Run DLL le module spécifié est introuvable

Résolu
telin69 Messages postés 6 Statut Membre -  
Nina84840 Messages postés 3 Statut Membre -
Bonjour,

Hier soir, j'ai été infecté par le virus "lutte contre la criminalité" qui me demandait de payer une centaine d'euros il me semble. Je suis parvenu a le supprimé a l'aide de malwarebytes, mais depuis, lorsque j'ouvre ma session un message d'erreur de windows est la " Problème lors du démarrage de C:\users\JACQUE~1~\AppData\local\Temp\hj8ol0.exe".

Cela ne m'empêche pas de me servir de mon ordinateur mais je ne pense pas que ce soit l'idéal quand même :s

Et, je ne sais pas si ce n'est qu'une impression mais l'ordinateur est un peu plus long au départ pour ouvrir les pages web.

Merci d'avance,

NB: J'ai vu sur le forum des sujets abordant des problèmes similaires mais ça à l'air d'être différent selon chacun alors je me permet de créer un nouveau sujet.

7 réponses

  1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Salut,

    Télécharge AdwCleaner ( d'Xplode ) sur ton bureau.
    Lance le, clique sur [Suppression] puis patiente le temps du scan.
    Une fois le scan fini, un rapport s'ouvrira. Poste moi son contenu dans ta prochaine réponse.

    Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

    et :

    Tu peux suivre les indications de cette page pour t'aider : https://www.malekal.com/tutorial-otl/

    * Télécharge http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ sur ton bureau.
    (Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

    Dans le cas d'Avast!, ne pas lancer le programme dans la Sandbox (voir lien d'aide ci-dessus).

    * Lance OTL
    * En haut à droite de Analyse rapide, coche "tous les utilisateurs"
    * Sur OTL, sous Personnalisation, copie-colle le script ci-dessous :
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %temp%\.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\consrv.dll
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
    CREATERESTOREPOINT
    nslookup www.google.fr /c
    SAVEMBR:0
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs

    * Clique sur le bouton Analyse.
    * Quand le scan est fini, utilise le site http://pjjoint.malekal.com/ pour envoyer le rapport OTL.txt (et Extra.txt si présent), donne le ou les liens pjjoint qui pointent vers ces rapports ici dans un nouveau message.

    0
  2. telin69 Messages postés 6 Statut Membre
     
    Et bien dèjà merci pour la rapidité de la réponse !

    Alors voilà le rapport de adwcleaner :

    # AdwCleaner v1.505 - Rapport créé le 11/04/2012 à 13:35:50
    # Mis à jour le 07/04/2012 par Xplode
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Nom d'utilisateur : JACQUEMIN - JACQUEMIN-PC
    # Exécuté depuis : C:\Users\JACQUEMIN\Downloads\adwcleaner.exe
    # Option [Suppression]

    ***** [Services] *****

    ***** [Fichiers / Dossiers] *****

    Dossier Supprimé : C:\ProgramData\Babylon
    Dossier Supprimé : C:\ProgramData\Iminent
    Dossier Supprimé : C:\Users\JACQUEMIN\AppData\Roaming\Babylon
    Dossier Supprimé : C:\Users\JACQUEMIN\AppData\Roaming\Iminent
    Dossier Supprimé : C:\Users\JACQUEMIN\AppData\Roaming\OpenCandy
    Dossier Supprimé : C:\Users\JACQUEMIN\AppData\Local\Babylon
    Dossier Supprimé : C:\Users\JACQUEMIN\AppData\LocalLow\BabylonToolbar
    Dossier Supprimé : C:\Users\JACQUEMIN\AppData\LocalLow\Conduit
    Dossier Supprimé : C:\Users\JACQUEMIN\AppData\LocalLow\ShoppingReport2
    Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
    Dossier Supprimé : C:\Program Files (x86)\BabylonToolbar
    Dossier Supprimé : C:\Program Files (x86)\Conduit
    Dossier Supprimé : C:\Program Files (x86)\Iminent
    Dossier Supprimé : C:\Program Files (x86)\Mozilla Firefox\extensions\webbooster@iminent.com
    Dossier Supprimé : C:\Program Files (x86)\Common Files\Software Update Utility
    Dossier Supprimé : C:\Users\JACQUEMIN\AppData\Roaming\Mozilla\FireFox\Profiles\kelpuztp.default\extensions\ffxtlbr@babylon.com
    Fichier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigateur OfferBox.lnk
    Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
    Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
    Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
    Fichier Supprimé : C:\Users\JACQUEMIN\AppData\Roaming\Mozilla\FireFox\Profiles\kelpuztp.default\searchplugins\Startsear.xml
    Fichier Supprimé : C:\Users\JACQUEMIN\AppData\Roaming\Mozilla\FireFox\Profiles\kelpuztp.default\searchplugins\web-search.xml

