Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

Suspiçion de trojans et fenêtre intempestive[résolu]

 

19 utilisateurs inconnus
Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1  2
Dernière Page
Page Suivante
Page Précédente
Première Page
Auteur
 Sujet :

Suspiçion de trojans et fenêtre intempestive[résolu]

Prévenir les modérateurs en cas d'abus 
ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 02/01/2011 à 18:23:49  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonsoir,

 J'ai depuis quelques temps des fenêtres intempestives qui s'ouvrent sous mozilla et je ne sais absolument pas comment m'en débarrasser.

 Je vous remercie d'avance pour aide,

 Cordialement,
 DS76


Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 02/01/2011 à 19:05:04  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut DS76, bienvenu sur 01net


 On va vérifier cela, télécharge RSIT (de random/random) sur le bureau ici :
 http://images.malwareremoval.com/random/RSIT.exe

 - Double clique sur RSIT.exe qui est sur le bureau
 - Clique sur Continue dans la fenêtre
 - RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
 - Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse

 Utilise cjoint.com pour poster en lien tes rapports :
 http://cjoint.com/

 - Clique sur Parcourir pour aller chercher le rapport   C:\rsit\log.txt
 - Clique sur Ouvrir ensuite sur Créer le lien Cjoint

 - Fais un copier/coller du lien qui est devant Le lien a été créé: dans ta prochaine réponse.

 Faire la même chose avec l'autre rapport C:\rsit\info.txt


 @++    :)  

(Publicité)
ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 02/01/2011 à 19:24:45  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonsoir,

 Merci pour ton aide.

 Par contre je n'arrive pas à l'exécuter, je l'ai télécharger mais après le programme ne répond pas.

 Y a t il une autre méthode s'il te plait?

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 02/01/2011 à 19:35:24  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut DS76


 On va voir avec un autre outil :

 Télécharge OTL (de OldTimer) et enregistre-le sur ton Bureau.

 - Quitte les applications en cours afin de ne pas interrompre le scan.
 - Faire double clique sur OTL.exe présent sur le bureau pour lancer le programme
 Vista/Seven -- Faire un clique droit sur OTL.exe présent sur le bureau et choisir exécuter en tant qu'administrateur pour lancer le programme
 - Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche "Rapport minimal". Fais de même avec "Tous les utilisateurs" à coté.
 - Coche également les cases à côté de "Recherche LOP" et "Recherche Purity".

 Ne modifie pas les autres paramètres !

 Copie la liste qui se trouve en gras ci-dessous, et colle-la dans la zone sous " Personnalisation "

 netsvcs
 %SYSTEMDRIVE%\*.*
 %SYSTEMDRIVE%\*.exe
 %PROGRAMFILES%\*.*
 %PROGRAMFILES%\*.
 /md5start
 hidserv.dll
 appmgmts.dll
 eventlog.dll
 winlogon.exe
 scecli.dll
 netlogon.dll
 cngaudit.dll
 sceclt.dll
 ntelogon.dll
 logevent.dll
 iaStor.sys
 nvstor.sys
 atapi.sys
 IdeChnDr.sys
 viasraid.sys
 AGP440.sys
 vaxscsi.sys
 nvatabus.sys
 viamraid.sys
 wininet.dll
 wininit.exe
 nvata.sys
 nvgts.sys
 iastorv.sys
 ViPrt.sys
 eNetHook.dll
 explorer.exe
 svchost.exe
 userinit.exe
 qmgr.dll
 ws2_32.dll
 proquota.exe
 imm32.dll
 kernel32.dll
 ndis.sys
 autochk.exe
 spoolsv.exe
 xmlprov.dll
 ntmssvc.dll
 mswsock.dll
 Beep.SYS
 ntfs.sys
 termsrv.dll
 sfcfiles.dll
 st3shark.sys
 winlogon.exe
 /md5stop
 %systemroot%\*. /mp /s
 %systemroot%\system32\*.dll /lockedfiles
 %systemroot%\Tasks\*.job /lockedfiles
 %systemroot%\system32\drivers\​*.sys /lockedfiles
 %systemroot%\System32\config\*​.sav
 c:\$recycle.bin\*.* /s


 - Clique sur le bouton Analyse.
 - Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTListIT2 (donc par défaut sur le Bureau).

 Utilise cjoint.com pour poster en lien ton rapport :
 http://cjoint.com/

 - Clique sur Parcourir pour aller chercher le rapport
 - Clique sur Ouvrir ensuite sur Créer le lien Cjoint

 - Fais un copier/coller du lien qui est devant Le lien a été créé: dans ta prochaine réponse.


 @++   :)

 P.S. - Si cela ne fonctionne pas plus utilise ceci avant :

 Télécharge Rkill (de Grinler)

 Double-clique dessus pour le lancer (pour Vista/Win 7, clic droit puis, choisir « exécuter en tant qu’ administrateur »).

 Il va arrêter automatiquement certains processus liés à des rogues, qui empêche l'éxécution d'outils.

 L’ outil peut prendre du temps ; donc, soit patient !

 Une fois terminé, le logiciel se ferme tout simplement : c'est normal.
 Tu peux passer directement à la suite de la désinfection.

 PS : si tu as un message de ton antivirus signalant que Rkill est un
 indésirable, ignore-le et lance de nouveau Rkill après désactivation
 du logiciel qui le bloque.

 Si cela ne marche pas avec le lien donné, essaie …

 lien 2,  lien 3 ou encore lien 4

ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 02/01/2011 à 20:21:17  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Avec OTL ca a fonctionné :

 voici le 1er lien otl.txt : http://cjoint.com/?0bcts4JHAYF

 voici le 2nd lien extra.txt :http://cjoint.com/?0bctuRNfdm​S

 re merci,

 ds76

(Publicité)
Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 02/01/2011 à 20:37:09  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut DS76


 Faire attention quant tu installes un logiciel, bien lire chaque pages du programme d'installation, souvent est proposé des programmes inutiles(souvent des toolbars), toujours une case à décoché lors de l'installation.

 
  • Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

 [:blue_fire:9]Désactive provisoirement et seulement le temps de l'utilisation de AD-Remover, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de nettoyage de l'outil.
 Déconnecte-toi et ferme toutes applications en cours [:blue_fire:9]

 
  • Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program files).

 
  • Double-clique sur l'icône AD-Remover située sur ton Bureau.
(Vista/Seven - Faire un clique droit sur l'icône AD-Remover située sur ton Bureau et choisir exécuter en tant qu'administrateur.)
 
  • Au menu principal, choisis l'option Nettoyer.
  • Poste le rapport qui apparaît à la fin.

 (Le rapport est sauvegardé aussi sous C:\Ad-report(clean).Txt

 (CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

 Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure

 Aide : http://security-domain.be/tutoriel_AD-Remover.html


 @++  :)

ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 02/01/2011 à 21:29:40  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Merci du conseils, je serais plus vigilant par la suite ;)

 voici le rapport demandé (par contre pc très long au démarrage...)

 ======= RAPPORT D'AD-REMOVER 2.0.0.2,C | UNIQUEMENT XP/VISTA/7 =======

 Mis à jour par TeamXscript le 22/12/10 à 11:40
 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
 Site web: http://www.teamxscript.org

 C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 19:43:09 le 02/01/2011, Mode normal

 Microsoft Windows XP Édition familiale Service Pack 3 (X86)
 allain TURPIN@ACER-A38B4A0260 ( )
 
 ============== ACTION(S) ==============

 Service: "I.P services" Stoppé et supprimé
 Service: "IP netservices" Stoppé et supprimé

 Dossier supprimé: C:\MicroGaming\Casino\Phoenici​an
 Dossier supprimé: C:\Program Files\InstallPedia
 Fichier supprimé: C:\Program Files\Mozilla FireFox\Components\AskSearch.j​s
 Fichier supprimé: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navigateur OfferBox.lnk
 Dossier supprimé: C:\WINDOWS\system32\Favorites
 Fichier supprimé: C:\WINDOWS\system32\Macromed\F​lash\FlashPlayerTrust\UnifiedT​oolbar.cfg
 Fichier supprimé: C:\WINDOWS\dbplugin.exe
 Fichier supprimé: C:\WINDOWS\pack.epk
 Dossier supprimé: C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\FireFox\Profiles\​w76twfd8.default\extensions\{E​9A1DEE0-C623-4439-8932-001E7D1​7607D}
 Fichier supprimé: C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\FireFox\Profiles\​w76twfd8.default\searchplugins​\askcom.xml
 Dossier supprimé: C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\FireFox\Profiles\​w76twfd8.default\conduit
 Dossier supprimé: C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\FireFox\Profiles\​w76twfd8.default\ConduitEngine
 Dossier supprimé: C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\FireFox\Profiles\​w76twfd8.default\extensions\en​gine@conduit.com
 Fichier supprimé: C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\FireFox\Profiles\​w76twfd8.default\searchplugins​\conduit.xml
 Fichier supprimé: C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\FireFox\Profiles\​w76twfd8.default\searchplugins​\fissa.xml
 Fichier supprimé: C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\FireFox\Profiles\​w76twfd8.default\searchplugins​\kiwee-toolbar.xml
 Dossier supprimé: C:\Program Files\Ask.com
 Dossier supprimé: C:\Documents and Settings\allain TURPIN\Local Settings\Application Data\Conduit
 Dossier supprimé: C:\Program Files\Family Toolbar
 Dossier supprimé: C:\Documents and Settings\allain TURPIN\Application Data\FissaSearch
 Dossier supprimé: C:\Program Files\GamesBar
 Dossier supprimé: C:\Program Files\SpiderMessenger
 Dossier supprimé: C:\Documents and Settings\All Users\Application Data\Trymedia
 Dossier supprimé: C:\Documents and Settings\allain TURPIN\Application Data\EoRezo
 Dossier supprimé: C:\Documents and Settings\allain TURPIN\Application Data\ItsLabel
 Dossier supprimé: C:\Documents and Settings\allain TURPIN\Local Settings\Application Data\networker
 Dossier supprimé: C:\Documents and Settings\allain TURPIN\Application Data\OfferBox
 Dossier supprimé: C:\Program Files\OfferBox
 Dossier supprimé: C:\Documents and Settings\allain TURPIN\Local Settings\Application Data\Kiwee Toolbar

 (!) -- Fichiers temporaires supprimés.


 -- Fichier ouvert: C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\FireFox\Profiles\​w76twfd8.default\Prefs.js --
 -- Fichier Fermé --
 

 Clé supprimée: HKLM\Software\Classes\CLSID\{2​178C864-B8BC-41AE-A1FB-EB6A32F​87EB1}
 Clé supprimée: HKLM\Software\Classes\CLSID\{4​260e0cc-0f75-462e-88a3-1e05c24​8bf4c}
 Clé supprimée: HKLM\Software\Classes\AppID\{E​142D053-7023-4B33-AF22-91F1420​2142D}
 Clé supprimée: HKLM\Software\Classes\CLSID\{5​8EFBE9C-4621-4d79-90E7-8BEE265​CA951}
 Clé supprimée: HKLM\Software\Classes\CLSID\{7​935436E-8F14-4C84-9ECF-BEB7912​96619}
 Clé supprimée: HKLM\Software\Classes\Interfac​e\{7935436E-8F14-4C84-9ECF-BEB​791296619}
 Clé supprimée: HKLM\Software\Classes\CLSID\{A​7E8C343-7860-4A95-9AA8-AAF30D0​F6D1E}
 Clé supprimée: HKLM\Software\Classes\CLSID\{B​3DBB2D5-5F06-4EC2-904D-812ECE5​20509}
 Clé supprimée: HKLM\Software\Classes\Interfac​e\{B3DBB2D5-5F06-4EC2-904D-812​ECE520509}
 Clé supprimée: HKLM\Software\Classes\CLSID\{C​45B1500-7B63-47C2-AB25-C28CB46​AFDEE}
 Clé supprimée: HKLM\Software\Classes\CLSID\{C​4A743DE-EAAC-4cd0-9BF6-378E814​1868B}
 Clé supprimée: HKLM\Software\Microsoft\Window​s\CurrentVersion\Ext\PreApprov​ed\{C4A743DE-EAAC-4cd0-9BF6-37​8E8141868B}
 Clé supprimée: HKLM\Software\Classes\CLSID\{D​CE997C8-5920-4c09-99EE-59F4663​4FE2C}
 Clé supprimée: HKLM\Software\Microsoft\Window​s\CurrentVersion\Ext\PreApprov​ed\{DCE997C8-5920-4c09-99EE-59​F46634FE2C}
 Clé supprimée: HKLM\Software\Classes\CLSID\{E​2A7BD67-0EAF-497f-B05B-748D7BF​3C421}
 Clé supprimée: HKLM\Software\Microsoft\Window​s\CurrentVersion\Explorer\Brow​ser Helper Objects\{E2A7BD67-0EAF-497f-B0​5B-748D7BF3C421}
 Clé supprimée: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{E2A7BD67-0EAF-497f-B05B-748D7​BF3C421}
 Clé supprimée: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{E2​A7BD67-0EAF-497f-B05B-748D7BF3​C421}
 Clé supprimée: HKLM\Software\Classes\CLSID\{F​C0D62C2-9640-4AEB-A5D5-CF25DF1​1FA8C}
 Clé supprimée: HKLM\Software\Microsoft\Window​s\CurrentVersion\Explorer\Brow​ser Helper Objects\{FC0D62C2-9640-4AEB-A5​D5-CF25DF11FA8C}
 Clé supprimée: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Settings\​{FC0D62C2-9640-4AEB-A5D5-CF25D​F11FA8C}
 Clé supprimée: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{FC​0D62C2-9640-4AEB-A5D5-CF25DF11​FA8C}
 Clé supprimée: HKLM\Software\Classes\Interfac​e\{3E16A203-C0AA-4D44-ACC5-38A​70A8C76DA}
 Clé supprimée: HKLM\Software\Classes\Interfac​e\{6612AFDD-34AD-4B89-A236-7E6​D07C3FDCD}
 Clé supprimée: HKLM\Software\Classes\Interfac​e\{6E4C89CF-3061-4EE4-B22A-B7A​8AAEA5CB3}
 Clé supprimée: HKLM\Software\Classes\Interfac​e\{7CF4E72E-C9C0-4CA8-A039-1F5​BAD426CCE}
 Clé supprimée: HKLM\Software\Classes\Interfac​e\{81B32B9F-AFDC-4F7E-8F13-E39​BB8ECF638}
 Clé supprimée: HKLM\Software\Classes\Interfac​e\{925C24DC-0C0B-4AE7-98F5-182​52822C89C}
 Clé supprimée: HKLM\Software\Classes\Interfac​e\{CA1BC665-4B6B-435C-80C1-0E1​2D993ED49}
 Clé supprimée: HKLM\Software\Classes\Interfac​e\{D5AB027D-C91A-4324-8C78-12C​F1A588C48}
 Clé supprimée: HKLM\Software\Classes\Interfac​e\{E5DB89B8-5BE1-461C-A7EF-89B​68211889D}
 Clé supprimée: HKLM\Software\Classes\Interfac​e\{EC1A2105-5621-440F-987D-27E​F428131D9}
 Clé supprimée: HKLM\Software\Classes\CLSID\{F​42C7B47-5234-4BF5-8882-DAAC0D6​4870F}
 Clé supprimée: HKLM\Software\Classes\Interfac​e\{F42C7B47-5234-4BF5-8882-DAA​C0D64870F}
 Clé supprimée: HKLM\Software\Classes\Interfac​e\{F7BEBBB1-7E6B-4561-9444-6F4​866D60C7E}
 Clé supprimée: HKLM\Software\Classes\TypeLib\​{14816CF6-426C-40D7-904C-E5600​F015EC2}
 Clé supprimée: HKLM\Software\Classes\TypeLib\​{282D18C0-5424-44F4-A531-55F9A​C5B8FD8}
 Clé supprimée: HKLM\Software\Classes\TypeLib\​{ED85AEBE-F834-4088-B5D3-97EB2​478A6CD}
 Clé supprimée: HKLM\Software\Classes\TypeLib\​{FD06B491-1EA6-4F5C-86D2-C86D3​A3A3731}
 Clé supprimée: HKLM\Software\Classes\AG.Media​PlayerCOM
 Clé supprimée: HKLM\Software\Classes\Discover​yHelper.iMesh6Discovery
 Clé supprimée: HKLM\Software\Classes\Discover​yHelper.iMesh6Discovery.1
 Clé supprimée: HKLM\Software\Classes\EoEngine​BHO.EOBHO
 Clé supprimée: HKLM\Software\Classes\EoEngine​BHO.EOBHO.1
 Clé supprimée: HKLM\Software\Classes\EoRezoBH​O.EoBHO
 Clé supprimée: HKLM\Software\Classes\EoRezoBH​O.EoBHO.1
 Clé supprimée: HKLM\Software\Classes\KiweeIET​oolbar.KiweeToolbar
 Clé supprimée: HKLM\Software\Classes\KiweeIET​oolbar.KiweeToolbar.1
 Clé supprimée: HKLM\Software\Classes\KiweeIET​oolbar.ToolbarInfo
 Clé supprimée: HKLM\Software\Classes\KiweeIET​oolbar.ToolbarInfo.1
 Clé supprimée: HKLM\Software\Classes\OfferBox​.OfferBoxServer
 Clé supprimée: HKLM\Software\Classes\OfferBox​.OfferBoxServer.1
 Clé supprimée: HKLM\Software\Classes\PopcapLo​ader.PopcapLoaderCtrl
 Clé supprimée: HKLM\Software\Classes\PopcapLo​ader.PopcapLoaderCtrl.1
 Clé supprimée: HKLM\Software\Classes\Toolbar.​CT2542115
 Clé supprimée: HKLM\Software\Classes\Toolbar.​CT2786678
 Clé supprimée: HKLM\Software\Classes\AppID\Eo​EngineBHO.DLL
 Clé supprimée: HKLM\Software\Classes\AppID\{A​FBB7970-789A-4264-BA70-E8127DE​CE400}
 Clé supprimée: HKLM\Software\Classes\AppID\Eo​RezoBHO.DLL
 Clé supprimée: HKLM\Software\Classes\AppID\{3​62A53B2-2913-4F8A-82F5-7E0A23F​DC6F9}
 Clé supprimée: HKLM\Software\OfferBox
 Clé supprimée: HKLM\Software\InstallPedia
 Clé supprimée: HKLM\Software\AskBarDis
 Clé supprimée: HKLM\Software\AGI
 Clé supprimée: HKLM\Software\Conduit
 Clé supprimée: HKLM\Software\Europa Casino
 Clé supprimée: HKLM\Software\PopCap
 Clé supprimée: HKLM\Software\Trymedia Systems
 Clé supprimée: HKCU\Software\SpiderMessenger
 Clé supprimée: HKCU\Software\OfferBox
 Clé supprimée: HKCU\Software\FissaSearch
 Clé supprimée: HKCU\Software\Spointer
 Clé supprimée: HKCU\Software\ItsLabel
 Clé supprimée: HKCU\Software\AGI
 Clé supprimée: HKCU\Software\Binary Noise\mPlayer\kiwee_toolbar_in​staller.exe
 Clé supprimée: HKCU\Software\Europa Casino
 Clé supprimée: HKCU\Software\FunWebProducts
 Clé supprimée: HKCU\Software\Lanconfig
 Clé supprimée: HKCU\Software\MGS\Thumper\Casi​no\RoxyPalace
 Clé supprimée: HKCU\Software\MicroGaming\Thum​per\Casino\RoxyPalace
 Clé supprimée: HKCU\Software\PopCap
 Clé supprimée: HKU\.DEFAULT\Software\OfferBox
 Clé supprimée: HKCU\Software\Microsoft\Window​s\CurrentVersion\Explorer\Menu​Order\Start Menu2\Programs\Dealio
 Clé supprimée: HKCU\Software\Microsoft\Window​s\CurrentVersion\Explorer\Menu​Order\Start Menu2\Programs\GamesBar
 Clé supprimée: HKCU\Software\Microsoft\Window​s\CurrentVersion\Explorer\Menu​Order\Start Menu2\Programs\Kiwee Toolbar
 Clé supprimée: HKLM\Software\Classes\Installe​r\Products\5B4758C25396ECF468E​04F8E063287FF
 Clé supprimée: HKLM\Software\Microsoft\Window​s\CurrentVersion\Installer\Use​rdata\S-1-5-18\Products\5B4758​C25396ECF468E04F8E063287FF
 Clé supprimée: HKCU\Software\Microsoft\Intern​et Explorer\SearchScopes\{0BC6E3F​A-78EF-4886-842C-5A1258C4455A}
 Clé supprimée: HKCU\Software\Microsoft\Intern​et Explorer\SearchScopes\{171DEBE​B-C3D4-40b7-AC73-056A5EBA4A7E}
 Clé supprimée: HKCU\Software\Microsoft\Intern​et Explorer\SearchScopes\{b41306c​6-96d0-442a-bcc4-b0f621e82ce9}
 Clé supprimée: HKLM\Software\Microsoft\Intern​et Explorer\SearchScopes\{0BC6E3F​A-78EF-4886-842C-5A1258C4455A}
 Clé supprimée: HKLM\Software\Microsoft\Intern​et Explorer\Low Rights\ElevationPolicy\{37F4A3​35-D085-423e-A425-0370799166FB​}
 Clé supprimée: HKLM\Software\Microsoft\Intern​et Explorer\Low Rights\ElevationPolicy\{5DB24F​50-8C65-4772-9844-47FE8701BE57​}
 Clé supprimée: HKLM\Software\Microsoft\Window​s\CurrentVersion\Uninstall\{2C​8574B5-6935-4FCE-860E-F4E86023​78FF}
 Clé supprimée: HKLM\Software\Microsoft\Window​s\CurrentVersion\Uninstall\EoE​ngine_is1
 Clé supprimée: HKLM\Software\Microsoft\Window​s\CurrentVersion\Uninstall\Sof​twareUpdate_is1
 Clé supprimée: HKLM\Software\Microsoft\Window​s\CurrentVersion\Uninstall\{26​6C7330-C0F4-49E5-8F20-A56F9F82​2875}
 Clé supprimée: HKLM\Software\Microsoft\Window​s\CurrentVersion\Uninstall\{F6​D63A65-BD23-46F3-B9A3-87F44242​3481}
 Clé supprimée: HKLM\Software\Google\Chrome\Ex​tensions\bjeikeheijdjdfjbmknpe​fojickbkmom
 Clé supprimée: HKCU\Software\Microsoft\System​Certificates\TrustedPublisher\​Certificates\62119EF862C6B3A0D​853419B87EB3E2F6C78640A
 Clé supprimée: HKCU\Software\Microsoft\System​Certificates\TrustedPublisher\​Certificates\E6A6A4A475FCE37F8​B5AC2F1244DEB2BFCA5615A
 Clé supprimée: HKCU\Software\Microsoft\System​Certificates\TrustedPublisher\​Certificates\7EE743314C844C7F4​45B8B1D7617612DF1FDD50F
 Clé supprimée: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{1A​93C934-025B-4C3A-B38E-9654A700​3239}
 Clé supprimée: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{64​F56FC1-1272-44CD-BA6E-39723696​E350}
 Clé supprimée: HKCU\Software\Microsoft\Window​s\CurrentVersion\Ext\Stats\{6F​282B65-56BF-4BD1-A8B2-A4449A05​863D}
 Clé supprimée: HKLM\Software\Microsoft\Code Store Database\Distribution Units\CabBuilder

