi Marie jeanne\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Idrissi Marie jeanne\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Idrissi Marie jeanne\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Idrissi Marie jeanne\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Idrissi Marie jeanne\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Idrissi Marie jeanne\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Idrissi Marie jeanne\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Idrissi Marie jeanne\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Idrissi Marie jeanne\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F277932-F204-496F-B6C6-FE1AD3908FC1}: DhcpNameServer = 192.168.0.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014/09/01 16:54:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/09/01 16:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginServices
[2014/09/01 16:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsMangerProtect
[2014/09/01 16:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\SupTab
[2014/09/01 16:11:40 | 000,000,000 | ---D | C] -- C:\Users\Idrissi Marie jeanne\AppData\Roaming\webssearches
[2014/08/31 12:47:12 | 000,000,000 | ---D | C] -- C:\Users\Idrissi Marie jeanne\AppData\Local\{80046C3E-9884-44E6-9391-5293DD4E9991}
[2014/08/30 10:16:36 | 002,352,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/08/29 08:22:07 | 000,000,000 | ---D | C] -- C:\Users\Idrissi Marie jeanne\Documents\Nouveau dossier (6)
[2014/08/29 08:03:28 | 000,000,000 | ---D | C] -- C:\Users\Idrissi Marie jeanne\Documents\Nouveau dossier (5)
[2014/08/29 08:03:20 | 000,000,000 | ---D | C] -- C:\Users\Idrissi Marie jeanne\Documents\Nouveau dossier (4)
[2014/08/29 08:02:59 | 000,000,000 | ---D | C] -- C:\Users\Idrissi Marie jeanne\Documents\Nouveau dossier (3)
[2014/08/29 08:02:52 | 000,000,000 | ---D | C] -- C:\Users\Idrissi Marie jeanne\Documents\Nouveau dossier (2)
[2014/08/28 21:59:24 | 000,000,000 | ---D | C] -- C:\Users\Idrissi Marie jeanne\AppData\Roaming\QuickScan
[2014/08/28 11:11:30 | 000,000,000 | ---D | C] -- C:\Users\Idrissi Marie jeanne\AppData\Local\{69BF04B0-2453-4625-B651-2EC0F49D0382}
[2014/08/27 22:57:07 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/08/27 13:13:52 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2014/08/27 13:13:36 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2014/08/27 13:13:11 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2014/08/27 13:12:40 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsWpfWrp.exe
[2014/08/27 12:33:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/27 11:12:31 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2014/08/27 11:12:31 | 000,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2014/08/27 11:12:30 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msihnd.dll
[2014/08/27 11:11:57 | 000,219,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2014/08/27 11:11:56 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2014/08/27 11:11:41 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/08/27 11:11:40 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/08/27 11:11:39 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/08/27 11:11:38 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/08/27 11:11:37 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/08/27 11:11:35 | 000,307,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/08/27 11:11:35 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/08/27 11:11:34 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/08/27 11:11:32 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/08/27 11:11:32 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/08/27 11:11:31 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/08/27 11:11:26 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/08/27 11:11:25 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/08/27 11:11:24 | 000,663,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/08/27 11:11:23 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/08/27 11:11:21 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/08/27 11:11:18 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/08/27 11:11:14 | 000,239,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/08/27 11:11:12 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/08/27 11:11:06 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/08/27 11:11:05 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/08/27 11:11:00 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/08/27 11:10:57 | 004,204,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/08/27 11:10:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014/08/27 11:09:28 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/08/27 11:09:22 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/08/27 09:37:18 | 000,000,000 | ---D | C] -- C:\12fa192326b9eecfff2eb8