    ***** [H. Navipromo] *****

    ***** [Registre] *****

    [*] Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar.CT2445907
    Clé Supprimée : HKCU\Software\BabylonToolbar
    Clé Supprimée : HKCU\Software\Iminent
    Clé Supprimée : HKCU\Software\Softonic
    Clé Supprimée : HKCU\Software\StartSearch
    Clé Supprimée : HKCU\Software\AppDataLow\Toolbar
    Clé Supprimée : HKCU\Software\AppDataLow\Software\Conduit
    Clé Supprimée : HKCU\Software\AppDataLow\Software\ShoppingReport2
    Clé Supprimée : HKLM\SOFTWARE\Babylon
    Clé Supprimée : HKLM\SOFTWARE\BabylonToolbar
    Clé Supprimée : HKLM\SOFTWARE\Conduit
    Clé Supprimée : HKLM\SOFTWARE\Iminent
    Clé Supprimée : HKLM\SOFTWARE\Classes\b
    Clé Supprimée : HKLM\SOFTWARE\Classes\Babylon.dskBnd
    Clé Supprimée : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\bbylnApp.appCore
    Clé Supprimée : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\dnUpdate
    Clé Supprimée : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Clé Supprimée : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Clé Supprimée : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Clé Supprimée : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
    Clé Supprimée : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.DownloadArgs
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.LinkToPromoteArgs
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.RawDataArgs
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.TinyUrlArgs
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Business.Tinyfying.ViralLinkArgs
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ClientCallback
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ContractBase
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GameOverCallback
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetCreditCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.GetVariableResult
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.InstallationContextResult
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.LogoutCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.MyAccountCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PlayContentCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.PostContentCallback
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.SetVariableCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WarmUpCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.WelcomeCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerCommand
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.ServerResult
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightContent
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.LightUri
    Clé Supprimée : HKLM\SOFTWARE\Classes\Iminent.Mediator.MediatorServiceProxy
    Clé Supprimée : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
    Clé Supprimée : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
    Clé Supprimée : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
    Clé Supprimée : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
    Clé Supprimée : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
    Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Features\430E8DB44F0E90547A3564A7E858C48D
    Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Products\430E8DB44F0E90547A3564A7E858C48D
    Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\bjeikeheijdjdfjbmknpefojickbkmom
    Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
    Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{79D60450-56C5-4A8C-9321-6D5BC2A81E5A}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{99C22A61-21BA-4F81-85FF-CDC9EB5DB10B}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0AF350D9-3916-454B-AC53-0B0B65F41301}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6AC63E17-B56A-4A89-A130-EEFF78EBCE4D}
    Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
    Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
    Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Iminent]
    Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IminentMessenger]
    Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [offerboxffx@offerbox.com]
    Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

    ***** [Registre (x64)] *****

    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

    ***** [Navigateurs] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Le registre ne contient aucune entrée illégitime.

    -\\ Mozilla Firefox v11.0 (fr)

    Nom du profil : default
    Fichier : C:\Users\JACQUEMIN\AppData\Roaming\Mozilla\FireFox\Profiles\kelpuztp.default\prefs.js

    C:\Users\JACQUEMIN\AppData\Roaming\Mozilla\FireFox\Profiles\kelpuztp.default\user.js ... Supprimé !

    Supprimée : user_pref("aol_toolbar.surf.date", "100");
    Supprimée : user_pref("aol_toolbar.surf.lastDate", "10");
    Supprimée : user_pref("aol_toolbar.surf.lastMonth", "2");
    Supprimée : user_pref("aol_toolbar.surf.lastYear", "2012");
    Supprimée : user_pref("aol_toolbar.surf.month", "144");
    Supprimée : user_pref("aol_toolbar.surf.prevMonth", "204");
    Supprimée : user_pref("aol_toolbar.surf.total", "353");
    Supprimée : user_pref("aol_toolbar.surf.week", "144");
    Supprimée : user_pref("aol_toolbar.surf.year", "347");
    Supprimée : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
    Supprimée : user_pref("browser.search.defaultengine", "Web Search");
    Supprimée : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
    Supprimée : user_pref("browser.search.order.1", "Web Search");
    Supprimée : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Supprimée : user_pref("extensions.BabylonToolbar.babTrack", "affID=100842");
    Supprimée : user_pref("extensions.BabylonToolbar.bbDpng", 10);
    Supprimée : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Supprimée : user_pref("extensions.BabylonToolbar.id", "d2e2ba70000000000000002354fdf2ad");
    Supprimée : user_pref("extensions.BabylonToolbar.instlDay", "15269");
    Supprimée : user_pref("extensions.BabylonToolbar.instlRef", "sst");
    Supprimée : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={search[...]
    Supprimée : user_pref("extensions.BabylonToolbar.lastDP", 10);
    Supprimée : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1015:28:57");
    Supprimée : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
    Supprimée : user_pref("extensions.BabylonToolbar.newTab", true);
    Supprimée : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
    Supprimée : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Supprimée : user_pref("extensions.BabylonToolbar.propectorlck", 69946004);
    Supprimée : user_pref("extensions.BabylonToolbar.prtkDS", 0);
    Supprimée : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
    Supprimée : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Supprimée : user_pref("extensions.BabylonToolbar.ptch_0717", true);
    Supprimée : user_pref("extensions.BabylonToolbar.smplGrp", "none");
    Supprimée : user_pref("extensions.BabylonToolbar.srcExt", "ss");
    Supprimée : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
    Supprimée : user_pref("extensions.BabylonToolbar.tlbrId", "base");
    Supprimée : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
    Supprimée : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1015:28:57");
    Supprimée : user_pref("extensions.vshare@toolbar.update.enabled", false);
    Supprimée : user_pref("vbx.install.userSPSettings", "Web Search...");

    -\\ Google Chrome v [Impossible d'obtenir la version]

    Fichier : C:\Users\JACQUEMIN\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Supprimée : "keyword": "startsear.ch",
    Supprimée : "name": "Web Search",
    Supprimée : "search_url": "hxxp://startsear.ch/?aff=1&src=sp&cf=a3095998-3a41-11e1-955d-002354fdf2ad&q={se[...]
    Supprimée : "description": "vshare.tv plugin",
    Supprimée : "name": "vshare plugin",
    Supprimée : "path": "chvsharetvplg.dll",

    *************************

    AdwCleaner[S1].txt - [35307 octets] - [11/04/2012 13:35:50]