 Valeur supprimée: HKCU\Software\Microsoft\Window​s\CurrentVersion\WinTrust\Trus​t Providers\Software Publishing\Trust Database\0|goicfboogidikkejccm​clpieicihhlpo hpfanicgkffmccehnpkikogcffaepk​fp
 Valeur supprimée: HKCU\Software\Microsoft\Window​s\CurrentVersion\WinTrust\Trus​t Providers\Software Publishing\Trust Database\0|goicfboogidikkejccm​clpieicihhlpo dgnckdmmolaijpbbakmplfhlfpdhgl​gc
 Valeur supprimée: HKLM\Software\Mozilla\Firefox\​Extensions|offerboxffx@offerbo​x.com
 Valeur supprimée: HKLM\Software\Microsoft\Window​s\CurrentVersion\Run|IP Network
 Valeur supprimée: HKCU\Software\Microsoft\Window​s\CurrentVersion\Run|spidermes​senger
 Valeur supprimée: HKLM\Software\Microsoft\Intern​et Explorer\Toolbar|{9839B3B7-3F9​9-4498-884D-6CFCCD251AB1}
 Valeur supprimée: HKCU\Software\Microsoft\Intern​et Explorer\Toolbar\WebBrowser|{D​4027C7F-154A-4066-A1AD-4243D81​27440}
 Valeur supprimée: HKCU\Software\Microsoft\Intern​et Explorer\Toolbar\WebBrowser|{6​638A9DE-0745-4292-8A2E-AE530E7​B9B3F}


 ============== SCAN ADDITIONNEL ==============

 ** Mozilla Firefox Version [3.6.13 (fr)] **

 -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\FireFox\Profiles\​w76twfd8.default\User.js --
 browser.search.selectedEngine, GoogleCOM
 keyword.URL, hxxp://rws.search.ke.voila.fr/​RW/S/opensearch_orange?rdata=

 -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\FireFox\Profiles\​w76twfd8.default\Prefs.js --
 browser.download.lastDir, C:\\Documents and Settings\\allain TURPIN\\Mes documents\\Téléchargements
 browser.search.selectedEngine, GoogleCOM
 browser.startup.homepage, hxxp://www.google.fr/
 browser.startup.homepage_overr​ide.mstone, rv:1.9.2.13
 keyword.URL, hxxp://rws.search.ke.voila.fr/​RW/S/opensearch_orange?rdata=

 ==============================​==========

 ** Internet Explorer Version [8.0.6001.18702] **

 [HKCU\Software\Microsoft\Intern​et Explorer\Main]
 Default_Page_URL: hxxp://www.microsoft.com/isapi​/redir.dll?prd=ie&pver=6&ar=ms​nhome
 Default_Search_URL: hxxp://www.microsoft.com/isapi​/redir.dll?prd=ie&ar=iesearch
 Do404Search: 0x01000000
 Enable Browser Extensions: yes
 Search bar: hxxp://go.microsoft.com/fwlink​/?linkid=54896
 Show_ToolBar: yes
 Start Page: hxxp://fr.msn.com/
 Use Search Asst: no

 [HKLM\Software\Microsoft\Intern​et Explorer\Main]
 Default_Page_URL: hxxp://go.microsoft.com/fwlink​/?LinkId=54896
 Default_Search_URL: hxxp://www.microsoft.com/isapi​/redir.dll?prd=ie&ar=iesearch
 Delete_Temp_Files_On_Exit: yes
 Local Page: C:\WINDOWS\system32\blank.htm
 Search bar: hxxp://search.msn.com/spbasic.​htm
 Search Page: hxxp://www.microsoft.com/isapi​/redir.dll?prd=ie&ar=iesearch
 Start Page: hxxp://fr.msn.com/

 [HKLM\Software\Microsoft\Intern​et Explorer\ABOUTURLS]
 Tabs: res://ieframe.dll/tabswelcome.​htm
 Blank: res://mshtml.dll/blank.htm

 ==============================​==========

 C:\Program Files\Ad-Remover\Quarantine: 297 Fichier(s)
 C:\Program Files\Ad-Remover\Backup: 14 Fichier(s)

 C:\Ad-Report-CLEAN[1].txt - 02/01/2011 (11058 Octet(s))

 Fin à: 19:45:26, 02/01/2011
 
 ============== E.O.F ==============


 Mes meilleurs vœux pour cette nouvelle année.
 DS76

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 02/01/2011 à 21:38:40  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut DS76


 
  • Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau. Sinon ici :
C:\Program Files\Malwarebytes' Anti-Malware

 
  • Mets le à jour (Important)

 
  • Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
  • clique sur Rechercher

 
  • Une fois le scan terminé, une fenêtre s'ouvre, clique sur  sur Ok

 
  • Si MalwareByte's n'a rien détecté, clique sur Ok  Un rapport va apparaître ferme-le.

 
  • Si MalwareByte's a détecté des infections, clique sur Afficher les résultats  ensuite sur Supprimer la sélection

 
  • Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

 Note : Si MalwareByte's  a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

 Tutoriel pour MalwareByte's ici :
 http://www.malekal.com/tutoria [...] alware.php


 -----


 Refais un scan avec OTL, tu auras seulement un rapport(OTL.txt) a me poster...


 @++   :)

(Publicité)
ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 02/01/2011 à 21:45:58  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
malware bytes antimalware est en cours (mise à jour ok).  Je posterai dès qu'il aura fini.
 Je m'interroge :  mon épouse est connectée en direct par le biais de la livebox. Aussi : dois-je faire la même chose sur le sien?

 ds76

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 02/01/2011 à 21:57:17  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut DS76


 



Je m'interroge : mon épouse est connectée en direct par le biais de la livebox. Aussi : dois-je faire la même chose sur le sien?



 Tu parles d'un autre PC?


 @++   :)

ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 02/01/2011 à 22:10:28  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Oui d'un autre pc. Nous avons chacun le nôtre. Est-ce utile?

(Publicité)
Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 02/01/2011 à 22:23:03  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut DS76


 Un petit nettoyage ne ferais pas de tord si cela n'est pas fais souvent, on verra après pour ce PC et déjà faut savoir que certain outils ne sont que pour certaines infections ciblées.


 @++   :)

ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2011 à 00:46:40  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
re,
 otl tourne, en attendant voici le rapport malwarebyte antimalware  :

 Malwarebytes' Anti-Malware 1.50.1.1100
 www.malwarebytes.org

 Version de la base de données: 5444

 Windows 5.1.2600 Service Pack 3
 Internet Explorer 8.0.6001.18702

 02/01/2011 23:27:53
 mbam-log-2011-01-02 (23-27-53).txt

 Type d'examen: Examen complet (C:\|D:\|)
 Elément(s) analysé(s): 321519
 Temps écoulé: 2 heure(s), 30 minute(s), 13 seconde(s)

 Processus mémoire infecté(s): 0
 Module(s) mémoire infecté(s): 0
 Clé(s) du Registre infectée(s): 0
 Valeur(s) du Registre infectée(s): 0
 Elément(s) de données du Registre infecté(s): 0
 Dossier(s) infecté(s): 0
 Fichier(s) infecté(s): 11

 Processus mémoire infecté(s):
 (Aucun élément nuisible détecté)

 Module(s) mémoire infecté(s):
 (Aucun élément nuisible détecté)

 Clé(s) du Registre infectée(s):
 (Aucun élément nuisible détecté)

 Valeur(s) du Registre infectée(s):
 (Aucun élément nuisible détecté)

 Elément(s) de données du Registre infecté(s):
 (Aucun élément nuisible détecté)

 Dossier(s) infecté(s):
 (Aucun élément nuisible détecté)

 Fichier(s) infecté(s):
 c:\system volume information\_restore{e27ba98e-​2cfc-424e-bda2-9bf88577901f}\R​P1492\A0404591.exe (Adware.InstallPedia) -> Quarantined and deleted successfully.
 c:\system volume information\_restore{e27ba98e-​2cfc-424e-bda2-9bf88577901f}\R​P1492\A0404592.exe (Adware.InstallPedia) -> Quarantined and deleted successfully.
 c:\system volume information\_restore{e27ba98e-​2cfc-424e-bda2-9bf88577901f}\R​P1492\A0404594.exe (Adware.InstallPedia) -> Quarantined and deleted successfully.
 c:\system volume information\_restore{e27ba98e-​2cfc-424e-bda2-9bf88577901f}\R​P1492\A0404595.dll (Adware.InstallPedia) -> Quarantined and deleted successfully.
 c:\WINDOWS\system32\Utils.dll (Adware.InstallPedia) -> Quarantined and deleted successfully.
 c:\documents and settings\allain turpin\local settings\application data\assembly\dl3\VDROM1KR.AL8​\17DZDOXQ.MNO\61e7ebe7\003b0f9​9_fb53cb01\Utils.DLL (Adware.InstallPedia) -> Quarantined and deleted successfully.
 c:\documents and settings\allain turpin\local settings\application data\assembly\dl3\VDROM1KR.AL8​\17DZDOXQ.MNO\900b43f7\000ede9​7_fb53cb01\networker.exe (Adware.InstallPedia) -> Quarantined and deleted successfully.
 c:\program files\ad-remover\quarantine\C\​program files\installpedia\lnetworker.​exe.vir (Adware.InstallPedia) -> Quarantined and deleted successfully.
 c:\program files\ad-remover\quarantine\C\​program files\installpedia\networker.e​xe.vir (Adware.InstallPedia) -> Quarantined and deleted successfully.
 c:\program files\ad-remover\quarantine\C\​program files\installpedia\service.exe​.vir (Adware.InstallPedia) -> Quarantined and deleted successfully.
 c:\program files\ad-remover\quarantine\C\​program files\installpedia\utils.dll.v​ir (Adware.InstallPedia) -> Quarantined and deleted successfully.

ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2011 à 00:56:09  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Voici otl :

 OTL logfile created on: 02/01/2011 23:41:23 - Run 2
 OTL by OldTimer - Version 3.2.20.1     Folder = C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements
 Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
 Internet Explorer (Version = 8.0.6001.18702)
 Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
 1 023,00 Mb Total Physical Memory | 294,00 Mb Available Physical Memory | 29,00% Memory free
 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 76,00% Paging File free
 Paging file location(s): C:\pagefile.sys 1534 1534 [binary data]
 
 %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
 Drive C: | 91,20 Gb Total Space | 28,69 Gb Free Space | 31,46% Space Free | Partition Type: NTFS
 Drive D: | 92,15 Gb Total Space | 41,17 Gb Free Space | 44,68% Space Free | Partition Type: FAT32
 
 Computer Name: ACER-A38B4A0260 | User Name: allain TURPIN | Logged in as Administrator.
 Boot Mode: Normal | Scan Mode: Current user
 Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
 ========== Processes (SafeList) ==========
 
 PRC - C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\OTL.​exe (OldTimer Tools)
 PRC - C:\Program Files\Uniblue\RegistryBooster\​registrybooster.exe (Uniblue Systems Limited)
 PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 PRC - C:\Program Files\Ares\Ares.exe (Ares Development Group)
 PRC - C:\Facemoi\facemoi.exe (FaceMoi)
 PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
 PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
 PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
 PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
 PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAge​nt.exe (AVG Technologies CZ, s.r.o.)
 PRC - C:\Program Files\Uniblue\PowerSuite\power​suite.exe (Uniblue Systems Limited)
 PRC - C:\Documents and Settings\allain TURPIN\Application Data\Orange\OrangeInside\one\O​rangeInside.exe (Orange)
 PRC - C:\Program Files\Uniblue\SpeedUpMyPC\sump​.exe (Uniblue Systems Limited)
 PRC - C:\Program Files\orange\MailNotifier\Mail​Notifier.exe ()
 PRC - C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
 PRC - C:\Program Files\orange\Connexion Internet Orange\Systray\SystrayApp.exe (France Telecom SA)
 PRC - C:\Program Files\orange\Connexion Internet Orange\Launcher\Launcher.exe (France Telecom SA)
 PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
 PRC - C:\Program Files\orange\Connexion Internet Orange\Connectivity\Corecom\Or​aConfigRecover.exe (France Telecom SA)
 PRC - C:\Program Files\orange\Connexion Internet Orange\Connectivity\Corecom\Co​reCom.exe (France Telecom SA)
 PRC - C:\Program Files\orange\Connexion Internet Orange\Connectivity\Connectivi​tyManager.exe (France Telecom SA)
 PRC - C:\Program Files\Fichiers communs\France Telecom\Shared Modules\AlertModule\0\AlertMod​ule.exe (France Telecom SA)
 PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe (Apple Inc.)
 PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 PRC - C:\Program Files\orange\Logiciel de Synchronisation Orange\Voxsync.exe (Voxmobili)
 PRC - C:\Program Files\orange\Logiciel de Synchronisation Orange\SyncManager.exe ()
 PRC - C:\Program Files\TGTSoft\StyleXP\StyleXPS​ervice.exe ()
 PRC - C:\WINDOWS\system32\drivers\CD​AC11BA.EXE (Macrovision)
 PRC - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
 PRC - C:\WINDOWS\system32\PAStiSvc.e​xe ()
 
 
 ========== Modules (SafeList) ==========
 
 MOD - C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\OTL.​exe (OldTimer Tools)
 MOD - C:\WINDOWS\WinSxS\x86_Microsof​t.Windows.Common-Controls_6595​b64144ccf1df_6.0.2600.6028_x-w​w_61e65202\comctl32.dll (Microsoft Corporation)
 
 
 ========== Win32 Services (SafeList) ==========
 
 SRV - (WinVNC4) --  File not found
 SRV - (UxTuneUp) -- C:\WINDOWS\System32\uxtuneup.d​ll File not found
 SRV - (TuneUp.Defrag) --  File not found
 SRV - (CLTNetCnService) --  File not found
 SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
 SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
 SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
 SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
 SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
 SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAge​nt.exe (AVG Technologies CZ, s.r.o.)
 SRV - (Boonty Games) -- C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (BOONTY)
 SRV - (maconfservice) -- C:\Program Files\ma-config.com\maconfserv​ice.exe (CybelSoft)
 SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.d​ll (NOS Microsystems Ltd.)
 SRV - (WPFFontCache_v0400) -- C:\WINDOWS\Microsoft.NET\Frame​work\v4.0.30319\WPF\WPFFontCac​he_v0400.exe (Microsoft Corporation)
 SRV - (clr_optimization_v4.0.30319_3​2) -- C:\WINDOWS\Microsoft.NET\Frame​work\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
 SRV - (FTRTSVC) -- C:\Program Files\Fichiers communs\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe (France Telecom SA)
 SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
 SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe (Apple Inc.)
 SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
 SRV - (LVSrvLauncher) -- C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLn​ch.exe (Labtec Inc.)
 SRV - (StyleXPService) -- C:\Program Files\TGTSoft\StyleXP\StyleXPS​ervice.exe ()
 SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\system32\drivers\CD​AC11BA.EXE (Macrovision)
 SRV - (LightScribeService) -- C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
 SRV - (IDriverT) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1​1\Intel 32\IDriverT.exe (Macrovision Corporation)
 SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.e​xe ()
 
 
 ========== Driver Services (SafeList) ==========
 
 DRV - (ZTEusbser6k) -- C:\WINDOWS\System32\DRIVERS\ZT​Eusbser6k.sys File not found
 DRV - (ZTEusbnmea) -- C:\WINDOWS\System32\DRIVERS\ZT​Eusbnmea.sys File not found
 DRV - (ZTEusbmdm6k) -- C:\WINDOWS\System32\DRIVERS\ZT​Eusbmdm6k.sys File not found
 DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sp​td.sys File not found
 DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk​51x86.sys (Marvell)
 DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\a2​ptbtn.sys (Wistron)
 DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\as​wTdi.sys (AVAST Software)
 DRV - (aswSP) -- C:\WINDOWS\System32\drivers\as​wSP.sys (AVAST Software)
 DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\as​wRdr.sys (AVAST Software)
 DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\as​wmon2.sys (AVAST Software)
 DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\as​wFsBlk.sys (AVAST Software)
 DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aa​vmker4.sys (AVAST Software)
 DRV - (eeCtrl) -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
 DRV - (EraserUtilRebootDrv) -- C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilReboo​tDrv.sys (Symantec Corporation)
 DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LH​idUsb.sys (Logitech, Inc.)
 DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\Rt​kHDAud.sys (Realtek Semiconductor Corp.)
 DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\Rt​sUStor.sys (Realtek Semiconductor Corp.)
 DRV - (AVGIDSDriverxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platfo​rm_XP\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
 DRV - (AVGIDSFilterxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platfo​rm_XP\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
 DRV - (AVGIDSShimxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platfo​rm_XP\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
 DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\av​gfwdx.sys (AVG Technologies CZ, s.r.o.)
 DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\av​gfwdx.sys (AVG Technologies CZ, s.r.o.)
 DRV - (driverhardwarev2) -- C:\Program Files\ma-config.com\Drivers\dr​iverhardwarev2.sys (CybelSoft)
 DRV - (PCAMPR5) -- C:\WINDOWS\system32\pcampr5.sy​s (Printing Communications Assoc., Inc. (PCAUSA))
 DRV - (PCANDIS5) -- C:\WINDOWS\system32\pcandis5.s​ys (Printing Communications Assoc., Inc. (PCAUSA))
 DRV - (ssidrv) -- C:\WINDOWS\system32\DRIVERS\ss​idrv.sys (Webroot Software, Inc. (www.webroot.com))
 DRV - (sshrmd) -- C:\WINDOWS\system32\DRIVERS\ss​hrmd.sys (Webroot Software, Inc. (www.webroot.com))
 DRV - (ssfs0bbc) -- C:\WINDOWS\system32\DRIVERS\ss​fs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
 DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\us​b8023.sys (Microsoft Corporation)
 DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nw​lnkipx.sys (Microsoft Corporation)
 DRV - (nm) -- C:\WINDOWS\system32\drivers\nm​nt.sys (Microsoft Corporation)
 DRV - (usbaudio) Pilote USB audio (WDM) -- C:\WINDOWS\system32\drivers\us​baudio.sys (Microsoft Corporation)
 DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hd​audbus.sys (Windows (R) Server 2003 DDK provider)
 DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\sn​p2uvc.sys ()
 DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LV​MVdrv.sys (Labtec Inc.)
 DRV - (LVcKap) -- C:\WINDOWS\system32\drivers\Lv​ckap.sys ()
 DRV - (CdaC15BA) -- C:\WINDOWS\system32\drivers\Cd​aC15BA.SYS (Macrovision Europe Ltd)
 DRV - (StyleXPHelper) -- C:\Program Files\TGTSoft\StyleXP\StyleXPH​elper.exe (Windows (R) 2000 DDK provider)
 DRV - (m5287) -- C:\WINDOWS\system32\drivers\m5​287.sys (ULi Electronics Inc.)
 DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NT​IDrvr.sys (NewTech Infosystems, Inc.)
 DRV - (PAC207) -- C:\WINDOWS\system32\drivers\pf​c027.sys ()
 DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\at​i2mtag.sys (ATI Technologies Inc.)
 DRV - (nv) -- C:\WINDOWS\system32\drivers\nv​4_mini.sys (NVIDIA Corporation)
 DRV - (Afc) -- C:\WINDOWS\system32\drivers\af​c.sys (Arcsoft, Inc.)
 DRV - (int15.sys) -- C:\Program Files\acer\eRecovery\int15.sys ()
 DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hd​audio.sys (Windows (R) Server 2003 DDK provider)
 DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nw​lnknb.sys (Microsoft Corporation)
 DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nw​lnkspx.sys (Microsoft Corporation)
 DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\al​iide.sys (Acer Laboratories Inc.)
 DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AG​RSM.sys (Agere Systems)
 DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\As​pi32.sys (Adaptec)
 DRV - (ASPI) -- C:\WINDOWS\system32\drivers\As​pi32.sys (Adaptec)
 
