Infection par winscan,

Résolu
alexnovice -  
 alexnovice -
Bonjour,

j'ai été infecté par winscan,
j'ai suivi la methode préliminaire de désinfection de commentcamarche.net :
1. j'ai réalisé zhp diag, rapport ç l'adresse suivante
http://www.cijoint.fr/cjlink.php?file=cj201102/cijYuMJlov.txt

2. je viens de faire C cleaner

3. j'analyse avec MBAM, mais je dois fermer les navigateur, je vais poster dans quelques instants le rapport

je valide pour ne pas perdre l'adresse ci-joint

12 réponses

Résumé de la discussion

Une infection de Winscan est signalée sous Windows XP avec Internet Explorer 7, et le fil porte sur la désinfection guidée par ZHPDiag et Ad-Remover, avec MBAM et C Cleaner.
Plusieurs réponses proposent des étapes, notamment désactiver le proxy, lancer AD-Remover, puis effectuer des analyses et poster les rapports pour validation avant de continuer ensuite.
Le fil rassemble des rapports techniques, notamment ZHPDiag, TDSSKiller et DelFix, et des précisions sur des outils comme MBAM et Ad-Remover, ainsi que des retours sur les progrès et les difficultés.
D'autres échanges indiquent qu'une personne n'avait pas de protection active et que les étapes impliquaient des nettoyages de registres et suppressions de programmes, sans conclusion sur l'état final du fil.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. alexnovice
     
    3. rapport de anti malware :

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Version de la base de données: 5883

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    26/02/2011 15:51:11
    mbam-log-2011-02-26 (15-51-11).txt

    Type d'examen: Examen rapide
    Elément(s) analysé(s): 154594
    Temps écoulé: 3 minute(s), 39 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 1
    Dossier(s) infecté(s): 2
    Fichier(s) infecté(s): 9

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    c:\documents and settings\all users\application data\oauowtpwniih.dll (Trojan.FakeAlert) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    c:\documents and settings\alex & mat\menu démarrer\programmes\Win Scan (Rogue.WinScan) -> Quarantined and deleted successfully.
    c:\program files\softwarerevenue.org (Adware.ActiveSearch) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    c:\documents and settings\all users\application data\oauowtpwniih.dll (Trojan.FakeAlert) -> Delete on reboot.
    c:\documents and settings\all users\application data\49671.exe (Rogue.Agent.Gen) -> Quarantined and deleted successfully.
    c:\documents and settings\alex & mat\Bureau\Win Scan.lnk (Rogue.WinScan) -> Quarantined and deleted successfully.
    c:\documents and settings\alex & mat\menu démarrer\programmes\Win Scan\uninstall win scan.lnk (Rogue.WinScan) -> Quarantined and deleted successfully.
    c:\documents and settings\alex & mat\menu démarrer\programmes\Win Scan\Win Scan.lnk (Rogue.WinScan) -> Quarantined and deleted successfully.
    c:\program files\softwarerevenue.org\activeshopper_trim.bmp (Adware.ActiveSearch) -> Quarantined and deleted successfully.
    c:\program files\softwarerevenue.org\googlepage.bmp (Adware.ActiveSearch) -> Quarantined and deleted successfully.
    c:\program files\softwarerevenue.org\partypoker.ico (Adware.ActiveSearch) -> Quarantined and deleted successfully.
    c:\program files\softwarerevenue.org\englishharbouricon.ico (Adware.ActiveSearch) -> Quarantined and deleted successfully.
    0
  2. fred08700 Messages postés 3633 Statut Contributeur sécurité 550
     
    salut

    redémarre ton pc pour valider les suppressions de malwarebytes

    ensuite

    si tu utilise un proxy , désactive-le

    https://forums.commentcamarche.net/forum/affich-37640573-desactiver-son-proxy

    puis

    ● Rends-toi à cette adresse afin de télécharger AD-Remover (créé par C_XX)

    Déconnecte toi et ferme toutes les applications en cours

    ● Double-clique sur l'icône AD-Remover
    Vista ou windows 7 => clic droit "executer en tant que...."
    ● Au menu principal, clique sur "Nettoyer"
    ● Confirme le lancement de l'analyse et laisse l'outil travailler
    ● Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report-CLEAN.txt )

    (CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    <gras<Note :</gras> Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus. els de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

    et refais un scan zhpdiag
    0
  3. alexnovice
     
    merci, mais je n'avais pas vu ton commentaire.
    j'ai effectivement redemarrer mon ordinateur, et je suivait le 4eme pas de la fiche, cad analyse en ligne avec kaspersky et j'attendais pour poster le rapport.

    donc je finis cela (ca a l'air très long la mise à jour) et ensuite je suis tes instructions?
    0
    1. fred08700 Messages postés 3633 Statut Contributeur sécurité 550
       
      je ne t'ai pas demandé d'analyse en ligne avec kaspersky !
      0
    2. alexnovice
       
      désolée mais comme je te l'avais dis je n'avais pas vu ton commentaire avant de le lancer.

      je vais faire ce que tu m'as indiqué

      merci
      0
    3. alexnovice
       
      voici le rapport d'ad remover:

      ======= RAPPORT D'AD-REMOVER 2.0.0.2,E | UNIQUEMENT XP/VISTA/7 =======

      Mis à jour par TeamXscript le 26/02/11
      Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
      Site web: http://www.teamxscript.org

      C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 17:56:02 le 26/02/2011, Mode normal

      Microsoft Windows XP Édition familiale Service Pack 3 (X86)
      Alex & Mat@MATAL ( )

      ============== ACTION(S) ==============

      Service: "ASKService" Stoppé et supprimé
      Service: "ASKUpgrade" Stoppé et supprimé

      Fichier supprimé: C:\WINDOWS\system32\ConduitEngine.tmp
      Fichier supprimé: C:\WINDOWS\system32\mi2.exe
      Dossier supprimé: C:\Program Files\AskBarDis
      Dossier supprimé: C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\Conduit
      Dossier supprimé: C:\Program Files\Conduit
      Dossier supprimé: C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\ConduitEngine
      Dossier supprimé: C:\Program Files\ConduitEngine

      (!) -- Fichiers temporaires supprimés.


      Clé supprimée: HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
      Clé supprimée: HKLM\Software\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
      Clé supprimée: HKLM\Software\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
      Clé supprimée: HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}
      Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
      Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed}
      Clé supprimée: HKLM\Software\Classes\CLSID\{27A5A583-3031-4D76-B8A1-791AE6E775FF}
      Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{27A5A583-3031-4D76-B8A1-791AE6E775FF}
      Clé supprimée: HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
      Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
      Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
      Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
      Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
      Clé supprimée: HKLM\Software\Classes\CLSID\{3C731168-F777-4A1B-B142-3E69AFD48BCC}
      Clé supprimée: HKLM\Software\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
      Clé supprimée: HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
      Clé supprimée: HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
      Clé supprimée: HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
      Clé supprimée: HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
      Clé supprimée: HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
      Clé supprimée: HKLM\Software\Classes\Interface\{D6094FC6-821F-474C-8D73-C13066CD178D}
      Clé supprimée: HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
      Clé supprimée: HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
      Clé supprimée: HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
      Clé supprimée: HKLM\Software\Classes\AskIBar.PopSwatterBarButton
      Clé supprimée: HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1
      Clé supprimée: HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl
      Clé supprimée: HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1
      Clé supprimée: HKLM\Software\Classes\AskToolBar.SettingsPlugin
      Clé supprimée: HKLM\Software\Classes\AskToolBar.SettingsPlugin.1
      Clé supprimée: HKLM\Software\Classes\Conduit.Engine
      Clé supprimée: HKLM\Software\Classes\Toolbar.CT2504091
      Clé supprimée: HKLM\Software\AskBarDis
      Clé supprimée: HKLM\Software\Conduit
      Clé supprimée: HKLM\Software\conduitEngine
      Clé supprimée: HKLM\Software\AppDataLow\AskBarDis
      Clé supprimée: HKCU\Software\Conduit
      Clé supprimée: HKCU\Software\conduitEngine
      Clé supprimée: HKCU\Software\AppDataLow\AskBarDis
      Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{061ADBED-1AB7-4468-B1BA-4926FE3F4BCD}
      Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
      Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1

      Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{3041D03E-FD4B-44E0-B742-2D9B88305F98}
      Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
      Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98}


      ============== SCAN ADDITIONNEL ==============

      **** Internet Explorer Version [7.0.5730.11] ****

      HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
      HKCU_Main|Start Page - hxxp://fr.msn.com/
      HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
      HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
      HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKLM_Main|Start Page - hxxp://fr.msn.com/
      HKCU_URLSearchHooks|{ba14329e-9550-4989-b3f2-9732e92d17cc} - "Vuze Remote Toolbar" (C:\Program Files\Vuze_Remote\tbVuz1.dll)
      HKCU_Toolbar\ShellBrowser|{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} (x)
      HKCU_Toolbar\WebBrowser|{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} (x)
      HKCU_Toolbar\WebBrowser|{BA14329E-9550-4989-B3F2-9732E92D17CC} (C:\Program Files\Vuze_Remote\tbVuz1.dll)
      HKLM_Toolbar|{ba14329e-9550-4989-b3f2-9732e92d17cc} (C:\Program Files\Vuze_Remote\tbVuz1.dll)
      HKLM_ElevationPolicy\2c48b88d-9417-4cb6-88c3-2c45672f5c6c - C:\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?)
      HKLM_ElevationPolicy\49f294e7-28d6-4cbf-a9cb-a4731280e032 - C:\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?)
      HKLM_ElevationPolicy\98ce4b3e-8999-4293-a790-44cd9cbd94e9 - C:\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?)
      HKLM_ElevationPolicy\9b8f635a-043e-4cec-b59f-f024946a2120 - C:\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?)
      HKLM_ElevationPolicy\d2ec40f2-ae13-47c2-a9c7-8caecad2926d - C:\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe (?)
      HKLM_ElevationPolicy\{2A3D0A80-4F1D-426C-901A-233FFB1BB804} - C:\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper1.exe (Conduit Ltd.)
      HKLM_ElevationPolicy\{44270ABA-D71B-11DA-8750-001185653D78} - c:\program files\google\googletoolbar1user.exe (x)
      HKLM_Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - "?" (?)
      HKLM_Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} - "?" (?)
      BHO\{02478D38-C3F9-4EFB-9B51-7695ECA05670} - "Yahoo! Toolbar Helper" (C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll)
      BHO\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - "AcroIEHlprObj Class" (c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll)
      BHO\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - "SSVHelper Class" (C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll)
      BHO\{9030D464-4C02-4ABF-8ECC-5164760863C6} - "Windows Live Sign-in Helper" (C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll)
      BHO\{ba14329e-9550-4989-b3f2-9732e92d17cc} - "Vuze Remote Toolbar" (C:\Program Files\Vuze_Remote\tbVuz1.dll)

      ========================================

      C:\Program Files\Ad-Remover\Quarantine: 48 Fichier(s)
      C:\Program Files\Ad-Remover\Backup: 13 Fichier(s)

      C:\Ad-Report-CLEAN[1].txt - 26/02/2011 17:56:13 (5936 Octet(s))

      Fin à: 17:57:21, 26/02/2011

      ============== E.O.F ==============


      je refait maintenant un scan zhpdiag
      0
    4. alexnovice
       
      et voici le rapport :

      Rapport de ZHPDiag v1.27.1624 par Nicolas Coolman, Update du 25/02/2011
      Run by Alex & Mat at 26/02/2011 18:10:47
      Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
      Contact : nicolascoolman@yahoo.fr

      ---\\ Web Browser

      ---\\ System Information
      Windows XP Home Edition Service Pack 3 (Build 2600)
      Processor: x86 Family 6 Model 14 Stepping 8, GenuineIntel
      Operating System: 32 Bits
      Boot mode: Normal (Normal boot)
      Total RAM: 2047 MB (56% free)
      System Restore: Désactivé (Disabled)
      System drive C: has 4 GB (7%) free of 55 GB

      ---\\ Logged in mode
      Computer Name: MATAL
      User Name: Alex & Mat
      All Users Names: SUPPORT_388945a0, LogMeInRemoteUser, HelpAssistant, ASPNET, Alex & Mat, Administrateur,
      Unselected Option: O45,O61,O62,O65,O66,O82
      Logged in as Administrator

      ---\\ Environnement Variables
      %AppData%=
      %LocalAppData%=
      %StartMenu%=

      ---\\ DOS/Devices
      C:\ Hard drive, Flash drive, Thumb drive (Free 4 Go of 55 Go)
      D:\ Hard drive, Flash drive, Thumb drive (Free 16 Go of 36 Go)
      E:\ CD-ROM drive (Free 0 Go of 0 Go)


      ---\\ Security Center & Tools Informations
      [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
      [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
      [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
      [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
      [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK


      ---\\ Recherche particulière de fichiers génériques
      [MD5.F2317622D29F9FF0F88AEECD5F60F0DD] - (.Microsoft Corporation - Explorateur Windows.) (.14/04/2008 04:34:04.) -- C:\Windows\Explorer.exe [1037824]
      [MD5.FB22AE2861836D16FCBAECB1B715752E] - (.Microsoft Corporation - Internet Extensions for Win32.) (.21/12/2010 00:06:56.) -- C:\Windows\System32\wininet.dll [832512]
      [MD5.DD73D6B9F6B4CB630CF35B438B540174] - (.Microsoft Corporation - Application d'ouverture de session Windows NT.) (.14/04/2008 04:34:28.) -- C:\Windows\System32\Winlogon.exe [512000]
      [MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/04/2008 20:40:30.) -- C:\Windows\System32\drivers\atapi.sys [96512]
      [MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/04/2008 21:15:54.) -- C:\Windows\System32\drivers\ntfs.sys [574976]


