Virus Ms removal tool

lega170388 Messages postés 138 Statut Membre -  
Valuu Messages postés 2258 Statut Contributeur -
Bonjour,

Depuis quelque heures j'ai chopé ce que je pense être un virus mais qui se fait passer pour un anti virus : Ms removal tool, savez vous comment je peux m'en debarasser?

Merci d'avance

17 réponses

  1. Valuu Messages postés 2258 Statut Contributeur 201
     
    Hello,

    * Télécharge RogueKiller sur le bureau
    * Quitte tous les programmes en cours
    * Sous Vista/Seven , clic droit -> lancer en tant qu'administrateur
    * Sinon lance simplement RogueKiller.exe
    * Lorsque demandé, tape 1 et valide
    * Un rapport à dû s'ouvrir (RKreport.txt se trouve également à côté de l'exécutable), donner son contenu à la personne qui vous aide
    * Si le programme a été bloqué, ne pas hésiter a essayer plusieurs fois. Si vraiment cela ne passe pas (ça peut arriver), le renommer en winlogon.exe
    2
  2. lega170388 Messages postés 138 Statut Membre 5
     
    Voila le rapport. J'ai été obligé de renommé le programme car il était systématiquement bloqué!

    RogueKiller V4.3.7 par Tigzy
    contact sur https://www.luanagames.com/index.fr.html
    mail: tigzyRK<at>gmail<dot>com
    Remontees: https://www.luanagames.com/index.fr.html

    Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Demarrage : Mode normal
    Utilisateur: Hugo [Droits d'admin]
    Mode: Recherche -- Date : 07/04/2011 17:52:43

    Processus malicieux: 0

    Entrees de registre: 3
    [APPDT/TMP/DESKTOP] HKCU\[...]\RunOnce : dAo06511cHbJn06511 (C:\ProgramData\dAo06511cHbJn06511\dAo06511cHbJn06511.exe) -> FOUND
    [APPDT/TMP/DESKTOP] HKUS\S-1-5-21-2142108531-2679806523-3606810650-1000[...]\RunOnce : dAo06511cHbJn06511 (C:\ProgramData\dAo06511cHbJn06511\dAo06511cHbJn06511.exe) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

    Fichier HOSTS:
    127.0.0.1 localhost
    ::1 localhost

    Termine : << RKreport[1].txt >>
    RKreport[1].txt
    0
    1. Valuu Messages postés 2258 Statut Contributeur 201
       
      créer ton propre sujet et attendre une réponse d'un helper.
      0
  3. Valuu Messages postés 2258 Statut Contributeur 201
     
    Okay,

    * Télécharge RogueKiller sur le bureau
    * Quitte tous les programmes en cours
    * Sous Vista/Seven , clic droit -> lancer en tant qu'administrateur
    * Sinon lance simplement RogueKiller.exe
    * Lorsque demandé, tape 2 et valide
    * Un rapport à dû s'ouvrir (RKreport.txt se trouve également à côté de l'exécutable), donner son contenu à la personne qui vous aide
    * Si le programme a été bloqué, ne pas hésiter a essayer plusieurs fois. Si vraiment cela ne passe pas (ça peut arriver), le renommer en winlogon.exe

    MBAM
    * Télécharge Malwarebytes' Anti-Malware
    * Tu auras un tutoriel à ta disposition pour l'installer et l'utiliser correctement.
    * Fais la mise à jour du logiciel (elle se fait normalement à l'installation)
    * Lance une analyse complète en cliquant sur "Exécuter un examen complet"
    * Sélectionne les disques que tu veux analyser et clique sur "Lancer l'examen"
    * L'analyse peut durer un bon moment.....
    * Une fois l'analyse terminée, clique sur "OK" puis sur "Afficher les résultats"
    * Vérifie que tout est bien coché et clique sur "Supprimer la sélection" => et ensuite sur "OK"
    * Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Fais le en cliquant sur "oui" à la question posée
    * Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum
    0
  4. lega170388 Messages postés 138 Statut Membre 5
     
    Voila le rapport :

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Version de la base de données: 6304

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    07/04/2011 22:44:42
    mbam-log-2011-04-07 (22-44-42).txt

    Type d'examen: Examen complet (C:\|D:\|)
    Elément(s) analysé(s): 266139
    Temps écoulé: 49 minute(s), 43 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 118
    Valeur(s) du Registre infectée(s): 5
    Elément(s) de données du Registre infecté(s): 9
    Dossier(s) infecté(s): 20
    Fichier(s) infecté(s): 40

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{09325003-167C-483d-A4BA-8B3122ABB432} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{100EB1FD-D03E-47fd-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{E343EDFC-1E6C-4cb5-AA29-E9C922641C80} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{C55CA95C-324B-451C-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{5FE0CEAE-CB69-40AF-A323-40F94257DACB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{573F4ABB-A1A2-44ED-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{60DA826C-B1C6-4358-BDEC-4837CED45470} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.KOPFF.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.KOPFF (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{6DD76B7B-6423-4df0-9A07-84A6CAD973A0} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7F6CFB6A-9227-4bb8-B941-F2B067E76F51} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{AB0EE208-DF60-4fa7-A617-C4269760033E} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{C1089F63-7AFC-4538-B0EB-BEA0F4225A57} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{E12AEAB6-7D12-4c07-8E36-5892EFB4DAFB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{E2F2C137-A782-4fb5-81AF-086156F5EB0A} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{F3A32DF2-7413-4fb1-B575-1AC920A17B76} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClickPotatoLiteSA (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec cherche.us (Redir.ChercheUs) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\dAo06511cHbJn06511 (Trojan.Downloader) -> Value: dAo06511cHbJn06511 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0 (Adware.HotBar) -> Value: ShopperReports 3.0.517.0 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790471BC76545530AF98 (Malware.Trace) -> Value: SRS_IT_E8790471BC76545530AF98 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Value: ClickPotatoLite@ClickPotatoLite.com -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page_bak (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://ww12.cherche.us Good: (http://www.google.com) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL\SearchAssistant (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    c:\programdata\2aca5cc3-0f83-453d-a079-1076fe1a8b65 (Adware.Seekmo) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\Users\Hugo\AppData\Roaming\clickpotatolite (Adware.ClickPotato) -> Delete on reboot.
    c:\Users\Hugo\AppData\Roaming\shopperreports3 (Adware.ShopperReports) -> Delete on reboot.
    c:\program files\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.655.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.655.0\firefox (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.655.0\firefox\extensions (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.655.0\firefox\extensions\plugins (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0 (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\clickpotato (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    c:\programdata\dao06511chbjn06511\dao06511chbjn06511.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.655.0\clickpotatolitesaax.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\mozillaps.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\CmndFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.655.0\clickpotatolitesabho.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\cntntcntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\BRNstIE.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.655.0\clickpotatolitesa.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.655.0\clickpotatolitesahook.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.655.0\clickpotatoliteuninstaller.exe (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.655.0\launchhelp.dll (Adware.Seekmo) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.655.0\firefox\extensions\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\plugins\npclntax_clickpotatolitesa.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\shopperreportsuninstaller.exe (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\Users\Hugo\binternet.exe (Trojan.BInternet) -> Quarantined and deleted successfully.
    c:\Users\Hugo\AppData\LocalLow\Sun\Java\deployment\cache\6.0\41\775b2769-4348d384 (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Hugo\Desktop\rk_quarantine\dao06511chbjn06511.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Hugo\downloads\VLCSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\Windows\System32\binternet.exe (Trojan.BInternet) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesa.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesaabout.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesaau.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesaeula.mht (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\clickpotatolitesa\clickpotatolitesa_kyf.dat (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.655.0\firefox\extensions\chrome.manifest (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\clickpotatolite\bin\10.0.655.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\launchhelp.dll (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\program files\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\About Us.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato customer support.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\clickpotato\clickpotato uninstall instructions.lnk (Adware.ClickPotato) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully.
    c:\Users\Hugo\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Valuu Messages postés 2258 Statut Contributeur 201
     
    Hé bah... la belle flopée d'adware que t'avais...

    Un adware est un logiciel publicitaire qui s'installe généralement par le biais d'un autre programme, dans les conditions (acceptées par l'utilisateur) il annonce l'affichage de publicité...

    On va voir s'il y a des reste :
    * Télécharge AD-Remover(de la TeamXscript) sur ton Bureau.
    Déconnecte toi et ferme toutes les applications en cours
    * Double-clique sur l'icône AD-Remover
    * Au menu principal, clique sur Nettoyer
    * Confirme le lancement de l'analyse et laisse l'outil travailler
    * Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report-CLEAN.txt )

    As-tu bien passer RogueKiller en mode Suppression avant de passer MBAM ?
    0
  7. lega170388 Messages postés 138 Statut Membre 5
     
    Voici le rapport.

    Sinon je ne sias pas si j'ai passé Roguekiller en mode suppression. J'ai fait ce que tu m'as dit, rien de plus!

    ======= RAPPORT D'AD-REMOVER 2.0.0.2,F | UNIQUEMENT XP/VISTA/7 =======

    Mis à jour par TeamXscript le 06/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Site web: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 23:10:59 le 07/04/2011, Mode normal

    Microsoft® Windows Vista(TM) Édition Intégrale Service Pack 2 (X86)
    Hugo@PC-DE-HUGO (PACKARD BELL BV EasyNote MH36)

    ============== ACTION(S) ==============

    Fichier supprimé: C:\Users\Hugo\AppData\Roaming\Mozilla\FireFox\Profiles\qz2l1xpv.default\searchplugins\cherche.xml
    Dossier supprimé: C:\Users\Hugo\AppData\Roaming\Mozilla\FireFox\Profiles\qz2l1xpv.default\conduit
    Dossier supprimé: C:\Users\Hugo\AppData\Roaming\Mozilla\FireFox\Profiles\qz2l1xpv.default\extensions\vshare@toolbar
    Fichier supprimé: C:\Users\Hugo\AppData\Roaming\Mozilla\FireFox\Profiles\qz2l1xpv.default\searchplugins\web-search.xml
    Fichier supprimé: C:\Users\Hugo\scriptjava.html
    Fichier supprimé: C:\Users\Hugo\tmp1.7
    Dossier supprimé: C:\Users\Hugo\AppData\LocalLow\Conduit
    Dossier supprimé: C:\Program Files\Conduit
    Dossier supprimé: C:\Users\Hugo\AppData\LocalLow\ConduitEngine
    Dossier supprimé: C:\Program Files\ConduitEngine
    Dossier supprimé: C:\Users\Hugo\AppData\LocalLow\PriceGong
    Dossier supprimé: C:\Users\Hugo\AppData\LocalLow\ShopperReports3
    Dossier supprimé: C:\ProgramData\Viewpoint
    Dossier supprimé: C:\Program Files\Viewpoint
    Fichier supprimé: C:\Users\Hugo\Downloads\PartyPokerFrSetup.exe

    (!) -- Fichiers temporaires supprimés.