 
 ========== Standard Registry (SafeList) ==========
 
 
 ========== Internet Explorer ==========
 
 IE - HKLM\SOFTWARE\Microsoft\Intern​et Explorer\Main,Start Page = http://fr.msn.com/
 
 IE - HKCU\SOFTWARE\Microsoft\Intern​et Explorer\Main,SearchDefaultBra​nded = 1
 IE - HKCU\SOFTWARE\Microsoft\Intern​et Explorer\Main,Start Page = http://fr.msn.com/
 IE - HKCU\SOFTWARE\Microsoft\Intern​et Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
 IE - HKCU\SOFTWARE\Microsoft\Intern​et Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
 IE - HKCU\SOFTWARE\Microsoft\Intern​et Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A2 46 AF AF BC 29 CB 01  [binary data]
 IE - HKCU\SOFTWARE\Microsoft\Intern​et Explorer\Search,Default_Search​_URL = http://www.google.com/ie
 IE - HKCU\Software\Microsoft\Window​s\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 ========== FireFox ==========
 
 FF - prefs.js..browser.search.selec​tedEngine: "GoogleCOM"
 FF - prefs.js..browser.startup.home​page: "http://www.google.fr/"
 FF - prefs.js..extensions.enabledIt​ems: {CAFEEFAC-0016-0000-0021-ABCDE​FFEDCBA}:6.0.21
 FF - prefs.js..extensions.enabledIt​ems: menu_contextuel_orange@orange.​fr:1.0
 FF - prefs.js..extensions.enabledIt​ems: {4D9AE42B-F4C0-40e6-AEDB-4EC6E​42B77AF}:1.2.1.0
 FF - prefs.js..extensions.enabledIt​ems: {d10d0bf8-f5b5-c8b4-a8b2-2b987​9e08c5d}:1.3.3
 FF - prefs.js..extensions.enabledIt​ems: {E2883E8F-472F-4fb0-9522-AC9BF​37916A7}:1.6.2.63
 FF - prefs.js..extensions.enabledIt​ems: {E6768F2A-D4C3-457D-A1A8-3472B​F16267D}:Build 320
 FF - prefs.js..extensions.enabledIt​ems: {CAFEEFAC-0016-0000-0022-ABCDE​FFEDCBA}:6.0.22
 FF - prefs.js..extensions.enabledIt​ems: {9D23D0AA-D8F5-11DA-B3FC-0928A​BF316DD}:3.0.5
 FF - prefs.js..extensions.enabledIt​ems: {6614d11d-d21d-b211-ae23-81523​4e1ebb5}:1.0.21
 FF - prefs.js..extensions.enabledIt​ems: {3d7eb24f-2740-49df-8937-200b1​cc08f8a}:1.5.14.2
 FF - prefs.js..extensions.enabledIt​ems: {455D905A-D37C-4643-A9E2-F6FEF​AA0424A}:0.8.13
 FF - prefs.js..extensions.enabledIt​ems: {3e9bb2a7-62ca-4efa-a4e6-f6f61​68a652d}:0.8.19
 FF - prefs.js..extensions.enabledIt​ems: {a0d7ccb3-214d-498b-b4aa-0e8fd​a9a7bf7}:20100908
 FF - prefs.js..extensions.enabledIt​ems: isadmin@vdtsoftware.ffext:2.3
 FF - prefs.js..keyword.URL: "http://rws.search.ke.voila.fr​/RW/S/opensearch_orange?rdata=​"
 
 FF - user.js..browser.search.select​edEngine: "GoogleCOM"
 FF - user.js..keyword.URL: "http://rws.search.ke.voila.fr​/RW/S/opensearch_orange?rdata=​"
 
 FF - HKLM\software\mozilla\Firefox\​extensions\\{E6768F2A-D4C3-457​D-A1A8-3472BF16267D}: C:\Program Files\orange\ToolbarFR\Firefox​Container\ [2010/08/07 21:34:34 | 000,000,000 | ---D | M]
 FF - HKLM\software\mozilla\Firefox\​extensions\\SpiderMessengerHel​per@spidermessenger.com:
 FF - HKLM\software\mozilla\Firefox\​extensions\\{3f963a5b-e555-454​3-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/03 20:54:41 | 000,000,000 | ---D | M]
 FF - HKLM\software\mozilla\Firefox\​extensions\\moovida@spointer.c​om: C:\Program Files\Fluendo\Moovida\spointer​\extensions\moovida@spointer.c​om [2010/12/02 14:59:29 | 000,000,000 | ---D | M]
 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/02 19:45:05 | 000,000,000 | ---D | M]
 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/29 10:02:57 | 000,000,000 | ---D | M]
 FF - HKLM\software\mozilla\Thunderb​ird\Extensions\\bdThunderbird@​bitdefender.com: C:\Program Files\BitDefender\BitDefender 2008\tbextension
 
 [2009/03/25 22:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Extensions
 [2009/03/25 22:32:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Extensions\mozswi​ng@mozswing.org
 [2011/01/02 20:01:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions
 [2010/07/25 15:57:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\@F​issaPlugin
 [2010/08/18 21:17:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{0​fc85f5d-6207-4515-a490-45a549d​285c0}
 [2010/07/10 08:49:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{2​0a82645-c095-46ed-80e3-0882576​0534b}(2)
 [2010/07/10 08:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{3​112ca9c-de6d-4884-a869-9855de6​8056c}
 [2010/07/10 08:49:20 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{3​112ca9c-de6d-4884-a869-9855de6​8056c}(2)
 [2010/07/14 10:10:36 | 000,000,000 | ---D | M] (Softonic_France Toolbar) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{3​64d4e0c-543f-4b85-abe3-1955113​9da4f}
 [2010/12/25 12:04:53 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{3​d7eb24f-2740-49df-8937-200b1cc​08f8a}
 [2010/12/25 12:09:52 | 000,000,000 | ---D | M] (ShowIP) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{3​e9bb2a7-62ca-4efa-a4e6-f6f6168​a652d}
 [2010/12/25 12:08:49 | 000,000,000 | ---D | M] (RefControl) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{4​55D905A-D37C-4643-A9E2-F6FEFAA​0424A}
 [2010/08/07 21:31:22 | 000,000,000 | ---D | M] ("Plugin Orange Installeur" ) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{4​D9AE42B-F4C0-40e6-AEDB-4EC6E42​B77AF}
 [2010/07/10 08:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{6​35abd67-4fe9-1b23-4f01-e679fa7​484c1}
 [2010/07/10 08:49:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{6​35abd67-4fe9-1b23-4f01-e679fa7​484c1}(2)
 [2010/12/25 12:03:52 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{6​614d11d-d21d-b211-ae23-815234e​1ebb5}
 [2010/12/25 12:06:33 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{7​3a6fe31-595d-460b-a920-fcc0f88​43232}
 [2010/12/25 12:02:56 | 000,000,000 | ---D | M] (CookieSafe) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{9​D23D0AA-D8F5-11DA-B3FC-0928ABF​316DD}
 [2010/12/25 12:10:43 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{a​0d7ccb3-214d-498b-b4aa-0e8fda9​a7bf7}
 [2010/12/25 11:31:44 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{b​f7380fa-e3b4-4db2-af3e-9d8783a​45bfc}
 [2010/12/25 12:01:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{d​10d0bf8-f5b5-c8b4-a8b2-2b9879e​08c5d}
 [2010/07/10 08:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{d​d30bf68-268a-4815-ad48-8740b77​4c764}
 [2010/07/12 13:35:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{E​2883E8F-472F-4fb0-9522-AC9BF37​916A7}
 [2010/07/10 08:49:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{E​EE6C361-6118-11DC-9C72-001320C​79847}
 [2010/07/10 08:49:24 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\{E​EE6C361-6118-11DC-9C72-001320C​79847}(2)
 [2008/09/20 13:57:15 | 000,000,000 | ---D | M] (Dictionnaire HunSpell en Français (réforme 1990)) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\fr​@dictionaries.addons.mozilla.o​rg
 [2008/09/20 13:57:15 | 000,000,000 | ---D | M] (Dictionnaire HunSpell en Français) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\fr​-FR@dictionaries.addons.mozill​a.org
 [2010/12/25 12:11:50 | 000,000,000 | ---D | M] ("IsAdmin" ) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\is​admin@vdtsoftware.ffext
 [2011/01/02 23:31:04 | 000,000,000 | ---D | M] (Menu Contextuel Orange) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\me​nu_contextuel_orange@orange.fr
 [2010/12/29 14:42:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\st​aged-xpis
 [2010/11/08 09:43:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\to​olbar@iadah.com
 [2008/10/08 20:51:49 | 000,000,000 | ---D | M] (Yahoo! France Toolbar et extras) -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\to​olbar_extras@fr.yahoo.com
 [2010/07/12 23:05:26 | 000,002,650 | ---- | M] () -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\searchplugins​\bing.xml
 [2007/05/27 22:55:45 | 000,000,953 | ---- | M] () -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\searchplugins​\businesscom.xml
 [2007/05/27 22:55:57 | 000,001,340 | ---- | M] () -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\searchplugins​\hollywoodcom.xml
 [2007/07/19 10:02:58 | 000,001,830 | ---- | M] () -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\searchplugins​\LiveSearch.xml
 [2008/12/20 09:24:13 | 000,005,711 | ---- | M] () -- C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\searchplugins​\search-the-web.xml
 [2011/01/02 19:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 [2010/08/07 21:34:38 | 000,000,000 | ---D | M] (Plugin Orange Installer) -- C:\Program Files\Mozilla Firefox\extensions\{4D9AE42B-F​4C0-40e6-AEDB-4EC6E42B77AF}
 [2007/08/23 20:26:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0​016-0000-0000-ABCDEFFEDCBA}
 [2010/08/13 18:01:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0​016-0000-0021-ABCDEFFEDCBA}
 [2010/12/06 16:54:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0​016-0000-0022-ABCDEFFEDCBA}
 [2010/07/10 08:49:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\google-cjk@​partners.mozilla.com
 [2010/07/10 08:49:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\toolbar_ext​ras@fr.yahoo.com
 [2010/08/07 21:34:34 | 000,000,000 | ---D | M] (barre d'outils Orange) -- C:\PROGRAM FILES\ORANGE\TOOLBARFR\FIREFOX​CONTAINER
 [2006/10/03 04:59:57 | 000,040,552 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
 [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.​dll
 [2007/03/10 00:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
 [2006/09/26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamespl​ayer.dll
 [2010/12/11 20:56:40 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-f​rance.xml
 [2010/12/11 20:56:40 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tl​fi-fr.xml
 [2010/12/11 20:56:40 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-fra​nce.xml
 [2010/08/03 16:26:34 | 000,002,037 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch​wfxt3.xml
 [2010/11/13 11:12:09 | 000,003,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\MyHerita​ge.xml
 [2010/12/11 20:56:40 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedi​a-fr.xml
 [2010/12/11 20:56:40 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-fr​ance.xml
 
 Hosts file not found
 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695E​CA05670} - No CLSID value found.
 O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578​C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\​AcroIEHelperShim.dll (Adobe Systems Incorporated)
 O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E​497C8C0} - No CLSID value found.
 O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8FB0-B921F​5DBF922} - No CLSID value found.
 O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988​571CECB} - No CLSID value found.
 O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723​696E350} - No CLSID value found.
 O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530​E7B9B3F} - No CLSID value found.
 O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3A​AC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
 O2 - BHO: (Programme d'aide de l'Assistant de connexion Windows Live) - {9030D464-4C02-4ABF-8ECC-51647​60863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
 O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF​36AF6E4} - No CLSID value found.
 O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF105​77473F7} - c:\Program Files\Google\GoogleToolbar1.dl​l (Google Inc.)
 O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B​4FF55D0} - No CLSID value found.
 O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027​CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
 O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-00132​0C79847} - Reg Error: Value error. File not found
 O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-00902​7A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dl​l (Google Inc.)
 O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-8FB0-B921F​5DBF922} - No CLSID value found.
 O3 - HKLM\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B​4FF55D0} - No CLSID value found.
 O3 - HKLM\..\Toolbar: (barre d'outils Orange) - {D3028143-6145-4318-99D3-3EDCE​54A95A9} - C:\Program Files\orange\ToolbarFR\Toolbar​Container101000320.dll (Orange)
 O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60​AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
 O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
 O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859D​F00B1D6} - No CLSID value found.
 O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49​B9F9938} - No CLSID value found.
 O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066​696354B} - No CLSID value found.
 O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D​3229068} - No CLSID value found.
 O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-00902​7A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dl​l (Google Inc.)
 O3 - HKCU\..\Toolbar\WebBrowser: (barre d'outils Orange) - {D3028143-6145-4318-99D3-3EDCE​54A95A9} - C:\Program Files\orange\ToolbarFR\Toolbar​Container101000320.dll (Orange)
 O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60​AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
 O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-00132​0C79847} - Reg Error: Value error. File not found
 O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
 O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
 O4 - HKLM..\Run: [Facemoi] c:\Facemoi\facemoi.exe (FaceMoi)
 O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.​exe (Nero AG)
 O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
 O4 - HKLM..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\Connexion Internet Orange\SessionManager\SessionM​anager.exe (France Telecom SA)
 O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
 O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
 O4 - HKCU..\Run: [Facemoi] C:\Facemoi\facemoi.exe (FaceMoi)
 O4 - HKCU..\Run: [MailNotifier] C:\Program Files\orange\MailNotifier\Mail​Notifier.exe ()
 O4 - HKCU..\Run: [orangeinside] C:\Documents and Settings\allain TURPIN\Application Data\Orange\OrangeInside\one\O​rangeInside.exe (Orange)
 O4 - HKCU..\Run: [PCSpeedUp] C:\Program Files\Accelerer PC\PCSpeedUp.exe File not found
 O4 - HKCU..\Run: [PowerSuite] C:\Program Files\Uniblue\PowerSuite\launc​her.exe (Uniblue Systems Limited)
 O4 - HKCU..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.​exe ()
 O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\​Logiciel de Synchronisation Orange.lnk = C:\Program Files\orange\Logiciel de Synchronisation Orange\Voxsync.exe (Voxmobili)
 O6 - HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Expl​orer: HonorAutoRunSetting = 1
 O6 - HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Expl​orer: NoCDBurning = 0
 O6 - HKLM\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Expl​orer: NoDriveTypeAutoRun = 255
 O7 - HKCU\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Expl​orer: NoDriveTypeAutoRun = 255
 O7 - HKCU\SOFTWARE\Microsoft\Window​s\CurrentVersion\policies\Expl​orer: NoDrives =  [binary data]
 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.sc​r (Google Inc.)
 O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Documents and Settings\allain TURPIN\Application Data\Orange\OrangeInside\src\a​ddfavorites_html\AddFavorites.​html ()
 O8 - Extra context menu item: envoyer le texte sélectionné par sms - C:\Documents and Settings\allain TURPIN\Application Data\Orange\OrangeInside\src\s​endsmsselectedtext_html\sendsm​sselectedtext.html ()
 O8 - Extra context menu item: envoyer par sms - C:\Documents and Settings\allain TURPIN\Application Data\Orange\OrangeInside\src\s​endsms_html\sendsms.html ()
 O8 - Extra context menu item: envoyer un mail - C:\Documents and Settings\allain TURPIN\Application Data\Orange\OrangeInside\src\s​endmail_html\sendmail.html ()
 O8 - Extra context menu item: orange.fr - C:\Documents and Settings\allain TURPIN\Application Data\Orange\OrangeInside\src\o​range_html\orange.html ()
 O8 - Extra context menu item: rechercher le texte sélectionné - C:\Documents and Settings\allain TURPIN\Application Data\Orange\OrangeInside\src\s​electedsearch_html\selectedsea​rch.html ()
 O8 - Extra context menu item: traduire la page - C:\Documents and Settings\allain TURPIN\Application Data\Orange\OrangeInside\src\t​ranslate_html\translate.html ()
 O8 - Extra context menu item: traduire le texte sélectionné - C:\Documents and Settings\allain TURPIN\Application Data\Orange\OrangeInside\src\t​ranslateSelectedText_html\tran​slateSelectedText.html ()
 O9 - Extra Button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B​3CFCFE1} - Reg Error: Key error. File not found
 O10 - NameSpace_Catalog5\Catalog_Ent​ries\000000000004 [] - C:\WINDOWS\system32\nwprovau.d​ll (Microsoft Corporation)
 O10 - NameSpace_Catalog5\Catalog_Ent​ries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
 O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Sites de confiance)
 O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] https in Sites de confiance)
 O15 - HKCU\..Trusted Domains: orange.fr ([logicielsgratuits] http in Sites de confiance)
 O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Sites de confiance)
 O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050B​F051A00} http://s.tf1.fr/mmdia/static/r [...] awflow.cab (Rawflow ICD Client)
 O16 - DPF: {166B1BCA-3F9C-11CF-8075-44455​3540000} http://download.macromedia.com [...] tor/sw.cab (Shockwave ActiveX Control)
 O16 - DPF: {17492023-C23A-453E-A040-C7C58​0BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B2​26FE9A1} http://download.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)
 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD8​4642501} http://messenger.zone.msn.com/ [...] b56986.cab (Checkers Class)
 O16 - DPF: {233C1507-6A77-46A4-9443-F871F​945D258} http://download.macromedia.com [...] tor/sw.cab (Shockwave ActiveX Control)
 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6​333150B} http://messenger.zone.msn.com/ [...] b50997.cab (Minesweeper Flags Class)
 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105​AA9B6AE} http://security.symantec.com/s [...] vSniff.cab (Symantec AntiVirus scanner)
 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4​f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelpe​r.dll (YInstStarter Class)
 O16 - DPF: {3E82BB3F-ABE4-458D-9281-01872​86A4E51} http://contacts.orange.fr/wfr_webab/VoxsyncX.cab (VoxsyncCtrl Class)
 O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A769​3661473} http://jeuxenligne.orange.fr/G [...] GameAx.cab (GameCtl Class)
 O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1​D56FDAC} file://C:\Documents and Settings\allain TURPIN\Local Settings\Application Data\Oberon Media\Oberon Games Host\DinerDash2_fr.1.0.0.70.ca​b (CPlayFirstDinerDash2_frContro​l Object)
 O16 - DPF: {5554A026-7282-4C11-A8F1-652D0​599CD02} http://a14.g.akamai.net/f/14/7 [...] SILENT.cab (NMInstall Control)
 O16 - DPF: {5C051655-FCD5-4969-9182-770EA​5AA5565} http://messenger.zone.msn.com/ [...] b56986.cab (Solitaire Showdown Class)
 O16 - DPF: {5D6F45B3-9043-443D-A792-11544​7494D24} http://messenger.zone.msn.com/ [...] E_UNO1.cab (UnoCtrl Class)
 O16 - DPF: {644E432F-49D3-41A1-8DD5-E0991​62EEEC5} http://security.symantec.com/s [...] /cabsa.cab (Symantec RuFSI Utility Class)
 O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F​5AADC21} http://jeuxenligne.orange.fr/o [...] uncher.cab (SpinTop Games Launcher)
 O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF​814E78A} http://wanadoofr.oberon-media. [...] uncher.cab (MJLauncherCtrl Class)
 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805​F499D93} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_22)
 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD​1796A8D} http://messenger.zone.msn.com/ [...] b31267.cab (MessengerStatsClient Class)
 O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829D​C0B603C} http://fpdownload.macromedia.c [...] rashim.cab (Reg Error: Key error.)
 O16 - DPF: {9122D757-5A4F-4768-82C5-B4171​D8556A7} http://appdirectory.messenger. [...] tPkMSN.cab (PhotoPickConvert Class)
 O16 - DPF: {9DF1C00D-8426-4337-972C-DC042​D19A916} http://webtv.guidetv.orange.fr [...] S_9418.cab (FTMediaPlayer Class)
 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-22031​3175592} http://messenger.zone.msn.com/ [...] b56649.cab (MSN Games - Installer)
 O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3F​F2ECD19} http://msnfr.oberon-media.com/ [...] 0.0.33.cab (CPlayFirstddfotgControl Object)
 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF​06D9A1B} http://game09.zylom.com/active [...] player.cab (Zylom Games Player)
 O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB​46AFDEE} http://sib1.od2.com/common/mus [...] Plugin.CAB (Reg Error: Key error.)
 O16 - DPF: {C80B7FF6-CE60-4079-935E-520C0​45C30A6} http://www.mailskinner.com/binaries/msaxsetup.cab (Reg Error: Key error.)
 O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE​0D2C9D1} http://jeuxentelechargement.or [...] Popcap.cab (PopcapLoader Object)
 O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDE​FFEDCBA} http://java.sun.com/update/1.5 [...] s-i586.cab (Reg Error: Key error.)
 O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Reg Error: Key error.)
 O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Reg Error: Key error.)
 O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Reg Error: Key error.)
 O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Reg Error: Key error.)
 O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Reg Error: Key error.)
 O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_22)
 O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_22)
 O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD​5599AB8} http://jeuxenligne.orange.fr/G [...] meHost.cab (Oberon Flash Game Host)
 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-44455​3540000} http://fpdownload2.macromedia. [...] wflash.cab (Shockwave Flash Object)
 O16 - DPF: {D8089245-3211-40F6-819B-9E5E9​2CD61A2} https://signin3.valueactive.co [...] lashax.cab (FlashXControl Object)
 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB1​6A1543A} file:///C:/Documents%20and%20S​ettings/allain%20TURPIN/Local%​20Settings/Application%20Data/​Oberon%20Media/Oberon%20Games%​20Host/popcaploader_v10.cab (PopCapLoader Object)
 O16 - DPF: {E1342154-4889-42B5-BEF6-19237​577048F} http://jeuxentelechargement.or [...] loader.cab (OberongamesLoader Object)
 O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453C​C29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
 O17 - HKLM\System\CCS\Services\Tcpip​\Parameters: DhcpNameServer = 192.168.1.1
 O18 - Protocol\Handler\http\0x000000​01 {E1D2BF42-A96B-11d1-9C6B-0000F​875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
 O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F​875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
 O18 - Protocol\Handler\https\0x00000​001 {E1D2BF42-A96B-11d1-9C6B-0000F​875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
 O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F​875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
 O18 - Protocol\Handler\ipp\0x0000000​1 {E1D2BF42-A96B-11d1-9C6B-0000F​875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
 O18 - Protocol\Handler\msdaipp\0x000​00001 {E1D2BF42-A96B-11d1-9C6B-0000F​875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
 O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F​875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F​8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.d​ll (ATI Technologies Inc.)
 O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll -  File not found
 O24 - Desktop Components:0 () - http://www.screenscenes.com/im [...] yOasis.jpg
 O24 - Desktop Components:1 () - http://www.fond-ecran.net/icones/mer10.jpg
 O24 - Desktop Components:2 (Ma page d'accueil) - About:Home
 O24 - Desktop WallPaper: C:\Documents and Settings\allain TURPIN\Mes documents\Mes images\FF_wallpaper__4__1600x1​200.bmp
 O24 - Desktop BackupWallPaper: C:\Documents and Settings\allain TURPIN\Mes documents\Mes images\FF_wallpaper__4__1600x1​200.bmp
 O32 - HKLM CDRom: AutoRun - 1
 O32 - AutoRun File - [2005/06/25 06:48:40 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
 O33 - MountPoints2\{207a4734-f1f0-11​dd-9ad7-00142a752f00}\Shell - "" = AutoRun
 O33 - MountPoints2\{a470ea8e-1453-11​dd-9955-00142a752f00}\Shell - "" = AutoRun
 O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
 O35 - HKLM\..comfile [open] -- "%1" %*
 O35 - HKLM\..exefile [open] -- "%1" %*
 O37 - HKLM\...com [@ = comfile] -- "%1" %*
 O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 ========== Files/Folders - Created Within 30 Days ==========
 
