Infecté par easy search

Fermé
paulo67 Messages postés 242 Date d'inscription dimanche 8 juillet 2007 Statut Membre Dernière intervention 4 juillet 2013 - 25 juin 2011 à 12:40
 Utilisateur anonyme - 29 juin 2011 à 14:58
Bonjour,
je ne sais comment mais plus de page google.
merci de m'aider.



A voir également:

20 réponses

Utilisateur anonyme
25 juin 2011 à 12:44
Salut


1) * Télécharge de AD-Remover sur ton Bureau. (Merci à C_XX)

ICI >>AD-Remover

/!\ Déconnecte-toi d'internet et ferme toutes applications en cours /!\

* Double-clique sur l'icône Ad-Remover située sur ton Bureau.
* Sur la page, clique sur le bouton « Scanner »
* ne fais qu'une fois le scan
* Confirme l'opération
* Poste le rapport qui apparaît à la fin.
* (Le rapport est sauvegardé aussi sous C:\Ad-report.)
* (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)


ensuite


2) * Télécharge ZHPDiag (de Nicolas coolman)


ICI >> ZHPDiag (de Nicolas coolman)

* Une fois le téléchargement achevé,
* double clique sur ZHPDiag.exe et suis les instructions.
* /!\Utilisateurs de Windows Vista et Windows 7
>> Clique droit sur le logo de ZHPDiag.exe, « exécuter en tant qu'Administrateur »
* Laisse toi guider lors de l'installation,
* coche >> créer une icône sur le bureau
* * L'outil va créer 3 icônes ZHPDiag > IMAGE ZHPDiag

* >> ZHPFix >IMAGE ZHPFix sur ton Bureau

* et >> MBRcheck
* il se lancera automatiquement à la fin.
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
* Héberge le rapport sur ce site,
>> Cijoint.fr
* puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.

* Pour t aider ,pour heberger le rapport
* rends toi sur Cijoint.fr
* clic sur Parcourir
* Trouve >> le rapport que tu viens d'enregistrer qui doit par exemple être sur ton bureau
* et valide en cliquant sur >> Cliquez ici pour déposer le Fichier
* un lien de ce genre http://www.cijoint.fr/cjlink.php?file=cj201004/cijecaEGX.txt te sera généré,
* il te suffit de le poster ici pour que je puisse voir le rapport





@+ VIRUS/C/C
0
paulo67 Messages postés 242 Date d'inscription dimanche 8 juillet 2007 Statut Membre Dernière intervention 4 juillet 2013
25 juin 2011 à 13:29
re,
voila le premier rapport
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [1]) -> Lancé à 12:55:59 le 25/06/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium Service Pack 2 (X64)
merci
paulo@PC-DE-PAULO (Packard Bell imedia S1710)

============== RECHERCHE ==============


Fichier trouvé: C:\Users\paulo\AppData\Roaming\Mozilla\FireFox\Profiles\9sc5yr4m.default\searchplugins\SearchquWebSearch.xml

Clé trouvée: HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [5.0 (fr)] ****

FIREFOX.EXE\Shell\Open\Command - C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\firefox.exe
HKLM_MozillaPlugins\Adobe Reader (x)
Searchplugins\babylon.xml (hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=1ec8d1550000000000000025112e24b0&tlver=1.4.19.19&affID=17160/)
HKLM_Extensions|smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
HKCU_Extensions|smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

-- C:\Users\paulo\AppData\Roaming\Mozilla\FireFox\Profiles\9sc5yr4m.default --
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Searchplugins\SearchquWebSearch.xml ( hxxp://www.searchqu.com/web?src=ffb&systemid=406&q={searchTerms}/)
Prefs.js - browser.download.lastDir, C:\\Users\\paulo\\Desktop
Prefs.js - browser.search.defaultenginename, Yahoo
Prefs.js - browser.startup.homepage, hxxp://www.custom-search-fr.com/
Prefs.js - browser.startup.homepage_override.buildID, 20110615151330
Prefs.js - browser.startup.homepage_override.mstone, rv:5.0
Prefs.js - keyword.URL, hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=

========================================

**** Internet Explorer Version [8.0.7600.16385] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{37451e14-920f-40dd-82e7-af44b850c719} - "iadah" (hxxp://www.iadah.com/?search&q={searchTerms})
HKCU_SearchScopes\{f3b72d01-2629-481c-874d-02926e33dd7b} - "Ibyscus" (hxxp://www.ibyscus.com/meteo?search&q={searchTerms})
HKCU_Toolbar\WebBrowser|{472734EA-242A-422B-ADF8-83D1E48CC825} (x)
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} ("C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll") (x)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{442E3CEB-D71B-11DA-8750-001185653D78} - c:\program files (x86)\google\googletoolbar1user.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{a00068b1-1e4e-41c7-afa9-baeb9697e2b9} - C:\Program Files (x86)\Common Files\Research In Motion\AppLoader\Loader.exe (Research In Motion Limited)
HKLM_ElevationPolicy\{aa851425-0109-43f3-9ed2-7b7090125861} - C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe (Microsoft Corporation.)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
BHO\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} (?)
BHO\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "Bing Bar Helper" ("C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll") (x)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 2 Fichier(s)

C:\Ad-Report-SCAN[1].txt - 25/06/2011 12:58:02 (4382 Octet(s))

Fin à: 13:23:31, 25/06/2011

============== E.O.F ==============
merci
0
paulo67 Messages postés 242 Date d'inscription dimanche 8 juillet 2007 Statut Membre Dernière intervention 4 juillet 2013
25 juin 2011 à 13:36
re et voila le lien
Merci
http://www.cijoint.fr/cjlink.php?file=cj201106/cijERslwD1.txt
0
Utilisateur anonyme
25 juin 2011 à 15:01
Re




1) /!\ Déconnecte-toi d'internet et ferme toutes applications en cours /!\

* Double-clique sur l'icône Ad-Remover située sur ton Bureau.
* Sur la page, clique sur le bouton « Nettoyer »
* Confirme l'opération
* ne fais qu'une fois le Nettoyage
* Poste le rapport qui apparaît à la fin.
* (Le rapport est sauvegardé aussi sous C:\Ad-report.)
* (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)


ensuite



2) Poste un nouveau Log ZHPDiag !!











@+ VIRUS/C/C
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
paulo67 Messages postés 242 Date d'inscription dimanche 8 juillet 2007 Statut Membre Dernière intervention 4 juillet 2013
26 juin 2011 à 10:12
bjr
======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 09:59:58 le 26/06/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium (X64)
paulo@PC-DE-PAULO (Packard Bell imedia S1710)


============== ACTION(S) ==============


Fichier supprimé: C:\Users\paulo\AppData\Roaming\Mozilla\FireFox\Profiles\9sc5yr4m.default\searchplugins\SearchquWebSearch.xml

(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [5.0 (fr)] ****

FIREFOX.EXE\Shell\Open\Command - C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\firefox.exe
HKLM_MozillaPlugins\Adobe Reader (x)
Searchplugins\babylon.xml (hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=1ec8d1550000000000000025112e24b0&tlver=1.4.19.19&affID=17160/)
HKLM_Extensions|smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
HKCU_Extensions|smartwebprinting@hp.com - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

-- C:\Users\paulo\AppData\Roaming\Mozilla\FireFox\Profiles\9sc5yr4m.default --
Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} (Google Toolbar for Firefox)
Prefs.js - browser.download.lastDir, C:\\Users\\paulo\\Desktop
Prefs.js - browser.search.defaultenginename, Yahoo
Prefs.js - browser.startup.homepage, hxxp://www.custom-search-fr.com/
Prefs.js - browser.startup.homepage_override.buildID, 20110615151330
Prefs.js - browser.startup.homepage_override.mstone, rv:5.0
Prefs.js - keyword.URL, hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=

========================================

**** Internet Explorer Version [8.0.7600.16385] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{37451e14-920f-40dd-82e7-af44b850c719} - "iadah" (hxxp://www.iadah.com/?search&q={searchTerms})
HKCU_SearchScopes\{f3b72d01-2629-481c-874d-02926e33dd7b} - "Ibyscus" (hxxp://www.ibyscus.com/meteo?search&q={searchTerms})
HKCU_Toolbar\WebBrowser|{472734EA-242A-422B-ADF8-83D1E48CC825} (x)
HKLM_Toolbar|{8dcb7100-df86-4384-8842-8fa844297b3f} ("C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll") (x)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{442E3CEB-D71B-11DA-8750-001185653D78} - c:\program files (x86)\google\googletoolbar1user.exe (x)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{a00068b1-1e4e-41c7-afa9-baeb9697e2b9} - C:\Program Files (x86)\Common Files\Research In Motion\AppLoader\Loader.exe (Research In Motion Limited)
HKLM_ElevationPolicy\{aa851425-0109-43f3-9ed2-7b7090125861} - C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe (Microsoft Corporation.)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
BHO\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} (?)
BHO\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "Bing Bar Helper" ("C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll") (x)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 1 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 16 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 26/06/2011 10:00:01 (4303 Octet(s))
C:\Ad-Report-SCAN[1].txt - 25/06/2011 12:58:02 (4520 Octet(s))

Fin à: 10:01:02, 26/06/2011

============== E.O.F ==============
rapport ziag
Rapport de ZHPDiag v1.27.2347 par Nicolas Coolman, Update du 25/06/2011
Run by paulo at 26/06/2011 10:04:18
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html


---\\ Web Browser
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 5.0 v (Defaut)

---\\ System Information
Windows 7 Home Premium Edition, 64-bit (Build 7600)
Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4095 MB (76% free)
System Restore: Activé (Enable)
System drive C: has 225 GB (48%) free of 458 GB