    -- Fichier ouvert: C:\Users\Hugo\AppData\Roaming\Mozilla\FireFox\Profiles\qz2l1xpv.default\Prefs.js --
    Ligne supprimée: user_pref("extensions.enabledAddons", "vshare@toolbar:1.0.0,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6...
    Ligne supprimée: user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{20a82645-c095-4...
    Ligne supprimée: user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-...
    Ligne supprimée: user_pref("extensions.vshare@toolbar.update.enabled", false);
    Ligne supprimée: user_pref("keyword.URL", "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=");
    Ligne supprimée: user_pref("vshare.install.date", "1296345600000");
    Ligne supprimée: user_pref("vshare.install.dumpFileCount", 0);
    Ligne supprimée: user_pref("vshare.install.dumpFileDisabled", false);
    Ligne supprimée: user_pref("vshare.install.finished", "1.0.0");
    Ligne supprimée: user_pref("vshare.install.guid", "{c9c8f72d-a7e8-4be8-b96d-ebd511abb1a4}");
    Ligne supprimée: user_pref("vshare.install.isHidden", true);
    Ligne supprimée: user_pref("vshare.install.istoolbarhp", true);
    Ligne supprimée: user_pref("vshare.install.istoolbarsearch", true);
    Ligne supprimée: user_pref("vshare.install.laststatreq", "1302134400000");
    Ligne supprimée: user_pref("vshare.install.newtab", true);
    Ligne supprimée: user_pref("vshare.install.newtabDisabledByUser", true);
    Ligne supprimée: user_pref("vshare.install.overlayVersion", 1);
    Ligne supprimée: user_pref("vshare.install.userHPSettings", "www.google.fr/ig");
    Ligne supprimée: user_pref("vshare.install.userSPSettings", "Google");
    -- Fichier Fermé --

    Clé supprimée: HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Clé supprimée: HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Clé supprimée: HKLM\Software\Classes\CLSID\{D5FBA060-3CA5-4B58-8835-CD2B9796C497}
    Clé supprimée: HKLM\Software\Classes\CLSID\{DAB69AB1-2621-4587-A0D0-5DDD7C127BD1}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DAB69AB1-2621-4587-A0D0-5DDD7C127BD1}
    Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DAB69AB1-2621-4587-A0D0-5DDD7C127BD1}
    Clé supprimée: HKLM\Software\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}
    Clé supprimée: HKLM\Software\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}
    Clé supprimée: HKLM\Software\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
    Clé supprimée: HKLM\Software\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}
    Clé supprimée: HKLM\Software\Classes\Interface\{83B2FE06-BA20-4F7D-96C6-6FC3A4E877D3}
    Clé supprimée: HKLM\Software\Classes\Interface\{9BEC9B38-BF39-4899-806E-A1C5DFEB60A2}
    Clé supprimée: HKLM\Software\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
    Clé supprimée: HKLM\Software\Classes\Interface\{B32966A2-F7C2-4362-A6CF-399EC8B44110}
    Clé supprimée: HKLM\Software\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
    Clé supprimée: HKLM\Software\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}
    Clé supprimée: HKLM\Software\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
    Clé supprimée: HKLM\Software\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}
    Clé supprimée: HKLM\Software\Classes\Interface\{E6961C59-CFCE-4CCD-B794-BC78DB98413A}
    Clé supprimée: HKLM\Software\Classes\Interface\{F8B4EC8A-2407-4BE0-AEE2-0F430D65A90D}
    Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl
    Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtl.1
    Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary
    Clé supprimée: HKLM\Software\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Clé supprimée: HKLM\Software\Classes\Conduit.Engine
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2269050
    Clé supprimée: HKLM\Software\Classes\Toolbar.CT2851639
    Clé supprimée: HKLM\Software\Conduit
    Clé supprimée: HKLM\Software\conduitEngine
    Clé supprimée: HKLM\Software\MetaStream
    Clé supprimée: HKLM\Software\Viewpoint
    Clé supprimée: HKCU\Software\AppDataLow\Toolbar
    Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
    Clé supprimée: HKCU\Software\AppDataLow\Software\conduitEngine
    Clé supprimée: HKCU\Software\AppDataLow\Software\PriceGong
    Clé supprimée: HKCU\Software\AppDataLow\Software\ShopperReports3
    Clé supprimée: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\binternet
    Clé supprimée: HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ClickPotatoLiteSA
    Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F7B054CE-B795-4AF1-82B8-88F36F7F1E8A}
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
    Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Clé supprimée: HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Clé supprimée: HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Clé supprimée: HKLM\Software\MozillaPlugins\@viewpoint.com/VMP

    Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}

    ============== SCAN ADDITIONNEL ==============

    **** Mozilla Firefox Version [4.0 (fr)] ****

    Searchplugins\bing.xml ( hxxp://www.bing.com/search)
    Components\browsercomps.dll (Mozilla Foundation)
    Extensions - "{AB2CE124-6272-4b12-94A9-7303C7397BD1}" (?)

    -- C:\Users\Hugo\AppData\Roaming\Mozilla\FireFox\Profiles\qz2l1xpv.default --
    Prefs.js - browser.download.lastDir, C:\\Users\\Hugo\\Downloads
    Prefs.js - browser.search.defaultenginename, Web Search...
    Prefs.js - browser.search.selectedEngine, Google
    Prefs.js - browser.startup.homepage, www.google.fr/ig
    Prefs.js - browser.startup.homepage_override.buildID, 20110318052756
    Prefs.js - browser.startup.homepage_override.mstone, rv:2.0

    ========================================

    **** Internet Explorer Version [7.0.6002.18005] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKCU_URLSearchHooks|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\tbuTo1.dll)
    HKCU_URLSearchHooks|{872b5b88-9db5-4310-bdd0-ac189557e5f5} - "DVDVideoSoftTB Toolbar" (C:\Program Files\DVDVideoSoftTB\tbDVD0.dll)
    HKLM_URLSearchHooks|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\tbuTo1.dll)
    HKLM_URLSearchHooks|{872b5b88-9db5-4310-bdd0-ac189557e5f5} - "DVDVideoSoftTB Toolbar" (C:\Program Files\DVDVideoSoftTB\tbDVD0.dll)
    HKCU_SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193} - "cherche.us" (hxxp://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&c...)
    HKCU_Toolbar\WebBrowser|{05EEB91A-AEF7-4F8A-978F-FB83E7B03F8E} (C:\Program Files\uTorrentBar_FR\tbuTo1.dll)
    HKCU_Toolbar\WebBrowser|{872B5B88-9DB5-4310-BDD0-AC189557E5F5} (C:\Program Files\DVDVideoSoftTB\tbDVD0.dll)
    HKLM_Toolbar|{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} (C:\Program Files\uTorrentBar_FR\tbuTo1.dll)
    HKLM_Toolbar|{872b5b88-9db5-4310-bdd0-ac189557e5f5} (C:\Program Files\DVDVideoSoftTB\tbDVD0.dll)
    HKCU_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?)
    HKCU_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?)
    HKCU_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?)
    HKLM_ElevationPolicy\8b11228a-b8d1-47a0-a71a-1fee745f2328 - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper.exe (?)
    HKLM_ElevationPolicy\{2C1ED9B2-42EA-4177-88BE-D03BCC26B891} - C:\Program Files\uTorrentBar_FR\uTorrentBar_FRToolbarHelper.exe (?)
    HKLM_ElevationPolicy\{6052BF20-EA23-4A04-B3C1-A20EFE01A95A} - C:\Program Files\Veetle\Player\vtl_hfs.exe (?)
    HKLM_ElevationPolicy\{680FA47E-AB59-46BE-B594-7358726E108B} - C:\Program Files\Veetle\Player\player.exe (?)
    HKLM_ElevationPolicy\{B12E2A9B-7595-446F-8DE3-73793808ABEC} - C:\Program Files\DVDVideoSoftTB\DVDVideoSoftTBToolbarHelper1.exe (Conduit Ltd.)
    HKLM_ElevationPolicy\{E8BC6C2B-DD90-4397-96EB-2AAF0E48ABE6} - C:\Program Files\Veetle\Player\vtl_hfax.exe (?)
    BHO\{05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} - "uTorrentBar_FR Toolbar" (C:\Program Files\uTorrentBar_FR\tbuTo1.dll)
    BHO\{5C255C8A-E604-49b4-9D64-90988571CECB} (?)
    BHO\{872b5b88-9db5-4310-bdd0-ac189557e5f5} - "DVDVideoSoftTB Toolbar" (C:\Program Files\DVDVideoSoftTB\tbDVD0.dll)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 146 Fichier(s)
    C:\Program Files\Ad-Remover\Backup: 16 Fichier(s)

    C:\Ad-Report-CLEAN[1].txt - 07/04/2011 23:11:15 (11415 Octet(s))

    Fin à: 23:12:08, 07/04/2011

    ============== E.O.F ==============
    0
  8. Valuu Messages postés 2258 Statut Contributeur 201
     
