6 sujets de 1 à 6 (sur un total de 6)
  • Auteur
    Messages
  • amiar
    Participant
    Nombre d'articles : 3

    bonjour
    j’avais une cle usb infectée la dernière fois par un virus, maintenant c’est mon pc .
    que faire
    merci de votre aide.

    Anonyme
    Nombre d'articles : 0

    Hello :hello: ,

    Bienvenue sur SosVirus :welcome:

    Nous allons éffectuer un diagnostic de ton ordinateur :

    • Télécharge OTL de Old_Timer et enregistre le sur le Bureau
    • Ferme toutes les autres fenêtres et double-clique sur OTL.exe
    • Sous Vista et Windows 7, il faut lancer le fichier par clic-droit -> Exécuter en tant qu’adminsitrateur.
    • Vérifie que les cases Tous les utilisateurs, Recherche Lop et Recherche Purity soient cochées.
    • Dans le cadre Personnalisation, copie-colle l’intégralité de ce qui suit :
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%Application Data*.
    %ALLUSERSPROFILE%Application Data*.exe /s
    %APPDATA%*.
    %APPDATA%*.exe /s
    %temp%*.exe /s
    %SYSTEMDRIVE%*.exe
    %systemroot%*. /mp /s
    %systemroot%system32consrv.dll
    %systemroot%system32*.dll /lockedfiles
    %windir%Tasks*.job /lockedfiles
    %systemroot%system32drivers*.sys /lockedfiles
    %systemroot%System32config*.sav
    /md5start
    explorer.exe
    winlogon.exe
    services.exe
    wininit.exe
    /md5stop
    HKEY_CLASSES_ROOTCLSID{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InprocServer32 /s
    HKEY_LOCAL_MACHINESYSTEMSYSTEMCurrentControlSetServiceslanmanserverparameters /s
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerSubSystems /s
    HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerAppCertDlls /s
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList /s
    HKEY_LOCAL_MACHINESoftwareMicrosoftCommand Processor /s
    HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor /s
    CREATERESTOREPOINT
    nslookup http://www.google.fr /c
    hklmsoftwareclientsstartmenuinternet|command /rs
    hklmsoftwareclientsstartmenuinternet|command /64 /rs
    CREATERESTOREPOINT
    SAVEMBR:0

    • Clique sur Analyse

    • Une fois le scan terminé 1 ou 2 rapports vont s’ouvrir OTL.txt et Extras.txt.
    • Héberge les rapports OTL.txt et Extras.txt sur cjoint.com, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

      Note : Au cas où, tu peux les retrouver dans le dossier C:OTL ou sur ton bureau en fonction des cas rencontrés

    Anonyme
    Nombre d'articles : 0

    OTL Extras logfile created on: 06/01/2014 14:19:24 – Run 1
    OTL by OldTimer – Version 3.2.69.0 Folder = C:Documents and SettingsADMINMes documentsTéléchargements
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) – Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1015,48 Mb Total Physical Memory | 469,20 Mb Available Physical Memory | 46,20% Memory free
    1,64 Gb Paging File | 1,24 Gb Available in Paging File | 75,43% Paging File free
    Paging file location(s): C:pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
    Drive C: | 37,27 Gb Total Space | 25,93 Gb Free Space | 69,58% Space Free | Partition Type: NTFS

    Computer Name: ADMIN-F50220F4B | User Name: ADMIN | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========

    ========== File Associations ==========

    [HKEY_LOCAL_MACHINESOFTWAREClasses]
    .cpl [@ = cplfile] — rundll32.exe shell32.dll,Control_RunDLL « %1 »,%*

    [HKEY_USERSS-1-5-21-1202660629-1214440339-1417001333-1003SOFTWAREClasses]
    .html [@ = FirefoxHTML] — C:Program FilesMozilla Firefoxfirefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINESOFTWAREClassesshell[command]command]
    batfile [open] — « %1 » %*
    cmdfile [open] — « %1 » %*
    comfile [open] — « %1 » %*
    cplfile [cplopen] — rundll32.exe shell32.dll,Control_RunDLL « %1 »,%*
    exefile [open] — « %1 » %*
    htmlfile [edit] — Reg Error: Key error.
    http [open] — Reg Error: Key error.
    https [open] — Reg Error: Key error.
    piffile [open] — « %1 » %*
    regfile [merge] — Reg Error: Key error.
    scrfile [config] — « %1 »
    scrfile [install] — rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] — « %1 » /S
    txtfile [edit] — Reg Error: Key error.
    Unknown [openas] — %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] — « C:Program FilesVideoLANVLCvlc.exe » –started-from-file –playlist-enqueue « %1 » ()
    Directory [find] — %SystemRoot%Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] — « C:Program FilesVideoLANVLCvlc.exe » –started-from-file –no-playlist-enqueue « %1 » ()
    Folder [open] — %SystemRoot%Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] — %SystemRoot%Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] — %SystemRoot%Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
    « FirstRunDisabled » = 1
    « AntiVirusDisableNotify » = 0
    « FirewallDisableNotify » = 0
    « UpdatesDisableNotify » = 0
    « AntiVirusOverride » = 1
    « FirewallOverride » = 0

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringAhnlabAntiVirus]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeAntiVirus]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringMcAfeeFirewall]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaAntiVirus]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringPandaFirewall]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSophosAntiVirus]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTinyFirewall]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendAntiVirus]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringTrendFirewall]

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore]
    « DisableSR » = 0

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSr]
    « Start » = 0

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSrService]
    « Start » = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]
    « 1900:UDP » = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
    « 2869:TCP » = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]
    « %windir%Network Diagnosticxpnetdiag.exe » = %windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 — (Microsoft Corporation)
    « %windir%system32sessmgr.exe » = %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 — (Microsoft Corporation)

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]
    « %windir%Network Diagnosticxpnetdiag.exe » = %windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 — (Microsoft Corporation)
    « %windir%system32sessmgr.exe » = %windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 — (Microsoft Corporation)
    « C:Program FilesFichiers communsAppleApple Application SupportWebKit2WebProcess.exe » = C:Program FilesFichiers communsAppleApple Application SupportWebKit2WebProcess.exe:*:Enabled:WebKit — (Apple Inc.)
    « C:Program FilesBonjourmDNSResponder.exe » = C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Service Bonjour — (Apple Inc.)
    « C:Program FilesiTunesiTunes.exe » = C:Program FilesiTunesiTunes.exe:*:Enabled:iTunes — (Apple Inc.)
    « C:WINDOWSsystem32dmwu.exe » = C:WINDOWSsystem32dmwu.exe:*:Enabled:dmwu
    « C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE » = C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook — (Microsoft Corporation)

