Sujet Précédent Sujet Suivant

Comment supprimer "jerecherche.org" ???

Fermé
universal 01 Messages postés 14 Date d'inscription vendredi 24 août 2012 Statut Membre Dernière intervention 23 décembre 2012 - 24 août 2012 à 16:03
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 - 28 août 2012 à 08:16
Bonjour,

jaimrais bien le moteur de recherche je recherche.org voici le rapport que j'ai eu avec adwcleaner: merci d'avance


# AdwCleaner v1.801 - Rapport créé le 23/08/2012 à 18:37:11
# Mis à jour le 14/08/2012 par Xplode
# Système d'exploitation : Windows 7 Ultimate (32 bits)
# Nom d'utilisateur : LAHLAL - LAHLAL-PC
# Mode de démarrage : Normal
# Exécuté depuis : C:\Users\LAHLAL\Desktop\adwcleaner.exe
# Option [Suppression]


***** [Services] *****


***** [Fichiers / Dossiers] *****

Dossier Supprimé : C:\Users\LAHLAL\chat-land
Dossier Supprimé : C:\Users\LAHLAL\AppData\Local\APN
Dossier Supprimé : C:\Users\LAHLAL\AppData\Local\Temp\AskSearch
Dossier Supprimé : C:\Users\LAHLAL\AppData\LocalLow\AskToolbar
Dossier Supprimé : C:\Users\LAHLAL\AppData\LocalLow\Toolbar4
Dossier Supprimé : C:\Program Files\Ask.com
Dossier Supprimé : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Fichier Supprimé : C:\Users\LAHLAL\appinfo.exe
Fichier Supprimé : C:\Users\LAHLAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\appinfo.lnk
Fichier Supprimé : C:\Users\LAHLAL\AppData\Roaming\Mozilla\Firefox\Profiles\oct7lf8x.default\searchplugins\jerecherche.xml

***** [Registre] *****

Clé Supprimée : HKCU\Software\APN
Clé Supprimée : HKCU\Software\AppDataLow\Software\AskToolbar
Clé Supprimée : HKCU\Software\Ask.com
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\chat-land.org
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKLM\SOFTWARE\APN
Clé Supprimée : HKLM\SOFTWARE\AskToolbar
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Clé Supprimée : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Clé Supprimée : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Clé Supprimée : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Clé Supprimée : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Clé Supprimée : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé Supprimée : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Clé Supprimée : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Clé Supprimée : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Clé Supprimée : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Clé Supprimée : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Clé Supprimée : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Appinfo]
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [lan]
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [tempHome]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Registre - GUID] *****

Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Navigateurs] *****

-\\ Internet Explorer v9.0.8112.16421

Remplacé : [HKCU\Software\Microsoft\Internet Explorer - SearchURL] = hxxp://www.jerecherche.org/keyword/%s --> hxxp://www.google.com
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://www.jerecherche.org --> hxxp://www.google.com
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://jerecherche.org/?v=d --> hxxp://www.google.com
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Secondary_Page_URL] = hxxp://www.jerecherche.org --> hxxp://www.google.com
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://www.jerecherche.org --> hxxp://www.google.com
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page_bak] = hxxp://www.jerecherche.org --> hxxp://www.google.com
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www.jerecherche.org --> hxxp://www.google.com
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://www.jerecherche.org/keyword/ --> hxxp://www.google.com
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - SearchMigratedDefaultName] = www.jerecherche.org --> hxxp://www.google.com
Remplacé : [HKCU\Software\Microsoft\Internet Explorer\Main - SearchMigratedDefaultURL] = hxxp://www.jerecherche.org --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (fr)

Nom du profil : default
Fichier : C:\Users\LAHLAL\AppData\Roaming\Mozilla\Firefox\Profiles\oct7lf8x.default\prefs.js

Supprimée : user_pref("browser.startup.homepage", "hxxp://www.jerecherche.org");
Supprimée : user_pref("newtaburl.def_url", "hxxp://www.jerecherche.org/");

-\\ Google Chrome v13.0.782.220

Fichier : C:\Users\LAHLAL\AppData\Local\Google\Chrome\User Data\Default\Preferences

Supprimée : "matches": [ "*://*.google.com/*", "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*[...]
Supprimée : "update_url": "hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php[...]
Supprimée : "description": "Receive automatic search suggestions while you type into any web sear[...]
Supprimée : "homepage": "hxxp://jerecherche.org/?v=d",

*************************

AdwCleaner[S1].txt - [10986 octets] - [23/08/2012 18:37:11]

########## EOF - C:\AdwCleaner[S1].txt - [11115 octets] ##########
A voir également:

22 réponses

  • 1
  • 2
Réponse 1 / 22
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
24 août 2012 à 18:04
Salut,
* Télécharge puis enregistre sur le bureau de ton PC ZHPDiag
(de Nicolas Coolman) à partir : ce lien
* Lance-le, (Clic droit "exécuter en tant qu'administrateur" si tu es sous Vista/7)
* Clique sur l'icône en forme de loupe pour lancer le diagnostique
* Héberge le rapport ZHPDiag.txt de ton bureau sur : malekal.com ou cjoint.com
* Fais copier/coller le lien fourni dans ta prochaine réponse
* Aide ZHPDiag : <<< ICI >>>
0
Réponse 2 / 22
universal 01 Messages postés 14 Date d'inscription vendredi 24 août 2012 Statut Membre Dernière intervention 23 décembre 2012
25 août 2012 à 01:33
c'est fait j'ai envoyer le rapport à malekal.com et j'ai eu le fichier suivant: https://pjjoint.malekal.com/files.php?id=ZHPDiag_20120825_s12z14z15y12n15
maintenant qu'elle est l'etape à suivre???
le rapport ZHPdiag est ceci :


Rapport de ZHPDiag v1.31.13 par Nicolas Coolman, Update du 31/07/2012
Run by LAHLAL at 25/08/2012 00:16:56
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Web site : http://nicolascoolman.skyrock.com/
State : Your version is update.


---\\ Web Browser
MSIE: Internet Explorer v
GCIE: Google Chrome v13.0.782.220 (Defaut)

---\\ Windows Product Information
~ Langage: Anglais
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
~ Windows Partial Key : 2C9T3
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2997 MB (46% free)
System Restore: Inconnu (Unknown)
System drive C: has 70 GB (72%) free of 98 GB

---\\ Logged in mode
~ Computer Name: LAHLAL-PC
~ User Name: LAHLAL
~ All Users Names: LAHLAL, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\LAHLAL\AppData\Roaming\
~ %Desktop% : C:\Users\LAHLAL\Desktop\
~ %Favorites% : C:\Users\LAHLAL\Favorites\
~ %LocalAppData% : C:\Users\LAHLAL\AppData\Local\
~ %StartMenu% : C:\Users\LAHLAL\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 70 Go of 98 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 196 Go of 196 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 172 Go of 172 Go)
F:\ CD-ROM drive (Not Inserted)
G:\ CD-ROM drive (Free 0 Go of 0 Go)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
~ Scan Security Center in 00mn 00s



---\\ Search Generic System Files
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Explorateur Windows.) (.31/10/2009 - 06:45:39.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.75A97A2C060E72AB49E071E08C7DD2BA] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.29/06/2012 - 01:09:01.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.28/10/2009 - 07:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 03:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Scan Generic Processes in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 2/3
~ Mon Bureau (My Desktop) : 1/227
~ Menu demarrer (Programs) : 0/28
~ Scan Hidden Files in 00mn 00s



---\\ Running Processes
[MD5.3229D1DB3999FE9B7A2230AE0DDD0E18] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [177432] [PID.2728]
[MD5.D25FE0B08B5C5CCED0A24BA6CE17CE90] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [176408] [PID.2736]
[MD5.8E53B67FA3816E854B07C5DC66E10730] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [296056] [PID.2748]
[MD5.1C75C294874BAD4F886B477D132D7AE6] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5446248] [PID.2780]
[MD5.70189D91A5347F5E34039D06C7E58419] - (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856] [PID.2796]
[MD5.C4E146F573FD0F2FAF71622F8A60563F] - (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe [3080264] [PID.2844]
[MD5.DC73E11DC27E7D9AEF884EBE816C4240] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.2888]
[MD5.7D72F14608A4B5F55FD837A5F404A0FF] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1996072] [PID.2940]
[MD5.6F9BB9BF205C2E61982B1C9A7AB5D337] - (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe [1204224] [PID.2956]
[MD5.98A078F838A70F84E1BD490D7C7675F4] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696] [PID.3008]
[MD5.690649806C354FF8ECE862E89D5B150B] - (.Speedbit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe [3758296] [PID.3356]
[MD5.06CF6FFEDBE91B1E4AC44B785E880168] - (...) -- C:\Program Files\Internet Mobile\Internet Mobile.exe [114688] [PID.4640]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.5028]
[MD5.3F677172F23FC17283D9BCE4B42E3F65] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [913888] [PID.5728]
[MD5.127CD00925C1A2B759765C5B9600DE30] - (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928] [PID.4780]
[MD5.249D235E3B321A3CD07C658F9E985CB4] - (.Google Inc. - Google Chrome.) -- C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe [1017912] [PID.3064]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.5844]
[MD5.32288D2A44C99A769A8D3B6D627D7227] - (.RealNetworks, Inc. - RealPlayer.) -- C:\Program Files\Real\RealPlayer\RealPlay.exe [499312] [PID.4340]
[MD5.FCB13D9E3D55075C8FACA9CA3C55B263] - (...) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [3763200] [PID.344]
~ Scan Processes Running in 00mn 00s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Scan Google Browser in 00mn 00s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\LAHLAL\AppData\Roaming\Mozilla\Firefox\Profiles\oct7lf8x.default\prefs.js
M3 - MFPP: Plugins - [LAHLAL] -- C:\Users\LAHLAL\AppData\Roaming\Mozilla\Firefox\Profiles\oct7lf8x.default\searchplugins\speedbit.xml
M3 - MFPP: Plugins - [LAHLAL] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [LAHLAL] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [LAHLAL] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [LAHLAL] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [LAHLAL] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [LAHLAL] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [LAHLAL] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
M2 - MFEP: prefs.js [LAHLAL - oct7lf8x.default\newtaburl@sogame.cat] [] NewTabURL v2.2.3 (.Sogame.)
P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\LAHLAL\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
~ Scan Firefox Browser in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com/?gws_rd=ssl
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/?gws_rd=ssl
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = https://www.google.com/?gws_rd=ssl
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Skype Limited - Facebook Video Calling Plugin.) (No version) -- (.not file.)
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 0



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\LAHLAL\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O4 - HKCU\..\Run: [Search Protection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [DownloadAccelerator] . (.Speedbit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe
O4 - HKUS\S-1-5-21-2697442829-4191816553-2403415351-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2697442829-4191816553-2403415351-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\LAHLAL\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2697442829-4191816553-2403415351-1000\..\Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O4 - HKUS\S-1-5-21-2697442829-4191816553-2403415351-1000\..\Run: [Search Protection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-21-2697442829-4191816553-2403415351-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-2697442829-4191816553-2403415351-1000\..\Run: [DownloadAccelerator] . (.Speedbit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe
~ Scan Application in 00mn 00s



---\\ Other User Links (O4)
O4 - Global Startup: C:\Users\LAHLAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\LAHLAL\Desktop\Athan.lnk . (.www.IslamicFinder.org.) -- C:\Program Files\Athan\Athan.exe
O4 - Global Startup: C:\Users\LAHLAL\Desktop\Download Accelerator Plus (DAP).lnk . (.Speedbit Ltd..) -- C:\Program Files\DAP\DAP.exe
O4 - Global Startup: C:\Users\LAHLAL\Desktop\Google Chrome.lnk . (.Google Inc..) -- C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - Global Startup: C:\Users\LAHLAL\Desktop\Modem OT-X080C.lnk . (...) -- C:\Program Files\Modem OT-X080C\Modem OT-X080C\Modem OT-X080C.exe
O4 - Global Startup: C:\Users\LAHLAL\Desktop\My DAP Downloads.lnk . (...) -- C:\Users\LAHLAL\Desktop
O4 - Global Startup: C:\Users\LAHLAL\Desktop\My Video Downloads.lnk . (...) -- C:\Users\LAHLAL\Videos\My Video Downloads
O4 - Global Startup: C:\Users\LAHLAL\Desktop\SPEEDbit Video Downloader.lnk . (.SPEEDbit Ltd..) -- C:\Program Files\SPEEDbit Video Downloader\Converter.exe
O4 - Global Startup: C:\Users\LAHLAL\Desktop\SpeedUpMyPC 2012.lnk . (.Uniblue Systems Ltd.) -- C:\ProgramData\SpeedBit\DAP\Offers\speedupmypc.exe
O4 - Global Startup: C:\Users\LAHLAL\Desktop\Windows Live Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - Global Startup: C:\Users\LAHLAL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\LAHLAL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Modem OT-X080C.lnk . (...) -- C:\Program Files\Modem OT-X080C\Modem OT-X080C\Modem OT-X080C.exe
O4 - Global Startup: C:\Users\LAHLAL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk . (.Yahoo! Inc..) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
~ Scan Global Startup in 00mn 00s



---\\ Extra items in the IE right-click menu (O8)
O8 - Extra context menu item: &Download with &DAP . (...) -- C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Verify with DAP . (...) -- C:\Program Files\DAP\dapverify.htm
O8 - Extra context menu item: Download &all with DAP . (...) -- C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\MICROS~2\Office12\EXCEL.exe
~ Scan IE Menu Contextuel in 00mn 00s



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s



---\\ Task Planned Automatically(039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Adobe Flash Player Updater.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2697442829-4191816553-2403415351-1000Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2697442829-4191816553-2403415351-1000UA.job
[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] [APT] [FacebookUpdateTaskUserS-1-5-21-2697442829-4191816553-2403415351-1000Core] (.Facebook Inc..) -- C:\Users\LAHLAL\AppData\Local\Facebook\Update\FacebookUpdate.exe
[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] [APT] [FacebookUpdateTaskUserS-1-5-21-2697442829-4191816553-2403415351-1000UA] (.Facebook Inc..) -- C:\Users\LAHLAL\AppData\Local\Facebook\Update\FacebookUpdate.exe
[MD5.D412AC27FE3C9F8BC19741DAC0E0329D] [APT] [RealUpgradeLogonTaskS-1-5-21-2697442829-4191816553-2403415351-1000] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
[MD5.D412AC27FE3C9F8BC19741DAC0E0329D] [APT] [RealUpgradeScheduledTaskS-1-5-21-2697442829-4191816553-2403415351-1000] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
[MD5.10A159BFE9330414DE515CF6DEB81990] [APT] [SBWUpdateTask_Logon_74c354b5-000000000000] (.Speedbit Ltd..) -- C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe
[MD5.10A159BFE9330414DE515CF6DEB81990] [APT] [SBWUpdateTask_Time_74c354b5-000000000000] (.Speedbit Ltd..) -- C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.)
[MD5.249D235E3B321A3CD07C658F9E985CB4] [APT] [{2E41DA16-BC37-4A0B-8741-A3181EEA796B}] (.Google Inc..) -- c:\users\LAHLAL\appdata\local\google\chrome\application\chrome.exe
[MD5.A7BFFB86CBD05F6F0C2B637B216BED65] [APT] [{C3A61CB2-1E55-4977-86B0-4B8C78ECBE50}] (.Acresso Software Inc..) -- C:\SWSetup\SP53753\Setup.exe
[MD5.00000000000000000000000000000000] [APT] [Microsoft Antimalware Scheduled Scan] (...) -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe (.not file.)
~ Scan Scheduled Task in 00mn 03s



---\\ ActiveSetup Installed Components (O40) (None)

