Sujet Précédent Sujet Suivant

Alerte Eset smart security treat found

Résolu/Fermé
gentil83 Messages postés 46 Date d'inscription lundi 13 août 2012 Statut Membre Dernière intervention 8 mars 2013 - 13 août 2012 à 10:48
gentil83 Messages postés 46 Date d'inscription lundi 13 août 2012 Statut Membre Dernière intervention 8 mars 2013 - 28 août 2012 à 09:00
Bonjour,
J'ai une alerte Eset smart security treat found
des pages de ebay et d'autres qui s'ouvrent pendant ma recherche sur google et me bloque ma recherche , pouvez vous m'aidez svp

A voir également:

61 réponses

Précédent
Réponse 21 / 61
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
Modifié par Fish66 le 13/08/2012 à 18:38
Re,
On continue alors ici! :-)
Tu suis les instructions pas à pas :
===================
Avant d'utiliser ComboFix :

Les logiciels d'émulation de CD comme Daemon Tools peuvent gêner les outils de désinfection. Utilise Defogger pour les désactiver temporairement :

si tu as ce genre de d'outils sur ton pc Utilise Defogger pour les désactiver temporairement : sinon passe directement à combofix

* Télécharge Defogger (de jpshortstuff) sur ton Bureau
* Lance le

* Une fenêtre apparait : clique sur "Disable"

* Fais redémarrer l'ordinateur si l'outil te le demande

Note : Quand nous aurons terminé la désinfection, tu pourras réactiver ces logiciels en relançant Defogger et en cliquant sur "Re-enable"

===================================================

Attention, avant de commencer, lis attentivement la procédure

********************************************************

/!\ Ne pas utiliser ce logiciel en dehors du cadre de cette désinfection : DANGEUREUX /!\

* Fais un clic droit sur ce lien, enregistre le dans ton bureau sous un autre nom exemple « ton pseudo.exe »
Voici Aide combofix

* /!\ Déconnecte-toi du net et ARRÊTE TES LOGICIELS DE PROTECTION /!\


*Double-clique sur ComboFix.exe (ou exécuter en tant qu'administrateur pour vista et seven)

Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter

** SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
(si il te propose de l'installer remets internet)

? Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC

*En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

** /!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

*Note : Le rapport se trouve également là : C:\ComboFix.txt

_ _ _ Fish66_ _ _ I''"""""I_ _ membre contributeur sécurité_ _I''"""""I_ _ _
¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤
0
Réponse 22 / 61
gentil83 Messages postés 46 Date d'inscription lundi 13 août 2012 Statut Membre Dernière intervention 8 mars 2013
13 août 2012 à 19:22
je te remercie beaucoup , je ferai tout ça demain matin a partir de 8H 30 je pense , bonne soirée a toi merci encore
0
Réponse 23 / 61
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
13 août 2012 à 21:13
D'accord..de rien

@+
0
Réponse 24 / 61
gentil83 Messages postés 46 Date d'inscription lundi 13 août 2012 Statut Membre Dernière intervention 8 mars 2013
14 août 2012 à 10:58
Michel le retour lol bonjour
voici le rapport
ComboFix 12-08-13.01 - michel 14/08/2012 10:18:57.1.1 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.1066 [GMT 2:00]
Lancé depuis: c:\users\michel\Desktop\michel.exe
AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\michel\AppData\Roaming\Microsoft\Windows\Recent\Fiche_d-inscription__ARTISTESok[1].doc
c:\users\michel\AppData\Roaming\Microsoft\Windows\Recent\YouTube - Sylvie Vartan - Par amour par pitié.url
c:\users\michel\AppData\Roaming\msconfig.ini
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{483ffbbb-f8e2-8acd-2b85-7e09a62a0843}\@
c:\windows\Installer\{483ffbbb-f8e2-8acd-2b85-7e09a62a0843}\L\00000004.@
c:\windows\Installer\{483ffbbb-f8e2-8acd-2b85-7e09a62a0843}\L\1afb2d56
c:\windows\Installer\{483ffbbb-f8e2-8acd-2b85-7e09a62a0843}\L\201d3dde
c:\windows\Installer\{483ffbbb-f8e2-8acd-2b85-7e09a62a0843}\U\00000008.@
c:\windows\Installer\{483ffbbb-f8e2-8acd-2b85-7e09a62a0843}\U\80000000.@
c:\windows\Installer\{483ffbbb-f8e2-8acd-2b85-7e09a62a0843}\U\80000032.@
c:\windows\system32\CddbCdda.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\OLDBA7A.tmp
c:\windows\system32\OLDBB38.tmp
c:\windows\system32\OLDBB88.tmp
c:\windows\system32\SET25CA.tmp
c:\windows\system32\SET9BD9.tmp
c:\windows\system32\SETEFB3.tmp
.
c:\windows\system32\services.exe . . . est infecté!!
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-07-14 au 2012-08-14 ))))))))))))))))))))))))))))))))))))
.
.
2012-08-14 08:30 . 2012-08-14 08:35 -------- d-----w- c:\users\michel\AppData\Local\temp
2012-08-14 08:30 . 2012-08-14 08:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-13 10:20 . 2012-08-13 10:29 -------- d-----w- C:\ZHP
2012-08-13 10:20 . 2012-08-13 10:27 -------- d-----w- c:\program files\ZHPDiag
2012-08-12 08:01 . 2012-08-12 08:02 -------- d-----w- c:\programdata\DriverGenius
2012-08-12 08:00 . 2012-08-12 08:00 -------- d-----w- c:\users\michel\AppData\Local\CRE
2012-07-26 16:06 . 2012-07-26 16:06 -------- d--h--w- c:\windows\PIF
2012-07-25 19:56 . 2012-07-25 19:56 -------- d-----w- c:\program files\Microsoft SkyDrive
2012-07-25 19:56 . 2012-07-25 19:56 -------- d-----r- c:\users\michel\SkyDrive
2012-07-25 19:53 . 2012-07-25 19:53 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-07-16 17:11 . 2012-07-16 17:11 -------- d-----w- c:\users\michel\AppData\Roaming\TeamViewer
2012-07-16 16:47 . 2012-07-16 16:47 -------- d-----w- c:\users\michel\temp
2012-07-16 16:47 . 2012-07-16 16:47 -------- d-----w- c:\program files\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:40 . 2012-07-12 22:46 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-12 16:22 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-12 16:22 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-12 16:21 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-19 05:36 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 05:36 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 05:35 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 05:35 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 05:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 05:36 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 05:35 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 05:35 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-19 05:35 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-12 22:38 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 22:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 22:38 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 22:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 22:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04 . 2012-07-12 16:21 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-12 16:21 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 03:41 . 2012-07-13 17:01 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB9016BE-0BC4-4FFC-9722-90E62F7D029F}\mpengine.dll
2012-07-13 17:30 . 2012-07-04 04:46 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-07-25 19:54 220624 ----a-w- c:\users\michel\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-07-25 19:54 220624 ----a-w- c:\users\michel\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-07-25 19:54 220624 ----a-w- c:\users\michel\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-20 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^michel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\users\michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^michel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de notification Live Search.lnk]
path=c:\users\michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outil de notification Live Search.lnk
backup=c:\windows\pss\Outil de notification Live Search.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-06-06 08:06 159744 ----a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 16:34 138096 ----atw- c:\users\michel\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-06-23 05:39 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-11 18:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-11 18:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 16:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2008-06-17 15:00 1249280 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-10-02 06:00 1124352 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-11 18:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-07-06 03:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-07-20 15:35 1193176 ----a-w- c:\users\michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-11-14 09:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
.
R2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'
.
2012-08-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1834128273-2213103141-3474658690-1000Core.job
- c:\users\michel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-27 16:34]
.
2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1834128273-2213103141-3474658690-1000UA.job
- c:\users\michel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-27 16:34]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 07:35]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 07:35]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.wuuta.com/
uInternet Settings,ProxyOverride = *.local
LSP: mswsock.dll
Trusted Zone: akamai.net\a248.e
Trusted Zone: bitdefender.com
Trusted Zone: netflame.cc\ssl-hints
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\michel\AppData\Roaming\Mozilla\Firefox\Profiles\j1tgl6nj.default\
FF - prefs.js: browser.search.selectedEngine - WiseConvert Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=
.
- - - - ORPHELINS SUPPRIMES - - - -
.
URLSearchHooks-{19803860-b306-423c-bbb5-f60a7d82cde5} - (no file)
WebBrowser-{19803860-B306-423C-BBB5-F60A7D82CDE5} - (no file)
HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
MSConfigStartUp-eDataSecurity Loader - c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-14 10:35
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
.
c:\users\michel\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
Scan terminé avec succès
Fichiers cachés: 1
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(904)
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\conime.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Heure de fin: 2012-08-14 10:48:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-08-14 08:46
.
Avant-CF: 9 458 991 104 octets libres
Après-CF: 9 411 883 008 octets libres
.
- - End Of File - - F9B3DD91B1E8A8AEA10BB8F45B9396CE
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 61
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
14 août 2012 à 11:05
Bonjour, 

c:\windows\system32\services.exe . . . est infecté!!

Relance combofix en espérant que le fichier service.exe sera remplacé par un autre légitime!
En attendant le rapport..

