Se connecter / S'enregistrer
Votre question
Fermé

Virus qui transforme tous les fichiers de ma clé usb en raccourcis.

Tags :
  • Raccourcis
  • Virus
  • Sécurité
  • Clés USB
Dernière réponse : dans Sécurité et virus
25 Septembre 2013 15:37:05

Bonjour, J'ai un virus qui transforme les fichiers de ma clé usb en raccourcis. J'ai utilisé la commande: Attrib-r-s-h/S/D/E:\*.* mais cela ne fonctionne pas. Pourriez vous m'aider svp?

Autres pages sur : virus transforme fichiers cle usb raccourcis

a b 8 Sécurité
25 Septembre 2013 16:36:54

Bonjour adminpronote,

Comme tu peux le voir, je suis un helpeur en formation mais ne t'inquiète pas, mes réponses sont analysées par des formateurs expérimentées avant de t'être données.

Nous allons d'abord voir de plus près ce qui se passe sur ta machine. Ainsi, je te demanderai de ne pas demander d'aide de désinfection sur un autre forum, cela pourrait s'avérer dangereux pour ton ordinateur.

Merci de suivre cette procédure :

Analyse normale :

Télécharge OTL (de OldTimer) sur ton Bureau depuis ce lien.

http://oldtimer.geekstogo.com/OTL.exe


  • Double-clique sur OTL.exe pour le lancer. Ferme toutes les fenêtres sauf celle d'OTL.
  • Une fenêtre apparaît.
  • Coche la case : Tous les utilisateurs
  • Dans la section Rapport en haut de cette fenêtre, coche la case Rapport Minimal.
  • Coche également les cases correspondant à la Recherche LOP et à la Recherche Purity (En bleu vers le bas de la fenêtre).
  • Enfin, clique sur le bouton Analyse. Pendant la durée du scanne, ne touche à rien. Le scan ne prendra pas beaucoup de temps.
  • Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau)
  • Copie ici (Éditer ; Sélectionner tout; Éditer ; Copier) le contenu des deux fichiers, un par post, et poste-le dans ta prochaine réponse.




    Score
    0
    25 Septembre 2013 17:31:37

    Bonjour et merci pour votre aide.
    Voici les rapports:
    Exras:
    OTL Extras logfile created on: 25/09/2013 11:08:17 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ysa\Desktop\VIRUS CATCH
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16686)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    3,84 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 60,77% Memory free
    7,68 Gb Paging File | 5,72 Gb Available in Paging File | 74,39% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 913,41 Gb Total Space | 828,22 Gb Free Space | 90,67% Space Free | Partition Type: NTFS

    Computer Name: YSA-PC | User Name: Ysa | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2324830667-3944076634-2857977468-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0443D712-933D-4DE9-9F01-393E5E9CF2EC}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{13B834FE-17BD-4B29-87E3-0071A3E9DC0C}" = lport=139 | protocol=6 | dir=in | app=system |
    "{16A795E5-D1F7-4DAD-9510-345ABC77BE83}" = rport=139 | protocol=6 | dir=out | app=system |
    "{25208930-AAA8-40FA-B038-6CE843289DE3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{2E05789E-F53D-4B98-A533-CEBBD8919B4E}" = lport=138 | protocol=17 | dir=in | app=system |
    "{3ACAB44C-76D5-46D5-AE0B-967C5E0AE23C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{3D7C51AE-00A2-45CC-AFBF-473DC341E870}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4F2D5036-BA3B-492A-A636-79E16073285A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{716CCA75-17F3-4045-9BCC-C8812459C0E6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{74856046-D752-4F9B-9A74-C9151B0A64E4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{7BA1BC3C-2B5E-4F13-8033-9292E114823B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{82308CF5-E046-43E2-B57B-B29BD436CBEF}" = rport=445 | protocol=6 | dir=out | app=system |
    "{885CD79B-CEE8-481D-BF61-10E28D5DF098}" = lport=445 | protocol=6 | dir=in | app=system |
    "{9410E5F5-BFB8-4DDE-9D98-AB66C6A18690}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{99C57831-9AAD-4824-B116-D8E89CDD7CB3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{9FA8BC96-4D57-48F9-9AC9-8764E186B2C9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AE81CA82-0012-44AE-9730-8A7AE27FB940}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{AF78ED96-18F2-443D-9E0C-430590B455EF}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{B4922216-71C6-4D0C-9864-D695F525D478}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{BDA8BC19-4D3B-4550-A605-844DA2D02ABE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C5EC167A-E047-42A1-9507-8A538402D3FA}" = rport=138 | protocol=17 | dir=out | app=system |
    "{CEDFA3C5-CE19-43A6-B35F-6E6441148194}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{D181004C-939A-4E7B-8682-4B6DD6E8762A}" = rport=137 | protocol=17 | dir=out | app=system |
    "{D25D21F9-F010-40FC-B1C8-66CEA113BF95}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{D44BB5AD-4B49-433C-A245-CB02435C856E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D5612451-64C2-4FCB-89B6-D0BD955BE171}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{DC07D5C5-D25A-4D25-B7E4-FA978A9B7EE6}" = lport=137 | protocol=17 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{14347BF9-FE02-4DC2-A9D3-2F60685212BB}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
    "{157A0291-366A-4DD7-8B70-AEDBC426B883}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{22FF8CD2-DFE6-4F9B-B333-48E3905E8C00}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{289E0210-7E47-4AAD-9500-D6D0578F4230}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{308A3C04-0F58-42E3-AE30-3B630CCAB60F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{363B91F3-B97D-4B6E-8537-DDBCC1AB15C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3ADF8F4A-BDD6-4D1D-B28D-7939731ED92C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{3D650A42-01AA-4AD3-B9E2-AC175EE0126F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{416C20AB-5110-44DF-A24D-9C7858AA0A46}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{50A341DE-DB28-4528-B770-75924535BCAB}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
    "{537BF1E7-2C18-4EED-8EED-60C8451DDC0B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{5497A10F-5E73-4317-B5D0-A9272B3B9B0C}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe |
    "{5E726945-6F75-46BD-9D30-790A6EA60355}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{667E0179-8954-455B-8785-2E8E94A8AA75}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{6BE32091-F23D-412E-B186-781AB4742B85}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{6CE22E7C-E714-4710-8D8C-5F3972EF9DF4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{73347075-5A85-4BE7-B75D-79F2D0FB2453}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\mvp\musicplayer.exe |
    "{75F66AEF-FF77-4DB1-9C52-BE859AD57D58}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
    "{7E958428-06C8-4DD9-8FBF-94A1DF032980}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
    "{87C247EE-521B-46D5-858F-CA03D49C30F2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{89610F41-9765-4366-930D-0E1408C48C87}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8A04BF6E-66A5-4CE6-92AB-498FE91E278C}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\movie\playmovie.exe |
    "{8ACF063A-0FA1-4FC0-AADC-27DD64DDE318}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{8BF17EB6-FC56-4554-8C52-EAB890E10517}" = protocol=6 | dir=out | app=system |
    "{91578AA4-0758-4225-B9C4-AC40DB0FAF2D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9BAF2586-8D10-465C-8EA8-ECEDA2829538}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A43044E4-B964-4096-82BD-73EB166B0EB1}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{A46B858D-D7BF-4B5F-A19B-7D51779463BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AA02744A-713F-43CF-BA65-2FA785D5D245}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{B4AA32F2-9BB4-4286-B57A-1D3647E4FE46}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk20\mvp\videoplayer.exe |
    "{CD830BD9-FEAA-4F72-954F-FF3280E2CF28}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |
    "{CF7343C5-FB4A-48D5-8B9A-37C1191DCD90}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
    "{D11B2CA3-3A00-4497-A206-1FEFCA823C48}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{D561A259-B727-4FA3-ABB5-F3BD507288B9}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe |
    "{DF911D9E-B50E-42BA-920A-3148567BEF24}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E1F38BD5-679A-48B8-8482-8045C3CA1A24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E253D289-9F77-425D-86BB-9F44444931CD}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe |
    "{E2700B6A-BB97-4B5B-BA28-A47FD838FBAB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{ED60109E-25A7-40EB-967E-04A21BED4C58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F430B304-C571-490F-B515-628D1DBDE9E8}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
    "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
    "{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
    "{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
    "{16463660-2EC6-4A26-A2B4-BD6A5FAB38BA}" = Acer Instant Update Service
    "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
    "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
    "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
    "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
    "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
    "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
    "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
    "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
    "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
    "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
    "{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
    "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
    "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
    "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
    "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
    "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
    "{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
    "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
    "{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Moniteur de la technologie Intel® Turbo Boost 2.5
    "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
    "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
    "{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
    "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
    "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2010
    "{90140000-006D-040C-1000-0000000FF1CE}" = Microsoft Office « Démarrer en un clic » 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
    "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
    "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
    "{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software
    "{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
    "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
    "{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security 2012
    "{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 296.32
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 296.32
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.12
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Mises à jour NVIDIA 1.7.12
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
    "{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
    "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
    "{CB2AE3D4-298D-4A1E-9998-EDE47AB74E00}" = Logiciel de base du périphérique HP Deskjet 1050 J410 series
    "{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
    "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
    "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
    "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
    "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
    "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
    "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
    "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
    "Broadcom Wireless Utility" = Broadcom Wireless Utility
    "Elantech" = ETDWare PS/2-X64 10.6.9.9_WHQL
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
    "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
    "{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
    "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
    "{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
    "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
    "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
    "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
    "{0BF23E9F-5E99-4B6A-97CA-29ABC6C59E1F}" = INDEX EDUCATION - Client PRONOTE 2013
    "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
    "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
    "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
    "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
    "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
    "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
    "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
    "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
    "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
    "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
    "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
    "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
    "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
    "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
    "{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
    "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
    "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
    "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
    "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
    "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
    "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
    "{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
    "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
    "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
    "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
    "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
    "{266517E6-D866-439D-919C-B8B1A52E6080}" = OpenOffice.org 3.2
    "{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
    "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
    "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
    "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
    "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
    "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
    "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
    "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
    "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
    "{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
    "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
    "{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
    "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
    "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
    "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
    "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
    "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
    "{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
    "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
    "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
    "{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
    "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
    "{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
    "{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
    "{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
    "{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
    "{498D8130-B871-4D94-9ADC-C1F99E188F3A}" = Mise à jour automatique
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
    "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
    "{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
    "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
    "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
    "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
    "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
    "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
    "{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger
    "{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
    "{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Aide
    "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
    "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
    "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
    "{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
    "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
    "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
    "{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
    "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
    "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
    "{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
    "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
    "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
    "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
    "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
    "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
    "{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
    "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
    "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
    "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
    "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
    "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
    "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
    "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
    "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
    "{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
    "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
    "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
    "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
    "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
    "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
    "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
    "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
    "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
    "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
    "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
    "{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
    "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
    "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
    "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
    "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
    "{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
    "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
    "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
    "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
    "{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
    "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
    "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
    "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
    "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
    "{820D0BA3-ACD7-4FB9-A3A7-0ADF0C66A4BE}" = Windows Live Messenger
    "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
    "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
    "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
    "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
    "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
    "{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
    "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
    "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
    "{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
    "{90140000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2010
    "{90140000-0015-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2010
    "{90140000-0016-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2010
    "{90140000-0018-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2010
    "{90140000-0019-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2010
    "{90140000-001A-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2010
    "{90140000-001B-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
    "{90140000-001F-0401-0000-0000000FF1CE}_Office14.SingleImage_{1A43C155-3DDA-43C9-92C5-0E7D0B2B156D}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
    "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2010
    "{90140000-001F-0413-0000-0000000FF1CE}_Office14.SingleImage_{5072FEA2-862C-4BF0-9654-CB0DCBE2BE28}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-040C-1000-0000000FF1CE}_Office14.SingleImage_{0CCCD9C7-637C-41CA-A293-6E9992109B09}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2010
    "{90140000-002C-040C-0000-0000000FF1CE}_Office14.SingleImage_{C8E4AA87-3E5A-4C70-8CB7-43FE25C99B74}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2010
    "{90140000-006E-040C-0000-0000000FF1CE}_Office14.SingleImage_{7C5C7E8C-F6D2-43AC-93A4-89E4FF7367E6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2010
    "{90140000-00A1-040C-0000-0000000FF1CE}_Office14.SingleImage_{C3AE9E57-4CD3-44FB-802F-9B461B26E3EB}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140011-0066-040C-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Français
    "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
    "{929B7060-300C-46B5-9DCD-B21A475051D0}" = Transmath 6e
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
    "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
    "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
    "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
    "{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
    "{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger
    "{A3AD65CC-B2CE-49da-AE4E-CC2ECF4EC0F8}" = clear.fi SDK - MVP 2
    "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
    "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
    "{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
    "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
    "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
    "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
    "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.8) MUI
    "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
    "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
    "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
    "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
    "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
    "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
    "{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
    "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
    "{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
    "{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
    "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
    "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
    "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
    "{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
    "{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger
    "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
    "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
    "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
    "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
    "{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
    "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
    "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
    "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
    "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
    "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
    "{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
    "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
    "{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger
    "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
    "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
    "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
    "{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
    "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
    "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
    "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
    "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
    "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
    "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
    "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
    "{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
    "{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
    "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
    "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
    "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
    "{DAF7BB88-6392-40aa-A714-8392C4BDBD2C}" = clear.fi SDK- Movie 2
    "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
    "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
    "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
    "{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
    "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
    "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
    "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
    "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
    "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
    "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
    "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
    "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
    "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
    "{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
    "{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
    "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
    "{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
    "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
    "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
    "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger
    "{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger
    "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
    "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
    "{F77EF646-19EB-11E1-9A9E-984BE15F174E}" = Evernote v. 4.5.2
    "{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger
    "{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
    "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
    "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
    "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
    "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
    "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
    "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
    "{FCDB0EF3-673C-FDCE-6498-750F51391660}" = Fooz Kids
    "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
    "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
    "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
    "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
    "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
    "{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
    "Acer Registration" = Acer Registration
    "Acer Screensaver" = Acer ScreenSaver
    "Acer Welcome Center" = Welcome Center
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 12.0
    "FoozKids" = Fooz Kids
    "HP Photo Creations" = HP Photo Creations
    "Identity Card" = Identity Card
    "InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
    "InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
    "InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
    "InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
    "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
    "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
    "LManager" = Launch Manager
    "Mobile Broadband HL Service" = Mobile Broadband HL Service
    "Mozilla Firefox 23.0.1 (x86 fr)" = Mozilla Firefox 23.0.1 (x86 fr)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Office14.Click2Run" = Microsoft Office « Démarrer en un clic » 2010
    "Office14.SingleImage" = Microsoft Office Famille et Étudiant 2010
    "WildTangent acer Master Uninstall" = Acer Games
    "WinLiveSuite" = Windows Live Essentials
    "WTA-0336cf16-5575-4b86-8373-a64dfeb83356" = Agatha Christie - Death on the Nile
    "WTA-0f867ec6-6159-4326-9394-222bd5020d0e" = Plants vs. Zombies - Game of the Year
    "WTA-20826861-de3b-42e2-b292-387b9606d4ca" = Final Drive: Nitro
    "WTA-2415bbf6-f96f-4740-9148-ba85611b808c" = Jewel Match 3
    "WTA-3e4f2f56-3325-411e-92bc-0fdc0b35ab85" = FATE
    "WTA-45c076a1-a32e-4ff3-b8db-a2f9727d6128" = Polar Bowler
    "WTA-5f4e63d7-4629-4126-bb8e-2d7b1b00f894" = Bejeweled 3
    "WTA-6563f3d7-2cdf-4b60-b93c-561fe5501b57" = Penguins!
    "WTA-67d8be8e-d5d9-45c6-a33f-ac054e65dc72" = John Deere Drive Green
    "WTA-aa78f78c-fc7b-42c0-a203-49e09228ae87" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
    "WTA-abb76df8-64dd-4ed6-a0a7-b679beb8db2d" = Slingo Deluxe
    "WTA-bb548544-6f1e-4a21-bbf4-ec5065b61b7d" = Torchlight
    "WTA-c074b1b5-f4e2-4bf2-914e-2fa7df85c396" = Insaniquarium Deluxe
    "WTA-dd858985-312b-4480-b5c7-fcefef4082e5" = Virtual Villagers 4 - The Tree of Life
    "WTA-e5a66a9b-851d-4397-ab58-2fd47f64aa80" = Zuma Deluxe
    "WTA-e8fd0092-901a-48db-95cd-cf5c0eb28ef4" = Wedding Dash
    "WTA-fd10dba8-ef2a-428e-bf82-81800588a32f" = Chuzzle Deluxe
    "XnView_is1" = XnView 1.99.1

