[Résolu] Virus ou pas ?

Tous les problèmes de Windows : message d'erreur, BSOD et écran bleu, erreur Windows Update ou d'installation, etc

Modérateur : Mods Windows

Avatar de l’utilisateur
PIGNON
Messages : 189
Inscription : 22 nov. 2008 18:13

[Résolu] Virus ou pas ?

par PIGNON »

Bonjour tout le monde,

Quand j’allume mon ordi avast ouvre une fenêtre :

http://4dlmng.com/FIF/sffr404fif5.exe
URL:Mal

Je fais un scan avec avast il trouve rien ?
avec malwarebytes il trouve rien ?

Merci Bonne journée.
chef

Re: Virus ou pas ?

par chef »

SkyTech

Re: Virus ou pas ?

par SkyTech »

Bonjour,

Pour voir :

* Télécharge >> OTL <<sur ton bureau.

* Fait un double-clic sur l'icône d'OTL pour le lancer
/!\ pour Vista/Seven fais un clic-droit sur l'icône d'OTL et choisis "Exécuter en tant qu'administrateur"

* Assure toi d'avoir fermé toutes les applications en court de fonctionnement.

* Quand la fenêtre d'OTL apparaît, assure toi que dans la section "Rapport" (en haut à droite) la case "Rapport minimal" soit cochée.

* Copies et colles le contenue de cette citation dans la partie inférieure d'OTL "Personnalisation"
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%temp%\*.exe /s
%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
CREATERESTOREPOINT
nslookup http://www.google.fr /c
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs

* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).
* Copie et colle le ou les rapports dans ta réponse stp...
* Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

PS : Si le rapport est trop long pour être poster sur un message, tu peux utiliser un hébergeur : http://pjjoint.malekal.com/index.php?lang=fr
Avatar de l’utilisateur
angelique
Messages : 31537
Inscription : 28 févr. 2008 13:58
Localisation : Breizhilienne

Re: Virus ou pas ?

par angelique »

ça installe un PUP

Image
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Un p'tit Don à Angélique PDT_018 Merci.
Image
Avatar de l’utilisateur
PIGNON
Messages : 189
Inscription : 22 nov. 2008 18:13

Re: Virus ou pas ?

par PIGNON »

Bonjour SkyTech,

Merci à chef pour les 2 liens et merci Angélique.

Voici les 2 rapports : OTL et extras.

http://pjjoint.malekal.com/files.php?id ... h14o9s9e13

OTL Extras logfile created on: 24/02/2014 13:23:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kiki\Downloads
64bit- Ultimate Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 62,93% Memory free
8,00 Gb Paging File | 6,37 Gb Available in Paging File | 79,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 16,35 Gb Free Space | 16,74% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 359,43 Gb Free Space | 43,10% Space Free | Partition Type: NTFS
Drive M: | 232,83 Gb Total Space | 55,62 Gb Free Space | 23,89% Space Free | Partition Type: FAT32