@+
0
Réponse 26 / 61
gentil83 Messages postés 46 Date d'inscription lundi 13 août 2012 Statut Membre Dernière intervention 8 mars 2013
14 août 2012 à 12:07
le 2 eme rapport :)
ComboFix 12-08-13.01 - michel 14/08/2012 11:39:22.3.1 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.788 [GMT 2:00]
Lancé depuis: c:\users\michel\Desktop\michel.exe
AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Un antivirus résident est actif
.
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-07-14 au 2012-08-14 ))))))))))))))))))))))))))))))))))))
.
.
2012-08-14 09:53 . 2012-08-14 09:53 -------- d-----w- c:\users\michel\AppData\Local\temp
2012-08-14 09:53 . 2012-08-14 09:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-14 08:16 . 2012-08-14 08:48 -------- d-----w- C:\michel
2012-08-13 10:20 . 2012-08-13 10:29 -------- d-----w- C:\ZHP
2012-08-13 10:20 . 2012-08-13 10:27 -------- d-----w- c:\program files\ZHPDiag
2012-08-12 08:01 . 2012-08-12 08:02 -------- d-----w- c:\programdata\DriverGenius
2012-08-12 08:00 . 2012-08-12 08:00 -------- d-----w- c:\users\michel\AppData\Local\CRE
2012-07-26 16:06 . 2012-07-26 16:06 -------- d--h--w- c:\windows\PIF
2012-07-25 19:56 . 2012-07-25 19:56 -------- d-----w- c:\program files\Microsoft SkyDrive
2012-07-25 19:56 . 2012-07-25 19:56 -------- d-----r- c:\users\michel\SkyDrive
2012-07-25 19:53 . 2012-07-25 19:53 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-07-16 17:11 . 2012-07-16 17:11 -------- d-----w- c:\users\michel\AppData\Roaming\TeamViewer
2012-07-16 16:47 . 2012-07-16 16:47 -------- d-----w- c:\users\michel\temp
2012-07-16 16:47 . 2012-07-16 16:47 -------- d-----w- c:\program files\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:40 . 2012-07-12 22:46 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-12 16:22 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-12 16:22 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-12 16:21 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-19 05:36 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 05:36 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 05:35 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 05:35 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 05:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 05:36 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 05:35 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 05:35 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-19 05:35 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-12 22:38 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 22:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 22:38 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 22:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 22:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04 . 2012-07-12 16:21 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-12 16:21 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 03:41 . 2012-07-13 17:01 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB9016BE-0BC4-4FFC-9722-90E62F7D029F}\mpengine.dll
2012-07-13 17:30 . 2012-07-04 04:46 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-11 06:27 . !HASH: COULD NOT OPEN FILE !!!!! . 279552 . . [------] . . c:\windows\System32\services.exe
[7] 2009-04-11 . D4E6D91C1349B7BFB3599A6ADA56851B . 279552 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[7] 2008-01-19 . 2B336AB6286D6C81FA02CBAB914E3C6C . 279040 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[7] 2006-11-02 . 329CF3C97CE4C19375C8ABCABAE258B0 . 279552 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-07-25 19:54 220624 ----a-w- c:\users\michel\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-07-25 19:54 220624 ----a-w- c:\users\michel\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-07-25 19:54 220624 ----a-w- c:\users\michel\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-20 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^michel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\users\michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^michel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de notification Live Search.lnk]
path=c:\users\michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outil de notification Live Search.lnk
backup=c:\windows\pss\Outil de notification Live Search.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-06-06 08:06 159744 ----a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 16:34 138096 ----atw- c:\users\michel\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-06-23 05:39 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-11 18:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-11 18:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 16:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2008-06-17 15:00 1249280 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-10-02 06:00 1124352 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-11 18:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-07-06 03:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-07-20 15:35 1193176 ----a-w- c:\users\michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-11-14 09:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
.
R2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'
.
2012-08-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1834128273-2213103141-3474658690-1000Core.job
- c:\users\michel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-27 16:34]
.
2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1834128273-2213103141-3474658690-1000UA.job
- c:\users\michel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-27 16:34]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 07:35]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 07:35]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.wuuta.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: akamai.net\a248.e
Trusted Zone: bitdefender.com
Trusted Zone: netflame.cc\ssl-hints
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\michel\AppData\Roaming\Mozilla\Firefox\Profiles\j1tgl6nj.default\
FF - prefs.js: browser.search.selectedEngine - WiseConvert Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-14 11:53
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2012-08-14 12:05:05
ComboFix-quarantined-files.txt 2012-08-14 10:03
ComboFix2.txt 2012-08-14 09:33
ComboFix3.txt 2012-08-14 08:48
.
Avant-CF: 9 433 718 784 octets libres
Après-CF: 9 383 849 984 octets libres
.
- - End Of File - - 892E86E674942838F58326FE
0
Réponse 27 / 61
gentil83 Messages postés 46 Date d'inscription lundi 13 août 2012 Statut Membre Dernière intervention 8 mars 2013
14 août 2012 à 12:16
je ne sais pas si ça fonctionne , mais mon ordi a repris un coup de jeune :)
B R A V O !!!
Vous etes formidables les gars , en tout cas j'attends ta reponse
Merci beaucoup tu es super !!!
0
Réponse 28 / 61
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
Modifié par Fish66 le 14/08/2012 à 12:29
Oh, de rien.. :-)
================= 
* Un antivirus résident est actif

Tu n'as pas désactivé ton antivirus, désactive stp tous les logiciels de sécurité! ensuite relance combofix et poste le rapport


_ _ _ Fish66_ _ _ I''"""""I_ _ membre contributeur sécurité_ _I''"""""I_ _ _
¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤
0
Réponse 29 / 61
gentil83 Messages postés 46 Date d'inscription lundi 13 août 2012 Statut Membre Dernière intervention 8 mars 2013
14 août 2012 à 15:30
ComboFix 12-08-13.01 - michel 14/08/2012 14:13:31.4.1 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.1064 [GMT 2:00]
Lancé depuis: c:\users\michel\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Une copie infectée de c:\windows\system32\Services.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-07-14 au 2012-08-14 ))))))))))))))))))))))))))))))))))))
.
.
2012-08-14 12:24 . 2012-08-14 12:27 -------- d-----w- c:\users\michel\AppData\Local\temp
2012-08-14 12:24 . 2012-08-14 12:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-13 10:20 . 2012-08-13 10:29 -------- d-----w- C:\ZHP
2012-08-13 10:20 . 2012-08-14 10:28 -------- d-----w- c:\program files\ZHPDiag
2012-08-12 08:01 . 2012-08-12 08:02 -------- d-----w- c:\programdata\DriverGenius
2012-08-12 08:00 . 2012-08-12 08:00 -------- d-----w- c:\users\michel\AppData\Local\CRE
2012-07-26 16:06 . 2012-07-26 16:06 -------- d--h--w- c:\windows\PIF
2012-07-25 19:56 . 2012-07-25 19:56 -------- d-----w- c:\program files\Microsoft SkyDrive
2012-07-25 19:56 . 2012-07-25 19:56 -------- d-----r- c:\users\michel\SkyDrive
2012-07-25 19:53 . 2012-07-25 19:53 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-07-16 17:11 . 2012-07-16 17:11 -------- d-----w- c:\users\michel\AppData\Roaming\TeamViewer
2012-07-16 16:47 . 2012-07-16 16:47 -------- d-----w- c:\users\michel\temp
2012-07-16 16:47 . 2012-07-16 16:47 -------- d-----w- c:\program files\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:40 . 2012-07-12 22:46 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-12 16:22 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-12 16:22 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-12 16:21 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-19 05:36 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 05:36 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 05:35 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 05:35 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 05:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 05:36 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 05:35 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 05:35 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-19 05:35 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-12 22:38 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 22:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 22:38 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 22:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 22:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04 . 2012-07-12 16:21 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-12 16:21 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 03:41 . 2012-07-13 17:01 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB9016BE-0BC4-4FFC-9722-90E62F7D029F}\mpengine.dll
2012-07-13 17:30 . 2012-07-04 04:46 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-07-25 19:54 220624 ----a-w- c:\users\michel\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-07-25 19:54 220624 ----a-w- c:\users\michel\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-07-25 19:54 220624 ----a-w- c:\users\michel\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-20 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^michel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\users\michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^michel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de notification Live Search.lnk]
path=c:\users\michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outil de notification Live Search.lnk
backup=c:\windows\pss\Outil de notification Live Search.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-06-06 08:06 159744 ----a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 16:34 138096 ----atw- c:\users\michel\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-06-23 05:39 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-11 18:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-11 18:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 16:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2008-06-17 15:00 1249280 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-10-02 06:00 1124352 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-11 18:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-07-06 03:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-07-20 15:35 1193176 ----a-w- c:\users\michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-11-14 09:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
.
R2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'
.
2012-08-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1834128273-2213103141-3474658690-1000Core.job
- c:\users\michel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-27 16:34]
.
2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1834128273-2213103141-3474658690-1000UA.job
- c:\users\michel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-27 16:34]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 07:35]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 07:35]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.wuuta.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: akamai.net\a248.e
Trusted Zone: bitdefender.com
Trusted Zone: netflame.cc\ssl-hints
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\michel\AppData\Roaming\Mozilla\Firefox\Profiles\j1tgl6nj.default\
FF - prefs.js: browser.search.selectedEngine - WiseConvert Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-14 14:31
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'Explorer.exe'(2188)
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\conime.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe
c:\program files\ESET\ESET Smart Security\ekrn.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Heure de fin: 2012-08-14 14:37:37 - La machine a redémarré
ComboFix-quarantined-files.txt 2012-08-14 12:37
ComboFix2.txt 2012-08-14 10:05
ComboFix3.txt 2012-08-14 09:33
ComboFix4.txt 2012-08-14 08:48
.
Avant-CF: 9 375 080 448 octets libres
Après-CF: 9 220 718 592 octets libres
.
- - End Of File - - 32B5135A57EF9D9973095DE7BFC19707
0
Réponse 30 / 61
gentil83 Messages postés 46 Date d'inscription lundi 13 août 2012 Statut Membre Dernière intervention 8 mars 2013
14 août 2012 à 15:37
mon parefeu c'est remis je ne comprends pas est-ce important je suis un novice dsl
0
Réponse 31 / 61
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
14 août 2012 à 18:07 
Une copie infectée de c:\windows\system32\Services.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

C'est que je cherche!
=========================
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
-----------------------------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

* Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
* Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :
* Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
__________________________________________________

KillAll::

File::
c:\users\michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"=-

NetSvc::
ezSharedSvc

Firefox::
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=


__________________________________________________

* Enregistre ce fichier sous le nom CFScript
* Fait un glisser/déposer de ce fichier CFScript sur le fichier
ComboFix.exe comme sur : cette capture
* Combofix se lance, laisse toi guider..

* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
* Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
gentil83 Messages postés 46 Date d'inscription lundi 13 août 2012 Statut Membre Dernière intervention 8 mars 2013
15 août 2012 à 12:36
Bonjour , est-ce que je dois te poster le résultat de l'analyse :) merci pour l'aide
0
Réponse 32 / 61
gentil83 Messages postés 46 Date d'inscription lundi 13 août 2012 Statut Membre Dernière intervention 8 mars 2013
15 août 2012 à 12:37
Bonjour ,
Est-ce que je dois poster le resultat de l'analyse ?
0
Réponse 33 / 61
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
15 août 2012 à 12:48
Bonjour,

Oui, bien sure pour vérifier si les infections sont parties! :-)
0
Réponse 34 / 61
gentil83 Messages postés 46 Date d'inscription lundi 13 août 2012 Statut Membre Dernière intervention 8 mars 2013
15 août 2012 à 12:54
voila ,et encore merci de ta patience
ComboFix 12-08-14.05 - michel 15/08/2012 11:57:21.5.1 - x86
Microsoft® Windows Vista(TM) Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2037.1031 [GMT 2:00]
Lancé depuis: c:\users\michel\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET Personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC\Desktop.ini
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2012-07-15 au 2012-08-15 ))))))))))))))))))))))))))))))))))))
.
.
2012-08-15 10:12 . 2012-08-15 10:12 -------- d-----w- c:\users\michel\AppData\Local\temp
2012-08-15 10:12 . 2012-08-15 10:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-13 10:20 . 2012-08-13 10:29 -------- d-----w- C:\ZHP
2012-08-13 10:20 . 2012-08-14 10:28 -------- d-----w- c:\program files\ZHPDiag
2012-08-12 08:01 . 2012-08-12 08:02 -------- d-----w- c:\programdata\DriverGenius
2012-08-12 08:00 . 2012-08-12 08:00 -------- d-----w- c:\users\michel\AppData\Local\CRE
2012-07-26 16:06 . 2012-07-26 16:06 -------- d--h--w- c:\windows\PIF
2012-07-25 19:56 . 2012-07-25 19:56 -------- d-----w- c:\program files\Microsoft SkyDrive
2012-07-25 19:56 . 2012-07-25 19:56 -------- d-----r- c:\users\michel\SkyDrive
2012-07-25 19:53 . 2012-07-25 19:53 -------- d-----w- c:\programdata\Microsoft SkyDrive
2012-07-16 17:11 . 2012-07-16 17:11 -------- d-----w- c:\users\michel\AppData\Roaming\TeamViewer
2012-07-16 16:47 . 2012-07-16 16:47 -------- d-----w- c:\users\michel\temp
2012-07-16 16:47 . 2012-07-16 16:47 -------- d-----w- c:\program files\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:40 . 2012-07-12 22:46 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-12 16:22 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-12 16:22 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-12 16:21 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-19 05:36 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 05:36 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 05:35 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 05:35 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 05:36 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 05:36 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 05:35 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 05:35 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-19 05:35 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-12 22:38 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 22:38 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 22:38 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 22:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 22:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04 . 2012-07-12 16:21 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-12 16:21 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 03:41 . 2012-07-13 17:01 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB9016BE-0BC4-4FFC-9722-90E62F7D029F}\mpengine.dll
2012-07-13 17:30 . 2012-07-04 04:46 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-07-25 19:54 220624 ----a-w- c:\users\michel\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-07-25 19:54 220624 ----a-w- c:\users\michel\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-07-25 19:54 220624 ----a-w- c:\users\michel\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-20 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^michel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\users\michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^michel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Outil de notification Live Search.lnk]
path=c:\users\michel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outil de notification Live Search.lnk
backup=c:\windows\pss\Outil de notification Live Search.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2007-06-06 08:06 159744 ----a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 16:34 138096 ----atw- c:\users\michel\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-06-23 05:39 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2008-02-11 18:13 166424 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-11 18:13 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 16:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2008-06-17 15:00 1249280 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-10-02 06:00 1124352 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2008-02-11 18:13 133656 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-07-06 03:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-07-20 15:35 1193176 ----a-w- c:\users\michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-11-14 09:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2006-11-05 19:48 57344 ----a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
.
R2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contenu du dossier 'Tâches planifiées'
.
2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1834128273-2213103141-3474658690-1000Core.job
- c:\users\michel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-27 16:34]
.
2012-08-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1834128273-2213103141-3474658690-1000UA.job
- c:\users\michel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-27 16:34]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 07:35]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 07:35]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.wuuta.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: akamai.net\a248.e
Trusted Zone: bitdefender.com
Trusted Zone: netflame.cc\ssl-hints
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\michel\AppData\Roaming\Mozilla\Firefox\Profiles\j1tgl6nj.default\
FF - prefs.js: browser.search.selectedEngine - WiseConvert Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 12:12
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
[0] 0x43003D00
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2012-08-15 12:25:03
ComboFix-quarantined-files.txt 2012-08-15 10:22
ComboFix2.txt 2012-08-14 12:37
ComboFix3.txt 2012-08-14 10:05
ComboFix4.txt 2012-08-14 09:33
ComboFix5.txt 2012-08-15 09:54
.
Avant-CF: 9 034 424 320 octets libres
Après-CF: 10 260 570 112 octets libres
.
- - End Of File - - 8EF76914A1147FD1D2BE52D175583276
0
Réponse 35 / 61
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
15 août 2012 à 13:28
Re,
Les mêmes infections existent encore! (rapport combofix)
Est ce que tu as fait exactement comme je t'ai demandé : << ICI >>> ?
=====================
* Télécharge puis enregistre sur le bureau de ton PC ZHPDiag
(de Nicolas Coolman) à partir : ce lien
* Lance-le, (Clic droit "exécuter en tant qu'administrateur" si tu es sous Vista/7)
* Clique sur l'icône en forme de loupe pour lancer le diagnostique
* Héberge le rapport ZHPDiag.txt de ton bureau sur : malekal.com ou cjoint.com
* Fais copier/coller le lien fourni dans ta prochaine réponse
* Aide ZHPDiag : <<< ICI >>>
0
Réponse 36 / 61
gentil83 Messages postés 46 Date d'inscription lundi 13 août 2012 Statut Membre Dernière intervention 8 mars 2013
15 août 2012 à 14:41
je ne sais pas si c'est ça que tu me demande mais voici le lien:
malekal https://www.cjoint.com/?0HpoBADEUD7
cjoint http://www.cjoint.com/confirm.php?cjoint=BHpoEtvWvdb
0
Réponse 37 / 61
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
15 août 2012 à 18:05
Re,
1/
Désinstalle Spybot, il ne sert à rien!

2/
Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )


[MD5.00000000000000000000000000000000] [APT] [{4CAF9BF4-A281-4637-A190-D8CCE3ECC701}] (...) -- C:\Users\michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7UPUZ5S9\vlc-0.9.4-win32[1].exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{6E34129E-001A-44EA-90A2-B25AFC07B6C9}] (...) -- C:\Users\michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\58SKGBP7\stinger_stinger_3.8_anglais_12261[1].exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{99DFF300-331B-4D55-8071-3F4BF12F7155}] (...) -- C:\Program Files\Acer GameZone\Big Kahuna Reef 2\Uninstall.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{A828F1BF-72C2-4362-8826-C1C2CF8488CB}] (...) -- c:\users\michel\Nokia_PC_Suite_rel_7_0_8_2_fre_web.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{A8E5A1A2-AEA1-47C9-A5EA-05ED93B388F0}] (...) -- C:\Users\michel\Desktop\Winrar_3.71_Keygen_-_CORE\Winrar Keygen.exe (.not file.) => Crack, KeyGen, Keymaker - Possible Malware
[MD5.00000000000000000000000000000000] [APT] [{B1EC21EF-63C6-4433-9E0D-0E3815E29497}] (...) -- C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{B35AF365-4809-41C0-9002-C34E3565F0C1}] (...) -- C:\Poker\Titan Poker\_SetupPoker[1].exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{CFC0996B-3F7D-4C64-B439-15B188B77410}] (...) -- C:\Users\michel\Desktop\Winrar_3.71\Winrar 3.71.exe (.not file.)
O4 - HKCU\..\Run: [Spotify Web Helper] . (...) -- C:\Users\michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O4 - HKUS\S-1-5-21-1834128273-2213103141-3474658690-1000\..\Run: [Spotify Web Helper] . (...) -- C:\Users\michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} -- C:\Poker\Titan Poker\casino.ico (.not file.)
[HKCU\Software\Grand Virtual]
[HKCU\Software\Titan Poker]
O53 - SMSR:HKLM\...\startupreg\Spotify Web Helper [Key] . (...) -- C:\Users\michel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe => Infection FakeAlert (Possible)
O81 - IFC: Internet Feature Controls [HKCU] [FEATURE_BROWSER_EMULATION] -- svchost.exe => Infection Rootkit (tdssserv.Root)
O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe => Infection Rootkit (Rootkit.TDSS)
O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe => Infection Rootkit (Rootkit.TDSS)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{49783ED4-258D-4f9f-BE11-137C18D3E543}] => Infection Web (Adware.Casino)
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{49783ED4-258D-4f9f-BE11-137C18D3E543}] => Infection Web (Adware.Casino)
[HKLM\Software\Microsoft\Internet Explorer\extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}] => Infection Web (Adware.Casino)

EmptyCLSID



Puis Lance ZHPFix depuis le raccourci du bureau .

* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

Clique sur le bouton GO

Copie/Colle le rapport à l'écran dans ton prochain message.