 [2011/01/02 19:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Remover
 [2011/01/02 18:18:18 | 000,000,000 | ---D | C] -- C:\rsit
 [2010/12/29 21:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\allain TURPIN\Application Data\Elephant Games
 [2010/12/29 10:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\QuickTime
 [2010/12/25 13:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\allain TURPIN\Mes documents\dil
 [2010/12/20 17:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\allain TURPIN\Application Data\Abra Academy2
 [2010/12/18 15:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\allain TURPIN\Bureau\Nouveau dossier (2)
 [2010/12/18 13:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Mystery Legends - The Phantom of the Opera Edition Collector
 [2010/12/18 13:16:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mystery Legends - The Phantom of the Opera Edition Collector
 [2010/12/18 13:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hidden Mysteries - Buckingham Palace
 [2010/12/18 13:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\Hidden Mysteries - Buckingham Palace
 [2010/12/18 13:11:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Reincarnat​ions - Les Vies Passees Edition Collector
 [2010/12/18 13:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Reincarnations - Les Vies Passees Edition Collector
 [2010/12/18 13:00:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Reincarnat​ions - L'Eveil
 [2010/12/18 13:00:05 | 000,000,000 | ---D | C] -- C:\Program Files\Reincarnations - L'Eveil
 [2010/12/18 12:03:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Hidden Expedition - Le Triangle du Diable
 [2010/12/18 12:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Hidden Expedition - Le Triangle du Diable
 [2010/12/18 11:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\Drawn - Par-dela lObscurite
 [2010/12/18 11:59:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Drawn - Par-dela lObscurite
 [2010/12/15 22:20:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{F03307B7-E779-4F5E-A32E-​9A73D8D6E0F2}
 [2010/12/15 22:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\allain TURPIN\Local Settings\Application Data\PackageAware
 [2010/12/15 11:52:25 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6​1883.sys
 [2010/12/15 11:52:24 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\4​mmdat.sys
 [2010/12/13 18:41:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
 [2010/12/11 19:51:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\allain TURPIN\Application Data\ERS Game Studios
 [2010/12/10 13:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\SEAF
 [2010/12/09 15:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\allain TURPIN\Application Data\Enki Games
 [2010/12/09 15:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\Reincarnations - Les Vies Passees
 [2010/12/07 17:19:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\allain TURPIN\Application Data\TOMI2.THE GATES OF FATE
 [2010/12/06 16:54:26 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
 [2010/12/06 16:54:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
 [2010/12/06 16:54:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
 [2010/12/06 15:51:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\allain TURPIN\Application Data\SunRay Games
 [2010/12/04 18:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\allain TURPIN\Application Data\Ten Heavens
 [2008/05/16 23:43:21 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.d​ll
 [2008/05/16 23:43:21 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.d​ll
 [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 [21 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 [2 C:\WINDOWS\System32\dllcache\*​.tmp files -> C:\WINDOWS\System32\dllcache\*​.tmp -> ]
 
 ========== Files - Modified Within 30 Days ==========
 
 [2011/01/02 23:52:00 | 000,000,448 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Syn​chronization-{97C7BA51-81B1-4D​C2-B265-E632FD801364}.job
 [2011/01/02 23:33:30 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBoost​er.job
 [2011/01/02 23:31:46 | 000,001,064 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateT​askMachineCore.job
 [2011/01/02 23:31:01 | 000,000,045 | ---- | M] () -- C:\TEST.XML
 [2011/01/02 23:30:52 | 000,021,961 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
 [2011/01/02 23:30:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
 [2011/01/02 23:30:11 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys
 [2011/01/02 23:01:03 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateT​askMachineUA.job
 [2011/01/02 20:16:19 | 000,636,586 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.d​at
 [2011/01/02 20:16:19 | 000,553,144 | ---- | M] () -- C:\WINDOWS\System32\perfh009.d​at
 [2011/01/02 20:16:19 | 000,134,136 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.d​at
 [2011/01/02 20:16:19 | 000,110,538 | ---- | M] () -- C:\WINDOWS\System32\perfc009.d​at
 [2011/01/02 20:16:18 | 000,478,502 | ---- | M] () -- C:\WINDOWS\System32\perfh040.d​at
 [2011/01/02 20:16:18 | 000,070,486 | ---- | M] () -- C:\WINDOWS\System32\perfc040.d​at
 [2011/01/02 19:56:59 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
 [2011/01/02 19:42:27 | 000,001,561 | ---- | M] () -- C:\Documents and Settings\allain TURPIN\Bureau\AD-R.lnk
 [2011/01/02 19:00:00 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.jo​b
 [2010/12/31 17:15:00 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\Maintenance en 1 clic.job
 [2010/12/29 19:04:03 | 000,000,252 | ---- | M] () -- C:\WINDOWS\CRAPETTE.JEU
 [2010/12/29 17:59:05 | 006,539,941 | ---- | M] () -- C:\Documents and Settings\allain TURPIN\Mes documents\Mylène Farmer - Oui Mais... Non (Beezik remercie Sécurité Routière).wma
 [2010/12/29 10:02:33 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\QuickTime Player.lnk
 [2010/12/29 09:08:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftware​Update.job
 [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mb​amswissarmy.sys
 [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mb​am.sys
 [2010/12/18 20:45:53 | 000,000,975 | ---- | M] () -- C:\Documents and Settings\allain TURPIN\Bureau\Bejeweled 3 Deluxe.lnk
 [2010/12/18 15:13:58 | 000,106,496 | ---- | M] () -- C:\Documents and Settings\allain TURPIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E​0D61DEA3FDF.ini
 [2010/12/18 13:14:41 | 000,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Jouer à Hidden Mysteries - Buckingham Palace.lnk
 [2010/12/18 13:13:55 | 000,002,002 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Jouer à Reincarnations - Les Vies Passees Edition Collector.lnk
 [2010/12/18 13:02:49 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Jouer à Reincarnations - L'Eveil.lnk
 [2010/12/18 12:04:15 | 000,001,916 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Jouer à Hidden Expedition - Le Triangle du Diable.lnk
 [2010/12/18 12:02:37 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Jouer à Drawn - Par-dela lObscurite.lnk
 [2010/12/16 18:49:33 | 000,009,435 | ---- | M] () -- C:\Documents and Settings\allain TURPIN\Mes documents\73762328.kinQZiCY.jp​g
 [2010/12/16 18:43:53 | 000,010,252 | ---- | M] () -- C:\Documents and Settings\allain TURPIN\Mes documents\155144_1737524164965​_1444447117_31878906_1481000_s​.jpg
 [2010/12/16 18:43:29 | 000,091,334 | ---- | M] () -- C:\Documents and Settings\allain TURPIN\Mes documents\album.php
 [2010/12/16 18:21:17 | 000,006,379 | ---- | M] () -- C:\Documents and Settings\allain TURPIN\Mes documents\58056_12655121740756​4_100001580582644_184641_50308​82_s.jpg
 [2010/12/16 10:30:17 | 000,282,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.D​AT
 [2010/12/15 23:38:12 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
 [2010/12/15 22:20:35 | 000,001,726 | ---- | M] () -- C:\Documents and Settings\allain TURPIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
 [2010/12/15 22:20:35 | 000,001,708 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Uniblue RegistryBooster.lnk
 [2010/12/14 23:35:15 | 000,005,676 | ---- | M] () -- C:\Documents and Settings\allain TURPIN\Mes documents\35605_12613181744950​4_100001580582644_182943_95814​7_s.jpg
 [2010/12/04 10:00:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\avast! Antivirus.job
 [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 [21 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 [2 C:\WINDOWS\System32\dllcache\*​.tmp files -> C:\WINDOWS\System32\dllcache\*​.tmp -> ]
 
 ========== Files Created - No Company Name ==========
 
 [2011/01/02 19:42:27 | 000,001,561 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Bureau\AD-R.lnk
 [2011/01/02 18:12:47 | 000,002,066 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\testfacemoi.txt
 [2010/12/29 17:59:02 | 006,539,941 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Mes documents\Mylène Farmer - Oui Mais... Non (Beezik remercie Sécurité Routière).wma
 [2010/12/29 10:02:33 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\QuickTime Player.lnk
 [2010/12/18 20:45:53 | 000,000,975 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Bureau\Bejeweled 3 Deluxe.lnk
 [2010/12/18 13:14:41 | 000,001,821 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Jouer à Hidden Mysteries - Buckingham Palace.lnk
 [2010/12/18 13:13:55 | 000,002,002 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Jouer à Reincarnations - Les Vies Passees Edition Collector.lnk
 [2010/12/18 13:02:49 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Jouer à Reincarnations - L'Eveil.lnk
 [2010/12/18 12:04:15 | 000,001,916 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Jouer à Hidden Expedition - Le Triangle du Diable.lnk
 [2010/12/18 12:02:37 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Jouer à Drawn - Par-dela lObscurite.lnk
 [2010/12/16 18:49:32 | 000,009,435 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Mes documents\73762328.kinQZiCY.jp​g
 [2010/12/16 18:43:52 | 000,010,252 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Mes documents\155144_1737524164965​_1444447117_31878906_1481000_s​.jpg
 [2010/12/16 18:43:29 | 000,091,334 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Mes documents\album.php
 [2010/12/16 18:21:15 | 000,006,379 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Mes documents\58056_12655121740756​4_100001580582644_184641_50308​82_s.jpg
 [2010/12/15 22:20:43 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RegistryBoost​er.job
 [2010/12/15 22:20:24 | 000,001,726 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Uniblue RegistryBooster.lnk
 [2010/12/15 22:20:24 | 000,001,708 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Uniblue RegistryBooster.lnk
 [2010/12/14 23:35:13 | 000,005,676 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Mes documents\35605_12613181744950​4_100001580582644_182943_95814​7_s.jpg
 [2010/08/18 14:57:26 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.​dll
 [2010/08/07 21:43:56 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Application Data\stats.txt
 [2010/01/25 16:35:24 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.s​ys
 [2010/01/25 16:35:24 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\5512D3EF34​.sys
 [2009/03/13 08:53:11 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Kit.ini
 [2009/01/20 21:05:50 | 000,002,402 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Application Data\RayV_20.01.09_20-05-50.rp​rt
 [2008/12/20 00:38:44 | 000,339,968 | ---- | C] () -- C:\WINDOWS\System32\pythoncom2​5.dll
 [2008/12/20 00:38:44 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\pywintypes​25.dll
 [2008/11/06 17:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.d​ll
 [2008/07/06 12:17:10 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
 [2008/07/06 11:03:42 | 000,001,248 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Application Data\RayV.trc
 [2008/06/15 22:39:12 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
 [2008/05/27 15:10:49 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
 [2008/05/22 14:13:20 | 000,004,987 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ywasvxup.hvs
 [2008/05/22 14:12:57 | 000,000,042 | ---- | C] () -- C:\WINDOWS\IniFile1.ini
 [2008/05/18 22:56:07 | 000,000,137 | ---- | C] () -- C:\WINDOWS\MyDrivers.ini
 [2008/05/16 23:43:21 | 009,607,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\sn​p2uvc.sys
 [2008/05/16 23:43:21 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sn​cduvc.sys
 [2008/05/16 23:43:21 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
 [2008/03/26 23:13:30 | 000,000,018 | ---- | C] () -- C:\WINDOWS\iensx.ini
 [2008/03/26 23:11:46 | 000,000,435 | ---- | C] () -- C:\WINDOWS\MyNetIE.ini
 [2007/06/19 18:00:13 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Local Settings\Application Data\LCIbanner0.html
 [2007/06/19 17:55:47 | 000,000,262 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Local Settings\Application Data\LCIbanner1.html
 [2007/06/16 18:16:04 | 000,000,109 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Local Settings\Application Data\Lcistatistics.xml
 [2007/06/16 18:10:51 | 000,001,696 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Application Data\LciPersonalization.data
 [2007/06/16 18:10:48 | 000,001,855 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Local Settings\Application Data\LciPersonalization.data
 [2007/04/28 22:49:19 | 000,000,060 | ---- | C] () -- C:\WINDOWS\yesmessenger.ini
 [2007/03/06 16:50:30 | 001,669,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lv​ckap.sys
 [2007/03/03 23:46:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Application Data\WinssCookie.txt
 [2007/01/18 18:19:49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
 [2006/10/22 17:29:56 | 000,000,060 | ---- | C] () -- C:\WINDOWS\GECKOS.INI
 [2006/08/20 09:32:22 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\netwbix32.​dll
 [2006/06/26 19:34:39 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Local Settings\Application Data\fusioncache.dat
 [2006/06/20 16:45:22 | 000,278,528 | ---- | C] () -- C:\Program Files\Fichiers communs\FDEUnInstaller.exe
 [2006/04/30 14:23:31 | 000,000,707 | ---- | C] () -- C:\WINDOWS\ssaver.ini
 [2006/04/30 14:23:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Orage.INI
 [2006/04/28 15:37:22 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\WLANUTL.dl​l
 [2006/04/26 16:12:58 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
 [2006/04/25 15:50:45 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
 [2006/04/16 19:33:45 | 000,000,345 | ---- | C] () -- C:\WINDOWS\wininit.ini
 [2006/03/21 21:20:24 | 000,000,150 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.i​ni
 [2006/03/17 22:04:30 | 000,000,160 | ---- | C] () -- C:\WINDOWS\mafosav.INI
 [2006/03/14 18:56:47 | 000,002,930 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
 [2006/03/04 09:57:21 | 000,106,496 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E​0D61DEA3FDF.ini
 [2006/03/03 16:36:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
 [2006/02/28 16:44:45 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
 [2006/02/26 19:08:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
 [2006/02/25 09:27:22 | 000,000,026 | ---- | C] () -- C:\WINDOWS\ulead32.ini
 [2006/02/19 10:38:17 | 000,085,383 | ---- | C] () -- C:\WINDOWS\System32\Autorun.in​i
 [2006/02/17 15:38:17 | 000,104,593 | ---- | C] () -- C:\WINDOWS\System32\drivers\MP​IXVID.SYS
 [2006/02/16 18:12:24 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
 [2006/02/16 18:10:34 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX3800EFGIPSD.ini
 [2006/02/05 21:01:44 | 000,000,662 | ---- | C] () -- C:\Documents and Settings\allain TURPIN\Application Data\wklnhst.dat
 [2006/02/03 18:15:32 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfas​t.dll
 [2005/10/22 02:01:46 | 000,000,083 | ---- | C] () -- C:\WINDOWS\ALAUNCH.INI
 [2005/09/19 02:01:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
 [2005/06/25 18:17:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
 [2005/06/25 06:48:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dl​l
 [2005/06/25 06:48:23 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.d​ll
 [2005/06/25 06:48:23 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
 [2005/06/25 06:48:23 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dl​l
 [2005/06/25 06:48:23 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.d​ll
 [2005/06/25 06:41:35 | 000,008,073 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.IN​I
 [2005/06/25 06:35:43 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.in​i
 [2005/06/25 06:34:07 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
 [2005/05/27 13:57:16 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\pf​c027.sys
 [2005/04/01 15:16:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dl​l
 [2005/01/25 14:15:42 | 000,010,240 | R--- | C] () -- C:\WINDOWS\System32\PA207Usd.d​ll
 [2004/10/26 23:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.d​ll
 [2002/10/15 23:54:04 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
 [2001/12/26 15:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_​vcd.dll
 [2001/09/05 15:05:16 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\symplisc.d​ll
 [2001/09/03 22:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
 [2001/07/30 15:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.​dll
 [2001/07/23 21:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_​MMX.dll
 [1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 
 ========== Alternate Data Streams ==========
 
 @Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E2A6B4A
 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:45FE2B4E
 @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05816AFA
 @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8140CB50
 @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\drivers\mo​uhid.sys:SummaryInformation
 @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C72A744C
 @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A7527E8
 @Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
 @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A4AF8D0D
 @Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C30487EE
 @Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DC0B1070
 @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF695222
 @Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1786630
 @Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71612023
 @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C8950EF
 @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:639F0420
 @Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:131C0EE9
 @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F880DE59
 @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BD9F7E4E
 @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A60D0FA6
 @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33A7CC67
 @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FB9F88B
 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEA9057A
 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4220A65C
 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:370E4EFB
 @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1
 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8
 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8C458D50
 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:54997B77
 @Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:11201333
 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C870DCBB
 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
 @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85C3B823
 @Alternate Data Stream - 126 bytes -> C:\Documents an

(Publicité)
Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 03/01/2011 à 01:36:34  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut DS76


 Double clic sur OTL.exe pour le lancer.
 (Vista/Seven --> Faire un clique droit sur OTL.exe pour lancer le programme et choisi "Exécuter en tant qu'administrateur".