Computer Name: KIKI-PC | User Name: kiki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Advisor\fileadvisor.exe" /info "%1" (File Type Advisor)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Advisor\fileadvisor.exe" /info "%1" (File Type Advisor)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 61 01 DA 5A 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{168A4216-B421-4453-B3EC-569306E22F23}" = rport=445 | protocol=6 | dir=out | app=system |
"{16DBE184-B90B-4DE0-BC98-37479D5CDEB0}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
"{2C407A48-A984-41C5-9F32-EC0D1675792E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59173117-8010-430C-B7D7-A5D05310A428}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{621FD4F0-69C5-499A-842D-3430B40E1B66}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{697CAFC6-110B-4310-B201-D29B758785F6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7512276A-9505-45E2-A5A9-1E11B6353592}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{75800D82-5382-4385-B858-592FDDB1E620}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{7BBC0A23-8229-4F1E-B4C3-AC8EE998D74E}" = lport=139 | protocol=6 | dir=in | app=system |
"{8C282681-4D3B-41E2-8B09-547D0A81D498}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8FE22778-4161-40AB-883B-61E9A5A1E589}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
"{8FE278F2-5DD8-4B03-9C4F-9938206D798B}" = lport=138 | protocol=17 | dir=in | app=system |
"{92457917-9E8A-4AE4-8A08-2845FF500305}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{961F4D94-D2A0-40EF-B712-77CD8EE0BB85}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9F1DDD3C-F20E-400A-9CD9-B1358367123F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B7086933-21E3-4123-8508-453F2FA0A1D8}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C935FE18-964B-4D43-8CB4-2CF21326C98A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D7C7D351-F385-4E11-B6BD-8D115F09CFED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E271BC2E-4E3A-4DA8-91BD-49717F5C8FC0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E50B26B0-9F3E-4306-9D1C-854DF4929619}" = rport=137 | protocol=17 | dir=out | app=system |
"{E969F7FC-1D3B-4A3C-91FA-AED8EA3F5FE5}" = rport=139 | protocol=6 | dir=out | app=system |
"{F2E3CD71-779F-41FB-98C7-908CD99719DF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F436CEC6-7457-4819-9EB9-3F2E88235DB7}" = rport=138 | protocol=17 | dir=out | app=system |
"{FAD4F2B3-5F41-4778-A3F6-C6C14953E0A0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FD311B84-A804-4440-990D-F7A98864E620}" = lport=137 | protocol=17 | dir=in | app=system |
"{FECD5944-0417-4ED3-81FC-11745F833B3C}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034CCB26-F416-425E-919A-6E67F550DC3D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{05EFBB7C-A297-4354-BC91-5DEB0D175BD8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{24A73C54-9900-4F45-87E5-5008F88B563F}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{26415EBA-EB8D-4D53-91F5-4063ED61F57A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2DC46977-5849-4939-865B-2A906245E024}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{3E67F4A4-6F5E-437C-87EA-4D3C925ECFBB}" = protocol=58 | dir=in | [email protected],-28545 |
"{4F5EAD8F-F5CC-4DF5-8373-EDD63068B98C}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{5328102E-46D6-4935-9473-4B0AB3CC52DA}" = protocol=6 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |
"{55A0311A-05ED-44E7-B3BE-B2E70A44DA04}" = protocol=1 | dir=in | [email protected],-28543 |
"{626CE323-BA2C-4379-BF20-119D51C21C3C}" = protocol=6 | dir=in | app=e:\data\eskernel.exe |
"{6930220F-ACFA-4169-A47D-AD86378B84BA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6CBB3E02-4373-4FCD-B630-31F0F08E0D23}" = protocol=1 | dir=out | [email protected],-28544 |
"{7382E7E7-DABF-419A-BF5D-EC3227233F19}" = protocol=17 | dir=in | app=e:\network\epsonnetsetup\eneasyapp.exe |
"{87A4CF8F-2E14-42BF-B7B0-225F1EB03D87}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8E88604D-B415-4BAA-BEC8-EB128C2A11E0}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{98C6585F-C9EF-4E83-B5EF-2499A9B5300D}" = protocol=17 | dir=in | app=e:\data\eskernel.exe |
"{A47CB075-E86D-4C57-A21B-EC85E3F84DFF}" = protocol=58 | dir=out | [email protected],-28546 |
"{A63BE455-38B8-40F6-AE31-C1FF1150FB36}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CDF57713-32DB-42B0-8206-3066FB76156D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D2AB5DA3-8C9F-4648-9C9C-08F1E33E4AE9}" = protocol=17 | dir=in | app=c:\users\kiki\appdata\roaming\dropbox\bin\dropbox.exe |
"{EF7DE90B-DB60-475D-8181-F0B11835F72B}" = protocol=6 | dir=in | app=c:\users\kiki\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{835486B7-9B17-4C78-A80D-239FF80C9802}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{94838052-DD59-4928-A879-C1A8B3F11EAB}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{BD40ACB6-FF3B-4C43-9BFE-58CC70E1AF54}C:\users\kiki\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\kiki\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{1656D789-C616-4828-BE9C-C5F60F3707CC}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{377B349A-6CA9-4495-A1C0-8AD54F39E5AF}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{D8488706-F5B1-44E6-B82E-3AA5605B8220}C:\users\kiki\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\kiki\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0BFDF8CC-3EE7-D2D3-6F9A-D990CF34CEB5}" = ATI AVIVO64 Codecs
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86417051FF}" = Java 7 Update 51 (64-bit)
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6FA3E27A-A4F8-9755-D71E-F4D909D983EB}" = ccc-utility64
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{835A12CC-38C3-43A2-BB2E-F5C29DF6F1F8}" = Nitro Reader 2
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CCC7BD30-07DB-9C0E-9140-3DE62BFF7E93}" = ATI Catalyst Install Manager
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"EPSON Stylus SX400 Series" = Désinstaller l'imprimante EPSON Stylus SX400 Series
"EPSON SX440 Series" = EPSON SX440 Series Printer Uninstall
"Folder Marker Free_is1" = Folder Marker Free
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Recuva" = Recuva
"Spring Smart" = Spring Smart 2013.11.07.204203
"WinRAR archiver" = WinRAR 5.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{30120000-00B2-040C-0000-0000000FF1CE}" = Complément Office 2007 - Microsoft Enregistrer en tant que PDF ou XPS (Beta)
"{3070A9C6-D670-439A-21ED-ED0CB66B15FC}" = Catalyst Control Center Graphics Full Existing
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{32A3A4F4-B792-11D6-A78A-00B0D0150110}" = J2SE Development Kit 5.0 Update 11
"{338AD4E5-9332-A678-5062-7A07ED70D6D4}" = ccc-core-static
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{660787DD-68B3-4E67-9073-4A66DD7AD193}" = ASUS VGA Driver
"{67DEC296-C8CC-A5BE-0378-A25C760B78B4}" = Catalyst Control Center Graphics Full New
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76560C00-0CFB-00F0-31AD-3DDA280032B6}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7EAC91E4-AFC3-8A6F-B802-218548D21873}" = Catalyst Control Center Core Implementation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040C-1000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{99072AB4-D795-44D5-9D65-E3C9F8322C97}" = TomTom HOME
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A059FB87-5DC3-0883-7D65-F68603CACDF1}" = Catalyst Control Center Graphics Previews Vista
"{A961C6FD-C583-45F6-A0A4-5E4376C29E41}" = Catalyst Control Center - Branding
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA02A61E-6ED9-C56F-1AA5-8A8BE286735F}" = CCC Help French
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AC76BA86-7AD7-1036-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Français
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}" = EPSON Printer Finder
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{BC0A813D-A6B3-413A-ACE1-ECDA402C1561}" = Reasonable Anti-Phishing 2.1
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D64833F8-860D-4216-8EDC-DD08AD68C0B5}" = LibreOffice 3.4
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
"{ED7CED5A-26BF-DFD3-08AC-771E72D43F74}" = Catalyst Control Center Localization All
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3AB0933-B7D6-4C47-5523-922B49B37AE3}" = Catalyst Control Center Graphics Light
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFF841F3-9A15-4F61-BD16-C19F132E5A27}" = Epson Easy Photo Print 2
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Audacity_is1" = Audacity 1.2.6
"Aurora 7.0a2 (x86 fr)" = Aurora 7.0a2 (x86 fr)
"avast" = avast! Free Antivirus
"AxCrypt" = AxCrypt (Désinstaller uniquement)
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Dream Aquarium" = Dream Aquarium
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Scanner" = EPSON Scan
"EPSON SX440 Series Bog" = Guide des opérations de base EPSON SX440 Series
"EPSON SX440 Series Netg" = Guide réseau EPSON SX440 Series
"EPSON SX440 Series Useg" = Guide d'utilisation EPSON SX440 Series
"File Type Advisor_is1" = File Type Advisor 1.4
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 8.1
"Google Updater" = Outil de mise à jour Google
"InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MixPad" = MixPad - Mixeur de fichiers audio
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 27.0.1 (x86 fr)" = Mozilla Firefox 27.0.1 (x86 fr)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"PROPLUS" = Microsoft Office Professional Plus 2007
"Revo Uninstaller" = Revo Uninstaller 1.95
"SearchProtect" = Search Protect
"ToneGen" = NCH Tone Generator
"VLC media player" = VLC media player 2.1.3
"Voxal" = Voxal Voice Changer
"WavePad" = WavePad - Logiciel d'édition audio
"WFTK" = Canon Utilities WFT Utility
"XnView_is1" = XnView 1.98.8
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 04/09/2012 14:48:00 | Computer Name = kiki-PC | Source = Winlogon | ID = 4103
Description = Échec de l’activation de la licence Windows. Erreur 0x80070005.