    ########## EOF - C:\AdwCleaner[S1].txt - [35436 octets] ##########

    Ensuite, pour OTL, je suis sur avast, mais je n'ai pas pu faire exactement comme le disait le site. Un message d'avast me mettait "lancer OTL dans la sandbox [recommandé]" ou "lancer normalement" lors de la prochaine exécution de OTL j'ai mis normalement.
    Voila le lien du rapport,

    https://pjjoint.malekal.com/files.php?id=20120411_m7u9s5m15f6

    et de l'extra

    https://pjjoint.malekal.com/files.php?id=20120411_m9j1212z10g15
    0
  3. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    * Pour Windows Vista/Seven : Allez dans le Panneau de Configuration puis Programmes et Fonctionnalités

    Désinstalle :
    AOL France Toolbar
    GoogleToolbar
    mywebsites.pro-FR
    vShare Toolbar

    Les barres d'outils sont là pour t'affilier à un service (moteur de recherche de Yahoo! ou Google), ça rajoute des fonctionnalités mais en général les navigateurs les ont par défaut.
    De plus, elles enregistrent les sites que tu visites pour les transmettre (tracking) à faire de la publicité ciblée, c'est pas super niveau protection de la vie privée.
    Plusieurs toolbars ralentissent le PC et peuvent faire planter les navigateurs WEB.
    Au final, il est pas conseillé d'en utiliser.

    Lire : Les toolbars c'est pas obligatoire!

    ~~

    Relance OTL.
    o sous Personnalisation (Custom Scan), copie_colle le contenu du cadre ci dessous (bien prendre :OTL en début).
    Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:

    :OTL
    O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
    O2 - BHO: (mywebsites.pro-FR Toolbar) - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmywe.dll (Conduit Ltd.)
    O2 - BHO: (AOL France Toolbar Loader) - {434dd048-c41d-43fc-b41d-d6f124af9434} - C:\Program Files (x86)\AOL France Toolbar\aolfrtb.dll (AOL Inc.)
    O3:[b]64bit:/b - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (mywebsites.pro-FR Toolbar) - {33727f97-486d-4d19-97c3-23f432ef93fc} - C:\Program Files (x86)\mywebsites.pro-FR\tbmywe.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (AOL France Toolbar) - {db89e9a0-fa7f-48d6-89bb-2b8b53a26e87} - C:\Program Files (x86)\AOL France Toolbar\aolfrtb.dll (AOL Inc.)
    [2012/04/10 15:27:21 | 000,001,037 | ---- | M] () -- C:\Users\JACQUEMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hj8ol0.exe.lnk
    [2012/01/25 15:46:11 | 000,000,000 | ---D | M] (AOL France Toolbar) -- C:\Users\JACQUEMIN\AppData\Roaming\mozilla\Firefox\Profiles\kelpuztp.default\extensions\{6352b5df-51f7-4ddc-8f17-90f7c05ca915}
    [2011/05/08 19:50:56 | 000,000,000 | ---D | M] (vShare) -- C:\Users\JACQUEMIN\AppData\Roaming\mozilla\Firefox\Profiles\kelpuztp.default\extensions\vshare@toolbar
    [2012/02/18 14:16:40 | 000,002,069 | ---- | M] () -- C:\Users\JACQUEMIN\AppData\Roaming\Mozilla\Firefox\Profiles\kelpuztp.default\searchplugins\aol-search.xml


    * redemarre le pc sous windows et poste le rapport ici

    0
  4. telin69 Messages postés 6 Statut Membre
     
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
    File C:\Program Files (x86)\vShare\vshare_toolbar.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{33727f97-486d-4d19-97c3-23f432ef93fc}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33727f97-486d-4d19-97c3-23f432ef93fc}\ not found.
    File C:\Program Files (x86)\mywebsites.pro-FR\tbmywe.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{434dd048-c41d-43fc-b41d-d6f124af9434}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{434dd048-c41d-43fc-b41d-d6f124af9434}\ not found.
    File C:\Program Files (x86)\AOL France Toolbar\aolfrtb.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
    File C:\Program Files (x86)\vShare\vshare_toolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{33727f97-486d-4d19-97c3-23f432ef93fc} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33727f97-486d-4d19-97c3-23f432ef93fc}\ not found.
    File FR\tbmywe.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{db89e9a0-fa7f-48d6-89bb-2b8b53a26e87} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db89e9a0-fa7f-48d6-89bb-2b8b53a26e87}\ not found.
    File C:\Program Files (x86)\AOL France Toolbar\aolfrtb.dll not found.
    C:\Users\JACQUEMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hj8ol0.exe.lnk moved successfully.
    C:\Users\JACQUEMIN\AppData\Roaming\mozilla\Firefox\Profiles\kelpuztp.default\extensions\{6352b5df-51f7-4ddc-8f17-90f7c05ca915}\META-INF folder moved successfully.
    C:\Users\JACQUEMIN\AppData\Roaming\mozilla\Firefox\Profiles\kelpuztp.default\extensions\{6352b5df-51f7-4ddc-8f17-90f7c05ca915}\components folder moved successfully.
    C:\Users\JACQUEMIN\AppData\Roaming\mozilla\Firefox\Profiles\kelpuztp.default\extensions\{6352b5df-51f7-4ddc-8f17-90f7c05ca915}\chrome folder moved successfully.
    C:\Users\JACQUEMIN\AppData\Roaming\mozilla\Firefox\Profiles\kelpuztp.default\extensions\{6352b5df-51f7-4ddc-8f17-90f7c05ca915} folder moved successfully.
    Folder C:\Users\JACQUEMIN\AppData\Roaming\mozilla\Firefox\Profiles\kelpuztp.default\extensions\vshare@toolbar\ not found.
    C:\Users\JACQUEMIN\AppData\Roaming\Mozilla\Firefox\Profiles\kelpuztp.default\searchplugins\aol-search.xml moved successfully.