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 20/05/2013 09:33:00 | Computer Name = Ysa-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 20/05/2013 09:43:01 | Computer Name = Ysa-PC | Source = CVHSVC | ID = 100
    Description = Pour information uniquement. (Patch task for {90140011-0066-040C-0000-0000000FF1CE}):
    DownloadLatest Failed: Il n’existe actuellement aucune connexion réseau active.
    Le service de transfert intelligent d’arrière plan (BITS) recommencera plus tard,
    lorsqu’une carte sera connectée.

    Error - 20/05/2013 20:44:13 | Computer Name = Ysa-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 20/05/2013 20:54:11 | Computer Name = Ysa-PC | Source = CVHSVC | ID = 100
    Description = Pour information uniquement. (Patch task for {90140011-0066-040C-0000-0000000FF1CE}):
    DownloadLatest Failed: Il n’existe actuellement aucune connexion réseau active.
    Le service de transfert intelligent d’arrière plan (BITS) recommencera plus tard,
    lorsqu’une carte sera connectée.

    Error - 21/05/2013 07:51:35 | Computer Name = Ysa-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 21/05/2013 08:15:53 | Computer Name = Ysa-PC | Source = CVHSVC | ID = 100
    Description = Pour information uniquement. Error: Le serveur a renvoyé une réponse
    non valide ou non reconnue ErrorCode: 14007(0x36b7).

    Error - 23/05/2013 07:36:11 | Computer Name = Ysa-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 23/05/2013 07:58:18 | Computer Name = Ysa-PC | Source = CVHSVC | ID = 100
    Description = Pour information uniquement. Error: Il n’existe actuellement aucune
    connexion réseau active. Le service de transfert intelligent d’arrière plan (BITS)
    recommencera plus tard, lorsqu’une carte sera connectée. ErrorCode: 14007(0x36b7).


    Error - 23/05/2013 08:12:12 | Computer Name = Ysa-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 23/05/2013 08:24:35 | Computer Name = Ysa-PC | Source = CVHSVC | ID = 100
    Description = Pour information uniquement. Error: Le serveur a renvoyé une réponse
    non valide ou non reconnue ErrorCode: 14007(0x36b7).

    [ Broadcom Wireless LAN Events ]
    Error - 23/07/2013 09:14:18 | Computer Name = Ysa-PC | Source = WLAN-Tray | ID = 0
    Description = 09:14:17, Tue, Jul 23, 13 Error - Unable to gain access to user store


    Error - 28/08/2013 08:02:23 | Computer Name = Ysa-PC | Source = WLAN-Tray | ID = 0
    Description = 08:02:20, Wed, Aug 28, 13 Error - Unable to gain access to user store


    [ System Events ]
    Error - 11/04/2013 13:48:56 | Computer Name = Ysa-PC | Source = bowser | ID = 8003
    Description =

    Error - 11/04/2013 14:24:56 | Computer Name = Ysa-PC | Source = bowser | ID = 8003
    Description =

    Error - 12/04/2013 06:49:04 | Computer Name = Ysa-PC | Source = Service Control Manager | ID = 7000
    Description = Le service McAfee SiteAdvisor Service n’a pas pu démarrer en raison
    de l’erreur : %%2

    Error - 12/04/2013 07:07:54 | Computer Name = Ysa-PC | Source = bowser | ID = 8003
    Description =

    Error - 12/04/2013 07:47:48 | Computer Name = Ysa-PC | Source = bowser | ID = 8003
    Description =

    Error - 12/04/2013 09:10:43 | Computer Name = Ysa-PC | Source = bowser | ID = 8003
    Description =

    Error - 12/04/2013 10:15:44 | Computer Name = Ysa-PC | Source = bowser | ID = 8003
    Description =

    Error - 12/04/2013 14:42:28 | Computer Name = Ysa-PC | Source = bowser | ID = 8003
    Description =

    Error - 12/04/2013 17:37:09 | Computer Name = Ysa-PC | Source = Service Control Manager | ID = 7000
    Description = Le service McAfee SiteAdvisor Service n’a pas pu démarrer en raison
    de l’erreur : %%2

    Error - 13/04/2013 18:06:30 | Computer Name = Ysa-PC | Source = Service Control Manager | ID = 7000
    Description = Le service McAfee SiteAdvisor Service n’a pas pu démarrer en raison
    de l’erreur : %%2


    < End of report >

    Score
    0
    Contenus similaires
    25 Septembre 2013 17:32:33

    Et le rapport OTL:
    OTL logfile created on: 25/09/2013 11:08:17 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ysa\Desktop\VIRUS CATCH
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16686)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    3,84 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 60,77% Memory free
    7,68 Gb Paging File | 5,72 Gb Available in Paging File | 74,39% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 913,41 Gb Total Space | 828,22 Gb Free Space | 90,67% Space Free | Partition Type: NTFS