Error - 05/09/2012 14:20:34 | Computer Name = kiki-PC | Source = Winlogon | ID = 4103
Description = Échec de l’activation de la licence Windows. Erreur 0x80070005.

Error - 05/09/2012 14:24:58 | Computer Name = kiki-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 06/09/2012 15:34:25 | Computer Name = kiki-PC | Source = Winlogon | ID = 4103
Description = Échec de l’activation de la licence Windows. Erreur 0x80070005.

Error - 06/09/2012 15:38:50 | Computer Name = kiki-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 07/09/2012 14:50:34 | Computer Name = kiki-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 07/09/2012 15:24:09 | Computer Name = kiki-PC | Source = Winlogon | ID = 4103
Description = Échec de l’activation de la licence Windows. Erreur 0x80070005.

Error - 08/09/2012 15:23:44 | Computer Name = kiki-PC | Source = Winlogon | ID = 4103
Description = Échec de l’activation de la licence Windows. Erreur 0x80070005.

Error - 08/09/2012 15:27:09 | Computer Name = kiki-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Les chaînes de performance dans la valeur de Registre Performance
sont endommagées lors du traitement du fournisseur de compteurs d’extension Performance.
La valeur BaseIndex à partir du Registre de performance est le premier DWORD dans
la section Données, la valeur LastCounter est le deuxième DWORD dans la section
Données, et la valeur LastHelp est le troisième DWORD dans la section Données.

Error - 08/09/2012 16:11:07 | Computer Name = kiki-PC | Source = Software Protection Platform Service | ID = 8193
Description = Le planificateur d’activation des licences (sppuinotify.dll) a échoué
avec le code d’erreur suivant : 0x80070005

[ System Events ]
Error - 21/02/2014 19:10:28 | Computer Name = kiki-PC | Source = Service Control Manager | ID = 7000
Description = Le service avast! Antivirus n’a pas pu démarrer en raison de l’erreur :
%%1069

Error - 22/02/2014 03:35:20 | Computer Name = kiki-PC | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\drivers\MTictwl.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 22/02/2014 03:35:38 | Computer Name = kiki-PC | Source = Service Control Manager | ID = 7000
Description = Le service Service Windows Activation Technologies n’a pas pu démarrer
en raison de l’erreur : %%5

Error - 22/02/2014 03:35:41 | Computer Name = kiki-PC | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se
charger : NaturalColor

Error - 23/02/2014 04:30:05 | Computer Name = kiki-PC | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\drivers\MTictwl.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 23/02/2014 04:30:21 | Computer Name = kiki-PC | Source = Service Control Manager | ID = 7000
Description = Le service Service Windows Activation Technologies n’a pas pu démarrer
en raison de l’erreur : %%5

Error - 23/02/2014 04:30:23 | Computer Name = kiki-PC | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se
charger : NaturalColor

Error - 24/02/2014 07:32:44 | Computer Name = kiki-PC | Source = Application Popup | ID = 1060
Description = Le chargement de \SystemRoot\SysWow64\drivers\MTictwl.sys a été bloqué
en raison d’une incompatibilité avec ce système. Contactez l’éditeur de votre logiciel
pour obtenir une version compatible du pilote.

Error - 24/02/2014 07:33:00 | Computer Name = kiki-PC | Source = Service Control Manager | ID = 7000
Description = Le service Service Windows Activation Technologies n’a pas pu démarrer
en raison de l’erreur : %%5

Error - 24/02/2014 07:33:01 | Computer Name = kiki-PC | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d’amorçage suivant n’a pas pu se
charger : NaturalColor


< End of report >
Avatar de l’utilisateur
angelique
Messages : 31537
Inscription : 28 févr. 2008 13:58
Localisation : Breizhilienne

Re: Virus ou pas ?

par angelique »

  • Désinstalle:

    - Search Protect
  • Sur Firefox : Menu Outils / Modules complémentaires
    Onglet Extension.

    supprime:

    - Plus-HD-8.1
  • Faire Adwcleaner , onglet scan puis ensuite suppression ... un redémarrage peut être demandé. , voir > , et poste le rapport.
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Un p'tit Don à Angélique PDT_018 Merci.
Image
Avatar de l’utilisateur
PIGNON
Messages : 189
Inscription : 22 nov. 2008 18:13

Re: Virus ou pas ?

par PIGNON »

RE

le rapport AdwCleaner :

# AdwCleaner v3.019 - Rapport créé le 24/02/2014 à 23:02:17
# Mis à jour le 17/02/2014 par Xplode
# Système d'exploitation : Windows 7 Ultimate N Service Pack 1 (64 bits)
# Nom d'utilisateur : kiki - KIKI-PC
# Exécuté depuis : C:\Users\kiki\Downloads\adwcleaner.exe
# Option : Nettoyer

