J'en ai assez des fenetres de pub
Fermé
tipeuoipe
-
22 mai 2011 à 07:32
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 - 23 mai 2011 à 12:23
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 - 23 mai 2011 à 12:23
A voir également:
- J'en ai assez des fenetres de pub
- Youtube sans pub - Accueil - Streaming
- Netflix avec pub avis - Accueil - Streaming
- Stop pub gratuit - Télécharger - Divers Utilitaires
- Bloqueur de pub youtube - Accueil - Streaming
- Supprimer pub - Guide
12 réponses
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 274
22 mai 2011 à 07:32
22 mai 2011 à 07:32
bonjour
Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
(outil de diagnostic)
Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin pour Vista ou Seven)
Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
Rend toi surhttp://www.cijoint.fr/
Clique sur "Parcourir "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Envoyer le fichier " et copie/colle le lien dans ton prochain message
Télécharge ZHPDiag ( de Nicolas coolman ).
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
ou
https://www.commentcamarche.net/telecharger/utilitaires/24803-zhpdiag/
(outil de diagnostic)
Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin pour Vista ou Seven)
Clique sur la loupe en haut à gauche, puis laisse l'outil scanner.
Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau.
Rend toi surhttp://www.cijoint.fr/
Clique sur "Parcourir "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Envoyer le fichier " et copie/colle le lien dans ton prochain message
Bonjour "Moment de grâce"
Tout d'abord, merci pour ton aide!!
si j'ai bien exécuté se que tu me demande, le lien doit donne une chose comme ca
http://www.cijoint.fr/cjlink.php?file=cj201105/cijzEl7Oqa.txt
Dit mois si ca marche
encore merci
Tout d'abord, merci pour ton aide!!
si j'ai bien exécuté se que tu me demande, le lien doit donne une chose comme ca
http://www.cijoint.fr/cjlink.php?file=cj201105/cijzEl7Oqa.txt
Dit mois si ca marche
encore merci
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 274
22 mai 2011 à 09:24
22 mai 2011 à 09:24
c'est bon...et effectivement tu dois être envahi de pubs
fais ceci
1)
* Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)
http://www.teamxscript.org/adremoverTelechargement.html
/!\ Déconnecte-toi d'internet et ferme toutes applications en cours /!\
Désactive provisoirement et seulement le temps de l'utilisation de ADremover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Sur la page, clique sur le bouton « NETTOYER »
- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
____________
2)
Téléchargez MalwareByte's Anti-Malware (que tu pourras garder ensuite)
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen rapide
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
______________
3)
Fais un nouveau rapport ZHPdiag stp
Rend toi sur http://pjjoint.malekal.com/
Clique sur "Parcourir "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Envoyer le fichier " et copie/colle le lien dans ton prochain message
fais ceci
1)
* Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)
http://www.teamxscript.org/adremoverTelechargement.html
/!\ Déconnecte-toi d'internet et ferme toutes applications en cours /!\
Désactive provisoirement et seulement le temps de l'utilisation de ADremover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
- Double-clique sur l'icône Ad-remover située sur ton Bureau.
- Sur la page, clique sur le bouton « NETTOYER »
- Confirme lancement du scan
- Laisse travailler l'outil.
- Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(Scan/clean).Txt)
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
____________
2)
Téléchargez MalwareByte's Anti-Malware (que tu pourras garder ensuite)
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen rapide
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam
______________
3)
Fais un nouveau rapport ZHPdiag stp
Rend toi sur http://pjjoint.malekal.com/
Clique sur "Parcourir "
Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Envoyer le fichier " et copie/colle le lien dans ton prochain message
Ok alors, voici, les rapports
1)
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 09:37:17 le 22/05/2011, Mode normal
Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 2 (X64)
daniel@PC-DE-DANIEL (HP-Pavilion NF414AA-ABF a6644fr)
============== ACTION(S) ==============
Dossier supprimé: C:\Users\daniel\AppData\Roaming\Mozilla\FireFox\Profiles\fgglxhxx.default\extensions\@FissaPlugin
Dossier supprimé: C:\Users\daniel\AppData\Local\Conduit
Dossier supprimé: C:\Users\daniel\AppData\LocalLow\Conduit
Dossier supprimé: C:\Users\daniel\AppData\Local\ConduitEngine
Dossier supprimé: C:\Users\daniel\AppData\LocalLow\ConduitEngine
Dossier supprimé: C:\Program Files (x86)\ConduitEngine
Dossier supprimé: C:\Users\daniel\AppData\Roaming\FissaSearch
Dossier supprimé: C:\Users\daniel\AppData\Roaming\freeTVRadio
Dossier supprimé: C:\Users\daniel\AppData\Roaming\PriceGong
Dossier supprimé: C:\Users\daniel\AppData\LocalLow\PriceGong
Dossier supprimé: C:\Users\daniel\AppData\Roaming\EoRezo
Dossier supprimé: C:\Users\daniel\AppData\Local\EoRezo
Dossier supprimé: C:\Program Files (x86)\EoRezo
Dossier supprimé: C:\Users\daniel\AppData\Roaming\OfferBox
(!) -- Fichiers temporaires supprimés.
Clé supprimée: HKLM\Software\Classes\CLSID\{05F56B58-5DF0-4DF3-AD7D-3466551C4626}
Clé supprimée: HKLM\Software\Classes\CLSID\{1EAF17F4-610E-4A6D-92C1-E6E0FD257486}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1EAF17F4-610E-4A6D-92C1-E6E0FD257486}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1EAF17F4-610E-4A6D-92C1-E6E0FD257486}
Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Classes\CLSID\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clé supprimée: HKLM\Software\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Clé supprimée: HKLM\Software\Classes\CLSID\{DFEDF431-53A9-4EEF-8754-A383BC157444}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DFEDF431-53A9-4EEF-8754-A383BC157444}
Clé supprimée: HKLM\Software\Classes\Interface\{DF76E9B7-35EC-46FC-AF56-5B79DED9D64F}
Clé supprimée: HKLM\Software\Classes\TypeLib\{18AF7201-4F14-4BCF-93FE-45617CF259FF}
Clé supprimée: HKLM\Software\Classes\Conduit.Engine
Clé supprimée: HKLM\Software\Classes\EoEngineBHO.EOBHO
Clé supprimée: HKLM\Software\Classes\EoEngineBHO.EOBHO.1
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2095689
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2189218
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2405727
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2724386
Clé supprimée: HKLM\Software\Classes\AppID\EoEngineBHO.DLL
Clé supprimée: HKLM\Software\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400}
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\conduitEngine
Clé supprimée: HKLM\Software\EoRezo
Clé supprimée: HKLM\Software\FissaSearch
Clé supprimée: HKLM\Software\OfferBox
Clé supprimée: HKCU\Software\Conduit
Clé supprimée: HKCU\Software\conduitEngine
Clé supprimée: HKCU\Software\EoRezo
Clé supprimée: HKCU\Software\FissaSearch
Clé supprimée: HKCU\Software\freeCompressor
Clé supprimée: HKCU\Software\freeTVRadio
Clé supprimée: HKCU\Software\OfferBox
Clé supprimée: HKCU\Software\PriceGong
Clé supprimée: HKCU\Software\Spointer
Clé supprimée: HKCU\Software\AppDataLow\Toolbar
Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
Clé supprimée: HKCU\Software\AppDataLow\Software\conduitEngine
Clé supprimée: HKCU\Software\AppDataLow\Software\PriceGong
Clé supprimée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54C369A6-87E0-4708-A146-0FCEDC0EF413}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C16DAB5D-AD21-4423-9454-A00881B8313B}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\EoRezo_is1
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Fissa
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\EoRezo_is1
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fissa
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eorezo
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
============== SCAN ADDITIONNEL ==============
**** Mozilla Firefox Version [4.0.1 (fr)] ****
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)
-- C:\Users\daniel\AppData\Roaming\Mozilla\FireFox\Profiles\fgglxhxx.default --
Prefs.js - browser.search.defaultenginename, Yahoo
Prefs.js - browser.search.defaulturl, hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/ig#t_0
Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1
Prefs.js - keyword.URL, hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
========================================
**** Internet Explorer Version [8.0.6001.19048] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{dfee82b7-e9d1-40d1-acad-35457b08a2db} (x)
HKCU_URLSearchHooks|{9bb815eb-3f9f-4e11-9150-cb70e29b40fc} (x)
HKCU_URLSearchHooks|{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} (x)
HKCU_URLSearchHooks|{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} (x)
HKCU_URLSearchHooks|{EEE6C35D-6118-11DC-9C72-001320C79847} - "SweetIM ToolbarURLSearchHook Class" (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll)
HKLM_URLSearchHooks|{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} (x)
HKCU_SearchScopes\{802DE6CE-4711-4535-BBD4-9804F422AD2C} - "Kelkoo" (hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKLM_SearchScopes\{802DE6CE-4711-4535-BBD4-9804F422AD2C} - "Kelkoo" (hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKCU_Toolbar\WebBrowser|{DFEE82B7-E9D1-40D1-ACAD-35457B08A2DB} (x)
HKCU_Toolbar\WebBrowser|{9BB815EB-3F9F-4E11-9150-CB70E29B40FC} (x)
HKCU_Toolbar\WebBrowser|{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} (x)
HKCU_Toolbar\WebBrowser|{A8F9752D-E2B8-4E7A-86B5-499F4330E2FE} (x)
HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKLM_Toolbar|{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} (x)
HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKCU_ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} - C:\Program Files (x86)\Spotify\spotify.exe (Spotify Ltd)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (SweetIM Technologies Ltd.)
BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
========================================
C:\Program Files (x86)\Ad-Remover\Quarantine: 147 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 15 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 22/05/2011 09:37:45 (10850 Octet(s))
Fin à: 09:39:55, 22/05/2011
============== E.O.F ==============
2)
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 6639
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
22/05/2011 10:13:05
mbam-log-2011-05-22 (10-13-05).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 174829
Temps écoulé: 5 minute(s), 41 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\B60JHDGR6V (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Metropolis (Trojan.FakeAlert) -> Value: Metropolis -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
3)
Rapport de ZHPDiag v1.27.21 par Nicolas Coolman, Update du 21/05/2011
Run by daniel at 22/05/2011 10:15:58
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.19048
GCIE: Google Chrome
---\\ System Information
Windows Vista Home Premium Edition, 64-bit Service Pack 2 (Build 6002)
Processor: Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4093 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 169 GB (59%) free of 284 GB
---\\ Logged in mode
Computer Name: PC-DE-DANIEL
User Name: daniel
All Users Names: daniel, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator
---\\ Environnement Variables
%AppData%=C:\Users\daniel\AppData\Roaming
%LocalAppData%=C:\Users\daniel\AppData\Local
%StartMenu%=C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 169 Go of 284 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 14 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 96 Go of 167 Go)
F:\ CD-ROM drive (Free 0 Go of 1 Go)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Hard drive, Flash drive, Thumb drive (Free 178 Go of 279 Go)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
---\\ Recherche particulière de fichiers génériques
[MD5.6B08E54A451B3F95E4109DBA7E594270] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 08:10:17.) -- C:\Windows\Explorer.exe [3079168]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 03:48:04.) -- C:\Windows\system32\Wininit.exe [96768]
[MD5.047CDEFF94B63F0A4791372B47427B60] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2011 07:21:28.) -- C:\Windows\system32\wininet.dll [916480]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 07:28:13.) -- C:\Windows\system32\Winlogon.exe [314368]
---\\ Processus lancés
[MD5.F1AA26C6F261C28D42994CF46F3F83B7] - (.Pas de propriétaire - cspep.) -- C:\Program Files (x86)\cspep\cspep.exe [684032]
[MD5.5D8D38B4ACBEE4A5432631E2EAFB169D] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080]
[MD5.35BC52A2AC9CC3D9B70497119D7978E7] - (.Anuman Interactive - Anuman Live.) -- C:\Users\daniel\AppData\Roaming\Anuman Interactive\AnumanLive\AnumanLive.exe [348160]
[MD5.E69FC2484C3D9C648C5C275F7F8C5287] - (.Ulead Systems, Inc. - Photo Express -- Calendar Checker.) -- C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [69632]
[MD5.9A4322EE420D6FACD4D4B1FF6CB856B1] - (.Hewlett-Packard Company - hpsysdrv.) -- C:\hp\support\hpsysdrv.exe [65536]
[MD5.DC35217E5F49C2FE2D5EBC7CB52FEC65] - (.Pas de propriétaire - WlanCU MFC Application.) -- C:\Program Files (x86)\TRENDnet\TEW-424UB\WlanCU.exe [434176]
[MD5.21293443961A4E2597453EE7A9347F22] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe [54840]
[MD5.BC9C9BE7BB74D629362608ACE470E7DA] - (.Microsoft Corporation - Notification de cadeaux MSN.) -- C:\Users\daniel\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [135680]
[MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768]
[MD5.569E547273C25B019054A12A40400ECE] - (.OpenOffice.org - OpenOffice.org 3.2.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [11318784]
[MD5.7FBE43046EFDF24FC9375024E4D02AC9] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\qttask.exe [282624]
[MD5.A64DA4EF938434F19142F964296347BF] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [111928]
[MD5.2E5212A0BFB98FE0167C92C76C87AFE3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064]
[MD5.4B723F33D7331F20E06F3A2FD76EC1D5] - (.OpenOffice.org - OpenOffice.org 3.2.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [11312128]
[MD5.C81BE1B951C36E97D3DA90DA745DA5F7] - (.Hewlett-Packard Company - KBD EXE.) -- C:\hp\kbd\kbd.exe [61440]
[MD5.E83508D9A0F0D0D8449317DC6A4C5E02] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [924632]
[MD5.3B2CC09944488DB5ED5DFDC315C9AB57] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [16856]
[MD5.38217D4733783329864ECFC6A3595DA6] - (.Pas de propriétaire - IncrediMail Installer.) -- C:\Users\daniel\Saved Games\musique incredit\IM\Runtime\IncrediMail_Install.exe [459600]
[MD5.BD89C6664BADD73B0983E0029B854230] - (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [353736]
[MD5.5E44A0900974A7BADA7A998F64DFF116] - (.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe [255432]
[MD5.4CEC4B72C5B255EC2F7C54CD03554540] - (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [963976]
[MD5.DAF60E13E96ECB67F0EDAA89C6B01B8D] - (.Microsoft Corporation - Bloc-notes.) -- C:\Windows\SysWOW64\NOTEPAD.EXE [151040]
[MD5.AF2A4686F7B696A3952F40350CC37DD3] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [657408]
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [daniel] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [daniel] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [daniel] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [daniel] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [daniel] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [daniel] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [daniel] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
M0 - MFSP: prefs.js [daniel - fgglxhxx.default] http://www.google.fr/ig#t_0
M2 - MFEP: prefs.js [daniel - fgglxhxx.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (.Microsoft.)