    Computer Name: YSA-PC | User Name: Ysa | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Ysa\Desktop\VIRUS CATCH\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe ()
    PRC - C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe (Mozilla Foundation)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\ProgramData\MobileBrServ\mbbService.exe ()
    PRC - C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe ()
    PRC - C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe ()
    PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
    PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
    PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
    PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
    PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
    PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
    PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
    PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink)
    PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
    MOD - C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe ()
    MOD - C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe ()
    MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
    SRV:64bit: - (wltrysvc) -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE (Broadcom Corporation)
    SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
    SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
    SRV:64bit: - (Live Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
    SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
    SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
    SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MajIndexEducationService) -- C:\Program Files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe ()
    SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
    SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (Mobile Broadband HL Service) -- C:\ProgramData\MobileBrServ\mbbService.exe ()
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
    SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
    SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
    SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
    SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
    SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
    SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
    SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
    SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
    DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
    DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
    DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
    DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)
    DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)
    DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)
    DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
    DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
    DRV:64bit: - (BcmVWL) -- C:\Windows\SysNative\drivers\bcmvwl64.sys (Broadcom Corporation)
    DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation)
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
    DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
    DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
    DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
    DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.)
    DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
    DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
    DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
    DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
    DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
    DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
    DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
    DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
    DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
    DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
    DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
    DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation)
    DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation)
    DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2324830667-3944076634-2857977468-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-2324830667-3944076634-2857977468-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    IE - HKU\S-1-5-21-2324830667-3944076634-2857977468-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://webmail1m.orange.fr/webmail/fr_FR/inbox.html?FOL...
    IE - HKU\S-1-5-21-2324830667-3944076634-2857977468-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2324830667-3944076634-2857977468-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\firefoxextension [2013/08/19 12:46:34 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2013/08/19 12:46:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2013/01/07 08:48:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ysa\AppData\Roaming\mozilla\Extensions
    [2013/09/06 09:22:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/09/06 09:22:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/09/06 09:22:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll (Trend Micro Inc.)
    O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe (Broadcom Corporation)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [InstantUpdate] C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe ()
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
    O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
    O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2324830667-3944076634-2857977468-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-21-2324830667-3944076634-2857977468-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-21-2324830667-3944076634-2857977468-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
    O4 - Startup: C:\Users\Ysa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\S-1-5-21-2324830667-3944076634-2857977468-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.2.0.20 194.2.0.50
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{694050DF-A7ED-4A4B-AB33-62CB940546CB}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7CF27BD-DBEA-4172-8764-D37DF842D1F7}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7509347-0616-417D-BBEF-AD1C124F0644}: DhcpNameServer = 194.2.0.20 194.2.0.50
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe64.dll (Trend Micro Inc.)
    O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1104\7.1.1104\TmBpIe32.dll (Trend Micro Inc.)
    O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1361\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
    O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{af3a0cb5-ed94-11e2-8fd2-08edb9f71eed}\Shell - "" = AutoRun
    O33 - MountPoints2\{af3a0cb5-ed94-11e2-8fd2-08edb9f71eed}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/09/21 09:05:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
    [2013/09/21 09:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
    [2013/09/21 09:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2013/09/21 09:03:37 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/09/21 09:03:33 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/09/21 09:03:33 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/09/21 09:03:33 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/09/21 09:03:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    [2013/09/21 09:03:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2013/09/19 13:36:04 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/09/19 13:36:04 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/09/19 13:36:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/09/19 13:36:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013/09/19 13:36:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/09/19 13:36:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013/09/19 13:36:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/09/19 13:36:01 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/09/19 13:36:01 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/09/19 13:36:01 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/09/19 13:36:01 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/09/19 13:35:59 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/09/19 13:35:58 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/09/19 13:35:58 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/09/19 13:35:58 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/09/19 12:23:34 | 000,000,000 | ---D | C] -- C:\Users\Ysa\Desktop\VIRUS CATCH
    [2013/09/19 10:18:14 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
    [2013/09/19 09:08:08 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013/09/19 09:08:08 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2013/09/19 09:08:08 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2013/09/19 09:08:08 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
    [2013/09/19 09:08:08 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2013/09/19 09:08:07 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2013/09/19 09:08:07 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2013/09/19 09:08:04 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2013/09/19 09:08:04 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2013/09/19 09:08:04 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2013/09/19 09:08:04 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
    [2013/09/19 09:08:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
    [2013/09/19 09:08:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2013/09/19 09:08:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2013/09/19 09:08:03 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013/09/19 09:08:03 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013/09/19 09:08:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2013/09/19 09:08:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2013/09/19 09:08:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013/09/19 09:08:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013/09/19 09:08:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
    [2013/09/19 09:08:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
    [2013/09/19 09:08:02 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2013/09/19 09:08:02 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2013/09/19 09:08:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2013/09/19 09:08:02 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2013/09/19 09:08:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2013/09/19 09:08:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2013/09/19 09:08:02 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2013/09/19 09:08:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013/09/19 08:52:09 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
    [2013/09/19 06:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRONOTE Réseau 2013
    [2013/09/19 06:56:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Index Education
    [2013/09/06 09:22:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/09/03 15:41:23 | 000,000,000 | ---D | C] -- C:\Users\Ysa\Desktop\A imprimer

    ========== Files - Modified Within 30 Days ==========

    [2013/09/25 10:21:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/09/25 09:24:56 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/09/25 09:24:56 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/09/25 09:17:40 | 000,000,290 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2013/09/25 09:17:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/09/25 09:17:21 | 3094,102,016 | -HS- | M] () -- C:\hiberfil.sys
    [2013/09/21 09:05:34 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/09/21 09:05:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/09/21 09:03:18 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/09/21 09:03:17 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
    [2013/09/21 09:03:17 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/09/21 09:03:17 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/09/21 09:03:17 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/09/21 09:03:16 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
    [2013/09/19 13:35:45 | 001,735,090 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/09/19 13:35:45 | 000,760,060 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
    [2013/09/19 13:35:45 | 000,666,902 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/09/19 13:35:45 | 000,154,226 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
    [2013/09/19 13:35:45 | 000,130,784 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/09/19 10:46:47 | 000,452,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/09/19 06:57:37 | 000,002,347 | ---- | M] () -- C:\Users\Public\Desktop\Client PRONOTE 2013.lnk
    [2013/09/10 21:54:38 | 001,707,604 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

    ========== Files Created - No Company Name ==========

    [2013/09/19 06:57:37 | 000,002,347 | ---- | C] () -- C:\Users\Public\Desktop\Client PRONOTE 2013.lnk
    [2013/08/22 07:42:35 | 000,234,544 | ---- | C] () -- C:\Windows\RegBootClean64.exe
    [2012/10/26 19:06:32 | 000,000,290 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2012/10/26 19:02:21 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat
    [2012/06/15 22:43:05 | 001,735,090 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/05/14 06:29:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2012/05/14 06:29:54 | 013,024,768 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
    [2012/05/14 06:29:34 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
    [2012/05/14 06:29:34 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
    [2012/02/02 16:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/09/28 21:02:31 | 000,000,000 | ---D | M] -- C:\Users\Ysa\AppData\Roaming\clear.fiMVPSDK20
    [2012/09/22 18:42:46 | 000,000,000 | ---D | M] -- C:\Users\Ysa\AppData\Roaming\FoozKids
    [2012/09/22 18:24:13 | 000,000,000 | ---D | M] -- C:\Users\Ysa\AppData\Roaming\IndexEducation
    [2012/10/23 08:42:53 | 000,000,000 | ---D | M] -- C:\Users\Ysa\AppData\Roaming\OpenOffice.org
    [2012/09/22 13:24:26 | 000,000,000 | ---D | M] -- C:\Users\Ysa\AppData\Roaming\Screensaver
    [2012/10/16 16:21:04 | 000,000,000 | ---D | M] -- C:\Users\Ysa\AppData\Roaming\SoftGrid Client
    [2012/09/22 13:47:24 | 000,000,000 | ---D | M] -- C:\Users\Ysa\AppData\Roaming\TP
    [2012/10/26 18:48:35 | 000,000,000 | ---D | M] -- C:\Users\Ysa\AppData\Roaming\WildTangent
    [2013/06/18 08:41:46 | 000,000,000 | ---D | M] -- C:\Users\Ysa\AppData\Roaming\XnView

    ========== Purity Check ==========



    < End of report >
    Score
    0
    a b 8 Sécurité
    25 Septembre 2013 20:39:23

    Bonsoir,

    Je m'occupe de toi demain en début de soirée !

    Avant cela, peux-tu répondre à quelques questions stp ?

    As-tu déjà tenté quelque chose pour remédier à l'infection ? Si oui, quoi et avec quel(s) outil(s) ?
    As-tu étais suivie par un autre forum ?
    Ton ordinateur fait-il parti du réseau d'un lycée ou d'un collège ?

    En attendant les réponses à ces questions, j'aimerai te faire faire un scan supplémentaire :

    Télécharge USBFix (El desaparecido ) sur ton Bureau.

    • Clique sur l'icône Usbfix.exe pour lancer le programme.
      Clic-droit -> Exécuter en tant qu'administrateur sous Windows Vista, 7 et 8
    • Puis branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
    • Clique sur Rechercher. Un message s'affiche, vérifie que tes supports amovibles soit bien branchés et clique sur OK.
    • Laisse travailler l'outil.
    • A la fin du scan le rapport UsbFix.txt apparait, poste le.


  • Note : Le rapport généré par USBFix ce trouve ici : C:\UsbFix.txt

    A demain :) 
    Score
    0
    26 Septembre 2013 13:34:15

    Bonjour,
    Oui, j'ai utilisé la commande Attrib -r -s -h /D /S E:\*.*
    Oui, l'ordinateur fonctionne dans le cadre d'un collège.
    Non, je n'ai pas encore utilisé de forum pour régler ce problème sur ce pc portable.
    Voici le rapport de usb fix:
    ############################## | UsbFix V 7.138 | [Recherche]

    Utilisateur: Ysa (Administrateur) # YSA-PC
    Mis à jour le 20/09/2013 par El Desaparecido - Team SosVirus
    Lancé à 06:53:44 | 26/09/2013

    Site Web: http://www.usbfix.net/
    Forum : http://www.sosvirus.net/
    Upload Malware: http://www.sosvirus.net/upload_malware.php
    Contact: http://www.usbfix.net/contact/

    PC: Acer (Aspire V3-571G) (x64-based PC)
    CPU: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz (2501)
    RAM -> [Total : 3934 | Free : 2550]
    BIOS: InsydeH2O Version 03.71.48V1.07
    BOOT: Normal boot

    OS: Microsoft Windows 7 Édition Familiale Premium (6.1.7601 64-Bit) # Service Pack 1
    WB: Windows Internet Explorer 10.0.9200.16686

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [Enabled]
    AV: Trend Micro Titanium Internet Security 2012 [(!) Disabled | Updated]
    FW: Windows FireWall Service [Enabled]

    C:\ (%systemdrive%) -> Disque fixe # 913 Go (828 Go libre(s) - 91%) [Acer] # NTFS
    D:\ -> CD-ROM