***** [ Services ] *****

Service Supprimé : CltMngSvc

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\BoxUpdChk
Dossier Supprimé : C:\ProgramData\NCH Software
Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Dossier Supprimé : C:\Program Files (x86)\myfree codec
Dossier Supprimé : C:\Program Files (x86)\NCH Software
Dossier Supprimé : C:\Program Files (x86)\predm
Dossier Supprimé : C:\Program Files (x86)\Searchprotect
Dossier Supprimé : C:\Program Files (x86)\Spring Smart
Dossier Supprimé : C:\Windows\SysWOW64\AI_RecycleBin
Dossier Supprimé : C:\Users\kiki\AppData\Local\Searchprotect
Dossier Supprimé : C:\Users\kiki\AppData\Local\Temp\Iminent
Dossier Supprimé : C:\Users\kiki\AppData\Roaming\Common\LuaRT
Dossier Supprimé : C:\Users\kiki\AppData\Roaming\DataMgr
Dossier Supprimé : C:\Users\kiki\AppData\Roaming\Intermediate
Dossier Supprimé : C:\Users\kiki\AppData\Roaming\NCH Software
Dossier Supprimé : C:\Users\kiki\AppData\Roaming\SSync
Dossier Supprimé : C:\Program Files (x86)\Software
Fichier Supprimé : C:\END
Fichier Supprimé : C:\Users\kiki\AppData\Local\omesuperv.exe
Fichier Supprimé : C:\Users\kiki\AppData\Roaming\Mozilla\Firefox\Profiles\1z0wg7sx.default\user.js
Fichier Supprimé : C:\Windows\System32\Tasks\BoxSoftwareUpdate
Fichier Supprimé : C:\Windows\System32\Tasks\NCH Software

***** [ Raccourcis ] *****


***** [ Registre ] *****

Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Intermediate]
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ssync]
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Valeur Supprimée : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}
Clé Supprimée : HKCU\Software\Boxore
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\IminentToolbar
Clé Supprimée : HKCU\Software\installedbrowserextensions
Clé Supprimée : HKCU\Software\Myfree Codec
Clé Supprimée : HKCU\Software\NCH Software
Clé Supprimée : HKCU\Software\OfferMosquito
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\WEDLMNGR
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartBar
Clé Supprimée : HKLM\Software\Conduit
Clé Supprimée : HKLM\Software\Myfree Codec
Clé Supprimée : HKLM\Software\NCH Software
Clé Supprimée : HKLM\Software\SearchProtect
Clé Supprimée : HKLM\Software\Uniblue
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Clé Supprimée : [x64] HKLM\SOFTWARE\Iminent
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spring Smart
Donnée Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (fr)

[ Fichier : C:\Users\kiki\AppData\Roaming\Mozilla\Firefox\Profiles\1z0wg7sx.default\prefs.js ]

Ligne Supprimée : user_pref("extensions.crossrider.bic", "14434c8333108445c6e4fa3736cc344d");
Ligne Supprimée : user_pref("extensions.iminent.admin", false);
Ligne Supprimée : user_pref("extensions.iminent.aflt", "orgnl");
Ligne Supprimée : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Ligne Supprimée : user_pref("extensions.iminent.autoRvrt", "false");
Ligne Supprimée : user_pref("extensions.iminent.dfltLng", "");
Ligne Supprimée : user_pref("extensions.iminent.excTlbr", false);
Ligne Supprimée : user_pref("extensions.iminent.ffxUnstlRst", false);
Ligne Supprimée : user_pref("extensions.iminent.id", "ca50b0a3000000000000e0cb4ed267b2");
Ligne Supprimée : user_pref("extensions.iminent.instlDay", "16113");
Ligne Supprimée : user_pref("extensions.iminent.instlRef", "");
Ligne Supprimée : user_pref("extensions.iminent.newTab", false);
Ligne Supprimée : user_pref("extensions.iminent.prdct", "iminent");
Ligne Supprimée : user_pref("extensions.iminent.prtnrId", "iminent");
Ligne Supprimée : user_pref("extensions.iminent.rvrt", "false");
Ligne Supprimée : user_pref("extensions.iminent.smplGrp", "none");
Ligne Supprimée : user_pref("extensions.iminent.tlbrId", "base");
Ligne Supprimée : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Ligne Supprimée : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Ligne Supprimée : user_pref("extensions.iminent.vrsnTs", "1.8.28.318:36:59");
Ligne Supprimée : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Ligne Supprimée : user_pref("iminent.LayoutId", "28");
Ligne Supprimée : user_pref("iminent.ShowThankyouPixel", "0");
Ligne Supprimée : user_pref("iminent.adapters", "{\"softonic\":{\"CountryCode\":\"FR\",\"NoAds\":false,\"Status\":2,\"expireTime\":\"13922266308111814400\"},\":[email protected]=:8\":{\"CountryCode\":\"FR\",\"NoAds\":false,\"Status[...]
Ligne Supprimée : user_pref("iminent.enabledAds", "false");
Ligne Supprimée : user_pref("iminent.registerToolbarEvent100", "1392246330953");
Ligne Supprimée : user_pref("iminent.registerToolbarEvent102", "1392246580457");
Ligne Supprimée : user_pref("iminent.registerToolbarEvent109", "1392243071750");
Ligne Supprimée : user_pref("iminent.registerToolbarEvent110", "1392329604902");
Ligne Supprimée : user_pref("iminent.registerToolbarEvent111", "1392243071758");
Ligne Supprimée : user_pref("iminent.registerToolbarEvent112", "1392329479009");
Ligne Supprimée : user_pref("iminent.registerToolbarEvent122", "1392243071768");
Ligne Supprimée : user_pref("iminent.registerToolbarEvent140", "1392328525069");
Ligne Supprimée : user_pref("iminent.version", "8.4.3.1");
Ligne Supprimée : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.4.3.1\",\"InstallEventCTime\":1392360735174,\"InstallEvent\":\"True\"}");
Ligne Supprimée : user_pref("om.config", "{\"active\":true,\"name\":\"jan2014\",\"id\":36,\"dispId\":\"CH-36\",\"aboutLink\":\"\",\"trackingGeneral\":false,\"xhrDomains\":[\"become\",\"shopzilla\",\"twenga\",\"bizrate\[...]
Ligne Supprimée : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Ligne Supprimée : user_pref("smartbar.machineId", "KYYDSL+WGUD7LE1P9JOY+ZQQTDCVSUOKU22UX+OPXMK/DKDCKWG+YOZOUVH1ZACTFJVUOXKHUODGL94UFVFN2Q");

*************************

AdwCleaner[R7].txt - [9176 octets] - [24/02/2014 22:58:09]
AdwCleaner[S7].txt - [8691 octets] - [24/02/2014 23:02:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [8751 octets] ##########
Avatar de l’utilisateur
angelique
Messages : 31537
Inscription : 28 févr. 2008 13:58
Localisation : Breizhilienne

Re: Virus ou pas ?

par angelique »

adwcleaner a fait le job , ça devrait le faire ? relance adwcleaner et clic desinstallation.

