pb avec rundlll Résolu/Fermé

Question

bonjour 

Lorsque je mets en route le pc une fenêtre rundll s affiche. J'ai suivi vos conseils donné dans un ancien forum
j ai téléchargé ZHP DIAG   fait l analyse  et déposé le rapport contre ce lien
 https://pjjoint.malekal.com/files.php?id=ZHPDiag_20130813_f12o6g14t6m10

que faire maintenant ?

Merci d avance

bosniac80

Destrio5 · Answer

Bonjour,

--> Désinstalle Spybot qui est inutile.

--> Télécharge et lance  AdwCleaner (d'Xplode), choisis l'option "Suppression" et poste le rapport.

bosniac80 · Answer

voici le rapport
# AdwCleaner v3.000 - Rapport créé le13/08/2013à23:12:09
# Mis à jour le 13/08/2013 par Xplode
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Frédéric - FRÉDÉRIC-PC
# Exécuté depuis : C:\Users\Frédéric\Downloads\adwcleaner.exe

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\Ask
Dossier Supprimé : C:\ProgramData\Babylon
Dossier Supprimé : C:\ProgramData\boost_interprocess
Dossier Supprimé : C:\ProgramData\BrowserProtect
Dossier Supprimé : C:\ProgramData\IBUpdaterService
Dossier Supprimé : C:\ProgramData\Tarma Installer
Dossier Supprimé : C:\Program Files (x86)\Object
Dossier Supprimé : C:\Program Files (x86)\optimizer pro
Dossier Supprimé : C:\Program Files (x86)\Supreme Savings
Dossier Supprimé : C:\Users\Frédéric\AppData\Local\Bundled software uninstaller
Dossier Supprimé : C:\Users\Frédéric\AppData\Local\PackageAware
Dossier Supprimé : C:\Users\Frédéric\AppData\Local\Supreme Savings
Dossier Supprimé : C:\Users\Frédéric\AppData\LocalLow\BabylonToolbar
Dossier Supprimé : C:\Users\Frédéric\AppData\LocalLow\delta
Dossier Supprimé : C:\Users\Frédéric\AppData\LocalLow\searchquband
Dossier Supprimé : C:\Users\Frédéric\AppData\Roaming\BabSolution
Dossier Supprimé : C:\Users\Frédéric\AppData\Roaming\Babylon
Dossier Supprimé : C:\Users\Frédéric\AppData\Roaming\file scout
Dossier Supprimé : C:\Users\Frédéric\AppData\Roaming\optimizer pro
Dossier Supprimé : C:\Users\Frédéric\AppData\Roaming\PerformerSoft
Dossier Supprimé : C:\Users\Frédéric\AppData\Roaming\SpeedanAlysis
Fichier Supprimé : C:\Windows\System32oboot64.exe

***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Clé Supprimée : HKLM\SOFTWARE\Classes\Prod.cap
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Clé Supprimée : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\boxore_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\boxore_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Facemoi]
Clé Supprimée : HKCU\Software\5948888b23ee844
Clé Supprimée : HKLM\SOFTWARE\5948888b23ee844
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_ashampoo-burning-studio_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_ashampoo-burning-studio_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_thunderbird[1]_RASAPI32
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_pour_thunderbird[1]_RASMANCS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{F8565C88-C3D8-4B7B-B2CD-FD3439DA2D87}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{9193fbaf-bdaf-4751-a99a-1f5ef255c35b}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9193fbaf-bdaf-4751-a99a-1f5ef255c35b}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9193fbaf-bdaf-4751-a99a-1f5ef255c35b}
Clé Supprimée : HKCU\Software\BI
Clé Supprimée : HKCU\Software\Conduit
Clé Supprimée : HKCU\Software\DataMngr
[#] Clé Supprimée : HKCU\Software\DataMngr_Toolbar
Clé Supprimée : HKCU\Software\delta LTD
Clé Supprimée : HKCU\Software\filescout
Clé Supprimée : HKCU\Software\IM
Clé Supprimée : HKCU\Software\ImInstaller
Clé Supprimée : HKCU\Software\InstallCore
Clé Supprimée : HKCU\Software\Microsoft\Babylon
Clé Supprimée : HKCU\Software\performersoft llc
Clé Supprimée : HKCU\Software\SmartBar
Clé Supprimée : HKCU\Software\Softonic
Clé Supprimée : HKCU\Software\StartSearch
Clé Supprimée : HKCU\Software\YahooPartnerToolbar
Clé Supprimée : HKCU\Software\AppDataLow\Software\searchqutoolbar
Clé Supprimée : HKLM\Software\Babylon
Clé Supprimée : HKLM\Software\Boxore
Clé Supprimée : HKLM\Software\Conduit
Clé Supprimée : HKLM\Software\DataMngr
Clé Supprimée : HKLM\Software\Facemoi
Clé Supprimée : HKLM\Software\ImInstaller
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Clé Supprimée : [x64] HKLM\SOFTWARE\DataMngr
Clé Supprimée : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Navigateurs ] *****

-\ Internet Explorer v10.0.9200.16635

Paramètre Supprimé : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=FR&userid=0c05bb7b-6708-4534-a121-54fc478c5f06&searchtype=ds&q={searchTerms}
Paramètre Réinitialisé : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Paramètre Réinitialisé : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Paramètre Réinitialisé : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Paramètre Réinitialisé : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\ Mozilla Firefox v8.0.1 (fr)

Dossier Supprimé : C:\Users\Frédéric\AppData\Roaming\Mozilla\Firefox\Profiles\jfytefnj.default\Extensions\{04253F76-F258-4B03-7B4A-0BEBAD2CA3E9}
Dossier Supprimé : C:\Users\Frédéric\AppData\Roaming\Mozilla\Firefox\Profiles\jfytefnj.default\Extensions\ffxtlbr@delta.com
Valeur Supprimée : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]
Valeur Supprimée : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis@SpeedAnalysis.com]
Fichier Supprimé : C:\Users\Frédéric\AppData\Roaming\Mozilla\Firefox\Profiles\jfytefnj.default\searchplugins\Askcom.xml
Fichier Supprimé : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
Fichier Supprimé : C:\Users\Frédéric\AppData\Roaming\Mozilla\Firefox\Profiles\jfytefnj.default\searchplugins\delta.xml
Fichier Supprimé : C:\Users\Frédéric\AppData\Roaming\Mozilla\Firefox\Profiles\jfytefnj.default\searchplugins\mngr.xml
Fichier Supprimé : C:\Users\Frédéric\AppData\Roaming\Mozilla\Firefox\Profiles\jfytefnj.default\searchplugins\Web Search.xml
Fichier Supprimé : C:\Users\Frédéric\AppData\Roaming\Mozilla\Firefox\Profiles\jfytefnj.default\bprotector_extensions.sqlite
Fichier Supprimé : C:\Users\Frédéric\AppData\Roaming\Mozilla\Firefox\Profiles\jfytefnj.default\user.js

[ Fichier : C:\Users\Frédéric\AppData\Roaming\Mozilla\Firefox\Profiles\jfytefnj.default\prefs.js ]

Ligne Supprimée : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=119649&tt=070312_w1&babs[...]
Ligne Supprimée : user_pref("avg.install.userSPSettings", "Delta Search");
Ligne Supprimée : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Ligne Supprimée : user_pref("browser.search.defaultengine", "Ask.com");
Ligne Supprimée : user_pref("browser.search.defaultenginename", "Ask.com");
Ligne Supprimée : user_pref("browser.search.order.1", "Ask.com");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.admin", false);
Ligne Supprimée : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.excTlbr", false);
Ligne Supprimée : user_pref("extensions.BabylonToolbar.id", "22fa62450000000000002a7c8f270659");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.instlDay", "15667");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Ligne Supprimée : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Ligne Supprimée : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Ligne Supprimée : user_pref("extensions.BabylonToolbar_i.babExt", "");
Ligne Supprimée : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109129");
Ligne Supprimée : user_pref("extensions.BabylonToolbar_i.newTab", true);
Ligne Supprimée : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110824&tt=4712_[...]
Ligne Supprimée : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Ligne Supprimée : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Ligne Supprimée : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.820:49:56");
Ligne Supprimée : user_pref("extensions.delta.admin", false);
Ligne Supprimée : user_pref("extensions.delta.aflt", "babsst");
Ligne Supprimée : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Ligne Supprimée : user_pref("extensions.delta.autoRvrt", "false");
Ligne Supprimée : user_pref("extensions.delta.bbDpng", "16");
Ligne Supprimée : user_pref("extensions.delta.cntry", "FR");
Ligne Supprimée : user_pref("extensions.delta.dfltLng", "en");
Ligne Supprimée : user_pref("extensions.delta.excTlbr", false);
Ligne Supprimée : user_pref("extensions.delta.hdrMd5", "B4FF9EF17F00ABE61544CDA255FE678C");
Ligne Supprimée : user_pref("extensions.delta.id", "22fa62450000000000002a7c8f270659");
Ligne Supprimée : user_pref("extensions.delta.instlDay", "15780");
Ligne Supprimée : user_pref("extensions.delta.instlRef", "sst");
Ligne Supprimée : user_pref("extensions.delta.lastVrsnTs", "1.8.10.020:09:44");
Ligne Supprimée : user_pref("extensions.delta.newTab", false);
Ligne Supprimée : user_pref("extensions.delta.prdct", "delta");
Ligne Supprimée : user_pref("extensions.delta.prtnrId", "delta");
Ligne Supprimée : user_pref("extensions.delta.rvrt", "false");
Ligne Supprimée : user_pref("extensions.delta.sg", "azb");
Ligne Supprimée : user_pref("extensions.delta.smplGrp", "none");
Ligne Supprimée : user_pref("extensions.delta.tlbrId", "base");
Ligne Supprimée : user_pref("extensions.delta.tlbrSrchUrl", "");
Ligne Supprimée : user_pref("extensions.delta.vrsn", "1.8.10.0");
Ligne Supprimée : user_pref("extensions.delta.vrsnTs", "1.8.10.020:09:44");
Ligne Supprimée : user_pref("extensions.delta.vrsni", "1.8.10.0");
Ligne Supprimée : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"msntoolbar@msn.[...]