M2 - MFEP: prefs.js [daniel - fgglxhxx.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v2.1.1.20091029021655 (.Yahoo!.)
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
G1 - GCS: Preference [User Data\Default] http://mystart.incredimail.com
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com
R0 - HKUS\S-1-5-21-566303966-4227365094-1168135285-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: (no name) [64Bits] - {dfee82b7-e9d1-40d1-acad-35457b08a2db} Clé orpheline
R3 - URLSearchHook: (no name) [64Bits] - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} Clé orpheline
R3 - URLSearchHook: (no name) [64Bits] - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} Clé orpheline
R3 - URLSearchHook: (no name) [64Bits] - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} Clé orpheline
R3 - URLSearchHook: (no name) [64Bits] - {EEE6C35D-6118-11DC-9C72-001320C79847} Clé orpheline
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O2 - BHO: Google Toolbar Notifier BHO [64Bits] - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar [64Bits] - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
---\\ ---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [NvCplDaemon] C:\Windows\system32\NvCpl.dll (.not file.)
O4 - HKLM\..\Run: [NvMediaCenter] C:\Windows\system32\NvMcTray.dll (.not file.)
O4 - HKLM\..\Run: [CamserviceInfinite] C:\Program Files (x86)\Hercules\Dualpix HD720p for Notebooks\XtrCtrlPro.exe (.not file.)
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [HPAdvisor] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AnumanLive] . (.Anuman Interactive - Anuman Live.) -- C:\Users\daniel\AppData\Roaming\Anuman Interactive\AnumanLive\AnumanLive.exe
O4 - HKCU\..\Run: [IncrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe
O4 - HKCU\..\Run: [msnmsgr] ~C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Wow6432Node\Run: [NvCplDaemon] C:\Windows\system32\NvCpl.dll (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [NvMediaCenter] C:\Windows\system32\NvMcTray.dll (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [CamserviceInfinite] C:\Program Files (x86)\Hercules\Dualpix HD720p for Notebooks\XtrCtrlPro.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-566303966-4227365094-1168135285-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-566303966-4227365094-1168135285-1000\..\Run: [HPAdvisor] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKUS\S-1-5-21-566303966-4227365094-1168135285-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-566303966-4227365094-1168135285-1000\..\Run: [AnumanLive] . (.Anuman Interactive - Anuman Live.) -- C:\Users\daniel\AppData\Roaming\Anuman Interactive\AnumanLive\AnumanLive.exe
O4 - HKUS\S-1-5-21-566303966-4227365094-1168135285-1000\..\Run: [IncrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe
O4 - HKUS\S-1-5-21-566303966-4227365094-1168135285-1000\..\Run: [msnmsgr] ~C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Contrôleur de calendrier Ulead.lnk . (.Ulead Systems, Inc..) -- C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk . (...) -- C:\Program Files (x86)\TRENDnet\TEW-424UB\WlanCU.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notification de cadeaux MSN.lnk . (.Microsoft Corporation.) -- C:\Users\daniel\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk . (...) -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
---\\ ---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk . (.CyberLink.) -- C:\Program Files (x86)\CyberLink\DVD Suite Deluxe\PowerStarter.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk . (.Spotify Ltd.) -- C:\Program Files (x86)\Spotify\spotify.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\daniel\Desktop\AD-R.lnk . (...) -- C:\Program Files (x86)\Ad-Remover\main.exe
O4 - Global Startup: C:\Users\daniel\Desktop\AVS Video Converter.lnk . (.Online Media Technologies Ltd..) -- C:\Program Files (x86)\AVS4YOU\AVSVideoConverter\AVSVideoConverter.exe
O4 - Global Startup: C:\Users\daniel\Desktop\AVS4YOU Software Navigator.lnk . (.Online Media Technologies Ltd..) -- C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\AVS4YOUSoftwareNavigator.exe
O4 - Global Startup: C:\Users\daniel\Desktop\daniel - Raccourci.lnk . (...) -- C:\Users\daniel
O4 - Global Startup: C:\Users\daniel\Desktop\Disque local (E) - Raccourci.lnk . (...) -- E:\
O4 - Global Startup: C:\Users\daniel\Desktop\Images - Raccourci.lnk . (...) -- E:\Pictures
O4 - Global Startup: C:\Users\daniel\Desktop\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\daniel\Desktop\Microsoft Works - Raccourci.lnk . (...) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
O4 - Global Startup: C:\Users\daniel\Desktop\Musique - Raccourci.lnk . (...) -- E:\Music
O4 - Global Startup: C:\Users\daniel\Desktop\Spotify.lnk . (.Spotify Ltd.) -- C:\Program Files (x86)\Spotify\spotify.exe
O4 - Global Startup: C:\Users\daniel\Desktop\Vidéos - Raccourci.lnk . (...) -- E:\Videos
O4 - Global Startup: C:\Users\daniel\Desktop\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk . (.IncrediMail, Ltd..) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk . (...) -- C:\Windows\Installer\{08094E03-AFE4-4853-9D31-6D0743DF5328}\QTPlayer.ico
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Ulead COOL 3D 3.5.lnk . (.Ulead Systems, Inc..) -- C:\Program Files (x86)\Ulead Systems\Ulead COOL 3D 3.5\u3dedit3.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Ulead COOL 3D Production Studio.lnk . (.Ulead Systems, Inc..) -- C:\Program Files (x86)\Ulead Systems\Ulead COOL 3D Production Studio\u3dedit4.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~2\MICROS~2\Office12\EXCEL.exe
O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{13E8F2B1-C4E6-4F68-BEFB-712821C14571}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7C167F0-2CE0-4CCC-A40A-C68A89046D49}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{13E8F2B1-C4E6-4F68-BEFB-712821C14571}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A7C167F0-2CE0-4CCC-A40A-C68A89046D49}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{13E8F2B1-C4E6-4F68-BEFB-712821C14571}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{A7C167F0-2CE0-4CCC-A40A-C68A89046D49}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) [64Bits] - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: (GameConsoleService) . (.WildTangent, Inc. - GameConsoleService.) - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: (gusvc) . (.Google - gusvc.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: (HP Health Check Service) . (.Hewlett-Packard - HP Health Check Service.) - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: (IDriverT) . (.Macrovision Corporation - IDriverT Module.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 175.5.) - C:\Windows\system32\nvvsvc.exe
O23 - Service: (ServiceLayer) . (.Nokia - ServiceLayer Module.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: (wlidsvc) . (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.exe
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\User_Feed_Synchronization-{2484FDB2-FCB6-4B4A-9A1D-D32992564452}.job
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.EC16CDD6BA4AA4F02C3615F997F6FD84] [APT] [HP Health Check] (.Hewlett-Packard.) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[MD5.627C50E15FAE0382B5F71C4E0BF5F49F] [APT] [IntenetServiceOffers] (.Pas de propriétaire.) -- C:\Program Files (x86)\Hewlett-Packard\SDP\RemEngine.exe
[MD5.00000000000000000000000000000000] [APT] [RealUpgradeLogonTaskS-1-5-21-566303966-4227365094-1168135285-1000] (.Pas de propriétaire.) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [RealUpgradeScheduledTaskS-1-5-21-566303966-4227365094-1168135285-1000] (.Pas de propriétaire.) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (.not file.)
[MD5.627C50E15FAE0382B5F71C4E0BF5F49F] [APT] [RecoveryCD] (.Pas de propriétaire.) -- C:\Program Files (x86)\Hewlett-Packard\SDP\RemEngine.exe
[MD5.00000000000000000000000000000000] [APT] [{E3460514-8FDF-4CE9-8E1E-F5479968345B}] (.Pas de propriétaire.) -- C:\Program Files (x86)\Free Belote\FreeBelote.exe (.not file.)
[MD5.8A447432636CC71B1036034B9BFF5342] [APT] [Scheduled Maintenance] (.PC-Doctor, Inc..) -- C:\Program Files (x86)\PC-Doctor for Windows\RunProfiler.exe
[MD5.EFB0FCD1CD300E5708E73230D91D6532] [APT] [Scheduled Maintenance Swap] (.PC-Doctor, Inc..) -- C:\Program Files (x86)\PC-Doctor for Windows\task_swap.exe
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (cdrblock) . (. - .) - C:\Windows\System32\DRIVERS\cdrblock.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: (cdrport) . (. - .) - C:\Windows\System32\DRIVERS\cdrport.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\System32\DRIVERS\smb.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
---\\ Logiciels installés (O42)
O42 - Logiciel: HP Photosmart Essential 3.0 - (.HP.) [HKLM] -- HP Photosmart Essential
O42 - Logiciel: MSVC80_x64_v2 - (.Nokia.) [HKLM] -- {4D668D4F-FAA2-4726-834C-31F4614F312E}
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
O42 - Logiciel: Microsoft Office Office 64-bit Components 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002A-0000-1000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared 64-bit MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002A-040C-1000-0000000FF1CE}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {B6E3757B-5E77-3915-866A-CCFC4B8D194C}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {071c9b48-7c32-4621-a0ac-3f809523288f}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 - (.Microsoft Corporation.) [HKLM] -- {aac9fcc4-dd9e-4add-901c-b5496a07ab2e}
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {EE936C7A-EA40-31D5-9B65-8E3E089C3828}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] -- {8338783A-0968-3B85-AFC7-BAAE0A63DC50}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 - (.Microsoft Corporation.) [HKLM] -- {350AA351-21FA-3270-8B7A-835434E766AD}
O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM][64Bits] -- {3B160861-7250-451E-B5EE-8B92BF30A710}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: NVIDIA Drivers - (.Pas de propriétaire.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: Notification de cadeaux MSN - (.Microsoft.) [HKCU] -- Notification de cadeaux MSN
O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}
O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {FE4BE0BD-1EDB-4D24-9614-847B3C472887}
O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {1B8ABA62-74F0-47ED-B18C-A43128E591B8}
O42 - Logiciel: Windows Live Language Selector - (.Microsoft Corporation.) [HKLM] -- {D07A61E5-A59C-433C-BCBD-22025FA2287B}
O42 - Logiciel: Windows Live MIME IFilter - (.Microsoft Corporation.) [HKLM] -- {DA54F80E-261C-41A2-A855-549A144F2F59}
O42 - Logiciel: Windows Live Remote Client - (.Microsoft Corporation.) [HKLM] -- {DF6D988A-EEA0-4277-AAB8-158E086E439B}
O42 - Logiciel: Windows Live Remote Client Resources - (.Microsoft Corporation.) [HKLM] -- {B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}
O42 - Logiciel: Windows Live Remote Service - (.Microsoft Corporation.) [HKLM] -- {E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
O42 - Logiciel: Windows Live Remote Service Resources - (.Microsoft Corporation.) [HKLM] -- {5E2CD4FB-4538-4831-8176-05D653C3E6D4}
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ALWIL Software]
[HKCU\Software\AOL]
[HKCU\Software\AVS4YOU]
[HKCU\Software\Ad-Remover]
[HKCU\Software\Adobe]
[HKCU\Software\Anuman Interactive]
[HKCU\Software\AppDataLow\Software\Eazel-FR]
[HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Avira]
[HKCU\Software\Binary Noise]
[HKCU\Software\Bugsplat]
[HKCU\Software\Canopus]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CyberLink]
[HKCU\Software\Cygnicon GmbH]
[HKCU\Software\Dicomp]
[HKCU\Software\DivXNetworks]
[HKCU\Software\DsNET Corp.]