Attention à ce que tu installes :
Des logiciels additionnels sont proposés (barre d'outils, adwares) via l'installation de logiciel gratuit en général ou via certains sites de téléchargement comme Softonic ou 01Net.
L'éditeur touche de l'argent à chaque installation réussie de ces programmes additionnels (un genre de sponsoring), ton PC se retrouve avec des barres d'outils qui ralentissent le navigateur ou des adwares qui ouvrent des popups de publicités.
Les barres d'outils sont là pour t'affilier à un service (moteur de recherche de Yahoo! ou Google), ça rajoute des fonctionnalités mais en général les navigateurs les ont par défaut.
De plus, elles enregistrent les sites que tu visites pour les transmettre (tracking) à faire de la publicité ciblée, c'est pas super niveau protection de la vie privée.
Plusieurs toolbars ralentissent le PC et peuvent faire planter les navigateurs WEB.
Au final, il est pas conseillé d'en utiliser.

Enfin l'accumulation de ces programmes ralentissent l'ordinateur/navigateur WEB.

Ces programmes additionnels sont proposées à l'installation de programmes et très souvent ces ajouts sont précochés. C'est notamment le cas sur 01net et Softonic qu'ils est conseillé d'éviter comme sites de téléchargement.
Dès lors, lorsque tu installes un programme, lis bien ce qui est proposé car tu risques d'installer des barres d'outils sans le savoir.

Lire Les PUPs/LPIs : https://www.malekal.com/adwares-pup-protection/
Avec Gnu_Linux t'as un Noyau ... avec Ѡindows t'as que les pépins
https://helicium.altervista.org/
Supprimer les "virus" gratuitement http://www.supprimer-trojan.com/
Un p'tit Don à Angélique PDT_018 Merci.
Image
Avatar de l’utilisateur
PIGNON
Messages : 189
Inscription : 22 nov. 2008 18:13

Re: Virus ou pas ?

par PIGNON »

Bonsoir,

C'est toujours pareille à l'ouverture ?

et j'ai oublié de dire aussi c'est indiqué fifth.exe

Merci
SkyTech

Re: Virus ou pas ?

par SkyTech »

Bonsoir,

Relance OTL.
o sous Personnalisation, copie_colle le contenu du cadre ci dessous (TOUT SELECTIONNER avant) et clic Correction, un rapport apparraitra suite à l’operation que tu conserveras afin d’en coller le resultat:

Code : Tout sélectionner

:OTL
[2014/01/23 09:09:16 | 000,603,568 | ---- | M] () -- C:\Users\kiki\AppData\Roaming\Fifth\Fifth.exe
:commands
[purity]
[emptytemp]
[emptyflash]
* redemarre le pc sous windows et poste le rapport ici

&

Poste un nouveau rapport OTL en analyse comme au début.
Avatar de l’utilisateur
PIGNON
Messages : 189
Inscription : 22 nov. 2008 18:13

Re: Virus ou pas ?

par PIGNON »

Bonjour SkyTech,

ci joint les rapports OTL :

All processes killed
========== OTL ==========
C:\Users\kiki\AppData\Roaming\Fifth\Fifth.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: contrat

User: Default
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: kiki
->Temp folder emptied: 1216241553 bytes
->Temporary Internet Files folder emptied: 113036611 bytes
->Java cache emptied: 227553 bytes
->FireFox cache emptied: 141365218 bytes
->Flash cache emptied: 84631 bytes

User: Public

User: TEMP

User: TEMP.IIS APPPOOL

User: TEMP.IIS APPPOOL.000

User: TEMP.IIS APPPOOL.001

User: TEMP.IIS APPPOOL.002



le nouveau rapport OTL en analyse comme au début :

OTL logfile created on: 26/02/2014 08:53:26 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kiki\Downloads
64bit- Ultimate Edition N Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,61 Gb Available Physical Memory | 65,14% Memory free
8,00 Gb Paging File | 6,55 Gb Available in Paging File | 81,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 23,23 Gb Free Space | 23,79% Space Free | Partition Type: NTFS
Drive D: | 833,85 Gb Total Space | 359,42 Gb Free Space | 43,10% Space Free | Partition Type: NTFS
Drive M: | 232,83 Gb Total Space | 55,62 Gb Free Space | 23,89% Space Free | Partition Type: FAT32

Computer Name: KIKI-PC | User Name: kiki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\kiki\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Users\kiki\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\kiki\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\libcef.dll ()
MOD - C:\Users\kiki\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Windows\SysWOW64\AsIO.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll ()
MOD - C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (NitroReaderDriverReadSpool2) -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe (Nitro PDF Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV:64bit: - (voxaldriver) -- C:\Windows\SysNative\drivers\voxaldriverx64.sys ()
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswstm.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (usbrndis6) -- C:\Windows\SysNative\drivers\usb80236.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (STIrUsb) -- C:\Windows\SysNative\drivers\irstusb.sys (SigmaTel, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NaturalColor) -- C:\Windows\SysWOW64\drivers\MTiCtwl.sys (Samsung Electronics, Inc. )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.ustart.org/"
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "https://www.google.com/search"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 7.0a2\extensions\\Components: C:\Program Files (x86)\Aurora\components [2013/09/03 15:46:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 7.0a2\extensions\\Plugins: C:\Program Files (x86)\Aurora\plugins [2014/02/16 09:38:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014/02/03 19:01:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/16 09:38:22 | 000,000,000 | ---D | M]

