Redirections et propositions de mise à jour intempestives

Chlidoine · par **Chlidoine** » 25 nov. 2014 11:37

Bonjour,

Malgré des nettoyages régulier avec adwcleaner et malawarebytes, le problème persiste.
(J'ai par exemple une page hxtp://safedownloadsrus108.com/lp/2092/41/free/mpc qui s'ouvre pour mettre à jour media player. D'autres fois c'est adobe flash player. n ce momnt par hxtp://eu.papiba.com/flash/fr/index.html?sid=805&dv1=ad804-fr&kw1=ad804-fr-ln&uuid=0fed4df2-90d0-4068-4a4a-b6ef5b146f15)

Je viens de lancer Roguekiller et otl. Dans un post, j'ai vu une désinfection qui présentait un rapport semblable à cette partie :
¤¤¤ Registre : 9 ¤¤¤
[PUM.HomePage] HKEY_USERS\S-1-5-21-2239685195-1350287740-699466550-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.orange.fr/portail -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C13F7B8-B18C-48F7-B69A-97172CD22E6A} | NameServer : 31.168.224.106,5.135.12.52 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5C13F7B8-B18C-48F7-B69A-97172CD22E6A} | NameServer : 31.168.224.106,5.135.12.52 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5C13F7B8-B18C-48F7-B69A-97172CD22E6A} | NameServer : 31.168.224.106,5.135.12.52 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Trouvé(e)
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2239685195-1350287740-699466550-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2239685195-1350287740-699466550-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> Trouvé(e)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)

Je n'arrive pas à faire fonctionner http://pjjoint.malekal.com/

Je colle donc les rapports ici :

RogueKiller V10.0.8.0 [Nov 20 2014] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarré en : Mode normal
Utilisateur : La Chélidoine [Administrateur]
Mode : Scan -- Date : 11/25/2014 08:39:38

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 9 ¤¤¤
[PUM.HomePage] HKEY_USERS\S-1-5-21-2239685195-1350287740-699466550-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.orange.fr/portail -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C13F7B8-B18C-48F7-B69A-97172CD22E6A} | NameServer : 31.168.224.106,5.135.12.52 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5C13F7B8-B18C-48F7-B69A-97172CD22E6A} | NameServer : 31.168.224.106,5.135.12.52 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Trouvé(e)
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5C13F7B8-B18C-48F7-B69A-97172CD22E6A} | NameServer : 31.168.224.106,5.135.12.52 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Trouvé(e)
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2239685195-1350287740-699466550-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Trouvé(e)
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2239685195-1350287740-699466550-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> Trouvé(e)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Trouvé(e)
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Trouvé(e)

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 46 (Driver: Chargé) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x86695810
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x866958a8
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[19] : Unknown @ 0x86695f08
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[22] : Unknown @ 0x8611cb58
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[43] : Unknown @ 0x86693ac0
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[74] : Unknown @ 0x86693e70
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[86] : Unknown @ 0x866938b8
[SSDT:Addr(Hook.SSDT)] NtCreateThread[87] : Unknown @ 0x862d30d8
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[88] : Unknown @ 0x86693960
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[96] : Unknown @ 0x86693b58
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[111] : Unknown @ 0x86695228
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[131] : Unknown @ 0x86695d98
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[145] : Unknown @ 0x86693f18
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[147] : Unknown @ 0x86693f90
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[155] : Unknown @ 0x860b2968
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[168] : Unknown @ 0x86695ce0
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[177] : Unknown @ 0x86693dd8
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[190] : Unknown @ 0x86690188
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[191] : Unknown @ 0x86695f90
[SSDT:Addr(Hook.SSDT)] NtOpenSection[194] : Unknown @ 0x86693ca8
[SSDT:Addr(Hook.SSDT)] NtOpenThread[198] : Unknown @ 0x866952d0
[SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[215] : Unknown @ 0x86693a18
[SSDT:Addr(Hook.SSDT)] NtQueueApcThread[269] : Unknown @ 0x86693810
[SSDT:Addr(Hook.SSDT)] NtQueueApcThreadEx[270] : Unknown @ 0x86693768
[SSDT:Addr(Hook.SSDT)] NtResumeThread[304] : Unknown @ 0x86695940
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[316] : Unknown @ 0x86695b08
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[333] : Unknown @ 0x86695ba0
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[350] : Unknown @ 0x86693bf0
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[366] : Unknown @ 0x86693d40
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[367] : Unknown @ 0x866959d8
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[370] : Unknown @ 0x86688660
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[371] : Unknown @ 0x86695a70
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[385] : Unknown @ 0x86695c48
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[399] : Unknown @ 0x86695e40
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[318] : Unknown @ 0x86cee930
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[402] : Unknown @ 0x85faf440
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[434] : Unknown @ 0x86cf4d50
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[436] : Unknown @ 0x85faf478
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[448] : Unknown @ 0x86950008
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[490] : Unknown @ 0x86d49618
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[508] : Unknown @ 0x86cecfc0
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[509] : Unknown @ 0x86cf2f58
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0x86d466f0
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[588] : Unknown @ 0x85f9d850
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\DRVMCDB @ Unknown (\SystemRoot\system32\drivers\NAV\1506000.020\SYMEFA.SYS)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \FileSystem\DLACDBHM @ Unknown (\??\C:\Program Files\Norton AntiVirus\NortonData\21.5.0.19\Definitions\VirusDefs\20141124.017\NAVENG.SYS)