[2014/08/27 09:24:24 | 000,045,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2014/08/27 09:24:23 | 002,425,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2014/08/27 09:23:25 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2014/08/27 09:23:24 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2014/08/27 09:23:23 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2014/08/27 09:22:15 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2014/08/27 09:22:14 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2013/06/13 09:46:46 | 014,823,424 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Idrissi Marie jeanne\AppData\Local\*.tmp files -> C:\Users\Idrissi Marie jeanne\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014/09/02 08:27:12 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/02 08:27:12 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/02 08:18:03 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2014/09/02 08:17:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/02 08:17:35 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/01 23:07:10 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/01 21:43:18 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/09/01 20:50:25 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1280812981-441835706-1294976042-1000UA.job
[2014/09/01 16:11:28 | 000,001,412 | ---- | M] () -- C:\Users\Idrissi Marie jeanne\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/08/31 23:01:56 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1280812981-441835706-1294976042-1000Core.job
[2014/08/31 14:00:52 | 000,748,362 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2014/08/31 14:00:52 | 000,654,932 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/08/31 14:00:52 | 000,150,596 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2014/08/31 14:00:52 | 000,122,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/08/30 22:33:46 | 000,270,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/08/28 10:29:51 | 000,001,943 | ---- | M] () -- C:\Users\Idrissi Marie jeanne\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk
[2014/08/28 10:29:51 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies 3.lnk
[2014/08/27 22:57:47 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2014/08/23 02:42:53 | 002,352,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/08/07 03:43:38 | 000,412,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/08/07 03:39:08 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/08/05 09:20:02 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Idrissi Marie jeanne\AppData\Local\*.tmp files -> C:\Users\Idrissi Marie jeanne\AppData\Local\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014/08/28 23:03:08 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/08/28 22:04:35 | 000,001,232 | ---- | C] () -- C:\Users\Idrissi Marie jeanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
[2014/07/27 23:44:25 | 000,000,053 | ---- | C] () -- C:\Users\Idrissi Marie jeanne\AppData\Roaming\mbam.context.scan
[2014/07/21 10:44:10 | 000,009,216 | ---- | C] () -- C:\Users\Idrissi Marie jeanne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/13 23:45:23 | 000,037,344 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2014/05/13 23:45:22 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2013/12/25 13:05:03 | 000,000,030 | ---- | C] () -- C:\Users\Idrissi Marie jeanne\AppData\Roaming\WB.CFG
[2013/06/27 21:08:09 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 22:23:32 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/26 22:23:32 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/05/08 12:59:35 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2013/05/07 08:06:39 | 000,000,751 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/02 16:07:20 | 004,909,739 | ---- | C] () -- C:\Users\Idrissi Marie jeanne\P1100498.JPG
[2011/12/02 16:07:20 | 004,437,990 | ---- | C] () -- C:\Users\Idrissi Marie jeanne\P1100500.JPG
[2011/12/02 16:07:20 | 004,214,957 | ---- | C] () -- C:\Users\Idrissi Marie jeanne\P1100496.JPG
[2011/12/02 16:07:20 | 003,966,455 | ---- | C] () -- C:\Users\Idrissi Marie jeanne\P1100495.JPG
[2011/12/02 16:07:20 | 003,773,603 | ---- | C] () -- C:\Users\Idrissi Marie jeanne\P1100497.JPG
[2011/08/21 00:38:10 | 000,039,393 | ---- | C] () -- C:\Users\Idrissi Marie jeanne\magnifique petit garçon.jpg
[2011/08/20 00:31:46 | 000,115,564 | ---- | C] () -- C:\Users\Idrissi Marie jeanne\Darroch dans son bain aout 2011.png
[2011/08/19 23:27:53 | 000,064,899 | ---- | C] () -- C:\Users\Idrissi Marie jeanne\Darroch aout 2011.jpg 2.jpg
[2011/08/19 23:27:04 | 000,072,240 | ---- | C] () -- C:\Users\Idrissi Marie jeanne\Darroch aout 2011.jpg
[2011/08/18 23:13:55 | 000,034,280 | ---- | C] () -- C:\Users\Idrissi Marie jeanne\rentrée scolaire aout 2011 ;.jpg
[2010/09/17 09:19:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< :OTL >[/color]

