Pc infecté… A l’aide SVP 2015-03-14T13:45:47+00:00
  • Auteur
    Messages
  • Minol
    Post count: 0

    Bonjour,

    J’ai l’ordinateur de la femme d’un collègue de boulot,
    qui était bien infecté.

    J’ai fais ce que j’ai pu au niveau du nettoyage de l’ordi,
    mais maintenant qu’il faut passer par ZHP.

    Je préfère faire appel à vous…

    Les rapports :

    AdwCleaner : [spoiler:i00iqhce]# AdwCleaner v4.112 – Rapport créé le 14/03/2015 à 13:55:35
    # Mis à jour le 09/03/2015 par Xplode
    # Base de données : 2015-03-05.1 [Locale]
    # Système d'exploitation : Windows Vista (TM) Home Basic Service Pack 2 (x86)
    # Nom d'utilisateur : cezki – PC-DE-CEZKI
    # Exécuté depuis : C:Userscezkibureauadwcleaner_4.112.exe
    # Option : Nettoyer

    ***** [ Services ] *****

    ***** [ Fichiers / Dossiers ] *****

    ***** [ Tâches planifiées ] *****

    Tâche Supprimée : LaunchSignup

    ***** [ Raccourcis ] *****

    ***** [ Registre ] *****

    ***** [ Navigateurs ] *****

    -\ Internet Explorer v9.0.8112.16633

    -\ Mozilla Firefox v9.0.1 (fr)

    -\ Google Chrome v41.0.2272.89

    [C:UserscezkiAppDataLocalGoogleChromeUser DataDefaultWeb Data] – Supprimée [Search Provider] : hxxp://www.istartsurf.com/web/?type=ds&ts=1411463941&from=tugs&uid=ST3250820AS_9QE2VVHSXXXX9QE2VVHS&q=” onclick=”window.open(this.href);return false;{searchTerms}
    [C:UserscezkiAppDataLocalGoogleChromeUser DataDefaultWeb Data] – Supprimée [Search Provider] : hxxp://mystart.incredimail.com/?search=” onclick=”window.open(this.href);return false;{searchTerms}&loc=search_box
    [C:UserscezkiAppDataLocalGoogleChromeUser DataDefaultWeb Data] – Supprimée [Search Provider] : hxxp://mystart.magentic.com/english/?search=” onclick=”window.open(this.href);return false;{searchTerms}&loc=search_box
    [C:UserscezkiAppDataLocalGoogleChromeUser DataDefaultWeb Data] – Supprimée [Search Provider] : hxxp://search.bearshare.com//web?src=crb&appid=702&systemid=2&sr=0&q=” onclick=”window.open(this.href);return false;{searchTerms}

    *************************

    AdwCleaner[R0].txt – [1743 octets] – [25/02/2015 09:25:44]
    AdwCleaner[R1].txt – [1803 octets] – [25/02/2015 09:31:03]
    AdwCleaner[R2].txt – [1170 octets] – [25/02/2015 09:45:01]
    AdwCleaner[R3].txt – [350 octets] – [25/02/2015 10:34:41]
    AdwCleaner[R4].txt – [2041 octets] – [14/03/2015 13:52:17]
    AdwCleaner[S0].txt – [1722 octets] – [25/02/2015 09:33:54]
    AdwCleaner[S1].txt – [1851 octets] – [14/03/2015 13:55:35]

    ########## EOF – C:AdwCleanerAdwCleaner[S1].txt – [1911 octets] ##########[/spoiler:i00iqhce]

    ZhpDiag : [spoiler:i00iqhce]~ Rapport de ZHPDiag v2015.3.12.29 – Nicolas Coolman (12/03/2015)
    ~ Lancé par cezki (14/03/2015 14:07:50)
    ~ Facebook : https://www.facebook.com/nicolascoolman1” onclick=”window.open(this.href);return false;
    ~ Adresse du Forum http://forum.nicolascoolman.fr” onclick=”window.open(this.href);return false;
    ~ Traduit par Nicolas Coolman
    ~ Etat de la version : Nouvelle version disponible
    ~ Liste blanche : Activée par le programme
    ~ Elévation des Privilèges : OK
    ~ User Account Control (UAC): Activate by user

    —\ Navigateurs Internet
    MSIE: Internet Explorer v9.0.8112.16421 (Defaut)
    GCIE: Google Chrome v41.0.2272.89

    —\ Informations sur les produits Windows
    ~ Langage: Français
    Windows Server License Manager Script : OK
    ~ Windows Operating System – Vista, OEM_SLP channel
    System Locked Preinstallation (OEM_SLP) : OK
    Windows ID Activation : OK
    ~ Windows Partial Key : 44MV3
    Windows License : OK
    Windows Automatic Updates : OK
    Windows Vista (TM) Home Basic, 32-bit Service Pack 2 (Build 6002)

    —\ Logiciels de protection du système
    Avast Free Antivirus v10.2.2214
    Malwarebytes Anti-Malware version 2.0.4.1028

    —\ Logiciels d'optimisation du système
    CCleaner v5.01

    —\ Logiciels de partage PeerToPeer

    —\ Surveillance de Logiciels
    Adobe Flash Player 16 NPAPI

    —\ Informations sur le système
    ~ Processor: x86 Family 15 Model 6 Stepping 5, GenuineIntel
    ~ Operating System: 32 Bits
    Boot mode: Normal (Normal boot)
    Total RAM: 1014 MB (26% free)
    System Restore: Activé (Enable)
    System drive C: has 65 GB (28%) free of 227 GB

    —\ Mode de connexion au système
    ~ Computer Name: PC-DE-CEZKI
    ~ User Name: cezki
    ~ All Users Names: cezki, Administrateur,
    ~ Unselected Option: None
    Logged in as Administrator

    —\ Variables d'environnement
    ~ System Unit : C:
    ~ %AppZHP% : C:UserscezkiAppDataRoamingZHP
    ~ %AppData% : C:UserscezkiAppDataRoaming
    ~ %Desktop% : C:Userscezkibureau
    ~ %Favorites% : C:UserscezkiFavorites
    ~ %LocalAppData% : C:UserscezkiAppDataLocal
    ~ %StartMenu% : C:UserscezkiAppDataRoamingMicrosoftWindowsStart Menu
    ~ %Windir% : C:Windows
    ~ %System% : C:WindowsSystem32

    —\ Enumération des unités disques
    C: Hard drive, Flash drive, Thumb drive (Free 65 Go of 227 Go)
    D: Hard drive, Flash drive, Thumb drive (Free 4 Go of 5 Go)
    E: CD-ROM drive (Not Inserted)
    H: Floppy drive, Flash card reader, USB Key (Not Inserted)
    I: Floppy drive, Flash card reader, USB Key (Not Inserted)
    J: Floppy drive, Flash card reader, USB Key (Not Inserted)
    K: Floppy drive, Flash card reader, USB Key (Not Inserted)

    —\ Etat du Centre de Sécurité Windows
    ~ Security Center: 42 Legitimates Filtered in 00mn 00s

    —\ Recherche particulière de fichiers génériques
    [MD5.D07D4C3038F3578FFCE1C0237F2A1253] – (.Microsoft Corporation – Explorateur Windows.) (.11/04/2009 – 07:27:36.) — C:WindowsExplorer.exe [2926592]
    [MD5.101BA3EA053480BB5D957EF37C06B5ED] – (.Microsoft Corporation – Application de démarrage de Windows.) (.19/01/2008 – 08:33:37.) — C:WindowsSystem32Wininit.exe [96768]
    [MD5.6293D025E82071B9424877E30B6AC1C8] – (.Microsoft Corporation – Extensions Internet pour Win32.) (.21/02/2015 – 18:21:58.) — C:WindowsSystem32wininet.dll [1129472]
    [MD5.898E7C06A350D4A1A64A9EA264D55452] – (.Microsoft Corporation – Application d'ouverture de session Windows.) (.11/04/2009 – 07:28:13.) — C:WindowsSystem32Winlogon.exe [314368]
    [MD5.F5272A105F59A7B3B345D9D6D87DA7AD] – (.Microsoft Corporation – Ancillary Function Driver for WinSock.) (.30/05/2014 – 07:53:22.) — C:Windowssystem32DriversAFD.sys [273408]
    [MD5.1F05B78AB91C9075565A9D8A4B880BC4] – (.Microsoft Corporation – ATAPI IDE Miniport Driver.) (.11/04/2009 – 07:32:26.) — C:Windowssystem32Driversatapi.sys [19944]
    [MD5.7ADD03E75BEB9E6DD102C3081D29840A] – (.Microsoft Corporation – CD-ROM File System Driver.) (.19/01/2008 – 06:28:02.) — C:Windowssystem32DriversCdfs.sys [70144]
    [MD5.6B4BFFB9BECD728097024276430DB314] – (.Microsoft Corporation – SCSI CD-ROM Driver.) (.11/04/2009 – 05:39:17.) — C:Windowssystem32DriversCdrom.sys [67072]
    [MD5.622C41A07CA7E6DD91770F50D532CB6C] – (.Microsoft Corporation – DFS Namespace Client Driver.) (.14/04/2011 – 15:59:03.) — C:Windowssystem32DriversDfsC.sys [75264]
    [MD5.062452B7FFD68C8C042A6261FE8DFF4A] – (.Microsoft Corporation – High Definition Audio Bus Driver.) (.11/04/2009 – 05:42:42.) — C:Windowssystem32DriversHDAudBus.sys [561152]
    [MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] – (.Microsoft Corporation – Pilote de port i8042.) (.19/01/2008 – 06:49:18.) — C:Windowssystem32Driversi8042prt.sys [54784]
    [MD5.8793643A67B42CEC66490B2A0CF92D68] – (.Microsoft Corporation – IP Network Address Translator.) (.19/01/2008 – 06:56:28.) — C:Windowssystem32DriversIpNat.sys [100864]
    [MD5.1E94971C4B446AB2290DEB71D01CF0C2] – (.Microsoft Corporation – Windows NT SMB Minirdr.) (.29/04/2011 – 14:24:40.) — C:Windowssystem32DriversMRxSmb.sys [106496]
    [MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] – (.Microsoft Corporation – MBT Transport driver.) (.11/04/2009 – 05:45:37.) — C:Windowssystem32DriversnetBT.sys [185856]
    [MD5.2C1121F2B87E9A6B12485DF53CD848C7] – (.Microsoft Corporation – Pilote du système de fichiers NT.) (.03/03/2013 – 20:07:52.) — C:Windowssystem32Driversntfs.sys [1082232]
    [MD5.0FA9B5055484649D63C303FE404E5F4D] – (.Microsoft Corporation – Pilote de port parallèle.) (.02/11/2006 – 09:51:30.) — C:Windowssystem32DriversParport.sys [79360]
    [MD5.A214ADBAF4CB47DD2728859EF31F26B0] – (.Microsoft Corporation – RAS L2TP mini-port/call-manager driver.) (.19/01/2008 – 06:56:34.) — C:Windowssystem32DriversRasl2tp.sys [76288]
    [MD5.E8BD98D46F2ED77132BA927FCCB47D8B] – (.Microsoft Corporation – Microsoft RDP Device redirector.) (.02/11/2006 – 10:03:00.) — C:Windowssystem32Driversrdpdr.sys [242688]
    [MD5.7B75299A4D201D6A6533603D6914AB04] – (.Microsoft Corporation – SMB Transport driver.) (.11/04/2009 – 05:45:22.) — C:Windowssystem32Driverssmb.sys [66560]
    [MD5.76B06EB8A01FC8624D699E7045303E54] – (.Microsoft Corporation – TDI Translation Driver.) (.11/04/2009 – 05:45:56.) — C:Windowssystem32Driverstdx.sys [72192]
    [MD5.786DB5771F05EF300390399F626BF30A] – (.Microsoft Corporation – Pilote de cliché instantané du volume.) (.21/08/2012 – 12:47:42.) — C:Windowssystem32Driversvolsnap.sys [224640]
    ~ Generic Processes: Scanned in 00mn 00s