      ---\\ Processus lancés
      [MD5.BAAB0EECD33888E7BEF52A75B6D6EC30] - (.ATI Technologies Inc. - ATI External Event Utility EXE Module.) -- C:\WINDOWS\system32\Ati2evxx.exe [405504]
      [MD5.488F497576D1076E9C9698D3F91A98C9] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [631808]


      ---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
      G0 - GCSP: Preference [User Data\Default][HomePage] https://www.google.com/?gws_rd=ssl


      ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk


      ---\\ Internet Explorer, Proxy Management (R5)
      R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;*mercapital*
      R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.135.9:8080
      R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
      R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
      R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
      R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
      R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll


      ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
      F2 - REG:system.ini: VMApplet=


      ---\\ Applications démarrées par registre & par dossier (O4)
      O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk . (.WinZip Computing, S.L..) -- C:\Program Files\WinZip\WZQKPICK.EXE
      O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\WDDMStatus.lnk . (.WDC.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
      O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Démarrage\WDSmartWare.lnk . (.Western Digital.) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe


      ---\\ Autres liens utilisateurs (O4)
      O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Messenger\msmsgs.exe
      O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Windows Movie Maker.lnk . (.Microsoft Corporation.) -- C:\Program Files\Movie Maker\moviemk.exe
      O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Reader 7.0.lnk . (...) -- c:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70000000000}\SC_Reader_PM.ico
      O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Photoshop CS2.lnk . (.Adobe Systems, Incorporated.) -- C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
      O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe ImageReady CS2.lnk . (.Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Adobe Photoshop CS2\ImageReady.exe
      O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Bridge.lnk . (.Adobe Systems, Inc..) -- C:\Program Files\Adobe\Adobe Bridge\Bridge.exe
      O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Adobe Help Center.lnk . (.Adobe Systems Incorporated.) -- C:\Program Files\Adobe\Adobe Help Center\ahc.exe
      O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk . (...) -- C:\WINDOWS\Installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}\AppleSoftwareUpdateIco.exe
      O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\LogMeIn.lnk . (.LogMeIn, Inc..) -- C:\Program Files\LogMeIn\x86\raabout.exe
      O4 - Global Startup: C:\Documents And Settings\All Users\Menu Démarrer\Programmes\Vuze.lnk . (.Vuze Inc..) -- C:\Program Files\Vuze\Azureus.exe
      O4 - Global Startup: C:\Documents And Settings\Alex & Mat\Menu Démarrer\Programmes\Assistance à distance.lnk . (.Microsoft Corporation.) -- C:\WINDOWS\system32\rcimlby.exe
      O4 - Global Startup: C:\Documents And Settings\Alex & Mat\Menu Démarrer\Programmes\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe


      ---\\ Enumération Active Desktop & MHTML Editor (O24)
      O24 - Default MHTML Editor: Last - .(.Pas de propriétaire - Pas de description.) - (.not file.)


      ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
      O43 - CFD: 06/06/2006 - 13:57:28 - [599963408] ----D- C:\Program Files\Fichiers communs
      O43 - CFD: 06/06/2006 - 14:00:32 - [3942655] ----D- C:\Program Files\Windows NT
      O43 - CFD: 06/06/2006 - 14:00:32 - [21471559] ----D- C:\Program Files\MSN
      O43 - CFD: 06/06/2006 - 14:00:40 - [8745735] ----D- C:\Program Files\MSN Gaming Zone
      O43 - CFD: 06/06/2006 - 14:00:40 - [2152579] ----D- C:\Program Files\Messenger
      O43 - CFD: 06/06/2006 - 14:00:46 - [8749996] ----D- C:\Program Files\Windows Media Player
      O43 - CFD: 06/06/2006 - 14:00:46 - [1708] ----D- C:\Program Files\Online Services
      O43 - CFD: 06/06/2006 - 14:01:16 - [0] ----D- C:\Program Files\ComPlus Applications
      O43 - CFD: 06/06/2006 - 14:01:26 - [3236915] ----D- C:\Program Files\Internet Explorer
      O43 - CFD: 06/06/2006 - 14:01:28 - [4379321] ----D- C:\Program Files\Outlook Express
      O43 - CFD: 06/06/2006 - 14:01:28 - [3285523] ----D- C:\Program Files\NetMeeting
      O43 - CFD: 06/06/2006 - 14:01:30 - [10374874] ----D- C:\Program Files\Movie Maker
      O43 - CFD: 06/06/2006 - 14:01:48 - [929] ----D- C:\Program Files\Services en ligne
      O43 - CFD: 06/06/2006 - 14:01:52 - [0] --H-D- C:\Program Files\WindowsUpdate
      O43 - CFD: 06/06/2006 - 14:03:14 - [0] ----D- C:\Program Files\microsoft frontpage
      O43 - CFD: 06/06/2006 - 14:03:14 - [0] ----D- C:\Program Files\xerox
      O43 - CFD: 06/06/2006 - 14:08:36 - [30289812] ----D- C:\Program Files\Intel
      O43 - CFD: 06/06/2006 - 14:11:10 - [20926970] --H-D- C:\Program Files\InstallShield Installation Information
      O43 - CFD: 06/06/2006 - 14:11:48 - [0] --H-D- C:\Program Files\Uninstall Information
      O43 - CFD: 06/06/2006 - 14:14:12 - [460188763] ----D- C:\Program Files\Adobe
      O43 - CFD: 06/06/2006 - 14:14:56 - [41355414] ----D- C:\Program Files\Realtek
      O43 - CFD: 06/06/2006 - 14:16:40 - [2232746] ----D- C:\Program Files\Asus
      O43 - CFD: 06/06/2006 - 14:18:08 - [1339904] ----D- C:\Program Files\Wireless Console 2
      O43 - CFD: 06/06/2006 - 14:18:22 - [26880612] ----D- C:\Program Files\Synaptics
      O43 - CFD: 06/06/2006 - 14:20:02 - [36030265] ----D- C:\Program Files\ASUSTeK
      O43 - CFD: 06/06/2006 - 14:21:12 - [121314078] ----D- C:\Program Files\Ahead
      O43 - CFD: 06/06/2006 - 14:30:26 - [137355302] ----D- C:\Program Files\ATI Technologies
      O43 - CFD: 06/06/2006 - 14:36:56 - [24183780] ----D- C:\Program Files\Toshiba
      O43 - CFD: 25/06/2006 - 19:32:02 - [404085324] ----D- C:\Program Files\Microsoft Office
      O43 - CFD: 25/06/2006 - 19:32:02 - [315392] ----D- C:\Program Files\Microsoft.NET
      O43 - CFD: 25/06/2006 - 19:32:30 - [14904] ----D- C:\Program Files\Microsoft Visual Studio
      O43 - CFD: 25/06/2006 - 19:32:38 - [4368271] ----D- C:\Program Files\Microsoft Works
      O43 - CFD: 06/09/2006 - 13:02:36 - [144347361] ----D- C:\Program Files\Alwil Software
      O43 - CFD: 18/09/2006 - 16:12:14 - [45287761] ----D- C:\Program Files\Plaxo
      O43 - CFD: 07/10/2006 - 14:18:42 - [5091724] ----D- C:\Program Files\Mentorwave
      O43 - CFD: 16/11/2006 - 13:45:22 - [0] ----D- C:\Program Files\MSXML 4.0
      O43 - CFD: 20/11/2006 - 17:51:28 - [425192949] ----D- C:\Program Files\Google
      O43 - CFD: 06/01/2007 - 12:50:34 - [1611920] ----D- C:\Program Files\DivX
      O43 - CFD: 14/01/2007 - 20:28:44 - [282786716] ----D- C:\Program Files\Java
      O43 - CFD: 15/01/2007 - 18:05:40 - [56299365] ----D- C:\Program Files\iPod
      O43 - CFD: 15/01/2007 - 18:07:50 - [81682603] ----D- C:\Program Files\QuickTime
      O43 - CFD: 07/03/2007 - 00:16:46 - [17712911] ----D- C:\Program Files\Inventel
      O43 - CFD: 05/04/2007 - 18:51:50 - [123368] ----D- C:\Program Files\Google Toolbar
      O43 - CFD: 05/04/2007 - 19:38:50 - [27020351] ----D- C:\Program Files\K-Lite Codec Pack
      O43 - CFD: 06/04/2007 - 13:13:58 - [3581070] ----D- C:\Program Files\Windows Media Connect 2
      O43 - CFD: 11/04/2007 - 13:28:22 - [15277966] ----D- C:\Program Files\WinZip
      O43 - CFD: 17/05/2007 - 21:19:36 - [71694] ----D- C:\Program Files\bwin
      O43 - CFD: 22/03/2008 - 17:08:28 - [2079446] ----D- C:\Program Files\Yahoo!
      O43 - CFD: 24/03/2008 - 18:35:46 - [3648102] ----D- C:\Program Files\CCleaner
      O43 - CFD: 24/03/2008 - 19:42:48 - [0] ----D- C:\Program Files\Softwin
      O43 - CFD: 22/05/2008 - 21:52:36 - [382441] ----D- C:\Program Files\Bonjour
      O43 - CFD: 22/05/2008 - 21:53:22 - [74845961] ----D- C:\Program Files\iTunes
      O43 - CFD: 23/05/2008 - 13:00:14 - [47425] ----D- C:\Program Files\Intuwave Ltd
      O43 - CFD: 29/06/2008 - 16:08:28 - [2240194] ----D- C:\Program Files\Windows Live
      O43 - CFD: 30/06/2008 - 23:02:42 - [800662] ----D- C:\Program Files\Microsoft CAPICOM 2.1.0.2
      O43 - CFD: 01/09/2008 - 23:14:48 - [322459242] ----D- C:\Program Files\Western Digital
      O43 - CFD: 08/09/2008 - 21:27:20 - [60234465] ----D- C:\Program Files\Spybot - Search & Destroy
      O43 - CFD: 08/09/2008 - 22:03:32 - [75172198] ----D- C:\Program Files\VideoLAN
      O43 - CFD: 08/09/2008 - 22:18:28 - [3451643] ----D- C:\Program Files\WinRAR
      O43 - CFD: 08/09/2008 - 23:31:00 - [1338256] ----D- C:\Program Files\CodeStuff
      O43 - CFD: 09/09/2008 - 17:47:34 - [101948012] ----D- C:\Program Files\Lavasoft
      O43 - CFD: 29/09/2008 - 18:04:38 - [2221118] ----D- C:\Program Files\Apple Software Update
      O43 - CFD: 05/11/2008 - 23:09:16 - [27904532] ----D- C:\Program Files\LogMeIn
      O43 - CFD: 17/11/2008 - 16:55:38 - [82396374] ----D- C:\Program Files\monAlbumPhoto
      O43 - CFD: 22/11/2008 - 20:16:10 - [3190120] ----D- C:\Program Files\MultiResource Client
      O43 - CFD: 23/03/2009 - 22:55:56 - [29794014] ----D- C:\Program Files\MSECache
      O43 - CFD: 31/08/2009 - 22:55:52 - [36400897] ----D- C:\Program Files\Reference Assemblies
      O43 - CFD: 31/08/2009 - 22:56:00 - [25757] ----D- C:\Program Files\MSBuild
      O43 - CFD: 27/09/2009 - 17:17:18 - [30284489] R---D- C:\Program Files\Skype
      O43 - CFD: 10/11/2009 - 16:18:54 - [3553173] ----D- C:\Program Files\PhotoFiltre
      O43 - CFD: 07/03/2010 - 13:58:40 - [782336] ----D- C:\Program Files\OpenAL
      O43 - CFD: 30/06/2010 - 19:15:16 - [248680] ----D- C:\Program Files\Uniblue
      O43 - CFD: 30/06/2010 - 19:44:58 - [8228085] ----D- C:\Program Files\Auslogics
      O43 - CFD: 31/08/2010 - 11:22:44 - [14206857] ----D- C:\Program Files\Vuze_Remote
      O43 - CFD: 31/08/2010 - 11:22:48 - [22670376] ----D- C:\Program Files\Vuze
      O43 - CFD: 26/02/2011 - 15:11:00 - [3583542] ----D- C:\Program Files\ZHPDiag
      O43 - CFD: 26/02/2011 - 15:41:22 - [4932512] ----D- C:\Program Files\Malwarebytes' Anti-Malware
      O43 - CFD: 26/02/2011 - 17:54:26 - [77038871] ----D- C:\Program Files\Ad-Remover
      O43 - CFD: 06/06/2006 - 13:57:28 - [307017396] ----D- C:\Program Files\Fichiers Communs\Microsoft Shared
      O43 - CFD: 06/06/2006 - 13:57:28 - [3787229] ----D- C:\Program Files\Fichiers Communs\SpeechEngines
      O43 - CFD: 06/06/2006 - 13:57:30 - [0] ----D- C:\Program Files\Fichiers Communs\ODBC
      O43 - CFD: 06/06/2006 - 14:01:26 - [20980518] ----D- C:\Program Files\Fichiers Communs\System
      O43 - CFD: 06/06/2006 - 14:01:34 - [284160] ----D- C:\Program Files\Fichiers Communs\MSSoap
      O43 - CFD: 06/06/2006 - 14:01:36 - [8106] ----D- C:\Program Files\Fichiers Communs\Services
      O43 - CFD: 06/06/2006 - 14:10:52 - [15263379] ----D- C:\Program Files\Fichiers Communs\InstallShield
      O43 - CFD: 06/06/2006 - 14:14:30 - [140606763] ----D- C:\Program Files\Fichiers Communs\Adobe
      O43 - CFD: 06/06/2006 - 14:21:16 - [13340102] ----D- C:\Program Files\Fichiers Communs\Ahead
      O43 - CFD: 25/06/2006 - 19:32:44 - [86016] ----D- C:\Program Files\Fichiers Communs\DESIGNER
      O43 - CFD: 06/11/2006 - 12:35:28 - [72704] ----D- C:\Program Files\Fichiers Communs\Adobe Systems Shared
      O43 - CFD: 14/01/2007 - 19:54:52 - [65249923] ----D- C:\Program Files\Fichiers Communs\Java
      O43 - CFD: 24/03/2008 - 19:42:04 - [0] ----D- C:\Program Files\Fichiers Communs\Softwin
      O43 - CFD: 22/05/2008 - 21:48:48 - [30838130] ----D- C:\Program Files\Fichiers Communs\Apple
      O43 - CFD: 29/06/2008 - 16:08:48 - [15118] -SH-D- C:\Program Files\Fichiers Communs\WindowsLiveInstaller
      O43 - CFD: 30/03/2010 - 20:29:40 - [2135336] ----D- C:\Program Files\Fichiers Communs\Skype
      O43 - CFD: 13/04/2010 - 17:07:32 - [0] ----D- C:\Program Files\Fichiers Communs\Symantec Shared
      O43 - CFD: 06/06/2006 - 14:25:28 - [14619] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Symantec
      O43 - CFD: 06/06/2006 - 14:33:46 - [1918962] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Macromedia
      O43 - CFD: 06/06/2006 - 14:34:50 - [97364] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Intel
      O43 - CFD: 06/06/2006 - 14:03:12 - [0] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Identities
      O43 - CFD: 06/06/2006 - 13:57:04 - [6895942] -S--D- C:\Documents and Settings\Alex & Mat\Application Data\Microsoft
      O43 - CFD: 24/06/2006 - 19:53:10 - [0] ----D- C:\Documents and Settings\Alex & Mat\Application Data\ATI
      O43 - CFD: 24/06/2006 - 14:14:30 - [24405708] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Skype
      O43 - CFD: 25/06/2006 - 19:39:02 - [0] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Lavasoft
      O43 - CFD: 25/06/2006 - 19:45:38 - [750] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Spybot - Search & Destroy
      O43 - CFD: 25/06/2006 - 20:14:32 - [7956521] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Adobe
      O43 - CFD: 07/07/2006 - 22:00:54 - [3584] ----D- C:\Documents and Settings\Alex & Mat\Application Data\CyberLink
      O43 - CFD: 15/08/2006 - 18:19:08 - [0] ----D- C:\Documents and Settings\Alex & Mat\Application Data\AdobeUM
      O43 - CFD: 01/10/2006 - 18:13:52 - [30152983] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Sony Ericsson
      O43 - CFD: 20/11/2006 - 18:26:10 - [0] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Google
      O43 - CFD: 20/11/2006 - 20:00:58 - [0] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Opera
      O43 - CFD: 14/01/2007 - 20:33:28 - [5001535] ----D- C:\Documents and Settings\Alex & Mat\Application Data\LimeWire
      O43 - CFD: 15/01/2007 - 18:08:38 - [61679195] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Apple Computer
      O43 - CFD: 25/03/2007 - 15:29:04 - [1121176] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Sun
      O43 - CFD: 05/04/2007 - 19:40:30 - [185] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Media Player Classic
      O43 - CFD: 18/09/2007 - 10:54:04 - [47938394] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Azureus
      O43 - CFD: 11/11/2007 - 19:23:52 - [3604480] ----D- C:\Documents and Settings\Alex & Mat\Application Data\U3
      O43 - CFD: 13/12/2007 - 16:50:10 - [189208] ----D- C:\Documents and Settings\Alex & Mat\Application Data\skypePM
      O43 - CFD: 17/03/2008 - 19:42:36 - [142175131] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Participatory Culture Foundation
      O43 - CFD: 17/03/2008 - 19:42:36 - [101189] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Mozilla
      O43 - CFD: 22/03/2008 - 13:03:22 - [295884] ----D- C:\Documents and Settings\Alex & Mat\Application Data\PCF-VLC
      O43 - CFD: 04/09/2008 - 22:59:20 - [130021] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Uniblue
      O43 - CFD: 08/09/2008 - 22:19:44 - [0] ----D- C:\Documents and Settings\Alex & Mat\Application Data\WinRAR
      O43 - CFD: 23/05/2009 - 22:40:22 - [3267566] ----D- C:\Documents and Settings\Alex & Mat\Application Data\XnView
      O43 - CFD: 06/11/2009 - 20:59:18 - [1395113] ----D- C:\Documents and Settings\Alex & Mat\Application Data\vlc
      O43 - CFD: 09/11/2009 - 19:00:22 - [199] ----D- C:\Documents and Settings\Alex & Mat\Application Data\dvdcss
      O43 - CFD: 07/03/2010 - 13:58:54 - [61] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Mchid
      O43 - CFD: 07/03/2010 - 13:58:56 - [2853] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Livestation
      O43 - CFD: 02/04/2010 - 11:31:22 - [6558611] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Facebook
      O43 - CFD: 30/06/2010 - 19:45:06 - [1079468] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Auslogics
      O43 - CFD: 29/08/2010 - 21:21:04 - [849017] ----D- C:\Documents and Settings\Alex & Mat\Application Data\uTorrent
      O43 - CFD: 24/10/2010 - 13:23:36 - [10821694] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Western Digital
      O43 - CFD: 26/02/2011 - 15:41:34 - [1842393] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Malwarebytes
      O43 - CFD: 06/06/2006 - 14:35:32 - [40818] ----D- C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\ApplicationHistory
      O43 - CFD: 06/06/2006 - 14:03:02 - [408413453] ----D- C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\Microsoft
      O43 - CFD: 24/06/2006 - 19:53:10 - [6352] ----D- C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\ATI
      O43 - CFD: 26/06/2006 - 15:36:34 - [156421] ----D- C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\Adobe
      O43 - CFD: 15/08/2006 - 18:20:18 - [303396] ----D- C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\Identities
      O43 - CFD: 31/10/2006 - 14:35:36 - [1950597] ----D- C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\Ahead
      O43 - CFD: 20/11/2006 - 18:26:10 - [296306897] ----D- C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\Google
      O43 - CFD: 06/01/2007 - 13:00:16 - [2488] ----D- C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\IsolatedStorage
      O43 - CFD: 15/01/2007 - 18:08:38 - [1206679] ----D- C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\Apple Computer
      O43 - CFD: 17/03/2008 - 19:42:36 - [319485] ----D- C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\Participatory Culture Foundation
      O43 - CFD: 22/05/2008 - 21:49:48 - [0] ----D- C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\Apple
      O43 - CFD: 20/06/2008 - 12:14:08 - [0] ----D- C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\LogMeIn
      O43 - CFD: 29/06/2008 - 16:10:16 - [0] ----D- C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\PCHealth
      O43 - CFD: 08/09/2009 - 22:28:34 - [124224] ----D- C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\Boss Media
      O43 - CFD: 06/11/2009 - 19:54:28 - [0] ----D- C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\WMTools Downloaded Files
      O43 - CFD: 17/11/2009 - 12:43:08 - [0] ----D- C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\Temp
      O43 - CFD: 12/04/2010 - 20:36:00 - [67496] ----D- C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\Western Digital
      O43 - CFD: 13/04/2010 - 15:39:22 - [500800] ----D- C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\Vuze_Remote
      O43 - CFD: 24/10/2010 - 13:48:56 - [846] ----D- C:\Documents and Settings\Alex & Mat\Local Settings\Application Data\Western_Digital


      ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
      O44 - LFC:[MD5.06BBE174AA8EDBB4D12F473F9C6FD1BC] - 26/02/2011 - 17:58:56 ---A- . (...) -- C:\aaw7boot.log [204450]
      O44 - LFC:[MD5.06BBE174AA8EDBB4D12F473F9C6FD1BC] - 26/02/2011 - 17:58:56 ---A- . (...) -- \aaw7boot.log [204450]
      O44 - LFC:[MD5.9ACDBFA296111D1E864291D8A9DB7A85] - 26/02/2011 - 17:57:52 ---A- . (...) -- C:\Ad-Report-CLEAN[1].txt [7868]
      O44 - LFC:[MD5.9ACDBFA296111D1E864291D8A9DB7A85] - 26/02/2011 - 17:57:52 ---A- . (...) -- \Ad-Report-CLEAN[1].txt [7868]
      O44 - LFC:[MD5.8C235A7E69D207261596BE49301E7F37] - 26/02/2011 - 15:56:36 ---A- . (...) -- C:\notify.log [43196]
      O44 - LFC:[MD5.8C235A7E69D207261596BE49301E7F37] - 26/02/2011 - 15:56:36 ---A- . (...) -- \notify.log [43196]


      ---\\ Liste des Drivers Système (O58)
      O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 05/08/2004 - 14:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\drivers\ptilink.sys [17792]
      O58 - SDL:[MD5.C9B25AE9B8ABD983C5AD3F8CBFAB0F9C] - 05/08/2004 - 14:00:00 ---A- . (.RAVISENT Technologies Inc. - Pilote principal CineMaster C 1.2 WDM.) -- C:\WINDOWS\system32\drivers\cinemst2.sys [262528]
      O58 - SDL:[MD5.9624293E55AD405415862B504CA95B73] - 05/08/2004 - 14:00:00 ---A- . (.Compaq Computer Corporation - Compaq PA-1 Player Driver.) -- C:\WINDOWS\system32\drivers\cpqdap01.sys [11776]
      O58 - SDL:[MD5.BE984D604D91C217355CDD3737AAD25D] - 05/08/2004 - 14:00:00 ---A- . (.S3/Diamond Multimedia Systems - NikeDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\nikedrv.sys [12032]
      O58 - SDL:[MD5.A56FE08EC7473E8580A390BB1081CDD7] - 05/08/2004 - 14:00:00 ---A- . (.S3/Diamond Multimedia Systems - Rio8Drv.sys Usb Driver.) -- C:\WINDOWS\system32\drivers\rio8drv.sys [12032]
      O58 - SDL:[MD5.0A854DF84C77A0BE205BFEAB2AE4F0EC] - 05/08/2004 - 14:00:00 ---A- . (.S3/Diamond Multimedia Systems - RioDrv Usb Driver.) -- C:\WINDOWS\system32\drivers\riodrv.sys [12032]
      O58 - SDL:[MD5.D74A8EC75305F1D3CFDE7C7FC1BD62A9] - 05/08/2004 - 14:00:00 ---A- . (.Toshiba Corporation - WDM Toshiba Tecra Video Capture Driver.) -- C:\WINDOWS\system32\drivers\tsbvcap.sys [21376]
      O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 05/08/2004 - 14:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys [58112]
      O58 - SDL:[MD5.BB8BBDF76E8F27FD13236C1279460DBB] - 30/10/2003 - 20:24:42 ---A- . (.ATMEL - ATMEL PCMCIA 11Mbps Wireless LAN.) -- C:\WINDOWS\system32\drivers\FVNETD50.SYS [114560]
      O58 - SDL:[MD5.589D0268BDC5FDF1D22FDDBFC99A3870] - 30/10/2003 - 20:24:44 ---A- . (.ATMEL - ATMEL PCMCIA 11Mbps Wireless LAN.) -- C:\WINDOWS\system32\drivers\FVNETD51.SYS [114560]
      O58 - SDL:[MD5.E58A5D7D2FD985FA1308A50A7C26DD5B] - 30/10/2003 - 20:24:44 ---A- . (.ATMEL - ATMEL PCMCIA 11Mbps Wireless LAN.) -- C:\WINDOWS\system32\drivers\FVNETE50.SYS [114560]
      O58 - SDL:[MD5.F340199E8CB097E1ACD58A967C665919] - 18/02/2008 - 11:16:24 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\WINDOWS\system32\drivers\usbaapl.sys [30464]
      O58 - SDL:[MD5.F3124D27BA9077B78D887FA6B33869A2] - 30/10/2003 - 20:24:44 ---A- . (.ATMEL - ATMEL PCMCIA 11Mbps Wireless LAN.) -- C:\WINDOWS\system32\drivers\FVNETE51.SYS [114560]
      O58 - SDL:[MD5.45DC6F205133207C8493A68F69186589] - 05/12/2003 - 13:43:06 ---A- . (.ATMEL - NDIS 5.0/5.1 driver.) -- C:\WINDOWS\system32\drivers\VNET5A8.SYS [119808]
      O58 - SDL:[MD5.1C0F480B7C6136DDB5FB909995AF014A] - 28/08/2007 - 05:58:00 ---A- . (.Pas de propriétaire - ATK0100 ACPI Utility.) -- C:\WINDOWS\system32\drivers\ATKACPI.sys [5760]
      O58 - SDL:[MD5.836E0E09CA9869BE7EB39EF2CF3602C7] - 20/12/2010 - 18:08:40 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbam.sys [20952]
      O58 - SDL:[MD5.8DE37EEA68C68CBE2067D63BA76421DC] - 05/12/2003 - 13:39:00 ---A- . (.ATMEL - NDIS 5.0/5.1 driver.) -- C:\WINDOWS\system32\drivers\VNET5A8X.SYS [119936]
      O58 - SDL:[MD5.BA1B0338420847FEC953F4BED73396A9] - 05/12/2003 - 13:42:22 ---A- . (.ATMEL - NDIS 5.0/5.1 driver.) -- C:\WINDOWS\system32\drivers\VNETU9XR.SYS [107264]
      O58 - SDL:[MD5.BE77BD9E9BA6EACD3221F1645EAADBDB] - 05/12/2003 - 13:39:12 ---A- . (.ATMEL - NDIS 5.0/5.1 driver.) -- C:\WINDOWS\system32\drivers\VNETUSBR.SYS [107392]
      O58 - SDL:[MD5.49452BFCEC22F36A7A9B9C2181BC3042] - 20/11/2008 - 20:19:06 ---A- . (.Sonic Solutions - Px Engine Device Driver for Windows 2000/XP.) -- C:\WINDOWS\system32\drivers\pxhelp20.sys [43872]
      O58 - SDL:[MD5.9296228B5D990816883FEB5B40A60C90] - 24/04/2003 - 13:03:54 ---A- . (.Inventel - Rescue Driver for BlueDSL.) -- C:\WINDOWS\system32\drivers\RESC_DWB.SYS [74828]
      O58 - SDL:[MD5.D6EFAF429FD30C5DF613D220E344CCE7] - 13/02/2009 - 11:02:52 ---A- . (.Western Digital Technologies - WD SCSI Architecture Model (SAM) driver.) -- C:\WINDOWS\system32\drivers\wdcsam.sys [11520]
      O58 - SDL:[MD5.2C1D0DC3BF44C2D01C02795DAC592A09] - 03/03/2000 - 11:16:52 ---A- . (...) -- C:\WINDOWS\system32\drivers\MMIOPORT.SYS [7424]
      O58 - SDL:[MD5.90A3935D05B494A5A39D37E71F09A677] - 13/11/2007 - 11:25:54 ---A- . (.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) -- C:\WINDOWS\system32\drivers\secdrv.sys [20480]
      O58 - SDL:[MD5.4477689E2D8AE6B78BA34C9AF4CC1ED1] - 24/07/2008 - 18:45:20 ---A- . (.LogMeIn, Inc. - LogMeIn Mirror Miniport Driver.) -- C:\WINDOWS\system32\drivers\lmimirr.sys [10144]
      O58 - SDL:[MD5.5DC17164F66380CBFEFD895C18467773] - 29/01/2008 - 12:01:28 ---A- . (.GEAR Software Inc. - CD DVD Filter.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys [16168]
      O58 - SDL:[MD5.B93A553C9B0F14263C8F016A44C3258C] - 13/01/2011 - 09:41:16 ---A- . (.AVAST Software - avast! self protection module.) -- C:\WINDOWS\system32\drivers\aswSP.sys [294608]
      O58 - SDL:[MD5.CBA53C5E29AE0A0CE76F9A2BE3A40D9E] - 13/01/2011 - 09:37:10 ---A- . (.AVAST Software - avast! File System Access Blocking Driver.) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys [17744]
      O58 - SDL:[MD5.713CD5267ABFB86FE90A72E384E82A38] - 23/09/2009 - 13:55:24 ---A- . (.Lavasoft AB - Boot Driver.) -- C:\WINDOWS\system32\drivers\Lbd.sys [64288]
      O58 - SDL:[MD5.0959C83F18F8A5966AFA2EC33BB96D14] - 20/12/2005 - 08:51:46 ---A- . (.ATI Technologies Inc. - ATI Radeon WindowsNT Miniport Driver.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys [1419264]
      O58 - SDL:[MD5.4B322F8C7B7AF523D1C145C22EEF4713] - 08/09/2005 - 02:20:52 R---- . (.Realtek Semiconductor Corp. - Realtek(r) High Definition Audio Function Driver.) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys [3959808]
      O58 - SDL:[MD5.72AECF54AAC22B20956D08610972B5A1] - 03/11/2009 - 19:11:18 ---A- . (.Sunbelt Software - Anti-Rootkit Engine.) -- C:\WINDOWS\system32\drivers\SBREDrv.sys [93360]
      O58 - SDL:[MD5.3FAA563DDF853320F90259D455A01D79] - 24/07/2008 - 18:46:10 ---A- . (.LogMeIn, Inc. - LogMeIn Rfs Drivemap Driver.) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [47640]
      O58 - SDL:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 20/12/2010 - 18:09:00 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys [38224]
      O58 - SDL:[MD5.34D634366FC57524F5932EAEC40E4FCB] - 26/05/2005 - 19:19:00 ---A- . (.Motorola Inc. - Motorola SM56 Modem WDM Driver.) -- C:\WINDOWS\system32\drivers\smserial.sys [839724]
      O58 - SDL:[MD5.2230B842F43A204ABD3EC6BDD39D793F] - 18/04/2005 - 06:24:44 R--A- . (.Bison Electronics. Inc. - Universal Serial Bus Camera Driver.) -- C:\WINDOWS\system32\drivers\BisonCam.sys [646656]
      O58 - SDL:[MD5.D6E1B1BD04FAD422AF17FC4B810CB9AF] - 16/11/2005 - 03:08:16 ---A- . (.Realtek Semiconductor Corporation - Realtek 10/100/1000 NDIS 5.1 Driver.) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys [78976]
      O58 - SDL:[MD5.1BDBA2D2D402415A78A4BA766DFE0F7B] - 12/07/2005 - 19:00:30 ---A- . (.REDC - RICOH MS Driver.) -- C:\WINDOWS\system32\drivers\rimsptsk.sys [51328]
      O58 - SDL:[MD5.ACE2CE73D7B04EAC48FB80482E05E770] - 14/07/2005 - 12:14:34 ---A- . (.REDC - RICOH SD/MMC Driver.) -- C:\WINDOWS\system32\drivers\risdptsk.sys [27904]