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
    « {0A17C91C-A455-3E89-B8B7-44E192F79635} » = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    « {122ADF8C-DDA1-480C-9936-C88F2825B265} » = Apple Application Support
    « {1F1C2DFC-2D24-3E06-BCB8-725134ADF989} » = Microsoft Visual C++ 2008 Redistributable – x86 9.0.30729.4148
    « {26A24AE4-039D-4CA4-87B4-2F83217017FF} » = Java 7 Update 21
    « {350C940c-3D7C-4EE8-BAA9-00BCB3D54227} » = WebFldrs XP
    « {446DCD16-F917-4C7A-AC2B-0DD44982EB66} » = Brother HL-2035
    « {4A03706F-666A-4037-7777-5F2748764D10} » = Java Auto Updater
    « {612C34C7-5E90-47D8-9B5C-0F717DD82726} » = swMSM
    « {6AD9F5F3-5BD0-4000-BD9C-B536CF86D988} » = iTunes
    « {789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} » = Apple Software Update
    « {79155F2B-9895-49D7-8612-D92580E0DE5B} » = Bonjour
    « {7BB045C3-D5E4-4620-B536-DC11AACD5942} » = Broadcom Management Programs
    « {7BC3F814-5249-4653-87E7-ABD402D2C197} » = Classic PhoneTools
    « {7E0610A2-E336-40B3-B685-C4905E97EC9A} » = OpenOffice.org 3.3
    « {8A708DD8-A5E6-11D4-A706-000629E95E20} » = Intel(R) Extreme Graphics 2 Driver
    « {8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50} » = Apple Mobile Device Support
    « {90120000-0010-040C-0000-0000000FF1CE} » = Microsoft Software Update for Web Folders (French) 12
    « {90120000-0011-0000-0000-0000000FF1CE} » = Microsoft Office Professional Plus 2007
    « {90120000-0015-040C-0000-0000000FF1CE} » = Microsoft Office Access MUI (French) 2007
    « {90120000-0016-040C-0000-0000000FF1CE} » = Microsoft Office Excel MUI (French) 2007
    « {90120000-0018-040C-0000-0000000FF1CE} » = Microsoft Office PowerPoint MUI (French) 2007
    « {90120000-0019-040C-0000-0000000FF1CE} » = Microsoft Office Publisher MUI (French) 2007
    « {90120000-001A-040C-0000-0000000FF1CE} » = Microsoft Office Outlook MUI (French) 2007
    « {90120000-001B-040C-0000-0000000FF1CE} » = Microsoft Office Word MUI (French) 2007
    « {90120000-001F-0401-0000-0000000FF1CE} » = Microsoft Office Proof (Arabic) 2007
    « {90120000-001F-0407-0000-0000000FF1CE} » = Microsoft Office Proof (German) 2007
    « {90120000-001F-0409-0000-0000000FF1CE} » = Microsoft Office Proof (English) 2007
    « {90120000-001F-040C-0000-0000000FF1CE} » = Microsoft Office Proof (French) 2007
    « {90120000-001F-0413-0000-0000000FF1CE} » = Microsoft Office Proof (Dutch) 2007
    « {90120000-001F-0C0A-0000-0000000FF1CE} » = Microsoft Office Proof (Spanish) 2007
    « {90120000-002C-040C-0000-0000000FF1CE} » = Microsoft Office Proofing (French) 2007
    « {90120000-0044-040C-0000-0000000FF1CE} » = Microsoft Office InfoPath MUI (French) 2007
    « {90120000-006E-040C-0000-0000000FF1CE} » = Microsoft Office Shared MUI (French) 2007
    « {AC76BA86-7AD7-1036-7B44-A93000000001} » = Adobe Reader 9.3 – Français
    « {B83E0346-D2D0-11D5-A9AE-00105AA9E047} » = U.S. Robotics ControlCenter
    « {D54E3D9F-FEB8-4D2D-A138-B69A5C80080B} » = Updater
    « {E3436EE2-D5CB-4249-840B-3A0140CC34C3} » = Classic PhoneTools
    « {F0A37341-D692-11D4-A984-009027EC0A9C} » = SoundMAX
    « {F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} » = Microsoft Visual C++ 2010 x86 Redistributable – 10.0.40219
    « {F54E13CE-D3A5-3916-A1FB-A8169B9E1055} » = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack – FRA
    « {F870B987-18BC-45FC-9BE8-35C02DCDA10F} » = Broadcom NetXtreme Ethernet Controller
    « Adobe Flash Player Plugin » = Adobe Flash Player 11 Plugin
    « Adobe Shockwave Player » = Adobe Shockwave Player 12.0
    « CCleaner » = CCleaner
    « ie8 » = Windows Internet Explorer 8
    « Microsoft Visual Studio 2010 Tools for Office Runtime (x86) » = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    « Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack – FRA » = Module linguistique Microsoft Visual Studio 2010 Tools pour Office Runtime (x86) – FRA
    « Mozilla Firefox 25.0 (x86 fr) » = Mozilla Firefox 25.0 (x86 fr)
    « MozillaMaintenanceService » = Mozilla Maintenance Service
    « PROPLUS » = Microsoft Office Professional Plus 2007
    « TubeDimmer » = Tube Dimmer
    « Usbfix » = UsbFix
    « VLC media player » = VLC media player 1.1.11
    « WinRAR archiver » = WinRAR 5.01 (32-bit)
    « ZHPFix_is1 » = ZHPFix 2013

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERSS-1-5-21-1202660629-1214440339-1417001333-1003SOFTWAREMicrosoftWindowsCurrentVersionUninstall]
    « VisualBee for Microsoft PowerPoint » = VisualBee for Microsoft PowerPoint

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error – 31/12/2013 10:15:28 | Computer Name = ADMIN-F50220F4B | Source = MsiInstaller | ID = 11500
    Description = Produit : Java 7 Update 45 — Erreur 1500. Une autre installation
    est en cours. Vous devez la terminer avant de poursuivre cette installation.

    Error – 31/12/2013 10:15:30 | Computer Name = ADMIN-F50220F4B | Source = MsiInstaller | ID = 11500
    Description = Produit : Java 7 Update 45 — Erreur 1500. Une autre installation
    est en cours. Vous devez la terminer avant de poursuivre cette installation.