    OTL by OldTimer - Version 3.2.39.2 log created on 04112012_220435

    A noté qu'au démarrage de l'ordinateur le message d'erreur n'est pas apparu !
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Important - ton infection est venue par un exploit sur site web :

    Un exploit sur site WEB permet l'infection de ton ordinateur de manière automatiquement à la visite d'un site WEB qui a été hacké, il tire partie du fait que tu as des logiciels (Java, Adobe Reader etc) qui sont pas à jour et possèdent des vulnérabilités qui permettent l'execution de code (malicieux dans notre cas) à ton insu.
    Le fait de ne pas avoir des logiciels à jour et qui ont potentiellement des vulnérabilités permettent donc d'infecter ton système.
    Exemple avec : Exploit Java

    Il faut donc impérativement maintenir tes logiciels à jour afin de ne pas voir ces portes d'entrée sur ton système.
    Tant que ces logiciels ne seront pas à jour, ton PC est vulnérable et les infections peuvent s'installer facilement.

    IMPORTANT : mettre à jour tes programmes notamment Java/Adobe Reader et Flash :
    /faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite
    https://forum.malekal.com/viewtopic.php?t=15960&start=

    Passe le mot à tes amis !

    Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html

    0
  7. telin69 Messages postés 6 Statut Membre
     
    Et bien, merci beaucoup à toi en tout cas ça m'a bien rendu service.

    Je vais faire plus attention aux mises à jour dorénavant !

    Cordialement,
    0
  8. Nina84840 Messages postés 3 Statut Membre 104
     
    Bonjour à tous,

    telin69 moi aussi j'ai exactement le même problème que posé en en-tête du sujet.

    Je suis sous vista, j'ai fait tout ce qui était cité en début j'arrive donc avec le rapport

    OTL me dit :


    OTL logfile created on: 07/10/2012 14:06:56 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Utilisateur standard\Desktop\Luc
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    3,00 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,31% Memory free
    6,21 Gb Paging File | 4,94 Gb Available in Paging File | 79,66% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 139,15 Gb Total Space | 60,95 Gb Free Space | 43,81% Space Free | Partition Type: NTFS
    Drive F: | 142,94 Gb Total Space | 27,22 Gb Free Space | 19,04% Space Free | Partition Type: NTFS

    Computer Name: LUC-PC-BUREAU | User Name: moi | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    [color=#E56717]========== Processes (SafeList) ==========[/color]

    PRC - [2012/10/07 14:05:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Utilisateur standard\Desktop\Luc\OTL.exe
    PRC - [2012/08/21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2012/08/21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2011/06/21 18:20:16 | 001,984,832 | ---- | M] (FSPro Labs) -- F:\Program Files\My Lockbox\mylbx.exe
    PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- F:\Program Files\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    PRC - [2008/04/25 13:30:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    PRC - [2008/03/26 07:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2008/03/04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    PRC - [2007/12/18 11:15:00 | 000,104,960 | ---- | M] (ArcSoft) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

    [color=#E56717]========== Modules (No Company Name) ==========[/color]

    MOD - [2010/06/30 15:03:14 | 000,051,512 | ---- | M] () -- F:\Program Files\My Lockbox\FSPFlt.dll

    [color=#E56717]========== Services (SafeList) ==========[/color]

    SRV - File not found [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
    SRV - File not found [Auto | Stopped] -- F:\Program Files\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
    SRV - File not found [Auto | Stopped] -- F:\Program Files\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
    SRV - [2012/09/21 14:27:50 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/08/21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2009/09/11 02:32:03 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- F:\Program Files\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
    SRV - [2008/04/25 13:30:26 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
    SRV - [2008/03/04 23:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
    SRV - [2008/01/21 04:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/12/18 11:15:00 | 000,104,960 | ---- | M] (ArcSoft) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

    [color=#E56717]========== Driver Services (SafeList) ==========[/color]

    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Capt913D.sys -- (SQTECH913D)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (azw7rz10)
    DRV - [2012/08/21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/08/21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/08/21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/08/21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2012/08/21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2012/08/21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/02/09 22:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2010/08/12 13:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
    DRV - [2010/08/12 13:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2010/07/22 17:13:28 | 000,041,912 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\System32\drivers\FSPFltd.sys -- (FSProFilter)
    DRV - [2010/06/23 11:23:44 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
    DRV - [2010/03/31 06:59:24 | 000,350,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
    DRV - [2009/07/23 22:55:56 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2009/06/10 01:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
    DRV - [2009/05/29 01:55:22 | 000,066,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2008/09/29 18:12:04 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
    DRV - [2008/09/04 06:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2008/09/04 06:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2008/09/04 06:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2008/01/25 14:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
    DRV - [2005/07/07 16:26:00 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl)
    DRV - [2005/07/07 16:25:58 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm)
    DRV - [2005/07/07 16:25:52 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mgmt.sys -- (k750mgmt)
    DRV - [2005/07/07 16:25:50 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750obex.sys -- (k750obex)
    DRV - [2005/02/11 12:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus)
    DRV - [2004/05/04 05:48:00 | 000,090,229 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P1130Vid.sys -- (P1130VID)

    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]

    [color=#E56717]========== Internet Explorer ==========[/color]

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = https://www.google.com/webhp?sourceid=ie7&gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=vb32&d=1006&m=aspire_x3200
    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = https://www.acer.com/worldwide/selection.html [binary data]
    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = https://www.bing.com/?scope=web&mkt=fr-FR{searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1000\..\SearchScopes\{305E6367-ADE9-4EBA-BEAA-2936A900FBD0}: "URL" = https://fr.search.yahoo.com/web?fr=chr-greentree_ie{searchTerms}
    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = https://www.google.com/webhp?sourceid=ie7&gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_frFR324
    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = F:\
    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=1&o=vb32&d=1006&m=aspire_x3200
    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = https://www.acer.com/worldwide/selection.html [binary data]
    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1001\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1001\..\SearchScopes,DefaultScope = {2F99CF7C-9EC6-456E-AB92-A6D9493E86A2}
    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1001\..\SearchScopes\{2F99CF7C-9EC6-456E-AB92-A6D9493E86A2}: "URL" = https://www.google.com/webhp?gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_frFR324
    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = https://www.google.com/webhp?sourceid=ie7&gws_rd=ssl{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    IE - HKU\S-1-5-21-531649880-1850558408-3449884680-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    [color=#E56717]========== FireFox ==========[/color]