---\\ Logged in mode
Computer Name: PC-DE-PAULO
User Name: paulo
All Users Names: paulo, HomeGroupUser$, Administrateur,
Unselected Option: O45,O61,O62,O65,O66,O82
Logged in as Administrator

---\\ Environnement Variables
%AppData%=C:\Users\paulo\AppData\Roaming
%LocalAppData%=C:\Users\paulo\AppData\Local
%StartMenu%=C:\Users\paulo\AppData\Roaming\Microsoft\Windows\Start Menu

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 225 Go of 458 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 458 Go of 458 Go)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
G:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
I:\ Floppy drive, Flash card reader, USB Key (Not Inserted)
J:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
[HKLM\SOFTWARE\Microsoft\Security Center] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UpdatesDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] UacDisableNotify: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoDesktop: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoStartMenuSubFolder: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoResolveSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoClose: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableTaskMgr: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] DisableRegistryTools: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] NoDispScrSavPage: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowSearch: OK
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK



---\\ Recherche particulière de fichiers génériques
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Explorateur Windows.) (.26/02/2011 07:23:14.) -- C:\Windows\Explorer.exe [2870272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 02:14:45.) -- C:\Windows\system32\Wininit.exe [96256]
[MD5.27CDAF355CCE3762C7F13719E814418B] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.22/04/2011 20:31:50.) -- C:\Windows\system32\wininet.dll [981504]



---\\ Etat des fichiers cachés (Caché/Total)
~ Mes images (My Pictures) : 6/5683
~ Mes musiques (My Musics) : 34/192
~ Mes Videos (My Videos) : 1/5
~ Mes Favoris (My Favorites) : 13/101
~ Mes Documents (My Documents) : 8/884
~ Mon Bureau (My Desktop) : 8/171
~ Menu demarrer (Programs) : 7/42
~ Dossier utilisateur (AppData) : 48/19786



---\\ Processus lancés
[MD5.E273A48CB6D61990E7E7F040CD606F1D] - (.Packard Bell BV - Activboard Application.) -- C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe [79416]
[MD5.1BB16912FD7A9D5A39D033C15485470F] - (.Packard Bell BV - ActivOSD Application.) -- C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe [99896]
[MD5.EE90A04DC33568E35D35300D7B2AC663] - (.Acer Incorporated - SMP Systray.) -- C:\Program Files (x86)\Packard Bell\SetUpMyPC\SmpSys.exe [1160736]
[MD5.1EECC51991E6C375C095911246CB129B] - (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247144]
[MD5.6DA7C93AB37B4A204BFCAE9FA07FF48D] - (.Macrovision Corporation - Macrovision Software Manager.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [206112]
[MD5.EE8DEBD2D159E7052EB0DAA5CA19FAF7] - (.Orbiscom Ltd. All rights reserved. - ECBL Client.) -- C:\Program Files (x86)\e-Carte Bleue La Banque Postale\ecbl-lbp.exe [278528]
[MD5.EAA666E9DD8DCDA6E075087091CB85EE] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [275072]
[MD5.6459B0BCA8AA27EECE3FBB391508C951] - (.Sony Corporation - Media Check Tool.) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [333088]
[MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [54576]
[MD5.9D5E8B45BD348DF0882C69EED0E83111] - (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [281768]
[MD5.13B19DD5EBEB6FDDBD11DD77490A3585] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253672]
[MD5.FA7DC6B50DABDDC74DB3B6CE2F834572] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992]
[MD5.53D96678FB89F056D5285101481297D9] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160]
[MD5.4DB8C3E9A5D6EB99F21B199C28EDE8D1] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [173696]
[MD5.469533CC7F16566BE9D3436860E12013] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [563840]
[MD5.66BB5B07696219FA334452D6F51FD648] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [366720]
[MD5.E75D8F09B954FB8EF4B83E4EE9E985F4] - (.Nicolas Coolman - Diagnostic Tool.) -- C:\ZHPDiag\ZHPDiag.exe [660992]



---\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
C:\Users\paulo\AppData\Roaming\Mozilla\Firefox\Profiles\9sc5yr4m.default\prefs.js
P2 - FPN: [HKLM] [@java.com/JavaPlugin] - (...) -- C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (.not file.)
P2 - FPN: [HKLM] [@ma-config.com/HardwareDetection] - (.Cybelsoft - Plugin NPAPI Ma-Config.com.) -- C:\Program Files\ma-config.com\x86\nphardwaredetection.dll
M0 - MFSP: prefs.js [paulo - 9sc5yr4m.default] http://ww25.custom-search-fr.com/
M2 - MFEP: prefs.js [paulo - 9sc5yr4m.default\{3112ca9c-de6d-4884-a869-9855de68056c}] [] Google Toolbar for Firefox v7.1.20110512W (.Google Inc..)



---\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
C:\Users\paulo\AppData\Local\Google\Chrome\User Data\Default\Preferences



---\\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com
R0 - HKUS\S-1-5-21-2704204595-2640163272-54980813-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk
R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Navigateur Internet.) (8.00.7600.16385 (win7_rtm.090713-1255)) -- C:\Windows\System32\ieframe.dll
R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll



---\\ ---\\ Modification d'une valeur Ini (Changed inifile value, mapped to Registry) (F2)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: VMApplet=C:\WINDOWS\system32\SystemPropertiesPerformance.exe



---\\ Browser Helper Objects de navigateur (O2)
O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O2 - BHO: Google Toolbar Notifier BHO [64Bits] - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (...) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (.not file.)
O2 - BHO: HP Print Enhancer [64Bits] - {0347C33E-8762-4905-BF09-768834316C61} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) [64Bits] - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} Clé orpheline
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
O2 - BHO: Windows Live Messenger Companion Helper [64Bits] - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} . (.Microsoft Corporation - Windows Live Messenger Companion Core.) -- C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO [64Bits] - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
O2 - BHO: Bing Bar Helper [64Bits] - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} . (...) -- "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (.not file.)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper [64Bits] - {DBC80044-A445-435b-BC74-9C25C1C588A9} . (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class [64Bits] - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} . (.Hewlett-Packard Co. - HP Smart Web Printing add-on for Internet E.) -- C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll



---\\ Internet Explorer Toolbars (O3)
O3 - Toolbar: Google Toolbar [64Bits] - {2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll



---\\ ---\\ Applications démarrées par registre & par dossier (O4)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - HD Audio Control Panel.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [Skytel] . (.Realtek Semiconductor Corp. - Realtek Voice Manager.) -- C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [FijiKeyboard] . (.Packard Bell BV - Activboard Application.) -- c:\Acer\Preload\Autorun\DRV\FIJI Keyboard\ABoard.exe
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SmpcSys] . (.Acer Incorporated - SMP Systray.) -- C:\Program Files (x86)\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKCU\..\Run: [ISUSPM] . (.Macrovision Corporation - Macrovision Software Manager.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
O4 - HKLM\..\Wow6432Node\Run: [Malwarebytes Anti-Malware (reboot)] . (.Malwarebytes Corporation - Malwarebytes' Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
O4 - HKLM\..\Wow6432Node\Run: [Microsoft Default Manager] . (.Microsoft Corporation - Microsoft Default Manager.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira GmbH - Antivirus System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Wow6432Node\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-21-2704204595-2640163272-54980813-1000\..\Run: [ehTray.exe] . (.Microsoft Corporation - Windows Media Center.) -- C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-21-2704204595-2640163272-54980813-1000\..\Run: [SmpcSys] . (.Acer Incorporated - SMP Systray.) -- C:\Program Files (x86)\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKUS\S-1-5-21-2704204595-2640163272-54980813-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-2704204595-2640163272-54980813-1000\..\Run: [TomTomHOME.exe] . (.TomTom - System Tray application for TomTom HOME.) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
O4 - HKUS\S-1-5-21-2704204595-2640163272-54980813-1000\..\Run: [ISUSPM] . (.Macrovision Corporation - Macrovision Software Manager.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (.not file.)
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\e-Carte Bleue La Banque Postale.lnk . (.Orbiscom Ltd. All rights reserved..) -- C:\Program Files (x86)\e-Carte Bleue La Banque Postale\ecbl-lbp.exe
O4 - Global Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk . (.Hewlett-Packard Co..) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: C:\Users\paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxTV Powertools.lnk . (...) -- C:\Program Files (x86)\MaxTV\MaxTV4\maxtv_powertools.exe (.not file.)
O4 - Global Startup: C:\Users\paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxTV Recorder Manager.lnk . (...) -- C:\Program Files (x86)\MaxTV\MaxTV4\task_scheduler.exe (.not file.)
O4 - Global Startup: C:\Users\paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxTV.lnk . (...) -- C:\Program Files (x86)\MaxTV\MaxTV4\maxtv.exe (.not file.)
O4 - Global Startup: C:\Users\paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outil de détection de support PMB.lnk . (.Sony Corporation.) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: C:\Users\paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Widget Carrefour PROMOLIBRE.lnk . (...) -- C:\Program Files (x86)\Widget Carrefour PROMOLIBRE\Widget Carrefour PROMOLIBRE.exe (.not file.)