    Error – 31/12/2013 10:15:33 | Computer Name = ADMIN-F50220F4B | Source = MsiInstaller | ID = 11500
    Description = Produit : Java 7 Update 45 — Erreur 1500. Une autre installation
    est en cours. Vous devez la terminer avant de poursuivre cette installation.

    Error – 31/12/2013 10:44:41 | Computer Name = ADMIN-F50220F4B | Source = Application Hang | ID = 1002
    Description = Application bloquée firefox.exe, version 26.0.0.5087, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error – 31/12/2013 10:44:42 | Computer Name = ADMIN-F50220F4B | Source = Application Hang | ID = 1002
    Description = Application bloquée firefox.exe, version 26.0.0.5087, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error – 31/12/2013 10:44:45 | Computer Name = ADMIN-F50220F4B | Source = Application Hang | ID = 1002
    Description = Application bloquée firefox.exe, version 26.0.0.5087, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error – 31/12/2013 13:10:34 | Computer Name = ADMIN-F50220F4B | Source = Application Error | ID = 1000
    Description = Application défaillante setup.exe, version 12.0.0.58849, module défaillant
    setup.exe, version 12.0.0.58849, adresse de défaillance 0x0001e7b9.

    Error – 31/12/2013 13:10:46 | Computer Name = ADMIN-F50220F4B | Source = Application Error | ID = 1000
    Description = Application défaillante setup.exe, version 12.0.0.58849, module défaillant
    setup.exe, version 12.0.0.58849, adresse de défaillance 0x0001e7b9.

    Error – 01/01/2014 02:55:04 | Computer Name = ADMIN-F50220F4B | Source = Application Hang | ID = 1002
    Description = Application bloquée WINWORD.EXE, version 12.0.4518.1014, module bloqué
    hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

    Error – 01/01/2014 12:20:53 | Computer Name = ADMIN-F50220F4B | Source = Microsoft Office 12 | ID = 1000
    Description = Faulting application outlook.exe, version 12.0.4518.1014, stamp 4542840f,
    faulting module mshtml.dll, version 8.0.6001.23543, stamp 526f6a4f, debug? 0, fault
    address 0x00060b3f.

    [ OSession Events ]
    Error – 01/01/2014 12:20:45 | Computer Name = ADMIN-F50220F4B | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1743
    seconds with 1200 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error – 31/12/2013 00:45:33 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
    Description = DCOM n’a pas pu communiquer avec l’ordinateur localBenjamin en utilisant
    les protocoles configurés.

    Error – 31/12/2013 00:45:37 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
    Description = DCOM n’a pas pu communiquer avec l’ordinateur localBenjamin en utilisant
    les protocoles configurés.

    Error – 31/12/2013 00:45:58 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
    Description = DCOM n’a pas pu communiquer avec l’ordinateur localBenjamin en utilisant
    les protocoles configurés.

    Error – 31/12/2013 00:46:02 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
    Description = DCOM n’a pas pu communiquer avec l’ordinateur localBenjamin en utilisant
    les protocoles configurés.

    Error – 31/12/2013 00:46:23 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
    Description = DCOM n’a pas pu communiquer avec l’ordinateur localBenjamin en utilisant
    les protocoles configurés.

    Error – 31/12/2013 00:46:27 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
    Description = DCOM n’a pas pu communiquer avec l’ordinateur localBenjamin en utilisant
    les protocoles configurés.

    Error – 31/12/2013 00:46:50 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
    Description = DCOM n’a pas pu communiquer avec l’ordinateur localBenjamin en utilisant
    les protocoles configurés.

    Error – 31/12/2013 00:46:54 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
    Description = DCOM n’a pas pu communiquer avec l’ordinateur localBenjamin en utilisant
    les protocoles configurés.

    Error – 31/12/2013 00:47:16 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
    Description = DCOM n’a pas pu communiquer avec l’ordinateur localBenjamin en utilisant
    les protocoles configurés.

    Error – 31/12/2013 00:47:20 | Computer Name = ADMIN-F50220F4B | Source = DCOM | ID = 10009
    Description = DCOM n’a pas pu communiquer avec l’ordinateur localBenjamin en utilisant
    les protocoles configurés.

    2EMME/

    OTL logfile created on: 06/01/2014 14:19:24 – Run 1
    OTL by OldTimer – Version 3.2.69.0 Folder = C:Documents and SettingsADMINMes documentsTéléchargements
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) – Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1015,48 Mb Total Physical Memory | 469,20 Mb Available Physical Memory | 46,20% Memory free
    1,64 Gb Paging File | 1,24 Gb Available in Paging File | 75,43% Paging File free
    Paging file location(s): C:pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:WINDOWS | %ProgramFiles% = C:Program Files
    Drive C: | 37,27 Gb Total Space | 25,93 Gb Free Space | 69,58% Space Free | Partition Type: NTFS

    Computer Name: ADMIN-F50220F4B | User Name: ADMIN | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC – [2014/01/06 14:13:41 | 000,602,112 | —- | M] (OldTimer Tools) — C:Documents and SettingsADMINMes documentsTéléchargementsOTL.exe
    PRC – [2013/12/31 07:38:46 | 000,275,568 | —- | M] (Mozilla Corporation) — C:Program FilesMozilla Firefoxfirefox.exe
    PRC – [2012/05/24 12:28:56 | 000,055,184 | —- | M] (Apple Inc.) — C:Program FilesFichiers communsAppleMobile Device SupportAppleMobileDeviceService.exe
    PRC – [2010/09/07 17:12:02 | 002,838,912 | —- | M] (AVAST Software) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe
    PRC – [2010/09/07 17:11:59 | 000,040,384 | —- | M] (AVAST Software) — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
    PRC – [2008/04/14 13:00:00 | 001,037,824 | —- | M] (Microsoft Corporation) — C:WINDOWSexplorer.exe
    PRC – [2002/09/20 16:50:10 | 000,045,056 | —- | M] (Analog Devices, Inc.) — C:Program FilesAnalog DevicesSoundMAXSMAgent.exe

    ========== Modules (No Company Name) ==========

    MOD – [2014/01/06 00:07:15 | 002,244,608 | —- | M] () — C:Program FilesAlwil SoftwareAvast5defs14010501algo.dll
    MOD – [2013/12/31 07:38:42 | 003,559,024 | —- | M] () — C:Program FilesMozilla Firefoxmozjs.dll
    MOD – [2012/05/30 19:06:48 | 000,087,912 | —- | M] () — C:Program FilesFichiers communsAppleApple Application Supportzlib1.dll
    MOD – [2012/05/30 19:06:30 | 001,242,512 | —- | M] () — C:Program FilesFichiers communsAppleApple Application Supportlibxml2.dll
    MOD – [2010/09/07 17:13:40 | 000,142,872 | —- | M] () — C:Program FilesAlwil SoftwareAvast5aswDld.dll