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: F:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: F:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/20 15:15:23 | 000,000,000 | ---D | M]

    O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-531649880-1850558408-3449884680-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKU\S-1-5-21-531649880-1850558408-3449884680-1001\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [mylbx] F:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
    O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe File not found
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
    O4 - HKU\S-1-5-21-531649880-1850558408-3449884680-1000..\Run: [wlm2011installer] C:\Users\UTILIS~1\AppData\Local\Temp\wlsetupc.exe /restart File not found
    O4 - HKU\S-1-5-21-531649880-1850558408-3449884680-1001..\Run: [RegistryWm] C:\Users\Utilisateur standard\AppData\Roaming\qtwm.exe File not found
    O4 - HKU\S-1-5-21-531649880-1850558408-3449884680-1001..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
    O4 - HKU\S-1-5-21-531649880-1850558408-3449884680-1001..\Run: [Xvid] F:\Program Files\Xvid\CheckUpdate.exe ()
    O4 - HKU\S-1-5-21-531649880-1850558408-3449884680-1000..\RunOnce: [Report] \AdwCleaner[S1].txt ()
    O4 - Startup: C:\Users\Utilisateur standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CanoScan Toolbox 4.1.lnk = C:\Program Files\Canon\CanoScan Toolbox Ver4.1\CSTBox.exe (CANON INC.)
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-531649880-1850558408-3449884680-1000\..Trusted Domains: live.com ([cid-c2d24e5f09a6c649.office] https in Trusted sites)
    O15 - HKU\S-1-5-21-531649880-1850558408-3449884680-1001\..Trusted Domains: live.com ([cid-c2d24e5f09a6c649.office] https in Trusted sites)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{406DFDEB-AD19-48E7-BF33-4158CF0AE340}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0F59AB2-B984-4270-BA2E-67713A579AFC}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
    O24 - Desktop WallPaper: C:\Users\moi\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
    O24 - Desktop BackupWallPaper: C:\Users\moi\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
    O29 - HKLM SecurityProviders - (credssp.dll) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CanoScan Toolbox 4.1.lnk - C:\Program Files\Canon\CanoScan Toolbox Ver4.1\CSTBox.exe - (CANON INC.)
    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PDFCreator.lnk - - File not found
    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Wireless Configuration Utility HW.14.lnk - C:\Program Files\802.11 Wireless LAN\802.11g USB 2.0 WLAN Dongle\WlanCU.exe - ()
    MsConfig - StartUpFolder: C:^Users^moi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor - Raccourci.lnk - F:\Program Files\Creative\Creative WebCam NX Pro\WebCam Monitor\Monitor.exe - (Creative Technology Ltd.)
    MsConfig - StartUpReg: [b]Acer Empowering Technology Monitor[/b] - hkey= - key= - C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
    MsConfig - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= - F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: [b]BkupTray[/b] - hkey= - key= - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
    MsConfig - StartUpReg: [b]Clavier+[/b] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b]Creative WebCam Tray[/b] - hkey= - key= - C:\Program Files\Creative\Shared Files\CamTray.exe (Creative Technology Ltd)
    MsConfig - StartUpReg: [b]DivXUpdate[/b] - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    MsConfig - StartUpReg: [b]eDataSecurity Loader[/b] - hkey= - key= - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
    MsConfig - StartUpReg: [b]EmpoweringTechnology[/b] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b]HTC Sync Loader[/b] - hkey= - key= - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
    MsConfig - StartUpReg: [b]LanguageShortcut[/b] - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
    MsConfig - StartUpReg: [b]PlusService[/b] - hkey= - key= - F:\Program Files\Messenger Plus!\PlusService.exe (Yuna Software)
    MsConfig - StartUpReg: [b]RemoteControl[/b] - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
    MsConfig - StartUpReg: [b]SearchSettings[/b] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b]Skytel[/b] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b]swg[/b] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b]Windows Defender[/b] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b]WMPNSCFG[/b] - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
    MsConfig - StartUpReg: [b]Xvid[/b] - hkey= - key= - F:\Program Files\Xvid\CheckUpdate.exe ()
    MsConfig - State: "startup" - 2