    ################## | Processus Actif |

    C:\Windows\system32\csrss.exe (640)
    C:\Windows\system32\wininit.exe (916)
    C:\Windows\system32\csrss.exe (936)
    C:\Windows\system32\services.exe (980)
    C:\Windows\system32\winlogon.exe (1012)
    C:\Windows\system32\lsass.exe (336)
    C:\Windows\system32\lsm.exe (492)
    C:\Windows\system32\svchost.exe (724)
    C:\Windows\system32\nvvsvc.exe (784)
    C:\Windows\system32\svchost.exe (816)
    C:\Windows\System32\svchost.exe (972)
    C:\Windows\System32\svchost.exe (1028)
    C:\Windows\system32\svchost.exe (1080)
    C:\Windows\system32\svchost.exe (1112)
    C:\Windows\system32\svchost.exe (1284)
    C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE (1368)
    C:\Windows\system32\WLANExt.exe (1376)
    C:\Windows\system32\conhost.exe (1384)
    C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe (1408)
    C:\Windows\System32\spoolsv.exe (1512)
    C:\Windows\system32\svchost.exe (1540)
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1696)
    C:\Windows\system32\nvvsvc.exe (1708)
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe (1784)
    C:\Program Files (x86)\Index Education\Mise a jour automatique\ServiceMiseAJourIndex.exe (1792)
    C:\Windows\system32\taskhost.exe (1416)
    C:\Windows\system32\Dwm.exe (968)
    C:\Windows\Explorer.EXE (2020)
    C:\Windows\System32\igfxtray.exe (2324)
    C:\Windows\System32\hkcmd.exe (2348)
    C:\Windows\system32\igfxsrvc.exe (2372)
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (2380)
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (2444)
    C:\Windows\System32\igfxpers.exe (2468)
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2476)
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (2488)
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (2520)
    C:\Program Files\Elantech\ETDCtrl.exe (2532)
    C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (2624)
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe (2632)
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (2720)
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (2756)
    C:\Program Files (x86)\Launch Manager\LMworker.exe (2780)
    C:\Program Files (x86)\Launch Manager\LMutilps32.exe (2788)
    C:\Windows\system32\svchost.exe (2836)
    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (2892)
    C:\Program Files\Windows Sidebar\sidebar.exe (2980)
    C:\Program Files\Intel\iCLS Client\HeciServer.exe (2988)
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (2068)
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe (1108)
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (2304)
    C:\ProgramData\MobileBrServ\mbbservice.exe (3140)
    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (3204)
    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (3336)
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (3492)
    C:\Windows\system32\svchost.exe (3540)
    C:\Dolby PCEE4\pcee4.exe (3548)
    C:\Program Files (x86)\Launch Manager\LManager.exe (3576)
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (3596)
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (3680)
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (3688)
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (3764)
    C:\Windows\system32\igfxext.exe (3960)
    C:\Windows\system32\wbem\unsecapp.exe (528)
    C:\Windows\system32\wbem\wmiprvse.exe (2728)
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (4176)
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (4252)
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (4556)
    C:\Windows\system32\SearchIndexer.exe (4744)
    C:\Windows\system32\svchost.exe (5052)
    C:\Program Files\Windows Media Player\wmpnetwk.exe (4756)
    C:\Program Files\Elantech\ETDCtrlHelper.exe (5204)
    C:\Windows\SysWOW64\RunDll32.exe (5228)
    C:\Windows\System32\svchost.exe (5792)
    C:\Windows\system32\DllHost.exe (6060)
    C:\Windows\system32\taskeng.exe (3412)
    C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (5152)
    C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe (7100)
    C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe (6284)
    C:\Windows\system32\conhost.exe (5420)
    C:\Windows\system32\conhost.exe (7152)
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (3604)
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (4980)
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (2512)
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (6920)
    C:\Windows\servicing\TrustedInstaller.exe (6040)
    C:\Program Files\EgisTec IPS\PMMUpdate.exe (6932)
    C:\Program Files\EgisTec IPS\EgisUpdate.exe (5448)
    C:\UsbFix\Go.exe (4456)
    C:\Windows\system32\SearchProtocolHost.exe (5840)
    C:\Windows\system32\SearchFilterHost.exe (1584)
    C:\Windows\system32\wbem\wmiprvse.exe (3840)

    ################## | El Desaparecido Section |

    HKLM\SOFTWARE | Run : [SuiteTray] - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    HKLM\SOFTWARE | Run : [BackupManagerTray] - "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
    HKLM\SOFTWARE | Run : [Dolby Home Theater v4] - "C:\Dolby PCEE4\pcee4.exe" -autostart
    HKLM\SOFTWARE | Run : [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe
    HKLM\SOFTWARE | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    HKLM\SOFTWARE | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    HKLM\SOFTWARE\wow6432Node | Run : [SuiteTray] - "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    HKLM\SOFTWARE\wow6432Node | Run : [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    HKLM\SOFTWARE\wow6432Node | Run : [BackupManagerTray] - "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
    HKLM\SOFTWARE\wow6432Node | Run : [Dolby Home Theater v4] - "C:\Dolby PCEE4\pcee4.exe" -autostart
    HKLM\SOFTWARE\wow6432Node | Run : [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe
    HKLM\SOFTWARE\wow6432Node | Run : [USB3MON] - "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    HKLM\SOFTWARE\wow6432Node | Run : [SunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    HKLM\SOFTWARE | RunOnce : [] -
    HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
    HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-21-2324830667-3944076634-2857977468-1000\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-21-2324830667-3944076634-2857977468-1001\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
    HKU\S-1-5-19\SOFTWARE | RunOnce : [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
    HKU\S-1-5-20\SOFTWARE | RunOnce : [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-21-2324830667-3944076634-2857977468-1000\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
    HKU\S-1-5-21-2324830667-3944076634-2857977468-1000\SOFTWARE | RunOnce : [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default
    HKU\S-1-5-18\SOFTWARE | RunOnce : [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

    ################## | Éléments infectieux |

    Présent! C:\install.exe
    Présent! C:\Users\Ysa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlashPlayerPlug.lnk

    ################## | Registre |

    Présent! HKCU|njq8

    ################## | Mountpoints2 |

    HKCU\.\.\.\.\Explorer\MountPoints2\{af3a0cb5-ed94-11e2-8fd2-08edb9f71eed}
    Shell\AutoRun\Command = E:\AutoRun.exe



    ################## | Vaccin |

    (!) Cet ordinateur n'est pas vacciné!

    ################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |

    Dans l'attente de la suite de la procédure.
    Score
    0
    a b 8 Sécurité
    26 Septembre 2013 20:15:17

    Bonsoir,

    Ta clé USB n'apparaît pas dans le rapport, as-tu pensé à la brancher avant de lancer USBFix ?

    Est-ce le seul PC qui a un soucis avec le virus ?

    Peux-tu refaire le scan en branchant la clé USB infectée s'il te plaît ? :

  • Clique sur l'icône Usbfix.exe pour lancer le programme.
    Clic-droit -> Exécuter en tant qu'administrateur sous Windows Vista, 7 et 8
  • Puis branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
  • Clique sur Rechercher. Un message s'affiche, vérifie que tes supports amovibles soit bien branchés et clique sur OK.
  • Laisse travailler l'outil.

    Afin de ne pas encombrer le forum, peux tu héberger le rapport sur ce site d'hébergement de fichiers et indique le liens fourni dans ta réponse. Aide en images

    Merci :) 
    Score
    0
    a b 8 Sécurité
    27 Septembre 2013 10:58:47

    Bonjour,

    Tu n'as pas répondu à ma question : Est-ce le seul pc qui est concerné par l'infection ?

    /!\ Pense à brancher ta clé USB avant de faire la procédure d'en dessous /!\

    Ta clé est bien infectée, on va commencer le nettoyage, pour cela :

    • Clique sur l'icône Usbfix.exe pour lancer le programme.
      Clic-droit -> Exécuter en tant qu'administrateur sous Windows Vista, 7 et 8
    • Puis branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
    • Clique sur Suppression. Un message s'affiche, vérifie que tes supports amovibles soit bien branchés et clique sur OK.
    • Laisse travailler l'outil.
    • A la fin du scan le rapport UsbFix.txt apparait, héberge ce rapport sur ce site d'hébergement de fichiers et indique le lien fourni dans ta réponse. Aide en images


  • Note : Le rapport généré par USBFix ce trouve ici : C:\UsbFix.txt
    Score
    0
    a b 8 Sécurité
    27 Septembre 2013 15:57:51

    Rebonjour adminpronote.

    Je t'invite à ouvrir un nouveau post pour chacun des deux ordinateurs infectés, des helpeurs te prendront en charge.

    Est-ce que les fichiers de ta clé s'affichent désormais normalement ?

    Pour finaliser la désinfection, nous allons voir si tes programmes sont à jours.

    Pour cela, merci de suivre cette procédure :

    • Télécharge SX Check&Update (de igor 51) sur ton Bureau.

      /!\ Déconnecte-toi, désactive ton anti-virus et ferme toutes applications en cours /!\
    • Double-clique sur SXC&U.exe situé sur ton Bureau pour le lancer.

    • Au menu principal, choisis l'option Rapport.


    • Poste le lien du rapport qui s'affiche à ton écran. (héberge le aussi sur ce site d'hébergement de fichiers
      /!\ Pense à réactiver ton antivirus /!\


  • A+
    Score
    0
    a b 8 Sécurité
    29 Septembre 2013 18:53:33

    Bonjour adminpronote,

    Nous allons maintenant finaliser la désinfection :

    Mise à jour de Mozilla Firefox :

  • Télécharge et installe la nouvelle version de Firefox en cliquant ICI


    Suppression des outils de désinfection:

    Télécharge DelFix (de Xplode) sur ton bureau.

  • Ferme toutes tes fenêtres, puis double clique sur DelFix.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
  • Ne touche pas aux options cochées
  • Clique sur le bouton "Exécuter"
  • Laisse travailler l'outil.
  • Le rapport est enregistré dans à la base de ton disque dur, (C:\DelFix.txt généralement) merci de copier-coller son contenu dans ta prochaine réponse.

    ------------------------------------------------------------------------------------------------------------------------------------------

    Pour aller plus loin dans ta protection et éviter de te faire réinfecter voici quelques conseils supplémentaires :

    Attention lors de l'installation de logiciel :
    Veiller à toujours lire les conditions d'utilisation (CLUF), afin de déceler la gestion des données personnelles, l'installation de sponsors publicitaires ou tout autre atteintes à la vie privée. Refuser les toolbars et autres addons proposés.
    A lire !

    Firefox et/ou Chrome offrent une meilleure sécurité par rapport à Internet Explorer, surtout si on les complète de quelques plugins très intéressant : Noscript et WOT par exemple. (pour Chrome : NoScript ; WOT )

    Maintenir ses logiciels et son système à jour :
    De nombreuses infections sont dû à des failles de windows, mais aussi de logiciel tiers, comme Sun Java, Adobe Acrobat Reader, etc
    Tu peux faire un scan de vulnérabilité pour connaitre tes logiciels présentant des failles non corrigées ou à mettre à jour.
    Ou utiliser un outil comme SXCU pour vérifier occasionnellement.

    Enfin, le plus important reste ton comportement sur ton PC, tu restes la plus importante protection : Évites les comportement à risque : P2P, cracks, téléchargements et installations douteux via des pubs, les messageries instantanées, ou des sites inconnu, sites pornographiques.
    A lire !
    Ici aussi !

    A +
    Score
    0
    30 Septembre 2013 00:37:07

    OTL logfile created on: 29/09/2013 20:38:26 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\TOSHIBA\Mes documents\Downloads\Programs
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1,99 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 58,20% Memory free
    3,84 Gb Paging File | 3,14 Gb Available in Paging File | 81,92% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 56,64 Gb Total Space | 8,42 Gb Free Space | 14,86% Space Free | Partition Type: NTFS
    Drive D: | 55,14 Gb Total Space | 11,84 Gb Free Space | 21,48% Space Free | Partition Type: NTFS

    Computer Name: ECHUI2-PC | User Name: TOSHIBA | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\TOSHIBA\Mes documents\Downloads\Programs\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Google Inc.)
    PRC - C:\Program Files\Internet Download Manager\crack.exe (Tonec Inc.)
    PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    PRC - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc.)
    PRC - C:\Program Files\Kingsoft\PCDoctor\KSafeTray.exe (Kingsoft Corporation)
    PRC - C:\Program Files\Kingsoft\PCDoctor\KSafeSvc.exe (Kingsoft Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\AVAST Software\Avast\defs\13092900\algo.dll ()
    MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Program Files\Fichiers communs\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Fichiers communs\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\Kingsoft\PCDoctor\zlib1.dll ()
    MOD - C:\Program Files\Kingsoft\PCDoctor\json.dll ()
    MOD - C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ffdshow.ax ()
    MOD - C:\WINDOWS\system32\msdmo.dll ()