    ========== Services (SafeList) ==========

    SRV – [2013/11/11 19:57:30 | 000,119,408 | —- | M] (Mozilla Foundation) [On_Demand | Stopped] — C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe — (MozillaMaintenance)
    SRV – [2012/05/24 12:28:56 | 000,055,184 | —- | M] (Apple Inc.) [Auto | Running] — C:Program FilesFichiers communsAppleMobile Device SupportAppleMobileDeviceService.exe — (Apple Mobile Device)
    SRV – [2010/09/07 17:11:59 | 000,040,384 | —- | M] (AVAST Software) [On_Demand | Running] — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe — (avast! Web Scanner)
    SRV – [2010/09/07 17:11:59 | 000,040,384 | —- | M] (AVAST Software) [On_Demand | Running] — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe — (avast! Mail Scanner)
    SRV – [2010/09/07 17:11:59 | 000,040,384 | —- | M] (AVAST Software) [Auto | Running] — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe — (avast! Antivirus)
    SRV – [2006/10/26 19:49:34 | 000,441,136 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] — C:Program FilesFichiers communsMicrosoft SharedOFFICE12ODSERV.EXE — (odserv)
    SRV – [2006/10/26 14:03:08 | 000,145,184 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] — C:Program FilesFichiers communsMicrosoft SharedSource EngineOSE.EXE — (ose)
    SRV – [2002/09/20 16:50:10 | 000,045,056 | —- | M] (Analog Devices, Inc.) [Auto | Running] — C:Program FilesAnalog DevicesSoundMAXSMAgent.exe — (SoundMAX Agent Service (default)

    ========== Driver Services (SafeList) ==========

    DRV – File not found [Kernel | On_Demand | Stopped] — — (WDICA)
    DRV – File not found [Kernel | On_Demand | Stopped] — — (PDRFRAME)
    DRV – File not found [Kernel | On_Demand | Stopped] — — (PDRELI)
    DRV – File not found [Kernel | On_Demand | Stopped] — — (PDFRAME)
    DRV – File not found [Kernel | On_Demand | Stopped] — — (PDCOMP)
    DRV – File not found [Kernel | System | Stopped] — — (PCIDump)
    DRV – File not found [Kernel | System | Stopped] — — (lbrtfdc)
    DRV – File not found [Kernel | System | Stopped] — — (i2omgmt)
    DRV – File not found [Kernel | System | Stopped] — — (Changer)
    DRV – File not found [Kernel | Boot | Stopped] — — (cerc6)
    DRV – [2010/09/07 16:52:25 | 000,046,672 | —- | M] (AVAST Software) [Kernel | System | Running] — C:WINDOWSSystem32driversaswTdi.sys — (aswTdi)
    DRV – [2010/09/07 16:52:03 | 000,165,584 | —- | M] (AVAST Software) [Kernel | System | Running] — C:WINDOWSSystem32driversaswSP.sys — (aswSP)
    DRV – [2010/09/07 16:47:46 | 000,023,376 | —- | M] (AVAST Software) [Kernel | On_Demand | Running] — C:WINDOWSSystem32driversaswRdr.sys — (aswRdr)
    DRV – [2010/09/07 16:47:19 | 000,100,176 | —- | M] (AVAST Software) [File_System | Auto | Running] — C:WINDOWSSystem32driversaswmon2.sys — (aswMon2)
    DRV – [2010/09/07 16:47:07 | 000,017,744 | —- | M] (AVAST Software) [File_System | Auto | Running] — C:WINDOWSSystem32driversaswFsBlk.sys — (aswFsBlk)
    DRV – [2010/09/07 16:46:51 | 000,028,880 | —- | M] (AVAST Software) [Kernel | System | Running] — C:WINDOWSSystem32driversaavmker4.sys — (Aavmker4)
    DRV – [2008/07/25 01:18:32 | 000,176,640 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] — C:WINDOWSsystem32driversb57xp32.sys — (b57w2k)
    DRV – [2008/06/06 09:15:40 | 000,098,816 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversbaspxp32.sys — (Blfp)
    DRV – [2007/07/18 19:39:00 | 000,284,964 | R— | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] — C:WINDOWSsystem32driversRTL8187B.sys — (RTL8187B)
    DRV – [2000/07/24 01:01:00 | 000,019,537 | —- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] — C:WINDOWSsystem32driversBRPAR.SYS — (BrPar)

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE – HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com » onclick= »window.open(this.href);return false;
    IE – HKLM..SearchScopes,DefaultScope =
    IE – HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: « URL » = http://www.bing.com/search?q= » onclick= »window.open(this.href);return false;{searchTerms}&FORM=IE8SRC

    IE – HKU.DEFAULT..SearchScopes,DefaultScope =
    IE – HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: « ProxyEnable » = 0

    IE – HKUS-1-5-18..SearchScopes,DefaultScope =
    IE – HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: « ProxyEnable » = 0

    IE – HKUS-1-5-19..SearchScopes,DefaultScope =

    IE – HKUS-1-5-20..SearchScopes,DefaultScope =

    IE – HKUS-1-5-21-1202660629-1214440339-1417001333-1003SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com » onclick= »window.open(this.href);return false;
    IE – HKUS-1-5-21-1202660629-1214440339-1417001333-1003..SearchScopes,DefaultScope =
    IE – HKUS-1-5-21-1202660629-1214440339-1417001333-1003..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: « URL » = http://start.mysearchdial.com/results.php?f=4&q= » onclick= »window.open(this.href);return false;{searchTerms}&a=tele0101&cd=2XzuyEtN2Y1L1QzutDtDtD0FtBtD0F0BzzyD0ByC0AyCyB0FtN0D0Tzu0SyBtAtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=704882683&ir=
    IE – HKUS-1-5-21-1202660629-1214440339-1417001333-1003..SearchScopes{88B9D39F-00FB-4A7A-9CDE-F9F3D816751E}: « URL » = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q= » onclick= »window.open(this.href);return false;{searchTerms}&locale=fr_FR&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^FR&apn_uid=E6A778D9-AE78-4275-B000-907BC4B370E5&apn_sauid=1AE2AAA3-D1B4-4CED-8F35-EBD9A93B0DD1
    IE – HKUS-1-5-21-1202660629-1214440339-1417001333-1003SoftwareMicrosoftWindowsCurrentVersionInternet Settings: « ProxyEnable » = 0
    IE – HKUS-1-5-21-1202660629-1214440339-1417001333-1003SoftwareMicrosoftWindowsCurrentVersionInternet Settings: « ProxyOverride » = *.local