    SafeBootMin: AppMgmt - Service
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: NTDS - File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    SafeBootNet: AppMgmt - Service
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - Service
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: NTDS - File not found
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootNet: WudfPf - Driver
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32: aux - wdmaud.drv File not found
    Drivers32: midi - wdmaud.drv File not found
    Drivers32: midi1 - wdmaud.drv File not found
    Drivers32: midi2 - wdmaud.drv File not found
    Drivers32: midi3 - wdmaud.drv File not found
    Drivers32: midi4 - wdmaud.drv File not found
    Drivers32: midi5 - wdmaud.drv File not found
    Drivers32: midi6 - wdmaud.drv File not found
    Drivers32: midi7 - wdmaud.drv File not found
    Drivers32: midi8 - wdmaud.drv File not found
    Drivers32: midi9 - wdmaud.drv File not found
    Drivers32: midimapper - midimap.dll File not found
    Drivers32: mixer - wdmaud.drv File not found
    Drivers32: mixer1 - wdmaud.drv File not found
    Drivers32: mixer2 - wdmaud.drv File not found
    Drivers32: mixer3 - wdmaud.drv File not found
    Drivers32: mixer4 - wdmaud.drv File not found
    Drivers32: mixer5 - wdmaud.drv File not found
    Drivers32: mixer6 - wdmaud.drv File not found
    Drivers32: mixer7 - wdmaud.drv File not found
    Drivers32: mixer8 - wdmaud.drv File not found
    Drivers32: mixer9 - wdmaud.drv File not found
    Drivers32: msacm.imaadpcm - imaadp32.acm File not found
    Drivers32: msacm.l3acm - l3codecp.acm File not found
    Drivers32: msacm.msadpcm - msadp32.acm File not found
    Drivers32: msacm.msg711 - msg711.acm File not found
    Drivers32: msacm.msgsm610 - msgsm32.acm File not found
    Drivers32: msacm.siren - sirenacm.dll File not found
    Drivers32: MSVideo8 - VfWWDM32.dll File not found
    Drivers32: vidc.cvid - iccvid.dll File not found
    Drivers32: vidc.DIVX - DivX.dll File not found
    Drivers32: VIDC.FFDS - ff_vfw.dll File not found
    Drivers32: VIDC.I420 - msh263.drv File not found
    Drivers32: VIDC.IYUV - iyuv_32.dll File not found
    Drivers32: vidc.mrle - msrle32.dll File not found
    Drivers32: vidc.msvc - msvidc32.dll File not found
    Drivers32: VIDC.UYVY - msyuv.dll File not found
    Drivers32: vidc.XVID - xvidvfw.dll File not found
    Drivers32: VIDC.YUY2 - msyuv.dll File not found
    Drivers32: vidc.yv12 - DivX.dll File not found
    Drivers32: VIDC.YVU9 - tsbyuv.dll File not found
    Drivers32: VIDC.YVYU - msyuv.dll File not found
    Drivers32: wave - wdmaud.drv File not found
    Drivers32: wave1 - wdmaud.drv File not found
    Drivers32: wave2 - wdmaud.drv File not found
    Drivers32: wave3 - wdmaud.drv File not found
    Drivers32: wave4 - wdmaud.drv File not found
    Drivers32: wave5 - wdmaud.drv File not found
    Drivers32: wave6 - wdmaud.drv File not found
    Drivers32: wave7 - wdmaud.drv File not found
    Drivers32: wave8 - wdmaud.drv File not found
    Drivers32: wave9 - wdmaud.drv File not found
    Drivers32: wavemapper - msacm32.drv File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
    PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

    [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

    [2012/10/04 15:29:39 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2012/10/04 15:29:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012/10/04 15:29:29 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2012/10/04 15:29:29 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2012/10/04 15:29:27 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2012/10/04 15:29:17 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2012/10/04 15:29:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012/10/04 15:29:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2012/09/29 09:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2012/09/15 21:33:20 | 000,000,000 | ---D | C] -- C:\Windows\pogyfoot

    [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

    [2012/10/07 14:10:24 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
    [2012/10/07 14:05:02 | 000,001,056 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/07 13:50:52 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/07 13:46:47 | 000,002,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/07 13:46:47 | 000,002,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/07 13:46:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/07 13:43:16 | 000,678,804 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
    [2012/10/07 13:43:16 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/10/07 13:43:16 | 000,126,420 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
    [2012/10/07 13:43:16 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/10/07 13:27:15 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/07 13:01:46 | 000,391,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/09/21 14:27:49 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012/09/21 14:27:49 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

    [color=#E56717]========== Files Created - No Company Name ==========[/color]

