Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
Avatar du membre
par El Desaparecido
#26060
Hello :hello: ,

Bienvenue sur SosVirus :welcome:

Nous allons éffectuer un diagnostic de ton ordinateur :
  • Télécharge OTL de Old_Timer et enregistre le sur le Bureau
  • Ferme toutes les autres fenêtres et double-clique sur OTL.exe
  • Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'adminsitrateur.
  • Vérifie que les cases Tous les utilisateurs, Recherche Lop et Recherche Purity soient cochées.
  • Dans le cadre Personnalisation, copie-colle l'intégralité de ce qui suit :
Code : Tout sélectionner
netsvcs 
msconfig 
safebootminimal 
safebootnetwork 
activex 
drivers32 
%ALLUSERSPROFILE%\Application Data\*. 
%ALLUSERSPROFILE%\Application Data\*.exe /s 
%APPDATA%\*. 
%APPDATA%\*.exe /s 
%temp%\*.exe /s 
%SYSTEMDRIVE%\*.exe 
%systemroot%\*. /mp /s 
%systemroot%\system32\consrv.dll 
%systemroot%\system32\*.dll /lockedfiles 
%windir%\Tasks\*.job /lockedfiles 
%systemroot%\system32\drivers\*.sys /lockedfiles 
%systemroot%\System32\config\*.sav 
/md5start 
explorer.exe 
winlogon.exe 
services.exe 
wininit.exe 
/md5stop 
HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32 /s 
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s 
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor /s 
HKEY_CURRENT_USER\Software\Microsoft\Command Processor /s 
CREATERESTOREPOINT 
nslookup http://www.google.fr /c 
hklm\software\clients\startmenuinternet|command /rs 
hklm\software\clients\startmenuinternet|command /64 /rs 
CREATERESTOREPOINT
SAVEMBR:0 
  • Clique sur Analyse

    Image
  • Une fois le scan terminé 1 ou 2 rapports vont s'ouvrir OTL.txt et Extras.txt.
  • Héberge les rapports OTL.txt et Extras.txt sur cjoint.com, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    Note : Au cas oà¹, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
Avatar du membre
par Invité
#26062
OTL Extras logfile created on: 06/01/2014 14:19:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ADMIN\Mes documents\Téléchargements
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1015,48 Mb Total Physical Memory | 469,20 Mb Available Physical Memory | 46,20% Memory free
1,64 Gb Paging File | 1,24 Gb Available in Paging File | 75,43% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,27 Gb Total Space | 25,93 Gb Free Space | 69,58% Space Free | Partition Type: NTFS

Computer Name: ADMIN-F50220F4B | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1202660629-1214440339-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Service Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\dmwu.exe" = C:\WINDOWS\system32\dmwu.exe:*:Enabled:dmwu
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A17C91C-A455-3E89-B8B7-44E192F79635}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{446DCD16-F917-4C7A-AC2B-0DD44982EB66}" = Brother HL-2035
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BB045C3-D5E4-4620-B536-DC11AACD5942}" = Broadcom Management Programs
"{7BC3F814-5249-4653-87E7-ABD402D2C197}" = Classic PhoneTools
"{7E0610A2-E336-40B3-B685-C4905E97EC9A}" = OpenOffice.org 3.3
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{AC76BA86-7AD7-1036-7B44-A93000000001}" = Adobe Reader 9.3 - Français
"{B83E0346-D2D0-11D5-A9AE-00105AA9E047}" = U.S. Robotics ControlCenter
"{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" = Updater
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F54E13CE-D3A5-3916-A1FB-A8169B9E1055}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - FRA
"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom NetXtreme Ethernet Controller
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"CCleaner" = CCleaner
"ie8" = Windows Internet Explorer 8
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - FRA" = Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x86) - FRA
"Mozilla Firefox 25.0 (x86 fr)" = Mozilla Firefox 25.0 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROPLUS" = Microsoft Office Professional Plus 2007
"TubeDimmer" = Tube Dimmer
"Usbfix" = UsbFix
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR 5.01 (32-bit)
"ZHPFix_is1" = ZHPFix 2013

