Pages qui s'ouvrent toutes seules

Résolu/Fermé

erduche - 18 févr. 2011 à 17:13
erduche - 24 févr. 2011 à 01:17

Bonjour,

J'ai souvent des pages qui s'ouvrent après celle que je cherche, de la pub ou autres ...monn ordi est ralenti aussi depuis quelques temps, j'ai fait des vérif avec malwabytes , nettoyé avec clceaner et spyboat ainsi que avast mais rien de bien changé.

Quelqu'un pourrait-il me donner un tuyaux svp?

Merci à l'avance,Eric

A voir également:

Pages qui s'ouvrent toutes seules
Supprimer des pages sur word - Guide
Comment enlever les applications qui s'ouvrent au démarrage - Guide
Comment bloquer les fenêtres publicitaires qui s'ouvrent toutes seules - Guide
Comment numéroter les pages sur word - Guide

11 réponses

Réponse 1 / 11

Utilisateur anonyme
18 févr. 2011 à 17:15

Bonjour

Pour de plus amples informations, fait ceci stp

Ouvre ce lien et télécharge ZHPDiag de Nicolas Coolman :

https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

Ou

https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/

Serveur N°2

Ou

http://www.premiumorange.com/zeb-help-process/zhpdiag.html
en bas de la page ZHP avec un numéro de version.

Une fois le téléchargement achevé, dé zippe le fichier obtenu et place ZHPDiag.exe sur ton Bureau.

Double-clique sur l'icône pour lancer le programme. Sous Vista ou Seven clic droit « exécuter en tant que administrateur »

Clique sur la loupe pour lancer l'analyse.

Laisse l'outil travailler, il peut être assez long.

Ferme ZHPDiag en fin d'analyse.

Pour transmettre le rapport clique sur ce lien :

http://www.cijoint.fr/index.php
Clique sur Parcourir et cherche le répertoire où est installé ZHPDiag (en général C:\Program Files\ZHPDiag).

Sélectionne le fichier ZHPDiag.txt.

Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt

est ajouté dans la page.

Copie ce lien dans ta réponse.

Merci

A+

erduche
18 févr. 2011 à 17:26

Bonsoir,

Merci pour l'aide, le soucis est que quand je veux déposer le rapport ca me donne une page vierge du type hors connexion..??? j'ai essayé 4 fois ca veux pas prendre le rapport

erduche
18 févr. 2011 à 17:45

bonsoir,

toujours pas la possibilité de faire télécharger le rapport, j'arrive toujours à une page vierge qui s'ouvre du genre "perte de la connexion"

Utilisateur anonyme
18 févr. 2011 à 18:52

Bonsoir

il faut un peu insister...

erduche
19 févr. 2011 à 10:50

bonjour,

J'ai beau insister j'ai toujours une page" internet ne peut pas afficher ..."
????

erduche
20 févr. 2011 à 20:16

re

ok,je viens de le faire

cordialement

Réponse 2 / 11

Utilisateur anonyme
19 févr. 2011 à 11:22

Bonjour

Passons à la taille supérieure;

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Ou ici : https://forospyware.com
>Renomme le pour l'enregistrer sur ton bureau en asdehi (tout simplement pour que l'infection ne le contre pas)
-> Double clique combofix.exe.(ou clic droit sous vista « exécuter en tant que... » )
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe ; (ou clic droit sous vista « exécuter en tant que... »)

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

- Installe le console de récupération comme demandé ;utile en cas de plantage

- Attention Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programme. Risque de figer l'ordinateur

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\ : risque de figer l'ordinateur (plantage complet)

::Si combofix détecte quelque chose et de demande a redémarrer tu acceptes

@+

erduche
19 févr. 2011 à 17:35

bonjour,

J'ai lancé combofix voila le rapport:

ComboFix 11-02-16.01 - utilisateur 20/02/2011 17:18:05.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1789.1370 [GMT 10:00]
Lancé depuis: c:\documents and settings\utilisateur\Bureau\enrit.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\utilisateur\Application Data\6E93121C426F92DD1B6E3AC2B072D792
c:\documents and settings\utilisateur\Application Data\6E93121C426F92DD1B6E3AC2B072D792\enemies-names.txt
c:\documents and settings\utilisateur\Application Data\6E93121C426F92DD1B6E3AC2B072D792\local.ini
c:\documents and settings\utilisateur\Application Data\6E93121C426F92DD1B6E3AC2B072D792\lsrslt.ini
c:\documents and settings\utilisateur\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\utilisateur\Application Data\Adobe\plugs
c:\windows\system32\setting.ini
c:\windows\system32\tmp.reg

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4

((((((((((((((((((((((((((((( Fichiers créés du 2011-01-20 au 2011-02-20 ))))))))))))))))))))))))))))))))))))
.

2011-02-20 07:03 . 2011-02-20 07:05 -------- d-----w- C:\32788R22FWJFW
2011-02-13 09:30 . 2011-02-19 07:24 -------- d-----w- c:\program files\ZHPDiag
2011-02-13 01:15 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-13 01:15 . 2011-02-13 01:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-13 01:15 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-12 02:29 . 2011-02-12 02:29 172956 ----a-w- c:\windows\mc76412.exe
2011-02-05 05:10 . 2011-02-05 05:10 -------- d-----w- c:\documents and settings\utilisateur\Local Settings\Application Data\Help
2011-02-05 02:14 . 2011-02-05 02:14 -------- d-----w- c:\documents and settings\utilisateur\Application Data\ElevatedDiagnostics
2011-02-04 05:45 . 2011-02-04 05:45 -------- d-----w- c:\program files\CCleaner
2011-02-01 23:20 . 2003-09-09 11:54 73728 ----a-w- c:\windows\system32\lxblpwr.dll
2011-02-01 23:20 . 2003-07-28 18:36 78336 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LXBLPP5C.DLL
2011-02-01 23:20 . 2003-03-25 23:22 286720 ----a-w- c:\windows\system32\lxblcomm.dll
2011-02-01 23:20 . 2002-11-13 00:40 40960 ----a-w- c:\windows\system32\lxblvs.dll
2011-02-01 23:20 . 2011-02-01 23:20 -------- d-----w- c:\program files\Lexmark Z700-P700 Series
2011-02-01 23:20 . 2003-08-28 23:20 200192 ----a-w- c:\windows\system32\LEXLMPM.DLL
2011-02-01 23:20 . 2003-08-28 22:57 197120 ----a-w- c:\windows\system32\LEX2KUSB.DLL
2011-02-01 23:20 . 2003-08-28 22:54 307200 ----a-w- c:\windows\system32\LEXBCES.EXE
2011-02-01 23:20 . 2003-08-28 22:51 147456 ----a-w- c:\windows\system32\LEXBCE.DLL
2011-02-01 23:20 . 2003-08-28 22:50 174592 ----a-w- c:\windows\system32\LEXPPS.EXE
2011-02-01 23:20 . 2003-08-28 22:49 201216 ----a-w- c:\windows\system32\LEXP2P32.DLL
2011-02-01 23:19 . 1997-04-18 01:49 298496 ----a-w- c:\windows\unin040c.exe
2011-02-01 23:19 . 2011-02-01 23:19 -------- d-----w- C:\Lxk700
2011-01-27 12:28 . 2011-01-27 12:28 -------- d-----w- c:\documents and settings\utilisateur\Local Settings\Application Data\Western Digital

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 08:47 . 2010-02-26 07:19 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-13 08:41 . 2010-02-26 07:20 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-13 08:40 . 2010-02-26 07:20 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-13 08:40 . 2010-01-15 07:08 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-13 08:39 . 2010-01-15 07:08 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-13 08:37 . 2010-01-15 07:08 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-13 08:37 . 2010-01-15 07:08 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-13 08:37 . 2010-02-26 07:20 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-31 20:06 . 2010-07-17 23:27 38848 ----a-w- c:\windows\avastSS.scr
2010-12-16 08:28 . 2010-12-16 08:28 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2009-11-06 14:24 . 2009-11-06 14:25 774144 ----a-w- c:\program files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b147115e-a9d5-4c3e-8d97-0ee812b6638b}"= "c:\program files\GeoMundos\tbGeo2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{b147115e-a9d5-4c3e-8d97-0ee812b6638b}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b147115e-a9d5-4c3e-8d97-0ee812b6638b}"= "c:\program files\GeoMundos\tbGeo2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{b147115e-a9d5-4c3e-8d97-0ee812b6638b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B147115E-A9D5-4C3E-8D97-0EE812B6638B}"= "c:\program files\GeoMundos\tbGeo2.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{b147115e-a9d5-4c3e-8d97-0ee812b6638b}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 3396624]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccelerometerSysTrayApplet]
2008-06-09 07:10 82224 ----a-w- c:\windows\system32\accelerometerST.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 15:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-19 11:23 133104 ----atw- c:\documents and settings\utilisateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:34 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 08:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-06-03 15:40 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2008-03-24 12:43 884736 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2008-04-04 14:09 1044480 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-08-18 15:00 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-27 17:28 1040384 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"npggsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\utilisateur\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\utilisateur\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\lsass.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4004:TCP"= 4004:TCP:wfuxxzxm
"56441:TCP"= 56441:TCP:Pando Media Booster
"56441:UDP"= 56441:UDP:Pando Media Booster

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [19/12/2008 9:47 PM 36328]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28/03/2008 7:14 PM 24064]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26/02/2010 5:20 PM 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26/02/2010 5:20 PM 17744]
R2 MemChecker;Memory checker;c:\windows\mc76412.exe [12/02/2011 12:29 PM 172956]
S0 ywkbxv;ywkbxv;c:\windows\system32\drivers\jsmrbe.sys --> c:\windows\system32\drivers\jsmrbe.sys [?]
S2 oeuyfkvqt;Universal Shell;c:\windows\system32\svchost.exe -k netsvcs [5/08/2004 10:00 PM 14336]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [19/12/2008 6:35 PM 193840]
S4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
oeuyfkvqt
.
Contenu du dossier 'Tâches planifiées'

2011-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-839522115-725345543-1004Core.job
- c:\documents and settings\utilisateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-19 11:23]

2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-839522115-725345543-1004UA.job
- c:\documents and settings\utilisateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-19 11:23]

2011-02-20 c:\windows\Tasks\User_Feed_Synchronization-{9BA81DC4-E57C-4C1D-8DBB-640A74D8153D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{B2B220C1-A502-59BD-F413-02B52A2C8952} - (no file)
SharedTaskScheduler-{B2B220C1-A502-59BD-F413-02B52A2C8952} - (no file)
MSConfigStartUp-btpSTJvAQv - c:\docume~1\UTILIS~1\LOCALS~1\Temp\btpSTJvAQv.exe
MSConfigStartUp-CxeHibufsy - c:\docume~1\UTILIS~1\LOCALS~1\Temp\CxeHibufsy.exe
MSConfigStartUp-Czomofuqoq - c:\windows\apicp70.dll
MSConfigStartUp-Msn Messsenger - c:\windows\system32\regsvr.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-20 17:29
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3812)
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\System32\SCardSvr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast5\setup\avast.setup
.
**************************************************************************
.
Heure de fin: 2011-02-20 17:33:32 - La machine a redémarré
ComboFix-quarantined-files.txt 2011-02-20 07:33

Avant-CF: 20,530,606,080 octets libres
Après-CF: 20,703,350,784 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

- - End Of File - - 1642B7CCD594EB218F9564890C0F36A2

Réponse 3 / 11

Utilisateur anonyme
19 févr. 2011 à 17:47

Re

Rends toi sur ce site :

https://www.virustotal.com/gui/

Clique sur " parcourir ", cherche un fichier à la fois :

c:\windows\system32\lxblpwr.dll
c:\windows\system32\Spool\prtprocs\w32x86\LXBLPP5C.DLL
c:\windows\system32\lxblcomm.dll
c:\windows\system32\lxblvs.dll
c:\program files\Lexmark Z700-P700 Series
c:\windows\system32\drivers\jsmrbe.sys

Clique sur Send File.

Un rapport va s'élaborer ligne à ligne.