 * Copie la liste qui se trouve en citation ci-dessous, et colle-la dans la zone sous " Personnalisation "

 



:OTL
 SRV - (WinVNC4) -- File not found
 SRV - (UxTuneUp) -- C:\WINDOWS\System32\uxtuneup.d​ll File not found    
 SRV - (TuneUp.Defrag) -- File not found
 SRV - (CLTNetCnService) -- File not found
 DRV - (ZTEusbser6k) -- C:\WINDOWS\System32\DRIVERS\ZT​Eusbser6k.sys File not found    
 DRV - (ZTEusbnmea) -- C:\WINDOWS\System32\DRIVERS\ZT​Eusbnmea.sys File not found    
 DRV - (ZTEusbmdm6k) -- C:\WINDOWS\System32\DRIVERS\ZT​Eusbmdm6k.sys File not found    
 DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sp​td.sys File not found    
 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695E​CA05670} - No CLSID value found.    
 O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E​497C8C0} - No CLSID value found.    
 O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8FB0-B921F​5DBF922} - No CLSID value found.    
 O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988​571CECB} - No CLSID value found.    
 O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723​696E350} - No CLSID value found.    
 O2 - BHO: (no name) - {6638A9DE-0745-4292-8A2E-AE530​E7B9B3F} - No CLSID value found.    
 O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF​36AF6E4} - No CLSID value found.
 O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B​4FF55D0} - No CLSID value found.
 O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-00132​0C79847} - Reg Error: Value error. File not found    
 O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-8FB0-B921F​5DBF922} - No CLSID value found.    
 O3 - HKLM\..\Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B​4FF55D0} - No CLSID value found.    
 O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
 O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859D​F00B1D6} - No CLSID value found.    
 O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49​B9F9938} - No CLSID value found.
 O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066​696354B} - No CLSID value found.    
 O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D​3229068} - No CLSID value found.    
 O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-00132​0C79847} - Reg Error: Value error. File not found     O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-00132​0C79847} - Reg Error: Value error. File not found    
 O4 - HKCU..\Run: [PCSpeedUp] C:\Program Files\Accelerer PC\PCSpeedUp.exe File not found
 O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050B​F051A00} http://s.tf1.fr/mmdia/static/r [...] awflow.cab (Rawflow ICD Client)    
 O16 - DPF: {166B1BCA-3F9C-11CF-8075-44455​3540000} http://download.macromedia.com [...] tor/sw.cab (Shockwave ActiveX Control)    
 O16 - DPF: {17492023-C23A-453E-A040-C7C58​0BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool)    
 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B2​26FE9A1} http://download.ewido.net/ewidoOnlineScan.cab (ewidoOnlineScan Control)    
 O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD8​4642501} http://messenger.zone.msn.com/ [...] b56986.cab (Checkers Class)    
 O16 - DPF: {233C1507-6A77-46A4-9443-F871F​945D258} http://download.macromedia.com [...] tor/sw.cab (Shockwave ActiveX Control)    
 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6​333150B} http://messenger.zone.msn.com/ [...] b50997.cab (Minesweeper Flags Class)    
 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105​AA9B6AE} http://security.symantec.com/s [...] vSniff.cab (Symantec AntiVirus scanner)    
 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4​f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelpe​r.dll (YInstStarter Class)    
 O16 - DPF: {3E82BB3F-ABE4-458D-9281-01872​86A4E51} http://contacts.orange.fr/wfr_webab/VoxsyncX.cab (VoxsyncCtrl Class)
 O16 - DPF: {5308E02B-4ABA-48E4-AA9E-8A769​3661473} http://jeuxenligne.orange.fr/G [...] GameAx.cab (GameCtl Class)
 O16 - DPF: {5392B545-31A5-4724-BEF3-4FED1​D56FDAC} file://C:\Documents and Settings\allain TURPIN\Local Settings\Application Data\Oberon Media\Oberon Games Host\DinerDash2_fr.1.0.0.70.ca​b (CPlayFirstDinerDash2_frContro​l Object)
 O16 - DPF: {5554A026-7282-4C11-A8F1-652D0​599CD02} http://a14.g.akamai.net/f/14/7 [...] Stat_(...) (NMInstall Control)
 O16 - DPF: {5C051655-FCD5-4969-9182-770EA​5AA5565} http://messenger.zone.msn.com/ [...] b56986.cab (Solitaire Showdown Class)    
 O16 - DPF: {5D6F45B3-9043-443D-A792-11544​7494D24} http://messenger.zone.msn.com/ [...] E_UNO1.cab (UnoCtrl Class)
 O16 - DPF: {644E432F-49D3-41A1-8DD5-E0991​62EEEC5} http://security.symantec.com/s [...] /cabsa.cab (Symantec RuFSI Utility Class)    
 O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F​5AADC21} http://jeuxenligne.orange.fr/o [...] her.c(...) (SpinTop Games Launcher)    
 O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF​814E78A} http://wanadoofr.oberon-media. [...] uncher.cab (MJLauncherCtrl Class)    
 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805​F499D93} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_22)    
 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD​1796A8D} http://messenger.zone.msn.com/ [...] b31267.cab (MessengerStatsClient Class)    
 O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829D​C0B603C} http://fpdownload.macromedia.c [...] rashim.cab (Reg Error: Key error.)    
 O16 - DPF: {9122D757-5A4F-4768-82C5-B4171​D8556A7} http://appdirectory.messenger. [...] kMSN.(...) (PhotoPickConvert Class)    
 O16 - DPF: {9DF1C00D-8426-4337-972C-DC042​D19A916} http://webtv.guidetv.orange.fr [...] S_9418.cab (FTMediaPlayer Class)
 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-22031​3175592} http://messenger.zone.msn.com/ [...] b56649.cab (MSN Games - Installer)    
 O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3F​F2ECD19} http://msnfr.oberon-media.com/ [...] the_g(...) (CPlayFirstddfotgControl Object)
 O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF​06D9A1B} http://game09.zylom.com/active [...] player.cab (Zylom Games Player)    
 O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB​46AFDEE} http://sib1.od2.com/common/mus [...] Plugin.CAB (Reg Error: Key error.)    
 O16 - DPF: {C80B7FF6-CE60-4079-935E-520C0​45C30A6} http://www.mailskinner.com/binaries/msaxsetup.cab (Reg Error: Key error.)
 O16 - DPF: {C9E17F58-564C-41C6-989F-AB0FE​0D2C9D1} http://jeuxentelechargement.or [...] Popcap.cab (PopcapLoader Object)
 O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDE​FFEDCBA} http://java.sun.com/update/1.5 [...] s-i586.cab (Reg Error: Key error.)
 O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Reg Error: Key error.)    
 O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Reg Error: Key error.)    
 O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Reg Error: Key error.)    
 O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Reg Error: Key error.)    
 O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Reg Error: Key error.)    
 O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_22)
 O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDE​FFEDCBA} http://java.sun.com/update/1.6 [...] s-i586.cab (Java Plug-in 1.6.0_22)    
 O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD​5599AB8} http://jeuxenligne.orange.fr/G [...] meHost.cab (Oberon Flash Game Host)    
 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-44455​3540000} http://fpdownload2.macromedia. [...] wflash.cab (Shockwave Flash Object)    
 O16 - DPF: {D8089245-3211-40F6-819B-9E5E9​2CD61A2} https://signin3.valueactive.co [...] ax.ca(...) (FlashXControl Object)    
 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB1​6A1543A} file:///C:/Documents%20and%20S​ettings/allain%20TURPIN/Local%​20Settings/Applic(...) (PopCapLoader Object)    
 O16 - DPF: {E1342154-4889-42B5-BEF6-19237​577048F} http://jeuxentelechargement.or [...] loader.cab (OberongamesLoader Object)    
 O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453C​C29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)    
 [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 [21 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 [2 C:\WINDOWS\System32\dllcache\*​.tmp files -> C:\WINDOWS\System32\dllcache\*​.tmp -> ]

 :Files
 C:\WINDOWS\System32\netwbix32.​dll
 C:\WINDOWS\System32\Autorun.in​i

 :Commands
 [Emptytemp]





 * Clique sur " Correction " pour lancer la suppression.

 * Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur Oui.

 * Au redémarrage , autorise OTL a s'exécuter.

 * Poste le rapport généré par OTL.

ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2011 à 13:30:56  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonjour,

 Voici le rapport otl (je serais curieux de savoir par quoi j'étais infecté?) :
 All processes killed
 ========== OTL ==========
 Service WinVNC4 stopped successfully!
 Service WinVNC4 deleted successfully!
 File  File not found not found.
 Service UxTuneUp stopped successfully!
 Service UxTuneUp deleted successfully!
 File  C:\WINDOWS\System32\uxtuneup.d​ll File not found not found.
 Service TuneUp.Defrag stopped successfully!
 Service TuneUp.Defrag deleted successfully!
 File  File not found not found.
 Service CLTNetCnService stopped successfully!
 Service CLTNetCnService deleted successfully!
 File  File not found not found.
 Service ZTEusbser6k stopped successfully!
 Service ZTEusbser6k deleted successfully!
 File  C:\WINDOWS\System32\DRIVERS\ZT​Eusbser6k.sys File not found not found.
 Service ZTEusbnmea stopped successfully!
 Service ZTEusbnmea deleted successfully!
 File  C:\WINDOWS\System32\DRIVERS\ZT​Eusbnmea.sys File not found not found.
 Service ZTEusbmdm6k stopped successfully!
 Service ZTEusbmdm6k deleted successfully!
 File  C:\WINDOWS\System32\DRIVERS\ZT​Eusbmdm6k.sys File not found not found.
 Service sptd stopped successfully!
 Service sptd deleted successfully!
 File  C:\WINDOWS\System32\Drivers\sp​td.sys File not found not found.
 Registry key HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B​51-7695ECA05670}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{02478D38-C3F9-4ef​b-9B51-7695ECA05670}\ not found.
 Registry key HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A6​6E-4E65E497C8C0}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{3CA2F312-6F6E-4B5​3-A66E-4E65E497C8C0}\ not found.
 Registry key HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{4E7BD74F-2B8D-469E-8F​B0-B921F5DBF922}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{4E7BD74F-2B8D-469​E-8FB0-B921F5DBF922}\ not found.
 Registry key HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D​64-90988571CECB}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{5C255C8A-E604-49b​4-9D64-90988571CECB}\ not found.
 Registry key HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA​6E-39723696E350}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{64F56FC1-1272-44C​D-BA6E-39723696E350}\ not found.
 Registry key HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{6638A9DE-0745-4292-8A​2E-AE530E7B9B3F}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{6638A9DE-0745-429​2-8A2E-AE530E7B9B3F}\ not found.
 Registry key HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-87​73-474BF36AF6E4}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{9394EDE7-C8B5-483​E-8773-474BF36AF6E4}\ not found.
 Registry key HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-AD​C1-64B5B4FF55D0}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{BDBD1DAD-C946-4A1​7-ADC1-64B5B4FF55D0}\ not found.
 Registry key HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C​72-001320C79847}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{EEE6C35C-6118-11D​C-9C72-001320C79847}\ deleted successfully.
 Registry value HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Internet Explorer\Toolbar\\{4E7BD74F-2B​8D-469E-8FB0-B921F5DBF922} deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{4E7BD74F-2B8D-469​E-8FB0-B921F5DBF922}\ not found.
 Registry value HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Internet Explorer\Toolbar\\{BDAD1DAD-C9​46-4A17-ADC1-64B5B4FF55D0} deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{BDAD1DAD-C946-4A1​7-ADC1-64B5B4FF55D0}\ not found.
 Registry value HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Internet Explorer\Toolbar\\Locked deleted successfully.
 Registry value HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\Toolbar\ShellBrowser\​\{42CDD1BF-3FFB-4238-8AD1-7859​DF00B1D6} deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{42CDD1BF-3FFB-423​8-8AD1-7859DF00B1D6}\ not found.
 Registry value HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\Toolbar\ShellBrowser\​\{BC4FFE41-DE9F-46FA-B455-AAD4​9B9F9938} deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{BC4FFE41-DE9F-46F​A-B455-AAD49B9F9938}\ deleted successfully.
 Registry value HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\Toolbar\ShellBrowser\​\{C4069E3A-68F1-403E-B40E-2006​6696354B} deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{C4069E3A-68F1-403​E-B40E-20066696354B}\ not found.
 Registry value HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\Toolbar\WebBrowser\\{​21FA44EF-376D-4D53-9B0F-8A89D3​229068} deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{21FA44EF-376D-4D5​3-9B0F-8A89D3229068}\ not found.
 Registry value HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\Toolbar\WebBrowser\\{​EEE6C35B-6118-11DC-9C72-001320​C79847} deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{EEE6C35B-6118-11D​C-9C72-001320C79847}\ deleted successfully.
 Registry value HKEY_CURRENT_USER\Software\Mic​rosoft\Windows\CurrentVersion\​Run\\PCSpeedUp deleted successfully.
 Starting removal of ActiveX control {029FDBA6-3547-11D7-AA4C-0050B​F051A00}
 Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{029FDBA6-3547-11D7-AA4C​-0050BF051A00}\DownloadInforma​tion\\INF .
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{029FDBA6-3547-11D7-AA4C​-0050BF051A00}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{029FDBA6-3547-11D​7-AA4C-0050BF051A00}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{029FDBA6-3547-11D7​-AA4C-0050BF051A00}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{029FDBA6-3547-11D​7-AA4C-0050BF051A00}\ not found.
 Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-44455​3540000}
 Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075​-444553540000}\DownloadInforma​tion\\INF .
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075​-444553540000}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{166B1BCA-3F9C-11C​F-8075-444553540000}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF​-8075-444553540000}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{166B1BCA-3F9C-11C​F-8075-444553540000}\ not found.
 Starting removal of ActiveX control {17492023-C23A-453E-A040-C7C58​0BBF700}
 C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040​-C7C580BBF700}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{17492023-C23A-453​E-A040-C7C580BBF700}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{17492023-C23A-453E​-A040-C7C580BBF700}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{17492023-C23A-453​E-A040-C7C580BBF700}\ not found.
 Starting removal of ActiveX control {193C772A-87BE-4B19-A7BB-445B2​26FE9A1}
 Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{193C772A-87BE-4B19-A7BB​-445B226FE9A1}\DownloadInforma​tion\\INF .
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{193C772A-87BE-4B19-A7BB​-445B226FE9A1}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{193C772A-87BE-4B1​9-A7BB-445B226FE9A1}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{193C772A-87BE-4B19​-A7BB-445B226FE9A1}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{193C772A-87BE-4B1​9-A7BB-445B226FE9A1}\ not found.
 Starting removal of ActiveX control {20A60F0D-9AFA-4515-A0FD-83BD8​4642501}
 Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{20A60F0D-9AFA-4515-A0FD​-83BD84642501}\DownloadInforma​tion\\INF .
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{20A60F0D-9AFA-4515-A0FD​-83BD84642501}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{20A60F0D-9AFA-451​5-A0FD-83BD84642501}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{20A60F0D-9AFA-4515​-A0FD-83BD84642501}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{20A60F0D-9AFA-451​5-A0FD-83BD84642501}\ not found.
 Starting removal of ActiveX control {233C1507-6A77-46A4-9443-F871F​945D258}
 C:\WINDOWS\Downloaded Program Files\swdir.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{233C1507-6A77-46A4-9443​-F871F945D258}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{233C1507-6A77-46A​4-9443-F871F945D258}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{233C1507-6A77-46A4​-9443-F871F945D258}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{233C1507-6A77-46A​4-9443-F871F945D258}\ not found.
 Starting removal of ActiveX control {2917297F-F02B-4B9D-81DF-494B6​333150B}
 Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{2917297F-F02B-4B9D-81DF​-494B6333150B}\DownloadInforma​tion\\INF .
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{2917297F-F02B-4B9D-81DF​-494B6333150B}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{2917297F-F02B-4B9​D-81DF-494B6333150B}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{2917297F-F02B-4B9D​-81DF-494B6333150B}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{2917297F-F02B-4B9​D-81DF-494B6333150B}\ not found.
 Starting removal of ActiveX control {2BC66F54-93A8-11D3-BEB6-00105​AA9B6AE}
 C:\WINDOWS\Downloaded Program Files\avsniff.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{2BC66F54-93A8-11D3-BEB6​-00105AA9B6AE}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{2BC66F54-93A8-11D​3-BEB6-00105AA9B6AE}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{2BC66F54-93A8-11D3​-BEB6-00105AA9B6AE}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{2BC66F54-93A8-11D​3-BEB6-00105AA9B6AE}\ not found.
 Starting removal of ActiveX control {30528230-99f7-4bb4-88d8-fa1d4​f56a2ab}
 C:\Program Files\Yahoo!\Common\yinst.inf moved successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8​-fa1d4f56a2ab}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{30528230-99f7-4bb​4-88d8-fa1d4f56a2ab}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{30528230-99f7-4bb4​-88d8-fa1d4f56a2ab}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{30528230-99f7-4bb​4-88d8-fa1d4f56a2ab}\ not found.
 Starting removal of ActiveX control {3E82BB3F-ABE4-458D-9281-01872​86A4E51}
 C:\WINDOWS\Downloaded Program Files\VoxsyncX.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{3E82BB3F-ABE4-458D-9281​-0187286A4E51}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{3E82BB3F-ABE4-458​D-9281-0187286A4E51}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{3E82BB3F-ABE4-458D​-9281-0187286A4E51}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{3E82BB3F-ABE4-458​D-9281-0187286A4E51}\ not found.
 Starting removal of ActiveX control {5308E02B-4ABA-48E4-AA9E-8A769​3661473}
 C:\WINDOWS\Downloaded Program Files\GameAx.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{5308E02B-4ABA-48E4-AA9E​-8A7693661473}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{5308E02B-4ABA-48E​4-AA9E-8A7693661473}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{5308E02B-4ABA-48E4​-AA9E-8A7693661473}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{5308E02B-4ABA-48E​4-AA9E-8A7693661473}\ not found.
 File 545-31A5-4724-BEF3-4FED1D56FDA​C} file://C:\Documents and Settings\allain TURPIN\Local Settings\Application Data\Oberon Media\Oberon Games Host\DinerDash2_fr.1.0.0.70.ca​b not found.
 Starting removal of ActiveX control {5392B545-31A5-4724-BEF3-4FED1​D56FDAC}
 C:\WINDOWS\Downloaded Program Files\DinerDash2_fr.1.0.0.70.i​nf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{5392B545-31A5-4724-BEF3​-4FED1D56FDAC}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{5392B545-31A5-472​4-BEF3-4FED1D56FDAC}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{5392B545-31A5-4724​-BEF3-4FED1D56FDAC}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{5392B545-31A5-472​4-BEF3-4FED1D56FDAC}\ not found.
 Starting removal of ActiveX control {5554A026-7282-4C11-A8F1-652D0​599CD02}
 C:\WINDOWS\Downloaded Program Files\nminstall.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{5554A026-7282-4C11-A8F1​-652D0599CD02}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{5554A026-7282-4C1​1-A8F1-652D0599CD02}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{5554A026-7282-4C11​-A8F1-652D0599CD02}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{5554A026-7282-4C1​1-A8F1-652D0599CD02}\ not found.
 Starting removal of ActiveX control {5C051655-FCD5-4969-9182-770EA​5AA5565}
 Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{5C051655-FCD5-4969-9182​-770EA5AA5565}\DownloadInforma​tion\\INF .
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{5C051655-FCD5-4969-9182​-770EA5AA5565}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{5C051655-FCD5-496​9-9182-770EA5AA5565}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{5C051655-FCD5-4969​-9182-770EA5AA5565}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{5C051655-FCD5-496​9-9182-770EA5AA5565}\ not found.
 Starting removal of ActiveX control {5D6F45B3-9043-443D-A792-11544​7494D24}
 C:\WINDOWS\Downloaded Program Files\GAME_UNO1.INF not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{5D6F45B3-9043-443D-A792​-115447494D24}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{5D6F45B3-9043-443​D-A792-115447494D24}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{5D6F45B3-9043-443D​-A792-115447494D24}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{5D6F45B3-9043-443​D-A792-115447494D24}\ not found.
 Starting removal of ActiveX control {644E432F-49D3-41A1-8DD5-E0991​62EEEC5}
 C:\WINDOWS\Downloaded Program Files\CabSA.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{644E432F-49D3-41A1-8DD5​-E099162EEEC5}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{644E432F-49D3-41A​1-8DD5-E099162EEEC5}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{644E432F-49D3-41A1​-8DD5-E099162EEEC5}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{644E432F-49D3-41A​1-8DD5-E099162EEEC5}\ not found.
 Starting removal of ActiveX control {7CCAD6DD-DD0B-440B-91FF-7670F​5AADC21}
 C:\WINDOWS\Downloaded Program Files\SpinTopGamesLauncher.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{7CCAD6DD-DD0B-440B-91FF​-7670F5AADC21}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{7CCAD6DD-DD0B-440​B-91FF-7670F5AADC21}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{7CCAD6DD-DD0B-440B​-91FF-7670F5AADC21}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{7CCAD6DD-DD0B-440​B-91FF-7670F5AADC21}\ not found.
 Starting removal of ActiveX control {7E980B9B-8AE5-466A-B6D6-DA8CF​814E78A}
 C:\WINDOWS\Downloaded Program Files\mjolauncher.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{7E980B9B-8AE5-466A-B6D6​-DA8CF814E78A}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{7E980B9B-8AE5-466​A-B6D6-DA8CF814E78A}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{7E980B9B-8AE5-466A​-B6D6-DA8CF814E78A}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{7E980B9B-8AE5-466​A-B6D6-DA8CF814E78A}\ not found.
 Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805​F499D93}
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9​-00805F499D93}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{8AD9C840-044E-11D​1-B3E9-00805F499D93}\ deleted successfully.
 Registry key HKEY_CURRENT_USER\SOFTWARE\Cla​sses\CLSID\{8AD9C840-044E-11D1​-B3E9-00805F499D93}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{8AD9C840-044E-11D1​-B3E9-00805F499D93}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{8AD9C840-044E-11D​1-B3E9-00805F499D93}\ not found.
 Starting removal of ActiveX control {8E0D4DE5-3180-4024-A327-4DFAD​1796A8D}
 Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{8E0D4DE5-3180-4024-A327​-4DFAD1796A8D}\DownloadInforma​tion\\INF .
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{8E0D4DE5-3180-4024-A327​-4DFAD1796A8D}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{8E0D4DE5-3180-402​4-A327-4DFAD1796A8D}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{8E0D4DE5-3180-4024​-A327-4DFAD1796A8D}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{8E0D4DE5-3180-402​4-A327-4DFAD1796A8D}\ not found.
 Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829D​C0B603C}
 Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD​-5829DC0B603C}\DownloadInforma​tion\\INF .
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD​-5829DC0B603C}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{8FFBE65D-2C9C-466​9-84BD-5829DC0B603C}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669​-84BD-5829DC0B603C}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{8FFBE65D-2C9C-466​9-84BD-5829DC0B603C}\ not found.
 Starting removal of ActiveX control {9122D757-5A4F-4768-82C5-B4171​D8556A7}
 C:\WINDOWS\Downloaded Program Files\PhtPkMSN.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{9122D757-5A4F-4768-82C5​-B4171D8556A7}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{9122D757-5A4F-476​8-82C5-B4171D8556A7}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{9122D757-5A4F-4768​-82C5-B4171D8556A7}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{9122D757-5A4F-476​8-82C5-B4171D8556A7}\ not found.
 Starting removal of ActiveX control {9DF1C00D-8426-4337-972C-DC042​D19A916}
 C:\WINDOWS\Downloaded Program Files\OCS.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{9DF1C00D-8426-4337-972C​-DC042D19A916}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{9DF1C00D-8426-433​7-972C-DC042D19A916}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{9DF1C00D-8426-4337​-972C-DC042D19A916}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{9DF1C00D-8426-433​7-972C-DC042D19A916}\ not found.
 Starting removal of ActiveX control {B8BE5E93-A60C-4D26-A2DC-22031​3175592}
 Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{B8BE5E93-A60C-4D26-A2DC​-220313175592}\DownloadInforma​tion\\INF .
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{B8BE5E93-A60C-4D26-A2DC​-220313175592}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{B8BE5E93-A60C-4D2​6-A2DC-220313175592}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{B8BE5E93-A60C-4D26​-A2DC-220313175592}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{B8BE5E93-A60C-4D2​6-A2DC-220313175592}\ not found.
 Starting removal of ActiveX control {BAE1D8DF-0B35-47E3-A1E7-EEB3F​F2ECD19}
 C:\WINDOWS\Downloaded Program Files\ddfotg.1.0.0.33.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{BAE1D8DF-0B35-47E3-A1E7​-EEB3FF2ECD19}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{BAE1D8DF-0B35-47E​3-A1E7-EEB3FF2ECD19}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{BAE1D8DF-0B35-47E3​-A1E7-EEB3FF2ECD19}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{BAE1D8DF-0B35-47E​3-A1E7-EEB3FF2ECD19}\ not found.
 Starting removal of ActiveX control {BFF1950D-B1B4-4AE8-B842-B2CCF​06D9A1B}
 C:\WINDOWS\Downloaded Program Files\ZylomGamesPlayer.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{BFF1950D-B1B4-4AE8-B842​-B2CCF06D9A1B}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{BFF1950D-B1B4-4AE​8-B842-B2CCF06D9A1B}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{BFF1950D-B1B4-4AE8​-B842-B2CCF06D9A1B}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{BFF1950D-B1B4-4AE​8-B842-B2CCF06D9A1B}\ not found.
 Starting removal of ActiveX control {C45B1500-7B63-47C2-AB25-C28CB​46AFDEE}
 C:\WINDOWS\Downloaded Program Files\MusicManager.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{C45B1500-7B63-47C2-AB25​-C28CB46AFDEE}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{C45B1500-7B63-47C​2-AB25-C28CB46AFDEE}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{C45B1500-7B63-47C2​-AB25-C28CB46AFDEE}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{C45B1500-7B63-47C​2-AB25-C28CB46AFDEE}\ not found.
 Starting removal of ActiveX control {C80B7FF6-CE60-4079-935E-520C0​45C30A6}
 C:\WINDOWS\Downloaded Program Files\axsetup.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{C80B7FF6-CE60-4079-935E​-520C045C30A6}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{C80B7FF6-CE60-407​9-935E-520C045C30A6}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{C80B7FF6-CE60-4079​-935E-520C045C30A6}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{C80B7FF6-CE60-407​9-935E-520C045C30A6}\ not found.
 Starting removal of ActiveX control {C9E17F58-564C-41C6-989F-AB0FE​0D2C9D1}
 C:\WINDOWS\Downloaded Program Files\Popcap.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{C9E17F58-564C-41C6-989F​-AB0FE0D2C9D1}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{C9E17F58-564C-41C​6-989F-AB0FE0D2C9D1}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{C9E17F58-564C-41C6​-989F-AB0FE0D2C9D1}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{C9E17F58-564C-41C​6-989F-AB0FE0D2C9D1}\ not found.
 Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDE​FFEDCBA}
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011​-ABCDEFFEDCBA}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{CAFEEFAC-0015-000​0-0011-ABCDEFFEDCBA}\ not found.
 Registry key HKEY_CURRENT_USER\SOFTWARE\Cla​sses\CLSID\{CAFEEFAC-0015-0000​-0011-ABCDEFFEDCBA}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000​-0011-ABCDEFFEDCBA}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{CAFEEFAC-0015-000​0-0011-ABCDEFFEDCBA}\ not found.
 Starting removal of ActiveX control {CAFEEFAC-0016-0000-0000-ABCDE​FFEDCBA}
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0000​-ABCDEFFEDCBA}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{CAFEEFAC-0016-000​0-0000-ABCDEFFEDCBA}\ not found.
 Registry key HKEY_CURRENT_USER\SOFTWARE\Cla​sses\CLSID\{CAFEEFAC-0016-0000​-0000-ABCDEFFEDCBA}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000​-0000-ABCDEFFEDCBA}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{CAFEEFAC-0016-000​0-0000-ABCDEFFEDCBA}\ not found.
 Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDE​FFEDCBA}
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001​-ABCDEFFEDCBA}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{CAFEEFAC-0016-000​0-0001-ABCDEFFEDCBA}\ not found.
 Registry key HKEY_CURRENT_USER\SOFTWARE\Cla​sses\CLSID\{CAFEEFAC-0016-0000​-0001-ABCDEFFEDCBA}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000​-0001-ABCDEFFEDCBA}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{CAFEEFAC-0016-000​0-0001-ABCDEFFEDCBA}\ not found.
 Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDE​FFEDCBA}
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003​-ABCDEFFEDCBA}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{CAFEEFAC-0016-000​0-0003-ABCDEFFEDCBA}\ not found.
 Registry key HKEY_CURRENT_USER\SOFTWARE\Cla​sses\CLSID\{CAFEEFAC-0016-0000​-0003-ABCDEFFEDCBA}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000​-0003-ABCDEFFEDCBA}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{CAFEEFAC-0016-000​0-0003-ABCDEFFEDCBA}\ not found.
 Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDE​FFEDCBA}
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005​-ABCDEFFEDCBA}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{CAFEEFAC-0016-000​0-0005-ABCDEFFEDCBA}\ not found.
 Registry key HKEY_CURRENT_USER\SOFTWARE\Cla​sses\CLSID\{CAFEEFAC-0016-0000​-0005-ABCDEFFEDCBA}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000​-0005-ABCDEFFEDCBA}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{CAFEEFAC-0016-000​0-0005-ABCDEFFEDCBA}\ not found.
 Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDE​FFEDCBA}
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007​-ABCDEFFEDCBA}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{CAFEEFAC-0016-000​0-0007-ABCDEFFEDCBA}\ not found.
 Registry key HKEY_CURRENT_USER\SOFTWARE\Cla​sses\CLSID\{CAFEEFAC-0016-0000​-0007-ABCDEFFEDCBA}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000​-0007-ABCDEFFEDCBA}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{CAFEEFAC-0016-000​0-0007-ABCDEFFEDCBA}\ not found.
 Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDE​FFEDCBA}
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022​-ABCDEFFEDCBA}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{CAFEEFAC-0016-000​0-0022-ABCDEFFEDCBA}\ deleted successfully.
 Registry key HKEY_CURRENT_USER\SOFTWARE\Cla​sses\CLSID\{CAFEEFAC-0016-0000​-0022-ABCDEFFEDCBA}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000​-0022-ABCDEFFEDCBA}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{CAFEEFAC-0016-000​0-0022-ABCDEFFEDCBA}\ not found.
 Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDE​FFEDCBA}
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF​-ABCDEFFEDCBA}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{CAFEEFAC-FFFF-FFF​F-FFFF-ABCDEFFEDCBA}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF​-FFFF-ABCDEFFEDCBA}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{CAFEEFAC-FFFF-FFF​F-FFFF-ABCDEFFEDCBA}\ not found.
 Starting removal of ActiveX control {D0C0F75C-683A-4390-A791-1ACFD​5599AB8}
 C:\WINDOWS\Downloaded Program Files\OberonGameHost_dbg.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{D0C0F75C-683A-4390-A791​-1ACFD5599AB8}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{D0C0F75C-683A-439​0-A791-1ACFD5599AB8}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{D0C0F75C-683A-4390​-A791-1ACFD5599AB8}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{D0C0F75C-683A-439​0-A791-1ACFD5599AB8}\ not found.
 Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-44455​3540000}
 C:\WINDOWS\Downloaded Program Files\CONFLICT.4\swflash.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8​-444553540000}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{D27CDB6E-AE6D-11C​F-96B8-444553540000}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF​-96B8-444553540000}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{D27CDB6E-AE6D-11C​F-96B8-444553540000}\ deleted successfully.
 Starting removal of ActiveX control {D8089245-3211-40F6-819B-9E5E9​2CD61A2}
 C:\WINDOWS\Downloaded Program Files\flashax.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{D8089245-3211-40F6-819B​-9E5E92CD61A2}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{D8089245-3211-40F​6-819B-9E5E92CD61A2}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{D8089245-3211-40F6​-819B-9E5E92CD61A2}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{D8089245-3211-40F​6-819B-9E5E92CD61A2}\ not found.
 File F87-FF2B-4DF8-92D0-73DB16A1543​A} file:///C:/Documents%20and%20S​ettings/allain%20TURPIN/Local%​20Settings/Applic not found.
 Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB1​6A1543A}
 C:\WINDOWS\Downloaded Program Files\popcaploader.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0​-73DB16A1543A}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{DF780F87-FF2B-4DF​8-92D0-73DB16A1543A}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8​-92D0-73DB16A1543A}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{DF780F87-FF2B-4DF​8-92D0-73DB16A1543A}\ not found.
 Starting removal of ActiveX control {E1342154-4889-42B5-BEF6-19237​577048F}
 C:\WINDOWS\Downloaded Program Files\Oberongamesloader.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{E1342154-4889-42B5-BEF6​-19237577048F}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{E1342154-4889-42B​5-BEF6-19237577048F}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{E1342154-4889-42B5​-BEF6-19237577048F}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{E1342154-4889-42B​5-BEF6-19237577048F}\ not found.
 Starting removal of ActiveX control {F7EDBBEA-1AD2-4EBF-AA07-D453C​C29EE65}
 C:\WINDOWS\Downloaded Program Files\iefax.inf not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Code Store Database\Distribution Units\{F7EDBBEA-1AD2-4EBF-AA07​-D453CC29EE65}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{F7EDBBEA-1AD2-4EB​F-AA07-D453CC29EE65}\ deleted successfully.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Active Setup\Installed Components\{F7EDBBEA-1AD2-4EBF​-AA07-D453CC29EE65}\ not found.
 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{F7EDBBEA-1AD2-4EB​F-AA07-D453CC29EE65}\ not found.
 C:\WINDOWS\000001_.tmp deleted successfully.
 C:\WINDOWS\000002_.tmp deleted successfully.
 C:\WINDOWS\003445_.tmp deleted successfully.
 C:\WINDOWS\msdownld.tmp folder deleted successfully.
 C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
 C:\WINDOWS\System32\SET100.tmp deleted successfully.
 C:\WINDOWS\System32\SET1487.tm​p deleted successfully.
 C:\WINDOWS\System32\SET1490.tm​p deleted successfully.
 C:\WINDOWS\System32\SET1492.tm​p deleted successfully.
 C:\WINDOWS\System32\SET149E.tm​p deleted successfully.
 C:\WINDOWS\System32\SET14AF.tm​p deleted successfully.
 C:\WINDOWS\System32\SET14B1.tm​p deleted successfully.
 C:\WINDOWS\System32\SET14C0.tm​p deleted successfully.
 C:\WINDOWS\System32\SET1C7.tmp deleted successfully.
 C:\WINDOWS\System32\SET31.tmp deleted successfully.
 C:\WINDOWS\System32\SET3C4.tmp deleted successfully.
 C:\WINDOWS\System32\SET3C5.tmp deleted successfully.
 C:\WINDOWS\System32\SET5CA.tmp deleted successfully.
 C:\WINDOWS\System32\SET5CB.tmp deleted successfully.
 C:\WINDOWS\System32\SET5CC.tmp deleted successfully.
 C:\WINDOWS\System32\SET6E.tmp deleted successfully.
 C:\WINDOWS\System32\SET70.tmp deleted successfully.
 C:\WINDOWS\System32\SET7E.tmp deleted successfully.
 C:\WINDOWS\System32\SETBB.tmp deleted successfully.
 C:\WINDOWS\System32\SETFC.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET5CD.tmp deleted successfully.
 C:\WINDOWS\System32\dllcache\S​ET5CE.tmp deleted successfully.
 ========== FILES ==========
 C:\WINDOWS\System32\netwbix32.​dll moved successfully.
 C:\WINDOWS\System32\Autorun.in​i moved successfully.
 ========== COMMANDS ==========
 