    ========== Services (SafeList) ==========

    SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (Apple Mobile Device) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (KSafeSvc) -- C:\Program Files\Kingsoft\PCDoctor\KSafeSvc.exe (Kingsoft Corporation)
    SRV - (odserv) -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
    SRV - (ose) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (WDICA) -- File not found
    DRV - (PDRFRAME) -- File not found
    DRV - (PDRELI) -- File not found
    DRV - (PDFRAME) -- File not found
    DRV - (PDCOMP) -- File not found
    DRV - (PCIDump) -- File not found
    DRV - (lbrtfdc) -- File not found
    DRV - (i2omgmt) -- File not found
    DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
    DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found
    DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found
    DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found
    DRV - (Changer) -- File not found
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (AswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
    DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (IDMTDI) -- C:\WINDOWS\system32\drivers\idmtdi.sys (Tonec Inc.)
    DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
    DRV - (BC) -- C:\WINDOWS\system32\drivers\BC.sys (Kingsoft Corporation)
    DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
    DRV - (bcm) -- C:\WINDOWS\system32\drivers\drxvi314.sys (Beceem communications pvt ltd.)
    DRV - (bcmbusctr) -- C:\WINDOWS\system32\drivers\BcmBusCtr.sys (Beceem communications pvt ltd.)
    DRV - (VSPerfDrv100) -- c:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys (Microsoft Corporation)
    DRV - (RsFx0103) -- C:\WINDOWS\system32\drivers\RsFx0103.sys (Microsoft Corporation)
    DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
    DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
    DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
    DRV - (FwLnk) -- C:\WINDOWS\system32\drivers\FwLnk.sys (TOSHIBA Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-527237240-2049760794-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.softonic.com/INF00212/tb_v1?SearchSource=...
    IE - HKU\S-1-5-21-527237240-2049760794-1606980848-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-527237240-2049760794-1606980848-1003\..\SearchScopes,DefaultScope = {83EB8E1D-E7CE-48BC-89F0-FDAE7CE3C4FC}
    IE - HKU\S-1-5-21-527237240-2049760794-1606980848-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
    IE - HKU\S-1-5-21-527237240-2049760794-1606980848-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=...{searchTerms}&locale=en_US&apn_ptnrs=^F4&apn_dtid=^YYYYYY^YY^CI&apn_uid=9CCA1313-8D44-4257-A953-E916812CFBDB&apn_sauid=075BC2E1-882D-4974-9902-2BA9A967028A
    IE - HKU\S-1-5-21-527237240-2049760794-1606980848-1003\..\SearchScopes\{83EB8E1D-E7CE-48BC-89F0-FDAE7CE3C4FC}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-527237240-2049760794-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-527237240-2049760794-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.startup.homepage: "https://www.google.ci/"
    FF - prefs.js..extensions.enabledAddons: pluswinks%40PlusWinks:1.0.0.5
    FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
    FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.47
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/09/29 09:17:08 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\TOSHIBA\Application Data\IDM\idmmzcc5 [2013/09/29 09:34:30 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Documents and Settings\TOSHIBA\Application Data\IDM\idmmzcc5 [2013/09/29 09:34:30 | 000,000,000 | ---D | M]

    [2013/05/28 12:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TOSHIBA\Application Data\Mozilla\Extensions
    [2013/09/15 22:50:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\TOSHIBA\Application Data\Mozilla\Firefox\Profiles\xerrjkry.default\extensions
    [2013/09/15 22:50:57 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\TOSHIBA\Application Data\Mozilla\Firefox\Profiles\xerrjkry.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2013/08/01 09:35:11 | 000,066,602 | ---- | M] () (No name found) -- C:\Documents and Settings\TOSHIBA\Application Data\Mozilla\Firefox\Profiles\xerrjkry.default\extensions\pluswinks@PlusWinks.xpi
    [2013/06/26 08:01:38 | 000,002,339 | ---- | M] () -- C:\Documents and Settings\TOSHIBA\Application Data\Mozilla\Firefox\Profiles\xerrjkry.default\searchplugins\askcom.xml
    [2013/06/24 17:24:53 | 000,001,434 | ---- | M] () -- C:\Documents and Settings\TOSHIBA\Application Data\Mozilla\Firefox\Profiles\xerrjkry.default\searchplugins\softonic.xml
    [2013/08/26 18:01:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/08/26 18:01:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/09/29 09:34:30 | 000,000,000 | ---D | M] (IDM CC) -- C:\DOCUMENTS AND SETTINGS\TOSHIBA\APPLICATION DATA\IDM\IDMMZCC5

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:o riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:o mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.76\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
    CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
    CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
    CHR - Extension: Documents Google = C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Google\Chrome\User Data\default\extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
    CHR - Extension: Documents Google = C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Google\Chrome\User Data\default\extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google\u00A0Drive = C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Google\Chrome\User Data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: Google\u00A0Drive = C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Google\Chrome\User Data\default\extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Google\Chrome\User Data\default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: YouTube = C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Google\Chrome\User Data\default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Recherche Google = C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Google\Chrome\User Data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Recherche Google = C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Google\Chrome\User Data\default\extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: IDM Integration = C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Google\Chrome\User Data\default\extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.14_0\
    CHR - Extension: IDM Integration = C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Google\Chrome\User Data\default\extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.14_1\
    CHR - Extension: IDM Integration = C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Google\Chrome\User Data\default\extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.14_2\
    CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Google\Chrome\User Data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
    CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Google\Chrome\User Data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\
    CHR - Extension: Chrome In-App Payments service = C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Google\Chrome\User Data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\
    CHR - Extension: Gmail = C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Google\Chrome\User Data\default\extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (Cool Smiley Bar for Facebook) - {4723AAA8-B2F9-4CC1-9E60-190976DB1FA4} - C:\Program Files\Cool Smiley Bar for Facebook\ScriptHost.dll (Plus Winks)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-527237240-2049760794-1606980848-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O4 - HKLM..\Run: [KSafeTray] C:\Program files\Kingsoft\PCDoctor\KSafeTray.exe (Kingsoft Corporation)
    O4 - HKLM..\Run: [xGyreppr] wscript.exe //B "C:\DOCUME~1\TOSHIBA\LOCALS~1\Temp\xGyreppr.vbs" File not found
    O4 - HKU\S-1-5-21-527237240-2049760794-1606980848-1003..\Run: [Facebook Update] C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-527237240-2049760794-1606980848-1003..\Run: [uTorrent] C:\Documents and Settings\TOSHIBA\Application Data\uTorrent\uTorrent.exe (BitTorrent Inc.)
    O4 - HKU\S-1-5-21-527237240-2049760794-1606980848-1003..\Run: [xGyreppr] wscript.exe //B "C:\DOCUME~1\TOSHIBA\LOCALS~1\Temp\xGyreppr.vbs" File not found
    O4 - Startup: C:\Documents and Settings\TOSHIBA\Menu Démarrer\Programmes\Démarrage\xGyreppr.vbs ()
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-527237240-2049760794-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
    O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
    O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
    O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/fl... (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{281EABF8-6A5F-4AC9-8C9C-878AD281437A}: NameServer = 8.8.8.8,8.8.4.4
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/05/28 12:19:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2013/06/10 07:20:39 | 000,000,000 | ---D | M] - C:\AUTOGEO2 -- [ NTFS ]
    O33 - MountPoints2\{065a68d8-cf89-11e2-a2f0-001644b5de2d}\Shell - "" = AutoRun
    O33 - MountPoints2\{065a68d8-cf89-11e2-a2f0-001644b5de2d}\Shell\AutoRun\command - "" = F:\Setup.exe
    O33 - MountPoints2\{30ad0486-1926-11e3-ab07-001644b5de2d}\Shell - "" = AutoRun
    O33 - MountPoints2\{30ad0486-1926-11e3-ab07-001644b5de2d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{497a9478-0d65-11e3-aaef-001644b5de2d}\Shell - "" = AutoRun
    O33 - MountPoints2\{497a9478-0d65-11e3-aaef-001644b5de2d}\Shell\AutoRun\command - "" = F:\HWPcAssistant.exe
    O33 - MountPoints2\{9fee4190-0d85-11e3-aaf0-001644b5de2d}\Shell - "" = AutoRun
    O33 - MountPoints2\{9fee4190-0d85-11e3-aaf0-001644b5de2d}\Shell\AutoRun\command - "" = G:\HWPcAssistant.exe
    O33 - MountPoints2\{a2354702-0fd8-11e3-aaf5-001644b5de2d}\Shell - "" = AutoRun
    O33 - MountPoints2\{a2354702-0fd8-11e3-aaf5-001644b5de2d}\Shell\AutoRun\command - "" = F:\Setup.exe
    O33 - MountPoints2\{b43624b9-166f-11e3-aafd-001644b5de2d}\Shell - "" = AutoRun
    O33 - MountPoints2\{b43624b9-166f-11e3-aafd-001644b5de2d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{b43624bc-166f-11e3-aafd-001644b5de2d}\Shell - "" = AutoRun
    O33 - MountPoints2\{b43624bc-166f-11e3-aafd-001644b5de2d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{d2125340-d676-11e2-aa47-001644b5de2d}\Shell - "" = AutoRun
    O33 - MountPoints2\{d2125340-d676-11e2-aa47-001644b5de2d}\Shell\AutoRun\command - "" = F:\HWPcAssistant.exe
    O33 - MountPoints2\{d424cc1d-173b-11e3-ab01-001644b5de2d}\Shell - "" = AutoRun
    O33 - MountPoints2\{d424cc1d-173b-11e3-ab01-001644b5de2d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/09/29 09:18:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\avast! Free Antivirus
    [2013/09/29 09:18:25 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2013/09/29 09:18:24 | 000,369,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2013/09/29 09:18:21 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2013/09/29 09:18:19 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2013/09/29 09:18:18 | 000,770,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2013/09/29 09:18:15 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2013/09/29 09:18:15 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
    [2013/09/29 09:16:34 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2013/09/29 09:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2013/09/29 09:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2013/09/26 08:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TOSHIBA\Bureau\nazaire
    [2013/09/24 15:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TOSHIBA\Bureau\Michel
    [2013/09/17 19:34:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
    [2013/09/11 23:55:19 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
    [2013/09/10 23:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\TOSHIBA\Bureau\Nouveau dossier
    [2013/09/05 21:54:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MTN F@stLink
    [2013/09/05 21:53:59 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
    [2013/09/05 21:53:11 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01007.dll
    [2013/09/05 21:53:11 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WdfCoInstaller01007.dll
    [2013/09/05 21:53:11 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccid.sys
    [2013/09/05 21:51:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DatacardService
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/09/29 20:46:01 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2013/09/29 20:20:09 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2013/09/29 19:57:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
    [2013/09/29 18:41:12 | 000,001,006 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-527237240-2049760794-1606980848-1003UA.job
    [2013/09/29 16:20:00 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2013/09/29 15:41:01 | 000,000,984 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-527237240-2049760794-1606980848-1003Core.job
    [2013/09/29 09:18:26 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk
    [2013/09/29 09:18:16 | 000,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/09/29 09:18:15 | 000,003,072 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2013/09/29 09:08:18 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\KsafeDelay.job
    [2013/09/29 09:07:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2013/09/29 09:07:32 | 2136,952,832 | -HS- | M] () -- C:\hiberfil.sys
    [2013/09/29 08:58:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2013/09/28 06:35:42 | 000,004,715 | ---- | M] () -- C:\Documents and Settings\TOSHIBA\Bureau\kigali.jpg
    [2013/09/28 06:17:55 | 000,091,567 | ---- | M] () -- C:\Documents and Settings\TOSHIBA\Bureau\SS7_EFORT$5B1$5D.pdf
    [2013/09/27 17:12:39 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Skype.lnk
    [2013/09/26 08:50:53 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/09/24 11:09:31 | 000,061,298 | ---- | M] () -- C:\Documents and Settings\TOSHIBA\Bureau\TDR Etude deux Ouvrages (1).pdf
    [2013/09/20 23:16:50 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk
    [2013/09/20 17:58:29 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
    [2013/09/20 17:58:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
    [2013/09/16 15:13:47 | 000,263,024 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2013/09/16 15:05:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2013/09/16 13:24:12 | 000,072,864 | ---- | M] () -- C:\Documents and Settings\TOSHIBA\Mes documents\INVITATION.zip
    [2013/09/12 21:53:49 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\TOSHIBA\Mes documents\spider.sav
    [2013/09/09 08:41:31 | 000,580,198 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
    [2013/09/09 08:41:31 | 000,511,050 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2013/09/09 08:41:31 | 000,109,744 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
    [2013/09/09 08:41:30 | 000,095,114 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2013/09/05 21:54:15 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
    [2013/09/05 21:54:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
    [2013/09/05 21:52:29 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccid.sys
    [2013/09/05 21:52:27 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01007.dll
    [2013/09/05 21:52:27 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WdfCoInstaller01007.dll
    [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/09/29 10:44:25 | 007,316,536 | ---- | C] () -- C:\Documents and Settings\TOSHIBA\Bureau\soprano - chateau de sable feat Awa imani - YouTube.mp4
    [2013/09/29 09:18:26 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\avast! Free Antivirus.lnk
    [2013/09/29 09:18:17 | 000,177,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
    [2013/09/29 09:18:16 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
    [2013/09/29 09:18:16 | 000,000,318 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
    [2013/09/28 21:21:49 | 000,131,177 | -HS- | C] () -- C:\Documents and Settings\TOSHIBA\Menu Démarrer\Programmes\Démarrage\xGyreppr.vbs
    [2013/09/28 06:35:41 | 000,004,715 | ---- | C] () -- C:\Documents and Settings\TOSHIBA\Bureau\kigali.jpg
    [2013/09/28 06:19:29 | 000,091,567 | ---- | C] () -- C:\Documents and Settings\TOSHIBA\Bureau\SS7_EFORT$5B1$5D.pdf
    [2013/09/24 11:09:19 | 000,061,298 | ---- | C] () -- C:\Documents and Settings\TOSHIBA\Bureau\TDR Etude deux Ouvrages (1).pdf
    [2013/09/16 13:23:59 | 000,072,864 | ---- | C] () -- C:\Documents and Settings\TOSHIBA\Mes documents\INVITATION.zip
    [2013/09/12 21:53:49 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\TOSHIBA\Mes documents\spider.sav
    [2013/09/08 14:05:40 | 000,831,416 | ---- | C] () -- C:\Documents and Settings\TOSHIBA\Bureau\role 2 femme.mp3
    [2013/09/05 21:54:15 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
    [2013/09/05 21:54:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
    [2013/07/01 08:00:50 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
    [2013/06/19 07:38:06 | 000,001,191 | ---- | C] () -- C:\Documents and Settings\TOSHIBA\.opgalaxy7.vr
    [2013/06/12 09:41:51 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\TOSHIBA\.packettracer
    [2013/06/11 11:11:20 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
    [2013/06/07 17:21:18 | 002,028,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\macxvi200.bin
    [2013/06/07 15:18:30 | 000,367,792 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-527237240-2049760794-1606980848-1003-0.dat
    [2013/06/07 15:18:29 | 000,269,054 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
    [2013/06/02 11:50:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
    [2013/05/31 13:59:00 | 000,071,168 | ---- | C] () -- C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/05/28 12:44:39 | 001,498,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
    [2013/05/28 12:23:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2013/05/28 12:15:12 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2013/05/28 12:07:53 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2013/05/28 12:06:32 | 000,263,024 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