Attends la fin. Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport en copiant le lien de Virus Total. (C'est mieux)

Copie le lien du rapport dans ta réponse et fait le pour chaque fichier ; merci

(!) Si Virus Total indique que le fichier a déjà été analysé, cliquer sur le bouton. Ré analyser le fichier maintenant

@+

erduche
19 févr. 2011 à 19:09

Bonsoir,

2 fichiers sont introuvables....???
c:\program files\Lexmark Z700-P700 Series
c:\windows\system32\drivers\jsmrbe.sys

sinon:

File name: lxblpwr.dll
Submission date: 2011-02-19 17:01:36 (UTC)
Current status: queued (#44) queued (#44) analysing finished

Result: 0/ 43 (0.0%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.02.14.02 2011.02.14 -
AntiVir 7.11.3.164 2011.02.19 -
Antiy-AVL 2.0.3.7 2011.02.19 -
Avast 4.8.1351.0 2011.02.19 -
Avast5 5.0.677.0 2011.02.19 -
AVG 10.0.0.1190 2011.02.19 -
BitDefender 7.2 2011.02.19 -
CAT-QuickHeal 11.00 2011.02.19 -
ClamAV 0.96.4.0 2011.02.19 -
Commtouch 5.2.11.5 2011.02.19 -
Comodo 7737 2011.02.18 -
DrWeb 5.0.2.03300 2011.02.19 -
Emsisoft 5.1.0.2 2011.02.19 -
eSafe 7.0.17.0 2011.02.17 -
eTrust-Vet 36.1.8170 2011.02.18 -
F-Prot 4.6.2.117 2011.02.18 -
F-Secure 9.0.16160.0 2011.02.19 -
Fortinet 4.2.254.0 2011.02.19 -
GData 21 2011.02.19 -
Ikarus T3.1.1.97.0 2011.02.19 -
Jiangmin 13.0.900 2011.02.19 -
K7AntiVirus 9.87.3906 2011.02.19 -
Kaspersky 7.0.0.125 2011.02.19 -
McAfee 5.400.0.1158 2011.02.19 -
McAfee-GW-Edition 2010.1C 2011.02.18 -
Microsoft 1.6502 2011.02.19 -
NOD32 5889 2011.02.19 -
Norman 6.07.03 2011.02.19 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.02.18 -
PCTools 7.0.3.5 2011.02.19 -
Prevx 3.0 2011.02.19 -
Rising 23.45.04.06 2011.02.18 -
Sophos 4.61.0 2011.02.19 -
SUPERAntiSpyware 4.40.0.1006 2011.02.19 -
Symantec 20101.3.0.103 2011.02.19 -
TheHacker 6.7.0.1.132 2011.02.17 -
TrendMicro 9.200.0.1012 2011.02.19 -
TrendMicro-HouseCall 9.200.0.1012 2011.02.15 -
VBA32 3.12.14.3 2011.02.18 -
VIPRE 8474 2011.02.19 -
ViRobot 2011.2.19.4319 2011.02.19 -
VirusBuster 13.6.209.3 2011.02.19 -
Additional informationShow all
MD5 : ab52948358ae20c92b87990e44e05507
SHA1 : 6fbc2bdec84897d0502b7c702b8340caa915640f
SHA256: e9359c8d35693484a2fa1e3319c72d5fee50ed7ab7a97f04d13e4abd8ed7883f
ssdeep: 768:pT43z3Y8xjdgSSpbyywTtUB2qqc2ZcojG47xJmS0JrhoS+rJA9U:pT43tQpOJTtUgLTLmR1
onrJA9
File size : 73728 bytes
First seen: 2009-10-06 20:19:58
Last seen : 2011-02-19 17:01:36
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Lexmark International, Inc.
copyright....: Copyright (c) 2000 Lexmark International, Inc.
product......: Lexmark POR monitor
description..: Lexmark ColorFine POR Monitor
original name: n/a
internal name: n/a
file version.: 0, 1, 61, 1
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEiD: Armadillo v1.xx - v2.xx
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x3FA4
timedatestamp....: 0x3F5ECB2D (Wed Sep 10 06:56:45 2003)
machinetype......: 0x14c (I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x7BB2, 0x8000, 6.47, 4f9d2735e55e9c82848db12d944d9696
.rdata, 0x9000, 0x15D7, 0x2000, 3.81, c0a9d16e8aab7315fc5748d11a602d16
.data, 0xB000, 0x3D88, 0x4000, 1.75, d95231597b53b48cb807bec49d0a2def
.rsrc, 0xF000, 0x3E0, 0x1000, 1.02, b9931c8b411d4777a9af628fe7669a29
.reloc, 0x10000, 0x111E, 0x2000, 2.77, 50d5fb201574906b78d905d8df3d6cb4

[[ 4 import(s) ]]
KERNEL32.dll: Sleep, LoadLibraryA, lstrcatA, GetSystemDirectoryA, FreeLibrary, CreateThread, GetProcAddress, LocalAlloc, OutputDebugStringA, lstrlenA, lstrcpyA, FormatMessageA, DisableThreadLibraryCalls, GetModuleFileNameA, GetVersion, LocalFree, GetLastError, RaiseException, LCMapStringW, ExitProcess, MultiByteToWideChar, LCMapStringA, GetStringTypeW, GetStringTypeA, GetOEMCP, GetACP, IsBadCodePtr, EnterCriticalSection, InitializeCriticalSection, InterlockedExchange, DeleteCriticalSection, LeaveCriticalSection, RtlUnwind, InterlockedDecrement, InterlockedIncrement, GetCommandLineA, HeapFree, CloseHandle, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, HeapAlloc, WideCharToMultiByte, FreeEnvironmentStringsW, GetEnvironmentStrings, SetUnhandledExceptionFilter, GetCPInfo, TerminateProcess, GetCurrentProcess, HeapReAlloc, HeapSize, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, IsBadWritePtr, IsBadReadPtr, GetEnvironmentStringsW, GetModuleHandleA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, WriteFile, VirtualAlloc
USER32.dll: UnregisterClassA, ShowWindow, TranslateMessage, SendMessageA, DispatchMessageA, RegisterClassA, GetMessageA, UpdateWindow, wvsprintfA, DefWindowProcA, PostQuitMessage, FindWindowA, LoadCursorA, CreateWindowExA
WINSPOOL.DRV: OpenPrinterA, GetPrinterA, EnumJobsA, SetJobA
ADVAPI32.dll: RegQueryValueExA, RegEnumKeyExA, RegCloseKey, RegOpenKeyExA

[[ 2 export(s) ]]
StartPORMonitor, StopPORMonitor

ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 32768
CompanyName: Lexmark International, Inc.
EntryPoint: 0x3fa4
FileDescription: Lexmark ColorFine POR Monitor
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 72 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 0, 1, 61, 1
FileVersionNumber: 0.0.0.0
ImageVersion: 0.0
InitializedDataSize: 36864
LanguageCode: English (U.S.)
LegalCopyright: Copyright 2000 Lexmark International, Inc.
LegalTrademarks: Lexmark ColorFine is a trademark of Lexmark International, Inc.
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Dynamic link library
PEType: PE32
ProductName: Lexmark POR monitor
ProductVersion: 0, 1, 61, 1
ProductVersionNumber: 0.0.0.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2003:09:10 08:56:45+02:00
UninitializedDataSize: 0

VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team

File name: LXBLPP5C.DLL
Submission date: 2011-02-19 17:11:57 (UTC)
Current status: queued queued analysing finished

Result: 0/ 42 (0.0%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.02.14.02 2011.02.14 -
AntiVir 7.11.3.164 2011.02.19 -
Antiy-AVL 2.0.3.7 2011.02.19 -
Avast 4.8.1351.0 2011.02.19 -
Avast5 5.0.677.0 2011.02.19 -
AVG 10.0.0.1190 2011.02.19 -
BitDefender 7.2 2011.02.19 -
CAT-QuickHeal 11.00 2011.02.19 -
ClamAV 0.96.4.0 2011.02.19 -
Commtouch 5.2.11.5 2011.02.19 -
Comodo 7739 2011.02.19 -
DrWeb 5.0.2.03300 2011.02.19 -
eSafe 7.0.17.0 2011.02.17 -
eTrust-Vet 36.1.8170 2011.02.18 -
F-Prot 4.6.2.117 2011.02.18 -
F-Secure 9.0.16160.0 2011.02.19 -
Fortinet 4.2.254.0 2011.02.19 -
GData 21 2011.02.19 -
Ikarus T3.1.1.97.0 2011.02.19 -
Jiangmin 13.0.900 2011.02.19 -
K7AntiVirus 9.87.3906 2011.02.19 -
Kaspersky 7.0.0.125 2011.02.19 -
McAfee 5.400.0.1158 2011.02.19 -
McAfee-GW-Edition 2010.1C 2011.02.18 -
Microsoft 1.6502 2011.02.19 -
NOD32 5889 2011.02.19 -
Norman 6.07.03 2011.02.19 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.02.18 -
PCTools 7.0.3.5 2011.02.19 -
Prevx 3.0 2011.02.19 -
Rising 23.45.04.06 2011.02.18 -
Sophos 4.61.0 2011.02.19 -
SUPERAntiSpyware 4.40.0.1006 2011.02.19 -
Symantec 20101.3.0.103 2011.02.19 -
TheHacker 6.7.0.1.132 2011.02.17 -
TrendMicro 9.200.0.1012 2011.02.19 -
TrendMicro-HouseCall 9.200.0.1012 2011.02.15 -
VBA32 3.12.14.3 2011.02.18 -
VIPRE 8474 2011.02.19 -
ViRobot 2011.2.19.4319 2011.02.19 -
VirusBuster 13.6.209.3 2011.02.19 -
Additional informationShow all
MD5 : 50698b44c53cadd52d1534676a9744c3
SHA1 : 5f5ff62ff7fe9d2346ca8dd78453a92227cdaa19
SHA256: 73695d0100930b1fa1b3d85f5d7cd7963525a4fa0b0162d26dc93b2f47820355
ssdeep: 1536:w2gsgYfs4w5s3m/4TtiNSTP3rYbFsH8vNy:w2zgaiO3mgTYSTP3rY+HI
File size : 78336 bytes
First seen: 2009-07-17 06:36:16
Last seen : 2011-02-19 17:11:57
TrID:
Windows Screen Saver (39.4%)
Win32 Executable Generic (25.6%)
Win32 Dynamic Link Library (generic) (22.8%)
Generic Win/DOS Executable (6.0%)
DOS Executable Generic (6.0%)
sigcheck:
publisher....:
copyright....:
product......: Inkjet Printer
description..: Print Processor
original name: lexprint.dll
internal name: lexprint.dll
file version.: 1.0.0.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x0
timedatestamp....: 0x3F267750 (Tue Jul 29 13:32:00 2003)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xCABC, 0xCC00, 5.92, 25552a7cd91025d67a6c9fd9a329f28e
.rdata, 0xE000, 0x3B4A, 0x3C00, 4.24, 2a00a44e36dc28a3c000b4cac73bd950
.data, 0x12000, 0x126C, 0x1400, 3.08, e05696a2a749670f5a8aab726fe14bb7
.edata, 0x14000, 0xFF, 0x200, 2.87, e5425f28f4fd0bde71d8aab9ecb61dc4
.rsrc, 0x15000, 0x2F0, 0x400, 2.39, 765a780c53177becc1ec6eb365621ae4
.reloc, 0x16000, 0xB06, 0xC00, 5.81, eb2b9b03fbfa92c0bfdb977b0f353cad

[[ 8 import(s) ]]
ntdll.dll: RtlUnwind, wcstombs, wcsncpy, wcsstr, wcsncmp, _wcsnicmp, wcschr, iswctype, wcstoul, _wcsicmp, _chkstk, memset, abs, memcpy, wcscmp, memcmp, _ftol, wcscpy, wcsrchr, wcscat, wcslen, wcsncat
KERNEL32.dll: DisconnectNamedPipe, GetCurrentProcessId, ProcessIdToSessionId, GetCurrentThread, ConnectNamedPipe, WinExec, CreateNamedPipeW, GetFileType, GetLogicalDriveStringsW, lstrcpyW, ResetEvent, SetEvent, CreateEventW, SetLastError, lstrlenW, GetSystemDirectoryW, LoadLibraryW, GetProcAddress, FreeLibrary, Sleep, ReadFile, SetFilePointer, OutputDebugStringW, CreateFileW, WriteFile, CloseHandle, lstrcatW, CreateDirectoryW, GetVersionExW, GetTempPathW, GetTempFileNameW, lstrcmpiA, DeleteFileW, GlobalAlloc, WaitForSingleObject, GetLastError, CopyFileW, GlobalFree
USER32.dll: wsprintfW, MessageBoxW, FindWindowW
GDI32.dll: GetWorldTransform, CreateDIBPatternBrushPt, SetBkColor, GdiGetDevmodeForPage, SetWorldTransform, DeleteDC, SetGraphicsMode, GdiPlayEMF, SaveDC, StartPage, ExtSelectClipRgn, EndPage, RestoreDC, ModifyWorldTransform, StartDocW, SetROP2, SetBrushOrgEx, StrokePath, SetPolyFillMode, FillPath, StrokeAndFillPath, PatBlt, SetStretchBltMode, GetColorAdjustment, SetColorAdjustment, StretchDIBits, CreateFontIndirectW, SelectObject, SetTextColor, ExtTextOutW, BeginPath, MoveToEx, PolyBezierTo, PolylineTo, CloseFigure, EndPath, ExtCreateRegion, SelectClipPath, CreatePenIndirect, SetMiterLimit, ExtCreatePen, CreateBrushIndirect, EndDoc, CancelDC, SetTextAlign, GdiGetSpoolFileHandle, GdiGetDC, GdiGetPageCount, DeleteObject, GdiStartDocEMF, GdiEndDocEMF, GdiDeleteSpoolFileHandle, GetTextMetricsW, TextOutA, AbortDoc, ExtEscape, GetDeviceCaps, GdiPlayPageEMF, GdiGetPageHandle, CreateDCW, ResetDCW, GdiResetDCEMF, GdiEndPageEMF, SetBkMode, GdiStartPageEMF
SPOOLSS.DLL: GetJobAttributes, ReadPrinter, GetPrinterDataW, StartDocPrinterW, EndDocPrinter, WritePrinter, SplInitializeWinSpoolDrv, GetPrinterW, OpenPrinterW, SetJobW, ClosePrinter, ScheduleJob, GetJobW, AddJobW
MSVCRT.dll: malloc
ADVAPI32.dll: DuplicateTokenEx, ImpersonateSelf, OpenThreadToken, ImpersonateLoggedOnUser, RegCloseKey, CreateProcessAsUserW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegOpenKeyExW, RegQueryValueExW
USERENV.dll: CreateEnvironmentBlock, DestroyEnvironmentBlock