      O58 - SDL:[MD5.9C29E8E9C1C48E9C8BC38F031DF4720F] - 21/10/2005 - 02:13:08 ---A- . (.Synaptics, Inc. - Synaptics Touchpad Driver.) -- C:\WINDOWS\system32\drivers\SynTP.sys [191936]
      O58 - SDL:[MD5.B1F126E7E28877106D60E6FF3998D033] - 05/12/2005 - 00:55:30 ---A- . (.Intel® Corporation - Intel® Wireless LAN Driver.) -- C:\WINDOWS\system32\drivers\w39n51.sys [1428096]
      O58 - SDL:[MD5.2E4E912CE95F5EF4D4A5079F6CE367FC] - 28/12/2005 - 13:22:08 ---A- . (.Intel Corporation - Intel WLAN Packet Driver.) -- C:\WINDOWS\system32\drivers\s24trans.sys [13568]
      O58 - SDL:[MD5.12DAFD934641DCF61E446313BC261EC2] - 06/06/2006 - 14:34:38 ---A- . (.Meetinghouse Data Communications - IEEE 802.1X Protocol Driver.) -- C:\WINDOWS\system32\drivers\AegisP.sys [21275]
      O58 - SDL:[MD5.306E19413EADB0CA8842D5381A0354FC] - 01/07/2003 - 12:52:30 ---A- . (.TOSHIBA Corporation - Toshiba SD-IO Transport Driver.) -- C:\WINDOWS\system32\drivers\tostrans.sys [16320]
      O58 - SDL:[MD5.7414A6461BC83A22B0AE009ACE3E375B] - 15/11/2005 - 22:36:20 ---A- . (.TOSHIBA CORPORATION - Bluetooth USB Miniport Driver.) -- C:\WINDOWS\system32\drivers\tosrfusb.sys [36736]
      O58 - SDL:[MD5.0D86D15CAFF2B3203C785D604EC7C942] - 11/11/2005 - 15:09:52 ---A- . (.TOSHIBA Corporation - Bluetooth Audio Driver (WDM).) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys [52864]
      O58 - SDL:[MD5.87031831486F7ED4EAFEF27125BB56C8] - 01/08/2002 - 21:53:22 ---A- . (.TOSHIBA Corporation - Bluetooth(TM) TOSHIBA PC-Card Driver.) -- C:\WINDOWS\system32\drivers\tosrfpcc.sys [160672]
      O58 - SDL:[MD5.C52FD27B9ADF3A1F22CB90E6BCF9B0CB] - 06/01/2005 - 13:42:42 ---A- . (.TOSHIBA Corporation. - Bluetooth BNEP Driver.) -- C:\WINDOWS\system32\drivers\tosrfnds.sys [18612]
      O58 - SDL:[MD5.AE5B75C86574A1BD0A093A9159F829F9] - 07/02/2002 - 16:24:20 ---A- . (.TOSHIBA Corporation. - Bluetooth LAN Emulation Driver.) -- C:\WINDOWS\system32\drivers\tosrflan.sys [25420]
      O58 - SDL:[MD5.31B0145C289D2B3E3E9948345CAA7B6F] - 01/12/2005 - 19:43:16 ---A- . (.TOSHIBA Corporation. - Bluetooth HID Driver from TOSHIBA.) -- C:\WINDOWS\system32\drivers\tosrfhid.sys [62848]
      O58 - SDL:[MD5.CC069342EE0EAE55B32A0AE99CF6185C] - 09/09/2005 - 14:47:10 ---A- . (.TOSHIBA Corporation - TOSHIBA Bluetooth EC Driver.) -- C:\WINDOWS\system32\drivers\tosrfec.sys [9344]
      O58 - SDL:[MD5.E362D54FD394999C4178936396664E57] - 11/07/2005 - 18:58:56 ---A- . (.TOSHIBA Corporation. - Toshiba Bluetooth HID mini port driver.) -- C:\WINDOWS\system32\drivers\toshidpt.sys [3712]
      O58 - SDL:[MD5.5BA1CA3B3CDDB1DDC67DF473F05D1EC2] - 01/08/2005 - 16:45:08 ---A- . (.TOSHIBA Corporation - Bluetooth RFCOMM Driver.) -- C:\WINDOWS\system32\drivers\tosrfcom.sys [64896]
      O58 - SDL:[MD5.613E09572F4C5B92CA6BE8BDC4CC5B7D] - 15/09/2005 - 18:06:08 ---A- . (.TOSHIBA Corporation - Bluetooth RFBNEP Driver.) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys [36480]
      O58 - SDL:[MD5.294675C8E4316302EFE14B1A1219D942] - 22/11/2005 - 21:29:58 ---A- . (.TOSHIBA CORPORATION - Bluetooth RF Bus Driver.) -- C:\WINDOWS\system32\drivers\tosrfbd.sys [108800]
      O58 - SDL:[MD5.D626E0AF9232D8799D3A449530F3C220] - 24/11/2005 - 13:37:36 ---A- . (.TOSHIBA Corporation - TOSHIBA Bluetooth Port Emulation Driver.) -- C:\WINDOWS\system32\drivers\tosporte.sys [47104]
      O58 - SDL:[MD5.142B91503C45C1A05A355414E13A51D1] - 30/08/2004 - 16:27:30 ---A- . (.TOSHIBA Corporation - SD Bluetooth Transport Driver.) -- C:\WINDOWS\system32\drivers\tosdbt.sys [48640]
      O58 - SDL:[MD5.78E9819E076B909541BD4A37F8F0668B] - 07/04/2003 - 21:52:00 ---A- . (.TOSHIBA Corporation - TOSHIBA SD Bluetooth Card #2 Driver.) -- C:\WINDOWS\system32\drivers\tosbtsd2.sys [21120]
      O58 - SDL:[MD5.701D741F60983B0319560523294E5D5B] - 13/01/2011 - 09:39:50 ---A- . (.AVAST Software - avast! File System Filter Driver for Windows NT/2000.) -- C:\WINDOWS\system32\drivers\aswmon.sys [94544]
      O58 - SDL:[MD5.A1C52B822B7B8A5C2162D38F579F97B7] - 13/01/2011 - 09:40:04 ---A- . (.AVAST Software - avast! File System Filter Driver for Windows XP.) -- C:\WINDOWS\system32\drivers\aswmon2.sys [100176]
      O58 - SDL:[MD5.479C9835B91147BE1A92CB76FAD9C6DE] - 13/01/2011 - 09:37:12 ---A- . (.AVAST Software - avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP.) -- C:\WINDOWS\system32\drivers\aavmker4.sys [29392]
      O58 - SDL:[MD5.1408421505257846EB336FEEEF33352D] - 13/01/2011 - 09:40:16 ---A- . (.AVAST Software - avast! TDI Filter Driver.) -- C:\WINDOWS\system32\drivers\aswTdi.sys [47440]
      O58 - SDL:[MD5.B6E8C5874377A42756C282FAC2E20836] - 13/01/2011 - 09:37:30 ---A- . (.AVAST Software - avast! TDI RDR Driver.) -- C:\WINDOWS\system32\drivers\aswRdr.sys [23632]
      O58 - SDL:[MD5.8672947AEEC467DC5907BA024BAF06EF] - 24/02/2003 - 09:36:06 R--A- . (.FTDI Ltd. - FTDIBUS Driver.) -- C:\WINDOWS\system32\drivers\ftdibus.sys [19153]
      O58 - SDL:[MD5.1BAEA6F4A629ABCBD87267C2C732C982] - 24/02/2003 - 09:36:14 R--A- . (.FTDI Ltd. - FTDIBUS Serial Device Driver.) -- C:\WINDOWS\system32\drivers\ftser2k.sys [50396]
      O58 - SDL:[MD5.E51EC9D232494C0713E0A0938DD9C893] - 24/02/2003 - 09:36:12 R--A- . (.FTDI Ltd. - Filter Driver for Lundinova.) -- C:\WINDOWS\system32\drivers\ftlund.sys [6828]
      O58 - SDL:[MD5.21F3C6673E57023125504719A7F3EE6E] - 22/11/2005 - 18:04:46 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Driver.) -- C:\WINDOWS\system32\drivers\emBDA.sys [209408]
      O58 - SDL:[MD5.990771CEAC1CD7E398B3D27C6FBD3C02] - 22/11/2005 - 18:04:34 ---A- . (.eMPIA Technology, Inc. - USB 28xx BDA Lower filter.) -- C:\WINDOWS\system32\drivers\emOEM.sys [17792]
      O58 - SDL:[MD5.586A0F9139D14729217DFFF1259FFDBD] - 01/02/2005 - 14:27:00 ---A- . (.Conexant Systems, Inc. - PRISM Wireless NDIS 5.1 Driver.) -- C:\WINDOWS\system32\drivers\PRISMA02.sys [348640]
      O58 - SDL:[MD5.6D3ADA4CE95CECA7BCE527A08C4C474E] - 05/08/2004 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9037]
      O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 05/08/2004 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
      O58 - SDL:[MD5.C6D29F29DE7427B1B0775E53E577B623] - 05/08/2004 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4912]
      O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 05/08/2004 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
      O58 - SDL:[MD5.7D30A74B5FB9FE3B245A6CE5FBCD71D5] - 05/08/2004 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27916]
      O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 05/08/2004 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
      O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 05/08/2004 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
      O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 05/08/2004 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
      O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 05/08/2004 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
      O58 - SDL:[MD5.2F9806B52CB3748B1E49222744B28E3C] - 05/04/2007 - 17:51:06 ---A- . (.Printing Communications Assoc., Inc. (PCAUS - PCAUSA NDIS 5.0 Protocol Driver.) -- C:\WINDOWS\system32\PCANDIS5.sys [17134]
      O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 05/08/2004 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
      O58 - SDL:[MD5.CAAA108FD7BF71989946B39704323455] - 05/08/2004 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [34000]
      O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 05/08/2004 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
      O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 05/08/2004 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
      O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 05/08/2004 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
      O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 05/08/2004 - 14:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]