    On va vérifier,

    * Télécharge RogueKiller sur le bureau
    * Quitte tous les programmes en cours
    * Sous Vista/Seven , clic droit -> lancer en tant qu'administrateur
    * Sinon lance simplement RogueKiller.exe
    * Lorsque demandé, tape 1 et valide
    * Un rapport à dû s'ouvrir (RKreport.txt se trouve également à côté de l'exécutable), donner son contenu à la personne qui vous aide
    * Si le programme a été bloqué, ne pas hésiter a essayer plusieurs fois. Si vraiment cela ne passe pas (ça peut arriver), le renommer en winlogon.exe
    0
  9. lega170388 Messages postés 138 Statut Membre 5
     
    Ben a fait la ca a l'air bon, j'ai plus de truc qui se bloque, ca tourne bien... je continue ou c'est réglé?
    0
  10. Valuu Messages postés 2258 Statut Contributeur 201
     
    Continue, on va faire ça proprement tant qu'a faire.
    0
  11. lega170388 Messages postés 138 Statut Membre 5
     
    RogueKiller V4.3.7 par Tigzy
    contact sur https://www.luanagames.com/index.fr.html
    mail: tigzyRK<at>gmail<dot>com
    Remontees: https://www.luanagames.com/index.fr.html

    Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Demarrage : Mode normal
    Utilisateur: Hugo [Droits d'admin]
    Mode: Recherche -- Date : 09/04/2011 00:38:23

    Processus malicieux: 0

    Entrees de registre: 1
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

    Fichier HOSTS:
    127.0.0.1 localhost
    ::1 localhost

    Termine : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
    0
  12. Valuu Messages postés 2258 Statut Contributeur 201
     
    Utilise ce logiciel de diagnostic :

    * Télécharge ZHPDiag (de Nicolas Coolman)
    * Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
    * Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
    * Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
    * Héberge le rapport ZHPDiag.txt sur ce site, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.
    0
  13. lega170388 Messages postés 138 Statut Membre 5
     
    Rapport de ZHPDiag v1.27.1867 par Nicolas Coolman, Update du 10/04/2011
    Run by Hugo at 10/04/2011 14:40:49
    Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html

    ---\\ Web Browser
    MSIE: Internet Explorer v7.0.6002.18005
    MFIE: Mozilla Firefox 4.0 v4.0 (Defaut)

    ---\\ System Information
    Windows Vista Ultimate Edition, 32-bit Service Pack 2 (Build 6002)
    Processor: x86 Family 6 Model 15 Stepping 13, GenuineIntel
    Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 3000 MB (57% free)
    System Restore: Activé (Enable)
    System drive C: has 5 GB (5%) free of 78 GB

    ---\\ Logged in mode
    Computer Name: PC-DE-HUGO
    User Name: Hugo
    All Users Names: Hugo, Administrateur,
    Unselected Option: O45,O61,O62,O65,O66,O82
    Logged in as Administrator

    ---\\ Environnement Variables
    %AppData%=C:\Users\Hugo\AppData\Roaming
    %LocalAppData%=C:\Users\Hugo\AppData\Local
    %StartMenu%=C:\Users\Hugo\AppData\Roaming\Microsoft\Windows\Start Menu

    ---\\ DOS/Devices
    C:\ Hard drive, Flash drive, Thumb drive (Free 5 Go of 78 Go)
    D:\ Hard drive, Flash drive, Thumb drive (Free 25 Go of 143 Go)
    E:\ CD-ROM drive (Not Inserted)
    F:\ CD-ROM drive (Not Inserted)

    ---\\ Security Center & Tools Informations
    [HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
    [HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified

    ---\\ Recherche particulière de fichiers génériques
    [MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 07:27:36.) -- C:\Windows\Explorer.exe [2926592]
    [MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.19/01/2008 08:33:37.) -- C:\Windows\system32\Wininit.exe [96768]
    [MD5.072213E1604D843D3230EE61663466A4] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.20/12/2010 17:36:20.) -- C:\Windows\system32\wininet.dll [834048]
    [MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 07:28:13.) -- C:\Windows\system32\Winlogon.exe [314368]
    [MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.11/04/2009 07:32:26.) -- C:\Windows\system32\drivers\atapi.sys [19944]
    [MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.11/04/2009 07:32:49.) -- C:\Windows\system32\drivers\ntfs.sys [1083880]

    ---\\ Processus lancés
    [MD5.7B878518590E826F1F3A5B1D61D405F8] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3396624]
    [MD5.51B561B1B4D987F9ADD6466DC2F7F745] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032]
    [MD5.BADA5E1B4402B772E3FDF87D3AC11F86] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [170520]
    [MD5.BAD6BEA0DE1F69C82BDB74378CE0C20A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288]
    [MD5.0CFBE2D135A73CA98381FC8CC8BC5A03] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe [421160]
    [MD5.A291EF013FE9C0F11B49FD453A1EE8DA] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [267800]
    [MD5.62BB79160F86CD962F312C68C6239BFD] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53472]
    [MD5.7AAF26E5CEC48A364FAB61A3505668FB] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [924632]
    [MD5.356A22A5871AC798035E4082C0508F76] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [16856]
    [MD5.3CAADCE41AF3CAFC00EB8414A864720D] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [642560]

    ---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    M3 - MFPP: Plugins - [Hugo] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
    M3 - MFPP: Plugins - [Hugo] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml
    M3 - MFPP: Plugins - [Hugo] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
    M3 - MFPP: Plugins - [Hugo] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
    M3 - MFPP: Plugins - [Hugo] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
    M3 - MFPP: Plugins - [Hugo] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
    M3 - MFPP: Plugins - [Hugo] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
    P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - np-mswmp.) -- C:\Program Files\Mozilla Firefox\Plugins\np-mswmp.dll
    P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files\Mozilla Firefox\Plugins\npdeployJava1.dll
    P2 - FPN:Firefox Plugin Navigator . (.Microsoft Corporation - Office Plugin for Netscape Navigator.) -- C:\Program Files\Mozilla Firefox\Plugins\NPOFF12.DLL
    P2 - FPN:Firefox Plugin Navigator . (.Adobe Systems Inc. - Adobe PDF Plug-In For Firefox and Netscape "9.4.2".) -- C:\Program Files\Mozilla Firefox\Plugins\nppdf32.dll
    P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin.dll
    P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin2.dll
    P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin3.dll
    P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin4.dll
    P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin5.dll
    P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin6.dll
    P2 - FPN:Firefox Plugin Navigator . (.Apple Inc. - The QuickTime Plugin allows you to view a wide variety of multimedia c.) -- C:\Program Files\Mozilla Firefox\Plugins\npqtplugin7.dll
    P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Pas de propriétaire - Pas de description.) -- C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    P2 - FPN: [HKLM] [@Apple.com/iTunes,version=1.0] - (.Pas de propriétaire - Pas de description.) -- C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    P2 - FPN: [HKLM] [@Google.com/GoogleEarthPlugin] - (.Google - GEPlugin.) -- C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (.Sun Microsystems, Inc. - Next Generation Java Plug-in 1.6.0_22 for Mozilla browsers.) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    P2 - FPN: [HKLM] [@ma-config.com/HardwareDetection] - (.Cybelsoft - Plugin NPAPI Ma-Config.com.) -- C:\Program Files\ma-config.com\nphardwaredetection.dll
    P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 4.0.60129.0.) -- C:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
    P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    P2 - FPN: [HKLM] [@tools.google.com/Google Update;version=8] - (.Google Inc. - Google Update.) -- C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    P2 - FPN: [HKLM] [@veetle.com/veetleCorePlugin,version=0.9.18] - (.Veetle Inc - Version 0.9.18, Copyright 2006-2009 Veetle Inc<br><a href="http://www..) -- C:\Program Files\Veetle\plugins\npVeetle.dll
    P2 - FPN: [HKLM] [@veetle.com/veetlePlayerPlugin,version=0.9.18] - (.Veetle Inc - Version 0.9.18, copyright 2006-2010 Veetle Inc<br><a href="http://www..) -- C:\Program Files\Veetle\Player\npvlc.dll
    M0 - MFSP: prefs.js [Hugo - qz2l1xpv.default] www.google.fr/ig
    M2 - MFEP: prefs.js [Hugo - qz2l1xpv.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.1 (.Microsoft.)

    ---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKUS\S-1-5-21-2142108531-2679806523-3606810650-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
    R3 - URLSearchHook: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.7.3) -- C:\Program Files\uTorrentBar_FR\tbuTo1.dll
    R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.2.4) -- C:\Program Files\DVDVideoSoftTB\tbDVD0.dll
    R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Explorer.) (7.00.6000.16386 (vista_rtm.061101-2205)) -- C:\Windows\system32\ieframe.dll
    R3 - URLSearchHook: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.7.3) -- C:\Program Files\uTorrentBar_FR\tbuTo1.dll
    R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.2.4) -- C:\Program Files\DVDVideoSoftTB\tbDVD0.dll
    R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 1

    ---\\ Internet Explorer, Proxy Management (R5)
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
    R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
    R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
    R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

    ---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
    F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"

    ---\\ Browser Helper Objects de navigateur (O2)
    O2 - BHO: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\uTorrentBar_FR\tbuTo1.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
    O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\DVDVideoSoftTB\tbDVD0.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corporation - WindowsLiveLogin.dll.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll

    ---\\ Internet Explorer Toolbars (O3)
    O3 - Toolbar: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\uTorrentBar_FR\tbuTo1.dll
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\DVDVideoSoftTB\tbDVD0.dll

    ---\\ ---\\ Applications démarrées par registre & par dossier (O4)
    O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastUI.exe
    O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    O4 - HKLM\..\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    O4 - HKCU\..\Run: [9Giga Synchro] . (.Agematis - 9Giga Synchro.) -- C:\Program Files\SFR\9Giga Synchro\9Giga_Synchro.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
    O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
    O4 - HKUS\S-1-5-21-2142108531-2679806523-3606810650-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    O4 - HKUS\S-1-5-21-2142108531-2679806523-3606810650-1000\..\Run: [9Giga Synchro] . (.Agematis - 9Giga Synchro.) -- C:\Program Files\SFR\9Giga Synchro\9Giga_Synchro.exe