[HKCU\Software\Enkord]
[HKCU\Software\FIXIO PC Utilities]
[HKCU\Software\GNU]
[HKCU\Software\GSpot Appliance Corp]
[HKCU\Software\Gabest]
[HKCU\Software\Google]
[HKCU\Software\HerculesDualpix HD720p for Notebooks]
[HKCU\Software\Hercules]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\HookNetwork]
[HKCU\Software\IM Providers]
[HKCU\Software\IM]
[HKCU\Software\ImInstaller]
[HKCU\Software\IncrediMail]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JavaSoft]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\Magnet]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Netscape]
[HKCU\Software\Nokia]
[HKCU\Software\ODBC]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\Parrot]
[HKCU\Software\Photo Notifier and Animation Creator]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\Samsung]
[HKCU\Software\SecuROM]
[HKCU\Software\Spotify]
[HKCU\Software\SweetIM]
[HKCU\Software\TechSmith]
[HKCU\Software\Trolltech]
[HKCU\Software\Ulead Systems]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\WinRAR]
[HKCU\Software\Wow6432Node]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\cspep]
[HKCU\Software\mb Software AG]
[HKCU\Software\muvee Technologies]
[HKLM\Software\Aladdin Knowledge Systems]
[HKLM\Software\CUSTPDF Writer]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\EasyBits]
[HKLM\Software\Hercules]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\Intel]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\Nokia]
[HKLM\Software\Novatek]
[HKLM\Software\ODBC]
[HKLM\Software\PC Connectivity Solution]
[HKLM\Software\Policies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\Set8187B]
[HKLM\Software\Sonic]
[HKLM\Software\Symantec]
[HKLM\Software\WildTangent]
[HKLM\Software\Wow6432Node]
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/07/2010 - 21:35:44 - [0] ----D- C:\Program Files\Alwil Software
O43 - CFD: 26/07/2010 - 21:35:16 - [224947657] ----D- C:\Program Files\Common Files
O43 - CFD: 10/10/2010 - 22:02:52 - [1865752] ----D- C:\Program Files\DIFX
O43 - CFD: 25/07/2010 - 22:27:02 - [0] -SH-D- C:\Program Files\Fichiers communs
O43 - CFD: 20/08/2010 - 16:31:40 - [1293024] ----D- C:\Program Files\Google
O43 - CFD: 24/10/2008 - 18:10:28 - [0] ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 19/05/2011 - 01:34:36 - [5586739] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 02/11/2006 - 17:07:28 - [94671287] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 27/03/2011 - 11:21:08 - [594846] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 21/10/2010 - 21:53:40 - [116334702] ----D- C:\Program Files\Movie Maker
O43 - CFD: 02/11/2006 - 17:07:28 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 25/07/2010 - 22:30:58 - [126093] R---D- C:\Program Files\Online Services
O43 - CFD: 02/11/2006 - 17:07:28 - [36351145] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 02/11/2006 - 17:44:56 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 25/10/2008 - 02:29:12 - [1302528] ----D- C:\Program Files\Windows Calendar
O43 - CFD: 21/10/2010 - 21:53:38 - [2963968] ----D- C:\Program Files\Windows Collaboration
O43 - CFD: 21/10/2010 - 21:53:34 - [6394224] ----D- C:\Program Files\Windows Defender
O43 - CFD: 21/10/2010 - 21:53:40 - [9655416] ----D- C:\Program Files\Windows Journal
O43 - CFD: 21/05/2011 - 10:01:36 - [7987385] ----D- C:\Program Files\Windows Live
O43 - CFD: 19/05/2011 - 01:34:38 - [9619128] ----D- C:\Program Files\Windows Mail
O43 - CFD: 21/10/2010 - 21:53:40 - [5140215] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 25/07/2010 - 22:27:02 - [8057896] ----D- C:\Program Files\Windows NT
O43 - CFD: 21/10/2010 - 21:53:36 - [16439458] ----D- C:\Program Files\Windows Photo Gallery
O43 - CFD: 23/10/2010 - 03:20:16 - [167424] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 21/10/2010 - 21:53:40 - [6886418] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 21/05/2011 - 09:59:14 - [214732073] ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 02/11/2006 - 15:33:54 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 02/11/2006 - 15:33:54 - [608256] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 25/10/2008 - 02:29:12 - [9604626] ----D- C:\Program Files\Common Files\System
O43 - CFD: 14/09/2010 - 21:48:04 - [48030465] ----D- C:\ProgramData\Adobe
O43 - CFD: 31/08/2010 - 11:30:00 - [0] ----D- C:\ProgramData\Alwil Software
O43 - CFD: 06/08/2010 - 21:11:10 - [0] ----D- C:\ProgramData\AOL
O43 - CFD: 10/11/2010 - 19:34:22 - [24833024] ----D- C:\ProgramData\Apple Computer
O43 - CFD: 25/07/2010 - 22:27:02 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 31/08/2010 - 11:27:54 - [45404604] ----D- C:\ProgramData\Avira
O43 - CFD: 29/12/2010 - 22:46:08 - [0] ----D- C:\ProgramData\AVS4YOU
O43 - CFD: 25/07/2010 - 22:27:02 - [0] -SH-D- C:\ProgramData\Bureau
O43 - CFD: 10/11/2010 - 19:33:36 - [118113] ----D- C:\ProgramData\Canopus
O43 - CFD: 25/07/2010 - 22:43:00 - [0] ----D- C:\ProgramData\CyberLink
O43 - CFD: 25/07/2010 - 22:27:02 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 13/11/2010 - 22:38:40 - [1020] ----D- C:\ProgramData\Driver Mender
O43 - CFD: 16/10/2010 - 21:06:56 - [27022] ----D- C:\ProgramData\Enkord
O43 - CFD: 25/07/2010 - 22:27:02 - [0] -SH-D- C:\ProgramData\Favoris
O43 - CFD: 20/08/2010 - 21:08:00 - [536260] ----D- C:\ProgramData\Google
O43 - CFD: 25/07/2010 - 22:25:00 - [65280452] ----D- C:\ProgramData\Hewlett-Packard
O43 - CFD: 24/10/2008 - 17:46:44 - [53720] ----D- C:\ProgramData\HP
O43 - CFD: 07/12/2010 - 10:28:00 - [195] ----D- C:\ProgramData\IM
O43 - CFD: 07/12/2010 - 10:26:06 - [8776924] ----D- C:\ProgramData\IncrediMail
O43 - CFD: 10/10/2010 - 21:52:58 - [233008841] ----D- C:\ProgramData\Installations
O43 - CFD: 22/05/2011 - 09:57:50 - [14467869] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 14/09/2010 - 21:27:46 - [175890] ----D- C:\ProgramData\McAfee
O43 - CFD: 25/07/2010 - 22:27:02 - [0] -SH-D- C:\ProgramData\Menu Démarrer
O43 - CFD: 21/05/2011 - 10:08:58 - [270966926] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 19/05/2011 - 01:28:06 - [65262] ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 25/07/2010 - 22:27:02 - [0] -SH-D- C:\ProgramData\Modèles
O43 - CFD: 24/10/2008 - 17:45:18 - [1229058] ----D- C:\ProgramData\muvee Technologies
O43 - CFD: 24/10/2008 - 17:33:20 - [180561] ----D- C:\ProgramData\NVIDIA
O43 - CFD: 10/10/2010 - 22:00:46 - [0] ----D- C:\ProgramData\PC Suite
O43 - CFD: 24/10/2008 - 17:52:10 - [1235] ----D- C:\ProgramData\PC-Doctor
O43 - CFD: 24/10/2008 - 17:52:10 - [2003456] ----D- C:\ProgramData\PC-Doctor for Windows
O43 - CFD: 07/12/2010 - 22:13:26 - [4448668] ----D- C:\ProgramData\Photo Notifier and Animation Creator
O43 - CFD: 08/11/2010 - 22:46:44 - [7813] ----D- C:\ProgramData\Real
O43 - CFD: 21/10/2010 - 21:38:24 - [189] ----D- C:\ProgramData\Sun
O43 - CFD: 28/12/2010 - 23:50:34 - [281065] ----D- C:\ProgramData\SweetIM
O43 - CFD: 26/07/2010 - 21:35:08 - [2334] ----D- C:\ProgramData\Symantec
O43 - CFD: 06/03/2011 - 10:45:12 - [0] ---AD- C:\ProgramData\TEMP
O43 - CFD: 13/11/2010 - 22:38:50 - [0] ----D- C:\ProgramData\UAB
O43 - CFD: 12/11/2010 - 21:38:54 - [1393537256] ----D- C:\ProgramData\WildTangent
O43 - CFD: 18/11/2010 - 22:19:14 - [8423383] ----D- C:\ProgramData\Zylom
O43 - CFD: 30/08/2010 - 21:22:30 - [2412399] ----D- C:\Users\daniel\AppData\Roaming\Adobe
O43 - CFD: 03/09/2010 - 13:57:34 - [348284] ----D- C:\Users\daniel\AppData\Roaming\Anuman Interactive
O43 - CFD: 10/11/2010 - 21:51:04 - [2712] ----D- C:\Users\daniel\AppData\Roaming\Apple Computer
O43 - CFD: 12/11/2010 - 19:09:32 - [0] ----D- C:\Users\daniel\AppData\Roaming\Avira
O43 - CFD: 29/12/2010 - 22:46:08 - [9118] ----D- C:\Users\daniel\AppData\Roaming\AVS4YOU
O43 - CFD: 10/11/2010 - 19:39:38 - [143819] ----D- C:\Users\daniel\AppData\Roaming\Canopus
O43 - CFD: 25/07/2010 - 22:43:00 - [20] ----D- C:\Users\daniel\AppData\Roaming\CyberLink
O43 - CFD: 26/12/2010 - 12:03:38 - [13489] ----D- C:\Users\daniel\AppData\Roaming\FileZilla
O43 - CFD: 28/12/2010 - 23:52:12 - [625] ----D- C:\Users\daniel\AppData\Roaming\freeCompressor
O43 - CFD: 20/08/2010 - 21:11:26 - [4064] ----D- C:\Users\daniel\AppData\Roaming\Google
O43 - CFD: 25/07/2010 - 22:36:54 - [431531] ----D- C:\Users\daniel\AppData\Roaming\Hewlett-Packard
O43 - CFD: 25/07/2010 - 22:36:08 - [0] ----D- C:\Users\daniel\AppData\Roaming\Identities
O43 - CFD: 16/05/2011 - 16:53:06 - [34455415] ----D- C:\Users\daniel\AppData\Roaming\Intelli-studio
O43 - CFD: 31/08/2010 - 21:06:18 - [1934] ----D- C:\Users\daniel\AppData\Roaming\LiveCAD3
O43 - CFD: 25/07/2010 - 22:33:06 - [5939482] ----D- C:\Users\daniel\AppData\Roaming\Macromedia
O43 - CFD: 22/05/2011 - 09:58:12 - [12217] ----D- C:\Users\daniel\AppData\Roaming\Malwarebytes
O43 - CFD: 02/11/2006 - 17:07:26 - [0] ----D- C:\Users\daniel\AppData\Roaming\Media Center Programs
O43 - CFD: 10/12/2010 - 22:50:02 - [76] ----D- C:\Users\daniel\AppData\Roaming\Media Player Classic
O43 - CFD: 21/05/2011 - 12:43:20 - [9530822] -S--D- C:\Users\daniel\AppData\Roaming\Microsoft
O43 - CFD: 19/12/2010 - 22:30:28 - [15619667] ----D- C:\Users\daniel\AppData\Roaming\Mozilla
O43 - CFD: 09/10/2010 - 22:08:06 - [9108] ----D- C:\Users\daniel\AppData\Roaming\muvee Technologies
O43 - CFD: 28/08/2010 - 21:03:38 - [441] ----D- C:\Users\daniel\AppData\Roaming\NAVIGON Fresh
O43 - CFD: 10/10/2010 - 22:13:34 - [431306] ----D- C:\Users\daniel\AppData\Roaming\Nokia
O43 - CFD: 29/01/2011 - 00:27:16 - [4157705] ----D- C:\Users\daniel\AppData\Roaming\OpenOffice.org
O43 - CFD: 10/10/2010 - 22:00:48 - [354] ----D- C:\Users\daniel\AppData\Roaming\PC Suite
O43 - CFD: 13/12/2010 - 23:33:10 - [250292] ----D- C:\Users\daniel\AppData\Roaming\PCFix