¤¤¤ Navigateurs web : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] 72a7ugy7.default : user_pref("browser.startup.homepage", "http://www.orange.fr/portail"); -> Trouvé(e)

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: ST3500418AS ATA Device +++++
--- User ---
[MBR] c5a1867f32443002d47ecd02f7e414ce
[BSP] 8687b0965e81c28e3cec5aac6042122c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 2047 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 4194304 | Size: 468823 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 964343808 | Size: 6059 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro/HG USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive5: Generic- SD/MMC/MS/MSPRO USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

-------------------
OTL logfile created on: 25/11/2014 09:17:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\La Chélidoine\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,75 Gb Total Physical Memory | 0,39 Gb Available Physical Memory | 22,09% Memory free
3,49 Gb Paging File | 1,53 Gb Available in Paging File | 43,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 457,83 Gb Total Space | 378,17 Gb Free Space | 82,60% Space Free | Partition Type: NTFS
Drive D: | 5,92 Gb Total Space | 0,73 Gb Free Space | 12,39% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: LUC | User Name: La Chélidoine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/11/25 09:13:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\La Chélidoine\Desktop\OTL.exe
PRC - [2014/11/25 08:17:48 | 015,196,248 | ---- | M] () -- C:\Users\La Chélidoine\Documents\Luc\Social\RogueKiller.exe
PRC - [2014/11/25 08:17:40 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/09/21 10:59:37 | 000,262,968 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\NAV.exe
PRC - [2014/09/20 09:53:22 | 000,130,104 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe
PRC - [2014/09/12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/06/17 05:12:26 | 000,390,256 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2013/12/13 03:47:56 | 000,085,600 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2013/08/02 01:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\HelperService.exe
PRC - [2012/11/22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\ConversionService.exe
PRC - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/09 10:45:47 | 000,344,064 | ---- | M] (ITSamples.com) -- C:\Program Files\Network Activity Indicator\NetworkIndicator.exe
PRC - [2010/03/03 11:52:02 | 000,124,472 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
PRC - [2010/03/03 11:21:50 | 000,081,920 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
PRC - [2010/03/03 11:21:36 | 000,090,112 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
PRC - [2010/03/03 11:21:26 | 000,094,208 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
PRC - [2010/02/11 12:11:14 | 000,403,184 | ---- | M] (NTRglobal) -- C:\Program Files\NTR global\NTRconnect\NTRconnect.exe
PRC - [2009/11/19 10:01:10 | 003,788,800 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
PRC - [2009/11/19 08:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
PRC - [2009/11/19 08:32:12 | 000,442,368 | ---- | M] (Hewlett-Packard) -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
PRC - [2009/09/01 23:56:00 | 000,360,448 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/09/01 23:55:32 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/10 15:36:48 | 000,110,592 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
PRC - [2009/03/15 23:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonServer.exe
PRC - [2009/03/15 23:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\System32\WinMsgBalloonClient.exe
PRC - [2009/03/15 23:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/03/15 23:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2006/10/30 08:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
PRC - [1999/03/21 00:54:56 | 007,151,661 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\EXCEL.EXE
PRC - [1998/10/21 07:01:00 | 003,886,592 | ---- | M] (Lotus Development Corporation) -- C:\lotus\organize\org5.exe
PRC - [1998/10/13 19:08:18 | 000,274,497 | ---- | M] (Microsoft Corporation) -- C:\Windows\Msagent\AGENTSVR.EXE
PRC - [1998/09/03 00:23:00 | 000,087,040 | ---- | M] (Lotus Development Corporation) -- C:\lotus\organize\easyclip.exe
PRC - [1998/05/27 10:37:42 | 000,067,584 | ---- | M] (IntelliQuest Communications, Inc.) -- C:\lotus\orgreg\remind32.exe