    ---\\ ---\\ Autres liens utilisateurs (O4)
    O4 - Global Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - Global Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Mail\WinMail.exe
    O4 - Global Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Media Player\wmplayer.exe
    O4 - Global Startup: C:\Users\Hugo\Desktop\AD-R.lnk . (...) -- C:\Program Files\Ad-Remover\main.exe
    O4 - Global Startup: C:\Users\Hugo\Desktop\Musique.lnk . (...) -- D:\Musique
    O4 - Global Startup: C:\Users\Hugo\Desktop\Videos.lnk . (...) -- D:\Videos
    O4 - Global Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Alcohol 52%.lnk . (.Alcohol Soft Development Team.) -- C:\Program Files\Alcohol Soft\Alcohol 52\Alcohol.exe
    O4 - Global Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\avast! Free Antivirus.lnk . (.AVAST Software.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    O4 - Global Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk . (.Microsoft Corporation.) -- C:\Windows\System32\calc.exe
    O4 - Global Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Football Manager 2011 - Raccourci.lnk - Clé orpheline
    O4 - Global Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk . (.Apple Inc..) -- C:\Program Files\iTunes\iTunes.exe
    O4 - Global Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\JDownloader.lnk . (.AppWork UG (haftungsbeschränkt).) -- C:\Program Files\JDownloader\JDownloader.exe
    O4 - Global Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
    O4 - Global Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
    O4 - Global Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files\Mozilla Firefox\firefox.exe
    O4 - Global Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Skype.lnk . (...) -- C:\Windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe
    O4 - Global Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk . (...) -- C:\Program Files\VideoLAN\VLC\vlc.exe
    O4 - Global Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamax Poker.lnk . (...) -- C:\Program Files\Winamax Poker\Winamax Poker.exe
    O4 - Global Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    O4 - Global Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk . (.BitTorrent, Inc..) -- C:\Program Files\uTorrent\uTorrent.exe

    ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
    O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~1\MICROS~3\Office12\EXCEL.exe

    ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (.Pas de propriétaire - Pas de description.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
    O9 - Extra button: Skype Plug-In - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (.Pas de propriétaire - Pas de description.) -- C:\PROGRA~1\MICROS~3\Office12\REFBARH.ICO

    ---\\ Winsock hijacker (Layered Service Provider) (O10)
    O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
    O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
    O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
    O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
    O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
    O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
    O10 - WLSP:\000000000007\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files\Bonjour\mdnsNSP.dll

    ---\\ Site dans la Zone de confiance d'Internet Explorer (O15)
    O15 - Trusted Zone: [HKCU\...\Domains] *.chat-land.org
    O15 - Trusted Zone: [HKCU\...\Domains\www] *.chat-land.org

    ---\\ Modification Domaine/Adresses DNS (O17)
    O17 - HKLM\System\CCS\Services\Tcpip\..\{DDF396C0-16B5-4334-905C-C849034F7397}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{DDF396C0-16B5-4334-905C-C849034F7397}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

    ---\\ Protocole additionnel et piratage de protocole (O18)
    O18 - Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} . (.Skype Technologies S.A. - Skype add-on for IE.) -- C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} . (.Skype Technologies - Skype for COM API.) -- C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

    ---\\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

    ---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\system32\webcheck.dll

    ---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
    O22 - SharedTaskScheduler: (no name) - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll

    ---\\ Liste des services NT non Microsoft et non désactivés (O23)
    O23 - Service: (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: (EvtEng) . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Event Log Service.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: (iPod Service) . (.Apple Inc. - iPodService Module (32-bit).) - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: (maconfservice) . (.CybelSoft - Service de détection matériel.) - C:\Program Files\ma-config.com\maconfservice.exe
    O23 - Service: (Realtek87B) . (.Realtek - RtlService MFC Application.) - C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe
    O23 - Service: (RegSrvc) . (.Intel(R) Corporation - Intel(R) PROSet/Wireless Registry Service.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: (StarWindServiceAE) . (.StarWind Software - StarWind iSCSI Target (Alcohol Edition).) - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

    ---\\ Enumération Active Desktop & MHTML Editor (O24)
    O24 - Default MHTML Editor: Last - .(...) - (.not file.)

    ---\\ Tâches planifiées en automatique (O39)
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
    [MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files\Google\Update\GoogleUpdate.exe
    [MD5.1AA23094CE90784854FB1F25BE645AFA] [APT] [{52DEC439-004E-4596-AE96-8B89EF4C8433}] (.Skype Technologies S.A..) -- C:\Program Files\Skype\Phone\Skype.exe
    [MD5.187E0D2AB859AD03393DDD731076BE81] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

    ---\\ Pilotes lancés au démarrage (O41)
    O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
    O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
    O41 - Driver: (CSC) . (.Microsoft Corporation - Windows Client Side Caching Driver.) - C:\Windows\System32\drivers\csc.sys
    O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
    O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
    O41 - Driver: (kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
    O41 - Driver: (mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
    O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
    O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
    O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
    O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
    O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
    O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
    O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
    O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
    O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\System32\DRIVERS\smb.sys
    O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
    O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
    O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
    O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys

    ---\\ Logiciels installés (O42)
    O42 - Logiciel: 300 Recettes de Cuisine - (.Pas de propriétaire.) [HKLM] -- {21E73A3F-DA86-4DA7-9BC3-C8F5CC48CD5D}
    O42 - Logiciel: 32 Bit HP BiDi Channel Components Installer - (.Hewlett-Packard.) [HKLM] -- {9DE3F260-B88E-42CE-90E7-73C78C37D95E}
    O42 - Logiciel: 9Giga Synchro v2.9.2 - (.SFR.) [HKLM] -- {D9267488-4DC9-4D6B-866D-40E19A23CC04}_is1
    O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- Adobe AIR
    O42 - Logiciel: Adobe AIR - (.Adobe Systems Inc..) [HKLM] -- {46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
    O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player ActiveX
    O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM] -- Adobe Flash Player Plugin
    O42 - Logiciel: Adobe Reader 9.4.2 - Français - (.Adobe Systems Incorporated.) [HKLM] -- {AC76BA86-7AD7-1036-7B44-A94000000001}
    O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM] -- {2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}
    O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {CACAEB5F-174D-4C7C-AC56-A33289A807CA}
    O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] -- {C41300B9-185D-475E-BFEC-39EF732F19B1}
    O42 - Logiciel: Archiveur WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
    O42 - Logiciel: Assistant de connexion Windows Live - (.Microsoft Corporation.) [HKLM] -- {DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
    O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {2A981294-F14C-4F0F-9627-D793270922F8}
    O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
    O42 - Logiciel: Canon Utilities My Printer - (.Pas de propriétaire.) [HKLM] -- CanonMyPrinter
    O42 - Logiciel: DVDVideoSoftTB Toolbar - (.Pas de propriétaire.) [HKLM] -- DVDVideoSoftTB Toolbar
    O42 - Logiciel: Football Manager 2011 - (.Sports Interactive.) [HKLM] -- Football Manager 2011
    O42 - Logiciel: Free 3GP Video Converter version 3.7.18 - (.DVDVideoSoft Limited..) [HKLM] -- Free 3GP Video Converter_is1
    O42 - Logiciel: Free Audio Converter version 2.2.11 - (.DVDVideoSoft Limited..) [HKLM] -- Free Audio Converter_is1
    O42 - Logiciel: Google Earth Plug-in - (.Google.) [HKLM] -- {A0DBDF40-559F-11E0-82E2-001D0926B1BF}
    O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595
    O42 - Logiciel: Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484
    O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- WinLiveSuite_Wave3
    O42 - Logiciel: Installation Windows Live - (.Microsoft Corporation.) [HKLM] -- {133742BA-6F46-4D3E-85AF-78631D9AD8B8}
    O42 - Logiciel: Intel PROSet Wireless - (.Pas de propriétaire.) [HKLM] -- ProInst
    O42 - Logiciel: Intel(R) Graphics Media Accelerator Driver - (.Intel Corporation.) [HKLM] -- {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}
    O42 - Logiciel: JDownloader - (.AppWork UG (haftungsbeschränkt).) [HKLM] -- JDownloader
    O42 - Logiciel: Java(TM) 6 Update 22 - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216022FF}
    O42 - Logiciel: MKVtoolnix 4.3.0 - (.Moritz Bunkus.) [HKLM] -- MKVtoolnix
    O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM] -- {22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    O42 - Logiciel: Ma-Config.com - (.Cybelsoft.) [HKLM] -- {96EB95A2-5245-4EA2-B6EA-B8BA2FBF64C4}
    O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM] -- Malwarebytes' Anti-Malware_is1
    O42 - Logiciel: Matroska (remove only) - (.Pas de propriétaire.) [HKLM] -- Matroska
    O42 - Logiciel: Messenger Plus! Live - (.Yuna Software.) [HKLM] -- Messenger Plus! Live
    O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
    O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    O42 - Logiciel: Microsoft Choice Guard - (.Microsoft Corporation.) [HKLM] -- {F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
    O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
    O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}_PROPLUS_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
    O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}_PROPLUS_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
    O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0015-040C-0000-0000000FF1CE}
    O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0016-040C-0000-0000000FF1CE}
    O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0044-040C-0000-0000000FF1CE}
    O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001A-040C-0000-0000000FF1CE}
    O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0018-040C-0000-0000000FF1CE}
    O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- PROPLUS
    O42 - Logiciel: Microsoft Office Professional Plus 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}
    O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}
    O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}
    O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}
    O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}
    O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}
    O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}
    O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002C-040C-0000-0000000FF1CE}
    O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0401-0000-0000000FF1CE}_PROPLUS_{14809F99-C601-4D4A-9391-F1E8FAA964C5}
    O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}
    O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
    O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}
    O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0413-0000-0000000FF1CE}_PROPLUS_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
    O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM] -- {90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
    O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-0019-040C-0000-0000000FF1CE}
    O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-006E-040C-0000-0000000FF1CE}
    O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-001B-040C-0000-0000000FF1CE}
    O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM] -- {837b34e3-7c30-493c-8f6a-2b0f04e2912c}
    O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
    O42 - Logiciel: Mozilla Firefox 4.0 (x86 fr) - (.Mozilla.) [HKLM] -- Mozilla Firefox 4.0 (x86 fr)
    O42 - Logiciel: OEM Logo and Information - (.Packard Bell.) [HKLM] -- OEMInformation
    O42 - Logiciel: Outil de téléchargement Windows Live - (.Microsoft Corporation.) [HKLM] -- {205C6BDD-7B73-42DE-8505-9A093F35A238}
    O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM] -- {57752979-A1C9-4C02-856B-FBB27AC4E02C}
    O42 - Logiciel: REALTEK Wireless LAN Driver and Utility - (.REALTEK Semiconductor Corp..) [HKLM] -- {BE686891-3C56-4714-AFEF-341A7867BA80}
    O42 - Logiciel: Realtek 8169 8168 8101E 8102E Ethernet Driver - (.Realtek.) [HKLM] -- {8833FFB6-5B0C-4764-81AA-06DFEED9A476}
    O42 - Logiciel: Realtek USB 2.0 Card Reader - (.Realtek Semiconductor Corp..) [HKLM] -- {96AE7E41-E34E-47D0-AC07-1091A8127911}
    O42 - Logiciel: Realtek USB 2.0 Card Reader - (.Realtek Semiconductor Corp..) [HKLM] -- {DC24971E-1946-445D-8A82-CE685433FA7D}
    O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288621) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5C497F0B-2061-4CC9-A61C-6B45B867354D}
    O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288931) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CD769337-C8AC-46DB-A7DC-643E50089263}
    O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2289158) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{210B16C0-CEBD-4DE9-B474-04A7E8735E16}
    O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2344875) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6FC5C4C1-D7AE-44C3-94B7-6424FC3E752F}
    O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2345043) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{536FB502-775F-4494-BACE-C02CC90B7A5B}
    O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
    O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7F207DCA-3399-40CB-A968-6E5991B1421A}
    O42 - Logiciel: Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473
    O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
    O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{5A4E43D5-858F-49BD-BA72-8F30E1793060}
    O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB2345035) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{B23002DD-34EC-4988-B810-A5E2A0BF04F1}
    O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
    O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
    O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB982158) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
    O42 - Logiciel: Security Update for Microsoft Office PowerPoint Viewer (KB2413381) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3DED0A62-44C8-4E00-A785-5212F297A9D9}
    O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB2284697) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3A4CDE54-2403-483D-8D9A-15E3264410DF}
    O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
    O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB2344993) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
    O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}
    O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
    O42 - Logiciel: Skype Toolbars - (.Skype Technologies S.A..) [HKLM] -- {CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
    O42 - Logiciel: Skype(TM) 5.0 - (.Skype Technologies S.A..) [HKLM] -- {E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
    O42 - Logiciel: Uninstall 1.0.0.1 - (.Pas de propriétaire.) [HKLM] -- Uninstall_is1
    O42 - Logiciel: Update for 2007 Microsoft Office System (KB967642) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}
    O42 - Logiciel: Update for Microsoft .NET Framework 3.5 SP1 (KB963707) - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707
    O42 - Logiciel: Update for Microsoft Office Outlook 2007 (KB2412171) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{752A0B7C-BD24-4362-AC86-AB63FEE6F46F}
    O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (KB2492475) - (.Microsoft.) [HKLM] -- {90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{AB9C3240-8F97-4998-8911-3D40044124FC}
    O42 - Logiciel: VLC media player 1.1.4 - (.VideoLAN.) [HKLM] -- VLC media player
    O42 - Logiciel: Veetle TV 0.9.18 - (.Veetle, Inc.) [HKLM] -- Veetle TV
    O42 - Logiciel: Winamax Poker - (.Table 14.) [HKLM] -- wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
    O42 - Logiciel: Winamax Poker - (.Table 14.) [HKLM] -- {214E26B6-AEA4-EE41-1425-E5479325F804}
    O42 - Logiciel: Windows Live Call - (.Microsoft Corporation.) [HKLM] -- {B3B487E7-6171-4376-9074-B28082CEB504}
    O42 - Logiciel: Windows Live Communications Platform - (.Microsoft Corporation.) [HKLM] -- {3175E049-F9A9-4A3D-8F19-AC9FB04514D1}
    O42 - Logiciel: Windows Live Messenger - (.Microsoft Corporation.) [HKLM] -- {445B183D-F4F1-45C8-B9DB-F11355CA657B}
    O42 - Logiciel: Windows Media Player Firefox Plugin - (.Microsoft Corp.) [HKLM] -- {69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    O42 - Logiciel: avast! Free Antivirus - (.Alwil Software.) [HKLM] -- avast5
    O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] -- {2A697B53-0DE3-42DA-B41D-C3F804B1C538}
    O42 - Logiciel: uTorrentBar_FR Toolbar - (.uTorrentBar_FR.) [HKLM] -- uTorrentBar_FR Toolbar
    O42 - Logiciel: µTorrent - (.Pas de propriétaire.) [HKLM] -- uTorrent

    ---\\ HKCU & HKLM Software Keys
    [HKCU\Software\ALWIL Software]
    [HKCU\Software\Ad-Remover]
    [HKCU\Software\Adobe]
    [HKCU\Software\Alcohol Soft]
    [HKCU\Software\America Online]
    [HKCU\Software\AppDataLow\Software\DVDVideoSoftTB]
    [HKCU\Software\AppDataLow\Software\Monitored]
    [HKCU\Software\AppDataLow\Software\settings]
    [HKCU\Software\AppDataLow\Software\uTorrentBar_FR]
    [HKCU\Software\AppDataLow\Software]
    [HKCU\Software\AppDataLow]
    [HKCU\Software\Apple Computer, Inc.]
    [HKCU\Software\Apple Inc.]
    [HKCU\Software\Binary Noise]
    [HKCU\Software\BitTorrent]
    [HKCU\Software\Canon]
    [HKCU\Software\Classes]
    [HKCU\Software\Clients]
    [HKCU\Software\DVDVideoSoft]
    [HKCU\Software\Google]
    [HKCU\Software\Hewlett-Packard]
    [HKCU\Software\IM Providers]
    [HKCU\Software\INTEL]
    [HKCU\Software\JavaSoft]
    [HKCU\Software\Macromedia]
    [HKCU\Software\Malwarebytes' Anti-Malware]
    [HKCU\Software\Mozilla]
    [HKCU\Software\Nero]
    [HKCU\Software\Netscape]
    [HKCU\Software\ODBC]
    [HKCU\Software\PartyFrance]
    [HKCU\Software\Patchou]
    [HKCU\Software\Piriform]
    [HKCU\Software\Policies]
    [HKCU\Software\SFR]
    [HKCU\Software\SkypeApps]
    [HKCU\Software\Skype]
    [HKCU\Software\Softonic]
    [HKCU\Software\Valve]
    [HKCU\Software\Veetle]
    [HKCU\Software\WEQSOFT]
    [HKCU\Software\WinRAR SFX]
    [HKCU\Software\WinRAR]
    [HKCU\Software\YahooPartnerToolbar]
    [HKCU\Software\cybelsoft]
    [HKCU\Software\mkvmergeGUI]
    [HKLM\Software\ALWIL Software]
    [HKLM\Software\Adobe]
    [HKLM\Software\Ahead]
    [HKLM\Software\Alcohol Soft]
    [HKLM\Software\America Online]
    [HKLM\Software\Apple Computer, Inc.]
    [HKLM\Software\Apple Inc.]
    [HKLM\Software\Canon]
    [HKLM\Software\Classes]
    [HKLM\Software\Clients]
    [HKLM\Software\DVDVideoSoftTB]
    [HKLM\Software\DVDVideoSoft]
    [HKLM\Software\DirectShowFilters]
    [HKLM\Software\GEAR Software]
    [HKLM\Software\Google]
    [HKLM\Software\Hewlett-Packard]
    [HKLM\Software\Intel]
    [HKLM\Software\JavaSoft]
    [HKLM\Software\JreMetrics]
    [HKLM\Software\Macromedia]
    [HKLM\Software\Malwarebytes' Anti-Malware]
    [HKLM\Software\Micro Application]
    [HKLM\Software\MozillaPlugins]
    [HKLM\Software\Mozilla]
    [HKLM\Software\Nero]
    [HKLM\Software\Notepad]
    [HKLM\Software\ODBC]
    [HKLM\Software\Patchou]
    [HKLM\Software\Piriform]
    [HKLM\Software\Policies]
    [HKLM\Software\RTLSetup]
    [HKLM\Software\Realtek Semiconductor Corp.]
    [HKLM\Software\Realtek USB 2.0 Card Reader]
    [HKLM\Software\Realtek]
    [HKLM\Software\RegisteredApplications]
    [HKLM\Software\RtWLan]
    [HKLM\Software\Skype]
    [HKLM\Software\Sonic]
    [HKLM\Software\Sports Interactive Ltd]
    [HKLM\Software\Veetle]
    [HKLM\Software\VideoLAN]
    [HKLM\Software\WinRAR]
    [HKLM\Software\Windows]
    [HKLM\Software\cybelsoft]
    [HKLM\Software\mkvmergeGUI]
    [HKLM\Software\mozilla.org]
    [HKLM\Software\uTorrentBar_FR]