[[ 6 export(s) ]]
ClosePrintProcessor, ControlPrintProcessor, EnumPrintProcessorDatatypesW, InstallPrintProcessor, OpenPrintProcessor, PrintDocumentOnPrintProcessor

ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 52224
CompanyName:
EntryPoint: 0x0000
FileDescription: Print Processor
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 76 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 1.0.0.0
FileVersionNumber: 1.0.0.0
ImageVersion: 5.0
InitializedDataSize: 25088
InternalName: lexprint.dll
LanguageCode: Neutral
LegalCopyright:
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.0
ObjectFileType: Dynamic link library
OriginalFilename: lexprint.dll
PEType: PE32
ProductName: Inkjet Printer
ProductVersion: 1.0.0.0
ProductVersionNumber: 1.0.0.0
Subsystem: Native
SubsystemVersion: 5.0
TimeStamp: 2003:07:29 15:32:00+02:00
UninitializedDataSize: 0

VT Community

File name: lxblvs.dll
Submission date: 2011-02-19 17:15:41 (UTC)
Current status: queued (#47) queued analysing finished

Result: 0/ 43 (0.0%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.02.14.02 2011.02.14 -
AntiVir 7.11.3.164 2011.02.19 -
Antiy-AVL 2.0.3.7 2011.02.19 -
Avast 4.8.1351.0 2011.02.19 -
Avast5 5.0.677.0 2011.02.19 -
AVG 10.0.0.1190 2011.02.19 -
BitDefender 7.2 2011.02.19 -
CAT-QuickHeal 11.00 2011.02.19 -
ClamAV 0.96.4.0 2011.02.19 -
Commtouch 5.2.11.5 2011.02.19 -
Comodo 7739 2011.02.19 -
DrWeb 5.0.2.03300 2011.02.19 -
Emsisoft 5.1.0.2 2011.02.19 -
eSafe 7.0.17.0 2011.02.17 -
eTrust-Vet 36.1.8170 2011.02.18 -
F-Prot 4.6.2.117 2011.02.18 -
F-Secure 9.0.16160.0 2011.02.19 -
Fortinet 4.2.254.0 2011.02.19 -
GData 21 2011.02.19 -
Ikarus T3.1.1.97.0 2011.02.19 -
Jiangmin 13.0.900 2011.02.19 -
K7AntiVirus 9.87.3906 2011.02.19 -
Kaspersky 7.0.0.125 2011.02.19 -
McAfee 5.400.0.1158 2011.02.19 -
McAfee-GW-Edition 2010.1C 2011.02.18 -
Microsoft 1.6502 2011.02.19 -
NOD32 5889 2011.02.19 -
Norman 6.07.03 2011.02.19 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.02.18 -
PCTools 7.0.3.5 2011.02.19 -
Prevx 3.0 2011.02.19 -
Rising 23.45.04.06 2011.02.18 -
Sophos 4.61.0 2011.02.19 -
SUPERAntiSpyware 4.40.0.1006 2011.02.19 -
Symantec 20101.3.0.103 2011.02.19 -
TheHacker 6.7.0.1.132 2011.02.17 -
TrendMicro 9.200.0.1012 2011.02.19 -
TrendMicro-HouseCall 9.200.0.1012 2011.02.15 -
VBA32 3.12.14.3 2011.02.18 -
VIPRE 8474 2011.02.19 -
ViRobot 2011.2.19.4319 2011.02.19 -
VirusBuster 13.6.209.3 2011.02.19 -
Additional informationShow all
MD5 : c0cc3cadf562952665625fc11fbcbf1e
SHA1 : c49fcf4fc5629001a0d02df20be29aaca3e35eee
SHA256: 140cf8321a73906fc62933bf25f11a91b8a323972a4f7768730d510597a2b9c2
ssdeep: 384:SPAb3GBThfmkfJHCMC7jDEir7jCs87l3DyulSAr1X+uJ+cA/8ojw:H2TVmkf9uDZrytDnSg
1X+Z/8o
File size : 40960 bytes
First seen: 2009-02-18 20:10:47
Last seen : 2011-02-19 17:15:41
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEiD: Armadillo v1.xx - v2.xx
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x10F9
timedatestamp....: 0x3DD2B8B5 (Wed Nov 13 20:40:21 2002)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x3F6A, 0x4000, 6.59, 9bfac925f2f6b6bc4f9b92f349a0014f
.rdata, 0x5000, 0xAD9, 0x1000, 4.08, e6761c4126c51dc060c0db23922933b7
.data, 0x6000, 0x3120, 0x3000, 0.67, e5de51aff53d6aeebdcb7517c74b59a0
.reloc, 0xA000, 0xBE4, 0x1000, 2.87, da04607f450fc9104711d61c3868438a

[[ 1 import(s) ]]
KERNEL32.dll: EnterCriticalSection, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, GetLastError, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, DeleteCriticalSection, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, GetModuleHandleA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, WriteFile, InitializeCriticalSection, GetCommandLineA, LeaveCriticalSection, HeapAlloc, GetCPInfo, GetACP, GetOEMCP, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, RtlUnwind, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, InterlockedDecrement, InterlockedIncrement

[[ 1 export(s) ]]
VendorSetup

ExifTool:
file metadata
CodeSize: 16384
EntryPoint: 0x10f9
FileSize: 40 kB
FileType: Win32 DLL
ImageVersion: 0.0
InitializedDataSize: 24576
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2002:11:13 21:40:21+01:00
UninitializedDataSize: 0

VT Community

File name: lxblcomm.dll
Submission date: 2011-02-19 17:16:34 (UTC)
Current status: queued (#43) queued (#43) analysing finished

Result: 0/ 43 (0.0%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.02.14.02 2011.02.14 -
AntiVir 7.11.3.164 2011.02.19 -
Antiy-AVL 2.0.3.7 2011.02.19 -
Avast 4.8.1351.0 2011.02.19 -
Avast5 5.0.677.0 2011.02.19 -
AVG 10.0.0.1190 2011.02.19 -
BitDefender 7.2 2011.02.19 -
CAT-QuickHeal 11.00 2011.02.19 -
ClamAV 0.96.4.0 2011.02.19 -
Commtouch 5.2.11.5 2011.02.19 -
Comodo 7739 2011.02.19 -
DrWeb 5.0.2.03300 2011.02.19 -
Emsisoft 5.1.0.2 2011.02.19 -
eSafe 7.0.17.0 2011.02.17 -
eTrust-Vet 36.1.8170 2011.02.18 -
F-Prot 4.6.2.117 2011.02.18 -
F-Secure 9.0.16160.0 2011.02.19 -
Fortinet 4.2.254.0 2011.02.19 -
GData 21 2011.02.19 -
Ikarus T3.1.1.97.0 2011.02.19 -
Jiangmin 13.0.900 2011.02.19 -
K7AntiVirus 9.87.3906 2011.02.19 -
Kaspersky 7.0.0.125 2011.02.19 -
McAfee 5.400.0.1158 2011.02.19 -
McAfee-GW-Edition 2010.1C 2011.02.19 -
Microsoft 1.6502 2011.02.19 -
NOD32 5889 2011.02.19 -
Norman 6.07.03 2011.02.19 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.02.18 -
PCTools 7.0.3.5 2011.02.19 -
Prevx 3.0 2011.02.19 -
Rising 23.45.04.06 2011.02.18 -
Sophos 4.61.0 2011.02.19 -
SUPERAntiSpyware 4.40.0.1006 2011.02.19 -
Symantec 20101.3.0.103 2011.02.19 -
TheHacker 6.7.0.1.132 2011.02.17 -
TrendMicro 9.200.0.1012 2011.02.19 -
TrendMicro-HouseCall 9.200.0.1012 2011.02.15 -
VBA32 3.12.14.3 2011.02.18 -
VIPRE 8474 2011.02.19 -
ViRobot 2011.2.19.4319 2011.02.19 -
VirusBuster 13.6.209.3 2011.02.19 -
Additional informationShow all
MD5 : 0f4e56d8b3de14e0b972a3483461147b
SHA1 : fb56d0fcad742a3c5d3d6cc63be5264c513890f7
SHA256: 1121510e2f5930e7f32318a4f42e3c7cf348ad9bc2827ca324733baab19d65e2
ssdeep: 3072:vw3LjPvmbNM9NVFF85Qurbq41r0YqsF7hDEhDuYFb5j9FhVYoZ0jaOWR334TsXBG:2HHL8
Prm41tnQDv5jvY40uOK3xXAESt
File size : 286720 bytes
First seen: 2009-10-15 01:56:34
Last seen : 2011-02-19 17:16:34
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Lexmark International, Inc.
copyright....: (C) 1993 - 2003 Lexmark International, Inc.
product......: LCNA for Windows (32 bit)
description..: BCE Client
original name: n/a
internal name: n/a
file version.: 8,10,0,0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEiD: Armadillo v1.xx - v2.xx
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x21966
timedatestamp....: 0x3E81FDD0 (Wed Mar 26 19:21:52 2003)
machinetype......: 0x14c (I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x2F311, 0x30000, 6.60, 2e8c8bd8d70c51357d66a97ba579aaba
.rdata, 0x31000, 0x56B5, 0x6000, 4.76, 0dfc6d07ef3c7d755d2c4c8a85ef093d
.data, 0x37000, 0x9294, 0x8000, 4.06, 700487379eda705bb85131cd28237cb5
.rsrc, 0x41000, 0x3E0, 0x1000, 1.03, 3cd40ce32c73a3461c2d84bbd76c267c
.reloc, 0x42000, 0x5C40, 0x6000, 4.93, 43ba919ffbc48a091d0567b28bd40f84