O43 - CFD: 04/03/2011 - 18:01:42 - [249] ----D- C:\Users\daniel\AppData\Roaming\PhotoFiltre
O43 - CFD: 16/05/2011 - 17:07:00 - [32106690] ----D- C:\Users\daniel\AppData\Roaming\Real
O43 - CFD: 15/02/2011 - 04:00:28 - [1182837] ----D- C:\Users\daniel\AppData\Roaming\Spotify
O43 - CFD: 25/07/2010 - 22:36:44 - [0] ----D- C:\Users\daniel\AppData\Roaming\Symantec
O43 - CFD: 18/12/2010 - 13:14:24 - [13824] ----D- C:\Users\daniel\AppData\Roaming\Template
O43 - CFD: 01/04/2011 - 14:04:32 - [1825944] ----D- C:\Users\daniel\AppData\Roaming\vlc
O43 - CFD: 30/08/2010 - 22:08:54 - [551] ----D- C:\Users\daniel\AppData\Roaming\WildTangent
O43 - CFD: 06/08/2010 - 21:32:06 - [0] ----D- C:\Users\daniel\AppData\Roaming\WinBatch
O43 - CFD: 22/05/2011 - 10:11:30 - [0] ----D- C:\Users\daniel\AppData\Roaming\Windows Live Writer
O43 - CFD: 14/09/2010 - 21:43:00 - [161417189] ----D- C:\Users\daniel\Appdata\Local\Adobe
O43 - CFD: 25/07/2010 - 22:30:12 - [0] -SH-D- C:\Users\daniel\Appdata\Local\Application Data
O43 - CFD: 25/02/2011 - 17:34:32 - [549715] ----D- C:\Users\daniel\Appdata\Local\CygniCon
O43 - CFD: 29/12/2010 - 21:42:14 - [178948] ----D- C:\Users\daniel\Appdata\Local\freecompressor Air
O43 - CFD: 24/10/2010 - 19:50:52 - [135264] ----D- C:\Users\daniel\Appdata\Local\freetvradio Air
O43 - CFD: 27/02/2011 - 12:24:58 - [282662102] ----D- C:\Users\daniel\Appdata\Local\Google
O43 - CFD: 25/07/2010 - 22:36:56 - [1819] ----D- C:\Users\daniel\Appdata\Local\Hewlett-Packard
O43 - CFD: 25/07/2010 - 22:30:12 - [0] -SH-D- C:\Users\daniel\Appdata\Local\Historique
O43 - CFD: 25/07/2010 - 22:52:58 - [373373] ----D- C:\Users\daniel\Appdata\Local\HP
O43 - CFD: 23/10/2010 - 21:28:18 - [1711410] ----D- C:\Users\daniel\Appdata\Local\MAX_FR_Atube
O43 - CFD: 22/05/2011 - 10:11:14 - [840353573] ----D- C:\Users\daniel\Appdata\Local\Microsoft
O43 - CFD: 15/11/2010 - 22:13:38 - [13238] ----D- C:\Users\daniel\Appdata\Local\Microsoft Corporation
O43 - CFD: 30/08/2010 - 21:56:38 - [181678] ----D- C:\Users\daniel\Appdata\Local\Microsoft Games
O43 - CFD: 27/03/2011 - 11:36:52 - [123032] ----D- C:\Users\daniel\Appdata\Local\Microsoft Help
O43 - CFD: 19/12/2010 - 22:30:28 - [222406068] ----D- C:\Users\daniel\Appdata\Local\Mozilla
O43 - CFD: 13/12/2010 - 23:27:56 - [0] ----D- C:\Users\daniel\Appdata\Local\PackageAware
O43 - CFD: 13/11/2010 - 22:38:48 - [2217] ----D- C:\Users\daniel\Appdata\Local\PC_Drivers_Headquarters
O43 - CFD: 23/10/2010 - 21:28:14 - [251932] ----D- C:\Users\daniel\Appdata\Local\Radio_Ba
1)
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======
Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org
C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 09:37:17 le 22/05/2011, Mode normal
Microsoft® Windows Vista(TM) Édition Familiale Premium Service Pack 2 (X64)
daniel@PC-DE-DANIEL (HP-Pavilion NF414AA-ABF a6644fr)
============== ACTION(S) ==============
Dossier supprimé: C:\Users\daniel\AppData\Roaming\Mozilla\FireFox\Profiles\fgglxhxx.default\extensions\@FissaPlugin
Dossier supprimé: C:\Users\daniel\AppData\Local\Conduit
Dossier supprimé: C:\Users\daniel\AppData\LocalLow\Conduit
Dossier supprimé: C:\Users\daniel\AppData\Local\ConduitEngine
Dossier supprimé: C:\Users\daniel\AppData\LocalLow\ConduitEngine
Dossier supprimé: C:\Program Files (x86)\ConduitEngine
Dossier supprimé: C:\Users\daniel\AppData\Roaming\FissaSearch
Dossier supprimé: C:\Users\daniel\AppData\Roaming\freeTVRadio
Dossier supprimé: C:\Users\daniel\AppData\Roaming\PriceGong
Dossier supprimé: C:\Users\daniel\AppData\LocalLow\PriceGong
Dossier supprimé: C:\Users\daniel\AppData\Roaming\EoRezo
Dossier supprimé: C:\Users\daniel\AppData\Local\EoRezo
Dossier supprimé: C:\Program Files (x86)\EoRezo
Dossier supprimé: C:\Users\daniel\AppData\Roaming\OfferBox
(!) -- Fichiers temporaires supprimés.
Clé supprimée: HKLM\Software\Classes\CLSID\{05F56B58-5DF0-4DF3-AD7D-3466551C4626}
Clé supprimée: HKLM\Software\Classes\CLSID\{1EAF17F4-610E-4A6D-92C1-E6E0FD257486}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1EAF17F4-610E-4A6D-92C1-E6E0FD257486}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1EAF17F4-610E-4A6D-92C1-E6E0FD257486}
Clé supprimée: HKLM\Software\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Clé supprimée: HKLM\Software\Classes\CLSID\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C10DC1F4-CCDF-4224-A24D-B23AFC3573C8}
Clé supprimée: HKLM\Software\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Clé supprimée: HKLM\Software\Classes\CLSID\{DFEDF431-53A9-4EEF-8754-A383BC157444}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DFEDF431-53A9-4EEF-8754-A383BC157444}
Clé supprimée: HKLM\Software\Classes\Interface\{DF76E9B7-35EC-46FC-AF56-5B79DED9D64F}
Clé supprimée: HKLM\Software\Classes\TypeLib\{18AF7201-4F14-4BCF-93FE-45617CF259FF}
Clé supprimée: HKLM\Software\Classes\Conduit.Engine
Clé supprimée: HKLM\Software\Classes\EoEngineBHO.EOBHO
Clé supprimée: HKLM\Software\Classes\EoEngineBHO.EOBHO.1
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2095689
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2189218
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2405727
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2724386
Clé supprimée: HKLM\Software\Classes\AppID\EoEngineBHO.DLL
Clé supprimée: HKLM\Software\Classes\AppID\{AFBB7970-789A-4264-BA70-E8127DECE400}
Clé supprimée: HKLM\Software\Conduit
Clé supprimée: HKLM\Software\conduitEngine
Clé supprimée: HKLM\Software\EoRezo
Clé supprimée: HKLM\Software\FissaSearch
Clé supprimée: HKLM\Software\OfferBox
Clé supprimée: HKCU\Software\Conduit
Clé supprimée: HKCU\Software\conduitEngine
Clé supprimée: HKCU\Software\EoRezo
Clé supprimée: HKCU\Software\FissaSearch
Clé supprimée: HKCU\Software\freeCompressor
Clé supprimée: HKCU\Software\freeTVRadio
Clé supprimée: HKCU\Software\OfferBox
Clé supprimée: HKCU\Software\PriceGong
Clé supprimée: HKCU\Software\Spointer
Clé supprimée: HKCU\Software\AppDataLow\Toolbar
Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
Clé supprimée: HKCU\Software\AppDataLow\Software\conduitEngine
Clé supprimée: HKCU\Software\AppDataLow\Software\PriceGong
Clé supprimée: HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b41306c6-96d0-442a-bcc4-b0f621e82ce9}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54C369A6-87E0-4708-A146-0FCEDC0EF413}
Clé supprimée: HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C16DAB5D-AD21-4423-9454-A00881B8313B}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\EoRezo_is1
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Fissa
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4BD271AB-66E2-4D58-AF88-80FE3B0770C4}
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\EoRezo_is1
Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fissa
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé supprimée: HKLM\Software\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Eorezo
Valeur supprimée: HKLM\Software\Microsoft\Internet Explorer\Toolbar|{30F9B915-B755-4826-820B-08FBA6BD249D}
Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}
============== SCAN ADDITIONNEL ==============
**** Mozilla Firefox Version [4.0.1 (fr)] ****
Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)
-- C:\Users\daniel\AppData\Roaming\Mozilla\FireFox\Profiles\fgglxhxx.default --
Prefs.js - browser.search.defaultenginename, Yahoo
Prefs.js - browser.search.defaulturl, hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
Prefs.js - browser.search.selectedEngine, Google
Prefs.js - browser.startup.homepage, hxxp://www.google.fr/ig#t_0
Prefs.js - browser.startup.homepage_override.buildID, 20110413222027
Prefs.js - browser.startup.homepage_override.mstone, rv:2.0.1
Prefs.js - keyword.URL, hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
========================================
**** Internet Explorer Version [8.0.6001.19048] ****
HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_URLSearchHooks|{dfee82b7-e9d1-40d1-acad-35457b08a2db} (x)
HKCU_URLSearchHooks|{9bb815eb-3f9f-4e11-9150-cb70e29b40fc} (x)
HKCU_URLSearchHooks|{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} (x)
HKCU_URLSearchHooks|{a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} (x)
HKCU_URLSearchHooks|{EEE6C35D-6118-11DC-9C72-001320C79847} - "SweetIM ToolbarURLSearchHook Class" (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll)
HKLM_URLSearchHooks|{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} (x)
HKCU_SearchScopes\{802DE6CE-4711-4535-BBD4-9804F422AD2C} - "Kelkoo" (hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKCU_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKLM_SearchScopes\{802DE6CE-4711-4535-BBD4-9804F422AD2C} - "Kelkoo" (hxxp://fr.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromfor...)
HKLM_SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} - "SweetIM Search" (hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms})
HKCU_Toolbar\WebBrowser|{DFEE82B7-E9D1-40D1-ACAD-35457B08A2DB} (x)
HKCU_Toolbar\WebBrowser|{9BB815EB-3F9F-4E11-9150-CB70E29B40FC} (x)
HKCU_Toolbar\WebBrowser|{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} (x)
HKCU_Toolbar\WebBrowser|{A8F9752D-E2B8-4E7A-86B5-499F4330E2FE} (x)
HKCU_Toolbar\WebBrowser|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKLM_Toolbar|{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} (x)
HKLM_Toolbar|{EEE6C35B-6118-11DC-9C72-001320C79847} (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
HKCU_ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} - C:\Program Files (x86)\Spotify\spotify.exe (Spotify Ltd)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (SweetIM Technologies Ltd.)