---\\ ---\\ Autres liens utilisateurs (O4)
O4 - Global Startup: C:\Users\paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\paulo\Desktop\AD-R.lnk . (...) -- C:\Program Files (x86)\Ad-Remover\main.exe
O4 - Global Startup: C:\Users\paulo\Desktop\AVS Video Converter.lnk . (.Online Media Technologies Ltd..) -- C:\Program Files (x86)\AVS4YOU\AVSVideoConverter\AVSVideoConverter.exe
O4 - Global Startup: C:\Users\paulo\Desktop\AVS4YOU Software Navigator.lnk . (.Online Media Technologies Ltd..) -- C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\AVS4YOUSoftwareNavigator.exe
O4 - Global Startup: C:\Users\paulo\Desktop\PMB Launcher.lnk . (.Sony Corporation.) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUPMBLauncher.exe
O4 - Global Startup: C:\Users\paulo\Desktop\PMB.lnk . (.Sony Corporation.) -- C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUBrowser.exe
O4 - Global Startup: C:\Users\paulo\Desktop\vendeur Paulo.lnk . (...) -- C:\Users\paulo\Documents\vendeur
O4 - Global Startup: C:\Users\paulo\Desktop\Windows Live Mail.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
O4 - Global Startup: C:\Users\paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\e-Carte Bleue La Banque Postale.lnk . (.Orbiscom Ltd. All rights reserved..) -- C:\Program Files (x86)\e-Carte Bleue La Banque Postale\ecbl-lbp.exe
O4 - Global Startup: C:\Users\paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Meteo.lnk - Clé orpheline
O4 - Global Startup: C:\Users\paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 3.6 Beta 2.lnk . (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\firefox.exe
O4 - Global Startup: C:\Users\paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 3.6 Beta 5.lnk . (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\firefox.exe
O4 - Global Startup: C:\Users\paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk . (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\firefox.exe
O4 - Global Startup: C:\Users\paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk . (.Nero AG.) -- C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe



---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\PROGRA~2\MICROS~2\Office12\EXCEL.exe
O8 - Extra context menu item: Google Sidewiki... - (.not file.) - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll



---\\ Winsock hijacker (Layered Service Provider) (O10)
O10 - WLSP:\000000000001\Winsock LSP File . (.Microsoft Corporation - Network Location Awareness 2.) -- C:\Windows\system32\NLAapi.dll
O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Fournisseur de service Sockets 2.0 de Microsoft Windows.) -- C:\Windows\system32\mswsock.dll
O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - LDAP RnR Provider DLL.) -- C:\Windows\system32\winrnr.dll
O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - Fournisseur Shim d'affectation de noms de messagerie.) -- C:\Windows\system32\napinsp.dll
O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000006\Winsock LSP File . (.Microsoft Corporation - Fournisseur d'espace de noms PNRP.) -- C:\Windows\system32\pnrpnsp.dll
O10 - WLSP:\000000000007\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
O10 - WLSP:\000000000008\Winsock LSP File . (.Microsoft Corp. - Microsoft® Windows Live ID Namespace Provider.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
O10 - WLSP:\000000000009\Winsock LSP File . (.Apple Inc. - Bonjour Namespace Provider.) -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll



---\\ Modification Domaine/Adresses DNS (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1CDCC957-7A65-49B4-96BB-1636957A2978}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS1\Services\Tcpip\..\{1CDCC957-7A65-49B4-96BB-1636957A2978}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CS2\Services\Tcpip\..\{1CDCC957-7A65-49B4-96BB-1636957A2978}: DhcpNameServer = 212.27.40.240 212.27.40.241
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241



---\\ Clé de Registre autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.



---\\ Liste des services NT non Microsoft et non désactivés (O23)
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) . (...) - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) . (.Avira GmbH - Antivirus Scheduler.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) . (.Avira GmbH - Antivirus On-Access Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) . (.Packard Bell Services - HID Service Vista compliant.) - C:\Windows\System32\HidService.exe
O23 - Service: (gpsvc) - Clé orpheline
O23 - Service: Service Google Update (gupdate) (gupdate) . (.Google Inc. - Programme d'installation de Google.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Nero BackItUp Scheduler 4.0 (Nero BackItUp Scheduler 4.0) . (.Nero AG - Nero BackItUp.) - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMSAccess (NMSAccess) . (...) - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) . (...) - C:\Windows\system32\nvvsvc.exe (.not file.)
O23 - Service: TeamViewer 5 (TeamViewer5) . (.TeamViewer GmbH - TeamViewer Service.) - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService (TomTomHOMEService) . (.TomTom - Windows Service for TomTom HOME.) - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe



---\\ Enumération Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)



---\\ Tâches planifiées en automatique (O39)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.8F0DE4FEF8201E306F9938B0905AC96A] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.00000000000000000000000000000000] [APT] [MaxTV Recorder Manager] (...) -- C:\Program Files (x86)\MaxTV\MaxTV4\task_scheduler.exe (.not file.)
[MD5.2A253D605FB6AE64134FFACD90E03A9E] [APT] [{12E720FA-E2E5-4934-9F90-A6501DF184B7}] (.Sun Microsystems, Inc..) -- C:\Users\paulo\Downloads\jxpiinstall.exe
[MD5.540C61844CCD78C121C3EF48F3A34F0E] [APT] [{195C3FAD-15D9-45E7-9147-F4321FCD471A}] (.Adobe Systems Incorporated.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
[MD5.4CEC4B72C5B255EC2F7C54CD03554540] [APT] [{85AADE2D-B9EE-4E8B-81DE-C526EA44F898}] (.Malwarebytes Corporation.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
[MD5.6B7DCDB94A1082419AE261F23B49E48D] [APT] [{A4E09691-B4BE-4861-BE1B-C477085805A1}] (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[MD5.4CEC4B72C5B255EC2F7C54CD03554540] [APT] [{BC6A6D79-1CC2-4359-8B00-0F33F2388EBA}] (.Malwarebytes Corporation.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
[MD5.4CEC4B72C5B255EC2F7C54CD03554540] [APT] [{C73E24E0-68DF-4175-9455-1374DFE6A861}] (.Malwarebytes Corporation.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
[MD5.2A253D605FB6AE64134FFACD90E03A9E] [APT] [{CE001424-A26B-400C-9628-A467B325BE13}] (.Sun Microsystems, Inc..) -- C:\Users\paulo\Downloads\jxpiinstall(1).exe
[MD5.D5666AF6AFCAE75D54A81C67C131A897] [APT] [{D68B2DB4-BD7C-4E75-B10E-14BEABFF7F72}] (.Mozilla Corporation.) -- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
[MD5.4CEC4B72C5B255EC2F7C54CD03554540] [APT] [{DEE5D6E1-5BAE-495F-8D49-A1BE76CCF348}] (.Malwarebytes Corporation.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
[MD5.187E0D2AB859AD03393DDD731076BE81] [APT] [AppleSoftwareUpdate] (.Apple Inc..) -- C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
[MD5.00000000000000000000000000000000] [APT] [Reminders - paulo] (...) -- C:\Program Files\Windows Calendar\WinCal.exe (.not file.)



---\\ Pilotes lancés au démarrage (O41)
O41 - Driver: C:\Windows\system32\drivers\afd.sys (AFD) . (.Microsoft Corporation - Ancillary Function Driver for WinSock.) - C:\Windows\system32\drivers\afd.sys
O41 - Driver: (avipbb) . (.Avira GmbH - Avira Driver for Security Enhancement.) - C:\Windows\System32\DRIVERS\avipbb.sys
O41 - Driver: (blbdrive) . (.Microsoft Corporation - BLB Drive Driver.) - C:\Windows\System32\DRIVERS\blbdrive.sys
O41 - Driver: (cdrom) . (.Microsoft Corporation - SCSI CD-ROM Driver.) - C:\Windows\System32\DRIVERS\cdrom.sys
O41 - Driver: C:\Windows\system32\drivers\dfsc.sys (DfsC) . (.Microsoft Corporation - DFS Namespace Client Driver.) - C:\Windows\System32\Drivers\dfsc.sys
O41 - Driver: C:\Windows\system32\drivers\discache.sys (discache) . (.Microsoft Corporation - System Indexer/Cache Driver.) - C:\Windows\System32\drivers\discache.sys
O41 - Driver: (mssmbios) . (.Microsoft Corporation - System Management BIOS Driver.) - C:\Windows\System32\DRIVERS\mssmbios.sys
O41 - Driver: (NetBIOS) . (.Microsoft Corporation - NetBIOS interface driver.) - C:\Windows\System32\DRIVERS\netbios.sys
O41 - Driver: C:\Windows\system32\drivers\netbt.sys (NetBT) . (.Microsoft Corporation - MBT Transport driver.) - C:\Windows\System32\DRIVERS\netbt.sys
O41 - Driver: C:\Windows\system32\drivers\nsiproxy.sys (nsiproxy) . (.Microsoft Corporation - NSI Proxy.) - C:\Windows\System32\drivers\nsiproxy.sys
O41 - Driver: C:\Windows\system32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - Planificateur de paquets QoS.) - C:\Windows\System32\DRIVERS\pacer.sys
O41 - Driver: C:\Windows\system32\wkssvc.dll (rdbss) . (.Microsoft Corporation - Pilote du sous-système de mise en mémoire t.) - C:\Windows\System32\DRIVERS\rdbss.sys
O41 - Driver: C:\Windows\system32\DRIVERS\RDPCDD.sys (RDPCDD) . (.Microsoft Corporation - RDP Miniport.) - C:\Windows\System32\DRIVERS\RDPCDD.sys
O41 - Driver: C:\Windows\system32\drivers\RDPENCDD.sys (RDPENCDD) . (.Microsoft Corporation - RDP Encoder Miniport.) - C:\Windows\System32\drivers\rdpencdd.sys
O41 - Driver: C:\Windows\system32\drivers\RdpRefMp.sys (RDPREFMP) . (.Microsoft Corporation - RDP Reflector Driver Miniport.) - C:\Windows\System32\drivers\rdprefmp.sys
O41 - Driver: C:\Windows\system32\tcpipcfg.dll (tdx) . (.Microsoft Corporation - TDI Translation Driver.) - C:\Windows\System32\DRIVERS\tdx.sys
O41 - Driver: (TermDD) . (.Microsoft Corporation - Remote Desktop Server Driver.) - C:\Windows\System32\DRIVERS\termdd.sys
O41 - Driver: (VgaSave) . (.Microsoft Corporation - VGA/Super VGA Video Driver.) - C:\Windows\system32\drivers\vga.sys
O41 - Driver: C:\Windows\system32\rascfg.dll (Wanarpv6) . (.Microsoft Corporation - MS Remote Access and Routing ARP Driver.) - C:\Windows\System32\DRIVERS\wanarp.sys
O41 - Driver: (WfpLwf) . (.Microsoft Corporation - WFP NDIS 6.20 Lightweight Filter Driver.) - C:\Windows\System32\DRIVERS\wfplwf.sys