    [2012/10/07 11:31:05 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
    [2012/01/02 12:50:43 | 000,328,853 | ---- | C] () -- C:\Users\moi\image_0001.jpg
    [2012/01/02 12:50:42 | 000,026,570 | ---- | C] () -- C:\Users\moi\Resize_P250910_20.59.jpg
    [2012/01/02 12:50:36 | 000,548,005 | ---- | C] () -- C:\Users\moi\P250910_20.59.jpg
    [2012/01/02 12:50:30 | 000,483,812 | ---- | C] () -- C:\Users\moi\P250910_20.25.jpg
    [2012/01/02 12:50:29 | 000,017,388 | ---- | C] () -- C:\Users\moi\Resize_DSC00423.jpg
    [2012/01/02 12:50:24 | 000,444,755 | ---- | C] () -- C:\Users\moi\P190311_20.58_[01].jpg
    [2012/01/02 12:50:14 | 000,844,347 | ---- | C] () -- C:\Users\moi\Soirée salle des fêtes.jpg
    [2012/01/02 12:50:09 | 000,440,733 | ---- | C] () -- C:\Users\moi\P190311_20.58.jpg
    [2012/01/02 12:50:06 | 000,170,762 | ---- | C] () -- C:\Users\moi\Éden et Axel hallowen.jpg
    [2012/01/02 12:50:01 | 000,475,964 | ---- | C] () -- C:\Users\moi\P050311_19.12.jpg
    [2012/01/02 12:49:54 | 000,522,850 | ---- | C] () -- C:\Users\moi\P040311_19.28.jpg
    [2012/01/02 12:49:54 | 000,008,261 | ---- | C] () -- C:\Users\moi\V250810_19_c001.jpg
    [2012/01/02 12:49:50 | 000,378,637 | ---- | C] () -- C:\Users\moi\P270810_12.38.jpg
    [2012/01/02 12:49:49 | 000,032,874 | ---- | C] () -- C:\Users\moi\Playa Lloret.jpg
    [2012/01/02 12:49:48 | 000,055,220 | ---- | C] () -- C:\Users\moi\Aulas avec la Champions League.jpg
    [2012/01/02 12:49:42 | 000,480,295 | ---- | C] () -- C:\Users\moi\P221210_18.56.jpg
    [2012/01/02 12:49:37 | 000,492,263 | ---- | C] () -- C:\Users\moi\P311010_01.20.jpg
    [2012/01/02 12:49:19 | 001,535,318 | ---- | C] () -- C:\Users\moi\DSC00423.JPG
    [2012/01/02 12:49:01 | 001,466,827 | ---- | C] () -- C:\Users\moi\Lyon.jpg
    [2012/01/02 12:48:55 | 000,455,386 | ---- | C] () -- C:\Users\moi\P250810_11.02.jpg
    [2012/01/02 12:48:51 | 000,346,094 | ---- | C] () -- C:\Users\moi\Allez l'OL.jpg
    [2012/01/02 12:48:51 | 000,021,340 | ---- | C] () -- C:\Users\moi\Olympique Lyonnais.jpg
    [2012/01/02 12:48:50 | 000,030,398 | ---- | C] () -- C:\Users\moi\Zoucone.jpg
    [2012/01/02 12:48:50 | 000,029,981 | ---- | C] () -- C:\Users\moi\Tableau blanc1.png
    [2012/01/02 12:48:50 | 000,024,920 | ---- | C] () -- C:\Users\moi\À.jpg
    [2012/01/02 12:48:50 | 000,000,930 | ---- | C] () -- C:\Users\moi\Tableau blanc0.png
    [2012/01/02 12:48:49 | 000,026,414 | ---- | C] () -- C:\Users\moi\Anti - Stéphanois .jpg
    [2012/01/02 12:48:38 | 000,920,685 | ---- | C] () -- C:\Users\moi\180820101062.jpg
    [2012/01/02 12:48:37 | 000,025,873 | ---- | C] () -- C:\Users\moi\Resize_Allez l'OL.jpg
    [2012/01/02 12:48:12 | 001,916,074 | ---- | C] () -- C:\Users\moi\Axel et Eden.JPG
    [2012/01/02 12:48:11 | 000,133,808 | ---- | C] () -- C:\Users\moi\Axel hallowen.jpg
    [2012/01/02 12:48:00 | 000,913,665 | ---- | C] () -- C:\Users\moi\28122008657.jpg
    [2012/01/02 12:47:57 | 000,239,100 | ---- | C] () -- C:\Users\moi\IMG_0107.jpeg
    [2012/01/02 12:47:55 | 000,145,500 | ---- | C] () -- C:\Users\moi\IMG_0100.png
    [2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
    [2011/08/05 10:28:15 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2011/08/05 10:28:15 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2011/06/19 17:20:08 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
    [2010/12/11 20:11:26 | 000,165,788 | ---- | C] () -- C:\Users\moi\AppData\Roaming\VideoPad.dmp
    [2010/02/13 23:31:38 | 000,000,296 | ---- | C] () -- C:\Users\moi\AppData\Roaming\wklnhst.dat
    [2009/11/24 00:32:19 | 000,003,536 | ---- | C] () -- C:\Users\moi\AppData\Roaming\QuickZip45.ini
    [2009/04/27 09:11:03 | 000,002,708 | ---- | C] () -- C:\Users\moi\AppData\Local\d3d9caps.dat
    [2009/04/24 22:56:10 | 000,042,496 | ---- | C] () -- C:\Users\moi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/04/05 20:37:12 | 000,000,395 | ---- | C] () -- C:\Users\moi\AppData\Roaming\settings.ini

    [color=#E56717]========== ZeroAccess Check ==========[/color]

    [2006/11/02 14:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [color=#E56717]========== Custom Scans ==========[/color]

    [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]

    [color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]

    [color=#A23BEC]< %APPDATA%\*. >[/color]
    [2009/04/25 22:32:23 | 000,000,000 | -HSD | M] -- C:\Users\moi\AppData\Roaming\.#
    [2008/05/12 19:23:30 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\Acer GameZone Console
    [2012/02/06 10:57:01 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\Adobe
    [2011/03/13 15:41:46 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\Arcsoft
    [2012/03/31 17:22:24 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\Canon
    [2009/09/08 17:20:56 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\Cool Record Edit Pro
    [2009/05/06 09:48:13 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\Creative
    [2010/07/23 10:32:02 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\CyberLink
    [2009/08/10 15:01:34 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\DAEMON Tools
    [2009/08/10 15:04:50 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\DAEMON Tools Lite
    [2009/08/10 15:01:34 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\DAEMON Tools Pro
    [2010/12/11 20:10:42 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\DivX
    [2010/06/30 23:35:12 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\dvdcss
    [2009/04/24 22:59:58 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\eSobi
    [2009/09/05 08:19:32 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\Free Sound Recorder
    [2009/04/25 16:39:46 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\Google
    [2009/08/05 09:37:16 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\Groobax
    [2012/02/06 09:36:43 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\HTC
    [2011/01/04 17:15:26 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    [2009/04/24 21:33:20 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\Identities
    [2009/04/25 16:01:04 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\InstallShield
    [2010/05/28 18:47:28 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\LG Electronics
    [2009/04/24 21:33:43 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\Macromedia
    [2012/04/13 14:32:54 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\Malwarebytes
    [2010/11/21 10:43:37 | 000,000,000 | --SD | M] -- C:\Users\moi\AppData\Roaming\Microsoft
    [2009/05/06 08:12:03 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\mIRC
    [2011/03/13 16:06:06 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\NCH Software
    [2012/03/26 21:28:26 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\NVIDIA
    [2010/02/13 23:31:40 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\Template
    [2011/09/01 22:25:33 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\vlc
    [2010/01/19 11:15:34 | 000,000,000 | ---D | M] -- C:\Users\moi\AppData\Roaming\Windows Live Writer