3/
* Télécharge sur le bureau RogueKiller (par tigzy)
https://www.luanagames.com/index.fr.html
* ( Sous Vista/Seven,clique droit, lancer en tant qu'administrateur )
* Quitte tous tes programmes en cours
* Lance RogueKiller.exe
Si l'infection bloque le programme, il faut le relancer plusieurs fois ou le renommer en winlogon.exe
* Laisse le prescan se terminer, clique sur Scan
* Clique sur Rapport pour l'ouvrir puis copie/colle le sur le dans ton prochain message
0
Réponse 38 / 61
gentil83 Messages postés 46 Date d'inscription lundi 13 août 2012 Statut Membre Dernière intervention 8 mars 2013
16 août 2012 à 11:43
bonjour , merci de ta patience , je ne sais pas si c'est cela que tu me demande mais je fais en fonction de mes connaissance lol
Bien amicalement . merci

Remontees: https://www.luanagames.com/index.fr.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Demarrage : Mode normal
Utilisateur: michel [Droits d'admin]
Mode: Recherche -- Date: 16/08/2012 11:36:38

¤¤¤ Processus malicieux: 3 ¤¤¤
[SUSP PATH] SkyDriveShell.dll -- C:\Users\michel\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll -> UNLOADED
[SUSP PATH] SkyDriveShell.dll -- C:\Users\michel\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll -> UNLOADED
[SUSP PATH] SkyDriveShell.dll -- C:\Users\michel\AppData\Local\Microsoft\SkyDrive\16.4.6006.0718\SkyDriveShell.dll -> UNLOADED

¤¤¤ Entrees de registre: 7 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{483ffbbb-f8e2-8acd-2b85-7e09a62a0843}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{483ffbbb-f8e2-8acd-2b85-7e09a62a0843}\L --> FOUND
[ZeroAccess][FILE] @ : c:\users\michel\appdata\local\{483ffbbb-f8e2-8acd-2b85-7e09a62a0843}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\michel\appdata\local\{483ffbbb-f8e2-8acd-2b85-7e09a62a0843}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\michel\appdata\local\{483ffbbb-f8e2-8acd-2b85-7e09a62a0843}\L --> FOUND

¤¤¤ Driver: [CHARGE] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS542512K9SA00 ATA Device +++++
--- User ---
[MBR] 471048ad78b698e20a8473d2171f790d
[BSP] 2c675d1d2ae63505ec12c0c34a447290 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 20467712 | Size: 52371 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 127723520 | Size: 52107 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Termine : << RKreport[1].txt >>
RKreport[1].txt
0
Réponse 39 / 61
gentil83 Messages postés 46 Date d'inscription lundi 13 août 2012 Statut Membre Dernière intervention 8 mars 2013
16 août 2012 à 11:46
le rapport de zhpfix lol
port de ZHPFix 1.2.07 par Nicolas Coolman, Update du 20/07/2012
Fichier d'export Registre :
Run by michel at 16/08/2012 11:09:46
Windows Vista Home Premium Edition, 32-bit Service Pack 2 (Build 6002)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/

========== Clé(s) du Registre ==========
SUPPRIME Key*: CLSID Extra Buttons: {49783ED4-258D-4f9f-BE11-137C18D3E543}
SUPPRIME Key*: HKCU\Software\Grand Virtual
SUPPRIME Key*: HKCU\Software\Titan Poker
SUPPRIME Key*: StartupReg: Spotify Web Helper
SUPPRIME Key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{49783ED4-258D-4f9f-BE11-137C18D3E543}
SUPPRIME Key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{49783ED4-258D-4f9f-BE11-137C18D3E543}
ABSENT Key: HKLM\Software\Microsoft\Internet Explorer\extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543}

========== Valeur(s) du Registre ==========
SUPPRIME RunValue: Spotify Web Helper
ABSENT RunValue: Spotify Web Helper
ABSENT IFC: [FEATURE_BROWSER_EMULATION] svchost.exe