    ---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 - CFD: 07/04/2011 - 23:11:00 - [126740230] ----D- C:\Program Files\Ad-Remover
    O43 - CFD: 14/11/2010 - 17:35:50 - [244719774] ----D- C:\Program Files\Adobe
    O43 - CFD: 14/11/2010 - 16:25:04 - [8716862] ----D- C:\Program Files\Alcohol Soft
    O43 - CFD: 14/11/2010 - 15:50:26 - [147488666] ----D- C:\Program Files\Alwil Software
    O43 - CFD: 14/11/2010 - 17:27:46 - [2306366] ----D- C:\Program Files\Apple Software Update
    O43 - CFD: 30/03/2011 - 14:05:22 - [617029] ----D- C:\Program Files\Bonjour
    O43 - CFD: 16/11/2010 - 18:09:56 - [5212587] ----D- C:\Program Files\Canon
    O43 - CFD: 20/11/2010 - 17:28:10 - [3206848] ----D- C:\Program Files\CCleaner
    O43 - CFD: 14/11/2010 - 16:13:16 - [6221977] ----D- C:\Program Files\Cisco
    O43 - CFD: 20/01/2011 - 14:09:28 - [698889594] ----D- C:\Program Files\Common Files
    O43 - CFD: 13/12/2010 - 13:49:28 - [5868511] ----D- C:\Program Files\DVDVideoSoft
    O43 - CFD: 15/01/2011 - 22:30:02 - [9953578] ----D- C:\Program Files\DVDVideoSoftTB
    O43 - CFD: 14/11/2010 - 15:34:34 - [0] -SH-D- C:\Program Files\Fichiers communs
    O43 - CFD: 06/04/2011 - 17:51:52 - [44630931] ----D- C:\Program Files\Google
    O43 - CFD: 14/12/2010 - 00:38:52 - [30721829] --H-D- C:\Program Files\InstallShield Installation Information
    O43 - CFD: 15/11/2010 - 14:59:44 - [69533408] ----D- C:\Program Files\Intel
    O43 - CFD: 06/12/2010 - 17:48:52 - [2793197] ----D- C:\Program Files\Internet Explorer
    O43 - CFD: 30/03/2011 - 14:08:30 - [1856627] ----D- C:\Program Files\iPod
    O43 - CFD: 30/03/2011 - 14:09:16 - [127660511] ----D- C:\Program Files\iTunes
    O43 - CFD: 14/11/2010 - 16:54:28 - [90338144] ----D- C:\Program Files\Java
    O43 - CFD: 03/04/2011 - 22:24:12 - [54626440] ----D- C:\Program Files\JDownloader
    O43 - CFD: 14/11/2010 - 17:19:28 - [5253635] ----D- C:\Program Files\ma-config.com
    O43 - CFD: 07/04/2011 - 21:47:30 - [4921886] ----D- C:\Program Files\Malwarebytes' Anti-Malware
    O43 - CFD: 07/01/2011 - 15:48:40 - [455446] ----D- C:\Program Files\Matroska
    O43 - CFD: 14/11/2010 - 16:58:18 - [13162606] ----D- C:\Program Files\Messenger Plus! Live
    O43 - CFD: 14/12/2010 - 00:38:52 - [30323784] ----D- C:\Program Files\Micro Application
    O43 - CFD: 14/11/2010 - 16:50:12 - [226432] ----D- C:\Program Files\Microsoft
    O43 - CFD: 02/11/2006 - 14:35:52 - [93446071] ----D- C:\Program Files\Microsoft Games
    O43 - CFD: 18/11/2010 - 00:34:24 - [563490449] ----D- C:\Program Files\Microsoft Office
    O43 - CFD: 24/02/2011 - 01:17:22 - [38371963] ----D- C:\Program Files\Microsoft Silverlight
    O43 - CFD: 18/11/2010 - 00:34:20 - [14904] ----D- C:\Program Files\Microsoft Visual Studio
    O43 - CFD: 18/11/2010 - 00:30:34 - [1387249] ----D- C:\Program Files\Microsoft Visual Studio 8
    O43 - CFD: 04/01/2011 - 13:54:02 - [3726168] ----D- C:\Program Files\Microsoft Works
    O43 - CFD: 18/11/2010 - 00:33:06 - [8152064] ----D- C:\Program Files\Microsoft.NET
    O43 - CFD: 07/01/2011 - 15:42:26 - [29609860] ----D- C:\Program Files\MKVtoolnix
    O43 - CFD: 06/12/2010 - 17:48:52 - [99342446] ----D- C:\Program Files\Movie Maker
    O43 - CFD: 22/03/2011 - 21:34:12 - [35016970] ----D- C:\Program Files\Mozilla Firefox
    O43 - CFD: 18/11/2010 - 00:34:42 - [26521] ----D- C:\Program Files\MSBuild
    O43 - CFD: 18/11/2010 - 00:40:56 - [221274875] ----D- C:\Program Files\Nero
    O43 - CFD: 14/12/2010 - 18:28:26 - [76322555] ----D- C:\Program Files\QuickTime
    O43 - CFD: 15/11/2010 - 14:58:04 - [19365634] ----D- C:\Program Files\Realtek
    O43 - CFD: 02/11/2006 - 14:35:52 - [37812993] ----D- C:\Program Files\Reference Assemblies
    O43 - CFD: 13/01/2011 - 17:53:02 - [11848424] ----D- C:\Program Files\SFR
    O43 - CFD: 14/11/2010 - 17:06:24 - [28205147] R---D- C:\Program Files\Skype
    O43 - CFD: 14/11/2010 - 16:27:28 - [2143628817] ----D- C:\Program Files\Sports Interactive
    O43 - CFD: 02/11/2006 - 15:00:32 - [0] --H-D- C:\Program Files\Uninstall Information
    O43 - CFD: 15/12/2010 - 17:28:10 - [395640] ----D- C:\Program Files\uTorrent
    O43 - CFD: 15/01/2011 - 22:28:26 - [8043743] ----D- C:\Program Files\uTorrentBar_FR
    O43 - CFD: 16/03/2011 - 22:29:08 - [10428379] ----D- C:\Program Files\Veetle
    O43 - CFD: 14/11/2010 - 15:50:58 - [84488118] ----D- C:\Program Files\VideoLAN
    O43 - CFD: 19/02/2011 - 00:42:06 - [6744147] ----D- C:\Program Files\Winamax Poker
    O43 - CFD: 06/12/2010 - 17:48:52 - [1016832] ----D- C:\Program Files\Windows Calendar
    O43 - CFD: 06/12/2010 - 17:48:52 - [2737152] ----D- C:\Program Files\Windows Collaboration
    O43 - CFD: 06/12/2010 - 17:48:50 - [4490624] ----D- C:\Program Files\Windows Defender
    O43 - CFD: 06/12/2010 - 17:48:52 - [7084664] ----D- C:\Program Files\Windows Journal
    O43 - CFD: 14/11/2010 - 16:50:06 - [45853789] ----D- C:\Program Files\Windows Live
    O43 - CFD: 14/11/2010 - 16:49:56 - [245112] ----D- C:\Program Files\Windows Live SkyDrive
    O43 - CFD: 15/12/2010 - 21:53:40 - [9116344] ----D- C:\Program Files\Windows Mail
    O43 - CFD: 06/12/2010 - 17:48:52 - [4494025] ----D- C:\Program Files\Windows Media Player
    O43 - CFD: 14/11/2010 - 15:34:34 - [7957544] ----D- C:\Program Files\Windows NT
    O43 - CFD: 06/12/2010 - 17:48:52 - [13528738] ----D- C:\Program Files\Windows Photo Gallery
    O43 - CFD: 06/12/2010 - 17:48:52 - [6527558] ----D- C:\Program Files\Windows Sidebar
    O43 - CFD: 14/11/2010 - 15:54:42 - [3525705] ----D- C:\Program Files\WinRAR
    O43 - CFD: 14/11/2010 - 16:31:30 - [2640] --H-D- C:\Program Files\Zero G Registry
    O43 - CFD: 10/04/2011 - 14:40:58 - [4716251] ----D- C:\Program Files\ZHPDiag
    O43 - CFD: 14/11/2010 - 17:37:36 - [6281214] ----D- C:\Program Files\Common Files\Adobe
    O43 - CFD: 14/11/2010 - 16:55:14 - [30826314] ----D- C:\Program Files\Common Files\Adobe AIR
    O43 - CFD: 30/03/2011 - 14:08:30 - [91350844] ----D- C:\Program Files\Common Files\Apple
    O43 - CFD: 18/11/2010 - 00:34:18 - [92976] ----D- C:\Program Files\Common Files\DESIGNER
    O43 - CFD: 13/12/2010 - 13:49:40 - [29046746] ----D- C:\Program Files\Common Files\DVDVideoSoft
    O43 - CFD: 14/12/2010 - 00:38:08 - [3188567] ----D- C:\Program Files\Common Files\InstallShield
    O43 - CFD: 14/11/2010 - 16:13:14 - [7675408] ----D- C:\Program Files\Common Files\Intel
    O43 - CFD: 15/11/2010 - 15:32:10 - [1243079] ----D- C:\Program Files\Common Files\Java
    O43 - CFD: 04/01/2011 - 13:54:30 - [403332870] ----D- C:\Program Files\Common Files\microsoft shared
    O43 - CFD: 18/11/2010 - 00:40:42 - [6721264] ----D- C:\Program Files\Common Files\Nero
    O43 - CFD: 02/11/2006 - 13:18:34 - [2702] ----D- C:\Program Files\Common Files\Services
    O43 - CFD: 14/11/2010 - 17:05:12 - [2164104] ----D- C:\Program Files\Common Files\Skype
    O43 - CFD: 02/11/2006 - 13:18:34 - [41101735] ----D- C:\Program Files\Common Files\SpeechEngines
    O43 - CFD: 04/01/2011 - 13:52:34 - [42800692] ----D- C:\Program Files\Common Files\System
    O43 - CFD: 14/11/2010 - 16:42:58 - [33061079] ----D- C:\Program Files\Common Files\Windows Live
    O43 - CFD: 18/11/2010 - 03:12:50 - [15171323] ----D- C:\ProgramData\Adobe
    O43 - CFD: 14/11/2010 - 15:50:26 - [29270420] ----D- C:\ProgramData\Alwil Software
    O43 - CFD: 19/01/2011 - 20:26:22 - [0] ----D- C:\ProgramData\AOL
    O43 - CFD: 19/01/2011 - 19:37:12 - [93038963] ----D- C:\ProgramData\AOL Downloads
    O43 - CFD: 19/01/2011 - 19:43:26 - [0] ----D- C:\ProgramData\AOL OCP
    O43 - CFD: 14/11/2010 - 17:23:34 - [94305792] ----D- C:\ProgramData\Apple
    O43 - CFD: 30/03/2011 - 14:08:30 - [65308456] ----D- C:\ProgramData\Apple Computer
    O43 - CFD: 02/11/2006 - 15:00:40 - [0] -SH-D- C:\ProgramData\Application Data
    O43 - CFD: 14/11/2010 - 15:34:34 - [0] -SH-D- C:\ProgramData\Bureau
    O43 - CFD: 11/12/2010 - 14:18:46 - [19146118] --H-D- C:\ProgramData\CanonBJ
    O43 - CFD: 07/04/2011 - 22:44:32 - [192] ----D- C:\ProgramData\dAo06511cHbJn06511
    O43 - CFD: 02/11/2006 - 15:00:40 - [0] -SH-D- C:\ProgramData\Desktop
    O43 - CFD: 02/11/2006 - 15:00:40 - [0] -SH-D- C:\ProgramData\Documents
    O43 - CFD: 18/11/2010 - 00:57:02 - [144] ----D- C:\ProgramData\Driver Whiz
    O43 - CFD: 14/11/2010 - 15:34:34 - [0] -SH-D- C:\ProgramData\Favoris
    O43 - CFD: 02/11/2006 - 15:00:40 - [0] -SH-D- C:\ProgramData\Favorites
    O43 - CFD: 19/01/2011 - 15:35:04 - [0] ----D- C:\ProgramData\Google
    O43 - CFD: 09/12/2010 - 15:43:00 - [39789] ----D- C:\ProgramData\Hewlett-Packard
    O43 - CFD: 14/11/2010 - 16:13:14 - [920] ----D- C:\ProgramData\Intel
    O43 - CFD: 14/11/2010 - 17:19:16 - [1208903] ----D- C:\ProgramData\ma-config.com
    O43 - CFD: 19/01/2011 - 19:45:24 - [43] ----D- C:\ProgramData\Macromedia
    O43 - CFD: 07/04/2011 - 21:47:30 - [6507556] ----D- C:\ProgramData\Malwarebytes
    O43 - CFD: 14/11/2010 - 15:34:34 - [0] -SH-D- C:\ProgramData\Menu Démarrer
    O43 - CFD: 14/11/2010 - 20:43:12 - [14881] ----D- C:\ProgramData\Messenger Plus!
    O43 - CFD: 19/01/2011 - 20:18:40 - [195237817] -S--D- C:\ProgramData\Microsoft
    O43 - CFD: 09/02/2011 - 19:47:10 - [244970] ----D- C:\ProgramData\Microsoft Help
    O43 - CFD: 14/11/2010 - 15:34:34 - [0] -SH-D- C:\ProgramData\Modèles
    O43 - CFD: 14/11/2010 - 15:58:30 - [143] ----D- C:\ProgramData\Roaming
    O43 - CFD: 13/01/2011 - 17:53:06 - [24] ----D- C:\ProgramData\SFR
    O43 - CFD: 14/11/2010 - 17:05:00 - [25222283] ----D- C:\ProgramData\Skype
    O43 - CFD: 14/11/2010 - 17:13:16 - [26898] ----D- C:\ProgramData\Sports Interactive
    O43 - CFD: 02/11/2006 - 15:00:40 - [0] -SH-D- C:\ProgramData\Start Menu
    O43 - CFD: 14/11/2010 - 16:54:58 - [119] ----D- C:\ProgramData\Sun
    O43 - CFD: 02/11/2006 - 15:00:40 - [0] -SH-D- C:\ProgramData\Templates
    O43 - CFD: 14/11/2010 - 21:45:38 - [3648930] ----D- C:\Users\Hugo\AppData\Roaming\Adobe
    O43 - CFD: 19/01/2011 - 20:26:22 - [0] ----D- C:\Users\Hugo\AppData\Roaming\AOL
    O43 - CFD: 27/11/2010 - 16:53:06 - [222206] ----D- C:\Users\Hugo\AppData\Roaming\Apple Computer
    O43 - CFD: 30/03/2011 - 15:34:52 - [0] ----D- C:\Users\Hugo\AppData\Roaming\Canon
    O43 - CFD: 13/12/2010 - 13:49:28 - [4064714] ----D- C:\Users\Hugo\AppData\Roaming\DVDVideoSoft
    O43 - CFD: 13/12/2010 - 12:59:52 - [115] ----D- C:\Users\Hugo\AppData\Roaming\FreeAudioPack
    O43 - CFD: 14/11/2010 - 15:36:22 - [0] ----D- C:\Users\Hugo\AppData\Roaming\Identities
    O43 - CFD: 14/11/2010 - 16:00:20 - [0] ----D- C:\Users\Hugo\AppData\Roaming\InstallShield
    O43 - CFD: 14/11/2010 - 16:37:24 - [118516] ----D- C:\Users\Hugo\AppData\Roaming\Macromedia
    O43 - CFD: 07/04/2011 - 21:47:36 - [17895861] ----D- C:\Users\Hugo\AppData\Roaming\Malwarebytes
    O43 - CFD: 02/11/2006 - 14:35:52 - [0] ----D- C:\Users\Hugo\AppData\Roaming\Media Center Programs
    O43 - CFD: 10/04/2011 - 13:22:50 - [1353838] -S--D- C:\Users\Hugo\AppData\Roaming\Microsoft
    O43 - CFD: 07/01/2011 - 15:42:50 - [0] ----D- C:\Users\Hugo\AppData\Roaming\mkvtoolnix
    O43 - CFD: 19/01/2011 - 19:37:12 - [15449146] ----D- C:\Users\Hugo\AppData\Roaming\Mozilla
    O43 - CFD: 11/02/2011 - 21:53:30 - [109474] ----D- C:\Users\Hugo\AppData\Roaming\Mozilla-Cache
    O43 - CFD: 18/11/2010 - 00:42:14 - [342365] ----D- C:\Users\Hugo\AppData\Roaming\Nero
    O43 - CFD: 19/03/2011 - 01:17:44 - [5020713] ----D- C:\Users\Hugo\AppData\Roaming\Skype
    O43 - CFD: 19/03/2011 - 01:00:02 - [9800] ----D- C:\Users\Hugo\AppData\Roaming\skypePM
    O43 - CFD: 14/11/2010 - 16:32:36 - [12068445] ----D- C:\Users\Hugo\AppData\Roaming\Sports Interactive
    O43 - CFD: 21/02/2011 - 22:55:34 - [4340850] ----D- C:\Users\Hugo\AppData\Roaming\uTorrent
    O43 - CFD: 04/01/2011 - 17:48:40 - [1413690] ----D- C:\Users\Hugo\AppData\Roaming\vlc
    O43 - CFD: 14/11/2010 - 21:58:44 - [4002005] ----D- C:\Users\Hugo\AppData\Roaming\wam.04351C371E530C3762CBA45FA283ED972DCDEFB6.1
    O43 - CFD: 14/11/2010 - 15:55:12 - [0] ----D- C:\Users\Hugo\AppData\Roaming\WinRAR