-\ Google Chrome v28.0.1500.95

Dossier Supprimé : C:\Users\Frédéric\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\dppahnkclbmppnmcoifolpjmeppoakfb
Dossier Supprimé : C:\Users\Frédéric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Fichier Supprimé : C:\Users\Frédéric\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Fichier Supprimé : C:\Users\Frédéric\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences

[ Fichier : C:\Users\Frédéric\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Restauré : homepage
Restauré : icon_url
Restauré : search_url
Restauré : keyword
Restauré : urls_to_restore_on_startup

*************************

AdwCleaner[0].txt - [13228 octets] - [13/08/2013 23:12:09]

########## EOF - C:\AdwCleaner\AdwCleaner[0].txt - [13288 octets] ##########

Destrio5 · Answer

Je voudrais un nouveau rapport ZHPDiag.

bosniac80 · Answer

voici le deuxième rapport ZHPDiag ~ Rapport de ZHPDiag v2013.8.13.20 - Nicolas Coolman (13/08/2013) ~ Lancé par Frédéric (13/08/2013 23:35:19) ~ Adresse du Site Web https://nicolascoolman.webs.com/ ~ Etat de la version : Version à jour. ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.16635 MFIE: Mozilla Firefox 8.0.1 (Defaut) GCIE: Google Chrome v28.0.1500.95 ---\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 7QJB7 Windows License : OK ~ Windows Remaining Initializations Number : 2 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\ Logiciels de protection du système avast! Free Antivirus v8.0.1489.0 Windows Defender W7 ---\ Logiciels d'optimisation du système ---\ Logiciels de partage PeerToPeer ---\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader XI Java 7 Update 17 ---\ Informations sur le système ~ Processor: AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3838 MB (57% free) System Restore: Activé (Enable) System drive C: has 142 GB (49%) free of 285 GB ---\ Mode de connexion au système ~ Computer Name: FRÉDÉRIC-PC ~ User Name: Frédéric ~ All Users Names: Frédéric, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\ Variables d'environnement ~ System Unit : C:\ ~ %AppData% : C:\Users\Frédéric\AppData\Roaming\ ~ %Desktop% : C:\Users\Frédéric\Desktop\ ~ %Favorites% : C:\Users\Frédéric\Favorites\ ~ %LocalAppData% : C:\Users\Frédéric\AppData\Local\ ~ %StartMenu% : C:\Users\Frédéric\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\ Enumération des unités disques C:\ Hard drive, Flash drive, Thumb drive (Free 142 Go of 285 Go) D:\ CD-ROM drive (Not Inserted) Q:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go) ---\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 29 Legitimates Filtered in 00mn 00s ---\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.FAF6EC2460AD5FBBD38D8E1AE28B0D77] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/06/2013 - 00:26:20.) -- C:\Windows\System32\wininet.dll [2241024] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers etBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers tfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers dx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 00s ---\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/3181 ~ Mes musiques (My Musics) : 21/2882 ~ Mes Videos (My Videos) : 2/48 ~ Mes Favoris (My Favorites) : 1/72 ~ Mes Documents (My Documents) : 2/33107 ~ Mon Bureau (My Desktop) : 1/77 ~ Menu demarrer (Programs) : 1/26 ~ Hidden Files: Scanned in 00mn 13s ---\ Processus lancés au démarrage su système [MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.1488] [MD5.25532414A7A088553527A75B31DF0592] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [924632] [PID.5624] [MD5.10B01048B1DA075CD1EE27E30B4CF342] - (.Google Inc. - Google Toolbar Broker.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe [308816] [PID.2856] =>Toolbar.Google [MD5.30E7CA4620500FE012EB464F0E1DE91E] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.exe [770648] [PID.7572] [MD5.20723F65359524C4E7C587AD480D3907] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7806464] [PID.7372] [MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1448] [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1844] [MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1876] [MD5.9CF46FDF163E06B83D03FF929EF2296C] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [321104] [PID.1944] [MD5.0191DEE9B9EB7902AF2CF4F67301095D] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584] [PID.2008] [MD5.9A308FCDCCA98A15B6F62D36A272160E] - (.NewTech Infosystems, Inc. - Backup Manager Module.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [255744] [PID.1476] [MD5.B8D903B2894FF9AFBD99CA51C35590D7] - (.NTI, Inc. - NTI Backup Now 5 Scheduler Service.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640] [PID.2068] [MD5.C3CDDD18F43D44AB713CF8C4916F7696] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [219496] [PID.2460] [MD5.F9EC9ACD504D823D9B9CA98A4F8D3CA2] - (.Acer Group - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232] [PID.2544] [MD5.13693B6354DD6E72DC5131DA7D764B90] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [508776] [PID.3412] [MD5.72794D112CBAFF3BC0C29BF7350D4741] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822624] [PID.3572] [MD5.B3009DCDBCC5EFA49FA52562E9860E3C] - (.MAGIX AG - Verzeichnisüberwachung und Hilfsaufgaben fü.) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128] [PID.4640] ~ Processes Running: Scanned in 00mn 01s ---\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Frédéric\AppData\Roaming\Mozilla\Firefox\Profiles\jfytefnj.default\prefs.js M2 - MFEP: prefs.js [Frédéric - jfytefnj.default\crossriderapp19962@crossrider.com] [] Supreme Savings v (..) =>PUP.RewardsArcade ~ Firefox Browser: 16 Legitimates Filtered in 00mn 00s ---\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\ Browser Helper Objects de navigateur (O2) O2 - BHO: ToolbarOrange.InitToolbarBHO [64Bits] - {1d970ed5-3eda-438d-bffd-715931e2775b} . (...) -- mscoree.dll (.not file.) O2 - BHO: (no name) [64Bits] - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline O2 - BHO: Searchqu Toolbar [64Bits] - {99079a25-328f-4bd4-be04-00955acaa0a7} . (...) -- C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll (.not file.) =>PUP.Datamngr O2 - BHO: Bing Bar BHO [64Bits] - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} . (.Microsoft Corporation - Bing Bar.) -- C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0 pwinext.dll =>Toolbar.Bing ~ BHO: 14 Legitimates Filtered in 00mn 00s ---\ Internet Explorer Toolbars (O3) O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline O3 - Toolbar: (no name) [64Bits] - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} Clé orpheline O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline ~ Toolbar: Scanned in 00mn 00s ---\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [AmIcoSinglun64] . (.Alcor Micro Corp. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe O4 - HKLM\..\Run: [mwlDaemon] . (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe O4 - HKLM\..\Run: [PLFSetI] . (.Pas de propriétaire - DefaultSettingEXE MFC Application.) -- C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer ePower Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe O4 - HKCU\..\Run: [AutoStartNPSAgent] . (.Samsung Electronics Co., Ltd. - NPSAgent.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Frédéric\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\Frédéric\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe O4 - HKLM\..\Wow6432Node\Run: [Microsoft Default Manager] . (.Microsoft Corporation - Microsoft Default Manager.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe O4 - HKLM\..\Wow6432Node\Run: [Norton Online Backup] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Wow6432Node\Run: [SuiteTray] . (.Egis Technology Inc. - SuiteTray.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe O4 - HKLM\..\Wow6432Node\Run: [EgisUpdate] . (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe O4 - HKLM\..\Wow6432Node\Run: [EgisTecPMMUpdate] . (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Wow6432Node\Run: [NPSStartup] Clé orpheline O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-3601994845-3865652453-3663527033-1000\..\Run: [AutoStartNPSAgent] . (.Samsung Electronics Co., Ltd. - NPSAgent.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKUS\S-1-5-21-3601994845-3865652453-3663527033-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Frédéric\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-3601994845-3865652453-3663527033-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-3601994845-3865652453-3663527033-1000\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\Frédéric\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe ~ Application: Scanned in 00mn 00s ---\ Autres liens utilisateurs (O4) O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\TaskBar: Mozilla Thunderbird.lnk . (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird hunderbird.exe O4 - GS\TaskBar: Samsung New PC Studio.lnk . (.Samsung Electronics Co., Ltd. - New PC Studio.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe O4 - GS\TaskBar: Welcome Center.lnk . (.Acer Incorporated - Welcome Center.) -- C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Mozilla Thunderbird.lnk . (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird hunderbird.exe O4 - GS\QuickLaunch: Samsung New PC Studio.lnk . (.Samsung Electronics Co., Ltd. - New PC Studio.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - GS\Desktop: Assistance Livebox.lnk . (...) -- C:\Program Files (x86)\Orange\Assistance Livebox\AssistanceLivebox.exe O4 - Global Startup: C:\Users\Frédéric\Desktop\Contrôle parental.url . (...) -- C:\Users\Frédéric\Desktop\Contrôle parental.url O4 - GS\Desktop: DVD Photo Slideshow Professional.lnk . (.http://www.dvd-photo-slideshow.com - DVD Photo Slideshow Professional 7.92.) -- C:\Program Files (x86)\DVD Photo Slideshow Professional\DVDPhotoMaker.exe ~ Global Startup: Scanned in 00mn 00s ---\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{8E57C420-59D1-41FD-A9E4-DDCD160CE6E0}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{8E57C420-59D1-41FD-A9E4-DDCD160CE6E0}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{8E57C420-59D1-41FD-A9E4-DDCD160CE6E0}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\ Titr_HJT34=Protocole additionnel (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll O18 - Filter: text/xml [64Bits] - {807553E5-5146-11D5-A672-00B0D022E945} . (...) -- ~ Protocole Additionnel: Scanned in 00mn 00s ---\ Tâches planifiées en automatique (O39) [MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{C7A82D62-D8C6-40A2-9D17-F7CC5550F32F}] (...) -- C:\Users\Frédéric\Local Settings\Application Data\Bundled software uninstaller\biclient.exe (.not file.) [0] ~ Scheduled Task: 21 Legitimates Filtered in 00mn 03s ---\ Logiciels installés (O42) O42 - Logiciel: Facetheme - (.facetheme.com.) [HKLM][64Bits] -- facetheme-apl =>PUP.FCTPlugin ~ Logic: 134 Legitimates Filtered in 00mn 00s ---\ HKCU & HKLM Software Keys [HKCU\Software\IncrediMail] [HKCU\Software\dtSearch Corp.] [HKCU\Software\yahooinstall] =>Toolbar.Yahoo ~ Key Software: 212 Legitimates Filtered in 00mn 00s ---\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 14/02/2013 - 20:39:50 - [0] ----D C:\Program Files (x86)\GUM1F52.tmp O43 - CFD: 13/11/2011 - 17:53:30 - [0,000] ----D C:\ProgramData\IM O43 - CFD: 10/11/2011 - 01:18:58 - [0,009] ----D C:\ProgramData\IncrediMail O43 - CFD: 13/11/2011 - 17:53:26 - [9,300] ----D C:\Users\Frédéric\AppData\Local\IM ~ 1 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 203 Legitimates Filtered in 00mn 05s ---\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.31E79A21D1DA221928E31894B644D884] - 09/08/2013 - 22:35:51 ---A- . (...) -- C:\Windows tbtlog.txt [331720] ~ Files: 14 Legitimates Filtered in 00mn 07s ---\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{9cd16983-8718-11e1-a7d6-206a8a1cb4cd}\AutoRun\command. (...) -- E:\KODAK_Software_Downloader.exe (.not file.) O51 - MPSK:{b602353f-6525-11e0-a570-206a8a1cb4cd}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088] O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 25/10/2007 - 16:26:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys [5632] ~ Drivers: Scanned in 00mn 00s ---\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 22/11/2010 - C:\Windows\System32\DRIVERS\Lbd.sys (Lbd) .