========== Dossier(s) ==========
SUPPRIME Folder: C:\Users\michel\AppData\Local\{006B721B-2F92-4BC8-9DF1-029090078A97}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{00F75C9F-B967-47A9-B427-23C2AAC67BF9}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{011DDEB9-BD65-4AB4-944B-37D3FD27ADDC}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{01310557-3693-46E0-86D7-5CD3F222CA39}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{015ADF31-BBF0-44EA-A117-4016DA435F2F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{01C09E2B-905F-4C7C-9749-9CE78DB1CEF2}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{02365FFA-96A5-4A65-B507-03E4DB47CC42}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{02393AA9-06C7-4A6C-9F73-B023B28F205C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{0247A8B3-835C-4A48-B2A4-BE35F43157A8}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{02615A38-717F-4357-9041-063E51958E83}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{0354BEAF-3709-49F5-8A0A-98C938BB3046}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{037BE994-F8FA-481E-B3CF-2967675081CD}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{0386C92F-8DE8-4767-881B-F88239ADD565}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{041EAE8E-4990-4F11-9694-209FF866D74D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{0422D76F-81C0-408B-8763-072A8484FFBE}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{0494FEED-BA0A-465D-894D-0A389962FBD7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{04E07B2C-B3CF-4EDB-BEF3-E21E54D7BEF1}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{0509E42E-B802-486D-BA66-1A50BB579E6F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{055C0C3C-52BA-46D9-A690-6F296EFE1385}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{0598BF8F-CB57-410F-BBEA-613D60C87A97}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{05A54F50-3038-4761-8840-97E1C0D3CB95}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{05BA7D19-7A73-4F02-836D-1E6E4C1734CD}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{05C38759-2306-448B-A11C-E242926BC6B2}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{05CBD0E5-6BCF-4A5C-B686-A675A0DE2EAF}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{05F7F619-1430-4EC4-B434-EC694C983169}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{064E819F-650C-4336-A4B8-42E5396880A0}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{074FEE06-34CE-4E4F-B7EC-262B4774F7E9}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{07E58EF8-C272-4225-8074-F6143A718ACE}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{08123969-E98E-440C-A92D-1571859A3F6A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{08ADA804-5583-4190-AEB2-0E2738D09C2F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{08E1A9A4-F465-460F-875E-BFC4B10683EA}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{097833E0-017F-4274-BDBF-F1136E2B7E58}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{09A4F44B-E632-44E6-9A45-048856C3568C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{0A65C956-3891-4E08-B178-EDACC18A25FE}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{0A88F210-CFA4-4AA9-95FA-4B9C3BFA7518}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{0B19868F-F344-4CF6-A4BC-FA1A481FA922}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{0B548641-D33B-41A9-A59B-F1E34009B9B6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{0B9CB74B-6EB3-41BB-9C8C-CEEF8603941A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{0BB7BAB0-5931-45F2-8A7E-67B93CDE6906}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{0CF1D72A-D2D3-44A6-9B00-6DE1A1B943F6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{0D52E9AF-2246-46A9-9951-4D825DC4909B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{0F422730-C15B-4B15-96A5-6876FBF8571D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{0FBB82E0-02E3-48A6-8652-F44AD5BAD0B7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{101AD84F-8525-45D3-B1F0-78D0A4B173AE}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{10F7C8E0-8A39-4480-BA4E-56984C390B33}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{10FC989D-3657-42AD-8B91-5D1D45A5C99C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{11333540-BFEE-4690-91C8-E9E291A8D312}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{113C1600-7B1E-48B5-8CBD-AD2B453BA592}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{114471D7-AB1B-47C4-9459-00B127460858}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1192B684-C56E-4EB9-BB5C-D37B7EF433BD}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{11A3F0E5-F7DA-43C6-AA41-4C708500B81B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{12324F98-62E1-4511-BD82-49013DFD0917}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{125426D9-3535-422E-9EF1-A231382C7458}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1284CCB1-1C03-4532-8455-42A52844B79E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{12AE90C0-2251-438B-843D-40DA48AFC0CB}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{12C98E5E-9C6F-4A13-ABAE-374AC0058323}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{12EF5738-409B-4906-941B-8D703CC8A96A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{130FAD77-077F-43CF-9558-BC3A457DF399}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1384BEC4-C309-4F2B-BE5F-462CF76E2D31}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{139B3740-C8FF-4806-8418-D9B22CDA66AB}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{157878CB-029E-4F0D-A009-7802F00536BB}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{15A42C3E-065B-4E68-9556-A178D3131B1E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{178446BA-AE62-4AF1-A152-1CB1C9BAEC0A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{17B9E6C1-739F-45AB-A7E9-66A4580FF91A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{17D1B6EE-0590-4AD9-97BA-2CC7C20C9DB1}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{19322C40-526D-4B0F-A267-D65530460036}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{199E480F-13E4-43E2-9C7B-E2F8AE5CA63F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1A0513E1-88C4-4602-8FFC-0D7FE0301551}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1A0D40BF-EEC2-4E50-8E3B-C4D9869D469C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1AFBDF8C-B796-4B08-AB81-3C7D61E6D9C6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1B29AD76-F91F-49D4-813B-678421D5041E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1B336E4D-87F1-4491-B75F-A846A1BDF2E2}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1B6F88EC-D424-46EB-8D93-683E8857F5EB}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1B930FC0-BB6A-4050-A6CA-35E431CF4183}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1BEA6270-92D7-414F-B9BF-95BB3A7683BF}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1C0C03C3-39B7-4A1C-BD11-1A5671DC21D5}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1C1EF295-433E-4633-BB0C-3E440C6468FB}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1C4C81F2-1540-4BE8-8AA1-B46D84B7EF7F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1CDD02FF-2F29-4D89-989B-B4BE34CCBFB6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1D0E7A94-6958-48EF-B23A-880A3CD0FF3C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1D249484-F22D-482E-92EA-E108B82AA7E9}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1D298711-7FDA-4FA0-B044-C33ACD3918A5}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1D3C7483-C9F7-4C45-ABAF-CF5B8FED171E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1D558AC8-2ED5-4598-B4FB-EEA8336DB4AE}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1D55EC89-5FAE-40EB-ABD0-BFFF53EF318A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1E0E49A3-2A0C-4D0E-911C-531339FCEF45}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1E572FA2-B46B-4722-882C-2AFED43A0149}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1EDFA525-3D46-4138-ADD5-7FD21DE28F90}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1F12106D-5460-4C71-8142-C21B2898DDEE}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1F3AFCCE-6388-4364-9E1B-73C1CDD36042}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{1F4CD7AE-0038-4707-A72B-026F2F547B79}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{20883E0B-92F6-47B3-BD79-18FBC55974BA}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{20A05D2C-2C1A-41BF-BCAB-1319D943F21C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{210EE0BB-E15E-47AC-8C06-463DD9B56D4C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{220D2875-4EEB-42B7-A419-10A334BDDC7B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{22ADB381-93A0-45EE-8DFC-E2B82924E903}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{22FE104C-B4AD-4728-B1B8-F99B35127942}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{23028B26-1A02-455A-A706-679040956460}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{23278E8B-EE12-4262-B116-35C13683FD07}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{23A5C40F-9A12-44E1-85A9-B2FB34CCD7FB}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{23C5250F-2B41-4E19-8C41-5FB92B2DF614}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{246FB71B-BA5F-411F-BC62-72799FFF50A7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{247116E2-4FC3-4981-8FA3-684C1BE5AF56}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{25195365-9F33-4923-BF73-F5129FCB8BF0}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{252352CA-EE90-4762-9C33-38BA61C0F196}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{2533CE91-3E6E-420C-BB29-EFB278A201F7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{25512ADD-D047-42AA-9A25-1A73FE3EF9EA}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{25C96424-1E48-47AC-A509-580DF103530D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{267ADA23-98A6-40CF-A90D-7360531BCA41}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{27136675-C3FA-4A19-8DFD-1130C2DB4408}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{27B80F39-A6F5-419A-9616-210FBF05A0AF}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{281DCBB9-BDFB-4BF5-9278-08739ECBD721}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{28363B35-521D-456A-A161-A35F2CD26FFD}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{293CFEE0-5D86-4AF9-9797-E8624941CA43}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{2AF555B3-3084-4F66-A92B-C02EE8572174}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{2B0D3C5E-DF39-4B60-AC1E-575D659B5507}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{2B1ACB4D-4BFD-43C9-BB19-55485AFB43AE}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{2B523261-AADE-4361-89F8-3B19827F619E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{2B8E594E-FDCA-473B-A369-EE8D2D62162D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{2C4A2B47-1A3D-4417-9CD6-2AFC274B7A81}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{2C918BE1-743A-4720-ABDB-777582459936}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{2E0F399E-A46D-4DA6-BD19-9F29EF97F2FA}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{2E71D712-302B-4F6A-ADCA-9E5EC2162608}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{2EF48D8E-A435-46DE-A2EF-D3F693DDD371}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{2F1C4C90-E140-49C5-B986-E51BB2727950}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{2F956F7F-A1DA-45EE-AEEB-3A55BFABC1C6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{300BE295-E009-40D1-A41D-1C68555FC3E3}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{3073BA49-91B1-4815-BE18-2A4D9BD74C0A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{30ECC9F3-936B-46A7-9CD6-CB899D150572}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{31205D39-D657-47F8-A41E-818DDED96E01}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{315842C1-8186-4E54-A621-A7D543F447A7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{31BC5FB1-8E6E-4475-8A61-5B52B8FDDD5E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{31DEE256-8F34-486F-BD4A-9EB643706CC4}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{3275FCBC-D15F-4699-87C3-2F148C55CD38}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{33601A61-9701-47CA-B945-A7A066616C31}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{33F0E8EF-A415-4C27-90EC-D07F4BACF1DC}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{342422DC-3021-4F6C-B3A4-798D89A8A67E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{34A48EB7-C8F8-4B2C-A716-403C55A32244}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{355DCDFB-6044-47BA-BD0B-49EA31213853}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{36C76CC9-0D6A-4188-9678-D4AC050851F7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{36DCFFE4-E940-462D-8A68-BB8E2F19D1E9}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{37F37ECA-49A4-4339-9EA9-BF941338C267}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{3892D730-5D6A-4066-B75C-C646751915E4}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{394628C1-4BA2-4CD0-8FC1-1011F6675427}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{39BADE92-175B-4640-827C-DB5F58E6A16E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{39FB12F2-2F02-4022-8296-5118DF36044D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{3A700543-3935-41A1-876B-FEFDB5167ED6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{3B4730EC-63A3-4334-88BB-C149B3081297}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{3CA4F307-C87B-4016-A5C5-0CE1C1635561}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{3CE66F38-6326-4749-A044-2637D44656E0}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{3D70A58B-963F-4977-833E-60E7CCEB3E39}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{3DFCC0E0-111C-4391-9E0B-08BDFC429332}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{3E7C830E-905F-4E66-A39C-F9E7A0C8F19B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{3F05A05F-013A-4A27-8641-FDEA747DC648}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{3F072091-89BD-4362-89A3-32BD0B276EE7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{3F484796-68BB-444B-88CF-981CBDD7D6DC}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{409EBB14-F3FD-452B-B9C5-2F5415239059}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{410D3194-6065-4C86-B596-3AB71BC5C0C9}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{4143C73C-38FE-4178-84E3-A152D97DC07C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{4172B349-1FA3-4D59-B8AD-C03E0B44C5AE}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{4208935C-26AA-499B-B993-657F413CA56E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{421218D3-5CDE-4C4E-B286-2F0B9DE78529}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{42138AC2-85B9-432B-BE26-168DB267A0D6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{422C4762-C40D-4591-A70D-C4B3DA821885}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{428D4257-8775-4E31-8966-090E6163EE5F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{42DE0C5E-2E3C-4878-98D2-697D43618ECB}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{4525B2D9-7E4A-4959-ABA1-A1BC86ABCC07}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{45316E02-D98F-4B32-80D3-1FA8EC472462}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{457D07E4-8E44-4DB9-B7CD-E1717F9A7C26}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{45F506A5-B0F0-4EFF-A913-C092F2A600FF}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{460B1D00-3B2A-4B13-A863-C10AE815BBDB}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{461CF375-7F3F-4448-B0C8-EAA1A1910B3D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{4638CF73-7327-4B7E-B2B8-EF9754199E5D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{46DCAC49-4E45-4CE7-8806-5DF905FE7DF6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{478C89AE-F644-49F0-9253-A722410639BC}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{47A23E84-F9B1-421B-A1E9-B455ED9D3148}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{4869859E-305B-419B-B413-FD64E36FACE7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{48F71997-7722-4258-99B9-E7223FBF24DE}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{490595FA-5AB3-4B7B-9DB2-08A83C576244}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{492E4846-2F29-43C7-B60C-18E8E4C17B18}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{495F1A56-4E65-46AA-A4F6-A0238DB72F5B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{49AB88AD-9711-4FA2-8129-EDC6B25F31B3}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{49C250D7-F2D3-46F0-95F5-8639FE54EAF8}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{4A583D5B-0800-43EC-83B8-2CDB091E9194}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{4B49883F-7755-45A4-BA25-7D39D130689A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{4C6D2FCA-D2DE-434A-A2D0-0A520B739834}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{4C967828-C778-4E4C-8906-3211BB086704}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{4CF81CBA-0C79-41D3-B65A-F5D5825B299D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{4DB3A91D-2445-4703-91FE-3A6914F3F28F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{4E0F70A9-DF44-40D2-A5B2-83D80099AE00}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{4E3438A8-07E5-491B-B976-263F8FCBD599}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{4E762C0C-039A-4C3A-8EF7-428F33E29F56}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{4E82657D-CC62-479D-A93F-02E57F2A7586}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{4F00D8DA-7211-4273-92EC-CC20A6C669B9}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{4F23A739-0EFC-4FA5-9CE7-0DFE49BF44CE}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{4F914321-4E42-4D16-917B-C25997AAAC66}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{5271D6DF-D098-48DA-B301-E81336DD04EF}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{530D7EA7-51BA-40B5-A83D-B4834EFB954C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{535F4C9A-BADE-471B-BFF0-B46E0828342B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{537BEE1A-A6DD-433E-A187-5F5CCB0D27AE}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{53FB8EFA-EEB6-41D5-90FF-CFB329AAEC18}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{5467EF16-A72F-481C-A860-DA7E739D5361}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{54A7153E-BCD3-4116-89DD-AA827ADF781C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{55116DDD-8E04-483B-A817-AB2616A44B4E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{55B43206-EDA0-48E2-A1B3-6A03C9DDEBE4}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{55