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1202660629-1214440339-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"VisualBee for Microsoft PowerPoint" = VisualBee for Microsoft PowerPoint

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 31/12/2013 10:15:28 | Computer Name = ADMIN-F50220F4B | Source = MsiInstaller | ID = 11500
Description = Produit : Java 7 Update 45 -- Erreur 1500. Une autre installation
est en cours. Vous devez la terminer avant de poursuivre cette installation.

Error - 31/12/2013 10:15:30 | Computer Name = ADMIN-F50220F4B | Source = MsiInstaller | ID = 11500
Description = Produit : Java 7 Update 45 -- Erreur 1500. Une autre installation
est en cours. Vous devez la terminer avant de poursuivre cette installation.

Error - 31/12/2013 10:15:33 | Computer Name = ADMIN-F50220F4B | Source = MsiInstaller | ID = 11500
Description = Produit : Java 7 Update 45 -- Erreur 1500. Une autre installation
est en cours. Vous devez la terminer avant de poursuivre cette installation.

Error - 31/12/2013 10:44:41 | Computer Name = ADMIN-F50220F4B | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 26.0.0.5087, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 31/12/2013 10:44:42 | Computer Name = ADMIN-F50220F4B | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 26.0.0.5087, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 31/12/2013 10:44:45 | Computer Name = ADMIN-F50220F4B | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 26.0.0.5087, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 31/12/2013 13:10:34 | Computer Name = ADMIN-F50220F4B | Source = Application Error | ID = 1000
Description = Application défaillante setup.exe, version 12.0.0.58849, module défaillant
setup.exe, version 12.0.0.58849, adresse de défaillance 0x0001e7b9.

Error - 31/12/2013 13:10:46 | Computer Name = ADMIN-F50220F4B | Source = Application Error | ID = 1000
Description = Application défaillante setup.exe, version 12.0.0.58849, module défaillant
setup.exe, version 12.0.0.58849, adresse de défaillance 0x0001e7b9.

Error - 01/01/2014 02:55:04 | Computer Name = ADMIN-F50220F4B | Source = Application Hang | ID = 1002
Description = Application bloquée WINWORD.EXE, version 12.0.4518.1014, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 01/01/2014 12:20:53 | Computer Name = ADMIN-F50220F4B | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.4518.1014, stamp 4542840f,
faulting module mshtml.dll, version 8.0.6001.23543, stamp 526f6a4f, debug? 0, fault
address 0x00060b3f.

[ OSession Events ]
Error - 01/01/2014 12:20:45 | Computer Name = ADMIN-F50220F4B | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1743
seconds with 1200 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 31/12/2013 00:45:33 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
Description = DCOM n'a pas pu communiquer avec l'ordinateur localBenjamin en utilisant
les protocoles configurés.

Error - 31/12/2013 00:45:37 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
Description = DCOM n'a pas pu communiquer avec l'ordinateur localBenjamin en utilisant
les protocoles configurés.

Error - 31/12/2013 00:45:58 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
Description = DCOM n'a pas pu communiquer avec l'ordinateur localBenjamin en utilisant
les protocoles configurés.

Error - 31/12/2013 00:46:02 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
Description = DCOM n'a pas pu communiquer avec l'ordinateur localBenjamin en utilisant
les protocoles configurés.

Error - 31/12/2013 00:46:23 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
Description = DCOM n'a pas pu communiquer avec l'ordinateur localBenjamin en utilisant
les protocoles configurés.

Error - 31/12/2013 00:46:27 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
Description = DCOM n'a pas pu communiquer avec l'ordinateur localBenjamin en utilisant
les protocoles configurés.