(.Lavasoft AB - Boot Driver.) - LEGACY_LBD ~ Legacy: 99 Legitimates Filtered in 00mn 00s ---\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} [DefaultScope] - (Orange) - http://r.orange.fr ~ Keys: Scanned in 00mn 00s ---\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.560624B5BB45407DAD47264278B09BF4] [SPRF][09/08/2013] (...) -- C:\ProgramData\cvaowikcyjsakseuqtl.bat [70] [MD5.36ED8503EADC3FF291B53EA0241D8DF1] [SPRF][09/08/2013] (...) -- C:\ProgramData\cvaowikcyjsakseuqtl.reg [165] [MD5.757C5939F78182919AD8678D78AE05D8] [SPRF][11/02/2011] (...) -- C:\ProgramData\ezsidmv.dat [56] [MD5.0D3B680986310AE5540578C0E481C6A0] [SPRF][02/03/2010] (...) -- C:\ProgramData\FullRemove.exe [131984] [MD5.AF18955096B8AA87CAA6575881388AED] [SPRF][13/08/2012] (...) -- C:\Users\Frédéric\Desktop\setup.exe [473600] [MD5.4C95ED23CE854ED8396FDB50B9428933] [SPRF][15/02/2011] (.Mozilla - Thunderbird.) -- C:\Users\Frédéric\Desktop\Thunderbird-Setup-3.1.7.exe [9534792] [MD5.36C05573CF75F6230D453AD168EF54EA] [SPRF][05/05/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.3 r181.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [3119264] ~ Files: Scanned in 00mn 00s ---\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{B1378E31-10A0-49A0-B4D3-DE178CFCB53F}" |In - Private - P6 - FALSE | .(...) -- C:\Users\Frédéric\AppData\Local\Temp soE4C8.tmp\setup.exe (.not file.) O87 - FAEL: "{8B6E9463-51BE-4DA1-B48C-9A9DBF999097}" |In - Private - P17 - FALSE | .(...) -- C:\Users\Frédéric\AppData\Local\Temp soE4C8.tmp\setup.exe (.not file.) O87 - FAEL: "{3B07CB25-292D-41B7-AC18-0508E560D877}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.) O87 - FAEL: "{A30914DA-DD46-4884-883C-E35648562EB8}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.) O87 - FAEL: "{ED2B983D-CE41-4C2C-AAB4-9B40E94A9C0C}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.) O87 - FAEL: "{B35BC84F-AC92-40E1-B7A6-38CD2F7922C1}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.) O87 - FAEL: "{F8B2F604-0A70-4C02-A5FA-592CD8AD7E78}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.) O87 - FAEL: "{7ED74E30-EEE9-4E4C-8B36-4A58955B2C82}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.) ~ Firewall: 220 Legitimates Filtered in 00mn 01s ---\ Enumère les codes produits des logiciels (PUC) (O90) O90 - PUC: "6207E55EA2FE71A4AA7ABD89AEF31D1B" . (.Babylon Chrome Toolbar.) -- C:\Windows\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}\BabylonSetup.ico =>Toolbar.Babylon ~ Update Products: 120 Legitimates Filtered in 00mn 00s ---\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.0E80651C0CEF41CDFEF8BEAFD20EC16D] [WIS][13/05/2013] (.myphotobook GmbH - myphotobook.fr.) -- C:\Windows\Installer\1b04c0c.msi [76288] [MD5.391DD2D01BE1BF2DCA406A58960BA35A] [WIS][01/06/2010] (.Symantec Corporation - Norton Online Backup Installer.) -- C:\Windows\Installer\1b86c.msi [6360064] [MD5.9FD08D11364F56C4DB1EBA4C65191CEC] [WIS][03/09/2010] (.Egis Technology Inc. - MyWinLocker Suite.) -- C:\Windows\Installer\1b871.msi [58998784] [MD5.B8C9111399484FBF81E5F4C7D04AB8AF] [WIS][03/09/2010] (.Egis Technology Inc. - MyWinLocker.) -- C:\Windows\Installer\1b877.msi [35421984] [MD5.9584455B793041C58771177BB25AB835] [WIS][03/09/2010] (.Egis Technology Inc. - Shredder.) -- C:\Windows\Installer\1b8ae.msi [1647616] [MD5.FF8BF2767B2F38AAE1BAF667B9477DA9] [WIS][03/05/2010] (.ATI Technologies, Inc. - ATI Catalyst Install Manager Installer (64 bit).) -- C:\Windows\Installer\23bc7.msi [6737408] [MD5.E84310EAEFF5AF8368FD66780B664599] [WIS][08/03/2010] (.ATI - Branding.) -- C:\Windows\Installer\23bcc.msi [392192] [MD5.09F0F2D51B2BE16C1675C59460D34825] [WIS][25/02/2010] (.SAH - .) -- C:\Windows\Installer\24df0e.msi [1982976] [MD5.7A66FD7DD6B32F60223485CFAD4A19B8] [WIS][12/07/2013] (.Google - Google Earth.) -- C:\Windows\Installer\25a0bb.msi [921600] [MD5.73122534D527893BDEFD1F707FFB34F6] [WIS][23/07/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\39a39.msi [21803008] [MD5.AB957E456E6FACB69AE994C4C500198E] [WIS][20/11/2011] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\55a722.msi [28160] =>Toolbar.Google [MD5.DB7026F74CC7436FCAF60E43D9C3D732] [WIS][20/10/2011] (.Skype Technologies S.A. - Skype Click to Call.) -- C:\Windows\Installer\5981a.msi [6561792] [MD5.4B3AFEE1BCDB59156D253C8E8D346734] [WIS][15/02/2011] (.Microsoft Corporation - Contrôle ActiveX Windows Live Mesh pour connexions à distance.) -- C:\Windows\Installer\83e9e0.msi [2633216] [MD5.9419559E26D53CC34862DF9B558A2917] [WIS][30/10/2012] (.Babylon Ltd - Babylon Chrome Toolbar.) -- C:\Windows\Installer\9e1a6b.msi [354816] =>Toolbar.Babylon [MD5.6699DDE995B879CEE61FBD8D97BBE97D] [WIS][10/11/2011] (.IncrediMail - IncrediMail.) -- C:\Windows\Installer\d26ba1.msi [2838016] ~ WIS: 123 Legitimates Filtered in 00mn 13s ---\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 23/07/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 27/04/2010 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 11/08/2010 321104 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe SR - | Auto 11/06/2010 868896 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe SR - | Auto 24/05/2011 1840128 | (Fabs) . (.MAGIX AG.) - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe SS - | Demand 26/04/2011 2702848 | (FirebirdServerMAGIXInstance) . (.MAGIX®.) - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe SR - | Auto 08/01/2010 23584 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe SS - | Auto 11/02/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 11/02/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 04/10/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Demand 20/02/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 07/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 27/05/2010 305520 | (MWLService) . (.Egis Technology Inc..) - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe SR - | Auto 01/06/2010 2804568 | (NOBU) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SR - | Auto 28/06/2010 255744 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe SS - | Demand 17/04/2010 50432 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe SR - | Auto 17/04/2010 144640 | (NTISchedulerSvc) . (.NTI, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe SS - | Auto 18/09/2012 1082016 | (Orange update Core Service) . (.France Telecom SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe SR - | Auto 27/07/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe SS - | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SR - | Auto 29/01/2010 243232 | (Updater Service) . (.Acer Group.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SS - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 14s ---\ Scan Additionnel (O88) Database Version : v2.12849 - (13/08/2013) Clés trouvées (Keys found) : 56 Valeurs trouvées (Values found) : 2 Dossiers trouvés (Folders found) : 6 Fichiers trouvés (Files found) : 7 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>PUP.Datamngr^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}] =>Toolbar.Bing^ [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\facetheme-apl] =>PUP.FCTPlugin^ [HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}] =>Adware.Yontoo [HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}] =>Adware.Yontoo [HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon [HKLM\Software\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}] =>Toolbar.Babylon [HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype [HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}] =>Toolbar.Orange [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}] =>Adware.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] =>Toolbar.Skype [HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}] =>Toolbar.Babylon [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent [HKLM\Software\Classes\b] =>Toolbar.Babylon [HKLM\Software\Classes\SearchBar.Client] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32] =>Adware.Bandoo [HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS] =>Adware.Bandoo [HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly [HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly [HKLM\Software\Wow6432Node\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly [HKLM\Software\Wow6432Node\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B] =>PUP.DealPly [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D970ED5-3EDA-438D-BFFD-715931E2775B}] =>Toolbar.Sorcim [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856] =>Adware.IMBooster [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494] =>Adware.IMBooster [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\facetheme-apl] =>PUP.FCTPlugin [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}] =>Toolbar.Avast [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}] =>Toolbar.Avast [HKLM\Software\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}] =>Toolbar.Avast [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}] =>Toolbar.Avast [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}] =>Toolbar.Avast [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast [HKLM\Software\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}] =>Toolbar.Babylon [HKLM\Software\Wow6432Node\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}] =>Toolbar.Babylon [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC] =>Adware.Boxore^ [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^ [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{99079A25-328F-4BD4-BE04-00955ACAA0A7} =>Adware.Bandoo C:\Users\Frédéric\AppData\Roaming\Mozilla\Firefox\Profiles\jfytefnj.default\crossriderapp19962@crossrider.com =>PUP.RewardsArcade^ C:\Program Files (x86)\Software =>Adware.Boxore C:\ProgramData\Software =>Adware.Boxore C:\Users\Frédéric\AppData\Local\Software =>Adware.Boxore C:\Users\Frédéric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk =>PUP.RewardsArcade C:\Users\Frédéric\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon =>PUP.SpeedAnalysis C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe =>Toolbar.Google^ C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0 pwinext.dll =>Toolbar.Bing^ C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll =>Toolbar.Google^ [HKCU\Software\yahooinstall] =>Toolbar.Yahoo^ C:\Windows\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}\BabylonSetup.ico =>Toolbar.Babylon^ C:\Windows\Installer\55a722.msi =>Toolbar.Google^ C:\Windows\Installer\9e1a6b.msi =>Toolbar.Babylon^ ~ Additionnel Scan: 333916 Items scanned in 00mn 36s ---\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/28000037-pup-rewardsarcade =>PUP.RewardsArcade ~ http://nicolascoolman.webs.com/apps/blog/show/27583992-pup-datamngr =>PUP.Datamngr ~ http://nicolascoolman.webs.com/apps/blog/show/31536787-toolbar-bing =>Toolbar.Bing ~ http://nicolascoolman.webs.com/apps/blog/show/30049678-pup-fctplugin =>PUP.FCTPlugin ~ http://nicolascoolman.webs.com/apps/blog/show/30268689-toolbar-yahoo =>Toolbar.Yahoo ~ http://nicolascoolman.webs.com/apps/blog/show/26627369-toolbar-babylon =>Toolbar.Babylon ~ http://nicolascoolman.webs.com/apps/blog/show/26811836-adware-yontoo =>Adware.Yontoo ~ http://nicolascoolman.webs.com/apps/blog/show/30898245-toolbar-skype =>Toolbar.Skype ~ http://nicolascoolman.webs.com/apps/blog/show/26611092-adware-bandoo =>Adware.Bandoo ~ http://nicolascoolman.webs.com/apps/blog/show/28060597-pup-dealply =>PUP.DealPly ~ http://nicolascoolman.webs.com/apps/blog/show/26684723-adware-imbooster =>Adware.IMBooster ~ http://nicolascoolman.webs.com/apps/blog/show/30898585-toolbar-avast =>Toolbar.Avast ~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore ~ http://nicolascoolman.webs.com/apps/blog/show/28153012-pup-speedanalysis =>PUP.SpeedAnalysis ~ MSI: 14 link(s) detected in 00mn 36s ~ 1174 Legitimates filtered by white list