========== Modules (No Company Name) ==========

MOD - [2014/11/25 08:17:48 | 015,196,248 | ---- | M] () -- C:\Users\La Chélidoine\Documents\Luc\Social\RogueKiller.exe
MOD - [2014/11/25 08:17:40 | 003,649,648 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/10/16 10:15:38 | 000,035,328 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2014/06/17 05:12:26 | 003,022,960 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\mozjs.dll
MOD - [2014/06/17 05:12:26 | 000,158,832 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2014/06/17 05:12:26 | 000,023,152 | ---- | M] () -- C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
MOD - [2014/05/24 17:41:24 | 000,892,416 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\libstdc++-6.dll
MOD - [2014/05/24 17:41:24 | 000,091,648 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
MOD - [2009/11/04 01:14:04 | 000,054,272 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_01.dll
MOD - [2009/10/16 11:10:14 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/10/16 11:10:14 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/10/16 11:10:14 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/07/24 11:10:56 | 008,024,064 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtGui4.dll
MOD - [2009/07/24 11:10:28 | 002,199,552 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtCore4.dll
MOD - [2008/02/22 09:22:32 | 000,055,792 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL
MOD - [2008/01/09 10:10:42 | 000,159,744 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\iceutil32.dll
MOD - [2008/01/09 10:10:00 | 000,167,936 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\IceSSL32.dll
MOD - [2008/01/09 10:08:00 | 001,245,184 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\ice32.dll
MOD - [2008/01/09 10:06:54 | 000,065,536 | R--- | M] () -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\bzip2.dll
MOD - [1999/02/22 20:48:22 | 000,143,410 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\AW.DLL
MOD - [1999/02/02 00:39:14 | 000,073,785 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\BLNMGR.DLL
MOD - [1999/02/01 21:10:52 | 000,057,403 | ---- | M] () -- C:\PROGRA~1\MICROS~1\Office\BLNMGRPS.DLL
MOD - [1998/08/28 00:23:00 | 000,220,160 | ---- | M] () -- C:\lotus\organize\ormutil.dll
MOD - [1998/08/28 00:23:00 | 000,153,088 | ---- | M] () -- C:\lotus\organize\ormmime.dll
MOD - [1998/08/28 00:23:00 | 000,138,752 | ---- | M] () -- C:\lotus\organize\ormprot.dll
MOD - [1998/03/24 00:23:00 | 000,215,552 | ---- | M] () -- c:\lotus\compnent\lticnc80.dll