Error - 31/12/2013 00:46:50 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
Description = DCOM n'a pas pu communiquer avec l'ordinateur localBenjamin en utilisant
les protocoles configurés.

Error - 31/12/2013 00:46:54 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
Description = DCOM n'a pas pu communiquer avec l'ordinateur localBenjamin en utilisant
les protocoles configurés.

Error - 31/12/2013 00:47:16 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
Description = DCOM n'a pas pu communiquer avec l'ordinateur localBenjamin en utilisant
les protocoles configurés.

Error - 31/12/2013 00:47:20 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
Description = DCOM n'a pas pu communiquer avec l'ordinateur localBenjamin en utilisant
les protocoles configurés.


< End of report >
2EMME/

OTL logfile created on: 06/01/2014 14:19:24 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\ADMIN\Mes documents\Téléchargements
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1015,48 Mb Total Physical Memory | 469,20 Mb Available Physical Memory | 46,20% Memory free
1,64 Gb Paging File | 1,24 Gb Available in Paging File | 75,43% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,27 Gb Total Space | 25,93 Gb Free Space | 69,58% Space Free | Partition Type: NTFS

Computer Name: ADMIN-F50220F4B | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/06 14:13:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Mes documents\Téléchargements\OTL.exe
PRC - [2013/12/31 07:38:46 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/24 12:28:56 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/09/07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/14 13:00:00 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/06 00:07:15 | 002,244,608 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\14010501\algo.dll
MOD - [2013/12/31 07:38:42 | 003,559,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Fichiers communs\Apple\Apple Application Support\libxml2.dll
MOD - [2010/09/07 17:13:40 | 000,142,872 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswDld.dll