Destrio5 · Answer

--> Copie tout le texte présent en gras ci-dessous (Sélectionne-le, clique droit dessus et choisis "Copier").


SysRestore
M2 - MFEP: prefs.js [Frédéric - jfytefnj.default\crossriderapp19962@crossrider.com] [] Supreme Savings v (..) 
O2 - BHO: ToolbarOrange.InitToolbarBHO [64Bits] - {1d970ed5-3eda-438d-bffd-715931e2775b} . (...) -- mscoree.dll (.not file.) 
O2 - BHO: (no name) [64Bits] - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline  
O2 - BHO: Searchqu Toolbar [64Bits] - {99079a25-328f-4bd4-be04-00955acaa0a7} . (...) -- C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll (.not file.) 
O2 - BHO: Bing Bar BHO [64Bits] - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} . (.Microsoft Corporation - Bing Bar.) -- C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0
pwinext.dll 
O3 - Toolbar: (no name) [64Bits] - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Clé orpheline    
O3 - Toolbar: (no name) [64Bits] - [HKLM]{ae07101b-46d4-4a98-af68-0333ea26e113} Clé orpheline   
O3 - Toolbar: Google Toolbar [64Bits] - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll   
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline 
OPT:O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe  
[MD5.00000000000000000000000000000000] [APT] [Ad-Aware Update (Weekly)] (...) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (.not file.) [0]  
[MD5.00000000000000000000000000000000] [APT] [{C7A82D62-D8C6-40A2-9D17-F7CC5550F32F}] (...) -- C:\Users\Frédéric\Local Settings\Application Data\Bundled software uninstaller\biclient.exe (.not file.) [0]
O42 - Logiciel: Facetheme - (.facetheme.com.) [HKLM][64Bits] -- facetheme-apl  
[HKCU\Software\yahooinstall] 
O43 - CFD: 14/02/2013 - 20:39:50 - [0] ----D C:\Program Files (x86)\GUM1F52.tmp 
O64 - Services: CurCS - 22/11/2010 - C:\Windows\System32\DRIVERS\Lbd.sys (Lbd) .(.Lavasoft AB - Boot Driver.) - LEGACY_LBD  
O87 - FAEL: "{B1378E31-10A0-49A0-B4D3-DE178CFCB53F}" |In - Private - P6 - FALSE | .(...) -- C:\Users\Frédéric\AppData\Local\Temp
soE4C8.tmp\setup.exe (.not file.)    
O87 - FAEL: "{8B6E9463-51BE-4DA1-B48C-9A9DBF999097}" |In - Private - P17 - FALSE | .(...) -- C:\Users\Frédéric\AppData\Local\Temp
soE4C8.tmp\setup.exe (.not file.) 
O90 - PUC: "6207E55EA2FE71A4AA7ABD89AEF31D1B" . (.Babylon Chrome Toolbar.) -- C:\Windows\Installer\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}\BabylonSetup.ico  
[MD5.9419559E26D53CC34862DF9B558A2917] [WIS][30/10/2012] (.Babylon Ltd - Babylon Chrome Toolbar.) -- C:\Windows\Installer\9e1a6b.msi [354816] 
[MD5.AB957E456E6FACB69AE994C4C500198E] [WIS][20/11/2011] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\55a722.msi [28160] 
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}]   =>PUP.Datamngr^ 
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}]   =>Toolbar.Bing^ 
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\facetheme-apl]   =>PUP.FCTPlugin^ 
[HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]   =>Adware.Yontoo 
[HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}]   =>Adware.Yontoo 
[HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}]   =>Toolbar.Babylon 
[HKLM\Software\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}]   =>Toolbar.Babylon 
[HKLM\Software\Wow6432Node\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}]   =>Toolbar.Babylon 
[HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}]   =>Toolbar.Babylon 
[HKLM\Software\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}]   =>Toolbar.Babylon 
[HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}]   =>Toolbar.Babylon 
[HKLM\Software\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}]   =>Toolbar.Babylon 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype 
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}]   =>Toolbar.Skype 
[HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}]   =>Toolbar.Babylon 
[HKLM\Software\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}]   =>Toolbar.Babylon 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}]   =>Adware.Bandoo 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}]   =>Adware.Bandoo 
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}]   =>Adware.Bandoo 
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}]   =>Toolbar.Orange 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}]   =>Adware.Agent 
[HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}]   =>Adware.Agent 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype 
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]   =>Toolbar.Skype 
[HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}]   =>Toolbar.Babylon 
[HKLM\Software\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}]   =>Toolbar.Babylon 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}]   =>Toolbar.Agent 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C9A6357B-25CC-4BCF-96C1-78736985D412}]   =>Toolbar.Agent 
[HKLM\Software\Classes\b]   =>Toolbar.Babylon 
[HKLM\Software\Classes\SearchBar.Client]   =>Toolbar.Agent 
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]   =>Adware.Bandoo 
[HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]   =>Adware.Bandoo 
[HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B]   =>PUP.DealPly 
[HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B]   =>PUP.DealPly 
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B]   =>PUP.DealPly 
[HKLM\Software\Wow6432Node\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B]   =>PUP.DealPly 
[HKLM\Software\Wow6432Node\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B]   =>PUP.DealPly 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D970ED5-3EDA-438D-BFFD-715931E2775B}]   =>Toolbar.Sorcim 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D970ED5-3EDA-438D-BFFD-715931E2775B}]   =>Toolbar.Sorcim 
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D970ED5-3EDA-438D-BFFD-715931E2775B}]   =>Toolbar.Sorcim 
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47]   =>Adware.IMBooster 
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856]   =>Adware.IMBooster 
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494]   =>Adware.IMBooster 
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\facetheme-apl]   =>PUP.FCTPlugin 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]   =>Toolbar.Avast 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]   =>Toolbar.Avast 
[HKLM\Software\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]   =>Toolbar.Avast 
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]   =>Toolbar.Avast 
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}]   =>Toolbar.Avast 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]   =>Toolbar.Avast 
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]   =>Toolbar.Avast 
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]   =>Toolbar.Avast 
[HKLM\Software\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}]   =>Toolbar.Babylon 
[HKLM\Software\Wow6432Node\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}]   =>Toolbar.Babylon 
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC]   =>Adware.Boxore^ 
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F}   =>Toolbar.Google^ 
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{99079A25-328F-4BD4-BE04-00955ACAA0A7}   =>Adware.Bandoo 
C:\Users\Frédéric\AppData\Roaming\Mozilla\Firefox\Profiles\jfytefnj.default\crossriderapp19962@crossrider.com   =>PUP.RewardsArcade^ 
C:\Program Files (x86)\Software   =>Adware.Boxore 
C:\ProgramData\Software   =>Adware.Boxore 
C:\Users\Frédéric\AppData\Local\Software   =>Adware.Boxore 
C:\Users\Frédéric\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk   =>PUP.RewardsArcade 
C:\Users\Frédéric\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon 
EmptyCLSID
EmptyFlash
EmptyTemp