========== Services (SafeList) ==========

SRV - [2014/11/18 07:40:48 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/06 03:59:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/09/21 10:59:37 | 000,262,968 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\NAV.exe -- (NAV)
SRV - [2014/09/20 09:53:22 | 000,130,104 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe -- (NCO)
SRV - [2014/09/12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/11/22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012/11/22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/25 17:20:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/03 11:52:02 | 000,124,472 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe -- (Hp.Skyroom.Windows.Service)
SRV - [2010/02/11 12:11:14 | 000,403,184 | ---- | M] (NTRglobal) [Auto | Running] -- C:\Program Files\NTR global\NTRconnect\NTRconnect.exe -- (ntrconnect)
SRV - [2009/11/19 08:42:42 | 000,379,904 | ---- | M] (Hewlett-Packard, Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe -- (rgsender)
SRV - [2009/09/01 23:55:32 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/10 15:36:48 | 000,110,592 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV - [2009/03/15 23:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2006/04/18 04:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbbc.sys -- (Wdm1)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\LACHLI~1\AppData\Local\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - [2014/11/25 08:25:59 | 000,034,808 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2014/11/18 06:23:29 | 000,479,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton AntiVirus\NortonData\21.5.0.19\Definitions\IPSDefs\20141124.001\IDSvix86.sys -- (IDSVix86)
DRV - [2014/10/27 19:41:27 | 001,636,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton AntiVirus\NortonData\21.5.0.19\Definitions\VirusDefs\20141124.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/10/27 19:41:27 | 000,095,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton AntiVirus\NortonData\21.5.0.19\Definitions\VirusDefs\20141124.017\NAVENG.SYS -- (NAVENG)
DRV - [2014/10/03 20:19:32 | 001,138,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton AntiVirus\NortonData\21.5.0.19\Definitions\BASHDefs\20141118.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2014/09/22 19:36:18 | 000,378,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2014/09/09 11:33:11 | 000,111,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/08/27 09:51:22 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2014/08/26 03:20:22 | 000,664,792 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NAV\1506000.020\srtsp.sys -- (SRTSP)
DRV - [2014/08/26 03:20:22 | 000,032,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1506000.020\srtspx.sys -- (SRTSPX)
DRV - [2014/08/06 20:48:16 | 000,209,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1506000.020\ironx86.sys -- (SymIRON)
DRV - [2014/07/23 06:13:11 | 000,447,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1506000.020\symnets.sys -- (SymNetS)
DRV - [2014/07/23 06:13:10 | 000,936,152 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NAV\1506000.020\symefa.sys -- (SymEFA)
DRV - [2014/07/23 06:13:09 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NAV\1506000.020\symds.sys -- (SymDS)
DRV - [2014/02/21 00:14:34 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NAV\1506000.020\ccsetx86.sys -- (ccSet_NAV)
DRV - [2013/09/27 20:23:30 | 000,127,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NST\7DE07080.017\ccsetx86.sys -- (ccSet_NST)
DRV - [2011/05/18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/12/09 09:04:20 | 000,025,912 | -H-- | M] (NTR) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTRvdd.sys -- (NTRvdd)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/10/20 14:15:00 | 000,185,912 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2009/09/02 00:31:04 | 005,173,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/14 01:14:49 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/05/11 10:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2009/05/05 11:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2008/02/22 09:22:56 | 000,009,168 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2008/02/22 09:22:38 | 000,094,384 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2008/02/22 09:22:38 | 000,034,832 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2008/02/22 09:22:36 | 000,097,584 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2008/02/22 09:22:36 | 000,026,032 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2008/02/22 09:22:34 | 000,032,208 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2008/02/22 09:22:34 | 000,014,256 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2008/02/22 09:22:32 | 000,104,240 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/02/08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BFB9F69C-8E02-4D78-A756-D9FD2CBE9C19}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2239685195-1350287740-699466550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/9
IE - HKU\S-1-5-21-2239685195-1350287740-699466550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2239685195-1350287740-699466550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2239685195-1350287740-699466550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2239685195-1350287740-699466550-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/portail
IE - HKU\S-1-5-21-2239685195-1350287740-699466550-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2239685195-1350287740-699466550-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2239685195-1350287740-699466550-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2239685195-1350287740-699466550-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2239685195-1350287740-699466550-1000\..\SearchScopes\{ADC14798-B5B4-4BCD-841C-02BE767006CA}: "URL" = http://fr.search.yahoo.com/search?fr=ch ... earchTerms}
IE - HKU\S-1-5-21-2239685195-1350287740-699466550-1000\..\SearchScopes\{BFB9F69C-8E02-4D78-A756-D9FD2CBE9C19}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE - HKU\S-1-5-21-2239685195-1350287740-699466550-1000\..\SearchScopes\{D26CC8BD-8845-488A-9843-4B333FCC2E8F}: "URL" = http://www.google.fr/search?hl=fr&q={se ... ms}+&meta=
IE - HKU\S-1-5-21-2239685195-1350287740-699466550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.orange.fr/portail"
FF - prefs.js..extensions.enabledAddons: bookmarkfaviconchanger%40sonthakit:1.74
FF - prefs.js..extensions.enabledAddons: %7B6e84150a-d526-41f1-a480-a67d3fed910d%7D:1.5.6
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.5
FF - prefs.js..extensions.enabledAddons: silvermelxt%40pardal.de:1.5.7
FF - prefs.js..extensions.enabledAddons: %7B03B08592-E5B4-45ff-A0BE-C1D975458688%7D:1.0.2
FF - prefs.js..extensions.enabledAddons: %7BF04D2D30-776C-4d02-8627-8E4385ECA58D%7D:2014.7.9.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.6
FF - prefs.js..extensions.enabledItems: {03B08592-E5B4-45ff-A0BE-C1D975458688}:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: [email protected]:4.3
FF - prefs.js..extensions.enabledItems: [email protected]:4.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.6
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\La Chélidoine\Desktop\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/19 14:23:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012/11/27 08:11:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn\ [2014/11/25 08:21:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/11/25 08:17:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/19 14:23:31 | 000,000,000 | ---D | M]