[2011/08/04 07:13:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kiki\AppData\Roaming\mozilla\Extensions
[2011/04/05 18:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kiki\AppData\Roaming\mozilla\Extensions\[email protected]
[2014/02/24 21:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kiki\AppData\Roaming\mozilla\Firefox\Profiles\1z0wg7sx.default\extensions
[2014/01/17 07:24:25 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\kiki\AppData\Roaming\mozilla\Firefox\Profiles\1z0wg7sx.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013/11/27 08:03:48 | 000,000,000 | ---D | M] (WOT) -- C:\Users\kiki\AppData\Roaming\mozilla\Firefox\Profiles\1z0wg7sx.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014/02/24 21:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kiki\AppData\Roaming\mozilla\Firefox\Profiles\1z0wg7sx.default\extensions\trash
[2013/11/07 21:42:02 | 000,007,675 | ---- | M] () (No name found) -- C:\Users\kiki\AppData\Roaming\mozilla\firefox\profiles\1z0wg7sx.default\extensions\[email protected]
[2013/12/19 18:35:06 | 000,062,798 | ---- | M] () (No name found) -- C:\Users\kiki\AppData\Roaming\mozilla\firefox\profiles\1z0wg7sx.default\extensions\trash\[email protected]
[2014/02/15 10:03:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/15 10:03:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/25 11:20:40 | 000,171,584 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll

O1 HOSTS File: ([2012/12/22 13:32:11 | 000,044,912 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 00aaf101a7.gougava.asia # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 00aaf101a7.gougava.asia # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 08sr.combineads.info # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 08srvr.combineads.info # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 08srvr.combineads.info # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 12srvr.combineads.info # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 12srvr.combineads.info # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 1a2e115593.efacen.pro # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 1a2e115593.efacen.pro # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 1f1.fr # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 2010-fr.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 24h00business.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 4990usd.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 4xp.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 8e47c22037.temavi.pro # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 8e47c22037.temavi.pro # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 96910cbcd4.nicero.pro # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 96910cbcd4.nicero.pro # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 ack.cdnperformance.info # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 acking.conversionads.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 a.daasafterdusk.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 ad.adn360.com # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 adeartss.eu # Hosts Anti-Adware / PUPs
O1 - Hosts: 127.0.0.1 adesoeasy.eu # Hosts Anti-Adware / PUPs
O1 - Hosts: 776 more lines...
O2:64bit: - BHO: (Plus-HD-8.1) - {11111111-1111-1111-1111-110511111108} - C:\Program Files (x86)\Plus-HD-8.1\Plus-HD-8.1-bho64.dll File not found
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - Startup: C:\Users\kiki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\kiki\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: nocdburning = Reg Error: Unknown registry data type File not found
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.fr ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: lcl.fr ([particuliers.secure] https in Trusted sites)
O15 - HKCU\..Trusted Domains: pole-emploi.fr ([courriers] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E0B3B23-FE95-47BF-A0C2-16AF3A4FEAE2}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{407D9519-9FB9-49C3-8EC2-D3A8263066FB}: DhcpNameServer = 172.20.10.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{275006b7-20ee-11e3-80bf-e0cb4ed267b2}\Shell - "" = AutoRun
O33 - MountPoints2\{275006b7-20ee-11e3-80bf-e0cb4ed267b2}\Shell\AutoRun\command - "" = G:\laucher.exe
O33 - MountPoints2\{2e9f580d-d93a-11e0-ac99-e0cb4ed267b2}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/26 08:44:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/24 22:58:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/23 09:48:33 | 000,000,000 | ---D | C] -- C:\Users\kiki\Desktop\The joker
[2014/02/17 18:18:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2014/02/17 13:03:12 | 000,000,000 | ---D | C] -- C:\Users\kiki\AppData\Roaming\Audacity
[2014/02/17 11:16:10 | 000,000,000 | ---D | C] -- C:\Users\kiki\Documents\Mixpad Projects
[2014/02/16 09:35:59 | 000,000,000 | ---D | C] -- C:\Users\kiki\AppData\Roaming\FileAdvisor
[2014/02/15 20:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2014/02/15 20:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2014/02/15 11:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
[2014/02/15 11:13:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Type Advisor
[2014/02/15 11:13:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free M4a to MP3 Converter
[2014/02/15 10:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/15 09:30:05 | 000,000,000 | ---D | C] -- C:\Users\kiki\Documents\TMPGEnc
[2014/02/15 09:26:52 | 000,000,000 | ---D | C] -- C:\Users\kiki\AppData\Roaming\Pegasys Inc
[2014/02/15 09:11:49 | 000,000,000 | ---D | C] -- C:\Users\kiki\Desktop\ENREGISTREMENT SAMSUNG
[2014/02/13 23:14:51 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/13 23:14:21 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/13 23:14:21 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/13 23:14:20 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/13 23:14:20 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/13 23:14:20 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/13 23:14:20 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/13 23:14:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/13 23:14:19 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/13 23:14:19 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/13 23:14:19 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/13 23:14:19 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/13 23:14:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/13 23:14:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/13 23:14:19 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/13 23:14:18 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/13 23:14:18 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/13 23:14:18 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/13 23:14:18 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/13 23:14:18 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/13 23:14:18 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/13 23:14:16 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/13 23:14:16 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/13 23:14:14 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/13 19:56:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/13 19:56:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/13 19:56:42 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/13 19:56:42 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/13 19:56:42 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/13 19:56:42 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/13 19:56:41 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/13 19:56:41 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/13 19:56:41 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/13 19:56:41 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/13 19:56:41 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/13 19:56:41 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/13 19:56:41 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/13 19:56:41 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/13 19:56:40 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/13 19:56:40 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/13 19:56:40 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/13 19:56:40 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/13 19:56:40 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/13 19:56:37 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/13 19:56:37 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/12 18:49:00 | 000,117,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/02/12 18:47:15 | 000,000,000 | ---D | C] -- C:\Users\kiki\AppData\Local\Micro_Application
[2014/02/12 18:39:43 | 000,000,000 | ---D | C] -- C:\Users\kiki\AppData\Local\Micro Application
[2014/02/12 18:39:12 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2014/02/12 18:37:38 | 000,000,000 | ---D | C] -- C:\Users\kiki\AppData\Roaming\Fifth
[2014/02/12 18:37:05 | 000,000,000 | ---D | C] -- C:\Users\kiki\AppData\Roaming\Common
[2014/02/12 18:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2014/02/12 18:28:42 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2014/02/12 18:28:38 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2014/02/12 18:28:38 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2014/02/12 18:28:37 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2014/02/12 18:28:37 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2014/02/12 18:28:37 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2014/02/12 18:28:37 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2014/02/12 18:28:37 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2014/02/12 18:28:37 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2014/02/12 18:28:36 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2014/02/12 18:28:36 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2014/02/12 18:28:35 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2014/02/12 18:28:35 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2014/02/12 18:28:35 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2014/02/12 18:28:35 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2014/02/12 18:28:33 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2014/02/12 18:28:33 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2014/02/12 18:28:31 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2014/02/12 18:28:31 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2014/02/12 17:59:20 | 000,000,000 | ---D | C] -- C:\Ptp
[2014/02/09 08:54:14 | 000,000,000 | ---D | C] -- C:\Users\kiki\AppData\Roaming\Dream Aquarium
[2014/02/09 08:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dream Aquarium
[2014/02/01 13:49:26 | 000,000,000 | ---D | C] -- C:\Users\kiki\Documents\MyHeritage
[2014/02/01 13:49:18 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\unicows.dll
[2014/02/01 13:49:18 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmapi32.ocx