    ---\\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 - LFC:[MD5.270D7081CAA9729A31CA3660D9950A97] - 10/04/2011 - 11:06:14 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1478524]
    O44 - LFC:[MD5.F5687C2C8BDE2644F8F8F563472C72A4] - 10/04/2011 - 11:06:14 ---A- . (...) -- C:\Windows\System32\perfc009.dat [102094]
    O44 - LFC:[MD5.F52E8FE10CAB126853F408B2065C2E77] - 10/04/2011 - 11:06:14 ---A- . (...) -- C:\Windows\System32\perfc00C.dat [124434]
    O44 - LFC:[MD5.38542ECF64B6EE7B1A8D27C288C65CEF] - 10/04/2011 - 11:06:14 ---A- . (...) -- C:\Windows\System32\perfh009.dat [590082]
    O44 - LFC:[MD5.4A7098173B218A0825C1EE713A41B222] - 10/04/2011 - 11:06:14 ---A- . (...) -- C:\Windows\System32\perfh00C.dat [672322]
    O44 - LFC:[MD5.24EF12005489F27500ECFD7FF8EF1200] - 10/04/2011 - 11:03:31 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1345932]
    O44 - LFC:[MD5.1BB7F044BDFA3F3A12F48ACC0D3FE0E6] - 10/04/2011 - 10:59:37 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
    O44 - LFC:[MD5.CE403DBB4458CC42C996155468A8B425] - 07/04/2011 - 22:12:10 ---A- . (...) -- C:\Ad-Report-CLEAN[1].txt [11555]
    O44 - LFC:[MD5.29874B7D1A7D8ED4FA33A0AF4CAAE18F] - 07/04/2011 - 22:09:18 ---A- . (...) -- C:\Windows\PFRO.log [289814]
    O44 - LFC:[MD5.D68E165C3123ABA3B1282EDDB4213BD8] - 07/04/2011 - 20:47:29 ---A- . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Windows\System32\drivers\mbamswissarmy.sys [38224
    0
  14. Valuu Messages postés 2258 Statut Contributeur 201
     
    Lis la dernière étape de la procédure que je t'ai mise...

        * Héberge le rapport ZHPDiag.txt sur ce site, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.
    0
  15. Valuu Messages postés 2258 Statut Contributeur 201
     
    1 ) Ton Internet Explorer n'est pas à jour, met tout à jour grâce à Windows Update : http://www.update.microsoft.com/windowsupdate/v6/default.aspx?ln=fr

    Installe les mises à jour prioritaires/importantes.