[2010/11/02 08:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\La Chélidoine\AppData\Roaming\mozilla\Extensions
[2010/11/02 08:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\La Chélidoine\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2014/11/25 08:23:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\La Chélidoine\AppData\Roaming\mozilla\Firefox\Profiles\72a7ugy7.default\extensions
[2014/11/25 08:24:03 | 000,000,000 | ---D | M] (Toolbar Buttons) -- C:\Users\La Chélidoine\AppData\Roaming\mozilla\Firefox\Profiles\72a7ugy7.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
[2013/02/19 08:12:02 | 000,098,969 | ---- | M] () (No name found) -- C:\Users\La Chélidoine\AppData\Roaming\mozilla\firefox\profiles\72a7ugy7.default\extensions\[email protected]
[2014/03/18 07:14:25 | 003,679,842 | R--- | M] () (No name found) -- C:\Users\La Chélidoine\AppData\Roaming\mozilla\firefox\profiles\72a7ugy7.default\extensions\[email protected]
[2014/03/18 07:14:25 | 000,062,091 | R--- | M] () (No name found) -- C:\Users\La Chélidoine\AppData\Roaming\mozilla\firefox\profiles\72a7ugy7.default\extensions\[email protected]
[2013/03/21 13:47:38 | 000,111,028 | ---- | M] () (No name found) -- C:\Users\La Chélidoine\AppData\Roaming\mozilla\firefox\profiles\72a7ugy7.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi
[2013/06/04 06:02:31 | 000,401,340 | ---- | M] () (No name found) -- C:\Users\La Chélidoine\AppData\Roaming\mozilla\firefox\profiles\72a7ugy7.default\extensions\{75493B06-1504-4976-9A55-B6FE240FF0BF}.xpi
[2013/05/07 07:10:39 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\La Chélidoine\AppData\Roaming\mozilla\firefox\profiles\72a7ugy7.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2014/11/25 08:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
[2014/11/25 08:17:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/11/25 08:21:23 | 000,000,000 | ---D | M] (Norton Identity Safe Toolbar) -- C:\PROGRAMDATA\NORTON\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\COFFPLGN
File not found (No name found) -- C:\USERS\LA CHÃ©LIDOINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\72A7UGY7.DEFAULT\EXTENSIONS\{03B08592-E5B4-45FF-A0BE-C1D975458688}
File not found (No name found) -- C:\USERS\LA CHÃ©LIDOINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\72A7UGY7.DEFAULT\EXTENSIONS\{6E84150A-D526-41F1-A480-A67D3FED910D}.XPI
File not found (No name found) -- C:\USERS\LA CHÃ©LIDOINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\72A7UGY7.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
File not found (No name found) -- C:\USERS\LA CHÃ©LIDOINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\72A7UGY7.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\LA CHÃ©LIDOINE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\72A7UGY7.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2239685195-1350287740-699466550-1000\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.7.8.23\coIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\La Chélidoine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe (Lotus Development Corporation)
O4 - Startup: C:\Users\La Chélidoine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer Registration.lnk = C:\lotus\orgreg\remind32.exe (IntelliQuest Communications, Inc.)
O4 - Startup: C:\Users\La Chélidoine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Network Activity Indicator system tray utility.lnk = C:\Program Files\Network Activity Indicator\NetworkIndicator.exe (ITSamples.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKU\S-1-5-21-2239685195-1350287740-699466550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C13F7B8-B18C-48F7-B69A-97172CD22E6A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C13F7B8-B18C-48F7-B69A-97172CD22E6A}: NameServer = 31.168.224.106,5.135.12.52
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/11/25 09:12:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\La Chélidoine\Desktop\OTL.exe
[2014/11/25 08:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/11/25 08:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/11/18 08:02:24 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/11/18 07:47:42 | 000,000,000 | ---D | C] -- C:\Users\La Chélidoine\AppData\Local\Software
[2014/11/18 07:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\Software
[2014/11/18 06:17:35 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/11/18 06:17:35 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/11/18 06:17:35 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/11/18 06:17:34 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/11/18 06:17:34 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/11/18 06:17:34 | 000,341,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/11/18 06:17:34 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/11/18 06:17:33 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/11/18 06:17:33 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/11/18 06:17:33 | 000,688,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/11/18 06:17:33 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/11/18 06:17:33 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/11/18 06:17:33 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/11/18 06:17:33 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/11/18 06:17:32 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/11/18 06:17:32 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/11/18 06:17:32 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/11/18 06:17:32 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/11/18 06:17:31 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/11/18 06:17:31 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/11/18 06:17:29 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/11/18 06:17:29 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/11/18 06:17:27 | 004,298,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/11/18 06:15:47 | 000,701,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2014/11/18 06:15:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014/11/18 06:15:37 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AUDIOKSE.dll
[2014/11/18 06:15:37 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll
[2014/11/18 06:15:37 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDump.dll
[2014/11/18 06:15:37 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2014/11/18 06:15:35 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2014/11/18 06:15:24 | 002,379,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/11/18 06:15:22 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2014/11/18 06:15:22 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/11/18 06:15:21 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/11/18 06:15:20 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2014/11/18 06:15:18 | 000,681,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adtschema.dll
[2014/11/18 06:15:17 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msaudite.dll
[2014/11/04 11:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\MSScanAppDataDir
[2014/11/04 08:51:32 | 000,000,000 | ---D | C] -- C:\Users\La Chélidoine\Documents\My Albums
[2014/11/04 07:02:26 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/11/04 07:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/11/04 07:02:10 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/11/04 07:02:10 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/11/04 07:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/11/04 06:31:48 | 000,000,000 | ---D | C] -- C:\Users\La Chélidoine\Documents\zasilka