      ---\\ File Associations Shell Spawning (O67)
      O67 - Shell Spawning: <.bat> <batfile>[HKLM\..\open\Command] "%1" %* (.not file.)
      O67 - Shell Spawning: <.cpl> <cplfile>[HKLM\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
      O67 - Shell Spawning: <.cmd> <cmdfile>[HKLM\..\open\Command] "%1" %* (.not file.)
      O67 - Shell Spawning: <.com> <comfile>[HKLM\..\open\Command] "%1" %* (.not file.)
      O67 - Shell Spawning: <.exe> <exefile>[HKLM\..\open\Command] "%1" %* (.not file.)
      O67 - Shell Spawning: <.html> <htmlfile>[HKLM\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
      O67 - Shell Spawning: <.js> <JSFile>[HKLM\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- \System32\WScript.exe
      O67 - Shell Spawning: <.reg> <regfile>[HKLM\..\open\Command] (.Pas de propriétaire - Pas de description.) -- \regedit.exe
      O67 - Shell Spawning: <.bat> <batfile>[HKCR\..\open\Command] "%1" %* (.not file.)
      O67 - Shell Spawning: <.cpl> <cplfile>[HKCR\..\cplopen\Command] (.Microsoft Corporation - DLL commune du shell Windows.) -- C:\Windows\System32\shell32.dll
      O67 - Shell Spawning: <.cmd> <cmdfile>[HKCR\..\open\Command] "%1" %* (.not file.)
      O67 - Shell Spawning: <.com> <comfile>[HKCR\..\open\Command] "%1" %* (.not file.)
      O67 - Shell Spawning: <.exe> <exefile>[HKCR\..\open\Command] "%1" %* (.not file.)
      O67 - Shell Spawning: <.html> <htmlfile>[HKCR\..\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\IEXPLORE.exe
      O67 - Shell Spawning: <.js> <JSFile>[HKCR\..\open\Command] (.Microsoft Corporation - Microsoft (R) Windows Based Script Host.) -- \System32\WScript.exe
      O67 - Shell Spawning: <.reg> <regfile>[HKCR\..\open\Command] (.Pas de propriétaire - Pas de description.) -- \regedit.exe


      ---\\ Recherche particuliere à la racine de certains dossiers (O84)
      [MD5.A887245AE0A3FC6903A15C18EF0EEA90] [SPRF] (.Sun Microsystems, Inc. - Java(TM) 2 Platform Standard Edition binary.) -- C:\Program Files\jre-1_5_0_10-windows-i586-p-iftw.exe [251656]
      [MD5.2E461A24DCE5ABF925E45DDAA62A6D91] [SPRF] (.Skype Technologies S.A. - Skype. Take a deep breath.) -- C:\Program Files\SkypeSetup.exe [24014632]
      [MD5.A9723E838A59AAD0A3D0F82CCEDF60AA] [SPRF] (.monAlbumPhoto - monAlbumPhoto.) -- C:\Program Files\monAlbumPhoto_SP1.exe [6446760]


      ---\\ Recherche Master Boot Record Infection (MBR)(O80)
      Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net
      Run by Alex & Mat at 26/02/2011 18:11:50

      device: opened successfully
      user: error reading MBR

      Disk trace:
      error: Read Descripteur non valide
      kernel: error reading MBR


      ---\\ Recherche Master Boot Record Infection (MBRCheck)(O80)
      Written by ad13, http://ad13.geekstog
      Run by Alex & Mat at 26/02/2011 18:11:50
      Use the desktop link 'MBRCheck' to have full report



      End of the scan (407 lines in 01mn 02s)(0)




      est ce que les virus sont enlevés? dois je faire autre chose?

      merci de ton aide
      0
    5. fred08700 Messages postés 3633 Statut Contributeur sécurité 550
       
      poste zhpdiag avec ci-joint , comme le premier que tu as fais , merci
      0
  4. fred08700 Messages postés 3633 Statut Contributeur sécurité 550
     
    ok

    plus d'infections dans le rapport et celle qui te préoccupais a été éradiquée par malwarebytes

    c:\documents and settings\alex & mat\menu démarrer\programmes\Win Scan\Win Scan.lnk (Rogue.WinScan) -> Quarantined and deleted successfully.

    On continu

    ===> Tu n'as pas d'antivirus , il t'en faut un . Je te propose , en gartuit et qui fonctionne très bien , soit antivir , soit avast 6

    ensuite

    ===> Utilisation de ZHPfix

    *fais un copié des lignes en gras suivantes

    ----------------------------------------------------------
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.135.9:8080
    O44 - LFC:[MD5.9ACDBFA296111D1E864291D8A9DB7A85] - 26/02/2011 - 17:57:52 ---A- . (...) -- \Ad-Report-CLEAN[1].txt [7868]
    O44 - LFC:[MD5.9ACDBFA296111D1E864291D8A9DB7A85] - 26/02/2011 - 17:57:52 ---A- . (...) -- C:\Ad-Report-CLEAN[1].txt [7868]
    O43 - CFD: 25/06/2006 - 19:45:38 - [750] ----D- C:\Documents and Settings\Alex & Mat\Application Data\Spybot - Search & Destroy
    PROXYFix
    emptytemp
    emptyflash
    FirewallRaz

    ----------------------------------------------------------
    /!\ Utilisateurs de vista/7 , cette manipulation est à effectuer en tant qu'administrateur ( Clic droit -> [Exécuter en tant qu'administrateur] ) /!\

    * Lance ZHPFix (soit via le raccourci sur ton Bureau, soit via ZHPDiag- écusson vert-)
    * Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
    * Le texte que tu as copié sera présent
    * Clique sur « Tous », puis sur « Nettoyer »
    * Copie/colle la totalité du rapport dans ta prochaine réponse

    ===> va dans ajout/suppression de programme et désinstalle Adobe Reader 7.0 et mets cette version
    choisi ta version et décoche mcAfee

    ===> Suppression des fichiers inutiles

    Télécharge CCleaner version slim.
    * Installe le puis lance le.
    * va dans " options" ==> "avancés" et décoches " effacer uniquement ------24 heures"
    * Clique sur Nettoyeur => Analyse => Lancer le nettoyage, puis sur OK dans la fenêtre qui s'affiche.
    * Enfin, clique sur Registre => corrige toutes les erreurs et recommence jusqu'à ce que CCleaner ne trouve plus d'erreurs.

    Tu peux garder ce programme et l'utiliser régulièrement (une fois par mois).

    ===> refais un dernier scan zhpdiag , poste avec ci-joint
    0
    1. alexnovice
       
      ==> ok j'ai remis avast via le lien donné (mais je l'avais deja normalement)

      ==> rapport ZHPFix
      Rapport de ZHPFix 1.12.3256 par Nicolas Coolman, Update du 23/02/2011
      Fichier d'export Registre : C:\ZHPExportRegistry-26-02-2011-19-24-19.txt
      Run by Alex & Mat at 26/02/2011 19:24:19
      Windows XP Home Edition Service Pack 3 (Build 2600)
      Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
      Contact : nicolascoolman@yahoo.fr

      ========== Valeur(s) du Registre ==========
      ProxyFix : Configuration proxy supprimée avec succès
      FirewallRaz : Aucune valeur présente dans la clé de registre "Standard Profile"
      FirewallRaz : Aucune valeur présente dans la clé de registre "Domain Profile"
      FirewallRaz : Aucune valeur présente dans la clé d'exception du registre .

      ========== Dossier(s) ==========
      Dossiers Flash Cookies supprimés : 5

      ========== Fichier(s) ==========
      Fichiers Flash Cookies supprimés : 2


      ========== Récapitulatif ==========
      4 : Valeur(s) du Registre
      1 : Dossier(s)
      1 : Fichier(s)


      End of the scan


      je fais le reste
      0
    2. alexnovice
       
      ==> j'ai mis cccleaner standard car j'avais une page blanche pour le slim, impossible à télécharger


      ==> scan zhpdiag :
      http://www.cijoint.fr/cjlink.php?file=cj201102/cijwk1MYZf.txt
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. fred08700 Messages postés 3633 Statut Contributeur sécurité 550
     
    re

    problème avec tes rapports zhpdiag

    pas de présence d'antivirus , ni , entre autre , de lignes 042 qui correspondent aux programmes installés
    alors que ton disque dur est plein a plus de 90%

    refais un scan zhpdiag , stp
    0
    1. alexnovice
       
      voila
      http://www.cijoint.fr/cjlink.php?file=cj201102/cijeXxKYS7.txt
      0
  7. fred08700 Messages postés 3633 Statut Contributeur sécurité 550
     
    salut

    * /!\Avertissement :
    Ce logiciel n'est à utiliser que prescrit par un helper qualifié.
    Ne pas utiliser en dehors de ce cas de figure : dangereux!


    ? Télécharges ComboFix à partir de ce lien et enregistres le sur ton bureau :
    https://forum.pcastuces.com/combofix_renomme_au_telechargement-f31s22.htm
    ou ici :
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    A lire
    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    Avant d'utiliser ComboFix :

    ? ferme les fenêtres de tous les programmes en cours.

    ? Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
    Une fois fait, sur ton bureau double-clic sur Combofix.exe.
    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    - il se peut que Combofix ait besoin de se connecter à internet pour trouver les mises à jour, donc il faut l'autoriser.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
    ? Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
    ? Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
    0
    1. alexnovice
       
      bonjour,

      ok

      une questions, quels sont les antispywares a desactiver?
      0
    2. fred08700 Messages postés 3633 Statut Contributeur sécurité 550
       
      tu n'as aucune protection dans ton pc , tu peux y aller -)
      0
    3. alexnovice
       
      rapport combo fix :

      ComboFix 11-02-26.01 - Alex & Mat 27/02/2011 12:13:28.1.2 - FAT32x86
      Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2047.1383 [GMT 1:00]
      Lancé depuis: c:\documents and settings\Alex & Mat\Bureau\ComboFix.exe
      AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\system32\Nagasoft
      c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
      c:\windows\system32\Nagasoft\Codecs\atrc.dll
      c:\windows\system32\Nagasoft\Codecs\cook.dll
      c:\windows\system32\Nagasoft\Codecs\drvc.dll
      c:\windows\system32\Nagasoft\Codecs\raac.dll
      c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
      c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
      c:\windows\system32\Nagasoft\GifShower.dll
      c:\windows\system32\Nagasoft\vjocx.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_vvdsvc
      -------\Legacy_vvdsvc
      -------\Service_vvdsvc
      -------\Service_vvdsvc


      ((((((((((((((((((((((((((((( Fichiers créés du 2011-01-27 au 2011-02-27 ))))))))))))))))))))))))))))))))))))
      .

