combofix Résolu

Question

Bonjour, 

Mon ordi a été infesté par le trojan dont vous parlez. J'ai suivi la procédure et je suis arrivé jusqu-au rapport de combofix mais je ne sais pas où je dois l'envoyer.

Merci par avance pour votre réponse.

CP

Configuration: Windows 7 / Internet Explorer 8.0

juju666 · Answer

hello pourquoi as tu utilisé combofix ? c'est pas un outil a utiliser ainsi... il pourrait figer ton pc. Il doit être utilisé si conseillé par une personne formée à l'outil et sachant récupérer le pc si problème il y a. tu peux poster le rapport ici puis : Nous allons effectuer un diagnostic de ton PC: ▶ Télécharge ZHPDiag sur ton bureau : https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html ou : http://www.premiumorange.com/zeb-help-process/zhpdiag.html ou : https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/ ▶ Laisse toi guider lors de l'installation,coche "Ajouter une icône sur le bureau" et décoche la case "Exécuter ZHPDiag" /!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur » ▶ Clique sur l'icône représentant une loupe (« Lancer le diagnostic ») ▶ Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette ▶ Héberge le rapport ZHPDiag.txt sur Cijoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum : http://www.cijoint.fr/ ou : http://ww38.toofiles.com/fr/documents-upload.html ▶ Tuto zhpdiag : http://www.premiumorange.com/zeb-help-process/zhpdiag.html @+ En formation avancée chez Helper-Formation. Restez jusqu'au bout tant qu'on ne vous dit pas que la désinfection est terminée

carop09 · Answer

ici où ? Désolée mais je suis pas experte j'ai utilisé combofix en suivant les indications sur la page de discussion JS:Illredir-CB [Trj]. J'espère ne pas avoir emdommagé mon ordi.

Dois-je vraiment installerZHPDiag sur mon bureau ? Tout semble rentré dans l'ordre.
CP

juju666 · Answer

C:\ComboFix.txt 
Ouvre ce fichier, ctrl+a, ctrl+c, reviens ici et fais ctrl+v

puis fais le diag avec ZHPDiag, il peut rester des traces

@+

carop09 · Answer

ComboFix 11-01-01.03 - Piquemal 02/01/2011  15:23:51.1.2 - x86
Microsoft Windows 7 Édition Familiale Premium   6.1.7600.0.1252.33.1036.18.3063.1916 [GMT 1:00]
Lancé depuis: c:\users\Piquemal\Desktop\ComboFix.exe
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mp119C.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mp1EE5.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mp3A51.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mp4088.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mp4356.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mp4893.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mp52E7.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mp5E16.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mp5E32.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mp69C9.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mp6E3C.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mp709D.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mp8361.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mp94BF.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mp95E8.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mp9701.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mp98C5.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mp99FD.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mp9C00.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mpA080.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mpA36F.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mpA449.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mpA488.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mpA553.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mpA672.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mpAA33.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mpB75C.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mpBAD5.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mpD020.tmp
c:\users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files	mpD73B.tmp
c:\users\Piquemal\AppData\Roaming\Desktopicon
c:\users\Piquemal\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Piquemal\AppData\Roaming\Desktopicon\uninst.exe
c:\users\Piquemal\AppData\Roaming
sb68A6.exe
c:\windows\system32\ajvydfaeubhejfko.dll

.
(((((((((((((((((((((((((((((   Fichiers créés du 2010-12-02 au 2011-01-02  ))))))))))))))))))))))))))))))))))))
.

2011-01-02 14:30 . 2011-01-02 14:30	--------	d-----w-	c:\users\Default\AppData\Local	emp
2011-01-01 15:43 . 2011-01-01 15:43	102400	----a-w-	c:\windows\RegBootClean.exe
2011-01-01 15:17 . 2010-11-10 04:33	6273872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FC67BCD-44A3-4C31-AD01-C30C96737333}\mpengine.dll
2010-12-21 17:54 . 2010-12-21 17:54	--------	d-----w-	c:\programdata\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2010-12-16 04:44 . 2010-10-12 04:25	516096	----a-w-	c:\program files\Windows Mail\wab.exe
2010-12-16 04:44 . 2010-10-27 04:32	2048	----a-w-	c:\windows\system32	zres.dll
2010-12-10 16:03 . 2010-12-10 16:03	--------	d-----w-	c:\programdata\al
2010-12-10 16:03 . 2010-12-10 16:03	--------	d-----w-	c:\windows\Sun
2010-12-10 16:02 . 2010-12-10 16:02	125641	----a-w-	c:\windows\system32\ee84486b.exe
2010-12-10 16:02 . 2010-12-24 17:11	61313	----a-w-	c:\windows\system32
mbnmzbueesyerxlx.exe
2010-12-10 15:05 . 2011-01-01 16:57	--------	d-----w-	c:\programdata\eMule

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35	4280320	----a-w-	c:\windows\system32\GPhotos.scr
2010-11-03 20:54 . 2007-10-25 16:26	5632	----a-w-	c:\windows\system32\drivers\StarOpen.sys
2010-10-27 12:28 . 2010-12-21 17:57	11320	----a-w-	c:\windows\help\OEM\Scripts\HPSARedirectorLauncher.exe
2010-10-23 19:35 . 2010-10-23 19:35	1409	----a-w-	c:\windows\QTFont.for
2010-10-19 09:41 . 2009-11-10 09:40	222080	------w-	c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6d6b212b-2245-4898-8b16-9a11b81ff9e1}"= "c:\program files\Softonic_France_FF	bSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]
2009-11-09 17:38	2331672	----a-w-	c:\program files\Softonic_France_FF	bSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6d6b212b-2245-4898-8b16-9a11b81ff9e1}"= "c:\program files\Softonic_France_FF	bSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6D6B212B-2245-4898-8B16-9A11B81FF9E1}"= "c:\program files\Softonic_France_FF	bSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-28 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-11-03 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-17 186904]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-13 458844]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-10 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"CardDetectorHUAWEI160"="c:\program files\CardDetector\HUAWEI160\CardDetector.exe" [2008-09-25 274432]
"TkBellExe"="c:\program files\Common Files\Real\Update_OBealsched.exe" [2010-03-28 202256]
"BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe" [2008-09-25 131824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

c:\users\Piquemal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2010-1-1 40960]
w98Eject.lnk - c:\windows\System\w98eject.exe [2010-7-18 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 135664]
R3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\Drivers\AF9035HB.sys [2010-09-26 864384]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-08-20 100224]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS
etw5v32.sys [2009-06-04 4231680]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2008-06-26 28224]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-06 1343400]
S1 aswSP;avast! Self Protection; [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 EFUploadSrv;ExtraFilm upload service;c:\program files\Extrafilm Designer FR\EFUploadSrv.exe [2009-07-09 1716224]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 NETw5s32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows 7 32 bits ;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-20 313856]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'

2010-03-24 c:\windows\Tasks\CreateChoiceProcessTask.job
- c:\windows\System32\browserchoice.exe [2010-03-23 07:10]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 19:35]

2011-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 19:35]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_FR&c=92&bd=all&pf=cmnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} - hxxp://www.extrafilm.fr/ExtraFilmUploader6.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{889C8377-C298-7103-E112-5186220B3ED9} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-NPSStartup - (no file)
HKLM-Run-jaerrinezx - c:\windows\system32\ajvydfaeubhejfko.dll
AddRemove-AF9035HB DriverInstaller_10.4.26.1 - c:\users\Piquemal\AppData\Local\Temp\DriverInstall32.exe
AddRemove-eBay Icon - c:\users\Piquemal\AppData\Roaming\Desktopicon\uninst.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-nbpixgtowqk - c:\users\Piquemal\AppData\Roaming
sb68A6.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe


.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2011-01-02  15:34:16
ComboFix-quarantined-files.txt  2011-01-02 14:34

Avant-CF: 184 285 736 960 octets libres
Après-CF: 184 229 912 576 octets libres

- - End Of File - - 02E75852882AD021C8546B8682DB2B29

juju666 · Answer

Rapport de combo vu

Et ZHPDiag ? :)

carop09 · Answer

ZHPDiag pas installé. Je suis allée sur le lien commentcamarche et la procédure ne s'affiche pas comme indiqué donc j'ai préféré laisser tomber.

juju666 · Answer

pourtant c'est pas compliqué :) 


&#9654 Télécharge ZHPDiag sur ton bureau : 

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html 

&#9654 Laisse toi guider lors de l'installation,coche "Ajouter une icône sur le bureau" et décoche la case "Exécuter ZHPDiag" 

 /!\Utilisateur de Vista et Seven : Clique droit sur le logo de ZHPdiag, « exécuter en tant qu'Administrateur »  

&#9654 Clique sur l'icône représentant une loupe en haut à gauche (« Lancer le diagnostic ») 
&#9654 Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette 
&#9654 Héberge le rapport ZHPDiag.txt sur Cijoint, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum : 

&#9654 Tuto zhpdiag : 
http://www.premiumorange.com/zeb-help-process/zhpdiag.html  
En formation avancée chez Helper-Formation. 
Restez jusqu'au bout tant qu'on ne vous dit pas que la désinfection est terminée

juju666 · Answer

Aussi, il faudrait faire ceci :


&#9654 Rentre dans ton panneau de configuration....    
&#9654 Apparence et personnalisation...    
&#9654 Option des dossiers...(double cliquer dessus)    
&#9654 Dans l'onglet affichage un peu plus bas où il est indiqué "Afficher les dossiers et fichiers cachés": Coche cette option 
&#9654 Encore plus bas : Masquer les fichiers protégés du système d'exploitation (recommandé) : à décocher. 

&#9654 &#9654 ensuite rends toi sur ce lien: 
https://www.virustotal.com/gui/ 


&#9654 Là où il est indiqué "Envoyer le fichier", Clique sur "Parcourir" 
recherche les entrées suivante dans ton disque : 


c:\windows\RegBootClean.exe     


&#9654 Si une fenêtre apparait disant, "Le fichier a déjà été Analysé", Alors clique sur Réanalyser le fichier maintenant 

&#9654 Copie et colle le lien de ta barre d'adresse ici, après que l'analyse soit terminée

carop09 · Answer

C"est pas compliqué quand on sait ce qu'on fait :)

J'ai fais le diagnostic Rapport de ZHPDiag v1.27.1471 par Nicolas Coolman, Update du 30/12/2010
Run by Piquemal at 1/2/2011 5:22:50 PM
Web site :  http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr

---\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385 (Defaut)
GCIE: Google Chrome v

---\ System Information
Windows 7 Home Premium Edition, 32-bit  (Build 7600)
Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3063.3 MB (63% free)
System Restore: 
System drive C: has 171 GB (60%) free of 283 GB

---\ Logged in mode
Computer Name: PC-PIQUEMAL
User Name: Piquemal
All Users Names: Piquemal, HomeGroupUser$, Administrateur, 
Unselected Option:  O1,O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 171 Go of 283 Go)
E:\ CD-ROM drive (Not Inserted)


---\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] NoDispScrSavPage: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK


---\ Recherche particulière de fichiers génériques
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Explorateur Windows.) (.10/31/2009 6:45:39 AM.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.7/14/2009 2:14:45 AM.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.10/28/2009 7:17:59 AM.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 2:26:15 AM.) -- C:\Windows\System32\drivers\atapi.sys [21584]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.7/14/2009 2:20:44 AM.) -- C:\Windows\System32\drivers
tfs.sys [1210432]


---\ Processus lancés
[MD5.B210175A0B9247540F4D8D8102C86A31] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe   [288312]
[MD5.41173AEE838B3988D4B00FA97629B93E] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe   [186904]
[MD5.DA4ED31DD43ABB0AF99888E236FFDB91] - (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe   [498744]
[MD5.D2FAF4BCDF73D10EBBAF38B5E009F41C] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe   [458844]
[MD5.0A7E9FDF3BF1980CA09FEEAC7F52EFBC] - (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe   [81000]
[MD5.A2D390F1F2408B94EF34BFE3A00C29D3] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe   [148888]
[MD5.BAD6BEA0DE1F69C82BDB74378CE0C20A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe   [932288]
[MD5.D2661AF7E22AE40F7A49AF1155CC34D2] - (. Hewlett-Packard Development Company, L.P. - Volume related element.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe   [76344]
[MD5.BAB535431D88D878A2DDCD8B67CF900A] - (.France Telecom SA - Pas de description.) -- C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe   [274432]
[MD5.E2724029D3648C2EB226D16678727FA9] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OBealsched.exe   [202256]
[MD5.68239842340DDFF8993DFD9127553EDA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe   [141848]
[MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe   [173592]
[MD5.CD1102E5D340216138C7F56FA8D26998] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe   [150552]
[MD5.9157189DC07511ECBBE1D2615D8A2FED] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe   [1668664]
[MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\windows\system32\igfxsrvc.exe   [252952]
[MD5.CCF2234A35077CA217A61C9CACC48198] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe   [2363392]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe   [39408]
[MD5.64584E925516568C2F6ACF337991E9BC] - (.Samsung Electronics Co., Ltd. - NPSAgent.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe   [102400]
[MD5.F59BEA8794FD4C8472E3F35848945319] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe   [795936]
[MD5.2240A1A5973B31F9D050C137BD5794EA] - (.Matsushita Electric Industrial Co., Ltd. - PHOTOfunSTUDIO.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe   [40960]
[MD5.540E5F7A6AA459A0CD53CA91267B1B2C] - (.Sigmatel - w98Eject.) -- C:\windows\System\w98eject.exe   [61440]
[MD5.3A19B2D2B5659D375FFFBA9EB71987B8] - (.OpenOffice.org - OpenOffice.org 3.1.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe   [7424000]
[MD5.EEBD0B763F32A26421A35CC2C735E8E3] - (.OpenOffice.org - OpenOffice.org 3.1.) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin   [7418368]
[MD5.43DEA4C9A58CED1054794AAD727A43D9] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe   [2352416]
[MD5.0DE3C7622EC33126579B1742260F08C2] - (.Pas de propriétaire - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe   [632888]
[MD5.017B1CDDA13B2FBBD54232BA19C8C6A5] - (.Hewlett-Packard Development Company L.P. - hpCaslNotification.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe   [311352]
[MD5.B0DA80FF42A0819D162A86612896AAF2] - (.Microsoft Corporation - Windows Update.) -- C:\windows\system32\wuauclt.exe   [47104]
[MD5.58CF468D3FF4CF830339FE5E45356355] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe   [673040]
[MD5.8B4022226C18FA378C324C11CBADDA36] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe   [304304]
[MD5.E71E84BD9910750E421708112ADFC822] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [621568]


---\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2)
P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (.Google, Inc. - Picasa plugin.) -- C:\Program Files\Google\Picasa3
pPicasa3.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.51204.0.) -- c:\Program Files\Microsoft Silverlight\4.0.51204.0
pctrl.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.12.732] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Real\RealPlayer\Netscape6
ppl3260.dll
P2 - FPN: [HKLM] [@real.com/nprjplug;version=1.0.3.732] - (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Real\RealPlayer\Netscape6
prjplug.dll
P2 - FPN: [HKLM] [@real.com/nprphtml5videoshim;version=1.0.0.0] - (.RealNetworks, Inc. - RealPlayer(tm) HTML5VideoShim Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins
prphtml5videoshim.dll
P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.732] - (.RealNetworks, Inc. - 6.0.12.732.) -- C:\Program Files\Real\RealPlayer\Netscape6
prpjplug.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.2.183.39
pGoogleOneClick8.dll


---\ Internet Explorer, Démarrage,Recherche,URSearchHook (R0,R1,R3)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-comm.msn.com&ocid=HPDHP&pc=CMDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R3 - URLSearchHook: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) (5, 3, 2, 0) -- C:\Program Files\Softonic_France_FF	bSoft.dll
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\System32\ieframe.dll
R3 - URLSearchHook: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) (5, 3, 2, 0) -- C:\Program Files\Softonic_France_FF	bSoft.dll


---\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe


---\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealPlayer - RealPlayer Download and Record Plugin.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IEpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
O2 - BHO: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Softonic_France_FF	bSoft.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll


---\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} . (.Pas de propriétaire - Pas de description.) --  (.not file.)
O3 - Toolbar: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Softonic_France_FF	bSoft.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll


---\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe 
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe 
O4 - HKLM\..\Run: [WirelessAssistant] . (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe 
O4 - HKLM\..\Run: [avast!] . (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe 
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe 
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 
O4 - HKLM\..\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe 
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe 
O4 - HKLM\..\Run: [CardDetectorHUAWEI160] . (.France Telecom SA - Pas de description.) -- C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe 
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OBealsched.exe 
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] . (.France Telecom SA - Pas de description.) -- C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe 
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe 
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe 
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe 
O4 - HKLM\..\Run: [UpdatePDRShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe 
O4 - HKCU\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe 
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe 
O4 - HKCU\..\Run: [AutoStartNPSAgent] . (.Samsung Electronics Co., Ltd. - NPSAgent.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe 
O4 - HKUS\S-1-5-21-4236045420-868955874-2380987390-1001\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe 
O4 - HKUS\S-1-5-21-4236045420-868955874-2380987390-1001\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 
O4 - HKUS\S-1-5-21-4236045420-868955874-2380987390-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 
O4 - HKUS\S-1-5-21-4236045420-868955874-2380987390-1001\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe 
O4 - HKUS\S-1-5-21-4236045420-868955874-2380987390-1001\..\Run: [AutoStartNPSAgent] . (.Samsung Electronics Co., Ltd. - NPSAgent.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe 
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk . (.Broadcom Corporation..)  -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk . (.Matsushita Electric Industrial Co., Ltd..)  -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\w98Eject.lnk . (.Sigmatel.)  -- C:\windows\System\w98eject.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk . (.Pas de propriétaire.)  -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe


---\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\CyberLink PowerDirector.lnk . (.CyberLink Corp..)  -- C:\Program Files\CyberLink\PowerDirector\PDR.exe
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\eBay.lnk - Clé orpheline
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\Extrafilm Designer FR.lnk . (.Spector Photo Group.)  -- C:\Program Files\Extrafilm Designer FR\ExtraFilmDesigner.exe
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\Format Factory.lnk . (.Free Time.)  -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\Magic Photo Editor.lnk . (.Pas de propriétaire.)  -- C:\Program Files\Magic Photo Editor\MagicPhoto.exe
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.)  -- C:\Program Files\PhotoFiltre\PhotoFiltre.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Piquemal\Desktop\CyberLink PowerDirector.lnk . (.CyberLink Corp..)  -- C:\Program Files\CyberLink\PowerDirector\PDR.exe
O4 - Global Startup: C:\Users\Piquemal\Desktop\eBay.lnk - Clé orpheline
O4 - Global Startup: C:\Users\Piquemal\Desktop\Extrafilm Designer FR.lnk . (.Spector Photo Group.)  -- C:\Program Files\Extrafilm Designer FR\ExtraFilmDesigner.exe
O4 - Global Startup: C:\Users\Piquemal\Desktop\Format Factory.lnk . (.Free Time.)  -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - Global Startup: C:\Users\Piquemal\Desktop\Magic Photo Editor.lnk . (.Pas de propriétaire.)  -- C:\Program Files\Magic Photo Editor\MagicPhoto.exe
O4 - Global Startup: C:\Users\Piquemal\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.)  -- C:\Program Files\PhotoFiltre\PhotoFiltre.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk - Clé orpheline
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Magic Photo Editor.lnk . (.Pas de propriétaire.)  -- C:\Program Files\Magic Photo Editor\MagicPhoto.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk . (.Google Inc..)  -- C:\Program Files\Google\Picasa3\Picasa3.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk . (.Pas de propriétaire.)  -- C:\windows\Installer\{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}\QTPlayer.ico
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk . (.Samsung Electronics Co., Ltd..)  -- C:\Program Files\Samsung\Samsung New PC Studio\NPSGuide.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - Clé orpheline
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - Clé orpheline