---\\ Software installed (O42)
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AC3filter]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software\Yahoo]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CoreCodec]
[HKCU\Software\DivXNetworks]
[HKCU\Software\ESET]
[HKCU\Software\Facebook]
[HKCU\Software\Flock]
[HKCU\Software\GNU]
[HKCU\Software\GSpot Appliance Corp]
[HKCU\Software\Google]
[HKCU\Software\HaaliMkx]
[HKCU\Software\Haali]
[HKCU\Software\HookNetwork]
[HKCU\Software\IM Providers]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\Macromedia]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Policies]
[HKCU\Software\QuickTime Alternative]
[HKCU\Software\RealNetworks]
[HKCU\Software\Realtek]
[HKCU\Software\SkypeRS]
[HKCU\Software\Skype]
[HKCU\Software\SpeedBit]
[HKCU\Software\Synaptics]
[HKCU\Software\WinRAR]
[HKCU\Software\Yahoo]
[HKCU\Software\drpsu]
[HKCU\Software\ooVoo]
~ Scan Softwares in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 14/06/2012 - 20:37:37 - [73,109] ----D C:\Program Files\Adobe
O43 - CFD: 21/07/2012 - 04:48:13 - [18,799] ----D C:\Program Files\Athan
O43 - CFD: 12/06/2012 - 16:02:23 - [2,118] ----D C:\Program Files\Atheros
O43 - CFD: 12/06/2012 - 16:02:16 - [3,340] ----D C:\Program Files\Cisco
O43 - CFD: 22/07/2012 - 16:44:37 - [457,308] ----D C:\Program Files\Common Files
O43 - CFD: 25/06/2012 - 21:31:12 - [12,504] ----D C:\Program Files\DAP
O43 - CFD: 14/07/2009 - 10:01:30 - [79,371] ----D C:\Program Files\DVD Maker
O43 - CFD: 12/06/2012 - 16:08:26 - [78,027] ----D C:\Program Files\ESET
O43 - CFD: 07/06/2012 - 19:32:51 - [0] R---D C:\Program Files\Fichiers communs
O43 - CFD: 12/06/2012 - 16:29:29 - [27,673] --H-D C:\Program Files\InstallShield Installation Information
O43 - CFD: 12/06/2012 - 17:06:10 - [27,359] ----D C:\Program Files\Intel
O43 - CFD: 25/06/2012 - 19:04:06 - [9,413] ----D C:\Program Files\Internet Download Manager
O43 - CFD: 16/08/2012 - 20:57:18 - [5,489] ----D C:\Program Files\Internet Explorer
O43 - CFD: 22/08/2012 - 21:15:39 - [23,660] ----D C:\Program Files\Internet Mobile
O43 - CFD: 22/07/2012 - 16:44:25 - [87,132] ----D C:\Program Files\Java
O43 - CFD: 07/06/2012 - 19:47:00 - [86,866] ----D C:\Program Files\K-Lite Codec Pack
O43 - CFD: 09/07/2012 - 00:04:09 - [0,075] ----D C:\Program Files\Lexmark
O43 - CFD: 11/06/2012 - 23:22:55 - [19,718] ----D C:\Program Files\Microsoft
O43 - CFD: 14/07/2009 - 10:01:21 - [140,965] ----D C:\Program Files\Microsoft Games
O43 - CFD: 07/06/2012 - 19:57:30 - [539,332] ----D C:\Program Files\Microsoft Office
O43 - CFD: 23/08/2012 - 18:27:59 - [36,641] ----D C:\Program Files\Microsoft Silverlight
O43 - CFD: 07/06/2012 - 19:57:29 - [0,014] ----D C:\Program Files\Microsoft Visual Studio
O43 - CFD: 07/06/2012 - 19:54:16 - [1,323] ----D C:\Program Files\Microsoft Visual Studio 8
O43 - CFD: 12/06/2012 - 01:28:41 - [3,554] ----D C:\Program Files\Microsoft Works
O43 - CFD: 07/06/2012 - 19:57:15 - [7,774] ----D C:\Program Files\Microsoft.NET
O43 - CFD: 07/06/2012 - 22:44:28 - [11,851] ----D C:\Program Files\Modem OT-X080C
O43 - CFD: 23/08/2012 - 18:27:57 - [37,711] ----D C:\Program Files\Mozilla Firefox
O43 - CFD: 23/08/2012 - 18:27:57 - [0,195] ----D C:\Program Files\Mozilla Maintenance Service
O43 - CFD: 07/06/2012 - 19:57:33 - [0,025] ----D C:\Program Files\MSBuild
O43 - CFD: 07/06/2012 - 19:45:51 - [52,724] ----D C:\Program Files\Nero
O43 - CFD: 12/06/2012 - 19:00:10 - [25,852] ----D C:\Program Files\ooVoo
O43 - CFD: 25/06/2012 - 20:51:31 - [100,101] ----D C:\Program Files\Real
O43 - CFD: 07/06/2012 - 22:11:18 - [25,672] ----D C:\Program Files\Realtek
O43 - CFD: 14/07/2009 - 05:52:30 - [36,809] ----D C:\Program Files\Reference Assemblies
O43 - CFD: 25/06/2012 - 19:24:04 - [0,497] ----D C:\Program Files\SearchPredict
O43 - CFD: 23/07/2012 - 21:21:35 - [16,855] R---D C:\Program Files\Skype
O43 - CFD: 25/06/2012 - 19:24:04 - [9,408] ----D C:\Program Files\SPEEDbit Video Downloader
O43 - CFD: 12/06/2012 - 16:31:45 - [63,689] ----D C:\Program Files\Synaptics
O43 - CFD: 14/07/2009 - 05:53:23 - [0] --H-D C:\Program Files\Uninstall Information
O43 - CFD: 07/06/2012 - 19:46:27 - [71,675] ----D C:\Program Files\VideoLAN
O43 - CFD: 14/07/2009 - 09:39:39 - [2,909] ----D C:\Program Files\Windows Defender
O43 - CFD: 09/06/2012 - 21:48:15 - [6,689] ----D C:\Program Files\Windows Journal
O43 - CFD: 23/08/2012 - 16:43:28 - [59,478] ----D C:\Program Files\Windows Live
O43 - CFD: 09/06/2012 - 21:48:19 - [5,895] ----D C:\Program Files\Windows Mail
O43 - CFD: 09/06/2012 - 21:48:11 - [6,302] ----D C:\Program Files\Windows Media Player
O43 - CFD: 07/06/2012 - 19:32:51 - [11,632] ----D C:\Program Files\Windows NT
O43 - CFD: 14/07/2009 - 09:39:39 - [4,213] ----D C:\Program Files\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 05:52:32 - [0,181] ----D C:\Program Files\Windows Portable Devices
O43 - CFD: 14/07/2009 - 09:39:39 - [6,374] ----D C:\Program Files\Windows Sidebar
O43 - CFD: 07/06/2012 - 19:43:35 - [3,277] ----D C:\Program Files\WinRAR
O43 - CFD: 11/06/2012 - 22:35:32 - [35,030] ----D C:\Program Files\Yahoo!
O43 - CFD: 25/08/2012 - 00:12:45 - [12,789] ----D C:\Program Files\ZHPDiag
O43 - CFD: 07/06/2012 - 19:43:21 - [1,758] ----D C:\Program Files\Common Files\Adobe
O43 - CFD: 16/07/2012 - 11:55:08 - [39,326] ----D C:\Program Files\Common Files\Adobe AIR
O43 - CFD: 07/06/2012 - 19:57:29 - [0,089] ----D C:\Program Files\Common Files\DESIGNER
O43 - CFD: 07/06/2012 - 19:40:34 - [12,691] ----D C:\Program Files\Common Files\Intel
O43 - CFD: 12/06/2012 - 16:36:52 - [0,007] ----D C:\Program Files\Common Files\Intel Corporation
O43 - CFD: 22/07/2012 - 16:44:37 - [1,201] ----D C:\Program Files\Common Files\Java
O43 - CFD: 23/08/2012 - 16:25:03 - [260,440] ----D C:\Program Files\Common Files\microsoft shared
O43 - CFD: 07/06/2012 - 19:45:44 - [35,033] ----D C:\Program Files\Common Files\Nero
O43 - CFD: 07/06/2012 - 19:47:57 - [20,634] ----D C:\Program Files\Common Files\Real
O43 - CFD: 14/07/2009 - 03:37:05 - [0,003] ----D C:\Program Files\Common Files\Services
O43 - CFD: 25/06/2012 - 19:56:53 - [2,056] ----D C:\Program Files\Common Files\Skype
O43 - CFD: 14/07/2009 - 03:37:05 - [39,200] ----D C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 25/06/2012 - 19:18:39 - [2,414] ----D C:\Program Files\Common Files\SpeedBit
O43 - CFD: 12/07/2012 - 09:24:34 - [42,121] ----D C:\Program Files\Common Files\System
O43 - CFD: 11/06/2012 - 22:50:08 - [0] ----D C:\Program Files\Common Files\Windows Live
O43 - CFD: 07/06/2012 - 19:47:58 - [0,336] ----D C:\Program Files\Common Files\xing shared
O43 - CFD: 24/08/2012 - 18:30:50 - [0,000] ----D C:\ProgramData\Adobe
O43 - CFD: 07/06/2012 - 19:47:08 - [0,014] ----D C:\ProgramData\Apple Computer
O43 - CFD: 14/07/2009 - 05:53:55 - [0] --H-D C:\ProgramData\Application Data
O43 - CFD: 12/06/2012 - 16:02:33 - [0,020] ----D C:\ProgramData\Atheros
O43 - CFD: 07/06/2012 - 19:32:51 - [0] --H-D C:\ProgramData\Bureau
O43 - CFD: 14/07/2009 - 05:53:55 - [0] --H-D C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 05:53:55 - [0] --H-D C:\ProgramData\Documents
O43 - CFD: 12/06/2012 - 16:08:26 - [107,737] ----D C:\ProgramData\ESET
O43 - CFD: 07/06/2012 - 19:32:51 - [0] --H-D C:\ProgramData\Favoris
O43 - CFD: 14/07/2009 - 05:53:55 - [0] --H-D C:\ProgramData\Favorites
O43 - CFD: 12/06/2012 - 16:34:56 - [0,001] ----D C:\ProgramData\Intel
O43 - CFD: 07/06/2012 - 19:32:51 - [0] --H-D C:\ProgramData\Menu Démarrer
O43 - CFD: 23/08/2012 - 16:25:48 - [34,630] -S--D C:\ProgramData\Microsoft
O43 - CFD: 16/08/2012 - 03:28:49 - [0,061] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 07/06/2012 - 19:32:51 - [0] --H-D C:\ProgramData\Modèles
O43 - CFD: 25/06/2012 - 20:11:33 - [0,004] ----D C:\ProgramData\Mozilla
O43 - CFD: 07/06/2012 - 19:45:40 - [0] ----D C:\ProgramData\Nero
O43 - CFD: 25/06/2012 - 20:56:12 - [1,783] ----D C:\ProgramData\Real
O43 - CFD: 23/07/2012 - 21:21:39 - [18,914] ----D C:\ProgramData\Skype
O43 - CFD: 25/06/2012 - 21:31:12 - [23,575] ----D C:\ProgramData\SpeedBit
O43 - CFD: 14/07/2009 - 05:53:55 - [0] --H-D C:\ProgramData\Start Menu
O43 - CFD: 22/07/2012 - 16:44:38 - [0,000] ----D C:\ProgramData\Sun
O43 - CFD: 12/06/2012 - 17:09:24 - [0,156] ----D C:\ProgramData\Synaptics
O43 - CFD: 24/08/2012 - 22:57:34 - [0] ---AD C:\ProgramData\TEMP
O43 - CFD: 14/07/2009 - 05:53:55 - [0] --H-D C:\ProgramData\Templates
O43 - CFD: 11/06/2012 - 22:35:24 - [1,168] ----D C:\ProgramData\Yahoo!
O43 - CFD: 11/06/2012 - 22:35:32 - [0,008] ----D C:\ProgramData\Yahoo! Companion
O43 - CFD: 14/06/2012 - 20:36:54 - [0,274] ----D C:\Users\LAHLAL\AppData\Roaming\Adobe
O43 - CFD: 14/06/2012 - 20:37:41 - [0,023] ----D C:\Users\LAHLAL\AppData\Roaming\com.socialbox.socialbox
O43 - CFD: 18/08/2012 - 01:54:20 - [1,825] ----D C:\Users\LAHLAL\AppData\Roaming\Dialer
O43 - CFD: 12/06/2012 - 16:58:30 - [0] ----D C:\Users\LAHLAL\AppData\Roaming\DMCache
O43 - CFD: 18/06/2012 - 00:26:25 - [0,000] ----D C:\Users\LAHLAL\AppData\Roaming\dvdcss
O43 - CFD: 12/06/2012 - 16:11:04 - [0] ----D C:\Users\LAHLAL\AppData\Roaming\ESET
O43 - CFD: 12/06/2012 - 18:46:39 - [0] ----D C:\Users\LAHLAL\AppData\Roaming\GetRightToGo
O43 - CFD: 07/06/2012 - 19:33:14 - [0] ----D C:\Users\LAHLAL\AppData\Roaming\Identities
O43 - CFD: 25/06/2012 - 19:04:06 - [0,735] ----D C:\Users\LAHLAL\AppData\Roaming\IDM
O43 - CFD: 12/06/2012 - 16:29:28 - [0] ----D C:\Users\LAHLAL\AppData\Roaming\InstallShield
O43 - CFD: 12/06/2012 - 16:35:12 - [0] ----D C:\Users\LAHLAL\AppData\Roaming\Intel Corporation
O43 - CFD: 07/06/2012 - 22:47:02 - [14,559] ----D C:\Users\LAHLAL\AppData\Roaming\Macromedia
O43 - CFD: 14/07/2009 - 10:00:32 - [0] ----D C:\Users\LAHLAL\AppData\Roaming\Media Center Programs
O43 - CFD: 02/07/2012 - 05:42:00 - [0,000] ----D C:\Users\LAHLAL\AppData\Roaming\Media Player Classic
O43 - CFD: 12/07/2012 - 22:11:02 - [3,893] -S--D C:\Users\LAHLAL\AppData\Roaming\Microsoft
O43 - CFD: 25/06/2012 - 20:12:00 - [13,936] ----D C:\Users\LAHLAL\AppData\Roaming\Mozilla
O43 - CFD: 07/06/2012 - 19:46:16 - [0,041] ----D C:\Users\LAHLAL\AppData\Roaming\Nero
O43 - CFD: 16/06/2012 - 22:32:13 - [3,102] ----D C:\Users\LAHLAL\AppData\Roaming\ooVoo Details
O43 - CFD: 25/06/2012 - 20:52:37 - [1,842] ----D C:\Users\LAHLAL\AppData\Roaming\Real
O43 - CFD: 23/08/2012 - 18:10:28 - [3,360] ----D C:\Users\LAHLAL\AppData\Roaming\Skype
O43 - CFD: 12/06/2012 - 16:35:02 - [0] ----D C:\Users\LAHLAL\AppData\Roaming\Synaptics
O43 - CFD: 24/08/2012 - 18:03:21 - [0,456] ----D C:\Users\LAHLAL\AppData\Roaming\vlc
O43 - CFD: 12/06/2012 - 01:24:36 - [0] ----D C:\Users\LAHLAL\AppData\Roaming\Windows Live Writer
O43 - CFD: 11/06/2012 - 22:39:50 - [2,126] ----D C:\Users\LAHLAL\AppData\Roaming\Yahoo!
O43 - CFD: 14/06/2012 - 20:33:42 - [0,177] ----D C:\Users\LAHLAL\AppData\Local\Adobe
O43 - CFD: 02/07/2012 - 04:21:57 - [0] ----D C:\Users\LAHLAL\AppData\Local\Apple Computer
O43 - CFD: 07/06/2012 - 19:33:01 - [0] ----D C:\Users\LAHLAL\AppData\Local\Application Data
O43 - CFD: 19/07/2012 - 23:20:51 - [0] ----D C:\Users\LAHLAL\AppData\Local\Diagnostics
O43 - CFD: 12/06/2012 - 16:11:04 - [3,156] ----D C:\Users\LAHLAL\AppData\Local\ESET
O43 - CFD: 09/06/2012 - 19:36:19 - [7,490] ----D C:\Users\LAHLAL\AppData\Local\Facebook
O43 - CFD: 07/06/2012 - 19:46:48 - [650,581] ----D C:\Users\LAHLAL\AppData\Local\Google
O43 - CFD: 07/06/2012 - 19:33:01 - [0] ----D C:\Users\LAHLAL\AppData\Local\Historique
O43 - CFD: 03/07/2012 - 14:51:48 - [513,318] ----D C:\Users\LAHLAL\AppData\Local\Microsoft
O43 - CFD: 07/06/2012 - 19:53:41 - [0] ----D C:\Users\LAHLAL\AppData\Local\Microsoft Help
O43 - CFD: 25/06/2012 - 20:11:41 - [141,986] ----D C:\Users\LAHLAL\AppData\Local\Mozilla
O43 - CFD: 25/08/2012 - 00:11:17 - [356,531] ---AD C:\Users\LAHLAL\AppData\Local\Temp
O43 - CFD: 07/06/2012 - 19:33:01 - [0] ----D C:\Users\LAHLAL\AppData\Local\Temporary Internet Files
O43 - CFD: 25/06/2012 - 19:37:36 - [1,721] ----D C:\Users\LAHLAL\AppData\Local\VirtualStore
O43 - CFD: 23/08/2012 - 16:23:12 - [0,031] ----D C:\Users\LAHLAL\AppData\Local\Windows Live
O43 - CFD: 12/06/2012 - 01:24:49 - [0] ----D C:\Users\LAHLAL\AppData\Local\Windows Live Writer
O43 - CFD: 02/08/2012 - 15:22:13 - [0] ----D C:\Users\LAHLAL\AppData\Local\{00BEDF34-1917-46D3-887A-20CA49DBBAC2}
O43 - CFD: 25/07/2012 - 21:14:53 - [0] ----D C:\Users\LAHLAL\AppData\Local\{0175DB88-E632-4470-883E-C3C54393995A}
O43 - CFD: 28/07/2012 - 17:07:47 - [0] ----D C:\Users\LAHLAL\AppData\Local\{01A635EB-8B29-477C-81F7-D05AE84729B2}
O43 - CFD: 09/07/2012 - 16:41:02 - [0] ----D C:\Users\LAHLAL\AppData\Local\{0357B9FA-A191-49FB-9ECB-9CBFF898D230}
O43 - CFD: 23/07/2012 - 01:38:26 - [0] ----D C:\Users\LAHLAL\AppData\Local\{04A23542-F73F-41F6-BDAC-77262C040088}
O43 - CFD: 23/07/2012 - 21:22:48 - [0] ----D C:\Users\LAHLAL\AppData\Local\{06A1486C-F54B-4C5F-BB9D-273C7C78893F}
O43 - CFD: 27/07/2012 - 17:01:59 - [0] ----D C:\Users\LAHLAL\AppData\Local\{0785426C-B2BF-4CB0-A707-8B537409383A}
O43 - CFD: 22/08/2012 - 21:17:26 - [0] ----D C:\Users\LAHLAL\AppData\Local\{09FC7AA4-59A5-4103-B894-A9ABC671C1BD}
O43 - CFD: 07/08/2012 - 14:28:55 - [0] ----D C:\Users\LAHLAL\AppData\Local\{0BA4B282-AC56-4DCB-92DA-12FFE4788989}
O43 - CFD: 15/06/2012 - 16:47:31 - [0] ----D C:\Users\LAHLAL\AppData\Local\{0C070647-B961-47F7-B826-02C88169D443}
O43 - CFD: 06/07/2012 - 15:40:05 - [0] ----D C:\Users\LAHLAL\AppData\Local\{0FB7EF72-99AD-4905-83B2-C24FB547EF63}
O43 - CFD: 08/07/2012 - 22:21:10 - [0] ----D C:\Users\LAHLAL\AppData\Local\{0FC4A3E1-95AA-4DA3-9549-40300C0F9C02}
O43 - CFD: 23/07/2012 - 21:22:31 - [0] ----D C:\Users\LAHLAL\AppData\Local\{0FE7A10C-F186-46D7-8D0E-83A7F555A5C1}
O43 - CFD: 05/07/2012 - 12:00:55 - [0] ----D C:\Users\LAHLAL\AppData\Local\{12682CFC-0B15-4594-8A90-55CD79193A5E}
O43 - CFD: 22/07/2012 - 01:33:18 - [0] ----D C:\Users\LAHLAL\AppData\Local\{12989F44-863A-4BAB-B7EE-548AAC93CF00}
O43 - CFD: 08/07/2012 - 22:20:52 - [0] ----D C:\Users\LAHLAL\AppData\Local\{1406CA31-0DAA-45EC-9FD1-1302B4E5E3BB}
O43 - CFD: 15/07/2012 - 20:32:31 - [0] ----D C:\Users\LAHLAL\AppData\Local\{1714AD2A-CEB4-4979-B678-619B95915EF7}
O43 - CFD: 24/07/2012 - 21:33:38 - [0] ----D C:\Users\LAHLAL\AppData\Local\{1A26AB9B-CC62-4D67-BAC8-41F3BCBCA8BD}
O43 - CFD: 16/08/2012 - 21:00:12 - [0] ----D C:\Users\LAHLAL\AppData\Local\{1CC046DA-4238-4E09-B7C0-F559F2D21EFF}
O43 - CFD: 11/08/2012 - 14:48:40 - [0] ----D C:\Users\LAHLAL\AppData\Local\{1D1C4116-E450-4F0C-8A41-2750F8F88ED0}
O43 - CFD: 21/07/2012 - 01:31:39 - [0] ----D C:\Users\LAHLAL\AppData\Local\{1D635F6E-010A-411F-9B3B-37F95BF33D22}
O43 - CFD: 12/06/2012 - 15:31:20 - [0] ----D C:\Users\LAHLAL\AppData\Local\{1D836E48-7898-4616-BAD2-8693A30B7BCE}
O43 - CFD: 23/06/2012 - 15:21:53 - [0] ----D C:\Users\LAHLAL\AppData\Local\{1DA6D153-5500-425D-ACA7-E947DDB81D8B}
O43 - CFD: 04/07/2012 - 13:36:49 - [0] ----D C:\Users\LAHLAL\AppData\Local\{1F29E562-D479-451B-8A14-24458CB80BF2}
O43 - CFD: 15/08/2012 - 21:06:08 - [0] ----D C:\Users\LAHLAL\AppData\Local\{20E56603-E11F-415D-A5C5-E2C821EB76EE}
O43 - CFD: 29/07/2012 - 18:51:28 - [0] ----D C:\Users\LAHLAL\AppData\Local\{22C86B12-7164-4296-96D3-415C46AB6D20}
O43 - CFD: 13/07/2012 - 15:16:14 - [0] ----D C:\Users\LAHLAL\AppData\Local\{25341B13-3ACD-4637-8646-7633DCD0B970}
O43 - CFD: 02/08/2012 - 15:22:29 - [0] ----D C:\Users\LAHLAL\AppData\Local\{25F43F4B-FC1C-4498-B107-B7F2F6F489FA}
O43 - CFD: 12/07/2012 - 21:23:39 - [0] ----D C:\Users\LAHLAL\AppData\Local\{293C5C66-4823-4FA6-8DFF-7AF2DE104166}
O43 - CFD: 10/08/2012 - 14:32:16 - [0] ----D C:\Users\LAHLAL\AppData\Local\{2A1920CA-CF88-4635-97C3-0E5A34622F01}
O43 - CFD: 12/07/2012 - 09:18:24 - [0] ----D C:\Users\LAHLAL\AppData\Local\{2CA0E0C1-51C9-415F-82F0-329B3E2D711F}
O43 - CFD: 27/07/2012 - 17:01:43 - [0] ----D C:\Users\LAHLAL\AppData\Local\{2F9410CF-BF02-4E0A-A20B-8ED888EEAAC4}
O43 - CFD: 18/07/2012 - 23:48:41 - [0] ----D C:\Users\LAHLAL\AppData\Local\{35A972AD-A960-42D4-845D-E9D1AF0C06AC}
O43 - CFD: 13/06/2012 - 16:25:44 - [0] ----D C:\Users\LAHLAL\AppData\Local\{36803783-9E24-481A-B4DC-16CB01E25954}
O43 - CFD: 17/07/2012 - 16:12:29 - [0] ----D C:\Users\LAHLAL\AppData\Local\{37A916AA-5175-426B-8938-18B82E29287E}
O43 - CFD: 23/08/2012 - 16:04:39 - [0] ----D C:\Users\LAHLAL\AppData\Local\{3970AC47-F9FD-4513-BE3D-50541202ABEA}
O43 - CFD: 29/07/2012 - 18:51:39 - [0] ----D C:\Users\LAHLAL\AppData\Local\{39D1CF5B-EA3F-4B27-AA7B-E53AE206B61E}
O43 - CFD: 26/06/2012 - 16:02:27 - [0] ----D C:\Users\LAHLAL\AppData\Local\{3D67B711-A268-45E3-A7CB-4604B7605BF7}
O43 - CFD: 13/07/2012 - 15:16:30 - [0] ----D C:\Users\LAHLAL\AppData\Local\{420C7003-CF0A-47DA-89CC-B1920FBA9E41}
O43 - CFD: 29/06/2012 - 16:49:36 - [0] ----D C:\Users\LAHLAL\AppData\Local\{444B981A-4173-4FEE-BB5D-4FF749170F6C}
O43 - CFD: 27/06/2012 - 15:51:31 - [0] ----D C:\Users\LAHLAL\AppData\Local\{463C9AC9-9C17-4B63-84F1-57D620266303}
O43 - CFD: 21/07/2012 - 13:32:13 - [0] ----D C:\Users\LAHLAL\AppData\Local\{466F1869-B75B-4AD0-8EE2-E118225BC797}
O43 - CFD: 10/08/2012 - 00:40:24 - [0] ----D C:\Users\LAHLAL\AppData\Local\{46D7E230-4F75-4482-88C3-0C4894A6BFC7}
O43 - CFD: 05/08/2012 - 14:37:15 - [0] ----D C:\Users\LAHLAL\AppData\Local\{4736F307-2DC6-4B2F-9C36-337430584859}
O43 - CFD: 20/07/2012 - 13:30:35 - [0] ----D C:\Users\LAHLAL\AppData\Local\{47EF6329-2425-4B11-BFE6-18119765235A}
O43 - CFD: 02/07/2012 - 13:44:59 - [0] ----D C:\Users\LAHLAL\AppData\Local\{4A338771-4C76-439C-AC20-77D552F4B345}