      2011-02-26 17:01 . 2009-07-27 23:17 135680 ------w- c:\windows\system32\dllcache\shsvcs.dll
      2011-02-26 14:41 . 2011-02-26 14:41 -------- d-----w- c:\documents and settings\Alex & Mat\Application Data\Malwarebytes
      2011-02-26 14:41 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2011-02-26 14:41 . 2011-02-26 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
      2011-02-26 14:41 . 2011-02-26 14:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2011-02-26 14:41 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
      2011-02-26 14:10 . 2011-02-26 14:11 -------- d-----w- c:\program files\ZHPDiag
      2011-02-25 21:09 . 2011-02-25 21:09 -------- d-----w- c:\documents and settings\NetworkService\Bureau
      2011-02-12 12:46 . 2011-02-12 12:46 -------- d-----w- C:\FOUND.034
      2011-02-05 09:39 . 2011-02-05 09:39 -------- d-----w- C:\FOUND.033

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2011-01-21 14:44 . 2004-09-20 16:48 441344 ----a-w- c:\windows\system32\shimgvw.dll
      2011-01-13 08:47 . 2010-07-06 14:56 38848 ----a-w- c:\windows\avastSS.scr
      2011-01-13 08:47 . 2006-09-06 12:02 188216 ----a-w- c:\windows\system32\aswBoot.exe
      2011-01-13 08:41 . 2008-09-04 16:29 294608 ----a-w- c:\windows\system32\drivers\aswSP.sys
      2011-01-13 08:40 . 2006-09-06 12:02 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
      2011-01-13 08:40 . 2006-09-06 12:02 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
      2011-01-13 08:39 . 2006-09-06 12:02 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
      2011-01-13 08:37 . 2006-09-06 12:02 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
      2011-01-13 08:37 . 2006-09-06 12:02 29392 ----a-w- c:\windows\system32\drivers\aavmker4.sys
      2011-01-13 08:37 . 2008-09-04 16:29 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
      2011-01-07 14:09 . 2004-09-20 16:48 290048 ----a-w- c:\windows\system32\atmfd.dll
      2010-12-31 14:04 . 2004-09-20 16:48 1855104 ----a-w- c:\windows\system32\win32k.sys
      2010-12-22 12:34 . 2004-09-20 16:48 301568 ----a-w- c:\windows\system32\kerberos.dll
      2010-12-20 23:06 . 2004-09-20 16:49 832512 ----a-w- c:\windows\system32\wininet.dll
      2010-12-20 23:06 . 2004-09-20 16:48 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
      2010-12-20 23:06 . 2004-09-20 16:48 78336 ----a-w- c:\windows\system32\ieencode.dll
      2010-12-20 23:06 . 2004-09-20 16:48 17408 ----a-w- c:\windows\system32\corpol.dll
      2010-12-20 17:26 . 2004-09-20 16:48 736768 ----a-w- c:\windows\system32\lsasrv.dll
      2010-12-20 12:55 . 2004-09-20 16:48 389120 ----a-w- c:\windows\system32\html.iec
      2010-12-09 15:15 . 2004-09-20 16:48 743424 ----a-w- c:\windows\system32\ntdll.dll
      2010-12-09 15:14 . 2004-08-03 23:49 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe
      2010-12-09 15:14 . 2004-08-03 23:48 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
      2010-12-09 14:30 . 2004-09-20 16:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
      2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
      2009-11-29 13:32 . 2009-11-29 13:32 6446760 ----a-w- c:\program files\monAlbumPhoto_SP1.exe
      2007-08-29 18:55 . 2007-08-29 18:46 24014632 ----a-w- c:\program files\SkypeSetup.exe
      2007-03-06 23:17 . 2007-03-06 23:17 278528 ----a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
      2007-01-14 18:50 . 2007-01-14 18:50 251656 ----a-w- c:\program files\jre-1_5_0_10-windows-i586-p-iftw.exe
      .

      ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2011-02-25 3911776]

      [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
      2011-02-25 14:40 3911776 ----a-w- c:\program files\Vuze_Remote\tbVuz1.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2011-02-25 3911776]

      [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuz1.dll" [2011-02-25 3911776]

      [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2005-10-05 86016]
      "ABLKSR"="c:\windows\ABLKSR\ABLKSR.exe" [2006-01-02 61440]
      "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
      "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
      "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
      "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-28 788880]
      "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]
      "SMSERIAL"="sm56hlpr.exe" [2005-05-26 544768]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
      "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

      c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
      WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-1-20 525664]
      WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
      WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
      2008-10-16 19:35 87352 ----a-w- c:\windows\system32\LMIinit.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
      @="Service"

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "DisableNotifications"= 1 (0x1)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\WINDOWS\\system32\\dpvsetup.exe"=
      "c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\WirelessFTP1.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
      "c:\\Program Files\\Vuze\\Azureus.exe"=
      "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

      R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29/01/2009 20:25 64288]
      R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [04/09/2008 17:29 294608]
      R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/09/2008 17:29 17744]
      R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24/07/2008 18:46 12856]
      R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [13/11/2009 11:28 110592]
      R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 08:58 20480]
      S2 gupdate1ca62ca21cc5cbc;Service Google Update (gupdate1ca62ca21cc5cbc);c:\program files\Google\Update\GoogleUpdate.exe [11/11/2009 13:25 133104]
      S3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [18/09/2006 15:55 6828]
      S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1181328]
      S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [24/10/2010 13:22 11520]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      vvdsvc REG_MULTI_SZ vvdsvc
      .
      Contenu du dossier 'Tâches planifiées'

      2011-02-27 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
      - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:11]

      2011-02-27 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
      - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:11]

      2011-02-27 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
      - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:11]

      2011-02-27 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
      - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:11]

      2011-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

      2011-02-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
      - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:11]

      2011-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-11 12:25]

      2011-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-11 12:25]
      .
      .
      ------- Examen supplémentaire -------
      .
      uInternet Settings,ProxyOverride = *.local;*mercapital*
      uInternet Settings,ProxyServer = 192.168.135.9:8080
      IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
      IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      Trusted Zone: creditmutuel.fr
      DPF: {2ED79742-30D5-4A95-B677-34CBD8A7AEDD} - hxxp://streaming.mentorwave.com/webinstall.cab
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2011-02-27 12:20
      Windows 5.1.2600 Service Pack 3 FAT NTAPI

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      --------------------- CLES DE REGISTRE BLOQUEES ---------------------

      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø*€|ÿÿÿÿ*€|ù*9~*]
      "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
      .
      --------------------- DLLs chargées dans les processus actifs ---------------------

      - - - - - - - > 'winlogon.exe'(976)
      c:\windows\system32\Ati2evxx.dll
      c:\windows\system32\LMIinit.dll
      c:\windows\system32\LMIRfsClientNP.dll

      - - - - - - - > 'explorer.exe'(4048)
      c:\windows\system32\eappprxy.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      c:\windows\system32\LMIRfsClientNP.dll
      .
      ------------------------ Autres processus actifs ------------------------
      .
      c:\windows\system32\Ati2evxx.exe
      c:\program files\Intel\Wireless\Bin\EvtEng.exe
      c:\program files\Intel\Wireless\Bin\S24EvMon.exe
      c:\program files\Alwil Software\Avast5\AvastSvc.exe
      c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      c:\program files\Intel\Wireless\Bin\RegSrvc.exe
      c:\windows\system32\Ati2evxx.exe
      c:\program files\Inventel\Gateway\wlancfg.exe
      c:\windows\system32\wscntfy.exe
      c:\windows\sm56hlpr.exe
      c:\program files\LogMeIn\x86\LMIGuardian.exe
      c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
      c:\windows\system32\wbem\wmiapsrv.exe
      c:\program files\Skype\Plugin Manager\skypePM.exe
      c:\program files\Alwil Software\Avast5\setup\avast.setup
      .
      **************************************************************************
      .
      Heure de fin: 2011-02-27 12:26:03 - La machine a redémarré
      ComboFix-quarantined-files.txt 2011-02-27 11:25

      Avant-CF: 4 141 809 664 octets libres
      Après-CF: 4 349 984 768 octets libres

      WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      UnsupportedDebug="do not select this" /debug
      multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

      - - End Of File - - F4C34B7B92D6BB0800971D5AF1C3D831
      0
  8. fred08700 Messages postés 3633 Statut Contributeur sécurité 550
     
    bien

    * Télécharge TDSSKiller (de Kaspersky Labs) sur ton Bureau.
    * Lance le (si tu utilises Windows Vista ou 7 : fais un clic-droit dessus et choisis "Exécuter en tant qu'administrateur")
    * Clique sur [Start Scan] pour démarrer l'analyse.
    * Si des éléments sont trouvés, clique sur [Continue] puis sur [Reboot Now]
    * Un rapport s'ouvrira au redémarrage de l'ordinateur.
    * Copie/colle son contenu dans ta prochaine réponse.
    Note : Le rapport se trouve également sous C:\TDSSKiller.N°deversion_Date_Heure_log.txt
    0
    1. alexnovice
       