    —\ Etat des fichiers cachés (Caché/Total)
    ~ Mes images (My Pictures) : 11/5220
    ~ Mes musiques (My Musics) : 5/452
    ~ Mes Videos (My Videos) : 10/15
    ~ Mes Favoris (My Favorites) : 1/52
    ~ Mes Documents (My Documents) : 1/812
    ~ Mon Bureau (My Desktop) : 1/43
    ~ Menu demarrer (Programs) : 1/31
    ~ Hidden Files: Scanned in 00mn 05s

    —\ Processus lancés
    [MD5.48BE298F7FD1BEF4D8FBACB04D8D95C4] – (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [958576] [PID.3192]
    [MD5.1E69EFF38AE528DAB423119BD54675D0] – (.Avast Software s.r.o. – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe [5511352] [PID.3240]
    [MD5.D88B2D487439305A2EC308A6796C3044] – (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe [152392] [PID.3356]
    [MD5.805210C8DB11D5799E7172923959BF98] – (.Piriform Ltd – CCleaner.) — C:Program FilesCCleanerCCleaner.exe [5489944] [PID.3088]
    [MD5.6080A176D09435FC8E6E800996656E18] – (.Microsoft Corporation – Console IME.) — C:Windowssystem32conime.exe [69120] [PID.1004]
    [MD5.817898FEBE6CE40A487EAB6843C9C7C5] – (.Nicolas Coolman – ZHPDiag.) — C:Program FilesZHPDiagZHPDiag.exe [8185344] [PID.1256]
    [MD5.E8B0A9ECB76AAA0C3519E16F34A49858] – (.Microsoft Corporation – Consolidateur SQM Windows.) — C:WindowsSystem32wsqmcons.exe [192000] [PID.1808]
    [MD5.862BB4CBC05D80C5B45BE430E5EF872F] – (.Microsoft Corporation – Service de gestion des licences Microsoft.) — C:Windowssystem32SLsvc.exe [3408896] [PID.1248]
    [MD5.35714DC1ADD995681D890D4382C75721] – (.Avast Software s.r.o. – avast! Service.) — C:Program FilesAlwil SoftwareAvast5AvastSvc.exe [343336] [PID.1488]
    [MD5.608D6A90E989C6522F170E5526A64BF4] – (.Apple Inc. – YSLoader.exe.) — C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe [43336] [PID.1820]
    [MD5.5F685973740F289BE3C809952DB8408B] – (.Microsoft Corporation. – BingBar Service.) — C:Program FilesMicrosoftBingBar7.3.132.0BBSvc.exe [193696] [PID.1832] =>Toolbar.Bing
    [MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] – (.Apple Inc. – Bonjour Service.) — C:Program FilesBonjourmDNSResponder.exe [390504] [PID.1856]
    [MD5.793FF718477345CD5D232C50BED1E452] – (.Hewlett-Packard Company – Pas de description.) — c:Program FilesCommon FilesLightScribeLSSrvc.exe [61440] [PID.1944]
    [MD5.5019A83BE87FD8B60F7333901BFD35E5] – (.Avast Software – AvastVirtualBox Interface.) — C:Program FilesAlwil SoftwareAvast5ngvboxAvastVBoxSVC.exe [3205216] [PID.2352]
    [MD5.781ABA6C29AD40259602703A328DAEC6] – (.Apple Inc. – iPodService Module (32-bit).) — C:Program FilesiPodbiniPodService.exe [553288] [PID.3740]
    ~ Processes Running: Scanned in 00mn 01s

    —\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
    C:UserscezkiAppDataLocalGoogleChromeUser DataDefaultPreferences

    —\ Liste des dossiers d'extension Google Chrome
    ~ Google Lines Browser: 0 Legitimates Filtered in 00mn 01s

    —\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P2,M0,M1,M2,M3)
    C:UserscezkiAppDataRoamingMozillaFirefoxProfiles1ugain1c.defaultprefs.js
    ~ Firefox Browser: 42 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Démarrage,Recherche,URLSearchHook, Phishing (R0,R1,R3,R4)
    R1 – HKLMSOFTWAREMicrosoftInternet ExplorerAboutURLs,Tabs = about:newtab
    ~ IE Browser: 14 Legitimates Filtered in 00mn 00s

    —\ Internet Explorer, Proxy Management (R5)
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = no key
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyEnable = 0
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,MigrateProxy = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,EnableHttp1_1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyHttp1.1 = 1
    R5 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigProxy = wininet.dll
    ~ Proxy management: Scanned in 00mn 00s

    —\ Analyse des lignes F0, F1, F2, F3 – IniFiles, Autoloading programs
    F2 – REG:system.ini: USERINIT=C:Windowssystem32userinit.exe,
    F2 – REG:system.ini: Shell=C:Windowsexplorer.exe
    F2 – REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL “sysdm.cpl”
    ~ Keys: Scanned in 00mn 00s

    —\ Hosts file redirection (O1)
    ~ Le fichier hôte est sain (The hosts file is clean) (20)
    ~ Hosts File: Scanned in 00mn 00s

    —\ Internet Explorer Toolbars (O3)
    O3 – Toolbar: (no name) – [HKLM]{33727f97-486d-4d19-97c3-23f432ef93fc} Clé orpheline
    O3 – Toolbar: (no name) – [HKLM]{c9a6357b-25cc-4bcf-96c1-78736985d412} Clé orpheline
    O3 – Toolbar: Google Toolbar – [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. – Google Toolbar.) — C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{33727F97-486D-4D19-97C3-23F432EF93FC} Clé orpheline
    O3 – ToolbarWebBrowser: (no name) – [HKCU]{D3028143-6145-4318-99D3-3EDCE54A95A9} Clé orpheline
    ~ Toolbar: Scanned in 00mn 00s

    —\ Applications lancées au démarrage du système (O4)
    O4 – HKLM..Run: [APSDaemon] . (.Apple Inc. – Apple Push.) — C:Program FilesCommon FilesAppleApple Application SupportAPSDaemon.exe
    O4 – HKLM..Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated – Adobe Acrobat SpeedLauncher.) — C:Program FilesAdobeReader 9.0ReaderReader_sl.exe
    O4 – HKLM..Run: [Adobe ARM] . (.Adobe Systems Incorporated – Adobe Reader and Acrobat Manager.) — C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe =>.Adobe Systems Incorporated
    O4 – HKLM..Run: [AvastUI.exe] . (.Avast Software s.r.o. – avast! Antivirus.) — C:Program FilesAlwil SoftwareAvast5AvastUI.exe
    O4 – HKLM..Run: [QuickTime Task] . (.Apple Inc. – QuickTime Task.) — C:Program FilesVistaCodecPackQTQTTask.exe
    O4 – HKLM..Run: [iTunesHelper] . (.Apple Inc. – iTunesHelper.) — C:Program FilesiTunesiTunesHelper.exe
    O4 – HKCU..Run: [CCleaner Monitoring] . (.Piriform Ltd – CCleaner.) — C:Program FilesCCleanerCCleaner.exe =>.Piriform Ltd
    O4 – HKUSS-1-5-19..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 – HKUSS-1-5-20..Run: [Sidebar] . (.Microsoft Corporation – Volet Windows.) — C:Program FilesWindows SidebarSidebar.exe =>.Microsoft Corporation
    O4 – HKUSS-1-5-20..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 – HKUSS-1-5-21-230460946-3536391274-1308363112-1000..Run: [CCleaner Monitoring] . (.Piriform Ltd – CCleaner.) — C:Program FilesCCleanerCCleaner.exe =>.Piriform Ltd
    ~ Application: Scanned in 00mn 00s

    —\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)
    O9 – Extra button: @C:Program FilesWindows LiveCompanioncompanionlang.dll,-600 – {0000036B-C524-4050-81A0-243669A86B9F} . (.Microsoft Corporation – Windows Live Messenger Companion core resources.) — C:Program FilesWindows LiveCompanioncompanionres.dll
    O9 – Extra button: @C:Program FilesWindows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 – {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation – Windows Live Writer Blog This Extension.) — C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
    ~ IE Extra Buttons: Scanned in 00mn 00s

    —\ Modification Domaine/Adresses DNS (O17)
    O17 – HKLMSystemCCSServicesTcpip..{F9925E62-8E85-4841-95B9-630347BC6910}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS1ServicesTcpip..{F9925E62-8E85-4841-95B9-630347BC6910}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS2ServicesTcpip..{F9925E62-8E85-4841-95B9-630347BC6910}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCS3ServicesTcpip..{F9925E62-8E85-4841-95B9-630347BC6910}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 – HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    ~ Domain: Scanned in 00mn 00s

    —\ Protocole additionnel (O18)
    O18 – Handler: wlpg – {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation – Windows Live Album Download Protocol Handle.) — C:Program FilesWindows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
    O18 – Filter: application/x-msdownload – {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation – Microsoft .NET Runtime Execution Engine.) — C:WindowsSystem32mscoree.dll =>.Microsoft Corporation
    ~ Protocole Additionnel: Scanned in 00mn 00s

    —\ Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20)
    O20 – Winlogon Notify: igfxcui . (.Intel Corporation – igfxdev Module.) — C:WindowsSystem32igfxdev.dll
    ~ Winlogon: Scanned in 00mn 00s

    —\ Clé de Registre autorun SharedTaskScheduler (STS) (O22)
    O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation – Bibliothèque de l'interface utilisateur du.) — C:WindowsSystem32browseui.dll
    ~ STS/SSO: Scanned in 00mn 00s

    —\ Tâches planifiées en automatique (O39)
    [MD5.00000000000000000000000000000000] [APT] [ASCCJT] (…) — C:UserscezkiAppDataRoamingASCCJT.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [DEPX] (…) — C:UserscezkiAppDataRoamingDEPX.exe (.not file.) [0]
    [MD5.00000000000000000000000000000000] [APT] [{2DCFB6A5-FEDC-4E15-A62A-B50020E26F61}] (…) — E:INSTALL.exe (.not file.) [0]
    [MD5.E995531E39DFF27685038D6A6E543EF9] [APT] [{406CCD90-BBFC-41A2-AB6D-147DC60E35CC}] (…) — C:Program FilesINCRED~1binimsetup.exe [368690]
    [MD5.00000000000000000000000000000000] [APT] [{74252444-C501-45A2-9BD1-D08E949AB889}] (…) — C:UserscezkiDesktopfilm czspySpywareSecure_trial_setup.exe (.not file.) [0]
    O39 – APT: – (..) — C:WindowsSystem32TasksAdobe Flash Player Updater [1002]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineCore [1052]
    O39 – APT: – (..) — C:WindowsSystem32TasksGoogleUpdateTaskMachineUA [1056]
    O39 – APT: – (..) — C:WindowsSystem32TasksUser_Feed_Synchronization-{78EF4345-1B98-4592-B973-19BE23B1CE25} [290]
    ~ Scheduled Task: 23 Legitimates Filtered in 00mn 06s