    ========== FireFox ==========

    FF – prefs.js..browser.search.defaultengine: « Google »
    FF – prefs.js..browser.search.defaulturl: «  »
    FF – prefs.js..browser.startup.homepage: « www.google.fr »
    FF – prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
    FF – prefs.js..network.proxy.type: 0
    FF – user.js – File not found

    FF – HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:WINDOWSsystem32MacromedFlashNPSWF32_11_9_900_170.dll ()
    FF – HKLMSoftwareMozillaPlugins@adobe.com/ShockwavePlayer: C:WINDOWSsystem32AdobeDirectornp32dsw_1200112.dll (Adobe Systems, Inc.)
    FF – HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=: File not found
    FF – HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=1.0: C:Program FilesiTunesMozilla Pluginsnpitunes.dll ()
    FF – HKLMSoftwareMozillaPlugins@java.com/JavaPlugin,version=10.21.2: C:Program FilesJavajre7binplugin2npjp2.dll (Oracle Corporation)

    FF – HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 25.0extensions\Components: C:Program FilesMozilla Firefoxcomponents
    FF – HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 25.0extensions\Plugins: C:Program FilesMozilla Firefoxplugins

    [2011/12/16 15:50:41 | 000,000,000 | —D | M] (No name found) — C:Documents and SettingsADMINApplication DataMozillaExtensions
    [2014/01/06 13:59:25 | 000,000,000 | —D | M] (No name found) — C:Documents and SettingsADMINApplication DataMozillaFirefoxProfilesuhazm9rr.defaultextensions
    [2013/12/31 12:44:57 | 000,000,000 | —D | M] (Tube Dimmer) — C:Documents and SettingsADMINApplication DataMozillaFirefoxProfilesuhazm9rr.defaultextensionssupport@tubedimmerapp.com
    [2014/01/06 12:56:09 | 000,000,000 | —D | M] (No name found) — C:Program FilesMozilla Firefoxextensions
    [2013/12/31 07:38:23 | 000,000,000 | —D | M] (No name found) — C:Program FilesMozilla Firefoxbrowserextensions
    [2013/12/31 07:38:50 | 000,000,000 | —D | M] (Default) — C:Program FilesMozilla Firefoxbrowserextensions{972ce4c6-7e08-4474-a285-3208198ce6fd}

    O1 HOSTS File: ([2008/04/14 13:00:00 | 000,000,790 | —- | M]) – C:WINDOWSsystem32driversetchosts
    O1 – Hosts: 127.0.0.1 localhost
    O2 – BHO: (Adobe PDF Link Helper) – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:Program FilesFichiers communsAdobeAcrobatActiveXAcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 – BHO: (Java(tm) Plug-In SSV Helper) – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:Program FilesJavajre7binssv.dll (Oracle Corporation)
    O2 – BHO: (Java(tm) Plug-In 2 SSV Helper) – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:Program FilesJavajre7binjp2ssv.dll (Oracle Corporation)
    O4 – HKLM..Run: [avast5] C:Program FilesAlwil SoftwareAvast5avastUI.exe (AVAST Software)
    O7 – HKU.DEFAULTSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
    O7 – HKUS-1-5-18SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
    O7 – HKUS-1-5-19SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
    O7 – HKUS-1-5-20SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
    O7 – HKUS-1-5-21-1202660629-1214440339-1417001333-1003SOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDriveTypeAutoRun = 145
    O10 – NameSpace_Catalog5Catalog_Entries00000000004 [] – C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)
    O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341565668968 » onclick= »window.open(this.href);return false; (WUWebControl Class)
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{931A56CC-24F4-4594-A1E1-9FD0EFCEA6FE}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParametersInterfaces{A05ABB70-4FA3-436F-B589-6ED1228AD179}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18 – ProtocolHandlerippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} – C:Program FilesFichiers communsSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
    O18 – ProtocolHandlermsdaippx00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} – C:Program FilesFichiers communsSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
    O18 – ProtocolHandlermsdaippoledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} – C:Program FilesFichiers communsSystemOle DBMSDAIPP.DLL (Microsoft Corporation)
    O18 – ProtocolHandlerms-help {314111c7-a502-11d2-bbca-00c04f8ec294} – C:Program FilesFichiers communsMicrosoft SharedHelphxds.dll (Microsoft Corporation)
    O18 – ProtocolFiltertext/xml {807563E5-5146-11D5-A672-00B0D022E945} – C:Program FilesFichiers communsMicrosoft SharedOFFICE12MSOXMLMF.DLL (Microsoft Corporation)
    O20 – HKLM Winlogon: Shell – (Explorer.exe) – C:WINDOWSexplorer.exe (Microsoft Corporation)
    O20 – HKLM Winlogon: UserInit – (C:WINDOWSsystem32Userinit.exe) – C:WINDOWSsystem32userinit.exe (Microsoft Corporation)
    O24 – Desktop Components:0 (Ma page d’accueil) – About:Home
    O24 – Desktop WallPaper: C:WINDOWSWebWallpaperColline verdoyante.bmp
    O24 – Desktop BackupWallPaper: C:WINDOWSWebWallpaperColline verdoyante.bmp
    O32 – HKLM CDRom: AutoRun – 1
    O32 – AutoRun File – [2011/12/16 16:36:50 | 000,000,000 | —- | M] () – C:AUTOEXEC.BAT — [ NTFS ]
    O34 – HKLM BootExecute: (autocheck autochk *)
    O35 – HKLM..comfile [open] — « %1 » %*
    O35 – HKLM..exefile [open] — « %1 » %*
    O37 – HKLM…com [@ = comfile] — « %1 » %*
    O37 – HKLM…exe [@ = exefile] — « %1 » %*
    O38 – SubSystems\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 – SubSystems\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders – Created Within 30 Days ==========