      rien de trouvé
      rapport :
      2011/02/27 13:21:55.0078 2652 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
      2011/02/27 13:21:56.0515 2652 ================================================================================
      2011/02/27 13:21:56.0515 2652 SystemInfo:
      2011/02/27 13:21:56.0515 2652
      2011/02/27 13:21:56.0515 2652 OS Version: 5.1.2600 ServicePack: 3.0
      2011/02/27 13:21:56.0515 2652 Product type: Workstation
      2011/02/27 13:21:56.0515 2652 ComputerName: MATAL
      2011/02/27 13:21:56.0515 2652 UserName: Alex & Mat
      2011/02/27 13:21:56.0515 2652 Windows directory: C:\WINDOWS
      2011/02/27 13:21:56.0515 2652 System windows directory: C:\WINDOWS
      2011/02/27 13:21:56.0515 2652 Processor architecture: Intel x86
      2011/02/27 13:21:56.0515 2652 Number of processors: 2
      2011/02/27 13:21:56.0515 2652 Page size: 0x1000
      2011/02/27 13:21:56.0515 2652 Boot type: Normal boot
      2011/02/27 13:21:56.0515 2652 ================================================================================
      2011/02/27 13:21:57.0265 2652 Initialize success
      2011/02/27 13:21:59.0531 3008 ================================================================================
      2011/02/27 13:21:59.0531 3008 Scan started
      2011/02/27 13:21:59.0531 3008 Mode: Manual;
      2011/02/27 13:21:59.0531 3008 ================================================================================
      2011/02/27 13:22:03.0265 3008 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys
      2011/02/27 13:22:04.0078 3008 ACPI (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
      2011/02/27 13:22:04.0156 3008 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
      2011/02/27 13:22:04.0703 3008 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
      2011/02/27 13:22:05.0046 3008 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
      2011/02/27 13:22:05.0218 3008 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
      2011/02/27 13:22:06.0828 3008 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
      2011/02/27 13:22:07.0921 3008 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys
      2011/02/27 13:22:08.0234 3008 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys
      2011/02/27 13:22:08.0531 3008 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys
      2011/02/27 13:22:08.0718 3008 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys
      2011/02/27 13:22:09.0062 3008 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys
      2011/02/27 13:22:09.0296 3008 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
      2011/02/27 13:22:09.0531 3008 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
      2011/02/27 13:22:10.0140 3008 ati2mtag (0959c83f18f8a5966afa2ec33bb96d14) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
      2011/02/27 13:22:10.0375 3008 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
      2011/02/27 13:22:10.0562 3008 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
      2011/02/27 13:22:10.0921 3008 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
      2011/02/27 13:22:11.0265 3008 Cam5603D (2230b842f43a204abd3ec6bdd39d793f) C:\WINDOWS\system32\Drivers\BisonCam.sys
      2011/02/27 13:22:11.0437 3008 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
      2011/02/27 13:22:11.0593 3008 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
      2011/02/27 13:22:11.0984 3008 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
      2011/02/27 13:22:12.0093 3008 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
      2011/02/27 13:22:12.0171 3008 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
      2011/02/27 13:22:12.0671 3008 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
      2011/02/27 13:22:13.0093 3008 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
      2011/02/27 13:22:14.0171 3008 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
      2011/02/27 13:22:14.0328 3008 dmboot (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
      2011/02/27 13:22:14.0578 3008 dmio (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
      2011/02/27 13:22:14.0625 3008 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
      2011/02/27 13:22:14.0859 3008 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
      2011/02/27 13:22:15.0312 3008 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
      2011/02/27 13:22:15.0453 3008 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
      2011/02/27 13:22:15.0515 3008 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
      2011/02/27 13:22:15.0625 3008 Fips (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
      2011/02/27 13:22:15.0781 3008 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
      2011/02/27 13:22:16.0031 3008 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
      2011/02/27 13:22:16.0078 3008 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
      2011/02/27 13:22:16.0406 3008 FTDIBUS (8672947aeec467dc5907ba024baf06ef) C:\WINDOWS\system32\drivers\ftdibus.sys
      2011/02/27 13:22:16.0453 3008 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
      2011/02/27 13:22:16.0765 3008 FTLUND (e51ec9d232494c0713e0a0938dd9c893) C:\WINDOWS\system32\drivers\ftlund.sys
      2011/02/27 13:22:17.0078 3008 FTSER2K (1baea6f4a629abcbd87267c2c732c982) C:\WINDOWS\system32\drivers\ftser2k.sys
      2011/02/27 13:22:17.0250 3008 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
      2011/02/27 13:22:17.0421 3008 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
      2011/02/27 13:22:17.0687 3008 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
      2011/02/27 13:22:17.0875 3008 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
      2011/02/27 13:22:18.0375 3008 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
      2011/02/27 13:22:19.0140 3008 i8042prt (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
      2011/02/27 13:22:19.0281 3008 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
      2011/02/27 13:22:20.0125 3008 IntcAzAudAddService (4b322f8c7b7af523d1c145c22eef4713) C:\WINDOWS\system32\drivers\RtkHDAud.sys
      2011/02/27 13:22:20.0781 3008 intelppm (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
      2011/02/27 13:22:21.0046 3008 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
      2011/02/27 13:22:21.0156 3008 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
      2011/02/27 13:22:21.0437 3008 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
      2011/02/27 13:22:21.0593 3008 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
      2011/02/27 13:22:21.0781 3008 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
      2011/02/27 13:22:22.0031 3008 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
      2011/02/27 13:22:22.0203 3008 isapnp (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
      2011/02/27 13:22:22.0406 3008 Kbdclass (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
      2011/02/27 13:22:22.0656 3008 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
      2011/02/27 13:22:22.0812 3008 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
      2011/02/27 13:22:23.0078 3008 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\WINDOWS\system32\DRIVERS\Lbd.sys
      2011/02/27 13:22:23.0609 3008 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
      2011/02/27 13:22:23.0828 3008 LMImirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\LMImirr.sys
      2011/02/27 13:22:24.0421 3008 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
      2011/02/27 13:22:24.0515 3008 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
      2011/02/27 13:22:24.0671 3008 Modem (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
      2011/02/27 13:22:24.0765 3008 Mouclass (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
      2011/02/27 13:22:24.0953 3008 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
      2011/02/27 13:22:25.0203 3008 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
      2011/02/27 13:22:25.0312 3008 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
      2011/02/27 13:22:25.0812 3008 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
      2011/02/27 13:22:26.0015 3008 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
      2011/02/27 13:22:26.0187 3008 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
      2011/02/27 13:22:26.0421 3008 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
      2011/02/27 13:22:26.0593 3008 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
      2011/02/27 13:22:26.0781 3008 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
      2011/02/27 13:22:27.0015 3008 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
      2011/02/27 13:22:27.0140 3008 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
      2011/02/27 13:22:27.0234 3008 MTsensor (1c0f480b7c6136ddb5fb909995af014a) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
      2011/02/27 13:22:27.0453 3008 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
      2011/02/27 13:22:27.0578 3008 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
      2011/02/27 13:22:27.0656 3008 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
      2011/02/27 13:22:27.0859 3008 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
      2011/02/27 13:22:27.0984 3008 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
      2011/02/27 13:22:28.0109 3008 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
      2011/02/27 13:22:28.0140 3008 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
      2011/02/27 13:22:28.0328 3008 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
      2011/02/27 13:22:28.0437 3008 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
      2011/02/27 13:22:28.0578 3008 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
      2011/02/27 13:22:28.0750 3008 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
      2011/02/27 13:22:28.0921 3008 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
      2011/02/27 13:22:29.0109 3008 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
      2011/02/27 13:22:29.0265 3008 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
      2011/02/27 13:22:29.0343 3008 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
      2011/02/27 13:22:29.0406 3008 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
      2011/02/27 13:22:29.0500 3008 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
      2011/02/27 13:22:29.0593 3008 Parport (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
      2011/02/27 13:22:29.0796 3008 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
      2011/02/27 13:22:29.0859 3008 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
      2011/02/27 13:22:32.0281 3008 PCANDIS5 (2f9806b52cb3748b1e49222744b28e3c) C:\WINDOWS\system32\PCANDIS5.SYS
      2011/02/27 13:22:32.0515 3008 PCI (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
      2011/02/27 13:22:33.0046 3008 PCIIde (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
      2011/02/27 13:22:33.0234 3008 Pcmcia (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
      2011/02/27 13:22:35.0296 3008 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
      2011/02/27 13:22:35.0640 3008 PRISM_A02 (586a0f9139d14729217dfff1259ffdbd) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
      2011/02/27 13:22:35.0750 3008 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
      2011/02/27 13:22:35.0781 3008 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
      2011/02/27 13:22:35.0906 3008 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
      2011/02/27 13:22:37.0500 3008 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
      2011/02/27 13:22:37.0609 3008 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
      2011/02/27 13:22:37.0703 3008 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
      2011/02/27 13:22:37.0750 3008 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
      2011/02/27 13:22:37.0953 3008 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
      2011/02/27 13:22:38.0000 3008 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
      2011/02/27 13:22:38.0218 3008 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
      2011/02/27 13:22:38.0375 3008 redbook (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
      2011/02/27 13:22:38.0687 3008 rimsptsk (1bdba2d2d402415a78a4ba766dfe0f7b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
      2011/02/27 13:22:38.0984 3008 risdptsk (ace2ce73d7b04eac48fb80482e05e770) C:\WINDOWS\system32\DRIVERS\risdptsk.sys
      2011/02/27 13:22:39.0296 3008 RTL8023xp (d6e1b1bd04fad422af17fc4b810cb9af) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
      2011/02/27 13:22:39.0593 3008 s24trans (2e4e912ce95f5ef4d4a5079f6ce367fc) C:\WINDOWS\system32\DRIVERS\s24trans.sys
      2011/02/27 13:22:39.0796 3008 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
      2011/02/27 13:22:39.0921 3008 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
      2011/02/27 13:22:40.0031 3008 Serial (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\drivers\Serial.sys
      2011/02/27 13:22:40.0265 3008 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
      2011/02/27 13:22:40.0765 3008 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
      2011/02/27 13:22:41.0125 3008 smserial (34d634366fc57524f5932eaec40e4fcb) C:\WINDOWS\system32\DRIVERS\smserial.sys
      2011/02/27 13:22:41.0750 3008 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
      2011/02/27 13:22:41.0953 3008 sr (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
      2011/02/27 13:22:42.0125 3008 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
      2011/02/27 13:22:42.0312 3008 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
      2011/02/27 13:22:42.0515 3008 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
      2011/02/27 13:22:42.0718 3008 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
      2011/02/27 13:22:44.0562 3008 SynTP (9c29e8e9c1c48e9c8bc38f031df4720f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
      2011/02/27 13:22:44.0718 3008 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
      2011/02/27 13:22:44.0828 3008 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
      2011/02/27 13:22:45.0031 3008 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
      2011/02/27 13:22:45.0218 3008 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
      2011/02/27 13:22:45.0375 3008 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
      2011/02/27 13:22:46.0031 3008 Tosrfbd (294675c8e4316302efe14b1a1219d942) C:\WINDOWS\system32\Drivers\tosrfbd.sys
      2011/02/27 13:22:46.0343 3008 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\drivers\Tosrfcom.sys
      2011/02/27 13:22:46.0671 3008 Tosrfhid (31b0145c289d2b3e3e9948345caa7b6f) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
      2011/02/27 13:22:46.0984 3008 Tosrfusb (7414a6461bc83a22b0ae009ace3e375b) C:\WINDOWS\system32\Drivers\tosrfusb.sys
      2011/02/27 13:22:47.0171 3008 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
      2011/02/27 13:22:47.0750 3008 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
      2011/02/27 13:22:48.0140 3008 USB28xxBGA (21f3c6673e57023125504719a7f3ee6e) C:\WINDOWS\system32\DRIVERS\emBDA.sys
      2011/02/27 13:22:48.0453 3008 USB28xxOEM (990771ceac1cd7e398b3d27c6fbd3c02) C:\WINDOWS\system32\DRIVERS\emOEM.sys
      2011/02/27 13:22:48.0578 3008 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys
      2011/02/27 13:22:48.0765 3008 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
      2011/02/27 13:22:49.0031 3008 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
      2011/02/27 13:22:49.0171 3008 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
      2011/02/27 13:22:49.0375 3008 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
      2011/02/27 13:22:49.0546 3008 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
      2011/02/27 13:22:49.0734 3008 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
      2011/02/27 13:22:49.0875 3008 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
      2011/02/27 13:22:50.0000 3008 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
      2011/02/27 13:22:50.0437 3008 VolSnap (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
      2011/02/27 13:22:50.0812 3008 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
      2011/02/27 13:22:51.0062 3008 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
      2011/02/27 13:22:51.0187 3008 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
      2011/02/27 13:22:51.0703 3008 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
      2011/02/27 13:22:51.0968 3008 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
      2011/02/27 13:22:52.0109 3008 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
      2011/02/27 13:22:52.0312 3008 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
      2011/02/27 13:22:52.0468 3008 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
      2011/02/27 13:22:52.0703 3008 ================================================================================
      2011/02/27 13:22:52.0703 3008 Scan finished
      2011/02/27 13:22:52.0703 3008 ================================================================================
      0
  9. fred08700 Messages postés 3633 Statut Contributeur sécurité 550
     
    ok

    refais un nouveau zhpdiag , stp

    à l'ouverture de zhp , clique sur le " tournevis " et regardes si les lignes 042 sont cochées

    et poste le rapport avec ci-joint
    0
    1. alexnovice
       
      rapport :
      http://www.cijoint.fr/cjlink.php?file=cj201102/cijBradAeq.txt

      et les lignes 042 sont cochées
      0
  10. fred08700 Messages postés 3633 Statut Contributeur sécurité 550
     
    re

    tout est revenu , combofix a fait son boulot -)

    au passage , merci à Electricien69 , que je salut

    ===> désinstalles Spybot et ad-aware , inutiles

    ===> met à jours avast ==> version 6 est sortie

    ===> mets à jour internet explorer, version 8 : https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70

    ===> met à jour java : Télécharge JavaRa.zip de Paul McLain et Fred de Vries.

    http://raproducts.org/click/click.php?id=1

    * Décompresse le fichier sur le Bureau (Clic droit > Extraire tout).
    * Double-clique sur le répertoire JavaRa.
    * Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher).
    * Choisis Français puis clique sur Select.
    * Clique sur Recherche de mises à jour.
    * Sélectionne Mettre à jour via jucheck.exe puis clique sur Rechercher.
    * Autorise le processus à se connecter s'il le demande, clique sur Installer et suis les instructions d'installation qui prennent quelques minutes.
    * L'installation est terminée, reviens à l'écran de JavaRa et clique sur Effacer les anciennes versions.
    * Clique sur Oui pour confirmer. Laisse travailler et clique ensuite sur OK, puis une deuxième fois sur OK.
    * Un rapport va s'ouvrir. Poste-le dans ta prochaine réponse.
    * Ferme l'application.

    Note : le rapport se trouve aussi dans C:\ sous le nom JavaRa.log.

    Tuto :
    https://www.commentcamarche.net/

    ===> 3) Utilisation de ZHPfix

    *fais un copié des lignes en gras suivantes

    ----------------------------------------------------------
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.135.9:8080
    [HKCU\Software\Casino]
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;*mercapital*
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
    R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.7.3) -- C:\Program Files\Vuze_Remote\tbVuz1.dll
    O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Vuze_Remote\tbVuz1.dll
    O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Vuze_Remote\tbVuz1.dll
    O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.xfinity.com
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - (Installation Support) - (.Yahoo! Inc. - YInstHelper Module.) -- C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
    O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/14.22/uploader2.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O16 - DPF: {2ED79742-30D5-4A95-B677-34CBD8A7AEDD} (WebContainer Class) - http://streaming.mentorwave.com/webinstall.cab
    [HKCU\Software\Ad-Remover]
    PROXYFix
    emptytemp
    emptyflash
    FirewallRaz
    </gras>
    ----------------------------------------------------------
    /!\ Utilisateurs de vista/7 , cette manipulation est à effectuer en tant qu'administrateur ( Clic droit -> [Exécuter en tant qu'administrateur] ) /!\

    * Lance ZHPFix (soit via le raccourci sur ton Bureau, soit via ZHPDiag- écusson vert-)
    * Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
    * Le texte que tu as copié sera présent
    * Clique sur « Tous », puis sur « Nettoyer »
    * Copie/colle la totalité du rapport dans ta prochaine réponse

    ===> repasse ccleaner

    ===> refais un scan zhpdiag
    0
    1. alexnovice
       
      ok, super merci

      rapport java :
      JavaRa 1.16 Removal Log.

      Report follows after line.

      ------------------------------------

      The JavaRa removal process was started on Sun Feb 27 15:40:41 2011

      Found and removed: C:\Program Files\Java\jre1.5.0_10

      Found and removed: C:\Program Files\Java\jre1.6.0_03

      Found and removed: C:\Program Files\Java\jre1.6.0_05

      Could not delete: C:\Program Files\Java\jre1.6.0_07

      Asking Windows to delete JavaRa 1.16 Removal Log.

      Report follows after line.