    —\ HKCU & HKLM Software Keys
    [HKCUSoftwareASCCJT]
    [HKCUSoftwareBearShare] =>PUP.BearShare
    [HKCUSoftwareDEPX]
    [HKCUSoftwareIncrediMail]
    [HKCUSoftwareOrban]
    [HKCUSoftwarePCTools]
    [HKCUSoftwareTorrentAid]
    [HKLMSoftwareCA561A]
    [HKLMSoftwareD715B1A7-91AF-45EE-8340-BBB2D2404A11] =>PUP.CrossRider
    [HKLMSoftwareEEBC39ED-58E8-4D48-AC59-B93930068158] =>PUP.CrossRider
    [HKLMSoftwareIncrediMail]
    [HKLMSoftwarePCTools]
    [HKLMSoftwared98e3e12-0ce8-46b7-807b-8dfc9d345341] =>PUP.CrossRider
    [HKLMSoftwaremywebsites.pro-FR] =>Toolbar.MyWebsites
    ~ Key Software: 206 Legitimates Filtered in 00mn 00s

    —\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
    O43 – CFD: 13/09/2007 – 17:18:55 – [] —-D C:Program FilesBitDownload =>P2P.BitDownload
    O43 – CFD: 16/12/2007 – 20:26:23 – [] —-D C:Program FilesIncrediMail
    O43 – CFD: 03/06/2010 – 18:10:42 – [] —-D C:Program Filesmywebsites.pro-FR =>Toolbar.MyWebsites
    O43 – CFD: 21/01/2009 – 10:30:08 – [] —-D C:Program FilesSpyware Doctor
    O43 – CFD: 23/11/2011 – 08:46:53 – [] —-D C:ProgramDataboost_interprocess
    O43 – CFD: 21/11/2013 – 10:53:11 – [] -SH-D C:ProgramData{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
    O43 – CFD: 08/03/2007 – 06:19:43 – [] —-D C:ProgramDataMicrosoftWindowsStart MenuProgramsLes manuels de l'utilisateur
    O43 – CFD: 08/03/2007 – 06:31:05 – [] —-D C:ProgramDataMicrosoftWindowsStart MenuProgramsOutils et Aide
    O43 – CFD: 05/05/2011 – 18:36:41 – [] —-D C:UserscezkiAppDataRoamingLimeWire
    O43 – CFD: 31/08/2007 – 19:13:49 – [] —-D C:UserscezkiAppDataLocalIM
    O43 – CFD: 05/10/2008 – 11:08:59 – [] —-D C:UserscezkiAppDataLocalShareaza
    ~ 368 Dossier CLSID vide (CLSID Empty Folder)
    ~ Program Folder: 625 Legitimates Filtered in 00mn 12s

    —\ Derniers fichiers modifiés ou crées sous Windows et System32 (O44)
    O44 – LFC:[MD5.AA69ED00EE72BFEE003C864DCFBC5038] – 10/03/2015 – 23:19:18 —A- . (…) — C:WindowsSystem32DriversaswHwid.sys [24144]
    ~ Files: 83 Legitimates Filtered in 00mn 13s

    —\ Derniers fichiers créés dans Windows Prefetcher (O45)
    O45 – LFCP:[MD5.99E5061D15257F5A9B9E9D157E60ABCF] – 20/01/2015 – 16:14:22 —A- – C:WindowsPrefetchDEALPLYLIVE.EXE-BF809A22.pf =>PUP.DealPly
    O45 – LFCP:[MD5.69DF501A739C723A0EAC109F51F24E96] – 20/01/2015 – 15:40:57 —A- – C:WindowsPrefetchDEALPLYLIVEHANDLER.EXE-9DC930B3.pf =>PUP.DealPly
    O45 – LFCP:[MD5.9CB89273C637195976E915EB23CEDF45] – 20/01/2015 – 15:43:07 —A- – C:WindowsPrefetchUPMBOT_FR_108.EXE-F4DBCD2F.pf =>PUP.CrossRider
    ~ Prefetcher: 3 Legitimates Filtered in 00mn 00s

    —\ Contrôle du Safe Boot (CSB) (O49)
    O49 – CSB:Control Safe Boot HKLM…CCSMinimalpcwatch.sys . (…) — C:WindowsSystem32Driverspcwatch.sys (.not file.) =>PUP.WebProtect
    O49 – CSB:Control Safe Boot HKLM…CCSNetworkpcwatch.sys . (…) — C:WindowsSystem32Driverspcwatch.sys (.not file.) =>PUP.WebProtect
    ~ CSB: 15 Legitimates Filtered in 00mn 00s

    —\ Clé de registre Shell MountPoints2 (MPSK) (O51)
    O51 – MPSK:{b0799589-5bed-11de-b894-001921da85da}AutoRuncommand. (…) — C:Windowssystem32J:launcher.exe (.not file.)
    O51 – MPSK:{f418b0ba-a421-11de-bce9-001921da85da}AutoRuncommand. (…) — J:Memorybar.exe (.not file.)
    ~ Keys: Scanned in 00mn 00s

    —\ Enumération des clés de registre StartupReg (SMSR) (O53)
    O53 – SMSR:HKLM…startupregIncrediMail [Key] . (.IncrediMail, Ltd. – IncrediMail Tray Application.) — C:Program FilesIncrediMailbinIncMail.exe
    O53 – SMSR:HKLM…startupregMagentic [Key] . (…) — C:Program FilesMagenticbinMagentic.exe (.not file.)
    O53 – SMSR:HKLM…startupregPicasa Media Detector [Key] . (…) — C:Program FilesPicasa2PicasaMediaDetector.exe (.not file.)
    O53 – SMSR:HKLM…startupregugqhrtqhc [Key] . (…) — c:userscezkiappdatalocalugqhrtqhc.exe (.not file.)
    O53 – SMSR:HKLM…startupregzzz_ImInstaller_IncrediMail [Key] . (…) — C:UserscezkiAppDataLocalTempImInstallerIncrediMailincredimail_install.exe (.not file.)
    ~ SMSR Keys: 30 Legitimates Filtered in 00mn 00s

    —\ Enumération des clés de registre PoliciesSystem (MWPS) (O55)
    O55 – MWPS:[HKLM…PoliciesSystem] – “FilterAdministratorToken”=0
    O55 – MWPS:[HKLM…PoliciesSystem] – “EnableUIADesktopToggle”=0
    ~ MWPS: 17 Legitimates Filtered in 00mn 00s

    —\ Liste des pilotes du système (SDL) (O58)
    O58 – SDL:10/03/2015 – 23:19:18 —A- . (…) — C:WindowsSystem32DriversaswHwid.sys [24144] =>.ALWIL Software
    O58 – SDL:10/03/2015 – 23:19:18 —A- . (…) — C:WindowsSystem32DriversaswRvrt.sys [49904] =>.ALWIL Software
    O58 – SDL:10/03/2015 – 23:19:18 —A- . (…) — C:WindowsSystem32DriversaswVmm.sys [206976] =>.ALWIL Software
    O58 – SDL:02/11/2006 – 10:51:34 —A- . (.Emulex – Storport Miniport Driver for LightPulse HBAs.) — C:WindowsSystem32Driverselxstor.sys [316520]
    O58 – SDL:02/11/2006 – 10:50:07 —A- . (.Integrated Technology Express, Inc. – ITE IT8211 ATA/ATAPI SCSI miniport.) — C:WindowsSystem32Driversiteatapi.sys [35944]
    O58 – SDL:02/11/2006 – 10:50:09 —A- . (.Integrated Technology Express, Inc. – ITE IT8212 ATA RAID SCSI miniport.) — C:WindowsSystem32Driversiteraid.sys [35944]
    O58 – SDL:01/10/2002 – 15:43:32 —A- . (.SP – Universal Serial Bus Camera Driver.) — C:WindowsSystem32DriversSPCA561.SYS [119798]
    O58 – SDL:27/02/2015 – 09:57:22 —A- . (…) — C:WindowsSystem32DriversTrueSight.sys [35064]
    O58 – SDL:02/11/2006 – 10:51:25 —A- . (.ULi Electronics Inc. – ULi SATA Controller Driver.) — C:WindowsSystem32Driversuliahci.sys [235112]
    O58 – SDL:02/11/2006 – 10:50:35 —A- . (.Promise Technology, Inc. – Promise Ultra/Sata Series Driver for Win2003.) — C:WindowsSystem32Driversulsata.sys [98408]
    O58 – SDL:02/11/2006 – 10:50:45 —A- . (.Promise Technology, Inc. – Promise SATAII150 Series Windows Drivers.) — C:WindowsSystem32Driversulsata2.sys [115816]
    O58 – SDL:28/07/2014 – 13:52:00 —A- . (.Apple, Inc. – Apple Mobile Device USB Driver.) — C:WindowsSystem32Driversusbaapl.sys [45056]
    O58 – SDL:02/11/2006 – 08:09:42 —A- . (…) — C:WindowsSystem32ANSI.SYS [9029]
    O58 – SDL:02/11/2006 – 08:09:45 —A- . (…) — C:WindowsSystem32country.sys [27097]
    O58 – SDL:02/11/2006 – 08:09:41 —A- . (…) — C:WindowsSystem32HIMEM.SYS [4768]
    O58 – SDL:02/11/2006 – 08:09:44 —A- . (…) — C:WindowsSystem32KEY01.SYS [42809]
    O58 – SDL:02/11/2006 – 08:09:44 —A- . (…) — C:WindowsSystem32KEYBOARD.SYS [42537]
    O58 – SDL:02/11/2006 – 08:09:29 —A- . (…) — C:WindowsSystem32NTDOS.SYS [27866]
    O58 – SDL:02/11/2006 – 08:09:35 —A- . (…) — C:WindowsSystem32NTDOS404.SYS [29146]
    O58 – SDL:02/11/2006 – 08:09:38 —A- . (…) — C:WindowsSystem32NTDOS411.SYS [29370]
    O58 – SDL:02/11/2006 – 08:09:40 —A- . (…) — C:WindowsSystem32NTDOS412.SYS [29274]
    O58 – SDL:02/11/2006 – 08:09:31 —A- . (…) — C:WindowsSystem32NTDOS804.SYS [29146]
    O58 – SDL:02/11/2006 – 08:09:20 —A- . (…) — C:WindowsSystem32NTIO.SYS [33952]
    O58 – SDL:02/11/2006 – 08:09:23 —A- . (…) — C:WindowsSystem32NTIO404.SYS [34672]
    O58 – SDL:02/11/2006 – 08:09:24 —A- . (…) — C:WindowsSystem32NTIO411.SYS [35776]
    O58 – SDL:02/11/2006 – 08:09:26 —A- . (…) — C:WindowsSystem32NTIO412.SYS [35536]
    O58 – SDL:02/11/2006 – 08:09:22 —A- . (…) — C:WindowsSystem32NTIO804.SYS [34672]
    ~ Drivers: 93 Legitimates Filtered in 00mn 28s