---\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Add to Google Photos Screensa&ver . (.Google Inc. - Google Photos Screensaver.) -- C:\windows\system32\GPhotos.scr
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll


---\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico


---\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\windows\system32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\windows\system32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\windows\system32
apinsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\windows\system32\wshbth.dll


---\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKLM\...\Domains\www] http.mcafeeasap.com
O15 - Trusted Zone: [HKLM\...\EscDomains\www] http.mcafeeasap.com


---\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} (ExtraFilm Uploader Control) - http://www.extrafilm.fr/ExtraFilmUploader6.cab


---\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9AF6D5A-D567-4FFF-A5E7-BF3A92E2EFD5}: DhcpNameServer = 192.168.1.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECBDFCAC-D8B0-4E10-8E13-0412D500F16B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C9AF6D5A-D567-4FFF-A5E7-BF3A92E2EFD5}: DhcpNameServer = 192.168.1.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{ECBDFCAC-D8B0-4E10-8E13-0412D500F16B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C9AF6D5A-D567-4FFF-A5E7-BF3A92E2EFD5}: DhcpNameServer = 192.168.1.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{ECBDFCAC-D8B0-4E10-8E13-0412D500F16B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1


---\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll


---\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\windows\system32\webcheck.dll


---\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service:  (ACDaemon) . (.ArcSoft Inc. - ArcSoft Connect Service.) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service:  (AESTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe
O23 - Service:  (AgereModemAudio) . (.LSI Corporation - LSI Soft Modem Call Progress Service.) - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service:  (aswUpdSv) . (.ALWIL Software - avast! Antivirus updating service.) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service:  (avast! Antivirus) . (.ALWIL Software - avast! antivirus service.) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service:  (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service:  (EFUploadSrv) . (.Textalk AB - ExtraFilm upload service.) - C:\Program Files\Extrafilm Designer FR\EFUploadSrv.exe
O23 - Service:  (FsUsbExService) . (.Teruten - FsUsbDevice.) - C:\windows\system32\FsUsbExService.exe
O23 - Service:  (FTRTSVC) . (.France Telecom SA - Pas de description.) - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service:  (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service:  (HP Health Check Service) . (.Hewlett-Packard Company - HP Support Assistant.) - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service:  (HPDrvMntSvc.exe) . (.Hewlett-Packard Company - HP Quick Synchronization Service.) - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service:  (IAANTMON) . (.Intel Corporation - RAID Monitor.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service:  (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: C:\Program Files\Nero\Update\NASvc.exe (NAUpdate) . (.Nero AG - NeroUpdate.) - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service:  (RichVideo) . (.Pas de propriétaire - RichVideo Module.) - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service:  (STacSV) . (.IDT, Inc. - IDT PC Audio.) - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe


---\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) -  (.not file.)


---\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task  - C:\windows\Tasks\CreateChoiceProcessTask.job
O39 - APT:Automatic Planified Task  - C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task  - C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.B7EE47B4D960BF55BDD7EC1812373872] [APT] [RealUpgradeLogonTaskS-1-5-21-4236045420-868955874-2380987390-1001] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
[MD5.B7EE47B4D960BF55BDD7EC1812373872] [APT] [RealUpgradeScheduledTaskS-1-5-21-4236045420-868955874-2380987390-1001] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
[MD5.00000000000000000000000000000000] [APT] [{2167FF56-FE64-4A91-A2EA-95E891001126}] (.Pas de propriétaire.) -- C:\Program Files\eMule\emule.exe (.not file.)
[MD5.8B02A2A49A76AE63E51F7642B6B063A3] [APT] [{583B7D91-384F-4032-B9C8-E85FFA02C02F}] (.France Telecom SA.) -- C:\Program Files\CardDetector\HUAWEI160\CardDetectorSetup.exe
[MD5.00000000000000000000000000000000] [APT] [{6EBDA793-4DBC-4B49-991C-EC1DA5846904}] (.Pas de propriétaire.) -- D:\AutoRunCardDetector.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{8B7EA9FF-981A-4888-9F9E-C83C1B182F97}] (.Pas de propriétaire.) -- C:\Program Files\eMule\emule.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{A49883E1-5E17-4734-8581-57BEAFEDA364}] (.Pas de propriétaire.) -- D:\AutoRunCardDetector.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{B107D644-E83E-424B-B624-C52C4AB71E33}] (.Pas de propriétaire.) -- D:\AutoRunCardDetector.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{F99EFB9C-9408-4930-8443-B1EBD4BFF3F8}] (.Pas de propriétaire.) -- D:\AutoRunCardDetector.exe (.not file.)
[MD5.D244D86CBEE4DE76EC4D151D9836E808] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
[MD5.FDC7C934ADB8C3B51A3C21781B608673] [APT] [PC Health Analysis] (.Hewlett-Packard Company.) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
[MD5.FDC7C934ADB8C3B51A3C21781B608673] [APT] [PC Tuneup] (.Hewlett-Packard Company.) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe


---\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\windows\system32\drivers\afd.sys
O41 - Driver: C:\windows\system32\drivers\afd.sys (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\windows\system32\DRIVERS\blbdrive.sys
O41 - Driver:  (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: McAfee Inc. mfehidk (mfehidk) . (.McAfee, Inc. - Host Intrusion Detection Link Driver.) - C:\Windows\System32\drivers\mfehidk.sys
O41 - Driver: McAfee Inc. mfetdik (mfetdik) . (.McAfee, Inc. - Anti-Virus Mini-Firewall Driver.) - C:\Windows\System32\drivers\mfetdik.sys
O41 - Driver:  (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\windows\system32\DRIVERS\mssmbios.sys
O41 - Driver:  (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS
etbios.sys
O41 - Driver: C:\windows\system32\drivers
etbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS
etbt.sys
O41 - Driver: C:\windows\system32\drivers
siproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers
siproxy.sys
O41 - Driver: C:\windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERSdbss.sys
O41 - Driver: C:\windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\driversdpencdd.sys
O41 - Driver: C:\windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\driversdprefmp.sys
O41 - Driver: C:\windows\system32	cpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS	dx.sys
O41 - Driver:  (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\windows\system32\DRIVERS	ermdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\windows\system32\drivers\vga.sys
O41 - Driver:  (VWiFiFlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\windows\system32ascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver:  (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys


---\ Logiciels installés (O42)
O42 - Logiciel: ActiveCheck component for HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {254C37AA-6B72-4300-84F6-98A82419187E}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader 9.2 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A92000000001}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {74EC78BC-B379-4E29-9006-8F161DCAABA6}
O42 - Logiciel: ArcSoft Software Suite - (.ArcSoft.) [HKLM] -- {497A1721-088F-41EF-8876-B43C9DA5528B}
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
O42 - Logiciel: CPQ Wallpaper - (.Hewlett-Packard.) [HKLM] -- {F173C2B3-296F-458C-98FF-1676A42EBA02}
O42 - Logiciel: Card Detector for Huawei E160 - (.Pas de propriétaire.) [HKLM] -- CardDetectorHUAWEI160
O42 - Logiciel: Choice Guard - (.Microsoft Corporation.) [HKLM] -- {8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
O42 - Logiciel: Contextual Tool Yourmoneybox - (.Pas de propriétaire.) [HKLM] -- ee84486b
O42 - Logiciel: CyberLink PhotoNow - (.CyberLink Corp..) [HKLM] -- InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}
O42 - Logiciel: CyberLink PhotoNow - (.CyberLink Corp..) [HKLM] -- {D36DD326-7280-11D8-97C8-000129760CBE}
O42 - Logiciel: CyberLink PowerDirector - (.CyberLink Corp..) [HKLM] -- InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
O42 - Logiciel: CyberLink PowerDirector - (.CyberLink Corp..) [HKLM] -- {CB099890-1D5F-11D5-9EA9-0050BAE317E1}
O42 - Logiciel: DirectX 9 Runtime - (.Sonic Solutions.) [HKLM] -- {AF9E97C1-7431-426D-A8D5-ABE40995C0B1}
O42 - Logiciel: Désinstallation de Internet Everywhere - (.Pas de propriétaire.) [HKLM] -- {BEWINTERNET-FR-DMGP-V2}.UninstallSuite
O42 - Logiciel: Extrafilm Designer FR - (.Pas de propriétaire.) [HKLM] -- ExtraFilmDesignerFR
O42 - Logiciel: FormatFactory 2.20 - (.Free Time.) [HKLM] -- FormatFactory
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: HP Advisor - (.Hewlett-Packard.) [HKLM] -- {B53E61D7-7C80-40DF-82D2-CF5390D6D20A}
O42 - Logiciel: HP Common Access Service Library - (.Hewlett-Packard.) [HKLM] -- {87CA636B-85B8-4611-A81D-F97E71024AFD}
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM] -- {07FA4960-B038-49EB-891B-9F95930AA544}
O42 - Logiciel: HP ESU for Microsoft Windows 7 - (.Hewlett-Packard.) [HKLM] -- {511376F5-7E5A-4EC9-B603-193B1D425BC3}
O42 - Logiciel: HP Integrated Module with Bluetooth wireless technology - (.Broadcom Corporation.) [HKLM] -- {9E9D49A4-1DF4-4138-B7DB-5D87A893088E}
O42 - Logiciel: HP Quick Launch Buttons - (.Hewlett-Packard.) [HKLM] -- {34D2AB40-150D-475D-AE32-BD23FB5EE355}
O42 - Logiciel: HP Setup - (.Hewlett-Packard.) [HKLM] -- {D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}
O42 - Logiciel: HP Software Setup - (.Hewlett-Packard.) [HKLM] -- {76AF1F61-BB44-4694-A0EA-C6830C8BEF41}
O42 - Logiciel: HP User Guides 0140 - (.Hewlett-Packard.) [HKLM] -- {9CDFC149-8359-4C4B-9DA0-BA1F773CD70C}
O42 - Logiciel: HP Web Camera - (.Hewlett-Packard.) [HKLM] -- {C7AE4EC3-9C13-4213-8457-74D16B353F91}
O42 - Logiciel: HP Webcam - (.Roxio.) [HKLM] -- {1D61E881-43CD-447B-9E6B-D2C6138B2862}
O42 - Logiciel: HP Webcam Driver - (.Sonix.) [HKLM] -- {399C37FB-08AF-493B-BFED-20FBD85EDF7F}
O42 - Logiciel: HP Wireless Assistant - (.Hewlett-Packard.) [HKLM] -- {54CC7901-804D-4155-B353-21F0CC9112AB}
O42 - Logiciel: HPAsset component for HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {669D4A35-146B-4314-89F1-1AC3D7B88367}
O42 - Logiciel: IDT Audio - (.IDT.) [HKLM] -- {E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {3CCB732A-E472-4CF9-B1EE-F18365341FE0}
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI
O42 - Logiciel: Intel(R) TV Wizard - (.Intel Corporation.) [HKLM] -- TVWiz
O42 - Logiciel: Intel® Matrix Storage Manager - (.Intel Corporation.) [HKLM] -- {9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}
O42 - Logiciel: Java(TM) 6 Update 13 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216013FF}
O42 - Logiciel: LightScribe System Software - (.LightScribe.) [HKLM] -- {82EF29B1-9B60-4142-A155-0599216DD053}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Magic Photo Editor 5.2 - (.Photo Editor Software, Inc..) [HKLM] -- Magic Photo Editor_is1
O42 - Logiciel: Marvell Miniport Driver - (.Marvell.) [HKLM] -- Marvell Miniport Driver
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Nero BurnLite 10 - (.Nero AG.) [HKLM] -- {842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}
O42 - Logiciel: Nero BurnLite 10 - (.Nero AG.) [HKLM] -- {AB627AF2-9C7E-4DBD-816B-3B2646B81E89}
O42 - Logiciel: Nero Control Center 10 - (.Nero AG.) [HKLM] -- {6DFB899F-17A2-48F0-A533-ED8D6866CF38}
O42 - Logiciel: Nero ControlCenter 10 Help (CHM) - (.Nero AG.) [HKLM] -- {523B2B1B-D8DB-4B41-90FF-C4D799E2758A}
O42 - Logiciel: Nero Core Components 10 - (.Nero AG.) [HKLM] -- {2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}
O42 - Logiciel: Nero Update - (.Nero AG.) [HKLM] -- {65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
O42 - Logiciel: OpenOffice.org 3.1 - (.OpenOffice.org.) [HKLM] -- {0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
O42 - Logiciel: Optimization System Earnforfun. - (.Pas de propriétaire.) [HKLM] -- nmbnmzbueesyerxlx
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: PC Connectivity Solution - (.Nokia.) [HKLM] -- {AC599724-5755-48C1-ABE7-ABB857652930}
O42 - Logiciel: PHOTOfunSTUDIO -viewer- - (.Panasonic.) [HKLM] -- {9A9DBEBC-C800-4776-A970-D76D6AA405B1}
O42 - Logiciel: Package de pilotes Windows - Nokia pccsmcfd  (10/12/2007 6.85.4.0) - (.Nokia.) [HKLM] -- 3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F
O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKLM] -- PhotoFiltre
O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM] -- Picasa 3
O42 - Logiciel: QLBCASL - (.Hewlett-Packard.) [HKLM] -- {F1D7AC58-554A-4A58-B784-B61558B1449A}
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
O42 - Logiciel: RealNetworks - Microsoft Visual C++ 2005 Runtime - (.RealNetworks.) [HKLM] -- {026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}
O42 - Logiciel: RealPlayer - (.RealNetworks.) [HKLM] -- RealPlayer 12.0
O42 - Logiciel: RealUpgrade 1.0 - (.RealNetworks, Inc..) [HKLM] -- {F4F4F84E-804F-4E9A-84D7-C34283F0088F}
O42 - Logiciel: Roxio Activation Module - (.Roxio.) [HKLM] -- {EC877639-07AB-495C-BFD1-D63AF9140810}
O42 - Logiciel: Roxio Creator Audio - (.Roxio.) [HKLM] -- {73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
O42 - Logiciel: Roxio Creator Business - (.Roxio.) [HKLM] -- {537BF16E-7412-448C-95D8-846E85A1D817}
O42 - Logiciel: Roxio Creator Business v10 - (.Roxio.) [HKLM] -- {ED439A64-F018-4DD4-8BA5-328D85AB09AB}
O42 - Logiciel: Roxio Creator Copy - (.Roxio.) [HKLM] -- {B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
O42 - Logiciel: Roxio Creator Data - (.Roxio.) [HKLM] -- {08E81ABD-79F7-49C2-881F-FD6CB0975693}
O42 - Logiciel: Roxio Creator Tools - (.Roxio.) [HKLM] -- {1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
O42 - Logiciel: Roxio Express Labeler 3 - (.Roxio.) [HKLM] -- {6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
O42 - Logiciel: Roxio MyDVD - (.Roxio.) [HKLM] -- {30A2A953-DEB1-466A-B660-F4399C7C6B9D}
O42 - Logiciel: SAMSUNG Mobile Composite Device Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile Composite Device
O42 - Logiciel: SAMSUNG Mobile Modem Driver Set - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile Modem
O42 - Logiciel: SAMSUNG Mobile USB Modem 1.0 Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile USB Modem 1.0
O42 - Logiciel: SAMSUNG Mobile USB Modem Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile USB Modem
O42 - Logiciel: SAMSUNG USB Mobile Device Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG USB Mobile Device
O42 - Logiciel: Samsung Mobile Modem Device Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile Modem Device
O42 - Logiciel: Samsung Mobile phone USB driver Drive Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile phone USB driver Drive
O42 - Logiciel: Samsung Mobile phone USB driver Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile phone USB driver
O42 - Logiciel: Samsung New PC Studio - (.Samsung Electronics Co., Ltd..) [HKLM] -- InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}
O42 - Logiciel: Samsung New PC Studio - (.Samsung Electronics Co., Ltd..) [HKLM] -- {F193FC0E-9E18-40FC-A974-509A1BDD240A}
O42 - Logiciel: Samsung New PC Studio USB Driver Installer - (.Samsung Electronics Co., Ltd..) [HKLM] -- InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}
O42 - Logiciel: Samsung New PC Studio USB Driver Installer - (.Samsung Electronics Co., Ltd..) [HKLM] -- {AF7E85DC-317C-47F5-810E-B82EE093A612}
O42 - Logiciel: SamsungConnectivityCableDriver - (.Samsung.) [HKLM] -- {7E84FAC8-C518-40F9-9807-7455301D6D25}
O42 - Logiciel: SigmaTel MSCN Audio Player - (.Pas de propriétaire.) [HKLM] -- {D53F7F05-4F17-4024-88C8-3C012E8555B4}
O42 - Logiciel: Softonic_France_FF Toolbar - (.Pas de propriétaire.) [HKLM] -- Softonic_France_FF Toolbar
O42 - Logiciel: Sonic CinePlayer Decoder Pack - (.Sonic Solutions.) [HKLM] -- {8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: VLC media player 1.1.4 - (.VideoLAN.) [HKLM] -- VLC media player
O42 - Logiciel: Windows 7 Default Setting - (.Hewlett-Packard.) [HKLM] -- {E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {01523985-2098-43AF-9C97-12B07BE02A9B}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {F69E83CF-B440-43F8-89E6-6EA80712109B}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {059C042E-796A-4ACC-A81A-ECC2010BB78C}
O42 - Logiciel: avast! Antivirus - (.Alwil Software.) [HKLM] -- avast!