[[ 4 import(s) ]]
RPCRT4.dll: I_RpcGetBuffer, NdrGetBuffer, NdrClientInitializeNew, NdrComplexStructUnmarshall, RpcStringFreeA, NdrSimpleStructUnmarshall, NdrConformantArrayUnmarshall, NdrConformantStringBufferSize, NdrConformantStringMarshall, NdrConvert, NdrSimpleStructMarshall, NdrConformantArrayMarshall, NdrConformantArrayBufferSize, NdrFreeBuffer, NdrSendReceive, NdrPointerMarshall, NdrFullPointerXlatFree, NdrPointerBufferSize, NdrFullPointerXlatInit, RpcBindingFree, RpcBindingFromStringBindingA, RpcStringBindingComposeA, NdrPointerFree, NdrServerInitializeNew, RpcRaiseException
KERNEL32.dll: ReadFile, SetStdHandle, IsBadCodePtr, FreeLibrary, GetVersionExA, CreateEventA, CloseHandle, WaitForSingleObject, TerminateThread, SetEvent, CreateMutexA, ReleaseMutex, Sleep, OpenSemaphoreA, CreateProcessA, GetModuleFileNameA, LoadLibraryA, GetSystemDirectoryA, GetCurrentThreadId, SetLastError, IsBadWritePtr, GetComputerNameA, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, DisableThreadLibraryCalls, GetProcAddress, GetLastError, MultiByteToWideChar, GetLocalTime, GetTickCount, GetWindowsDirectoryA, WriteFile, SetFilePointer, CreateFileA, GetCurrentProcessId, LocalFree, FormatMessageA, SetEnvironmentVariableA, GetLocaleInfoW, GetCommandLineA, GetVersion, GetStringTypeW, GetStringTypeA, IsBadReadPtr, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, IsValidLocale, GetEnvironmentStringsW, IsValidCodePage, FreeEnvironmentStringsW, FreeEnvironmentStringsA, GetEnvironmentStrings, GetFileType, GetStdHandle, GetStartupInfoA, FlushFileBuffers, GetOEMCP, SetHandleCount, VirtualAlloc, VirtualFree, GetACP, HeapDestroy, GetEnvironmentVariableA, HeapCreate, SetUnhandledExceptionFilter, SetEndOfFile, InterlockedExchange, InterlockedDecrement, InterlockedIncrement, WideCharToMultiByte, RtlUnwind, ResumeThread, CreateThread, TlsSetValue, ExitThread, GetTimeZoneInformation, GetSystemTime, RaiseException, HeapFree, HeapAlloc, UnhandledExceptionFilter, GetModuleHandleA, HeapReAlloc, ExitProcess, LCMapStringA, LCMapStringW, GetCPInfo, CompareStringA, CompareStringW, TerminateProcess, GetCurrentProcess, HeapSize, TlsAlloc, TlsFree, TlsGetValue
USER32.dll: PostMessageA
ADVAPI32.dll: SetSecurityDescriptorOwner, InitializeAcl, GetNamedSecurityInfoA, RegSetValueExA, RegCreateKeyExA, RegEnumKeyExA, RegSetKeySecurity, FreeSid, AllocateAndInitializeSid, SetSecurityDescriptorDacl, AddAccessAllowedAce, GetAce, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, OpenSCManagerA, OpenServiceA, CloseServiceHandle, StartServiceA, InitializeSecurityDescriptor

[[ 38 export(s) ]]
BceCaptureAlerts, BceCaptureAlertsEx, BceClose, BceEndDoc, BceEnumByUNC, BceEnumPrinters, BceEnumSpecificPort, BceFlushMWOBuffer, BceGetCache, BceGetDeviceIDString, BceGetDeviceIDStringEx, BceGetPrtInfo, BceOpen, BcePing, BcePrepareLcnaForUninstall, BceQueryAlerts, BceQueryPortType, BceQueryPrintBuffer, BceQueryPrinterStatus, BceReceiveShutdownNotification, BceRegisterApp, BceRegisterWithRpcServer, BceReleaseAlerts, BceRetrieveData, BceSendBidi, BceSetEndOfJobMode, BceSetJobCancelMode, BceSetJobControlMode, BceStartDoc, BceStartRpcServer, BceStartTrace, BceStopTrace, BceStoreData, BceUninstallLCS, BceUnregisterApp, BceWrite, BceWriteOverlapped, BceWriteUNI

ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 196608
CompanyName: Lexmark International, Inc.
EntryPoint: 0x21966
FileDescription: BCE Client
FileFlagsMask: 0x003f
FileOS: Unknown (0)
FileSize: 280 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 8,10,0,0
FileVersionNumber: 8.0.0.0
ImageVersion: 0.0
InitializedDataSize: 94208
LanguageCode: English (U.S.)
LegalCopyright: (C) 1993 - 2003 Lexmark International, Inc.
LegalTrademarks: Lexmark is a registered trademark of Lexmark International, Inc.
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Unknown
PEType: PE32
ProductName: LCNA for Windows (32 bit)
ProductVersion: 8,10,0,0
ProductVersionNumber: 8.0.0.0
SpecialBuild:
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2003:03:26 20:21:52+01:00
UninitializedDataSize: 0

Symantec reputation:Suspicious.Insight

VT Community

cordialement

Utilisateur anonyme
19 févr. 2011 à 20:46

Je t'ai demandé les liens de ces pages....

Réponse 4 / 11

erduche
19 févr. 2011 à 21:07

re

Désolé , j'ai mal compris :

voici donc:

-http://www.virustotal.com/file-scan/report.html?id=e9359c8d35693484a2fa1e3319c72d5fee50ed7ab7a97f04d13e4abd8ed7883f-1298145015
-http://www.virustotal.com/file-scan/report.html?id=140cf8321a73906fc62933bf25f11a91b8a323972a4f7768730d510597a2b9c2-1298145516
-http://www.virustotal.com/file-scan/report.html?id=1121510e2f5930e7f32318a4f42e3c7cf348ad9bc2827ca324733baab19d65e2-1298145838
-http://www.virustotal.com/file-scan/report.html?id=73695d0100930b1fa1b3d85f5d7cd7963525a4fa0b0162d26dc93b2f47820355-1298145860

voila!

merci encore

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 11

Utilisateur anonyme
19 févr. 2011 à 22:04

Re

Il manque 2 rapports.

@+

erduche
20 févr. 2011 à 10:01

Bonjour,

Je n'ai pas trouvé ces 2 derniers fichiers
pour
c:\program files\Lexmark Z700-P700 Series il a encore deux fichiers après quand je veux l'ouvrir
pour
c:\windows\system32\drivers\jsmrbe.sys , il n'y a pas ce dernier: jsmrbe.sys

Voilà

Réponse 6 / 11

Utilisateur anonyme
Modifié par Guillaume5188 le 20/02/2011 à 10:07

Bonjour

Ce n'est pas grave.

Pour vérification:
Télécharge TDSSKiller

* Créez un nouveau dossier sur votre bureau puis décompressez l'archive dedans
* Lancez le programme en cliquant sur TDSSKiller.exe, l'analyse se fait automatiquement, si l'infection est détectée, des éléments cachés (= hidden) seront alors affichés.

Cochez les et cliquez sur "Delete/Repair Selected".

* Un message peut ensuite apparaitre demandant de redémarrer le pc (reboot)pour finir le nettoyage. taper "Y" pour redémarrer le PC ("close all programs and choose Y to restart").

Poste moi son rapport à l'issue; merci

ensuite fait ceci

@+
---------Contributeur Sécurité---------
On a tous été un jour débutant dans quelque chose.
Mais le savoir est la récompense de l'assiduité.

erduche
20 févr. 2011 à 10:44

Re,

Je n'ai pas de rapport , ca n'a pas trouvé d'infection

Cordialement

Utilisateur anonyme
20 févr. 2011 à 10:50

Re

Passe à la suite;un rapport ZHPDiag;merci

erduche
20 févr. 2011 à 16:48

re,

voilà le rapport:

Rapport de ZHPDiag v1.27.1608 par Nicolas Coolman, Update du 17/02/2011
Run by utilisateur at 21/02/2011 4:48:05 PM
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Contact : nicolascoolman@yahoo.fr

---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.18702 (Defaut)
GCIE: Google Chrome

---\\ System Information
Windows XP Home Edition Service Pack 3 (Build 2600)
Processor: x86 Family 17 Model 3 Stepping 1, AuthenticAMD
Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1788.8 MB (73% free)
System Restore: Activé (Enable)
System drive C: has 18 GB (24%) free of 75 GB

---\\ Logged in mode
Computer Name: HP
User Name: utilisateur
All Users Names: utilisateur, SUPPORT_388945a0, HelpAssistant, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=C:\Documents and Settings\utilisateur\Application Data
%LocalAppData%=C:\Documents and Settings\utilisateur\Local Settings\Application Data
%StartMenu%=C:\Documents and Settings\utilisateur\Menu Démarrer

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 18 Go of 75 Go)
D:\ CD-ROM drive (Not Inserted)

---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK

---\\ Recherche particulière de fichiers génériques
[MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 12:34:03 PM.) -- C:\Windows\Explorer.exe [1037824]
[MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 12:34:28 PM.) -- C:\Windows\System32\Winlogon.exe [512000]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.14/04/2008 4:40:30 AM.) -- C:\Windows\System32\drivers\atapi.sys [96512]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/04/2008 5:15:53 AM.) -- C:\Windows\System32\drivers\ntfs.sys [574976]

---\\ Processus lancés
[MD5.391D87ADE92AC443EC68B030A01D6BF8] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [561152]
[MD5.25FB74EABCE5EC7836BA3CFB3C58449A] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [40384]
[MD5.BFADBB0B68E566F6F46B856557A68EC1] - (.Lexmark International, Inc. - LexBce Service.) -- C:\WINDOWS\system32\LEXBCES.EXE [307200]
[MD5.B0360B57F7A0EADEEA84961197C721FF] - (.Lexmark International, Inc. - LEXPPS.EXE.) -- C:\WINDOWS\system32\LEXPPS.EXE [174592]
[MD5.8ED60797908FD394EEE0D6949F493224] - (.Agere Systems - Agere Soft Modem Call Progress Service.) -- C:\WINDOWS\system32\agrsmsvc.exe [12800]
[MD5.E3326F9E91CC32794D95164472754B43] - (.Broadcom Corporation. - Bluetooth Support Server.) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe [258103]
[MD5.112325F53AB720CA77825726D427FBDC] - (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) -- C:\Program Files\Java\jre6\bin\jqs.exe [153376]
[MD5.31307484AA9179153563031138286549] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\mc76412.exe [172956]
[MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53472]
[MD5.831FB892A5A5F28BB69DE0AB77FA7281] - (.Adobe Systems Incorporated - Adobe Photoshop Album Starter Edition 3.2 c.) -- C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [63712]
[MD5.7B878518590E826F1F3A5B1D61D405F8] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe [3396624]
[MD5.76E6598EEFE702DF779C41FA369B5521] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [630784]

---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
P2 - FPN: [HKLM] [@adobe.com/ShockwavePlayer] - (.Adobe Systems, Inc. - Adobe Shockwave for Director Netscape plug-in, version 11.5.) -- C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.51204.0.) -- c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=14.0.8081.0709] - (.Microsoft Corporation - NPWLPG.) -- C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
P2 - FPN: [HKLM] [@real.com/npracplug;version=1.0.0.0] - (.RealNetworks - Allows browsing on RealArcade sites with Mozilla browsers..) -- C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
P2 - FPN: [HKLM] [@zylom.com/ZylomGamesPlayer] - (.Zylom - Zylom Plugin.) -- C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
P2 - FPN: [HKCU] [@talk.google.com/GoogleTalkPlugin] - (.Google - Version 1.9.2.0.) -- C:\Documents and Settings\utilisateur\Application Data\Mozilla\plugins\npgoogletalk.dll
P2 - FPN: [HKCU] [@talk.google.com/O3DPlugin] - (.Pas de propriétaire - Google Talk Plugin Video Accelerator version:0.1.43.5.) -- C:\Documents and Settings\utilisateur\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
P2 - FPN: [HKCU] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Documents and Settings\utilisateur\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
P2 - FPN: [HKCU] [pandonetworks.com/PandoWebPlugin] - (.Pando Networks - Pando Web Plugin.) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
G0 - GCSP: Preference [User Data\Default][HomePage] https://www.google.com/?gws_rd=ssl

---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R0 - HKUS\S-1-5-21-1454471165-839522115-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.bing.com/?toHttps=1&redig=17DBE7D168544FA98200E890A8051984
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R1 - HKUS\S-1-5-21-1454471165-839522115-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (8.00.6001.19019 (longhorn_ie8_gdr.101217-1700)) -- C:\WINDOWS\system32\ieframe.dll
R3 - URLSearchHook: GeoMundos Toolbar - {b147115e-a9d5-4c3e-8d97-0ee812b6638b} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.2.4) -- C:\Program Files\GeoMundos\tbGeo2.dll
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2

---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} . (.Microsoft Corporation - Windows Live Toolbar Core.) -- C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: GeoMundos Toolbar - {b147115e-a9d5-4c3e-8d97-0ee812b6638b} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\GeoMundos\tbGeo2.dll

---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Adobe Photo Downloader] . (.Adobe Systems Incorporated - Adobe Photoshop Album Starter Edition 3.2 c.) -- C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1454471165-839522115-725345543-1004\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe

---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Photoshop Album Edition Découverte 3.2.lnk . (.Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\Photoshop Album Starter Edition.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 9.lnk . (.Pas de propriétaire.) -- C:\WINDOWS\Installer\{AC76BA86-7AD7-1036-7B44-A93000000001}\SC_Reader.ico
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Avanquest PerfectImage 11.lnk . (.Pas de propriétaire.) -- C:\Program Files\Avanquest\PerfectImage 11 Version d'Evaluation\Program\launcher.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Messenger\msmsgs.exe
O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe
O4 - Global Startup: C:\Documents And Settings\utilisateur\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe
O4 - Global Startup: C:\Documents And Settings\utilisateur\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Documents And Settings\utilisateur\Menu Démarrer\Programmes\Lecteur Windows Media.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Documents And Settings\utilisateur\Menu Démarrer\Programmes\Outlook Express.lnk . (.Microsoft Corporation.) -- C:\Program Files\Outlook Express\msimn.exe