========== Files - Modified Within 30 Days ==========

[2014/02/26 08:51:31 | 008,260,070 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/26 08:51:31 | 007,339,552 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/26 08:51:31 | 001,266,820 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2014/02/26 08:51:31 | 000,339,578 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2014/02/26 08:51:31 | 000,005,394 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/26 08:47:24 | 000,002,324 | ---- | M] () -- C:\Windows\tasks\Plus-HD-8.1-firefoxinstaller.job
[2014/02/26 08:47:24 | 000,001,506 | ---- | M] () -- C:\Windows\tasks\Plus-HD-8.1-updater.job
[2014/02/26 08:47:24 | 000,001,462 | ---- | M] () -- C:\Windows\tasks\Plus-HD-8.1-codedownloader.job
[2014/02/26 08:47:24 | 000,001,360 | ---- | M] () -- C:\Windows\tasks\Plus-HD-8.1-enabler.job
[2014/02/26 08:46:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/26 08:14:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/25 20:43:11 | 003,741,821 | ---- | M] () -- C:\Users\kiki\Desktop\Virus ou pas.png
[2014/02/25 14:58:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2014/02/24 23:18:38 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/24 23:18:38 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/24 13:25:13 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/02/23 19:24:34 | 000,513,755 | ---- | M] () -- C:\Users\kiki\Desktop\CONVERSATION AVEC FRANCOIS DENOYERS.jpg
[2014/02/22 18:53:13 | 000,917,703 | ---- | M] () -- C:\Users\kiki\Desktop\joker.jpg
[2014/02/21 16:14:11 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/21 16:14:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/15 20:58:41 | 000,034,512 | ---- | M] () -- C:\Windows\SysNative\drivers\voxaldriverx64.sys
[2014/02/12 18:49:00 | 000,117,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/02/12 18:48:33 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/02/06 12:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 12:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 12:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 11:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 11:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 11:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 11:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 11:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 11:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 11:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 11:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 11:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 10:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 10:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 10:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 10:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 10:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 10:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 10:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 10:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 09:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 09:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/03 19:01:13 | 001,038,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/02/03 19:01:13 | 000,421,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/02/03 19:01:13 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/02/03 19:01:13 | 000,080,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/02/03 19:01:13 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/02/03 19:01:12 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/31 13:32:53 | 000,001,993 | ---- | M] () -- C:\Users\kiki\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Kies 3.lnk