O43 - CFD: 17/06/2012 - 12:38:11 - [0] ----D C:\Users\LAHLAL\AppData\Local\{4AE731A5-15A1-4F33-B933-F55CD30F733B}
O43 - CFD: 06/07/2012 - 00:01:52 - [0] ----D C:\Users\LAHLAL\AppData\Local\{4D1DD7D1-939D-4E27-81D7-143BEDF3F432}
O43 - CFD: 03/07/2012 - 13:46:26 - [0] ----D C:\Users\LAHLAL\AppData\Local\{4D6C1F6B-BEE9-46BD-9D4F-923D90B9A368}
O43 - CFD: 10/07/2012 - 15:47:05 - [0] ----D C:\Users\LAHLAL\AppData\Local\{4E854A11-E89E-4C69-9A81-F87437784769}
O43 - CFD: 15/06/2012 - 16:45:50 - [0] ----D C:\Users\LAHLAL\AppData\Local\{523AD8EB-2981-482D-B4F1-6D866CDCBABD}
O43 - CFD: 03/08/2012 - 14:31:21 - [0] ----D C:\Users\LAHLAL\AppData\Local\{52696C27-AE09-4139-9843-7D243328D20A}
O43 - CFD: 13/08/2012 - 00:50:09 - [0] ----D C:\Users\LAHLAL\AppData\Local\{52896432-91DB-40B8-8FC2-83E0DB6129BC}
O43 - CFD: 04/07/2012 - 13:37:01 - [0] ----D C:\Users\LAHLAL\AppData\Local\{5599A751-8E53-4E25-83C0-352D7859EC60}
O43 - CFD: 25/06/2012 - 13:06:38 - [0] ----D C:\Users\LAHLAL\AppData\Local\{58099C80-AE7D-40F4-8CD0-5022C6A259BF}
O43 - CFD: 14/06/2012 - 17:23:19 - [0] ----D C:\Users\LAHLAL\AppData\Local\{58A1A077-CC31-4C88-B842-C04D981F7736}
O43 - CFD: 13/08/2012 - 19:33:55 - [0] ----D C:\Users\LAHLAL\AppData\Local\{59F9A892-82B2-4B46-B963-2FA2B6F8A781}
O43 - CFD: 23/07/2012 - 01:38:42 - [0] ----D C:\Users\LAHLAL\AppData\Local\{5FBD4356-B177-4D6A-8391-6FC22AC4B4B8}
O43 - CFD: 24/06/2012 - 22:35:06 - [0] ----D C:\Users\LAHLAL\AppData\Local\{61A750CA-D2AA-46FD-B20B-CB1DEB3A8AC6}
O43 - CFD: 18/07/2012 - 23:48:59 - [0] ----D C:\Users\LAHLAL\AppData\Local\{6257A2DE-FBA0-491B-8C63-DB02519DE29B}
O43 - CFD: 18/06/2012 - 16:51:00 - [0] ----D C:\Users\LAHLAL\AppData\Local\{631CE323-051D-4AFF-AE33-6670789B8AF8}
O43 - CFD: 03/08/2012 - 14:31:03 - [0] ----D C:\Users\LAHLAL\AppData\Local\{635779D2-FB03-4DD4-95E1-4FB60DA61235}
O43 - CFD: 25/07/2012 - 21:14:37 - [0] ----D C:\Users\LAHLAL\AppData\Local\{63B287A4-D802-47A3-97D3-190B807A552D}
O43 - CFD: 07/08/2012 - 14:28:39 - [0] ----D C:\Users\LAHLAL\AppData\Local\{66DE1DA7-EA95-49C5-A115-6191DA663FDB}
O43 - CFD: 24/06/2012 - 10:34:16 - [0] ----D C:\Users\LAHLAL\AppData\Local\{68217082-F611-4E77-8F7D-E89330CE25B3}
O43 - CFD: 11/08/2012 - 02:33:07 - [0] ----D C:\Users\LAHLAL\AppData\Local\{69800A76-7B99-43AE-A9F1-A03413DBC069}
O43 - CFD: 11/07/2012 - 16:33:21 - [0] ----D C:\Users\LAHLAL\AppData\Local\{6AC2F893-CC2A-49BB-A807-41FA58208E8A}
O43 - CFD: 12/07/2012 - 21:23:55 - [0] ----D C:\Users\LAHLAL\AppData\Local\{6C0C6003-2E7B-463F-8B22-C9CD5A465957}
O43 - CFD: 11/08/2012 - 02:32:51 - [0] ----D C:\Users\LAHLAL\AppData\Local\{6E78C30E-2AE2-482A-91E3-0298B488661F}
O43 - CFD: 12/06/2012 - 16:18:03 - [0] ----D C:\Users\LAHLAL\AppData\Local\{6FE3865D-D2B3-48FE-B202-9BD67AA8870B}
O43 - CFD: 22/06/2012 - 15:51:11 - [0] ----D C:\Users\LAHLAL\AppData\Local\{701BDDA8-7733-4005-98EB-A01C2C313D96}
O43 - CFD: 15/08/2012 - 21:06:19 - [0] ----D C:\Users\LAHLAL\AppData\Local\{7091C589-A9E1-4D76-82B1-FD10AE917B1F}
O43 - CFD: 09/08/2012 - 03:23:15 - [0] ----D C:\Users\LAHLAL\AppData\Local\{713E2F45-4886-45C1-93BF-9C5CD5D7E5ED}
O43 - CFD: 09/07/2012 - 16:41:18 - [0] ----D C:\Users\LAHLAL\AppData\Local\{718B8A1E-7C33-4A4C-B227-E86995F8368C}
O43 - CFD: 04/07/2012 - 13:30:06 - [0] ----D C:\Users\LAHLAL\AppData\Local\{722A9A59-5265-47F8-A5DD-FEB58AF494DF}
O43 - CFD: 12/06/2012 - 15:57:39 - [0] ----D C:\Users\LAHLAL\AppData\Local\{72FEF891-9932-490A-88AF-10BDB99951CD}
O43 - CFD: 05/08/2012 - 14:37:27 - [0] ----D C:\Users\LAHLAL\AppData\Local\{75FCCA7E-21EB-4B3E-821B-A13D2F05E0D3}
O43 - CFD: 24/08/2012 - 12:39:34 - [0] ----D C:\Users\LAHLAL\AppData\Local\{7606A492-39C1-4D18-BFAD-3B7892AA3EFE}
O43 - CFD: 06/08/2012 - 02:38:19 - [0] ----D C:\Users\LAHLAL\AppData\Local\{78431D32-43BE-43FB-A350-EA151195DEA3}
O43 - CFD: 15/07/2012 - 20:32:14 - [0] ----D C:\Users\LAHLAL\AppData\Local\{798B7018-5DFC-4745-86A4-4687FFA77623}
O43 - CFD: 16/06/2012 - 16:53:49 - [0] ----D C:\Users\LAHLAL\AppData\Local\{7B37BBC8-D8F7-478A-9814-0C0F4C99B647}
O43 - CFD: 02/07/2012 - 13:44:43 - [0] ----D C:\Users\LAHLAL\AppData\Local\{7C1F48C1-CA08-4BC9-AFC3-EB20AB7EFC2A}
O43 - CFD: 17/07/2012 - 16:12:10 - [0] ----D C:\Users\LAHLAL\AppData\Local\{7D5CE7E9-6509-4BC7-8F95-B90591733CC1}
O43 - CFD: 20/06/2012 - 15:48:56 - [0] ----D C:\Users\LAHLAL\AppData\Local\{80EFBBCE-4090-48F1-8549-6B625625CDFA}
O43 - CFD: 08/07/2012 - 13:25:04 - [0] ----D C:\Users\LAHLAL\AppData\Local\{821E5AAD-DFAF-4879-B285-B735F66C02F8}
O43 - CFD: 03/07/2012 - 01:45:53 - [0] ----D C:\Users\LAHLAL\AppData\Local\{83095DAB-4A91-4C92-9AE3-38DFAD908248}
O43 - CFD: 01/07/2012 - 13:43:19 - [0] ----D C:\Users\LAHLAL\AppData\Local\{84DBD2A8-0F0A-4B40-9038-68FBFC1D4D2C}
O43 - CFD: 21/07/2012 - 13:32:29 - [0] ----D C:\Users\LAHLAL\AppData\Local\{853B862C-54A1-4069-AD70-A48FDF8CDDC7}
O43 - CFD: 30/06/2012 - 16:13:04 - [0] ----D C:\Users\LAHLAL\AppData\Local\{86490240-4ECF-4B77-A550-B51715D43286}
O43 - CFD: 14/06/2012 - 17:23:31 - [0] ----D C:\Users\LAHLAL\AppData\Local\{88B4DCB9-6D39-4765-8025-368107F899D2}
O43 - CFD: 23/06/2012 - 15:22:10 - [0] ----D C:\Users\LAHLAL\AppData\Local\{8A76C095-6362-4FC1-B9A3-74C27F2779AB}
O43 - CFD: 06/07/2012 - 15:39:48 - [0] ----D C:\Users\LAHLAL\AppData\Local\{8ABBE1FF-BA50-4BAC-BEC9-DAC025928D4B}
O43 - CFD: 01/07/2012 - 13:43:01 - [0] ----D C:\Users\LAHLAL\AppData\Local\{8AE09AC6-2D24-4EF2-B535-9938260FFF78}
O43 - CFD: 22/07/2012 - 13:33:49 - [0] ----D C:\Users\LAHLAL\AppData\Local\{8D0D33A9-0A75-4242-B40C-F9A1DE152D08}
O43 - CFD: 06/08/2012 - 02:38:03 - [0] ----D C:\Users\LAHLAL\AppData\Local\{8D3AF400-2859-4680-B9EE-26FE150EE811}
O43 - CFD: 12/08/2012 - 03:27:09 - [0] ----D C:\Users\LAHLAL\AppData\Local\{9089DDBA-9A5E-4877-802C-A8AF4C1C7AC8}
O43 - CFD: 12/08/2012 - 12:49:36 - [0] ----D C:\Users\LAHLAL\AppData\Local\{90D04BA4-625E-4B5E-9A7F-6B78DFAF8CB7}
O43 - CFD: 14/08/2012 - 17:53:27 - [0] ----D C:\Users\LAHLAL\AppData\Local\{92FAA424-AA1D-4E90-B352-128C4A427FB1}
O43 - CFD: 01/08/2012 - 14:56:33 - [0] ----D C:\Users\LAHLAL\AppData\Local\{94E05E97-95CE-4D79-8692-81D3D15283E9}
O43 - CFD: 12/07/2012 - 09:22:49 - [0] ----D C:\Users\LAHLAL\AppData\Local\{959D9DC4-A2E1-4763-87C8-62453DAC5815}
O43 - CFD: 12/06/2012 - 15:38:09 - [0] ----D C:\Users\LAHLAL\AppData\Local\{95B97D92-00FE-477C-92BE-12D9B0CA69C2}
O43 - CFD: 25/06/2012 - 15:52:53 - [0] ----D C:\Users\LAHLAL\AppData\Local\{97D61C40-03B2-4316-B34A-DF734A466BBA}
O43 - CFD: 26/07/2012 - 17:07:19 - [0] ----D C:\Users\LAHLAL\AppData\Local\{9A120B7F-4785-4427-84F5-7216E0A00A1D}
O43 - CFD: 05/07/2012 - 12:00:38 - [0] ----D C:\Users\LAHLAL\AppData\Local\{9E577FF5-E6FD-4C21-94AA-B16F65AB93E9}
O43 - CFD: 17/08/2012 - 20:59:31 - [0] ----D C:\Users\LAHLAL\AppData\Local\{9E6E4F89-0407-4EFB-9BE2-8D13CEECCB37}
O43 - CFD: 26/07/2012 - 17:07:07 - [0] ----D C:\Users\LAHLAL\AppData\Local\{9EE45A66-8513-4C36-9511-55C92944FA61}
O43 - CFD: 11/08/2012 - 14:48:23 - [0] ----D C:\Users\LAHLAL\AppData\Local\{9FE95E4C-0F40-458B-9688-A7300EB1EA3C}
O43 - CFD: 09/08/2012 - 03:23:31 - [0] ----D C:\Users\LAHLAL\AppData\Local\{A246996B-209D-48EA-A228-0AD0C0E1F47A}
O43 - CFD: 20/07/2012 - 01:29:48 - [0] ----D C:\Users\LAHLAL\AppData\Local\{A43378AA-5A08-4C34-958E-B9B74146E146}
O43 - CFD: 24/06/2012 - 22:34:49 - [0] ----D C:\Users\LAHLAL\AppData\Local\{A469D93F-4608-4A09-83A9-E6F7B32C7098}
O43 - CFD: 19/06/2012 - 17:34:34 - [0] ----D C:\Users\LAHLAL\AppData\Local\{A7A35700-9FA1-44BD-86EE-DA4A2DDA1CF0}
O43 - CFD: 21/06/2012 - 15:56:57 - [0] ----D C:\Users\LAHLAL\AppData\Local\{A9D2EBCB-84E3-46FE-874F-C15E10A86F5A}
O43 - CFD: 11/07/2012 - 16:33:04 - [0] ----D C:\Users\LAHLAL\AppData\Local\{ABB7D695-E4D8-4DD4-AECF-64F9C43E3CE9}
O43 - CFD: 12/08/2012 - 12:49:25 - [0] ----D C:\Users\LAHLAL\AppData\Local\{ACC34DE1-569E-4802-9773-00BD23888596}
O43 - CFD: 19/07/2012 - 13:29:16 - [0] ----D C:\Users\LAHLAL\AppData\Local\{AD3E779A-CD04-471B-B2F3-854DEB744529}
O43 - CFD: 13/06/2012 - 16:25:27 - [0] ----D C:\Users\LAHLAL\AppData\Local\{AE4166F0-66FC-4A40-B0FF-7EF94BB0B780}
O43 - CFD: 10/08/2012 - 14:32:00 - [0] ----D C:\Users\LAHLAL\AppData\Local\{AF542942-EF8C-43B1-AE93-808960E6BD8F}
O43 - CFD: 29/07/2012 - 15:01:15 - [0] ----D C:\Users\LAHLAL\AppData\Local\{AFB9BA4D-38B3-445F-94C3-A13F25985429}
O43 - CFD: 16/07/2012 - 11:53:58 - [0] ----D C:\Users\LAHLAL\AppData\Local\{B0870F07-88C0-4FDA-98B6-39CF4A21F818}
O43 - CFD: 02/07/2012 - 01:43:54 - [0] ----D C:\Users\LAHLAL\AppData\Local\{B099F2CF-7B5E-4FE8-96A1-7AEDF04E0106}
O43 - CFD: 02/07/2012 - 01:44:10 - [0] ----D C:\Users\LAHLAL\AppData\Local\{B1255DFC-3B33-498C-A426-50A5C02A3590}
O43 - CFD: 30/06/2012 - 16:12:44 - [0] ----D C:\Users\LAHLAL\AppData\Local\{B152380D-B5D0-44E2-A142-C305FD58EDCC}
O43 - CFD: 13/08/2012 - 00:50:25 - [0] ----D C:\Users\LAHLAL\AppData\Local\{B2C5D76F-6F98-4D1F-A389-B27ECAF85D48}
O43 - CFD: 01/08/2012 - 14:56:52 - [0] ----D C:\Users\LAHLAL\AppData\Local\{B4933827-B506-45A3-97B6-4A6A86BAB34E}
O43 - CFD: 16/08/2012 - 20:59:56 - [0] ----D C:\Users\LAHLAL\AppData\Local\{B5B136E0-1FAF-46DE-BC8D-6493F229D048}
O43 - CFD: 12/06/2012 - 16:19:48 - [0] ----D C:\Users\LAHLAL\AppData\Local\{B90204F9-4B11-43E3-9F4C-323D7E3473B0}
O43 - CFD: 03/07/2012 - 13:46:42 - [0] ----D C:\Users\LAHLAL\AppData\Local\{BA536F2C-0CC3-43DA-B7DD-733D8869A0B3}
O43 - CFD: 20/07/2012 - 01:30:04 - [0] ----D C:\Users\LAHLAL\AppData\Local\{BC985D12-00B2-4CDD-9AEC-5FA6FBDF9CDD}
O43 - CFD: 22/06/2012 - 15:50:53 - [0] ----D C:\Users\LAHLAL\AppData\Local\{BCC97885-B5EC-4D47-B762-D9268ED55787}
O43 - CFD: 10/08/2012 - 00:40:41 - [0] ----D C:\Users\LAHLAL\AppData\Local\{BE4A9F4E-E57E-4E16-9638-10F151009464}
O43 - CFD: 23/08/2012 - 17:00:14 - [0] ----D C:\Users\LAHLAL\AppData\Local\{BF148DA9-4633-4C6B-9D45-F63DB11E529C}
O43 - CFD: 28/07/2012 - 17:07:31 - [0] ----D C:\Users\LAHLAL\AppData\Local\{C2B46F3D-CD06-4DDF-8045-D42C62031BC7}
O43 - CFD: 04/08/2012 - 18:19:56 - [0] ----D C:\Users\LAHLAL\AppData\Local\{C3B411B4-5CD0-4A15-95C9-897657B54FBA}
O43 - CFD: 21/07/2012 - 01:31:22 - [0] ----D C:\Users\LAHLAL\AppData\Local\{C91C7659-73C5-4BBE-954A-A9000C3022DF}
O43 - CFD: 12/06/2012 - 01:07:58 - [0] ----D C:\Users\LAHLAL\AppData\Local\{C9320910-34C2-4267-A52F-DC40E542669C}
O43 - CFD: 12/06/2012 - 01:06:00 - [0] ----D C:\Users\LAHLAL\AppData\Local\{C934F8A6-B45D-4CC4-9D3E-F7F75392CC10}
O43 - CFD: 29/06/2012 - 16:49:51 - [0] ----D C:\Users\LAHLAL\AppData\Local\{C9C6DCB9-C5D7-46B8-A6A2-DF731FF7A297}
O43 - CFD: 26/06/2012 - 16:02:10 - [0] ----D C:\Users\LAHLAL\AppData\Local\{CD653D87-B330-40BB-B45C-C72D28889780}
O43 - CFD: 20/07/2012 - 13:30:51 - [0] ----D C:\Users\LAHLAL\AppData\Local\{CF0B4BDB-4043-457F-ADF3-1E83ED00766A}
O43 - CFD: 22/07/2012 - 13:34:05 - [0] ----D C:\Users\LAHLAL\AppData\Local\{D0084CE1-68B6-42C5-B8F1-B37846827988}
O43 - CFD: 14/07/2012 - 16:21:34 - [0] ----D C:\Users\LAHLAL\AppData\Local\{D06D65F7-5705-4F4E-B73B-1AB89FFF40D4}
O43 - CFD: 20/06/2012 - 15:49:15 - [0] ----D C:\Users\LAHLAL\AppData\Local\{D2B613BF-5367-473D-A69D-7ACC28CFCD23}
O43 - CFD: 07/08/2012 - 00:48:26 - [0] ----D C:\Users\LAHLAL\AppData\Local\{D3046C0B-3688-4DB7-A49D-0B9DAEFFB319}
O43 - CFD: 08/08/2012 - 02:30:07 - [0] ----D C:\Users\LAHLAL\AppData\Local\{D356449E-9FA6-45C8-9442-8FA3893BBB09}
O43 - CFD: 08/08/2012 - 02:29:47 - [0] ----D C:\Users\LAHLAL\AppData\Local\{D3F8E2DB-5F7F-400F-BF56-E39342F80147}
O43 - CFD: 19/07/2012 - 13:28:59 - [0] ----D C:\Users\LAHLAL\AppData\Local\{D40AF4E8-57E0-486A-9853-765833E08F45}
O43 - CFD: 12/06/2012 - 16:20:00 - [0] ----D C:\Users\LAHLAL\AppData\Local\{D6CA3D3B-114B-45C7-B6DF-ACFC0B9FA478}
O43 - CFD: 13/08/2012 - 19:33:39 - [0] ----D C:\Users\LAHLAL\AppData\Local\{D841EAE7-343A-4817-990F-FD9C8D0065B4}
O43 - CFD: 06/07/2012 - 00:02:15 - [0] ----D C:\Users\LAHLAL\AppData\Local\{D8896D63-7E88-49B4-A642-8A25DEF444D8}
O43 - CFD: 14/08/2012 - 17:53:11 - [0] ----D C:\Users\LAHLAL\AppData\Local\{DA0F8621-1835-4735-B9DC-3E6AF69DA283}
O43 - CFD: 25/06/2012 - 15:52:37 - [0] ----D C:\Users\LAHLAL\AppData\Local\{DB4748B2-EF51-4FDC-AEA1-EF9F4DF275DA}
O43 - CFD: 03/07/2012 - 01:45:35 - [0] ----D C:\Users\LAHLAL\AppData\Local\{E0C5AB6B-73CA-4745-9E4E-1FABCDD8CB1A}
O43 - CFD: 14/07/2012 - 16:21:17 - [0] ----D C:\Users\LAHLAL\AppData\Local\{E29BA777-873C-4DE8-87D1-05B3B424E618}
O43 - CFD: 30/07/2012 - 15:05:31 - [0] ----D C:\Users\LAHLAL\AppData\Local\{E2BADF18-F775-410A-A9A9-203BEF2CD89D}
O43 - CFD: 04/07/2012 - 13:30:23 - [0] ----D C:\Users\LAHLAL\AppData\Local\{E83C1135-DA4D-4D70-8469-776FC18F794C}
O43 - CFD: 17/08/2012 - 20:59:49 - [0] ----D C:\Users\LAHLAL\AppData\Local\{E976DBAD-17F7-4609-A5A8-C1B9D70942DF}
O43 - CFD: 07/08/2012 - 00:48:45 - [0] ----D C:\Users\LAHLAL\AppData\Local\{ED365A5B-C986-4BEB-B1E1-3FC094529CE3}
O43 - CFD: 24/06/2012 - 10:34:00 - [0] ----D C:\Users\LAHLAL\AppData\Local\{EDFC701C-F3DE-41DC-8DE3-96E30FA4852C}
O43 - CFD: 16/07/2012 - 11:54:10 - [0] ----D C:\Users\LAHLAL\AppData\Local\{F1BBE456-3E2E-40D1-905B-B57DE499558A}
O43 - CFD: 31/07/2012 - 14:38:23 - [0] ----D C:\Users\LAHLAL\AppData\Local\{F3018AF4-C9C4-4F02-A200-2DBEE6AEB45B}
O43 - CFD: 27/06/2012 - 15:51:13 - [0] ----D C:\Users\LAHLAL\AppData\Local\{F376B3A1-40B6-4E45-9528-2537462E51D8}
O43 - CFD: 24/07/2012 - 21:33:22 - [0] ----D C:\Users\LAHLAL\AppData\Local\{F3EDDA93-AC95-48A9-9F2D-7E09AED3CA6B}
O43 - CFD: 19/06/2012 - 17:35:10 - [0] ----D C:\Users\LAHLAL\AppData\Local\{F7A5D25E-3FB9-4BB2-B1E5-1686D90B246C}
O43 - CFD: 10/07/2012 - 15:46:49 - [0] ----D C:\Users\LAHLAL\AppData\Local\{F86501C2-195D-4EA8-8DC7-7B0D9148D1D1}
O43 - CFD: 28/06/2012 - 15:54:29 - [0] ----D C:\Users\LAHLAL\AppData\Local\{F8E1D0DB-9A7C-45FC-9008-5BB3749C41CE}
O43 - CFD: 30/07/2012 - 15:05:48 - [0] ----D C:\Users\LAHLAL\AppData\Local\{F94AA970-685F-45F8-BE21-C9EE3B229FFD}
O43 - CFD: 28/06/2012 - 15:54:46 - [0] ----D C:\Users\LAHLAL\AppData\Local\{F9F6878F-77C5-4B97-84D4-A77BF3CD425C}
O43 - CFD: 04/08/2012 - 18:20:17 - [0] ----D C:\Users\LAHLAL\AppData\Local\{FA1A347D-7BA6-4B10-BB18-26A5B1E80053}
O43 - CFD: 31/07/2012 - 14:38:11 - [0] ----D C:\Users\LAHLAL\AppData\Local\{FA4F0BA6-3C15-4A37-944D-A5DBDC6EA299}
O43 - CFD: 12/07/2012 - 09:23:06 - [0] ----D C:\Users\LAHLAL\AppData\Local\{FDE688EA-5E12-4D8E-8E4B-FB69C8D6F6E5}
O43 - CFD: 22/07/2012 - 01:33:02 - [0] ----D C:\Users\LAHLAL\AppData\Local\{FFBFEC34-F9A4-4CDE-9F9C-918C6DA99239}
O43 - CFD: 11/06/2012 - 22:34:47 - [0,014] R---D C:\Users\LAHLAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 12/07/2012 - 17:05:09 - [0,000] R---D C:\Users\LAHLAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 07/06/2012 - 19:46:54 - [0,004] ----D C:\Users\LAHLAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 14/07/2009 - 05:37:42 - [0,001] R---D C:\Users\LAHLAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 25/08/2012 - 00:13:44 - [0,001] R---D C:\Users\LAHLAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 07/06/2012 - 19:43:35 - [0,003] ----D C:\Users\LAHLAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 27/07/2012 - 02:12:52 - [0,002] ----D C:\Users\LAHLAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YouWave_Android
~ Scan Program Folder in 00mn 01s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.ABCE745D0525E76FF8DC1D30020BA30A] - 24/08/2012 - 23:32:04 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1987576]
O44 - LFC:[MD5.230A2A30E52B926C20BEA4FB5185D99F] - 24/08/2012 - 23:02:34 ---A- . (...) -- C:\Windows\System32\perfc00C.dat [127070]
O44 - LFC:[MD5.4C8C85F475FDFCDC75CB7A57041F2FEF] - 24/08/2012 - 23:02:34 ---A- . (...) -- C:\Windows\System32\perfh00C.dat [684954]
O44 - LFC:[MD5.2107323DDCA34951DDB60574E248296D] - 24/08/2012 - 23:02:33 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1524562]
O44 - LFC:[MD5.5C44FF27BD6075D8847862E56B3E6281] - 24/08/2012 - 23:02:33 ---A- . (...) -- C:\Windows\System32\perfc009.dat [103568]
O44 - LFC:[MD5.444C7A1B32839A2454353F3F1342DB5D] - 24/08/2012 - 23:02:33 ---A- . (...) -- C:\Windows\System32\perfh009.dat [607190]
O44 - LFC:[MD5.3F2E1B9E00700FD9C811A015C8C9CAD6] - 24/08/2012 - 22:56:19 ---A- . (...) -- C:\Windows\setupact.log [33450]
O44 - LFC:[MD5.395203D7819B123F63033AAD123404A4] - 24/08/2012 - 22:56:17 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.A27717AEAA6C9A32BBF5ABDCD3110AED] - 23/08/2012 - 18:57:49 ---A- . (...) -- C:\PhysicalMBR.bin [512]
O44 - LFC:[MD5.185C8D1612EF2583367D26A098BD6585] - 23/08/2012 - 18:43:45 ---A- . (...) -- C:\AdwCleaner[S2].txt [1188]
O44 - LFC:[MD5.FAE887176E7333059BE1DA90AEC7046F] - 23/08/2012 - 18:37:24 ---A- . (...) -- C:\AdwCleaner[S1].txt [11117]
O44 - LFC:[MD5.C1258ADCBE6E51A3C06C234D2BDB81B5] - 22/08/2012 - 21:15:19 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [23424]
O44 - LFC:[MD5.A259D3619AA23D4562581067F85E2006] - 22/08/2012 - 21:15:19 ---A- . (.Huawei Technologies Co., Ltd. - USB Modem/Serial Device Driver.) -- C:\Windows\System32\Drivers\ewusbdev.sys [101120]
O44 - LFC:[MD5.1FC7A63148E4F2BD831DAB0DC732026D] - 22/08/2012 - 21:15:19 ---A- . (.Huawei Technologies Co., Ltd. - USB Modem/Serial Device Driver.) -- C:\Windows\System32\Drivers\ewusbmdm.sys [103168]
O44 - LFC:[MD5.DAFC7E1B2FFA35CCBDDF95AE3E31BFAE] - 22/08/2012 - 21:15:19 ---A- . (.Huawei Technologies Co., Ltd. - USB NDIS Miniport Driver.) -- C:\Windows\System32\Drivers\ewusbnet.sys [201168]
O44 - LFC:[MD5.3E14D581240C282AF722211F9E710B98] - 16/08/2012 - 20:58:21 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [409752]
~ Scan Files in 00mn 02s