---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MI1933~1\Office12\EXCEL.exe
O8 - Extra context menu item: Envoyer à &Bluetooth . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
O9 - Extra button: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Skype add-on for Internet Explorer - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MI1933~1\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MI1933~1\Office12\REFBARH.ICO
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Program Files\Messenger\msmsgs.exe

---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\WINDOWS\system32\winrnr.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\WINDOWS\system32\mswsock.dll

---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://srv06.admin.over-blog.com/fdata/iu/ImageUploader5.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{07DC0308-DADE-4310-935E-5361C10F77F4}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{07DC0308-DADE-4310-935E-5361C10F77F4}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

---\\ Protocole additionnel et piratage de protocole (O18)
O18 - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: AtiExtEvent . (.ATI Technologies Inc. - ATI External Event Utility DLL Module.) -- C:\Windows\System32\Ati2evxx.dll
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\Windows\System32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\Windows\System32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agent réseau hors connexion.) -- C:\Windows\System32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\System32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL secondaire de notification de service d.) -- C:\Windows\System32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL commune de réception des notifications.) -- C:\Windows\System32\wlnotify.dll

---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} . (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Web Site Monitor.) -- C:\WINDOWS\system32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} . (.Microsoft Corporation - Objet du service d'environnement Systray.) -- C:\WINDOWS\system32\stobject.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} . (.Microsoft Corporation - Windows Portable Device Shell Service Objec.) -- C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Moniteur et dossier UPNP Tray.) -- C:\WINDOWS\system32\upnpui.dll

---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\WINDOWS\system32\browseui.dll

---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (AgereModemAudio) . (.Agere Systems - Agere Soft Modem Call Progress Service.) - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: (Ati HotKey Poller) . (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: (btwdins) . (.Broadcom Corporation. - Bluetooth Support Server.) - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: (Com4QLBEx) . (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: (dmadmin) . (.Microsoft Corp., Veritas Software - Processus du service Gestionnaire de disque.) - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: (hpqwmiex) . (.Hewlett-Packard Development Company, L.P. - hpqwmiex Module.) - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: (JavaQuickStarterService) . (.Sun Microsystems, Inc. - Java(TM) Quick Starter Service.) - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: (LexBceS) . (.Lexmark International, Inc. - LexBce Service.) - C:\WINDOWS\system32\LEXBCES.exe
O23 - Service: (MemChecker) . (.Pas de propriétaire - Pas de description.) - C:\WINDOWS\mc76412.exe
O23 - Service: (npggsvc) . (.INCA Internet Co., Ltd. - nProtect Game Monitor Rev 1531.) - C:\WINDOWS\system32\GameMon.des
O23 - Service: (TermService) - Clé orpheline

---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(.Microsoft Corporation - Microsoft Office Word.) - C:\Program Files\Microsoft Office\Office12\WINWORD.exe

---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-839522115-725345543-1004Core.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-839522115-725345543-1004UA.job
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\User_Feed_Synchronization-{9BA81DC4-E57C-4C1D-8DBB-640A74D8153D}.job

---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\WINDOWS\system32\drivers\afd.sys
O41 - Driver: (Cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (Imapi) . (.Microsoft Corporation - IMAPI Kernel Driver.) - C:\Windows\System32\DRIVERS\imapi.sys
O41 - Driver: (IPSec) . (.Microsoft Corporation - IPSec Driver.) - C:\Windows\System32\DRIVERS\ipsec.sys
O41 - Driver: (Kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (kbdhid) . (.Microsoft Corporation - Pilote de filtre souris HID.) - C:\Windows\System32\DRIVERS\kbdhid.sys
O41 - Driver: (Mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (MRxSmb) . (.Microsoft Corporation - Windows NT SMB Minirdr.) - C:\Windows\System32\DRIVERS\mrxsmb.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (Processor) . (.Microsoft Corporation - Pilote de périphérique processeur.) - C:\Windows\System32\DRIVERS\processr.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (Rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (redbook) . (.Microsoft Corporation - Pilote de filtre audio Livre rouge.) - C:\Windows\System32\DRIVERS\redbook.sys
O41 - Driver: (Tcpip) . (.Microsoft Corporation - TCP/IP Protocol Driver.) - C:\Windows\System32\DRIVERS\tcpip.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (UimBus) . (.Windows (R) 2000 DDK provider - Image Mounter SCSI Port Driver.) - C:\Windows\System32\DRIVERS\UimBus.sys
O41 - Driver: (Uim_IM) . (.Paragon - Image Mounter.) - C:\Windows\System32\Drivers\Uim_IM.sys
O41 - Driver: Carte vidéo VGA. (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\WINDOWS\system32\drivers\vga.sys
O41 - Driver: (WmiAcpi) . (.Microsoft Corporation - Windows Management Interface for ACPI.) - C:\Windows\System32\DRIVERS\wmiacpi.sys

---\\ Logiciels installés (O42)
O42 - Logiciel: ATI Catalyst Control Center - (.Pas de propriétaire.) [HKLM] -- {055EE59D-217B-43A7-ABFF-507B966405D8}
O42 - Logiciel: ATI Display Driver - (.Pas de propriétaire.) [HKLM] -- ATI Display Driver
O42 - Logiciel: AVS Update Manager 1.0 - (.Online Media Technologies Ltd..) [HKLM] -- AVS Update Manager_is1
O42 - Logiciel: AVS Video Editor 4 - (.Online Media Technologies Ltd..) [HKLM] -- AVS Video Editor 4_is1
O42 - Logiciel: AVS Video Recorder 2.4 - (.Online Media Technologies Ltd..) [HKLM] -- AVS Video Recorder_is1
O42 - Logiciel: AVS YouTube Uploader version 2.1 - (.Online Media Technologies Ltd..) [HKLM] -- AVS YouTube Uploader 2.1_is1
O42 - Logiciel: AVS4YOU Software Navigator 1.4 - (.Online Media Technologies Ltd..) [HKLM] -- AVS4YOU Software Navigator_is1
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe InDesign CS - (.Adobe Systems Incorporated.) [HKLM] -- {416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}
O42 - Logiciel: Adobe Reader 9.3 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A93000000001}
O42 - Logiciel: Adobe Shockwave Player 11.5 - (.Adobe Systems, Inc..) [HKLM] -- Adobe Shockwave Player
O42 - Logiciel: Adobe® Photoshop® Album Edition Découverte 3.2 - (.http://www.adobe.fr.) [HKLM] -- Adobe® Photoshop® Album Edition Découverte 3.2
O42 - Logiciel: Agere Systems HDA Modem - (.Agere Systems.) [HKLM] -- Agere Systems Soft Modem
O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
O42 - Logiciel: Avanquest PerfectImage 11 Version d'Evaluation - (.Avanquest Software.) [HKLM] -- {4CFA89B7-33A5-4DA9-841D-93A42CF6172B}
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: Carte réseau local sans fil 802.11 Broadcom - (.Broadcom Corporation.) [HKLM] -- Broadcom 802.11b Network Adapter
O42 - Logiciel: Catalyst Control Center - Branding - (.ATI.) [HKLM] -- {C349C10C-1474-4000-9073-9299856C8A70}
O42 - Logiciel: FL Studio 5 - (.Image-Line bvba.) [HKLM] -- FL Studio 5
O42 - Logiciel: GIMP 2.6.10 - (.The GIMP Team.) [HKLM] -- GIMP-2_is1
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM] -- {B131E59D-202C-43C6-84C9-68F0C37541F1}
O42 - Logiciel: GeoMundos Toolbar - (.Pas de propriétaire.) [HKLM] -- GeoMundos Toolbar
O42 - Logiciel: Google Earth - (.Google.) [HKLM] -- {1E04F83B-2AB9-4301-9EF7-E86307F79C72}
O42 - Logiciel: Google Talk Plugin - (.Google.) [HKLM] -- {005F78AF-110D-398A-8430-BE98950A1E22}
O42 - Logiciel: HP 3D DriveGuard - (.Hewlett-Packard.) [HKLM] -- {A70B15A5-AABC-41D0-A2AC-678BED567894}
O42 - Logiciel: HP Integrated Module with Bluetooth wireless technology - (.HP.) [HKLM] -- {3F4EC965-28EF-45C3-B063-04B25D4E9679}
O42 - Logiciel: HP MULTIPLE MODEM INSTALLER for VISTA - (.Hewlett Packard Company.) [HKLM] -- {9F238A60-C445-4B81-8EDE-07DC924E98F8}
O42 - Logiciel: HP Quick Launch Buttons 6.40 F1 - (.Hewlett-Packard.) [HKLM] -- {34D2AB40-150D-475D-AE32-BD23FB5EE355}
O42 - Logiciel: HP Webcam - (.Sonix.) [HKLM] -- {399C37FB-08AF-493B-BFED-20FBD85EDF7F}
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
O42 - Logiciel: Hotfix for Windows XP (KB954550-v5) - (.Microsoft Corporation.) [HKLM] -- KB954550-v5
O42 - Logiciel: Hotfix for Windows XP (KB976002-v5) - (.Microsoft Corporation.) [HKLM] -- KB976002-v5
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {46ABBC54-1872-4AA3-95E2-F2C063A63F31}
O42 - Logiciel: Java(TM) 6 Update 15 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216015FF}
O42 - Logiciel: Java(TM) 6 Update 4 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160040}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM] -- {E2DFE069-083E-4631-9B6C-43C48E991DE5}
O42 - Logiciel: K-Lite Mega Codec Pack 5.1.0 - (.Pas de propriétaire.) [HKLM] -- KLiteCodecPack_is1
O42 - Logiciel: Lexmark Z700-P700 Series - (.Pas de propriétaire.) [HKLM] -- Lexmark Z700-P700 Series
O42 - Logiciel: MSN - (.Pas de propriétaire.) [HKLM] -- MSNINST
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: MadOnion.com/3DMark2001 SE - (.Pas de propriétaire.) [HKLM] -- {91B323B5-A79C-4D23-BD6D-046C565F9BCF}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Marvell Miniport Driver - (.Marvell.) [HKLM] -- Marvell Miniport Driver
O42 - Logiciel: Media Player Classic fr - (.Pas de propriétaire.) [HKLM] -- Media Player Classic
O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
O42 - Logiciel: Microsoft .NET Framework 3.0 Service Pack 2 - (.Microsoft Corporation.) [HKLM] -- {A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
O42 - Logiciel: Microsoft Internationalized Domain Names Mitigation APIs - (.Microsoft Corporation.) [HKLM] -- IDNMitigationAPIs
O42 - Logiciel: Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 - (.Microsoft Corporation.) [HKLM] -- Wdf01005
O42 - Logiciel: Microsoft National Language Support Downlevel APIs - (.Microsoft Corporation.) [HKLM] -- NLSDownlevelMapping
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}_SMALLBUSINESS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}_SMALLBUSINESS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}_SMALLBUSINESS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}_SMALLBUSINESS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}_SMALLBUSINESS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}_SMALLBUSINESS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}_SMALLBUSINESS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}_SMALLBUSINESS_{A0516415-ED61-419A-981D-93596DA74165}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESS_{F580DDD5-8D37-4998-968E-EBB76BB86787}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}_SMALLBUSINESS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Small Business 2007 - (.Microsoft Corporation.) [HKLM] -- SMALLBUSINESS
O42 - Logiciel: Microsoft Office Small Business 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
O42 - Logiciel: Microsoft Search Enhancement Pack - (.Microsoft Corporation.) [HKLM] -- {4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Sync Framework Runtime Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM] -- {8A74E887-8F0F-4017-AF53-CBA42211AAA5}
O42 - Logiciel: Microsoft Sync Framework Services Native v1.0 (x86) - (.Microsoft Corporation.) [HKLM] -- {BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {7299052b-02a4-4627-81f2-1818da5d550d}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Nero 6 - (.Pas de propriétaire.) [HKLM] -- Nero - Burning Rom!UninstallKey
O42 - Logiciel: OpenAL - (.Pas de propriétaire.) [HKLM] -- OpenAL
O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
O42 - Logiciel: Pando Media Booster - (.Pando Networks Inc..) [HKLM] -- {980A182F-E0A2-4A40-94C1-AE0C1235902E}
O42 - Logiciel: SA304x Device Manager - (.Philips.) [HKLM] -- {0590BB91-B280-4BAB-95D7-D6558117D27C}
O42 - Logiciel: SA304x Media Converter - (.Philips.) [HKLM] -- {1E06D48E-5448-4BCC-9F87-9FB4EBD59898}
O42 - Logiciel: SCR3xxx Smart Card Reader - (.SCM Microsystems.) [HKLM] -- {9A154D6D-13D6-4CA1-BB3A-E792C18DACBF}
O42 - Logiciel: SMPlayer 0.6.0rc2 - (.RVM.) [HKLM] -- SMPlayer_is1
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288621) - (.Microsoft.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{5C497F0B-2061-4CC9-A61C-6B45B867354D}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288931) - (.Microsoft.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{CD769337-C8AC-46DB-A7DC-643E50089263}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2289158) - (.Microsoft.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{210B16C0-CEBD-4DE9-B474-04A7E8735E16}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2344875) - (.Microsoft.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2345043) - (.Microsoft.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{536FB502-775F-4494-BACE-C02CC90B7A5B}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{7F207DCA-3399-40CB-A968-6E5991B1421A}
O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB2345035) - (.Microsoft.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{B23002DD-34EC-4988-B810-A5E2A0BF04F1}
O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB982158) - (.Microsoft.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint Viewer (KB2413381) - (.Microsoft.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{3DED0A62-44C8-4E00-A785-5212F297A9D9}
O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB2284697) - (.Microsoft.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{3A4CDE54-2403-483D-8D9A-15E3264410DF}
O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB2344993) - (.Microsoft.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{3D019598-7B59-447A-80AE-815B703B84FF}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
O42 - Logiciel: Segoe UI - (.Microsoft Corp.) [HKLM] -- {A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
O42 - Logiciel: Skype Toolbars - (.Skype Technologies S.A..) [HKLM] -- {981029E0-7FC9-4CF3-AB39-6F133621921A}
O42 - Logiciel: Skype(TM) 4.2 - (.Skype Technologies S.A..) [HKLM] -- {D103C4BA-F905-437A-8049-DB24763BBE36}
O42 - Logiciel: SoundMAX - (.Analog Devices.) [HKLM] -- {F0A37341-D692-11D4-A984-009027EC0A9C}
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics.) [HKLM] -- SynTPDeinstKey
O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
O42 - Logiciel: Update for Microsoft Office Outlook 2007 (KB2412171) - (.Microsoft.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{752A0B7C-BD24-4362-AC86-AB63FEE6F46F}
O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (KB2492475) - (.Microsoft.) [HKLM] -- {90120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESS_{AB9C3240-8F97-4998-8911-3D40044124FC}
O42 - Logiciel: VLC media player 1.0.1 - (.VideoLAN Team.) [HKLM] -- VLC media player
O42 - Logiciel: Windows Genuine Advantage Validation Tool (KB892130) - (.Microsoft Corporation.) [HKLM] -- KB892130
O42 - Logiciel: Windows Internet Explorer 7 - (.Microsoft Corporation.) [HKLM] -- ie7
O42 - Logiciel: Windows Internet Explorer 8 - (.Microsoft Corporation.) [HKLM] -- ie8
O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3B4E636E-9D65-4D67-BA61-189800823F52}
O42 - Logiciel: Windows Live FolderShare - (.Microsoft Corporation.) [HKLM] -- {2075CB0A-D26F-4DAA-B424-5079296B43BA}
O42 - Logiciel: Windows Live Mail - (.Microsoft Corporation.) [HKLM] -- {5DD76286-9BE7-4894-A990-E905E91AC818}
O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {770F1BEC-2871-4E70-B837-FB8525FFA3B1}
O42 - Logiciel: Windows Live Toolbar - (.Microsoft Corporation.) [HKLM] -- {F7D27C70-90F5-49B9-B188-0A133C0CE353}
O42 - Logiciel: Windows Live Writer - (.Microsoft Corporation.) [HKLM] -- {4634B21A-CC07-4396-890C-2B8168661FEA}
O42 - Logiciel: Windows Media Format 11 runtime - (.Microsoft Corporation.) [HKLM] -- WMFDist11
O42 - Logiciel: Windows Media Format 11 runtime - (.Pas de propriétaire.) [HKLM] -- Windows Media Format Runtime
O42 - Logiciel: Windows PowerShell(TM) 1.0 - (.Microsoft Corporation.) [HKLM] -- KB926139-v2
O42 - Logiciel: Windows XP Service Pack 3 - (.Microsoft Corporation.) [HKLM] -- Windows XP Service
O42 - Logiciel: Xilisoft MP4 Converter - (.Xilisoft.) [HKLM] -- Xilisoft MP4 Converter
O42 - Logiciel: avast! Free Antivirus - (.Alwil Software.) [HKLM] -- avast5