    [2014/01/06 13:55:38 | 000,000,000 | —D | C] — C:AdwCleaner
    [2014/01/06 11:31:17 | 000,000,000 | —D | C] — C:backup
    [2014/01/04 08:42:04 | 000,000,000 | -HSD | C] — C:found.001
    [2013/12/31 18:32:11 | 000,000,000 | —D | C] — C:Documents and SettingsADMINLocal SettingsApplication DataBVRP Software
    [2013/12/31 18:31:40 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersMenu DémarrerProgrammesClassic PhoneTools
    [2013/12/31 18:31:29 | 000,000,000 | —D | C] — C:Program FilesClassic PhoneTools
    [2013/12/31 18:31:29 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataBVRP Software
    [2013/12/31 18:30:18 | 000,000,000 | —D | C] — C:Documents and SettingsADMINApplication DataInstallShield
    [2013/12/31 18:29:53 | 000,000,000 | —D | C] — C:Documents and SettingsADMINBureauNouveau dossier
    [2013/12/31 18:29:07 | 000,000,000 | —D | C] — C:Documents and SettingsADMINApplication DataWinRAR
    [2013/12/31 18:28:51 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersMenu DémarrerProgrammesWinRAR
    [2013/12/31 18:28:51 | 000,000,000 | —D | C] — C:Documents and SettingsADMINMenu DémarrerProgrammesWinRAR
    [2013/12/31 18:28:47 | 000,000,000 | —D | C] — C:Program FilesWinRAR
    [2013/12/31 18:16:33 | 006,852,616 | —- | C] (ESTsoft Corp. ) — C:Documents and SettingsADMINMes documentsALZip [1].exe
    [2013/12/31 17:52:56 | 000,462,848 | —- | C] (NetManage Inc.) — C:WINDOWSSystem32nmw3vwn.dll
    [2013/12/31 17:52:56 | 000,442,368 | —- | C] (OverByte (F. Piette)) — C:WINDOWSSystem32IcsBcb30.bpl
    [2013/12/31 17:52:56 | 000,066,560 | —- | C] (NetManage Inc.) — C:WINDOWSSystem32nmorenu.dll
    [2013/12/31 17:52:56 | 000,048,128 | —- | C] (NetManage Inc.) — C:WINDOWSSystem32nmsckn.dll
    [2013/12/31 17:52:56 | 000,047,616 | —- | C] (Borland International, Inc.) — C:WINDOWSSystem32dclnet35.bpl
    [2013/12/31 17:52:55 | 001,455,736 | —- | C] (Borland International) — C:WINDOWSSystem32Vcl35.bpl
    [2013/12/31 17:52:55 | 001,146,272 | —- | C] (TurboPower Software Company) — C:WINDOWSSystem32A303_R35.bpl
    [2013/12/31 17:52:55 | 000,996,872 | —- | C] (Borland International) — C:WINDOWSSystem32Cp3240mt.dll
    [2013/12/31 17:52:55 | 000,245,912 | —- | C] (Borland International) — C:WINDOWSSystem32Vclx35.bpl
    [2013/12/31 17:52:55 | 000,235,512 | —- | C] (NetMasters) — C:WINDOWSSystem32Nmfast35.bpl
    [2013/12/31 17:52:55 | 000,178,176 | —- | C] (devSoft Inc.) — C:WINDOWSSystem32ick.bpl
    [2013/12/31 17:52:55 | 000,078,384 | —- | C] (TurboPower Software Company) — C:WINDOWSSystem32Tsr102_r.bpl
    [2013/12/31 17:52:55 | 000,069,272 | —- | C] (Borland International, Inc.) — C:WINDOWSSystem32Vclsmp35.bpl
    [2013/12/31 17:52:55 | 000,029,952 | —- | C] (Borland International) — C:WINDOWSSystem32Borlndmm.dll
    [2013/12/31 17:52:55 | 000,018,480 | —- | C] (TurboPower Software Company) — C:WINDOWSSystem32Tsr102_r.dpl
    [2013/12/31 17:52:54 | 000,085,504 | —- | C] (Blue Sky Software Corporation.) — C:WINDOWSSystem32Htmlwh.dll
    [2013/12/31 17:52:54 | 000,054,784 | —- | C] (Blue Sky Software Corporation.) — C:WINDOWSSystem32Inetwh32.dll
    [2013/12/31 17:52:53 | 000,169,472 | —- | C] (NetManage Inc.) — C:WINDOWSSystem32html.ocx
    [2013/12/31 17:52:53 | 000,000,000 | —D | C] — C:Program FilesU.S. Robotics
    [2013/12/31 17:52:52 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersMenu DémarrerProgrammesU.S. Robotics
    [2013/12/31 17:51:44 | 000,000,000 | —D | C] — C:Temp
    [2013/12/31 17:49:03 | 000,000,000 | R–D | C] — C:Documents and SettingsADMINApplication DataBrother
    [2013/12/31 17:26:21 | 000,000,000 | —D | C] — C:WINDOWSpss
    [2013/12/31 15:22:18 | 000,000,000 | RH-D | C] — C:Documents and SettingsADMINRecent
    [2013/12/31 14:32:55 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersMenu DémarrerProgrammesMicrosoft Office
    [2013/12/31 14:31:17 | 000,000,000 | —D | C] — C:Program FilesMicrosoft Works
    [2013/12/31 14:30:55 | 000,000,000 | —D | C] — C:Program FilesMSBuild
    [2013/12/31 14:30:24 | 000,000,000 | —D | C] — C:Program FilesMicrosoft Visual Studio
    [2013/12/31 14:30:23 | 000,000,000 | —D | C] — C:Program FilesFichiers communsDESIGNER
    [2013/12/31 14:24:44 | 000,000,000 | —D | C] — C:WINDOWSSHELLNEW
    [2013/12/31 14:24:29 | 000,000,000 | —D | C] — C:Documents and SettingsADMINLocal SettingsApplication DataMicrosoft Help
    [2013/12/31 14:24:10 | 000,000,000 | —D | C] — C:Program FilesMicrosoft Office
    [2013/12/31 14:24:07 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataMicrosoft Help
    [2013/12/31 14:23:44 | 000,000,000 | RH-D | C] — C:MSOCache
    [2013/12/31 14:11:15 | 000,000,000 | —D | C] — C:HP v165w (E)
    [2013/12/31 12:53:02 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersMenu DémarrerProgrammesZHP
    [2013/12/31 12:53:00 | 000,000,000 | —D | C] — C:Program FilesZHPFix
    [2013/12/31 12:53:00 | 000,000,000 | —D | C] — C:Documents and SettingsADMINApplication DataZHP
    [2013/12/31 12:50:41 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataTEMP
    [2013/12/31 12:49:46 | 000,000,000 | —D | C] — C:WINDOWSSystem32jmdp
    [2013/12/31 12:47:01 | 000,000,000 | —D | C] — C:Documents and SettingsADMINAppData
    [2013/12/31 12:46:46 | 000,632,656 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32msvcr80.dll
    [2013/12/31 12:46:46 | 000,554,832 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32msvcp80.dll
    [2013/12/31 12:46:46 | 000,479,232 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32msvcm80.dll
    [2013/12/31 12:46:46 | 000,000,000 | —D | C] — C:WINDOWSSystem32ARFC
    [2013/12/31 12:46:25 | 000,000,000 | —D | C] — C:WINDOWSSystem32WNLT
    [2013/12/31 12:46:13 | 000,000,000 | —D | C] — C:Documents and SettingsADMINLocal SettingsApplication DataVisualBeeClient
    [2013/12/31 12:45:36 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersVisualBee
    [2013/12/31 12:45:35 | 000,000,000 | —D | C] — C:Documents and SettingsADMINLocal SettingsApplication Dataemaze
    [2013/12/31 12:44:57 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataUpdater
    [2013/12/31 12:44:57 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersApplication DataRHelpers
    [2013/12/31 12:08:16 | 000,000,000 | —D | C] — C:UsbFix
    [2013/12/31 07:38:22 | 000,000,000 | —D | C] — C:Program FilesMozilla Firefox
    [2013/12/30 18:59:09 | 000,000,000 | —D | C] — C:Documents and SettingsAll UsersMenu DémarrerProgrammesBrother HL-2035
    [2013/12/30 18:59:03 | 000,111,928 | —- | C] (Brother Industries Ltd) — C:WINDOWSSystem32BRRBTOOL.EXE
    [2013/12/30 18:59:01 | 000,176,128 | —- | C] (Brother Industries, Ltd.) — C:WINDOWSSystem32BROSNMP.DLL
    [2013/12/30 18:59:01 | 000,077,824 | —- | C] (Brother Industries, Ltd.) — C:WINDOWSSystem32brlmw03a.dll
    [2013/12/30 18:59:01 | 000,024,223 | —- | C] (Brother Industries, Ltd) — C:WINDOWSSystem32brlm03a.dll
    [2013/12/30 18:59:01 | 000,019,537 | —- | C] (Brother Industries Ltd.) — C:WINDOWSSystem32driversBRPAR.SYS
    [2013/12/30 18:59:01 | 000,000,000 | —D | C] — C:Program FilesBrownie
    [2013/12/30 18:58:44 | 000,192,512 | —- | C] (brother) — C:WINDOWSSystem32Pdrvinst.dll
    [2013/12/30 18:58:44 | 000,000,000 | —D | C] — C:Program FilesBrother
    [2013/12/30 18:51:24 | 000,016,128 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32dllcachemodemcsa.sys
    [2013/12/30 18:50:45 | 000,025,856 | —- | C] (Microsoft Corporation) — C:WINDOWSSystem32dllcacheusbprint.sys
    [2013/12/20 17:07:05 | 000,000,000 | —D | C] — C:found.000
    [3 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ]
    [1 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]