---\ HKCU & HKLM Software Keys
[HKCU\Software\ALWIL Software]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\89e1f2ec]
[HKCU\Software\AppDataLow\Aurigma]
[HKCU\Software\AppDataLow\Software\Conduit]
[HKCU\Software\AppDataLow\Software\Monitored]
[HKCU\Software\AppDataLow\Software\Softonic_France_FF]
[HKCU\Software\AppDataLow\Software\settings]
[HKCU\Software\AppDataLow\Software\{36117CC7-66F5-092D-B3E0-85B89AD3F7BB}]
[HKCU\Software\AppDataLow\Software\{C6E3F236-56FB-B0CE-DADE-CF4532C12819}]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow\Toolbar]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\ArcSoft]
[HKCU\Software\Aurigma]
[HKCU\Software\CDDB]
[HKCU\Software\CeWe Color]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CyberLink]
[HKCU\Software\DivXNetworks]
[HKCU\Software\ExtraFilmDesignerFR]
[HKCU\Software\FreeTime]
[HKCU\Software\Google]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\INTEL]
[HKCU\Software\JavaSoft]
[HKCU\Software\LightScribe]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\Mobileleader]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\Panasonic]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\Roxio]
[HKCU\Software\Samsung]
[HKCU\Software\Synaptics]
[HKCU\Software\Sysinternals]
[HKCU\Software\Textalk]
[HKCU\Software\Trolltech]
[HKCU\Software\Wget]
[HKCU\Software\Widcomm]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Adobe]
[HKLM\Software\Agere]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\ArcSoft]
[HKLM\Software\BrowserChoice]
[HKLM\Software\CDDB]
[HKLM\Software\Caphyon]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Conduit]
[HKLM\Software\CyberLink]
[HKLM\Software\Debug]
[HKLM\Software\DivXNetworks]
[HKLM\Software\FRANCE TELECOM]
[HKLM\Software\Google]
[HKLM\Software\HPQLOG]
[HKLM\Software\HPQ]
[HKLM\Software\HPS]
[HKLM\Software\HP]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IDT]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\LSI]
[HKLM\Software\Licenses]
[HKLM\Software\LightScribe]
[HKLM\Software\MCCI]
[HKLM\Software\Macromedia]
[HKLM\Software\MarkAny]
[HKLM\Software\Marvell]
[HKLM\Software\McAfee]
[HKLM\Software\MicroVision]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nero]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\PC Connectivity Solution]
[HKLM\Software\PCSuite]
[HKLM\Software\PDFComplete]
[HKLM\Software\Panasonic]
[HKLM\Software\Policies]
[HKLM\Software\RealNetworks]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RichFX]
[HKLM\Software\Roxio]
[HKLM\Software\Samsung]
[HKLM\Software\Softonic_France_FF]
[HKLM\Software\Sonic]
[HKLM\Software\Sonix]
[HKLM\Software\Sun Microsystems]
[HKLM\Software\Swearware]
[HKLM\Software\Synaptics]
[HKLM\Software\VideoLAN]
[HKLM\Software\Volatile]
[HKLM\Software\Widcomm]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\illiminable]


---\ Contenu des dossiers ProgramFiles/ProgramData (O43)
O43 - CFD: 2/14/2010 - 12:22:08 PM ----D- C:\Program Files\Adobe
O43 - CFD: 11/10/2009 - 11:11:30 AM ----D- C:\Program Files\Alwil Software
O43 - CFD: 1/1/2010 - 6:42:30 PM ----D- C:\Program Files\Apple Software Update
O43 - CFD: 1/1/2010 - 6:40:20 PM ----D- C:\Program Files\ArcSoft
O43 - CFD: 12/8/2009 - 1:35:24 PM ----D- C:\Program Files\CADEAUPHOTO.COM
O43 - CFD: 2/5/2010 - 5:18:10 PM ----D- C:\Program Files\CardDetector
O43 - CFD: 1/2/2011 - 3:27:16 PM ----D- C:\Program Files\Common Files
O43 - CFD: 3/27/2010 - 5:35:16 PM ----D- C:\Program Files\Conduit
O43 - CFD: 9/26/2010 - 1:05:00 PM ----D- C:\Program Files\CyberLink
O43 - CFD: 11/3/2010 - 8:51:02 PM ----D- C:\Program Files\DIFX
O43 - CFD: 11/6/2009 - 7:26:10 PM ----D- C:\Program Files\DVD Maker
O43 - CFD: 11/29/2009 - 9:35:56 PM ----D- C:\Program Files\Extrafilm Designer FR
O43 - CFD: 3/27/2010 - 5:34:18 PM ----D- C:\Program Files\FreeTime
O43 - CFD: 3/28/2010 - 8:35:48 PM ----D- C:\Program Files\Google
O43 - CFD: 12/21/2010 - 6:55:46 PM ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 11/3/2009 - 4:59:38 PM ----D- C:\Program Files\IDT
O43 - CFD: 12/21/2010 - 6:56:36 PM --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 11/3/2009 - 4:55:24 PM ----D- C:\Program Files\Intel
O43 - CFD: 12/17/2010 - 10:45:16 PM ----D- C:\Program Files\Internet Explorer
O43 - CFD: 11/10/2009 - 12:12:30 PM ----D- C:\Program Files\Java
O43 - CFD: 11/10/2009 - 12:13:16 PM ----D- C:\Program Files\JRE
O43 - CFD: 11/3/2009 - 5:00:12 PM ----D- C:\Program Files\LSI SoftModem
O43 - CFD: 12/23/2009 - 11:38:58 PM ----D- C:\Program Files\Magic Photo Editor
O43 - CFD: 11/3/2010 - 8:57:18 PM ----D- C:\Program Files\MarkAny
O43 - CFD: 11/3/2010 - 9:56:24 PM ----D- C:\Program Files\MarkAnyContentSAFER
O43 - CFD: 9/15/2009 - 1:29:42 AM ----D- C:\Program Files\Marvell
O43 - CFD: 11/3/2009 - 5:01:46 PM ----D- C:\Program Files\Microsoft
O43 - CFD: 7/27/2009 - 12:09:12 PM ----D- C:\Program Files\Microsoft Games
O43 - CFD: 12/19/2010 - 8:54:18 AM ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 6/26/2010 - 9:06:50 AM ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 7/14/2009 - 5:52:32 AM ----D- C:\Program Files\MSBuild
O43 - CFD: 11/10/2009 - 10:50:46 AM ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 9/12/2010 - 1:59:26 PM ----D- C:\Program Files\Nero
O43 - CFD: 11/10/2009 - 12:13:16 PM ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD: 4/3/2010 - 11:48:24 AM ----D- C:\Program Files\Orange
O43 - CFD: 1/1/2010 - 6:25:22 PM ----D- C:\Program Files\Panasonic
O43 - CFD: 11/3/2010 - 8:57:16 PM ----D- C:\Program Files\PC Connectivity Solution
O43 - CFD: 11/29/2009 - 7:34:16 PM ----D- C:\Program Files\PhotoFiltre
O43 - CFD: 1/1/2010 - 6:43:06 PM ----D- C:\Program Files\QuickTime
O43 - CFD: 3/28/2010 - 8:23:18 PM ----D- C:\Program Files\Real
O43 - CFD: 7/14/2009 - 5:52:32 AM ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 9/15/2009 - 1:57:52 AM ----D- C:\Program Files\Roxio
O43 - CFD: 11/2/2010 - 10:20:36 PM ----D- C:\Program Files\Samsung
O43 - CFD: 7/18/2010 - 7:12:40 PM ----D- C:\Program Files\SigmaTel
O43 - CFD: 3/27/2010 - 5:35:16 PM ----D- C:\Program Files\Softonic_France_FF
O43 - CFD: 11/4/2009 - 12:17:38 AM ----D- C:\Program Files\Synaptics
O43 - CFD: 7/14/2009 - 5:53:24 AM --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 3/27/2010 - 5:35:42 PM ----D- C:\Program Files\VideoLAN
O43 - CFD: 11/3/2009 - 4:57:18 PM ----D- C:\Program Files\WIDCOMM
O43 - CFD: 11/6/2009 - 7:26:26 PM ----D- C:\Program Files\Windows Defender
O43 - CFD: 11/6/2009 - 7:14:42 PM ----D- C:\Program Files\Windows Journal
O43 - CFD: 11/3/2009 - 5:01:40 PM ----D- C:\Program Files\Windows Live
O43 - CFD: 11/3/2009 - 5:01:30 PM ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD: 12/17/2010 - 10:45:16 PM ----D- C:\Program Files\Windows Mail
O43 - CFD: 10/15/2010 - 5:36:00 PM ----D- C:\Program Files\Windows Media Player
O43 - CFD: 7/14/2009 - 5:52:32 AM ----D- C:\Program Files\Windows NT
O43 - CFD: 11/6/2009 - 7:26:26 PM ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 7/14/2009 - 5:52:34 AM ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 11/6/2009 - 7:26:26 PM ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 1/2/2011 - 5:22:58 PM ----D- C:\Program Files\ZHPDiag
O43 - CFD: 11/2/2010 - 10:24:06 PM ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 1/1/2010 - 6:41:18 PM ----D- C:\Program Files\Common Files\ArcSoft
O43 - CFD: 4/3/2010 - 11:47:20 AM ----D- C:\Program Files\Common Files\France Telecom
O43 - CFD: 1/1/2010 - 6:39:56 PM ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 9/15/2009 - 1:58:52 AM ----D- C:\Program Files\Common Files\LightScribe
O43 - CFD: 9/12/2010 - 1:53:02 PM ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 9/12/2010 - 1:58:34 PM ----D- C:\Program Files\Common Files\Nero
O43 - CFD: 3/28/2010 - 8:57:38 PM ----D- C:\Program Files\Common Files\PX Storage Engine
O43 - CFD: 3/28/2010 - 8:23:28 PM ----D- C:\Program Files\Common Files\Real
O43 - CFD: 9/15/2009 - 1:56:20 AM ----D- C:\Program Files\Common Files\Roxio Shared
O43 - CFD: 7/14/2009 - 3:37:06 AM ----D- C:\Program Files\Common Files\Services
O43 - CFD: 11/3/2009 - 5:02:28 PM ----D- C:\Program Files\Common Files\SNP2UVC
O43 - CFD: 9/15/2009 - 1:57:52 AM ----D- C:\Program Files\Common Files\Sonic Shared
O43 - CFD: 7/14/2009 - 3:37:06 AM ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 9/15/2009 - 1:55:06 AM ----D- C:\Program Files\Common Files\SureThing Shared
O43 - CFD: 11/10/2009 - 10:16:50 AM ----D- C:\Program Files\Common Files\System
O43 - CFD: 11/3/2009 - 5:00:34 PM ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 3/28/2010 - 8:23:14 PM ----D- C:\Program Files\Common Files\xing shared
O43 - CFD: 9/19/2010 - 8:15:54 PM ----D- C:\ProgramData\Adobe
O43 - CFD: 12/10/2010 - 5:03:46 PM ----D- C:\ProgramData\al
O43 - CFD: 1/1/2010 - 6:42:28 PM ----D- C:\ProgramData\Apple
O43 - CFD: 1/1/2010 - 6:42:46 PM ----D- C:\ProgramData\Apple Computer
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Application Data
O43 - CFD: 12/1/2010 - 11:57:16 AM ----D- C:\ProgramData\ArcSoft
O43 - CFD: 9/26/2010 - 1:12:28 PM ----D- C:\ProgramData\CyberLink
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Desktop
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Documents
O43 - CFD: 1/1/2011 - 5:57:10 PM ----D- C:\ProgramData\eMule
O43 - CFD: 11/29/2009 - 9:35:54 PM ----D- C:\ProgramData\ExtraFilm
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Favorites
O43 - CFD: 3/28/2010 - 8:22:20 PM ----D- C:\ProgramData\Google
O43 - CFD: 12/21/2010 - 6:45:26 PM ----D- C:\ProgramData\Hewlett-Packard
O43 - CFD: 12/7/2009 - 6:26:10 PM ----D- C:\ProgramData\hps
O43 - CFD: 9/12/2010 - 1:54:16 PM -S--D- C:\ProgramData\Microsoft
O43 - CFD: 11/10/2009 - 10:18:52 AM ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 9/12/2010 - 1:59:28 PM ----D- C:\ProgramData\Nero
O43 - CFD: 11/3/2010 - 9:24:46 PM ----D- C:\ProgramData\PC Suite
O43 - CFD: 12/14/2010 - 7:18:12 PM ----D- C:\ProgramData\Real
O43 - CFD: 4/28/2010 - 6:23:46 AM ----D- C:\ProgramData\Roxio
O43 - CFD: 3/27/2010 - 6:36:22 PM ----D- C:\ProgramData\Sonic
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 9/26/2010 - 1:04:56 PM ----D- C:\ProgramData\Temp
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Templates
O43 - CFD: 11/3/2009 - 5:04:02 PM ----D- C:\ProgramData\Uninstall
O43 - CFD: 11/2/2010 - 10:24:06 PM ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 1/1/2010 - 6:41:18 PM ----D- C:\Program Files\Common Files\ArcSoft
O43 - CFD: 4/3/2010 - 11:47:20 AM ----D- C:\Program Files\Common Files\France Telecom
O43 - CFD: 1/1/2010 - 6:39:56 PM ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 9/15/2009 - 1:58:52 AM ----D- C:\Program Files\Common Files\LightScribe
O43 - CFD: 9/12/2010 - 1:53:02 PM ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 9/12/2010 - 1:58:34 PM ----D- C:\Program Files\Common Files\Nero
O43 - CFD: 3/28/2010 - 8:57:38 PM ----D- C:\Program Files\Common Files\PX Storage Engine
O43 - CFD: 3/28/2010 - 8:23:28 PM ----D- C:\Program Files\Common Files\Real
O43 - CFD: 9/15/2009 - 1:56:20 AM ----D- C:\Program Files\Common Files\Roxio Shared
O43 - CFD: 7/14/2009 - 3:37:06 AM ----D- C:\Program Files\Common Files\Services
O43 - CFD: 11/3/2009 - 5:02:28 PM ----D- C:\Program Files\Common Files\SNP2UVC
O43 - CFD: 9/15/2009 - 1:57:52 AM ----D- C:\Program Files\Common Files\Sonic Shared
O43 - CFD: 7/14/2009 - 3:37:06 AM ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 9/15/2009 - 1:55:06 AM ----D- C:\Program Files\Common Files\SureThing Shared
O43 - CFD: 11/10/2009 - 10:16:50 AM ----D- C:\Program Files\Common Files\System
O43 - CFD: 11/3/2009 - 5:00:34 PM ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 3/28/2010 - 8:23:14 PM ----D- C:\Program Files\Common Files\xing shared


---\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.A59F6806FDB6C66625F0C7657C39F726] - 1/1/2011 - 4:43:01 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\RegBootClean.exe   [102400]
O44 - LFC:[MD5.F306D7C356B56C33AFB1F68695BFB25E] - 1/1/2011 - 4:46:45 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\RegBootClean.CFG   [1508]
O44 - LFC:[MD5.97E9B09F9F2DA6DD79F9415B824CD296] - 1/1/2011 - 4:46:45 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\RegBootClean.LOG   [820]
O44 - LFC:[MD5.DBA91CD5A3A68302967C03213E52BDE8] - 1/2/2011 - 3:02:42 PM --HA- . (.Pas de propriétaire - Pas de description.) -- C:\windows\QTFont.qfn   [54156]
O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 1/2/2011 - 3:21:23 PM ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\windows\SWXCACLS.exe   [212480]
O44 - LFC:[MD5.AE72E8619CB31D84DA25E2435E55003C] - 1/2/2011 - 3:21:50 PM ---A- . (.NirSoft - NirCmd.) -- C:\windows\NIRCMD.exe   [31232]
O44 - LFC:[MD5.9DAA7218961710008D7385B01BD3F386] - 1/2/2011 - 3:21:50 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\MBR.exe   [89088]
O44 - LFC:[MD5.F1FBA6185A6A2BC6456970914875078E] - 1/2/2011 - 3:21:50 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\PEV.exe   [256512]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 1/2/2011 - 3:21:50 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\grep.exe   [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF]

juju666 · Answer

Hop hop hop :D

C'est cool mais faut l'héberger sur cijoint.fr car là il n'est pas complet ;-)

Ensuite tu feras CECI stp suite à l'intervention de notre ami Ced_King qui m'a contacté par Message Privé (et que je remercie)

juju666 · Answer

Ok vu 

- Crée un nouveau document texte : clic droit de souris sur le bureau => Nouveau => Document Texte

- copie/colle dedans les lignes suivantes :


KillAll::

Files::
c:\windows\system32\ee84486b.exe
c:\windows\system32
mbnmzbueesyerxlx.exe


- Enregistre ce fichier sous le nom CFScript --> (Type du fichier : tous les fichiers)

- Ferme tous tes navigateurs web (donc copie ou imprime les instructions suivantes avant si besoin est).
- Désactive ton antivirus et tes autres protections résidentes .
- Fais un glisser/déposer de ce fichier CFScript sur le programme ComboFix.exe comme sur cette image

=> Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris).

- Combofix va démarrer,
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal !
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
- Une fois le scan achevé, un rapport va s'afficher: poste le stp.

carop09 · Answer

voila c fait

ComboFix 11-01-01.03 - Piquemal 02/01/2011  18:16:35.2.2 - x86
Microsoft Windows 7 Édition Familiale Premium   6.1.7600.0.1252.33.1036.18.3063.1972 [GMT 1:00]
Lancé depuis: c:\users\Piquemal\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Piquemal\Desktop\CFScript.txt
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((   Fichiers créés du 2010-12-02 au 2011-01-02  ))))))))))))))))))))))))))))))))))))
.

2011-01-02 17:22 . 2011-01-02 17:22	--------	d-----w-	c:\users\Default\AppData\Local	emp
2011-01-02 16:22 . 2011-01-02 16:23	--------	d-----w-	c:\program files\ZHPDiag
2011-01-01 15:43 . 2011-01-01 15:43	102400	----a-w-	c:\windows\RegBootClean.exe
2011-01-01 15:17 . 2010-11-10 04:33	6273872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FC67BCD-44A3-4C31-AD01-C30C96737333}\mpengine.dll
2010-12-21 17:54 . 2010-12-21 17:54	--------	d-----w-	c:\programdata\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2010-12-16 04:44 . 2010-10-12 04:25	516096	----a-w-	c:\program files\Windows Mail\wab.exe
2010-12-16 04:44 . 2010-10-27 04:32	2048	----a-w-	c:\windows\system32	zres.dll
2010-12-10 16:03 . 2010-12-10 16:03	--------	d-----w-	c:\programdata\al
2010-12-10 16:03 . 2010-12-10 16:03	--------	d-----w-	c:\windows\Sun
2010-12-10 16:02 . 2010-12-10 16:02	125641	----a-w-	c:\windows\system32\ee84486b.exe
2010-12-10 16:02 . 2010-12-24 17:11	61313	----a-w-	c:\windows\system32
mbnmzbueesyerxlx.exe
2010-12-10 15:05 . 2011-01-01 16:57	--------	d-----w-	c:\programdata\eMule

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35	4280320	----a-w-	c:\windows\system32\GPhotos.scr
2010-11-03 20:54 . 2007-10-25 16:26	5632	----a-w-	c:\windows\system32\drivers\StarOpen.sys
2010-10-27 12:28 . 2010-12-21 17:57	11320	----a-w-	c:\windows\help\OEM\Scripts\HPSARedirectorLauncher.exe
2010-10-23 19:35 . 2010-10-23 19:35	1409	----a-w-	c:\windows\QTFont.for
2010-10-19 09:41 . 2009-11-10 09:40	222080	------w-	c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6d6b212b-2245-4898-8b16-9a11b81ff9e1}"= "c:\program files\Softonic_France_FF	bSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]
2009-11-09 17:38	2331672	----a-w-	c:\program files\Softonic_France_FF	bSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6d6b212b-2245-4898-8b16-9a11b81ff9e1}"= "c:\program files\Softonic_France_FF	bSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6D6B212B-2245-4898-8B16-9A11B81FF9E1}"= "c:\program files\Softonic_France_FF	bSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-28 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-11-03 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-17 186904]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-13 458844]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-10 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"CardDetectorHUAWEI160"="c:\program files\CardDetector\HUAWEI160\CardDetector.exe" [2008-09-25 274432]
"TkBellExe"="c:\program files\Common Files\Real\Update_OBealsched.exe" [2010-03-28 202256]
"BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe" [2008-09-25 131824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

c:\users\Piquemal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2010-1-1 40960]
w98Eject.lnk - c:\windows\System\w98eject.exe [2010-7-18 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\Drivers\AF9035HB.sys [2010-09-26 864384]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-08-20 100224]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS
etw5v32.sys [2009-06-04 4231680]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2008-06-26 28224]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-06 1343400]
S1 aswSP;avast! Self Protection; [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 EFUploadSrv;ExtraFilm upload service;c:\program files\Extrafilm Designer FR\EFUploadSrv.exe [2009-07-09 1716224]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 135664]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 NETw5s32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows 7 32 bits ;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-20 313856]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'

2010-03-24 c:\windows\Tasks\CreateChoiceProcessTask.job
- c:\windows\System32\browserchoice.exe [2010-03-23 07:10]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 19:35]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 19:35]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_FR&c=92&bd=all&pf=cmnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} - hxxp://www.extrafilm.fr/ExtraFilmUploader6.cab
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(4972)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32	askhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2011-01-02  18:29:12 - La machine a redémarré
ComboFix-quarantined-files.txt  2011-01-02 17:29
ComboFix2.txt  2011-01-02 14:34

Avant-CF: 184 016 191 488 octets libres
Après-CF: 183 702 802 432 octets libres

- - End Of File - - BD5E623174C315084DD5FB470C8C792F

juju666 · Answer

Ok, erreur dans le script, on recommence.... désolé. 