---\\ HKCU & HKLM Software Keys
[HKCU\Software\6C2F3F40]
[HKCU\Software\ALWIL Software]
[HKCU\Software\ATI Technologies Inc.]
[HKCU\Software\ATI]
[HKCU\Software\ATO]
[HKCU\Software\AVS4YOU]
[HKCU\Software\Adobe]
[HKCU\Software\Ahead]
[HKCU\Software\Analog Devices]
[HKCU\Software\AppDataLow\Software\Macromedia]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Aurigma]
[HKCU\Software\Bugsplat]
[HKCU\Software\ClassesB]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\Conduit]
[HKCU\Software\Cyberlink]
[HKCU\Software\DivXNetworks]
[HKCU\Software\Enterbrain]
[HKCU\Software\GNU]
[HKCU\Software\GSpot Appliance Corp]
[HKCU\Software\Gabest]
[HKCU\Software\Game Maker]
[HKCU\Software\GeoMundos]
[HKCU\Software\Google]
[HKCU\Software\Haali]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\IM Providers]
[HKCU\Software\INCAInternet]
[HKCU\Software\Image-Line]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\Lake]
[HKCU\Software\Leadertech]
[HKCU\Software\Macromedia]
[HKCU\Software\MadOnion.com]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MediaInfo]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Pando Networks]
[HKCU\Software\Piriform]
[HKCU\Software\Policies]
[HKCU\Software\RPCD]
[HKCU\Software\RealNetworks]
[HKCU\Software\Safer Networking Limited]
[HKCU\Software\SecureW2]
[HKCU\Software\ShotOnline International]
[HKCU\Software\Skype]
[HKCU\Software\SoftVoice]
[HKCU\Software\Synaptics]
[HKCU\Software\Sysinternals]
[HKCU\Software\Wget]
[HKCU\Software\Widcomm]
[HKCU\Software\Xilisoft]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\Zylom]
[HKCU\Software\conduitEngine]
[HKCU\Software\http://www.ecran-de-veille.com]
[HKLM\Software\AFBARRE]
[HKLM\Software\ALWIL Software]
[HKLM\Software\ATI Technologies Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\ATI]
[HKLM\Software\AVS4YOU]
[HKLM\Software\Adobe]
[HKLM\Software\Agere]
[HKLM\Software\Ahead]
[HKLM\Software\Analog Devices]
[HKLM\Software\Andrea Electronics]
[HKLM\Software\AppDataLow]
[HKLM\Software\Avanquest]
[HKLM\Software\BcmSetup]
[HKLM\Software\Broadcom]
[HKLM\Software\BrowserChoice]
[HKLM\Software\C07ft5Y]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\Codec Tweak Tool]
[HKLM\Software\Conduit]
[HKLM\Software\CyberLink]
[HKLM\Software\GIMP_Back_Mode]
[HKLM\Software\GNU]
[HKLM\Software\Gabest]
[HKLM\Software\Gemplus]
[HKLM\Software\GeoMundos]
[HKLM\Software\Global IP Solutions]
[HKLM\Software\Google]
[HKLM\Software\HPQ]
[HKLM\Software\HP]
[HKLM\Software\HaaliMkx]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\Huawei technologies]
[HKLM\Software\InstalledOptions]
[HKLM\Software\Intel]
[HKLM\Software\InterVideo]
[HKLM\Software\JavaSoft]
[HKLM\Software\KLCodecPack]
[HKLM\Software\Kodak]
[HKLM\Software\Lake]
[HKLM\Software\Lexmark]
[HKLM\Software\Macromedia]
[HKLM\Software\MadOnion.com]
[HKLM\Software\Malwarebytes' Anti-Malware]
[HKLM\Software\Marvell]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Mozilla]
[HKLM\Software\Nero]
[HKLM\Software\ODBC]
[HKLM\Software\OldTimer Tools]
[HKLM\Software\OnNet]
[HKLM\Software\Pando Networks]
[HKLM\Software\Paragon Software]
[HKLM\Software\Philips]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Program Groups]
[HKLM\Software\Propellerhead Software]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\S3R521]
[HKLM\Software\Safer Networking Limited]
[HKLM\Software\Schlumberger]
[HKLM\Software\SecureW2]
[HKLM\Software\Secure]
[HKLM\Software\Skype]
[HKLM\Software\Sonix]
[HKLM\Software\Staccato]
[HKLM\Software\Swearware]
[HKLM\Software\Symantec]
[HKLM\Software\Synaptics]
[HKLM\Software\Trolltech]
[HKLM\Software\VCOM]
[HKLM\Software\VideoLAN]
[HKLM\Software\Widcomm]
[HKLM\Software\Windows 3.1 Migration Status]
[HKLM\Software\Xing Technology Corp.]
[HKLM\Software\conduitEngine]