BHO\{EEE6C35C-6118-11DC-9C72-001320C79847} - "SweetIM Toolbar Helper" (C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll)
========================================
C:\Program Files (x86)\Ad-Remover\Quarantine: 147 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 15 Fichier(s)
C:\Ad-Report-CLEAN[1].txt - 22/05/2011 09:37:45 (10850 Octet(s))
Fin à: 09:39:55, 22/05/2011
============== E.O.F ==============
2)
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Version de la base de données: 6639
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
22/05/2011 10:13:05
mbam-log-2011-05-22 (10-13-05).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 174829
Temps écoulé: 5 minute(s), 41 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\B60JHDGR6V (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Metropolis (Trojan.FakeAlert) -> Value: Metropolis -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
3)
Rapport de ZHPDiag v1.27.21 par Nicolas Coolman, Update du 21/05/2011
Run by daniel at 22/05/2011 10:15:58
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
---\\ Web Browser
MSIE: Internet Explorer v8.0.6001.19048
GCIE: Google Chrome
---\\ System Information
Windows Vista Home Premium Edition, 64-bit Service Pack 2 (Build 6002)
Processor: Intel64 Family 6 Model 15 Stepping 13, GenuineIntel
Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4093 MB (57% free)
System Restore: Activé (Enable)
System drive C: has 169 GB (59%) free of 284 GB
---\\ Logged in mode
Computer Name: PC-DE-DANIEL
User Name: daniel
All Users Names: daniel, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator
---\\ Environnement Variables
%AppData%=C:\Users\daniel\AppData\Roaming
%LocalAppData%=C:\Users\daniel\AppData\Local
%StartMenu%=C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu
---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 169 Go of 284 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 2 Go of 14 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 96 Go of 167 Go)
F:\ CD-ROM drive (Free 0 Go of 1 Go)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
K:\ Hard drive, Flash drive, Thumb drive (Free 178 Go of 279 Go)
---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK
---\\ Recherche particulière de fichiers génériques
[MD5.6B08E54A451B3F95E4109DBA7E594270] - (.Microsoft Corporation - Explorateur Windows.) (.11/04/2009 08:10:17.) -- C:\Windows\Explorer.exe [3079168]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Application de démarrage de Windows.) (.21/01/2008 03:48:04.) -- C:\Windows\system32\Wininit.exe [96768]
[MD5.047CDEFF94B63F0A4791372B47427B60] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/02/2011 07:21:28.) -- C:\Windows\system32\wininet.dll [916480]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.11/04/2009 07:28:13.) -- C:\Windows\system32\Winlogon.exe [314368]
---\\ Processus lancés
[MD5.F1AA26C6F261C28D42994CF46F3F83B7] - (.Pas de propriétaire - cspep.) -- C:\Program Files (x86)\cspep\cspep.exe [684032]
[MD5.5D8D38B4ACBEE4A5432631E2EAFB169D] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [972080]
[MD5.35BC52A2AC9CC3D9B70497119D7978E7] - (.Anuman Interactive - Anuman Live.) -- C:\Users\daniel\AppData\Roaming\Anuman Interactive\AnumanLive\AnumanLive.exe [348160]
[MD5.E69FC2484C3D9C648C5C275F7F8C5287] - (.Ulead Systems, Inc. - Photo Express -- Calendar Checker.) -- C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [69632]
[MD5.9A4322EE420D6FACD4D4B1FF6CB856B1] - (.Hewlett-Packard Company - hpsysdrv.) -- C:\hp\support\hpsysdrv.exe [65536]
[MD5.DC35217E5F49C2FE2D5EBC7CB52FEC65] - (.Pas de propriétaire - WlanCU MFC Application.) -- C:\Program Files (x86)\TRENDnet\TEW-424UB\WlanCU.exe [434176]
[MD5.21293443961A4E2597453EE7A9347F22] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe [54840]
[MD5.BC9C9BE7BB74D629362608ACE470E7DA] - (.Microsoft Corporation - Notification de cadeaux MSN.) -- C:\Users\daniel\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [135680]
[MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768]
[MD5.569E547273C25B019054A12A40400ECE] - (.OpenOffice.org - OpenOffice.org 3.2.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [11318784]
[MD5.7FBE43046EFDF24FC9375024E4D02AC9] - (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\qttask.exe [282624]
[MD5.A64DA4EF938434F19142F964296347BF] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [111928]
[MD5.2E5212A0BFB98FE0167C92C76C87AFE3] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064]
[MD5.4B723F33D7331F20E06F3A2FD76EC1D5] - (.OpenOffice.org - OpenOffice.org 3.2.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [11312128]
[MD5.C81BE1B951C36E97D3DA90DA745DA5F7] - (.Hewlett-Packard Company - KBD EXE.) -- C:\hp\kbd\kbd.exe [61440]
[MD5.E83508D9A0F0D0D8449317DC6A4C5E02] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [924632]
[MD5.3B2CC09944488DB5ED5DFDC315C9AB57] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [16856]
[MD5.38217D4733783329864ECFC6A3595DA6] - (.Pas de propriétaire - IncrediMail Installer.) -- C:\Users\daniel\Saved Games\musique incredit\IM\Runtime\IncrediMail_Install.exe [459600]
[MD5.BD89C6664BADD73B0983E0029B854230] - (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [353736]
[MD5.5E44A0900974A7BADA7A998F64DFF116] - (.IncrediMail, Ltd. - IncrediMail Tray Application.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe [255432]
[MD5.4CEC4B72C5B255EC2F7C54CD03554540] - (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [963976]
[MD5.DAF60E13E96ECB67F0EDAA89C6B01B8D] - (.Microsoft Corporation - Bloc-notes.) -- C:\Windows\SysWOW64\NOTEPAD.EXE [151040]
[MD5.AF2A4686F7B696A3952F40350CC37DD3] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [657408]
---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
M3 - MFPP: Plugins - [daniel] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [daniel] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [daniel] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [daniel] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [daniel] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [daniel] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [daniel] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo-france.xml
P2 - FPN:Firefox Plugin Navigator . (.Sun Microsystems, Inc. - NPRuntime Script Plug-in Library for Java(TM) Deploy.) -- C:\Program Files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll
M0 - MFSP: prefs.js [daniel - fgglxhxx.default] http://www.google.fr/ig#t_0
M2 - MFEP: prefs.js [daniel - fgglxhxx.default\{20a82645-c095-46ed-80e3-08825760534b}] [MicrosoftCG] Microsoft .NET Framework Assistant v1.2.1 (.Microsoft.)
M2 - MFEP: prefs.js [daniel - fgglxhxx.default\{635abd67-4fe9-1b23-4f01-e679fa7484c1}] [yahoo.ytff] Yahoo! Toolbar v2.1.1.20091029021655 (.Yahoo!.)
---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
G1 - GCS: Preference [User Data\Default] http://mystart.incredimail.com
G0 - GCSP: Preference [User Data\Default][HomePage] http://www.google.com
---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com
R0 - HKUS\S-1-5-21-566303966-4227365094-1168135285-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: (no name) [64Bits] - {dfee82b7-e9d1-40d1-acad-35457b08a2db} Clé orpheline
R3 - URLSearchHook: (no name) [64Bits] - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} Clé orpheline
R3 - URLSearchHook: (no name) [64Bits] - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} Clé orpheline
R3 - URLSearchHook: (no name) [64Bits] - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} Clé orpheline
R3 - URLSearchHook: (no name) [64Bits] - {EEE6C35D-6118-11DC-9C72-001320C79847} Clé orpheline
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O2 - BHO: Google Toolbar Notifier BHO [64Bits] - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll
---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar [64Bits] - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
---\\ ---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Run: [NvCplDaemon] C:\Windows\system32\NvCpl.dll (.not file.)
O4 - HKLM\..\Run: [NvMediaCenter] C:\Windows\system32\NvMcTray.dll (.not file.)
O4 - HKLM\..\Run: [CamserviceInfinite] C:\Program Files (x86)\Hercules\Dualpix HD720p for Notebooks\XtrCtrlPro.exe (.not file.)
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [HPAdvisor] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AnumanLive] . (.Anuman Interactive - Anuman Live.) -- C:\Users\daniel\AppData\Roaming\Anuman Interactive\AnumanLive\AnumanLive.exe
O4 - HKCU\..\Run: [IncrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe
O4 - HKCU\..\Run: [msnmsgr] ~C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe
O4 - HKLM\..\Wow6432Node\Run: [NvCplDaemon] C:\Windows\system32\NvCpl.dll (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [NvMediaCenter] C:\Windows\system32\NvMcTray.dll (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [CamserviceInfinite] C:\Program Files (x86)\Hercules\Dualpix HD720p for Notebooks\XtrCtrlPro.exe (.not file.)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] oobefldr.dll
O4 - HKUS\S-1-5-21-566303966-4227365094-1168135285-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Volet Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-566303966-4227365094-1168135285-1000\..\Run: [HPAdvisor] . (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKUS\S-1-5-21-566303966-4227365094-1168135285-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-566303966-4227365094-1168135285-1000\..\Run: [AnumanLive] . (.Anuman Interactive - Anuman Live.) -- C:\Users\daniel\AppData\Roaming\Anuman Interactive\AnumanLive\AnumanLive.exe
O4 - HKUS\S-1-5-21-566303966-4227365094-1168135285-1000\..\Run: [IncrediMail] . (.IncrediMail, Ltd. - IncrediMail Application.) -- C:\Program Files (x86)\IncrediMail\bin\IncMail.exe
O4 - HKUS\S-1-5-21-566303966-4227365094-1168135285-1000\..\Run: [msnmsgr] ~C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.not file.)
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Contrôleur de calendrier Ulead.lnk . (.Ulead Systems, Inc..) -- C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Configuration Utility.lnk . (...) -- C:\Program Files (x86)\TRENDnet\TEW-424UB\WlanCU.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notification de cadeaux MSN.lnk . (.Microsoft Corporation.) -- C:\Users\daniel\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk . (...) -- C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
---\\ ---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk . (.CyberLink.) -- C:\Program Files (x86)\CyberLink\DVD Suite Deluxe\PowerStarter.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk . (.Spotify Ltd.) -- C:\Program Files (x86)\Spotify\spotify.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Mail\WinMail.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\daniel\Desktop\AD-R.lnk . (...) -- C:\Program Files (x86)\Ad-Remover\main.exe
O4 - Global Startup: C:\Users\daniel\Desktop\AVS Video Converter.lnk . (.Online Media Technologies Ltd..) -- C:\Program Files (x86)\AVS4YOU\AVSVideoConverter\AVSVideoConverter.exe
O4 - Global Startup: C:\Users\daniel\Desktop\AVS4YOU Software Navigator.lnk . (.Online Media Technologies Ltd..) -- C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\AVS4YOUSoftwareNavigator.exe
O4 - Global Startup: C:\Users\daniel\Desktop\daniel - Raccourci.lnk . (...) -- C:\Users\daniel
O4 - Global Startup: C:\Users\daniel\Desktop\Disque local (E) - Raccourci.lnk . (...) -- E:\
O4 - Global Startup: C:\Users\daniel\Desktop\Images - Raccourci.lnk . (...) -- E:\Pictures
O4 - Global Startup: C:\Users\daniel\Desktop\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\daniel\Desktop\Microsoft Works - Raccourci.lnk . (...) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
O4 - Global Startup: C:\Users\daniel\Desktop\Musique - Raccourci.lnk . (...) -- E:\Music
O4 - Global Startup: C:\Users\daniel\Desktop\Spotify.lnk . (.Spotify Ltd.) -- C:\Program Files (x86)\Spotify\spotify.exe
O4 - Global Startup: C:\Users\daniel\Desktop\Vidéos - Raccourci.lnk . (...) -- E:\Videos
O4 - Global Startup: C:\Users\daniel\Desktop\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk . (.IncrediMail, Ltd..) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk . (...) -- C:\Windows\Installer\{08094E03-AFE4-4853-9D31-6D0743DF5328}\QTPlayer.ico
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Ulead COOL 3D 3.5.lnk . (.Ulead Systems, Inc..) -- C:\Program Files (x86)\Ulead Systems\Ulead COOL 3D 3.5\u3dedit3.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Ulead COOL 3D Production Studio.lnk . (.Ulead Systems, Inc..) -- C:\Program Files (x86)\Ulead Systems\Ulead COOL 3D Production Studio\u3dedit4.exe
O4 - Global Startup: C:\Users\daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~2\MICROS~2\Office12\EXCEL.exe
O8 - Extra context menu item: Google Sidewiki... . (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll
---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Windows Sockets Helper DLL.) -- C:\Windows\system32\wshbth.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{13E8F2B1-C4E6-4F68-BEFB-712821C14571}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7C167F0-2CE0-4CCC-A40A-C68A89046D49}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{13E8F2B1-C4E6-4F68-BEFB-712821C14571}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A7C167F0-2CE0-4CCC-A40A-C68A89046D49}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{13E8F2B1-C4E6-4F68-BEFB-712821C14571}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{A7C167F0-2CE0-4CCC-A40A-C68A89046D49}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} . (.Microsoft Corporation - Contrôleur de site Web.) -- C:\Windows\System32\webcheck.dll
---\\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) [64Bits] - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Bibliothèque de l'interface utilisateur du.) -- C:\Windows\system32\browseui.dll
---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: (GameConsoleService) . (.WildTangent, Inc. - GameConsoleService.) - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: (gusvc) . (.Google - gusvc.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: (HP Health Check Service) . (.Hewlett-Packard - HP Health Check Service.) - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: (IDriverT) . (.Macrovision Corporation - IDriverT Module.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: (LightScribeService) . (.Hewlett-Packard Company - LightScribe Service.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: (nvsvc) . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 175.5.) - C:\Windows\system32\nvvsvc.exe
O23 - Service: (ServiceLayer) . (.Nokia - ServiceLayer Module.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: (wlidsvc) . (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.exe
---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\User_Feed_Synchronization-{2484FDB2-FCB6-4B4A-9A1D-D32992564452}.job
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.F02A533F517EB38333CB12A9E8963773] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.EC16CDD6BA4AA4F02C3615F997F6FD84] [APT] [HP Health Check] (.Hewlett-Packard.) -- c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[MD5.627C50E15FAE0382B5F71C4E0BF5F49F] [APT] [IntenetServiceOffers] (.Pas de propriétaire.) -- C:\Program Files (x86)\Hewlett-Packard\SDP\RemEngine.exe
[MD5.00000000000000000000000000000000] [APT] [RealUpgradeLogonTaskS-1-5-21-566303966-4227365094-1168135285-1000] (.Pas de propriétaire.) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [RealUpgradeScheduledTaskS-1-5-21-566303966-4227365094-1168135285-1000] (.Pas de propriétaire.) -- C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (.not file.)