---\\ Logiciels installés (O42)
O42 - Logiciel: Update for Microsoft Office 2007 (KB2508958) - (.Microsoft.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
O42 - Logiciel: 2007 Microsoft Office system - (.Microsoft Corporation.) [HKLM][64Bits] -- PROHYBRIDR
O42 - Logiciel: 64 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {9301985B-D116-4A93-A93D-94580084FF86}
O42 - Logiciel: 64 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM] -- {FF21C3E6-97FD-474F-9518-8DCBE94C2854}
O42 - Logiciel: AVS Update Manager 1.0 - (.Online Media Technologies Ltd..) [HKLM][64Bits] -- AVS Update Manager_is1
O42 - Logiciel: AVS Video Converter 7 - (.Online Media Technologies Ltd..) [HKLM][64Bits] -- AVS4YOU Video Converter 7_is1
O42 - Logiciel: AVS4YOU Software Navigator 1.4 - (.Online Media Technologies Ltd..) [HKLM][64Bits] -- AVS4YOU Software Navigator_is1
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe AIR
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AFF7E080-1974-45BF-9310-10DE1A1F5ED0}
O42 - Logiciel: Adobe Flash Player 10 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player ActiveX
O42 - Logiciel: Adobe Flash Player 10 Plugin - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- Adobe Flash Player Plugin
O42 - Logiciel: Adobe Flash Player 9 ActiveX - (.Adobe Systems, Inc..) [HKLM][64Bits] -- {8186E1B9-DDC6-45B6-B9EB-C28947CBC4CF}
O42 - Logiciel: Adobe Photoshop Elements 6.0 - (.Adobe Systems, Inc..) [HKLM][64Bits] -- Adobe Photoshop Elements 6
O42 - Logiciel: Adobe Reader X (10.1.0) - Français - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-1036-7B44-AA1000000001}
O42 - Logiciel: Advertising Center - (.Nero AG.) [HKLM][64Bits] -- {b2ec4a38-b545-4a00-8214-13fe0e915e6d}
O42 - Logiciel: Agere Systems USB 2.0 Soft Modem - (.Agere Systems.) [HKLM] -- Agere Systems Soft Modem
O42 - Logiciel: Apple Application Support - (.Apple Inc..) [HKLM][64Bits] -- {B3575D00-27EF-49C2-B9E0-14B3D954E992}
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] -- {439760BC-7737-4386-9B1D-A90A3E8A22EA}
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM][64Bits] -- {C41300B9-185D-475E-BFEC-39EF732F19B1}
O42 - Logiciel: Avira AntiVir Personal - Free Antivirus - (.Avira GmbH.) [HKLM][64Bits] -- Avira AntiVir Desktop
O42 - Logiciel: Bing Bar - (.Microsoft Corporation.) [HKLM][64Bits] -- {77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}
O42 - Logiciel: BlackBerry Desktop Software 6.0 - (.Research In Motion Ltd..) [HKLM][64Bits] -- BlackBerry_Desktop
O42 - Logiciel: BlackBerry Desktop Software 6.0 - (.Research In Motion Ltd..) [HKLM][64Bits] -- {D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] -- {0E543634-7E25-4B8F-8D5B-97880E5E5088}
O42 - Logiciel: CADENAS PARTsolutions single - (.CADENAS.) [HKLM][64Bits] -- CADENAS PARTsolutions single
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] -- CCleaner
O42 - Logiciel: CDBurnerXP - (.CDBurnerXP.) [HKLM][64Bits] -- {7E265513-8CDA-4631-B696-F40D983F3B07}_is1
O42 - Logiciel: Catalogue Administration Würth France - (.Wurth France SA.) [HKLM][64Bits] -- {91B969AA-210D-478F-BF17-B6020ECE71C9}
O42 - Logiciel: Catalogue Automobile Würth France - (.Wurth France SA.) [HKLM][64Bits] -- {F607E8E6-23C6-43E9-9CD5-75A1C1C361BB}
O42 - Logiciel: Catalogue Bois Würth France - (.Wurth France SA.) [HKLM][64Bits] -- {DFFFC3AC-1B2D-4E5F-A0FB-21A1CB2D15D0}
O42 - Logiciel: Catalogue Bâtiment Würth France - (.Wurth France SA.) [HKLM][64Bits] -- {608BB44C-322A-493F-ADB3-234CDE57782C}
O42 - Logiciel: Catalogue Installateurs Würth France - (.Wurth France SA.) [HKLM][64Bits] -- {CC9A76F9-5EF8-43AD-B099-30F29AA5078E}
O42 - Logiciel: Catalogue Maintenance Würth France - (.Wurth France SA.) [HKLM][64Bits] -- {70B3DD6E-F5D3-496C-89EA-862E433F41C0}
O42 - Logiciel: Catalogue Métal Würth France - (.Wurth France SA.) [HKLM][64Bits] -- {41BB37E1-595D-4F9A-BB63-3C663DB8B68B}
O42 - Logiciel: Catalogue Métal Würth France - (.Wurth France SA.) [HKLM][64Bits] -- {805AB5C3-3A0F-42E3-9BD8-A4B6C8624A43}
O42 - Logiciel: Catalogue PL Würth France - (.Wurth France SA.) [HKLM][64Bits] -- {1031625E-7942-485E-A1CE-B660C1B48B61}
O42 - Logiciel: Complément Messenger - (.Microsoft Corporation.) [HKLM][64Bits] -- {6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}
O42 - Logiciel: Contrôle ActiveX Windows Live Mesh pour connexions à distance - (.Microsoft Corporation.) [HKLM][64Bits] -- {55D003F4-9599-44BF-BA9E-95D060730DD3}
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] -- {E09C4DB7-630C-4F06-A631-8EA7239923AF}
O42 - Logiciel: Data Lifeguard Diagnostic for Windows - (.Western Digital Corporation.) [HKLM][64Bits] -- {E40CE517-0D42-4198-96B4-C8232B257EB5}
O42 - Logiciel: EasyBits Magic Desktop - (.Pas de propriétaire.) [HKLM][64Bits] -- EasyBits Magic Desktop
O42 - Logiciel: Freeplayer - (.Free.) [HKLM][64Bits] -- Freeplayer
O42 - Logiciel: Galerie de photos Windows Live - (.Microsoft Corporation.) [HKLM][64Bits] -- {488F0347-C4A7-4374-91A7-30818BEDA710}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM][64Bits] -- {18455581-E099-4BA8-BC6B-F34B2F06600C}
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM][64Bits] -- {2318C2B1-4965-11d4-9B18-009027A5CD4F}
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] -- {A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
O42 - Logiciel: HP Customer Participation Program 14.0 - (.HP.) [HKLM] -- HPExtendedCapabilities
O42 - Logiciel: HP Imaging Device Functions 14.0 - (.HP.) [HKLM] -- HP Imaging Device Functions
O42 - Logiciel: HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5 - (.HP.) [HKLM] -- {1E1746EF-F5BF-4677-8F30-04FE399130DA}
O42 - Logiciel: HP Smart Web Printing 4.60 - (.HP.) [HKLM] -- HP Smart Web Printing
O42 - Logiciel: HP Solution Center 14.0 - (.HP.) [HKLM] -- HP Solution Center & Imaging Support Tools
O42 - Logiciel: HP Update - (.Hewlett-Packard.) [HKLM][64Bits] -- {74DC0593-6BC6-4001-AD5F-D810AFB68D86}
O42 - Logiciel: HPDiagnosticAlert - (.Microsoft.) [HKLM][64Bits] -- {846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}
O42 - Logiciel: Identity Card - (.Packard Bell.) [HKLM][64Bits] -- Identity Card
O42 - Logiciel: InfoCentre - (.Packard Bell.) [HKLM][64Bits] -- InfoCentre
O42 - Logiciel: Java(TM) 6 Update 25 (64-bit) - (.Oracle.) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F86416025FF}
O42 - Logiciel: Java(TM) 6 Update 25 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83216022FF}
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
O42 - Logiciel: K-Lite Codec Pack 5.0.5 (Full) - (.Pas de propriétaire.) [HKLM][64Bits] -- KLiteCodecPack_is1
O42 - Logiciel: Logiciel d'archivage WinRAR - (.Pas de propriétaire.) [HKLM] -- WinRAR archiver
O42 - Logiciel: Logiciel d'archivage WinRAR - (.Pas de propriétaire.) [HKLM][64Bits] -- WinRAR archiver
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] -- {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] -- {D0B44725-3666-492D-BEF6-587A14BD9BD9}
O42 - Logiciel: MSXML 4.0 SP2 (KB954430) - (.Microsoft Corporation.) [HKLM][64Bits] -- {86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
O42 - Logiciel: MSXML 4.0 SP2 (KB973688) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
O42 - Logiciel: Ma-Config.com (64 bits) - (.Cybelsoft.) [HKLM] -- {987097B2-9711-4F0A-88B2-0E940F51B62A}
O42 - Logiciel: Malwarebytes' Anti-Malware - (.Malwarebytes Corporation.) [HKLM][64Bits] -- Malwarebytes' Anti-Malware_is1
O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM][64Bits] -- {8C6D6116-B724-4810-8F2D-D047E6B7D68E}
O42 - Logiciel: MetaBoli - (.Pas de propriétaire.) [HKLM][64Bits] -- {709817E4-5439-4206-8738-796B34B623BD}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile - (.Microsoft Corporation.) [HKLM] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
O42 - Logiciel: Microsoft .NET Framework 4 Client Profile FRA Language Pack - (.Microsoft Corporation.) [HKLM] -- {4B5F58F7-C7D1-3CE3-9B37-B657F0852643}
O42 - Logiciel: Microsoft Default Manager - (.Microsoft Corporation.) [HKLM][64Bits] -- {1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-002A-040C-1000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}
O42 - Logiciel: Microsoft Office 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
O42 - Logiciel: Microsoft Office Access MUI (French) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-0015-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-0016-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Office 64-bit Components 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002A-0000-1000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Outlook Connector - (.Microsoft Corporation.) [HKLM][64Bits] -- {95140000-007A-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-001A-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-0018-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Professional Hybrid 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-001F-0401-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-001F-0413-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (English) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-001F-0409-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (French) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-001F-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (German) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-001F-0407-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-001F-0C0A-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing (French) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-002C-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}