- Crée un nouveau document texte : clic droit de souris sur le bureau => Nouveau => Document Texte 

- copie/colle dedans les lignes suivantes : 


KillAll:: 

File:: 
c:\windows\system32\ee84486b.exe 
c:\windows\system32
mbnmzbueesyerxlx.exe 


- Enregistre ce fichier sous le nom CFScript --> (Type du fichier : tous les fichiers) 

- Ferme tous tes navigateurs web (donc copie ou imprime les instructions suivantes avant si besoin est). 
- Désactive ton antivirus et tes autres protections résidentes . 
- Fais un glisser/déposer de ce fichier CFScript sur le programme ComboFix.exe comme sur cette image 

=> Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris). 

- Combofix va démarrer, 
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! 
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter ! 
- Une fois le scan achevé, un rapport va s'afficher: poste le stp.  

@+

carop09 · Answer

voila le nouveau rapport

ComboFix 11-01-01.03 - Piquemal 02/01/2011  18:55:03.3.2 - x86
Microsoft Windows 7 Édition Familiale Premium   6.1.7600.0.1252.33.1036.18.3063.1979 [GMT 1:00]
Lancé depuis: c:\users\Piquemal\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Piquemal\Desktop\CFScript.txt
AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\ee84486b.exe"
"c:\windows\system32
mbnmzbueesyerxlx.exe"
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ee84486b.exe
c:\windows\system32
mbnmzbueesyerxlx.exe

.
(((((((((((((((((((((((((((((   Fichiers créés du 2010-12-02 au 2011-01-02  ))))))))))))))))))))))))))))))))))))
.

2011-01-02 18:00 . 2011-01-02 18:00	--------	d-----w-	c:\users\Default\AppData\Local	emp
2011-01-02 16:22 . 2011-01-02 16:23	--------	d-----w-	c:\program files\ZHPDiag
2011-01-01 15:43 . 2011-01-01 15:43	102400	----a-w-	c:\windows\RegBootClean.exe
2011-01-01 15:17 . 2010-11-10 04:33	6273872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6FC67BCD-44A3-4C31-AD01-C30C96737333}\mpengine.dll
2010-12-21 17:54 . 2010-12-21 17:54	--------	d-----w-	c:\programdata\{23D58E70-3B83-4B83-A227-68770F84F5EC}
2010-12-16 04:44 . 2010-10-12 04:25	516096	----a-w-	c:\program files\Windows Mail\wab.exe
2010-12-16 04:44 . 2010-10-27 04:32	2048	----a-w-	c:\windows\system32	zres.dll
2010-12-10 16:03 . 2010-12-10 16:03	--------	d-----w-	c:\programdata\al
2010-12-10 16:03 . 2010-12-10 16:03	--------	d-----w-	c:\windows\Sun
2010-12-10 15:05 . 2011-01-01 16:57	--------	d-----w-	c:\programdata\eMule

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-02 03:35 . 2010-12-02 03:35	4280320	----a-w-	c:\windows\system32\GPhotos.scr
2010-11-03 20:54 . 2007-10-25 16:26	5632	----a-w-	c:\windows\system32\drivers\StarOpen.sys
2010-10-27 12:28 . 2010-12-21 17:57	11320	----a-w-	c:\windows\help\OEM\Scripts\HPSARedirectorLauncher.exe
2010-10-23 19:35 . 2010-10-23 19:35	1409	----a-w-	c:\windows\QTFont.for
2010-10-19 09:41 . 2009-11-10 09:40	222080	------w-	c:\windows\system32\MpSigStub.exe
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6d6b212b-2245-4898-8b16-9a11b81ff9e1}"= "c:\program files\Softonic_France_FF	bSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]
2009-11-09 17:38	2331672	----a-w-	c:\program files\Softonic_France_FF	bSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6d6b212b-2245-4898-8b16-9a11b81ff9e1}"= "c:\program files\Softonic_France_FF	bSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6D6B212B-2245-4898-8B16-9A11B81FF9E1}"= "c:\program files\Softonic_France_FF	bSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{6d6b212b-2245-4898-8b16-9a11b81ff9e1}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-28 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-11-03 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-17 186904]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-13 458844]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-10 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"CardDetectorHUAWEI160"="c:\program files\CardDetector\HUAWEI160\CardDetector.exe" [2008-09-25 274432]
"TkBellExe"="c:\program files\Common Files\Real\Update_OBealsched.exe" [2010-03-28 202256]
"BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe" [2008-09-25 131824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

c:\users\Piquemal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2010-1-1 40960]
w98Eject.lnk - c:\windows\System\w98eject.exe [2010-7-18 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\Drivers\AF9035HB.sys [2010-09-26 864384]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-08-20 100224]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS
etw5v32.sys [2009-06-04 4231680]
R3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCAMp50.sys [2008-06-26 28224]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-06 1343400]
S1 aswSP;avast! Self Protection; [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 53328]
S2 EFUploadSrv;ExtraFilm upload service;c:\program files\Extrafilm Designer FR\EFUploadSrv.exe [2009-07-09 1716224]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 135664]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 NETw5s32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows 7 32 bits ;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-20 313856]


--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'

2010-03-24 c:\windows\Tasks\CreateChoiceProcessTask.job
- c:\windows\System32\browserchoice.exe [2010-03-23 07:10]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 19:35]

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 19:35]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_FR&c=92&bd=all&pf=cmnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} - hxxp://www.extrafilm.fr/ExtraFilmUploader6.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

AddRemove-ee84486b - c:\windows\system32\ee84486b.exe
AddRemove-nmbnmzbueesyerxlx - c:\windows\system32
mbnmzbueesyerxlx.exe


.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(6116)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32	askhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\Shared\hpCaslNotification.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Heure de fin: 2011-01-02  19:06:40 - La machine a redémarré
ComboFix-quarantined-files.txt  2011-01-02 18:06
ComboFix2.txt  2011-01-02 17:29
ComboFix3.txt  2011-01-02 14:34

Avant-CF: 183 754 776 576 octets libres
Après-CF: 183 712 989 184 octets libres

- - End Of File - - C55BC61BF3B38D47A17F4FD0863B4428

juju666 · Answer

Voilàààààààààààààà c'est mieux :D

Peux tu passer à ZHPDiag s'il te plaît? :)

@+

carop09 · Answer

Rapport de ZHPDiag v1.27.1471 par Nicolas Coolman, Update du 30/12/2010
Run by Piquemal at 1/2/2011 7:24:09 PM
Web site :  http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr

---\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385 (Defaut)
GCIE: Google Chrome v

---\ System Information
Windows 7 Home Premium Edition, 32-bit  (Build 7600)
Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3063.3 MB (63% free)
System Restore: 
System drive C: has 171 GB (60%) free of 283 GB

---\ Logged in mode
Computer Name: PC-PIQUEMAL
User Name: Piquemal
All Users Names: Piquemal, HomeGroupUser$, Administrateur, 
Unselected Option:  O1,O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 171 Go of 283 Go)
E:\ CD-ROM drive (Not Inserted)


---\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] NoDispScrSavPage: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK


---\ Recherche particulière de fichiers génériques
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Explorateur Windows.) (.10/31/2009 6:45:39 AM.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.7/14/2009 2:14:45 AM.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.10/28/2009 7:17:59 AM.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/14/2009 2:26:15 AM.) -- C:\Windows\System32\drivers\atapi.sys [21584]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.7/14/2009 2:20:44 AM.) -- C:\Windows\System32\drivers
tfs.sys [1210432]


---\ Processus lancés
[MD5.B210175A0B9247540F4D8D8102C86A31] - (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe   [288312]
[MD5.41173AEE838B3988D4B00FA97629B93E] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe   [186904]
[MD5.DA4ED31DD43ABB0AF99888E236FFDB91] - (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe   [498744]
[MD5.D2FAF4BCDF73D10EBBAF38B5E009F41C] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe   [458844]
[MD5.0A7E9FDF3BF1980CA09FEEAC7F52EFBC] - (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe   [81000]
[MD5.A2D390F1F2408B94EF34BFE3A00C29D3] - (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe   [148888]
[MD5.BAD6BEA0DE1F69C82BDB74378CE0C20A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe   [932288]
[MD5.D2661AF7E22AE40F7A49AF1155CC34D2] - (. Hewlett-Packard Development Company, L.P. - Volume related element.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe   [76344]
[MD5.A7810B302294793DE88542AAE177D1B1] - (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe   [207424]
[MD5.BAB535431D88D878A2DDCD8B67CF900A] - (.France Telecom SA - Pas de description.) -- C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe   [274432]
[MD5.E2724029D3648C2EB226D16678727FA9] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OBealsched.exe   [202256]
[MD5.68239842340DDFF8993DFD9127553EDA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe   [141848]
[MD5.004763BDF8E48244DBB9FDFDE3065EBC] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe   [173592]
[MD5.CD1102E5D340216138C7F56FA8D26998] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe   [150552]
[MD5.F400694D7D2785F60133C20F7F2F4F7A] - (.ArcSoft Inc. - ArcSoft Connect Notifier.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac   [309824]
[MD5.9157189DC07511ECBBE1D2615D8A2FED] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe   [1668664]
[MD5.CCF2234A35077CA217A61C9CACC48198] - (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe   [2363392]
[MD5.5D61BE7DB55B026A5D61A3EED09D0EAD] - (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe   [39408]
[MD5.D9C51528488EA0D98D3C4D02ABD16759] - (.Intel Corporation - igfxsrvc Module.) -- C:\windows\system32\igfxsrvc.exe   [252952]
[MD5.64584E925516568C2F6ACF337991E9BC] - (.Samsung Electronics Co., Ltd. - NPSAgent.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe   [102400]
[MD5.F59BEA8794FD4C8472E3F35848945319] - (.Broadcom Corporation. - Bluetooth Tray Application.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe   [795936]
[MD5.2240A1A5973B31F9D050C137BD5794EA] - (.Matsushita Electric Industrial Co., Ltd. - PHOTOfunSTUDIO.) -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe   [40960]
[MD5.540E5F7A6AA459A0CD53CA91267B1B2C] - (.Sigmatel - w98Eject.) -- C:\windows\System\w98eject.exe   [61440]
[MD5.3A19B2D2B5659D375FFFBA9EB71987B8] - (.OpenOffice.org - OpenOffice.org 3.1.) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe   [7424000]
[MD5.EEBD0B763F32A26421A35CC2C735E8E3] - (.OpenOffice.org - OpenOffice.org 3.1.) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin   [7418368]
[MD5.43DEA4C9A58CED1054794AAD727A43D9] - (.Broadcom Corporation. - Bluetooth Stack COM Server.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe   [2352416]
[MD5.0DE3C7622EC33126579B1742260F08C2] - (.Pas de propriétaire - HpqToaster Module.) -- C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe   [632888]
[MD5.017B1CDDA13B2FBBD54232BA19C8C6A5] - (.Hewlett-Packard Development Company L.P. - hpCaslNotification.) -- C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe   [311352]
[MD5.B0DA80FF42A0819D162A86612896AAF2] - (.Microsoft Corporation - Windows Update.) -- C:\windows\system32\wuauclt.exe   [47104]
[MD5.58CF468D3FF4CF830339FE5E45356355] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe   [673040]
[MD5.8B4022226C18FA378C324C11CBADDA36] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe   [304304]
[MD5.E71E84BD9910750E421708112ADFC822] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [621568]


---\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions  (P2,M0,M1,M2)
P2 - FPN: [HKLM] [@google.com/npPicasa3,version=3.0.0] - (.Google, Inc. - Picasa plugin.) -- C:\Program Files\Google\Picasa3
pPicasa3.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.51204.0.) -- c:\Program Files\Microsoft Silverlight\4.0.51204.0
pctrl.dll
P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.12.732] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:\Program Files\Real\RealPlayer\Netscape6
ppl3260.dll
P2 - FPN: [HKLM] [@real.com/nprjplug;version=1.0.3.732] - (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:\Program Files\Real\RealPlayer\Netscape6
prjplug.dll
P2 - FPN: [HKLM] [@real.com/nprphtml5videoshim;version=1.0.0.0] - (.RealNetworks, Inc. - RealPlayer(tm) HTML5VideoShim Plug-In.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins
prphtml5videoshim.dll
P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.732] - (.RealNetworks, Inc. - 6.0.12.732.) -- C:\Program Files\Real\RealPlayer\Netscape6
prpjplug.dll
P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.2.183.39
pGoogleOneClick8.dll


---\ Internet Explorer, Démarrage,Recherche,URSearchHook (R0,R1,R3)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-comm.msn.com&ocid=HPDHP&pc=CMDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R3 - URLSearchHook: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) (5, 3, 2, 0) -- C:\Program Files\Softonic_France_FF	bSoft.dll
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\System32\ieframe.dll
R3 - URLSearchHook: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) (5, 3, 2, 0) -- C:\Program Files\Softonic_France_FF	bSoft.dll


---\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe


---\ Browser Helper Objects de navigateur (O2)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} . (.RealPlayer - RealPlayer Download and Record Plugin.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IEpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
O2 - BHO: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Softonic_France_FF	bSoft.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll


---\ Internet Explorer Toolbars (O3)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} . (.Pas de propriétaire - Pas de description.) --  (.not file.)
O3 - Toolbar: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Softonic_France_FF	bSoft.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll


---\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [QlbCtrl.exe] . (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe 
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe 
O4 - HKLM\..\Run: [WirelessAssistant] . (.Hewlett-Packard - HP Wireless Assistant Main Program.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe 
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe 
O4 - HKLM\..\Run: [avast!] . (.ALWIL Software - avast! service GUI component.) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe 
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe 
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe 
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe 
O4 - HKLM\..\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe 
O4 - HKLM\..\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files\QuickTime\QTTask.exe 
O4 - HKLM\..\Run: [CardDetectorHUAWEI160] . (.France Telecom SA - Pas de description.) -- C:\Program Files\CardDetector\HUAWEI160\CardDetector.exe 
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Common Files\Real\Update_OBealsched.exe 
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] . (.France Telecom SA - Pas de description.) -- C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe 
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\windows\system32\igfxtray.exe 
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\windows\system32\hkcmd.exe 
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\windows\system32\igfxpers.exe 
O4 - HKLM\..\Run: [UpdatePDRShortCut] . (.CyberLink Corp. - MUI StartMenu Application.) -- C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe 
O4 - HKCU\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe 
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe 
O4 - HKCU\..\Run: [AutoStartNPSAgent] . (.Samsung Electronics Co., Ltd. - NPSAgent.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe 
O4 - HKUS\S-1-5-21-4236045420-868955874-2380987390-1001\..\Run: [HPADVISOR] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe 
O4 - HKUS\S-1-5-21-4236045420-868955874-2380987390-1001\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - Pas de description.) -- C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 
O4 - HKUS\S-1-5-21-4236045420-868955874-2380987390-1001\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 
O4 - HKUS\S-1-5-21-4236045420-868955874-2380987390-1001\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe 
O4 - HKUS\S-1-5-21-4236045420-868955874-2380987390-1001\..\Run: [AutoStartNPSAgent] . (.Samsung Electronics Co., Ltd. - NPSAgent.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe 
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk . (.Broadcom Corporation..)  -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk . (.Matsushita Electric Industrial Co., Ltd..)  -- C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\w98Eject.lnk . (.Sigmatel.)  -- C:\windows\System\w98eject.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk . (.Pas de propriétaire.)  -- C:\Program Files\OpenOffice.org 3\program\quickstart.exe


---\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\CyberLink PowerDirector.lnk . (.CyberLink Corp..)  -- C:\Program Files\CyberLink\PowerDirector\PDR.exe
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\eBay.lnk - Clé orpheline
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\Extrafilm Designer FR.lnk . (.Spector Photo Group.)  -- C:\Program Files\Extrafilm Designer FR\ExtraFilmDesigner.exe
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\Format Factory.lnk . (.Free Time.)  -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\Magic Photo Editor.lnk . (.Pas de propriétaire.)  -- C:\Program Files\Magic Photo Editor\MagicPhoto.exe
O4 - Global Startup: C:\Documents And Settings\Piquemal\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.)  -- C:\Program Files\PhotoFiltre\PhotoFiltre.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Piquemal\Desktop\CyberLink PowerDirector.lnk . (.CyberLink Corp..)  -- C:\Program Files\CyberLink\PowerDirector\PDR.exe
O4 - Global Startup: C:\Users\Piquemal\Desktop\eBay.lnk - Clé orpheline
O4 - Global Startup: C:\Users\Piquemal\Desktop\Extrafilm Designer FR.lnk . (.Spector Photo Group.)  -- C:\Program Files\Extrafilm Designer FR\ExtraFilmDesigner.exe
O4 - Global Startup: C:\Users\Piquemal\Desktop\Format Factory.lnk . (.Free Time.)  -- C:\Program Files\FreeTime\FormatFactory\FormatFactory.exe
O4 - Global Startup: C:\Users\Piquemal\Desktop\Magic Photo Editor.lnk . (.Pas de propriétaire.)  -- C:\Program Files\Magic Photo Editor\MagicPhoto.exe
O4 - Global Startup: C:\Users\Piquemal\Desktop\PhotoFiltre.lnk . (.Antonio Da Cruz.)  -- C:\Program Files\PhotoFiltre\PhotoFiltre.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk - Clé orpheline
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.)  -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Magic Photo Editor.lnk . (.Pas de propriétaire.)  -- C:\Program Files\Magic Photo Editor\MagicPhoto.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk . (.Google Inc..)  -- C:\Program Files\Google\Picasa3\Picasa3.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk . (.Pas de propriétaire.)  -- C:\windows\Installer\{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}\QTPlayer.ico
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung New PC Studio.lnk . (.Samsung Electronics Co., Ltd..)  -- C:\Program Files\Samsung\Samsung New PC Studio\NPSGuide.exe
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - Clé orpheline
O4 - Global Startup: C:\Users\Piquemal\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - Clé orpheline


---\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: Add to Google Photos Screensa&ver . (.Google Inc. - Google Photos Screensaver.) -- C:\windows\system32\GPhotos.scr
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll


---\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico


---\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\windows\system32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\windows\system32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\windows\system32
apinsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\windows\system32\wshbth.dll


---\ Site dans la Zone de confiance d'Internet Explorer (O15)
O15 - Trusted Zone: [HKLM\...\Domains\www] http.mcafeeasap.com
O15 - Trusted Zone: [HKLM\...\EscDomains\www] http.mcafeeasap.com


---\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {B60CEFE7-2DD0-4B78-951A-509D951DB1F0} (ExtraFilm Uploader Control) - http://www.extrafilm.fr/ExtraFilmUploader6.cab


---\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9AF6D5A-D567-4FFF-A5E7-BF3A92E2EFD5}: DhcpNameServer = 192.168.1.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECBDFCAC-D8B0-4E10-8E13-0412D500F16B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{C9AF6D5A-D567-4FFF-A5E7-BF3A92E2EFD5}: DhcpNameServer = 192.168.1.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{ECBDFCAC-D8B0-4E10-8E13-0412D500F16B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{C9AF6D5A-D567-4FFF-A5E7-BF3A92E2EFD5}: DhcpNameServer = 192.168.1.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{ECBDFCAC-D8B0-4E10-8E13-0412D500F16B}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1


---\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll


---\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\windows\system32\webcheck.dll


---\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service:  (ACDaemon) . (.ArcSoft Inc. - ArcSoft Connect Service.) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service:  (AESTFilters) . (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe
O23 - Service:  (AgereModemAudio) . (.LSI Corporation - LSI Soft Modem Call Progress Service.) - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service:  (aswUpdSv) . (.ALWIL Software - avast! Antivirus updating service.) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service:  (avast! Antivirus) . (.ALWIL Software - avast! antivirus service.) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service:  (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service:  (EFUploadSrv) . (.Textalk AB - ExtraFilm upload service.) - C:\Program Files\Extrafilm Designer FR\EFUploadSrv.exe
O23 - Service:  (FsUsbExService) . (.Teruten - FsUsbDevice.) - C:\windows\system32\FsUsbExService.exe
O23 - Service:  (FTRTSVC) . (.France Telecom SA - Pas de description.) - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service:  (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service:  (HP Health Check Service) . (.Hewlett-Packard Company - HP Support Assistant.) - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service:  (HPDrvMntSvc.exe) . (.Hewlett-Packard Company - HP Quick Synchronization Service.) - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service:  (IAANTMON) . (.Intel Corporation - RAID Monitor.) - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service:  (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: C:\Program Files\Nero\Update\NASvc.exe (NAUpdate) . (.Nero AG - NeroUpdate.) - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service:  (RichVideo) . (.Pas de propriétaire - RichVideo Module.) - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service:  (STacSV) . (.IDT, Inc. - IDT PC Audio.) - C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe


---\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) -  (.not file.)