[MD5.627C50E15FAE0382B5F71C4E0BF5F49F] [APT] [RecoveryCD] (.Pas de propriétaire.) -- C:\Program Files (x86)\Hewlett-Packard\SDP\RemEngine.exe
[MD5.00000000000000000000000000000000] [APT] [{E3460514-8FDF-4CE9-8E1E-F5479968345B}] (.Pas de propriétaire.) -- C:\Program Files (x86)\Free Belote\FreeBelote.exe (.not file.)
[MD5.8A447432636CC71B1036034B9BFF5342] [APT] [Scheduled Maintenance] (.PC-Doctor, Inc..) -- C:\Program Files (x86)\PC-Doctor for Windows\RunProfiler.exe
[MD5.EFB0FCD1CD300E5708E73230D91D6532] [APT] [Scheduled Maintenance Swap] (.PC-Doctor, Inc..) -- C:\Program Files (x86)\PC-Doctor for Windows\task_swap.exe
---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (cdrblock) . (. - .) - C:\Windows\System32\DRIVERS\cdrblock.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: (cdrport) . (. - .) - C:\Windows\System32\DRIVERS\cdrport.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: (i8042prt) . (.Microsoft Corporation - Pilote de port i8042.) - C:\Windows\System32\DRIVERS\i8042prt.sys
O41 - Driver: (kbdclass) . (.Microsoft Corporation - Pilote de la classe Clavier.) - C:\Windows\System32\DRIVERS\kbdclass.sys
O41 - Driver: (mouclass) . (.Microsoft Corporation - Pilote de la classe Souris.) - C:\Windows\System32\DRIVERS\mouclass.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: (netbt) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (PSched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: (RasAcd) . (.Microsoft Corporation - RAS Automatic Connection Driver.) - C:\Windows\System32\DRIVERS\rasacd.sys
O41 - Driver: (rdbss) . (.Microsoft Corporation - Redirected Drive Buffering SubSystem Driver.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: (RDPENCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (Smb) . (.Microsoft Corporation - SMB Transport driver.) - C:\Windows\System32\DRIVERS\smb.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Terminal Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
---\\ Logiciels installés (O42)
O42 - Logiciel: HP Photosmart Essential 3.0 - (.HP.) [HKLM] -- HP Photosmart Essential
O42 - Logiciel: MSVC80_x64_v2 - (.Nokia.) [HKLM] -- {4D668D4F-FAA2-4726-834C-31F4614F312E}
O42 - Logiciel: Microsoft .NET Framework 3.5 Language Pack SP1 - fra - (.Microsoft Corporation.) [HKLM] -- {3E31821C-7917-367E-938E-E65FC413EA31}
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 SP1
O42 - Logiciel: Microsoft .NET Framework 3.5 SP1 - (.Microsoft Corporation.) [HKLM] -- {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
O42 - Logiciel: Microsoft Office Office 64-bit Components 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002A-0000-1000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared 64-bit MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002A-040C-1000-0000000FF1CE}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {B6E3757B-5E77-3915-866A-CCFC4B8D194C}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {071c9b48-7c32-4621-a0ac-3f809523288f}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 - (.Microsoft Corporation.) [HKLM] -- {aac9fcc4-dd9e-4add-901c-b5496a07ab2e}
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM] -- {EE936C7A-EA40-31D5-9B65-8E3E089C3828}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM] -- {8338783A-0968-3B85-AFC7-BAAE0A63DC50}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 - (.Microsoft Corporation.) [HKLM] -- {350AA351-21FA-3270-8B7A-835434E766AD}
O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM][64Bits] -- {3B160861-7250-451E-B5EE-8B92BF30A710}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: NVIDIA Drivers - (.Pas de propriétaire.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: Notification de cadeaux MSN - (.Microsoft.) [HKCU] -- Notification de cadeaux MSN
O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}
O42 - Logiciel: Windows Live Family Safety - (.Microsoft Corporation.) [HKLM] -- {FE4BE0BD-1EDB-4D24-9614-847B3C472887}
O42 - Logiciel: Windows Live ID Sign-in Assistant - (.Microsoft Corporation.) [HKLM] -- {1B8ABA62-74F0-47ED-B18C-A43128E591B8}
O42 - Logiciel: Windows Live Language Selector - (.Microsoft Corporation.) [HKLM] -- {D07A61E5-A59C-433C-BCBD-22025FA2287B}
O42 - Logiciel: Windows Live MIME IFilter - (.Microsoft Corporation.) [HKLM] -- {DA54F80E-261C-41A2-A855-549A144F2F59}
O42 - Logiciel: Windows Live Remote Client - (.Microsoft Corporation.) [HKLM] -- {DF6D988A-EEA0-4277-AAB8-158E086E439B}
O42 - Logiciel: Windows Live Remote Client Resources - (.Microsoft Corporation.) [HKLM] -- {B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}
O42 - Logiciel: Windows Live Remote Service - (.Microsoft Corporation.) [HKLM] -- {E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
O42 - Logiciel: Windows Live Remote Service Resources - (.Microsoft Corporation.) [HKLM] -- {5E2CD4FB-4538-4831-8176-05D653C3E6D4}
---\\ HKCU & HKLM Software Keys
[HKCU\Software\ALWIL Software]
[HKCU\Software\AOL]
[HKCU\Software\AVS4YOU]
[HKCU\Software\Ad-Remover]
[HKCU\Software\Adobe]
[HKCU\Software\Anuman Interactive]
[HKCU\Software\AppDataLow\Software\Eazel-FR]
[HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Avira]
[HKCU\Software\Binary Noise]
[HKCU\Software\Bugsplat]
[HKCU\Software\Canopus]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CyberLink]
[HKCU\Software\Cygnicon GmbH]
[HKCU\Software\Dicomp]
[HKCU\Software\DivXNetworks]
[HKCU\Software\DsNET Corp.]
[HKCU\Software\Enkord]
[HKCU\Software\FIXIO PC Utilities]
[HKCU\Software\GNU]
[HKCU\Software\GSpot Appliance Corp]
[HKCU\Software\Gabest]
[HKCU\Software\Google]
[HKCU\Software\HerculesDualpix HD720p for Notebooks]
[HKCU\Software\Hercules]
[HKCU\Software\Hewlett-Packard]
[HKCU\Software\HookNetwork]
[HKCU\Software\IM Providers]
[HKCU\Software\IM]
[HKCU\Software\ImInstaller]
[HKCU\Software\IncrediMail]
[HKCU\Software\JEDI-VCL]
[HKCU\Software\JavaSoft]
[HKCU\Software\Local AppWizard-Generated Applications]
[HKCU\Software\Macromedia]
[HKCU\Software\Magnet]
[HKCU\Software\MainConcept]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\NVIDIA Corporation]
[HKCU\Software\Netscape]
[HKCU\Software\Nokia]
[HKCU\Software\ODBC]
[HKCU\Software\OpenOffice.org]
[HKCU\Software\Parrot]
[HKCU\Software\Photo Notifier and Animation Creator]
[HKCU\Software\Policies]
[HKCU\Software\RealNetworks]
[HKCU\Software\Samsung]
[HKCU\Software\SecuROM]
[HKCU\Software\Spotify]
[HKCU\Software\SweetIM]
[HKCU\Software\TechSmith]
[HKCU\Software\Trolltech]
[HKCU\Software\Ulead Systems]
[HKCU\Software\VB and VBA Program Settings]
[HKCU\Software\WinRAR]
[HKCU\Software\Wow6432Node]
[HKCU\Software\YahooPartnerToolbar]
[HKCU\Software\cspep]
[HKCU\Software\mb Software AG]
[HKCU\Software\muvee Technologies]
[HKLM\Software\Aladdin Knowledge Systems]
[HKLM\Software\CUSTPDF Writer]
[HKLM\Software\Classes]
[HKLM\Software\Clients]
[HKLM\Software\EasyBits]
[HKLM\Software\Hercules]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\Intel]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\Nokia]
[HKLM\Software\Novatek]
[HKLM\Software\ODBC]
[HKLM\Software\PC Connectivity Solution]
[HKLM\Software\Policies]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\SRS Labs]
[HKLM\Software\Set8187B]
[HKLM\Software\Sonic]
[HKLM\Software\Symantec]
[HKLM\Software\WildTangent]
[HKLM\Software\Wow6432Node]
---\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/07/2010 - 21:35:44 - [0] ----D- C:\Program Files\Alwil Software
O43 - CFD: 26/07/2010 - 21:35:16 - [224947657] ----D- C:\Program Files\Common Files
O43 - CFD: 10/10/2010 - 22:02:52 - [1865752] ----D- C:\Program Files\DIFX
O43 - CFD: 25/07/2010 - 22:27:02 - [0] -SH-D- C:\Program Files\Fichiers communs
O43 - CFD: 20/08/2010 - 16:31:40 - [1293024] ----D- C:\Program Files\Google
O43 - CFD: 24/10/2008 - 18:10:28 - [0] ----D- C:\Program Files\Hewlett-Packard
O43 - CFD: 19/05/2011 - 01:34:36 - [5586739] ----D- C:\Program Files\Internet Explorer
O43 - CFD: 02/11/2006 - 17:07:28 - [94671287] ----D- C:\Program Files\Microsoft Games
O43 - CFD: 27/03/2011 - 11:21:08 - [594846] ----D- C:\Program Files\Microsoft Office
O43 - CFD: 21/10/2010 - 21:53:40 - [116334702] ----D- C:\Program Files\Movie Maker
O43 - CFD: 02/11/2006 - 17:07:28 - [25757] ----D- C:\Program Files\MSBuild
O43 - CFD: 25/07/2010 - 22:30:58 - [126093] R---D- C:\Program Files\Online Services
O43 - CFD: 02/11/2006 - 17:07:28 - [36351145] ----D- C:\Program Files\Reference Assemblies
O43 - CFD: 02/11/2006 - 17:44:56 - [0] --H-D- C:\Program Files\Uninstall Information
O43 - CFD: 25/10/2008 - 02:29:12 - [1302528] ----D- C:\Program Files\Windows Calendar
O43 - CFD: 21/10/2010 - 21:53:38 - [2963968] ----D- C:\Program Files\Windows Collaboration
O43 - CFD: 21/10/2010 - 21:53:34 - [6394224] ----D- C:\Program Files\Windows Defender
O43 - CFD: 21/10/2010 - 21:53:40 - [9655416] ----D- C:\Program Files\Windows Journal
O43 - CFD: 21/05/2011 - 10:01:36 - [7987385] ----D- C:\Program Files\Windows Live
O43 - CFD: 19/05/2011 - 01:34:38 - [9619128] ----D- C:\Program Files\Windows Mail
O43 - CFD: 21/10/2010 - 21:53:40 - [5140215] ----D- C:\Program Files\Windows Media Player
O43 - CFD: 25/07/2010 - 22:27:02 - [8057896] ----D- C:\Program Files\Windows NT
O43 - CFD: 21/10/2010 - 21:53:36 - [16439458] ----D- C:\Program Files\Windows Photo Gallery