O42 - Logiciel: Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) - (.Microsoft.) [HKLM][64Bits] -- {90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}
O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-0019-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared 64-bit MUI (French) 2007 - (.Microsoft Corporation.) [HKLM] -- {90120000-002A-040C-1000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-006E-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft Office Word MUI (French) 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-001B-040C-0000-0000000FF1CE}
O42 - Logiciel: Microsoft SQL Server 2005 Compact Edition [ENU] - (.Microsoft Corporation.) [HKLM][64Bits] -- {F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] -- {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM] -- {B6E3757B-5E77-3915-866A-CCFC4B8D194C}
O42 - Logiciel: Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - (.Microsoft Corporation.) [HKLM][64Bits] -- {770657D0-A123-3C07-8E44-1C83EC895118}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {071c9b48-7c32-4621-a0ac-3f809523288f}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable (x64) - (.Microsoft Corporation.) [HKLM] -- {ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable - (.Microsoft Corporation.) [HKLM][64Bits] -- {710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
O42 - Logiciel: Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM][64Bits] -- {002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 - (.Microsoft Corporation.) [HKLM][64Bits] -- {86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 - (.Microsoft Corporation.) [HKLM][64Bits] -- {FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - (.Microsoft Corporation.) [HKLM][64Bits] -- {9A25302D-30C0-39D9-BD6F-21E6EC160475}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 - (.Microsoft Corporation.) [HKLM][64Bits] -- {1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
O42 - Logiciel: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 - (.Microsoft Corporation.) [HKLM][64Bits] -- {9BE518E6-ECC6-35A9-88E4-87755C07200F}
O42 - Logiciel: Microsoft Works - (.Microsoft Corporation.) [HKLM][64Bits] -- {0214A441-A4AB-43A8-8DEF-2F73C5364673}
O42 - Logiciel: Module de compatibilité pour Microsoft Office System 2007 - (.Microsoft Corporation.) [HKLM][64Bits] -- {90120000-0020-040C-0000-0000000FF1CE}
O42 - Logiciel: Module linguistique Microsoft .NET Framework 3.5 SP1- fra - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 3.5 Language Pack SP1 - fra
O42 - Logiciel: Module linguistique Microsoft .NET Framework 4 Client Profile FRA - (.Microsoft Corporation.) [HKLM] -- Microsoft .NET Framework 4 Client Profile FRA Language Pack
O42 - Logiciel: Mozilla Firefox 5.0 (x86 fr) - (.Mozilla.) [HKLM][64Bits] -- Mozilla Firefox 5.0 (x86 fr)
O42 - Logiciel: Music Transfer - (.Sony Corporation.) [HKLM][64Bits] -- {CE2121C6-C94D-4A73-8EA4-6943F33EE335}
O42 - Logiciel: MyPDFConverter - (.Aedge Performance BCN SL.) [HKLM][64Bits] -- {1D76557F-04F5-4CF9-AB20-6A621B0D52D7}
O42 - Logiciel: NVIDIA Drivers - (.NVIDIA Corporation.) [HKLM] -- NVIDIA Drivers
O42 - Logiciel: Nero 9 Essentials - (.Nero AG.) [HKLM][64Bits] -- {7d50c9ae-efdb-44ea-b4c5-f882a522a500}
O42 - Logiciel: Nero ControlCenter - (.Nero AG.) [HKLM][64Bits] -- {bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}
O42 - Logiciel: Nero Installer - (.Nero AG.) [HKLM][64Bits] -- {e8a80433-302b-4ff1-815d-fcc8eac482ff}
O42 - Logiciel: Nero Online Upgrade - (.Nero AG.) [HKLM][64Bits] -- {dba84796-8503-4ff0-af57-1747dd9a166d}
O42 - Logiciel: Nero StartSmart - (.Nero AG.) [HKLM][64Bits] -- {7748ac8c-18e3-43bb-959b-088faea16fb2}
O42 - Logiciel: Nero StartSmart OEM - (.Nero AG.) [HKLM][64Bits] -- {4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}
O42 - Logiciel: PC Wizard 2009.1.88 - (.Laurent KUTIL & Franck DELATTRE.) [HKLM][64Bits] -- PC Wizard 2009_is1
O42 - Logiciel: PDFCreator - (.Frank Heindörfer, Philip Chinery.) [HKLM][64Bits] -- {0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
O42 - Logiciel: PVSonyDll - (.NVIDIA Corporation.) [HKLM] -- {3D3E663D-4E7E-4577-A560-7ECDDD45548A}
O42 - Logiciel: Packard Bell Customer Registration - (.Packard Bell.) [HKLM][64Bits] -- Packard Bell Customer Registration
O42 - Logiciel: PackardBell ScreenSaver - (.PackardBell.) [HKLM][64Bits] -- PackardBell Screensaver
O42 - Logiciel: PlayReady PC runtime - (.Microsoft Corporation.) [HKLM] -- {704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}
O42 - Logiciel: QuickTime - (.Apple Inc..) [HKLM][64Bits] -- {57752979-A1C9-4C02-856B-FBB27AC4E02C}
O42 - Logiciel: Realtek High Definition Audio Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] -- {F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288621) - (.Microsoft.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{5C497F0B-2061-4CC9-A61C-6B45B867354D}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2288931) - (.Microsoft.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CD769337-C8AC-46DB-A7DC-643E50089263}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2345043) - (.Microsoft.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{536FB502-775F-4494-BACE-C02CC90B7A5B}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB2509488) - (.Microsoft.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{AD0DE453-0804-4495-9C91-33D0F9AA5463}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB969559) - (.Microsoft.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB976321) - (.Microsoft.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{7F207DCA-3399-40CB-A968-6E5991B1421A}
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2160841
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2446708
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2478663
O42 - Logiciel: Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) - (.Microsoft Corporation.) [HKLM][64Bits] -- {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2518870
O42 - Logiciel: Security Update for Microsoft Office 2007 System (KB2541012) - (.Microsoft.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CD907315-705A-4475-A1A0-2A1245803E4D}
O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
O42 - Logiciel: Security Update for Microsoft Office Access 2007 (KB979440) - (.Microsoft.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{5A4E43D5-858F-49BD-BA72-8F30E1793060}
O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB2541007) - (.Microsoft.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A0173254-F442-4D04-9154-43FA157B83D0}
O42 - Logiciel: Security Update for Microsoft Office InfoPath 2007 (KB979441) - (.Microsoft.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB2535818) - (.Microsoft.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
O42 - Logiciel: Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623) - (.Microsoft.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB2284697) - (.Microsoft.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3A4CDE54-2403-483D-8D9A-15E3264410DF}
O42 - Logiciel: Security Update for Microsoft Office Visio Viewer 2007 (KB973709) - (.Microsoft.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB2344993) - (.Microsoft.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (972581) - (.Microsoft.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}
O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB974234) - (.Microsoft.) [HKLM][64Bits] -- {91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{FCD742B9-7A55-44BC-A776-F795F21FEDDC}
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2478663) - (.Microsoft Corporation.) [HKLM][64Bits] -- {4B5F58F7-C7D1-3CE3-9B37-B657F0852643}.KB2478663
O42 - Logiciel: Security Update for Module linguistique Microsoft .NET Framework 4 Client Profile FRA (KB2518870) - (.Microsoft Corporation.) [HKLM][64Bits] -- {4B5F58F7-C7D1-3CE3-9B37-B657F0852643}.KB2518870
O42 - Logiciel: SetUpMyPC - (.Packard Bell.) [HKLM][64Bits] -- SetUpMyPC
O42 - Logiciel: Shop for HP Supplies - (.HP.) [HKLM] -- Shop for HP Supplies
O42 - Logiciel: Sony Picture Utility - (.Sony Corporation.) [HKLM][64Bits] -- {D5068583-D569-468B-9755-5FBF5848F46F}
O42 - Logiciel: Sony Sound Forge Audio Studio 9.0 - (.Sony.) [HKLM][64Bits] -- {20207CCE-A8FA-44A7-AA3D-1E43EB307B27}
O42 - Logiciel: Spelling Dictionaries Support For Adobe Reader 9 - (.Ado
0
Utilisateur anonyme
26 juin 2011 à 10:24
Salut