DB3D94-F612-4E33-9F9A-7536D390444B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{55E14004-51B4-496E-A3FB-9EAAC433DAB9}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{5668237D-F984-4B64-A77C-2381B87DD55F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{56C5878C-3D4A-4BF4-A9C6-89AD4C45B75A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{571E1CC2-375E-4F22-AE96-83F26E6524C6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{57703BC6-2C83-487D-829F-947922BA48A3}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{57BE8C65-2CF4-401E-811F-19CCC2C08B2A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{57D8ADE6-20F6-41A9-8BB4-51E3382F7B6C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{58A87083-3C9E-4A41-AB74-D962205F7BFF}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{592E0FE2-D85E-4B60-B3C3-5B384220873E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{59307FB6-F382-46CA-BC57-8E22DEE5CE23}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{5976FC67-A23A-476F-B793-BEC72729E4A5}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{59ABB850-3568-4265-A234-85C105A839B6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{59B751C5-64F6-4207-8E8F-A4F684A417E3}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{59CA58BC-CC9A-43BC-95D4-FC763B9E6084}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{59CC5C4E-3CD6-44D4-A65B-94BAE8039048}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{5AACBCD8-52D4-49BE-BD56-1F43BA7866CD}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{5AD57A1E-FBAF-47EF-AAA9-27FC09085AA7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{5B1F8E7C-1B9E-4667-B8C0-82AAAC0C1D80}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{5B49BDC3-3787-4FF2-93ED-9F5885FB3769}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{5B732601-C20A-408C-A0F2-DBE34E97E8A1}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{5CB14D30-96F9-4B8E-94CB-40230BC3E00C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{5CD310B8-FB25-46A9-BBA8-CB9BEC849151}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{5D69EA19-0371-4538-85C7-B5DCEF71CDC5}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{5E10C98C-1472-44B9-B875-3EF127AC764C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{5E244EF7-C7D6-44B4-809A-224829AFAA21}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{5F0165F6-E445-474A-8CC5-86E11A87EF29}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{5F76F7EF-962E-4EFC-9EF1-5B58AF0D8794}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{5F7EB621-1B5D-4015-AEAF-F5A352C9428F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{615D2541-8851-4413-A92C-ED231B5230C5}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{615FA13F-0894-4E85-98DA-CBB9FFD179A1}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{61E73C32-1838-4E24-A7E3-D725AB33DCB7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{62824C76-639E-423D-916B-78211562FAB8}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{63020FEA-47DC-4D9D-AAF0-213A3CA285FC}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{6317609D-9A33-474B-8F5C-FB378F3EC786}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{6335ABE1-25DF-4554-A1CC-9F99C052E568}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{63916F72-954F-407B-8DE5-5093A0BB8844}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{642FC9E9-5385-460F-A94E-86796096F859}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{6462A241-1D0E-4484-9573-7B1D60FDB260}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{6465BDD1-7269-43A6-9C9F-524CADCCCCE6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{64C4F515-A848-4F0F-982B-5EDAC887FC6F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{64D99A04-60FC-437B-AF25-AF3FBC4D5211}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{6539C2B3-35C1-4D85-9384-6E09FF6DAB9A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{66A744B7-D2F6-44E9-B907-56A48D5D3E68}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{66AFA408-87AB-423A-AFEA-0177C235F9F6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{66B9E78E-718F-40C0-B042-DDABA7D03A34}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{670BAB7A-0A55-4086-A3D3-44305334E8C9}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{67372F98-8C1A-4C7A-A6AF-0E05B719885F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{680D257C-C04C-4AAB-950C-F732A4D62670}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{681BA171-2D2F-4A0B-BC73-0C92021C18AF}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{68646BB5-89A3-46B4-8975-D9ECDF8EBDFD}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{68CE0EAE-098A-465C-9100-54F509653DE1}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{68D83434-9F4E-468E-8F0F-BFADB06855CD}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{69925D0C-0E40-4142-9EA9-67F2A6DDAA93}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{6994366C-9C0F-41CF-A33A-54943C957EBD}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{6B05C1B6-3FB8-4810-A64C-10C901DBEE72}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{6B08F734-2744-40E9-9BAB-F23E1C25FDAF}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{6BDACEF3-AC33-4551-885B-9BD2A44B2669}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{6C0E0623-2EE3-455F-9018-5C2EC0066709}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{6C264DAC-425F-479C-AA86-BD9735DAC3F9}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{6C83020E-C11A-44E9-B9B9-C3A4CA0C2D54}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{6CB2D259-844C-4330-A1C4-A91B9BA24D6C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{6CEBFDEF-2CC4-4A22-B458-1FBB21B0D227}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{6CED245B-D05E-4112-922A-40D2C5E0720A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{6DB824A0-A4B9-4DF3-9387-51FAC711E42F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{6F017680-CF8D-46B9-81DE-16808A79069E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{70077EEE-D952-4A8D-9B07-EF6C82AA15B2}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{7063247E-4247-48CA-B26C-A6CD7A795B52}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{7093BE4D-EC6E-454B-9E75-C4503EF80A88}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{70B400F3-5D80-4B04-B0F2-FCF3D10E6829}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{7105140D-6857-4FBE-B9F3-BF4AA18F7204}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{71420B02-5161-41AA-9D1F-D14F294A9C0B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{71BB4170-8F08-4CD4-9E57-094C14051969}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{71C949D1-B472-46F5-8C30-BD481CB35AFE}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{71EB7C01-0095-437D-B6DC-B7254E6C308F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{726279C3-60EF-4E99-AEF9-0CBADE45D9A7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{72B5D93A-527F-44DE-988E-B9B3F7D306FB}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{72CCFFCE-6EF4-48A4-852A-3804D48FF3A7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{743FB19F-FDAA-4660-B7EA-CD91FBE5E03C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{744E734F-1C1C-460D-B73F-11836D942CC6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{749DDB2C-FAED-40AE-A17C-3F882AFC0632}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{7516FECA-3A2D-4665-92E3-4B1E5F95180E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{77906037-DCA8-4A58-B86E-870281E8389D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{779EE6EF-616F-451D-A07E-23C7DD021720}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{77D6DC68-0D75-4B82-BE80-A5591F964F7A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{782FC554-AC00-4C4B-8E40-53A4ACEDCFC0}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{78F9E1D6-E181-4C66-8267-72CAB9DFF7E7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{79C05095-2242-4A43-9935-D6123C0EB945}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{79E71B4E-4D7E-47DD-9BDC-A54A98088889}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{7A2FF422-05CD-4BC6-A14A-02B3631A9B1C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{7A40BD1B-6689-4B1B-9C46-BE614488FAAB}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{7B7C0232-B4F5-47EA-939D-9328549A6572}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{7B9A3F7D-5B4D-4021-970B-42A395AB834E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{7BF62C15-9CFF-467C-855E-B4F8C2123D7A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{7CD2C749-AF89-4120-9C0E-615CA132AD19}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{7E2C9F31-3EFB-4E69-A96C-40C6DA79E124}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{7E994B0E-788E-4D56-89B5-265DE09471D0}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{7EF432F0-B9D6-4087-AA49-5555E320C55F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{7F91816D-3358-4B1A-A7C6-407710D39672}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{80579F65-DB9D-4E3C-98B9-79591C9C99D6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{805AB4E2-025C-4BFE-B60B-431032D279D4}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{807F8E9F-F43F-4C3B-9D9C-8E796721D476}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{80B6FEDD-CF4C-4AAE-B0D9-2632A3A899DC}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{81484B56-9DAB-4A5E-99C5-EDFB169CF793}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{816AB2EE-0E8D-4745-8D76-983A2785C82D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{820FF345-E1CA-4609-BAB3-6405283CF97B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{82470EA2-827F-4F9A-8E7F-ED7E863B6515}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8378C1B2-39DB-4CBB-8FAD-9B00C7AEF406}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{844F1721-9935-4459-8DE6-2EF5EDEA7508}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{846CA2B1-C17F-459F-B92B-F438F09399A7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{84D02A6E-C57D-434B-8560-F061834443ED}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8566208C-1EA5-4F3C-BD5D-FFC05A415CBF}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8611FAAF-06D1-4B59-86C9-A605B216C02A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8646DEF2-99C9-41D5-8203-7E3A77E9BF01}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{866DAC16-AEF6-4CB8-B741-3DBD97D8250E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{87627B7A-8DCD-495F-9302-DA400ECD1931}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{876D3A93-D459-45F6-87DD-2B0439CF75EA}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{877356DC-8890-4C01-BCBB-23CFF4861DA4}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{886D9CC5-EDEC-4C76-BC1F-3B0D4BE506D3}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{890F752B-B968-4AAB-8B3C-E8CA145AAED2}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{892BAF12-1939-4B4B-A11E-D0306C585DC9}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{895D2A02-2884-48E9-B523-5C484E810DD4}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{89B60BB6-3012-4243-B988-3A4BAA95869B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{89C63E27-350C-4BDB-88BE-178E72CB6E49}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{89CB56AF-4B6D-4393-964A-650B11705650}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8A0175C4-CC6B-4F1A-921D-A1E213E3FDC8}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8A36C86D-30D7-46D2-AFE6-8805FA6624FE}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8A599CAC-4AB5-4D3B-A38F-F5C3E706349F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8A5AB948-368A-4854-8EF6-CF9FE9D221E2}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8AC0F7FC-0C13-433B-9BAE-32FDB5B0E17F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8AE046FF-6041-43C5-A8F6-FE0519880FB4}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8AEDA603-A0AA-4F4F-9FED-8355D5DDB785}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8B135C74-7FD7-4E78-94EA-F60906490AF1}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8B8A089B-D714-4D26-8FD3-01561338E111}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8CF400D6-8326-454C-A3B5-BB51E2C87CF7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8D0C521F-3123-468F-9452-6CFA4BC35A16}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8D5D3373-937A-4C25-810D-BF8FFBB80C01}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8D744FF2-A348-4FA5-AF18-5465DBD6DA83}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8ED6F0A4-17C6-42AE-9E5D-B206684A983E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8F233826-0608-4EB5-AB1A-45D90273FB71}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8FB651B9-154B-4C4B-BDB2-109C3E917DC2}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{8FEF5EE8-4E24-4BF5-8CB1-019D2EA9A3B1}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{904D7EB8-1A5F-4433-916D-72BED57EBC7F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{905CBAC2-80B3-497F-B3B0-3E369AD46D7C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{912A3D66-11A0-41C9-BF1C-760C27728F3F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9207C027-E27A-4F17-870D-1C3E64758228}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{922E6C80-3778-48D5-AC5C-79BDCFCECF2C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{923BEFD6-E120-4409-9A09-B23F567CBEE7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{926E0EE2-0000-4116-81A8-22EB9A4859D0}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9281C3C9-76CA-4373-B07C-CD2536298A12}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{92CEE492-89ED-4A09-BEEB-AFC2574447AB}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{93584AA4-7FF2-464F-9816-B40D31F49DDF}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{945DAF5F-7365-4B96-BB63-3CA1FAEDBB1B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{94C57A26-0E49-4159-8A9B-0B21C2B5282F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{94D3C3B1-D176-4B53-9799-0B8FFD3E1746}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{95DFCDF8-C018-432C-8964-281538FC0B96}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{960E21AA-D373-439C-8845-0B882C4E6C0A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{96265660-469C-4999-83D2-524871A68371}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{971FB12F-A9BD-4112-B5FC-D00C24F50B94}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{975333E3-F394-4EA8-B72F-B6F0F50C4307}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{978D55BF-C96A-44E8-9AB1-8070631F7281}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{97FF9A8A-E4FD-404B-8C68-030EC7BDC2D9}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{980F3288-22DC-402C-9B8F-247A4969CAF3}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9835688E-429E-4548-9293-3F08F85695BF}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{98359630-AB58-490D-BC60-60C12EF6EFCA}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{988C0AE2-27E7-40C1-9E89-7F682BC97305}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{98A76115-4F7B-4D9C-A13B-4E0F97E95C03}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9938821F-4C74-40FF-B025-629B40773231}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9998845A-615E-41C5-82BC-F7CFC38872C9}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9A588884-5D49-40FF-82E1-8020188BFEB4}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9A8C93C8-8E83-4101-85C6-B81729F2855E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9A93D93E-B642-4010-A042-920B831FE910}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9B17AF72-2372-4B1A-9BA0-D214E0E9F51C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9B3DC971-68D2-47E5-8FE0-D3FA31961ECC}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9B5D72D2-F2C1-4274-B17E-DE624BC52DF4}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9B6086AD-2133-4A7A-8414-C6B5B292C25E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9BBDF9B0-2823-44CA-9DEE-CC02AE98CFB1}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9BC924AD-40B4-41B1-878E-2DCDCB66C9C4}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9BE91360-FA08-4750-BC17-581D42AB2035}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9C245C6E-E4E2-40AA-9127-A87CCCED360E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9C4E6017-9843-4431-8610-366F38B27D31}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9C538696-A296-47F5-8EAD-3B6FA2BE4361}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9C9BF481-6325-4489-B692-BD801D7DE13B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9D0A5395-3E1D-4519-96EA-821A87A51520}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9D135B20-4580-4D12-988F-0332BFF4CDCC}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9D7C9D18-90D4-4DED-BB1A-DF1CF1E3CEC0}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9DDC5543-3B8D-4AA6-8D9C-37BB6F9B1A1B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9E02DCEE-BD0F-4196-96C2-D4A548FFA0D1}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9E35E981-CE50-498D-99AF-A7168C22B321}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9E9498D1-9059-46CB-A727-EED6A425DCD2}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9E9AB890-4C7B-48EE-8299-B2788A8A4959}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9EB46E81-2125-4247-A41B-4E3C5D325A83}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9EC5206A-EA3B-475E-B254-653135248AC0}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9EE59ACA-A480-4C1E-9617-EA7A97C52DC9}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9F73D0DD-78BD-4B6D-B07A-163FFCFE8DD4}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9F78DCB4-2829-4767-88B1-18CDE589EE35}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{9FBD401F-D23D-4FBB-97C5-28344B6BD7DE}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{A07C2E03-E705-483E-A0E1-CE3F1172B1FD}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{A15FFC89-48A1-4710-B402-24BBB3734676}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{A2C49CEA-675E-4B59-B742-E87A9BA00B84}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{A41829E7-0DB6-4812-854C-E84478DFDAA6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{A43EAF1C-E16F-4B38-BC09-226FDBE3E85C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{A53C8766-6447-4926-81C9-82A6EFD2A9D6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{A69A6584-FC0E-4D41-9259-D3C7C30D83BF}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{A6C752D5-0621-4347-9E1D-0288BBB41A16}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{A73E1462-852C-400D-A281-8230BDD06F4E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{A82CBA67-F9ED-4718-82