O43 - CFD: 23/10/2010 - 03:20:16 - [167424] ----D- C:\Program Files\Windows Portable Devices
O43 - CFD: 21/10/2010 - 21:53:40 - [6886418] ----D- C:\Program Files\Windows Sidebar
O43 - CFD: 21/05/2011 - 09:59:14 - [214732073] ----D- C:\Program Files\Common Files\Microsoft Shared
O43 - CFD: 02/11/2006 - 15:33:54 - [2702] ----D- C:\Program Files\Common Files\Services
O43 - CFD: 02/11/2006 - 15:33:54 - [608256] ----D- C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 25/10/2008 - 02:29:12 - [9604626] ----D- C:\Program Files\Common Files\System
O43 - CFD: 14/09/2010 - 21:48:04 - [48030465] ----D- C:\ProgramData\Adobe
O43 - CFD: 31/08/2010 - 11:30:00 - [0] ----D- C:\ProgramData\Alwil Software
O43 - CFD: 06/08/2010 - 21:11:10 - [0] ----D- C:\ProgramData\AOL
O43 - CFD: 10/11/2010 - 19:34:22 - [24833024] ----D- C:\ProgramData\Apple Computer
O43 - CFD: 25/07/2010 - 22:27:02 - [0] -SH-D- C:\ProgramData\Application Data
O43 - CFD: 31/08/2010 - 11:27:54 - [45404604] ----D- C:\ProgramData\Avira
O43 - CFD: 29/12/2010 - 22:46:08 - [0] ----D- C:\ProgramData\AVS4YOU
O43 - CFD: 25/07/2010 - 22:27:02 - [0] -SH-D- C:\ProgramData\Bureau
O43 - CFD: 10/11/2010 - 19:33:36 - [118113] ----D- C:\ProgramData\Canopus
O43 - CFD: 25/07/2010 - 22:43:00 - [0] ----D- C:\ProgramData\CyberLink
O43 - CFD: 25/07/2010 - 22:27:02 - [0] -SH-D- C:\ProgramData\Documents
O43 - CFD: 13/11/2010 - 22:38:40 - [1020] ----D- C:\ProgramData\Driver Mender
O43 - CFD: 16/10/2010 - 21:06:56 - [27022] ----D- C:\ProgramData\Enkord
O43 - CFD: 25/07/2010 - 22:27:02 - [0] -SH-D- C:\ProgramData\Favoris
O43 - CFD: 20/08/2010 - 21:08:00 - [536260] ----D- C:\ProgramData\Google
O43 - CFD: 25/07/2010 - 22:25:00 - [65280452] ----D- C:\ProgramData\Hewlett-Packard
O43 - CFD: 24/10/2008 - 17:46:44 - [53720] ----D- C:\ProgramData\HP
O43 - CFD: 07/12/2010 - 10:28:00 - [195] ----D- C:\ProgramData\IM
O43 - CFD: 07/12/2010 - 10:26:06 - [8776924] ----D- C:\ProgramData\IncrediMail
O43 - CFD: 10/10/2010 - 21:52:58 - [233008841] ----D- C:\ProgramData\Installations
O43 - CFD: 22/05/2011 - 09:57:50 - [14467869] ----D- C:\ProgramData\Malwarebytes
O43 - CFD: 14/09/2010 - 21:27:46 - [175890] ----D- C:\ProgramData\McAfee
O43 - CFD: 25/07/2010 - 22:27:02 - [0] -SH-D- C:\ProgramData\Menu Démarrer
O43 - CFD: 21/05/2011 - 10:08:58 - [270966926] -S--D- C:\ProgramData\Microsoft
O43 - CFD: 19/05/2011 - 01:28:06 - [65262] ----D- C:\ProgramData\Microsoft Help
O43 - CFD: 25/07/2010 - 22:27:02 - [0] -SH-D- C:\ProgramData\Modèles
O43 - CFD: 24/10/2008 - 17:45:18 - [1229058] ----D- C:\ProgramData\muvee Technologies
O43 - CFD: 24/10/2008 - 17:33:20 - [180561] ----D- C:\ProgramData\NVIDIA
O43 - CFD: 10/10/2010 - 22:00:46 - [0] ----D- C:\ProgramData\PC Suite
O43 - CFD: 24/10/2008 - 17:52:10 - [1235] ----D- C:\ProgramData\PC-Doctor
O43 - CFD: 24/10/2008 - 17:52:10 - [2003456] ----D- C:\ProgramData\PC-Doctor for Windows
O43 - CFD: 07/12/2010 - 22:13:26 - [4448668] ----D- C:\ProgramData\Photo Notifier and Animation Creator
O43 - CFD: 08/11/2010 - 22:46:44 - [7813] ----D- C:\ProgramData\Real
O43 - CFD: 21/10/2010 - 21:38:24 - [189] ----D- C:\ProgramData\Sun
O43 - CFD: 28/12/2010 - 23:50:34 - [281065] ----D- C:\ProgramData\SweetIM
O43 - CFD: 26/07/2010 - 21:35:08 - [2334] ----D- C:\ProgramData\Symantec
O43 - CFD: 06/03/2011 - 10:45:12 - [0] ---AD- C:\ProgramData\TEMP
O43 - CFD: 13/11/2010 - 22:38:50 - [0] ----D- C:\ProgramData\UAB
O43 - CFD: 12/11/2010 - 21:38:54 - [1393537256] ----D- C:\ProgramData\WildTangent
O43 - CFD: 18/11/2010 - 22:19:14 - [8423383] ----D- C:\ProgramData\Zylom
O43 - CFD: 30/08/2010 - 21:22:30 - [2412399] ----D- C:\Users\daniel\AppData\Roaming\Adobe
O43 - CFD: 03/09/2010 - 13:57:34 - [348284] ----D- C:\Users\daniel\AppData\Roaming\Anuman Interactive
O43 - CFD: 10/11/2010 - 21:51:04 - [2712] ----D- C:\Users\daniel\AppData\Roaming\Apple Computer
O43 - CFD: 12/11/2010 - 19:09:32 - [0] ----D- C:\Users\daniel\AppData\Roaming\Avira
O43 - CFD: 29/12/2010 - 22:46:08 - [9118] ----D- C:\Users\daniel\AppData\Roaming\AVS4YOU
O43 - CFD: 10/11/2010 - 19:39:38 - [143819] ----D- C:\Users\daniel\AppData\Roaming\Canopus
O43 - CFD: 25/07/2010 - 22:43:00 - [20] ----D- C:\Users\daniel\AppData\Roaming\CyberLink
O43 - CFD: 26/12/2010 - 12:03:38 - [13489] ----D- C:\Users\daniel\AppData\Roaming\FileZilla
O43 - CFD: 28/12/2010 - 23:52:12 - [625] ----D- C:\Users\daniel\AppData\Roaming\freeCompressor
O43 - CFD: 20/08/2010 - 21:11:26 - [4064] ----D- C:\Users\daniel\AppData\Roaming\Google
O43 - CFD: 25/07/2010 - 22:36:54 - [431531] ----D- C:\Users\daniel\AppData\Roaming\Hewlett-Packard
O43 - CFD: 25/07/2010 - 22:36:08 - [0] ----D- C:\Users\daniel\AppData\Roaming\Identities
O43 - CFD: 16/05/2011 - 16:53:06 - [34455415] ----D- C:\Users\daniel\AppData\Roaming\Intelli-studio
O43 - CFD: 31/08/2010 - 21:06:18 - [1934] ----D- C:\Users\daniel\AppData\Roaming\LiveCAD3
O43 - CFD: 25/07/2010 - 22:33:06 - [5939482] ----D- C:\Users\daniel\AppData\Roaming\Macromedia
O43 - CFD: 22/05/2011 - 09:58:12 - [12217] ----D- C:\Users\daniel\AppData\Roaming\Malwarebytes
O43 - CFD: 02/11/2006 - 17:07:26 - [0] ----D- C:\Users\daniel\AppData\Roaming\Media Center Programs
O43 - CFD: 10/12/2010 - 22:50:02 - [76] ----D- C:\Users\daniel\AppData\Roaming\Media Player Classic
O43 - CFD: 21/05/2011 - 12:43:20 - [9530822] -S--D- C:\Users\daniel\AppData\Roaming\Microsoft
O43 - CFD: 19/12/2010 - 22:30:28 - [15619667] ----D- C:\Users\daniel\AppData\Roaming\Mozilla
O43 - CFD: 09/10/2010 - 22:08:06 - [9108] ----D- C:\Users\daniel\AppData\Roaming\muvee Technologies
O43 - CFD: 28/08/2010 - 21:03:38 - [441] ----D- C:\Users\daniel\AppData\Roaming\NAVIGON Fresh
O43 - CFD: 10/10/2010 - 22:13:34 - [431306] ----D- C:\Users\daniel\AppData\Roaming\Nokia
O43 - CFD: 29/01/2011 - 00:27:16 - [4157705] ----D- C:\Users\daniel\AppData\Roaming\OpenOffice.org
O43 - CFD: 10/10/2010 - 22:00:48 - [354] ----D- C:\Users\daniel\AppData\Roaming\PC Suite
O43 - CFD: 13/12/2010 - 23:33:10 - [250292] ----D- C:\Users\daniel\AppData\Roaming\PCFix
O43 - CFD: 04/03/2011 - 18:01:42 - [249] ----D- C:\Users\daniel\AppData\Roaming\PhotoFiltre
O43 - CFD: 16/05/2011 - 17:07:00 - [32106690] ----D- C:\Users\daniel\AppData\Roaming\Real
O43 - CFD: 15/02/2011 - 04:00:28 - [1182837] ----D- C:\Users\daniel\AppData\Roaming\Spotify
O43 - CFD: 25/07/2010 - 22:36:44 - [0] ----D- C:\Users\daniel\AppData\Roaming\Symantec
O43 - CFD: 18/12/2010 - 13:14:24 - [13824] ----D- C:\Users\daniel\AppData\Roaming\Template
O43 - CFD: 01/04/2011 - 14:04:32 - [1825944] ----D- C:\Users\daniel\AppData\Roaming\vlc
O43 - CFD: 30/08/2010 - 22:08:54 - [551] ----D- C:\Users\daniel\AppData\Roaming\WildTangent
O43 - CFD: 06/08/2010 - 21:32:06 - [0] ----D- C:\Users\daniel\AppData\Roaming\WinBatch
O43 - CFD: 22/05/2011 - 10:11:30 - [0] ----D- C:\Users\daniel\AppData\Roaming\Windows Live Writer
O43 - CFD: 14/09/2010 - 21:43:00 - [161417189] ----D- C:\Users\daniel\Appdata\Local\Adobe
O43 - CFD: 25/07/2010 - 22:30:12 - [0] -SH-D- C:\Users\daniel\Appdata\Local\Application Data
O43 - CFD: 25/02/2011 - 17:34:32 - [549715] ----D- C:\Users\daniel\Appdata\Local\CygniCon
O43 - CFD: 29/12/2010 - 21:42:14 - [178948] ----D- C:\Users\daniel\Appdata\Local\freecompressor Air
O43 - CFD: 24/10/2010 - 19:50:52 - [135264] ----D- C:\Users\daniel\Appdata\Local\freetvradio Air
O43 - CFD: 27/02/2011 - 12:24:58 - [282662102] ----D- C:\Users\daniel\Appdata\Local\Google
O43 - CFD: 25/07/2010 - 22:36:56 - [1819] ----D- C:\Users\daniel\Appdata\Local\Hewlett-Packard
O43 - CFD: 25/07/2010 - 22:30:12 - [0] -SH-D- C:\Users\daniel\Appdata\Local\Historique
O43 - CFD: 25/07/2010 - 22:52:58 - [373373] ----D- C:\Users\daniel\Appdata\Local\HP
O43 - CFD: 23/10/2010 - 21:28:18 - [1711410] ----D- C:\Users\daniel\Appdata\Local\MAX_FR_Atube
O43 - CFD: 22/05/2011 - 10:11:14 - [840353573] ----D- C:\Users\daniel\Appdata\Local\Microsoft
O43 - CFD: 15/11/2010 - 22:13:38 - [13238] ----D- C:\Users\daniel\Appdata\Local\Microsoft Corporation
O43 - CFD: 30/08/2010 - 21:56:38 - [181678] ----D- C:\Users\daniel\Appdata\Local\Microsoft Games
O43 - CFD: 27/03/2011 - 11:36:52 - [123032] ----D- C:\Users\daniel\Appdata\Local\Microsoft Help
O43 - CFD: 19/12/2010 - 22:30:28 - [222406068] ----D- C:\Users\daniel\Appdata\Local\Mozilla
O43 - CFD: 13/12/2010 - 23:27:56 - [0] ----D- C:\Users\daniel\Appdata\Local\PackageAware
O43 - CFD: 13/11/2010 - 22:38:48 - [2217] ----D- C:\Users\daniel\Appdata\Local\PC_Drivers_Headquarters
O43 - CFD: 23/10/2010 - 21:28:14 - [251932] ----D- C:\Users\daniel\Appdata\Local\Radio_Ba
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 274
22 mai 2011 à 11:03
22 mai 2011 à 11:03
tu peux vider la quarantaine de MBAM
Rend toi sur http://pjjoint.malekal.com/
Clique sur "Parcourir "
Sélectionne le nouveau rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Envoyer le fichier " et copie/colle le lien dans ton prochain message
Rend toi sur http://pjjoint.malekal.com/
Clique sur "Parcourir "
Sélectionne le nouveau rapport ZHPdiag.txt qui se trouve sur ton bureau
Clique ensuite sur "Envoyer le fichier " et copie/colle le lien dans ton prochain message
voila le lien
http://pjjoint.malekal.com/files.php?id=2c5c1116bd8515
Mais comment je vide la quarantaine?
http://pjjoint.malekal.com/files.php?id=2c5c1116bd8515
Mais comment je vide la quarantaine?