--> Puis lance ZHPFix depuis le raccourci situé sur ton Bureau.

--> Clique sur le bouton "Coller le presse-papier". 

--> Clique sur "GO" pour lancer le nettoyage. Laisse l'outil travailler et ne touche à rien.

--> Accepte la désinstallation des programmes si proposé, mais refuse le redémarrage de ton PC si également proposé, car cela stopperait ZHPFix.

--> Une fois terminé, copie-colle le rapport dans ton prochain message.

bosniac80 · Answer

bonjour voici le dernier rapport. Bosniac 80
Rapport de ZHPFix 2013.7.20.5 par Nicolas Coolman, Update du 20/07/2013
Fichier d'export Registre : C:\ZHP\ZHPExportRegistry-14-08-2013-12-19-35.txt
Run by Frédéric at 14/08/2013 12:19:34
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Corbeille vidée

========== Logiciel(s) ==========
ABSENT Uninstall Process: c:\program files (x86)\object\facetheme-apl_uninstall.exe

========== Clé(s) du Registre ==========
SUPPRIME [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\facetheme-apl]
SUPPRIME Key: CLSID BHO: {1d970ed5-3eda-438d-bffd-715931e2775b}
SUPPRIME Key: CLSID BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
SUPPRIME  Key: CLSID: [HKLM\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
SUPPRIME Key: CLSID BHO: {99079a25-328f-4bd4-be04-00955acaa0a7}
SUPPRIME Key: CLSID BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f}
SUPPRIME  Key: CLSID: [HKLM\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}]
SUPPRIME  Key: CLSID: [HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
SUPPRIME Key: HKCU\Software\yahooinstall
ERREUR Key: Service Legacy: LEGACY_LBD
SUPPRIME Key: \Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
SUPPRIME Key: \Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
ABSENT Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\facetheme-apl
SUPPRIME Key: HKLM\Software\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
SUPPRIME Key: HKLM\Software\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
SUPPRIME Key: HKLM\Software\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
SUPPRIME Key: HKLM\Software\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
ABSENT Key: HKLM\Software\Wow6432Node\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
SUPPRIME Key*: HKLM\Software\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
ABSENT Key: HKLM\Software\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
SUPPRIME Key*: HKLM\Software\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
ABSENT Key: HKLM\Software\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
SUPPRIME Key: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
SUPPRIME Key*: HKLM\Software\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
ABSENT Key: HKLM\Software\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
ABSENT Key: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
SUPPRIME Key: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A047FE02-C91C-41CB-898C-4ED21B86025A}
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113}
ABSENT Key: HKLM\Software\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
SUPPRIME Key: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
SUPPRIME Key*: HKLM\Software\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
ABSENT Key: HKLM\Software\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C9A6357B-25CC-4BCF-96C1-78736985D412}
SUPPRIME Key: HKLM\Software\Classes\b
SUPPRIME Key: HKLM\Software\Classes\SearchBar.Client
SUPPRIME Key: HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
SUPPRIME Key: HKLM\Software\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
ABSENT Key: HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
ABSENT Key: HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
SUPPRIME Key*: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
ABSENT Key: HKLM\Software\Wow6432Node\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
ABSENT Key: HKLM\Software\Wow6432Node\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D970ED5-3EDA-438D-BFFD-715931E2775B}
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D970ED5-3EDA-438D-BFFD-715931E2775B}
ABSENT Key: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D970ED5-3EDA-438D-BFFD-715931E2775B}
SUPPRIME Key*: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
SUPPRIME Key*: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
SUPPRIME Key*: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
ABSENT Key: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\facetheme-apl
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
ABSENT Key: HKLM\Software\Classes\CLSID\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
SUPPRIME Key*: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
ABSENT Key: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
SUPPRIME Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
SUPPRIME Key: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
SUPPRIME Key*: HKLM\Software\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
ABSENT Key: HKLM\Software\Wow6432Node\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
SUPPRIME Key*: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC

========== Valeur(s) du Registre ==========
SUPPRIME Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
SUPPRIME Toolbar: {ae07101b-46d4-4a98-af68-0333ea26e113}
SUPPRIME Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}
SUPPRIME RunValue: QuickTime Task
SUPPRIME {B1378E31-10A0-49A0-B4D3-DE178CFCB53F}
SUPPRIME {8B6E9463-51BE-4DA1-B48C-9A9DBF999097}
ABSENT [HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F}
SUPPRIME [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar]:{99079A25-328F-4BD4-BE04-00955ACAA0A7}

========== Dossier(s) ==========
SUPPRIME Folder: C:\Users\Frédéric\AppData\Local\{AABF3338-A9C7-4EAF-A7CB-B5398D306A3E}
SUPPRIME Flash Cookies
SUPPRIME Temporaires Windows

========== Fichier(s) ==========
ABSENT File: mscoree.dll
ABSENT File: c:\progra~2\wi3c8a~1\datamngr	oolbar\searchqudtx.dll
SUPPRIME File: c:\program files (x86)\msn toolbar\platform\6.0.2282.0
pwinext.dll 
SUPPRIME File: C:\Windows\Installer\9e1a6b.msi
SUPPRIME File*: c:\windows\installer\9e1a6b.msi
SUPPRIME File: C:\Windows\Installer\55a722.msi
SUPPRIME File*: c:\windows\installer\55a722.msi
ABSENT Folder/File: c:\users\frédéric\appdataoaming\mozilla\firefox\profiles\jfytefnj.default\crossriderapp19962@crossrider.com
SUPPRIME Flash Cookies
SUPPRIME Temporaires Windows

========== Tache planifiée ==========
SUPPRIME Task: Ad-Aware Update (Weekly)
SUPPRIME Task: {C7A82D62-D8C6-40A2-9D17-F7CC5550F32F}

========== Restauration Système ==========
Point de restauration du système créé avec succès


========== Récapitulatif ==========
68 : Clé(s) du Registre
8 : Valeur(s) du Registre
3 : Dossier(s)
10 : Fichier(s)
1 : Logiciel(s)
2 : Tache planifiée
1 : Restauration Système


End of clean in 02mn 50s

========== Chemin de fichier rapport ==========
C:\ZHP\ZHPFix[R1].txt - 14/08/2013 12:19:35 [9121]

Destrio5 · Answer

Plus de souci ?

Un nouveau rapport ZHPDiag s'il te plaît.