      ------------------------------------

      The JavaRa removal process was started on Sun Feb 27 15:41:28 2011

      Found and removed: C:\Program Files\Java\jre1.6.0_07

      Found and removed: Applications\java.exe

      Found and removed: Applications\javaw.exe

      Found and removed: JavaPlugin.FamilyVersionSupport

      Found and removed: Installer\Products\8A0F842331866D117AB7000B0D610007

      Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

      Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

      Found and removed: JavaScript

      Found and removed: JavaScript Author

      Found and removed: JavaScript1.1

      Found and removed: JavaScript1.1 Author

      Found and removed: JavaScript1.2

      Found and removed: JavaScript1.2 Author

      Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

      Found and removed: Software\Classes\JavaPlugin.150_10

      Found and removed: Software\Classes\JavaPlugin.160_03

      Found and removed: Software\Classes\JavaPlugin.160_05

      Found and removed: Software\Classes\JavaPlugin.160_07

      Found and removed: Software\JavaSoft\Java Update

      Found and removed: Software\JavaSoft\Java Runtime Environment\1.5.0_10

      Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

      Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

      Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_07

      Found and removed: Software\JavaSoft\Java2D\1.5.0_10

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

      Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

      Found and removed: SOFTWARE\Classes\JavaPlugin

      Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

      Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

      Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

      Found and removed: SOFTWARE\Classes\JavaPlugin.160_07

      Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

      Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

      Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

      Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

      Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

      Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

      Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

      Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

      Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

      Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

      Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

      Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

      Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

      Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

      Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

      Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

      Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

      Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

      Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

      Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

      Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_07

      Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

      Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

      Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

      Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

      Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

      Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\

      Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1

      Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1

      Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3

      Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2

      Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1

      Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3

      Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1

      Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4

      Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1

      Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5

      ------------------------------------

      Finished reporting.



      rapport ZHPfix:
      Rapport de ZHPFix 1.12.3256 par Nicolas Coolman, Update du 23/02/2011
      Fichier d'export Registre : C:\ZHPExportRegistry-27-02-2011-15-46-29.txt
      Run by Alex & Mat at 27/02/2011 15:46:29
      Windows XP Home Edition Service Pack 3 (Build 2600)
      Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
      Contact : nicolascoolman@yahoo.fr

      ========== Clé(s) du Registre ==========
      HKCU\Software\Casino => Clé supprimée avec succès
      [HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}] => Clé supprimée avec succès
      [HKCR\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}] => Clé supprimée avec succès
      O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Vuze_Remote\tbVuz1.dll => Clé supprimée avec succès
      O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.xfinity.com => Clé supprimée avec succès
      [HKLM\SOFTWARE\Classes\CLSID\{08BEF711-06DA-48B2-9534-802ECAA2E4F9}] => Clé supprimée avec succès
      [HKCR\CLSID\{08BEF711-06DA-48B2-9534-802ECAA2E4F9}] => Clé supprimée avec succès
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - (Installation Support) - (.Yahoo! Inc. - YInstHelper Module.) -- C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll => Clé supprimée avec succès
      [HKLM\SOFTWARE\Classes\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}] => Clé supprimée avec succès
      [HKCR\CLSID\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}] => Clé supprimée avec succès
      O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/14.22/uploader2.cab => Clé supprimée avec succès
      [HKLM\SOFTWARE\Classes\CLSID\{474F00F5-3853-492C-AC3A-476512BBC336}] => Clé supprimée avec succès
      [HKCR\CLSID\{474F00F5-3853-492C-AC3A-476512BBC336}] => Clé supprimée avec succès
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab => Clé supprimée avec succès
      [HKLM\SOFTWARE\Classes\CLSID\{6E5E167B-1566-4316-B27F-0DDAB3484CF7}] => Clé supprimée avec succès
      [HKCR\CLSID\{6E5E167B-1566-4316-B27F-0DDAB3484CF7}] => Clé supprimée avec succès
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab => Clé supprimée avec succès
      O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab => Clé supprimée avec succès
      [HKLM\SOFTWARE\Classes\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}] => Clé supprimée avec succès
      [HKCR\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}] => Clé supprimée avec succès
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} () - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab => Clé supprimée avec succès
      O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 => Clé supprimée avec succès
      [HKLM\SOFTWARE\Classes\CLSID\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}] => Clé supprimée avec succès
      [HKCR\CLSID\{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9}] => Clé supprimée avec succès
      O16 - DPF: {2ED79742-30D5-4A95-B677-34CBD8A7AEDD} (WebContainer Class) - http://streaming.mentorwave.com/webinstall.cab => Clé supprimée avec succès
      [HKLM\SOFTWARE\Classes\CLSID\{2ED79742-30D5-4A95-B677-34CBD8A7AEDD}] => Clé supprimée avec succès
      [HKCR\CLSID\{2ED79742-30D5-4A95-B677-34CBD8A7AEDD}] => Clé supprimée avec succès
      HKCU\Software\Ad-Remover => Clé supprimée avec succès

      ========== Valeur(s) du Registre ==========
      R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.7.3) -- C:\Program Files\Vuze_Remote\tbVuz1.dll => Valeur supprimée avec succès
      O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\Vuze_Remote\tbVuz1.dll => Valeur supprimée avec succès
      ProxyFix : Configuration proxy supprimée avec succès

      ========== Elément(s) de donnée du Registre ==========
      R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.135.9:8080 => Donnée supprimée avec succès
      R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;*mercapital* => Donnée supprimée avec succès
      R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 => Donnée supprimée avec succès

      ========== Dossier(s) ==========
      Dossiers Flash Cookies supprimés : 4

      ========== Fichier(s) ==========
      Fichiers Flash Cookies supprimés : 2

      ========== Autre ==========
      FirewallRaz </gras> => Format Non supporté


      ========== Récapitulatif ==========
      28 : Clé(s) du Registre
      3 : Valeur(s) du Registre
      3 : Elément(s) de donnée du Registre
      1 : Dossier(s)
      1 : Fichier(s)
      1 : Autre


      End of the scan


      je fais ccleaner et zhpdiag
      0
    2. alexnovice
       
      ok j'ai tt fait
      je ne sais pas si tu voulais le rapport de zhpdiag, dans le doute il est ci dessous

      http://www.cijoint.fr/cjlink.php?file=cj201102/cijpfso4f5.txt
      0
  11. fred08700 Messages postés 3633 Statut Contributeur sécurité 550
     
    re

    encore quelques trucs à faire et c'est bon , courage

    désinstalles avast , suspicion d'anomalies , rien de méchant rassure toi ==> https://www.avast.com/fr-fr/uninstall-utility

    et réinstalles-le https://www.clubic.com/telecharger-fiche11113-avast-antivirus-gratuit.html

    *************************************
    désinstalles les anciennes versions de java

    - Logiciel: J2SE Runtime Environment 5.0 Update 10
    - Logiciel: Java 6 Update 3 -
    - Logiciel: Java 6 Update 5 -
    - Logiciel: Java 6 Update 7 -

    ****************************************

    rends-toi sur virus total et analyses ceci : https://www.virustotal.com/gui/

    regardes ce tutoriel : https://forum.malekal.com/viewtopic.php?t=9828&start=

    c:\windows\system32\dllcache\shsvcs.dll


    ***************************************

    disque dur système plein à 92% , il faudra faire le ménage
    Chaque difficulté rencontrée doit être l'occasion d'un nouveau progrès.

    [Pierre de Coubertin]
    0
    1. alexnovice
       
      merci beaucoup pour ton aide.

      le scanner n'a rien trouvé.

      j'ai deux dernières questions :
      que dois je faire des fichiers que j'ai installé les desinstaller ou les laisser :
      - tdsskiller
      - combofix
      - javara
      - zhpdiag
      - zhpfix
      - aswclear
      - adremover

      ensuite, je suis proteger avec avast, malwarebytes anti-malware et cc-cleaner, que dois je faire avec ca, les lancer avec une fréquence patriculière ou laisser tourner?

      merci encore de ton aide
      0
  12. fred08700 Messages postés 3633 Statut Contributeur sécurité 550
     
    bien

    comment va le pc ?

    supprimes ce qui a servi à la désinfection

    Télecharge Delfix sur ton bureau : https://www.commentcamarche.net/telecharger/securite/7111-delfix/

    *Clique sur le bouton « Suppression » et poste son rapport sur ton prochain message
    **Pour le désinstaller, il suffit de le relancer et cliquer sur le bouton de désinstallation.

    ***********************************************

    Pour diminuer le temps de démarrage de windows :

    * Ouvrez l'utilitaire de configuration système :
    o Faites : démarrer ==> Exécuter ==> tapez msconfig
    o Ensuite, allez sur l'onglet Démarrage, décocher les programmes qui vous semblent inutiles au démarrage de votre PC. Cela n'empêchera pas les programmes de s'exécuter quand vous en aurez besoin, mais permettra à votre PC de démarrer plus vite.
    ne laisser que antivirus et parefeu ( si présent)

    N'hésitez pas, vous pouvez relancer l'utilitaire pour réactiver un élément décoché par erreur.

    ***********************************************

    Vacciner les supports amovibles

    [x] Si nous n'avons pas utilisé USBfix lors de la procédure, tu peux vacciner tes supports amovibles pour éviter qu'ils ne s'infectent.
    [x] Télécharge http://www.commentcamarche.net/download/telecharger-34079838-usbfix puis lance le.
    [x] Note : Si ton anvirus émet une alerte, désactive le momentanément ( il s'agit d'un faux positif )
    [x] Branche tout tes médias amovibles ( Clé USB, Disque dur externe, carte SD ) puis sélectionne l'option [Vacciner].
    [x] Appuie sur [Ok] au message de confirmation.

    **********************************************

    Défragmentation

    [x] Au fur et à mesure que tu installes des logiciels, copies des fichiers etc.. le disque dur se fragmente et les accès en lecture/écriture sont plus longs.
    [o] Télécharge Defraggler.
    [o] Un tutoriel pour son utilisation est disponible ici.

    *********************************************

    Vérification des disques

    [x] Ouvre l'explorateur, puis fais un clique droit sur ta partition principale ( généralement C:\ )
    [x] Clique sur [Propriété] puis sur l'onglet [Outils]
    [x] Clique sur [Vérifier maintenant] puis coche les deux cases présentes.
    [x] Clique sur [Démarrer] ( Tu devras éventuellement redémarrer ton PC et le scan du disque s'effectuera au prochain démarrage )

    *************************************************

    logiciels à garder:

    malwarebytes et ccleaner (faire un scan , 1 fois par semaine)

    ************************************************

    Liens utiles

    - Les dangers du P2P
    - La sécurité de son PC, c'est quoi?
    - Sécuriser son ordinateur
    - Pourquoi maintenir son navigateur à jour?
    - Les toolbars c'est pas obligatoire

    **********************************************

    utilise firefox comme navigateurs : http://www.mozilla-europe.org/fr/firefox/

    installes ces deux extensions pour firefox

    wot permet de naviguer et d'acheter sur Internet en toute sécurité.
    adblocks qui est un bloqueur de pubs
    0
    1. alexnovice
       
      le pc va bien

      voici le rapport, je fais le reste par la suite. il me reste aswclear5 et le fichier extrait javara sur mon bureau.

      # DelFix v7.4 - Rapport créé le 27/02/2011 à 23:48
      # Mis à jour le 09/02/11 à 23h par Xplode
      # Système d'exploitation : Microsoft Windows XP (32 bits) [version 5.1.2600] Service Pack 3
      # Nom d'utilisateur : Alex & Mat - MATAL (Administrateur)
      # Exécuté depuis : C:\Documents and Settings\Alex & Mat\Bureau\DelFix.exe
      # Option [Suppression]


      ~~~~~~ Dossier(s) ~~~~~~

      -> C:\Qoobox\BackEnv ... ACL modifié avec succès.
      Supprimé : C:\Qoobox
      Supprimé : C:\Program Files\Ad-Remover
      Supprimé : C:\Program Files\ZHPDiag
      Supprimé : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP

      ~~~~~~ Fichier(s) ~~~~~~

      Supprimé : C:\ComboFix.txt
      Supprimé : C:\TDSSKiller.2.4.18.0_27.02.2011_13.21.55_log.txt
      Supprimé : C:\ZHPExportRegistry-26-02-2011-19-24-19.txt
      Supprimé : C:\ZHPExportRegistry-27-02-2011-15-46-29.txt
      Supprimé : C:\JavaRa.log
      Supprimé : C:\WINDOWS\grep.exe
      Supprimé : C:\WINDOWS\PEV.exe
      Supprimé : C:\WINDOWS\NIRCMD.exe
      Supprimé : C:\WINDOWS\MBR.exe
      Supprimé : C:\WINDOWS\sed.exe
      Supprimé : C:\WINDOWS\SWREG.exe
      Supprimé : C:\WINDOWS\SWSC.exe
      Supprimé : C:\WINDOWS\SWXCACLS.exe
      Supprimé : C:\WINDOWS\zip.exe
      Supprimé : C:\Documents and Settings\Alex & Mat\Bureau\ComboFix.exe
      Supprimé : C:\Documents and Settings\Alex & Mat\Bureau\tdsskiller.exe
      Supprimé : C:\Documents and Settings\Alex & Mat\Bureau\AD-R.lnk
      Supprimé : C:\Documents and Settings\All Users\Bureau\ZHPDiag.lnk
      Supprimé : C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk
      Supprimé : C:\Documents and Settings\All Users\Bureau\MBRCheck.lnk

      ~~~~~~ Registre ~~~~~~

      Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ZHP
      Clé Supprimée : HKLM\Software\swearware
      Clé Supprimée : HKLM\Software\Classes\.cfxxe
      Clé Supprimée : HKLM\Software\Classes\cfxxefile
      Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover
      Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
      Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

      ~~~~~~ Autre ~~~~~~

      -> Prefetch vidé

      ########## EOF - "C:\DelFixSuppr.txt" - [2249 octets] ##########
      0
    2. fred08700 Messages postés 3633 Statut Contributeur sécurité 550
       
      salut

      il me reste aswclear5 et le fichier extrait javara sur mon bureau. ==> tu peux les supprimer
      0
    3. alexnovice
       
      hello,

      j en suis encore a la defragmentation de mon disque D ca m a pris toute la pres midi et ce n est pas encore finit, c normal? et je n ai toujours pas fait le C...

      j ai aussi supprimer des fichiers au demarrage mais maintenant il met un message windows a chaque demarage, c est normal aussi?
      0
    4. fred08700 Messages postés 3633 Statut Contributeur sécurité 550
       
      salut

      quel est le message de windows ?
      0
    5. alexnovice
       
      bonjour

      ci joint les copies ecran

      http://www.cijoint.fr/cjlink.php?file=cj201103/cijiNcG3M9.doc
      0
  13. fred08700 Messages postés 3633 Statut Contributeur sécurité 550
     
    salut

    c'est l'utilitaire de msconfig . Comment tu as modifié celui-ci au niveau du démarrage , il te met un message

    coches " ne plus m'avertir"

    mais tu as déjà trouver

    bon surf
    0
    1. alexnovice
       
      oui c'etait ca

      j'ai encore un petit problème je ne peux pas intsaller firefox, qd j'essaye deja ca met bcp de temps pour le telecharger ensuite il me dit (en gros) que il y a une erreur et ca ne l'installe pas.
      je reesaye ou je peux le telecharger ailleurs?
      0
    2. alexnovice
       
      merci tout est ok
      0