========== Services (SafeList) ==========

SRV - [2013/11/11 19:57:30 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/24 12:28:56 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2010/09/07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/07/25 01:18:32 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/06/06 09:15:40 | 000,098,816 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2007/07/18 19:39:00 | 000,284,964 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2000/07/24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BRPAR.SYS -- (BrPar)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com" onclick="window.open(this.href);return false;
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q=" onclick="window.open(this.href);return false;{searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1202660629-1214440339-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com" onclick="window.open(this.href);return false;
IE - HKU\S-1-5-21-1202660629-1214440339-1417001333-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1202660629-1214440339-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q=" onclick="window.open(this.href);return false;{searchTerms}&a=tele0101&cd=2XzuyEtN2Y1L1QzutDtDtD0FtBtD0F0BzzyD0ByC0AyCyB0FtN0D0Tzu0SyBtAtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=704882683&ir=
IE - HKU\S-1-5-21-1202660629-1214440339-1417001333-1003\..\SearchScopes\{88B9D39F-00FB-4A7A-9CDE-F9F3D816751E}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q=" onclick="window.open(this.href);return false;{searchTerms}&locale=fr_FR&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^FR&apn_uid=E6A778D9-AE78-4275-B000-907BC4B370E5&apn_sauid=1AE2AAA3-D1B4-4CED-8F35-EBD9A93B0DD1
IE - HKU\S-1-5-21-1202660629-1214440339-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1202660629-1214440339-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: "www.google.fr"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/12/16 15:50:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Extensions
[2014/01/06 13:59:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\uhazm9rr.default\extensions
[2013/12/31 12:44:57 | 000,000,000 | ---D | M] (Tube Dimmer) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\uhazm9rr.default\extensions\support@tubedimmerapp.com
[2014/01/06 12:56:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/31 07:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/31 07:38:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1214440339-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 1565668968" onclick="window.open(this.href);return false; (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{931A56CC-24F4-4594-A1E1-9FD0EFCEA6FE}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A05ABB70-4FA3-436F-B589-6ED1228AD179}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Colline verdoyante.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/16 16:36:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/06 13:55:38 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/06 11:31:17 | 000,000,000 | ---D | C] -- C:\backup
[2014/01/04 08:42:04 | 000,000,000 | -HSD | C] -- C:\found.001
[2013/12/31 18:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\BVRP Software
[2013/12/31 18:31:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Classic PhoneTools
[2013/12/31 18:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Classic PhoneTools
[2013/12/31 18:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2013/12/31 18:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\InstallShield
[2013/12/31 18:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Bureau\Nouveau dossier
[2013/12/31 18:29:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\WinRAR
[2013/12/31 18:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WinRAR
[2013/12/31 18:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Menu Démarrer\Programmes\WinRAR
[2013/12/31 18:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/12/31 18:16:33 | 006,852,616 | ---- | C] (ESTsoft Corp. ) -- C:\Documents and Settings\ADMIN\Mes documents\ALZip [1].exe
[2013/12/31 17:52:56 | 000,462,848 | ---- | C] (NetManage Inc.) -- C:\WINDOWS\System32\nmw3vwn.dll
[2013/12/31 17:52:56 | 000,442,368 | ---- | C] (OverByte (F. Piette)) -- C:\WINDOWS\System32\IcsBcb30.bpl
[2013/12/31 17:52:56 | 000,066,560 | ---- | C] (NetManage Inc.) -- C:\WINDOWS\System32\nmorenu.dll
[2013/12/31 17:52:56 | 000,048,128 | ---- | C] (NetManage Inc.) -- C:\WINDOWS\System32\nmsckn.dll
[2013/12/31 17:52:56 | 000,047,616 | ---- | C] (Borland International, Inc.) -- C:\WINDOWS\System32\dclnet35.bpl
[2013/12/31 17:52:55 | 001,455,736 | ---- | C] (Borland International) -- C:\WINDOWS\System32\Vcl35.bpl
[2013/12/31 17:52:55 | 001,146,272 | ---- | C] (TurboPower Software Company) -- C:\WINDOWS\System32\A303_R35.bpl
[2013/12/31 17:52:55 | 000,996,872 | ---- | C] (Borland International) -- C:\WINDOWS\System32\Cp3240mt.dll
[2013/12/31 17:52:55 | 000,245,912 | ---- | C] (Borland International) -- C:\WINDOWS\System32\Vclx35.bpl
[2013/12/31 17:52:55 | 000,235,512 | ---- | C] (NetMasters) -- C:\WINDOWS\System32\Nmfast35.bpl