bosniac80 · Answer

bonsoir. Le problème subsiste je te mets le dernier rapport ZHPDiag Rapport de ZHPDiag v2013.8.13.20 - Nicolas Coolman (13/08/2013) ~ Lancé par Frédéric (14/08/2013 18:58:44) ~ Adresse du Site Web https://nicolascoolman.webs.com/ ~ Etat de la version : Version à jour. ~ Liste blanche : Activée par le programme ~ Elévation des Privilèges : OK ~ User Account Control (UAC): Deactivate by program ---\ Navigateurs Internet MSIE: Internet Explorer v10.0.9200.16635 MFIE: Mozilla Firefox 8.0.1 (Defaut) GCIE: Google Chrome v28.0.1500.95 ---\ Informations sur les produits Windows ~ Langage: Français Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Windows ID Activation : OK ~ Windows Partial Key : 7QJB7 Windows License : OK ~ Windows Remaining Initializations Number : 2 Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\ Logiciels de protection du système avast! Free Antivirus v8.0.1489.0 Windows Defender W7 ---\ Logiciels d'optimisation du système ---\ Logiciels de partage PeerToPeer ---\ Surveillance de Logiciels Adobe Flash Player 11 Plugin Adobe Reader XI Java 7 Update 17 ---\ Informations sur le système ~ Processor: AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 3838 MB (60% free) System Restore: Activé (Enable) System drive C: has 142 GB (49%) free of 285 GB ---\ Mode de connexion au système ~ Computer Name: FRÉDÉRIC-PC ~ User Name: Frédéric ~ All Users Names: Frédéric, Administrateur, ~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89 Logged in as Administrator ---\ Variables d'environnement ~ System Unit : C:\ ~ %AppData% : C:\Users\Frédéric\AppData\Roaming\ ~ %Desktop% : C:\Users\Frédéric\Desktop\ ~ %Favorites% : C:\Users\Frédéric\Favorites\ ~ %LocalAppData% : C:\Users\Frédéric\AppData\Local\ ~ %StartMenu% : C:\Users\Frédéric\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\ Enumération des unités disques C:\ Hard drive, Flash drive, Thumb drive (Free 142 Go of 285 Go) D:\ CD-ROM drive (Not Inserted) Q:\ Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go) ---\ Etat du Centre de Sécurité Windows [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified ~ Security Center: 29 Legitimates Filtered in 00mn 00s ---\ Recherche particulière de fichiers génériques [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Explorateur Windows.) (.25/02/2011 - 07:19:30.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Application de démarrage de Windows.) (.14/07/2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.FAF6EC2460AD5FBBD38D8E1AE28B0D77] - (.Microsoft Corporation - Extensions Internet pour Win32.) (.12/06/2013 - 00:26:20.) -- C:\Windows\System32\wininet.dll [2241024] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Application d'ouverture de session Windows.) (.20/11/2010 - 14:25:30.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Bibliothèque de licences.) (.20/11/2010 - 14:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 04:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14/07/2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/07/2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 10:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 10:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 11:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Pilote de port i8042.) (.14/07/2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14/07/2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.27/04/2011 - 03:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 10:23:20.) -- C:\Windows\system32\Drivers etBT.sys [261632] [MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Pilote du système de fichiers NT.) (.12/04/2013 - 15:45:08.) -- C:\Windows\system32\Drivers tfs.sys [1656680] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Pilote de port parallèle.) (.14/07/2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 11:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14/07/2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 10:21:56.) -- C:\Windows\system32\Drivers dx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Pilote de cliché instantané du volume.) (.20/11/2010 - 14:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Scanned in 00mn 01s ---\ Etat des fichiers cachés (Caché/Total) ~ Mes images (My Pictures) : 2/3181 ~ Mes musiques (My Musics) : 21/2882 ~ Mes Videos (My Videos) : 2/48 ~ Mes Favoris (My Favorites) : 1/72 ~ Mes Documents (My Documents) : 2/33107 ~ Mon Bureau (My Desktop) : 1/78 ~ Menu demarrer (Programs) : 1/26 ~ Hidden Files: Scanned in 01mn 11s ---\ Processus lancés au démarrage su système [MD5.9A44D5BBD020F904E18BD1BEAB49BEF2] - (.Orange - Executable Orange Inside.) -- C:\Users\Frédéric\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe [1511424] [PID.3224] [MD5.0D6972A795995F07B6D78CA7724744FB] - (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552] [PID.3856] [MD5.75102FC486595CF486DFD7239BE30DD5] - (.Pas de propriétaire - DefaultSettingEXE MFC Application.) -- C:\Windows\PLFSetI.exe [206208] [PID.3932] [MD5.1E377D64DACD4E4656C86241CE5A1233] - (.Samsung Electronics Co., Ltd. - NPSAgent.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576] [PID.3896] [MD5.94F80155B91B8DF7A0EAD527C853D377] - (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984] [PID.4784] [MD5.749949494676218FFA99501F4AA22ECC] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [10376704] [PID.4856] [MD5.18A2E16BCB1D76DA0A7AE666FB755D35] - (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird hunderbird.exe [389016] [PID.4876] [MD5.0ADF079D36B2C25E6E9BECE1BD937ACE] - (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920] [PID.4892] [MD5.38218E47372B77DDB3C9DDD4390CB960] - (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe [975952] [PID.4920] [MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.4928] [MD5.8E2A7F1F62467A7DCB8AB2C0642F47CA] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.4948] [MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848] [PID.4980] [MD5.4EE367B8B1964160A1F1B80095183D3A] - (.OpenOffice.org - OpenOffice.org 3.4.1.) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [10368512] [PID.880] [MD5.1DB860CA1C72B0B953B9555BB390E554] - (.Dritek System Inc. - Launch Manager Worker.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe [305744] [PID.4152] [MD5.F255E48EA981E943A14CF16269F3F3AF] - (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584] [PID.2100] [MD5.25532414A7A088553527A75B31DF0592] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [924632] [PID.1412] [MD5.5DFE72B9F1FF669070FC032090B7B982] - (.Sun Microsystems, Inc. - Java(TM) Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507312] [PID.2396] [MD5.20723F65359524C4E7C587AD480D3907] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7806464] [PID.4500] [MD5.28D6701C710AD7BA3CB95E75F8F1A9AA] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808] [PID.1324] [MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1732] [MD5.4FE5C6D40664AE07BE5105874357D2ED] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [57008] [PID.1776] [MD5.9CF46FDF163E06B83D03FF929EF2296C] - (.Dritek System Inc. - Dritek WMI Service.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe [321104] [PID.1856] [MD5.0191DEE9B9EB7902AF2CF4F67301095D] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [23584] [PID.1920] [MD5.9A308FCDCCA98A15B6F62D36A272160E] - (.NewTech Infosystems, Inc. - Backup Manager Module.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [255744] [PID.2024] [MD5.B8D903B2894FF9AFBD99CA51C35590D7] - (.NTI, Inc. - NTI Backup Now 5 Scheduler Service.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640] [PID.2044] [MD5.C3CDDD18F43D44AB713CF8C4916F7696] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [219496] [PID.2164] [MD5.F9EC9ACD504D823D9B9CA98A4F8D3CA2] - (.Acer Group - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [243232] [PID.2268] [MD5.13693B6354DD6E72DC5131DA7D764B90] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [508776] [PID.2464] [MD5.72794D112CBAFF3BC0C29BF7350D4741] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822624] [PID.3640] [MD5.B3009DCDBCC5EFA49FA52562E9860E3C] - (.MAGIX AG - Verzeichnisüberwachung und Hilfsaufgaben fü.) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128] [PID.1740] ~ Processes Running: Scanned in 00mn 01s ---\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3) C:\Users\Frédéric\AppData\Roaming\Mozilla\Firefox\Profiles\jfytefnj.default\prefs.js C:\Users\Frédéric\AppData\Roaming\Mozilla\Firefox\Profiles\jfytefnj.default\user.js ~ Firefox Browser: 16 Legitimates Filtered in 00mn 00s ---\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Scanned in 00mn 00s ---\ Analyse des lignes F0, F1, F2, F3 - IniFiles, Autoloading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Scanned in 00mn 00s ---\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\ Browser Helper Objects de navigateur (O2) O2 - BHO: Google Toolbar Helper [64Bits] - {AA58ED58-01DD-4d91-8333-CF10577473F7} . (...) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (.not file.) =>Toolbar.Google ~ BHO: 7 Legitimates Filtered in 00mn 00s ---\ Applications démarrées par registre & par dossier (O4) O4 - HKLM\..\Run: [AmIcoSinglun64] . (.Alcor Micro Corp. - Single LUN Icon Utility for VID 058F PID 63.) -- C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe O4 - HKLM\..\Run: [mwlDaemon] . (.Egis Technology Inc. - MyWinLocker.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe O4 - HKLM\..\Run: [PLFSetI] . (.Pas de propriétaire - DefaultSettingEXE MFC Application.) -- C:\Windows\PLFSetI.exe O4 - HKLM\..\Run: [Apoint] . (.Alps Electric Co., Ltd. - Alps Pointing-device Driver.) -- C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer ePower Management] . (.Acer Incorporated - ePowerTray.) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe O4 - HKCU\..\Run: [AutoStartNPSAgent] . (.Samsung Electronics Co., Ltd. - NPSAgent.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Frédéric\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKCU\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\Frédéric\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe O4 - HKLM\..\Wow6432Node\Run: [Microsoft Default Manager] . (.Microsoft Corporation - Microsoft Default Manager.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe O4 - HKLM\..\Wow6432Node\Run: [BackupManagerTray] . (.NewTech Infosystems, Inc. - Acer Backup Manager.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe O4 - HKLM\..\Wow6432Node\Run: [Norton Online Backup] . (.Symantec Corporation - Norton Online Backup Service.) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe O4 - HKLM\..\Wow6432Node\Run: [SuiteTray] . (.Egis Technology Inc. - SuiteTray.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe O4 - HKLM\..\Wow6432Node\Run: [EgisUpdate] . (.Egis Technology Inc. - EgisUpdate Release Application.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe O4 - HKLM\..\Wow6432Node\Run: [EgisTecPMMUpdate] . (.Egis Technology Inc. - PMM Update Application.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Wow6432Node\Run: [LManager] . (.Dritek System Inc. - Launch Manager.) -- C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Wow6432Node\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe O4 - HKLM\..\Wow6432Node\Run: [NPSStartup] Clé orpheline O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets du Bureau Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-3601994845-3865652453-3663527033-1000\..\Run: [AutoStartNPSAgent] . (.Samsung Electronics Co., Ltd. - NPSAgent.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe O4 - HKUS\S-1-5-21-3601994845-3865652453-3663527033-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Programme d'installation de Facebook.) -- C:\Users\Frédéric\AppData\Local\Facebook\Update\FacebookUpdate.exe O4 - HKUS\S-1-5-21-3601994845-3865652453-3663527033-1000\..