    ========== ZeroAccess Check ==========


    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shdocvw.dll -- [2013/04/16 21:18:19 | 001,510,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 10:53:55 | 000,473,600 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 12:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========

    [2013/08/21 21:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2013/09/29 09:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2013/09/17 19:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
    [2013/07/24 07:01:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
    [2013/06/07 15:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IDM
    [2013/07/25 17:23:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
    [2013/06/09 21:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kingsoft
    [2013/06/14 09:59:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\KRSHistory
    [2013/09/05 21:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MTN F@stLink
    [2013/06/07 09:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PreEmptive Solutions
    [2013/09/29 10:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Safe
    [2013/09/23 23:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\DMCache
    [2013/06/02 12:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\ESET
    [2013/09/27 10:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\File Scout
    [2013/06/11 00:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\Foxit Software
    [2013/06/24 16:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\Free MP3 WMA OGG Converter
    [2013/09/20 08:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\IDM
    [2013/06/07 11:11:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\kingsoft
    [2013/06/07 15:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\KSafe
    [2013/06/13 22:11:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\Opera
    [2013/07/25 08:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\PerformerSoft
    [2013/07/15 11:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\PlusWinks
    [2013/07/22 13:18:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\SpecialSavings
    [2013/07/15 11:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\SpeedAnalysis2
    [2013/09/29 09:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TOSHIBA\Application Data\uTorrent

    ========== Purity Check ==========



    < End of report >


    OTL Extras logfile created on: 29/09/2013 20:38:26 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\TOSHIBA\Mes documents\Downloads\Programs
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

    1,99 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 58,20% Memory free
    3,84 Gb Paging File | 3,14 Gb Available in Paging File | 81,92% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 56,64 Gb Total Space | 8,42 Gb Free Space | 14,86% Space Free | Partition Type: NTFS
    Drive D: | 55,14 Gb Total Space | 11,84 Gb Free Space | 21,48% Space Free | Partition Type: NTFS

    Computer Name: ECHUI2-PC | User Name: TOSHIBA | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-527237240-2049760794-1606980848-1003\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:D isabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:D isabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:D isabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:D isabled:@xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
    "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "C:\Documents and Settings\TOSHIBA\Application Data\uTorrent\uTorrent.exe" = C:\Documents and Settings\TOSHIBA\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
    "C:\Program Files\Cisco Packet Tracer 5.3\bin\PacketTracer5.exe" = C:\Program Files\Cisco Packet Tracer 5.3\bin\PacketTracer5.exe:*:D isabled:p acketTracer5 -- ()
    "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:o pera Internet Browser -- (Opera Software)
    "C:\Program Files\OPNET EDU\9.1.A\sys\pc_intel_win32\bin\itguru.exe" = C:\Program Files\OPNET EDU\9.1.A\sys\pc_intel_win32\bin\itguru.exe:*:Enabled:o PNET 9.1.A -- (OPNET Technologies, Inc.)
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
    "C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Fichiers communs\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Service Bonjour -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\TOSHIBA\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{170DE2A7-4768-370C-9671-D8D17826EFBF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
    "{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
    "{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
    "{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
    "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
    "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
    "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
    "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
    "{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
    "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0010-040C-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (French) 12
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
    "{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
    "{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
    "{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
    "{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
    "{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
    "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
    "{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
    "{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
    "{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
    "{9B486871-27EB-49A5-8832-77176E63333C}" = iTunes
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
    "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
    "{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
    "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
    "{DBFA98B2-1D1D-488C-B80D-26057DA9A492}" = OPNET IT Guru Academic Edition 9.1
    "{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
    "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
    "{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
    "{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "avast" = avast! Free Antivirus
    "Cisco Packet Tracer 5.3_is1" = Cisco Packet Tracer 5.3
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = Soft Modem with SmartCP
    "Cool Smiley Bar for Facebook" = Cool Smiley Bar for Facebook
    "FormatFactory" = FormatFactory 2.70
    "Foxit Reader_is1" = Foxit Reader
    "Google Chrome" = Google Chrome
    "ie8" = Windows Internet Explorer 8
    "Internet Download Manager" = Internet Download Manager
    "Kingsoft PC Doctor" = Kingsoft PC Doctor 3.3.1.9
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
    "Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "Mozilla Firefox 23.0.1 (x86 fr)" = Mozilla Firefox 23.0.1 (x86 fr)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Opera 12.16.1860" = Opera 12.16
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "Updater Service" = Updater Service
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.0.5
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "WiMAX Connection Manager" = WiMAX Connection Manager
    "WinRAR archiver" = WinRAR 4.20 (32-bit)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-527237240-2049760794-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
    "VisualBee for Microsoft PowerPoint" = VisualBee for Microsoft PowerPoint

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 23/09/2013 14:41:05 | Computer Name = ECHUI2-PC | Source = Google Update | ID = 20
    Description =

    Error - 24/09/2013 05:41:06 | Computer Name = ECHUI2-PC | Source = Google Update | ID = 20
    Description =

    Error - 24/09/2013 08:41:05 | Computer Name = ECHUI2-PC | Source = Google Update | ID = 20
    Description =

    Error - 24/09/2013 11:41:05 | Computer Name = ECHUI2-PC | Source = Google Update | ID = 20
    Description =

    Error - 24/09/2013 14:41:05 | Computer Name = ECHUI2-PC | Source = Google Update | ID = 20
    Description =

    Error - 24/09/2013 17:41:05 | Computer Name = ECHUI2-PC | Source = Google Update | ID = 20
    Description =

    Error - 25/09/2013 08:41:05 | Computer Name = ECHUI2-PC | Source = Google Update | ID = 20
    Description =

    Error - 25/09/2013 11:41:05 | Computer Name = ECHUI2-PC | Source = Google Update | ID = 20
    Description =

    Error - 25/09/2013 14:41:05 | Computer Name = ECHUI2-PC | Source = Google Update | ID = 20
    Description =

    Error - 26/09/2013 08:41:05 | Computer Name = ECHUI2-PC | Source = Google Update | ID = 20
    Description =

    [ System Events ]
    Error - 29/09/2013 01:23:36 | Computer Name = ECHUI2-PC | Source = DCOM | ID = 10009
    Description = DCOM n'a pas pu communiquer avec l'ordinateur localilililili en utilisant
    les protocoles configurés.

    Error - 29/09/2013 01:23:38 | Computer Name = ECHUI2-PC | Source = DCOM | ID = 10009
    Description = DCOM n'a pas pu communiquer avec l'ordinateur localilililili en utilisant
    les protocoles configurés.

    Error - 29/09/2013 01:24:13 | Computer Name = ECHUI2-PC | Source = DCOM | ID = 10009
    Description = DCOM n'a pas pu communiquer avec l'ordinateur localilililili en utilisant
    les protocoles configurés.

    Error - 29/09/2013 01:24:15 | Computer Name = ECHUI2-PC | Source = DCOM | ID = 10009
    Description = DCOM n'a pas pu communiquer avec l'ordinateur localilililili en utilisant
    les protocoles configurés.

    Error - 29/09/2013 01:24:50 | Computer Name = ECHUI2-PC | Source = DCOM | ID = 10009
    Description = DCOM n'a pas pu communiquer avec l'ordinateur localilililili en utilisant
    les protocoles configurés.

    Error - 29/09/2013 01:24:52 | Computer Name = ECHUI2-PC | Source = DCOM | ID = 10009
    Description = DCOM n'a pas pu communiquer avec l'ordinateur localilililili en utilisant
    les protocoles configurés.

    Error - 29/09/2013 01:25:27 | Computer Name = ECHUI2-PC | Source = DCOM | ID = 10009
    Description = DCOM n'a pas pu communiquer avec l'ordinateur localilililili en utilisant
    les protocoles configurés.

    Error - 29/09/2013 01:25:29 | Computer Name = ECHUI2-PC | Source = DCOM | ID = 10009
    Description = DCOM n'a pas pu communiquer avec l'ordinateur localilililili en utilisant
    les protocoles configurés.

    Error - 29/09/2013 01:26:04 | Computer Name = ECHUI2-PC | Source = DCOM | ID = 10009
    Description = DCOM n'a pas pu communiquer avec l'ordinateur localilililili en utilisant
    les protocoles configurés.