---\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task  - C:\windows\Tasks\CreateChoiceProcessTask.job
O39 - APT:Automatic Planified Task  - C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task  - C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
[MD5.B7EE47B4D960BF55BDD7EC1812373872] [APT] [RealUpgradeLogonTaskS-1-5-21-4236045420-868955874-2380987390-1001] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
[MD5.B7EE47B4D960BF55BDD7EC1812373872] [APT] [RealUpgradeScheduledTaskS-1-5-21-4236045420-868955874-2380987390-1001] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
[MD5.00000000000000000000000000000000] [APT] [{2167FF56-FE64-4A91-A2EA-95E891001126}] (.Pas de propriétaire.) -- C:\Program Files\eMule\emule.exe (.not file.)
[MD5.8B02A2A49A76AE63E51F7642B6B063A3] [APT] [{583B7D91-384F-4032-B9C8-E85FFA02C02F}] (.France Telecom SA.) -- C:\Program Files\CardDetector\HUAWEI160\CardDetectorSetup.exe
[MD5.00000000000000000000000000000000] [APT] [{6EBDA793-4DBC-4B49-991C-EC1DA5846904}] (.Pas de propriétaire.) -- D:\AutoRunCardDetector.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{8B7EA9FF-981A-4888-9F9E-C83C1B182F97}] (.Pas de propriétaire.) -- C:\Program Files\eMule\emule.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{A49883E1-5E17-4734-8581-57BEAFEDA364}] (.Pas de propriétaire.) -- D:\AutoRunCardDetector.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{B107D644-E83E-424B-B624-C52C4AB71E33}] (.Pas de propriétaire.) -- D:\AutoRunCardDetector.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{F99EFB9C-9408-4930-8443-B1EBD4BFF3F8}] (.Pas de propriétaire.) -- D:\AutoRunCardDetector.exe (.not file.)
[MD5.D244D86CBEE4DE76EC4D151D9836E808] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
[MD5.FDC7C934ADB8C3B51A3C21781B608673] [APT] [PC Health Analysis] (.Hewlett-Packard Company.) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe
[MD5.FDC7C934ADB8C3B51A3C21781B608673] [APT] [PC Tuneup] (.Hewlett-Packard Company.) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe


---\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\windows\system32\drivers\afd.sys
O41 - Driver: C:\windows\system32\drivers\afd.sys (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\windows\system32\DRIVERS\blbdrive.sys
O41 - Driver:  (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: McAfee Inc. mfehidk (mfehidk) . (.McAfee, Inc. - Host Intrusion Detection Link Driver.) - C:\Windows\System32\drivers\mfehidk.sys
O41 - Driver: McAfee Inc. mfetdik (mfetdik) . (.McAfee, Inc. - Anti-Virus Mini-Firewall Driver.) - C:\Windows\System32\drivers\mfetdik.sys
O41 - Driver:  (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\windows\system32\DRIVERS\mssmbios.sys
O41 - Driver:  (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS
etbios.sys
O41 - Driver: C:\windows\system32\drivers
etbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS
etbt.sys
O41 - Driver: C:\windows\system32\drivers
siproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers
siproxy.sys
O41 - Driver: C:\windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERSdbss.sys
O41 - Driver: C:\windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\driversdpencdd.sys
O41 - Driver: C:\windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\driversdprefmp.sys
O41 - Driver: C:\windows\system32	cpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS	dx.sys
O41 - Driver:  (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\windows\system32\DRIVERS	ermdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\windows\system32\drivers\vga.sys
O41 - Driver:  (VWiFiFlt) . (.Microsoft Corporation - Virtual WiFi Filter Driver.) - C:\Windows\System32\DRIVERS\vwififlt.sys
O41 - Driver: C:\windows\system32ascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver:  (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys


---\ Logiciels installés (O42)
O42 - Logiciel: ActiveCheck component for HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {254C37AA-6B72-4300-84F6-98A82419187E}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Reader 9.2 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A92000000001}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {74EC78BC-B379-4E29-9006-8F161DCAABA6}
O42 - Logiciel: ArcSoft Software Suite - (.ArcSoft.) [HKLM] -- {497A1721-088F-41EF-8876-B43C9DA5528B}
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
O42 - Logiciel: CPQ Wallpaper - (.Hewlett-Packard.) [HKLM] -- {F173C2B3-296F-458C-98FF-1676A42EBA02}
O42 - Logiciel: Card Detector for Huawei E160 - (.Pas de propriétaire.) [HKLM] -- CardDetectorHUAWEI160
O42 - Logiciel: Choice Guard - (.Microsoft Corporation.) [HKLM] -- {8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
O42 - Logiciel: CyberLink PhotoNow - (.CyberLink Corp..) [HKLM] -- InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}
O42 - Logiciel: CyberLink PhotoNow - (.CyberLink Corp..) [HKLM] -- {D36DD326-7280-11D8-97C8-000129760CBE}
O42 - Logiciel: CyberLink PowerDirector - (.CyberLink Corp..) [HKLM] -- InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
O42 - Logiciel: CyberLink PowerDirector - (.CyberLink Corp..) [HKLM] -- {CB099890-1D5F-11D5-9EA9-0050BAE317E1}
O42 - Logiciel: DirectX 9 Runtime - (.Sonic Solutions.) [HKLM] -- {AF9E97C1-7431-426D-A8D5-ABE40995C0B1}
O42 - Logiciel: Désinstallation de Internet Everywhere - (.Pas de propriétaire.) [HKLM] -- {BEWINTERNET-FR-DMGP-V2}.UninstallSuite
O42 - Logiciel: Extrafilm Designer FR - (.Pas de propriétaire.) [HKLM] -- ExtraFilmDesignerFR
O42 - Logiciel: FormatFactory 2.20 - (.Free Time.) [HKLM] -- FormatFactory
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: HP Advisor - (.Hewlett-Packard.) [HKLM] -- {B53E61D7-7C80-40DF-82D2-CF5390D6D20A}
O42 - Logiciel: HP Common Access Service Library - (.Hewlett-Packard.) [HKLM] -- {87CA636B-85B8-4611-A81D-F97E71024AFD}
O42 - Logiciel: HP Customer Experience Enhancements - (.Hewlett-Packard.) [HKLM] -- {07FA4960-B038-49EB-891B-9F95930AA544}
O42 - Logiciel: HP ESU for Microsoft Windows 7 - (.Hewlett-Packard.) [HKLM] -- {511376F5-7E5A-4EC9-B603-193B1D425BC3}
O42 - Logiciel: HP Integrated Module with Bluetooth wireless technology - (.Broadcom Corporation.) [HKLM] -- {9E9D49A4-1DF4-4138-B7DB-5D87A893088E}
O42 - Logiciel: HP Quick Launch Buttons - (.Hewlett-Packard.) [HKLM] -- {34D2AB40-150D-475D-AE32-BD23FB5EE355}
O42 - Logiciel: HP Setup - (.Hewlett-Packard.) [HKLM] -- {D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}
O42 - Logiciel: HP Software Setup - (.Hewlett-Packard.) [HKLM] -- {76AF1F61-BB44-4694-A0EA-C6830C8BEF41}
O42 - Logiciel: HP User Guides 0140 - (.Hewlett-Packard.) [HKLM] -- {9CDFC149-8359-4C4B-9DA0-BA1F773CD70C}
O42 - Logiciel: HP Web Camera - (.Hewlett-Packard.) [HKLM] -- {C7AE4EC3-9C13-4213-8457-74D16B353F91}
O42 - Logiciel: HP Webcam - (.Roxio.) [HKLM] -- {1D61E881-43CD-447B-9E6B-D2C6138B2862}
O42 - Logiciel: HP Webcam Driver - (.Sonix.) [HKLM] -- {399C37FB-08AF-493B-BFED-20FBD85EDF7F}
O42 - Logiciel: HP Wireless Assistant - (.Hewlett-Packard.) [HKLM] -- {54CC7901-804D-4155-B353-21F0CC9112AB}
O42 - Logiciel: HPAsset component for HP Active Support Library - (.Hewlett-Packard.) [HKLM] -- {669D4A35-146B-4314-89F1-1AC3D7B88367}
O42 - Logiciel: IDT Audio - (.IDT.) [HKLM] -- {E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {3CCB732A-E472-4CF9-B1EE-F18365341FE0}
O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- HDMI
O42 - Logiciel: Intel(R) TV Wizard - (.Intel Corporation.) [HKLM] -- TVWiz
O42 - Logiciel: Intel® Matrix Storage Manager - (.Intel Corporation.) [HKLM] -- {9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}
O42 - Logiciel: Java(TM) 6 Update 13 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216013FF}
O42 - Logiciel: LightScribe System Software - (.LightScribe.) [HKLM] -- {82EF29B1-9B60-4142-A155-0599216DD053}
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Magic Photo Editor 5.2 - (.Photo Editor Software, Inc..) [HKLM] -- Magic Photo Editor_is1
O42 - Logiciel: Marvell Miniport Driver - (.Marvell.) [HKLM] -- Marvell Miniport Driver
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {3C3901C5-3455-3E0A-A214-0B093A5070A6}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Nero BurnLite 10 - (.Nero AG.) [HKLM] -- {842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}
O42 - Logiciel: Nero BurnLite 10 - (.Nero AG.) [HKLM] -- {AB627AF2-9C7E-4DBD-816B-3B2646B81E89}
O42 - Logiciel: Nero Control Center 10 - (.Nero AG.) [HKLM] -- {6DFB899F-17A2-48F0-A533-ED8D6866CF38}
O42 - Logiciel: Nero ControlCenter 10 Help (CHM) - (.Nero AG.) [HKLM] -- {523B2B1B-D8DB-4B41-90FF-C4D799E2758A}
O42 - Logiciel: Nero Core Components 10 - (.Nero AG.) [HKLM] -- {2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}
O42 - Logiciel: Nero Update - (.Nero AG.) [HKLM] -- {65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
O42 - Logiciel: OpenOffice.org 3.1 - (.OpenOffice.org.) [HKLM] -- {0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: PC Connectivity Solution - (.Nokia.) [HKLM] -- {AC599724-5755-48C1-ABE7-ABB857652930}
O42 - Logiciel: PHOTOfunSTUDIO -viewer- - (.Panasonic.) [HKLM] -- {9A9DBEBC-C800-4776-A970-D76D6AA405B1}
O42 - Logiciel: Package de pilotes Windows - Nokia pccsmcfd  (10/12/2007 6.85.4.0) - (.Nokia.) [HKLM] -- 3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F
O42 - Logiciel: PhotoFiltre - (.Pas de propriétaire.) [HKLM] -- PhotoFiltre
O42 - Logiciel: Picasa 3 - (.Google, Inc..) [HKLM] -- Picasa 3
O42 - Logiciel: QLBCASL - (.Hewlett-Packard.) [HKLM] -- {F1D7AC58-554A-4A58-B784-B61558B1449A}
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
O42 - Logiciel: RealNetworks - Microsoft Visual C++ 2005 Runtime - (.RealNetworks.) [HKLM] -- {026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}
O42 - Logiciel: RealPlayer - (.RealNetworks.) [HKLM] -- RealPlayer 12.0
O42 - Logiciel: RealUpgrade 1.0 - (.RealNetworks, Inc..) [HKLM] -- {F4F4F84E-804F-4E9A-84D7-C34283F0088F}
O42 - Logiciel: Roxio Activation Module - (.Roxio.) [HKLM] -- {EC877639-07AB-495C-BFD1-D63AF9140810}
O42 - Logiciel: Roxio Creator Audio - (.Roxio.) [HKLM] -- {73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
O42 - Logiciel: Roxio Creator Business - (.Roxio.) [HKLM] -- {537BF16E-7412-448C-95D8-846E85A1D817}
O42 - Logiciel: Roxio Creator Business v10 - (.Roxio.) [HKLM] -- {ED439A64-F018-4DD4-8BA5-328D85AB09AB}
O42 - Logiciel: Roxio Creator Copy - (.Roxio.) [HKLM] -- {B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
O42 - Logiciel: Roxio Creator Data - (.Roxio.) [HKLM] -- {08E81ABD-79F7-49C2-881F-FD6CB0975693}
O42 - Logiciel: Roxio Creator Tools - (.Roxio.) [HKLM] -- {1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
O42 - Logiciel: Roxio Express Labeler 3 - (.Roxio.) [HKLM] -- {6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
O42 - Logiciel: Roxio MyDVD - (.Roxio.) [HKLM] -- {30A2A953-DEB1-466A-B660-F4399C7C6B9D}
O42 - Logiciel: SAMSUNG Mobile Composite Device Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile Composite Device
O42 - Logiciel: SAMSUNG Mobile Modem Driver Set - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile Modem
O42 - Logiciel: SAMSUNG Mobile USB Modem 1.0 Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile USB Modem 1.0
O42 - Logiciel: SAMSUNG Mobile USB Modem Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG Mobile USB Modem
O42 - Logiciel: SAMSUNG USB Mobile Device Software - (.Pas de propriétaire.) [HKLM] -- SAMSUNG USB Mobile Device
O42 - Logiciel: Samsung Mobile Modem Device Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile Modem Device
O42 - Logiciel: Samsung Mobile phone USB driver Drive Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile phone USB driver Drive
O42 - Logiciel: Samsung Mobile phone USB driver Software - (.Pas de propriétaire.) [HKLM] -- Samsung Mobile phone USB driver
O42 - Logiciel: Samsung New PC Studio - (.Samsung Electronics Co., Ltd..) [HKLM] -- InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}
O42 - Logiciel: Samsung New PC Studio - (.Samsung Electronics Co., Ltd..) [HKLM] -- {F193FC0E-9E18-40FC-A974-509A1BDD240A}
O42 - Logiciel: Samsung New PC Studio USB Driver Installer - (.Samsung Electronics Co., Ltd..) [HKLM] -- InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}
O42 - Logiciel: Samsung New PC Studio USB Driver Installer - (.Samsung Electronics Co., Ltd..) [HKLM] -- {AF7E85DC-317C-47F5-810E-B82EE093A612}
O42 - Logiciel: SamsungConnectivityCableDriver - (.Samsung.) [HKLM] -- {7E84FAC8-C518-40F9-9807-7455301D6D25}
O42 - Logiciel: SigmaTel MSCN Audio Player - (.Pas de propriétaire.) [HKLM] -- {D53F7F05-4F17-4024-88C8-3C012E8555B4}
O42 - Logiciel: Softonic_France_FF Toolbar - (.Pas de propriétaire.) [HKLM] -- Softonic_France_FF Toolbar
O42 - Logiciel: Sonic CinePlayer Decoder Pack - (.Sonic Solutions.) [HKLM] -- {8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: VLC media player 1.1.4 - (.VideoLAN.) [HKLM] -- VLC media player
O42 - Logiciel: Windows 7 Default Setting - (.Hewlett-Packard.) [HKLM] -- {E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {01523985-2098-43AF-9C97-12B07BE02A9B}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {F69E83CF-B440-43F8-89E6-6EA80712109B}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {059C042E-796A-4ACC-A81A-ECC2010BB78C}
O42 - Logiciel: avast! Antivirus - (.Alwil Software.) [HKLM] -- avast!