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 274
22 mai 2011 à 13:52
22 mai 2011 à 13:52
pour vider la quarantaine
lancer MBAM
onglet quarantaine
_______
1)
Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )
[MD5.A64DA4EF938434F19142F964296347BF] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [111928]
[HKCU\Software\ImInstaller]
O43 - CFD: 28/12/2010 - 23:52:12 - [625] ----D- C:\Users\daniel\AppData\Roaming\freeCompressor
O43 - CFD: 29/12/2010 - 21:42:14 - [178948] ----D- C:\Users\daniel\Appdata\Local\freecompressor Air
O87 - FAEL: "TCP Query User{0C9408EC-0497-4EEC-A8A8-A16F2720F0F0}C:\program files (x86)\freetvradio\freetvradio.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\freetvradio\freetvradio.exe (.not file.)
O87 - FAEL: "UDP Query User{46A099D4-EED5-4C9B-92F5-A5ACE48B5C5C}C:\program files (x86)\freetvradio\freetvradio.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\freetvradio\freetvradio.exe (.not file.)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}]
[HKLM\Software\ImInstaller]
[HKLM\Software\Wow6432Node\ImInstaller]
C:\Users\daniel\AppData\Roaming\FreeCompressor
R3 - URLSearchHook: (no name) [64Bits] - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} Clé orpheline
R3 - URLSearchHook: (no name) [64Bits] - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} Clé orpheline
R3 - URLSearchHook: (no name) [64Bits] - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} Clé orpheline
R3 - URLSearchHook: (no name) [64Bits] - {EEE6C35D-6118-11DC-9C72-001320C79847} Clé orpheline
[HKCU\Software\SweetIM]
O43 - CFD: 28/12/2010 - 23:50:34 - [281065] ----D- C:\ProgramData\SweetIM
O43 - CFD: 28/12/2010 - 23:50:42 - [8310278] ----D- C:\Program Files (x86)\SweetIM
[MD5.895C4812245E244B2F81C71BAD0C4E55] [SPRF] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\daniel\AppData\Local\Temp\tbEaze.dll [3863136]
[HKCR\sweetie.ietoolbar]
[HKCR\sweetie.ietoolbar.1]
[HKCR\sweetim_urlsearchhook.toolbarurlsearchhook]
[HKCR\sweetim_urlsearchhook.toolbarurlsearchhook.1]
[HKLM\Software\Classes\sweetie.ietoolbar]
[HKLM\Software\Classes\sweetie.ietoolbar.1]
[HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook]
[HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1]
[HKLM\Software\Classes\Toolbar3.sweetie]
[HKLM\Software\Classes\Toolbar3.sweetie.1]
[HKCR\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}]
[HKLM\Software\Classes\Wow6432Node\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}]
[HKLM\Software\Classes\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}]
[HKCR\CLSID\{82ac53b4-164c-4b07-a016-437a8388b81a}]
[HKLM\Software\Classes\CLSID\{82ac53b4-164c-4b07-a016-437a8388b81a}]
[HKCR\Interface\{eee6c358-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Classes\Interface\{eee6c358-6118-11dc-9c72-001320c79847}]
[HKCR\Interface\{eee6c35a-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Classes\Interface\{eee6c35a-6118-11dc-9c72-001320c79847}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKCR\CLSID\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Classes\CLSID\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKCR\TypeLib\{eee6c35e-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Classes\Wow6432Node\TypeLib\{eee6c35e-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Classes\TypeLib\{eee6c35e-6118-11dc-9c72-001320c79847}]
[HKCR\TypeLib\{eee6c35f-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Classes\Wow6432Node\TypeLib\{eee6c35f-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Classes\TypeLib\{eee6c35f-6118-11dc-9c72-001320c79847}]
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{eee6c360-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{eee6c360-6118-11dc-9c72-001320c79847}]
[HKCU\Software\SweetIM]
[HKLM\Software\SweetIM]
[HKLM\Software\Wow6432Node\SweetIM]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Toolbar]
C:\ProgramData\SweetIM
C:\Users\daniel\Appdata\LocalLow\SweetIM
C:\Program Files (x86)\SweetIM
Puis Lance ZHPFix depuis le raccourci du bureau . (Clique droit -> Executer en tant qu'admin pour Vista ou Seven)
* Une fois l'outil ZHPFix ouvert ,
- Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
- Les lignes se collent automatiquement dans ZHPFix, sinon colle les lignes
- Clique sur le bouton « GO » pour lancer le nettoyage,
- Copie/colle la totalité du rapport dans ta prochaine réponse
le rapport se trouve dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport
___________
2)
redemarre le pc et dis moi si tu as encore des soucis
lancer MBAM
onglet quarantaine
_______
1)
Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )
[MD5.A64DA4EF938434F19142F964296347BF] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [111928]
[HKCU\Software\ImInstaller]
O43 - CFD: 28/12/2010 - 23:52:12 - [625] ----D- C:\Users\daniel\AppData\Roaming\freeCompressor
O43 - CFD: 29/12/2010 - 21:42:14 - [178948] ----D- C:\Users\daniel\Appdata\Local\freecompressor Air
O87 - FAEL: "TCP Query User{0C9408EC-0497-4EEC-A8A8-A16F2720F0F0}C:\program files (x86)\freetvradio\freetvradio.exe" |In - Public - P6 - TRUE | .(...) -- C:\program files (x86)\freetvradio\freetvradio.exe (.not file.)
O87 - FAEL: "UDP Query User{46A099D4-EED5-4C9B-92F5-A5ACE48B5C5C}C:\program files (x86)\freetvradio\freetvradio.exe" |In - Public - P17 - TRUE | .(...) -- C:\program files (x86)\freetvradio\freetvradio.exe (.not file.)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}]
[HKLM\Software\ImInstaller]
[HKLM\Software\Wow6432Node\ImInstaller]
C:\Users\daniel\AppData\Roaming\FreeCompressor
R3 - URLSearchHook: (no name) [64Bits] - {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} Clé orpheline
R3 - URLSearchHook: (no name) [64Bits] - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} Clé orpheline
R3 - URLSearchHook: (no name) [64Bits] - {a8f9752d-e2b8-4e7a-86b5-499f4330e2fe} Clé orpheline
R3 - URLSearchHook: (no name) [64Bits] - {EEE6C35D-6118-11DC-9C72-001320C79847} Clé orpheline
[HKCU\Software\SweetIM]
O43 - CFD: 28/12/2010 - 23:50:34 - [281065] ----D- C:\ProgramData\SweetIM
O43 - CFD: 28/12/2010 - 23:50:42 - [8310278] ----D- C:\Program Files (x86)\SweetIM
[MD5.895C4812245E244B2F81C71BAD0C4E55] [SPRF] (.Conduit Ltd. - Conduit Toolbar.) -- C:\Users\daniel\AppData\Local\Temp\tbEaze.dll [3863136]
[HKCR\sweetie.ietoolbar]
[HKCR\sweetie.ietoolbar.1]
[HKCR\sweetim_urlsearchhook.toolbarurlsearchhook]
[HKCR\sweetim_urlsearchhook.toolbarurlsearchhook.1]
[HKLM\Software\Classes\sweetie.ietoolbar]
[HKLM\Software\Classes\sweetie.ietoolbar.1]
[HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook]
[HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1]
[HKLM\Software\Classes\Toolbar3.sweetie]
[HKLM\Software\Classes\Toolbar3.sweetie.1]
[HKCR\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}]
[HKLM\Software\Classes\Wow6432Node\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}]
[HKLM\Software\Classes\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}]
[HKCR\CLSID\{82ac53b4-164c-4b07-a016-437a8388b81a}]
[HKLM\Software\Classes\CLSID\{82ac53b4-164c-4b07-a016-437a8388b81a}]
[HKCR\Interface\{eee6c358-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Classes\Interface\{eee6c358-6118-11dc-9c72-001320c79847}]
[HKCR\Interface\{eee6c35a-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Classes\Interface\{eee6c35a-6118-11dc-9c72-001320c79847}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKCR\CLSID\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Classes\CLSID\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKCR\TypeLib\{eee6c35e-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Classes\Wow6432Node\TypeLib\{eee6c35e-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Classes\TypeLib\{eee6c35e-6118-11dc-9c72-001320c79847}]
[HKCR\TypeLib\{eee6c35f-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Classes\Wow6432Node\TypeLib\{eee6c35f-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Classes\TypeLib\{eee6c35f-6118-11dc-9c72-001320c79847}]
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{eee6c360-6118-11dc-9c72-001320c79847}]
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{eee6c360-6118-11dc-9c72-001320c79847}]
[HKCU\Software\SweetIM]
[HKLM\Software\SweetIM]
[HKLM\Software\Wow6432Node\SweetIM]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Toolbar]
C:\ProgramData\SweetIM
C:\Users\daniel\Appdata\LocalLow\SweetIM
C:\Program Files (x86)\SweetIM
Puis Lance ZHPFix depuis le raccourci du bureau . (Clique droit -> Executer en tant qu'admin pour Vista ou Seven)
* Une fois l'outil ZHPFix ouvert ,
- Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)
- Les lignes se collent automatiquement dans ZHPFix, sinon colle les lignes
- Clique sur le bouton « GO » pour lancer le nettoyage,
- Copie/colle la totalité du rapport dans ta prochaine réponse
le rapport se trouve dans le dossier de zhpdiag dans program files sous le nom de ZHPFixReport
___________
2)
redemarre le pc et dis moi si tu as encore des soucis
arf!! j'ai eu un petit soucis apres avoir cliqué sur le bouton "GO", il s'est arreté en cour de rout et m'a ouvert une petite fenetre ou il est écrit
"violation d'acces à l'adesse 00427C96 dans le module ZHPFix.exe
Lecture de l'adresse 00000014"
est ce normal?
"violation d'acces à l'adesse 00427C96 dans le module ZHPFix.exe
Lecture de l'adresse 00000014"
est ce normal?
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 274
22 mai 2011 à 17:14
22 mai 2011 à 17:14
Clique droit -> Executer en tant qu'admin
ok mais pour vider la quarantaine, il faut que je restaure ou que je suprime??
sinon ben , j'exécute bien en tant qu'admin, mais j'ai toujours ce message
sinon ben , j'exécute bien en tant qu'admin, mais j'ai toujours ce message
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 274
23 mai 2011 à 03:35
23 mai 2011 à 03:35
pour vider la quarantaine, il faut que je restaure ou que je suprime??
=> supprime
pour zhpfix, fais le en mode sans echec
https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
=> supprime
pour zhpfix, fais le en mode sans echec
https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
rrrhhhoooo, j'ai le même problème en mode sans échec.
Par contre je tiens déjà à te dire que je n'ai plus de fenêtres qui s'ouvrent intempestivement!!
donc, je ne sais pas, veux tu qu'on continue les manip?
Par contre je tiens déjà à te dire que je n'ai plus de fenêtres qui s'ouvrent intempestivement!!
donc, je ne sais pas, veux tu qu'on continue les manip?
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 274
23 mai 2011 à 12:23
23 mai 2011 à 12:23
Télécharge OTL de OLDTimer
http://oldtimer.geekstogo.com/OTL.scr
enregistre le sur ton Bureau.
Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
Coche les 2 cases Lop et Purity
Coche la case devant tous les utilisateurs
règle age du fichier sur "60 jours"
dans la moitié gauche , mets tout sur "tous"
ne modifie pas ceci :
"fichiers créés" et "fichiers Modifiés"
Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
NE LE POSTE PAS SUR LE FORUM
Rend toi sur http://pjjoint.malekal.com/
Clique sur "Parcourir "
Sélectionne le rapport
Clique ensuite sur "Envoyer le fichierr " et copie/colle le lien dans ton prochain message
Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.
http://oldtimer.geekstogo.com/OTL.scr
enregistre le sur ton Bureau.
Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.
Coche les 2 cases Lop et Purity
Coche la case devant tous les utilisateurs
règle age du fichier sur "60 jours"
dans la moitié gauche , mets tout sur "tous"
ne modifie pas ceci :
"fichiers créés" et "fichiers Modifiés"
Clic sur Analyse.
A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).
Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)
NE LE POSTE PAS SUR LE FORUM
Rend toi sur http://pjjoint.malekal.com/
Clique sur "Parcourir "
Sélectionne le rapport
Clique ensuite sur "Envoyer le fichierr " et copie/colle le lien dans ton prochain message
Tu feras la meme chose avec le "Extra.txt" qui logiquement sera aussi sur ton bureau.