    [color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
    [2011/04/22 19:20:30 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\moi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

    [color=#A23BEC]< %temp%\.exe /s >[/color]

    [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]

    [color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

    [color=#A23BEC]< %systemroot%\system32\consrv.dll >[/color]

    [color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
    [2011/04/14 19:26:46 | 000,353,792 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\dxtmsft.dll
    [2011/04/14 19:26:46 | 000,223,232 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\Windows\system32\dxtrans.dll

    [color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

    [color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
    [2009/07/23 22:55:56 | 000,717,296 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\Windows\system32\drivers\sptd.sys

    [color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
    [2008/01/21 05:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/21 05:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/21 05:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
    [2008/10/29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    [2008/10/29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    [2008/10/30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
    [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
    [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [2008/10/28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    [2008/01/21 04:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

    [color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
    [2008/01/21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
    [2008/01/21 04:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

    [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
    [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
    [2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2008/01/21 04:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

    [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters /s >[/color]

    [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s >[/color]
    "Debug" =
    "" = mnmsrvc
    "Kmode" = \SystemRoot\System32\win32k.sys
    "Optional" = Posix [binary data]
    "Posix" = %SystemRoot%\system32\psxss.exe
    "Required" = DebugWindows [binary data]
    "Windows" = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\CSRSS]
    "CsrSrvSharedSectionBase" = 2137980928

    [color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls /s >[/color]

    [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s >[/color]
    "ProfilesDirectory" = %SystemDrive%\Users -- [2012/08/18 14:56:14 | 000,000,000 | R--D | M]
    "Default" = %SystemDrive%\Users\Default -- [2009/04/24 21:29:04 | 000,000,000 | RH-D | M]
    "Public" = %SystemDrive%\Users\Public -- [2011/08/31 22:32:48 | 000,000,000 | R--D | M]
    "ProgramData" = %SystemDrive%\ProgramData -- [2012/10/07 10:42:35 | 000,000,000 | -H-D | M]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]
    "Flags" = 12
    "State" = 0
    "RefCount" = 1
    "Sid" = 01 01 00 00 00 00 00 05 12 00 00 00 [binary data]
    "ProfileImagePath" = %systemroot%\system32\config\systemprofile -- [2012/08/19 21:57:10 | 000,000,000 | ---D | M]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
    "ProfileImagePath" = %SystemRoot%\ServiceProfiles\LocalService -- [2012/03/26 22:11:02 | 000,000,000 | ---D | M]
    "Flags" = 0
    "State" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
    "ProfileImagePath" = %SystemRoot%\ServiceProfiles\NetworkService -- [2012/03/26 22:11:03 | 000,000,000 | ---D | M]
    "Flags" = 0
    "State" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-531649880-1850558408-3449884680-1000]
    "ProfileImagePath" = C:\Users\moi -- [2012/05/23 09:47:11 | 000,000,000 | ---D | M]
    "Flags" = 0
    "State" = 256
    "Sid" = 01 05 00 00 00 00 00 05 15 00 00 00 58 55 B0 1F C8 47 4D 6E 08 10 A1 CD E8 03 00 00 [binary data]
    "ProfileLoadTimeLow" = 0
    "ProfileLoadTimeHigh" = 0
    "RefCount" = 1
    "RunLogonScriptSync" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-531649880-1850558408-3449884680-1001]
    "ProfileImagePath" = C:\Users\Utilisateur standard -- [2012/03/26 22:10:55 | 000,000,000 | ---D | M]
    "Flags" = 0
    "State" = 0
    "Sid" = 01 05 00 00 00 00 00 05 15 00 00 00 58 55 B0 1F C8 47 4D 6E 08 10 A1 CD E9 03 00 00 [binary data]
    "ProfileLoadTimeLow" = 0
    "ProfileLoadTimeHigh" = 0
    "RefCount" = 1
    "RunLogonScriptSync" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-531649880-1850558408-3449884680-1002]
    "ProfileImagePath" = C:\Users\UpdatusUser
    "Flags" = 1
    "State" = 0
    "Sid" = 01 05 00 00 00 00 00 05 15 00 00 00 58 55 B0 1F C8 47 4D 6E 08 10 A1 CD EA 03 00 00 [binary data]
    "ProfileLoadTimeLow" = 0
    "ProfileLoadTimeHigh" = 0
    "RefCount" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-531649880-1850558408-3449884680-1003]
    "ProfileImagePath" = C:\Users\UpdatusUser
    "Flags" = 1
    "State" = 0
    "Sid" = 01 05 00 00 00 00 00 05 15 00 00 00 58 55 B0 1F C8 47 4D 6E 08 10 A1 CD EB 03 00 00 [binary data]
    "ProfileLoadTimeLow" = 0
    "ProfileLoadTimeHigh" = 0
    "RefCount" = 0
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-531649880-1850558408-3449884680-501]
    "ProfileImagePath" = C:\Users\Invité -- [2012/03/26 22:11:00 | 000,000,000 | ---D | M]
    "Flags" = 0
    "State" = 128
    "Sid" = 01 05 00 00 00 00 00 05 15 00 00 00 58 55 B0 1F C8 47 4D 6E 08 10 A1 CD F5 01 00 00 [binary data]
    "ProfileLoadTimeLow" = 0
    "ProfileLoadTimeHigh" = 0
    "RefCount" = 0
    "RunLogonScriptSync" = 0

    [color=#A23BEC]< nslookup www.google.fr /c >[/color]

    [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /rs >[/color]
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/14 19:26:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/14 19:26:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/14 19:26:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/08/24 09:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/08/24 09:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

    [color=#A23BEC]< hklm\software\clients\startmenuinternet|command /64 /rs >[/color]
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/14 19:26:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/14 19:26:46 | 000,074,240 | -
    0