    —\ Recherche heuristique Magic.control (HSMI) (O59)
    O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UserscezkiAppDataLocalfjmoihqz_nav.dat
    O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UserscezkiAppDataLocalfjmoihqz_navps.dat
    O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UserscezkiAppDataLocalfjmoihqz_navup.dat
    O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UserscezkiAppDataLocalgmsqagw_nav.dat
    O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UserscezkiAppDataLocalgmsqagw_navps.dat
    O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UserscezkiAppDataLocalfjmoihqz.dat
    O59 – HSMI:Heuristic Search MagicControl Infection – (…) — C:UserscezkiAppDataLocalgmsqagw.dat
    ~ Files: Scanned in 00mn 02s

    —\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
    O61 – LFC: 14/03/2015 – 14:10:14 —A- . (…) — C:Userscezkibureauadwcleaner_4.112.exe [2171392]
    ~ 68 Fichiers temporaires (Temporary files)
    ~ 19 Fichiers cookies (Cookies files)
    ~ Files: 4 Legitimates Filtered in 00mn 40s

    —\ Liste des outils de désinfection (LATC) (O63)
    O63 – Logiciel: ZHPDiag 2015 – (.Nicolas Coolman.) [HKLM] — ZHPDiag_is1 =>.Nicolas Coolman
    ~ ADS: Scanned in 00mn 00s

    —\ Liste les services legacy du registre (LALS) (O64)
    O64 – Services: CurCS – 10/03/2015 – C:Windowssystem32driversaswHwid.sys (aswHwid) .(…) – LEGACY_ASWHWID
    ~ Legacy: 94 Legitimates Filtered in 00mn 00s

    —\ Associations Shell Spawning (O67)
    O67 – Shell Spawning: < .html> [HKCU..openCommand] (.Not Key.)
    ~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

    —\ Menu de démarrage Internet (SMI) (O68)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (…) — C:UserscezkiAppDataLocalGoogleChromeApplicationchrome.exe (.not file.)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (…) — C:Program FilesMozilla Firefoxfirefox.exe (.not file.)
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Google Inc. – Google Chrome.) — C:Program FilesGoogleChromeApplicationchrome.exe
    O68 – StartMenuInternet: [HKLM..ShellopenCommand] (.Microsoft Corporation – Internet Explorer.) — C:Program FilesInternet Exploreriexplore.exe
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche d'infection sur les navigateurs internet (SBI) (O69)
    O69 – SBI: SearchScopes [HKCU] E7408E019B754A4D9379AE9E6624614D – (Google) – http://www.google.fr” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] Live Search – (Live Search) – http://search.live.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] – (Bing) – http://www.bing.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6424E0C4-0C27-4691-AD1F-A4F09B9E017C} – (Google) – http://www.google.fr” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} – (Google) – http://www.google.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {6AC63E17-B56A-4A89-A130-EEFF78EBCE4D} – (Google Customized Web Search) – http://mywwwsites.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {814C76CB-2623-43F4-AAD0-58A0E5190A20} – (Orange) – http://r.orange.fr” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {91E3C76E-B1B6-414F-9AAF-E0E3B87B1C23} – (Yahoo! France) – http://fr.search.yahoo.com” onclick=”window.open(this.href);return false;
    O69 – SBI: SearchScopes [HKCU] {9CB96984-43C3-4D44-90EF-01466EFCF7BB} – (Yahoo! (Avast)) – http://fr.search.yahoo.com” onclick=”window.open(this.href);return false;
    ~ Keys: Scanned in 00mn 00s

    —\ Recherche particulière à la racine du système (SPRF) (O84)
    [MD5.F86A04789F4F0DD8D4107E8E2B6E47CC] [SPRF][17/03/2008] (…) — C:ProgramDataezsid.dat [32]
    [MD5.8FA2E6BB86B819911F62321F927965E3] [SPRF][27/09/2008] (…) — C:ProgramDataezsidmv.dat [56]
    [MD5.04591CA4096541EA924D46882D56313E] [SPRF][06/05/2013] (…) — C:UserscezkiAppDataRoamingwklnhst.dat [892]
    [MD5.95300BA672A14E3AE6740CB3CB41DB7B] [SPRF][14/03/2015] (.Pas de propriétaire – Aut2Exe.) — C:Userscezkibureauadwcleaner_4.112.exe [2171392]
    [MD5.68CCB93315E8986024CE2621720E64F7] [SPRF][21/01/2015] (…) — C:UserscezkibureauRogueKiller.exe [15431256]
    ~ Files: 9 Legitimates Filtered in 00mn 00s

    —\ Enumère les codes produits des logiciels (PUC) (O90)
    O90 – PUC: “537E56336A8449149988EC95CAA55E30” . (.Bing Bar.) — C:WindowsInstaller{3365E735-48A6-4194-9988-CE59AC5AE503}icon_installer_ico =>Toolbar.Bing
    ~ Update Products: 1 Legitimates Filtered in 00mn 00s

    —\ Recherche des packages WindowsInstaller (WIS) (O93) (NTFS)
    [MD5.B747A9EA5FEC872838991231902F29DB] [WIS][19/03/2014] (.Microsoft Corporation – Bing Bar.) — C:WindowsInstaller1d1241.msi [719360] =>Toolbar.Bing
    ~ WIS: 1 Legitimates Filtered in 00mn 04s

    —\ Etat général des services non Microsoft (EGS) (SR=Running, SS=Stopped)
    SS – | Demand 11/03/2015 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) – C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe
    SS – | Auto 22/07/1658 0 | (CLCapSvc) . (…) – C:Program FilesCyberLinkPowerCinemaKernelTVCLCapSvc.exe
    SS – | Disabled 28/11/2006 118880 | (CLSched) . (…) – C:Program FilesCyberLinkPowerCinemaKernelTVCLSched.exe
    SS – | Disabled 28/11/2006 1073152 | (CyberLink Media Library Service) . (.Cyberlink.) – C:Program FilesCyberLinkPowerCinemaKernelCLML_NTServiceCLMLServer.exe
    SS – | Disabled 24/08/2009 69632 | C:Program FilesCOMMON~1France TelecomShared ModulesFTRTSVCFTRTSVC.exe (FTRTSVC) . (.France Telecom SA.) – C:Program FilesCommon FilesFrance TelecomShared ModulesFTRTSVCFTRTSVC.exe
    SS – | Auto 30/10/2014 107912 | (gupdate) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 30/10/2014 107912 | (gupdatem) . (.Google Inc..) – C:Program FilesGoogleUpdateGoogleUpdate.exe
    SS – | Demand 17/08/2012 194032 | (gusvc) . (.Google.) – C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
    SS – | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) – c:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
    SS – | Demand 01/11/2006 887544 | (RoxMediaDB9) . (.Sonic Solutions.) – c:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe
    SS – | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) – C:Program FilesSkypeUpdaterUpdater.exe
    SS – | Demand 01/11/2006 78752 | (stllssvr) . (.MicroVision Development, Inc..) – c:Program FilesCommon FilesSureThing Sharedstllssvr.exe
    SR – | Auto 28/08/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) – C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
    SR – | Auto 10/03/2015 343336 | (avast! Antivirus) . (.Avast Software s.r.o..) – C:Program FilesAlwil SoftwareAvast5AvastSvc.exe
    SR – | Demand 10/03/2015 3205216 | (AvastVBoxSvc) . (.Avast Software.) – C:Program FilesAlwil SoftwareAvast5ngvboxAvastVBoxSVC.exe
    SR – | Auto 11/03/2014 193696 | (BBSvc) . (.Microsoft Corporation..) – C:Program FilesMicrosoftBingBar7.3.132.0BBSvc.exe =>Toolbar.Bing
    SR – | Demand 11/03/2014 247968 | (BBUpdate) . (.Microsoft Corporation..) – C:Program FilesMicrosoftBingBar7.3.132.0SeaPort.exe =>Toolbar.Bing
    SR – | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) – C:Program FilesBonjourmDNSResponder.exe
    SR – | Demand 01/09/2014 553288 | (iPod Service) . (.Apple Inc..) – C:Program FilesiPodbiniPodService.exe
    SR – | Auto 17/01/2007 61440 | (LightScribeService) . (.Hewlett-Packard Company.) – c:Program FilesCommon FilesLightScribeLSSrvc.exe
    SR – | Auto 19/01/2008 21504 | C:Program FilesWindows Defendermpsvc.dll (WinDefend) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    SR – | Auto 19/01/2008 21504 | C:WindowsSystem32wuaueng.dll (wuauserv) . (.Microsoft Corporation.) – C:WindowsSystem32svchost.exe
    ~ Services: Scanned in 00mn 21s

    —\ Recherche d'infection sur le Master Boot Record (MBR)(O80)
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net” onclick=”window.open(this.href);return false;
    ~ MBR: 1 Legitimates Filtered in 00mn 03s

    —\ Recherche d'infection sur le Master Boot Record (MBRCheck)(O80)
    Written by ad13, http://ad13.geekstog” onclick=”window.open(this.href);return false;
    Run by cezki at 14/03/2015 14:12:11
    ********* Dump file Name *********
    C:PhysicalDisk0_MBR.bin
    ~ MBR: Scanned in 00mn 05s

    —\ Scan Additionnel (O88)
    Database Version : 13008 – (12/03/2015)
    Clés trouvées (Keys found) : 0
    Valeurs trouvées (Values found) : 0
    Dossiers trouvés (Folders found) : 4
    Fichiers trouvés (Files found) : 7

    C:Program FilesBitDownload =>P2P.BitDownload^
    C:Program Filesmywebsites.pro-FR =>Toolbar.MyWebsites^
    C:UserscezkiAppDataLocalLowmediabarbs =>PUP.BearShare
    C:UserscezkiAppDataLocalLowmywebsites.pro-FR =>Toolbar.Mywebsites
    C:Program FilesMicrosoftBingBar7.3.132.0BBSvc.exe =>Toolbar.Bing^
    [HKCUSoftwareBearShare] =>PUP.BearShare^
    [HKLMSoftwareD715B1A7-91AF-45EE-8340-BBB2D2404A11] =>PUP.CrossRider^
    [HKLMSoftwareEEBC39ED-58E8-4D48-AC59-B93930068158] =>PUP.CrossRider^
    [HKLMSoftwared98e3e12-0ce8-46b7-807b-8dfc9d345341] =>PUP.CrossRider^
    [HKLMSoftwaremywebsites.pro-FR] =>Toolbar.MyWebsites^
    C:WindowsInstaller1d1241.msi =>Toolbar.Bing^
    ~ Additionnel Scan: 346525 Items scanned in 00mn 53s