---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/09/2010 - 9:36:42 PM ----D- C:\Program Files\Adobe
O43 - CFD: 19/12/2008 - 7:54:50 PM ----D- C:\Program Files\Ahead
O43 - CFD: 25/02/2010 - 7:27:54 PM ----D- C:\Program Files\Alwil Software
O43 - CFD: 19/12/2008 - 6:54:08 PM ----D- C:\Program Files\Analog Devices
O43 - CFD: 9/12/2010 - 3:51:12 PM ----D- C:\Program Files\AnglaisFacile.com
O43 - CFD: 19/12/2008 - 6:29:40 PM ----D- C:\Program Files\ATI Technologies
O43 - CFD: 19/12/2008 - 9:47:08 PM ----D- C:\Program Files\Avanquest
O43 - CFD: 12/04/2010 - 10:18:58 PM ----D- C:\Program Files\AVS4YOU
O43 - CFD: 19/12/2008 - 7:21:08 PM ----D- C:\Program Files\Broadcom
O43 - CFD: 4/02/2011 - 3:45:10 PM ----D- C:\Program Files\CCleaner
O43 - CFD: 17/11/2009 - 1:32:42 AM ----D- C:\Program Files\Common Files
O43 - CFD: 19/12/2008 - 5:50:40 PM ----D- C:\Program Files\ComPlus Applications
O43 - CFD: 15/11/2009 - 11:04:50 PM ----D- C:\Program Files\Conduit
O43 - CFD: 21/12/2010 - 8:49:04 PM ----D- C:\Program Files\ConduitEngine
O43 - CFD: 20/02/2011 - 5:23:28 PM ----D- C:\Program Files\Fichiers communs
O43 - CFD: 16/12/2010 - 6:28:38 PM ----D- C:\Program Files\GeoMundos
O43 - CFD: 9/12/2010 - 3:48:06 PM ----D- C:\Program Files\GIMP 2
O43 - CFD: 17/11/2009 - 12:43:18 AM ----D- C:\Program Files\Goa
O43 - CFD: 27/10/2009 - 11:45:52 PM ----D- C:\Program Files\Google
O43 - CFD: 19/12/2008 - 6:42:08 PM ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 15/12/2010 - 7:28:54 PM ----D- C:\Program Files\Image-Line
O43 - CFD: 18/11/2009 - 8:15:16 PM --H-D- C:\Program Files\InstallShield Installation Information
O43 - CFD: 21/02/2011 - 10:50:22 AM ----D- C:\Program Files\Internet Explorer
O43 - CFD: 19/08/2009 - 1:00:32 AM ----D- C:\Program Files\Java
O43 - CFD: 24/09/2009 - 11:59:10 PM ----D- C:\Program Files\K-Lite Codec Pack
O43 - CFD: 2/02/2011 - 9:20:50 AM ----D- C:\Program Files\Lexmark Z700-P700 Series
O43 - CFD: 19/12/2008 - 8:08:34 PM ----D- C:\Program Files\MadOnion.com
O43 - CFD: 13/02/2011 - 11:15:14 AM ----D- C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 19/12/2008 - 6:38:52 PM ----D- C:\Program Files\Marvell
O43 - CFD: 19/12/2008 - 7:51:16 PM ----D- C:\Program Files\Media Player Classic
O43 - CFD: 18/02/2009 - 5:57:02 PM ----D- C:\Program Files\Messenger
O43 - CFD: 11/11/2009 - 11:15:32 PM ----D- C:\Program Files\Microsoft
O43 - CFD: 19/12/2008 - 5:54:12 PM ----D- C:\Program Files\microsoft frontpage
O43 - CFD: 11/12/2009 - 10:15:04 AM ----D- C:\Program Files\Microsoft Office
O43 - CFD: 21/02/2011 - 4:44:14 PM ----D- C:\Program Files\Microsoft Silverlight
O43 - CFD: 11/11/2009 - 11:17:14 PM ----D- C:\Program Files\Microsoft SQL Server Compact Edition
O43 - CFD: 11/11/2009 - 11:18:10 PM ----D- C:\Program Files\Microsoft Sync Framework
O43 - CFD: 11/12/2009 - 10:14:54 AM ----D- C:\Program Files\Microsoft Visual Studio
O43 - CFD: 13/01/2010 - 5:55:06 PM ----D- C:\Program Files\Microsoft Works
O43 - CFD: 11/12/2009 - 10:13:46 AM ----D- C:\Program Files\Microsoft.NET
O43 - CFD: 16/08/2010 - 3:46:50 PM ----D- C:\Program Files\Movie Maker
O43 - CFD: 13/01/2011 - 8:56:30 PM ----D- C:\Program Files\Mozilla Firefox
O43 - CFD: 21/08/2009 - 9:56:40 PM ----D- C:\Program Files\MSBuild
O43 - CFD: 31/07/2009 - 8:50:08 PM ----D- C:\Program Files\MSN
O43 - CFD: 19/12/2008 - 5:49:52 PM ----D- C:\Program Files\MSN Gaming Zone
O43 - CFD: 19/05/2010 - 4:45:38 PM ----D- C:\Program Files\MSXML 4.0
O43 - CFD: 18/02/2009 - 5:53:10 PM ----D- C:\Program Files\NetMeeting
O43 - CFD: 19/12/2008 - 5:50:00 PM ----D- C:\Program Files\Online Services
O43 - CFD: 5/05/2009 - 4:25:58 AM ----D- C:\Program Files\OpenAL
O43 - CFD: 28/02/2010 - 6:49:52 PM ----D- C:\Program Files\OpenOffice.org 2.4
O43 - CFD: 16/01/2010 - 3:55:14 PM ----D- C:\Program Files\Optus Wireless Broadband
O43 - CFD: 21/02/2011 - 10:47:54 AM ----D- C:\Program Files\Outlook Express
O43 - CFD: 17/05/2010 - 4:51:38 PM ----D- C:\Program Files\Pando Networks
O43 - CFD: 22/09/2009 - 2:22:30 AM ----D- C:\Program Files\Philips
O43 - CFD: 7/11/2009 - 12:24:52 AM ----D- C:\Program Files\Real
O43 - CFD: 21/08/2009 - 9:56:30 PM ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 19/12/2008 - 6:41:26 PM ----D- C:\Program Files\SCM Microsystems
O43 - CFD: 13/12/2009 - 11:38:46 AM ----D- C:\Program Files\SecureW2
O43 - CFD: 19/12/2008 - 5:52:34 PM ----D- C:\Program Files\Services en ligne
O43 - CFD: 6/05/2010 - 10:55:34 AM R---D- C:\Program Files\Skype
O43 - CFD: 19/12/2008 - 7:51:50 PM ----D- C:\Program Files\SMPlayer
O43 - CFD: 19/02/2011 - 8:03:32 PM ----D- C:\Program Files\Spybot - Search & Destroy
O43 - CFD: 19/12/2008 - 7:02:30 PM ----D- C:\Program Files\Synaptics
O43 - CFD: 19/12/2008 - 5:59:40 PM --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 21/04/2009 - 5:14:08 AM ----D- C:\Program Files\VideoLAN
O43 - CFD: 19/10/2010 - 9:57:58 PM ----D- C:\Program Files\VstPlugins
O43 - CFD: 19/12/2008 - 6:34:40 PM ----D- C:\Program Files\WIDCOMM
O43 - CFD: 11/11/2009 - 11:18:30 PM ----D- C:\Program Files\Windows Live
O43 - CFD: 31/07/2009 - 8:38:52 PM ----D- C:\Program Files\Windows Live SkyDrive
O43 - CFD: 12/04/2010 - 10:17:20 PM ----D- C:\Program Files\Windows Media Player
O43 - CFD: 18/02/2009 - 5:53:08 PM ----D- C:\Program Files\Windows NT
O43 - CFD: 19/12/2008 - 5:52:38 PM --H-D- C:\Program Files\WindowsUpdate
O43 - CFD: 21/12/2010 - 8:50:18 PM ----D- C:\Program Files\xerox
O43 - CFD: 24/09/2009 - 5:29:00 AM ----D- C:\Program Files\Xilisoft
O43 - CFD: 21/02/2011 - 4:48:18 PM ----D- C:\Program Files\ZHPDiag
O43 - CFD: 17/11/2009 - 1:32:42 AM ----D- C:\Program Files\Common Files\INCA Shared
O43 - CFD: 20/02/2011 - 5:24:48 PM ----D- C:\Documents and Settings\utilisateur\Application Data\Adobe
O43 - CFD: 30/07/2009 - 3:22:30 AM ----D- C:\Documents and Settings\utilisateur\Application Data\AdobeUM
O43 - CFD: 19/12/2008 - 7:24:46 PM ----D- C:\Documents and Settings\utilisateur\Application Data\ATI
O43 - CFD: 12/04/2010 - 10:19:18 PM ----D- C:\Documents and Settings\utilisateur\Application Data\AVS4YOU
O43 - CFD: 22/09/2009 - 6:17:00 AM ----D- C:\Documents and Settings\utilisateur\Application Data\CyberLink
O43 - CFD: 4/02/2011 - 12:14:42 PM ----D- C:\Documents and Settings\utilisateur\Application Data\dvdcss
O43 - CFD: 5/02/2011 - 12:14:30 PM ----D- C:\Documents and Settings\utilisateur\Application Data\ElevatedDiagnostics
O43 - CFD: 19/12/2008 - 8:05:46 PM ----D- C:\Documents and Settings\utilisateur\Application Data\Google
O43 - CFD: 6/10/2010 - 9:36:52 PM ----D- C:\Documents and Settings\utilisateur\Application Data\gtk-2.0
O43 - CFD: 5/02/2011 - 3:10:22 PM ----D- C:\Documents and Settings\utilisateur\Application Data\Help
O43 - CFD: 19/12/2008 - 7:42:58 PM ----D- C:\Documents and Settings\utilisateur\Application Data\Hewlett Packard Company
O43 - CFD: 14/11/2009 - 11:41:10 PM ----D- C:\Documents and Settings\utilisateur\Application Data\Identities
O43 - CFD: 19/12/2008 - 6:35:40 PM ----D- C:\Documents and Settings\utilisateur\Application Data\InstallShield
O43 - CFD: 4/08/2009 - 6:25:58 PM ----D- C:\Documents and Settings\utilisateur\Application Data\Leadertech
O43 - CFD: 19/12/2008 - 8:04:48 PM ----D- C:\Documents and Settings\utilisateur\Application Data\Macromedia
O43 - CFD: 4/08/2009 - 5:46:52 PM ----D- C:\Documents and Settings\utilisateur\Application Data\Malwarebytes
O43 - CFD: 4/02/2011 - 3:49:14 PM ----D- C:\Documents and Settings\utilisateur\Application Data\Media Player Classic
O43 - CFD: 18/08/2010 - 12:38:54 PM -S--D- C:\Documents and Settings\utilisateur\Application Data\Microsoft
O43 - CFD: 15/02/2011 - 8:24:56 PM ----D- C:\Documents and Settings\utilisateur\Application Data\Mozilla
O43 - CFD: 11/12/2009 - 10:06:12 AM ----D- C:\Documents and Settings\utilisateur\Application Data\OpenOffice.org2
O43 - CFD: 7/11/2009 - 12:28:40 AM ----D- C:\Documents and Settings\utilisateur\Application Data\PlayFirst
O43 - CFD: 28/02/2010 - 6:47:24 PM ----D- C:\Documents and Settings\utilisateur\Application Data\Real
O43 - CFD: 6/12/2010 - 9:07:00 PM ----D- C:\Documents and Settings\utilisateur\Application Data\Skype
O43 - CFD: 6/12/2010 - 8:48:18 PM ----D- C:\Documents and Settings\utilisateur\Application Data\skypePM
O43 - CFD: 19/12/2008 - 7:59:16 PM ----D- C:\Documents and Settings\utilisateur\Application Data\Sun
O43 - CFD: 13/02/2011 - 10:07:42 PM ----D- C:\Documents and Settings\utilisateur\Application Data\vlc
O43 - CFD: 24/09/2009 - 5:29:36 AM ----D- C:\Documents and Settings\utilisateur\Application Data\Xilisoft Corporation
O43 - CFD: 14/11/2009 - 11:41:10 PM ----D- C:\Documents and Settings\utilisateur\Application Data\Zylom

---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
O44 - LFC:[MD5.9501CE82389A3B51720E7B8A4B614216] - 11/02/2011 - 2:04:40 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\CONFIG.NT [3121]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 17/02/2011 - 7:44:37 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\tmp.txt [0]
O44 - LFC:[MD5.8973985E025A9B088B791610C252585B] - 17/02/2011 - 9:57:35 AM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\d3d9caps.dat [664]
O44 - LFC:[MD5.FAE5CDC53A251E4577F68F3DFE54C2C5] - 18/02/2011 - 9:30:52 AM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\PerfStringBackup.INI [1100808]
O44 - LFC:[MD5.E0A2F3D7D171572B99B84C38795B9466] - 18/02/2011 - 9:30:52 AM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc009.dat [68354]
O44 - LFC:[MD5.C7E18F022E85DA99453EEDE66385B3B4] - 18/02/2011 - 9:30:52 AM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfc00C.dat [81584]
O44 - LFC:[MD5.A445B5FA4E4A7C0029AA0F1339F20FE0] - 18/02/2011 - 9:30:52 AM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh009.dat [435458]
O44 - LFC:[MD5.3307592105F8CFD5F16F00D533FB30E5] - 18/02/2011 - 9:30:52 AM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\perfh00C.dat [503476]
O44 - LFC:[MD5.46A6C63222D2C22CE5ED1196816857DF] - 2/02/2011 - 9:19:56 AM ---A- . (.InstallShield Corporation, Inc. - InstallShield Deinstaller.) -- C:\WINDOWS\unin040c.exe [298496]
O44 - LFC:[MD5.35698AA719153448A65C658B894C27D8] - 2/02/2011 - 9:20:48 AM ---A- . (.Lexmark International, Inc. - LEX2KUSB DLL.) -- C:\WINDOWS\System32\LEX2KUSB.DLL [197120]
O44 - LFC:[MD5.3F9E8F886490E2AE5148583F094DE777] - 2/02/2011 - 9:20:48 AM ---A- . (.Lexmark International, Inc. - LEXLMPM DLL.) -- C:\WINDOWS\System32\LEXLMPM.DLL [200192]
O44 - LFC:[MD5.A562DBAF0BCB299A4D7C1D67D58E712E] - 2/02/2011 - 9:20:48 AM ---A- . (.Lexmark International, Inc. - LEXP2P32 DLL.) -- C:\WINDOWS\System32\LEXP2P32.DLL [201216]
O44 - LFC:[MD5.B0360B57F7A0EADEEA84961197C721FF] - 2/02/2011 - 9:20:48 AM ---A- . (.Lexmark International, Inc. - LEXPPS.EXE.) -- C:\WINDOWS\System32\LEXPPS.EXE [174592]
O44 - LFC:[MD5.343D870F7BF0D8181137642BCF0D3B48] - 2/02/2011 - 9:20:48 AM ---A- . (.Lexmark International, Inc. - LexBce Client.) -- C:\WINDOWS\System32\LEXBCE.DLL [147456]
O44 - LFC:[MD5.BFADBB0B68E566F6F46B856557A68EC1] - 2/02/2011 - 9:20:48 AM ---A- . (.Lexmark International, Inc. - LexBce Service.) -- C:\WINDOWS\System32\LEXBCES.EXE [307200]
O44 - LFC:[MD5.0F4E56D8B3DE14E0B972A3483461147B] - 2/02/2011 - 9:20:49 AM ---A- . (.Lexmark International, Inc. - BCE Client.) -- C:\WINDOWS\System32\lxblcomm.dll [286720]
O44 - LFC:[MD5.AB52948358AE20C92B87990E44E05507] - 2/02/2011 - 9:20:49 AM ---A- . (.Lexmark International, Inc. - Lexmark ColorFine POR Monitor.) -- C:\WINDOWS\System32\lxblpwr.dll [73728]
O44 - LFC:[MD5.C0CC3CADF562952665625FC11FBCBF1E] - 2/02/2011 - 9:20:49 AM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\System32\lxblvs.dll [40960]
O44 - LFC:[MD5.AE72E8619CB31D84DA25E2435E55003C] - 20/02/2011 - 5:06:00 PM ---A- . (.NirSoft - NirCmd.) -- C:\WINDOWS\NIRCMD.exe [31232]
O44 - LFC:[MD5.9DAA7218961710008D7385B01BD3F386] - 20/02/2011 - 5:06:00 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\MBR.exe [89088]
O44 - LFC:[MD5.F1FBA6185A6A2BC6456970914875078E] - 20/02/2011 - 5:06:00 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\PEV.exe [256512]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 20/02/2011 - 5:06:00 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 20/02/2011 - 5:06:00 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 20/02/2011 - 5:06:00 PM ---A- . (.Pas de propriétaire - Pas de description.) -- C:\WINDOWS\zip.exe [68096]
O44 - LFC:[MD5.01D95A1F8CF13D07CC564AABB36BCC0B] - 20/02/2011 - 5:06:00 PM ---A- . (.SteelWerX - Freeware implementation of REG.EXE.) -- C:\WINDOWS\SWREG.exe [161792]
O44 - LFC:[MD5.B7517DB073B28F5696A1E5528ABEB5D0] - 20/02/2011 - 5:06:00 PM ---A- . (.SteelWerX - Freeware implementation of SC.EXE.) -- C:\WINDOWS\SWSC.exe [136704]
O44 - LFC:[MD5.B1A9CF0B6F80611D31987C247EC630B4] - 20/02/2011 - 5:06:00 PM ---A- . (.SteelWerX - Freeware implementation of XCACLS.) -- C:\WINDOWS\SWXCACLS.exe [212480]
O4

Réponse 7 / 11

Utilisateur anonyme
20 févr. 2011 à 17:03

Re

Procède comme mentionné ici pour me poster ce rapport.