========== Files - Modified Within 30 Days ==========

[2014/11/25 09:13:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\La Chélidoine\Desktop\OTL.exe
[2014/11/25 09:07:59 | 000,000,000 | ---- | M] () -- C:\Users\La Chélidoine\Desktop\OTL.zip
[2014/11/25 08:40:01 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/25 08:28:56 | 000,021,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/25 08:28:56 | 000,021,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/25 08:27:11 | 000,747,690 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2014/11/25 08:27:11 | 000,654,300 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/11/25 08:27:11 | 000,150,214 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2014/11/25 08:27:11 | 000,122,172 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/11/25 08:25:59 | 000,034,808 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/11/25 08:23:46 | 000,001,992 | ---- | M] () -- C:\Users\La Chélidoine\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/11/25 08:20:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/25 08:20:38 | 1407,234,048 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/25 07:27:54 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/11/25 06:40:28 | 000,416,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/11/18 14:04:17 | 000,347,155 | ---- | M] () -- C:\Users\La Chélidoine\AppData\Local\census.cache
[2014/11/18 14:03:54 | 000,153,916 | ---- | M] () -- C:\Users\La Chélidoine\AppData\Local\ars.cache
[2014/11/18 13:31:55 | 000,000,287 | ---- | M] () -- C:\Windows\System32\CRUNX.BIN
[2014/11/18 13:27:03 | 000,000,036 | ---- | M] () -- C:\Users\La Chélidoine\AppData\Local\housecall.guid.cache
[2014/11/18 08:16:41 | 000,046,030 | ---- | M] () -- C:\Users\La Chélidoine\AppData\Roaming\wklnhst.dat
[2014/11/18 07:40:47 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/11/18 07:40:47 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/11/07 20:23:39 | 000,341,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/11/06 04:28:20 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/11/06 04:28:06 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/11/06 04:13:36 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/11/06 04:12:44 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/11/06 04:10:58 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/11/06 04:04:45 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/11/06 04:03:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/11/06 04:00:56 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/11/06 03:59:36 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/11/06 03:59:34 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/11/06 03:58:38 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/11/06 03:51:33 | 000,667,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/11/06 03:48:12 | 000,418,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/11/06 03:42:36 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/11/06 03:37:58 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/11/06 03:34:21 | 000,285,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/11/06 03:22:26 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/11/06 03:22:12 | 000,688,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/11/06 03:21:49 | 004,298,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/11/06 03:21:25 | 002,051,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/11/06 03:20:37 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/11/06 02:47:17 | 000,708,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/11/05 18:50:47 | 000,254,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2014/11/05 18:50:28 | 000,203,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/11/05 18:47:40 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/11/04 11:49:42 | 000,022,200 | ---- | M] () -- C:\Users\La Chélidoine\Documents\content_1.htm
[2014/11/04 11:46:49 | 000,397,712 | ---- | M] () -- C:\Users\La Chélidoine\Documents\content_1.mdi
[2014/11/04 11:46:19 | 000,000,493 | ---- | M] () -- C:\Windows\ODBC.INI
[2014/11/04 11:46:12 | 000,397,716 | ---- | M] () -- C:\Users\La Chélidoine\Documents\content.mdi
[2014/11/04 08:48:40 | 000,000,000 | ---- | M] () -- C:\Windows\Twunk002.MTX
[2014/11/04 07:02:14 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/04 06:23:30 | 058,894,454 | ---- | M] () -- C:\Users\La Chélidoine\Documents\zasilka-BB9SEBHUWBHV2Y9S.zip