    —\ Informations complémentaires sur les modules
    ~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/” onclick=”window.open(this.href);return false; =>.Internet Explorer, Proxy Management (R5)
    ~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/” onclick=”window.open(this.href);return false; =>.Internet Explorer Toolbars (O3)
    ~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/” onclick=”window.open(this.href);return false; =>.Applications lancées au démarrage du système (O4)
    ~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/” onclick=”window.open(this.href);return false; =>.Clé de registre Shell MountPoints2 (MPSK) (O51)
    ~ AMI: 4 Legitimates Filtered in 00mn 00s

    —\ Récapitulatif des détections trouvées sur votre station
    http://nicolascoolman.fr/pup-bearshare” onclick=”window.open(this.href);return false; =>PUP.BearShare
    http://nicolascoolman.fr/pup-crossrider” onclick=”window.open(this.href);return false; =>PUP.CrossRider
    http://www.nicolascoolman.fr/blog/” onclick=”window.open(this.href);return false; =>Toolbar.MyWebsites
    http://nicolascoolman.fr/pup-dealply” onclick=”window.open(this.href);return false; =>PUP.DealPly
    http://www.nicolascoolman.fr/blog/” onclick=”window.open(this.href);return false; =>PUP.WebProtect
    ~ MSI: 5 link(s) detected in 00mn 00s

    ~ 1396 Legitimates filtered by white list
    End of the scan (541 lines in 05mn 15s)(0.8)[/spoiler:i00iqhce]

    D’avance merci :)

  • Photo du profil de buckhulkbuckhulk
    Participant
    Post count: 2391

    Bonjour,
    c’est un canned (discours déjà prêt)

    Je m’appelle buckhulk… ^^

    C’est moi qui vais prendre en charge le soucis …. ;)

    [glow=red:xw8d49rm]Je te conseille de désactiver ton antivirus pour chaque téléchargement de logiciel de désinfection[/glow:xw8d49rm]

    Á savoir que je ne prend pas en charge les ordinateurs encore sous XP

    Ne suis pas deux désinfections en même temps et si tu as un problème avec un outil parles-en .

    Ensuite donne moi des “nouvelles de ton ordinateur assez fréquement (comme un médecin pour adapter les “médicaments”) et héberges bien les rapports .

    Les outils doivent être téléchargés sur le bureau (c’est à dire dans un raccourcis de ton dossier téléchargement, puis tranférés sur ton bureau )

    Ouvert avec un clic droit (exécuter en tant que..).

    Même si ton ordinateur à l’air de mieux fonctionner , une désinfection doit être faite complètement

    Désinstalle tes µtorrent car bien qu’il ne soient pas infectieux , c’est leur utilisation (mauvaise) qui t’amènent des virus …Après si tu veux les remettre….. :electriksock:

    Regarde ICI

    Et aussi , à lire , instructif :

    [glow=red:xw8d49rm]Concernant les P2P[/glow:xw8d49rm]

    Par contre tu vas passer ZHPCleaner et me refaire un ZHPDiag après et hébergé s’il te plait :
    [center:xw8d49rm][/center:xw8d49rm]
    [center:xw8d49rm]ZHPcleaner[/center:xw8d49rm]

    Désactivation de l’antivirus

    Ton moteur de recherche va se fermer il faudra le réouvir pour poster les rapports

    téléchargement : ZHPcleaner de Nicolas Cooleman

    Cliquer sur le Bouton Vert : télécharger en toute sécurité

    Patientez le temps de la préparation du téléchargement
    Puis cliquez sur le Bouton Bleu (téléchargement)

    Cet outil ne nécessite aucune installation, il est très rapide car basé sur l’éxécution de scripts.

    Il restaure les paramètres Proxy par défaut,
    Il supprime les redirections des raccourcis de navigateurs (Infection par argument),
    Il restaure les pages de démarrage et de recherche dun navigateur Internet Explorer (Base de Registres),
    Il restaure la page de démarrage du navigateur Mozilla Firefox (Fichier de préférences),
    Il restaure la page de démarrage du navigateur Google Chrome (Fichier de préférences),
    Il restaure la page de démarrage du navigateur Opera (Fichier de préférences),
    Il supprime certains Browser Helper Object (BHO) nuisibles de navigateurs,
    Il supprime certaines Barres d’outil (Toolbar) nuisibles de navigateurs,
    Il répare le fournisseur de recherche par défaut (SearchScope),

    En cas de présence d’un proxy, un message apparaît avec la question suivante

    “Avez-vous installé ce proxy ?” suivi de l’adresse IP du proxy.

    Si vous n’avez pas installé de Proxy, cliquer sur “NON” pour accepter la réparation du proxy.

    les cases sont cochées suivant le ou les navigateurs présents
    Cliquer sur le popup qui apparait
    Puis sur scanner
    Laisser la barre de progression arriver jusqu’à la fin.
    A la fin du traitement, un rapport de nettoyage s’affiche dans le bloc-notes le fournir si demandé sinon :
    Cliquer sur réparer
    Fermeture des navigateurs pour le nettoyage
    Si tu veux réparer le fichier hote, il faut désactiver ton antivirus.

    [center:xw8d49rm]Hébergement[/center:xw8d49rm]

    Les rapports de diagnostique sont trop long, ils dépassent la taille autorisée par les éditeurs des forums , il faut donc héberger le rapport :

    A/ – Héberge le rapport ZHPDiag.txt sur : Paste&Furious et “les captures d’écran sur” : sosUpload

    ou sur cjoint

    B/ – Cliques sur >> Parcourir (ou choisissez un fichier)

    C/ – Cherche le rapport de ZHPDiag que tu viens de faire qui est sur ton bureau

    D/ – Cliques sur >> envoyer le fichier (ou créer le lien)

    E/ – Un lien sera généré, Un lien de cette forme: http://cjoint.com/index.php?file=cjge368/cijSKAP5fU.txt” onclick=”window.open(this.href);return false;

    F/ – Il te suffit de le poster ici

    Merci

  • Minol
    Post count: 0

    Merci de m’avoir pris en charge :)

    Je viens de passer ZHPCleaner…

    Voici le rapport de ZhpDiag
    ==> http://cjoint.com/?ECoqkDZuRog” onclick=”window.open(this.href);return false;

  • Anonyme
    Post count: 0

    :hello:

    • Séléctionne et copie le script suivant :

      Script ZHPFix
      O3 - Toolbar: (no name) - [HKLM]{33727f97-486d-4d19-97c3-23f432ef93fc} Clé orpheline
      O3 - Toolbar: (no name) - [HKLM]{c9a6357b-25cc-4bcf-96c1-78736985d412} Clé orpheline
      O3 - ToolbarWebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Clé orpheline
      O3 - ToolbarWebBrowser: (no name) - [HKCU]{33727F97-486D-4D19-97C3-23F432EF93FC} Clé orpheline
      O3 - ToolbarWebBrowser: (no name) - [HKCU]{D3028143-6145-4318-99D3-3EDCE54A95A9} Clé orpheline
      [MD5.00000000000000000000000000000000] [APT] [ASCCJT] (...) -- C:UserscezkiAppDataRoamingASCCJT.exe (.not file.) [0]
      [MD5.00000000000000000000000000000000] [APT] [DEPX] (...) -- C:UserscezkiAppDataRoamingDEPX.exe (.not file.) [0]
      [MD5.00000000000000000000000000000000] [APT] [{2DCFB6A5-FEDC-4E15-A62A-B50020E26F61}] (...) -- E:INSTALL.exe (.not file.) [0]
      [MD5.E995531E39DFF27685038D6A6E543EF9] [APT] [{406CCD90-BBFC-41A2-AB6D-147DC60E35CC}] (...) -- C:Program FilesINCRED~1binimsetup.exe [368690]
      [MD5.00000000000000000000000000000000] [APT] [{74252444-C501-45A2-9BD1-D08E949AB889}] (...) -- C:UserscezkiDesktopfilm czspySpywareSecure_trial_setup.exe (.not file.) [0]
      [HKCUSoftwareASCCJT]
      [HKCUSoftwareBearShare] =>PUP.BearShare
      [HKCUSoftwareDEPX]
      [HKLMSoftwaremywebsites.pro-FR] =>Toolbar.MyWebsites
      O43 - CFD: 03/06/2010 - 18:10:42 - [] ----D C:Program Filesmywebsites.pro-FR =>Toolbar.MyWebsites
      O43 - CFD: 21/01/2009 - 10:30:08 - [] ----D C:Program FilesSpyware Doctor
      O43 - CFD: 21/11/2013 - 10:53:11 - [] -SH-D C:ProgramData{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
      O49 - CSB:Control Safe Boot HKLM...CCSMinimalpcwatch.sys . (...) -- C:WindowsSystem32Driverspcwatch.sys (.not file.) =>PUP.WebProtect
      O49 - CSB:Control Safe Boot HKLM...CCSNetworkpcwatch.sys . (...) -- C:WindowsSystem32Driverspcwatch.sys (.not file.) =>PUP.WebProtect
      O53 - SMSR:HKLM...startupregPicasa Media Detector [Key] . (...) -- C:Program FilesPicasa2PicasaMediaDetector.exe (.not file.)
      O53 - SMSR:HKLM...startupregugqhrtqhc [Key] . (...) -- c:userscezkiappdatalocalugqhrtqhc.exe (.not file.)
      O53 - SMSR:HKLM...startupregzzz_ImInstaller_IncrediMail [Key] . (...) -- C:UserscezkiAppDataLocalTempImInstallerIncrediMailincredimail_install.exe (.not file.)
      O59 - HSMI:Heuristic Search MagicControl Infection - (...) -- C:UserscezkiAppDataLocalfjmoihqz_navup.dat
      O68 - StartMenuInternet: [HKLM..ShellopenCommand] (...) -- C:UserscezkiAppDataLocalGoogleChromeApplicationchrome.exe (.not file.)
      O68 - StartMenuInternet: [HKLM..ShellopenCommand] (...) -- C:Program FilesMozilla Firefoxfirefox.exe (.not file.)
      O69 - SBI: SearchScopes [HKCU] {6AC63E17-B56A-4A89-A130-EEFF78EBCE4D} - (Google Customized Web Search) - http://mywwwsites.com
      C:UserscezkiAppDataLocalLowmediabarbs =>PUP.BearShare
      C:UserscezkiAppDataLocalLowmywebsites.pro-FR =>Toolbar.Mywebsites
      firewallraz
      emptyclsid
      emptyprefetch
      EmptyCLSID
      Emptytemp
      EmptyFlash
      ShortcutFix
    • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      1. Clique sur Importer
      2. Les lignes précedemment copiées doivent être collées dans le cadre
      3. Si c’est le cas, Clic sur “GO

    • Confirmes les nettoyages des données en cliquant sur “Oui
    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Copie le contenu du rapport ZHPFixReport sur Paste And Furious, puis copie/colle le lien généré dans ta prochaine réponse.
      -> Tuto Paste And Furious : tutoriel-paste-and-furious-t104985.html
  • Minol
    Post count: 0