    2 ) Libère de l'espace disque dans C:, il faut au moins 15% de libre pour que Windows tourne correctement, tu n'as que 5Go de libre, il t'en faudrait au moins 11-12.

    3 ) * Lance ZHPFix (si tu es sous Windows Vista ou Windows 7, lance le par un clic-droit dessus --> exécuter en temps qu'administrateur).
    * Copie les lignes suivantes :

    ---------------------------------------------------
    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
    R3 - URLSearchHook: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.7.3) -- C:\Program Files\uTorrentBar_FR\tbuTo1.dll
    R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.2.4) -- C:\Program Files\DVDVideoSoftTB\tbDVD0.dll
    R3 - URLSearchHook: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.7.3) -- C:\Program Files\uTorrentBar_FR\tbuTo1.dll
    R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.2.4) -- C:\Program Files\DVDVideoSoftTB\tbDVD0.dll
    O2 - BHO: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\uTorrentBar_FR\tbuTo1.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline
    O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\DVDVideoSoftTB\tbDVD0.dll
    O3 - Toolbar: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\uTorrentBar_FR\tbuTo1.dll
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\DVDVideoSoftTB\tbDVD0.dll
    O4 - Global Startup: C:\Users\Hugo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Football Manager 2011 - Raccourci.lnk - Clé orpheline
    O15 - Trusted Zone: [HKCU\...\Domains] *.chat-land.org
    O15 - Trusted Zone: [HKCU\...\Domains\www] *.chat-land.org
    O52 - TDSD: \drivers.desc\\wdmaud.drv\=\Pilote de fonction UAA 1.1 Microsoft pour High Definition Audio\ . (.Pas de propriétaire - Pas de description.) -- (.not file.)
    [HKCR\nctaudiofile2.audiofile2] =>Adware.RecordNRip
    [HKCR\nctaudiofile2.audiofile2.2] =>Adware.RecordNRip
    [HKCR\nctaudiofile2.audiofile2lameenc] =>Adware.RecordNRip
    [HKCR\nctaudiofile2.audiofile2lameenc.1] =>Adware.RecordNRip
    [HKLM\Software\Classes\AppID\{d2083641-e57f-4eab-bb85-0582424f4a29}] =>Adware.ClickPotato
    FirewallRAZ
    ---------------------------------------------------

    * Clique sur l'icône représentant la lettre H (« coller les lignes Helper »)
    * Les lignes se collent automatiquement dans ZHPFix.
    * Clique sur le bouton « GO » pour lancer le nettoyage,
    * Colle le contenu du rapport dans ta prochaine réponse.

    4 ) Télécharge la nouvelle version d'Avast : https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/25899.html
    Désinstalle ton actuelle version grâce à ce désinstalleur : https://www.avast.com/uninstall-utility
    Puis installe la version que tu as téléchargée.

    5 ) * Désinstalle toutes les versions de Adobe Reader présentes dans l'ajout/suppression de programme
    * Télécharge la nouvelle version ici en prenant soin de décocher la case du téléchargement de McAfee ou d'une barre d'outil google.
    * Installe là

    6 ) * Télécharge la dernière version de Java : https://www.java.com/fr/download/
    *Puis télécharge JavaRa.zip
    * Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
    * Double-clique sur le répertoire JavaRa obtenu.
    * Si tu es sous Vista/Seven, Exécute le avec un clic droit / Exécuter en tant qu'administrateur
    * Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
    * Clique sur Remove Older Versions.
    * Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
    * Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse. (Note : le rapport se trouve aussi là : ( C:\JavaRa.log ))

    7 ) * Télécharge UsbFix (créé par El Desaparecido & C_XX) sur ton Bureau. Si ton antivirus affiche une alerte, ignore le et désactive le temporairement.
    * Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir
    * Double clique sur le raccourci UsbFix sur ton Bureau, l'installation se fera automatiquement
    * Clique sur "Recherche"
    * Laisse travailler l'outil
    * A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur)

    Aide en images : Tutoriel "Recherche"

    8 ) * Rends-toi sur VirusTotal
    * Clique sur Parcourir, et va chercher le(s) fichier(s) en gras ci dessous :

    C:\PhysicalDisk0_MBR.bin

    *Si tu ne le trouves pas, affiche les fichiers cachés
    * Clique sur Send File, si cela t'es demandé, clique sur Reanalyse.
    * Colle-moi l'adresse internet dans ta prochaine réponse
    0
  16. lega170388 Messages postés 138 Statut Membre 5
     
    Rapport de ZHPFix 1.12.3272 par Nicolas Coolman, Update du 03/04/2011
    Fichier d'export Registre :
    Run by Hugo at 10/04/2011 19:11:35
    Windows Vista Ultimate Edition, 32-bit Service Pack 2 (Build 6002)
    Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

    ========== Clé(s) du Registre ==========
    O2 - BHO: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\uTorrentBar_FR\tbuTo1.dll => Clé supprimée avec succès
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} Clé orpheline => Clé supprimée avec succès
    O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\DVDVideoSoftTB\tbDVD0.dll => Clé supprimée avec succès
    O15 - Trusted Zone: [HKCU\...\Domains\www] *.chat-land.org => Clé absente
    HKCR\nctaudiofile2.audiofile2 => Clé supprimée avec succès
    HKCR\nctaudiofile2.audiofile2.2 => Clé supprimée avec succès
    HKCR\nctaudiofile2.audiofile2lameenc => Clé supprimée avec succès
    HKCR\nctaudiofile2.audiofile2lameenc.1 => Clé supprimée avec succès
    HKLM\Software\Classes\AppID\{d2083641-e57f-4eab-bb85-0582424f4a29} => Clé supprimée avec succès

    ========== Valeur(s) du Registre ==========
    R3 - URLSearchHook: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.7.3) -- C:\Program Files\uTorrentBar_FR\tbuTo1.dll => Valeur supprimée avec succès
    R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} . (.Conduit Ltd. - Conduit Toolbar.) (6.2.2.4) -- C:\Program Files\DVDVideoSoftTB\tbDVD0.dll => Valeur supprimée avec succès
    O3 - Toolbar: uTorrentBar_FR Toolbar - {05eeb91a-aef7-4f8a-978f-fb83e7b03f8e} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\uTorrentBar_FR\tbuTo1.dll => Valeur supprimée avec succès
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files\DVDVideoSoftTB\tbDVD0.dll => Valeur supprimée avec succès
    O52 - TDSD: \drivers.desc\\wdmaud.drv\=\Pilote de fonction UAA 1.1 Microsoft pour High Definition Audio\ . (.Pas de propriétaire - Pas de description.) -- (.not file.) => Valeur absente
    FirewallRaz : Aucune valeur présente dans la clé de registre "Standard Profile"
    FirewallRaz : Aucune valeur présente dans la clé de registre "Domain Profile"
    FirewallRaz (None) : {5C9F2D7B-0C46-477B-BECD-3DED0C99A212} => Valeur supprimée avec succès
    FirewallRaz (Private) : {315A46B6-C97A-42C8-8F52-6C3F2BE5DECA} => Valeur supprimée avec succès
    FirewallRaz (Private) : {16994404-9DBB-4B3A-BBD4-4B464491A66B} => Valeur supprimée avec succès
    FirewallRaz (Private) : {252C6DF6-C1DF-4063-9F53-B1C4E4672955} => Valeur supprimée avec succès
    FirewallRaz (Private) : {6C3281C2-EF83-422E-9C2C-F72AFAC1988A} => Valeur supprimée avec succès
    FirewallRaz (Private) : {9FBA12C5-79C0-48DD-91F1-E34868050065} => Valeur supprimée avec succès
    FirewallRaz (Private) : {21B9A0CC-0B91-48D3-B396-4B955D57D849} => Valeur supprimée avec succès
    FirewallRaz (Private) : {6569D310-76E1-4FFA-B2E6-6B66664F28C7} => Valeur supprimée avec succès
    FirewallRaz (Private) : {09109FCA-C03E-4757-BBBF-672CD5BEFDBB} => Valeur supprimée avec succès
    FirewallRaz (Private) : {EE5706B0-BB77-45E3-B305-931991F5A472} => Valeur supprimée avec succès
    FirewallRaz (Private) : {FA81D236-AE0B-473D-869B-C61E1B7BAE24} => Valeur supprimée avec succès

    ========== Elément(s) de donnée du Registre ==========
    O15 - Trusted Zone: [HKCU\...\Domains] *.chat-land.org => Donnée supprimée avec succès

    ========== Fichier(s) ==========
    c:\program files\utorrentbar_fr\tbuto1.dll => Supprimé et mis en quarantaine
    c:\program files\dvdvideosofttb\tbdvd0.dll => Supprimé et mis en quarantaine
    c:\users\hugo\appdata\roaming\microsoft\internet explorer\quick launch\football manager 2011 - raccourci.lnk => Supprimé et mis en quarantaine

    ========== Récapitulatif ==========
    9 : Clé(s) du Registre
    18 : Valeur(s) du Registre
    1 : Elément(s) de donnée du Registre
    3 : Fichier(s)

    End of the scan
    0
    1. dgi
       
      RogueKiller V4.3.8 par Tigzy
      contact sur http://www.sur-la-toile.com
      mail: tigzyRK<at>gmail<dot>com
      Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

      Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
      Demarrage : Mode normal
      Utilisateur: Dgina [Droits d'admin]
      Mode: Recherche -- Date : 14/04/2011 22:11:51

      Processus malicieux: 0

      Entrees de registre: 0

      Fichier HOSTS:
      127.0.0.1 localhost
      ::1 localhost


      Termine : << RKreport[4].txt >>
      RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
      Voila mon rapport! est ce que ca dis quelque chose de mauvais et que doit-on faire?
      0
    2. Valuu Messages postés 2258 Statut Contributeur 201
       
      Rien de mauvais, merci de créer ton propre sujet si besoin.
      0
  17. Valuu Messages postés 2258 Statut Contributeur 201
     
    Bien, la suite ;)
    0