---\ HKCU & HKLM Software Keys
[HKCU\Software\ALWIL Software]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\89e1f2ec]
[HKCU\Software\AppDataLow\Aurigma]
[HKCU\Software\AppDataLow\Software\Conduit]
[HKCU\Software\AppDataLow\Software\Monitored]
[HKCU\Software\AppDataLow\Software\Softonic_France_FF]
[HKCU\Software\AppDataLow\Software\settings]
[HKCU\Software\AppDataLow\Software\{36117CC7-66F5-092D-B3E0-85B89AD3F7BB}]
[HKCU\Software\AppDataLow\Software\{C6E3F236-56FB-B0CE-DADE-CF4532C12819}]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow\Toolbar]
[HKCU\Software\AppDataLow]
[HKCU\Software\Apple Computer, Inc.]
[HKCU\Software\ArcSoft]
[HKCU\Software\Aurigma]
[HKCU\Software\CDDB]
[HKCU\Software\CeWe Color]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CyberLink]
[HKCU\Software\DivXNetworks]
[HKCU\Software\ExtraFilmDesignerFR]
[HKCU\Software\FreeTime]
[HKCU\Software\Google]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\INTEL]
[HKCU\Software\JavaSoft]
[HKCU\Software\LightScribe]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\Mobileleader]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\Panasonic]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\Roxio]
[HKCU\Software\Samsung]
[HKCU\Software\Synaptics]
[HKCU\Software\Sysinternals]
[HKCU\Software\Textalk]
[HKCU\Software\Trolltech]
[HKCU\Software\Wget]
[HKCU\Software\Widcomm]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies]
[HKLM\Software\Adobe]
[HKLM\Software\Agere]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\ArcSoft]
[HKLM\Software\BrowserChoice]
[HKLM\Software\CDDB]
[HKLM\Software\Caphyon]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Conduit]
[HKLM\Software\CyberLink]
[HKLM\Software\Debug]
[HKLM\Software\DivXNetworks]
[HKLM\Software\FRANCE TELECOM]
[HKLM\Software\Google]
[HKLM\Software\HPQLOG]
[HKLM\Software\HPQ]
[HKLM\Software\HPS]
[HKLM\Software\HP]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IDT]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\LSI]
[HKLM\Software\Licenses]
[HKLM\Software\LightScribe]
[HKLM\Software\MCCI]
[HKLM\Software\Macromedia]
[HKLM\Software\MarkAny]
[HKLM\Software\Marvell]
[HKLM\Software\McAfee]
[HKLM\Software\MicroVision]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nero]
[HKLM\Software\ODBC]
[HKLM\Software\OpenOffice.org]
[HKLM\Software\PC Connectivity Solution]
[HKLM\Software\PCSuite]
[HKLM\Software\PDFComplete]
[HKLM\Software\Panasonic]
[HKLM\Software\Policies]
[HKLM\Software\RealNetworks]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RichFX]
[HKLM\Software\Roxio]
[HKLM\Software\Samsung]
[HKLM\Software\Softonic_France_FF]
[HKLM\Software\Sonic]
[HKLM\Software\Sonix]
[HKLM\Software\Sun Microsystems]
[HKLM\Software\Swearware]
[HKLM\Software\Synaptics]
[HKLM\Software\VideoLAN]
[HKLM\Software\Volatile]
[HKLM\Software\Widcomm]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\illiminable]


---\ Contenu des dossiers ProgramFiles/ProgramData (O43)
O43 - CFD: 2/14/2010 - 12:22:08 PM ----D- C:\Program Files\Adobe
O43 - CFD: 11/10/2009 - 11:11:30 AM ----D- C:\Program Files\Alwil Software
O43 - CFD: 1/1/2010 - 6:42:30 PM ----D- C:\Program Files\Apple Software Update
O43 - CFD: 1/1/2010 - 6:40:20 PM ----D- C:\Program Files\ArcSoft
O43 - CFD: 12/8/2009 - 1:35:24 PM ----D- C:\Program Files\CADEAUPHOTO.COM
O43 - CFD: 2/5/2010 - 5:18:10 PM ----D- C:\Program Files\CardDetector
O43 - CFD: 1/2/2011 - 6:57:50 PM ----D- C:\Program Files\Common Files
O43 - CFD: 3/27/2010 - 5:35:16 PM ----D- C:\Program Files\Conduit
O43 - CFD: 9/26/2010 - 1:05:00 PM ----D- C:\Program Files\CyberLink
O43 - CFD: 11/3/2010 - 8:51:02 PM ----D- C:\Program Files\DIFX
O43 - CFD: 11/6/2009 - 7:26:10 PM ----D- C:\Program Files\DVD Maker
O43 - CFD: 11/29/2009 - 9:35:56 PM ----D- C:\Program Files\Extrafilm Designer FR
O43 - CFD: 3/27/2010 - 5:34:18 PM ----D- C:\Program Files\FreeTime
O43 - CFD: 3/28/2010 - 8:35:48 PM ----D- C:\Program Files\Google
O43 - CFD: 12/21/2010 - 6:55:46 PM ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 11/3/2009 - 4:59:38 PM ----D- C:\Program Files\IDT
O43 - CFD: 12/21/2010 - 6:56:36 PM --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 11/3/2009 - 4:55:24 PM ----D- C:\Program Files\Intel
O43 - CFD: 12/17/2010 - 10:45:16 PM ----D- C:\Program Files\Internet Explorer
O43 - CFD: 11/10/2009 - 12:12:30 PM ----D- C:\Program Files\Java
O43 - CFD: 11/10/2009 - 12:13:16 PM ----D- C:\Program Files\JRE
O43 - CFD: 11/3/2009 - 5:00:12 PM ----D- C:\Program Files\LSI SoftModem
O43 - CFD: 12/23/2009 - 11:38:58 PM ----D- C:\Program Files\Magic Photo Editor
O43 - CFD: 11/3/2010 - 8:57:18 PM ----D- C:\Program Files\MarkAny
O43 - CFD: 11/3/2010 - 9:56:24 PM ----D- C:\Program Files\MarkAnyContentSAFER
O43 - CFD: 9/15/2009 - 1:29:42 AM ----D- C:\Program Files\Marvell
O43 - CFD: 11/3/2009 - 5:01:46 PM ----D- C:\Program Files\Microsoft
O43 - CFD: 7/27/2009 - 12:09:12 PM ----D- C:\Program Files\Microsoft Games
O43 - CFD: 12/19/2010 - 8:54:18 AM ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 6/26/2010 - 9:06:50 AM ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 7/14/2009 - 5:52:32 AM ----D- C:\Program Files\MSBuild
O43 - CFD: 11/10/2009 - 10:50:46 AM ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 9/12/2010 - 1:59:26 PM ----D- C:\Program Files\Nero
O43 - CFD: 11/10/2009 - 12:13:16 PM ----D- C:\Program Files\OpenOffice.org 3
O43 - CFD: 4/3/2010 - 11:48:24 AM ----D- C:\Program Files\Orange
O43 - CFD: 1/1/2010 - 6:25:22 PM ----D- C:\Program Files\Panasonic
O43 - CFD: 11/3/2010 - 8:57:16 PM ----D- C:\Program Files\PC Connectivity Solution
O43 - CFD: 11/29/2009 - 7:34:16 PM ----D- C:\Program Files\PhotoFiltre
O43 - CFD: 1/1/2010 - 6:43:06 PM ----D- C:\Program Files\QuickTime
O43 - CFD: 3/28/2010 - 8:23:18 PM ----D- C:\Program Files\Real
O43 - CFD: 7/14/2009 - 5:52:32 AM ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 9/15/2009 - 1:57:52 AM ----D- C:\Program Files\Roxio
O43 - CFD: 11/2/2010 - 10:20:36 PM ----D- C:\Program Files\Samsung
O43 - CFD: 7/18/2010 - 7:12:40 PM ----D- C:\Program Files\SigmaTel
O43 - CFD: 3/27/2010 - 5:35:16 PM ----D- C:\Program Files\Softonic_France_FF
O43 - CFD: 11/4/2009 - 12:17:38 AM ----D- C:\Program Files\Synaptics
O43 - CFD: 7/14/2009 - 5:53:24 AM --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 3/27/2010 - 5:35:42 PM ----D- C:\Program Files\VideoLAN
O43 - CFD: 11/3/2009 - 4:57:18 PM ----D- C:\Program Files\WIDCOMM
O43 - CFD: 11/6/2009 - 7:26:26 PM ----D- C:\Program Files\Windows Defender
O43 - CFD: 11/6/2009 - 7:14:42 PM ----D- C:\Program Files\Windows Journal
O43 - CFD: 11/3/2009 - 5:01:40 PM ----D- C:\Program Files\Windows Live
O43 - CFD: 11/3/2009 - 5:01:30 PM ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD: 12/17/2010 - 10:45:16 PM ----D- C:\Program Files\Windows Mail
O43 - CFD: 10/15/2010 - 5:36:00 PM ----D- C:\Program Files\Windows Media Player
O43 - CFD: 7/14/2009 - 5:52:32 AM ----D- C:\Program Files\Windows NT
O43 - CFD: 11/6/2009 - 7:26:26 PM ----D- C:\Program Files\Windows Photo Viewer
O43 - CFD: 7/14/2009 - 5:52:34 AM ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 11/6/2009 - 7:26:26 PM ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 1/2/2011 - 7:24:18 PM ----D- C:\Program Files\ZHPDiag
O43 - CFD: 11/2/2010 - 10:24:06 PM ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 1/1/2010 - 6:41:18 PM ----D- C:\Program Files\Common Files\ArcSoft
O43 - CFD: 4/3/2010 - 11:47:20 AM ----D- C:\Program Files\Common Files\France Telecom
O43 - CFD: 1/1/2010 - 6:39:56 PM ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 9/15/2009 - 1:58:52 AM ----D- C:\Program Files\Common Files\LightScribe
O43 - CFD: 9/12/2010 - 1:53:02 PM ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 9/12/2010 - 1:58:34 PM ----D- C:\Program Files\Common Files\Nero
O43 - CFD: 3/28/2010 - 8:57:38 PM ----D- C:\Program Files\Common Files\PX Storage Engine
O43 - CFD: 3/28/2010 - 8:23:28 PM ----D- C:\Program Files\Common Files\Real
O43 - CFD: 9/15/2009 - 1:56:20 AM ----D- C:\Program Files\Common Files\Roxio Shared
O43 - CFD: 7/14/2009 - 3:37:06 AM ----D- C:\Program Files\Common Files\Services
O43 - CFD: 11/3/2009 - 5:02:28 PM ----D- C:\Program Files\Common Files\SNP2UVC
O43 - CFD: 9/15/2009 - 1:57:52 AM ----D- C:\Program Files\Common Files\Sonic Shared
O43 - CFD: 7/14/2009 - 3:37:06 AM ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 9/15/2009 - 1:55:06 AM ----D- C:\Program Files\Common Files\SureThing Shared
O43 - CFD: 11/10/2009 - 10:16:50 AM ----D- C:\Program Files\Common Files\System
O43 - CFD: 11/3/2009 - 5:00:34 PM ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 3/28/2010 - 8:23:14 PM ----D- C:\Program Files\Common Files\xing shared
O43 - CFD: 9/19/2010 - 8:15:54 PM ----D- C:\ProgramData\Adobe
O43 - CFD: 12/10/2010 - 5:03:46 PM ----D- C:\ProgramData\al
O43 - CFD: 1/1/2010 - 6:42:28 PM ----D- C:\ProgramData\Apple
O43 - CFD: 1/1/2010 - 6:42:46 PM ----D- C:\ProgramData\Apple Computer
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Application Data
O43 - CFD: 12/1/2010 - 11:57:16 AM ----D- C:\ProgramData\ArcSoft
O43 - CFD: 9/26/2010 - 1:12:28 PM ----D- C:\ProgramData\CyberLink
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Desktop
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Documents
O43 - CFD: 1/1/2011 - 5:57:10 PM ----D- C:\ProgramData\eMule
O43 - CFD: 11/29/2009 - 9:35:54 PM ----D- C:\ProgramData\ExtraFilm
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Favorites
O43 - CFD: 3/28/2010 - 8:22:20 PM ----D- C:\ProgramData\Google
O43 - CFD: 12/21/2010 - 6:45:26 PM ----D- C:\ProgramData\Hewlett-Packard
O43 - CFD: 12/7/2009 - 6:26:10 PM ----D- C:\ProgramData\hps
O43 - CFD: 9/12/2010 - 1:54:16 PM -S--D- C:\ProgramData\Microsoft
O43 - CFD: 11/10/2009 - 10:18:52 AM ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 9/12/2010 - 1:59:28 PM ----D- C:\ProgramData\Nero
O43 - CFD: 11/3/2010 - 9:24:46 PM ----D- C:\ProgramData\PC Suite
O43 - CFD: 12/14/2010 - 7:18:12 PM ----D- C:\ProgramData\Real
O43 - CFD: 4/28/2010 - 6:23:46 AM ----D- C:\ProgramData\Roxio
O43 - CFD: 3/27/2010 - 6:36:22 PM ----D- C:\ProgramData\Sonic
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Start Menu
O43 - CFD: 9/26/2010 - 1:04:56 PM ----D- C:\ProgramData\Temp
O43 - CFD: 7/14/2009 - 5:53:56 AM -SH-D- C:\ProgramData\Templates
O43 - CFD: 11/3/2009 - 5:04:02 PM ----D- C:\ProgramData\Uninstall
O43 - CFD: 11/2/2010 - 10:24:06 PM ----D- C:\Program Files\Common Files\Adobe
O43 - CFD: 1/1/2010 - 6:41:18 PM ----D- C:\Program Files\Common Files\ArcSoft
O43 - CFD: 4/3/2010 - 11:47:20 AM ----D- C:\Program Files\Common Files\France Telecom
O43 - CFD: 1/1/2010 - 6:39:56 PM ----D- C:\Program Files\Common Files\InstallShield
O43 - CFD: 9/15/2009 - 1:58:52 AM ----D- C:\Program Files\Common Files\LightScribe
O43 - CFD: 9/12/2010 - 1:53:02 PM ----D- C:\Program Files\Common Files\microsoft shared
O43 - CFD: 9/12/2010 - 1:58:34 PM ----D- C:\Program Files\Common Files\Nero
O43 - CFD: 3/28/2010 - 8:57:38 PM ----D- C:\Program Files\Common Files\PX Storage Engine
O43 - CFD: 3/28/2010 - 8:23:28 PM ----D- C:\Program Files\Common Files\Real
O43 - CFD: 9/15/2009 - 1:56:20 AM ----D- C:\Program Files\Common Files\Roxio Shared
O43 - CFD: 7/14/2009 - 3:37:06 AM ----D- C:\Program Files\Common Files\Services
O43 - CFD: 11/3/2009 - 5:02:28 PM ----D- C:\Program Files\Common Files\SNP2UVC
O43 - CFD: 9/15/2009 - 1:57:52 AM ----D- C:\Program Files\Common Files\Sonic Shared
O43 - CFD: 7/14/2009 - 3:37:06 AM ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 9/15/2009 - 1:55:06 AM ----D- C:\Program Files\Common Files\SureThing Shared
O43 - CFD: 11/10/2009 - 10:16:50 AM ----D- C:\Program Files\Common Files\System
O43 - CFD: 11/3/2009 - 5:00:34 PM ----D- C:\Program Files\Common Files\Windows Live
O43 - CFD: 3/28/2010 - 8:23:14 PM ----D- C:\Program Files\Common Files\xing shared


---\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.A59F6806FDB6C66625F0C7657C39F726] - 1/1/2011 - 4:43:01 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\RegBootClean.exe   [102400]
O44 - LFC:[MD5.F306D7C356B56C33AFB1F68695BFB25E] - 1/1/2011 - 4:46:45 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\RegBootClean.CFG   [1508]
O44 - LFC:[MD5.97E9B09F9F2DA6DD79F9415B824CD296] - 1/1/2011 - 4:46:45 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\RegBootClean.LOG   [820]
O44 - LFC:[MD5.DBA91CD5A3A68302967C03213E52BDE8] - 1/2/2011 - 3:02:42 PM --HA- . (.Pas de propriétaire - Pas de description.) -- C:\windows\QTFont.qfn   [54156]
O44 - LFC:[MD5.AE72E8619CB31D84DA25E2435E55003C] - 1/2/2011 - 3:21:50 PM ---A- . (.NirSoft - NirCmd.) -- C:\windows\NIRCMD.exe   [31232]
O44 - LFC:[MD5.9DAA7218961710008D7385B01BD3F386] - 1/2/2011 - 3:21:50 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\MBR.exe   [89088]
O44 - LFC:[MD5.F1FBA6185A6A2BC6456970914875078E] - 1/2/2011 - 3:21:50 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\PEV.exe   [256512]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 1/2/2011 - 3:21:50 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\grep.exe   [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 1/2/2011 - 3:21:50 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\windows\sed.exe   [98816]
O44 -

juju666 · Answer

Il est incomplet :) 


&#9654 Héberge le rapport ZHPDiag.txt sur un des sites ci dessous, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum : 

http://www.cijoint.fr/ 
ou : 
http://ww38.toofiles.com/fr/documents-upload.html 

En formation avancée chez Helper-Formation. 
Restez jusqu'au bout tant qu'on ne vous dit pas que la désinfection est terminée

carop09 · Answer

oh oui pardon je l'ai mis sur ci joint

juju666 · Answer

je ne vois pas le lien ? :)

carop09 · Answer

je l'ai renvoyé ???!

juju666 · Answer

quand tu as hébergé le rapport, il faut me donner le lien qu'il te donne en retour :)

carop09 · Answer

http://www.cijoint.fr/cjlink.php?file=cj201101/cijuSlEfRk.txt

juju666 · Answer

Désolé du retard, tu es encore infecté...

&#9654 Télécharge TDSS Killer (de Kaspersky Labs) sur ton Bureau 
&#9654 Double-clique sur tdsskiller.exe (sous Vista/Seven, clic droit 
dessus, et sur exécuter en tant qu'administrateur) 
&#9654 Clique sur Start Scan 
&#9654 Si l'outil a trouvé des éléments, choisi Cure,  
puis sur Reboot Now 
&#9654 Le PC va redémarrer, et un rapport va s'ouvrir 
&#9654 Copie/colle le rapport (il est sauvegardé dans C:\TDSS Killer 
N° de version_Date_Heure_log.txt) 