\Run: [swg] . (.Google Inc. - GoogleToolbarNotifier.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-21-3601994845-3865652453-3663527033-1000\..\Run: [OrangeInside] . (.Orange - Executable Orange Inside.) -- C:\Users\Frédéric\AppData\Roaming\Orange\OrangeInside\one\OrangeInside.exe ~ Application: Scanned in 00mn 00s ---\ Autres liens utilisateurs (O4) O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\TaskBar: Mozilla Thunderbird.lnk . (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird hunderbird.exe O4 - GS\TaskBar: Samsung New PC Studio.lnk . (.Samsung Electronics Co., Ltd. - New PC Studio.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe O4 - GS\TaskBar: Welcome Center.lnk . (.Acer Incorporated - Welcome Center.) -- C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Explorateur Windows.) -- C:\Windows\explorer.exe O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Lecteur Windows Media.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Mozilla Thunderbird.lnk . (.Mozilla Corporation - Thunderbird.) -- C:\Program Files (x86)\Mozilla Thunderbird hunderbird.exe O4 - GS\QuickLaunch: Samsung New PC Studio.lnk . (.Samsung Electronics Co., Ltd. - New PC Studio.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSGuide.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Éditeur de caractères privés.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe O4 - GS\Desktop: Assistance Livebox.lnk . (...) -- C:\Program Files (x86)\Orange\Assistance Livebox\AssistanceLivebox.exe O4 - Global Startup: C:\Users\Frédéric\Desktop\Contrôle parental.url . (...) -- C:\Users\Frédéric\Desktop\Contrôle parental.url O4 - GS\Desktop: DVD Photo Slideshow Professional.lnk . (.http://www.dvd-photo-slideshow.com - DVD Photo Slideshow Professional 7.92.) -- C:\Program Files (x86)\DVD Photo Slideshow Professional\DVDPhotoMaker.exe ~ Global Startup: Scanned in 00mn 00s ---\ Modification Domaine/Adresses DNS (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{8E57C420-59D1-41FD-A9E4-DDCD160CE6E0}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{8E57C420-59D1-41FD-A9E4-DDCD160CE6E0}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{8E57C420-59D1-41FD-A9E4-DDCD160CE6E0}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Scanned in 00mn 00s ---\ Titr_HJT34=Protocole additionnel (O18) O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visionneuse HTML Microsoft (R).) -- C:\Windows\System32\mshtml.dll O18 - Filter: text/xml [64Bits] - {807553E5-5146-11D5-A672-00B0D022E945} . (...) -- ~ Protocole Additionnel: Scanned in 00mn 00s ---\ HKCU & HKLM Software Keys [HKCU\Software\IncrediMail] [HKCU\Software\dtSearch Corp.] ~ Key Software: 210 Legitimates Filtered in 00mn 00s ---\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43) O43 - CFD: 13/11/2011 - 17:53:30 - [0,000] ----D C:\ProgramData\IM O43 - CFD: 10/11/2011 - 01:18:58 - [0,009] ----D C:\ProgramData\IncrediMail O43 - CFD: 13/11/2011 - 17:53:26 - [9,300] ----D C:\Users\Frédéric\AppData\Local\IM ~ Program Folder: 198 Legitimates Filtered in 03mn 04s ---\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44) O44 - LFC:[MD5.31E79A21D1DA221928E31894B644D884] - 09/08/2013 - 22:35:51 ---A- . (...) -- C:\Windows tbtlog.txt [331720] ~ Files: 14 Legitimates Filtered in 00mn 08s ---\ Clé de registre Shell MountPoints2 (MPKS) (O51) O51 - MPSK:{9cd16983-8718-11e1-a7d6-206a8a1cb4cd}\AutoRun\command. (...) -- E:\KODAK_Software_Downloader.exe (.not file.) O51 - MPSK:{b602353f-6525-11e0-a570-206a8a1cb4cd}\AutoRun\command. (...) -- E:\LaunchU3.exe (.not file.) ~ Keys: Scanned in 00mn 00s ---\ Enumération des clés de registre PoliciesSystem (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ MWPS: 16 Legitimates Filtered in 00mn 00s ---\ Enumération des clés de registre PoliciesExplorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 ~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s ---\ Liste des pilotes du système (SDL) (O58) O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 14/07/2009 - 02:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088] O58 - SDL:[MD5.306521935042FC0A6988D528643619B3] - 25/10/2007 - 16:26:10 ---A- . (...) -- C:\Windows\SysWOW64\drivers\StarOpen.sys [5632] ~ Drivers: Scanned in 00mn 00s ---\ Liste des outils de désinfection (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Scanned in 00mn 00s ---\ Liste les services legacy du registre (LALS) (O64) O64 - Services: CurCS - 22/11/2010 - C:\Windows\System32\DRIVERS\Lbd.sys (Lbd) .(.Lavasoft AB - Boot Driver.) - LEGACY_LBD ~ Legacy: 99 Legitimates Filtered in 00mn 00s ---\ Menu de démarrage Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe ~ Keys: Scanned in 00mn 00s ---\ Recherche d'infection sur les navigateurs internet (SBI) (O69) O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - https://www.google.com/?gws_rd=ssl O69 - SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} [DefaultScope] - (Orange) - http://r.orange.fr ~ Keys: Scanned in 00mn 00s ---\ Recherche particulière à la racine du système (SPRF) (O84) [MD5.560624B5BB45407DAD47264278B09BF4] [SPRF][09/08/2013] (...) -- C:\ProgramData\cvaowikcyjsakseuqtl.bat [70] [MD5.36ED8503EADC3FF291B53EA0241D8DF1] [SPRF][09/08/2013] (...) -- C:\ProgramData\cvaowikcyjsakseuqtl.reg [165] [MD5.757C5939F78182919AD8678D78AE05D8] [SPRF][11/02/2011] (...) -- C:\ProgramData\ezsidmv.dat [56] [MD5.0D3B680986310AE5540578C0E481C6A0] [SPRF][02/03/2010] (...) -- C:\ProgramData\FullRemove.exe [131984] [MD5.AF18955096B8AA87CAA6575881388AED] [SPRF][13/08/2012] (...) -- C:\Users\Frédéric\Desktop\setup.exe [473600] [MD5.4C95ED23CE854ED8396FDB50B9428933] [SPRF][15/02/2011] (.Mozilla - Thunderbird.) -- C:\Users\Frédéric\Desktop\Thunderbird-Setup-3.1.7.exe [9534792] [MD5.36C05573CF75F6230D453AD168EF54EA] [SPRF][05/05/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.3 r181.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [3119264] ~ Files: Scanned in 00mn 00s ---\ Liste des exceptions du parefeu (FirewallRules) (O87) O87 - FAEL: "{3B07CB25-292D-41B7-AC18-0508E560D877}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.) O87 - FAEL: "{A30914DA-DD46-4884-883C-E35648562EB8}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe (.not file.) O87 - FAEL: "{ED2B983D-CE41-4C2C-AAB4-9B40E94A9C0C}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.) O87 - FAEL: "{B35BC84F-AC92-40E1-B7A6-38CD2F7922C1}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (.not file.) O87 - FAEL: "{F8B2F604-0A70-4C02-A5FA-592CD8AD7E78}" |In - Private - P6 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.) O87 - FAEL: "{7ED74E30-EEE9-4E4C-8B36-4A58955B2C82}" |In - Private - P17 - FALSE | .(...) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (.not file.) ~ Firewall: 218 Legitimates Filtered in 00mn 01s ---\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS) [MD5.0E80651C0CEF41CDFEF8BEAFD20EC16D] [WIS][13/05/2013] (.myphotobook GmbH - myphotobook.fr.) -- C:\Windows\Installer\1b04c0c.msi [76288] [MD5.391DD2D01BE1BF2DCA406A58960BA35A] [WIS][01/06/2010] (.Symantec Corporation - Norton Online Backup Installer.) -- C:\Windows\Installer\1b86c.msi [6360064] [MD5.9FD08D11364F56C4DB1EBA4C65191CEC] [WIS][03/09/2010] (.Egis Technology Inc. - MyWinLocker Suite.) -- C:\Windows\Installer\1b871.msi [58998784] [MD5.B8C9111399484FBF81E5F4C7D04AB8AF] [WIS][03/09/2010] (.Egis Technology Inc. - MyWinLocker.) -- C:\Windows\Installer\1b877.msi [35421984] [MD5.9584455B793041C58771177BB25AB835] [WIS][03/09/2010] (.Egis Technology Inc. - Shredder.) -- C:\Windows\Installer\1b8ae.msi [1647616] [MD5.FF8BF2767B2F38AAE1BAF667B9477DA9] [WIS][03/05/2010] (.ATI Technologies, Inc. - ATI Catalyst Install Manager Installer (64 bit).) -- C:\Windows\Installer\23bc7.msi [6737408] [MD5.E84310EAEFF5AF8368FD66780B664599] [WIS][08/03/2010] (.ATI - Branding.) -- C:\Windows\Installer\23bcc.msi [392192] [MD5.09F0F2D51B2BE16C1675C59460D34825] [WIS][25/02/2010] (.SAH - .) -- C:\Windows\Installer\24df0e.msi [1982976] [MD5.7A66FD7DD6B32F60223485CFAD4A19B8] [WIS][12/07/2013] (.Google - Google Earth.) -- C:\Windows\Installer\25a0bb.msi [921600] [MD5.73122534D527893BDEFD1F707FFB34F6] [WIS][23/07/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\39a39.msi [21803008] [MD5.DB7026F74CC7436FCAF60E43D9C3D732] [WIS][20/10/2011] (.Skype Technologies S.A. - Skype Click to Call.) -- C:\Windows\Installer\5981a.msi [6561792] [MD5.4B3AFEE1BCDB59156D253C8E8D346734] [WIS][15/02/2011] (.Microsoft Corporation - Contrôle ActiveX Windows Live Mesh pour connexions à distance.) -- C:\Windows\Installer\83e9e0.msi [2633216] [MD5.6699DDE995B879CEE61FBD8D97BBE97D] [WIS][10/11/2011] (.IncrediMail - IncrediMail.) -- C:\Windows\Installer\d26ba1.msi [2838016] ~ WIS: 121 Legitimates Filtered in 00mn 28s ---\ Etat général des services not Microsoft (EGS) (SR=Running, SS=Stopped) SR - | Auto 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe SS - | Demand 23/07/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 27/04/2010 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe SR - | Auto 21/12/2012 57008 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe SR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe SR - | Auto 11/08/2010 321104 | (DsiWMIService) . (.Dritek System Inc..) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe SR - | Auto 11/06/2010 868896 | (ePowerSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe SR - | Auto 24/05/2011 1840128 | (Fabs) . (.MAGIX AG.) - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe SS - | Demand 26/04/2011 2702848 | (FirebirdServerMAGIXInstance) . (.MAGIX®.) - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe SR - | Auto 08/01/2010 23584 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe SS - | Auto 11/02/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 11/02/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 04/10/2012 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe SR - | Demand 20/02/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe SS - | Demand 07/08/2013 117656 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SS - | Demand 27/05/2010 305520 | (MWLService) . (.Egis Technology Inc..) - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe SR - | Auto 01/06/2010 2804568 | (NOBU) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SR - | Auto 28/06/2010 255744 | (NTI IScheduleSvc) . (.NewTech Infosystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe SS - | Demand 17/04/2010 50432 | (NTIBackupSvc) . (.NewTech InfoSystems, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe SR - | Auto 17/04/2010 144640 | (NTISchedulerSvc) . (.NTI, Inc..) - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe SS - | Auto 18/09/2012 1082016 | (Orange update Core Service) . (.France Telecom SA.) - C:\Program Files (x86)\Orange\OrangeUpdate\Service\OUCore.exe SR - | Auto 27/07/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe SS - | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SR - | Auto 29/01/2010 243232 | (Updater Service) . (.Acer Group.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe SR - | Auto 14/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SS - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Auto 14/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Scanned in 00mn 31s ---\ Scan Additionnel (O88) Database Version : v2.12849 - (13/08/2013) Clés trouvées (Keys found) : 3 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4D91-8333-CF10577473F7}] =>Toolbar.Google^ [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C9A6357B-25CC-4BCF-96C1-78736985D412}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast ~ Additionnel Scan: 329604 Items scanned in 00mn 33s ---\ Récapitulatif des détections trouvées sur votre station ~ http://nicolascoolman.webs.com/apps/blog/show/30898585-toolbar-avast =>Toolbar.Avast ~ MSI: 1 link(s) detected in 00mn 33s ~ 1154 Legitimates filtered by white list End of the scan (439 lines in 06mn 08s)(0)