    ========== Files – Modified Within 30 Days ==========

    [2014/01/06 14:16:00 | 000,000,410 | —- | M] () — C:WINDOWStasksAt1.job
    [2014/01/06 14:02:09 | 000,012,598 | —- | M] () — C:WINDOWSSystem32wpa.dbl
    [2014/01/06 14:01:28 | 000,002,048 | –S- | M] () — C:WINDOWSbootstat.dat
    [2014/01/06 11:33:40 | 000,002,623 | —- | M] () — C:Documents and SettingsADMINBureauMicrosoft Office Outlook 2007.lnk
    [2014/01/06 00:18:08 | 000,000,058 | —- | M] () — C:Documents and SettingsADMINApplication DataWB.CFG
    [2014/01/04 23:58:37 | 000,000,336 | —- | M] () — C:WINDOWSBrownie.ini
    [2014/01/04 08:43:05 | 000,290,888 | —- | M] () — C:WINDOWSSystem32FNTCACHE.DAT
    [2014/01/03 15:34:04 | 000,000,284 | —- | M] () — C:WINDOWStasksAppleSoftwareUpdate.job
    [2014/01/03 08:59:29 | 000,002,575 | —- | M] () — C:Documents and SettingsADMINBureauMicrosoft Office Word 2007.lnk
    [2014/01/01 17:04:29 | 000,000,792 | —- | M] () — C:Documents and SettingsADMINApplication DataMicrosoftInternet ExplorerQuick LaunchMicrosoft Office Outlook.lnk
    [2014/01/01 16:51:51 | 000,370,832 | —- | M] () — C:WINDOWSSystem32perfh00C.dat
    [2014/01/01 16:51:51 | 000,314,644 | —- | M] () — C:WINDOWSSystem32perfh009.dat
    [2014/01/01 16:51:51 | 000,049,734 | —- | M] () — C:WINDOWSSystem32perfc00C.dat
    [2014/01/01 16:51:51 | 000,040,972 | —- | M] () — C:WINDOWSSystem32perfc009.dat
    [2013/12/31 18:32:06 | 000,001,638 | —- | M] () — C:Documents and SettingsAll UsersBureauClassic PhoneTools.lnk
    [2013/12/31 18:16:33 | 006,852,616 | —- | M] (ESTsoft Corp. ) — C:Documents and SettingsADMINMes documentsALZip [1].exe
    [2013/12/31 17:54:09 | 000,000,120 | —- | M] () — C:WINDOWSusrwiz.ini
    [2013/12/31 17:47:08 | 000,009,030 | —- | M] () — C:WINDOWSHL-2030.INI
    [2013/12/31 17:47:08 | 000,000,145 | —- | M] () — C:WINDOWSBRVIDEO.INI
    [2013/12/31 17:46:53 | 000,000,425 | —- | M] () — C:WINDOWSBRWMARK.INI
    [2013/12/31 17:46:53 | 000,000,054 | —- | M] () — C:WINDOWSSystem32bd2030.dat
    [2013/12/31 15:23:20 | 000,020,006 | —- | M] () — C:Documents and SettingsADMINMes documentscc_20131231_152308.reg
    [2013/12/31 14:55:30 | 000,692,616 | —- | M] (Adobe Systems Incorporated) — C:WINDOWSSystem32FlashPlayerApp.exe
    [2013/12/31 14:55:30 | 000,071,048 | —- | M] (Adobe Systems Incorporated) — C:WINDOWSSystem32FlashPlayerCPLApp.cpl
    [2013/12/31 12:53:02 | 000,001,512 | —- | M] () — C:Documents and SettingsAll UsersBureauZHPFix.lnk
    [2013/12/31 08:18:06 | 000,000,000 | —- | M] () — C:Program Filesmoz_update_in_progress.lock
    [2013/12/30 18:59:09 | 000,000,000 | —- | M] () — C:WINDOWSbrmx2001.ini
    [2013/12/25 09:03:02 | 000,773,968 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32msvcr100.dll
    [2013/12/25 09:03:02 | 000,632,656 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32msvcr80.dll
    [2013/12/25 09:03:02 | 000,554,832 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32msvcp80.dll
    [2013/12/25 09:03:02 | 000,479,232 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32msvcm80.dll
    [2013/12/25 09:03:02 | 000,421,200 | —- | M] (Microsoft Corporation) — C:WINDOWSSystem32msvcp100.dll
    [3 C:WINDOWS*.tmp files -> C:WINDOWS*.tmp -> ]
    [1 C:WINDOWSSystem32*.tmp files -> C:WINDOWSSystem32*.tmp -> ]