[2013/12/31 17:52:55 | 000,178,176 | ---- | C] (devSoft Inc.) -- C:\WINDOWS\System32\ick.bpl
[2013/12/31 17:52:55 | 000,078,384 | ---- | C] (TurboPower Software Company) -- C:\WINDOWS\System32\Tsr102_r.bpl
[2013/12/31 17:52:55 | 000,069,272 | ---- | C] (Borland International, Inc.) -- C:\WINDOWS\System32\Vclsmp35.bpl
[2013/12/31 17:52:55 | 000,029,952 | ---- | C] (Borland International) -- C:\WINDOWS\System32\Borlndmm.dll
[2013/12/31 17:52:55 | 000,018,480 | ---- | C] (TurboPower Software Company) -- C:\WINDOWS\System32\Tsr102_r.dpl
[2013/12/31 17:52:54 | 000,085,504 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Htmlwh.dll
[2013/12/31 17:52:54 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Inetwh32.dll
[2013/12/31 17:52:53 | 000,169,472 | ---- | C] (NetManage Inc.) -- C:\WINDOWS\System32\html.ocx
[2013/12/31 17:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\U.S. Robotics
[2013/12/31 17:52:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\U.S. Robotics
[2013/12/31 17:51:44 | 000,000,000 | ---D | C] -- C:\Temp
[2013/12/31 17:49:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\ADMIN\Application Data\Brother
[2013/12/31 17:26:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/12/31 15:22:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ADMIN\Recent
[2013/12/31 14:32:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Microsoft Office
[2013/12/31 14:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2013/12/31 14:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/12/31 14:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2013/12/31 14:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DESIGNER
[2013/12/31 14:24:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2013/12/31 14:24:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\Microsoft Help
[2013/12/31 14:24:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/12/31 14:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2013/12/31 14:23:44 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/12/31 14:11:15 | 000,000,000 | ---D | C] -- C:\HP v165w (E)
[2013/12/31 12:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP
[2013/12/31 12:53:00 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPFix
[2013/12/31 12:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\ZHP
[2013/12/31 12:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/12/31 12:49:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\jmdp
[2013/12/31 12:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\AppData
[2013/12/31 12:46:46 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2013/12/31 12:46:46 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2013/12/31 12:46:46 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll
[2013/12/31 12:46:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ARFC
[2013/12/31 12:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WNLT
[2013/12/31 12:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\VisualBeeClient
[2013/12/31 12:45:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\VisualBee
[2013/12/31 12:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\emaze
[2013/12/31 12:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Updater
[2013/12/31 12:44:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RHelpers
[2013/12/31 12:08:16 | 000,000,000 | ---D | C] -- C:\UsbFix
[2013/12/31 07:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/30 18:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Brother HL-2035
[2013/12/30 18:59:03 | 000,111,928 | ---- | C] (Brother Industries Ltd) -- C:\WINDOWS\System32\BRRBTOOL.EXE
[2013/12/30 18:59:01 | 000,176,128 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\BROSNMP.DLL
[2013/12/30 18:59:01 | 000,077,824 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\brlmw03a.dll
[2013/12/30 18:59:01 | 000,024,223 | ---- | C] (Brother Industries, Ltd) -- C:\WINDOWS\System32\brlm03a.dll
[2013/12/30 18:59:01 | 000,019,537 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\drivers\BRPAR.SYS
[2013/12/30 18:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Brownie
[2013/12/30 18:58:44 | 000,192,512 | ---- | C] (brother) -- C:\WINDOWS\System32\Pdrvinst.dll
[2013/12/30 18:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Brother
[2013/12/30 18:51:24 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2013/12/30 18:50:45 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2013/12/20 17:07:05 | 000,000,000 | ---D | C] -- C:\found.000
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/06 14:16:00 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2014/01/06 14:02:09 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/06 14:01:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/06 11:33:40 | 000,002,623 | ---- | M] () -- C:\Documents and Settings\ADMIN\Bureau\Microsoft Office Outlook 2007.lnk
[2014/01/06 00:18:08 | 000,000,058 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\WB.CFG
[2014/01/04 23:58:37 | 000,000,336 | ---- | M] () -- C:\WINDOWS\Brownie.ini
[2014/01/04 08:43:05 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/01/03 15:34:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/01/03 08:59:29 | 000,002,575 | ---- | M] () -- C:\Documents and Settings\ADMIN\Bureau\Microsoft Office Word 2007.lnk