========== Files Created - No Company Name ==========

[2014/11/25 09:07:57 | 000,000,000 | ---- | C] () -- C:\Users\La Chélidoine\Desktop\OTL.zip
[2014/11/25 08:25:59 | 000,034,808 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/11/18 14:04:17 | 000,347,155 | ---- | C] () -- C:\Users\La Chélidoine\AppData\Local\census.cache
[2014/11/18 14:03:54 | 000,153,916 | ---- | C] () -- C:\Users\La Chélidoine\AppData\Local\ars.cache
[2014/11/18 13:27:03 | 000,000,036 | ---- | C] () -- C:\Users\La Chélidoine\AppData\Local\housecall.guid.cache
[2014/11/04 11:49:37 | 000,022,200 | ---- | C] () -- C:\Users\La Chélidoine\Documents\content_1.htm
[2014/11/04 11:46:49 | 000,397,712 | ---- | C] () -- C:\Users\La Chélidoine\Documents\content_1.mdi
[2014/11/04 11:46:12 | 000,397,716 | ---- | C] () -- C:\Users\La Chélidoine\Documents\content.mdi
[2014/11/04 08:48:40 | 000,000,000 | ---- | C] () -- C:\Windows\Twunk002.MTX
[2014/11/04 06:18:22 | 058,894,454 | ---- | C] () -- C:\Users\La Chélidoine\Documents\zasilka-BB9SEBHUWBHV2Y9S.zip
[2013/06/14 10:30:17 | 000,000,738 | RHS- | C] () -- C:\Users\La Chélidoine\ntuser.pol
[2012/02/01 11:43:13 | 000,046,030 | ---- | C] () -- C:\Users\La Chélidoine\AppData\Roaming\wklnhst.dat
[2010/10/26 12:21:15 | 000,001,940 | ---- | C] () -- C:\Users\La Chélidoine\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

========== ZeroAccess Check ==========

[2011/07/08 15:28:32 | 000,055,966 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2239685195-1350287740-699466550-1000\$RGEKQ5D\Photos\Mandino Reinhardt\u.jpg
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Merci d'avance si quelqu'un peut m'aiguiller.

Cordialement.

par **Malekal_morte** » 25 nov. 2014 12:23

Salut,

Réinitialise Firefox : http://forum.malekal.com/firefox-extens ... 36057.html

Relance un scan RogueKiler
Dans l'onglet Registry, coche tous les PUM.DNS
Clic sur suppression

Donne le rapport ici.

Chlidoine · par **Chlidoine** » 25 nov. 2014 13:02

Merci.

Voici le rapport après avoir suivi les différentes instructions données.

RogueKiller V10.0.8.0 [Nov 20 2014] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : http://www.adlice.com/fr/logiciels/roguekiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Démarré en : Mode normal
Utilisateur : La Chélidoine [Administrateur]
Mode : Suppression -- Date : 11/25/2014 13:05:10

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 9 ¤¤¤
[PUM.HomePage] HKEY_USERS\S-1-5-21-2239685195-1350287740-699466550-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.orange.fr/portail -> Non sélectionné
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5C13F7B8-B18C-48F7-B69A-97172CD22E6A} | NameServer : 31.168.224.106,5.135.12.52 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5C13F7B8-B18C-48F7-B69A-97172CD22E6A} | NameServer : 31.168.224.106,5.135.12.52 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Remplacé(e) ()
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5C13F7B8-B18C-48F7-B69A-97172CD22E6A} | NameServer : 31.168.224.106,5.135.12.52 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Remplacé(e) ()
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Non sélectionné
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2239685195-1350287740-699466550-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Non sélectionné
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2239685195-1350287740-699466550-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> Non sélectionné
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Non sélectionné
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Non sélectionné