Destrio5 · Answer

On va utiliser un outil semblable à ZHPDiag.

--> Télécharge et enregistre OTL sur ton Bureau.

--> Double-clique sur OTL pour le lancer.
(Sous Vista/Win7/Win8, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

--> Clique ici pour voir les réglages que tu dois effectuer.

--> Copie-colle le texte présent en gras ci-dessous dans la partie inférieure d'OTL "Personnalisation" :

/md5start 
explorer.exe 
winlogon.exe 
wininit.exe 
/md5stop 
netsvcs 
safebootminimal 
safebootnetwork 
%systemroot%\system32\*.dll /lockedfiles 
%systemroot%\system32\*.ini 
%systemroot%\Tasks\*.* 
%systemroot%\system32\Tasks\*.* 
%systemroot%\system32\drivers\*.sys /lockedfiles 
%systemroot%\system32\config\*.sav 
%systemroot%\system32\config\*.exe /s 
%systemroot%\system32\*.sys 
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon 
CREATERESTOREPOINT

--> Clique sur "Analyse". 

--> A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt). Il y aura aussi un rapport nommé Extras.txt. 

/!\ Ne les poste pas directement sur le forum (ils sont trop longs) /!\

--> Héberge OTL.txt et Extras.txt sur http://pjjoint.malekal.com et poste les liens qui mènent aux rapports dans ton prochain message.

bosniac80 · Answer

voila le lien merci

https://pjjoint.malekal.com/files.php?id=20130815_w11f5z14e10h11

Destrio5 · Answer

--> Double-clique sur OTL pour le lancer.
(Sous Vista/Win7/Win8, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)

--> Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte en gras présent ci-dessous :


:OTL
IE - HKU\S-1-5-21-3601994845-3865652453-3663527033-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = https://search.safefinder.com/?st=ds&q={searchTerms}
[2013/03/16 21:09:38 | 000,000,000 | ---D | M] (SpeedAnalysis.com) -- C:\Users\Frédéric\AppData\Roaming\mozilla\Extensions\speedanalysis@SpeedAnalysis.com
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKLM..\Run: [NPSStartup]  File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.17.2)
[2013/08/09 22:39:24 | 000,000,165 | ---- | M] () -- C:\ProgramData\cvaowikcyjsakseuqtl.reg
[2013/08/09 22:39:24 | 000,000,070 | ---- | M] () -- C:\ProgramData\cvaowikcyjsakseuqtl.bat
[2013/08/09 22:39:36 | 000,001,111 | ---- | C] () -- C:\Users\Frédéric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvaowikcyjsakseuqtl.lnk
O2:[b]64bit:/b - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll File not found
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:373E1720
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:1A60DE96
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:A31FAD21
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885 
:commands
[emptytemp]


--> Puis clique sur le bouton Correction en haut de la fenêtre.

--> Laisse le programme travailler, redémarre une fois le fix terminé.

--> Poste le rapport qui s'affichera après redémarrage.

bosniac80 · Answer

All processes killed
========== OTL ==========
HKU\S-1-5-21-3601994845-3865652453-3663527033-1000\SOFTWARE\Microsoft\Internet Explorer\Search\Default_Search_URL| /E : value set successfully!
Folder C:\Users\Frédéric\AppData\Roaming\mozilla\Extensions\speedanalysis@SpeedAnalysis.com\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\NPSStartup not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\ProgramData\cvaowikcyjsakseuqtl.reg moved successfully.
C:\ProgramData\cvaowikcyjsakseuqtl.bat moved successfully.
C:\Users\Frédéric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cvaowikcyjsakseuqtl.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
ADS C:\ProgramData\Temp:373E1720 deleted successfully.
ADS C:\ProgramData\Temp:CDFF58FE deleted successfully.
ADS C:\ProgramData\Temp:93EB7685 deleted successfully.
ADS C:\ProgramData\Temp:1A60DE96 deleted successfully.
ADS C:\ProgramData\Temp:A31FAD21 deleted successfully.
ADS C:\ProgramData\Temp:0B9176C0 deleted successfully.
ADS C:\ProgramData\Temp:E36F5B57 deleted successfully.
ADS C:\ProgramData\Temp:798A3728 deleted successfully.
ADS C:\ProgramData\Temp:E3C56885 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Frédéric
->Temp folder emptied: 87079 bytes
->Temporary Internet Files folder emptied: 9552758 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 10872250 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes
 
User: Public

Destrio5 · Answer

Il y a toujours une fenêtre rundll au démarrage ?

bosniac80 · Answer

bonsoir. Oui la fenêtre apparait toujours

Destrio5 · Answer

Tu peux me montrer la fenêtre qui s'ouvre ?

bosniac80 · Answer

bonjour Destrio

le problème est résolu. Ce matin en allumant le pc le message ne s'est pas affiché.

Merci à toi Bonne journée

Bosniac80

bosniac80 · Answer

une dernière question. J ai désinstallé spybot comme conseiller. Je laisse Otl  ?

Destrio5 · Answer

Pour finir :


1/     

---> Télécharge et installe CCleaner.     
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers temporaires de Windows datant de plus de 24 heures.     
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.      


2/     

---> Télécharge DelFix sur ton Bureau puis lance-le.     
* Coche Purger la restauration système et laisse Supprimer les outils de désinfection coché.     
* Clique sur Exécuter.     
* Le rapport est copié dans le presse-papier, clique droit dans ton prochain message et choisis Coller.  


==Prévention==     

Désinstalle Java 7 Update 17 et installe la nouvelle version :
https://www.java.com/fr/download/

Un dossier sur la prévention et sécurité sur Internet est disponible ici.

bosniac80 · Answer

bonjour voici le rapport delfix. J ai aussi fait les autres manip 
# DelFix v10.4 - Rapport créé le 17/08/2013 à 16:34:09
# Mis à jour le 19/07/2013 par Xplode
# Nom d'utilisateur : Frédéric - FRÉDÉRIC-PC
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Suppression des outils de désinfection ...

Supprimé : C:\_OTL
Supprimé : C:\ZHP
Supprimé : C:\Program Files (x86)\ZHPDiag
Supprimé : C:\Users\Frédéric\Desktop\ZHPDiag.txt
Supprimé : C:\Users\Frédéric\Desktop\ZHPFixReport.txt
Supprimé : C:\Users\Public\Desktop\MBRCheck.lnk
Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk
Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk
Supprimé : C:\Users\Frédéric\Downloads\adwcleaner.exe
Supprimé : C:\Users\Frédéric\Downloads\Extras.Txt
Supprimé : C:\Users\Frédéric\Downloads\OTL.Txt
Supprimé : C:\Users\Frédéric\Downloads\OTL.exe
Supprimée : HKLM\SOFTWARE\OldTimer Tools
Supprimée : HKLM\SOFTWARE\AdwCleaner
Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Purge de la restauration système ...

Supprimé : RP #306 [Windows Update | 07/23/2013 08:21:20]
Supprimé : RP #307 [Windows Update | 07/26/2013 10:35:06]
Supprimé : RP #308 [Windows Update | 07/30/2013 10:37:50]
Supprimé : RP #309 [Windows Update | 08/06/2013 11:29:43]
Supprimé : RP #310 [Windows Update | 08/13/2013 10:13:25]
Supprimé : RP #311 [P | 08/14/2013 10:17:29]
Supprimé : RP #312 [Windows Update | 08/14/2013 21:13:36]

Nouveau point de restauration créé !

########## - EOF - ##########

Destrio5 · Answer

Ok pour DelFix.

bosniac80 · Answer

merci pour tout. Dois je appliquer le même processus avec cccleaner la prochaine fois ?
bonne soirée

Destrio5 · Answer

La prochaine fois ?

Pb avec rundlll

22 réponses