[2014/01/01 17:04:29 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2014/01/01 16:51:51 | 000,370,832 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2014/01/01 16:51:51 | 000,314,644 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/01/01 16:51:51 | 000,049,734 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2014/01/01 16:51:51 | 000,040,972 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/31 18:32:06 | 000,001,638 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Classic PhoneTools.lnk
[2013/12/31 18:16:33 | 006,852,616 | ---- | M] (ESTsoft Corp. ) -- C:\Documents and Settings\ADMIN\Mes documents\ALZip [1].exe
[2013/12/31 17:54:09 | 000,000,120 | ---- | M] () -- C:\WINDOWS\usrwiz.ini
[2013/12/31 17:47:08 | 000,009,030 | ---- | M] () -- C:\WINDOWS\HL-2030.INI
[2013/12/31 17:47:08 | 000,000,145 | ---- | M] () -- C:\WINDOWS\BRVIDEO.INI
[2013/12/31 17:46:53 | 000,000,425 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2013/12/31 17:46:53 | 000,000,054 | ---- | M] () -- C:\WINDOWS\System32\bd2030.dat
[2013/12/31 15:23:20 | 000,020,006 | ---- | M] () -- C:\Documents and Settings\ADMIN\Mes documents\cc_20131231_152308.reg
[2013/12/31 14:55:30 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/31 14:55:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/31 12:53:02 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk
[2013/12/31 08:18:06 | 000,000,000 | ---- | M] () -- C:\Program Files\moz_update_in_progress.lock
[2013/12/30 18:59:09 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brmx2001.ini
[2013/12/25 09:03:02 | 000,773,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2013/12/25 09:03:02 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2013/12/25 09:03:02 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2013/12/25 09:03:02 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll
[2013/12/25 09:03:02 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/01 18:16:04 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\ADMIN\Application Data\WB.CFG
[2014/01/01 17:04:29 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\ADMIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2014/01/01 16:51:35 | 000,002,623 | ---- | C] () -- C:\Documents and Settings\ADMIN\Bureau\Microsoft Office Outlook 2007.lnk
[2013/12/31 18:45:47 | 000,002,575 | ---- | C] () -- C:\Documents and Settings\ADMIN\Bureau\Microsoft Office Word 2007.lnk
[2013/12/31 18:32:06 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Classic PhoneTools.lnk
[2013/12/31 18:16:17 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2013/12/31 17:52:56 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\nmocod.dll
[2013/12/31 17:52:55 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\Bcbsmp35.bpl
[2013/12/31 17:52:55 | 000,036,452 | ---- | C] () -- C:\WINDOWS\System32\Dclocx35.bpi
[2013/12/31 17:51:44 | 000,000,120 | ---- | C] () -- C:\WINDOWS\usrwiz.ini
[2013/12/31 17:44:34 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013/12/31 15:23:11 | 000,020,006 | ---- | C] () -- C:\Documents and Settings\ADMIN\Mes documents\cc_20131231_152308.reg
[2013/12/31 12:53:02 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk
[2013/12/31 12:45:35 | 000,001,342 | ---- | C] () -- C:\Documents and Settings\ADMIN\Menu Démarrer\Programmes\Create Amazing Presentations.lnk
[2013/12/31 08:18:06 | 000,000,000 | ---- | C] () -- C:\Program Files\moz_update_in_progress.lock
[2013/12/30 18:59:09 | 000,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2013/12/30 18:59:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2013/12/30 18:59:01 | 000,009,030 | ---- | C] () -- C:\WINDOWS\HL-2030.INI
[2013/12/30 18:59:01 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\brlmw03a.ini
[2013/12/30 18:58:45 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\bd2030.dat
[2013/12/30 18:58:32 | 000,000,336 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2012/08/20 09:04:51 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/06 10:11:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/04/20 20:29:44 | 001,510,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 11:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373E1720

< End of report >
Avatar du membre
par El Desaparecido
#26081
  • Télécharge Malwarebytes' Anti-Malware et installe le.
  • Lance Malwarebytes' Anti-Malware.
  • Clique sur l'onglet "Mises à  jours" puis sur "Rechercher des mises à  jours".
  • Clique sur l'onglet "Recherche", coche "éxécuter un examen rapide" puis clic sur Rechercher.
A la fin de l'analyse, si MBAM n'a rien trouvé :
  • Clique sur OK, le rapport s'ouvre spontanément.
Si des menaces ont été détectées :
  • Clique sur OK puis "Afficher les résultats".
  • Coches toutes les cases.
  • Choisis l'option "Supprimer la sélection".

    Image
  • Si MBAM demande le redémarrage de Windows : Clique sur "Oui".
  • Une fois le PC redémarré, le rapport se trouve dans l'onglet "Rapports/Logs".
  • Sinon le rapport s'ouvre automatiquement après la suppression.
  • Post le rapport dans ta prochaine réponse.

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)