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 46 (Driver: Chargé) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x86695810
[SSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x866958a8
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[19] : Unknown @ 0x86695f08
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[22] : Unknown @ 0x8611cb58
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[43] : Unknown @ 0x86693ac0
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[74] : Unknown @ 0x86693e70
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[86] : Unknown @ 0x866938b8
[SSDT:Addr(Hook.SSDT)] NtCreateThread[87] : Unknown @ 0x862d30d8
[SSDT:Addr(Hook.SSDT)] NtCreateThreadEx[88] : Unknown @ 0x86693960
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[96] : Unknown @ 0x86693b58
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[111] : Unknown @ 0x86695228
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[131] : Unknown @ 0x86695d98
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[145] : Unknown @ 0x86693f18
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[147] : Unknown @ 0x86693f90
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[155] : Unknown @ 0x860b2968
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[168] : Unknown @ 0x86695ce0
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[177] : Unknown @ 0x86693dd8
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[190] : Unknown @ 0x86690188
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[191] : Unknown @ 0x86695f90
[SSDT:Addr(Hook.SSDT)] NtOpenSection[194] : Unknown @ 0x86693ca8
[SSDT:Addr(Hook.SSDT)] NtOpenThread[198] : Unknown @ 0x866952d0
[SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[215] : Unknown @ 0x86693a18
[SSDT:Addr(Hook.SSDT)] NtQueueApcThread[269] : Unknown @ 0x86693810
[SSDT:Addr(Hook.SSDT)] NtQueueApcThreadEx[270] : Unknown @ 0x86693768
[SSDT:Addr(Hook.SSDT)] NtResumeThread[304] : Unknown @ 0x86695940
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[316] : Unknown @ 0x86695b08
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[333] : Unknown @ 0x86695ba0
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[350] : Unknown @ 0x86693bf0
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[366] : Unknown @ 0x86693d40
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[367] : Unknown @ 0x866959d8
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[370] : Unknown @ 0x86688660
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[371] : Unknown @ 0x86695a70
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[385] : Unknown @ 0x86695c48
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[399] : Unknown @ 0x86695e40
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[318] : Unknown @ 0x86cee930
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[402] : Unknown @ 0x85faf440
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[434] : Unknown @ 0x86cf4d50
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[436] : Unknown @ 0x85faf478
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[448] : Unknown @ 0x86950008
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[490] : Unknown @ 0x86d49618
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[508] : Unknown @ 0x86cecfc0
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[509] : Unknown @ 0x86cf2f58
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0x86d466f0
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[588] : Unknown @ 0x85f9d850
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\DRVMCDB @ Unknown (\SystemRoot\system32\drivers\NAV\1506000.020\SYMEFA.SYS)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \FileSystem\DLACDBHM @ Unknown (\??\C:\Program Files\Norton AntiVirus\NortonData\21.5.0.19\Definitions\VirusDefs\20141124.017\NAVENG.SYS)

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: ST3500418AS ATA Device +++++
--- User ---
[MBR] c5a1867f32443002d47ecd02f7e414ce
[BSP] 8687b0965e81c28e3cec5aac6042122c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 2047 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 4194304 | Size: 468823 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 964343808 | Size: 6059 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive4: Generic- MS/MS-Pro/HG USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

+++++ PhysicalDrive5: Generic- SD/MMC/MS/MSPRO USB Device +++++
Error reading User MBR! ([15] Le périphérique n?est pas prêt. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Cette demande n?est pas prise en charge. )

============================================
RKreport_SCN_11252014_083937.log - RKreport_SCN_11252014_130119.log

par **Malekal_morte** » 25 nov. 2014 13:25

Ca donne quoi au niveau des redirections ?

Chlidoine · par **Chlidoine** » 25 nov. 2014 14:32

Pour l'instant tout et calme sur Firefox et IE où j'ai eu une redirection aussi ce matin.

Si jamais ça peut être utile, je signale que ce matin l'antivirus à bloqué : superoptimizersetup.exe (Trojan.Asprox.B) c:\users\la chélidoine\appdata\local\temp\23dctmp\superoptimizersetup.exe)

Merci.

par **Malekal_morte** » 25 nov. 2014 14:42

Un des adwares avaient modifiés les DNS pour provoquer ces redirections,

Quelques conseils :

Installe Malwarebyte's Anti-Malware : https://www.malekal.com/malwarebyte-ant ... les-virus/
Fais des scans réguliers avec, il est efficace.

Pour prévenir les sites malicieux, tu peux installer Blockulicious : http://forum.malekal.com/blockulicious- ... 46656.html

Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/

Chlidoine · par **Chlidoine** » 25 nov. 2014 15:37

Merci.

J'utilise régulièrement Malwarebyte's Anti-Malware et je connaissais la page des Pups ayant déjà eu des soucis ailleurs à cet égard (récurrents aussi. Je vais me pencher de nouveau dessus à la lumière de ce qui s'est fait aujourd'hui)
Et je ne suis pas le seul à utiliser cet ordinateur...

J'installe Blockulicious.

Merci encore.

par **Malekal_morte** » 25 nov. 2014 15:59

Faudrait prévenir les autres utilisateurs.
Si ce sont des "enfants", tu peux mettre un contrôle parental : http://forum.malekal.com/tutorial-contr ... 48431.html

Malekal.com forum

Redirections et propositions de mise à jour intempestives

Redirections et propositions de mise à jour intempestives

Re: Redirections et propositions de mise à jour intempestive

Re: Redirections et propositions de mise à jour intempestive

Re: Redirections et propositions de mise à jour intempestive

Re: Redirections et propositions de mise à jour intempestive

Re: Redirections et propositions de mise à jour intempestive

Re: Redirections et propositions de m a j intempestive( rés

Re: Redirections et propositions de mise à jour intempestive