    Ci-Joint le rapport de ZhpFix
    ==> http://cjoint.com/?ECoqXCx0lPV” onclick=”window.open(this.href);return false;

  • Anonyme
    Post count: 0

    • Télécharge MalwareBytes
    • Procède à l’installation de celui çi Décocher “Activer l’essai gratuit de Malwarebytes Anti-Malware Premium”
    • Clic sur Mettre à jour (à droite, au centre)
    • Clic sur Examen (en haut)
    • Sélectionne Examen “Menaces”
    • Clic sur Examiner maintenant

    • A la fin du scan clic sur Tout mettre en quarantaine !
    • Clic sur Copier dans le Presse-papiers
    • Un rapport va s’ouvrir. Copie/Colle son contenue dans ta prochaine réponse.
  • Minol
    Post count: 0

    Ci-joint le rapport de MalwareBytes
    [spoiler:3a5s83h2]Malwarebytes Anti-Malware
    http://www.malwarebytes.org” onclick=”window.open(this.href);return false;

    Date de l'examen: 14/03/2015
    Heure de l'examen: 21:39:04
    Fichier journal:
    Administrateur: Oui

    Version: 2.00.4.1028
    Base de données Malveillants: v2015.03.14.04
    Base de données Rootkits: v2015.02.25.01
    Licence: Gratuit
    Protection contre les malveillants: Désactivé(e)
    Protection contre les sites Web malveillants: Désactivé(e)
    Auto-protection: Désactivé(e)

    Système d'exploitation: Windows Vista Service Pack 2
    Processeur: x86
    Système de fichiers: NTFS
    Utilisateur: cezki

    Type d'examen: Examen “Menaces”
    Résultat: Terminé
    Objets analysés: 342562
    Temps écoulé: 20 min, 39 sec

    Mémoire: Activé(e)
    Démarrage: Activé(e)
    Système de fichiers: Activé(e)
    Archives: Activé(e)
    Rootkits: Désactivé(e)
    Heuristique: Activé(e)
    PUP: Activé(e)
    PUM: Activé(e)

    Processus: 0
    (Aucun élément malicieux detecté)

    Modules: 0
    (Aucun élément malicieux detecté)

    Clés du Registre: 0
    (Aucun élément malicieux detecté)

    Valeurs du Registre: 0
    (Aucun élément malicieux detecté)

    Données du Registre: 0
    (Aucun élément malicieux detecté)

    Dossiers: 0
    (Aucun élément malicieux detecté)

    Fichiers: 0
    (Aucun élément malicieux detecté)

    Secteurs physiques: 0
    (Aucun élément malicieux detecté)

    (end)[/spoiler:3a5s83h2]

  • Anonyme
    Post count: 0
    • Télécharge FRST (de Farbar) sur ton bureau !
    • Ferme toutes les applications en cours !
    • Lance FRST, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Coche la case Addition.txt
    • Clique sur Scan

    • Une fois le scan terminé rends toi sur le bureau, deux rapports FRST.txt et Addition.txt ont été créés.
    • Héberge les rapports FRST.txt et Addition.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse
  • Minol
    Post count: 0

    Re-Bonjour :)

    La version que tu m’as donné est pour 64 bits, l’ordi est en 32 bits.
    Je me suis servi de ce lien pour la version 32 bits :
    ==> https://www.sosvirus.net/telecharger/frst-farbar/” onclick=”window.open(this.href);return false;

    Les rapports de FRST

    FRST ==> http://cjoint.com/?ECppY4HsWEq” onclick=”window.open(this.href);return false;

    Addition ==> http://cjoint.com/?ECpp1rUKvee” onclick=”window.open(this.href);return false;

    A SAVOIR :

    Je pensais que zhp pouvait voir les services et démarrages inactifs,
    mais je me rends comptes qu’ils sont encore là…
    (Ex : France telecom routing table service)

    Du coup, je me suis permis de vous faire un rapport de ZhpDiag,
    avec tous ce qui devrait normalement se lancer sur ce PC.

    Ci-joint le rapport ZhpDiag
    ==> http://cjoint.com/?ECpp47UDW55” onclick=”window.open(this.href);return false;

    Si ca peut vous aider…
    On peut tout supprimer sur cet ordi,
    tout ce qui était important, n’est pas sur cet ordi.
    Il faut juste qu’il fonctionne…

    D’avance merci :)

  • Anonyme
    Post count: 0

    Si ca peut vous aider…
    On peut tout supprimer sur cet ordi,
    tout ce qui était important, n’est pas sur cet ordi.
    Il faut juste qu’il fonctionne…

    Bah dans ce cas, autant le formater et réinstaller Windows 7 non ?

    tuto pour vista mais c’est la même démarche pour Windows 7 : telecharger-les-fichiers-iso-windows-vista-sp1-t100238.html
    iso : https://www.sosvirus.net/telecharger/windows-7-x64-iso-toutes-versions/” onclick=”window.open(this.href);return false;

  • Minol
    Post count: 0

    Oula !

    Ca fait un moment que je suis sur cet ordi…

    PAS de support de driver chez ECS pour W7…
    PAS d’accès au restore system. (F11 chez Compaq)…

    Lorsque je vais sur le site d’HP, je n’ai droit qu’à des MAJ…

    C’est justement parce que je n’ai pas le choix,
    Que je fais appel à vous…

    Même le support de HP ne vends plus
    de Disque Dur de restauration systeme pour cette version…

    Vous êtes ma dernière chance…
    Il n’y a pas moyen de faire un fix pour nettoyer l’ordi ??

    Rapport de ZhpDiag
    ==> http://cjoint.com/?ECpp47UDW55” onclick=”window.open(this.href);return false;

    D’avance merci :)

  • Anonyme
    Post count: 0

    Ok chef ;)

    • Appuies simultanément sur les touches Windows et R
    • Une fenêtre va s’ouvrir, tape ceci : notepad
    • Clic sur OK