C1-3F8B128EE505}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{A94D41D4-DA13-417A-8B26-C801B3371F84}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{A9DBB310-5BB5-4204-9AEB-0A9464C21FAB}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{AA083797-93D7-47EE-AA3F-E1E957C32360}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{AA78FCB5-6116-4B02-BA93-A705C7B40401}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{AACFF385-2DAF-435A-9C9F-75912FC886AB}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{AC104963-5EE5-4413-BF1C-F0E07ACA70E0}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{AC6F6B2B-CA5E-436A-A345-496081AC3DD8}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{AC702003-5B3C-4910-B44F-22EF23E615DF}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{ACAF5150-AB31-40A1-8B06-8A5F2305FDF7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{ACB1D4CD-627A-4953-8C71-F0FCC457C4A4}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{AD90F728-24D7-4346-9746-D812891AAC37}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{ADEEA45E-DCAE-477E-B65D-0094D3AB1341}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{AE64B016-8766-4D96-9BE9-E654479DF0FF}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{AE89AFC3-B869-418C-AE50-6C5750CFDFDB}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{AEBAC589-EFCA-4EFC-B8AF-C2FDD1287F96}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{AED70FC2-FC1C-4DA5-8892-E98EFB61A46F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{AFAB550C-B186-48CC-A2AA-965020075EAD}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B00736D4-568D-4C8B-97B7-3051F81AB0B7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B0A9956C-BF48-4612-BC94-047C98D48000}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B0D6ABF5-57FF-4D62-80FE-8B3DAFE36BA1}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B1C304AC-2323-47B6-B737-D5777B997110}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B1F9D1E6-C686-4918-B0AD-41B17203FEF8}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B372BD2E-823B-4FBF-83C2-EB8209DBCD87}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B3D3D9EC-A538-4AAE-A947-A3ADE6E3CE45}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B4194215-24F6-4C96-A24C-C8CB0676F01C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B4540DEF-14F4-4861-8545-827AEF9F1622}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B4561B2A-953B-49A0-9D03-7709560E026D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B4616F65-B3F7-4EB9-A1B8-BE4C1DF040EB}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B49D22B0-EFF2-45FF-97CE-1ABE8E8420FE}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B4B3EEC2-6D2A-43FE-B9F1-591D1FE51E79}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B4C1C394-B1E0-4509-834D-46A1099BCD99}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B5791E1D-B460-45F5-B864-1D08F9F3292B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B67DA234-5F9A-43ED-BD95-FDA34FB21496}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B6E94EB0-E5B0-4291-80ED-29AA89B7B0D6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B84C6118-25BE-49A0-8222-9E659CC541E6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B8581327-F205-4F7E-B722-4C9DC0B92DE6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B88B5B16-0541-4B88-A925-E19D6F6229AB}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B9008FD6-E376-4B16-9C40-69C38147E051}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B92047BE-4023-490B-982A-F10EC2F9A47E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{B93B5EB1-BB41-4EF2-B179-CA03958BAFB3}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{BB5C206D-E436-4694-A41A-6853E134D1E4}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{BB6DC6F5-5E4A-4D1B-8C04-DFF1246E907E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{BB7285EF-F8CA-4B59-8733-749CD8979477}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{BCCA347A-E00B-46EB-AAD5-DE121889EEEF}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{BCCE021F-8244-485A-A69E-6A562B2E9ADB}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{BCE5EE40-06F6-4688-9D97-4741B6A28C31}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{BCE73799-27CB-45B9-A98B-B3502B4F4DC8}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{BD245EEF-A8F0-4A90-A610-D2ED5ECC5264}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{BE919BBD-B2B2-4814-B5A6-475B62E8BFD0}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{BEB66AF9-AAA3-4019-9E5E-F2F995B5FC47}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{BEECDAFF-8DCB-478B-8F2D-A22FC841AA25}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{BF58A4B5-EC3D-4927-B426-35972261BC21}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{BFF7A9EC-0500-4E0B-A293-A76677C98571}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C00E63B9-DE83-4CF9-A905-61A60164534C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C06D38A3-F5A6-4754-9FD6-25A6A299283E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C14B4241-1ED9-4D04-A1B2-2F7DA723B11D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C15FEFB6-7EEB-47FB-8B95-F145E854AD3D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C1CE0C61-664C-4C76-9C46-503305A00006}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C239B607-916F-4D58-B16E-5493D83B2CA0}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C24920BE-2DEC-480B-871B-3F6EF51566D3}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C2B8A689-C029-4D27-B43C-1B23F0DCCEAA}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C32EACE4-1599-4103-AF37-9C5FDB2343E9}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C43106F0-19E4-480A-B525-EC59105D7346}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C47F35B8-B0E6-48FF-9F28-C749303C4892}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C47FA169-9DF7-4974-9852-D73029FC60B9}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C49D2A4A-4ECD-4DA2-9EA5-7A8A3DBDAFFC}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C56FB385-5012-4C5F-804E-5A40C84B139B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C5C0D32A-683F-489D-81BD-7BCBACFEF05E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C61C498D-A982-40E5-9CDA-2B149FFC1B20}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C642C6CF-201D-4EB6-9FD9-A74E25F49E28}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C6FF774B-DCE2-4604-A16E-1130FE594EC3}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C72BD967-5A36-481F-A560-6536F68BBB55}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C789E8E6-A912-49B6-8A77-0A060DE4D839}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C825A28C-AF77-4103-B648-4FD357D6848F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C8A2EDD5-B050-4E5A-86FB-6CD9B38E3C2E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{C99C882D-5825-4FF8-AE47-6F0589ACDAE8}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{CA7F0EF7-09F6-4E12-8B29-C9D676B8C8EE}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{CAF595A9-92D3-47C2-9B68-735E0781C3A2}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{CB94617E-0530-4117-8193-CC85117B5C14}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{CBED3CD2-AD46-4CC1-AE08-45C181EB7F4A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{CC8ABAD5-D2C6-4680-A629-C95DE8EABDAE}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{CD0E180A-1BFC-46DB-9978-A4A4588F9E68}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{CD349E8A-85CD-4A2F-A9DB-65A9D62606C5}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{CF23A1BA-2384-4A31-A4A3-013959A844A4}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{CFF017CD-E543-4BF3-AE7B-B29782DE70AA}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D01FD45C-3F80-4A55-9848-E793D6F730D9}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D0927C18-DF81-43C2-A506-716C450B978C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D109BC15-D246-422E-89C8-F6C590F3B87D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D176F85F-C03E-4DFC-B47E-6ECDED1895E2}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D24F0E3E-70BA-4D1D-A792-D1374D22C1EA}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D256270A-4065-4071-A350-1DDE1C106363}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D263162B-95F1-4681-A620-B56D565EF5A5}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D27B7AD3-7473-4C45-9476-720293C3B61F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D3128213-3CDF-4F5F-974F-90F23B24DCBD}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D37209AE-FA5E-4CFF-B35F-2C7707E5D08D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D3871342-5652-4249-801B-EA0EB41BC47D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D3F7B70E-1125-41C4-873B-FF13B85F3729}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D425DB86-806A-434F-99E3-2E4739FCD524}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D4637C29-85CB-4C0D-9F8A-9ADEED2233CC}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D52833A9-634C-46FC-B643-079A12FAE3D3}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D58DFB36-030C-4B8C-8458-99985CFD1BCF}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D5C57AE2-D980-4294-BCE7-4F5DFAB8656C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D6800001-6E1E-4743-822D-0770ED3FDF1E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D6838C88-BEE0-40EE-A78A-567DB6A2FAD9}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D70DD9EE-520A-45DB-A380-7091D45647AA}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D91D48EE-82ED-46A5-9D97-2B1863726F9B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D94529BE-0F66-4DF1-853D-671B494148E5}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D9E134D3-BD1F-4E1F-9564-628F7EE386A7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{D9E85A3C-FDF7-4473-887C-E5BD0F8E7FE7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{DA03B4FF-53E5-4D43-B90B-1713F3A56827}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{DA6964EC-32EA-481B-86D5-403028E4CF34}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{DAF693D6-AC4F-4398-9548-C45E1202CAED}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{DC6A67F6-28F8-47F3-9142-29791311F6FA}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{DCDDE762-4961-4866-94C6-35F1EF4FDF50}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{DDE9A5E3-09EE-4E3B-81FE-6323AA30CB73}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{DE1C5574-2063-4FF0-BCD1-33BDAC6D0F73}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{DF73FA18-4CB6-4C9B-A3EF-BFCA1003E150}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E070572F-088A-4D86-B564-BB9C33CD7CE6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E116D78B-3903-4B19-992A-A637120B29E1}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E14B2C39-CBBC-4105-9C90-BE2A2ABBBDF4}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E1822A40-9B66-4FAE-86A2-700403E4A3B7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E220C263-E970-4ABF-9DF0-F025E22E2192}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E271AD96-9FCA-4758-9216-A0D863F542E6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E348B503-C99E-497C-BF99-151708C511C6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E3D06EC2-A84E-475F-A8E5-7E0FC2332EF9}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E4A9FC24-984B-4405-9A1A-5C6A3F8504C6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E4D3378F-161A-4343-B477-BF9FECBB4EA1}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E54B2052-5D96-4A96-A84B-D06145FFF401}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E569B328-142B-4DD5-8B79-1EFBC2A2B94A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E59E4879-B2E0-499C-9635-90940AF0CFE0}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E615CDF5-D0F1-44B4-ACEC-1AAE0B7FB0F2}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E61B708B-40CF-47A5-A6B6-070094E2E74D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E6530D90-258E-4C74-94E0-0DDC6C81E347}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E6BC51CB-73FD-472D-8A91-0D2BC82DDCB9}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E766107A-768C-4393-B624-C50AC87568DF}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E77B4C22-4D47-43E3-95C9-20AFB5CBED7F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E798EF01-5E5D-4FB2-9CE9-E38AB2F71E33}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E7F69DD1-1CB0-47D9-B6E5-3F310AE504A4}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E9A1E088-DD20-480C-B61E-BE03A9CA1285}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E9BE55BD-E83E-4DC2-B4FF-F8A17C65374B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E9C173FE-D4F4-450C-992C-AE3FE8F4FF2B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{E9E2FA86-2E30-4C8D-916B-4C26B2919C12}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{EA65D919-7C09-415A-BF58-E45E0FB01806}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{EA922909-D08E-463F-BEF1-0921F0FC84B3}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{EB2FB4DF-9EA0-44D8-A578-301A4419874C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{EBD84C43-23E8-46F0-B1BE-364B80385618}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{EC84B8E5-6DD2-4B1E-8D20-B8070CFCC9BD}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{ED5ABF4E-D776-4963-ADC0-3B9D15D04D1D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{EDBBF924-71C9-4733-9431-2303ABF19FE6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{EE0D875C-A43F-4FE7-B150-4A2C612BAB32}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{EE4C104B-354E-4EDB-8F35-A6D3FE249556}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{EEC78AB3-642A-4628-90EA-260B45F6E9C8}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{EF0FE370-4F8B-460C-AF32-C68B8A032DF3}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{EF907802-31F1-4C49-A0E3-211FF8572DDE}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{EFB688AC-4354-434E-81C3-FEDA4EE55388}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F0448073-A0B0-4863-AE39-0AEB72B1CDF6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F05409A8-1CC8-4C5C-A03A-39369B0FE66D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F06D07D3-5BFA-43D0-9DBA-DBFAD05EC5AB}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F06EFA47-ACB0-4A6F-944F-749D6C67E7FF}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F09D40C8-82F1-4F00-BA2D-CAD6B5C25F79}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F153E138-C8F9-4665-AD81-AAAEDF00D51C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F15CDCB3-76A8-4465-9EFF-BBF5F0D5E97C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F1611AB1-7B0D-40E1-B6F7-4DA0AD4AD9B7}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F1AF4B76-C1B1-4A72-B1F8-743481FE1A6A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F1C56BE6-500D-4DF1-8C70-4E08B0F24A4C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F1CD1971-5B0A-43EF-9422-349EC0E78B10}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F1D92078-2463-4DE6-A430-9573A3696754}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F31F73EE-8544-442F-9021-A23940896F4D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F323D85A-AB5A-45D3-A6F2-555E5F64BBFC}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F3A2347E-3B6D-4905-BED1-5C410B98807E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F3E8FCF6-6934-49C8-A920-F6E240F99C3B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F3FE832E-2D9E-425D-96CA-1CCCDA6933FE}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F58898A9-2AFB-496E-9041-AAC94FD4199B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F5E7CBFB-4056-4D0B-A123-EFEE8D219F0A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F5FB183A-900B-4C31-8005-D49E7EC6B69A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F640FABD-8076-4B0F-A863-336E6EF39072}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F6814512-0D6E-4DF8-A613-554EC4656E33}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F6CE9849-8F55-4085-A2D2-83D29C11A24A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F88CABE8-C42F-4CC6-A542-8D0A6FB9CF9F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F9136BDD-823A-48E4-BE43-4C14D0DA0902}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F91EA1A4-179A-4466-890A-3AE47ED009C1}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{F99DB513-71B4-4538-B71D-B447BB87F805}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FA7AED2D-A986-4BA2-9A77-D06D972A5CFF}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FA877F0B-86DE-4D05-9757-D7FF2784269E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FAB91DBE-7FE9-4C5C-995C-8215ABA86A47}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FAF8AF7C-5E2D-4A3F-AC25-2F6680394B1C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FB07CF70-3DB4-4C58-8DDD-048E26DF79D5}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FB2B9B45-D325-45EC-A3A0-23BB89C5EA4C}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FBA48D36-A885-4251-969F-36841EF5ADF2}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FBE69C54-C820-4C0C-8651-427B83A76E2A}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FBF8F728-1B2D-4066-BB03-2F55EE0DABF9}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FC0C07C0-3C55-4603-9543-410EC2CA5B3E}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FC7E6EAA-7BD5-4874-91F9-0FA05B38C91B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FC9674BE-BF65-41DB-9CC7-66C0A81BBF99}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FD2BD6B3-C2F3-418C-86C9-645019776402}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FD2C61D8-D5D4-4FF3-ACF3-3BF8C522C0AB}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FD7D9A56-A149-4EA0-87B9-D31540129B3F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FD88A6E3-189E-4CAA-9EA4-C909F05F8248}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FDF0A878-848F-4F00-9EE4-A2886B881B6F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FE01BDBD-A108-4515-AFF0-55CE6049E64F}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FE835A68-3FE6-4134-8A42-830E5873C7D6}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FEA9BDA2-5269-4F88-BC88-8A045B5244F3}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FEEB6ACC-FEBB-4ACB-B6A8-D6B374C9ED5B}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FEEC1737-4A80-4D98-8991-4169576BAE9D}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FF238CA8-1486-4B28-A73C-03C37FC33881}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FFC19320-1F7D-4118-9B2E-3D25543E7A70}
SUPPRIME Folder: C:\Users\michel\AppData\Local\{FFD4E8B9-E951-4BE3-8C65-8B7A072D42E4}