    Error - 29/09/2013 01:26:06 | Computer Name = ECHUI2-PC | Source = DCOM | ID = 10009
    Description = DCOM n'a pas pu communiquer avec l'ordinateur localilililili en utilisant
    les protocoles configurés.


    < End of report >

    Score
    0

    Meilleure solution

    30 Septembre 2013 01:21:38

    # DelFix v10.4 - Rapport créé le 29/09/2013 à 23:19:06
    # Mis à jour le 19/07/2013 par Xplode
    # Nom d'utilisateur : TOSHIBA - ECHUI2-PC
    # Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)

    ~ Suppression des outils de désinfection ...

    Supprimée : HKLM\SOFTWARE\OldTimer Tools

    ########## - EOF - ##########
    partage
    30 Septembre 2013 03:01:27

    nicoolas a dit :
    Bonjour adminpronote,

    Nous allons maintenant finaliser la désinfection :

    Mise à jour de Mozilla Firefox :

  • Télécharge et installe la nouvelle version de Firefox en cliquant ICI


    Suppression des outils de désinfection:

    Télécharge DelFix (de Xplode) sur ton bureau.

  • Ferme toutes tes fenêtres, puis double clique sur DelFix.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
  • Ne touche pas aux options cochées
  • Clique sur le bouton "Exécuter"
  • Laisse travailler l'outil.
  • Le rapport est enregistré dans à la base de ton disque dur, (C:\DelFix.txt généralement) merci de copier-coller son contenu dans ta prochaine réponse.

    ------------------------------------------------------------------------------------------------------------------------------------------

    Pour aller plus loin dans ta protection et éviter de te faire réinfecter voici quelques conseils supplémentaires :

    Attention lors de l'installation de logiciel :
    Veiller à toujours lire les conditions d'utilisation (CLUF), afin de déceler la gestion des données personnelles, l'installation de sponsors publicitaires ou tout autre atteintes à la vie privée. Refuser les toolbars et autres addons proposés.
    A lire !

    Firefox et/ou Chrome offrent une meilleure sécurité par rapport à Internet Explorer, surtout si on les complète de quelques plugins très intéressant : Noscript et WOT par exemple. (pour Chrome : NoScript ; WOT )

    Maintenir ses logiciels et son système à jour :
    De nombreuses infections sont dû à des failles de windows, mais aussi de logiciel tiers, comme Sun Java, Adobe Acrobat Reader, etc
    Tu peux faire un scan de vulnérabilité pour connaitre tes logiciels présentant des failles non corrigées ou à mettre à jour.
    Ou utiliser un outil comme SXCU pour vérifier occasionnellement.

    Enfin, le plus important reste ton comportement sur ton PC, tu restes la plus importante protection : Évites les comportement à risque : P2P, cracks, téléchargements et installations douteux via des pubs, les messageries instantanées, ou des sites inconnu, sites pornographiques.
    A lire !
    Ici aussi !

    A +


  • Bonsoir et merci pour tes conseils.
    Ultime rapport:
    # DelFix v10.4 - Rapport créé le 29/09/2013 à 20:55:28
    # Mis à jour le 19/07/2013 par Xplode
    # Nom d'utilisateur : Ysa - YSA-PC
    # Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)

    ~ Suppression des outils de désinfection ...

    Supprimé : C:\USBFix
    Supprimé : C:\UsbFix [Clean 2] YSA-PC.txt
    Supprimé : C:\UsbFix [Scan 3] YSA-PC.txt
    Supprimée : HKCU\Software\USBFix
    Supprimée : HKLM\SOFTWARE\OldTimer Tools
    Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USBFix

    ########## - EOF - ##########
    @+


    Score
    0
    a b 8 Sécurité
    30 Septembre 2013 12:19:30

    Bonjour adminpronote,

    Ok tout est bon cette fois :) 

    N'oublie pas de recréer 2 sujets différents pour chacun de tes deux PC à désinfecter :) 

    @Echui : Merci de créer votre propre sujet pour la désinfection. De plus, un bonjour et une explication des symptômes n'auraient pas été de trop.
    Score
    0
    9 Octobre 2013 22:06:33

    nicoolas a dit :
    Bonsoir,

    Je m'occupe de toi demain en début de soirée !

    Avant cela, peux-tu répondre à quelques questions stp ?

    As-tu déjà tenté quelque chose pour remédier à l'infection ? Si oui, quoi et avec quel(s) outil(s) ?
    As-tu étais suivie par un autre forum ?
    Ton ordinateur fait-il parti du réseau d'un lycée ou d'un collège ?

    En attendant les réponses à ces questions, j'aimerai te faire faire un scan supplémentaire :

    Télécharge USBFix (El desaparecido ) sur ton Bureau.

    • Clique sur l'icône Usbfix.exe pour lancer le programme.
      Clic-droit -> Exécuter en tant qu'administrateur sous Windows Vista, 7 et 8
    • Puis branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.
    • Clique sur Rechercher. Un message s'affiche, vérifie que tes supports amovibles soit bien branchés et clique sur OK.
    • Laisse travailler l'outil.
    • A la fin du scan le rapport UsbFix.txt apparait, poste le.


  • Note : Le rapport généré par USBFix ce trouve ici : C:\UsbFix.txt

    A demain :) 


    Score
    0
    9 Octobre 2013 22:09:16

    ############################## | UsbFix V 7.144 | [Recherche]

    Utilisateur: Djo N'Guessan (Administrateur) # WL
    Mis à jour le 08/10/2013 par El Desaparecido - Team SosVirus
    Lancé à 19:14:47 | 09/10/2013

    Site Web: http://www.usbfix.net/
    Forum : http://www.sosvirus.net/
    Upload Malware: http://www.sosvirus.net/upload_malware.php
    Contact: http://www.usbfix.net/contact/

    PC: Acer (Aspire V5-431P)
    CPU: Intel(R) Celeron(R) CPU 1007U @ 1.50GHz
    RAM -> [Total : 3892 | Free : 1629]
    Bios: Phoenix Technologies Ltd.
    Boot: Normal boot

    OS: Microsoft Windows 8 (6.2.9200 64-Bit) #
    WB: Windows Internet Explorer 10.0.9200.16688

    SC: Security Center Service [Enabled]
    WU: Windows Update Service [(!) Disabled]
    AV: avast! Internet Security [(!) Disabled | Updated]
    FW: Windows FireWall Service [Enabled]

    C:\ (%systemdrive%) -> Disque fixe # 244 Go (181 Go libre(s) - 74%) [SYSTEME] # NTFS
    D:\ -> CD-ROM
    E:\ -> Disque fixe # 205 Go (203 Go libre(s) - 99%) [DONNEES] # NTFS
    G:\ -> Disque amovible # 2 Go (1017 Mo libre(s) - 54%) [JOHFILS] # FAT

    ################## | Processus Actif |

    C:\Windows\system32\csrss.exe (ID 596 |ParentID 588)
    C:\Windows\system32\wininit.exe (ID 656 |ParentID 588)
    C:\Windows\system32\csrss.exe (ID 664 |ParentID 648)
    C:\Windows\system32\winlogon.exe (ID 728 |ParentID 648)
    C:\Windows\system32\services.exe (ID 744 |ParentID 656)
    C:\Windows\system32\lsass.exe (ID 760 |ParentID 656)
    C:\Windows\system32\svchost.exe (ID 892 |ParentID 744)
    C:\Windows\system32\svchost.exe (ID 968 |ParentID 744)
    C:\Windows\System32\svchost.exe (ID 116 |ParentID 744)
    C:\Windows\system32\svchost.exe (ID 500 |ParentID 744)
    C:\Windows\system32\dwm.exe (ID 548 |ParentID 728)
    C:\Windows\system32\svchost.exe (ID 836 |ParentID 744)
    C:\Windows\System32\svchost.exe (ID 1120 |ParentID 744)
    C:\Windows\system32\svchost.exe (ID 1224 |ParentID 744)
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe (ID 1356 |ParentID 744)
    C:\Program Files\AVAST Software\Avast\afwServ.exe (ID 1460 |ParentID 744)
    C:\Windows\System32\spoolsv.exe (ID 1624 |ParentID 744)
    C:\Windows\system32\svchost.exe (ID 1676 |ParentID 744)
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (ID 1960 |ParentID 744)
    C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (ID 2024 |ParentID 744)
    C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe (ID 1432 |ParentID 744)
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe (ID 2104 |ParentID 744)
    C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrCoordinator.exe (ID 2164 |ParentID 1432)
    C:\Program Files\Intel\iCLS Client\HeciServer.exe (ID 2184 |ParentID 744)
    C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe (ID 2232 |ParentID 744)
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (ID 2252 |ParentID 744)
    C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (ID 2288 |ParentID 744)
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (ID 2344 |ParentID 744)
    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (ID 2372 |ParentID 744)
    C:\Windows\RfBtnSvc64.exe (ID 2432 |ParentID 744)
    C:\Windows\system32\svchost.exe (ID 2456 |ParentID 744)
    C:\Users\Djo N'Guessan\AppData\Local\Torch\Update\TorchCrashHandler.exe (ID 2512 |ParentID 744)
    C:\Program Files (x86)\WebConnect\updateWebConnect.exe (ID 2560 |ParentID 744)
    C:\Program Files (x86)\WebConnect\bin\utilWebConnect.exe (ID 2660 |ParentID 744)
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (ID 2992 |ParentID 744)
    C:\Windows\system32\svchost.exe (ID 2180 |ParentID 744)
    C:\Windows\System32\WUDFHost.exe (ID 2328 |ParentID 1120)
    C:\Windows\system32\wbem\wmiprvse.exe (ID 3196 |ParentID 892)
    C:\Windows\system32\taskhostex.exe (ID 3504 |ParentID 744)
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (ID 3556 |ParentID 744)
    C:\Program Files (x86)\Launch Manager\LMutilps32.exe (ID 3604 |ParentID 2104)
    C:\Windows\Explorer.EXE (ID 3672 |ParentID 3656)
    C:\Program Files (x86)\Launch Manager\LManager.exe (ID 3740 |ParentID 3716)
    C:\Windows\system32\wbem\unsecapp.exe (ID 3844 |ParentID 892)
    C:\Users\Djo N'Guessan\AppData\Local\Pokki\Engine\pokki.exe (ID 3888 |ParentID 3672)
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (ID 4004 |ParentID 1120)
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (ID 3380 |ParentID 892)
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe (ID 3868 |ParentID 4004)
    C:\Users\Djo N'Guessan\AppData\Local\Pokki\Engine\pokki.exe (ID 1104 |ParentID 3888)
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (ID 1296 |ParentID 3740)
    C:\Windows\system32\igfxext.exe (ID 2160 |ParentID 892)
    C:\Windows\system32\SearchIndexer.exe (ID 4204 |ParentID 744)
    C:\Users\Djo N'Guessan\AppData\Local\Pokki\Engine\pokki.exe (ID 4520 |ParentID 3888)
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (ID 4572 |ParentID 4152)
    C:\Users\Djo N'Guessan\AppData\Local\Pokki\Engine\pokki.exe (ID 4648 |ParentID 3888)
    C:\Windows\System32\RuntimeBroker.exe (ID 4984 |ParentID 892)
    C:\Windows\system32\wwahost.exe (ID 5100 |ParentID 892)
    C:\Windows\System32\igfxtray.exe (ID 4516 |ParentID 3672)
    C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (ID 3616 |ParentID 744)
    C:\Windows\System32\hkcmd.exe (ID 1176 |ParentID 3672)
    C:\Windows\System32\igfxpers.exe (ID 4560 |ParentID 3672)
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID 4904 |ParentID 3672)
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ID 4968 |ParentID 3672)
    C:\Program Files (x86)\Music Toolbar\Datamngr\DatamngrUI.exe (ID 4724 |ParentID 1432)
    C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (ID 3712 |ParentID 3672)
    C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (ID 4604 |ParentID 744)
    C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (ID 4196 |ParentID 892)
    C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Launcher.exe (ID 4892 |ParentID 4924)
    C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe (ID 3972 |ParentID 3672)
    C:\Windows\System32\wscript.exe (ID 1880 |ParentID 3672)
    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (ID 4692 |ParentID 3672)
    C:\Dolby PCEE4\pcee4.exe (ID 5152 |ParentID 3020)
    C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (ID 5176 |ParentID 744)
    C:\Windows\system32\wbem\unsecapp.exe (ID 5252 |ParentID 892)
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (ID 5316 |ParentID 3672)
    C:\Program Files\AVAST Software\Avast\AvastUI.exe (ID 5368 |ParentID 3020)
    C:\Windows\system32\wbem\wmiprvse.exe (ID 5380 |ParentID 892)
    C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (ID 5548 |ParentID 744)
    C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe (ID 5692 |ParentID 5176)
    C:\Users\Djo N'Guessan\AppData\Local\Pokki\Engine\pokki.exe (ID 1052 |ParentID 3888)
    C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (ID 6088 |ParentID 160)
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (ID 5364 |ParentID 160)
    C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (ID 4360 |ParentID 5364)
    C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (ID 2264 |ParentID 744)
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (ID 5584 |ParentID 744)
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID 2400 |ParentID 744)
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID 6300 |ParentID 744)
    C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe (ID 6436 |ParentID 744)
    C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe (ID 6448 |ParentID 744)
    C:\Windows\system32\taskhost.exe (ID 6924 |ParentID 744)
    C:\Program Files (x86)\InternetEverywhere\InternetEverywhere.exe (ID 1736 |ParentID 3672)
    C:\Program Files\EgisTec IPS\PMMUpdate.exe (ID 8140 |ParentID 744)
    C:\Program Files\EgisTec IPS\EgisUpdate.exe (ID 4468 |ParentID 2212)
    C:\Users\Djo N'Guessan\AppData\Local\Torch\Application\torch.exe (ID 5236 |ParentID 6432)
    C:\Users\Djo N'Guessan\AppData\Local\Torch\Update\25.0.0.4508\TorchUpdate.exe (ID 5616 |ParentID 5236)
    C:\Users\Djo N'Guessan\AppData\Local\Torch\Application\torch.exe (ID 5820 |ParentID 5236)
    C:\Users\Djo N'Guessan\AppData\Local\Torch\Application\torch.exe (ID 5544 |ParentID 5236)
    C:\Users\Djo N'Guessan\AppData\Local\Torch\Application\torch.exe (ID 7936 |ParentID 5236)
    C:\Users\Djo N'Guessan\AppData\Local\Torch\Application\torch.exe (ID 5460 |ParentID 5236)
    C:\Users\Djo N'Guessan\AppData\Local\Torch\Application\torch.exe (ID 3652 |ParentID 5236)
    C:\Users\Djo N'Guessan\AppData\Local\Torch\Application\torch.exe (ID 7232 |ParentID 5236)
    C:\Users\Djo N'Guessan\AppData\Local\Torch\Application\torch.exe (ID 7392 |ParentID 5236)
    C:\Windows\SysWOW64\ctfmon.exe (ID 2304 |ParentID 5368)
    C:\Users\Djo N'Guessan\AppData\Local\Torch\Application\torch.exe (ID 1688 |ParentID 5236)
    C:\Windows\explorer.exe (ID 7596 |ParentID 892)
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe (ID 7972 |ParentID 5564)
    C:\Windows\system32\SearchProtocolHost.exe (ID 6540 |ParentID 4204)
    C:\Windows\system32\SearchFilterHost.exe (ID 7720 |ParentID 4204)
    C:\UsbFix\Go.exe (ID 7980 |ParentID 6364)
    C:\Users\Djo N'Guessan\AppData\Local\Torch\Application\torch.exe (ID 2852 |ParentID 5236)
    C:\Users\Djo N'Guessan\AppData\Local\Torch\Application\torch.exe (ID 4416 |ParentID 5236)