 [EMPTYTEMP]
 
 User: All Users
 
 User: allain TURPIN
 ->Temp folder emptied: 2685679 bytes
 ->Temporary Internet Files folder emptied: 45590711 bytes
 ->Java cache emptied: 0 bytes
 ->FireFox cache emptied: 151999379 bytes
 ->Google Chrome cache emptied: 0 bytes
 ->Apple Safari cache emptied: 1079296 bytes
 ->Opera cache emptied: 2799969 bytes
 ->Flash cache emptied: 42253 bytes
 
 User: Default User
 ->Temp folder emptied: 0 bytes
 ->Temporary Internet Files folder emptied: 32902 bytes
 
 User: Documents and Settings
 
 User: LocalService
 ->Temp folder emptied: 66016 bytes
 ->Temporary Internet Files folder emptied: 49554 bytes
 
 User: NetworkService
 ->Temp folder emptied: 0 bytes
 ->Temporary Internet Files folder emptied: 120125645 bytes
 
 User: Propriétaire
 
 User: report
 
 %systemdrive% .tmp files removed: 0 bytes
 %systemroot% .tmp files removed: 0 bytes
 %systemroot%\System32 .tmp files removed: 0 bytes
 %systemroot%\System32\dllcache .tmp files removed: 0 bytes
 %systemroot%\System32\drivers .tmp files removed: 0 bytes
 Windows Temp folder emptied: 132579 bytes
 %systemroot%\system32\config\s​ystemprofile\Local Settings\Temp folder emptied: 1438215492 bytes
 %systemroot%\system32\config\s​ystemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
 RecycleBin emptied: 349427 bytes
 
 Total Files Cleaned = 1 682,00 mb
 
 
 OTL by OldTimer - Version 3.2.20.1 log created on 01032011_121618

 Files\Folders moved on Reboot...
 File\Folder C:\WINDOWS\temp\_avast5_\Websh​lock.txt not found!

 Registry entries deleted on Reboot...

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 03/01/2011 à 17:18:58  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut DS76


 



Voici le rapport otl (je serais curieux de savoir par quoi j'étais infecté?)



 Comme je te l'ai dit au début quand j'ai vu ton premier rapport :
 Faire attention quant tu installes un logiciel, bien lire chaque pages du programme d'installation, souvent est proposé des programmes inutiles(souvent des toolbars), toujours une case à décocher lors de l'installation.
 http://forum.malekal.com/les-t [...] t6173.html


 On va vérifier si rien de caché :
 Faire un scan avec Nod32 en ligne (il faut utiliser Internet Explorer) ici :
 http://www.eset.com/onlinescan/

 A la fin, colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt

 Aide pour le scan : http://www.bibou0007.com/scans [...] -t3691.htm


 @++   :)

ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2011 à 18:34:12  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Re bonjour,

 Pour le lien j'y jetterai un coup d'œil à la fin de l'analyse, merci.

 Le scan sous IE est en cours, et il y a déjà 6 fichiers d'infectés!!
 c'est impressionnant!!

 En même temps, c'est rassurant de savoir qu'il existe des forums sur lesquels on peut obtenir de l'aide ;)

 Je vous transmettrai le rapport dès qu'il sera fini.

 Merci.
 DS76

ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2011 à 21:08:11  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonsoir,

 Voici le rapport :

 ESETSmartInstaller@High as downloader log:
 all ok
 # version=7
 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).09030​8-0339)
 # OnlineScanner.ocx=1.0.0.6419
 # api_version=3.0.2
 # EOSSerial=46a7b7917b475f4b872e​04f02b57449a
 # end=finished
 # remove_checked=true
 # archives_checked=true
 # unwanted_checked=true
 # unsafe_checked=true
 # antistealth_checked=true
 # utc_time=2011-01-03 07:04:34
 # local_time=2011-01-03 08:04:34 (+0100, Paris, Madrid)
 # country="France"
 # lang=1036
 # osver=5.1.2600 NT Service Pack 3
 # compatibility_mode=512 16777215 100 0 83363 83363 0 0
 # compatibility_mode=770 16774141 100 100 10051570 70779335 0 0
 # compatibility_mode=1024 16777215 100 0 10526074 10526074 0 0
 # compatibility_mode=2304 16777215 100 0 0 0 0 0
 # compatibility_mode=8192 67108863 100 0 3954 3954 0 0
 # scanned=170873
 # found=29
 # cleaned=29
 # scan_time=12041
 C:\Documents and Settings\All Users\Application Data\{F03307B7-E779-4F5E-A32E-​9A73D8D6E0F2}\rbia.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 000000000000000000000000000000​00 C
 C:\Documents and Settings\allain TURPIN\Application Data\Uniblue\PowerSuite\_temp\​ub.exe multiple threats (deleted - quarantined) 000000000000000000000000000000​00 C
 C:\Documents and Settings\allain TURPIN\Application Data\Uniblue\SpeedUpMyPC\_temp​\sump.exe Win32/SpeedUpMyPC application (deleted - quarantined) 000000000000000000000000000000​00 C
 C:\Documents and Settings\allain TURPIN\Local Settings\Application Data\assembly\dl3\VDROM1KR.AL8​\17DZDOXQ.MNO\900b43f7\0057ed7​1_7e3fcb01\networker.exe probably a variant of MSIL/Agent.NEG trojan (cleaned by deleting - quarantined) 000000000000000000000000000000​00 C
 C:\Documents and Settings\allain TURPIN\Local Settings\Temporary Internet Files\Content.IE5\5Z4STYXL\ind​ex-functions[3].js Win32/RegistryBooster application (cleaned by deleting - quarantined) 000000000000000000000000000000​00 C
 C:\Documents and Settings\allain TURPIN\Mes documents\powersuite.exe multiple threats (deleted - quarantined) 000000000000000000000000000000​00 C
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\Anti​KeyloggerShieldSetup.exe.part probably a variant of Win32/Spy.Banker.CALHRVD trojan (deleted - quarantined) 000000000000000000000000000000​00 C
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\face​moi_org_setup(2).exe Win32/Adware.OfferBox application (deleted - quarantined) 000000000000000000000000000000​00 C
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\face​moi_org_setup.exe Win32/Adware.OfferBox application (deleted - quarantined) 000000000000000000000000000000​00 C
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\Face​moods(2).exe probably a variant of Win32/SweetIM.A application (cleaned by deleting - quarantined) 000000000000000000000000000000​00 C
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\Face​moods.exe probably a variant of Win32/SweetIM.A application (cleaned by deleting - quarantined) 000000000000000000000000000000​00 C
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\inst​all_flashplayer_3(2).exe multiple threats (deleted - quarantined) 000000000000000000000000000000​00 C
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\inst​all_flashplayer_3.exe multiple threats (deleted - quarantined) 000000000000000000000000000000​00 C
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\inst​all_messenger.exe VBS/StartPage.NCM.Gen trojan (deleted - quarantined) 000000000000000000000000000000​00 C
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\Nero​-6.6.1.15a.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 000000000000000000000000000000​00 C
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\regi​strybooster(2).exe a variant of Win32/RegistryBooster application (deleted - quarantined) 000000000000000000000000000000​00 C
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\regi​strybooster(3).exe a variant of Win32/RegistryBooster application (deleted - quarantined) 000000000000000000000000000000​00 C
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\regi​strybooster(4).exe Win32/RegistryBooster application (deleted - quarantined) 000000000000000000000000000000​00 C
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\regi​strybooster.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 000000000000000000000000000000​00 C
 C:\MicroGaming\Casino\YukonGol​d\install.exe a variant of Win32/PrimeCasino application (cleaned by deleting - quarantined) 000000000000000000000000000000​00 C
 C:\Program Files\Uniblue\RegistryBooster\​decryptor_module.dll Win32/RegistryBooster application (cleaned by deleting - quarantined) 000000000000000000000000000000​00 C
 C:\Program Files\Uniblue\RegistryBooster\​Launcher.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 000000000000000000000000000000​00 C
 C:\Program Files\Uniblue\RegistryBooster\​rbmonitor.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 000000000000000000000000000000​00 C
 C:\Program Files\Uniblue\RegistryBooster\​rbnotifier.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 000000000000000000000000000000​00 C
 C:\Program Files\Uniblue\RegistryBooster\​rb_move_serial.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 000000000000000000000000000000​00 C
 C:\Program Files\Uniblue\RegistryBooster\​rb_track_install.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 000000000000000000000000000000​00 C
 C:\Program Files\Uniblue\RegistryBooster\​registrybooster.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 000000000000000000000000000000​00 C
 C:\Program Files\Uniblue\SpeedUpMyPC\Laun​cher.exe Win32/SpeedUpMyPC application (cleaned by deleting - quarantined) 000000000000000000000000000000​00 C
 C:\WINDOWS\system32\AscConTest​.dll Win32/Adware.Ascentive application (cleaned by deleting - quarantined) 000000000000000000000000000000​00 C

ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2011 à 21:12:49  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
comme indiqué dans le lien "aide pour le scan" voici le fichier eset :
 C:\Documents and Settings\All Users\Application Data\{F03307B7-E779-4F5E-A32E-​9A73D8D6E0F2}\rbia.exe Win32/RegistryBooster application cleaned by deleting - quarantined
 C:\Documents and Settings\allain TURPIN\Application Data\Uniblue\PowerSuite\_temp\​ub.exe multiple threats deleted - quarantined
 C:\Documents and Settings\allain TURPIN\Application Data\Uniblue\SpeedUpMyPC\_temp​\sump.exe Win32/SpeedUpMyPC application deleted - quarantined
 C:\Documents and Settings\allain TURPIN\Local Settings\Application Data\assembly\dl3\VDROM1KR.AL8​\17DZDOXQ.MNO\900b43f7\0057ed7​1_7e3fcb01\networker.exe probably a variant of MSIL/Agent.NEG trojan cleaned by deleting - quarantined
 C:\Documents and Settings\allain TURPIN\Local Settings\Temporary Internet Files\Content.IE5\5Z4STYXL\ind​ex-functions[3].js Win32/RegistryBooster application cleaned by deleting - quarantined
 C:\Documents and Settings\allain TURPIN\Mes documents\powersuite.exe multiple threats deleted - quarantined
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\Anti​KeyloggerShieldSetup.exe.part probably a variant of Win32/Spy.Banker.CALHRVD trojan deleted - quarantined
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\face​moi_org_setup(2).exe Win32/Adware.OfferBox application deleted - quarantined
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\face​moi_org_setup.exe Win32/Adware.OfferBox application deleted - quarantined
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\Face​moods(2).exe probably a variant of Win32/SweetIM.A application cleaned by deleting - quarantined
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\Face​moods.exe probably a variant of Win32/SweetIM.A application cleaned by deleting - quarantined
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\inst​all_flashplayer_3(2).exe multiple threats deleted - quarantined
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\inst​all_flashplayer_3.exe multiple threats deleted - quarantined
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\inst​all_messenger.exe VBS/StartPage.NCM.Gen trojan deleted - quarantined
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\Nero​-6.6.1.15a.exe Win32/Toolbar.AskSBar application deleted - quarantined
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\regi​strybooster(2).exe a variant of Win32/RegistryBooster application deleted - quarantined
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\regi​strybooster(3).exe a variant of Win32/RegistryBooster application deleted - quarantined
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\regi​strybooster(4).exe Win32/RegistryBooster application deleted - quarantined
 C:\Documents and Settings\allain TURPIN\Mes documents\Téléchargements\regi​strybooster.exe a variant of Win32/RegistryBooster application deleted - quarantined
 C:\MicroGaming\Casino\YukonGol​d\install.exe a variant of Win32/PrimeCasino application cleaned by deleting - quarantined
 C:\Program Files\Uniblue\RegistryBooster\​decryptor_module.dll Win32/RegistryBooster application cleaned by deleting - quarantined
 C:\Program Files\Uniblue\RegistryBooster\​Launcher.exe Win32/RegistryBooster application cleaned by deleting - quarantined
 C:\Program Files\Uniblue\RegistryBooster\​rbmonitor.exe Win32/RegistryBooster application cleaned by deleting - quarantined
 C:\Program Files\Uniblue\RegistryBooster\​rbnotifier.exe Win32/RegistryBooster application cleaned by deleting - quarantined
 C:\Program Files\Uniblue\RegistryBooster\​rb_move_serial.exe Win32/RegistryBooster application cleaned by deleting - quarantined
 C:\Program Files\Uniblue\RegistryBooster\​rb_track_install.exe Win32/RegistryBooster application cleaned by deleting - quarantined
 C:\Program Files\Uniblue\RegistryBooster\​registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
 C:\Program Files\Uniblue\SpeedUpMyPC\Laun​cher.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
 C:\WINDOWS\system32\AscConTest​.dll Win32/Adware.Ascentive application cleaned by deleting - quarantined

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 03/01/2011 à 21:19:55  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut DS76


 Restait encore beaucoup de chose, comment va le PC maintenant, as-tu d'autre souci?