---\\ Safe Boot Control (O49) (None)

---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{081df1fb-b701-11e1-a5cd-74de2bbf8989}\AutoRun\command. (...) -- G:\Système_Windows\Installer.exe (.not file.)
O51 - MPSK:{1f0a9d5b-b0b5-11e1-958b-806e6f6e6963}\AutoRun\command. (...) -- F:\DriverPackSolution.exe (.not file.)
O51 - MPSK:{5cb1e378-b0e9-11e1-870e-e4115bfe15b6}\AutoRun\command. (...) -- G:\Système_Windows\Installer.exe (.not file.)
O51 - MPSK:{b57feec6-ec95-11e1-b09c-74de2bbf8989}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- G:\AutoRun.exe
O51 - MPSK:{b57feed8-ec95-11e1-b09c-e4115bfe15b6}\AutoRun\command. (.Huawei Technologies Co., Ltd. - AutoRun.) -- G:\AutoRun.exe
~ Scan Keys in 00mn 00s



---\\ ShareTools MSconfig StartupReg (SMSR) (O53) (None)

---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Scan Drivers in 00mn 00s



---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: OTL - (.OldTimer.)
~ Scan ADS in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe
~ Scan Keys in 00mn 00s



---\\ Start Menu Internet (SMI) (O68) (None)

---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {7F4EFF06-7032-458e-AE16-1C1D8255C28A} [DefaultScope] - (Speedbit) - http://home.speedbit.com
O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Yahoo!) - https://fr.search.yahoo.com/
~ Scan Keys in 00mn 00s



---\\ Search Svchost Services (SSS) (O83) (None)

---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.EEED00B783C2E091EF4989A9BA8D3567] [SPRF][17/08/2012] (...) -- C:\ProgramData\Config.dat [4424]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][12/06/2012] (...) -- C:\Users\LAHLAL\AppData\Local\Temp\.exe [0]
[MD5.ED92900BF225E26A4E54C2C14FA1424F] [SPRF][07/12/2011] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\LAHLAL\AppData\Local\Temp\ApnIC.dll [246440]
[MD5.C36923084822C017F69396418A999D39] [SPRF][07/12/2011] (.Ask.com - AskStub Application.) -- C:\Users\LAHLAL\AppData\Local\Temp\ApnStub.exe [143240]
[MD5.197215658B8015182192E1EBCA3BBCC3] [SPRF][25/06/2012] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\LAHLAL\AppData\Local\Temp\AskSLib.dll [246440]
[MD5.FB70D69F12DF73B1366FCDEADB47430C] [SPRF][02/03/2012] (...) -- C:\Users\LAHLAL\AppData\Local\Temp\cabex.dll [94208]
[MD5.710626F0C8B94C9CF89458409E3EE12E] [SPRF][12/06/2012] (.Conduit - No comment.) -- C:\Users\LAHLAL\AppData\Local\Temp\conduitinstaller.exe [211792]
[MD5.7E7FE499F1DD1CAABCD560B8ECEF17A2] [SPRF][23/08/2009] (.Huawei Technologies Co., Ltd. - DataCard_Setup.) -- C:\Users\LAHLAL\AppData\Local\Temp\DataCard_Setup.exe [143360]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][12/06/2012] (...) -- C:\Users\LAHLAL\AppData\Local\Temp\default.exe [0]
[MD5.9FF6616CA578309A3047010A822657BC] [SPRF][11/06/2012] (...) -- C:\Users\LAHLAL\AppData\Local\Temp\defaultCache.reg [962860]
[MD5.79FD05DD0B394D568424D0503FD86F39] [SPRF][30/06/2012] (...) -- C:\Users\LAHLAL\AppData\Local\Temp\fp_pl_pfs_installer-1.exe [2512394]
[MD5.C1A2ED83C1C064BE6308D5517185FBDB] [SPRF][27/06/2012] (...) -- C:\Users\LAHLAL\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe [254]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [SPRF][12/06/2012] (...) -- C:\Users\LAHLAL\AppData\Local\Temp\IWantThis.exe [0]
[MD5.A8E12D3B978FAA1C62CEC2A0A26F9750] [SPRF][11/06/2012] (.Microsoft Corporation - AntiMalware Definition Update.) -- C:\Users\LAHLAL\AppData\Local\Temp\mpam-49eb0918.exe [6152192]
[MD5.5A432A042DAE460ABE7199B758E8606C] [SPRF][28/10/2006] (.Microsoft Corporation - Office Source Engine.) -- C:\Users\LAHLAL\AppData\Local\Temp\ose00000.exe [145184]
[MD5.BC0D93D7AEC1A9CD84EF1EE0092A83A7] [SPRF][20/02/2008] (...) -- C:\Users\LAHLAL\AppData\Local\Temp\ResetDevice.exe [7168]
[MD5.5A8FB4C5F12D8BE07E099FA52131466B] [SPRF][14/05/2012] (...) -- C:\Users\LAHLAL\AppData\Local\Temp\RunWizards.exe [129720]
[MD5.EEF7CA63B8E0638E3BFBB27A41B7701B] [SPRF][11/12/2011] (.SPEEDbit Ltd. - SPEEDbit Video Downloader Setup.) -- C:\Users\LAHLAL\AppData\Local\Temp\svd_dap.exe [265424]
[MD5.796A3CBE4FDC0C34CFB2E6AC2E76BD33] [SPRF][10/05/2010] (...) -- C:\Users\LAHLAL\AppData\Local\Temp\SysConfig.dat [1364]
[MD5.E681D607655033B1F9E4E20A5BFC975D] [SPRF][
0
Réponse 3 / 22
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
Modifié par Fish66 le 25/08/2012 à 09:56
Bonjour,
1/
Copie tout le texte présent en gras ci-dessous ( tu le selectionnes avec ta souris / Clique droit dessus et choisis "copier" ou fait Ctrl+C )



[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.) => Toolbar.Ask
[MD5.ED92900BF225E26A4E54C2C14FA1424F] [SPRF][07/12/2011] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\LAHLAL\AppData\Local\Temp\ApnIC.dll [246440]
[MD5.C36923084822C017F69396418A999D39] [SPRF][07/12/2011] (.Ask.com - AskStub Application.) -- C:\Users\LAHLAL\AppData\Local\Temp\ApnStub.exe [143240]
[MD5.197215658B8015182192E1EBCA3BBCC3] [SPRF][25/06/2012] (.Ask.com - AskIC Dynamic Link Library.) -- C:\Users\LAHLAL\AppData\Local\Temp\AskSLib.dll [246440]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] => SpeedBit Video Downloader
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] => SpeedBit Video Downloader
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}] => SpeedBit Toobar
[MD5.00000000000000000000000000000000] [APT] [Microsoft Antimalware Scheduled Scan] (...) -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe (.not file.)
[MD5.710626F0C8B94C9CF89458409E3EE12E] [SPRF][12/06/2012] (.Conduit - No comment.) -- C:\Users\LAHLAL\AppData\Local\Temp\conduitinstaller.exe [211792]


EmptyCLSID




Puis Lance ZHPFix depuis le raccourci du bureau .

* Une fois l'outil ZHPFix ouvert , clique sur le bouton [ H ] ( "coller les lignes Helper" ) .

* Dans l'encadré principal tu verras donc les lignes que tu as copié précédemment apparaitrent .

Vérifie que toutes les lignes que je t'ai demandé de copier (et seulement elles) sont dans la fenêtre.

Clique sur le bouton GO

Copie/Colle le rapport à l'écran dans ton prochain message.

2/

* Telecharge et install link officiel : >>>USBFix ICI<<<
ou : >>> ICI <<<

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

* Double clique sur le raccourci UsbFix sur ton Bureau (clique droit avec la souris

:exécuter en tant qu'administrateur pour vista/seven), l'installation se fera

automatiquement

* Clique sur "Recherche"
* Laisse travailler l'outil

* A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur : C:\UsbFix.txt )




_ _ _ Fish66_ _ _ I''"""""I_ _ membre contributeur sécurité_ _I''"""""I_ _ _
¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤
0
Réponse 4 / 22
universal 01 Messages postés 14 Date d'inscription vendredi 24 août 2012 Statut Membre Dernière intervention 23 décembre 2012
25 août 2012 à 15:08
1/ voilà le rapport ZHPFix :


Rapport de ZHPFix 1.2.07 par Nicolas Coolman, Update du 20/07/2012
Fichier d'export Registre :
Run by LAHLAL at 25/08/2012 13:32:21
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
Web site : http://nicolascoolman.skyrock.com/

========== Memory Process ==========
DELETED Memory Process: C:\Users\LAHLAL\AppData\Local\Temp\ApnStub.exe
DELETED Memory Process: C:\Users\LAHLAL\AppData\Local\Temp\conduitinstaller.exe

========== Memory Module ==========
DELETED Memory Module: C:\Users\LAHLAL\AppData\Local\Temp\ApnIC.dll
DELETED Memory Module: C:\Users\LAHLAL\AppData\Local\Temp\AskSLib.dll

========== Registry Key ==========
DELETED Key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
DELETED Key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
DELETED Key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}

========== Repertory ==========
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{00BEDF34-1917-46D3-887A-20CA49DBBAC2}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{0175DB88-E632-4470-883E-C3C54393995A}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{01A635EB-8B29-477C-81F7-D05AE84729B2}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{0357B9FA-A191-49FB-9ECB-9CBFF898D230}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{04A23542-F73F-41F6-BDAC-77262C040088}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{06A1486C-F54B-4C5F-BB9D-273C7C78893F}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{0785426C-B2BF-4CB0-A707-8B537409383A}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{09FC7AA4-59A5-4103-B894-A9ABC671C1BD}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{0BA4B282-AC56-4DCB-92DA-12FFE4788989}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{0C070647-B961-47F7-B826-02C88169D443}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{0FB7EF72-99AD-4905-83B2-C24FB547EF63}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{0FC4A3E1-95AA-4DA3-9549-40300C0F9C02}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{0FE7A10C-F186-46D7-8D0E-83A7F555A5C1}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{12682CFC-0B15-4594-8A90-55CD79193A5E}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{12989F44-863A-4BAB-B7EE-548AAC93CF00}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{1406CA31-0DAA-45EC-9FD1-1302B4E5E3BB}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{1714AD2A-CEB4-4979-B678-619B95915EF7}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{1A26AB9B-CC62-4D67-BAC8-41F3BCBCA8BD}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{1CC046DA-4238-4E09-B7C0-F559F2D21EFF}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{1D1C4116-E450-4F0C-8A41-2750F8F88ED0}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{1D635F6E-010A-411F-9B3B-37F95BF33D22}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{1D836E48-7898-4616-BAD2-8693A30B7BCE}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{1DA6D153-5500-425D-ACA7-E947DDB81D8B}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{1F29E562-D479-451B-8A14-24458CB80BF2}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{20E56603-E11F-415D-A5C5-E2C821EB76EE}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{22C86B12-7164-4296-96D3-415C46AB6D20}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{25341B13-3ACD-4637-8646-7633DCD0B970}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{25F43F4B-FC1C-4498-B107-B7F2F6F489FA}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{293C5C66-4823-4FA6-8DFF-7AF2DE104166}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{2A1920CA-CF88-4635-97C3-0E5A34622F01}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{2CA0E0C1-51C9-415F-82F0-329B3E2D711F}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{2F9410CF-BF02-4E0A-A20B-8ED888EEAAC4}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{30C74101-6C00-4174-991D-FF6384D1E5C9}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{35A972AD-A960-42D4-845D-E9D1AF0C06AC}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{36803783-9E24-481A-B4DC-16CB01E25954}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{37A916AA-5175-426B-8938-18B82E29287E}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{3970AC47-F9FD-4513-BE3D-50541202ABEA}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{39D1CF5B-EA3F-4B27-AA7B-E53AE206B61E}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{3D67B711-A268-45E3-A7CB-4604B7605BF7}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{420C7003-CF0A-47DA-89CC-B1920FBA9E41}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{444B981A-4173-4FEE-BB5D-4FF749170F6C}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{463C9AC9-9C17-4B63-84F1-57D620266303}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{466F1869-B75B-4AD0-8EE2-E118225BC797}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{46D7E230-4F75-4482-88C3-0C4894A6BFC7}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{4736F307-2DC6-4B2F-9C36-337430584859}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{47EF6329-2425-4B11-BFE6-18119765235A}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{4A338771-4C76-439C-AC20-77D552F4B345}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{4AE731A5-15A1-4F33-B933-F55CD30F733B}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{4D1DD7D1-939D-4E27-81D7-143BEDF3F432}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{4D6C1F6B-BEE9-46BD-9D4F-923D90B9A368}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{4E854A11-E89E-4C69-9A81-F87437784769}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{523AD8EB-2981-482D-B4F1-6D866CDCBABD}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{52696C27-AE09-4139-9843-7D243328D20A}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{52896432-91DB-40B8-8FC2-83E0DB6129BC}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{5599A751-8E53-4E25-83C0-352D7859EC60}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{58099C80-AE7D-40F4-8CD0-5022C6A259BF}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{58A1A077-CC31-4C88-B842-C04D981F7736}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{59F9A892-82B2-4B46-B963-2FA2B6F8A781}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{5FBD4356-B177-4D6A-8391-6FC22AC4B4B8}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{61A750CA-D2AA-46FD-B20B-CB1DEB3A8AC6}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{6257A2DE-FBA0-491B-8C63-DB02519DE29B}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{631CE323-051D-4AFF-AE33-6670789B8AF8}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{635779D2-FB03-4DD4-95E1-4FB60DA61235}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{63B287A4-D802-47A3-97D3-190B807A552D}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{66DE1DA7-EA95-49C5-A115-6191DA663FDB}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{68217082-F611-4E77-8F7D-E89330CE25B3}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{69800A76-7B99-43AE-A9F1-A03413DBC069}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{6AC2F893-CC2A-49BB-A807-41FA58208E8A}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{6C0C6003-2E7B-463F-8B22-C9CD5A465957}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{6E78C30E-2AE2-482A-91E3-0298B488661F}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{6FE3865D-D2B3-48FE-B202-9BD67AA8870B}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{701BDDA8-7733-4005-98EB-A01C2C313D96}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{7091C589-A9E1-4D76-82B1-FD10AE917B1F}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{713E2F45-4886-45C1-93BF-9C5CD5D7E5ED}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{718B8A1E-7C33-4A4C-B227-E86995F8368C}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{722A9A59-5265-47F8-A5DD-FEB58AF494DF}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{72FEF891-9932-490A-88AF-10BDB99951CD}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{75FCCA7E-21EB-4B3E-821B-A13D2F05E0D3}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{7606A492-39C1-4D18-BFAD-3B7892AA3EFE}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{78431D32-43BE-43FB-A350-EA151195DEA3}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{798B7018-5DFC-4745-86A4-4687FFA77623}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{7B37BBC8-D8F7-478A-9814-0C0F4C99B647}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{7C1F48C1-CA08-4BC9-AFC3-EB20AB7EFC2A}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{7D5CE7E9-6509-4BC7-8F95-B90591733CC1}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{80EFBBCE-4090-48F1-8549-6B625625CDFA}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{821E5AAD-DFAF-4879-B285-B735F66C02F8}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{83095DAB-4A91-4C92-9AE3-38DFAD908248}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{84DBD2A8-0F0A-4B40-9038-68FBFC1D4D2C}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{853B862C-54A1-4069-AD70-A48FDF8CDDC7}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{86490240-4ECF-4B77-A550-B51715D43286}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{88B4DCB9-6D39-4765-8025-368107F899D2}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{8A76C095-6362-4FC1-B9A3-74C27F2779AB}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{8ABBE1FF-BA50-4BAC-BEC9-DAC025928D4B}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{8AE09AC6-2D24-4EF2-B535-9938260FFF78}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{8D0D33A9-0A75-4242-B40C-F9A1DE152D08}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{8D3AF400-2859-4680-B9EE-26FE150EE811}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{9089DDBA-9A5E-4877-802C-A8AF4C1C7AC8}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{90D04BA4-625E-4B5E-9A7F-6B78DFAF8CB7}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{92FAA424-AA1D-4E90-B352-128C4A427FB1}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{94E05E97-95CE-4D79-8692-81D3D15283E9}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{959D9DC4-A2E1-4763-87C8-62453DAC5815}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{95B97D92-00FE-477C-92BE-12D9B0CA69C2}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{97D61C40-03B2-4316-B34A-DF734A466BBA}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{9A120B7F-4785-4427-84F5-7216E0A00A1D}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{9E577FF5-E6FD-4C21-94AA-B16F65AB93E9}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{9E6E4F89-0407-4EFB-9BE2-8D13CEECCB37}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{9EE45A66-8513-4C36-9511-55C92944FA61}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{9FE95E4C-0F40-458B-9688-A7300EB1EA3C}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{A246996B-209D-48EA-A228-0AD0C0E1F47A}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{A43378AA-5A08-4C34-958E-B9B74146E146}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{A469D93F-4608-4A09-83A9-E6F7B32C7098}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{A7A35700-9FA1-44BD-86EE-DA4A2DDA1CF0}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{A9D2EBCB-84E3-46FE-874F-C15E10A86F5A}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{ABB7D695-E4D8-4DD4-AECF-64F9C43E3CE9}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{ACC34DE1-569E-4802-9773-00BD23888596}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{AD3E779A-CD04-471B-B2F3-854DEB744529}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{AE4166F0-66FC-4A40-B0FF-7EF94BB0B780}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{AF542942-EF8C-43B1-AE93-808960E6BD8F}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{AFB9BA4D-38B3-445F-94C3-A13F25985429}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{B0870F07-88C0-4FDA-98B6-39CF4A21F818}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{B099F2CF-7B5E-4FE8-96A1-7AEDF04E0106}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{B1255DFC-3B33-498C-A426-50A5C02A3590}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{B152380D-B5D0-44E2-A142-C305FD58EDCC}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{B2C5D76F-6F98-4D1F-A389-B27ECAF85D48}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{B4933827-B506-45A3-97B6-4A6A86BAB34E}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{B5B136E0-1FAF-46DE-BC8D-6493F229D048}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{B90204F9-4B11-43E3-9F4C-323D7E3473B0}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{BA536F2C-0CC3-43DA-B7DD-733D8869A0B3}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{BBF7931C-CCFF-4065-BB8A-68E2A63B65D4}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{BC985D12-00B2-4CDD-9AEC-5FA6FBDF9CDD}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{BCC97885-B5EC-4D47-B762-D9268ED55787}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{BE4A9F4E-E57E-4E16-9638-10F151009464}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{BF148DA9-4633-4C6B-9D45-F63DB11E529C}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{C2B46F3D-CD06-4DDF-8045-D42C62031BC7}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{C3B411B4-5CD0-4A15-95C9-897657B54FBA}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{C91C7659-73C5-4BBE-954A-A9000C3022DF}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{C9320910-34C2-4267-A52F-DC40E542669C}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{C934F8A6-B45D-4CC4-9D3E-F7F75392CC10}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{C9C6DCB9-C5D7-46B8-A6A2-DF731FF7A297}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{CD653D87-B330-40BB-B45C-C72D28889780}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{CF0B4BDB-4043-457F-ADF3-1E83ED00766A}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{D0084CE1-68B6-42C5-B8F1-B37846827988}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{D06D65F7-5705-4F4E-B73B-1AB89FFF40D4}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{D2B613BF-5367-473D-A69D-7ACC28CFCD23}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{D3046C0B-3688-4DB7-A49D-0B9DAEFFB319}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{D356449E-9FA6-45C8-9442-8FA3893BBB09}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{D3F8E2DB-5F7F-400F-BF56-E39342F80147}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{D40AF4E8-57E0-486A-9853-765833E08F45}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{D6CA3D3B-114B-45C7-B6DF-ACFC0B9FA478}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{D841EAE7-343A-4817-990F-FD9C8D0065B4}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{D8896D63-7E88-49B4-A642-8A25DEF444D8}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{DA0F8621-1835-4735-B9DC-3E6AF69DA283}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{DB4748B2-EF51-4FDC-AEA1-EF9F4DF275DA}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{E0C5AB6B-73CA-4745-9E4E-1FABCDD8CB1A}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{E29BA777-873C-4DE8-87D1-05B3B424E618}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{E2BADF18-F775-410A-A9A9-203BEF2CD89D}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{E83C1135-DA4D-4D70-8469-776FC18F794C}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{E976DBAD-17F7-4609-A5A8-C1B9D70942DF}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{ED365A5B-C986-4BEB-B1E1-3FC094529CE3}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{EDFC701C-F3DE-41DC-8DE3-96E30FA4852C}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{F1BBE456-3E2E-40D1-905B-B57DE499558A}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{F3018AF4-C9C4-4F02-A200-2DBEE6AEB45B}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{F376B3A1-40B6-4E45-9528-2537462E51D8}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{F3EDDA93-AC95-48A9-9F2D-7E09AED3CA6B}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{F7A5D25E-3FB9-4BB2-B1E5-1686D90B246C}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{F86501C2-195D-4EA8-8DC7-7B0D9148D1D1}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{F8E1D0DB-9A7C-45FC-9008-5BB3749C41CE}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{F94AA970-685F-45F8-BE21-C9EE3B229FFD}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{F9F6878F-77C5-4B97-84D4-A77BF3CD425C}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{FA1A347D-7BA6-4B10-BB18-26A5B1E80053}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{FA4F0BA6-3C15-4A37-944D-A5DBDC6EA299}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{FDE688EA-5E12-4D8E-8E4B-FB69C8D6F6E5}
DELETED Folder: C:\Users\LAHLAL\AppData\Local\{FFBFEC34-F9A4-4CDE-9F9C-918C6DA99239}

========== File ==========
DELETED File: c:\users\lahlal\appdata\local\temp\apnic.dll
DELETED File: c:\users\lahlal\appdata\local\temp\apnstub.exe
DELETED File: c:\users\lahlal\appdata\local\temp\askslib.dll
DELETED File*: c:\users\lahlal\appdata\local\temp\conduitinstaller.exe

========== Task ==========
DELETED Task: Scheduled Update for Ask Toolbar
DELETED Task: Microsoft Antimalware Scheduled Scan


========== Summary ==========
2 : Memory Process
2 : Memory Module
3 : Registry Key
173 : Repertory
4 : File
2 : Task


End of clean in 00mn 18s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 25/08/2012 13:32:21 [16574]

2/ et voilà le rapport UsbFix

############################## | UsbFix V 7.096 | [Recherche]

Utilisateur: LAHLAL (Administrateur) # LAHLAL-PC
Mis à jour le 15/08/2012 par El Desaparecido
Lancé à 13:51:54 | 25/08/2012

Site Web: https://www.sosvirus.net/
Forum: http://forum.eldesaparecido.com
Fichier suspect ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: Hewlett-Packard (HP 630 Notebook PC ) (X86-based PC) # Notebook
CPU: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz (2399)
RAM -> [Total : 2998 | Free : 1749]
BIOS: Default System BIOS
BOOT: Normal boot

OS: Microsoft Windows 7 Edition Intégrale (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: ESET Smart Security 5.0 [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 98 Go (70 Go libre(s) - 72%) [] # NTFS
D:\ -> Disque fixe # 196 Go (196 Go libre(s) - 100%) [] # NTFS
E:\ -> Disque fixe # 172 Go (172 Go libre(s) - 100%) [] # NTFS
F:\ -> CD-ROM
G:\ -> CD-ROM

################## | Processus Actif |

C:\Windows\system32\csrss.exe (492)
C:\Windows\system32\wininit.exe (552)
C:\Windows\system32\csrss.exe (560)
C:\Windows\system32\services.exe (616)
C:\Windows\system32\lsass.exe (624)
C:\Windows\system32\lsm.exe (632)
C:\Windows\system32\winlogon.exe (688)
C:\Windows\system32\svchost.exe (772)
C:\Windows\system32\svchost.exe (852)
C:\Windows\System32\svchost.exe (944)
C:\Windows\System32\svchost.exe (976)
C:\Windows\system32\svchost.exe (1008)
C:\Windows\system32\svchost.exe (1164)
C:\Windows\system32\svchost.exe (1260)
C:\Windows\system32\WLANExt.exe (1384)
C:\Windows\system32\conhost.exe (1400)
C:\Windows\system32\svchost.exe (1476)
C:\Windows\System32\spoolsv.exe (1632)
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (1736)
C:\Program Files\Modem OT-X080C\DataCardService.exe (1760)
C:\Program Files\ESET\ESET Smart Security\ekrn.exe (1804)
C:\Program Files\Modem OT-X080C\BGService.exe (1816)
C:\Program Files\Microsoft\BingBar\SeaPort.EXE (1860)
C:\Windows\system32\svchost.exe (1924)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1992)
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2032)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (120)
C:\Windows\system32\svchost.exe (2124)
C:\Windows\system32\taskeng.exe (2348)
C:\Windows\system32\Dwm.exe (2380)
C:\Windows\system32\taskhost.exe (2388)
C:\Windows\Explorer.EXE (2416)
C:\Windows\System32\hkcmd.exe (2692)
C:\Windows\System32\igfxpers.exe (2736)
C:\Program Files\Real\RealPlayer\Update\realsched.exe (2752)
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (2800)
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (2820)
C:\Program Files\ESET\ESET Smart Security\egui.exe (2828)
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (2932)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (2944)
C:\Program Files\Athan\Athan.exe (3168)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (3176)
C:\Program Files\Windows Sidebar\sidebar.exe (3220)
C:\Program Files\DAP\DAP.exe (3332)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (3440)
C:\Windows\system32\svchost.exe (3656)
C:\Windows\system32\SearchIndexer.exe (3944)
C:\Windows\system32\WUDFHost.exe (2704)
C:\Program Files\Internet Mobile\Internet Mobile.exe (3032)
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (5432)
C:\Windows\System32\svchost.exe (5936)
C:\Windows\system32\wbem\wmiprvse.exe (4804)
C:\Windows\system32\wuauclt.exe (5712)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (4440)
C:\Program Files\Windows Media Player\wmplayer.exe (5328)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (4700)
C:\Windows\system32\taskhost.exe (6704)
C:\Program Files\Mozilla Firefox\firefox.exe (7044)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7368)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7504)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7508)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7524)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7576)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7672)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7696)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7700)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (6544)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (4460)
C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe (8096)
C:\UsbFix\Go.exe (5032)

################## | Eléments infectieux |

Présent! C:\Users\LAHLAL\AppData\Local\Temp\DataCard_Setup.exe
Présent! C:\Users\LAHLAL\AppData\Local\Temp\ose00000.exe
Présent! D:\install.exe
Présent! G:\AutoRun.exe
Présent! G:\DataCard_Setup.exe
Présent! G:\DataCard_Setup64.exe
Présent! C:\Users\LAHLAL\AppData\Local\Temp\.exe
Présent! G:\AutoRun.exe
Présent! G:\AUTORUN.INF

################## | Registre |


################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\G
Shell\AutoRun\Command = G:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{081df1fb-b701-11e1-a5cd-74de2bbf8989}
Shell\AutoRun\Command = G:\Système_Windows\Installer.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{1f0a9d5b-b0b5-11e1-958b-806e6f6e6963}
Shell\AutoRun\Command = F:\DriverPackSolution.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{5cb1e378-b0e9-11e1-870e-e4115bfe15b6}
Shell\AutoRun\Command = G:\Système_Windows\Installer.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{b57feec6-ec95-11e1-b09c-74de2bbf8989}
Shell\AutoRun\Command = G:\AutoRun.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{b57feed8-ec95-11e1-b09c-e4115bfe15b6}
Shell\AutoRun\Command = G:\AutoRun.exe



################## | Vaccin |

(!) Cet ordinateur n'est pas vacciné!

################## | E.O.F |



et maintenant qu'es que je dois faire???
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
25 août 2012 à 15:22
Salut,
1/
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

* Double clique sur le raccourci UsbFix sur ton Bureau (clique droit avec la souris

:exécuter en tant qu'administrateur pour vista/seven), l'installation se fera

automatiquement

* Clique sur "Suppression"
* Laisse travailler l'outil

* A la fin, le rapport va s'afficher : poste le dans ta prochaine réponse (il est aussi sauvegardé a la racine du disque dur : C:\UsbFix.txt )

2/
/!\ ATTENTION : cette analyse peut durer quelques heures /!\

* Télécharge MBAM et installe le selon l'emplacement par défaut
https://www.malwarebytes.com/mwb-download/
* Installe-le puis configure-le comme indiqué : <<< ICI >>>
* si tu n'as rien modifié fais directement quitter sinon enregistrer
* Lance Malwarebytes' Anti-Malware

=================================
Si MBAM est déjà installé, aller directement à la mise à jour puis à l'analyse.

==> Ce logiciel gratuit est à garder.

=================================

* Fais la mise à jour
* Clique dans l'onglet "Recherche"
* Coche l'option "Exécuter un examen complet" puis sur le bouton "Rechercher"
* Choisis de scanner tous tes disques durs, puis clique sur 'Lancer l'examen"

A la fin de l'analyse, si MBAM n'a rien trouvé :

* Clique sur OK, le rapport s'ouvre spontanément

Si des menaces ont été détectées :

* Clique sur OK puis "Afficher les résultats"
*Vérifie que toutes les lignes sont cochées
* Choisis l'option "Supprimer la sélection"
* Si MBAM demande le redémarrage de Windows : Clique sur "Oui"
* Le rapport s'ouvre automatiquement après la suppression, il se trouve aussi dans l'onglet "Rapports/Logs"

* Copie/colle le rapport dans le prochain message


Remarque :
- S'il y'a un problème de mise à jour de mbam, tu peux la faire manuellement en téléchargeant ce fichier puis en l'exécutant.


0
Réponse 6 / 22
universal 01 Messages postés 14 Date d'inscription vendredi 24 août 2012 Statut Membre Dernière intervention 23 décembre 2012
25 août 2012 à 17:43
bon jour, voilà j'ai deux rapport ds l'anglet rapports/logs, voici le premier:


Malwarebytes Anti-Malware (Essai) 1.62.0.1300
www.malwarebytes.org

Version de la base de données: v2012.08.25.04

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
LAHLAL :: LAHLAL-PC [administrateur]

Protection: Activé

25/08/2012 15:15:32
mbam-log-2012-08-25 (15-15-32).txt

Type d'examen: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 298496
Temps écoulé: 45 minute(s), 6 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 2
C:\Users\LAHLAL\AppData\Local\Temp\01net\01NET.com.exe (PUP.Toolbar.Repacked) -> Mis en quarantaine et supprimé avec succès.
C:\Users\LAHLAL\Downloads\oovoo_telechargement_01net.exe (PUP.Toolbar.Repacked) -> Mis en quarantaine et supprimé avec succès.

(fin)



et le deuxieme c'est juste la liste ds dates des messages; qu'es que je dois faire maintenant
0
Réponse 7 / 22
universal 01 Messages postés 14 Date d'inscription vendredi 24 août 2012 Statut Membre Dernière intervention 23 décembre 2012
25 août 2012 à 17:51
et merci encr pour votre aide
0
Réponse 8 / 22
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
25 août 2012 à 17:51
Il manque le rapport Delfix (mode suppression) , il se trouve ici : C:\UsbFix.txt
0
Réponse 9 / 22
universal 01 Messages postés 14 Date d'inscription vendredi 24 août 2012 Statut Membre Dernière intervention 23 décembre 2012
25 août 2012 à 18:04
celui ci????



############################## | UsbFix V 7.096 | [Suppression]

Utilisateur: LAHLAL (Administrateur) # LAHLAL-PC
Mis à jour le 15/08/2012 par El Desaparecido
Lancé à 14:55:45 | 25/08/2012

Site Web: https://www.sosvirus.net/
Forum: http://forum.eldesaparecido.com
Fichier suspect ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: Hewlett-Packard (HP 630 Notebook PC ) (X86-based PC) # Notebook
CPU: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz (2399)
RAM -> [Total : 2998 | Free : 1509]
BIOS: Default System BIOS
BOOT: Normal boot

OS: Microsoft Windows 7 Edition Intégrale (6.1.7600 32-Bit) #
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: ESET Smart Security 5.0 [Enabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Disque fixe # 98 Go (70 Go libre(s) - 72%) [] # NTFS
D:\ -> Disque fixe # 196 Go (196 Go libre(s) - 100%) [] # NTFS
E:\ -> Disque fixe # 172 Go (172 Go libre(s) - 100%) [] # NTFS
F:\ -> CD-ROM
G:\ -> CD-ROM

################## | Processus Actif |

C:\Windows\system32\csrss.exe (492)
C:\Windows\system32\wininit.exe (552)
C:\Windows\system32\csrss.exe (560)
C:\Windows\system32\services.exe (616)
C:\Windows\system32\lsass.exe (624)
C:\Windows\system32\lsm.exe (632)
C:\Windows\system32\winlogon.exe (688)
C:\Windows\system32\svchost.exe (772)
C:\Windows\system32\svchost.exe (852)
C:\Windows\System32\svchost.exe (944)
C:\Windows\System32\svchost.exe (976)
C:\Windows\system32\svchost.exe (1008)
C:\Windows\system32\svchost.exe (1164)
C:\Windows\system32\svchost.exe (1260)
C:\Windows\system32\WLANExt.exe (1384)
C:\Windows\system32\conhost.exe (1400)
C:\Windows\system32\svchost.exe (1476)
C:\Windows\System32\spoolsv.exe (1632)
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (1736)
C:\Program Files\Modem OT-X080C\DataCardService.exe (1760)
C:\Program Files\ESET\ESET Smart Security\ekrn.exe (1804)
C:\Program Files\Modem OT-X080C\BGService.exe (1816)
C:\Program Files\Microsoft\BingBar\SeaPort.EXE (1860)
C:\Windows\system32\svchost.exe (1924)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1992)
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2032)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (120)
C:\Windows\system32\svchost.exe (2124)
C:\Windows\system32\taskeng.exe (2348)
C:\Windows\system32\Dwm.exe (2380)
C:\Windows\system32\taskhost.exe (2388)
C:\Windows\Explorer.EXE (2416)
C:\Windows\System32\hkcmd.exe (2692)
C:\Windows\System32\igfxpers.exe (2736)
C:\Program Files\Real\RealPlayer\Update\realsched.exe (2752)
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (2800)
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (2820)
C:\Program Files\ESET\ESET Smart Security\egui.exe (2828)
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (2932)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (2944)
C:\Program Files\Athan\Athan.exe (3168)
C:\Program Files\Common Files\Java\Java Update\jusched.exe (3176)
C:\Program Files\Windows Sidebar\sidebar.exe (3220)
C:\Program Files\DAP\DAP.exe (3332)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (3440)
C:\Windows\system32\svchost.exe (3656)
C:\Windows\system32\SearchIndexer.exe (3944)
C:\Windows\system32\WUDFHost.exe (2704)
C:\Program Files\Internet Mobile\Internet Mobile.exe (3032)
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (5432)
C:\Windows\System32\svchost.exe (5936)
C:\Windows\system32\wbem\wmiprvse.exe (4804)
C:\Windows\system32\wuauclt.exe (5712)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (4440)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7368)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7504)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7508)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7524)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7576)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7672)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7696)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7700)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (6544)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (4460)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (5052)
C:\Windows\system32\rundll32.exe (5728)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (6240)
C:\Program Files\Mozilla Firefox\firefox.exe (5008)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (988)
C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe (7708)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe (7056)
C:\Program Files\Windows Live\Contacts\wlcomm.exe (1948)
C:\UsbFix\Go.exe (4732)

################## | Processus Stoppés |

Stoppé! C:\Windows\system32\WLANExt.exe (1384)
Stoppé! C:\Windows\System32\spoolsv.exe (1632)
Stoppé! C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe (1736)
Stoppé! C:\Program Files\Modem OT-X080C\DataCardService.exe (1760)
Stoppé! C:\Program Files\ESET\ESET Smart Security\ekrn.exe (1804)
Stoppé! C:\Program Files\Modem OT-X080C\BGService.exe (1816)
Stoppé! C:\Program Files\Microsoft\BingBar\SeaPort.EXE (1860)
Stoppé! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (1992)
Stoppé! C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2032)
Stoppé! C:\Windows\system32\taskeng.exe (2348)
Stoppé! C:\Windows\system32\taskhost.exe (2388)
Stoppé! C:\Windows\System32\hkcmd.exe (2692)
Stoppé! C:\Windows\System32\igfxpers.exe (2736)
Stoppé! C:\Program Files\Real\RealPlayer\Update\realsched.exe (2752)
Stoppé! C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe (2800)
Stoppé! C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (2820)
Stoppé! C:\Program Files\ESET\ESET Smart Security\egui.exe (2828)
Stoppé! C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (2932)
Stoppé! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (2944)
Stoppé! C:\Program Files\Athan\Athan.exe (3168)
Stoppé! C:\Program Files\Common Files\Java\Java Update\jusched.exe (3176)
Stoppé! C:\Program Files\Windows Sidebar\sidebar.exe (3220)
Stoppé! C:\Program Files\DAP\DAP.exe (3332)
Stoppé! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (3440)
Stoppé! C:\Windows\system32\SearchIndexer.exe (3944)
Stoppé! C:\Windows\system32\WUDFHost.exe (2704)
Stoppé! C:\Program Files\Internet Mobile\Internet Mobile.exe (3032)
Stoppé! C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (5432)
Stoppé! C:\Windows\system32\wuauclt.exe (5712)
Stoppé! C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (4440)
Stoppé! C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7368)
Stoppé! C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7504)
Stoppé! C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7508)
Stoppé! C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7524)
Stoppé! C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7576)
Stoppé! C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7672)
Stoppé! C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7696)
Stoppé! C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (7700)
Stoppé! C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (6544)
Stoppé! C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (4460)
Stoppé! C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (5052)
Stoppé! C:\Windows\system32\rundll32.exe (5728)
Stoppé! C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe (6240)
Stoppé! C:\Program Files\Mozilla Firefox\firefox.exe (5008)
Stoppé! C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (988)
Stoppé! C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe (7708)
Stoppé! C:\Program Files\Windows Live\Messenger\msnmsgr.exe (7056)
Stoppé! C:\Program Files\Windows Live\Contacts\wlcomm.exe (1948)

################## | Eléments infectieux |

Supprimé! C:\Users\LAHLAL\AppData\Local\Temp\DataCard_Setup.exe
Supprimé! C:\Users\LAHLAL\AppData\Local\Temp\ose00000.exe
Supprimé! D:\install.exe
Non supprimé ! G:\AutoRun.exe
Non supprimé ! G:\DataCard_Setup.exe
Non supprimé ! G:\DataCard_Setup64.exe
Supprimé! C:\Users\LAHLAL\AppData\Local\Temp\.exe
Non supprimé ! G:\AutoRun.exe
Supprimé! C:\$RECYCLE.BIN\S-1-5-21-2697442829-4191816553-2403415351-1000
Supprimé! D:\$RECYCLE.BIN\S-1-5-21-2697442829-4191816553-2403415351-1000
Supprimé! E:\$RECYCLE.BIN\S-1-5-21-2697442829-4191816553-2403415351-1000
Non supprimé ! G:\AUTORUN.INF

(!) Fichiers temporaires supprimés.

################## | Registre |


################## | Mountpoints2 |

Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\G
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{081df1fb-b701-11e1-a5cd-74de2bbf8989}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{1f0a9d5b-b0b5-11e1-958b-806e6f6e6963}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{5cb1e378-b0e9-11e1-870e-e4115bfe15b6}
Supprimé! HKCU\.\.\.\.\Explorer\MountPoints2\{b57feec6-ec95-11e1-b09c-74de2bbf8989}

################## | Listing |

[25/08/2012 - 14:58:04 | SHD ] C:\$Recycle.Bin
[23/08/2012 - 18:37:24 | N | 11117] C:\AdwCleaner[S1].txt
[23/08/2012 - 18:43:45 | N | 1188] C:\AdwCleaner[S2].txt
[10/06/2009 - 22:42:20 | N | 24] C:\autoexec.bat
[10/06/2009 - 22:42:20 | N | 10] C:\config.sys
[14/07/2009 - 05:53:55 | SHD ] C:\Documents and Settings
[25/08/2012 - 12:19:19 | ASH | 2357608448] C:\hiberfil.sys
[07/06/2012 - 19:40:33 | D ] C:\Intel
[13/06/2012 - 01:22:17 | D ] C:\Macromedia
[26/06/2012 - 16:02:08 | D ] C:\Mozilla
[07/06/2012 - 19:53:17 | RHD ] C:\MSOCache
[25/08/2012 - 12:19:20 | ASH | 3143479296] C:\pagefile.sys
[14/07/2009 - 03:37:05 | D ] C:\PerfLogs
[23/08/2012 - 18:57:49 | N | 512] C:\PhysicalMBR.bin
[25/08/2012 - 00:11:06 | D ] C:\Program Files
[22/07/2012 - 16:44:38 | HD ] C:\ProgramData
[07/06/2012 - 19:32:52 | SHD ] C:\Recovery
[12/06/2012 - 16:02:38 | N | 184] C:\setup.log
[12/06/2012 - 16:29:26 | D ] C:\SWSetup
[23/08/2012 - 18:57:50 | SHD ] C:\System Volume Information
[25/08/2012 - 14:58:05 | D ] C:\UsbFix
[25/08/2012 - 14:56:26 | A | 10588] C:\UsbFix.txt
[12/06/2012 - 16:30:45 | D ] C:\Users
[23/08/2012 - 16:23:23 | D ] C:\Windows
[25/08/2012 - 13:32:21 | D ] C:\ZHP
[25/08/2012 - 14:58:04 | SHD ] D:\$RECYCLE.BIN
[07/11/2007 - 08:00:40 | N | 17734] D:\eula.1028.txt
[07/11/2007 - 08:00:40 | N | 17734] D:\eula.1031.txt
[07/11/2007 - 08:00:40 | N | 10134] D:\eula.1033.txt
[07/11/2007 - 08:00:40 | N | 17734] D:\eula.1036.txt
[07/11/2007 - 08:00:40 | N | 17734] D:\eula.1040.txt
[07/11/2007 - 08:00:40 | N | 118] D:\eula.1041.txt
[07/11/2007 - 08:00:40 | N | 17734] D:\eula.1042.txt
[07/11/2007 - 08:00:40 | N | 17734] D:\eula.2052.txt
[07/11/2007 - 08:00:40 | N | 17734] D:\eula.3082.txt
[07/11/2007 - 08:00:40 | N | 1110] D:\globdata.ini
[07/11/2007 - 08:00:40 | N | 843] D:\install.ini
[07/11/2007 - 08:03:18 | N | 76304] D:\install.res.1028.dll
[07/11/2007 - 08:03:18 | N | 96272] D:\install.res.1031.dll
[07/11/2007 - 08:03:18 | N | 91152] D:\install.res.1033.dll
[07/11/2007 - 08:03:18 | N | 97296] D:\install.res.1036.dll
[07/11/2007 - 08:03:18 | N | 95248] D:\install.res.1040.dll
[07/11/2007 - 08:03:18 | N | 81424] D:\install.res.1041.dll
[07/11/2007 - 08:03:18 | N | 79888] D:\install.res.1042.dll
[07/11/2007 - 08:03:18 | N | 75792] D:\install.res.2052.dll
[07/11/2007 - 08:03:18 | N | 96272] D:\install.res.3082.dll
[07/06/2012 - 19:41:48 | SHD ] D:\System Volume Information
[07/11/2007 - 08:00:40 | N | 5686] D:\vcredist.bmp
[07/11/2007 - 08:09:22 | N | 1442522] D:\VC_RED.cab
[07/11/2007 - 08:12:28 | N | 232960] D:\VC_RED.MSI
[25/08/2012 - 14:58:05 | SHD ] E:\$RECYCLE.BIN
[07/06/2012 - 19:41:49 | SHD ] E:\System Volume Information
[23/08/2009 - 03:42:34 | R | 143360] G:\AutoRun.exe
[01/07/2009 - 18:19:26 | R | 47] G:\AUTORUN.INF
[23/08/2009 - 03:42:34 | R | 143360] G:\DataCard_Setup.exe
[23/08/2009 - 03:43:46 | R | 206336] G:\DataCard_Setup64.exe
[19/09/2010 - 13:32:19 | D ] G:\Internet Mobile
[20/02/2008 - 22:16:48 | R | 7168] G:\ResetDevice.exe
[01/07/2009 - 18:11:56 | R | 4286] G:\Startup.ico
[10/05/2010 - 11:39:50 | R | 1364] G:\SysConfig.dat

################## | Vaccin |

C:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

################## | Upload |

Veuillez envoyer le fichier: C:\UsbFix_Upload_Me_LAHLAL-PC.zip
http://eldesaparecido.com/upload.php
Merci de votre contribution.

################## | E.O.F |
0
Réponse 10 / 22
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
Modifié par Fish66 le 25/08/2012 à 18:20
Oui, c'est lui!
Est ce que Jerecherche.org est il encore présent ?
=====================
Lance ZHPDiag depuis le bureau, lance l'analyse et héberge le rapport. colle le lien dans ta prochaine réponse


_ _ _ Fish66_ _ _ I''"""""I_ _ membre contributeur sécurité_ _I''"""""I_ _ _
¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤
0
Réponse 11 / 22
universal 01 Messages postés 14 Date d'inscription vendredi 24 août 2012 Statut Membre Dernière intervention 23 décembre 2012
25 août 2012 à 18:25
oui je le vois tjr ds google chrome, voilà le nouveau rapport



Rapport de ZHPDiag v1.31.13 par Nicolas Coolman, Update du 31/07/2012
Run by LAHLAL at 25/08/2012 17:22:26
Web site : http://www.premiumorange.com/zeb-help-process/zhpdiag.html
Web site : http://nicolascoolman.skyrock.com/
State : Your version is update.


---\\ Web Browser
MSIE: Internet Explorer v
GCIE: Google Chrome v13.0.782.220 (Defaut)

---\\ Windows Product Information
~ Langage: Anglais
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Windows Server License Manager Script : OK
~ Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
~ Windows Partial Key : 2C9T3
Windows License : OK
~ Windows Remaining Initializations Number : 3
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ System Information
~ Processor: x86 Family 6 Model 37 Stepping 5, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2997 MB (43% free)
System Restore: Inconnu (Unknown)
System drive C: has 70 GB (72%) free of 98 GB

---\\ Logged in mode
~ Computer Name: LAHLAL-PC
~ User Name: LAHLAL
~ All Users Names: LAHLAL, Administrateur,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator

---\\ Environnement Variables
~ System Unit : C:\
~ %AppData% : C:\Users\LAHLAL\AppData\Roaming\
~ %Desktop% : C:\Users\LAHLAL\Desktop\
~ %Favorites% : C:\Users\LAHLAL\Favorites\
~ %LocalAppData% : C:\Users\LAHLAL\AppData\Local\
~ %StartMenu% : C:\Users\LAHLAL\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ DOS/Devices
C:\ Hard drive, Flash drive, Thumb drive (Free 70 Go of 98 Go)
D:\ Hard drive, Flash drive, Thumb drive (Free 196 Go of 196 Go)
E:\ Hard drive, Flash drive, Thumb drive (Free 172 Go of 172 Go)
F:\ CD-ROM drive (Not Inserted)
G:\ CD-ROM drive (Free 0 Go of 0 Go)
H:\ Floppy drive, Flash card reader, USB Key (Not Inserted)



---\\ Security Center & Tools Informations
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
~ Scan Security Center in 00mn 00s



---\\ Search Generic System Files
[MD5.2626FC9755BE22F805D3CFA0CE3EE727] - (.Microsoft Corporation - Explorateur Windows.) (.31/10/2009 - 06:45:39.) -- C:\Windows\Explorer.exe [2614272]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.75A97A2C060E72AB49E071E08C7DD2BA] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.29/06/2012 - 01:09:01.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.28/10/2009 - 07:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Bibliothèque de licences.) (.14/07/2009 - 02:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.25/04/2011 - 03:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/07/2009 - 00:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27/04/2011 - 03:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14/07/2009 - 00:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 00:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04/05/2011 - 03:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.14/07/2009 - 00:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.3795DCD21F740EE799FB7223234215AF] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.14/07/2009 - 02:20:44.) -- C:\Windows\system32\Drivers\ntfs.sys [1210432]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 00:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/07/2009 - 00:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.14/07/2009 - 01:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 00:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.14/07/2009 - 00:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.58DF9D2481A56EDDE167E51B334D44FD] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.14/07/2009 - 02:19:10.) -- C:\Windows\system32\Drivers\volsnap.sys [245328]
~ Scan Generic Processes in 00mn 00s



---\\ Hidden files state (Hidden/Total)
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/26
~ Mes Documents (My Documents) : 2/3
~ Mon Bureau (My Desktop) : 1/225
~ Menu demarrer (Programs) : 0/28
~ Scan Hidden Files in 00mn 00s



---\\ Running Processes
[MD5.3229D1DB3999FE9B7A2230AE0DDD0E18] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [177432] [PID.2872]
[MD5.D25FE0B08B5C5CCED0A24BA6CE17CE90] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [176408] [PID.2980]
[MD5.8E53B67FA3816E854B07C5DC66E10730] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [296056] [PID.3008]
[MD5.1C75C294874BAD4F886B477D132D7AE6] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [5446248] [PID.3016]
[MD5.70189D91A5347F5E34039D06C7E58419] - (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [111856] [PID.3064]
[MD5.C4E146F573FD0F2FAF71622F8A60563F] - (.ESET - ESET GUI.) -- C:\Program Files\ESET\ESET Smart Security\egui.exe [3080264] [PID.3072]
[MD5.DC73E11DC27E7D9AEF884EBE816C4240] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440] [PID.3096]
[MD5.7D72F14608A4B5F55FD837A5F404A0FF] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1996072] [PID.3312]
[MD5.6F9BB9BF205C2E61982B1C9A7AB5D337] - (.www.IslamicFinder.org - Automatic Athan (Azan) five times a day f.) -- C:\Program Files\Athan\Athan.exe [1204224] [PID.3400]
[MD5.98A078F838A70F84E1BD490D7C7675F4] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696] [PID.3436]
[MD5.84DB35F319E5B67838A4877C11748866] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [462920] [PID.3444]
[MD5.690649806C354FF8ECE862E89D5B150B] - (.Speedbit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe [3758296] [PID.3176]
[MD5.06CF6FFEDBE91B1E4AC44B785E880168] - (...) -- C:\Program Files\Internet Mobile\Internet Mobile.exe [114688] [PID.1196]
[MD5.249D235E3B321A3CD07C658F9E985CB4] - (.Google Inc. - Google Chrome.) -- C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe [1017912] [PID.5940]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.2500]
[MD5.127CD00925C1A2B759765C5B9600DE30] - (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928] [PID.4436]
[MD5.3F677172F23FC17283D9BCE4B42E3F65] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [913888] [PID.4624]
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - (...) -- ystem32\rundll32.exe [0] [PID.1364]
[MD5.FCB13D9E3D55075C8FACA9CA3C55B263] - (...) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [3763200] [PID.5608]
~ Scan Processes Running in 00mn 00s



---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\LAHLAL\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [User Data\Default] None
~ Scan Google Browser in 00mn 00s



---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3)
C:\Users\LAHLAL\AppData\Roaming\Mozilla\Firefox\Profiles\oct7lf8x.default\prefs.js
M3 - MFPP: Plugins - [LAHLAL] -- C:\Users\LAHLAL\AppData\Roaming\Mozilla\Firefox\Profiles\oct7lf8x.default\searchplugins\speedbit.xml
M3 - MFPP: Plugins - [LAHLAL] -- C:\Program Files\Mozilla FireFox\searchplugins\amazon-france.xml
M3 - MFPP: Plugins - [LAHLAL] -- C:\Program Files\Mozilla FireFox\searchplugins\bing.xml
M3 - MFPP: Plugins - [LAHLAL] -- C:\Program Files\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml
M3 - MFPP: Plugins - [LAHLAL] -- C:\Program Files\Mozilla FireFox\searchplugins\eBay-france.xml
M3 - MFPP: Plugins - [LAHLAL] -- C:\Program Files\Mozilla FireFox\searchplugins\google.xml
M3 - MFPP: Plugins - [LAHLAL] -- C:\Program Files\Mozilla FireFox\searchplugins\wikipedia-fr.xml
M3 - MFPP: Plugins - [LAHLAL] -- C:\Program Files\Mozilla FireFox\searchplugins\yahoo-france.xml
M2 - MFEP: prefs.js [LAHLAL - oct7lf8x.default\newtaburl@sogame.cat] [] NewTabURL v2.2.3 (.Sogame.)
P2 - FPN: [HKCU] [@Skype Limited.com/Facebook Video Calling Plugin] - (.Skype Limited - Facebook Video Calling Plugin.) -- C:\Users\LAHLAL\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
~ Scan Firefox Browser in 00mn 00s



---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.microsoft.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.microsoft.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.microsoft.com/fr-fr/
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = https://www.google.com/?gws_rd=ssl
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Skype Limited - Facebook Video Calling Plugin.) (No version) -- (.not file.)
~ Scan IE Browser in 00mn 00s



---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Scan Proxy management in 00mn 00s



---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Scan Hosts File in 00mn 00s
~ Nombre de lignes (Lines number): 0



---\\ Auto loading programs from Registry and folders (O4)
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\LAHLAL\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O4 - HKCU\..\Run: [Search Protection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [DownloadAccelerator] . (.Speedbit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe
O4 - HKUS\S-1-5-21-2697442829-4191816553-2403415351-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2697442829-4191816553-2403415351-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\LAHLAL\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2697442829-4191816553-2403415351-1000\..\Run: [Messenger (Yahoo!)] . (.Yahoo! Inc. - Yahoo! Messenger.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O4 - HKUS\S-1-5-21-2697442829-4191816553-2403415351-1000\..\Run: [Search Protection] . (.Yahoo! Inc - Yahoo! Application.) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-21-2697442829-4191816553-2403415351-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-2697442829-4191816553-2403415351-1000\..\Run: [DownloadAccelerator] . (.Speedbit Ltd. - Download Accelerator Plus (DAP).) -- C:\Program Files\DAP\DAP.exe
~ Scan Application in 00mn 00s



---\\ Other User Links (O4)
O4 - Global Startup: C:\Users\LAHLAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\LAHLAL\Desktop\Athan.lnk . (.www.IslamicFinder.org.) -- C:\Program Files\Athan\Athan.exe
O4 - Global Startup: C:\Users\LAHLAL\Desktop\Download Accelerator Plus (DAP).lnk . (.Speedbit Ltd..) -- C:\Program Files\DAP\DAP.exe
O4 - Global Startup: C:\Users\LAHLAL\Desktop\Google Chrome.lnk . (.Google Inc..) -- C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe
O4 - Global Startup: C:\Users\LAHLAL\Desktop\Modem OT-X080C.lnk . (...) -- C:\Program Files\Modem OT-X080C\Modem OT-X080C\Modem OT-X080C.exe
O4 - Global Startup: C:\Users\LAHLAL\Desktop\My DAP Downloads.lnk . (...) -- C:\Users\LAHLAL\Desktop
O4 - Global Startup: C:\Users\LAHLAL\Desktop\My Video Downloads.lnk . (...) -- C:\Users\LAHLAL\Videos\My Video Downloads
O4 - Global Startup: C:\Users\LAHLAL\Desktop\SPEEDbit Video Downloader.lnk . (.SPEEDbit Ltd..) -- C:\Program Files\SPEEDbit Video Downloader\Converter.exe
O4 - Global Startup: C:\Users\LAHLAL\Desktop\SpeedUpMyPC 2012.lnk . (.Uniblue Systems Ltd.) -- C:\ProgramData\SpeedBit\DAP\Offers\speedupmypc.exe
O4 - Global Startup: C:\Users\LAHLAL\Desktop\Windows Live Messenger.lnk . (.Microsoft Corporation.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - Global Startup: C:\Users\LAHLAL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk . (.Microsoft Corporation.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - Global Startup: C:\Users\LAHLAL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Modem OT-X080C.lnk . (...) -- C:\Program Files\Modem OT-X080C\Modem OT-X080C\Modem OT-X080C.exe
O4 - Global Startup: C:\Users\LAHLAL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk . (.Yahoo! Inc..) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
~ Scan Global Startup in 00mn 00s



---\\ Extra items in the IE right-click menu (O8)
O8 - Extra context menu item: &Download with &DAP . (...) -- C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Verify with DAP . (...) -- C:\Program Files\DAP\dapverify.htm
O8 - Extra context menu item: Download &all with DAP . (...) -- C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel . (.Microsoft Corporation - Microsoft Office Excel.) -- C:\Program Files\MICROS~2\Office12\EXCEL.exe
~ Scan IE Menu Contextuel in 00mn 00s



---\\ Windows Active Desktop & MHTML Editor (O24)
O24 - Default MHTML Editor: Last - .(...) - (.not file.)
~ Scan Desktop Component in 00mn 00s



---\\ Task Planned Automatically(039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Adobe Flash Player Updater.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2697442829-4191816553-2403415351-1000Core.job
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2697442829-4191816553-2403415351-1000UA.job
[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] [APT] [FacebookUpdateTaskUserS-1-5-21-2697442829-4191816553-2403415351-1000Core] (.Facebook Inc..) -- C:\Users\LAHLAL\AppData\Local\Facebook\Update\FacebookUpdate.exe
[MD5.9EB925EDC8CF1C3D06E50E9348B54A0A] [APT] [FacebookUpdateTaskUserS-1-5-21-2697442829-4191816553-2403415351-1000UA] (.Facebook Inc..) -- C:\Users\LAHLAL\AppData\Local\Facebook\Update\FacebookUpdate.exe
[MD5.D412AC27FE3C9F8BC19741DAC0E0329D] [APT] [RealUpgradeLogonTaskS-1-5-21-2697442829-4191816553-2403415351-1000] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
[MD5.D412AC27FE3C9F8BC19741DAC0E0329D] [APT] [RealUpgradeScheduledTaskS-1-5-21-2697442829-4191816553-2403415351-1000] (.RealNetworks, Inc..) -- C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
[MD5.10A159BFE9330414DE515CF6DEB81990] [APT] [SBWUpdateTask_Logon_74c354b5-000000000000] (.Speedbit Ltd..) -- C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe
[MD5.10A159BFE9330414DE515CF6DEB81990] [APT] [SBWUpdateTask_Time_74c354b5-000000000000] (.Speedbit Ltd..) -- C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe
[MD5.00000000000000000000000000000000] [APT] [Scheduled Update for Ask Toolbar] (...) -- C:\Program Files\Ask.com\UpdateTask.exe (.not file.)
[MD5.249D235E3B321A3CD07C658F9E985CB4] [APT] [{2E41DA16-BC37-4A0B-8741-A3181EEA796B}] (.Google Inc..) -- c:\users\LAHLAL\appdata\local\google\chrome\application\chrome.exe
[MD5.A7BFFB86CBD05F6F0C2B637B216BED65] [APT] [{C3A61CB2-1E55-4977-86B0-4B8C78ECBE50}] (.Acresso Software Inc..) -- C:\SWSetup\SP53753\Setup.exe
[MD5.00000000000000000000000000000000] [APT] [Microsoft Antimalware Scheduled Scan] (...) -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe (.not file.)
~ Scan Scheduled Task in 00mn 04s



---\\ ActiveSetup Installed Components (O40) (None)

---\\ Software installed (O42)
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKCU] -- Google Chrome

---\\ HKCU & HKLM Software Keys
[HKCU\Software\AC3filter]
[HKCU\Software\Adobe]
[HKCU\Software\AppDataLow\Software\Microsoft]
[HKCU\Software\AppDataLow\Software\Yahoo]
[HKCU\Software\AppDataLow\Software]
[HKCU\Software\AppDataLow]
[HKCU\Software\Classes]
[HKCU\Software\Clients]
[HKCU\Software\CoreCodec]
[HKCU\Software\DivXNetworks]
[HKCU\Software\ESET]
[HKCU\Software\Facebook]
[HKCU\Software\Flock]
[HKCU\Software\GNU]
[HKCU\Software\GSpot Appliance Corp]
[HKCU\Software\Google]
[HKCU\Software\HaaliMkx]
[HKCU\Software\Haali]
[HKCU\Software\HookNetwork]
[HKCU\Software\IM Providers]
[HKCU\Software\Intel]
[HKCU\Software\JavaSoft]
[HKCU\Software\Macromedia]
[HKCU\Software\Malwarebytes' Anti-Malware]
[HKCU\Software\MozillaPlugins]
[HKCU\Software\Mozilla]
[HKCU\Software\Nero]
[HKCU\Software\Netscape]
[HKCU\Software\ODBC]
[HKCU\Software\Policies]
[HKCU\Software\QuickTime Alternative]
[HKCU\Software\RealNetworks]
[HKCU\Software\Realtek]
[HKCU\Software\SkypeRS]
[HKCU\Software\Skype]
[HKCU\Software\SpeedBit]
[HKCU\Software\Synaptics]
[HKCU\Software\Usbfix]
[HKCU\Software\WinRAR]
[HKCU\Software\Yahoo]
[HKCU\Software\drpsu]
[HKCU\Software\ooVoo]
~ Scan Softwares in 00mn 00s



---\\ Contents of the Common Files folders (O43)
O43 - CFD: 14/06/2012 - 20:37:37 - [73,109] ----D C:\Program Files\Adobe
O43 - CFD: 21/07/2012 - 04:48:13 - [18,799] ----D C:\Program Files\Athan
O43 - CFD: 12/06/2012 - 16:02:23 - [2,118] ----D C:\Program Files\Atheros
O43 - CFD: 12/06/2012 - 16:02:16 - [3,340] ----D C:\Program Files\Cisco
O43 - CFD: 22/07/2012 - 16:44:37 - [457,308] ----D C:\Program Files\Common Files
O43 - CFD: 25/06/2012 - 21:31:12 - [12,504] ----D C:\Program Files\DAP
O43 - CFD: 14/07/2009 - 10:01:30 - [79,371] ----D C:\Program Files\DVD Maker
O43 - CFD: 12/06/2012 - 16:08:26 - [78,018] ----D C:\Program Files\ESET
O43 - CFD: 07/06/2012 - 19:32:51 - [0] ----D C:\Program Files\Fichiers communs
O43 - CFD: 12/06/2012 - 16:29:29 - [27,673] --H-D C:\Program Files\InstallShield Installation Information
O43 - CFD: 12/06/2012 - 17:06:10 - [27,359] ----D C:\Program Files\Intel
O43 - CFD: 25/06/2012 - 19:04:06 - [9,413] ----D C:\Program Files\Internet Download Manager
O43 - CFD: 16/08/2012 - 20:57:18 - [5,489] ----D C:\Program Files\Internet Explorer
O43 - CFD: 22/08/2012 - 21:15:39 - [23,564] ----D C:\Program Files\Internet Mobile
O43 - CFD: 22/07/2012 - 16:44:25 - [87,132] ----D C:\Program Files\Java
O43 - CFD: 07/06/2012 - 19:47:00 - [86,866] ----D C:\Program Files\K-Lite Codec Pack
O43 - CFD: 09/07/2012 - 00:04:09 - [0,075] ----D C:\Program Files\Lexmark
O43 - CFD: 25/08/2012 - 15:08:31 - [11,705] ----D C:\Program Files\Malwarebytes' Anti-Malware
O43 - CFD: 11/06/2012 - 23:22:55 - [19,718] ----D C:\Program Files\Microsoft
O43 - CFD: 14/07/2009 - 10:01:21 - [140,965] ----D C:\Program Files\Microsoft Games
O43 - CFD: 07/06/2012 - 19:57:30 - [539,332] ----D C:\Program Files\Microsoft Office
O43 - CFD: 23/08/2012 - 18:27:59 - [36,641] ----D C:\Program Files\Microsoft Silverlight
O43 - CFD: 07/06/2012 - 19:57:29 - [0,014] ----D C:\Program Files\Microsoft Visual Studio
O43 - CFD: 07/06/2012 - 19:54:16 - [1,323] ----D C:\Program Files\Microsoft Visual Studio 8
O43 - CFD: 12/06/2012 - 01:28:41 - [3,554] ----D C:\Program Files\Microsoft Works
O43 - CFD: 07/06/2012 - 19:57:15 - [7,774] ----D C:\Program Files\Microsoft.NET
O43 - CFD: 07/06/2012 - 22:44:28 - [11,892] ----D C:\Program Files\Modem OT-X080C
O43 - CFD: 23/08/2012 - 18:27:57 - [37,711] ----D C:\Program Files\Mozilla Firefox
O43 - CFD: 23/08/2012 - 18:27:57 - [0,195] ----D C:\Program Files\Mozilla Maintenance Service
O43 - CFD: 07/06/2012 - 19:57:33 - [0,025] ----D C:\Program Files\MSBuild
O43 - CFD: 07/06/2012 - 19:45:51 - [52,724] ----D C:\Program Files\Nero
O43 - CFD: 12/06/2012 - 19:00:10 - [25,852] ----D C:\Program Files\ooVoo
O43 - CFD: 25/06/2012 - 20:51:31 - [100,101] ----D C:\Program Files\Real
O43 - CFD: 07/06/2012 - 22:11:18 - [25,672] ----D C:\Program Files\Realtek
O43 - CFD: 14/07/2009 - 05:52:30 - [36,809] ----D C:\Program Files\Reference Assemblies
O43 - CFD: 25/06/2012 - 19:24:04 - [0,497] ----D C:\Program Files\SearchPredict
O43 - CFD: 23/07/2012 - 21:21:35 - [16,855] R---D C:\Program Files\Skype
O43 - CFD: 25/06/2012 - 19:24:04 - [9,408] ----D C:\Program Files\SPEEDbit Video Downloader
O43 - CFD: 12/06/2012 - 16:31:45 - [63,689] ----D C:\Program Files\Synaptics
O43 - CFD: 14/07/2009 - 05:53:23 - [0] --H-D C:\Program Files\Uninstall Information
O43 - CFD: 07/06/2012 - 19:46:27 - [71,675] ----D C:\Program Files\VideoLAN
O43 - CFD: 14/07/2009 - 09:39:39 - [2,909] ----D C:\Program Files\Windows Defender
O43 - CFD: 09/06/2012 - 21:48:15 - [6,689] ----D C:\Program Files\Windows Journal
O43 - CFD: 23/08/2012 - 16:43:28 - [59,478] ----D C:\Program Files\Windows Live
O43 - CFD: 09/06/2012 - 21:48:19 - [5,895] ----D C:\Program Files\Windows Mail
O43 - CFD: 09/06/2012 - 21:48:11 - [6,302] ----D C:\Program Files\Windows Media Player
O43 - CFD: 07/06/2012 - 19:32:51 - [11,632] ----D C:\Program Files\Windows NT
O43 - CFD: 14/07/2009 - 09:39:39 - [4,213] ----D C:\Program Files\Windows Photo Viewer
O43 - CFD: 14/07/2009 - 05:52:32 - [0,181] ----D C:\Program Files\Windows Portable Devices
O43 - CFD: 14/07/2009 - 09:39:39 - [6,374] ----D C:\Program Files\Windows Sidebar
O43 - CFD: 07/06/2012 - 19:43:35 - [3,277] ----D C:\Program Files\WinRAR
O43 - CFD: 11/06/2012 - 22:35:32 - [35,324] ----D C:\Program Files\Yahoo!
O43 - CFD: 25/08/2012 - 00:12:45 - [12,789] ----D C:\Program Files\ZHPDiag
O43 - CFD: 07/06/2012 - 19:43:21 - [1,758] ----D C:\Program Files\Common Files\Adobe
O43 - CFD: 16/07/2012 - 11:55:08 - [39,326] ----D C:\Program Files\Common Files\Adobe AIR
O43 - CFD: 07/06/2012 - 19:57:29 - [0,089] ----D C:\Program Files\Common Files\DESIGNER
O43 - CFD: 07/06/2012 - 19:40:34 - [12,691] ----D C:\Program Files\Common Files\Intel
O43 - CFD: 12/06/2012 - 16:36:52 - [0,007] ----D C:\Program Files\Common Files\Intel Corporation
O43 - CFD: 22/07/2012 - 16:44:37 - [1,201] ----D C:\Program Files\Common Files\Java
O43 - CFD: 23/08/2012 - 16:25:03 - [260,440] ----D C:\Program Files\Common Files\microsoft shared
O43 - CFD: 07/06/2012 - 19:45:44 - [35,033] ----D C:\Program Files\Common Files\Nero
O43 - CFD: 07/06/2012 - 19:47:57 - [20,634] ----D C:\Program Files\Common Files\Real
O43 - CFD: 14/07/2009 - 03:37:05 - [0,003] ----D C:\Program Files\Common Files\Services
O43 - CFD: 25/06/2012 - 19:56:53 - [2,056] ----D C:\Program Files\Common Files\Skype
O43 - CFD: 14/07/2009 - 03:37:05 - [39,200] ----D C:\Program Files\Common Files\SpeechEngines
O43 - CFD: 25/06/2012 - 19:18:39 - [2,414] ----D C:\Program Files\Common Files\SpeedBit
O43 - CFD: 12/07/2012 - 09:24:34 - [42,121] ----D C:\Program Files\Common Files\System
O43 - CFD: 11/06/2012 - 22:50:08 - [0] ----D C:\Program Files\Common Files\Windows Live
O43 - CFD: 07/06/2012 - 19:47:58 - [0,336] ----D C:\Program Files\Common Files\xing shared
O43 - CFD: 24/08/2012 - 18:30:50 - [0,000] ----D C:\ProgramData\Adobe
O43 - CFD: 07/06/2012 - 19:47:08 - [0,014] ----D C:\ProgramData\Apple Computer
O43 - CFD: 14/07/2009 - 05:53:55 - [0] --H-D C:\ProgramData\Application Data
O43 - CFD: 12/06/2012 - 16:02:33 - [0,020] ----D C:\ProgramData\Atheros
O43 - CFD: 07/06/2012 - 19:32:51 - [0] --H-D C:\ProgramData\Bureau
O43 - CFD: 14/07/2009 - 05:53:55 - [0] --H-D C:\ProgramData\Desktop
O43 - CFD: 14/07/2009 - 05:53:55 - [0] --H-D C:\ProgramData\Documents
O43 - CFD: 12/06/2012 - 16:08:26 - [108,431] ----D C:\ProgramData\ESET
O43 - CFD: 07/06/2012 - 19:32:51 - [0] --H-D C:\ProgramData\Favoris
O43 - CFD: 14/07/2009 - 05:53:55 - [0] --H-D C:\ProgramData\Favorites
O43 - CFD: 12/06/2012 - 16:34:56 - [0,001] ----D C:\ProgramData\Intel
O43 - CFD: 25/08/2012 - 15:08:30 - [7,622] ----D C:\ProgramData\Malwarebytes
O43 - CFD: 07/06/2012 - 19:32:51 - [0] --H-D C:\ProgramData\Menu Démarrer
O43 - CFD: 23/08/2012 - 16:25:48 - [34,697] -S--D C:\ProgramData\Microsoft
O43 - CFD: 16/08/2012 - 03:28:49 - [0,061] ----D C:\ProgramData\Microsoft Help
O43 - CFD: 07/06/2012 - 19:32:51 - [0] --H-D C:\ProgramData\Modèles
O43 - CFD: 25/06/2012 - 20:11:33 - [0,004] ----D C:\ProgramData\Mozilla
O43 - CFD: 07/06/2012 - 19:45:40 - [0] ----D C:\ProgramData\Nero
O43 - CFD: 25/06/2012 - 20:56:12 - [1,783] ----D C:\ProgramData\Real
O43 - CFD: 23/07/2012 - 21:21:39 - [18,914] ----D C:\ProgramData\Skype
O43 - CFD: 25/06/2012 - 21:31:12 - [23,575] ----D C:\ProgramData\SpeedBit
O43 - CFD: 14/07/2009 - 05:53:55 - [0] --H-D C:\ProgramData\Start Menu
O43 - CFD: 22/07/2012 - 16:44:38 - [0,000] ----D C:\ProgramData\Sun
O43 - CFD: 12/06/2012 - 17:09:24 - [0,156] ----D C:\ProgramData\Synaptics
O43 - CFD: 25/08/2012 - 16:10:48 - [0] ---AD C:\ProgramData\TEMP
O43 - CFD: 14/07/2009 - 05:53:55 - [0] --H-D C:\ProgramData\Templates
O43 - CFD: 11/06/2012 - 22:35:24 - [1,168] ----D C:\ProgramData\Yahoo!
O43 - CFD: 11/06/2012 - 22:35:32 - [0,008] ----D C:\ProgramData\Yahoo! Companion
O43 - CFD: 14/06/2012 - 20:36:54 - [0,274] ----D C:\Users\LAHLAL\AppData\Roaming\Adobe
O43 - CFD: 14/06/2012 - 20:37:41 - [0,023] ----D C:\Users\LAHLAL\AppData\Roaming\com.socialbox.socialbox
O43 - CFD: 18/08/2012 - 01:54:20 - [1,825] ----D C:\Users\LAHLAL\AppData\Roaming\Dialer
O43 - CFD: 12/06/2012 - 16:58:30 - [0] ----D C:\Users\LAHLAL\AppData\Roaming\DMCache
O43 - CFD: 18/06/2012 - 00:26:25 - [0,000] ----D C:\Users\LAHLAL\AppData\Roaming\dvdcss
O43 - CFD: 12/06/2012 - 16:11:04 - [0] ----D C:\Users\LAHLAL\AppData\Roaming\ESET
O43 - CFD: 12/06/2012 - 18:46:39 - [0] ----D C:\Users\LAHLAL\AppData\Roaming\GetRightToGo
O43 - CFD: 07/06/2012 - 19:33:14 - [0] ----D C:\Users\LAHLAL\AppData\Roaming\Identities
O43 - CFD: 25/06/2012 - 19:04:06 - [0,735] ----D C:\Users\LAHLAL\AppData\Roaming\IDM
O43 - CFD: 12/06/2012 - 16:29:28 - [0] ----D C:\Users\LAHLAL\AppData\Roaming\InstallShield
O43 - CFD: 12/06/2012 - 16:35:12 - [0] ----D C:\Users\LAHLAL\AppData\Roaming\Intel Corporation
O43 - CFD: 07/06/2012 - 22:47:02 - [14,559] ----D C:\Users\LAHLAL\AppData\Roaming\Macromedia
O43 - CFD: 25/08/2012 - 15:08:34 - [0,603] ----D C:\Users\LAHLAL\AppData\Roaming\Malwarebytes
O43 - CFD: 14/07/2009 - 10:00:32 - [0] ----D C:\Users\LAHLAL\AppData\Roaming\Media Center Programs
O43 - CFD: 02/07/2012 - 05:42:00 - [0,000] ----D C:\Users\LAHLAL\AppData\Roaming\Media Player Classic
O43 - CFD: 12/07/2012 - 22:11:02 - [3,931] -S--D C:\Users\LAHLAL\AppData\Roaming\Microsoft
O43 - CFD: 25/06/2012 - 20:12:00 - [14,199] ----D C:\Users\LAHLAL\AppData\Roaming\Mozilla
O43 - CFD: 07/06/2012 - 19:46:16 - [0,041] ----D C:\Users\LAHLAL\AppData\Roaming\Nero
O43 - CFD: 16/06/2012 - 22:32:13 - [3,102] ----D C:\Users\LAHLAL\AppData\Roaming\ooVoo Details
O43 - CFD: 25/06/2012 - 20:52:37 - [1,842] ----D C:\Users\LAHLAL\AppData\Roaming\Real
O43 - CFD: 25/08/2012 - 03:21:32 - [4,062] ----D C:\Users\LAHLAL\AppData\Roaming\Skype
O43 - CFD: 12/06/2012 - 16:35:02 - [0] ----D C:\Users\LAHLAL\AppData\Roaming\Synaptics
O43 - CFD: 24/08/2012 - 18:03:21 - [0,456] ----D C:\Users\LAHLAL\AppData\Roaming\vlc
O43 - CFD: 12/06/2012 - 01:24:36 - [0] ----D C:\Users\LAHLAL\AppData\Roaming\Windows Live Writer
O43 - CFD: 25/08/2012 - 16:18:11 - [0] ----D C:\Users\LAHLAL\AppData\Roaming\WinRAR
O43 - CFD: 11/06/2012 - 22:39:50 - [2,194] ----D C:\Users\LAHLAL\AppData\Roaming\Yahoo!
O43 - CFD: 14/06/2012 - 20:33:42 - [0,177] ----D C:\Users\LAHLAL\AppData\Local\Adobe
O43 - CFD: 02/07/2012 - 04:21:57 - [0] ----D C:\Users\LAHLAL\AppData\Local\Apple Computer
O43 - CFD: 07/06/2012 - 19:33:01 - [0] ----D C:\Users\LAHLAL\AppData\Local\Application Data
O43 - CFD: 19/07/2012 - 23:20:51 - [0] ----D C:\Users\LAHLAL\AppData\Local\Diagnostics
O43 - CFD: 12/06/2012 - 16:11:04 - [3,156] ----D C:\Users\LAHLAL\AppData\Local\ESET
O43 - CFD: 09/06/2012 - 19:36:19 - [7,490] ----D C:\Users\LAHLAL\AppData\Local\Facebook
O43 - CFD: 07/06/2012 - 19:46:48 - [711,477] ----D C:\Users\LAHLAL\AppData\Local\Google
O43 - CFD: 07/06/2012 - 19:33:01 - [0] ----D C:\Users\LAHLAL\AppData\Local\Historique
O43 - CFD: 03/07/2012 - 14:51:48 - [530,183] ----D C:\Users\LAHLAL\AppData\Local\Microsoft
O43 - CFD: 07/06/2012 - 19:53:41 - [0] ----D C:\Users\LAHLAL\AppData\Local\Microsoft Help
O43 - CFD: 25/06/2012 - 20:11:41 - [63,671] ----D C:\Users\LAHLAL\AppData\Local\Mozilla
O43 - CFD: 25/08/2012 - 17:22:12 - [295,509] ---AD C:\Users\LAHLAL\AppData\Local\Temp
O43 - CFD: 07/06/2012 - 19:33:01 - [0] ----D C:\Users\LAHLAL\AppData\Local\Temporary Internet Files
O43 - CFD: 25/06/2012 - 19:37:36 - [1,726] ----D C:\Users\LAHLAL\AppData\Local\VirtualStore
O43 - CFD: 23/08/2012 - 16:23:12 - [0,035] ----D C:\Users\LAHLAL\AppData\Local\Windows Live
O43 - CFD: 12/06/2012 - 01:24:49 - [0] ----D C:\Users\LAHLAL\AppData\Local\Windows Live Writer
O43 - CFD: 11/06/2012 - 22:34:47 - [0,014] R---D C:\Users\LAHLAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
O43 - CFD: 12/07/2012 - 17:05:09 - [0,000] R---D C:\Users\LAHLAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
O43 - CFD: 07/06/2012 - 19:46:54 - [0,004] ----D C:\Users\LAHLAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
O43 - CFD: 14/07/2009 - 05:37:42 - [0,001] R---D C:\Users\LAHLAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
O43 - CFD: 25/08/2012 - 00:13:44 - [0,001] R---D C:\Users\LAHLAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
O43 - CFD: 07/06/2012 - 19:43:35 - [0,003] ----D C:\Users\LAHLAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
O43 - CFD: 27/07/2012 - 02:12:52 - [0,002] ----D C:\Users\LAHLAL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YouWave_Android
~ Scan Program Folder in 00mn 07s



---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.2107323DDCA34951DDB60574E248296D] - 25/08/2012 - 16:16:28 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [1524562]
O44 - LFC:[MD5.5C44FF27BD6075D8847862E56B3E6281] - 25/08/2012 - 16:16:28 ---A- . (...) -- C:\Windows\System32\perfc009.dat [103568]
O44 - LFC:[MD5.230A2A30E52B926C20BEA4FB5185D99F] - 25/08/2012 - 16:16:28 ---A- . (...) -- C:\Windows\System32\perfc00C.dat [127070]
O44 - LFC:[MD5.444C7A1B32839A2454353F3F1342DB5D] - 25/08/2012 - 16:16:28 ---A- . (...) -- C:\Windows\System32\perfh009.dat [607190]
O44 - LFC:[MD5.4C8C85F475FDFCDC75CB7A57041F2FEF] - 25/08/2012 - 16:16:28 ---A- . (...) -- C:\Windows\System32\perfh00C.dat [684954]
O44 - LFC:[MD5.9AD2C0B29569B9D294616CB33AE258BA] - 25/08/2012 - 16:13:45 ---A- . (...) -- C:\Windows\WindowsUpdate.log [1048460]
O44 - LFC:[MD5.DE0812CBE7EEB7D1B74A79BD9898284C] - 25/08/2012 - 16:10:14 ---A- . (...) -- C:\Windows\setupact.log [33562]
O44 - LFC:[MD5.961B5DBDB427DEB50363E10BAF4044C2] - 25/08/2012 - 16:10:13 -S-A- . (...) -- C:\Windows\bootstat.dat [67584]
O44 - LFC:[MD5.CDBBF05B7018EDEA8C9C68B17AC1FDA7] - 25/08/2012 - 16:10:10 ---A- . (...) -- C:\Windows\PFRO.log [18876]
O44 - LFC:[MD5.6DFE7F2E8E8A337263AA5C92A215F161] - 25/08/2012 - 15:08:29 ---A- . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Windows\System32\Drivers\mbam.sys [22344]
O44 - LFC:[MD5.D92A39A7070B3A6B14DEEB703F5573FB] - 25/08/2012 - 14:58:46 ---A- . (...) -- C:\UsbFix.txt [13151]
O44 - LFC:[MD5.7821772F7DE2246D282C6B2D1435EF53] - 25/08/2012 - 14:58:46 ---A- . (...) -- C:\UsbFix_Upload_Me_LAHLAL-PC.zip [1033402]
O44 - LFC:[MD5.A27717AEAA6C9A32BBF5ABDCD3110AED] - 23/08/2012 - 18:57:49 ----- . (...) -- C:\PhysicalMBR.bin [512]
O44 - LFC:[MD5.185C8D1612EF2583367D26A098BD6585] - 23/08/2012 - 18:43:45 ----- . (...) -- C:\AdwCleaner[S2].txt [1188]
O44 - LFC:[MD5.FAE887176E7333059BE1DA90AEC7046F] - 23/08/2012 - 18:37:24 ----- . (...) -- C:\AdwCleaner[S1].txt [11117]
O44 - LFC:[MD5.C1258ADCBE6E51A3C06C234D2BDB81B5] - 22/08/2012 - 21:15:19 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [23424]
O44 - LFC:[MD5.A259D3619AA23D4562581067F85E2006] - 22/08/2012 - 21:15:19 ---A- . (.Huawei Technologies Co., Ltd. - USB Modem/Serial Device Driver.) -- C:\Windows\System32\Drivers\ewusbdev.sys [101120]
O44 - LFC:[MD5.1FC7A63148E4F2BD831DAB0DC732026D] - 22/08/2012 - 21:15:19 ---A- . (.Huawei Technologies Co., Ltd. - USB Modem/Serial Device Driver.) -- C:\Windows\System32\Drivers\ewusbmdm.sys [103168]
O44 - LFC:[MD5.DAFC7E1B2FFA35CCBDDF95AE3E31BFAE] - 22/08/2012 - 21:15:19 ---A- . (.Huawei Technologies Co., Ltd. - USB NDIS Miniport Driver.) -- C:\Windows\System32\Drivers\ewusbnet.sys [201168]
O44 - LFC:[MD5.3E14D581240C282AF722211F9E710B98] - 16/08/2012 - 20:58:21 ---A- . (...) -- C:\Windows\System32\FNTCACHE.DAT [409752]
~ Scan Files in 00mn 05s



---\\ Safe Boot Control (O49) (None)

---\\ MountPoints2 Shell Key (MPKS) (O51) (None)

---\\ ShareTools MSconfig StartupReg (SMSR) (O53) (None)

---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 14/07/2009 - 02:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 22:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
~ Scan Drivers in 00mn 00s



---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCR\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\LAHLAL\AppData\Local\Google\Chrome\Application\chrome.exe
~ Scan Keys in 00mn 00s



---\\ Start Menu Internet (SMI) (O68) (None)

---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (@ieframe.dll,-12512) - https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - https://www.bing.com/?toHttps=1&redig=69DA0EF8272048D9864AF4DB37211DE8
O69 - SBI: SearchScopes [HKCU] {7F4EFF06-7032-458e-AE16-1C1D8255C28A} [DefaultScope] - (Speedbit) - http://home.speedbit.com
O69 - SBI: SearchScopes [HKCU] {DECA3892-BA8F-44b8-A993-A466AD694AE4} - (Yahoo!) - https://fr.search.yahoo.com/
~ Scan Keys in 00mn 00s



---\\ Search Svchost Services (SSS) (O83) (None)

---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.EEED00B783C2E091EF4989A9BA8D3567] [SPRF][17/08/2012] (...) -- C:\ProgramData\Config.dat [4424]
[MD5.F1805265624D66952A56AE6F1EFBED02] [SPRF][23/08/2012] (...) -- C:\Users\LAHLAL\Desktop\adwcleaner.exe [618227]
[MD5.C7C9DDA5824FD232F6104E40F31C8BC8] [SPRF][25/08/2012] (.El Desaparecido - UsbFix NSIS Installer.) -- C:\Users\LAHLAL\Desktop\UsbFix.exe [1271879]
[MD5.7DAFDC3AA155B1562AF33B1399EBF341] [SPRF][25/08/2012] (.Nicolas Coolman - ZHPDiag.) -- C:\Users\LAHLAL\Desktop\ZHPDiag2.exe [4600348]
~ Scan Files in 00mn 00s



---\\ Additionnal Scan (O88)
Database Version : 9183 - (31/07/2012)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}] =>Toolbar.Agent
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}] =>Toolbar.Agent
~ Scan Additionnel in 00mn 50s



End of the scan (531 lines in 01mn 17s)(0)
0
Réponse 12 / 22
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
25 août 2012 à 20:56
Re,
1/
* Télécharge OTM (OldTimer) sur ton Bureau

ICI >> OTM (OldTimer)
* Double clic "OTMoveIt3.exe"
* Utilisateurs Windows Vista / 7 Clic droit sur "OTMoveIt3.exe" choisis "exécuter en tant qu'administrateur" afin de le lancer.

- Copie (Ctrl+C) le texte suivant en gras ci-dessous :



:Reg
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}]
[-HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}]

:commands
[emptytemp]



- Colle (Ctrl+V) le texte précédemment copié dans le cadre: Paste Instructions for Items to be Moved.
- Clique maintenant sur le bouton MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
- Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

2/
Sous Chrome => en haut droite (la clé) cliquer dessus => paramètres =>

dans "Au démarrage" selectionne "Ouvrir une page ou un ensemble de pages spécifiques" clique sur "ensemble de pages" et supprime searchnu si elle est présente...
====================
Regarde les extensions de ton navigateur pour voir s'il reste des trucs à supprimer!
Aide : <<< ICI >>>
0
Réponse 13 / 22
universal 01 Messages postés 14 Date d'inscription vendredi 24 août 2012 Statut Membre Dernière intervention 23 décembre 2012
25 août 2012 à 21:40
voila le rapport, et maintenant????



All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF7C3CF0-4B15-11D1-ABED-709549C10000}\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ian

User: LAHLAL
->Temp folder emptied: 310150013 bytes
->Temporary Internet Files folder emptied: 211816094 bytes
->Java cache emptied: 8369471 bytes
->FireFox cache emptied: 68089250 bytes
->Google Chrome cache emptied: 212125125 bytes
->Flash cache emptied: 15270920 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66016 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 22878326 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 809,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 08252012_202251
0
Réponse 14 / 22
universal 01 Messages postés 14 Date d'inscription vendredi 24 août 2012 Statut Membre Dernière intervention 23 décembre 2012
25 août 2012 à 21:44
maintenant quand j'ouvre googlechrome j'ai plus le modit moteur de recherche, c'est bon maintenant????
0
Réponse 15 / 22
universal 01 Messages postés 14 Date d'inscription vendredi 24 août 2012 Statut Membre Dernière intervention 23 décembre 2012
25 août 2012 à 22:01
mais ca apparait tjr ds nouvelle anglet
0
Réponse 16 / 22
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
25 août 2012 à 22:49
Tu vas désactiver et supprimer "jecherche.org" comme nouvel onglet!
Aide : <<< ICI >>>
0
Réponse 17 / 22
universal 01 Messages postés 14 Date d'inscription vendredi 24 août 2012 Statut Membre Dernière intervention 23 décembre 2012
26 août 2012 à 01:27
ca marche maintenant, mais je voulais savoir comment suprimer les coukies qui sont sorti ds mon pc a force de telecharger plein de logiciel pr suprimer le modit moteur d recherche????
0
Réponse 18 / 22
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
26 août 2012 à 10:34
Bonjour,
1/
Pour supprimer les cookies :

Étape 1: Lancez votre navigateur internet Mozilla Firefox, puis cliquez sur l'onglet Outils, puis Options.

Étape 2: Accédez à l'onglet Vie Privée, puis cliquez sur le lien supprimer des cookies des spécifiques.

==========================
Aide : <<< ICI >>>

2/
On va faire un nettoyage !

. télécharges Ccleaner à partir de cette adresse et enregistres le sur le bureau

https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/

.double-cliques sur le fichier pour lancer l'installation

.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur installer
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 24 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.coches la première case vieilles données du perfetch que celle-la ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.cliques maintenant sur registre et puis sur rechercher les erreurs
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vérifies en relançant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner

tuto installation & nettoyage :
https://www.donnemoilinfo.com/tuto/CCleaner/

0
Réponse 19 / 22
universal 01 Messages postés 14 Date d'inscription vendredi 24 août 2012 Statut Membre Dernière intervention 23 décembre 2012
26 août 2012 à 21:57
bon soir
j'ai fait tout ça, mais il reste encore des truques bizarre sur mon document personnel et un fichier nommé desktop.ini
0
Réponse 20 / 22
Fish66 Messages postés 17505 Date d'inscription dimanche 24 juillet 2011 Statut Contributeur sécurité Dernière intervention 16 juin 2021 1 318
Modifié par Fish66 le 26/08/2012 à 22:29
Bonsoir,
Pour masquer les fichiers systèmes, Cocher: "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Aide : <<< ICI >>>
=====================
Redémarre ton PC, si tu as d'autres fichiers affichés, envois moi une capture d'écran!


_ _ _ Fish66_ _ _ I''"""""I_ _ membre contributeur sécurité_ _I''"""""I_ _ _
¤¤¤ Le meilleur remède pour tous les problèmes, c'est la patience.... ¤¤¤
0