    ################## | Regedit Run |

    HKLM\SOFTWARE | Run : [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    HKLM\SOFTWARE | Run : [LManager] -
    HKLM\SOFTWARE | Run : [RadioController] - "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run
    HKLM\SOFTWARE | Run : [Dolby Advanced Audio v2] - "C:\Dolby PCEE4\pcee4.exe" -autostart
    HKLM\SOFTWARE | Run : [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    HKLM\SOFTWARE | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    HKLM\SOFTWARE | Run : [NBKeyScan] - "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    HKLM\SOFTWARE | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files (x86)\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
    HKLM\SOFTWARE\wow6432Node | Run : [mcui_exe] - "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    HKLM\SOFTWARE\wow6432Node | Run : [LManager] -
    HKLM\SOFTWARE\wow6432Node | Run : [RadioController] - "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run
    HKLM\SOFTWARE\wow6432Node | Run : [Dolby Advanced Audio v2] - "C:\Dolby PCEE4\pcee4.exe" -autostart
    HKLM\SOFTWARE\wow6432Node | Run : [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    HKLM\SOFTWARE\wow6432Node | Run : [BCSSync] - "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    HKLM\SOFTWARE\wow6432Node | Run : [NBKeyScan] - "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    HKLM\SOFTWARE\wow6432Node | Run : [avast] - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    HKLM\SOFTWARE\wow6432Node | Run : [QuickTime Task] - "C:\Program Files (x86)\MpcStar\Codecs\QuickTime\QTTask.exe" -atboottime
    HKLM\SOFTWARE | RunOnce : [] -
    HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
    HKU\S-1-5-21-1957217408-1625046838-605392821-1001\SOFTWARE | Run : [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
    HKU\S-1-5-21-1957217408-1625046838-605392821-1001\SOFTWARE | Run : [Facebook Update] - "C:\Users\Djo N'Guessan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    HKU\S-1-5-21-1957217408-1625046838-605392821-1001\SOFTWARE | Run : [Pokki] - C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
    HKU\S-1-5-21-1957217408-1625046838-605392821-1001\SOFTWARE | Run : [BearShare] - "C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe" --lightmode
    HKU\S-1-5-21-1957217408-1625046838-605392821-1001\SOFTWARE | Run : [a27wVtCq] - wscript.exe //B "C:\Users\DJON'G~1\AppData\Local\Temp\a27wVtCq.vbs"
    HKU\S-1-5-19\SOFTWARE | RunOnce : [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-20\SOFTWARE | RunOnce : [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-18\SOFTWARE | RunOnce : [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}

    ################## | Éléments infectieux |

    Présent! G:\a27wVtCq.vbs
    Présent! C:\Users\DJON'G~1\AppData\Local\Temp\a27wVtCq.vbs
    Présent! C:\Users\Djo N'Guessan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a27wVtCq.vbs
    Présent! G:\C.lnk
    Présent! G:\A.lnk
    Présent! G:\CV.lnk
    Présent! G:\Interro leçon 3ième.lnk
    Présent! G:\1APHYDIX13-F.lnk
    Présent! G:\RECYCLER.lnk
    Présent! G:\SEANCE DE REVISION PH 2 Collège KOKO.lnk
    Présent! G:\Anglais.lnk
    Présent! G:\1APHYDIX13-N.lnk
    Présent! G:\1APHYDIX13-O.lnk
    Présent! G:\procuration.lnk
    Présent! G:\W6754380R9978A0910.lnk
    Présent! G:\USB Disk Security 6.lnk
    Présent! G:\chap 2.lnk
    Présent! G:\Photo.lnk
    Présent! G:\Fiche d'interro.lnk
    Présent! G:\LECON 2.lnk
    Présent! G:\Interro leçon 1.lnk
    Présent! G:\Interro leçon 1_2.lnk
    Présent! G:\devoir niveau n°1.lnk
    Présent! G:\DEVOIR 4ième.lnk
    Présent! G:\interro n°2.lnk
    Présent! G:\interro n°1.lnk
    Présent! G:\devoir n°1.lnk
    Présent! G:\nouveau_decoupage_administratif_de_la_cote_divoire.lnk
    Présent! G:\Nouveau découpage administratif.lnk
    Présent! G:\CI_ADMINISTRATIVE_large.lnk
    Présent! G:\interro n°2 bis.lnk
    Présent! G:\interro n°3 bis.lnk
    Présent! G:\interro n°3.lnk
    Présent! G:\devoir n°2.lnk
    Présent! G:\billet d'avion 1.lnk
    Présent! G:\billet d'avion 2.lnk
    Présent! G:\Cours Troisième.lnk
    Présent! G:\Cours Cinquième.lnk
    Présent! G:\Cours de Quatrième.lnk
    Présent! G:\Cours Phys-Chimie.lnk
    Présent! G:\Cours Sixième.lnk
    Présent! G:\Autorun.inf.lnk
    Présent! G:\FormatFactory.lnk
    Présent! G:\Livre de chimie.lnk
    Présent! G:\Elite 4ème.lnk
    Présent! G:\Elite 3ème.lnk
    Présent! C:\ProgramData\rescue.vbe
    Présent! C:\Users\DJON'G~1\AppData\Local\Temp\PrintPreview.hta
    Présent! C:\Users\DJON'G~1\AppData\Local\Temp\uuuuuuuoi.hta
    Présent! C:\Users\DJON'G~1\AppData\Local\Temp\1_flashplayer.exe
    Présent! C:\Users\DJON'G~1\AppData\Local\Temp\2_flashplayer.exe
    Présent! C:\security\svchost.exe
    Présent! C:\kernel
    Présent! G:\RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013
    Présent! C:\Users\All Users\rescue.vbe
    Présent! C:\Users\Djo N'Guessan\AppData\Local\Temp\a27wVtCq.vbs

    ################## | Registre |

    Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
    Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
    Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
    Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
    Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
    Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
    Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
    Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
    Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
    Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
    Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
    Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
    Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
    Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
    Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
    Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
    Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
    Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
    Présent! HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
    Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
    Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
    Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
    Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
    Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
    Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
    Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
    Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
    Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
    Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
    Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
    Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
    Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
    Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
    Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
    Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
    Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
    Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
    Présent! HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
    Présent! HKU\S-1-5-21-1957217408-1625046838-605392821-1001\Software\Microsoft\Windows\CurrentVersion\Run|a27wVtCq
    Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|a27wVtCq
    Présent! HKU\S-1-5-21-1957217408-1625046838-605392821-1001\Software\Microsoft\Windows\CurrentVersion\Run|a27wVtCq
    Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|a27wVtCq
    Présent! HKU\S-1-5-21-1957217408-1625046838-605392821-1001\Software\Microsoft\Windows\CurrentVersion\Run|a27wVtCq
    Présent! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|a27wVtCq
    HKCU\.\.\.\.\Explorer\MountPoints2\{b47911aa-0544-11e3-be70-b8763f5caa39}
    Shell\AutoRun\Command = "E:\.\Setup.exe" AUTORUN=1


    voici le rapport que j'ai reçu
    ################## | Vaccin |

    E:\Autorun.inf -> Vaccin créé par UsbFix (El Desaparecido)

    ################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
    Score
    0
    a c 547 8 Sécurité
    10 Octobre 2013 10:49:40

    Bonjour,

    Merci de ne pas balancer des rapports comme ceci, sans explication.

    Ouvrez votre propre sujet pour une prise en charge, un seul sujet par utilisateur et pc.
    Score
    0
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS