Sujet Précédent Sujet Suivant

Fenêtre enquête orange

Fermé
zouade - 13 mars 2017 à 17:04
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 18 mars 2017 à 18:15
Bonjour,


depuis quelques temps j'ai une fenêtre "enquête orange " qui s'ouvre des que je rentre sur mon compte Facebook. j'ai nettoyé mon ordi avec adwcleaner comme préconisé le dernier scan ne montre aucun virus et voila le rapport de scan OTL
Est ce que quelqu'un peu y jeter un œil et me dire si il y a quelque chose a faire

merci de beaucoup de toutes vos actions vous nous sauvez la vie bien souvent mais la je cale
merci encore
OTL logfile created on: 21/02/2017 18:29:08 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\zouade\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.14393.0)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,93 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 43,71% Memory free
5,30 Gb Paging File | 2,79 Gb Available in Paging File | 52,62% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917,03 Gb Total Space | 836,11 Gb Free Space | 91,18% Space Free | Partition Type: NTFS
Drive D: | 13,18 Gb Total Space | 1,69 Gb Free Space | 12,81% Space Free | Partition Type: NTFS
Drive E: | 202,51 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: DESKTOP-80V9PG1 | User Name: zouade | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - File not found --
PRC - [2017/02/21 18:17:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\zouade\Downloads\OTL.exe
PRC - [2017/02/07 05:50:20 | 026,220,296 | ---- | M] (Dropbox, Inc.) -- C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
PRC - [2017/01/25 04:42:34 | 000,301,528 | ---- | M] (Intel Corporation) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe
PRC - [2017/01/20 21:57:28 | 001,517,280 | ---- | M] (Microsoft Corporation) -- C:\Users\zouade\AppData\Local\Microsoft\OneDrive\OneDrive.exe
PRC - [2017/01/20 07:57:12 | 002,780,112 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
PRC - [2016/12/12 10:36:34 | 000,143,144 | ---- | M] (Dropbox, Inc.) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
PRC - [2016/11/18 19:03:04 | 009,080,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2016/11/18 19:00:34 | 000,197,128 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2016/09/17 14:57:39 | 000,316,152 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
PRC - [2016/07/16 12:42:56 | 000,416,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2015/07/07 05:37:12 | 000,415,520 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2015/07/07 05:35:50 | 000,223,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2015/06/25 18:45:52 | 000,349,728 | ---- | M] (WildTangent) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
PRC - [2015/05/19 18:11:04 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2017/02/07 05:50:44 | 000,026,456 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
MOD - [2017/02/07 05:50:44 | 000,025,432 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
MOD - [2017/02/07 05:50:44 | 000,023,896 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
MOD - [2017/02/07 05:50:44 | 000,022,872 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
MOD - [2017/02/07 05:50:42 | 000,026,456 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
MOD - [2017/02/07 05:50:42 | 000,022,872 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
MOD - [2017/02/07 05:50:42 | 000,021,848 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
MOD - [2017/02/07 05:50:42 | 000,021,840 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
MOD - [2017/02/07 05:50:40 | 000,069,968 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
MOD - [2017/02/07 05:50:40 | 000,022,864 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
MOD - [2017/02/07 05:50:38 | 000,381,760 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
MOD - [2017/02/07 05:50:38 | 000,019,776 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
MOD - [2017/02/07 05:50:34 | 003,928,896 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
MOD - [2017/02/07 05:50:34 | 000,224,064 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
MOD - [2017/02/07 05:50:34 | 000,103,232 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
MOD - [2017/02/07 05:50:32 | 000,546,104 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
MOD - [2017/02/07 05:50:32 | 000,357,688 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
MOD - [2017/02/07 05:50:32 | 000,171,336 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
MOD - [2017/02/07 05:50:32 | 000,133,432 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
MOD - [2017/02/07 05:50:32 | 000,042,816 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
MOD - [2017/02/07 05:50:30 | 001,972,536 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
MOD - [2017/02/07 05:50:30 | 001,826,104 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
MOD - [2017/02/07 05:50:30 | 000,531,264 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
MOD - [2017/02/07 05:50:30 | 000,207,680 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
MOD - [2017/02/07 05:50:28 | 000,052,544 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
MOD - [2017/02/07 05:50:28 | 000,025,936 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
MOD - [2017/02/07 05:50:26 | 000,084,288 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.dll
MOD - [2017/02/07 05:50:26 | 000,038,712 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
MOD - [2017/02/07 05:50:26 | 000,033,112 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
MOD - [2017/02/07 05:50:24 | 001,682,768 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
MOD - [2017/02/07 05:50:24 | 000,027,488 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
MOD - [2017/02/07 05:50:24 | 000,020,824 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
MOD - [2017/02/07 05:50:24 | 000,020,816 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
MOD - [2017/02/07 05:50:22 | 000,246,608 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
MOD - [2017/02/07 05:50:22 | 000,022,336 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
MOD - [2017/02/07 05:48:52 | 000,801,600 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
MOD - [2017/01/14 01:02:04 | 001,631,184 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
MOD - [2017/01/14 01:02:02 | 000,017,864 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\libEGL.dll
MOD - [2017/01/14 00:57:02 | 000,350,152 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
MOD - [2017/01/14 00:57:02 | 000,028,616 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
MOD - [2017/01/14 00:57:00 | 000,116,176 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32security.pyd
MOD - [2017/01/14 00:57:00 | 000,060,880 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32print.pyd
MOD - [2017/01/14 00:57:00 | 000,048,592 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32service.pyd
MOD - [2017/01/14 00:57:00 | 000,043,472 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32process.pyd
MOD - [2017/01/14 00:57:00 | 000,030,160 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
MOD - [2017/01/14 00:57:00 | 000,024,016 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
MOD - [2017/01/14 00:56:58 | 000,175,560 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
MOD - [2017/01/14 00:56:58 | 000,124,880 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32file.pyd
MOD - [2017/01/14 00:56:58 | 000,057,808 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
MOD - [2017/01/14 00:56:58 | 000,024,528 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32event.pyd
MOD - [2017/01/14 00:56:58 | 000,024,016 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
MOD - [2017/01/14 00:56:56 | 000,105,928 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\win32api.pyd
MOD - [2017/01/14 00:56:56 | 000,020,936 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
MOD - [2017/01/14 00:55:36 | 000,241,104 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
MOD - [2017/01/14 00:54:46 | 000,123,856 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
MOD - [2017/01/14 00:54:46 | 000,083,912 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\sip.pyd
MOD - [2017/01/14 00:54:44 | 000,019,408 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
MOD - [2017/01/14 00:53:52 | 000,035,792 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
MOD - [2017/01/14 00:53:50 | 000,694,224 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
MOD - [2017/01/14 00:53:50 | 000,100,296 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
MOD - [2017/01/14 00:53:50 | 000,018,888 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\select.pyd
MOD - [2017/01/14 00:53:48 | 000,392,144 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
MOD - [2017/01/14 00:53:48 | 000,145,864 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
MOD - [2017/01/14 00:53:48 | 000,116,688 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
MOD - [2017/01/14 00:51:22 | 000,036,296 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\librsync.dll
MOD - [2016/12/22 07:58:26 | 000,293,392 | ---- | M] () -- C:\Program Files (x86)\Dropbox\Client\enterprisedataadapter.dll
MOD - [2016/11/18 19:01:02 | 048,936,448 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2016/11/18 19:00:53 | 000,482,928 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\ffl2.dll
MOD - [2016/11/18 19:00:35 | 000,169,064 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2017/02/14 15:52:33 | 000,270,936 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017/01/25 04:42:34 | 000,301,528 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2016/12/12 10:36:34 | 000,143,144 | ---- | M] (Dropbox, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe -- (dbupdatem)
SRV - [2016/12/12 10:36:34 | 000,143,144 | ---- | M] (Dropbox, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe -- (dbupdate)
SRV - [2016/12/09 09:54:48 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2016/12/07 02:43:02 | 000,031,776 | ---- | M] (HP Inc.) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2016/11/11 08:19:35 | 000,298,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2016/11/11 08:05:12 | 003,370,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2016/10/24 14:04:41 | 000,172,488 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016/09/29 05:51:23 | 000,507,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2016/09/29 05:51:19 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2016/09/29 05:51:18 | 000,057,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2016/08/06 04:33:24 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2016/07/16 12:42:55 | 000,968,704 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2016/07/16 12:41:50 | 003,318,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2015/07/07 05:37:12 | 000,415,520 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2015/07/07 05:35:50 | 000,223,008 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2015/06/25 18:45:56 | 000,209,952 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2015/06/25 18:45:52 | 000,349,728 | ---- | M] (WildTangent) [Auto | Running] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2015/05/19 18:11:04 | 000,007,680 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe -- (isaHelperSvc)
SRV - [2015/05/19 18:11:00 | 000,335,872 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe -- (Intel(R)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2016/07/16 12:41:50 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys -- (CompositeBus)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}: "URL" = http://www.bing.com/search?q={searchTerms}&form=PRHPR1&src=IE11TR&pc=HRTS


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp15-comm.msn.com/?pc=HRTE
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hp15-comm.msn.com/?pc=HRTE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp15-comm.msn.com/?pc=HRTE
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hp15-comm.msn.com/?pc=HRTE
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm

IE - HKU\S-1-5-21-2449686933-1266796295-3630887161-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp15-comm.msn.com/?pc=HRTE
IE - HKU\S-1-5-21-2449686933-1266796295-3630887161-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-21-2449686933-1266796295-3630887161-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hp15-comm.msn.com/?pc=HRTE
IE - HKU\S-1-5-21-2449686933-1266796295-3630887161-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 33 D9 F2 4C 12 48 D2 01 [binary data]
IE - HKU\S-1-5-21-2449686933-1266796295-3630887161-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-2449686933-1266796295-3630887161-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2449686933-1266796295-3630887161-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=PRHPR1&src=IE11TR&pc=HRTS
IE - HKU\S-1-5-21-2449686933-1266796295-3630887161-1001\..\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
IE - HKU\S-1-5-21-2449686933-1266796295-3630887161-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.countryCode: "FR"
FF - prefs.js..browser.search.region: "FR"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:49.0.2
FF - prefs.js..keyword.URL: true
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\***@***: C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016/11/18 19:01:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\***@***: C:\Program Files\AVAST Software\Avast\WebRep\FF [2016/11/18 19:01:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 49.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 49.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 49.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 49.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2016/10/12 12:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zouade\AppData\Roaming\mozilla\Extensions
[2017/02/21 17:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\zouade\AppData\Roaming\mozilla\Firefox\Profiles\navnf0z0.default\extensions
[2016/10/31 18:00:58 | 000,005,389 | ---- | M] () (No name found) -- C:\Users\zouade\AppData\Roaming\mozilla\firefox\profiles\navnf0z0.default\features\{1b05f0a6-93cc-447d-a331-82ed8bf5f97b}\***@***
[2016/10/24 14:04:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\zouade\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\zouade\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\zouade\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\zouade\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\zouade\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck\12.0.155_0\
CHR - Extension: No name found = C:\Users\zouade\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\zouade\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\
CHR - Extension: No name found = C:\Users\zouade\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\12.0.163_0\
CHR - Extension: No name found = C:\Users\zouade\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgoehlfmhfafaiepckjikpphoklijedl\0.1_0\
CHR - Extension: No name found = C:\Users\zouade\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.1_0\
CHR - Extension: No name found = C:\Users\zouade\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\zouade\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5616.1121.0.3_0\