[color=#A23BEC]< SRV - File not found [Auto | Stopped] -- C:\Program Files\Savdm\SavdmMonitor.exe -- (SavdmMonitor) >[/color]

[color=#A23BEC]< SRV - File not found [Auto | Stopped] -- C:\Program Files\Savdm\Savdm.exe -- (Savdm) >[/color]

[color=#A23BEC]< SRV - File not found [Auto | Stopped] -- C:\Users\Idrissi Marie jeanne\AppData\Local\22b5643ee1872e85b90100d02d4c69f5\3ad78e5745a2b0a.exe -- (3ad78e5745a2b0a.exe) >[/color]

[color=#A23BEC]< SRV - [2014/09/01 16:12:27 | 000,715,656 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginServices\PluginService.exe -- (IePluginServices) >[/color]
Invalid Switch: 01 16:12:27 | 000,715,656 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginServices\PluginService.exe -- (IePluginServices)

[color=#A23BEC]< SRV - [2014/09/01 16:12:12 | 000,528,896 | ---- | M] (Fuyu LIMITED) [Auto | Running] -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -- (WindowsMangerProtect) >[/color]
Invalid Switch: 01 16:12:12 | 000,528,896 | ---- | M] (Fuyu LIMITED) [Auto | Running] -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -- (WindowsMangerProtect)

[color=#A23BEC]< SRV - [2014/06/03 16:34:16 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Users\Idrissi Marie jeanne\AppData\Local\6b2b450c6dee82084ce2acdf16642d13\DOSFormatPython.exe -- (DOSFormatPython.exe) >[/color]
Invalid Switch: 03 16:34:16 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Users\Idrissi Marie jeanne\AppData\Local\6b2b450c6dee82084ce2acdf16642d13\DOSFormatPython.exe -- (DOSFormatPython.exe)

[color=#A23BEC]< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.webpageing.com/?type=hp&ts=1409580687&from=fimo&uid=HitachiXHTS545025B9A300_101024PBN204DSDLXBWLX [Pays US - 69.28.58.38] >[/color]
Invalid Switch: b>

[color=#A23BEC]< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 69.28.58.38] >[/color]
Invalid Switch: b>

[color=#A23BEC]< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 69.28.58.38] >[/color]
Invalid Switch: b>

[color=#A23BEC]< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.webpageing.com/?type=hp&ts=1409580687&from=fimo&uid=HitachiXHTS545025B9A300_101024PBN204DSDLXBWLX [Pays US - 69.28.58.38] >[/color]
Invalid Switch: b>

[color=#A23BEC]< O4 - HKU\.DEFAULT..\Run: [systray] C:\Program Files\Savdm\DWCSysTray.exe File not found >[/color]

[color=#A23BEC]< O4 - HKU\S-1-5-18..\Run: [systray] C:\Program Files\Savdm\DWCSysTray.exe File not found >[/color]

[color=#A23BEC]< O4 - HKU\S-1-5-19..\Run: [systray] C:\Program Files\Savdm\DWCSysTray.exe File not found >[/color]

[color=#A23BEC]< O4 - HKU\S-1-5-20..\Run: [systray] C:\Program Files\Savdm\DWCSysTray.exe File not found >[/color]

[color=#A23BEC]< O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited) >[/color]

[color=#A23BEC]< [2014/09/01 16:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginServices >[/color]
Invalid Switch: 01 16:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginServices

[color=#A23BEC]< [2014/09/01 16:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsMangerProtect >[/color]
Invalid Switch: 01 16:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsMangerProtect

[color=#A23BEC]< [2014/09/01 16:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\SupTab >[/color]
Invalid Switch: 01 16:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\SupTab

[color=#A23BEC]< [2014/09/01 16:11:40 | 000,000,000 | ---D | C] -- C:\Users\Idrissi Marie jeanne\AppData\Roaming\webssearches >[/color]
Invalid Switch: 01 16:11:40 | 000,000,000 | ---D | C] -- C:\Users\Idrissi Marie jeanne\AppData\Roaming\webssearches

[color=#A23BEC]< :files >[/color]

[color=#A23BEC]< C:\Program Files\Savdm\ >[/color]