Rapport de ZHPDiag est incomplet


* Héberge le rapport sur ce site,
>> Cijoint.fr
* puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.

* Pour t aider ,pour heberger le rapport
* rends toi sur Cijoint.fr
* clic sur Parcourir
* Trouve >> le rapport que tu viens d'enregistrer qui doit par exemple être sur ton bureau
* et valide en cliquant sur >> Cliquez ici pour déposer le Fichier
* un lien de ce genre http://www.cijoint.fr/cjlink.php?file=cj201004/cijecaEGX.txt te sera généré,
* il te suffit de le poster ici pour que je puisse voir le rapport




@+ VIRUS/C/C
0
paulo67 Messages postés 242 Date d'inscription dimanche 8 juillet 2007 Statut Membre Dernière intervention 4 juillet 2013
26 juin 2011 à 10:59
re,
http://www.cijoint.fr/cjlink.php?file=cj201106/cij9QagIw7.txt
0
Utilisateur anonyme
26 juin 2011 à 11:20
Salut





1) /!\ ZHPFix /!\


* ferme toutes les applications ouvertes.
* Copies tout le texte présent en gras ci-dessous
*( tu le selectionnes avec ta souris >> Clique droit dessus et choisis "copier" ou fait Ctrl+C )



[MD5.FA7DC6B50DABDDC74DB3B6CE2F834572] - (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
M0 - MFSP: prefs.js [paulo - 9sc5yr4m.default] http://ww25.custom-search-fr.com/
O4 - HKLM\..\Wow6432Node\Run: [SweetIM] . (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - Global Startup: C:\Users\paulo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Meteo.lnk - Clé orpheline
O23 - Service: (gpsvc) - Clé orpheline
HKCU\Software\SweetIM]
O43 - CFD: 24/05/2011 - 21:37:26 - [605850] ----D- C:\ProgramData\SweetIM
O43 - CFD: 24/04/2011 - 21:39:20 - [0] ----D- C:\Users\paulo\Appdata\Local\{02C98442-551B-40F7-BAE3-DD1BEAFEB4AD}
O43 - CFD: 28/04/2011 - 22:39:20 - [0] ----D- C:\Users\paulo\Appdata\Local\{0388B608-3E1A-4587-B368-11DF3B8A98BD}
O43 - CFD: 15/05/2011 - 21:50:48 - [0] ----D- C:\Users\paulo\Appdata\Local\{038EEBEE-5CF8-4460-95EA-4D9284AB7E5D}
O43 - CFD: 20/05/2011 - 21:56:36 - [0] ----D- C:\Users\paulo\Appdata\Local\{03FEFDFD-2C80-401C-8132-B1D23F116E8F}
O43 - CFD: 02/05/2011 - 20:46:54 - [0] ----D- C:\Users\paulo\Appdata\Local\{067D3E9F-A9A4-457B-895E-4C880EB41984}
O43 - CFD: 04/05/2011 - 20:49:22 - [0] ----D- C:\Users\paulo\Appdata\Local\{0917FE67-201A-420E-BC86-0ABA29E7058C}
O43 - CFD: 23/05/2011 - 21:16:38 - [0] ----D- C:\Users\paulo\Appdata\Local\{0BE4C1E0-7416-481A-83C4-83A6181F88E8}
O43 - CFD: 03/06/2011 - 22:03:56 - [0] ----D- C:\Users\paulo\Appdata\Local\{0BF7EEBA-9739-414B-B9FC-8E95F6F9BCB0} O43 - CFD: 22/06/2011 - 21:08:24 - [0] ----D- C:\Users\paulo\Appdata\Local\{0C1DF2B9-4958-4ACE-99AB-30A08E6BAB81}
O43 - CFD: 10/05/2011 - 00:04:02 - [0] ----D- C:\Users\paulo\Appdata\Local\{0CFE6295-9870-473B-B6B5-CAC2B1677398}
O43 - CFD: 12/04/2011 - 12:49:32 - [0] ----D- C:\Users\paulo\Appdata\Local\{0EC456EE-0F56-44FD-BD6C-E792B7E26153}
O43 - CFD: 26/05/2011 - 09:39:10 - [0] ----D- C:\Users\paulo\Appdata\Local\{0F0B29B5-2BDD-48CF-801A-F79825CA9D0A}
O43 - CFD: 05/06/2011 - 22:26:32 - [0] ----D- C:\Users\paulo\Appdata\Local\{0F6100AD-084D-458A-93BB-528E1C337FD0}
O43 - CFD: 25/04/2011 - 22:36:18 - [0] ----D- C:\Users\paulo\Appdata\Local\{16251618-611A-4F2F-967E-6C7746B265C0}
O43 - CFD: 30/05/2011 - 19:20:46 - [0] ----D- C:\Users\paulo\Appdata\Local\{18245DD7-8BB2-4084-82EF-2166669F854A}
O43 - CFD: 16/04/2011 - 08:29:52 - [0] ----D- C:\Users\paulo\Appdata\Local\{1EDEF5BE-30C0-4E8A-9987-49CB1EA904B6}
O43 - CFD: 24/05/2011 - 21:37:26 - [4511440] ----D- C:\Program Files (x86)\SweetIM
O43 - CFD: 14/05/2011 - 15:41:36 - [1808797] ----D- C:\Program Files (x86)\Windows iLivid Toolbar
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1
[HKLM\Software\Classes\Wow6432Node\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}]
[HKLM\Software\Classes\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}]
[HKLM\Software\Classes\Interface\{6612afdd-34ad-4b89-a236-7e6d07c3fdcd}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}]
[HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}]
[HKLM\Software\Wow6432Node\SweetIM]
C:\ProgramData\SweetIM
C:\Program Files (x86)\SweetIM
C:\Program Files (x86)\Windows iLivid Toolbar

EmptyFlash
Emptytemp





* Double Clique sur l'icone ZhpFix du bureau pour le lancer ( l icone en forme de seringue) .
* >> ZHPFix >IMAGE ZHPFix sur ton Bureau
* Utilisateurs de Windows7/Vista >> Fais un clic-droit sur le raccourci de ZHPFix et choisis "Exécuter en temps qu'administrateur"
* Une fois l'outil ZHPFix ouvert ,

* clique sur le bouton [ H ] ==> Image ( "coller les lignes Helper" ) .

* Dans l'encadré principal
* tu verras donc les lignes que tu as copié précédemment apparaitre .
* Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.
* cliques >> sur le Bouton " GO "
* colle le rapport obtenu .












@+ VIRUS/C/C
0
paulo67 Messages postés 242 Date d'inscription dimanche 8 juillet 2007 Statut Membre Dernière intervention 4 juillet 2013
26 juin 2011 à 11:28
re
Rapport de ZHPFix 1.12.3326 par Nicolas Coolman, Update du 25/06/2011
Fichier d'export Registre :
Run by paulo at 26/06/2011 11:26:02
Windows 7 Home Premium Edition, 64-bit (Build 7600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html

========== Processus mémoire ==========
SUPPRIME Reboot Memory Process: C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
SUPPRIME Reboot Memory Process: C:\ProgramData\SweetIM
SUPPRIME Reboot Memory Process: C:\Program Files (x86)\SweetIM

========== Clé(s) du Registre ==========
ABSENT Key: Service: gpsvc
SUPPRIME Key: HKLM\Software\Classes\Wow6432Node\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}
ABSENT Key: HKLM\Software\Classes\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19}
SUPPRIME Key*: HKLM\Software\Classes\Interface\{6612afdd-34ad-4b89-a236-7e6d07c3fdcd}
SUPPRIME Key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}
SUPPRIME Key*: HKLM\Software\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
SUPPRIME Key: HKLM\Software\Wow6432Node\SweetIM

========== Valeur(s) du Registre ==========
SUPPRIME RunValue: SweetIM
SUPPRIME MWPE Value: NoActiveDesktop

========== Préférences navigateur ==========
SUPPRIME Mozilla Pref: http://ww25.custom-search-fr.com/

========== Dossier(s) ==========
SUPPRIME Reboot C:\ProgramData\SweetIM
SUPPRIME C:\Users\paulo\Appdata\Local\{02C98442-551B-40F7-BAE3-DD1BEAFEB4AD}
SUPPRIME C:\Users\paulo\Appdata\Local\{0388B608-3E1A-4587-B368-11DF3B8A98BD}
SUPPRIME C:\Users\paulo\Appdata\Local\{038EEBEE-5CF8-4460-95EA-4D9284AB7E5D}
SUPPRIME C:\Users\paulo\Appdata\Local\{03FEFDFD-2C80-401C-8132-B1D23F116E8F}
SUPPRIME C:\Users\paulo\Appdata\Local\{067D3E9F-A9A4-457B-895E-4C880EB41984}
SUPPRIME C:\Users\paulo\Appdata\Local\{0917FE67-201A-420E-BC86-0ABA29E7058C}
SUPPRIME C:\Users\paulo\Appdata\Local\{0BE4C1E0-7416-481A-83C4-83A6181F88E8}
ABSENT C:\Users\paulo\Appdata\Local\{0BF7EEBA-9739-414B-B9FC-8E95F6F9BCB0} O43 - CFD: 22/06/2011 - 21:08:24 - [0] ----D- C:\Users\paulo\Appdata\Local\{0C1DF2B9-4958-4ACE-99AB-30A08E6BAB81}
SUPPRIME C:\Users\paulo\Appdata\Local\{0CFE6295-9870-473B-B6B5-CAC2B1677398}
SUPPRIME C:\Users\paulo\Appdata\Local\{0EC456EE-0F56-44FD-BD6C-E792B7E26153}
SUPPRIME C:\Users\paulo\Appdata\Local\{0F0B29B5-2BDD-48CF-801A-F79825CA9D0A}
SUPPRIME C:\Users\paulo\Appdata\Local\{0F6100AD-084D-458A-93BB-528E1C337FD0}
SUPPRIME C:\Users\paulo\Appdata\Local\{16251618-611A-4F2F-967E-6C7746B265C0}
SUPPRIME C:\Users\paulo\Appdata\Local\{18245DD7-8BB2-4084-82EF-2166669F854A}
SUPPRIME C:\Users\paulo\Appdata\Local\{1EDEF5BE-30C0-4E8A-9987-49CB1EA904B6}
SUPPRIME Reboot C:\Program Files (x86)\SweetIM
SUPPRIME C:\Program Files (x86)\Windows iLivid Toolbar
SUPPRIME Flash Cookies: 56
SUPPRIME Temporaires Windows: : 102

========== Fichier(s) ==========
SUPPRIME File: c:\program files (x86)\sweetim\messenger\sweetim.exe
SUPPRIME c:\users\paulo\appdata\roaming\microsoft\internet explorer\quick launch\meteo.lnk
ABSENT Folder/File: c:\program files (x86)\windows ilivid toolbar
SUPPRIME Flash Cookies: 28
SUPPRIME Temporaires Windows: : 73

========== Autre ==========
NON TRAITE HKCU\Software\SweetIM]


========== Récapitulatif ==========
3 : Processus mémoire
7 : Clé(s) du Registre
2 : Valeur(s) du Registre
20 : Dossier(s)
5 : Fichier(s)
1 : Préférences navigateur
1 : Autre


========== Chemin du fichier rapport ==========
C:\ZHPDiag\ZHPFixReport.txt


End of the scan
0
Utilisateur anonyme
26 juin 2011 à 11:39
Re




1) * tu as Malwarebytes

* Lances--> Malwarebytes (MBAM)
* Fais une mise a jour <== à faire
* Puis vas dans l'onglet "Recherche", coche >> Exécuter un examen complet
* puis "Rechercher"
* Sélectionnes tes disques durs" puis clique sur "Lancer l'examen"
* A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
*Si MalwareBytes' détecte des infections, clique sur ==>Afficher les résultats, puis sur ==>Supprimer la sélection
* S'il t' es demandé de redémarrer, clique sur "oui "
* aprés la suppression(s) de ou des infections trouvées -->poste le rapport ici


2) * Fais une Sauvegarde du Registre

* cliques sur Démarrer
* Dans la barre de recherche Tape -->

regedit


* cliques sur >> regedit

* Valide par Oui a la demande d Autorisation

* Dans le Registre > Clique sur Fichier > Exporter.
* Dans la nouvelle fenêtre
* Donne un nom de fichier : SauvReg .
* Choisis un emplacement >> " Documents "
* Garde l'extension .reg et cocher Tout. Valide.


* Rends toi dans " Documents " et vérifie la présence de SauvReg, et tu me le confirme !


une fois ceci de fait reviens !!



@+ VIRUS/C/C
0
paulo67 Messages postés 242 Date d'inscription dimanche 8 juillet 2007 Statut Membre Dernière intervention 4 juillet 2013
26 juin 2011 à 20:43
re
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Version de la base de données: 6954

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26/06/2011 20:20:01
mbam-log-2011-06-26 (20-20-01).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 388832
Temps écoulé: 1 heure(s), 2 minute(s), 15 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Utilisateur anonyme
27 juin 2011 à 04:17
Salut



1) * Télécharge OTL (de OldTimer) sur ton Bureau.

>> OTL (de OldTimer)

* Utilisateurs Windows XP => double clique >>sur OTL.exe
* Utilisateurs Windows Vista / windows 7 => clic droit "executer en tant que en tant qu'administrateur "sur OTL.exe pour le lancer.

coches les cases lop & purity check ainsi que en haut Tous les Utilisateurs et minimal output

Copies et colles le contenue de cette citation dans la partie inférieure d'OTL sous >> Personalisation :




netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
SAVEMBR:0
%ALLUSERSPROFILE\%Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.*
%SYSTEMDRIVE%\*.exe
%PROGRAMFILES%\*.*
%PROGRAMFILES%\*.
/md5start
volsnap.sys
hidserv.dll
appmgmts.dll
eventlog.dll
winlogon.exe
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
wininet.dll
wininit.exe
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
explorer.exe
svchost.exe
userinit.exe
qmgr.dll
ws2_32.dll
proquota.exe
imm32.dll
kernel32.dll
ndis.sys
autochk.exe
spoolsv.exe
xmlprov.dll
ntmssvc.dll
mswsock.dll
Beep.SYS
ntfs.sys
termsrv.dll
sfcfiles.dll
st3shark.sys
winlogon.exe
wininit.ini
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT



* Cliques sur l'icône "Analyse" (en haut à gauche) .
* Laisse le scan aller à son terme sans te servir du PC
* A la fin du scan un ou deux rapports vont s'ouvrir "OTL.Txt" et ( ou ) "Extras.Txt"( dans certains cas).


* Héberge le rapport >> OTL.Txt sur ce site,
>> Cijoint.fr
* puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.

* Pour t aider ,pour heberger le rapport
* rends toi sur Cijoint.fr
* clic sur Parcourir
* trouve >> le rapport que tu viens d'enregistrer qui doit par exemple être sur ton bureau
* et valide en cliquant sur >> Cliquez ici pour déposer le Fichier
* un lien de ce genre http://www.cijoint.fr/cjlink.php?file=cj201004/cijecaEGX.txt te sera généré,
* il te suffit de le poster ici pour que je puisse voir le rapport

fais aprés de même avec le rapport >> Extras.Txt

ou

ICI >> pjjoint.malekal
* Cliques sur >> Parcourir
* Trouve >> les rapports que tu viens d'enregistrer par exemple sur ton bureau
* Cliques sur >> envoyer le fichier
* Un lien te sera généré,
* il te suffit de le poster ici

ensuite

2) * Ensuite un fichier c:\PhysicalMBR.bin est crée à la racine du disque système (en général "c:\PhysicalMBR.bin")
* Analyse le sur Virustotal :


* Rends toi sur >> Virustotal
* ICI >>Virustotal

Fais analyser ce fichier

c:\PhysicalMBR.bin



* Clique sur Parcourir en haut, cherche ce fichier :

* Clique maintenant sur >> Send file. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée * Une nouvelle fenêtre de ton navigateur va apparaître
poste le résultat >> en collant l'url de la page du résultat (barre d'adresse).
Ou en cliquant sur >> View last report et fais un copié/collé du rapport





@+ VIRUS/C/C
0
paulo67 Messages postés 242 Date d'inscription dimanche 8 juillet 2007 Statut Membre Dernière intervention 4 juillet 2013
27 juin 2011 à 12:57
re,
http://www.cijoint.fr/cjlink.php?file=cj201106/cijgOAhQgs.txt
et voila l'autre
http://www.virustotal.com/file-scan/report.html?id=239ca87f6078a3de137eb3d8effb2c0a0b692664a665696f716e423518342019-1309171894
merci.
0
Utilisateur anonyme
27 juin 2011 à 14:48
Salut


Manque le rapport >> Extras.Txt




@+ VIRUS/C/C
0
paulo67 Messages postés 242 Date d'inscription dimanche 8 juillet 2007 Statut Membre Dernière intervention 4 juillet 2013
27 juin 2011 à 18:44
re
OTL Extras logfile created on: 27/06/2011 12:29:37 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\paulo\Documents\Téléchargements
64bit-Windows XP Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 65,99% Memory free
8,00 Gb Paging File | 6,27 Gb Available in Paging File | 78,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458,46 Gb Total Space | 224,14 Gb Free Space | 48,89% Space Free | Partition Type: NTFS
Drive D: | 458,41 Gb Total Space | 458,29 Gb Free Space | 99,97% Space Free | Partition Type: NTFS