O1 HOSTS File: ([2017/01/28 21:39:25 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (HP Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dropbox] C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.)
O4 - HKLM..\Run: [PowerDVD14Agent] C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2449686933-1266796295-3630887161-1001..\Run: [Chromium] c:\users\zouade\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session File not found
O4 - HKU\S-1-5-21-2449686933-1266796295-3630887161-1001..\Run: [OneDrive] C:\Users\zouade\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (HP Inc.)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (HP Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ab37bc39-3f18-4c22-9360-9d9a73326b21}: DhcpNameServer = 109.0.66.10 109.0.66.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{d40c02da-8e9b-48ab-9a44-dc3ce44ceaad}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015/03/24 12:05:05 | 000,000,070 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{a33bd924-7cd4-11e6-9bcb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a33bd924-7cd4-11e6-9bcb-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Toboclic.exe -- [2015/03/24 11:06:35 | 005,802,199 | R--- | M] (Adobe Systems, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2017/02/19 04:34:24 | 000,000,000 | --SD | C] -- C:\WINDOWS\SysWow64\Microsoft
[2017/02/08 03:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
[2017/02/05 09:51:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2017/02/05 09:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2017/02/05 09:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2017/02/01 16:11:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2017/01/28 21:39:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2017/01/27 12:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AV
[2017/01/25 04:42:54 | 000,103,936 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\Intel_OpenCL_ICD32.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2017/02/21 18:12:09 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForzouade.job
[2017/02/21 18:01:57 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2017/02/21 17:59:57 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2017/02/21 17:59:55 | 1686,790,144 | -HS- | M] () -- C:\hiberfil.sys
[2017/02/19 04:34:02 | 000,001,064 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player PPAPI Notifier.job
[2017/02/19 04:34:02 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2017/02/06 22:37:57 | 000,002,265 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2017/02/05 09:41:53 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017/01/28 21:39:24 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2017/01/28 21:39:24 | 000,002,016 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2017/01/25 04:42:54 | 000,103,936 | ---- | M] (Khronos Group) -- C:\WINDOWS\SysWow64\Intel_OpenCL_ICD32.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2017/02/05 09:41:53 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2016/12/13 20:14:37 | 002,048,496 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2016/11/10 00:04:23 | 000,000,046 | ---- | C] () -- C:\Users\zouade\AppData\Roaming\WB.CFG
[2016/11/09 16:03:22 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2016/09/30 03:28:13 | 000,265,728 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
[2016/09/29 05:07:50 | 001,567,484 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2016/09/29 05:04:09 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2016/07/16 12:47:57 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2016/07/16 12:47:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2016/07/16 12:43:04 | 000,055,296 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2016/07/16 12:43:00 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
[2016/07/16 12:42:55 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2016/07/16 12:42:53 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2016/07/16 12:42:49 | 000,304,640 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2016/07/16 12:42:48 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2016/07/16 12:42:43 | 000,002,307 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2016/07/16 12:42:12 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2015/11/06 13:22:44 | 000,451,072 | ---- | C] () -- C:\WINDOWS\SysWow64\ISSRemoveSP.exe
[2015/07/07 19:00:08 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2015/07/07 19:00:08 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2015/07/07 18:28:39 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2015/07/07 18:20:30 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2015/07/07 18:20:30 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2015/07/07 18:16:09 | 000,143,872 | ---- | C] () -- C:\WINDOWS\SysWow64\atieah32.exe
[2015/07/07 18:16:07 | 000,189,952 | ---- | C] () -- C:\WINDOWS\SysWow64\amdgfxinfo32.dll
[2015/07/07 18:10:14 | 000,102,400 | ---- | C] () -- C:\WINDOWS\SysWow64\hsa-thunk.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2016/11/10 00:05:04 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2016/11/11 11:01:16 | 007,219,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016/11/11 08:47:14 | 005,722,832 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2016/07/16 12:42:31 | 000,977,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2016/07/16 12:42:56 | 000,779,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2016/07/16 12:42:31 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2016/11/18 19:04:28 | 000,000,000 | ---D | M] -- C:\Users\zouade\AppData\Roaming\AVAST Software
[2016/12/12 10:48:46 | 000,000,000 | ---D | M] -- C:\Users\zouade\AppData\Roaming\Dropbox
[2016/12/13 19:25:56 | 000,000,000 | ---D | M] -- C:\Users\zouade\AppData\Roaming\DropboxOEM
[2016/11/13 11:10:14 | 000,000,000 | ---D | M] -- C:\Users\zouade\AppData\Roaming\Mediatronic
[2016/09/28 13:11:13 | 000,000,000 | ---D | M] -- C:\Users\zouade\AppData\Roaming\OpenOffice
[2016/11/09 16:09:06 | 000,000,000 | ---D | M] -- C:\Users\zouade\AppData\Roaming\Picosmos
[2017/02/09 11:48:53 | 000,000,000 | ---D | M] -- C:\Users\zouade\AppData\Roaming\uTorrent

[color=#E56717]========== Purity Check ==========[/color]



< End of report >


A voir également:

6 réponses

Réponse 1 / 6
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 659
13 mars 2017 à 17:05
Salut,

OTL est dépassé :

Suis le tutoriel FRST. ( prends le temps de lire attentivement - tout y est bien expliqué ).