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2013/07/11 00:26:01 | 000,002,098 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?septembre ?2012 - Raccourci.lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?septembre ?2012 - Raccourci.lnk
[2013/07/11 00:26:01 | 000,002,098 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?septembre ?2012 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?septembre ?2012 - Raccourci (3).lnk
[2013/07/11 00:26:01 | 000,002,098 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?septembre ?2012 - Raccourci (2).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?septembre ?2012 - Raccourci (2).lnk
[2013/07/11 00:26:01 | 000,002,082 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?novembre ?2012 - Raccourci.lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?novembre ?2012 - Raccourci.lnk
[2013/07/11 00:26:01 | 000,002,082 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?novembre ?2012 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?novembre ?2012 - Raccourci (3).lnk
[2013/07/11 00:26:01 | 000,002,082 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?novembre ?2012 - Raccourci (2).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?novembre ?2012 - Raccourci (2).lnk
[2013/07/11 00:26:01 | 000,002,078 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?octobre ?2012 - Raccourci.lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?octobre ?2012 - Raccourci.lnk
[2013/07/11 00:26:01 | 000,002,078 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?octobre ?2012 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?octobre ?2012 - Raccourci (3).lnk
[2013/07/11 00:26:01 | 000,002,078 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?octobre ?2012 - Raccourci (2).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?octobre ?2012 - Raccourci (2).lnk
[2013/07/11 00:26:01 | 000,002,010 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?mars ?2013 - Raccourci.lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?mars ?2013 - Raccourci.lnk
[2013/07/11 00:26:01 | 000,002,010 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?mars ?2013 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?mars ?2013 - Raccourci (3).lnk
[2013/07/11 00:26:01 | 000,002,010 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?mars ?2013 - Raccourci (2).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?mars ?2013 - Raccourci (2).lnk
[2013/07/11 00:26:01 | 000,002,006 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?mai ?2013 - Raccourci.lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?mai ?2013 - Raccourci.lnk
[2013/07/11 00:26:01 | 000,002,006 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?mai ?2013 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?mai ?2013 - Raccourci (3).lnk
[2013/07/11 00:26:01 | 000,001,921 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?septembre ?2011 - Raccourci.lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?septembre ?2011 - Raccourci.lnk
[2013/07/11 00:26:01 | 000,001,921 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?septembre ?2011 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?septembre ?2011 - Raccourci (3).lnk
[2013/07/11 00:26:01 | 000,001,921 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?septembre ?2011 - Raccourci (2).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?septembre ?2011 - Raccourci (2).lnk
[2013/07/11 00:26:01 | 000,001,905 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?novembre ?2011 - Raccourci.lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?novembre ?2011 - Raccourci.lnk
[2013/07/11 00:26:01 | 000,001,905 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?novembre ?2011 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?novembre ?2011 - Raccourci (3).lnk
[2013/07/11 00:26:01 | 000,001,905 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?novembre ?2011 - Raccourci (2).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?novembre ?2011 - Raccourci (2).lnk
[2013/07/11 00:26:01 | 000,001,905 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?novembre ?2010 - Raccourci.lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?novembre ?2010 - Raccourci.lnk
[2013/07/11 00:26:01 | 000,001,905 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?novembre ?2010 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?novembre ?2010 - Raccourci (3).lnk
[2013/07/11 00:26:01 | 000,001,905 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?novembre ?2010 - Raccourci (2).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?novembre ?2010 - Raccourci (2).lnk
[2013/07/11 00:26:01 | 000,001,901 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?octobre ?2011 - Raccourci.lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?octobre ?2011 - Raccourci.lnk
[2013/07/11 00:26:01 | 000,001,901 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?octobre ?2011 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?octobre ?2011 - Raccourci (3).lnk
[2013/07/11 00:26:01 | 000,001,901 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?octobre ?2011 - Raccourci (2).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?octobre ?2011 - Raccourci (2).lnk
[2013/07/11 00:26:01 | 000,001,901 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?octobre ?2010 - Raccourci.lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?octobre ?2010 - Raccourci.lnk
[2013/07/11 00:26:01 | 000,001,901 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?octobre ?2010 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?octobre ?2010 - Raccourci (3).lnk
[2013/07/11 00:26:01 | 000,001,901 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?octobre ?2010 - Raccourci (2).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?octobre ?2010 - Raccourci (2).lnk
[2013/07/11 00:26:01 | 000,001,865 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?mars ?2012 - Raccourci.lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?mars ?2012 - Raccourci.lnk