@+

carop09 · Answer

désolée j'ai pas pu faire avant ce matin 

2011/01/03 06:52:45.0562	TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/03 06:52:45.0562	================================================================================
2011/01/03 06:52:45.0562	SystemInfo:
2011/01/03 06:52:45.0562	
2011/01/03 06:52:45.0562	OS Version: 6.1.7600 ServicePack: 0.0
2011/01/03 06:52:45.0562	Product type: Workstation
2011/01/03 06:52:45.0562	ComputerName: PC-PIQUEMAL
2011/01/03 06:52:45.0562	UserName: Piquemal
2011/01/03 06:52:45.0562	Windows directory: C:\windows
2011/01/03 06:52:45.0562	System windows directory: C:\windows
2011/01/03 06:52:45.0562	Processor architecture: Intel x86
2011/01/03 06:52:45.0562	Number of processors: 2
2011/01/03 06:52:45.0562	Page size: 0x1000
2011/01/03 06:52:45.0562	Boot type: Normal boot
2011/01/03 06:52:45.0562	================================================================================
2011/01/03 06:52:45.0843	Initialize success
2011/01/03 06:53:05.0546	================================================================================
2011/01/03 06:53:05.0546	Scan started
2011/01/03 06:53:05.0546	Mode: Manual; 
2011/01/03 06:53:05.0546	================================================================================
2011/01/03 06:53:06.0388	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/01/03 06:53:06.0451	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/01/03 06:53:06.0513	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/01/03 06:53:06.0919	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/01/03 06:53:06.0966	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/01/03 06:53:06.0997	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/01/03 06:53:07.0324	AF9035HB        (de1d04df647eb10733516046300198d9) C:\windows\system32\Drivers\AF9035HB.sys
2011/01/03 06:53:07.0465	Afc             (a7b8a3a79d35215d798a300df49ed23f) C:\windows\system32\drivers\Afc.sys
2011/01/03 06:53:07.0527	AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2011/01/03 06:53:07.0636	AgereSoftModem  (faa5a0b80e011464c7654851ce3d7fe7) C:\windows\system32\DRIVERS\AGRSM.sys
2011/01/03 06:53:07.0761	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/01/03 06:53:07.0808	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/01/03 06:53:07.0870	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/01/03 06:53:07.0948	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/01/03 06:53:07.0980	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/01/03 06:53:08.0026	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/01/03 06:53:08.0073	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/01/03 06:53:08.0198	amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
2011/01/03 06:53:08.0229	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/01/03 06:53:08.0260	amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
2011/01/03 06:53:08.0307	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/01/03 06:53:08.0370	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/01/03 06:53:08.0416	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/01/03 06:53:08.0463	aswFsBlk        (b4079a98f294a3e262872cb76f4849f0) C:\windows\system32\DRIVERS\aswFsBlk.sys
2011/01/03 06:53:08.0541	aswMonFlt       (e2851cb7dbb831888eaea46c55c05e44) C:\windows\system32\DRIVERS\aswMonFlt.sys
2011/01/03 06:53:08.0588	aswRdr          (8080d683489c99cbace813f6fa4069cc) C:\windows\system32\drivers\aswRdr.sys
2011/01/03 06:53:08.0635	aswSP           (2e5a2ad5004b55df39b7606130a88142) C:\windows\system32\drivers\aswSP.sys
2011/01/03 06:53:08.0666	aswTdi          (d4c83a37efadfa2c398362e0776e3773) C:\windows\system32\drivers\aswTdi.sys
2011/01/03 06:53:08.0713	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/01/03 06:53:08.0760	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/01/03 06:53:08.0869	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/01/03 06:53:08.0994	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/01/03 06:53:09.0040	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/01/03 06:53:09.0087	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/01/03 06:53:09.0118	bowser          (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
2011/01/03 06:53:09.0134	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/01/03 06:53:09.0165	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/01/03 06:53:09.0196	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/01/03 06:53:09.0228	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/01/03 06:53:09.0259	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/01/03 06:53:09.0290	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/01/03 06:53:09.0321	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\DRIVERS\BthEnum.sys
2011/01/03 06:53:09.0399	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/01/03 06:53:09.0446	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
2011/01/03 06:53:09.0477	BTHPORT         (4a34888e13224678dd062466afec4240) C:\windows\system32\Drivers\BTHport.sys
2011/01/03 06:53:09.0540	BTHUSB          (fa04c63916fa221dbb91fce153d07a55) C:\windows\system32\Drivers\BTHUSB.sys
2011/01/03 06:53:09.0602	btwaudio        (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys
2011/01/03 06:53:09.0649	btwavdt         (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys
2011/01/03 06:53:09.0696	btwl2cap        (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
2011/01/03 06:53:09.0774	btwrchid        (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys
2011/01/03 06:53:09.0930	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/01/03 06:53:09.0992	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/01/03 06:53:10.0054	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/01/03 06:53:10.0117	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/01/03 06:53:10.0195	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/01/03 06:53:10.0226	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/01/03 06:53:10.0273	CNG             (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/01/03 06:53:10.0335	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/01/03 06:53:10.0382	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/01/03 06:53:10.0444	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/01/03 06:53:10.0569	DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2011/01/03 06:53:10.0632	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/01/03 06:53:10.0678	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/01/03 06:53:10.0741	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/01/03 06:53:10.0834	DXGKrnl         (8b6c3464d7fac176500061dbfff42ad4) C:\windows\System32\drivers\dxgkrnl.sys
2011/01/03 06:53:11.0084	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/01/03 06:53:11.0302	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/01/03 06:53:11.0365	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/01/03 06:53:11.0443	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/01/03 06:53:11.0490	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/01/03 06:53:11.0536	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/01/03 06:53:11.0568	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/01/03 06:53:11.0599	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/01/03 06:53:11.0630	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/01/03 06:53:11.0786	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/01/03 06:53:11.0848	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/01/03 06:53:11.0880	FsUsbExDisk     (790a4ca68f44be35967b3df61f3e4675) C:\windows\system32\FsUsbExDisk.SYS
2011/01/03 06:53:11.0958	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/01/03 06:53:12.0067	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
2011/01/03 06:53:12.0145	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/01/03 06:53:12.0238	HBtnKey         (7dad592a4d28092d584cfb4deef1373d) C:\windows\system32\DRIVERS\cpqbttn.sys
2011/01/03 06:53:12.0285	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/01/03 06:53:12.0332	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/01/03 06:53:12.0426	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/01/03 06:53:12.0457	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/01/03 06:53:12.0504	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/01/03 06:53:12.0535	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/01/03 06:53:12.0597	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/01/03 06:53:12.0706	HpqKbFiltr      (1210960ff8928950d2a786895b0c424a) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
2011/01/03 06:53:12.0769	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/01/03 06:53:12.0894	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/01/03 06:53:12.0972	hwdatacard      (4154079a88089155d10168333b19627f) C:\windows\system32\DRIVERS\ewusbmdm.sys
2011/01/03 06:53:13.0034	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/01/03 06:53:13.0096	hwusbfake       (e66710639a292f6341d63b01ee8e8037) C:\windows\system32\DRIVERS\ewusbfake.sys
2011/01/03 06:53:13.0174	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/01/03 06:53:13.0299	iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
2011/01/03 06:53:13.0362	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
2011/01/03 06:53:13.0752	igfx            (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys
2011/01/03 06:53:13.0954	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/01/03 06:53:14.0048	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/01/03 06:53:14.0110	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/01/03 06:53:14.0173	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/01/03 06:53:14.0220	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/01/03 06:53:14.0298	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/01/03 06:53:14.0360	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/01/03 06:53:14.0391	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/01/03 06:53:14.0438	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/01/03 06:53:14.0469	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/01/03 06:53:14.0516	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/01/03 06:53:14.0547	KSecDD          (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/01/03 06:53:14.0610	KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys
2011/01/03 06:53:14.0688	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/01/03 06:53:14.0797	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/01/03 06:53:14.0844	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/01/03 06:53:14.0890	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/01/03 06:53:14.0937	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/01/03 06:53:14.0984	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/01/03 06:53:15.0031	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/01/03 06:53:15.0078	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/01/03 06:53:15.0156	MfeAVFK         (64b96de8c492bd435372d9130a535f1d) C:\windows\system32\drivers\MfeAVFK.sys
2011/01/03 06:53:15.0218	MfeBOPK         (078e87a89d36cc3516f19d5fb518bddc) C:\windows\system32\drivers\MfeBOPK.sys
2011/01/03 06:53:15.0280	mfehidk         (168c565101fd5b9db694efdec91fafa9) C:\windows\system32\drivers\mfehidk.sys
2011/01/03 06:53:15.0390	MfeRKDK         (e0842f67dc9bc4d21d1e319610ebe9e5) C:\windows\system32\drivers\MfeRKDK.sys
2011/01/03 06:53:15.0421	mfetdik         (43a7acbbd70ecd62f0b63486c72089a3) C:\windows\system32\drivers\mfetdik.sys
2011/01/03 06:53:15.0530	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/01/03 06:53:15.0624	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/01/03 06:53:15.0670	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/01/03 06:53:15.0702	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/01/03 06:53:15.0733	mountmgr        (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/01/03 06:53:15.0764	mpio            (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/01/03 06:53:15.0795	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/01/03 06:53:15.0842	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/01/03 06:53:15.0904	mrxsmb          (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/01/03 06:53:15.0951	mrxsmb10        (5613358b4050f46f5a9832da8050d6e4) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/01/03 06:53:15.0982	mrxsmb20        (25c9792778d80feb4c8201e62281bfdf) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/01/03 06:53:16.0185	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/01/03 06:53:16.0232	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/01/03 06:53:16.0341	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/01/03 06:53:16.0419	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/01/03 06:53:16.0482	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/01/03 06:53:16.0560	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/01/03 06:53:16.0606	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/01/03 06:53:16.0622	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/01/03 06:53:16.0669	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/01/03 06:53:16.0700	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/01/03 06:53:16.0731	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/01/03 06:53:16.0762	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/01/03 06:53:16.0794	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/01/03 06:53:16.0903	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS
wifi.sys
2011/01/03 06:53:17.0059	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers
dis.sys
2011/01/03 06:53:17.0121	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS
discap.sys
2011/01/03 06:53:17.0184	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS
distapi.sys
2011/01/03 06:53:17.0246	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS
disuio.sys
2011/01/03 06:53:17.0277	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS
diswan.sys
2011/01/03 06:53:17.0308	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/01/03 06:53:17.0371	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS
etbios.sys
2011/01/03 06:53:17.0402	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS
etbt.sys
2011/01/03 06:53:18.0697	NETw5s32        (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\windows\system32\DRIVERS\NETw5s32.sys
2011/01/03 06:53:19.0336	netw5v32        (af1ae2e42b03395560b1cde03230205c) C:\windows\system32\DRIVERS
etw5v32.sys
2011/01/03 06:53:19.0617	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS
frd960.sys
2011/01/03 06:53:19.0680	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/01/03 06:53:19.0711	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers
siproxy.sys
2011/01/03 06:53:19.0773	Ntfs            (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
2011/01/03 06:53:19.0929	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/01/03 06:53:19.0992	nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS
vraid.sys
2011/01/03 06:53:20.0023	nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS
vstor.sys
2011/01/03 06:53:20.0054	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS
v_agp.sys
2011/01/03 06:53:20.0085	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/01/03 06:53:20.0148	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/01/03 06:53:20.0179	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/01/03 06:53:20.0210	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/01/03 06:53:20.0397	PCAMp50         (1bf91f352d746ad7469fa71783b5fae8) C:\windows\system32\Drivers\PCAMp50.sys
2011/01/03 06:53:20.0460	PCASp50         (1961590aa191b6b7dcf18a6a693af7b8) C:\windows\system32\Drivers\PCASp50.sys
2011/01/03 06:53:20.0538	pccsmcfd        (175cc28dcf819f78caa3fbd44ad9e52a) C:\windows\system32\DRIVERS\pccsmcfd.sys
2011/01/03 06:53:20.0584	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/01/03 06:53:20.0631	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/01/03 06:53:20.0662	pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/01/03 06:53:20.0709	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/01/03 06:53:21.0006	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/01/03 06:53:21.0130	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERSaspptp.sys
2011/01/03 06:53:21.0208	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/01/03 06:53:21.0286	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/01/03 06:53:21.0333	PxHelp20        (40fedd328f98245ad201cf5f9f311724) C:\windows\system32\Drivers\PxHelp20.sys
2011/01/03 06:53:21.0411	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/01/03 06:53:21.0552	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/01/03 06:53:21.0614	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/01/03 06:53:21.0645	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERSasacd.sys
2011/01/03 06:53:21.0692	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/01/03 06:53:21.0739	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERSasl2tp.sys
2011/01/03 06:53:21.0770	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERSaspppoe.sys
2011/01/03 06:53:21.0801	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERSassstp.sys
2011/01/03 06:53:21.0832	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERSdbss.sys
2011/01/03 06:53:21.0879	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERSdpbus.sys
2011/01/03 06:53:22.0035	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/01/03 06:53:22.0098	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\driversdpencdd.sys
2011/01/03 06:53:22.0129	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\driversdprefmp.sys
2011/01/03 06:53:22.0160	RDPWD           (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/01/03 06:53:22.0207	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\driversdyboost.sys
2011/01/03 06:53:22.0269	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERSfcomm.sys
2011/01/03 06:53:22.0363	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERSspndr.sys
2011/01/03 06:53:22.0488	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/01/03 06:53:22.0550	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/01/03 06:53:22.0628	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/01/03 06:53:22.0737	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/01/03 06:53:22.0800	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/01/03 06:53:22.0846	sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/01/03 06:53:23.0190	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/01/03 06:53:23.0236	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/01/03 06:53:23.0268	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/01/03 06:53:23.0314	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/01/03 06:53:23.0392	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/01/03 06:53:23.0439	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/01/03 06:53:23.0486	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/01/03 06:53:23.0533	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/01/03 06:53:23.0720	SNP2UVC         (d8aba1293b82e7af2f78b67ca46fcb3d) C:\windows\system32\DRIVERS\snp2uvc.sys
2011/01/03 06:53:23.0860	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/01/03 06:53:24.0094	srv             (2dbedfb1853f06110ec2aa7f3213c89f) C:\windows\system32\DRIVERS\srv.sys
2011/01/03 06:53:24.0172	srv2            (db37131d1027c50ea7ee21c8bb4536aa) C:\windows\system32\DRIVERS\srv2.sys
2011/01/03 06:53:24.0360	srvnet          (f5980b74124db9233b33f86fc5ebbb4f) C:\windows\system32\DRIVERS\srvnet.sys
2011/01/03 06:53:24.0453	ssm_bus         (14622ae81c72b08691eedaabc1d4a129) C:\windows\system32\DRIVERS\ssm_bus.sys
2011/01/03 06:53:24.0500	ssm_mdfl        (43ee5e9fda61a5e0eac4c1de699e6e4d) C:\windows\system32\DRIVERS\ssm_mdfl.sys
2011/01/03 06:53:24.0562	ssm_mdm         (918cfd32c7feb174f356a0a6fad11f4b) C:\windows\system32\DRIVERS\ssm_mdm.sys
2011/01/03 06:53:24.0625	ss_bbus         (eaa66218cd39f5bb1b4853a78c67c787) C:\windows\system32\DRIVERS\ss_bbus.sys
2011/01/03 06:53:24.0750	ss_bmdfl        (91765f99914ed8693d8bc76524f21581) C:\windows\system32\DRIVERS\ss_bmdfl.sys
2011/01/03 06:53:24.0812	ss_bmdm         (840e7b738b03c10ee91d9b7d3d6eff15) C:\windows\system32\DRIVERS\ss_bmdm.sys
2011/01/03 06:53:24.0859	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/01/03 06:53:24.0937	STHDA           (901703459c668331df0c0245f6b8160a) C:\windows\system32\DRIVERS\stwrt.sys
2011/01/03 06:53:25.0030	swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/01/03 06:53:25.0186	SynTP           (1de40024679cde0e573465253519730e) C:\windows\system32\DRIVERS\SynTP.sys
2011/01/03 06:53:25.0452	Tcpip           (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\drivers	cpip.sys
2011/01/03 06:53:25.0592	TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\windows\system32\DRIVERS	cpip.sys
2011/01/03 06:53:25.0732	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers	cpipreg.sys
2011/01/03 06:53:25.0810	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers	dpipe.sys
2011/01/03 06:53:25.0842	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers	dtcp.sys
2011/01/03 06:53:25.0873	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS	dx.sys
2011/01/03 06:53:25.0935	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS	ermdd.sys
2011/01/03 06:53:26.0044	TPM             (5ad05191dc8b444a7ba4d79b76c42a30) C:\windows\system32\drivers	pm.sys
2011/01/03 06:53:26.0107	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS	ssecsrv.sys
2011/01/03 06:53:26.0154	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS	unnel.sys
2011/01/03 06:53:26.0185	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/01/03 06:53:26.0232	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
2011/01/03 06:53:26.0294	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/01/03 06:53:26.0341	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/01/03 06:53:26.0388	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/01/03 06:53:26.0450	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/01/03 06:53:26.0544	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/01/03 06:53:26.0590	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/01/03 06:53:26.0622	usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
2011/01/03 06:53:26.0653	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/01/03 06:53:26.0700	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/01/03 06:53:26.0746	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
2011/01/03 06:53:26.0809	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/01/03 06:53:26.0840	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/01/03 06:53:26.0949	usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
2011/01/03 06:53:27.0121	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/01/03 06:53:27.0199	vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/01/03 06:53:27.0246	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/01/03 06:53:27.0277	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/01/03 06:53:27.0324	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/01/03 06:53:27.0402	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/01/03 06:53:27.0495	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/01/03 06:53:27.0604	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/01/03 06:53:27.0651	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/01/03 06:53:27.0698	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
2011/01/03 06:53:27.0745	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/01/03 06:53:27.0807	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/01/03 06:53:27.0917	VWiFiFlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/01/03 06:53:27.0963	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
2011/01/03 06:53:28.0088	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/01/03 06:53:28.0166	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/01/03 06:53:28.0182	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/01/03 06:53:28.0275	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/01/03 06:53:28.0416	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/01/03 06:53:28.0525	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/01/03 06:53:28.0556	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/01/03 06:53:28.0681	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/01/03 06:53:28.0899	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/01/03 06:53:29.0055	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/01/03 06:53:29.0118	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/01/03 06:53:29.0289	yukonw7         (3eb1576f77b60a6c79dd7742b67219b8) C:\windows\system32\DRIVERS\yk62x86.sys
2011/01/03 06:53:29.0383	================================================================================
2011/01/03 06:53:29.0383	Scan finished
2011/01/03 06:53:29.0383	================================================================================

juju666 · Answer

Hello,

Hummmm bizarre ton rapport ZHPDiag indique la possible présence d'un rootkit TDL... Je me renseigne là dessus.

En attendant, il reste Ask Toolbar:

&#9654  Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)

http://www.teamxscript.org/adremoverTelechargement.html ( Lien officiel )
OU
https://www.androidworld.fr/ ( Miroir )

/!\ Ferme toutes applications en cours /!\

&#9654 Double-clique sur l'icône Ad-remover située sur ton Bureau.
&#9654 Sur la page, clique sur le bouton « Nettoyer »
&#9654 Confirme lancement du scan
&#9654 Laisse travailler l'outil.
&#9654 Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller) 

@+

Ced_King · Answer

Salut,

Le problème est là :

Rapport de ZHPDiag v1.27.1471 par Nicolas Coolman, Update du 30/12/2010
Run by Piquemal at 1/2/2011 8:48:17 PM


il date d'avant le passage de combo ;-)

@ +

juju666 · Answer

Re,

Alors pour améliorer l'outil ZHPDiag j'aurais besoin de ton aide:

Ouvre un nouveau fichier texte et copie le texte suivant dedans : 

@echo off

echo Run on %date% at %time% >> %homedrive%\results.txt
echo ########### SystemRestore ########## >> %homedrive%\results.txt

reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore" >> %homedrive%\results.txt
echo. >> %homedrive%\results.txt
echo. >> %homedrive%\results.txt
echo. >> %homedrive%\results.txt

echo ########## Keys Uninstall ########## >> %homedrive%\results.txt
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" >> %homedrive%\results.txt

echo. >> %homedrive%\results.txt
echo. >> %homedrive%\results.txt
echo. >> %homedrive%\results.txt
echo ########## EOF ########## >> %homedrive%\results.txt
notepad %homedrive%\results.txt

del /f /Q %homedrive%\results.txt

Fichier>Enregistrer sous>coolman.bat
Ensuite exécute ce fichier .bat
Copie le résultat du fichier bloc note qui s'ouvrira ici

@+

carop09 · Answer

Bonjour,
Désolée de pas avoir répondu avant mais là où je travaille j'ai pas de connexion avec mon portable donc je n'ai pas pu faire Ask Toolbar en revanche je viens de suivre ton dernier message : Run on 03/01/2011 at 18:18:20,96 
########### SystemRestore ########## 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore
    RPSessionInterval    REG_DWORD    0x1
    FirstRun    REG_DWORD    0x0
    LastIndex    REG_DWORD    0xe3
    RestoreStatusResult    REG_DWORD    0x0
    GenerateErrorReport    REG_DWORD    0x0
    RestoreStatusRestore    REG_SZ    {5CA26943-25D2-4AB5-8513-EA9E397F407D}
    RestoreStatusUndo    REG_SZ    {0AEE46D9-4F93-4FF7-806B-C5F8FD28ABF1}
    LastRestoreId    REG_SZ    {AF6DC647-DB6F-4820-969B-D1DE53FAF5CB}
    RestoreStatusTimeStamp    REG_QWORD    0x1cb570755a8ca4b
    RestoreStatusDescription    REG_SZ    Windows Update
    RestoreStatusSource    REG_DWORD    0x1
    DisableSR    REG_DWORD    0x0
    CreateFirstRunRp    REG_DWORD    0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\cfg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\ErrorReportFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\Setup_Last
 
 
 
########## Keys Uninstall ########## 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\avast!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CardDetectorHUAWEI160
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExtraFilmDesignerFR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FormatFactory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDMI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HOMESTUDENTR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Magic Photo Editor_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Marvell Miniport Driver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 4 Client Profile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 4 Client Profile FRA Language Pack
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhotoFiltre
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Picasa 3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PROHYBRID2R
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 12.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SAMSUNG Mobile Composite Device
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SAMSUNG Mobile Modem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Samsung Mobile Modem Device
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Samsung Mobile phone USB driver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Samsung Mobile phone USB driver Drive
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SAMSUNG Mobile USB Modem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SAMSUNG Mobile USB Modem 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SAMSUNG USB Mobile Device
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SMALLBUSINESSR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic_France_FF Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SynTPDeinstKey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TVWiz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite_Wave3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{01523985-2098-43AF-9C97-12B07BE02A9B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{059C042E-796A-4ACC-A81A-ECC2010BB78C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{07FA4960-B038-49EB-891B-9F95930AA544}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{08E81ABD-79F7-49C2-881F-FD6CB0975693}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D61E881-43CD-447B-9E6B-D2C6138B2862}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{205C6BDD-7B73-42DE-8505-9A093F35A238}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{254C37AA-6B72-4300-84F6-98A82419187E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216013FF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A2A953-DEB1-466A-B660-F4399C7C6B9D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{34D2AB40-150D-475D-AE32-BD23FB5EE355}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3C3901C5-3455-3E0A-A214-0B093A5070A6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{497A1721-088F-41EF-8876-B43C9DA5528B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{511376F5-7E5A-4EC9-B603-193B1D425BC3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{54CC7901-804D-4155-B353-21F0CC9112AB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{669D4A35-146B-4314-89F1-1AC3D7B88367}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DFB899F-17A2-48F0-A533-ED8D6866CF38}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{74EC78BC-B379-4E29-9006-8F161DCAABA6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{770657D0-A123-3C07-8E44-1C83EC895118}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7E84FAC8-C518-40F9-9807-7455301D6D25}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{82EF29B1-9B60-4142-A155-0599216DD053}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{87CA636B-85B8-4611-A81D-F97E71024AFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-0000-0000000FF1CE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9CDFC149-8359-4C4B-9DA0-BA1F773CD70C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC599724-5755-48C1-ABE7-ABB857652930}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1036-7B44-A92000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AF7E85DC-317C-47F5-810E-B82EE093A612}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BEWINTERNET-FR-DMGP-V2}.UninstallSuite
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C7AE4EC3-9C13-4213-8457-74D16B353F91}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D36DD326-7280-11D8-97C8-000129760CBE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D53F7F05-4F17-4024-88C8-3C012E8555B4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EC877639-07AB-495C-BFD1-D63AF9140810}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F173C2B3-296F-458C-98FF-1676A42EBA02}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F193FC0E-9E18-40FC-A974-509A1BDD240A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F1D7AC58-554A-4A58-B784-B61558B1449A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F69E83CF-B440-43F8-89E6-6EA80712109B}
 
 
 
########## EOF ##########

juju666 · Answer

Parfait, Nicolas Coolman te remercie pour la contribution à son outil.

Peux tu passer à AD-Remover et me faire ensuite un ZHPDiag tout neuf. MErci

@+

juju666 · Answer

Encore un petit service pour Nicolas stp :)

Copie le texte ci dessous :


@echo off

echo Run on %date% at %time% >> %homedrive%\results.txt
echo ########### Chrome ########## >> %homedrive%\results.txt

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome" /s >> %homedrive%\results.txt
echo. >> %homedrive%\results.txt
echo. >> %homedrive%\results.txt
echo. >> %homedrive%\results.txt
echo ########## EOF ########## >> %homedrive%\results.txt
notepad %homedrive%\results.txt

del /f /Q %homedrive%\results.txt

Ouvre le bloc note et colle, fichier, eregistrer sous, coolman.bat, le lance en administrateur (clic droit sur coolman.bat > exécuter en tant qu'administrateur) et poste le résultat ici

@+ et encore merci

carop09 · Answer

Run on 03/01/2011 at 22:18:29,67 
########### Chrome ########## 

 
 
 
########## EOF ##########

juju666 · Answer

Tiens bizarre....

en attendant fais ceci stp  : https://forums.commentcamarche.net/forum/affich-20381841-combofix?page=2#27

@+

carop09 · Answer

http://www.cijoint.fr/cjlink.php?file=cj201101/cijZ8ROvbW.txt

carop09 · Answer

j'ai fais le nettoyage avec AD-R l'ordi a redémarré mais j'ai pas eu de rapport ?

juju666 · Answer

vas voir sous sous C:\Ad-report[CLEAN].txt

carop09 · Answer

======= RAPPORT D'AD-REMOVER 2.0.0.2,D | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 03/01/11 à 14:20
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 22:30:00 le 03/01/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium   (X86) 
Piquemal@PC-PIQUEMAL (Hewlett-Packard Compaq 610) 
 
============== ACTION(S) ==============


Dossier supprimé: C:\Users\Piquemal\AppData\LocalLow\Conduit
Dossier supprimé: C:\Program Files\Conduit
Fichier supprimé: C:\Users\Piquemal\Desktop\Ebay.lnk

(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKLM\Software\Classes\Toolbar.CT2207610
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKCU\Software\AppDataLow\Toolbar
Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}


============== SCAN ADDITIONNEL ==============

** Internet Explorer Version [8.0.7600.16385] **

[HKCU\Software\Microsoft\Internet Explorer\Main] 
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\windows\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\Main] 
AutoHide: yes
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Enable Browser Extensions: yes
Local Page: C:\Windows\System32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Use Search Asst: no

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] 
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 4 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 03/01/2011 (2537 Octet(s)) 

Fin à: 22:31:19, 03/01/2011 
 
============== E.O.F ==============

juju666 · Answer

Bien, maintenant : 

&#9654 Télécharge : Gmer (by Przemyslaw Gmerek) et enregistre-le sur ton bureau

&#9654 &#9654 Désactive toutes tes protections le temps du scan de gMer

Pour XP => double clique sur gmer.exe
Pour Vista et 7 => clique droit "exécuter en tant qu'administrateur"

&#9654 clique sur l'onglet rootkit,lances le scan,des lignes rouges vont apparaitre.

&#9654 Les lignes rouges indiquent la présence d'un rootkit.Postes moi le rapport gmer (cliques sur copy,puis vas dans démarrer ,puis ouvres le bloc note,vas dans édition et cliques sur coller,le rapport gmer va apparaitre,postes moi le)

&#9654 &#9654 Ensuite

&#9654 sur les lignes rouge:

&#9654 Services:cliques droit delete service
&#9654 Process:cliques droit kill process
&#9654 Adl ,file:cliques droit delete files 


Ensuite:

* /!\ Utilisateur de Vista : Ne pas oublier de désactiver l'UAC juste le temps de désinfection de ton pc, il sera à réactiver plus tard :
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

Télécharge mbr.exe de Gmer ici :
http://www2.gmer.net/mbr/mbr.exe

et enregistre le fichier sur le Bureau.


Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Double clique sur mbr.exe

/!\Utilisateur de Vista : Clique droit sur le logo de MBR, « exécuter en tant qu'Administrateur »

Un rapport sera généré : mbr.log
En cas d'infection, ce message "MBR rootkit code detected" va apparaitre.

Si c'est le cas, continue comme ça :

Dans le menu Démarrer- Exécuter tape : "%userprofile%\Bureau\mbr" -f
Dans le mbr.log cette ligne apparaitra "original MBR restored successfully !"

Réactive tes protections
Poste ce rapport et supprimes-le ensuite.

@+

carop09 · Answer

ça fait 3 fois que j'essaie mais Gmer plante en plein scann et j'ai un message d'alerte qui apparait avant que tout redemarre en revanche pendant le scan pas de lignes rouges

juju666 · Answer

Bizarre tu es pourtant bien sous 32 bits, ça ne devrait pas planter...

As tu essayé MBR ?

Au fait, tu utilise Google Chrome ? Car là, il est désinstallé apparemment.

carop09 · Answer

j'ai pas essayé MBR en fait je comprends rien à tout ça :)

non j'utilise pas google chrome

juju666 · Answer

Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :

    * Télécharge Defogger(de jpshortstuff) sur ton Bureau
    * Lance le
    * Une fenêtre apparait : clique sur "Disable"
    * Fais redémarrer l'ordinateur si l'outil te le demande
    * Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

Ensuite recommence GMER :D

carop09 · Answer

étape 1 ok mais Gmer plante : 

Signature du problème :
  Nom d'événement de problème:	APPCRASH
  Nom de l'application:	wpv5k15b.exe
  Version de l'application:	1.0.15.15530
  Horodatage de l'application:	4cd7c3b7
  Nom du module par défaut:	wpv5k15b.exe
  Version du module par défaut:	1.0.15.15530
  Horodateur du module par défaut:	4cd7c3b7
  Code de l'exception:	c0000005
  Décalage de l'exception:	0000c551
  Version du système:	6.1.7600.2.0.0.768.3
  Identificateur de paramètres régionaux:	1036
  Information supplémentaire n° 1:	0a9e
  Information supplémentaire n° 2:	0a9e372d3b4ad19135b953a78882e789
  Information supplémentaire n° 3:	0a9e
  Information supplémentaire n° 4:	0a9e372d3b4ad19135b953a78882e789

Lire notre déclaration de confidentialité en ligne :
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x040c

Si la déclaration de confidentialité en ligne n'est pas disponible, lisez la version hors connexion :
  C:\windows\system32\fr-FR\erofflps.txt

juju666 · Answer

Ouais..... fais ch***

* /!\ Utilisateur de Vista : Ne pas oublier de désactiver l'UAC juste le temps de désinfection de ton pc, il sera à réactiver plus tard :
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

Télécharge mbr.exe de Gmer ici :
http://www2.gmer.net/mbr/mbr.exe

et enregistre le fichier sur le Bureau.


Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Double clique sur mbr.exe

/!\Utilisateur de Vista : Clique droit sur le logo de MBR, « exécuter en tant qu'Administrateur »

Un rapport sera généré : mbr.log 

@+

carop09 · Answer

Rapport MDR : 

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: Hitachi_ rev.FC4O -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

juju666 · Answer

je préfère un rapport ainsi....:)

ton pc est propre. peux tu réaliser un rapport zhpdiag de contrôle? et l'héberger sur cijoint.

@+

carop09 · Answer

Rapport ZHPDiag : http://www.cijoint.fr/cjlink.php?file=cj201101/cijsz69jnS.txt

juju666 · Answer

Hello :)

&#9654 Copie tout le texte présent dans la balise code ci-dessous ( tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )  


R3 - URLSearchHook: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) (5, 3, 2, 0) -- C:\Program Files\Softonic_France_FF	bSoft.dll
R3 - URLSearchHook: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) (5, 3, 2, 0) -- C:\Program Files\Softonic_France_FF	bSoft.dll
O2 - BHO: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Softonic_France_FF	bSoft.dll
O3 - Toolbar: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Softonic_France_FF	bSoft.dll
O42 - Logiciel: Softonic_France_FF Toolbar - (.Pas de propriétaire.) [HKLM] -- Softonic_France_FF Toolbar  
[HKCU\Software\AppDataLow\Software\Softonic_France_FF]    
[HKLM\Software\Softonic_France_FF]    
O43 - CFD: 3/27/2010 - 5:35:16 PM ----D- C:\Program Files\Softonic_France_FF  



&#9654 Puis Lance ZHPFix depuis le raccourci du bureau . 

&#9654 Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) . 

&#9654 Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent . 

&#9654 Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre. 

&#9654 Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ". 

&#9654 Copie/Colle le rapport à l'écran dans ton prochain message 

&#9654 (le rapport se trouve aussi dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport.txt)  

Enfin pour terminer les procédures de fin :


&#9654 télécharge Ccleaner et enregistre le sur le bureau 

&#9654 double-clique sur le fichier pour lancer l'installation 

/!\Utilisateur de Vista et windows 7 : Clique droit sur le logo de Ccleaner, « exécuter en tant qu'administrateur » 

&#9654 sur la fenêtre de l'installation langage bien choisir français et OK 
&#9654 clique sur suivant 
&#9654 lis la licence et j'accepte 
&#9654 cliques sur suivant 
&#9654 là tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner 
&#9654 cliques sur installer 
&#9654 cliques sur fermer 
&#9654 double-cliques sur l'icône de Ccleaner pour l'ouvrir 
&#9654 &#9654 une fois ouvert tu cliques sur option et puis avancé 
&#9654 tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 24 heures 
&#9654 &#9654 cliques sur nettoyeur 
&#9654cliques sur windows et dans la colonne avancé 
&#9654coches la première case vieilles données du perfetch que celle-la ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la 
&#9654 cliques sur analyse une fois l'analyse terminé 
&#9654 cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien 
&#9654 &#9654 cliques maintenant sur registre et puis sur rechercher les erreurs 
&#9654 laisses tout cochées et cliques sur réparrer les erreurs sélectionnées 
&#9654 il te demande de sauvegarder OUI 
&#9654 tu lui donnes un nom pour pouvoir la retrouver et enregistre 
&#9654 cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK 
&#9654 il supprime et fermer tu vérifies en relançant rechercher les erreurs 
&#9654 tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch 
&#9654 tu peux fermer Ccleaner 

------ 

&#9654 &#9654 pour supprimer les outils de désinfection :

&#9654 Télécharge Delfix sur ton bureau : 

&#9654 Clique sur le bouton « Suppression » et poste son rapport sur ton prochain message 
&#9654 &#9654 Pour le désinstaller, il suffit de le relancer et cliquer sur le bouton de désinstallation. 

------ 

&#9654 Désactivation, puis Réactivation de la restauration système après désinfection : 

Il est nécessaire de désactiver puis réactiver la restauration système pour la purger car les points de restauration peuvent être infectés : 

XP/Vista : http://www.forum-fec.net/t97-purger-la-restauration-du-systeme
Seven: http://www.forum-fec.net/faq-tutoriel-astuces-f10/purger-la-restauration-du-systeme-sous-windows-7-t142.htm

------ 

Tu peux lire ce sujet sur les logiciels recommandés, et les attitudes responsables sur le web 
Et celui ci, sur les logiciels gratuits à éviter 

------ 

Mise à jour Windows : 

Windows Update XP (uniquement avec Internet Explorer): http://update.microsoft.com/windowsupdate/v6/thanks.aspx?ln=fr&&thankspage=5

Windows Update Vista/Seven : cliquer sur le logo windows, dans la rechercher taper "Windows Update", cliquer sur le résultat.

-----

&#9654 Mets à jour Java : https://www.java.com/fr/download/uninstalltool.jsp  

&#9654 Désinstaller les anciennes versions de Java :  

&#9654 Télécharge JavaRa.zip  

&#9654 Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)  

&#9654 Double-clique sur le répertoire JavaRa obtenu.  

&#9654 Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)  

&#9654 Clique sur Remove Older Versions.  

&#9654 Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.  

&#9654 Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.  

&#9654 Note : le rapport se trouve aussi là : ( C:\JavaRa.log )  

&#9654 Tu peux fermer l'application   

&#9654 &#9654 Met à jour Adobe : 

&#9654 Reader : https://get2.adobe.com/fr/reader/otherversions/
&#9654 &#9654 Décocher le scan Macàfric

&#9654 Flash Player: https://get.adobe.com/flashplayer/?loc=fr

-----

Tu peux garder Malwarebytes pour un scan de temps à autres 

----- 

&#9654 &#9654 Pense à marquer le fil comme résolu  


Si tu as d'autres questions, je t'écoute avec plaisir ;)

@+

carop09 · Answer

Rapport de ZHPFix 1.12.3233 par Nicolas Coolman, Update du 30/12/2010
Fichier d'export Registre : C:\ZHPExportRegistry-1-4-2011-6-45-12 PM.txt
Run by Piquemal at 1/4/2011 6:45:12 PM
Windows 7 Home Premium Edition, 32-bit  (Build 7600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

========== Clé(s) du Registre ==========
O2 - BHO: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Softonic_France_FF	bSoft.dll  => Clé absente
HKCU\Software\AppDataLow\Software\Softonic_France_FF  => Clé absente
HKLM\Software\Softonic_France_FF  => Clé absente

========== Valeur(s) du Registre ==========
R3 - URLSearchHook: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) (5, 3, 2, 0) -- C:\Program Files\Softonic_France_FF	bSoft.dll  => Valeur absente
O3 - Toolbar: Softonic France FF Toolbar - {6d6b212b-2245-4898-8b16-9a11b81ff9e1} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Softonic_France_FF	bSoft.dll  => Valeur absente

========== Dossier(s) ==========
C:\Program Files\Softonic_France_FF  => Dossier absent

========== Fichier(s) ==========
c:\program files\softonic_france_ff	bsoft.dll ()   => Fichier absent

========== Logiciel(s) ==========
O42 - Logiciel: Softonic_France_FF Toolbar - (.Pas de propriétaire.) [HKLM] -- Softonic_France_FF Toolbar  => Logiciel supprimé avec succès


========== Récapitulatif ==========
3 : Clé(s) du Registre
2 : Valeur(s) du Registre
1 : Dossier(s)
1 : Fichier(s)
1 : Logiciel(s)


End of the scan

carop09 · Answer

########## DelFix - Nettoyeur d'outils de désinfection ##########
#
# DelFix v6.9 - Rapport créé le 04/01/2011 à 18:56
# Mis à jour le 19/12/10 à 16h40 par Xplode
# Système d'exploitation : Windows 7 Home Premium (32 bits) [version 6.1.7600] 
# Nom d'utilisateur : Piquemal - PC-PIQUEMAL (Administrateur)
# Exécuté depuis : C:\Users\Piquemal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I21DF2AX\DelFix[1].exe
# Option [Suppression]


~~~~~~ Dossier(s) ~~~~~~

-> C:\Qoobox\BackEnv ... ACL modifié avec succès.
Supprimé : C:\Qoobox
Supprimé : C:\Combofix
Supprimé : C:\Program Files\Ad-Remover
Supprimé : C:\Program Files\ZHPDiag
Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

~~~~~~ Fichier(s) ~~~~~~

Supprimé : C:\ComboFix.txt
Supprimé : C:\Ad-Report-CLEAN[1].txt
Supprimé : C:\TDSSKiller.2.4.12.0_03.01.2011_06.52.45_log.txt
Supprimé : C:\windows\grep.exe
Supprimé : C:\windows\PEV.exe
Supprimé : C:\windows\NIRCMD.exe
Supprimé : C:\windows\MBR.exe
Supprimé : C:\windows\sed.exe
Supprimé : C:\windows\SWREG.exe
Supprimé : C:\windows\SWSC.exe
Supprimé : C:\windows\SWXCACLS.exe
Supprimé : C:\windows\zip.exe
Supprimé : C:\Users\Piquemal\Desktop\ComboFix.exe
Supprimé : C:\Users\Piquemal\Desktop\mbr.exe
Supprimé : C:\Users\Piquemal\Desktop\mbr.log
Supprimé : C:\Users\Piquemal\Desktop\AD-R.lnk
Supprimé : C:\Users\Piquemal\Desktop\Defogger.exe
Supprimé : C:\Users\Piquemal\Desktop\defogger_disable.log
Supprimé : C:\Users\Piquemal\Desktop\defogger_enable.log
Supprimé : C:\Users\Piquemal\Desktop\ZHPDiag (2).txt
Supprimé : C:\Users\Piquemal\Desktop\ZHPDiag.txt
Supprimé : C:\Users\Piquemal\Desktop\ZHPDiag4.txt
Supprimé : C:\Users\Piquemal\Desktop\ZHPFixReport.txt
Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk
Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk
Supprimé : C:\Users\Public\Desktop\MBRCheck.lnk

~~~~~~ Registre ~~~~~~

Clé Supprimée : HKCU\SOFTWARE\Ad-Remover
Clé Supprimée : HKLM\Software\swearware
Clé Supprimée : HKLM\Software\Classes\.cfxxe
Clé Supprimée : HKLM\Software\Classes\cfxxefile
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~~~~~~ Autre ~~~~~~


########## EOF - "C:\DelFixSuppr.txt" - [2504 octets] ##########

carop09 · Answer

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jan 04 19:38:50 2011

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.



JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jan 04 19:48:54 2011

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.

juju666 · Answer

C'est tout bon ;)

Si tu as la moindre question sur ces dernières procédures, n'hésite pas.
@+

carop09 · Answer

ça y est à part adobe flash player qui a merdé je réessaie demain. Mille merci pour ton aide (enfin votre aide à tous) et ta patience.

@+
carop09

juju666 · Answer

pas de soucis ;)

@+

Combofix

53 réponses

Votre réponse

Discussions similaires

Newsletters