@+

erduche
20 févr. 2011 à 20:16

re

ok je viens de faire

Utilisateur anonyme
20 févr. 2011 à 20:19

Et le lien est où?

erduche
20 févr. 2011 à 20:29

dsl....

voici:
http://www.cijoint.fr/cjlink.php?file=cj201102/cijfZfTu5V.txt

Réponse 8 / 11

Utilisateur anonyme
20 févr. 2011 à 20:41

Re

1) Utilisation de l'outil ZHPFix :

* Copie tout le texte présent dans l'encadré ci-dessous (tu le sélectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )
--------------------------------------------------------------------------------------------------------------------------

O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe

--------------------------------------------------------------------------------------------
Puis lance ZHPFix depuis le raccourci du bureau. Sous Vista :Clic droit sur l'icône ZHPFix.exe
« Exécuter en tant qu'administrateur »
.

* Une fois l'outil ZHPFix ouvert, clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaîtrent.

Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

* Puis clique sur le bouton [ OK ]

> À ce moment là, il apparaîtra au début de chaque ligne une petite case vide. Ne touche plus à rien !

!! Déconnecte toi, désactive tes défenses (anti-virus, anti-spyware ) et ferme bien toutes autres applications ( navigateurs compris ) !!

* Clique sur le bouton [ Tous]. Vérifie que toutes les lignes soient bien cochées.

* Enfin clique sur le bouton [ Nettoyer].

-> laisse travailler l'outil et ne touche à rien ...

-> Si il t'est demandé de redémarrer le PC pour finir le nettoyage, fais le !

Une fois terminé, un nouveau rapport s'affiche : poste le contenu de ce dernier dans ta prochaine réponse ...

( ce rapport est en outre sauvegardé dans ce dossier > C:\Program files\ZHPDiag\ ZHPFixReport.txt )

2)Tu disposes de Malwaresbytes;met le à jour et lance un scan rapide et poste moi son rapport.

3)* Télécharge Ad-remover ( de C_XX ) sur ton bureau :

http://www.teamxscript.org/adremoverTelechargement.html

! Déconnecte toi et ferme toutes applications en cours !

* Double clique ou clic droit (exécuter en tant que admin...sur Vista et Windows7) sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut.

* Double-clique ou clic droit (exécuter en tant que admin...sur Vista et Windows 7) sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

* Au menu principal choisis l'option "Nettoyer"
et sur [entrée] .

* Laisse travailler l'outil et ne touche à rien ...

--> Poste le rapport qui apparaît à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Les toolbars, c'est pas obligatoire ( par Malekal ) :https://forum.malekal.com/viewtopic.php?t=6173&start=

Poste les rapports au fur et à mesure;merci.

@+

erduche
20 févr. 2011 à 21:15

re,

voila une première livraison:

ZHDFIX:

Rapport de ZHPFix 1.12.3253 par Nicolas Coolman, Update du 17/02/2011
Fichier d'export Registre :
Run by utilisateur at 21/02/2011 9:10:06 PM
Windows XP Home Edition Service Pack 3 (Build 2600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Contact : nicolascoolman@yahoo.fr

========== Valeur(s) du Registre ==========
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe => Valeur supprimée avec succès
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe => Valeur absente

========== Récapitulatif ==========
2 : Valeur(s) du Registre

End of the scan

et MBM:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5810

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21/02/2011 9:14:06 PM
mbam-log-2011-02-21 (21-14-06).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 145660
Temps écoulé: 2 minute(s), 51 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

merci

erduche
20 févr. 2011 à 21:23

re re ,

voila le dernier rapport de AD:

======= RAPPORT D'AD-REMOVER 2.0.0.2,E | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 16/02/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 21:19:06 le 21/02/2011, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86)
utilisateur@HP ( )

============== ACTION(S) ==============

Fichier supprimé: C:\WINDOWS\system32\ConduitEngine.tmp
Dossier supprimé: C:\Documents and Settings\utilisateur\Local Settings\Application Data\Conduit
Dossier supprimé: C:\Program Files\Conduit
Dossier supprimé: C:\Documents and Settings\utilisateur\Local Settings\Application Data\ConduitEngine
Dossier supprimé: C:\Program Files\ConduitEngine

(!) -- Fichiers temporaires supprimés.

Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Classes\CLSID\{5B04DD2E-5A49-4F64-B714-094355946107}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5B04DD2E-5A49-4F64-B714-094355946107}
Clé supprimée: HKLM\Software\Classes\Conduit.Engine
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2189157
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\conduitEngine
Clé supprimée: HKCU\Software\Conduit
Clé supprimée: HKCU\Software\conduitEngine
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D59F020-AB28-4D82-91B8-CA106178677C}

============== SCAN ADDITIONNEL ==============

**** Internet Explorer Version [8.0.6001.18702] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{b147115e-a9d5-4c3e-8d97-0ee812b6638b} - "GeoMundos Toolbar" (C:\Program Files\GeoMundos\tbGeo2.dll)
HKCU_Toolbar\WebBrowser|{B147115E-A9D5-4C3E-8D97-0EE812B6638B} (C:\Program Files\GeoMundos\tbGeo2.dll)
HKLM_Toolbar|{b147115e-a9d5-4c3e-8d97-0ee812b6638b} (C:\Program Files\GeoMundos\tbGeo2.dll)
HKLM_ElevationPolicy\041d4385-5a49-4323-bd13-5382cebf0f37 - C:\Program Files\GeoMundos\GeoMundosToolbarHelper.exe (?)
HKLM_ElevationPolicy\0b125abe-eb27-4d52-9f54-68e0b4f1afeb - C:\Program Files\GeoMundos\GeoMundosToolbarHelper.exe (?)
HKLM_ElevationPolicy\1577b47d-6cff-46e1-9e31-f4620aa4f054 - C:\Program Files\GeoMundos\GeoMundosToolbarHelper.exe (?)
HKLM_ElevationPolicy\431c8e79-e390-4808-8bf0-4221050915ce - C:\Program Files\GeoMundos\GeoMundosToolbarHelper.exe (?)
HKLM_ElevationPolicy\955de216-66e0-4113-a388-936b3e4ac35c - C:\Program Files\GeoMundos\GeoMundosToolbarHelper.exe (?)
HKLM_ElevationPolicy\c2b468ad-fe23-4c40-9345-16850d5642e7 - C:\Program Files\GeoMundos\GeoMundosToolbarHelper.exe (?)
HKLM_ElevationPolicy\{599629AF-5AC5-431F-A7CD-D237A99F1E97} - C:\Program Files\GeoMundos\GeoMundosToolbarHelper1.exe (Conduit Ltd.)
HKLM_Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - "Skype add-on for Internet Explorer" (C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico)
HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)

========================================

C:\Program Files\Ad-Remover\Quarantine: 24 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 12 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 21/02/2011 21:19:43 (828 Octet(s))

Fin à: 21:20:36, 21/02/2011

============== E.O.F ==============

cordialement

Réponse 9 / 11

Utilisateur anonyme
21 févr. 2011 à 18:43

Bonsoir

Passons aux mises à jour

1)Pour java utilises JavaRa

et un autre tutoriel javaRa http://www.libellules.ch/dotclear/index.php?post/2008/07/13/2689-javara

Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
* Double-cliques ou clic droit sous Vista sur le répertoire JavaRa.
* Puis double-cliques sur le fichier JavaRa.exe (le exe peut ne pas s'afficher).
* Choisis Français puis cliques sur Select.
* Cliques sur Recherche de mises à jour.
* Sélectionne Mettre à jour via jucheck.exe puis clique sur Rechercher.
* Autorises le processus à se connecter s'il le demande, cliques sur Installer et suis les instructions d'installation qui prennent quelques minutes.
* L'installation est terminée, reviens à l'écran de JavaRa et cliques sur Effacer les anciennes versions.
* Cliques sur Oui pour confirmer. Laisses travailler et cliques ensuite sur OK, puis une deuxième fois sur OK.
* Un rapport va s'ouvrir. Postes-le dans ta prochaine réponse.
* Ferme l'application.

Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.

2)Pour vérifier les mises à jour logiciels à appliquer sur ton PC
https://www.flexera.com/products/operations/software-vulnerability-management.html
Divers liens te seront proposés pour les logiciels non à jour.

@+

erduche
21 févr. 2011 à 22:55

Bonsoir,

voilà pour javara:

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Feb 22 22:54:50 2011

Found and removed: C:\Program Files\Java\jre1.6.0_04

Found and removed: C:\Documents and Settings\utilisateur\Application Data\Sun\Java\jre1.6.0_04

Found and removed: C:\Documents and Settings\utilisateur\Application Data\Sun\Java\jre1.6.0_15

Found and removed: Applications\java.exe

Found and removed: Applications\javaw.exe

Found and removed: JavaPlugin.FamilyVersionSupport

Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: JavaScript1.2 Author

Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

Found and removed: Software\Classes\JavaPlugin.160_04

Found and removed: Software\JavaSoft\Java Update

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_04

Found and removed: SOFTWARE\Classes\JavaPlugin

Found and removed: SOFTWARE\Classes\JavaPlugin.160_04

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_04

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_04

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_04\

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5

------------------------------------

Finished reporting.

j'ai l'impression qu'on décortique tout c'est incroyable comme vous avez de la patiente!

Cordialement

Réponse 10 / 11

Utilisateur anonyme
22 févr. 2011 à 18:56

Bonsoir

As tu fais Sécunia et procédé aux diverses mises à jour proposées?

1) Télécharge DelFix de Xplode

* Lance le.
* A l'invite, [Suppression]
* Un rapport va s'ouvrir à la fin, colle le dans la réponse

Ensuite pour le désinstaller ; tu relances et tu passes à l'option [Désinstallation]

2)Tu disposes de Ccleaner;met le à jour et lance le avec ces réglages:
double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 24 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
. coches la première case vieilles données du perfetch ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vérifies en appuyant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.clique maintenant sur registre et puis sur rechercher les erreurs
.laisse tout coché et clique sur réparer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.clique sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et une fois fermé tu vérifies en relançant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner.

3)Purge la restauration comme ceci :
http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924

Cela supprime toutes traces des diverses infections ;et permettra une éventuelle restauration sans infections

@+

erduche
22 févr. 2011 à 19:29

Bonsoir,

Le rapport de ccleaner s'est fait dans un fichier joins au registre??? enfin c'est ce qui est dit, donc je n'arrive pas a le transmettre, sinon tout marche bien.

Merci encore

Réponse 11 / 11

Utilisateur anonyme
23 févr. 2011 à 19:02

Bonsoir

Si tu n'as plus de problèmes,je te propose de clore ce post.

@+

erduche
24 févr. 2011 à 01:17

Bonsoir,

Et bien on arrête là, j'avoue que les nettoyages, vérifs, controles...on été long mais nécessaire
Mon ordi fonctionne mieux et j'en ressort avec des connaissances!!

Merci encore

Discussions similaires

Virus Android page internet qui s'ouvre

Convertir un fichier PAGES en word

Comment ouvrir un document "Pages" d'Apple sur Windows ?

Impossible de créer ou gérer une page Facebook

ouvrir fichier pages (mac) avec pc