      Note : Le bloc note va s’ouvrir

    • Copie les lignes suivantes :
      start
      HKUS-1-5-21-230460946-3536391274-1308363112-1000...InprocServer32: [Default-pngfilt] <==== ATTENTION!
      HKLM...Run: [] => [X]
      HKLM...Run: [QuickTime Task] => C:Program FilesVistaCodecPackQTQTTask.exe [421888 2014-01-17] (Apple Inc.)
      ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File []
      FF Extension: No Name - C:UserscezkiAppDataRoamingMozillaFirefoxProfiles1ugain1c.defaultextensions{906000a4-88d9-4d52-b209-7a772970d91f} [Not Found]
      FF Extension: No Name - C:UserscezkiAppDataRoamingMozillaFirefoxProfiles1ugain1c.defaultextensionswrigtdamon@yahoo.com [Not Found]
      FF Extension: No Name - C:UserscezkiAppDataRoamingMozillaFirefoxProfiles1ugain1c.defaultextensionsfaststartff@gmail.com [Not Found]
      2015-02-27 09:57 - 2015-01-21 21:40 - 00035064 _____ () C:Windowssystem32DriversTrueSight.sys
      2015-02-25 12:06 - 2007-07-01 18:59 - 00001356 _____ () C:UserscezkiAppDataLocald3d9caps.dat
      2015-02-23 11:29 - 2007-07-31 20:12 - 00000000 ____D () C:WindowsGoogle Toolbar
      2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:UserscezkiAppDataRoamingASCCJT
      2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:UserscezkiAppDataRoamingDEPX
      2008-12-10 17:57 - 2008-12-10 17:58 - 0114414 _____ () C:UserscezkiAppDataRoaminginstall.txt
      2009-01-21 13:21 - 2009-01-21 13:21 - 0029239 _____ () C:UserscezkiAppDataRoamingUserTile.png
      2013-12-20 19:31 - 2014-09-23 08:37 - 0000165 _____ () C:UserscezkiAppDataRoamingWB.CFG
      2008-01-21 22:21 - 2013-05-06 19:07 - 0000892 _____ () C:UserscezkiAppDataRoamingwklnhst.dat
      2007-07-01 18:59 - 2015-02-25 12:06 - 0001356 _____ () C:UserscezkiAppDataLocald3d9caps.dat
      2007-06-17 20:01 - 2015-02-09 11:20 - 0090112 _____ () C:UserscezkiAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      2007-10-21 09:26 - 2007-10-21 17:31 - 0002245 _____ () C:UserscezkiAppDataLocalfdcafdclki.dat
      2007-10-23 17:44 - 2007-10-23 21:08 - 0002244 _____ () C:UserscezkiAppDataLocalmoavxumep.dat
      2007-11-08 13:52 - 2007-11-08 21:56 - 0002244 _____ () C:UserscezkiAppDataLocalnqxmjmham.dat
      2008-03-17 18:14 - 2008-03-17 18:14 - 0000032 _____ () C:ProgramDataezsid.dat
      2008-09-27 17:14 - 2008-09-27 17:14 - 0000056 ____H () C:ProgramDataezsidmv.datend
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{00020424-0000-0000-C000-000000000046}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{00021401-0000-0000-C000-000000000046}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{0086C339-9C0E-4C09-9A2F-FF3D19A44A18}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{00BB2763-6A77-11D0-A535-00C04FD7D062}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{00BB2764-6A77-11D0-A535-00C04FD7D062}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{00BB2765-6A77-11D0-A535-00C04FD7D062}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{03C036F1-A186-11D0-824A-00AA005B4383}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{04FE9017-F873-410E-871E-AB91661A4EF7}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{060AF76C-68DD-11D0-8FC1-00C04FD9189D}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{067B4B81-B1EC-489F-B111-940EBDC44EBE}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{083863F1-70DE-11D0-BD40-00A0C911CE86}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{0912B4DD-A30A-4568-B590-7179EBB420EC}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{0AF10CEC-2ECD-4B92-9581-34F6AE0637F3}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{0B91A74B-AD7C-4A9D-B563-29EEF9167172}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{0C15D503-D017-47CE-9016-7B3F978721CC}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{0E890F83-5F79-11D1-9043-00C04FD9189D}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{0F40E1E5-4F79-4988-B1A9-CC98794E6B55}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{1B544C20-FD0B-11CE-8C63-00AA0044B51E}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{1DCB3A00-33ED-11D3-8470-00C04F79DBC0}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{1E651CC0-B199-11D0-8212-00C04FC32C45}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{22D6F312-B0F6-11D0-94AB-0080C74C7E95}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{25336920-03F9-11CF-8FD0-00AA00686F13}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{25585DC7-4DA0-438D-AD04-E42C8D2D64B9}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{2559A1F5-21D7-11D4-BDAF-00C04F60B9F0}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{25BAAD81-3560-11D3-8471-00C04F79DBC0}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{275C23E2-3747-11D0-9FEA-00AA003F8646}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{280A3020-86CF-11D1-ABE6-00A0C905F375}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{294935CE-F637-4E7C-A41B-AB255460B862}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{304CE942-6E39-40D8-943A-B913C40C9CD4}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{3050F391-98B5-11CF-BB82-00AA00BDCE0B}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{3050F406-98B5-11CF-BB82-00AA00BDCE0B}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{3050F4CF-98B5-11CF-BB82-00AA00BDCE0B}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{3050F4F5-98B5-11CF-BB82-00AA00BDCE0B}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{30C3B080-30FB-11D0-B724-00AA006C1A01}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{3338A2DD-8C8E-4AC8-94E8-FD248849D77F}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{336475D0-942A-11CE-A870-00AA002FEAB5}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{339BCCB5-3AB4-4495-94ED-29102F59894C}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{33FACFE0-A9BE-11D0-A520-00A0D10129C0}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{385A91BC-1E8A-4E4A-A7A6-F4FC1E6CA1BD}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{38BE3000-DBF4-11D0-860E-00A024CFEF6D}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{3AE86B20-7BE8-11D1-ABE6-00A0C905F375}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{3C374A40-BAE4-11CF-BF7D-00AA006946EE}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{4315D437-5B8C-11D0-BD3B-00A0C911CE86}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{45109CAB-C352-4222-A580-D1A0FCBF2BB9}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{4582C640-81C2-4C54-A7CD-998B2F8254F6}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{477A3783-2D4D-11D3-B244-444553540000}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{47E792CF-0BBE-4F7A-859C-194B0768650A}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{4A2286E0-7BEF-11CE-9BD9-0000E202599C}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{4CB26C03-FF93-11D0-817E-0000F87557DB}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{4EFE2452-168A-11D1-BC76-00C04FB9453B}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{4FD2A832-86C8-11D0-8FCA-00C04FD9189D}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{50D5107A-D278-4871-8989-F4CEAAF59CFC}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{5349B405-C992-4A4D-8EB8-5D237C5A0623}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{5A409990-3F4C-4CB3-B25C-C978A45DC6AB}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{5C140836-43DE-11D3-847D-00C04F79DBC0}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{5E2663C1-51B3-49B7-B081-70181C2AF816}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{62BE5D10-60EB-11D0-BD3B-00A0C911CE86}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{6935DB93-21E8-4CCC-BEB9-9FE3C77A297A}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{6A01FDA0-30DF-11D0-B724-00AA006C1A01}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{6A08CF80-0E18-11CF-A24D-0020AFD79767}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{6A213E20-F0E4-4E10-9C2B-1E26CB324988}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{6BF52A52-394A-11D3-B153-00C04F79FAA6}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{70C9CA56-38EB-4E56-9AA6-B8465A49DC5C}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{70E102B0-5556-11CE-97C0-00AA0055595A}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{728A21C5-3D9E-48D7-9810-864848F0F404}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{77F7F122-20B0-4117-A2FB-059D1FC88256}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{79376820-07D0-11CF-A24D-0020AFD79767}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{7D8AA343-6E63-4663-BE90-6B80F66540A3}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{81397204-F51A-4571-8D7B-DC030521AABD}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{871C5380-42A0-1069-A2EA-08002B30309D}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{8856F961-340A-11D0-A96B-00C04FD705A2}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{94297043-BD82-4DFD-B0DE-8177739C6D20}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{972F6FA9-5324-42B9-8CE4-16E250C95818}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{9852A670-F845-491B-9BE6-EBD841B8A613}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{989D1DC0-B162-11D1-B6EC-D27DDCF9A923}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{99D54F63-1A69-41AE-AA4D-C976EB3F0713}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{9A3179FB-F05E-49DD-9D9E-A6B574E4D4FC}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{A753A1EC-973E-4718-AF8E-A3F554D45C44}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{A7EE7F34-3BD1-427F-9231-F941E9B7E1FE}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{ADC6CB82-424C-11D2-952A-00C04FA34F05}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{AFB6C280-2C41-11D3-8A60-0000F81E0E4A}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{B54F3741-5B07-11CF-A4B0-00AA004A55E8}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{B8967F85-58AE-4F46-9FB2-5D7904798F4B}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{BBEEA841-0A63-4F52-A7AB-A9B3A84ED38A}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{BCDE0395-E52F-467C-8E3D-C4579291692E}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{cd3afa72-b84f-48f0-9393-7edc34128127}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{cd3afa73-b84f-48f0-9393-7edc34128127}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{cd3afa74-b84f-48f0-9393-7edc34128127}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{cd3afa76-b84f-48f0-9393-7edc34128127}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{cd3afa78-b84f-48f0-9393-7edc34128127}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{cd3afa7b-b84f-48f0-9393-7edc34128127}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{cd3afa83-b84f-48f0-9393-7edc34128127}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{cd3afa84-b84f-48f0-9393-7edc34128127}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{cd3afa88-b84f-48f0-9393-7edc34128127}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{cd3afa89-b84f-48f0-9393-7edc34128127}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{cd3afa8f-b84f-48f0-9393-7edc34128127}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{cd3afa92-b84f-48f0-9393-7edc34128127}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{cd3afa93-b84f-48f0-9393-7edc34128127}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{cd3afa94-b84f-48f0-9393-7edc34128127}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{cd3afa95-b84f-48f0-9393-7edc34128127}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{CD773740-B187-4974-A1D5-E0FF91372277}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{CDA42200-BD88-11D0-BD4E-00A0C911CE86}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{CEF4D40F-ACA5-40BA-8F3B-161A594A1A39}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{CF49D4E0-1115-11CE-B03A-0020AF0BA770}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{D1FE6762-FC48-11D0-883A-3C8B00C10000}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{D3D9D58B-45B5-48AB-B199-B8C40560AEC7}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{D51BD5A1-7548-11CF-A520-0080C77EF58A}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{D51BD5A2-7548-11CF-A520-0080C77EF58A}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{D51BD5A3-7548-11CF-A520-0080C77EF58A}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{DE2D022D-2480-43BE-97F0-D1FA2CF98F4F}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{DF2FCE13-25EC-45BB-9D4C-CECD47C2430C}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{DFFACDC5-679F-4156-8947-C5C76BC0B67F}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{E1E1705B-62C6-469F-9361-C07479678A90}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{E21BE468-5C18-43EB-B0CC-DB93A847D769}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{E436EBB2-524F-11CE-9F53-0020AF0BA770}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{E436EBB3-524F-11CE-9F53-0020AF0BA770}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{E436EBB5-524F-11CE-9F53-0020AF0BA770}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{E436EBB8-524F-11CE-9F53-0020AF0BA770}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{E569BDE7-A8DC-47F3-893F-FD2B31B3EEFD}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{E876339C-2984-41F8-A49A-F908555CE4C9}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{ED8C108E-4349-11D2-91A4-00C04F7969E8}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{F3364BA0-65B9-11CE-A9BA-00AA004AE837}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{F414C260-6AC0-11CF-B6D1-00AA00BBBB58}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{F5078F35-C551-11D3-89B9-0000F81FE221}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{FBD1F53D-14A4-46AE-B08D-FF61C50DD8BA}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{FDC7A535-4070-4B92-A0EA-D9994BCC0DC5}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{FEB50740-7BEF-11CE-9BD9-0000E202599C}InprocServer32 -> No File Path
      CustomCLSID: HKUS-1-5-21-230460946-3536391274-1308363112-1000_ClassesCLSID{FF393560-C2A7-11CF-BFF4-444553540000}InprocServer32 -> No File Path
      Task: {008DDB87-7240-467D-8073-33A8AD0460FF} - 6b7e512c-56bc-467f-b56e-ebeb8c0cd0ce No Task File <==== ATTENTION
      Task: {373621BC-B9DB-44A4-9E55-94B44FF1A8D8} - DealPlyLiveUpdateTaskMachineUA No Task File <==== ATTENTION
      Task: {3C7E052D-E006-49F2-AB78-1AFFB9EAEA78} - 9528ba2e-d655-4b7d-a5da-02588d6903cb-4 No Task File <==== ATTENTION
      Task: {3DA91053-9239-4C3D-8FBF-3973205EE820} - 39a1279d-be0c-48dd-b82e-b7146fb88c41 No Task File <==== ATTENTION
      Task: {4F0F47EB-3AFA-4A0D-B57A-AE4D0D029001} - System32Tasks{F40DDD83-3716-4DA0-A935-49491A9F10DB} => pcalua.exe -a "C:UserscezkiAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE53DLAWZ23LimeWireWin[1].exe" -d C:Windowssystem32
      Task: {5C399821-6A6B-4DDD-AB91-DE1F680C01FC} - 9528ba2e-d655-4b7d-a5da-02588d6903cb-2 No Task File <==== ATTENTION
      Task: {5F81C191-037F-4FA5-ACCC-B4E4A887F67A} - 9528ba2e-d655-4b7d-a5da-02588d6903cb-11 No Task File <==== ATTENTION
      Task: {69E5A8A2-6C89-480F-9E11-8D675D4FD993} - 9528ba2e-d655-4b7d-a5da-02588d6903cb-1 No Task File <==== ATTENTION
      Task: {7560DBCA-6CD2-4C98-BA99-94C26329B4AF} - 9528ba2e-d655-4b7d-a5da-02588d6903cb-7 No Task File <==== ATTENTION
      Task: {79C23F16-1E93-4CC1-9BA3-ADEB4474BAE6} - Dealply No Task File <==== ATTENTION
      Task: {8BF56CE1-02F5-4C06-B697-B7131C8286F1} - 9528ba2e-d655-4b7d-a5da-02588d6903cb-5_user No Task File <==== ATTENTION
      Task: {AFE06CAE-59D0-45DE-B9F8-A73EB904D97B} - 9528ba2e-d655-4b7d-a5da-02588d6903cb-5 No Task File <==== ATTENTION
      Task: {B5CFA8E8-2502-49DE-81BC-3DEA8A7004B9} - 9528ba2e-d655-4b7d-a5da-02588d6903cb-6 No Task File <==== ATTENTION
      Task: {DADFF43A-BD1E-44DD-8CEA-18CD04233105} - 9528ba2e-d655-4b7d-a5da-02588d6903cb-3 No Task File <==== ATTENTION
      Task: {E56B34AA-9416-4C8D-9FB1-2DAB17ACC4D7} - DealPlyLiveUpdateTaskMachineCore No Task File <==== ATTENTION
      C:UserscezkiAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE53DLAWZ23
      HKUS-1-5-21-230460946-3536391274-1308363112-1000SoftwareClasses.exe: => <===== ATTENTION!
      HKLMSYSTEMCurrentControlSetControlSafeBootNetworkMyOSProtect => ""="service" <==== ATTENTION
      C:Program FilesSecuritoo
      C:PROGRA~1COMMON~1INSTAL~1UPDATE~1
      SearchScopes: HKUS-1-5-21-230460946-3536391274-1308363112-1000 -> {814C76CB-2623-43F4-AAD0-58A0E5190A20} URL = http://r.orange.fr/r?ref=O_OI_hook_openSearchIE&url=http%3A//rws.search.ke.voila.fr/RW/S/opensearch_orange?rdata={searchTerms}
      SearchScopes: HKUS-1-5-21-230460946-3536391274-1308363112-1000 -> {91E3C76E-B1B6-414F-9AAF-E0E3B87B1C23} URL = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
      SearchScopes: HKUS-1-5-21-230460946-3536391274-1308363112-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
      HKUS-1-5-21-230460946-3536391274-1308363112-1000SoftwareMicrosoftInternet ExplorerMain,Search Bar = https://fr.yahoo.com?fr=hp-avast&type=avastbcl
      HKUS-1-5-21-230460946-3536391274-1308363112-1000SoftwareMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
      URLSearchHook: HKLM - (No Name) - {33727f97-486d-4d19-97c3-23f432ef93fc} - No File
      SearchScopes: HKLM -> {91E3C76E-B1B6-414F-9AAF-E0E3B87B1C23} URL = http://fr.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
      SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://fr.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
      C:ProgramDataF-Secure
      C:Program FilesOrange
      C:UserscezkiAppDataLocalOrange

    • Retourne dans le bloc note puis colle les lignes copiées.
    • Clic sur Fichier, puis Enregistrer sous …, nomme le fixlist.txt et enregistre le sur ton bureau !
    • Rends toi sur le bureau, Lance FRST, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clic sur Fix

      Note : Patiente le temps de la suppression

    • Une fois le scan terminé rends toi sur le bureau, deux rapports Fixlog.txt a été créé.
    • Héberge le rapport Fixlog.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse
  • Minol
    Post count: 0

    Ci-joint le rapport Fixlog
    ==> http://cjoint.com/?ECpt4ky2zsh” onclick=”window.open(this.href);return false;

  • Anonyme
    Post count: 0

    désinstalle Firefox et chrome , on va utiliser internet explorer pour la suite, tu pourras les réinstaller ensuite

    une fois Firefox et chrome désinstallé redémarre le pc puis effectue zhpdiag comme suit :

    • Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
    • Installe le logiciel.
    • Lance ZHPDiag, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clic sur Complet

      Note : Ne pas fermer le programme même si il est indiqué qu’il ne répond plus.