 @++  :)

ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2011 à 21:24:48  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Le pc me semble fonctionner correctement. Que dire à part mille fois merci   :)

 Ah si peut être encore un détails... Comment dois-je procéder pour le pc de mon épouse? à mon avis, il n'a pas été épargné non plus...

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 03/01/2011 à 21:34:30  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut DS76


 OK on va passé a la suite, pour cela voir à mettre à jour ta version de JAVA ici :
 http://www.java.com/fr/

 Dis moi quand cela est fais


 @++   :)

ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2011 à 21:40:16  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
D'accord, je retourne sur mon pc pour mettre à jour java (je venais de m'installer devant le pc de mon épouse  :lol:

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 03/01/2011 à 21:46:12  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut DS76


 Effectivement on a pas fini, bien la désinfection mais maintenant faut sécurisé le PC.


 @++  :)

ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2011 à 21:48:46  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Voilà, c'est fait. Installation de java réussie. Les mises à jour vont se faire automatiquement.  :)

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 03/01/2011 à 21:55:59  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut DS76


 C'était ton premier test :

 As-tu pensée à décoché la case qui t'offrais la Yahoo! Toolbar lors de l'installation?


 @++   :)

ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2011 à 21:58:23  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Euh... premier test : zéro pointé ... non j'ai pas fais attention....

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 03/01/2011 à 22:08:47  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut DS76


 OK  :lol:   :mdr:


 Désinstalle via Ajout/Suppression de programmes la Yahoo! Toolbar et toute les versions de Java, même la dernière qui est la 23.

 Refais l'installation et maintenant voir a porté attention  ;)

 Comme je te l'ai dit le problème viens de là...


 @++   :)

ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2011 à 22:26:49  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Très bien, je ferai attention à l'avenir  ;) c'est une garantie

 Voilà, j'ai désinstallé toutes les versions de java et je l'ai réinstallé. Par contre dans ajout/suppression de programmes il n'y avait pas la yahoo toolbar? et quand j'ai re téléchargé java, il n'y avait ps la case à décocher pour la toolbar, c est à dire qu'il me proposait pas la toolbar? me serais-je trompé dans le téléchargement?

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 03/01/2011 à 22:37:44  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut DS76


 Pourtant c'est la première fenêtre de l'installation de Java...

 Clique sur le menu démarrer/ Rechercher, clique sur Tous les fichiers et tous les dossiers, dans la première fenêtre du haut tu tape où copie/colle Yahoo et dans le bas dans Options avancés clique sur Rechercher dans les fichiers et dossiers cachés.

 Après tu clic sur Rechercher

 Cela donne quoi?


 @++  :)

ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2011 à 22:50:24  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
La recherche vient de se terminer et il y a une page complète de fichiers et de dossiers portant le nom de yahoo...

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 03/01/2011 à 22:55:20  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut DS76


 Regarde encore via Ajout/Suppression de programmes si présent


 @++   :)

ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2011 à 23:03:16  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
je viens de regarder à nouveau, il n'y est pas. J'ai aussi voulu vérifier si j'avais mal suivi la procédure lors du téléchargement de java, donc je l'ai refaite et la mention de toolbar n'apparait pas :
 voilà comment ça s'est passé : téléchargement terminé - double clic sur le fichier - exécuter "java".exe - installation faite.

 y aurait il un souci à cause de ça?

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 03/01/2011 à 23:16:17  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut DS76


 Non pas de souci, je sais pas s'il propose la toolbar si déjà installer.

 Télécharge Hijackthis V 2.0.4 sur le bureau :

 http://www.trendmicro.com/ftp/ [...] ckThis.msi

 - Double clique sur HJTInstall.exe sur le bureau

 - Clique sur Install ensuite sur I Accept

 - ferme toutes les fenêtres, HJT doit être exécuté seul (tout autre programme fermé).

 - double clique sur le raccourci d'HijackThis sur ton Bureau
 (Pour Vista, clique droit sur le raccourci d'HijackThis sur ton Bureau, puis "Exécuter en tant qu'administrateur".
 - et clique sur Open the Misc Tools section

 Dans la nouvelle fenêtre, clique sur Open Uninstall Manager

 Dans le centre de la fenêtre clique sur Save list.. et enregistre-le sur le bureau pour le retrouver plus facilement.

 Poste le contenue de ce rapport


 @++   :)

ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2011 à 23:26:41  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
voici le rapport :

 Acer eConsole
 Acer eMode Management
 Adobe Download Manager
 Adobe Flash Player 10 ActiveX
 Adobe Flash Player 10 Plugin
 Adobe Reader 9.4.1 - Français
 Adobe Shockwave Player 11.5
 Ad-Remover By C_XX
 Agere Systems PCI Soft Modem
 Ahead Nero BurnRights
 Apple Application Support
 Apple Mobile Device Support
 Apple Software Update
 Archiveur WinRAR
 Ares 2.1.7
 Armada_2008 Screensaver
 Assistant de connexion Windows Live
 ATI Display Driver
 avast! Free Antivirus
 barre d'outils Orange
 Bejeweled 3 Deluxe
 Big Fish Games: Game Manager
 Bonjour
 CDBurnerXP Pro 3
 Codeur Windows Media Série 9
 Codeur Windows Media Série 9
 Concord Telephony Translation
 Connexion Internet Orange
 Correctif pour Microsoft .NET Framework 3.5 Language Pack SP1 - enu (KB960043)
 Correctif pour Windows Internet Explorer 7 (KB947864)
 Correctif pour Windows XP (KB2443685)
 Correctif pour Windows XP (KB942288-v3)
 CTIAPI32 (remove only)
 CtiLogC (remove only)
 DC C500 Driver
 Desktop Netstat 1.3a
 Drawn: Par-delà l’Obscurité
 eMule
 EPSON Attach To Email
 EPSON Copy Utility 3
 EPSON Easy Photo Print
 EPSON File Manager
 EPSON Image Clip Palette
 EPSON Logiciel imprimante
 EPSON Scan
 EPSON Scan Assistant
 EPSON Web-To-Page
 ESDX3800 Guide d'utilisation
 Google Toolbar for Internet Explorer
 Google Update Helper
 Google Earth
 Hidden Expedition ® : Le Triangle du Diable
 Hidden Mysteries ™: Buckingham Palace
 HiJackThis
 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)
 Installation Windows Live
 Installation Windows Live
 J2SE Runtime Environment 5.0 Update 11
 Java(TM) 6 Update 23
 La Crapette
 Labtec WebCam
 Lecteur Windows Media 11
 Livebox
 Logiciel de Synchronisation Orange
 Logitech Audio Echo Cancellation Component
 Logitech Video Enumerator
 Ma-Config.com
 Ma-Config.com plugin
 Macrogaming SweetIM 2.1
 Malwarebytes' Anti-Malware
 Messenger Plus! Live
 Microsoft .NET Framework 1.1
 Microsoft .NET Framework 1.1
 Microsoft .NET Framework 1.1 French Language Pack
 Microsoft .NET Framework 1.1 Security Update (KB2416447)
 Microsoft .NET Framework 1.1 Security Update (KB979906)
 Microsoft .NET Framework 2.0 Service Pack 2
 Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
 Microsoft .NET Framework 3.0 Service Pack 2
 Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
 Microsoft .NET Framework 3.5 Language Pack SP1 - enu
 Microsoft .NET Framework 3.5 Language Pack SP1 - fra
 Microsoft .NET Framework 3.5 SP1
 Microsoft .NET Framework 3.5 SP1
 Microsoft .NET Framework 4 Client Profile
 Microsoft .NET Framework 4 Client Profile
 Microsoft Choice Guard
 Microsoft Compression Client Pack 1.0 for Windows XP
 Microsoft Internationalized Domain Names Mitigation APIs
 Microsoft National Language Support Downlevel APIs
 Microsoft Office PowerPoint Viewer 2003
 Microsoft Primary Interoperability Assemblies 2005
 Microsoft Search Enhancement Pack
 Microsoft Silverlight
 Microsoft User-Mode Driver Framework Feature Pack 1.0
 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
 Microsoft Visual C++ 2005 Redistributable
 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
 Microsoft Works
 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)
 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)
 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)
 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB982381)
 Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2183461)
 Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2360131)
 Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2416400)
 Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)
 Mise à jour de sécurité pour Windows Internet Explorer 8 (KB981332)
 Mise à jour de sécurité pour Windows Internet Explorer 8 (KB982381)
 Mise à jour de sécurité pour Windows XP (KB2296199)
 Mise à jour de sécurité pour Windows XP (KB2423089)
 Mise à jour de sécurité pour Windows XP (KB2436673)
 Mise à jour de sécurité pour Windows XP (KB2440591)
 Mise à jour de sécurité pour Windows XP (KB2443105)
 Mise à jour pour Windows Internet Explorer 8 (KB976662)
 Mise à jour pour Windows Internet Explorer 8 (KB982632)
 Mise à jour pour Windows XP (KB2467659)
 Monopoly
 Moovida
 Mozilla Firefox (3.6.13)
 MSN
 MSVCRT
 MSXML 4.0 SP2 (KB925672)
 MSXML 4.0 SP2 (KB927978)
 MSXML 4.0 SP2 (KB936181)
 MSXML 4.0 SP2 (KB954430)
 MSXML 4.0 SP2 (KB973688)
 MSXML 6.0 Parser (KB933579)
 MVision
 Nero OEM
 neroxml
 Norton Security Scan
 Notification Mail
 NVIDIA Drivers
 Orange Installeur version 1.0.0.0
 Orange WebTV Player 1.29418
 OrangeInstaller version 1.2.1.0
 Outil de téléchargement Windows Live
 Package de base Microsoft de service de chiffrement pour cartes à puce
 Picasa 3
 Programme de gestion Camera de Labtec®
 QuickTime
 Realtek High Definition Audio Driver
 Reincarnations: Les Vies Passées Edition Collector
 Réincarnations: L'Éveil
 SA31xx Device Manager & Media Converter
 SafeCast Shared Components
 SEAF By C_XX
 Security Update for CAPICOM (KB931906)
 Security Update for CAPICOM (KB931906)
 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
 Segoe UI
 Shockwave
 Spy Sweeper Core
 StyleXP (remove only)
 toolbar orange
 TuneUp Utilities 2008
 ULi M5287 SATA Controller Driver
 Uniblue DriverScanner
 Uniblue PowerSuite
 Uniblue RegistryBooster
 Uniblue RegistryBooster
 Uniblue SpeedUpMyPC
 VirginMega.Fr Premium
 Windows Driver Package - WayTech (USBNumPad) HIDClass  (02/01/2007 1.0)
 Windows Imaging Component
 Windows Live Call
 Windows Live Communications Platform
 Windows Live FolderShare
 Windows Live Messenger
 Windows Media Format 11 runtime
 Windows Media Format 11 runtime
 Windows Media Player 11
 Windows Media Player Firefox Plugin
 Windows Presentation Foundation
 Windows XP Service Pack 3
 WinZip
 XML Paper Specification Shared Components Language Pack 1.0

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 03/01/2011 à 23:36:50  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut DS76


 Télécharge SystemLook sur ton Bureau :
 http://jpshortstuff.247fixes.com/SystemLook.exe

 - Double-clique sur SystemLook.exe pour le lancer.

 - Copie le contenu du cadre ci-dessous et colle-le dans la zone texte de SystemLook :
 



 :folderfind
 *Yahoo*
 :regfind
 Yahoo



 - Clique sur le bouton Look pour démarrer l'examen.
 - A la fin, le Bloc-notes s'ouvre avec le résultat de l'analyse. Copie-colle le rapport dans ta prochaine réponse.


 @++   :)

ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2011 à 23:43:07  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Re,

 Voici le rapport systemlook  :) :

 SystemLook 04.09.10 by jpshortstuff
 Log created at 22:38 on 03/01/2011 by allain TURPIN
 Administrator - Elevation successful

 ========== folderfind ==========

 Searching for "*Yahoo*"
 C:\Documents and Settings\All Users\Application Data\Yahoo! d------ [15:48 06/09/2010]
 C:\Documents and Settings\allain TURPIN\Application Data\Yahoo! d------ [11:11 06/09/2008]
 C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\Yahoo! Inc d------ [20:44 07/07/2010]
 C:\Documents and Settings\allain TURPIN\Application Data\Mozilla\Firefox\Profiles\​w76twfd8.default\extensions\to​olbar_extras@fr.yahoo.com d------ [19:51 08/10/2008]
 C:\Documents and Settings\allain TURPIN\Local Settings\Application Data\Yahoo d------ [12:32 07/09/2010]
 C:\Documents and Settings\allain TURPIN\Local Settings\Application Data\Microsoft\Messenger\alant​2@wanadoo.fr\Sharing Folders\gisou1951@yahoo.fr d------ [23:39 10/02/2008]
 C:\Documents and Settings\allain TURPIN\Local Settings\Application Data\Microsoft\Messenger\alant​2@wanadoo.fr\SharingMetadata\g​isou1951@yahoo.fr d------ [23:39 10/02/2008]
 C:\Program Files\Yahoo! d------ [18:33 06/02/2006]
 C:\Program Files\Yahoo! Games d------ [09:21 07/08/2008]
 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\YahooSync.app d------ [16:09 26/11/2008]
 C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync d------ [16:09 26/11/2008]
 C:\Program Files\Mozilla Firefox\extensions\toolbar_ext​ras@fr.yahoo.com d------ [07:49 10/07/2010]
 C:\_OTL\MovedFiles\01032011_12​1618\C_Program Files\Yahoo! d------ [11:17 03/01/2011]