Computer Name: PC-DE-PAULO | User Name: paulo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2704204595-2640163272-54980813-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox 3.6 Beta 2\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiSpywareOverride" = 0
"AntiVirusOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== System Restore Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E1746EF-F5BF-4677-8F30-04FE399130DA}" = HP Photosmart C4600 All-In-One Driver Software 14.0 Rel. 5
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B5F58F7-C7D1-3CE3-9B37-B657F0852643}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{704ABF63-B0B1-446B-9D92-C5D06AFCE7B6}" = PlayReady PC runtime
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987097B2-9711-4F0A-88B2-0E940F51B62A}" = Ma-Config.com (64 bits)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Agere Systems Soft Modem" = Agere Systems USB 2.0 Soft Modem
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = Logiciel d'archivage WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0214A441-A4AB-43A8-8DEF-2F73C5364673}" = Microsoft Works
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1031625E-7942-485E-A1CE-B660C1B48B61}" = Catalogue PL Würth France
"{11B0F8D4-FD80-4800-ABA8-50D28FF769AF}" = e-Carte Bleue La Banque Postale
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CA3A991-B03D-4C92-9922-315E5434E87B}" = PS_AIO_05_C4600_Software_Min
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1D76557F-04F5-4CF9-AB20-6A621B0D52D7}" = MyPDFConverter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}" = Sony Sound Forge Audio Studio 9.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2622A678-F26C-451C-8541-1D69C5288668}" = psol_workstation
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 25
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{41BB37E1-595D-4F9A-BB63-3C663DB8B68B}" = Catalogue Métal Würth France
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{608BB44C-322A-493F-ADB3-234CDE57782C}" = Catalogue Bâtiment Würth France
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{70B3DD6E-F5D3-496C-89EA-862E433F41C0}" = Catalogue Maintenance Würth France
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7d50c9ae-efdb-44ea-b4c5-f882a522a500}" = Nero 9 Essentials
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{805AB5C3-3A0F-42E3-9BD8-A4B6C8624A43}" = Catalogue Métal Würth France
"{8186E1B9-DDC6-45B6-B9EB-C28947CBC4CF}" = Adobe Flash Player 9 ActiveX
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-040C-1000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91B969AA-210D-478F-BF17-B6020ECE71C9}" = Catalogue Administration Würth France
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E0E1E3B-229C-4CF9-8A39-4455477327E4}" = C4600
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1036-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Français
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CC9A76F9-5EF8-43AD-B099-30F29AA5078E}" = Catalogue Installateurs Würth France
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D65F8E34-C050-4E6C-86DB-D2B9075749A0}" = Windows Live Sync ActiveX Control for Remote Connections
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFFC3AC-1B2D-4E5F-A0FB-21A1CB2D15D0}" = Catalogue Bois Würth France
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F607E8E6-23C6-43E9-9CD5-75A1C1C361BB}" = Catalogue Automobile Würth France
"{F70AE624-2B41-476F-BC9C-0A7F158C3F15}" = SweetIM for Messenger 3.4
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Ad-Remover" = Ad-Remover par C_XX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
"CADENAS PARTsolutions single" = CADENAS PARTsolutions single
"EasyBits Magic Desktop" = EasyBits Magic Desktop
"Freeplayer" = Freeplayer
"Identity Card" = Identity Card
"InfoCentre" = InfoCentre
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.5 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Mozilla Firefox 5.0 (x86 fr)" = Mozilla Firefox 5.0 (x86 fr)
"Packard Bell Customer Registration" = Packard Bell Customer Registration
"PackardBell Screensaver" = PackardBell ScreenSaver
"PC Wizard 2009_is1" = PC Wizard 2009.1.88
"PROHYBRIDR" = 2007 Microsoft Office system
"SetUpMyPC" = SetUpMyPC
"TomTom HOME" = TomTom HOME 2.7.5.2014
"Updator" = Updator
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite" = Windows Live
"WinRAR archiver" = Logiciel d'archivage WinRAR
"ZHPDiag_is1" = ZHPDiag 1.27

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
0
Utilisateur anonyme
28 juin 2011 à 17:57
Salut




* Relance OTL ,
* Utilisateurs Windows XP => double clique >>sur OTL.exe
* Utilisateurs Windows Vista / windows 7 => clic droit "executer en tant que en tant qu'administrateur "sur OTL.exe pour le lancer.

* Copie et colle du texte en gras çi-dessous

* Tu commençes bien à : OTL , les : inclus devant OTL jusqu'à >>[Reboot] inclus dans la partie inférieure d'OTL sous "Personalisation"
* Cliques sur >> CORRECTION:




:OTL
IE - HKU\S-1-5-18\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
O4 - HKU\S-1-5-19\..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20\..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxTV Powertools.lnk = File not found
O4 - Startup: C:\Users\paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxTV Recorder Manager.lnk = File not found
O4 - Startup: C:\Users\paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxTV.lnk = File not found
O4 - Startup: C:\Users\paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Widget Carrefour PROMOLIBRE.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
[2010/02/13 12:13:35 | 000,010,134 | R--- | M] () -- C:\Users\paulo\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe
[2011/02/09 23:00:14 | 000,010,134 | R--- | M] () -- C:\Users\paulo\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2011/05/24 21:37:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SweetIM
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:430C6D84

:Commands
[emptytemp]
[emptyflash]
[Reboot]


* Cliques sur >> CORRECTION:


* Héberge le rapport sur ce site,
>> Cijoint.fr
* puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.

* Pour t aider ,pour heberger le rapport
* rends toi sur Cijoint.fr
* clic sur Parcourir
* Trouve >> le rapport que tu viens d'enregistrer qui doit par exemple être sur ton bureau
* et valide en cliquant sur >> Cliquez ici pour déposer le Fichier
* un lien de ce genre http://www.cijoint.fr/cjlink.php?file=cj201004/cijecaEGX.txt te sera généré,
* il te suffit de le poster ici pour que je puisse voir le rapport



@+ VIRUS/C/C
0
paulo67 Messages postés 242 Date d'inscription dimanche 8 juillet 2007 Statut Membre Dernière intervention 4 juillet 2013
28 juin 2011 à 18:44
re
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-19\\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxTV Powertools.lnk moved successfully.
C:\Users\paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxTV Recorder Manager.lnk moved successfully.
C:\Users\paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MaxTV.lnk moved successfully.
C:\Users\paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Widget Carrefour PROMOLIBRE.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\0x00000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61}\ deleted successfully.
File {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\http\oledb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11D1-9C6B-0000F875AC61}\ deleted successfully.
File {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\0x00000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\https\oledb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11D1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\0x00000001\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61}\ not found.
File {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1D2BF40-A96B-11D1-9C6B-0000F875AC61}\ not found.
File {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ deleted successfully.
File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
C:\Users\paulo\AppData\Roaming\Microsoft\Installer\{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}\ARPPRODUCTICON.exe moved successfully.
C:\Users\paulo\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe moved successfully.
C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger\resources\images folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger folder moved successfully.
C:\Program Files (x86)\SweetIM folder moved successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: paulo
->Temp folder emptied: 2068461 bytes
->Temporary Internet Files folder emptied: 39089314 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 253650707 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 68149 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 90729 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67910 bytes
RecycleBin emptied: 38645181 bytes

Total Files Cleaned = 318,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: paulo
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

Error: Unable to interpret <[Reboot> in the current context!

OTL by OldTimer - Version 3.2.24.1 log created on 06282011_183607

Files\Folders moved on Reboot...
C:\Users\paulo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\paulo\AppData\Local\Temp\~DF101452BE784DA5A5.TMP not found!
File\Folder C:\Users\paulo\AppData\Local\Temp\~DF22ECC6AA0F99A989.TMP not found!
File\Folder C:\Users\paulo\AppData\Local\Temp\~DF58166F7AB75D8DE0.TMP not found!
File\Folder C:\Users\paulo\AppData\Local\Temp\~DF5B9975C78500DCCA.TMP not found!
File\Folder C:\Users\paulo\AppData\Local\Temp\~DF629181B2C55D38CA.TMP not found!
File\Folder C:\Users\paulo\AppData\Local\Temp\~DF80499141EB9C4BB6.TMP not found!
File\Folder C:\Users\paulo\AppData\Local\Temp\~DF883AD699F13A12A7.TMP not found!
File\Folder C:\Users\paulo\AppData\Local\Temp\~DFFF8BFABE53092CE8.TMP not found!
C:\Users\paulo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LJCCV9N1\Sync[1].htm moved successfully.
File\Folder C:\Users\paulo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVIFIA6A\ADSAdClient31[1].txt not found!
C:\Users\paulo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVIFIA6A\Include[1].htm moved successfully.
File\Folder C:\Users\paulo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQ4034F3\w4_default[1].aspx not found!
C:\Users\paulo\AppData\Local\Mozilla\Firefox\Profiles\9sc5yr4m.default\startupCache\startupCache.4.little moved successfully.
C:\Users\paulo\AppData\Local\Mozilla\Firefox\Profiles\9sc5yr4m.default\Cache\_CACHE_001_ moved successfully.
C:\Users\paulo\AppData\Local\Mozilla\Firefox\Profiles\9sc5yr4m.default\Cache\_CACHE_002_ moved successfully.
C:\Users\paulo\AppData\Local\Mozilla\Firefox\Profiles\9sc5yr4m.default\Cache\_CACHE_003_ moved successfully.
C:\Users\paulo\AppData\Local\Mozilla\Firefox\Profiles\9sc5yr4m.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\paulo\AppData\Local\Mozilla\Firefox\Profiles\9sc5yr4m.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...
0
Utilisateur anonyme
28 juin 2011 à 18:59
Salut



1) Télécharge ESET Online Scanner sur ton Bureau en cliquant

* ICI >> ESET

* Utilisateurs Windows XP => double clique >>sur >> esetsmartinstaller_enu.exe pour le lancer
* Utilisateurs Windows Vista / windows 7 => clic droit "executer en tant que en tant qu'administrateur "sur esetsmartinstaller_enu.exe pour le lancer.

* Accepte la licence en cochant la case " YES, i accept the terms of use",
* puis clique sur le bouton "Start"
* Une fois le scanner installé, configure-le en décochant la case " Remove found threats " et en cochant la case " Scan archives "

* Lance la recherche antivirale en cliquant sur le bouton " Start ": l'outil se met à jour puis lance le scan: une barre de progression indique où en est la recherche
* Quand le scan est terminé, si des virus ont été détectés, clique sur la ligne " List of found threats ":

* Une nouvelle fenêtre aparaît: clique sur " Export to text file " et enregistre le rapport sur ton Bureau en le nommant logESET.txt
* Clique sur le bouton " Back " pour retourner à l'interface précédente, puis coche la case " Uninstall application on close "

* Clique enfin sur le bouton " Finish " puis ferme la fenêtre du scanner
* Ouvre le fichier logESET sur ton Bureau et copie-colle son contenu ici.



@+ VIRUS/C/C
0
paulo67 Messages postés 242 Date d'inscription dimanche 8 juillet 2007 Statut Membre Dernière intervention 4 juillet 2013
29 juin 2011 à 11:22
bonjour
je ne trouve pas le rapport de eset
0
Utilisateur anonyme
29 juin 2011 à 14:58
Salut


l as tu enregistré comme indiqué ce rapport ???




@+ VIRUS/C/C
0