    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
    • Copie le contenu du rapport ZHPCleaner.txt présent sur ton bureau sur Paste And Furious
      puis copie/colle le lien généré dans ta prochaine réponse.
      -> Tuto Paste And Furious : tutoriel-paste-and-furious-t104985.html
  • Minol
    Post count: 0

    Ci-joint le rapport complet de ZhpDiag
    ==> http://cjoint.com/?ECpvUNij3pg” onclick=”window.open(this.href);return false;

  • Anonyme
    Post count: 0
    • Séléctionne et copie le script suivant :

      Script ZHPFix
      M3 - MFPP: Plugins - [cezki] -- C:UserscezkiAppDataRoamingMozillaFirefoxProfiles1ugain1c.defaultsearchpluginsorange.xml
      M2 - MFEP: prefs.js [cezki - 1ugain1c.defaulttoolbar@Orange.fr] [] barre d'outils Orange v4.3.0.0 (..)
      M2 - MFEP: prefs.js [cezki - 1ugain1c.default{4D9AE42B-F4C0-40e6-AEDB-4EC6E42B77AF}] [] Plugin Orange Installeur v1.2.5.0 (..)
      P2 - FPN: [HKLM] [@Microsoft.com/NpCtrl,version=1.0] - (. Microsoft Corporation - 5.1.30514.0.) -- c:Program FilesMicrosoft Silverlight5.1.30514.0npctrl.dll
      P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3502.0922] - (.Microsoft Corporation - NPWLPG.) -- C:Program FilesWindows LivePhoto GalleryNPWLPG.dll
      P2 - FPN: [HKLM] [@microsoft.com/WLPG,version=15.4.3508.1109] - (.Microsoft Corporation - NPWLPG.) -- C:Program FilesWindows LivePhoto GalleryNPWLPG.dll
      P2 - FPN: [HKLM] [@microsoft.com/WPF,version=3.5] - (.Microsoft Corporation - Windows Presentation Foundation (WPF) plug-in for Mozilla browsers.) -- c:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll
      P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.11.2105] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:Program FilesVistaCodecPackrmbrowserpluginsnppl3260.dll
      P2 - FPN: [HKLM] [@real.com/nppl3260;version=6.0.11.2571] - (.RealNetworks, Inc. - RealPlayer(tm) LiveConnect-Enabled Plug-In.) -- C:Program FilesVistaCodecPackrmbrowserpluginsnppl3260.dll
      P2 - FPN: [HKLM] [@real.com/nprjplug;version=1.0.2.2629] - (.RealNetworks, Inc. - RealJukebox Netscape Plugin.) -- C:Program FilesRealRealPlayerNetscape6nprjplug.dll
      P2 - FPN: [HKLM] [@real.com/nprpjplug;version=6.0.12.1739] - (.RealNetworks, Inc. - 6.0.12.1739.) -- C:Program FilesVistaCodecPackrmbrowserpluginsnprpjplug.dll
      R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.RealNetworks, Inc. - 6.0.12.1739.) (No version) -- (.not file.)
      O2 - BHO: (no name) - {33727f97-486d-4d19-97c3-23f432ef93fc} Clé orpheline
      O4 - HKLM..Run: [NWEReboot] Clé orpheline
      O4 - HKLM..Run: [RegistryMechanic] Clé orpheline
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) . (...) - C:Program FilesCyberLinkPowerCinemaKernelTVCLCapSvc.exe (.not file.)
      [MD5.00000000000000000000000000000000] [APT] [{74FC82E4-555E-42E9-B912-1EAA9E998438}] (...) -- C:Program FilesSkypePhoneSkype.exe (.not file.) [0]
      [MD5.00000000000000000000000000000000] [APT] [{98F1BBC9-CF61-4221-940F-7C943E1CDAFD}] (...) -- c:userscezkiappdatalocalgooglechromeapplicationchrome.exe (.not file.) [0]
      [MD5.00000000000000000000000000000000] [APT] [{DABECE50-F760-4094-9EF0-66BB46AE77FE}] (...) -- C:Program FilesSkypePhoneSkype.exe (.not file.) [0]
      [HKCUSoftwareAppDataLowSoftwaremediabarbs] =>PUP.BearShare
      [HKCUSoftwareAppDataLowSoftwaremywebsites.pro-FR] =>Toolbar.MyWebsites
      [HKCUSoftwareAppDataLowSoftwaresettings]
      [HKCUSoftwareAvira]
      [HKLMSoftwareSymantec]
      O43 - CFD: 14/03/2015 - 19:02:45 - [] ----D C:ProgramDataF-Secure-UninstallationTool
      O43 - CFD: 21/11/2013 - 16:55:18 - [] ----D C:ProgramDataMcAfee
      O43 - CFD: 14/03/2015 - 19:02:45 - [] ----D C:ProgramDataF-Secure-UninstallationTool
      O43 - CFD: 01/07/2009 - 13:57:47 - [] ----D C:Program FilesSpyware Terminator
      O43 - CFD: 20/01/2009 - 23:12:59 - [] ----D C:Program FilesCommon FilesSymantec Shared
      O43 - CFD: 10/11/2011 - 03:03:32 - [] ----D C:Program FilesCommon FilesSystem
      O43 - CFD: 10/11/2013 - 19:41:06 - [] ----D C:ProgramDataAVAST Software
      O43 - CFD: 14/06/2012 - 18:42:36 - [] ----D C:ProgramData{429CAD59-35B1-4DBC-BB6D-1DB246563521}
      O51 - MPSK:{b0799589-5bed-11de-b894-001921da85da}AutoRuncommand. (...) -- C:Windowssystem32J:launcher.exe (.not file.)
      O51 - MPSK:{f418b0ba-a421-11de-bce9-001921da85da}AutoRuncommand. (...) -- J:Memorybar.exe (.not file.)
      O68 - StartMenuInternet: [HKLM..ShellopenCommand] (...) -- C:Program FilesGoogleChromeApplicationchrome.exe (.not file.)
      O68 - StartMenuInternet: [HKLM..ShellopenCommand] (...) -- C:Program FilesMozilla Firefoxfirefox.exe (.not file.)
      O69 - SBI: SearchScopes [HKCU] Live Search - (Live Search) - http://search.live.com
      O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com
      firewallraz
      emptyclsid
      emptyprefetch
      EmptyCLSID
      Emptytemp
      EmptyFlash
      ShortcutFix
    • Lances ZHPFix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista

      1. Clique sur Importer
      2. Les lignes précedemment copiées doivent être collées dans le cadre
      3. Si c’est le cas, Clic sur “GO

    • Confirmes les nettoyages des données en cliquant sur “Oui
    • Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
    • Copie le contenu du rapport ZHPFixReport sur Paste And Furious, puis copie/colle le lien généré dans ta prochaine réponse.
      -> Tuto Paste And Furious : tutoriel-paste-and-furious-t104985.html

    [hr:1mmo0xqa]

    • Pour supprimer les fichiers temporaires :
    • Télécharge SFTGC (de Pierre13) sur ton Bureau et pas ailleurs !.
    • Lance SFTGC, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Clique sur GO

      Note : A la fin un rapport va s’ouvrir

    • Une fois le scan terminé rends toi sur le bureau, le fichier SFTGC.txt à été créé.
    • Copie le contenu du rapport SFTGC.txt sur Paste And Furious, puis copie/colle le lien généré dans ta prochaine réponse.
      -> Tuto Paste And Furious : tutoriel-paste-and-furious-t104985.html
  • Minol
    Post count: 0

    Ci-joint les rapports :

    Le rapport de ZhpFixReport
    ==> http://cjoint.com/?ECpx5wdQ37K” onclick=”window.open(this.href);return false;

    Le rapport SFTGC
    ==> http://cjoint.com/?ECpx67RMvr5” onclick=”window.open(this.href);return false;

  • Anonyme
    Post count: 0

    :hello:

    Comment va le PC depuis ce nettoyage ?

  • Minol
    Post count: 0

    Ecoute, de mieux en mieux !
    Grâce à toi ^^

    Déjà avec le script précèdent,
    il avait arrêté de tourner à 100% constamment.

    J’ai relancé l’ordi avec tous les services activés,
    et tu as repassé un coup de script…

    Le rapport de ZhpDiag, au cas où
    ==> http://cjoint.com/?ECqoDPBVCsh

    Tu souhaites que je fasses autre chose ?

  • Anonyme
    Post count: 0

    Non, il faudra juste passer un coup de ccleaner (option registre) , tu peux désinstaller les logiciels orange aussi, ça sert à rien.

    • Pour supprimer les outils de désinfections utilisés :
    • Télécharges Delfix sur ton Bureau.
    • Lance Delfix, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Coche les cases suivantes :
      • Supprimer les outils de désinfection
      • Purger la restauration système

    Bonne semaine :hello:

    [fin2desinf:tci8c7o5][/fin2desinf:tci8c7o5]

  • Minol
    Post count: 0

    Ca marche, c’est prévue tout ca.
    Mais d’abord, je desinstalle l’inutile…

    Un grand merci à toi !
    pour avoir pris le temps de te pencher sur ce problême :)

    Manque de bol pour toi !
    Si je suis confronté au même problême, sur un autre ordi.
    c’est par ici que je posterais ! ;D

    @+
    et Merci pour le coup de main :)

  • Anonyme
    Post count: 0

    Ok ça marche pour le prochain ordi ;)

    @+ tard alors :)

Le sujet ‘Pc infecté… A l’aide SVP’ est fermé à de nouvelles réponses.