[2013/07/11 00:26:01 | 000,001,865 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?mars ?2012 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?mars ?2012 - Raccourci (3).lnk
[2013/07/11 00:26:01 | 000,001,865 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?mars ?2012 - Raccourci (2).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?mars ?2012 - Raccourci (2).lnk
[2013/07/11 00:26:01 | 000,001,865 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?mars ?2011 - Raccourci.lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?mars ?2011 - Raccourci.lnk
[2013/07/11 00:26:01 | 000,001,865 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?mars ?2011 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?mars ?2011 - Raccourci (3).lnk
[2013/07/11 00:26:01 | 000,001,865 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?mars ?2011 - Raccourci (2).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?mars ?2011 - Raccourci (2).lnk
[2013/07/11 00:26:01 | 000,001,865 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?mars ?2010 - Raccourci.lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?mars ?2010 - Raccourci.lnk
[2013/07/11 00:26:01 | 000,001,865 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?mars ?2010 - Raccourci (4).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?mars ?2010 - Raccourci (4).lnk
[2013/07/11 00:26:01 | 000,001,865 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?mars ?2010 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?mars ?2010 - Raccourci (3).lnk
[2013/07/11 00:26:01 | 000,001,865 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?mars ?2010 - Raccourci (2).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?mars ?2010 - Raccourci (2).lnk
[2013/07/11 00:26:01 | 000,001,865 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?août ?2011 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?août ?2011 - Raccourci (3).lnk
[2013/07/11 00:26:01 | 000,001,865 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?août ?2011 - Raccourci (2).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?août ?2011 - Raccourci (2).lnk
[2013/07/11 00:26:01 | 000,001,865 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?août ?2010 - Raccourci.lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?août ?2010 - Raccourci.lnk
[2013/07/11 00:26:01 | 000,001,865 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?août ?2010 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?août ?2010 - Raccourci (3).lnk
[2013/07/11 00:26:01 | 000,001,865 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?août ?2010 - Raccourci (2).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?août ?2010 - Raccourci (2).lnk
[2013/07/11 00:26:00 | 000,002,226 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?décembre ?2012 - Raccourci.lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?décembre ?2012 - Raccourci.lnk
[2013/07/11 00:26:00 | 000,002,226 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?décembre ?2012 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?décembre ?2012 - Raccourci (3).lnk
[2013/07/11 00:26:00 | 000,002,226 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?décembre ?2012 - Raccourci (2).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?décembre ?2012 - Raccourci (2).lnk
[2013/07/11 00:26:00 | 000,002,222 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?juillet ?2012 - Raccourci.lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?juillet ?2012 - Raccourci.lnk
[2013/07/11 00:26:00 | 000,002,222 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?juillet ?2012 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?juillet ?2012 - Raccourci (3).lnk
[2013/07/11 00:26:00 | 000,002,222 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?juillet ?2012 - Raccourci (2).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?juillet ?2012 - Raccourci (2).lnk
[2013/07/11 00:26:00 | 000,002,090 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?août ?2012 - Raccourci.lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?août ?2012 - Raccourci.lnk
[2013/07/11 00:26:00 | 000,002,090 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?août ?2012 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?août ?2012 - Raccourci (3).lnk
[2013/07/11 00:26:00 | 000,002,090 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?août ?2012 - Raccourci (2).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?août ?2012 - Raccourci (2).lnk
[2013/07/11 00:26:00 | 000,002,046 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?juillet ?2013 - Raccourci.lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?juillet ?2013 - Raccourci.lnk
[2013/07/11 00:26:00 | 000,002,046 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?juillet ?2013 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?juillet ?2013 - Raccourci (3).lnk
[2013/07/11 00:26:00 | 000,002,046 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?juillet ?2013 - Raccourci (2).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?juillet ?2013 - Raccourci (2).lnk
[2013/07/11 00:26:00 | 000,002,046 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?janvier ?2013 - Raccourci.lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?janvier ?2013 - Raccourci.lnk
[2013/07/11 00:26:00 | 000,002,046 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?janvier ?2013 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?janvier ?2013 - Raccourci (3).lnk
[2013/07/11 00:26:00 | 000,002,046 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?janvier ?2013 - Raccourci (2).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?janvier ?2013 - Raccourci (2).lnk
[2013/07/11 00:26:00 | 000,002,046 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?février ?2013 - Raccourci.lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?février ?2013 - Raccourci.lnk
[2013/07/11 00:26:00 | 000,002,046 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?février ?2013 - Raccourci (3).lnk) -- C:\Users\Idrissi Marie jeanne\Documents\?février ?2013 - Raccourci (3).lnk
[2013/07/11 00:26:00 | 000,002,046 | ---- | C] ()(C:\Users\Idrissi Marie jeanne\Documents\?février ?2013