 ========== regfind ==========

 Searching for "Yahoo"
 [HKEY_CURRENT_USER\Software\App​DataLow\Software\Yahoo]
 [HKEY_CURRENT_USER\Software\App​DataLow\Software\Yahoo\Compani​on]
 "slock"="geocities.yahoo.com,3​60.yahoo.com,store.yahoo.com"
 [HKEY_CURRENT_USER\Software\Log​itech\Bedrock\ICApplications\Y​ahoo]
 [HKEY_CURRENT_USER\Software\Mic​rosoft\MSN Toolbar]
 "PopupAllowList"="http://enter​tainment.msn.com/radio/launchr​adio.aspx http://my.msn.com/video/default.armx http://betavideo.my.msn.com http://my.msn.com/colortheme.armx http://my.msn.com/customizemodule.armx http://my.msn.com/newmodule.armx http://my.msn.com/newpage.armx http://my.msn.com/renamepage.armx http://launchcast.launch.yahoo.com/radio/player http://stream1.adsertion.com/radio/listen.asp http://www.wlsam.com/listenlive.asp http://www.streamaudio.com/listen http://windowsmedia.com/radiotuner"
 [HKEY_CURRENT_USER\Software\Mic​rosoft\Search Assistant\ACMru\5603]
 "000"="Yahoo"
 [HKEY_CURRENT_USER\Software\Mic​rosoft\Windows\CurrentVersion\​Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo]
 [HKEY_CURRENT_USER\Software\Mic​rosoft\Windows\CurrentVersion\​Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo]
 [HKEY_CURRENT_USER\Software\Mic​rosoft\Windows\CurrentVersion\​Internet Settings\ZoneMap\Domains\panet.org\yahoo]
 [HKEY_CURRENT_USER\Software\Yah​oo]
 [HKEY_CURRENT_USER\Software\Yah​oo\Companion]
 "attempt"="...chargement des boutons sur Yahoo!..."
 [HKEY_CURRENT_USER\Software\Yah​oo\Companion]
 "slock"="geocities.yahoo.com,3​60.yahoo.com,store.yahoo.com"
 [HKEY_CURRENT_USER\Software\Yah​oo\Insthelper]
 "StatusText"="Installing Norton Spyware Scan provided by Yahoo!"
 [HKEY_CURRENT_USER\Software\Yah​ooPartnerToolbar]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\AppID\YahooPlugin.dll]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\AppID\{D17D0345-C7D1-4A5​B-A3BC-A61F12779FE0}]
 @="LCYahooPlugin"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\Applications\YahooWidget​s.exe]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\Applications\YahooWidget​s.exe\shell\open]
 @="&Open with Yahoo! Widgets"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{0006DA31-617C-4CE​3-A3B6-73BE64DA63D9}]
 @="Yahoo! Lightweight version checker"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{0006DA31-617C-4CE​3-A3B6-73BE64DA63D9}\InprocSer​ver32]
 @="C:\Program Files\Yahoo!\Common\YVerGlance​.dll"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{0291E591-EA41-4c8​2-8106-3DC6CE7F7664}\InprocSer​ver32]
 @="C:\PROGRA~1\Yahoo!\Common\y​insthelper.dll"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{0291E591-EA41-4c8​2-8106-3DC6CE7F7664}\ToolboxBi​tmap32]
 @="C:\PROGRA~1\Yahoo!\Common\y​insthelper.dll, 103"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{22FCE1F5-D242-B4B​1-0CBF-71964D867978}]
 @="Yahoo! Lightweight version checker"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{347B0667-C7ED-429​B-BDE3-CC8D3BACAA31}\InprocSer​ver32]
 @="C:\PROGRA~1\Yahoo!\Common\y​insthelper.dll"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{347B0667-C7ED-429​B-BDE3-CC8D3BACAA31}\ToolboxBi​tmap32]
 @="C:\PROGRA~1\Yahoo!\Common\y​insthelper.dll, 105"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{64AA7031-C150-411​8-8D31-FD273A2BB22C}\InProcSer​ver32]
 @="C:\Program Files\Yahoo!\Common\yverinfo.d​ll"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{73B62E27-6528-4A6​3-9AE7-4C669866719F}\InprocSer​ver32]
 @="C:\Program Files\Yahoo!\Common\YUnload.dl​l"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{73B62E27-6528-4A6​3-9AE7-4C669866719F}\ToolboxBi​tmap32]
 @="C:\Program Files\Yahoo!\Common\YUnload.dl​l, 102"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{7EC7B6C5-25BD-458​6-A641-D2ACBB6629DD}]
 @="Yahoo! Installer Plugin for Widgets"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{7EC7B6C5-25BD-458​6-A641-D2ACBB6629DD}\InprocSer​ver32]
 @="C:\Program Files\Yahoo!\Common\YDPCTL.dll​"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{7EC7B6C5-25BD-458​6-A641-D2ACBB6629DD}\ToolboxBi​tmap32]
 @="C:\Program Files\Yahoo!\Common\YDPCTL.dll​, 102"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{82AA3528-37BE-40F​9-8AAD-CE7EDE020A45}\InProcSer​ver32]
 @="C:\Program Files\Yahoo!\Common\YDPCTL.dll​"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{836FFDEA-A437-4CA​2-AA9E-C79B7293D70E}\InprocSer​ver32]
 @="C:\Program Files\Yahoo!\Common\YDPCTL.dll​"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{8A8ABCE1-AA4E-4F7​5-A589-24DED17B2E03}]
 "LocalizedString"="@C:\Program Files\Yahoo!\Common\Yinsthelpe​r.dll,-101"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{8A8ABCE1-AA4E-4F7​5-A589-24DED17B2E03}\InprocSer​ver32]
 @="C:\Program Files\Yahoo!\Common\Yinsthelpe​r.dll"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{B345F37E-6763-433​b-BC53-9B526A9B7B8B}]
 @="Yahoo! VersionInfo2"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{B345F37E-6763-433​b-BC53-9B526A9B7B8B}\InprocSer​ver32]
 @="C:\Program Files\Yahoo!\Common\yverinfo.d​ll"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{B9A8E5F9-ED5D-88B​0-7BC9-24D6CF4F7646}\InprocSer​ver32]
 @="C:\PROGRA~1\Yahoo!\Common\y​insthelper.dll"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{B9A8E5F9-ED5D-88B​0-7BC9-24D6CF4F7646}\ToolboxBi​tmap32]
 @="C:\PROGRA~1\Yahoo!\Common\y​insthelper.dll, 103"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{C32A0F80-0F89-464​9-BFB6-0AEFD4B2B9F0}]
 @="BedrockYahooPlugin Class"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{C32A0F80-0F89-464​9-BFB6-0AEFD4B2B9F0}\InprocSer​ver32]
 @="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Yahoo​Plugin.dll"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{C32A0F80-0F89-464​9-BFB6-0AEFD4B2B9F0}\ProgID]
 @="LCYahooPlugin.BedrockYahooP​lugin.1"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{C32A0F80-0F89-464​9-BFB6-0AEFD4B2B9F0}\VersionIn​dependentProgID]
 @="LCYahooPlugin.BedrockYahooP​lugin"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{D5184A39-CBDF-4A4​F-AC1A-7A45A852C883}]
 @="Yahoo! VersionInfo"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\CLSID\{D5184A39-CBDF-4A4​F-AC1A-7A45A852C883}\InprocSer​ver32]
 @="C:\Program Files\Yahoo!\Common\yverinfo.d​ll"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\LCYahooPlugin.BedrockYah​ooPlugin]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\LCYahooPlugin.BedrockYah​ooPlugin]
 @="BedrockYahooPlugin Class"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\LCYahooPlugin.BedrockYah​ooPlugin\CurVer]
 @="LCYahooPlugin.BedrockYahooP​lugin.1"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\LCYahooPlugin.BedrockYah​ooPlugin.1]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\LCYahooPlugin.BedrockYah​ooPlugin.1]
 @="BedrockYahooPlugin Class"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\TypeLib\{46F0105F-2AB4-4​105-B0D0-C33E966B1053}\1.0\0\w​in32]
 @="C:\Program Files\Yahoo!\Common\YDPCTL.dll​"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\TypeLib\{46F0105F-2AB4-4​105-B0D0-C33E966B1053}\1.0\HEL​PDIR]
 @="C:\Program Files\Yahoo!\Common\"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\TypeLib\{874C5A6E-AFD8-4​47B-B09C-D0B5B4A9F010}\1.0\0\w​in32]
 @="C:\PROGRA~1\Yahoo!\Common\y​insthelper.dll"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\TypeLib\{874C5A6E-AFD8-4​47B-B09C-D0B5B4A9F010}\1.0\HEL​PDIR]
 @="C:\PROGRA~1\Yahoo!\Common\"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\TypeLib\{9656F673-E6B1-4​671-9736-3FFF1F65D56E}\1.0\0\w​in32]
 @="C:\Program Files\Yahoo!\Common\YUnload.dl​l"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\TypeLib\{9656F673-E6B1-4​671-9736-3FFF1F65D56E}\1.0\HEL​PDIR]
 @="C:\Program Files\Yahoo!\Common\"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\TypeLib\{BB99E4EE-5085-4​0AA-919D-0097DAC73212}\1.0\0\w​in32]
 @="C:\Program Files\Yahoo!\Common\yverinfo.d​ll"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\TypeLib\{BB99E4EE-5085-4​0AA-919D-0097DAC73212}\1.0\HEL​PDIR]
 @="C:\Program Files\Yahoo!\Common\"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\TypeLib\{EB5641C2-216D-4​2BF-B612-97A79A4C0EE2}\1.0\0\w​in32]
 @="C:\Program Files\Yahoo!\Common\YVerGlance​.dll"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\TypeLib\{EB5641C2-216D-4​2BF-B612-97A79A4C0EE2}\1.0\HEL​PDIR]
 @="C:\Program Files\Yahoo!\Common\"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\TypeLib\{FCC9685A-E430-4​E16-940B-BEB3D24523ED}\1.0\0\w​in32]
 @="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Yahoo​Plugin.dll"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\YahooWidgetsManifest]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\YahooWidgetsManifest\she​ll\open]
 @="&Open with Yahoo! Widgets"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\YBIOCtrl.YBIOCtrl]
 @="Yahoo! Companion"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\YBIOCtrl.YBIOCtrl2]
 @="Yahoo! Companion"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\YBrowserToolbar.YBrowser​Toolbar]
 @="Yahoo! Toolbar"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\YBrowserToolbar.YBrowser​Toolbar.1]
 @="Yahoo! Toolbar"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\YVerInfo.GetInfo]
 @="Yahoo! VersionInfo Class"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\YVerInfo.GetInfo.1]
 @="Yahoo! VersionInfo Class"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\YVerInfo.GetInfo2]
 @="Yahoo! VersionInfo2 Class"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Cl​asses\YVerInfo.GetInfo2.1]
 @="Yahoo! VersionInfo2 Class"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Lo​gitech\LComMgr\Plugins\{995BF1​A7-30E5-49E5-A0E4-AD3213D9E330​}]
 "YahooPlugin"="1"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Ext\PreApproved\{B345F37E-676​3-433b-BC53-9B526A9B7B8B}]
 @="Yahoo! VersionInfo2"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Ext\PreApproved\{D5184A39-CBD​F-4A4F-AC1A-7A45A852C883}]
 @="Yahoo! VersionInfo"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\da.lproj\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\Dutch.lproj\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\English.lproj\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\fi.lproj\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\French.lproj\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\German.lproj\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\Italian.lproj\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\Japanese.lproj\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\ko.lproj\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\no.lproj\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\pl.lproj\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\pt_PT.lproj\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\ru.lproj\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\Spanish.lproj\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\sv.lproj\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\zh_CN.lproj\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\zh_TW.lproj\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\YahooSync.app\Cont​ents\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\YahooSync.app\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\YahooSync.app\Cont​ents\Resources\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\YahooSync.app\Cont​ents\Resources\Formatter.bundl​e\Contents\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\YahooSync.app\Cont​ents\Resources\Formatter.bundl​e\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Wind​ows\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\Folders]
 "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\YahooSync.app\Cont​ents\Resources\Formatter.bundl​e\Contents\Windows\"=""
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\09FB3F4BB3AE3EB4894D​ADE40A830B93]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\zh_CN.lproj\locversion.p​list"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\0D0A027D9ACBECC42B5D​F33580E00046]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Wind​ows\com.yahoo.go.sync"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\18E3D002481DBDC4691F​4E0BB9F22819]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\fi.lproj\locversion.plis​t"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\2272C5112AD692B4DA9D​DCD6E9B04051]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\ko.lproj\Localizable.str​ings"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\23E8E8509FE09564DA40​5CE46C893E24]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\German.lproj\Localizable​.strings"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\2619C45796F6B7144A1D​08CD3FADAF55]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\Spanish.lproj\locversion​.plist"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\290695EB3B4B73240B41​D00EA2CF43E0]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\zh_CN.lproj\Localizable.​strings"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\3518DA26440BB7448911​CA84E6BE0ADB]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\Italian.lproj\locversion​.plist"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\35BF3458BD1F0B9439B2​DF4554A8C28D]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\da.lproj\Localizable.str​ings"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\3BE97EDE8F5353F4CB8F​A29AAF3C8A3A]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\fi.lproj\Localizable.str​ings"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\3CC3B45FC09FDA44FA61​78E871490802]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\YahooSync.app\Cont​ents\Resources\PhoneConduit.pl​ist"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\42D26954CCBE4264C8EB​811446AB59DE]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\ru.lproj\locversion.plis​t"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\53243837FD655264B88B​BD74786E26FB]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\pl.lproj\Localizable.str​ings"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\5C4389D0BFB302C479DE​4178BD5D9EBA]
 "AA2699F67C9CFC747BC391FA74590​33D"="C:\Program Files\Macrogaming\SweetIM\mgYa​hooMessengerAdapter.dll"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\5D2B09BDEF4FE54418E6​F3373CDBC7AC]
 "AA2699F67C9CFC747BC391FA74590​33D"="C:\Program Files\Macrogaming\SweetIM\mgYa​hooAuto.dll"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\65308BE856FEFCB46AED​6DEED2933629]
 "7A1FB5995E035E940A4EDA23319D3​E03"="C?\Program Files\Fichiers communs\LogiShrd\LComMgr\Yahoo​Plugin.dll"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\6AE4B389C00F0474E924​24CDC7F537A2]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\ko.lproj\locversion.plis​t"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\6D3FAF1D84AA0BB4FB91​77E8EC98A896]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\sv.lproj\locversion.plis​t"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\71A8AA01ADA5E0E4CBA7​A490CE8EE200]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\English.lproj\Localizabl​e.strings"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\720931254A8D1284680D​4182AE93747D]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\YahooSync.app\Cont​ents\Resources\vCard.plist"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\80CDF2E40B75EB74DAF2​167716387274]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\zh_TW.lproj\locversion.p​list"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\8198626EA40CA8B4BB67​E309109CF46E]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\YahooSync.app\Cont​ents\Info-windows.plist"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\83252675F5D86C845A33​96E6F49DFAEA]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\sv.lproj\Localizable.str​ings"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\86B724AEC41B12F42B1D​2FDDBB82EA78]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\com.yahoo.go.sync.plist"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\876E46F0A17756B4394D​0990117D96FA]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\YahooSync.app\Cont​ents\Resources\settings.plist"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\8F762635507104E449C1​06CCE42905D7]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\pt_PT.lproj\Localizable.​strings"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\90D81BF4374885248ABF​2DDBBAD65F07]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\Italian.lproj\Localizabl​e.strings"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\9344C56EA88BB104E89D​022BA077204D]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\YahooSync.app\Cont​ents\Resources\Formatter.bundl​e\Contents\Windows\Formatter.e​xe"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\95234915028EF164796A​3E24813AFA6E]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\English.lproj\locversion​.plist"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\9622BD921335D74489F4​BC69FF0319BA]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\French.lproj\locversion.​plist"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\966EA44BAFCE8BF458E2​05FECA37E86D]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\Japanese.lproj\Localizab​le.strings"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\A823614E09C0F844BB2E​F0BBB510D7D6]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\ru.lproj\Localizable.str​ings"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\AB14C53A8A50CD112BA8​4D40658D5939]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\YahooSync.exe"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\B6DA03ED52DFFA24E8E7​B8930BC7361C]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\YahooSync.app\Cont​ents\Resources\ClientDescripti​on.plist"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\B6F9053B66A642845B21​98436BD227E8]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\pl.lproj\locversion.plis​t"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\BCD114409E37B5244BA0​52E2118961B7]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\da.lproj\locversion.plis​t"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\C1C9B1D333895874DB2D​DEBF915E7131]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\Dutch.lproj\locversion.p​list"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\C2D16195EA172D241B89​260DBF2FF9F5]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\French.lproj\Localizable​.strings"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\CC4F12342FC807249ACF​0DDD1D41858A]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\Japanese.lproj\locversio​n.plist"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\D15ED012D03D22E4C91F​D35B76EE044E]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\YahooSync.app\Cont​ents\Resources\Formatter.bundl​e\Contents\Info-Windows.plist"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\D65D52622387E504FB09​53E715AE1ACC]
 "90ED950A94B105443B04A70E79CEF​340"="02:\Software\Microsoft\W​orks\8.0\Launcher\Email\Yahoo"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\DBB429FEEE135014B846​0181706E8CE2]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Info​-Windows.plist"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\E107FBF426C48A94BB5D​8DB43C6260D1]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\German.lproj\locversion.​plist"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\E13CED7BB4970DB46849​F8F01690EA55]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\no.lproj\locversion.plis​t"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\EF20568B3CED8AD4FB2E​D8BE8752EFBC]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\no.lproj\Localizable.str​ings"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\EF3B1BBAA650E754EBA4​37F9F3DAB019]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\Dutch.lproj\Localizable.​strings"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\F37F27AFD6498D24DAD3​EA37B257C3D1]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\pt_PT.lproj\locversion.p​list"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\F44A21F5F338C164E916​46C817CC0B5F]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\zh_TW.lproj\Localizable.​strings"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\F953337AF05245945913​32F661C98A0B]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\YahooSync.app\Cont​ents\Resources\vCal.plist"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Installer\UserData\S-1-5-18\C​omponents\FE007BDB04D7D8446BF5​A3BD2DCE40FA]
 "8B17B261464808640A6806D155B53​3D1"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\SyncServices\Clients\c​om.yahoo.go.sync\Contents\Reso​urces\Spanish.lproj\Localizabl​e.strings"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Works\8.0\Launcher\Ema​il]
 "Yahoo"="http://go.microsoft.c​om/fwlink/?linkid=8126"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mo​zillaPlugins\yaxmpb@yahoo.com/​YahooActiveXPluginBridge;versi​on=1.0.0.1]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mo​zillaPlugins\yaxmpb@yahoo.com/​YahooActiveXPluginBridge;versi​on=1.0.0.1]
 "Description"="Yahoo! activeX Plug-in Bridge"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mo​zillaPlugins\yaxmpb@yahoo.com/​YahooActiveXPluginBridge;versi​on=1.0.0.1]
 "Path"="C:\Program Files\Yahoo!\Common\npyaxmpb.d​ll"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mo​zillaPlugins\yaxmpb@yahoo.com/​YahooActiveXPluginBridge;versi​on=1.0.0.1]
 "Product"="Yahoo! activeX Plug-in Bridge"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mo​zillaPlugins\yaxmpb@yahoo.com/​YahooActiveXPluginBridge;versi​on=1.0.0.1]
 "Vendor"="Yahoo"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Mo​zillaPlugins\yaxmpb@yahoo.com/​YahooActiveXPluginBridge;versi​on=1.0.0.1\MimeTypes\applicati​on/YahooActiveXPluginBridge]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Sw​eetIM\Messenger\Adapters\2]
 "DLL"="mgYahooMessengerAdapter​.dll"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Sw​eetIM\Messenger\Adapters\2]
 "TargetProcess"="YahooMessenge​r.exe"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Sw​eetIM\Messenger\Adapters\3]
 "DLL"="mgYahooMessengerAdapter​.dll"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Sw​eetIM\Messenger\Initialization​\Yahoo]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Sw​eetIM\Messenger\Initialization​\Yahoo\Mod\1]
 "CheckIfRunning"="YahooMesseng​er.exe,YPager.exe"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Sw​eetIM\Messenger\Initialization​\Yahoo\Mod\1]
 "ValueName"="Yahoo! Pager"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Sw​eetIM\Messenger\Initialization​\Yahoo\Mod\2]
 "CheckIfRunning"="YahooMesseng​er.exe,YPager.exe"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Sw​eetIM\Messenger\Initialization​\Yahoo\Mod\2]
 "ValueName"="Messenger (Yahoo!)"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Sw​eetIM\Messenger\Initialization​\Yahoo\Run\1]
 "CheckIfRunning"="YahooMesseng​er.exe,YPager.exe"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Sw​eetIM\Messenger\Initialization​\Yahoo\Run\2]
 "FileWithPath"="\Yahoo!\Messen​ger\YahooMessenger.exe"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Sw​eetIM\Messenger\Initialization​\Yahoo\Run\2]
 "CheckIfRunning"="YahooMesseng​er.exe,YPager.exe"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Sw​eetIM\Messenger\Initialization​\Yahoo\Run\3]
 "CheckIfRunning"="YahooMesseng​er.exe,YPager.exe"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Sw​eetIM\Messenger\Initialization​\Yahoo\Run\3]
 "FileWithPath"="\Yahoo!\Messen​ger\YPager.exe"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Sw​eetIM\Messenger\Initialization​\Yahoo\Run\4]
 "CheckIfRunning"="YahooMesseng​er.exe,YPager.exe"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Sw​eetIM\Messenger\Initialization​\Yahoo\Run\4]
 "ValueName"="Yahoo! Pager"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Ya​hoo]
 [HKEY_LOCAL_MACHINE\SOFTWARE\Ya​hoo\Companion]
 "attempt"="...chargement des boutons sur Yahoo!..."
 [HKEY_LOCAL_MACHINE\SOFTWARE\Ya​hoo\Companion]
 "Apptitle"="Yahoo! Toolbar"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Ya​hoo\Uninstaller\YInstHelper]
 "DisplayName"="Yahoo! Install Manager"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Ya​hoo\Uninstaller\YInstHelper]
 "UninstallString"="C:\WINDOWS\​system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YINS​TH~1.DLL"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Ya​hoo\Uninstaller\YInstHelper]
 "Full_path"="C:\PROGRA~1\Yahoo​!\Common\YINSTH~1.DLL"
 [HKEY_LOCAL_MACHINE\SOFTWARE\Ya​hoo\Uninstaller\YInstHelper]
 "Details"="Yahoo! Install Manager makes downloading and installing Yahoo! programs more convenient."
 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo]
 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo]
 [HKEY_USERS\.DEFAULT\Software\M​icrosoft\Windows\CurrentVersio​n\Internet Settings\ZoneMap\Domains\panet.org\yahoo]
 [HKEY_USERS\S-1-5-21-2722551312​-2573301172-1159928933-1006\So​ftware\AppDataLow\Software\Yah​oo]
 [HKEY_USERS\S-1-5-21-2722551312​-2573301172-1159928933-1006\So​ftware\AppDataLow\Software\Yah​oo\Companion]
 "slock"="geocities.yahoo.com,3​60.yahoo.com,store.yahoo.com"
 [HKEY_USERS\S-1-5-21-2722551312​-2573301172-1159928933-1006\So​ftware\Logitech\Bedrock\ICAppl​ications\Yahoo]
 [HKEY_USERS\S-1-5-21-2722551312​-2573301172-1159928933-1006\So​ftware\Microsoft\MSN Toolbar]
 "PopupAllowList"="http://enter​tainment.msn.com/radio/launchr​adio.aspx http://my.msn.com/video/default.armx http://betavideo.my.msn.com http://my.msn.com/colortheme.armx http://my.msn.com/customizemodule.armx http://my.msn.com/newmodule.armx http://my.msn.com/newpage.armx http://my.msn.com/renamepage.armx http://launchcast.launch.yahoo.com/radio/player http://stream1.adsertion.com/radio/listen.asp http://www.wlsam.com/listenlive.asp http://www.streamaudio.com/listen http://windowsmedia.com/radiotuner"
 [HKEY_USERS\S-1-5-21-2722551312​-2573301172-1159928933-1006\So​ftware\Microsoft\Search Assistant\ACMru\5603]
 "000"="Yahoo"
 [HKEY_USERS\S-1-5-21-2722551312​-2573301172-1159928933-1006\So​ftware\Microsoft\Windows\Curre​ntVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo]
 [HKEY_USERS\S-1-5-21-2722551312​-2573301172-1159928933-1006\So​ftware\Microsoft\Windows\Curre​ntVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo]
 [HKEY_USERS\S-1-5-21-2722551312​-2573301172-1159928933-1006\So​ftware\Microsoft\Windows\Curre​ntVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo]
 [HKEY_USERS\S-1-5-21-2722551312​-2573301172-1159928933-1006\So​ftware\Yahoo]
 [HKEY_USERS\S-1-5-21-2722551312​-2573301172-1159928933-1006\So​ftware\Yahoo\Companion]
 "attempt"="...chargement des boutons sur Yahoo!..."
 [HKEY_USERS\S-1-5-21-2722551312​-2573301172-1159928933-1006\So​ftware\Yahoo\Companion]
 "slock"="geocities.yahoo.com,3​60.yahoo.com,store.yahoo.com"
 [HKEY_USERS\S-1-5-21-2722551312​-2573301172-1159928933-1006\So​ftware\Yahoo\Insthelper]
 "StatusText"="Installing Norton Spyware Scan provided by Yahoo!"
 [HKEY_USERS\S-1-5-21-2722551312​-2573301172-1159928933-1006\So​ftware\YahooPartnerToolbar]
 [HKEY_USERS\S-1-5-18\Software\M​icrosoft\Windows\CurrentVersio​n\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo]
 [HKEY_USERS\S-1-5-18\Software\M​icrosoft\Windows\CurrentVersio​n\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo]
 [HKEY_USERS\S-1-5-18\Software\M​icrosoft\Windows\CurrentVersio​n\Internet Settings\ZoneMap\Domains\panet.org\yahoo]

 -= EOF =-

ds76
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 04/01/2011 à 00:03:45  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Je continuerai demain. En attendant bonne fin de soirée et à demain.

 DS76

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 04/01/2011 à 00:05:25  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut DS76


 Double-clique sur SystemLook.exe pour le lancer.

 - Copie le contenu du cadre ci-dessous et colle-le dans la zone texte de SystemLook :
 



 :dir
 C:\Program Files\Yahoo! /s



 - Clique sur le bouton Look pour démarrer l'examen.
 - A la fin, le Bloc-notes s'ouvre avec le résultat de l'analyse. Copie-colle le rapport dans ta prochaine réponse.


 @++   :)

 Page :
1  2
Dernière Page
Page Suivante
Page Précédente
Première Page

Aller à :
 

Sujets relatifs
Qu'est-ce que mc???.tmp ? [résolu]  
Plus de sujets relatifs à : Suspiçion de trojans et fenêtre intempestive[résolu]

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
onglets et page d'accueil indésirable sur firefox Résolu 28
free keys for kapersky 0
Mon compte Hotmail est vérolé [résolu] 3
[RESOLU] Alerte sonore Antivir 24
probleme de page publicitaire qui s'ouvre 15