========== Fichier(s) ==========
ABSENT Folder/File: c:\users\michel\appdata\local\microsoft\windows\temporary internet files\content.ie5\7upuz5s9\vlc-0.9.4-win32
ABSENT Folder/File: c:\users\michel\appdata\local\microsoft\windows\temporary internet files\content.ie5\58skgbp7\stinger_stinger_3.8_anglais_12261
ABSENT Folder/File: c:\poker\titan poker\_setuppoker
SUPPRIME Reboot c:\users\michel\appdata\roaming\spotify\data\spotifywebhelper.exe
ABSENT File: c:\poker\titan poker\casino.ico (.not file.)

========== Tache planifiée ==========
SUPPRIME Task: {4CAF9BF4-A281-4637-A190-D8CCE3ECC701}
SUPPRIME Task: {6E34129E-001A-44EA-90A2-B25AFC07B6C9}
SUPPRIME Task: {99DFF300-331B-4D55-8071-3F4BF12F7155}
SUPPRIME Task: {A828F1BF-72C2-4362-8826-C1C2CF8488CB}
SUPPRIME Task: {A8E5A1A2-AEA1-47C9-A5EA-05ED93B388F0}
SUPPRIME Task: {B1EC21EF-63C6-4433-9E0D-0E3815E29497}
SUPPRIME Task: {B35AF365-4809-41C0-9002-C34E3565F0C1}
SUPPRIME Task: {CFC0996B-3F7D-4C64-B439-15B188B77410}


========== Récapitulatif ==========
7 : Clé(s) du Registre
3 : Valeur(s) du Registre
619 : Dossier(s)
5 : Fichier(s)
8 : Tache planifiée


End of clean in 00mn 49s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 16/08/2012 11:09:46 [56197]
0
Réponse 40 / 61
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
16 août 2012 à 12:21
Bonjour,
1/
Relance RogueKiller puis choisis "Suppression" et poste le rapport stp

2/
Lance Malwarebytes, fais la mise à jour, choisis une analyse complète, supprime tout ce qu'il trouve puis poste le rapport stp
0

Discussions similaires

Code de réinitialisation mdp facebook sans le demander
Colonel_El_Moustachat -
Colonel_El_Moustachat -

4 réponses
Analyse de l'appli "AI SECURITY"
cl06 -
CCMBot -

1 réponse
Boîte mail piratée ?
mike the llama -
mike the llama -

4 réponses
notice utilisation en francais pour wifi smart camera merci
kinos -
Stef -

4 réponses
Télé smart tech
Lebocoeur -
Andy31200 -

3 réponses