Réponse 38 / 50

scothy1 Messages postés 16 Date d'inscription Statut Membre Dernière intervention

Impossible de faire un scan avec malyeur (pardon pour l'orthographe)il me demande de le désinstaller manuellement et impossible en passant par panneau de configuration...

Donc impossible de terminer le programme ....

Y a til un autre moyen d'y parvenir ?

Merci

Malekal_morte- Messages postés 180304 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention

Tu as la version 2 ou 1.75 ?
si c'est la 1.75 et que tu veux mettre la 2. regarde là pour supprimer l'ancienne version : https://forum.malekal.com/viewtopic.php?t=47284&start=

Réponse 39 / 50

scothy

Après avoir fait le dernier examen que tu m'as demandé de faire je ne peux plus ouvrir une nouvelle page pour revenir sur comment ca marche )
Le serveur proxy ne répond pas !

Que s'est il passé ?

Merci

Malekal_morte- Messages postés 180304 Date d'inscription Statut Modérateur, Contributeur sécurité Dernière intervention

Supprime les proxys : https://forum.malekal.com/viewtopic.php?t=47404&start=

Réponse 40 / 50

scothy1 Messages postés 16 Date d'inscription Statut Membre Dernière intervention

========== OTL ==========
Service SavdmMonitor stopped successfully!
Service SavdmMonitor deleted successfully!
File C:\Program Files\Savdm\SavdmMonitor.exe not found.
Service Savdm stopped successfully!
Service Savdm deleted successfully!
File C:\Program Files\Savdm\Savdm.exe not found.
Service 3ad78e5745a2b0a.exe stopped successfully!
Service 3ad78e5745a2b0a.exe deleted successfully!
File C:\Users\Idrissi Marie jeanne\AppData\Local\22b5643ee1872e85b90100d02d4c69f5\3ad78e5745a2b0a.exe not found.
Service IePluginServices stopped successfully!
Service IePluginServices deleted successfully!
C:\ProgramData\IePluginServices\PluginService.exe moved successfully.
Service WindowsMangerProtect stopped successfully!
Service WindowsMangerProtect deleted successfully!
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe moved successfully.
Error: Unable to stop service DOSFormatPython.exe!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DOSFormatPython.exe deleted successfully.
C:\Users\Idrissi Marie jeanne\AppData\Local\6b2b450c6dee82084ce2acdf16642d13\DOSFormatPython.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\systray deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\systray not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\systray deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\systray deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\ deleted successfully.
C:\Program Files\SupTab\SupTab.dll moved successfully.
C:\ProgramData\IePluginServices\update folder moved successfully.
C:\ProgramData\IePluginServices folder moved successfully.
C:\ProgramData\WindowsMangerProtect\update folder moved successfully.
C:\ProgramData\WindowsMangerProtect\log folder moved successfully.
C:\ProgramData\WindowsMangerProtect folder moved successfully.
C:\Program Files\SupTab\web\_locales\zh-TW folder moved successfully.
C:\Program Files\SupTab\web\_locales\zh-CN folder moved successfully.
C:\Program Files\SupTab\web\_locales\vi-VI folder moved successfully.
C:\Program Files\SupTab\web\_locales\tr-TR folder moved successfully.
C:\Program Files\SupTab\web\_locales\ru-MO folder moved successfully.
C:\Program Files\SupTab\web\_locales\ru folder moved successfully.
C:\Program Files\SupTab\web\_locales\pt-BR folder moved successfully.
C:\Program Files\SupTab\web\_locales\pt folder moved successfully.
C:\Program Files\SupTab\web\_locales\pl folder moved successfully.
C:\Program Files\SupTab\web\_locales\it-IT folder moved successfully.
C:\Program Files\SupTab\web\_locales\it-CH folder moved successfully.
C:\Program Files\SupTab\web\_locales\fr-LU folder moved successfully.
C:\Program Files\SupTab\web\_locales\fr-FR folder moved successfully.
C:\Program Files\SupTab\web\_locales\fr-CH folder moved successfully.
C:\Program Files\SupTab\web\_locales\fr-CA folder moved successfully.
C:\Program Files\SupTab\web\_locales\fr-BE folder moved successfully.
C:\Program Files\SupTab\web\_locales\es-ES folder moved successfully.
C:\Program Files\SupTab\web\_locales\es-419 folder moved successfully.
C:\Program Files\SupTab\web\_locales\en-US folder moved successfully.
C:\Program Files\SupTab\web\_locales folder moved successfully.
C:\Program Files\SupTab\web\js folder moved successfully.
C:\Program Files\SupTab\web\img folder moved successfully.
C:\Program Files\SupTab\web folder moved successfully.
C:\Program Files\SupTab\skin\image folder moved successfully.
C:\Program Files\SupTab\skin folder moved successfully.
Folder move failed. C:\Program Files\SupTab scheduled to be moved on reboot.
C:\Users\Idrissi Marie jeanne\AppData\Roaming\webssearches\images\code folder moved successfully.
C:\Users\Idrissi Marie jeanne\AppData\Roaming\webssearches\images folder moved successfully.
C:\Users\Idrissi Marie jeanne\AppData\Roaming\webssearches folder moved successfully.
========== FILES ==========
Folder C:\Program Files\Savdm not found.

OTL by OldTimer - Version 3.2.69.0 log created on 09022014_223054

Files\Folders moved on Reboot...
C:\Program Files\SupTab folder moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Virus pirit help !

50 réponses

Votre réponse

Discussions similaires