Télécharge et lance le scan FRST, 3 rapports FRST seront générés :
  • FRST.txt
  • Shortcut.txt
  • Additionnal.txt


Envoie ces 3 rapports sur le site http://pjjoint.malekal.com/ et en retour donne les 3 liens pjjoint qui mènent aux rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.


0
Réponse 2 / 6
zouade
13 mars 2017 à 17:26
merci de ta reponse rapide voila les liens

http://pjjoint.malekal.com/files.php?id=20170313_s11j10o13f7z15

http://pjjoint.malekal.com/files.php?id=20170313_o8h7g6e8h12

http://pjjoint.malekal.com/files.php?id=FRST_20170313_j14o13f9m9t15

merci merci merci
0
Réponse 3 / 6
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 659
13 mars 2017 à 18:36
ok,

désinstalle McAfee Security Scan
Sert à rien.

Peut-être aussi les programmes Cyberlink pour alléger.


Voici la correction à effectuer avec FRST. Tu peux t'aider de cette note explicative avec des captures d'écran.

Ouvre le bloc-notes : Touche Windows + R,
Dans le champs "Exécuter", saisir notepad et OK.
Copie/Colle dedans ce qui suit : 

CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2449686933-1266796295-3630887161-1001\...\Run: [Chromium] => c:\users\zouade\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
c:\users\zouade\appdata\local\chromium
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:


Une fois, le texte collé dans le Bloc-notes,
Menu "Fichier" puis "Enregistrer sous",
A gauche, place toi sur le Bureau,
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clique sur "Enregistrer", cela va créer fixlist.txt sur le Bureau.

Relance FRST et clique sur le bouton "Corriger / Fix"
Un redémarrage sera peut-être nécessaire ( pas obligatoire )
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur.


2°)
Réinitialise/Répare les navigateurs WEB concernés par les problèmes :
0
Réponse 4 / 6
zouade
18 mars 2017 à 14:16
Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Exécuté par zouade (18-03-2017 13:18:18) Run:1
Exécuté depuis C:\Users\zouade\Desktop
Profils chargés: zouade (Profils disponibles: zouade)
Mode d'amorçage: Normal
==============================================

fixlist contenu:

CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2449686933-1266796295-3630887161-1001\...\Run: [Chromium] => c:\users\zouade\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory=Default --restore-last-session
c:\users\zouade\appdata\local\chromium
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:


Le Point de restauration a été créé avec succès.
Processus fermé avec succès.
HKU\S-1-5-21-2449686933-1266796295-3630887161-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium => valeur supprimé(es) avec succès
c:\users\zouade\appdata\local\chromium => déplacé(es) avec succès
C:\Windows\System32\Drivers\etc\hosts => déplacé(es) avec succès
Hosts restauré(es) avec succès.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valeur supprimé(es) avec succès
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valeur supprimé(es) avec succès
HKU\S-1-5-21-2449686933-1266796295-3630887161-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valeur supprimé(es) avec succès
HKU\S-1-5-21-2449686933-1266796295-3630887161-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valeur supprimé(es) avec succès


========= Fin de RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 1672099 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 146509247 B
Java, Flash, Steam htmlcache => 7227 B
Windows/system/drivers => 27399847 B
Edge => 54574038 B
Chrome => 888406426 B
Firefox => 290253821 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 510864 B
systemprofile32 => 0 B
LocalService => 216514 B
NetworkService => 15624 B
zouade => 1157368744 B

RecycleBin => 7790007208 B
EmptyTemp: => 9.6 GB données temporaires supprimées.

================================


Le système a dû redémarrer.

Fin de Fixlog 13:21:45

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
zouade
18 mars 2017 à 14:17
bonjour malekal voila le rapport de frst
encore merci pour ton aide
0
Réponse 6 / 6
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 659
18 mars 2017 à 18:15
ok fais le reste, le 2/
et vois ce qu'il reste comme problème.
0

Discussions similaires

Livebox s'allume mais marque pas de réseau orange
Bebelle -
kaumune -

9 réponses
Livebox 4 Réseau Orange non détecté
Azfun -
brupala -

10 réponses
arnaque orange VAD
andreclair.l -
Kara -

10 réponses