========== Files Created - No Company Name ==========

[2014/02/25 20:43:10 | 003,741,821 | ---- | C] () -- C:\Users\kiki\Desktop\Virus ou pas.png
[2014/02/24 13:25:13 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/02/23 19:24:34 | 000,513,755 | ---- | C] () -- C:\Users\kiki\Desktop\CONVERSATION AVEC FRANCOIS DENOYERS.jpg
[2014/02/23 09:32:10 | 000,917,703 | ---- | C] () -- C:\Users\kiki\Desktop\joker.jpg
[2014/02/17 18:18:25 | 000,000,955 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2014/02/17 11:16:10 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MixPad - Mixeur de fichiers audio.lnk
[2014/02/16 09:38:22 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/02/16 09:18:52 | 000,001,126 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Tone Generator.lnk
[2014/02/15 20:58:41 | 000,034,512 | ---- | C] () -- C:\Windows\SysNative\drivers\voxaldriverx64.sys
[2014/02/15 20:58:41 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxal Voice Changer.lnk
[2014/02/15 11:24:35 | 000,001,158 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad - Logiciel d'édition audio.lnk
[2014/02/15 09:26:29 | 000,001,506 | ---- | C] () -- C:\Windows\tasks\Plus-HD-8.1-updater.job
[2014/02/15 09:26:23 | 000,001,360 | ---- | C] () -- C:\Windows\tasks\Plus-HD-8.1-enabler.job
[2014/02/15 09:26:21 | 000,001,462 | ---- | C] () -- C:\Windows\tasks\Plus-HD-8.1-codedownloader.job
[2014/02/15 09:26:12 | 000,002,324 | ---- | C] () -- C:\Windows\tasks\Plus-HD-8.1-firefoxinstaller.job
[2014/02/09 08:54:03 | 000,000,787 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Aquarium.lnk
[2013/12/27 17:27:59 | 000,004,096 | -H-- | C] () -- C:\Users\kiki\AppData\Local\keyfile3.drm
[2013/12/18 17:26:14 | 000,003,869 | ---- | C] () -- C:\Users\kiki\AppData\Local\recently-used.xbel
[2013/10/30 12:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/09/22 16:11:40 | 000,000,017 | ---- | C] () -- C:\Users\kiki\AppData\Local\resmon.resmoncfg
[2013/04/18 19:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/04/18 19:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/04/18 19:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/04/01 12:39:27 | 000,001,970 | ---- | C] () -- C:\Windows\MediaRAC.ini
[2013/03/29 13:11:26 | 000,015,432 | ---- | C] () -- C:\Windows\Launcher.exe
[2012/12/13 14:41:35 | 000,031,164 | ---- | C] () -- C:\Users\kiki\AppData\Roaming\UserTile.png
[2012/12/11 13:56:28 | 000,000,097 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/10/07 10:13:29 | 000,025,493 | ---- | C] () -- C:\Windows\SysWow64\M87O4MY1NDS.DLL
[2012/10/05 17:02:47 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\TALIXS33BAT.BIN
[2012/10/05 17:02:38 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\ZIPDLL.DLL
[2012/10/05 17:02:38 | 000,115,200 | ---- | C] () -- C:\Windows\SysWow64\UNZDLL.DLL
[2012/10/05 17:02:37 | 000,279,955 | ---- | C] () -- C:\Windows\SysWow64\libidn-11.dll
[2012/05/06 20:41:08 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2011/08/30 14:04:17 | 000,000,080 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/05/10 10:23:30 | 000,014,224 | ---- | C] () -- C:\ProgramData\svcdotnet.inc
[2011/02/19 16:52:13 | 008,388,608 | ---- | C] () -- C:\Users\kiki\ntuser.bak
[2005/08/09 00:00:44 | 000,030,081 | -H-- | C] () -- C:\Users\kiki\AppData\Roaming\kikilog.dat

========== ZeroAccess Check ==========

[2009/07/14 06:00:09 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 162 bytes -> C:\Users\kiki\Desktop\joker.jpg:com.dropbox.attributes

< End of report >
SkyTech

Re: Virus ou pas ?

par SkyTech »

Bonjour,

Relance OTL.
o sous Personnalisation, copie_colle le contenu du cadre ci dessous (TOUT SELECTIONNER avant) et clic Correction, un rapport apparraitra suite à l’operation que tu conserveras afin d’en coller le resultat:

Code : Tout sélectionner

:OTL
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
[2014/02/26 08:47:24 | 000,002,324 | ---- | M] () -- C:\Windows\tasks\Plus-HD-8.1-firefoxinstaller.job
[2014/02/26 08:47:24 | 000,001,506 | ---- | M] () -- C:\Windows\tasks\Plus-HD-8.1-updater.job
[2014/02/26 08:47:24 | 000,001,462 | ---- | M] () -- C:\Windows\tasks\Plus-HD-8.1-codedownloader.job
[2014/02/26 08:47:24 | 000,001,360 | ---- | M] () -- C:\Windows\tasks\Plus-HD-8.1-enabler.job
[2014/02/25 14:58:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
O2:64bit: - BHO: (Plus-HD-8.1) - {11111111-1111-1111-1111-110511111108} - C:\Program Files (x86)\Plus-HD-8.1\Plus-HD-8.1-bho64.dll File not found
:commands
[purity]
[emptytemp]
[emptyflash]
* redemarre le pc sous windows et poste le rapport ici

Encore le même soucis ?
Avatar de l’utilisateur
PIGNON
Messages : 189
Inscription : 22 nov. 2008 18:13

Re: Virus ou pas ?

par PIGNON »

RE

Voici le rapport OTL


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14\ not found.
File C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll not found.
File C:\Windows\tasks\Plus-HD-8.1-firefoxinstaller.job not found.
File C:\Windows\tasks\Plus-HD-8.1-updater.job not found.
File C:\Windows\tasks\Plus-HD-8.1-codedownloader.job not found.
File C:\Windows\tasks\Plus-HD-8.1-enabler.job not found.
C:\Windows\Tasks\Google Software Updater.job moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511111108}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511111108}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: contrat -

User: Default
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: kiki
->Temp folder emptied: 948 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14521032 bytes
->Flash cache emptied: 492 bytes

User: Public

User: TEMP

User: TEMP.IIS APPPOOL

User: TEMP.IIS APPPOOL.000

User: TEMP.IIS APPPOOL.001

User: TEMP.IIS APPPOOL.002

User: TEMP.IIS APPPOOL.003

User: TEMP.IIS APPPOOL.004

User: TEMP.IIS APPPOOL.005

User: TEMP.IIS APPPOOL.006

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 14,00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: contrat

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Flash cache emptied: 0 bytes

User: kiki
->Flash cache emptied: 0 bytes

User: Public

User: TEMP

User: TEMP.IIS APPPOOL

User: TEMP.IIS APPPOOL.000

User: TEMP.IIS APPPOOL.001

User: TEMP.IIS APPPOOL.002

User: TEMP.IIS APPPOOL.003

User: TEMP.IIS APPPOOL.004

User: TEMP.IIS APPPOOL.005

User: TEMP.IIS APPPOOL.006

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02262014_155442

Files\Folders moved on Reboot...
C:\Users\kiki\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Merci.
SkyTech

Re: Virus ou pas ?

par SkyTech »

SkyTech a écrit :Encore le même soucis ?
Avatar de l’utilisateur
PIGNON
Messages : 189
Inscription : 22 nov. 2008 18:13

Re: Virus ou pas ?

par PIGNON »

C'est tout bon

Merci beaucoup PDT_003

PS

qu'est ce que c'était ??
Car je comprend pas avec OTL comment interpréter ?

Merci PDT_003
  • Sujets similaires
    Réponses
    Vues
    Dernier message

Revenir à « Windows : Résoudre les problèmes »