    ========== Files Created – No Company Name ==========

    [2014/01/01 18:16:04 | 000,000,058 | —- | C] () — C:Documents and SettingsADMINApplication DataWB.CFG
    [2014/01/01 17:04:29 | 000,000,792 | —- | C] () — C:Documents and SettingsADMINApplication DataMicrosoftInternet ExplorerQuick LaunchMicrosoft Office Outlook.lnk
    [2014/01/01 16:51:35 | 000,002,623 | —- | C] () — C:Documents and SettingsADMINBureauMicrosoft Office Outlook 2007.lnk
    [2013/12/31 18:45:47 | 000,002,575 | —- | C] () — C:Documents and SettingsADMINBureauMicrosoft Office Word 2007.lnk
    [2013/12/31 18:32:06 | 000,001,638 | —- | C] () — C:Documents and SettingsAll UsersBureauClassic PhoneTools.lnk
    [2013/12/31 18:16:17 | 000,000,410 | —- | C] () — C:WINDOWStasksAt1.job
    [2013/12/31 17:52:56 | 000,240,640 | —- | C] () — C:WINDOWSSystem32nmocod.dll
    [2013/12/31 17:52:55 | 000,187,392 | —- | C] () — C:WINDOWSSystem32Bcbsmp35.bpl
    [2013/12/31 17:52:55 | 000,036,452 | —- | C] () — C:WINDOWSSystem32Dclocx35.bpi
    [2013/12/31 17:51:44 | 000,000,120 | —- | C] () — C:WINDOWSusrwiz.ini
    [2013/12/31 17:44:34 | 000,000,425 | —- | C] () — C:WINDOWSBRWMARK.INI
    [2013/12/31 15:23:11 | 000,020,006 | —- | C] () — C:Documents and SettingsADMINMes documentscc_20131231_152308.reg
    [2013/12/31 12:53:02 | 000,001,512 | —- | C] () — C:Documents and SettingsAll UsersBureauZHPFix.lnk
    [2013/12/31 12:45:35 | 000,001,342 | —- | C] () — C:Documents and SettingsADMINMenu DémarrerProgrammesCreate Amazing Presentations.lnk
    [2013/12/31 08:18:06 | 000,000,000 | —- | C] () — C:Program Filesmoz_update_in_progress.lock
    [2013/12/30 18:59:09 | 000,000,145 | —- | C] () — C:WINDOWSBRVIDEO.INI
    [2013/12/30 18:59:09 | 000,000,000 | —- | C] () — C:WINDOWSbrmx2001.ini
    [2013/12/30 18:59:01 | 000,009,030 | —- | C] () — C:WINDOWSHL-2030.INI
    [2013/12/30 18:59:01 | 000,000,114 | —- | C] () — C:WINDOWSSystem32brlmw03a.ini
    [2013/12/30 18:58:45 | 000,000,054 | —- | C] () — C:WINDOWSSystem32bd2030.dat
    [2013/12/30 18:58:32 | 000,000,336 | —- | C] () — C:WINDOWSBrownie.ini
    [2012/08/20 09:04:51 | 000,008,704 | —- | C] () — C:Documents and SettingsADMINLocal SettingsApplication DataDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/07/06 10:11:11 | 000,003,072 | —- | C] () — C:WINDOWSSystem32iacenc.dll

    ========== ZeroAccess Check ==========

    [HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

    [HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32]

    [HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]
    «  » = %SystemRoot%system32shdocvw.dll — [2012/04/20 20:29:44 | 001,510,912 | —- | M] (Microsoft Corporation)
    « ThreadingModel » = Apartment

    [HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32]
    «  » = C:WINDOWSsystem32wbemfastprox.dll — [2009/02/09 11:53:55 | 000,473,600 | —- | M] (Microsoft Corporation)
    « ThreadingModel » = Free

    [HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32]
    «  » = C:WINDOWSsystem32wbemwbemess.dll — [2008/04/14 13:00:00 | 000,273,920 | —- | M] (Microsoft Corporation)
    « ThreadingModel » = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream – 126 bytes -> C:Documents and SettingsAll UsersApplication DataTEMP:373E1720

    amiar
    Participant
    Nombre d'articles : 3

    la suite SVP

    amiar
    Participant
    Nombre d'articles : 3

    que faire please.

    Anonyme
    Nombre d'articles : 0
    • Télécharge Malwarebytes’ Anti-Malware et installe le.
    • Lance Malwarebytes’ Anti-Malware.
    • Clique sur l’onglet « Mises à jours » puis sur « Rechercher des mises à jours ».
    • Clique sur l’onglet « Recherche », coche « éxécuter un examen rapide » puis clic sur Rechercher.

    A la fin de l’analyse, si MBAM n’a rien trouvé :

    • Clique sur OK, le rapport s’ouvre spontanément.

    Si des menaces ont été détectées :

    • Clique sur OK puis « Afficher les résultats ».
    • Coches toutes les cases.
    • Choisis l’option « Supprimer la sélection ».

    • Si MBAM demande le redémarrage de Windows : Clique sur « Oui ».
    • Une fois le PC redémarré, le rapport se trouve dans l’onglet « Rapports/Logs ».
    • Sinon le rapport s’ouvre automatiquement après la suppression.
    • Post le rapport dans ta prochaine réponse.
6 sujets de 1 à 6 (sur un total de 6)

Vous devez être connecté pour répondre à ce sujet.